Forgot your password?
typodupeerror

Comment: Re:Funny, however.. (Score 2) 163

by BronsCon (#48033685) Attached to: Grooveshark Found Guilty of Massive Copyright Infringement
Wow, missing the boat, really. Some fan puts a bootleg from one of their gigs on YouTube, where someone who *never otherwise would have found them* finds them and, a a result, buys a CD. I can understand why *some* artists wouldn't want this, what with their label taking care of that for them (along with the lion's share of the profits), but that doesn't preclude artists who see the value from deciding to allow it. How many people did the 5 people who bought CDs as a result of the bootleg introduce to their music? How many of them wen to see them play? How many of them bought CDs at the show? In fact, how many saw the bootleg on YouTube and went to a show? And, of them, how many bought CDs at the show? I'd venture to say the number is greater than zero.

Fans buy CDs. The bootlegs on YouTube expose indie artists to more fans, who then buy more CDs. If an artist wants to stand against that, that's fine, more power to them, my point was that *some* artists are okay with it. Can you refute that, in the face of two examples?

Before you answer, keep in mind that *two* fits the definition of *some*.

Comment: Re:Funny, however.. (Score 1) 163

by BronsCon (#48033659) Attached to: Grooveshark Found Guilty of Massive Copyright Infringement
If you up a couple posts and read the thread, rather than cherry picking what you think you might be able to attack, you'll see my point. Since I know you won't do that, here's a link to the the relevant comment, to provide some context. Where the fuck did I say anything about copyright infringement?

Comment: Re:Funny, however.. (Score 2) 163

by BronsCon (#48031561) Attached to: Grooveshark Found Guilty of Massive Copyright Infringement
And the indies I know *personally* sell CDs at gigs, primarily because the only people who even know who they are are people at their gigs. One in particular sells TONS of CDs at each of their gigs, they've sold a total of 5 on their website, 4 of which left notes with their orders saying they bought the CD based on a bootleg they found on YouTube.

That might only be 5 sales, but it's 5 more than they'd have had; with more exposure, that number would be higher.

Anecdote != data, but there you have it, the reasoning behind my logic.

Comment: Re:Funny, however.. (Score 3, Informative) 163

by BronsCon (#48031013) Attached to: Grooveshark Found Guilty of Massive Copyright Infringement
Who said anything about "without authorization"? Some artists don't mind it one bit.

I hadn't realized this track was posted on YouTube. It was a collaboration between me and the enchanting Jo Gabriel, and never actually officially released anywhere. Or at least I thought...

And, rather than suing, they post a link to the video.

They're not alone, either. A *ton* of artists would love that kind of exposure. Especially for *free*.

Comment: Re: that was fast (Score 1) 164

by BronsCon (#48027917) Attached to: Apple Fixes Shellshock In OS X
And what of Bonjour? Anyone running their mac connected directly to a cable or DSL modem because "I only have on computer, so why do I need a router?" is potentially vulnerable, and we have no reason to believe otherwise until we see the source for Bonjour to prove that it makes no system calls. It's cross-platform, so you can be sure it's not relying on cocoa APIs.

Comment: Re:Soon to be patched (Score 1) 326

by BronsCon (#48023273) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found

What is the market share of your Linux-distribution?

It's Ubuntu, so whatever their market share is. 12.04 if you want to get specific.

It absolutely is a bash bug, yes. It is also a bug in any Linux, that makes it /bin/sh.

It is also an OSX bug, an HPUX bug, a vxWorks bug, and, well, really, a bug in any OS that has bash installed, which makes it a Windows bug in a not-insignificant number of cases, as well. Also, consider that the thousands of Cygwin and MinGW users out there are also likely running servers on top of that POSIX layer on their windows system, they're almost certainly vulnerable.

Comment: Re:You misunderstood (Score 1) 326

by BronsCon (#48022963) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found
And the moment they use a found exploit, some dedicated sysadmin detects the intrusion and figures out how it was done, a bug report is filed, and it gets patched within hours. Like this bug, found by a researcher, reported, and patches were available before exploits; whether or not systems were actually patched is a factor if the sysadmin responsible for each individual system, but the fact still remains that we didn't have to wait until Patch Tuesday for a fix.

Was the first patch complete? No. Nor was the second. The third may well not be, either, but Patch Tuesday still hasn't come around and we're better-patched than those who have to wait for that. Well, aside from OSX users (myself included), who actually paid for their OS (in the form of a hardware purchase), so yeah, I guess "you get what you pay for" holds true here, right? See what I'm getting at, here? Linux users have a steady stream of patches already available to install, for free, while OSX users are left behind by Father Apple. Well, at least *some* of us can compile our own patched replacements, so I'm still not sitting here waiting for Patch Tuesday to fix this.

That being said, I haven't had to reboot my Windows machine for updates, lately. That might be, in part, because it does so automatically, whether I'm there to save my work or not, and regardless of whether I'm in the middle of a multi-day render that I'll have to restart, losing 4 days of progress. Thanks, Microsoft.

Comment: Re:Soon to be patched (Score 1) 326

by BronsCon (#48022877) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found
Do you have a copy of the bash source code in which this bug was first introduced? There is no versioning going that far back for bash, so you can't possibly know *when* it was introduced. It's quite possible that it's from 1989, when bash was first created, 2 years before Linux came to be.

Comment: Re:Soon to be patched (Score 1) 326

by BronsCon (#48022101) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found
So do OSX, HPUX, and just about every other UNIX variant out there, as well as BSD and any number of embedded systems, and any Windows install running a POSIX layer. It's a POSIX issue, by way of bash being common amongst POSIX systems, not a Linux issue. Focusing on Linux as a means to be able to say "hey, look, Linux fucked up" serves only to mask the existence of the vulnerability in the vast majority of systems *not* running Linux but also running Bash. For the sake of security, as a whole, please, don't do that.

Comment: Re:Soon to be patched (Score 1) 326

by BronsCon (#48022075) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found
Well, yeah, if your distro symlinks /bin/sh to /bin/bash, which not all do. In fact, you can install sh, zsh, dash, or any other shell, alongside bash, even on systems that symlink to /bin/bash by default, completely negating your entire point. Looks like you did that on a fedora-based system? I'm going to guess RedHat or CentOS? Observe (from one of my production systems):

ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Mar 29 2012 /bin/sh -> dash


My production (and development, for that matter) systems are not vulnerable in that manner, because I didn't configure them like a jackass; in fact, any init scripts on those systems requesting a shell other than /bin/sh (that is to say, those requesting /usr/bin/php, /usr/bin/perl, or some other interpreter were left alone) were altered to use /bin/sh with no apparent ill consequences.

My point is that this is not a Linux bug, it is a bash bug. Bash is used on HPUX, amongst many other UNIX variants, up to and including OSX, as well as many, if not most (or all) Windows POSIX layers. Your cable or DSL modem probably has bash running on it somewhere, FFS.

Comment: Re:Soon to be patched (Score 1) 326

by BronsCon (#48020371) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found
The ability to drop the GUI and slim the system down to run on a machine with very limited resources, while still having a full system (e.g. not CE) is a significant benefit over Windows. Even on systems without limited resources, it's a benefit to be able to slim down the OS as much as possible and provide those resources to your application.

For those of us who install security updates automatically, this was patched within hours of being discovered, and each further patch has been applied within hours, as well. On a Windows system set to install updates automatically, bugs *still* go unpatched for months after being reported.

I'm saying this not as a Linux proponent, but as someone who uses all 3 major systems on a daily basis, for whom Linux isn't even a primary system.

If Machiavelli were a hacker, he'd have worked for the CSSG. -- Phil Lapsley

Working...