I see the propaganda has gotten to you! 8 hours of sleep a night -- bah! Computers don't sleep; why should I?

Why would the evil sudo need to be setuid? It just forks the real sudo and keeps track of the I/O, thus gaining the password. No need to replace sudo when you could use the real thing.

Easier: an alias in your ~/.profile. alias "sudo=/home/user/.hidden/script-that-acts-like-sudo would probably be sufficient, and, if written right, it'd get the user to type their password, convince the user that they made a typo, and then remove any trace that it was there, except that now it has a record of the password. This would work no matter what terminal the user prefers, even if it's ssh, and it doesn't require anything except a simple shell script to be run with user-level privileges to inject it.

Of course, it depends on the user not noticing the alias in their .profile, but how often do you actually look at that file these days?

That's probably true. But the lecture classes I've been in (granted, community college, not university (yet)) have had instructors that could tell, if not to the day, at least how frequently a student tended to appear. In a class of 60-70 students, this isn't much of a problem for the instructor to intuit. In a class of 300-400 students, the instructor probably isn't doing most of the tutoring anyway, leaving it to the TA's.

In short, you generally don't need to track attendance for an instructor to figure out whether a student shows up regularly or not. (And it may be irrelevant anyway, depending on how the instructor is payed for such questions.)

I believe that situation is why he stored two encrypted copies, one of which was with his asymmetric key (hence, can't be changed by someone else, assuming the key is secure).

Easy detail to miss, but oh so important.

That's what Ockham's Razor is for.

One could postulate for any given observed event and it's (non-supernatural) cause, that the said cause is simply the mechanism by which a deity causes that observed event. For example, one might postulate that God causes arrows to fly when fired. The non-supernatural explanation is that the tension on the bowstring accelerates the arrow. This could be explained as the mechanism by which God causes arrows to fly.

But such an explanation is not parsimonious. It has an extra assumption (I.E., that God is affecting arrows) which is not necessary to explain the observation. A sufficiently broad and abstract notion of God encompasses everything and explains exactly nothing (as per the deistic viewpoint). It is an error in reasoning, therefore, to conclude that NDE's are, despite ketamine's effect on a person, nevertheless related to heaven (unless/until further observations warrant this hypothesis). That the ketamine simply causes a hallucination (as many other chemicals can do) is a much simpler explanation, and, as such, more likely to be correct.

I will note that the problem of induction (I.e., any induction can be definitively refuted but not definitively confirmed) means that nothing can ever completely rule out supernatural involvement in anything. This experiment only shows that heaven is not necessary to explain NDE's. But saying that something is supernaturally caused says, precisely, that we cannot explain it (by definition); it just doesn't accomplish anything.

In the Facebook and Twitter era, the concept of "common knowledge" seems to be a tautology. If you already share everything except your password, then nothing at all makes a good security question; all someone needs is a Facebook account to look up whatever answers they need/want.

Just my $0.02.

Nobody has really mentioned dimmers yet. I use CFLs in much of the house -- kitchen, bathroom, etc., but stick to incandescent in my bed room simply because I like to dim the light about half-way when I hit the sack and read for a while.

Haven't found a CFL yet that I can read by. ;)

Generally, Synaptic is easier than most windows installers (IMO, although it appears IYO as well), as long as you know what package it is that you're looking for (or at least have some good idea).

Synaptic presents a list of 27,712 packages to me (Deb Squeeze), a large percentage of those are software which I don't know anything about -- and the descriptions in Synaptic are very frequently not enough to tell me something about them. (Although a quick Google usually does) Some of them -- like kernels and libraries -- are utterly cryptic unless you already know something about them.

Windows solves that problem through advertising. Microsoft, Adobe, Nero, Roxio -- names that are recognizable quickly, because they're advertised so much. The result is that users of windows, even when they themselves don't know what they want, often know the piece of software that does it.

KDE has an interesting package manager available, which is highly simplified and shows only what users might classify as "applications", in categories end users would easily comprehend. If I were a user of the "end user" variety, I would find that helpful, because knowing to install the package called "kopete" or "pidgin" to get instant messaging is not as easy as seeing "Instant Messaging" in the categories and then picking one (or even having a default picked). This certainly goes a long way to solving the problem as well (if such a tactic is widely adopted, that is).

So, I guess it depends on what you're looking at when you consider installation easy. The actual act of installation, or the act of finding which packages it is that you want to install -- because the first is generally the roadblock for users, not as often the second. And the open source tendency to use acronyms and puns doesn't help that matter, fun though they may be.

(For the record, I did install Ubuntu on my mother's computer; and it's worked out fine. In fact, finding packages seems to be the only difficulty she has on a daily basis.)

I might note that this is true if the neighbor in question has an ISP that doesn't limit data transfer. On the other hand, if your neighbor does have transfer limits (250Gb for Comcast, presently. Not sure about others.), then you *are* depriving him of that data transfer.

On the other hand, one could argue, that in a properly functioning free market, the sleazy business practices shouldn't last long. Sadly, human nature being the way it is, that's a pipe dream.

It seems that a balance has to be struck -- regulation that inhibits universally bad behavior, but no regulation inhibiting otherwise harmless behavior that may just irk customers. That balance hasn't been struck (whereas before we were on the too-little-regulation side of things, now we've swung way too far in the other direction).

Actually, I think food labels offer an interesting example to look at. The FDA mandates that foods have a nutrition label and list their ingredients (and a few other related requirements). Nothing else changed about the food laws (that I can think of, anyway), and the market forces at work (Americans [slowly] becoming more health-conscious, etc.) are pushing food toward where consumers want it to be. No actual regulation of the ingredients of the foods was required to cause that to happen. I wonder what sort of similar model could be applied to corporations to make the same sort of change come about?

I'm not a professional in the field (yet), but here's just a thought:

Pidgin keeps its passwords in plaintext. Their justification boils down to "If the system is sanely setup, nobody else should be able to see your user-only files anyway, and encrypting just gives a false sense of security."

I suppose their justification depends precisely on the assumption that the system is setup securely (at least as far as permissions are concerned) to begin with, which is the assumption that is violated by NFS.

That is, wouldn't it be better, instead of changing svn, to stop using NFS instead? Or is my lack of experience in the field causing me to miss something here?

I think the point he was trying to make is reasonable limits. Although it is true that 1 download != 1 lost sale, that analogy is far closer to reality than the 1 download == <insert large number here> lost sales that the penalties for copyright violations seem to imply.

Giving away CDs in front of a music store would be analogous to bashing a restaurant's food while standing outside their door. If you're not on the restaurant's property, that behavior itself is probably legal. Rude, to be sure, but on public property, the expression of opinions is perfectly legal, valid, and accepted as a basic part of our freedom of speech. The restaurant would nevertheless be adversely affected by your actions. The lesson: Being affected by someone's actions on its own doesn't make that action illegal.

Now, particular to the music store example, you would probably have violated copyright law, and the production of those CDs would be illegal. By cavorting the business's customers, you might be breaking some other laws (IANAL, not sure the details there). But in any event, while it is probably illegal, it is not theft.

Although I basically agree with this sentiment, one thing that should be considered is what someone does when the fail to get a license. At present, decent public transportation exists only in select urban areas (and even then, it's often crap). Walking isn't really an option, either, especially farther into rural areas where food is simply too far away to walk to.

If we could solve that problem, I'd be all for tougher licensing! (For the record, I don't presently hold a license; I use the bus.)