Linux Works Even for Total Newbies

Really Linux.com ^ | 2006-03-07 | Rob Milner

[rzeznikj at stout]

They found it a week ago, and they've had updated packages in place. I ran the online update after installing 10.0--running the update on security packages under YaST.

Second, it requires someone to be futzing with the mirror directly or the commmunication--you'd have to be running a defacto install with no security measures, and the connection to the specific server turned on.

Third, you don't have to run YaST at all to update--you can d/l the packages and install with KPackage. Or, you can d/l the packages to a local directory and set the YaST installer to only run from the CD's and the local directory.

Finally, you can put the updated packages that fix the problem. The updated pkgs came up when I ran my first update and they were installed. I suspect other Suse users did the same thing.

The problem isn't as bad as ones I've seen on my peers' computers--they get trojaned just by running the OS.

[Golden Eagle]

when it comes from something that was free and then someone repackages it and tries to sell it without giving back to the free source--then it's at best unethical, if not outrightly wrong.

How so? Was it never actually "free" to begin with? Apparently not.

Even if they would have released the source in an unusable form (much like RH does with its Enterprise Linux source), I wouldn't have had a gripe, and I'd have paid for a copy.

Obviously they didn't feel they could afford to. Some have families, and a real religion.

This single incident prompted the Wine project to shove aside the BSD and adopt the LGPL for distribution.

Poor "winers", still probably signed their copyrights over to Stallman for legal protection. That's his little racket you know.

[birbear]

older populations

[Golden Eagle]

Second, it requires someone to be futzing with the mirror directly or the commmunication--

You apparently didn't even read the advisory, or don't know how to.

Third, you don't have to run YaST at all to update

Yeah right, whatever, none of them are as easy as what I do now.

The problem isn't as bad as ones I've seen on my peers' computers--they get trojaned just by running the OS.

Probably do, especially if they're running some obscure O/S that relies on the security of something like BT to get all their files.

[rzeznikj at stout]

So they did an unethical act by using other peoples' code and not giving anything back. If they would have posted their source as free--even in an unusable form, that would have been enough to settle the argument.

Much of their customer base wouldn't have been torqued off, and they could still sell their product. And I probably would have bought a copy.

The BSD license states that you can use licensed code in proprietary software. However, there is an implicit moral expectation that if you use code given to you for free, that you a.) at least give some credit to the provider, and that b.) give back something to the community.

And, if you want to talk about people who steal code, your buddies over at Micro$oft are the biggest offenders--and what they do is often outright illegal under state and federal laws--not just disregarding OSS licensing.

Finally, I'm not saying it was prohibited, just that what the developers did was an unethical act.

[gregwest]

I still have Mepis on my machine as a second system. I actually used it to rescue my Windows system when the boot sector got corrupted. I like the overall smoothness of it, but my chief complaint with Linux in general is MIDI. I use my computer to make music, teach guitar lessons, etc. Linux and MIDI just doesn't work. I just don't get it. Windows works great with all sorts of music apps and so does a Mac. Why can't Linux get it together to support musicians? I mean, we're all a bunch of cheapskates because we'd rather spend our money on instruments, amps, and studio gear. We'd be a natural for a free OS.

[rzeznikj at stout]

No, you just cherry-picked from the advisory. How about these tidbits from your adulterated evidence:

The preferred method for installing security updates is to use the YaST Online Update (YOU) tool. YOU detects which updates are required and automatically performs the necessary steps to verify and install them. Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement.

and:

Both attacks require an attacker either manipulating a YaST Online Update mirror or manipulating the network traffic between the mirror and your machine."

Clearly you have no clue as to what you're saying.

[Echo Talon]

:) I play guitar too, although I haven't picked up my ax in awhile.

[Golden Eagle]

If they would have posted their source as free--even in an unusable form, that would have been enough to settle the argument.

What argument,you said it was freely given away to others via the BSD license. Legally, these freeloaders didn't have a leg to stand on, and were actually hypocrytes for giving the code away to begin with.

if you want to talk about people who steal code, your buddies over at Micro$oft are the biggest offenders

Now you're backpeddling so hard your skateboard came out from under you. Steal code? Why would you care, since you want all code to be free, anyway?

I'm not saying it was prohibited, just that what the developers did was an unethical act.

We got it, don't take from "the community", unless you commit yourself to it for life.

[Golden Eagle]

This is the part of yours I meant to post:

--you'd have to be running a defacto install with no security measures, and the connection to the specific server turned on.

Defacto install? Do you not understand how a patch process works, and understand no single one provides complete security? And of course it required a connection to the server, that's what you said you were doing, and obviously why I mentioned it. You must be trying to run these enterprise versions without paying for your patches. Since that's what you believe, verses getting all your updates for free, for the life of the product, like I get.

[rzeznikj at stout]

The point is that if you run the updates, this isn't an issue. You have to be running something straight out of the box (read: not updated) and subsequently connected to a manipulated server to see any major damage.

I ran an update right after I installed mine. The updated packages are on my system. I imagine a good portion (if not the outright vast majority) of Suse users run the updates regularly and have the problem fixed.

You're obviously not reading my posts--just exactly how many times do I have to tell you these things?

[MikefromOhio]

I;m still wondering who Iggle is being paid by to be a shill for something that doesn't necessarily need this vehemence.....

At least I HOPE he's getting paid. It's pretty pathetic if he isn't.

[rzeznikj at stout]

Just because the BSD license doesn't explicitly prohibit it doesn't mean that it's sanctioned.

The point of open-source licenses of any kind is to give users and developers rights that most proprietary EULAs don't. Some of them explicitly prohibit the type of action done here, some don't. However, there is an implicit (and unwritten) understanding that the licensed product isn't going to be capriciously used.

[Golden Eagle]

You have no idea what you're talking about, not only technically, but especially overall. Good luck in school, I actually feel guilty that you're missing your studies, wasting all your time arguing incorrectly on the internet, apparently not learning anything here, either.

[rzeznikj at stout]

This is true...

[Golden Eagle]

Just because the BSD license doesn't explicitly prohibit it doesn't mean that it's sanctioned.

Sure it does, ever heard of "law".

there is an implicit (and unwritten) understanding

LOL, more cultish double speak.

[rzeznikj at stout]

Sir, I've explained why you don't know what you're saying. I've even pulled out quotes from the security advisory you shoved in my face that proves you cherry-picked your point.

Unless you've got something more intelligent to say, please do not post to me any more on this thread.

[When_Penguins_Attack]

Linux is waiting for a gaggle of code head musicians. When that occurs, you will (again) see a burst of products that will mimic what is out there in Windows, thne Apple. However, some of my clients are very successful (small scale) musicians, one of them being a niche band called Southern Culture on the Skids. Rick (the lead guitar player and leader of the band) says he only uses mac for production/mixing stuff (he has his own studio, of course and leases it out to other aspiring Chapel Hill bands). He says the Windows stuff sux. I don't know anything about it, and he is the kind of guy who swears he can hear a distinct difference between his 59 Telecaster and the 64 model (he must have 60 guitars). People like that are detail - a - holics, and he might use a program just because of some widget used when mixing one track with another. Like I said, I don't know beans about it, but I thought Mac sort of ruled in the music community. Trust me, though. If linux keeps building a base (and they are) some kid who is an aspiring musician and a cs major will decide "I don't like any of the synth/mix/whatever programs out there and I am going to just code one for linux," and we will be off to the races. The big thing I like about Linux is that. There is the kind of passion that used to surround apple scruffs years ago. People are innovative, creative, dedicated, helpful, and (largely) knowledgeable.

I think MS is going to be in full panic mode within the next 5 years, if not sooner. This will be good for MS, Linux, and the end users. Not that MS will "go away." Ain't gonna happen, and I don't want it to happen. But it will either become like Ford and GM, a dinosaur relic whose declining market share is steadily chipped away until, like GM, it is forced to completely reinvent itself or go under -- OR -- it will return to a company where the words "creativity" and "innovation" are more than just marketing buzzwords.

[When_Penguins_Attack]

Someone paid would be slicker and more knowledgeable. I think he just has mental problems.

[Golden Eagle]

I have my reasons for questioning Linux. You can start with these links here:


http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=102x665385

http://www.nytimes.com/2004/07/05/technology/05systems.html?ei=5090&en=269f1a83d00e9e51&ex=1246766400&partner=rssuserland&pagewanted=print&position=

http://www.eweek.com/article2/0,1759,1617712,00.asp?kc=EWNKT0209KTX1K0100440

http://www.internetnews.com/dev-news/article.php/3400071

http://ianmurdock.com/?p=54

http://weblog.flora.org/article.php3?story_id=552

http://zgp.org/linux-elitists/p05210612bb7d87639a93@[192.168.1.101].html

http://www.linuxlinks.com/portal/news/article.php?story=20050624042207848&mode=print

http://www.linuxpipeline.com/42700029

http://www.oreillynet.com/pub/wlg/5279

http://www.linuxjournal.com/article/7239

http://asia.cnet.com/news/software/printfriendly.htm?AT=39146335-39001094t-39000001c

http://slashdot.org/articles/99/11/10/1457205.shtml

http://linux.slashdot.org/linux/05/05/19/1213245.shtml?tid=106&tid=219

http://slashdot.org/articles/03/10/30/1435248.shtml

http://www.iranian.ws/cgi-bin/iran_news/exec/view.cgi/2/3822

http://linuxtoday.com/news_story.php3?ltsn=2002-08-30-011-26-NW-LL-PB

http://slashdot.org/articles/03/05/01/1148227.shtml?tid=103&tid=99

http://www.zdnet.co.uk/print?TYPE=story&AT=2133230-39020381t-10000002c

http://www.pcworld.com/reviews/article/0,aid,104039,src,ov,00.asp

http://www.usatoday.com/tech/news/techpolicy/2003-10-20-open-source-mass_x.htm

http://www.newsforge.com/business/04/02/27/2329240.shtml

http://europa.eu.int/idabc/en/document/1736/531

http://www.osdir.com/Article8328.phtml