No, SCO does not want to sue. The courts would not be very friendly to their baseless claims. If the courts were friendly or their claims had basis in fact, then they would just file suit, and demand settlement.
SCO is a little yappy dog on the other side of a chain-link fence barking and barking because they get no other attention. Maybe we should track a certain executive's tax records along with the SCO corporate filings to detect the payoff from some interested third party?
Point taken, but I your argument is a bit of a non-squitur. Maybe I wasn't explicit enough, but worms spreading farther and faster means the airhead academic type is pushed into the wee tiny corners of the affected population's intelligence bell curve. Making a worm epidemic is doubtfully motivated by duping more and more airy academic geniuses. Moreover, the programmers who understand how to write the worm are still a generation ahead of the median victim in terms of awareness.
Another point lost in this medium is that I feel observation skills are the best measure of intelligence. Geniuses who are idiot-savant aren't really that bright in my book. Thus, if you corner yourself in your little specialty, you can actually get dumber as you pay less and less attention to your immediate world. That is my opinion on intelligence: "G" in psychological jargon.
Please be careful not to generalize my statements as expressions of everyone else at Slashdot. I am wierd, and any inferences you draw on such a generalization threaten to destroy your conclusions.
To further clarify my "jackass" statement, i give you an aphorizm from Nietzsche, "You seek followers? Seek ZEROES!" These victims, marks, are powerful stuff. Only a jackass toys with that kind of herd-power.
Furthermore, I didn't intend to toot my own horn, but rather to relate a personal experience of decline. Unless you are the aforementioned jackass, I apologise for any feelings of alienation you may have felt. However, the jackass may indeed be more intelligent than you (or I)--which is another discussion entirely.
Why is it so hard to find the author of these programs?
Because there are so many no-talent hacks out there who *could* have written that lump of nasty crap.
In the beginning days, on the Apple ][ computers in my grade-school, we learned to guess our way through cracking floppy-disk copy-protected games by comparing a cracked game and a pristine byte-by-byte copy of the original. We eventually learned that a certain byte word combination was the first hardware keyboard access, and we could guess that spot was a good place to stick a jump. Then we tried a few addresses until it worked. In grade school.
Later, as PCs wormed into the classroom around 286 vintage, there were boot sector viruses. I knew how to use a low-level (nibble) disk editor, but
I never quite overcame the awe of the self-replicating TSR.
What really grabbed me was how a really good (insidious) virus could have such a low footprint that it could go undetected for so long. The programmers of those viruses were gifted binary ecologists. I knew then that the games I played were bloated when one year the game took one disk, and the second year you had to swap two disks even though there was little extra play for all the extra data. I envied the virus programmers for their wizardly and miserly command of the machine's meager resources. I even dreamt of the day that I could crank one out like putting together a jigsaw puzzle.
Now I am older, and the opportunity for that conquest was stolen by Moore's Law. The games (and all software in general) got bloatier and bloatier. There was so much waste, and the machines got so fast so fast, that I saw clever programming die. I was sad. It wasn't until (after I bought a student copy of Borland C++ and was stultified by the massive bloat of win16 API) that I became acquainted with Unix (FreeBSD in particular) around 1.2.1 vintage. I rediscovered elegant software.
Now, I understand the vulgar joy in duping someone else, but only a jackass gets off duping people who compare to invertibrates on an intellectual scale. VB worms are the modern-day equivalent of burning ants with a magnifying glass. "Letth thaw off hith tweeter Beavith! Hehehehehe Heheheheh..."
Maybe you confuse socialism with communism? Can a free market capitalist economy exist without the government-owned-and-operated court/criminal justice system? Tell me again why I sould pay you for your goods or services if I can put a bullet in your head in lieu of payment?
If you want to beg the question, lets go! You say Communism like it's a bad word. Know anything about corporate law? Joint ownership in common? Is it communist if your accountants say the corporation should always prefer to depend on employees over consultants for critical operations?
Modern warfare is theorized by two overlapping schools of thought: "Maneuver" warfare and "Traditional" warfare (or whatever you want to call it).
In military theory, and well in any competitive environment, the goal is to gather information, assess the situation, decide on a course of action, and execute that decision. Whoever can complete this loop or cycle first has the clear advantage. By connecting everyone on the battlefield so that they can gather and pass on information as fast as possible is clearly a necessary step for this to work.
The model of the period of iteration in decision making to action is from the maneuverist camp, but it has been more widely accepted. As maneuver types propose it, the decisions should be as distributed as possible, hence your IPv6 address for every device on every soldier inference. However, in this model, every node does not need to be addressed by every other node, and indeed the maneuver warfare proponents usually say that communication should be as decoupled as possible from the central structure. A global namespace/address space is (on the surface) antithetical. It provides means for centralized Command and Control, which is the opposite of what you suggest IPv6 would do for our soldiers.
I suggest that the generals would be crippled by the human manipulation motive in an attempt to micromanage everything, because their orders can reach the sub-soldier granularity: "Tune all of the field units' fire-control to safe. We don't want any hot-heads escalating right now."
Hours later: "Sir, we just lost a whole platoon because they couldn't return fire..."
True, there is LOTS of theory saying why this kind of order is bad, and it is starting to become a dominant influence in military doctrine (field manuals), but neither of those preclude that particular order from being executed in a battle situation.
You misunderstood. I mean that the new encrypted ZIP file formats for WinZIP and PKZip are nonstandard because they are incompatible divergences from the InfoZip standard. PGP is very much a standard, as OpenPGP is what GPG implements.
um, dunno about GPG, but what is so non-standard about PGP? It's do very much use some of the big encryption schemes out there. and what on earth does PGP has to do with linux on the desktop??
The real problem here is that these Security Focus people are still trying to design a harder eggshell. Any "barrier" must allow some traffic through, or it will break the network. You cannot install a barrier that understands how to distinguish between good and bad traffic. It is not a closed problem. It is an open-ended problem. It isn't about computers or technology. Its about people and subversion. The answer is too difficult for most people: trust is arbitrary and inherenly flawed, but it is absolutely necessary for human interaction. The technology just fools us into thinking we can control things like a vending machine. The problem seems to be transparent because we can see lots of stuff on the inside of technological subversion, but at the bottom is void: trust is arbitrary and error prone.
The real answer is that we must do what we are already doing, willingly, instead of reluctantly as we do now: accept subversion as a part of the system. We must understand that we created the space-time in which the subversion is manifest. It must be percieved as the limits of our power. Once that is understood, it is also understood how to coexist with limited power. This is the fundamental social problem: being with others. Consider that the subverion is another feeling person expressing their limited power outside the scope of our limited power. Take compassion on that person if they do not know the suffering they cause will come back to them. Do what you can, each as individuals, to absorb the effects of those bad effects so that they do not become causes of other bad effects.
Recurse your awareness; avoid recursing your (or others') mistakes. Security does not exist. Only fools really believe in it.
If you use GnuPG(GPG) or PGP to encrypt your files, you get compression too. There is absolutely NO reason to use a nonstandard compression utility to do low quality encryption.
Lets say you wanted to offer ultra-high bandwidth dense-wave-multiplexed multi-gigabit fiber to everyone's house (for argument's sake you're going to sell state-of-the-art connectivity, and the equipment cost isn't a big deal). Say you even got a source for some ATM equipment (like a DSL modem) at commodity prices to put in peoples' homes. What does it cost install a data center for a CO, and what does it cost to run the fiber to peoples' houses, and what does it cost to maintain all of that equipment?
Seriously, if there is any demand out there for the service in *your* neighborhood, do some homework and figure out what you would have to charge to get your money back in 2, 5, 10, and even 20 years. Then you can shop the idea around and start your own Co-Op. You can include IP telephony service by getting an IP phone PBX that does something telco-ish like a T3 on the PSTN side.
The real problem is that nobody who is eligible to be an entry level code monkey or Unix (what you dinosaur operators call "Open Systems") admin would accept the salary of an entry-level mainframe operator (scratch-tape jockey). Mainframes are multimillion dollar beasts who demand cadres of supplicants to feed it tapes and pinfeed paper. Smaller systems aren't as imposing on the people that come into contact with them. On the balance sheet, people are more important (paid) than the capital expense of the machine. The problem, IMHO, is one of accounting versus the human factor.
BTW: to reveal my bias, I am a Solaris admin (and a good one). I had the chance to take on a big Amdahl running VM with TPS and MVS(OS390) and I thought.. there is no grep on a mainframe. Simple little grep which validates the idea of stdin and stdout and the simple filter pipeline model of ad-hoc data processing (ad-hoc RE compiling JIT!!.. so NICE). It makes me very powerful. Mainframes could make me productive, but Unix makes me powerful. The idea that there is a creative alternative to compete with "throw hardware at it" problem solving... I know C, but I found COBOL to be kind of semantically nasty. That much will always come down to the Holy Wars(JARGON reference).
You know, I agree with almost everything in your post. The one thing on which I don't think with you: it's not going to users and it's perfectly appropriate in context. I have to preface with the thought that people without a sense of humor are probably not cut out for programming in a community effort, but I believe it is (slightly) wrong to insult people (even tounge-in-cheek) just for coding a bug.
First, free software is partly about removing the barriers for users who want to become programmers and ultimately contributors. It is counterproductive to start with an assumption of us-and-them user-and-programmer duality. Second, I believe that the people who deserve the DOOFUS title are the ones that don't think they need to trap error values, because it seems to work 99% of the time for them.
You never can be sure how fragile another person's ego is, or how dependent they are on their fragile ego for day-to-day living. None of that has anything to do with the value of the contribution they can make to the FreeBSD codebase if they are motivated to solve a personal problem that affects other FreeBSD users (or hackers) too. So, in the spirit of "Be lenient in what you require; be strict in what you provide" I think it is a worthwhile long-term concern. The best way to think about it is that every talented programmer is potentially an ego problem, and every effort to facilitate cooperation and harmony will pay off down the road.
The idea isn't that FreeBSD committers can't call their errno EDOOFUS, but rather Apple can't as a matter of style. Therefore, EDOOFUS threatens to make the separation between FreeBSD and Darwin/MacOS-X one iota worse than it already is. Forking is an unfortunate necessary evil, and despite the "openness" of the code, there is another dimension of usability, which means portability in this case.
If you make your code open, but people have to add a lot of macros to adapt your code, it isn't as good as if they could just use it as-is. A good programmer is always looking for any affordable way to make his programming effort more useful with less work to make use of it. It's the wisdom of forward-thinking laziness. If your code is hard to adapt, who cares if it is free? The cost of re-use includes blood-and-sweat of integration. Ideally there would be no blood-and-sweat to reuse FreeBSD code. A bad joke (admit it: hacker humor is mostly bad inside jokes) is not a good reason to fork a file IMHO; I agree with JKH.
I have two smart card badges to access the building and then security doors where I work. Neither of these cards has any kind of PIN.
If a smart-card has no data display or input, then how are you supposed to know what kind of challenge (from whom) you are actually answering? This is very vulnerable to sniffing and known plaintext cryptanalysis attacks (if the CRAM is encrypted).
This is significant in that 1: the dynamic/bin utilities are JUST A TEMPORARY HACK, and that NSSWITCH will provide modular resolver support for important stuff like gethostbyname(3) among other things. In case you haven't noticed, we need a way (LDAP?) to resolve IPSec host certificates by hostname/IP, and DNS isn't doing the job... IMHO.. other people have other reasons for wanting this.
2: dynamic linked/bin doesn't mean that everything is dynamic linked! You can static link everything, and dlopen(3) modules as you like.. falling back to a safe static function call if the.so is corrupted/gone. From FreeBSD-STABLE dlopen(3):
ELF executables need to be linked using the -export-dynamic option to
ld(1) for symbols defined in the executable to become visible to dlsym().
3: if you use dlopen(3) you can choose to use the ldconfig(8) hints or you can build a special secure.so and open it directly, bypassing the hints.
Are you a troll? I think your comment might have some subliminal relevance, but you've either done a poor job of expressing it, or maybe you're trolling. I'll give you the benefit of the doubt..
MTV did a "Rockumentary" years ago about The Who, wherein Pete Townshend, the guitar legend did utter "Every musician is a magpie and a thief." and then explained that music and "hooks" or riffs are like expressions in a language. You can come up with something completely original, only to hear a song on the radio later and think "Oh, that's where that came from!" It's impossible NOT to use "samples" of other people's creativity. There's a finite number of chord changes on a guitar, for example. Most of them sound bad. There are few sweet ones left. Rythm is the only degree of freedom left, and it still leaves a finite set.
A:
You're way off about changing peoples' approach. The sad fact is people like that are in pain-avoidance mode. Give them pain. Give them a productive way to avoid the pain. There must be code review. One guy does a little coding, another guy has to sign off on it. A third has to sign off that it has been tested (whether or not any testing actually happens is not important). All three get burned if anything bad happens: after-hours or weekend work to fix it NOW? The rate of code churn goes down, and the quality goes up. Grumbling goes up, but it sounds like a personal problem to me...:)
B:
You're dead-on-target about doing other people's work. You can't have individual effort and collective accountability. You have to have collective work and collective accountability. Oh, and if you're smarter than others: the sharpest knife always gets used the most. Adjust to it. One day you will be enlightened.
C:
You are dead-on-target about the financial sector:). That does not mean it won't work in hospitals or law offices though. It just means *somebody* has to fulfill the role of irate customer when the slackers need it.
Culture is not something you create at the water cooler or in seminars. It is dictated by the unique combination of supply and demand wherever you are. You can change the supply (of people or other resources), or the demand. The boss/team-leader mediates customer demand and needs to have some real power over the programmers in the same way that customers have real power to affect the company's bottom line. If you lack accountability, that isn't a software development problem. You're just going to get shoddy results, software security, housekeeping, everything included.
The moral of the story: accountability is security. So, if you want a culture of security, improve your accountability! It has positive potential for Maslow's "self-actualizer" types too.
there's something that humans do better than any machines. Communicate and understand, in full duplex, a transaction
That's what IrFM does. The cash-register/POS terminal, IrDA connection, and your handheld device all mediate the same conversation you're talking about.
You get some stuff to the checkout at the store. They stuff gets scanned. The message on the screen flashes "Credit/Debit/Cash," and your Palm Pilot flashes the vendor name at the top of a list of the stuff that was scanned, tax, and totals (JUST LIKE A RECIEPT), but gives you a choice of the payment protocols that you have in common with the POS terminal. You click one (Visa?) and you type the password into your Palm Pilot. Your Palm negotiates a secure connection to the POS terminal, and might ask you if you trust the vendor's certificate (ala SSL). It then sends the Visa credit card number with a signed certificate of the stuff you agreed to buy. The POS terminal flashes "Visa payment authorized," and the checkout clerk starts ringing up the next person.
Smart cards are more OBSCURED than this. If someone steals your palm-pilot, they would still have to guess your password before they could use it. Steal a smart card, and then keep on stealing!
If you think tampering is an issue, then you don't know about zero-knowledge proofs, public-key crypto, haven't actually understood the IrFM protocol, and thus you aren't qualified to make the inference you draw between tamper-resistance and security. The devil is in the details.
there are simply people out there who really should not design or impliment systems or write software (even CGI's)
These people do not care about security. If they did, they would learn how. It is easy (even though it exposes the need for more work) to write secure software if you assume a hostile operating environment. You get in the habit of thinking "how can this technique break down?" Consequently, you get in the habit of dealing with the most common/obvious things with other proven techniques. Even the people who prefer to write sloppy hacks can be made to practice security if there is a culture of "how can we keep this from breaking?"
I don't think anyone who allows FrontPage extensions to run on their web site should be taken seriously as a Free Software or Open Source advocate. Reason being that mod_dav is standard and competely servicable for the same function (except it doesn't support Microsoft FrontPage authoring AFAIK).
It looks to me like this OpenForum Europe is a fly-by-night operation anyway. They have almost NO web presence, which belies both involvement and advocacy of existing Free Software and Open Source projects.
Think: the boom was driven by fear. (pr0n is fnord) Big blue-chip businesses were afraid of losing market share to tiny startup companies with VC backing. The big boys employed the only guns they had in this duel: lots and lots of money. The game was on, spend smart vs. spend lots. In the end, only companies that could do both at the right time won out. The stock market prices were driven by the [greed]fear of missing out. People threw their savings into stocks on rumors, and they kept doing it to the point that it looked like the new capital was working. Au contraire! The boys in the boardroom were taking the money and playing the big game of poker I described above.
I believe that the technology boom was based on two things that are actually two manifestations of the same economic factor: pent up capacity segregated from pent up demand. Oh, and pent up Pr0n. Sex sells.
The capacity came from military technology developed in the Cold War that had saturated its military market. Cheap, reliable, peer-to-peer packet switching internetworking being the glaring example. The telephone companies are *still* tenaciously clinging to the consumer price models of inefficient and less reliable circut-switching networks, even though they get to take advantage of all the increased efficiency of packet switching (and cell switching) on their backends.
Everyone knows that if everyone got CAT-5 drops to our house and 10mb ethernet service, we would drop our telephone number in a heartbeat. Need I say more concerning pent up demand? (big discussion potential here)
The kicker for the spending only lit up the pent up telcom (oligopoly/monopoly) situation. Email was the killer app. Then, the WWW was the killer app. All those things did was offer up peer-to-peer network packet-switching efficiency as a distribution means for what we used to get by talking on the phone, writing letters, and reading catalogs, magazines (pr0n), and newspaper. It eats into our TV time, but TV (pr0n) still rules the drooling crowd.
If you want to recreate the factors that led up to the first boom, see what you have and what must be synthesized. Pent up demand? Untapped technology potential? VC backing? Greedy, irresponsible stock-market (pr0n) investors?
First time around it was easy to convince some millionaire idiot to give you a lot of money by spouting "web blah-(pr0n)blahbety-blah internet blahbety-blahbety blah (pr0n)." You're going to have to understand the difference between Yahoo and EBay: what they actually really had and the nameless hordes of web-shams designed to take ma-and-pa's retirement savings. You need to have a real matchup between untapped technology and real pent up (pr0n) demand.
Be sneaky. Get your (pr0n) ducks in a row legally, technically, financially, before you try to grab someone else's customers. The big guys are still afraid and licking their wounds from the last fight. Get on high ground while you're still operating on a (pr0n) shoestring.
If you build a better (pr0n) mousetrap... The exterminators guild is going to come after you. Leave them no option but to try and outspend your "agile" little startup, and the boom is on! Ride-em (pr0n) cowboy!
The economic benefit of the new technology was not able to account for the full amount of the bubble. The rest was (pr0n) greed driven by fear. People: the matches and tinder are still sitting on the woodpile, right next to the fireplace. One well-placed (pr0n) spark is all it will take. Just eke out a tiny but untouchable business, and *threaten* to expand without limits. (maniacal laughter)
Slashdot Mirror
No, SCO does not want to sue. The courts would not be very friendly to their baseless claims. If the courts were friendly or their claims had basis in fact, then they would just file suit, and demand settlement.
SCO is a little yappy dog on the other side of a chain-link fence barking and barking because they get no other attention. Maybe we should track a certain executive's tax records along with the SCO corporate filings to detect the payoff from some interested third party?
Point taken, but I your argument is a bit of a non-squitur. Maybe I wasn't explicit enough, but worms spreading farther and faster means the airhead academic type is pushed into the wee tiny corners of the affected population's intelligence bell curve. Making a worm epidemic is doubtfully motivated by duping more and more airy academic geniuses. Moreover, the programmers who understand how to write the worm are still a generation ahead of the median victim in terms of awareness.
Another point lost in this medium is that I feel observation skills are the best measure of intelligence. Geniuses who are idiot-savant aren't really that bright in my book. Thus, if you corner yourself in your little specialty, you can actually get dumber as you pay less and less attention to your immediate world. That is my opinion on intelligence: "G" in psychological jargon.
Please be careful not to generalize my statements as expressions of everyone else at Slashdot. I am wierd, and any inferences you draw on such a generalization threaten to destroy your conclusions.
To further clarify my "jackass" statement, i give you an aphorizm from Nietzsche, "You seek followers? Seek ZEROES!" These victims, marks, are powerful stuff. Only a jackass toys with that kind of herd-power.
Furthermore, I didn't intend to toot my own horn, but rather to relate a personal experience of decline. Unless you are the aforementioned jackass, I apologise for any feelings of alienation you may have felt. However, the jackass may indeed be more intelligent than you (or I)--which is another discussion entirely.
I love you... but now you broke my troll-loving heart with your wry sarcasm. Write more or I will ignore you. This is your chance.
In the beginning days, on the Apple ][ computers in my grade-school, we learned to guess our way through cracking floppy-disk copy-protected games by comparing a cracked game and a pristine byte-by-byte copy of the original. We eventually learned that a certain byte word combination was the first hardware keyboard access, and we could guess that spot was a good place to stick a jump. Then we tried a few addresses until it worked. In grade school.
Later, as PCs wormed into the classroom around 286 vintage, there were boot sector viruses. I knew how to use a low-level (nibble) disk editor, but I never quite overcame the awe of the self-replicating TSR.
What really grabbed me was how a really good (insidious) virus could have such a low footprint that it could go undetected for so long. The programmers of those viruses were gifted binary ecologists. I knew then that the games I played were bloated when one year the game took one disk, and the second year you had to swap two disks even though there was little extra play for all the extra data. I envied the virus programmers for their wizardly and miserly command of the machine's meager resources. I even dreamt of the day that I could crank one out like putting together a jigsaw puzzle.
Now I am older, and the opportunity for that conquest was stolen by Moore's Law. The games (and all software in general) got bloatier and bloatier. There was so much waste, and the machines got so fast so fast, that I saw clever programming die. I was sad. It wasn't until (after I bought a student copy of Borland C++ and was stultified by the massive bloat of win16 API) that I became acquainted with Unix (FreeBSD in particular) around 1.2.1 vintage. I rediscovered elegant software.
Now, I understand the vulgar joy in duping someone else, but only a jackass gets off duping people who compare to invertibrates on an intellectual scale. VB worms are the modern-day equivalent of burning ants with a magnifying glass. "Letth thaw off hith tweeter Beavith! Hehehehehe Heheheheh..."
Maybe you confuse socialism with communism? Can a free market capitalist economy exist without the government-owned-and-operated court/criminal justice system? Tell me again why I sould pay you for your goods or services if I can put a bullet in your head in lieu of payment?
If you want to beg the question, lets go! You say Communism like it's a bad word. Know anything about corporate law? Joint ownership in common? Is it communist if your accountants say the corporation should always prefer to depend on employees over consultants for critical operations?
Modern warfare is theorized by two overlapping schools of thought: "Maneuver" warfare and "Traditional" warfare (or whatever you want to call it).
The model of the period of iteration in decision making to action is from the maneuverist camp, but it has been more widely accepted. As maneuver types propose it, the decisions should be as distributed as possible, hence your IPv6 address for every device on every soldier inference. However, in this model, every node does not need to be addressed by every other node, and indeed the maneuver warfare proponents usually say that communication should be as decoupled as possible from the central structure. A global namespace/address space is (on the surface) antithetical. It provides means for centralized Command and Control, which is the opposite of what you suggest IPv6 would do for our soldiers.I suggest that the generals would be crippled by the human manipulation motive in an attempt to micromanage everything, because their orders can reach the sub-soldier granularity: "Tune all of the field units' fire-control to safe. We don't want any hot-heads escalating right now."
Hours later: "Sir, we just lost a whole platoon because they couldn't return fire ..."
True, there is LOTS of theory saying why this kind of order is bad, and it is starting to become a dominant influence in military doctrine (field manuals), but neither of those preclude that particular order from being executed in a battle situation.
Reference: ISBN 0-89141-518-1
Not that IPv6 is bad: it just won't work like that.
You misunderstood. I mean that the new encrypted ZIP file formats for WinZIP and PKZip are nonstandard because they are incompatible divergences from the InfoZip standard. PGP is very much a standard, as OpenPGP is what GPG implements.
The real problem here is that these Security Focus people are still trying to design a harder eggshell. Any "barrier" must allow some traffic through, or it will break the network. You cannot install a barrier that understands how to distinguish between good and bad traffic. It is not a closed problem. It is an open-ended problem. It isn't about computers or technology. Its about people and subversion. The answer is too difficult for most people: trust is arbitrary and inherenly flawed, but it is absolutely necessary for human interaction. The technology just fools us into thinking we can control things like a vending machine. The problem seems to be transparent because we can see lots of stuff on the inside of technological subversion, but at the bottom is void: trust is arbitrary and error prone.
The real answer is that we must do what we are already doing, willingly, instead of reluctantly as we do now: accept subversion as a part of the system. We must understand that we created the space-time in which the subversion is manifest. It must be percieved as the limits of our power. Once that is understood, it is also understood how to coexist with limited power. This is the fundamental social problem: being with others. Consider that the subverion is another feeling person expressing their limited power outside the scope of our limited power. Take compassion on that person if they do not know the suffering they cause will come back to them. Do what you can, each as individuals, to absorb the effects of those bad effects so that they do not become causes of other bad effects.
Recurse your awareness; avoid recursing your (or others') mistakes. Security does not exist. Only fools really believe in it.
If you use GnuPG(GPG) or PGP to encrypt your files, you get compression too. There is absolutely NO reason to use a nonstandard compression utility to do low quality encryption.
Lets say you wanted to offer ultra-high bandwidth dense-wave-multiplexed multi-gigabit fiber to everyone's house (for argument's sake you're going to sell state-of-the-art connectivity, and the equipment cost isn't a big deal). Say you even got a source for some ATM equipment (like a DSL modem) at commodity prices to put in peoples' homes. What does it cost install a data center for a CO, and what does it cost to run the fiber to peoples' houses, and what does it cost to maintain all of that equipment?
Seriously, if there is any demand out there for the service in *your* neighborhood, do some homework and figure out what you would have to charge to get your money back in 2, 5, 10, and even 20 years. Then you can shop the idea around and start your own Co-Op. You can include IP telephony service by getting an IP phone PBX that does something telco-ish like a T3 on the PSTN side.
The real problem is that nobody who is eligible to be an entry level code monkey or Unix (what you dinosaur operators call "Open Systems") admin would accept the salary of an entry-level mainframe operator (scratch-tape jockey). Mainframes are multimillion dollar beasts who demand cadres of supplicants to feed it tapes and pinfeed paper. Smaller systems aren't as imposing on the people that come into contact with them. On the balance sheet, people are more important (paid) than the capital expense of the machine. The problem, IMHO, is one of accounting versus the human factor.
BTW: to reveal my bias, I am a Solaris admin (and a good one). I had the chance to take on a big Amdahl running VM with TPS and MVS(OS390) and I thought.. there is no grep on a mainframe. Simple little grep which validates the idea of stdin and stdout and the simple filter pipeline model of ad-hoc data processing (ad-hoc RE compiling JIT!!.. so NICE). It makes me very powerful. Mainframes could make me productive, but Unix makes me powerful. The idea that there is a creative alternative to compete with "throw hardware at it" problem solving... I know C, but I found COBOL to be kind of semantically nasty. That much will always come down to the Holy Wars(JARGON reference).
I like your perspective. I don't feel good about expecting other people to share it though.
You know, I agree with almost everything in your post. The one thing on which I don't think with you: it's not going to users and it's perfectly appropriate in context. I have to preface with the thought that people without a sense of humor are probably not cut out for programming in a community effort, but I believe it is (slightly) wrong to insult people (even tounge-in-cheek) just for coding a bug.
First, free software is partly about removing the barriers for users who want to become programmers and ultimately contributors. It is counterproductive to start with an assumption of us-and-them user-and-programmer duality. Second, I believe that the people who deserve the DOOFUS title are the ones that don't think they need to trap error values, because it seems to work 99% of the time for them.
You never can be sure how fragile another person's ego is, or how dependent they are on their fragile ego for day-to-day living. None of that has anything to do with the value of the contribution they can make to the FreeBSD codebase if they are motivated to solve a personal problem that affects other FreeBSD users (or hackers) too. So, in the spirit of "Be lenient in what you require; be strict in what you provide" I think it is a worthwhile long-term concern. The best way to think about it is that every talented programmer is potentially an ego problem, and every effort to facilitate cooperation and harmony will pay off down the road.
The idea isn't that FreeBSD committers can't call their errno EDOOFUS, but rather Apple can't as a matter of style. Therefore, EDOOFUS threatens to make the separation between FreeBSD and Darwin/MacOS-X one iota worse than it already is. Forking is an unfortunate necessary evil, and despite the "openness" of the code, there is another dimension of usability, which means portability in this case.
If you make your code open, but people have to add a lot of macros to adapt your code, it isn't as good as if they could just use it as-is. A good programmer is always looking for any affordable way to make his programming effort more useful with less work to make use of it. It's the wisdom of forward-thinking laziness. If your code is hard to adapt, who cares if it is free? The cost of re-use includes blood-and-sweat of integration. Ideally there would be no blood-and-sweat to reuse FreeBSD code. A bad joke (admit it: hacker humor is mostly bad inside jokes) is not a good reason to fork a file IMHO; I agree with JKH.
I have two smart card badges to access the building and then security doors where I work. Neither of these cards has any kind of PIN.
If a smart-card has no data display or input, then how are you supposed to know what kind of challenge (from whom) you are actually answering? This is very vulnerable to sniffing and known plaintext cryptanalysis attacks (if the CRAM is encrypted).
Y'know what Stuart? I like you! You're not like the other people, here, in the trailer park!
This is significant in that /bin utilities are JUST A TEMPORARY HACK, and that NSSWITCH will provide modular resolver support for important stuff like gethostbyname(3) among other things. /bin doesn't mean that everything is dynamic linked! You can static link everything, and dlopen(3) modules as you like.. falling back to a safe static function call if the .so is corrupted/gone. From FreeBSD-STABLE dlopen(3):
3: if you use dlopen(3) you can choose to use the ldconfig(8) hints or you can build a special secure1: the dynamic
In case you haven't noticed, we need a way (LDAP?) to resolve IPSec host certificates by hostname/IP, and DNS isn't doing the job... IMHO.. other people have other reasons for wanting this.
2: dynamic linked
Are you a troll? I think your comment might have some subliminal relevance, but you've either done a poor job of expressing it, or maybe you're trolling. I'll give you the benefit of the doubt..
MTV did a "Rockumentary" years ago about The Who, wherein Pete Townshend, the guitar legend did utter "Every musician is a magpie and a thief." and then explained that music and "hooks" or riffs are like expressions in a language. You can come up with something completely original, only to hear a song on the radio later and think "Oh, that's where that came from!" It's impossible NOT to use "samples" of other people's creativity. There's a finite number of chord changes on a guitar, for example. Most of them sound bad. There are few sweet ones left. Rythm is the only degree of freedom left, and it still leaves a finite set.
A: You're way off about changing peoples' approach. The sad fact is people like that are in pain-avoidance mode. Give them pain. Give them a productive way to avoid the pain. There must be code review. One guy does a little coding, another guy has to sign off on it. A third has to sign off that it has been tested (whether or not any testing actually happens is not important). All three get burned if anything bad happens: after-hours or weekend work to fix it NOW? The rate of code churn goes down, and the quality goes up. Grumbling goes up, but it sounds like a personal problem to me... :)
B: You're dead-on-target about doing other people's work. You can't have individual effort and collective accountability. You have to have collective work and collective accountability. Oh, and if you're smarter than others: the sharpest knife always gets used the most. Adjust to it. One day you will be enlightened.
C: You are dead-on-target about the financial sector :). That does not mean it won't work in hospitals or law offices though. It just means *somebody* has to fulfill the role of irate customer when the slackers need it.
Culture is not something you create at the water cooler or in seminars. It is dictated by the unique combination of supply and demand wherever you are. You can change the supply (of people or other resources), or the demand. The boss/team-leader mediates customer demand and needs to have some real power over the programmers in the same way that customers have real power to affect the company's bottom line. If you lack accountability, that isn't a software development problem. You're just going to get shoddy results, software security, housekeeping, everything included.
The moral of the story: accountability is security. So, if you want a culture of security, improve your accountability! It has positive potential for Maslow's "self-actualizer" types too.
That's what IrFM does. The cash-register/POS terminal, IrDA connection, and your handheld device all mediate the same conversation you're talking about.
You get some stuff to the checkout at the store. They stuff gets scanned. The message on the screen flashes "Credit/Debit/Cash," and your Palm Pilot flashes the vendor name at the top of a list of the stuff that was scanned, tax, and totals (JUST LIKE A RECIEPT), but gives you a choice of the payment protocols that you have in common with the POS terminal. You click one (Visa?) and you type the password into your Palm Pilot. Your Palm negotiates a secure connection to the POS terminal, and might ask you if you trust the vendor's certificate (ala SSL). It then sends the Visa credit card number with a signed certificate of the stuff you agreed to buy. The POS terminal flashes "Visa payment authorized," and the checkout clerk starts ringing up the next person.
Smart cards are more OBSCURED than this. If someone steals your palm-pilot, they would still have to guess your password before they could use it. Steal a smart card, and then keep on stealing! If you think tampering is an issue, then you don't know about zero-knowledge proofs, public-key crypto, haven't actually understood the IrFM protocol, and thus you aren't qualified to make the inference you draw between tamper-resistance and security. The devil is in the details.
I'm not sure I agree with you wholeheartedly.
These people do not care about security. If they did, they would learn how. It is easy (even though it exposes the need for more work) to write secure software if you assume a hostile operating environment. You get in the habit of thinking "how can this technique break down?" Consequently, you get in the habit of dealing with the most common/obvious things with other proven techniques. Even the people who prefer to write sloppy hacks can be made to practice security if there is a culture of "how can we keep this from breaking?"Their website appears to be running Linux Apache with ChiliSoft ASP and FP extensions.. a Linux hosting service catering to Microsoft victims who purport to promote broader use of OpenSource software?
I don't think anyone who allows FrontPage extensions to run on their web site should be taken seriously as a Free Software or Open Source advocate. Reason being that mod_dav is standard and competely servicable for the same function (except it doesn't support Microsoft FrontPage authoring AFAIK).
It looks to me like this OpenForum Europe is a fly-by-night operation anyway. They have almost NO web presence, which belies both involvement and advocacy of existing Free Software and Open Source projects.
Think: the boom was driven by fear. (pr0n is fnord) Big blue-chip businesses were afraid of losing market share to tiny startup companies with VC backing. The big boys employed the only guns they had in this duel: lots and lots of money. The game was on, spend smart vs. spend lots. In the end, only companies that could do both at the right time won out. The stock market prices were driven by the [greed]fear of missing out. People threw their savings into stocks on rumors, and they kept doing it to the point that it looked like the new capital was working. Au contraire! The boys in the boardroom were taking the money and playing the big game of poker I described above.
I believe that the technology boom was based on two things that are actually two manifestations of the same economic factor: pent up capacity segregated from pent up demand. Oh, and pent up Pr0n. Sex sells.
The capacity came from military technology developed in the Cold War that had saturated its military market. Cheap, reliable, peer-to-peer packet switching internetworking being the glaring example. The telephone companies are *still* tenaciously clinging to the consumer price models of inefficient and less reliable circut-switching networks, even though they get to take advantage of all the increased efficiency of packet switching (and cell switching) on their backends.
Everyone knows that if everyone got CAT-5 drops to our house and 10mb ethernet service, we would drop our telephone number in a heartbeat. Need I say more concerning pent up demand? (big discussion potential here)
The kicker for the spending only lit up the pent up telcom (oligopoly/monopoly) situation. Email was the killer app. Then, the WWW was the killer app. All those things did was offer up peer-to-peer network packet-switching efficiency as a distribution means for what we used to get by talking on the phone, writing letters, and reading catalogs, magazines (pr0n), and newspaper. It eats into our TV time, but TV (pr0n) still rules the drooling crowd.
If you want to recreate the factors that led up to the first boom, see what you have and what must be synthesized. Pent up demand? Untapped technology potential? VC backing? Greedy, irresponsible stock-market (pr0n) investors?
First time around it was easy to convince some millionaire idiot to give you a lot of money by spouting "web blah-(pr0n)blahbety-blah internet blahbety-blahbety blah (pr0n)." You're going to have to understand the difference between Yahoo and EBay: what they actually really had and the nameless hordes of web-shams designed to take ma-and-pa's retirement savings. You need to have a real matchup between untapped technology and real pent up (pr0n) demand.
Be sneaky. Get your (pr0n) ducks in a row legally, technically, financially, before you try to grab someone else's customers. The big guys are still afraid and licking their wounds from the last fight. Get on high ground while you're still operating on a (pr0n) shoestring.
If you build a better (pr0n) mousetrap... The exterminators guild is going to come after you. Leave them no option but to try and outspend your "agile" little startup, and the boom is on! Ride-em (pr0n) cowboy!
The economic benefit of the new technology was not able to account for the full amount of the bubble. The rest was (pr0n) greed driven by fear. People: the matches and tinder are still sitting on the woodpile, right next to the fireplace. One well-placed (pr0n) spark is all it will take. Just eke out a tiny but untouchable business, and *threaten* to expand without limits. (maniacal laughter)