Does decent usability necessarily imply the presence of vulnerabilities?
Just because that's the broad experience of users with the current environment of "usable" administrative tools doesn't necessarily mean that it must be so. It's empirical evidence based on a sample size of... well... approximately one company.
However.
It is a caution. It shows that it is quite possible to (unintentionally) make system administration more unsafe when pursuing a single-minded goal and when the ideas for EZ system administration aren't subject to the kind of open scrutiny and community improvement that FOSS developers can provide. When a single company owns a market, it's tempting for them to "speed up" the standards process, to "innovate", and make something Really Great that later, turns out not to be perfect.
Practically, I've been encouraged that the free mail clients and free web browsers I use under Linux haven't been afflicted with "Automatically Run This" features of convenience to the degree that my Outlook and IE running friends have to contend with.
I will say though, that I've been nervous about various things that "wget something; cd something; make" redcarpet like packages and their potential for abuse.
[Note: I've had plenty of reservations all along about the US decision to invade Iraq and still believe it was not the right thing to do.]
Now that US Marines are confronted with
some of the worst of all possible scenarios(*) this technology would be helpful.
(*) Namely, a large crowd of demonstrators, 97% comprised of unarmed civilians, wearing civilian clothes, has 3% composition of similarly-dressed individuals but toting Kalishnokov's and firing at the Marines.
Current option: Marines could start firing into the crowd, risk injuring unarmed civilians, and create even more ill-will.
Or, now, sharpshooters could fire GPS mosquitoes at armed demonstrators for later surveillance, weapons-search missions. If they hit an unarmed civilian, it's not as much of a PR catastrophe.
Finally, after giving the Iraqi people democracy and an progressive constitution guaranteeing regular elections, women's suffrage, human rights, freedom of worship, no state-sponsored religion, leave them to deconstruct all of that and fashion their own hell - we've got enough of our own hell to deal with already.
it's going to have to do a lot better in those other segments.
You'd think so.
But if Microsoft can provide quality service for the same internal cost as other companies, then by running at a loss like they are now, they can beat their competitors into the dirt by undercutting prices. The cash cows of Windows and Office allow them to do this for as long as it takes to bleed the competition dry.
Once the competitors are gone, Microsoft will be free to adjust prices with greater flexibility and make up for lost revenue during the "market building" phase.
That, or not worry as much about investing so much money in improving the quality of their products.
I'd ask political economists whether the improved overall market efficiencies associated with free and unrestrained trade will automatically
cause high-pollution industries to migrate to where pollution regulations are most lax, and
cause high-labor cost industries to migrate to where labor is not only cheap, but where authoritarian regimes help keep labor costs contained by suppressing organized labor movements.
Whether there are indications of what degree of wealth segregation might be associated with violent upheaval in regimes (China) that do not allow for easy change.
Whether democracies or republics can be counted on to provide peaceful transitions when such imbalances become too extreme.
Whether democracies can be counted upon to elect efficient economic models, or whether democracies will tend to choose inefficient economic models that are "popular".
[Empirical evidence of failed regimes would illuminating.]
Re:The only way for the RIAA to die is by suicide
on
RIAA's Nasty Easter Egg
·
· Score: 2, Interesting
Nor do they care much about the independent artists. Let 'em produce, and let them collectively make 1% of the total money spent on music. If you don't think to look for them on iTunes, you don't buy their music. Simple as that.
An accurate assessment of the music industry, unfortunately.
So, besides the artificial hype of specific bigname artists that comes from radio airplay, can someone recommend:
good online communities that rate music (I'm looking for an amazon like "other listeners that liked BigName liked LittleName1, LittleName2,...)?
good online streams of random music so that you can be introduced to lesser known artists that are just not "lucky" enough to have signed the Big Contract?
[I do hear some nice music (reggae, folk, etc.) on my local college station, but often they don't tell you the name of the artist, etc. until 6 songs later after I've gotten out of my car or forgotten whether the song I liked was 3 from last played or 4 from last played...
A lot of states rely on an outdated revenue model - taxing sales of goods within their borders.
With the growth of businesses like amazon.com, Indian tribal casinos, etc. they're just not raising as much revenue this way as in the past.
Consequently, most states in the last several years have been looking at looming budget shortfalls.
Gross receipts tax revenues are going to have to be replaced by something else, be it income tax, property tax, use taxes (gasoline, alcohol, tobacco).
Otherwise, state services will be cut and we'll end up resembling third world countries in more and more ways.
What riles people is the notion that some link exists between news reporting, editorials and advertisers.
In theory, journalists like to think of themselves as crusaders, exposing the truth to the public. It's a noble goal and I'm happy they're carrying on the crusade.
But in practice, we're all conditioned by what we've been exposed to in the past, and much of what we read, see and hear only serves to reinforce points of view that were formed earlier.
The tie between money, media and politics is not new.
where the king killed all his advisors who couldn't tell him what his dream meant.
The biblical lesson was to illustrate how Joseph received special insight into the dream from God, of course.
But, if you look at the story in another light, Joseph went on to become a very powerful advisor to the Pharoah.
Being able to give advice to a tyrant that is likely to kill people who give him advice that displeases him requires enormous mental dexterity under pressure. Which probably also accounts some for Joseph's later success.
I'm reminded of this by seeing an old movie starring the late Peter Ustinov as Nero and some other actor who portrayed Nero's advisor. Whoever wrote the screenplay did a wonderful job showing just how much acumen is required of an advisor to a tyrant.
Some portrayal of daily life with the former tyrant of Iraquagmire is here.
CTO I believe I would have canned the whole project and started anew as from the sounds of it
That's the right thing to do, of course.
Practically, though, doing this kind of thing is difficult in government.
Your first presentation is with the people that give you funding. You tell them you want to start from scratch.
They ask you "Are you telling me that the $8billion we've given you has been wasted? Do you have any idea how bad this will make us look in the press? If you ask for this kind of change in course, there's no guarantee we could get the funding at all!"
Meanwhile, lots of nice underlings busting their butts for you will be seeking hints as to whether they'll even have jobs next month...
Oh, and there'll be vendors promising magic bullets.
Bearing up under this kind of pressure will be why you're making the money as a government CIO.
If we give all the distros flashy installers and gear them to be simple and not as powerful, I will be in chains with the rest of them, so lets cut the nonsense.
Instead, let's just cut these artificial chains and make our distros simple and powerful.
From what I see, the Gentoo and BSD folks really appreciate simplicity. The portage and ports systems look a lot simpler than the 400+ page rpm manual I downloaded a few years ago.
That single advantage is worth a lot to UNIX geeks forced to communicate frequently with management droids but don't want to give up on having root access on a UNIX box - by comparison, cygwin on win32 just doesn't feel as deep, nor does OpenOffice.org on Linux quite reach the heights it needs to.
But to be fair, the V-chip was merely implemented to prevent our future citizens from becoming conditioned to violence and growing up to be hardened criminals.
With the broadcast flag we're talking about a much more serious issue to the fabric of civilization - the potential loss of revenue by content owners from unregulated viewing of copyrighted media!
Given it's importance, I expect effective unambiguous government regulations to be expedited, probably without the needless delays of debate in open legislative session.
Ken Thomson proved this won't help, while I don't disagree with your sentiment, remember that all the open source in the world can still be circumvented by a compiler that you didn't write...
I remember that story, of hiding the login.c backdoor into the compiler binary.
It makes me think I should be more careful to check the .sig for my downloads of gcc.
But, then, I'm thinking back, wondering what version of gcc I used to compiled gpg, or what version of gcc Red Hat used to build my kernel....
It seems trustworthiness is only asymptotic and not absolute.
This proposal would just move the problem to distributed boxen to serve the spam messages, not the spammer's boxen.
But the burden of storing so much spam might cause quicker collapse of the 0\/\/n3d box than the burden of SMTP relaying.
If you can't get directly to parasitic spammers, at least this might reduced the number of receptive hosts (unpatched, misconfigured, misadministered machines).
Also, who's to say that this is the source code that will be compiled on the voting terminals?
Precisely.
And how many voters or voting officials will be able to verify the digital signature of the binary that the voting machines run (which would potentially thwart trojan replacement of compiled code with different binaries)?
Or, to verify the voting machine hardware itself does not contain any backdoors?
Yes, that's right. The same number of informed caring intelligent voters and educated informed voting officials you saw participating in previous elections. (To be fair there are many intelligent caring voters and officials - it's just that intelligence and caring don't guarantee successful secure electronic voting measures.)
With all the potential avenues for compromise and the levels of expertise, scrutiny and trust required for proper implementation, there's good reason some of the best computer scientists in the country think electronic voting is not a good idea.
At least I'll credit this company for taking one step forward in a mile long journey. I just hope decision-makers get the hint about vulnerabilities and realize how far we have to go.
Remember, SCO's purpose here is not to win, or even survive, it's to spread disinformation and fear about open source and Linux.
Sure seems that it's either that, or to make a lot of money on stock prices that jump around.
Proof of either motivation will be hard to come by, but it sure would be nice to see it come out in the open...
In the end, the legal team defending SCO will still maintain that "they were pursuing what they believed to be genuine issues with misappropriation of SCO intellectual property" even if the evidence is shown to reduce to laughably absurdites (eg, "They have some include file names the same as ours and some of the lines are the same, too, like this:
/* * Get system dependent values and data structures. */
It's indicative of how preconceived notions will set the audience you select and what you will end up hearing.
It reminds me of management choosing employee feedback teams comprised of the sweetest smiling sheep in the organization. They never select the hairy old ogres complaining by the watercooler with blood-stained axes to grind? No, no, no....
This kind of reminds me of the arguments about how fast IE comes up vs how fast Mozilla comes. The former, "being part of the Windows OS", gets a head start from preloaded DLLs.
At one point in the past I recall a KDE investigation into why preloading shared libraries might help cut down on slow response that people were seeing with g++.
Do all the mechanisms with ld.so cache help to get shared libraries ready (in a memory buffer) before any program starts, say based on the last accessed or most frequently accessed libraries?
Reminds me of stories about the db programmer who had special hooks in the code to handle cases such as when his name was deleted from the company roles.
> > And why does Mozilla prevent links to it via Slashdot? If I create a link it says "Ook! Sorry, links to Bugzilla from Slashdot are disabled."
> Because the developers use Bugzilla, and a slashdotted bugzilla means they cannot get their work done.
Fair enough.
But isn't there some way that the bugzilla page of note could be google-cached or put somewhere else temporarily with a fatpipe and a link to that place be used instead?
Slashdot Mirror
Does decent usability necessarily imply the presence of vulnerabilities?
Just because that's the broad experience of users with the current environment of "usable" administrative tools doesn't necessarily mean that it must be so. It's empirical evidence based on a sample size of ... well ... approximately one company.
However.
It is a caution. It shows that it is quite possible to (unintentionally) make system administration more unsafe when pursuing a single-minded goal and when the ideas for EZ system administration aren't subject to the kind of open scrutiny and community improvement that FOSS developers can provide. When a single company owns a market, it's tempting for them to "speed up" the standards process, to "innovate", and make something Really Great that later, turns out not to be perfect.
Practically, I've been encouraged that the free mail clients and free web browsers I use under Linux haven't been afflicted with "Automatically Run This" features of convenience to the degree that my Outlook and IE running friends have to contend with.
I will say though, that I've been nervous about various things that "wget something; cd something; make" redcarpet like packages and their potential for abuse.
The possibilities are limitless.
Imagine having the ability to provide your customers with customized pointers to
You can point them to your own range of services, or to a clumsy-looking buck-toothed site "Doh! We're dorks!".And that doesn't even begin to enumerate the lucrative possibilities of being a window to various on-line casinos and to paypal...
[Note: I've had plenty of reservations all along about the US decision to invade Iraq and still believe it was not the right thing to do.]
Now that US Marines are confronted with some of the worst of all possible scenarios(*) this technology would be helpful.
(*) Namely, a large crowd of demonstrators, 97% comprised of unarmed civilians, wearing civilian clothes, has 3% composition of similarly-dressed individuals but toting Kalishnokov's and firing at the Marines.
Current option: Marines could start firing into the crowd, risk injuring unarmed civilians, and create even more ill-will.
Or, now, sharpshooters could fire GPS mosquitoes at armed demonstrators for later surveillance, weapons-search missions. If they hit an unarmed civilian, it's not as much of a PR catastrophe.
Finally, after giving the Iraqi people democracy and an progressive constitution guaranteeing regular elections, women's suffrage, human rights, freedom of worship, no state-sponsored religion, leave them to deconstruct all of that and fashion their own hell - we've got enough of our own hell to deal with already.
it's going to have to do a lot better in those other segments.
You'd think so.
But if Microsoft can provide quality service for the same internal cost as other companies, then by running at a loss like they are now, they can beat their competitors into the dirt by undercutting prices. The cash cows of Windows and Office allow them to do this for as long as it takes to bleed the competition dry.
Once the competitors are gone, Microsoft will be free to adjust prices with greater flexibility and make up for lost revenue during the "market building" phase.
That, or not worry as much about investing so much money in improving the quality of their products.
Or both.
I'd ask political economists whether the improved overall market efficiencies associated with free and unrestrained trade will automatically
Whether there are indications of what degree of wealth segregation might be associated with violent upheaval in regimes (China) that do not allow for easy change.
Whether democracies or republics can be counted on to provide peaceful transitions when such imbalances become too extreme.
Whether democracies can be counted upon to elect efficient economic models, or whether democracies will tend to choose inefficient economic models that are "popular".
[Empirical evidence of failed regimes would illuminating.]
Nor do they care much about the independent artists. Let 'em produce, and let them collectively make 1% of the total money spent on music. If you don't think to look for them on iTunes, you don't buy their music. Simple as that.
An accurate assessment of the music industry, unfortunately.
So, besides the artificial hype of specific bigname artists that comes from radio airplay, can someone recommend:
- good online communities that rate music (I'm looking for an amazon like "other listeners that liked BigName liked LittleName1, LittleName2,
...)?
- good online streams of random music so that you can be introduced to lesser known artists that are just not "lucky" enough to have signed the Big Contract?
[I do hear some nice music (reggae, folk, etc.) on my local college station, but often they don't tell you the name of the artist, etc. until 6 songs later after I've gotten out of my car or forgotten whether the song I liked was 3 from last played or 4 from last played...A lot of states rely on an outdated revenue model - taxing sales of goods within their borders.
With the growth of businesses like amazon.com, Indian tribal casinos, etc. they're just not raising as much revenue this way as in the past.
Consequently, most states in the last several years have been looking at looming budget shortfalls.
Gross receipts tax revenues are going to have to be replaced by something else, be it income tax, property tax, use taxes (gasoline, alcohol, tobacco).
Otherwise, state services will be cut and we'll end up resembling third world countries in more and more ways.
What riles people is the notion that some link exists between news reporting, editorials and advertisers.
In theory, journalists like to think of themselves as crusaders, exposing the truth to the public. It's a noble goal and I'm happy they're carrying on the crusade.
But in practice, we're all conditioned by what we've been exposed to in the past, and much of what we read, see and hear only serves to reinforce points of view that were formed earlier.
The tie between money, media and politics is not new.
where the king killed all his advisors who couldn't tell him what his dream meant.
The biblical lesson was to illustrate how Joseph received special insight into the dream from God, of course.
But, if you look at the story in another light, Joseph went on to become a very powerful advisor to the Pharoah.
Being able to give advice to a tyrant that is likely to kill people who give him advice that displeases him requires enormous mental dexterity under pressure. Which probably also accounts some for Joseph's later success.
I'm reminded of this by seeing an old movie starring the late Peter Ustinov as Nero and some other actor who portrayed Nero's advisor. Whoever wrote the screenplay did a wonderful job showing just how much acumen is required of an advisor to a tyrant.
Some portrayal of daily life with the former tyrant of Iraquagmire is here.
This browser history map uses thumbnails
Seems like some Web pages would be visually cued using thumbnails better than others (eg, large chunks of distinct color blocks vs. straight text).
I'd like a history sidebar that showed a directed graph layed out in 2D, but perhaps using favicons to represent the nodes.
And, of course, there's the issue of how to make it meaningful with tabs, which I use a lot.
CTO I believe I would have canned the whole project and started anew as from the sounds of it
That's the right thing to do, of course.
Practically, though, doing this kind of thing is difficult in government.
Your first presentation is with the people that give you funding. You tell them you want to start from scratch.
They ask you "Are you telling me that the $8billion we've given you has been wasted? Do you have any idea how bad this will make us look in the press? If you ask for this kind of change in course, there's no guarantee we could get the funding at all!"
Meanwhile, lots of nice underlings busting their butts for you will be seeking hints as to whether they'll even have jobs next month...
Oh, and there'll be vendors promising magic bullets.
Bearing up under this kind of pressure will be why you're making the money as a government CIO.
If we give all the distros flashy installers and gear them to be simple and not as powerful, I will be in chains with the rest of them, so lets cut the nonsense.
Instead, let's just cut these artificial chains and make our distros simple and powerful.
From what I see, the Gentoo and BSD folks really appreciate simplicity. The portage and ports systems look a lot simpler than the 400+ page rpm manual I downloaded a few years ago.
OS X has all the power of Linux coupled with
Microsoft Office.
That single advantage is worth a lot to UNIX geeks forced to communicate frequently with management droids but don't want to give up on having root access on a UNIX box - by comparison, cygwin on win32 just doesn't feel as deep, nor does OpenOffice.org on Linux quite reach the heights it needs to.
The V-Chip is already in TVs
And that's been such a rousing success.
But to be fair, the V-chip was merely implemented to prevent our future citizens from becoming conditioned to violence and growing up to be hardened criminals.
With the broadcast flag we're talking about a much more serious issue to the fabric of civilization - the potential loss of revenue by content owners from unregulated viewing of copyrighted media!
Given it's importance, I expect effective unambiguous government regulations to be expedited, probably without the needless delays of debate in open legislative session.
An important one.
IMHO, probably one of the most important and most well-known is RFC 822.
Even though HTTP is used even more than SMTP these days it wasn't always so. I kept hearing no end of RFC 822, the Dcc field, etc. in the old days.
From a history of the Internet perspective I have to wonder when it was that port 80 traffic overtook port 25.
Ken Thomson proved this won't help, while I don't disagree with your sentiment, remember that all the open source in the world can still be circumvented by a compiler that you didn't write...
I remember that story, of hiding the login.c backdoor into the compiler binary.
It makes me think I should be more careful to check the .sig for my downloads of gcc .
But, then, I'm thinking back, wondering what version of gcc I used to compiled gpg , or what version of gcc Red Hat used to build my kernel....
It seems trustworthiness is only asymptotic and not absolute.
This proposal would just move the problem to distributed boxen to serve the spam messages, not the spammer's boxen.
But the burden of storing so much spam might cause quicker collapse of the 0\/\/n3d box than the burden of SMTP relaying.
If you can't get directly to parasitic spammers, at least this might reduced the number of receptive hosts (unpatched, misconfigured, misadministered machines).
Also, who's to say that this is the source code that will be compiled on the voting terminals?
Precisely.
And how many voters or voting officials will be able to verify the digital signature of the binary that the voting machines run (which would potentially thwart trojan replacement of compiled code with different binaries)?
Or, to verify the voting machine hardware itself does not contain any backdoors?
Yes, that's right. The same number of informed caring intelligent voters and educated informed voting officials you saw participating in previous elections. (To be fair there are many intelligent caring voters and officials - it's just that intelligence and caring don't guarantee successful secure electronic voting measures.)
With all the potential avenues for compromise and the levels of expertise, scrutiny and trust required for proper implementation, there's good reason some of the best computer scientists in the country think electronic voting is not a good idea.
At least I'll credit this company for taking one step forward in a mile long journey. I just hope decision-makers get the hint about vulnerabilities and realize how far we have to go.
Remember, SCO's purpose here is not to win, or even survive, it's to spread disinformation and fear about open source and Linux.
Sure seems that it's either that, or to make a lot of money on stock prices that jump around.
Proof of either motivation will be hard to come by, but it sure would be nice to see it come out in the open...
In the end, the legal team defending SCO will still maintain that "they were pursuing what they believed to be genuine issues with misappropriation of SCO intellectual property" even if the evidence is shown to reduce to laughably absurdites (eg, "They have some include file names the same as ours and some of the lines are the same, too, like this:
A nice interview, but I would be interested to see what Spaf's views are on TCPA.
It's indicative of how preconceived notions will set the audience you select and what you will end up hearing.
It reminds me of management choosing employee feedback teams comprised of the sweetest smiling sheep in the organization. They never select the hairy old ogres complaining by the watercooler with blood-stained axes to grind? No, no, no....
This kind of reminds me of the arguments about how fast IE comes up vs how fast Mozilla comes. The former, "being part of the Windows OS", gets a head start from preloaded DLLs.
At one point in the past I recall a KDE investigation into why preloading shared libraries might help cut down on slow response that people were seeing with g++.
Do all the mechanisms with ld.so cache help to get shared libraries ready (in a memory buffer) before any program starts, say based on the last accessed or most frequently accessed libraries?
Reminds me of stories about the db programmer who had special hooks in the code to handle cases such as when his name was deleted from the company roles.
Pleased to meet you! Trust me - the boss loves his coffee prepared with laxatives.
> > And why does Mozilla prevent links to it via Slashdot? If I create a link it says "Ook! Sorry, links to Bugzilla from Slashdot are disabled."
> Because the developers use Bugzilla, and a slashdotted bugzilla means they cannot get their work done.
Fair enough.
But isn't there some way that the bugzilla page of note could be google-cached or put somewhere else temporarily with a fatpipe and a link to that place be used instead?