It's possible to sketch out a very convincing protective scheme based on crypto, but it becomes more shaky when host based weaknesses are taken into account. This is what I think Greyfox was talking about:
Developer Dave is working on program P on his workstation W. A while back, he gave an account to his friend Frank. Frank unwittingly logged in from a compromised host, and now the attacker Adam has a shell on W. Adam escalates to root by exploiting some weakness in a SUID program and ensures his access with a hacked sshd.
Adam knows from reading Dave's mail that Dave is getting ready for a release of P. Dave builds the tarball, fetches the floppy with his secret key from secure storage, and signs the tarball. But in the interval Adam has replaced the tarball with a modified one. Dave signs the compromised tarball and releases it to the world.
RIAA has campaigned for a law to exempt them from legal liability for disrupting p2p networks. That implies that they recognize the illegality of these actions. It seems likely that they are already DOSing p2p without the legal authorization they want. Doesn't this ad provide evidence that Warner is conspiring to commit illegal acts?
Problem is, once you standardize this protocol and publish an email address that supports it, people like BayTSP can connect. If you don't standardize and publish, you won't share with very many people, and you are no concern to the "intellectual property" industry.
As for the millions who escape unscathed, I don't think that has ever been a valid argument against safety legislation. The majority of people who use power tools without eye protection will not lose an eye; does that mean OSHA should stop requiring protective eyewear?
It's like the new airline baggage screening requirements (helllooo! The 9/11 hijackers did not have any dangerous checked baggage!).
Imagine that you're securing a concrete building with 10 identical doors. One day burglars break in through door #4 and you suffer serious losses. Do you upgrade all 10 doors or only #4?
Go down a layer of abstraction. You have a building with a door, a window and a skylight, each equally resistant to attack. The walls and roof are much more resistant to attack. Burglars break in through the skylight. Do you only upgrade the skylight, or do you upgrade all three entry points?
This assumes that the new baggage security measures actually make sense. I am not familiar with them, and maybe they make no sense.
Or gun control laws being passed in reaction to violence committed with illegally-possessed guns. (they were already illegal, see?)
I'm not advocating gun control, but I think most illegal guns were once legal. Someone buys or steals them and diverts them to illegal use. If they're going to restrict the flow of illegal guns, they have to tighten up the monitoring of legal guns. Of course you may be referring to laws that have nothing to do with this and are just passed for chest-thumping purposes.
I'm at least half serious. I almost never buy technology items anymore. I think it's due to these factors:
I've seen too many generations of technology go from "cutting edge" to "bargain bin" - I can no longer get excited about the new graphics card.
I don't adapt well to mobile gizmos like the ipaq, ipod etc. I have a Palm - it's sitting in the closet with dead batteries because once the novelty wore off it was just an annoying, fragile extra thing to lug around.
Designed for Windows 95 or better. Yeah, but some geek in Swaziland came up with an unstable driver that sorta kinda works with a 2.5 kernel, but his web page on Geocities is down today. I'm not really interested in buying computer hardware that has poor or no Linux support. I guess lack of complete information falls into this category - why should I pay for something if the vendor's not going to tell me how it works? That's like selling a car and keeping the key to the trunk.
Rise in manipulative and deceptive selling. From printers to internet appliances to game consoles, companies that sell to consumers are trying to deceive customers with "razor blade marketing", overpriced subscriptions, fine print. The whole approach shows great contempt for the customer.
DRM. If you're building it to please the entertainment industry, sell it to them. If you're building it to sell to me, build what I want.
Sheer ugliness. I like boxes. Too many tech-thingies today have ugly curves. Not nice, bold intelligent curves like some industrial designer of the forties might have put on a pencil sharpener, but arbitrary, wrong, unintegrated curves that are the hallmark of corporate ugliness.
Computers have caught up with my needs. The computer I'm typing this on is several years out of date. And yet I feel little impulse to replace it, because it has enough RAM, disk and CPU for everything I do.
While I'm glad that Senator Allen withdrew his support for the bill, his reasoning is dismaying. A bunch of big corporations didn't like the revised bill because it could open them to liability. Maybe a clause should be inserted exempting ISP's - that would address the concerns of these corporations. Allen does not seem at all interested in the impact of this law on citizens.
It's true the basic crypto probably wouldn't stand up to rigoous long-term attack, but it would at least deter casual busybodies and peeping Toms. Stopping dedicated hackers with time/capability/intent is a much uglier proposition, as we all know.
Sounds like the worst of the official mindset. We lose the transparency of citizens hearing police communications, but the determined and well-funded bad guy can still intercept them. And since there's an appearance of security, the agency will be less alert to such interception. So Scientology, organzied crime, and foreign intelligence get a boost in eluding investigations.
I'll try to be clearer. I'm not talking about stepping anything up to 48 volts. I'm talking about stepping 120 volts down to 48 volts as an intermediate distribution voltage.
...you will still have to have a transformer near the outlet, or per room...
Ah. I guess you are assuming (which is realistic) that we can't change the way the electronics are made. I was assuming (unrealistically) that we set a new standard and get most low powered electronics to run off our standard 48 volt supply. Which would actually be quite cheap. The point of moving from 120v to 48v power-limited as early as possible is that power limited (Class 2 and 3) circuits are much more economical to run. In fact, we would probably just upgrade N-pair telephone wire to N+something pair.
1 amp at 12 volts is 12 watts, or 250 mA at 48 volts. That's well within the current carrying capacity of 24 gage telecom wire. Check out this chart. Looks like 24 gage bundled wire could safely carry 3.5 amps using the same criteria that allow 12 gage to carry 20 amps. In other words, a single circuit could power 14 speaker sets as you describe them, if we want to allow that much current per circuit.
Looks like the NEC would limit this supply to 2 amps per circuit (100/V). Therefore, we'd only have enough power for eight speaker sets per circuit. But I think we should only allow one load per circuit, due to the ease of running multiple circuits and protecting them independently.
You wouldn't need huge wires if we're talking about the kind of stuff that typically gets fed from wall warts. Answering machines, hubs, alarm clocks -- stuff that draws milliamps. You just have to make the consuming electronics resilient to changes in supply voltage, for example by including a regulator.
The Guardians of Virtue were policing public discourse, not trade jargon. In the fifties there seemed to be an iron wall between the carefully presented public side of things and the crude, roughneck language of the interior. Tom Wolfe's book The Right Stuff is partly about this iron wall and the news reporters who helped shore it up.
I think that people who rob convenience stores want cash. Committing armed robbery for some candy and soda seems like too high a risk/reward ratio. Since the cash is probably well protected in the vending machine, that risk is eliminated. Shoplifters take a much smaller risk for a much smaller reward. Smashing in the front of the machine is riskier than shoplifting. It would be worthwhile to get cash (which it can't) but not to get merchandise.
The article is too short to really explain this list, but this sounds pretty obvious. All this means is that the department has a collective memory of loiterers/potential troublemakers. No different from an officer noticing some young guys who start hanging out in front of a 7-11 and linking it up with a broken window nearby a few days later.
Of course actions that seem harmless on the small scale, like a shopkeeper remembering your name and preferences, can become threatening on a large scale. But if this makes you anxious, you should consider that policeman have been keeping an eye on suspicious characters since police departments were first created.
...but the moment it is divulged, it forces itself into the possession of every one, and the receiver cannot dispossess himself of it.
So the same arguments Jefferson makes against intellectual property in general apply especially to this corn. And:
That ideas should freely spread from one to another over the globe, for the moral and mutual instruction of man, and improvement of his condition, seems to have been peculiarly and benevolently designed by nature, when she made them, like fire, expansible over all space, without lessening their density in any point, and like the air in which we breathe, move, and have our physical being, incapable of confinement or exclusive appropriation.
Substitute "genetic materials" for "ideas" and you have an accurate description of the problem with patented genetic materials. It seems that since it is natural for plants to cross-pollinate, the farmer should not incur an additional burden of protecting his fields from "encumbered" pollen.
Any OS is going to decay over time without micromanagment.
My experience with Linux has been the opposite. Everything continues to work exactly as it did. Nothing takes longer to start than it once did; no application tries to reinstall itself when started. Determining the cause of this difference is complicated, but observing the fact is simple. Have you observed decay in Linux? If so, what kind?
Sorry to burst your bubble, bud, but no system administrator worth his salt discards a perfectly good tool in favor of a more trendy one without a good reason.
This condescension is unwarranted. You are receiving a helpful warning from your peers and would do well to consider it.
SSH has been around for quite a while. It's not trendy. Even the people I know who have little interest in security have shut off telnet on their servers. I know that there are shops that haven't realized the level of risk yet and still allow telnet and the r* services. They may have a painful wakeup call. How hard would it be to get one of your users (behind the firewall) to run an arbitrary executable? As a virus, a greeting card, or an animation?
Anyhow, putty is a great Windows ssh/telnet client. It's download/installation is fast enough that it may make sense to install it rather than using the (very bad) Windows telnet client.
Of course linux has the nice problem of scatter-componets-across-10,000 directorys. I use linux as a server platform instead of a desktop platform for precisely this reason. I can *never* find all the parts of some installs and I despise when a program places itself into 4-5 different directorys.
If you installed from RPM, rpm -qlp some.rpm. If you installed from source, try make -n install.
First try 'make uninstall' - if the Makefile has an uninstall package that will work. Or try 'make -n install', meaning "pretend to make install". This will usually show where the files went.
But neither is really needed because when you install the new version of the app (make install) it will overwrite the old files.
It's possible that R2's "speech" had no literal correspondence with a human language. It might be too abstract/robotic. Maybe that's a major role of a "protocol droid" (c3po) - not just to translate, say between italian and english but to translate low-level geekspeak into something humans would care about.
So if R2 could talk English, he might say things like (execution-path-blocked (holoplay (tail 84% current-file)) (accessory-hardware restraining-bolt)). Which would be as useful to Luke as a bunch of bleeps and whistles.
Slashdot Mirror
It's possible to sketch out a very convincing protective scheme based on crypto, but it becomes more shaky when host based weaknesses are taken into account. This is what I think Greyfox was talking about:
Developer Dave is working on program P on his workstation W. A while back, he gave an account to his friend Frank. Frank unwittingly logged in from a compromised host, and now the attacker Adam has a shell on W. Adam escalates to root by exploiting some weakness in a SUID program and ensures his access with a hacked sshd.
Adam knows from reading Dave's mail that Dave is getting ready for a release of P. Dave builds the tarball, fetches the floppy with his secret key from secure storage, and signs the tarball. But in the interval Adam has replaced the tarball with a modified one. Dave signs the compromised tarball and releases it to the world.
Type 'eject cdrom'.
On a more abstract level, first try 'man -k KEYWORD', or in this case 'man -k eject'. That leads to 'man eject' - view the man page for eject.
SAP client and server both run on Linux. The supported client is the Java one. See google.
Is their Linux support lacking? Or is your SAP reseller slow to recommend and support Linux?
RIAA has campaigned for a law to exempt them from legal liability for disrupting p2p networks. That implies that they recognize the illegality of these actions. It seems likely that they are already DOSing p2p without the legal authorization they want. Doesn't this ad provide evidence that Warner is conspiring to commit illegal acts?
The parent post seems to be correct, informative and authoritative. Or else a really clever troll.
Problem is, once you standardize this protocol and publish an email address that supports it, people like BayTSP can connect. If you don't standardize and publish, you won't share with very many people, and you are no concern to the "intellectual property" industry.
Here's a Summary Table of Key Citations. Congressman Markey's main page on the subject is also worth reading.
As for the millions who escape unscathed, I don't think that has ever been a valid argument against safety legislation. The majority of people who use power tools without eye protection will not lose an eye; does that mean OSHA should stop requiring protective eyewear?
Imagine that you're securing a concrete building with 10 identical doors. One day burglars break in through door #4 and you suffer serious losses. Do you upgrade all 10 doors or only #4?
Go down a layer of abstraction. You have a building with a door, a window and a skylight, each equally resistant to attack. The walls and roof are much more resistant to attack. Burglars break in through the skylight. Do you only upgrade the skylight, or do you upgrade all three entry points?
This assumes that the new baggage security measures actually make sense. I am not familiar with them, and maybe they make no sense.
I'm not advocating gun control, but I think most illegal guns were once legal. Someone buys or steals them and diverts them to illegal use. If they're going to restrict the flow of illegal guns, they have to tighten up the monitoring of legal guns. Of course you may be referring to laws that have nothing to do with this and are just passed for chest-thumping purposes.
Perhaps you are a regurgioneer. Put it on your business cards.
While I'm glad that Senator Allen withdrew his support for the bill, his reasoning is dismaying. A bunch of big corporations didn't like the revised bill because it could open them to liability. Maybe a clause should be inserted exempting ISP's - that would address the concerns of these corporations. Allen does not seem at all interested in the impact of this law on citizens.
Sounds like the worst of the official mindset. We lose the transparency of citizens hearing police communications, but the determined and well-funded bad guy can still intercept them. And since there's an appearance of security, the agency will be less alert to such interception. So Scientology, organzied crime, and foreign intelligence get a boost in eluding investigations.
Ah. I guess you are assuming (which is realistic) that we can't change the way the electronics are made. I was assuming (unrealistically) that we set a new standard and get most low powered electronics to run off our standard 48 volt supply. Which would actually be quite cheap. The point of moving from 120v to 48v power-limited as early as possible is that power limited (Class 2 and 3) circuits are much more economical to run. In fact, we would probably just upgrade N-pair telephone wire to N+something pair.
1 amp at 12 volts is 12 watts, or 250 mA at 48 volts. That's well within the current carrying capacity of 24 gage telecom wire. Check out this chart. Looks like 24 gage bundled wire could safely carry 3.5 amps using the same criteria that allow 12 gage to carry 20 amps. In other words, a single circuit could power 14 speaker sets as you describe them, if we want to allow that much current per circuit.
Looks like the NEC would limit this supply to 2 amps per circuit (100/V). Therefore, we'd only have enough power for eight speaker sets per circuit. But I think we should only allow one load per circuit, due to the ease of running multiple circuits and protecting them independently.
You wouldn't need huge wires if we're talking about the kind of stuff that typically gets fed from wall warts. Answering machines, hubs, alarm clocks -- stuff that draws milliamps. You just have to make the consuming electronics resilient to changes in supply voltage, for example by including a regulator.
The Guardians of Virtue were policing public discourse, not trade jargon. In the fifties there seemed to be an iron wall between the carefully presented public side of things and the crude, roughneck language of the interior. Tom Wolfe's book The Right Stuff is partly about this iron wall and the news reporters who helped shore it up.
I think that people who rob convenience stores want cash. Committing armed robbery for some candy and soda seems like too high a risk/reward ratio. Since the cash is probably well protected in the vending machine, that risk is eliminated. Shoplifters take a much smaller risk for a much smaller reward. Smashing in the front of the machine is riskier than shoplifting. It would be worthwhile to get cash (which it can't) but not to get merchandise.
Yup. Loved it. ISTR that its microwave ovens could nuke a ton of porcuswine flesh into smoke and charred remnants in 15 milliseconds. Or something.
I also wondered why it wasn't done in the real world.
The article is too short to really explain this list, but this sounds pretty obvious. All this means is that the department has a collective memory of loiterers/potential troublemakers. No different from an officer noticing some young guys who start hanging out in front of a 7-11 and linking it up with a broken window nearby a few days later.
Of course actions that seem harmless on the small scale, like a shopkeeper remembering your name and preferences, can become threatening on a large scale. But if this makes you anxious, you should consider that policeman have been keeping an eye on suspicious characters since police departments were first created.
SSH has been around for quite a while. It's not trendy. Even the people I know who have little interest in security have shut off telnet on their servers. I know that there are shops that haven't realized the level of risk yet and still allow telnet and the r* services. They may have a painful wakeup call. How hard would it be to get one of your users (behind the firewall) to run an arbitrary executable? As a virus, a greeting card, or an animation?
Anyhow, putty is a great Windows ssh/telnet client. It's download/installation is fast enough that it may make sense to install it rather than using the (very bad) Windows telnet client.
First try 'make uninstall' - if the Makefile has an uninstall package that will work. Or try 'make -n install', meaning "pretend to make install". This will usually show where the files went.
But neither is really needed because when you install the new version of the app (make install) it will overwrite the old files.
It's possible that R2's "speech" had no literal correspondence with a human language. It might be too abstract/robotic. Maybe that's a major role of a "protocol droid" (c3po) - not just to translate, say between italian and english but to translate low-level geekspeak into something humans would care about.
So if R2 could talk English, he might say things like (execution-path-blocked (holoplay (tail 84% current-file)) (accessory-hardware restraining-bolt)). Which would be as useful to Luke as a bunch of bleeps and whistles.