Feeds

* Posts by Richard Plinston

1197 posts • joined 27 Apr 2009

Page:

Cracking copyright law: How a simian selfie stunt could make a monkey out of Wikipedia

Richard Plinston
Silver badge

Re: Recent news on Page 2

> If I take a picture of you with your camera after you asked me to take a picture of it I still own the copyright to the said picture.

No you don't. You would be acting as an agent under direction by the person asking you. If you don't like the idea of being a mere agent then refuse to take the picture. If you want to own copyright to a photo then use your own camera.

> You still own the copyright of a picture you took of me illegally.

If you are in a public place then taking a photo of you is not illegal.

The monkey owns the copyright to the picture not the camera owner, or perhaps the owner of the monkey?

0
0
Richard Plinston
Silver badge

Re: I'm puzzled by this article

> The US Copyright Office is quite clear that he does not. Your wishes have no bearing on the matter.

Your assertion is incorrect. The US Copyright Office refused an application to register the copyright because it is in dispute and registering it would preempt any court case. They do not say that Slater does not own copyright, only that they reject his application.

4
0
Richard Plinston
Silver badge

> If I work for a company, and I do some video shooting with their equipment, even as part of my job specs (say you are hired as a cameraman) _I_ own the copyright UNLESS there is a SPECIFIC, EXPLICIT contractual language that gives the corporation the copyright. The employment contract (if you are an employee) must state explicitly (like many I've seen) that the employer owns any copyrights in work you have done for them. It must be a SIGNED contract.

Certainly it would be sensible to have a specific contract but, for example, in the USA:

http://www.tms.org/pubs/journals/JOM/matters/matters-9608.html

"""If an employee does not have an employment contract and creates a copyrightable work in the scope of his or her employment. U.S. copyright law includes a statutory provision called the "work made for hire" doctrine, which provides that the employer and not the employee/author is the author of a work prepared by an employee within the scope of his or her employment. Because the employer is considered the "author" of the work, the employer owns the copyright in the work under Section 201. """

"""The Supreme Court stepped into this fray in 1989. The Supreme Court adopted the third approach-an employment relationship was to be determined by applying agency law principles. The court enumerated several factors that are relevant in determining whether the hired party is an employee under the general common law of agency. These factors include the skill required for creating the work; the amount of control the hiring party has over the hired party; where the work is performed; the method of payment of the hired party; and the source of the hired party's tools, office space, and other instrumentalities of doing the job. The court also considered whether the hiring party has the right to assign additional projects, whether the work is part of the hiring party's regular business, whether employee benefits are extended to the hiring party, and the tax treatment of the hired party."""

"""David Radack is a partner in the law firm Eckert Seamans Cherin & Mellott"""

So, in general, your opinion is in conflict with that of lawyers. Note specifically "the source of the hired party's tools".

1
0
Richard Plinston
Silver badge

> Say I work as a burger flipper at Bobs' Burgers, and the manager hands me a camera and says "Take some photo's of the staff for the staff newsletter", and i do. If the employment contract doesn't EXPLICITLY state that Bob's Burgers owns the copyright to any creative work I do while employed by them, then _I_ am the copyright owner, no matter who owns the equipment.

Wrong. If your employer instructs you, during the hours of your employment, to use his camera and to take specific photographs then you are acting as his agent and have no ownership of copyright.

1
2
Richard Plinston
Silver badge

> Agency requires a contract! This is true in all Berne convention nations.

> The ONLY time agency is implicit is if

So you claim that a contract is _required_ and then state that it can be implicit. Which is it?

> How can you possibly defend the idea that a random stranger firing the camera falls under an agency agreement?

A random stranger pressing the button may come under one or more situations:

* An implicit contract that they are acting as an agent.

* A trespasser or TWOCer 'stealing' the use of your equipment.

In neither case are they entitled to own the copyright.

For example if you ask someone in the street to take your photo with your camera it does not give them the right to sue you if you show that photo to your parents, or even if it is published (say, on Facepalm). It is implicit that they are acting as an unpaid agent.

0
2
Richard Plinston
Silver badge

> Ownership of a device doesnt make you a creator.

No, but it is likely that it makes the device owner the owner of the copyright.

Just as a programmer that is an employee writing programming code on the company's equipment does not own the copyright of what he has created so it is with photographs or any other material.

Do you think that in Universal Studios the cameramen can sell the movies ?

1
3
Richard Plinston
Silver badge

> was to ask who owned the film

Exactly. These days it is 'who owns the SD Card' or similar.

0
0
Richard Plinston
Silver badge

> Answer: the person who took the picture.

No. That is not true. Many companies have employees and contractors who take photographs or produce graphic or text work that is copyright. If the person is an employee on salary or wages and uses equipment and media belonging to the company then regardless of who 'pushes the button' the copyright belongs to the company. If the person is a contractor who has his own equipment and media then the copyright belongs to him though it may be assigned to the company in the contract, or the company may just have a license for those items.

In the case of Slater vs monkey there is no question of ownership of equipment, thus the monkey was acting as an unpaid employee or volunteer and has no claim to any copyright which belongs to the equipment and media owner.

Nor does your 'total stranger' have any claim. In the absence of any prior or negotiated agreement if they claim ownership of _anything_ related to or derived from that camera or media owned by you then it would theft.

2
2
Richard Plinston
Silver badge

> the only reason to claim copyright would be that he owned the camera, which is not a valid one.

It is a completely valid reason to claim copyright and one that is used continuously by companies that have employees. If the company supplies the equipment and media to employees then the company owns the copyright.

3
4

UK.gov's Open Source switch WON'T get rid of Microsoft, y'know

Richard Plinston
Silver badge

> lol, that's utter rubbish

Yet another round of TheVogon misinformation is posted.

> over 25% of their users still had to use Windows

They don't 'use Windows', they sometimes use legacy software which happens to only run on Windows. Most of those 25% only have to do that occasionally and run their Linux most of the time.

> The only independent numbers (from HP)

That report was _not_ independent, it was paid for by Microsoft. It has been discredited on several grounds, one is that they did not talk to Munich but just made up their own numbers, and mainly they included the costs of buying new computers at frequent intervals when Munich did not buy any.

> it has cost them €30 million more

No it hasn't. Munich know exactly what the figures were and there was a significant saving.

> more than upgrading to a current Microsoft stack for a whole world of pain -

There was no world of pain, and probably less than upgrading successively to XP (they were using NT and 2000), then to 7 and then to 8 as well as the upgrades and retraining to Office 2007, then to 2010 and so on.

I am afraid that it is your post that is "utter rubbish", as all your posts are.

13
0

Man FOUND ON MOON denies lunar alien interface

Richard Plinston
Silver badge

Re: @Richard Plinston

> none of whom can claim a "'right'" to state an opinion

You have completely missed the point: _everyone_ has the 'right' to express whatever opinions they wish to. You are attempting to control others 'rights' while you do not have any superior 'rights' to do that.

> What you don't seem to realize is that science is not some sort of "democratic" process

I didn't even mention science, nor democratic process.

> There are two facts and only two facts in this matter:

That may be your opinion (stated as fact) but there may be other relevant facts, you just don't know of them.

2
2
Richard Plinston
Silver badge

> Buzz Aldrin may have stood on the surface of the moon, but neither that nor anything else gives him the right to state that as fact. That's pure opinion, conjecture... and the hard evidence is completely against it.

And what is it that you have done to be able to claim a superior 'right' to state your opinion as if it were fact.

12
2

The Windows 8 dilemma: Win 8 or wait for 9?

Richard Plinston
Silver badge

Re: Time for some truly revolutionary GUIs?

> Why voice control is not the goal of the next level of PC and tablet UI design I don't know

I had an OS/2 box nearly 20 years ago that had voice input as a standard feature.

Microsoft had Speech API (SAPI) since 1995:

"""The first version of SAPI was released in 1995, and was supported on Windows 95 and Windows NT 3.51. """

Voice control was the goal of the _previous_ (x2 or x3) level of PCs.

0
0

Google de-listing of BBC article 'broke UK and Euro public interest laws' - So WHY do it?

Richard Plinston
Silver badge

Re: not illegal

> removal of links is an attempt to hide certain points of view

Removal of a link does _not_ hide the point of view. The article is still accessible. It can still be found via other search criteria and other links.

> if Google removed the term "Facebook" from its index,

Searching for a person's name, or other content, would still show links to Facebook.

4
0

Microsoft's anti-malware crusade knackers '4 MILLION' No-IP users

Richard Plinston
Silver badge

> I avoid Windows as much as possible.

> I cannot connect to my home server

Job done!!

0
0

Average chump in 'bank' phone scam is STUNG for £10,000 - study

Richard Plinston
Silver badge

Re: Nice!

> All cold-callers read from scripts, so are virtually indistinguishable from pre-recorded auto-diallers,

Many years ago (decades) there was an infamous carpet cleaning business in this country that had one of the early auto dial-response systems that made a call then listened for a response, such as may occur if someone actually wanted their services. Whenever they called I put the phone on top of the radio so that it filled up their tape.

I do believe in free speech. Callers are allowed to say what they want for as long as they wish, but I am equally free to not listen to it. They can talk to my desk as long as they are paying for the call. It stops them annoying someone else for a few minutes.

4
0

Freeze, Glasshole! Stop spying on me at the ATM

Richard Plinston
Silver badge

Re: I prefer the infra-red camera trick

> The most recent key pressed glows brightest.

I have always rested my hand flat on the keypad with all fingers on keys (and my other hand, or wallet, covering). It is then possible to press the appropriate keys with minimum finger movement, and no heat difference.

I do see people using a single finger to poke the keys which makes it easy to read their number from metres away.

0
0

Russian gov to dump x86, bake own 64-bit ARM chips - reports

Richard Plinston
Silver badge

Re: Don't believe everything you read. OTOH...

> and before that, made the Rolls Royce jet engine as good as anything the USA had.

Partly because many of the USA jet engines* were license built British designs. The Soviets neglected to get a license.

* J31, J33, J42, J65, ...

1
0

Microsoft hopes for FONDLESLAB FRENZY as Surface Pro 3 debuts

Richard Plinston
Silver badge

Re: proceeded to review their samples based on their normal laptop usage

> then perhaps something like the surface might enable them to have one less device

Actually Microsoft wants you have one _more_ device. They want you to keep your desktop (and buy Win8.1 and Office) _and_ buy a Surface. (and buy a Windows Phone).

That was the point of Win8 Metro: to make the UI 'the most familiar' so that you _demand_ that on your tablet and phone.

4
2
Richard Plinston
Silver badge

Re: 3rd Time Lucky for MS?

> I remember hearing this in the 1990s from an ICL marketing colleague about the PC-TV.

The origin of those was that Bill Gates had seen a survey that had most houses have the TV and the computer in the same room and concluded that people wanted a combined device.

Actually the reason for having them in the same room is that they didn't have a 22 room mansion like Gates had.

4
0

Microsoft poised to take Web server crown from Apache

Richard Plinston
Silver badge

Re: Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> So, it's a webserver, just not an ordinary 'general purpose' webserver. And you said that before? No. You claimed it was a webserver. So now it's a special webserver that doesn't serve webpages unless it generates them itself?

That is correct, it serves webpages that it generates all by itself, it serves them directly back to the client. It is a 'specialized' webserver. One that does one particular job with a particular set of pages that it does not allow to be changed, such as may occur if they were disk files that could be edited. It does not do anything that is unrelated to Samba, it leaves that to other programs.

It is not "special". Your misreading and misrepresentation shows up your lack of language skills, or perhaps you just don't know the difference. It is not 'special' (it is specialized) because there are dozens or hundreds of programs that are webservers in their own right and don't need Apache or port 80 to serve web pages. I can write one in a few minutes.

> BTW, you do realise that DHTML is a group of technologies that produces the dynamic webpages,

"DHTML" is merely a collection of languages and ways of using them, it is not a server. It is not the _only_ way of having dynamic webpages, it can be dynamic _without_ specifically being DHTML.

From : https://en.wikipedia.org/wiki/Dynamic_HTML

"""By contrast, a dynamic web page is a broader concept, covering any web page generated differently for each user, load occurrence, or specific variable values."""

> usually by scripting in something like JavaScript, but doesn't include the tech to serve them to clients.

SWAT is probably written in C. Javascript is usually on the client side rather than the server. SWAT _does_ include the program code to send the pages to the client, it is not hard to do. It does not require any other program to do that for it. But then I doubt that you could recognise the difference.

> No webserver and no presentation of the dynamic pages.

It is a webserver. It does present the pages to the user.

> 'special' ones to go with the 'special' webserver?

'Specialised', do try and learn something, even if it just the ability to read some words without changing them.

1
1
Richard Plinston
Silver badge

Re: Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> ".....SWAT _is_ a webserver ....." No it is not. Create an HTML page such as index.html in the same path as the SWAT executable, kill your webserver, then go to your client and try accessing it with say http://servername:901/usr/local/samba/swat/index.html - it will not work.

You are a complete fuckwit.

SWAT does not send static html pages (such as files containing html), it sends dynamic html pages that it generates itself. It does not need to be a general purpose webserver to be an actual webserver.

2
1
Richard Plinston
Silver badge

Re: Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> The whole process is run as a webpage (<= big hint there) over http by httpd.

The whole process is run as a webpage over http by WHICHEVER WEBSERVER you connect to. SWAT _is_ a webserver and does not need, nor use, any other httpd server or webserver.

0
1
Richard Plinston
Silver badge

Re: Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> ".....Webmin will listen on port 10000 for http requests...." Webmin? LOL! Go have a look, buried in the menus of Webmin you will find - tada! - SWAT!

You will find a _link_ to swat, if it is installed. That link will contain the swat port number. so when that link is clicked in the browser the connection goes directly to swat (via xinetd and given the config allows it). It does _NOT_ go via port 80, 'httpd' or webmin.

> you still need a webserver of some form to handle the http requests,

SWAT _is_ a webserver (on port 901)

Webmin _is_ a webserver (on port 10000)

CUPS _is_ a webserver (on port 631)

You _do_not_need_ a webserver on port 80, nor 'httpd', to access those webservers. There is no need to run a general purpose webserver, such as Apache, in order to run those specialised webservers.

> and for Linux it is Apache that is the most popular choice, therefore it is Apache which will unquestioningly send requests on to port 901

_NO_IT_DOES_NOT_. Xinetd sends the requests to swat on port 901.

> and the potential security hole of SWAT if you haven't got your security sorted.

Only if is _deliberately_ installed AND _deliberately_ configured to be a) active, b) open to other machines, c) set so non-root users logins can write (if that is actually possible).

> That is handled at the setup stage by http, on port 80 (or whatever port your deluded AC buddy wants to set for http) and THEN handed over to port 901 for the transfer of data.

_NO_IT_IS_NOT_. An http request on port 901 _DOES_NOT_ go to port 80. Xinetd sends it to the webserver configured on port 901, swat is that webserver.

What you are confused by is that any webserver, or indeed any server, on any port will respond to a *connection request* by assigning an _unused_ port number to continue the conversation on until the request is completed.

So, for example, Apache will get a *connection request* on port 80 and then may assign, say, port 56382 to that conversation which will then be used while all the parts of the web pages are sent.

Swat will get *connection requests* on port 901 (without Apache, httpd, or port 80 involved at all) and will also assign an unused port to the conversation, maybe 41307.

1
0
Richard Plinston
Silver badge

Re: AC Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> "....That's why you can configure web servers to listen for http on port 9999 if you wanted to, and nothing on port 80, and if you specify http://domain.org:9999 then you'll get web pages." Only if your web service is running, you moron. No httpd and it doesn't matter what port you have specified.

No. You are completely _wrong_. You do not need anything listening on port 80, nor do you need 'httpd' nor Apache. I can write a program, or configure one, to listen on port 9999 and have that serve 'web pages' (or anything else that I wish) in response to http requests made on port 9999 _without_ there being any httpd program in the system.

And that is because xinetd does the work, not Apache.

1
1
Richard Plinston
Silver badge

Re: Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> if I turn off my webserver it doesn't matter what port you add on the end of the URL in a browser, you will not see any webpages, because there is nothing on port 80 to answer the request and push the connection to port 901.

That is completely and absolutely untrue. SWAT, for example, will listen on port 901 and respond to that regardless of the presence or absence of 'httpd'. Putting the port number on the URL _DOES_NOT_ send the request on port 80, nor does it send it to 'httpd', Xinetd routes it based on /etc/services (and depending on limitations in the appropriate firewall and config files) directly to the service, which in this case is swat.

Yes, I have been confused by your claims, but that is because I understand how it actually works, and not some mish-mash of your half-learned misunderstandings.

1
1
Richard Plinston
Silver badge

Re: Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> You do realise that all webservers, by default, listen on port 80 for http requests and then pass the request to any port you add on the end if the URL? Oh, you didn't? Please do point out the process you think is able to handle the http requests other than the process httpd?

Yes, a webserver, such as Apache or Nginx or many others, will listen on port 80 and usually also on port 443. You then confuse this with _all_ possible http servers. CUPS will listen on port 631 for http requests, Webmin will listen on port 10000 for http requests. These are all servers and will respond to http requests on the ports they listen to.

If a port number is added to an http request (such as https://localhost:10000) is _DOES_NOT_ go to port 80, nor to Apache, it goes to Webmin server directly (if it is running) or goes nowhere (if no server is listening on port 10000), it does not go to Apache or Nginx.

You have a fundamental misunderstanding of how http works. It is not 'http' that directs connections to a particular webserver, it is the port number. It is the browser that adds the default port numbers of 80 and 443 (for http and https) if no port is added. If a port number is added to the URL and Apache is not listening on that port then Apache does not see it. Apache is _not_ doing the routing.

If you were to actually look at an /etc/service file (which apparently you had not even heard of before) you would see the list of possible services where the port number is matched to service. This is _not_ handled by Apache, but by a lower level service: inetd or xinetd.

https://en.wikipedia.org/wiki/Xinetd.

> Please do point out the process you think is able to handle the http requests other than the process httpd?

Xinetd handles all connection requests and passes them out, as defined in the /etc/services and xinetd.d files to the appropriate server. This may be Apache for port 80 or CUPS for port 631 or ftpd for port 21.

How hard is that ?

1
1
Richard Plinston
Silver badge

Re: Dick Plinston John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> ".....Apache _never_ exposes port 901...." No, web requests via http are never handled by Apache.... DUH! If you go read the Linux (and many UNIX) pages on setting up SWAT you will often see a line 'add and entry for swat in /etc/services

You are obviously unaware that different services are handled by different programs and you have never even looked at /etc/services. Connections on ports 80 and 443 are passed to Apache (if installed and activated), port 21 is passed to the ftp server (if installed and activated), port 3306 goes to MySQL, etc.

That is _why_ there are different ports, because there are different services provided by different programs. inetd is the program that receives the connections and passes them to the services based on the /etc/services configuration and on the various matching xinetd.d configuration files.

It happens that connections on port 901 are _not_ passed to Apache but go to SWAT if it has been installed _and_enabled_.

If you can't even understand this fundamental level of networking then you should not be posting at all.

> but several Linux distributions do not install SWAT by default ... several Linux distros DO install it by default?

1) SWAT is only ever installed _if_Samba_is_installed_. So when Samba is installed if may, or may not, install SWAT as well (which is the point made by the Samba team). So to prove your point you need to find out if Samba is installed _by_default_ and then determine if this also installs SWAT _by_default_.

2) NONE of them _activate_ it by default, which was your claim.

3-5) NONE of them configure it in demo-mode, open to the web, or able to write without a non-root login, which were also your claims.

You are _way_ out of your depth.

0
1
Richard Plinston
Silver badge

Re: Richard Plinston Levent Zillyboy Chris Wareham

> "....The Red Mist is blocking your reading skills...." The penguin feathers are blocking yours. Wise up - no OS is free of security issues, not even Linux. Blind denial only helps those trying to crack your systems.

I have never denied that OSes have security issues. I am denying that your claims about Apache and port 901, about 'SWAT active by default', about 'no password login by default', are completely untrue.

>As you admitted, you had to go check a server you set up for a client

I did check the server, but it was _not_ one that I set up, there was never the implication that I had done so. In fact I mentioned 'the installer' as a third party.

> as you didn't know if the proper security for SWAT had been set - not exactly a ringing endorsement.

It did not need to be 'set'. It was inactive by default in spite of your bogus claims.

1
1
Richard Plinston
Silver badge

Re: Richard Plinston Levent Zillyboy Chris Wareham

> You asked for distros with it bundled. And it was both bundled and active by default in older versions, as I showed with RHEL AS4, which you were unable to disprove

You do not seem to understand that there is a distinction between 'in the repository' and 'installed and active by default'. Here is actually what I asked:

"""So are some games "bundled into distros". Show me the distros that install SAMBA and SWAT "by default". Show me which distros enable these "by default"."""

I did disprove your claim that it was 'active by default'. More to the point you have not established _any_ of your claims at all, especially where you conflate Apache and SWAT. The configuration file was 'as installed' as shown by the file date/time. Whether the selection box for installing it was clicked by the installer or was already clicked would require me to go through the install process, which you obviously have never done.

> (on a client's box you admit you didn't even know the security profile of for a very well-known security issue - not reassuring as to your admin credentials). Yet you want to insist you have disproven the point? Male bovine manure.

It is not a machine that I administer, nor do I administer _any_ Samba sites , nor is Samba active on any machine that I do administer, so the 'issue' is of no concern to me or the client.

> ".....SWAT is _not_ part of Apache...." I never said it was,

Yes you did, you frequently conflated Apache and SWAT: you claimed: """ and the fact that activating Apache exposes port 901 """. Port 901 is the port for SWAT. AND """(b) turning on Apache without checking DOES leave port 901 open for an attack if the right SWAT security steps have not been taken. """ AND """ Many admins do not realise that leaving the default Apache install running allows anyone with the IP address of the system the ability to go directly to that [Samba] configuration file,"""

> As you admitted, you had to go check a server you set up for a client as you didn't know if the proper security for SWAT had been set - not exactly a ringing endorsement.

It is called 'gathering evidence', something that you seem unfamiliar with.

> And you're still trying to deny (a) it is an extensively documented issue,

What _is_ 'extensively documented', even in the one link that you supplied, is that SWAT is _NOT_ activated by default, despite your repeated bogus claims.

> and (b) turning on Apache without checking DOES leave port 901 open for an attack if the right SWAT security steps have not been taken.

Once again you conflate Apache with SWAT when they have no connection. Apache _never_ opens port 901 (unless explicitly configured for some unknown reason).

> I said it was common for admins to leave the Apache web service running without realising the possible security holes, including the SWAT/SAMBA issue.

And again your attribute Apache as somehow installing and activating Samba and SWAT when they are unrelated products (that both happen to be independently accessed by a browser).

> ".....SWAT is related to Apache (not true, but you continue to claim it)...." Stop lying just because you lost the argument. I never said that at all,

Yes you did, and repeatedly claimed it again, see your (b) above.

> You couldn't even prove this for RH AS4, let alone all the other even older distros, but you want to claim you have proven otherwise?

You have repeatedly made the claim, it is for you to prove. You are just waving aside the evidence, even the evidence in the link that you did provide.

> "....* SWAT, by default, requires no logging in (not true)...." Another lie, please post to where I said that.

Here it is: """ ".....SWAT requires logging in....." Only if you configure it to. """ and here: """On SAMBA (Linux and UNIX) the smb.conf file is presented out to the World as a web page on TCP port 901 via the SWAT without any protecting login mechanism and with permissions allowing anyone to edit the file."""

> "......SWAT, by default, can be accessed from other machines (not true)...." Not what I said, not even close. What I said was an insecure configuration of SWAT would allow any system with LAN access to the target server to go to the SWAT web page on port 901 and edit the SAMBA config.

What you said was: """the smb.conf file is presented out to the World as a web page on TCP port 901 via the SWAT without any protecting login mechanism and with permissions allowing anyone to edit the file.""". Which is and always was completely untrue.

And here, from that message, is another example of your conflating Apache and SWAT: """ I'm guessing by your response you did not realise what toys get exposed as soon as you turn on Apache?"""

If you want your rantings to be accepted then you need to _prove_ that in some distant past SWAT was installed by default, activate by default, in demo mode by default, was accessible beyond the localhost by default, and in any way was part of Apache. Good luck with _any_ of that.

1
1
Richard Plinston
Silver badge

Re: John Sanders Richard Plinston Levent Zillyboy Chris Wareham

> and the fact that activating Apache exposes port 901

Apache _never_ exposes port 901 (unless someone explicity adds it to the config). You appear to be unable to distinguish between the http protocol and Apache as a web server for ports 80 and 443. There are many ports and each may have its own distinct server program.

> (http://www.samba.org/samba/history/security.html).

An actual link. Wonder of wonders!!

However, NONE of that support _any_ of your claims. They do refer to 'Clickjacking' and 'Cross-Site Request Forgery' which are the result of security issues in the _browser_client_, such as Internet Explorer.

If you had actually read any of the reports you may have LEARNED SOMETHING because you would have found:

""" Note that SWAT must be enabled in order for this

== vulnerability to be exploitable. By default, SWAT

== is *not* enabled on a Samba install.

"""

So even the links that you offer as support show your claims are wrong.

1
1
Richard Plinston
Silver badge

Re: Richard Plinston Levent Zillyboy Chris Wareham

> So first you admit SWAT and SAMBA are in the distros, even though you said they never were....

You appear to be unable to distinguish between your claim of "being installed and enabled by default" (which I said didn't happen) and being "in the distros".

> so either they came with it by default OR their admins were not as skilled as you the Linux community likes to think they are,

It is entirely possible that an admin (probably a click and pray Windows admin) could incompetently configure SWAT and/or deliberately put it into demo mode. That is whole lot different than your bogus claim that merely having Apache installed opens port 901 so that anyone on the net can change the Samba configuration - which is several layers completely wrong.

> So you can't say if it was bundled and enabled by default,

Your reading skills are lacking. I _did_ say it wasn't enabled by default.

> but then you can say xinetd.conf hasn't been configured since install (how?) - more than a little denial going on, it seems.

The /etc/xinetd.d/swat file - which is the appropriate configuration file has the date and time of the install, and is the same as all the other config files created during install and not edited since.

> more than a little denial going on, it seems.

There may be denial going on, but it is on your part, you seem unable to accept that your are clueless about the subject even to the point of mixing up Apache and SWAT.

> you're just adding to my argument that (a) the Apache webserver exposes security holes many Linux admins don't even know about

SWAT is _not_ part of Apache, nor does it normally run under Apache, they are completely products with different installs and different configurations. If you cant even get this right then you shouldn't be allowed near a computer.

> (you yourself don't even know if your RHEL4 client was so configured, you had to go check - not good security practice),

The Red Mist is blocking your reading skills. It is my client's RHEL4 server, not my machine. I always look for _evidence_ to back up my statements which you seem to fail to do, merely saying 'Google for it' or claiming 'denial' for not accepting your unsupported assertions.

As for claiming that 'checking is not good security practice' I am sure that the rest of the forum will have a good laugh over that one.

> I suggest YOU go do some Web reading on SAMBA

And once again you merely wave the 'go and search' because, presumably, you can't actually find an actual reference that supports your claims yet again.

The layers that you have to show are your bogus claims:

* SWAT is related to Apache (not true, but you continue to claim it)

* SWAT is installed _and_enabled_ by default (not true)

* SWAT, by default, requires no logging in (not true)

* SWAT, by default, can be accessed from other machines (not true)

* SWAT allows non-root login to change the Samba config (it does not)

1
1
Richard Plinston
Silver badge

Re: Richard Plinston Levent Zillyboy Chris Wareham

>> ".....Show me the distros that install SAMBA and SWAT "by default"....

> there are plenty of distros still containing both by default

Many distros have Samba and SWAT in their repos, your claim was that they _installed_ and _enabled_ these "by default", and that this allowed them to be accessed from the internet without a login.

> Yahoogle of "linux distro swat samba"

And if you had done that you would not have found anything to back up your claims. For example for Ubuntu Server is tells you that to get Samba and SWAT it is necessary to:

sudo apt-get instal samba smbfs samba-doc swat xinetd

sudo update-inetd --enable 'swat'

sudo dpkg-reconfigure xinetd

and then enter of change the configuration. How does this match your _bogus_ "by default" ?

> And if I recall correctly, both SAMBA and SWAT were bundled in and active when deployed in even enterprise distros at least as late as RHEL AS 4

As it happens I have a client that still runs a RHEL4 box or two that I can access from my desk. They do not use Samba or SWAT but it is installed. Whether this was 'by default' or was selected from the installation list I can't say but it definitely is _not_ active. The xinet.d config file is exactly as installed and has 'disable = yes' and 'only_from = localhost' so it is _not_ active and even if it was activated it is not accessible from outside that machine. Your uninformed claims are completely bogus.

You may also note, if you read anything about the product, that logging in as anything other than root will limit the facilities and _prevent_ updating the Samba configuration. The plain text password issue is easily overcome by using stunnel (or running under Apache with https). As the default is localhost only then this is not an issue.

>>> Many admins do not realise that leaving the default Apache install running allows anyone with the IP address of the system the ability to go directly to that configuration file

That is completely uninformed and bogus. Apache does _not_ install SWAT or v.v. they are completely independent unless deliberately configured.

>>> you did not realise what toys get exposed as soon as you turn on Apache?

Not only bogus and misleading, but also a bare-faced lie.

1
1
Richard Plinston
Silver badge

Re: Richard Plinston Levent Zillyboy Chris Wareham

> ".....SWAT requires logging in....." Only if you configure it to.

I just did a clean install from the repo and this is the config file as installed. First SWAT is disabled by default, then it will only run from the localhost, it will not allow connection from any other machine.

The only way to avoid it asking for a logon is to change to demo mode using a runtime option:

Usage: swat [OPTION...]

-a, --disable-authentication Disable authentication (demo mode)

# default: off

# description: SWAT is the Samba Web Admin Tool. Use swat \

# to configure your Samba server. To use SWAT, \

# connect to port 901 with your favorite web browser.

service swat

{

port = 901

socket_type = stream

wait = no

only_from = 127.0.0.1

user = root

server = /usr/sbin/swat

log_on_failure += USERID

disable = yes

}

> ".....SWAT has little to do with Apache....." True, it is just the two are often bundled into distros and installed (and enabled) by default.

So are some games "bundled into distros". Show me the distros that install SAMBA and SWAT "by default". Show me which distros enable these "by default".

The Ubuntu documentation shows that neither SAMBA nor SWAT are installed by default and must be installed by sudo apt-get. SWAT is not enabled and must, at least, have the 'disable = yes' changed to 'no'.

3
1
Richard Plinston
Silver badge

Re: Levent Zillyboy Chris Wareham

> SWAT without any protecting login mechanism

SWAT requires logging in.

"""Access to SWAT will prompt for a logon. If you log onto SWAT as any non-root user, the only permission allowed is to view certain aspects of configuration """

> leaving the default Apache install running ... as soon as you turn on Apache?

SWAT has little to do with Apache. It does not need to use Apache or vice versa. It is possible to configure Apache to run SWAT as a cgi but this is unnecessary and is not normal on Linux or Unix. If this is done then it doesn't use port 901.

2
1
Richard Plinston
Silver badge

Re: Nick Kew Deja vu again

> many IIS servers run on corporate intranets and therefore are not visible on the Web at all, making IIS's real share of the webserver market even larger than the Netcraft survey suggest.

All my corporate clients run Apache on Red Hat for their internal web servers and for the web facing server.

4
1
Richard Plinston
Silver badge

Re: Majority has decided what is the eb server of choice....

> ... for parked domains

Exactly. If you want a web server for sites with no content and no traffic then IIS is perfect. You can also, apparently, get it paid for by MS.

29
5

Microsoft C# chief Hejlsberg: Our open-source Apache pick will clear the FUD

Richard Plinston
Silver badge

Re: It is not a cancer

IDC says: "adoption of its OS was up 91 per cent, with global share rising from 2.6 per cent to 3.3 per cent last year."

Exactly. That was last year Q3. Since then it has dropped to 2.9% and then to 2.0%.

> Primarily of Asha and other legacy OS devices.

Yes, but also WP.

2
0
Richard Plinston
Silver badge

Re: It is not a cancer

> Actually there is no month Year on Year in the last 24 months where WP wasn't the fastest growing mobile platform.

And yet Lumia (at least 90% of WP) has had a _falling_ market share.

"""Lumia sales Q3 of 2013 . . . . . 8.8 M units . . . . 3.3% market share of all smarpthones

Lumia sales Q4 of 2013 . . . . . 8.2 M units . . . . 2.9% market share of all smartphones

Lumia sales Q1 of 2014 . . . . . 5.6 M units . . . . 2.0% market share of all smartphones

Source: TomiAhonen Consulting Analysis 3 June 2014, based on manufacturer and industry data"""

Even Nokia admit to falling sales:

http://www.wpcentral.com/nokia-posts-q1-interim-report-handset-sales-down-30-percent

> Nokia already paid it back and the license fees

"""However with the increase in Lumia sales (4.4 Million) the tides have turned, seeing that the amount of software royalties Nokia has to pay has for the first time exceeded the 250 Million quarterly payout by Microsoft''''

This implies that the fees were $55.00 per phone. Others say that it was $15.00.

1
1
Richard Plinston
Silver badge

Re: It is not a cancer - Microsoft is the real cancer

> Ignorance. In reality C# use is ahead of C and Python:

> https://sites.google.com/site/pydatalog/pypl/PyPL-PopularitY-of-Programming-Language

"""created by analyzing how often language tutorials are searched on Google"""

So it is ahead on a scale that is measured by counting accesses by people who don't know it.

Note this access of tutorials does not include those that are taught formally, such as in courses. It does not include those that have already learned the language. It does not cater for tutorials that are poor or incomplete which would have those being discarded and another search being made.

3
1
Richard Plinston
Silver badge

Re: Like Linux....

> ... you do realize the MSFT was one of the largest contributors to the Linux kernel at one point?*

It _was_ a top contributor for one month a few years ago. All on the 'contributions' were related to Microsoft virtualization so that Linux could run on Windows or vv.

6
0
Richard Plinston
Silver badge

Re: It is not a cancer

> Windows Phone is already ahead of IOS in 25 countries.

That happened in _one_ month when Nokia _shipped_ more phones than Apple to those countries because a) Apple did not ship to those countries or b) it was the month before Apple announced their new phone and shipments were delayed until the new production was up and running.

> And is still the fastest growing mobile platform year on year.

It was for _one_ quarter many months ago (2012Q3 - 2013Q3) and that was because in 2012Q3 WP7 had been killed dead and WP8 wasn't in production. Since 2013Q3 WP has been in decline and 2014Q1 unit figures were below 2013Q1.

> With the imminent release of the Lumia 930 - which imo is their first really comparable high end platform - and the recent reduction in license cost to zero, I think that's near certain to continue...

Most of Windows Phone has effectively been zero cost, or indeed negative, with MS paying a $billion per year to Nokia to cover licence fees. Nokia never sold enough to pay that back.

9
1

'Hashtag' added to the OED – but # isn't a hash, pound, nor number sign

Richard Plinston
Silver badge

Re: Pound sign

> The current most accepted theory is that it was originally "steorling" (Old English meaning roughly "a thing of a star") and comes from the AngloNorman coin which had a star on it.

"""The British numismatist Philip Grierson points out that the stars appeared on Norman pennies only for the single three-year issue from 1077-1080 (the Normans changed coin designs every three years), and that the star-theory thus fails on linguistic grounds:"""

While you, and others, may claim 'most accepted', it is most likely a convergence of both explanations.

The 92.5% silver purity is exactly that of the Easterlings (or Osterlings) coins used by the Hanse (or Hanseatic League). As this was much more widely used, and for far longer, many centuries, it is likely that this brought the term into much more widespread use than the earlier more limited one.

0
0
Richard Plinston
Silver badge

Re: Pound sign

> one tower pound (approx 350g) of Sterling Silver pennies.

And the 'Sterling' in silver comes from 'easterling' ie the trader men from the east (the Baltic), the Hanseatic League, this was the most reliable source of quality silver (and steel).

1
0
Richard Plinston
Silver badge

Re: Pound sign

> an older symbol used for the pound weight measure.

The symbol used for pound weight seems to have originated from a stylized lb* written in chalk. The octothorpe is only an approximation of this but seems to have been adopted for convenience, probably when typewriters started including it.

> swaps position with the sterling £

The best explanation for the use of 'sterling' for money or silver seems to originate as 'easterling' referring to traders from the east, ie the Hansa League in the Baltic, who had the best reputation for quality and reliability as well as the best steel, money and silver.

* lb is abbreviation for libra pondo

2
0

Missed it? Here's the latest on Microsoft's mobile strategy

Richard Plinston
Silver badge

> Windows Phone year on year market share % is still growing faster than any other platform.

You continue to peddle this. While it was true for one quarter many months ago*, since then the unit sales and market share are in decline, as acknowledged by Nokia themselves.

The latest figures for 2014Q1 at http://communities-dominate.blogs.com/ have:

3 (3) . . Windows Phone . . 6.2 M . . . 2.2 % . . . . . ( 2.9 %) . . . . . . Samsung, Nokia

Where the bracketed figure is previous quarter. The unit sales is less than 2013Q1.

The most interesting figure is that Nokia smartphones unit sales (_not_ including Asha) is greater than the WP figure. This apparently is Android X phones of around 1 million. Even this doesn't leave many WP from the other makers.

10 (9) . Nokia (Microsoft) . 7.1 M . . . 2.5% . . . . . . . ( 2.9% ) . . . . . . Windows, Android

* Your claim is probably the single 2012Q3 to 2013Q3 gain than shows growth because in 2012Q3 WP7 had just been dumped and the WP8 phones were not available so the numbers were very low, while in 2013Q3 they were flogging off the last of the unsold WP7s and were offering the 520 at less than cost price.

But you will still repeat your nonsense claims and will not update to reality.

8
0

Swiftkey: We just want to be free - Apple didn't bump us

Richard Plinston
Silver badge

Re: Commentard Fail

> at least it keeps 'em off the streets

You do understand the concept of 'mobile' don't you ?

1
0

Apple is KILLING OFF BONKING, cries mobe research dude

Richard Plinston
Silver badge

Re: Re. Sync per Bonk

> One possible use would be ...

Panasonic use NFC to connect an Android phone to their latest cameras over WiFi so the phone acts as a remote control and/or can send photos directly to a PC or to an internet site (Facebook or a cloud service).

I am also looking at using NFC in a client's warehouse for recording worker and job activities.

0
0

Jellybean dominates Play, still seated atop rising KitKat

Richard Plinston
Silver badge

> the consequences of Samsung phones no longer being Android phones should be fairly self-evident in terms of Android sales.

We have an actual example of a company relying on the brand name and switching the OS wholesale, there is no need to draw imaginary conclusions from speculation.

Previously, "the vast majority of consumers either [bought] an iPhone or a [Nokia] phone". Nokia changed the OS and went from number one to almost out of the top ten.

In the unlikely case that Samsung changed suddenly from mainly Android to mainly Tizen without an Android compatibility layer (ie could not run Android apps) then the most likely outcome is that it would have little to no effect on Android sales, buyers would just change to another of the many brands.

0
0

Microsoft's NEW OS now runs on HALF of ALL desktop PCs

Richard Plinston
Silver badge

Re: Cue...

> All *nix are more or less POSIX compliant systems. Sure, there are some differences among them - but they want to be POSIX compliant. That's mean they have a lot of similar API. The same way Linux is not Unix but looks very much alike. And BSD is another Unix clone.

You are confused. There are various 'BSDs' but they originate from the actual AT&T UNIX codebase and, in fact, much code developed by Berkeley was incorporated into AT&T Unix. It is not a 'clone'.

POSIX defines the _Application_Programming_Interface_ (plus other stuff), not the 'kernel interface'. In practice this means that a set of C libraries can provide the API for the system to be compliant and yet the OS kernels can be completely different. Even Windows NT/2000 could claim to be POSIX compliant.

This does not mean that it would be easy for Google to replace Linux with Windows, or even with one of the BSDs, especially as Android does not rely on or claim POSIX compliance and only implements a subset via the Bionic C library.

Your claim that Google could do something (that you have never done) easier than doing something else (which you have also not done) is completely spurious:

"""it would be easier for Google to replace say the Linux kernel with a *BSD one, that replacing the Java VM with something else"""

Especially as you rely, incompetently, on POSIX and that Google a) never used a 'Java VM' it used Dalvik and b) it _is_ replacing Dalvik with ART.

1
0

Page: