Here is how the interception works... (I haven't tried this out, yet).
You use your ISP, and request https://just_a_site.com./ The ISP intercepts this, and returns a redirect response. This sends you to https://the_isp.com/proxy?just_a_site.com. This succeeds, and your browser does a key exchange with the ISP. The ISP key exchanges with the remote site, and proxies all traffic.
I think this can be ameliorated by exchanging cookies before https, and demanding the cookie when encrypted, with the client IP encoded into the cookies.
The ISP can still do "man in the middle". The ISP can afford to purchase a crypto key that the typical browser will accept without question. In turn, the ISP can talk to the site (using HTTPS), and then (re)encrypt to the user browser.
Or... the ISP can offer HTTP access to HTTPS sites: as a service. HTTPS only really works if the user is vigilant. This, of course, has been proven to be wrong (witness the proliferation of trojan software).
The fundamental model of "Give me this arbitrary page" and having it delivered without hassle is the issue. The easiest defense against "man in the middle" (ssh saying "the ip has changed, you may be subject to attack") confuses even some programmers I know. End Users? Forget about it.
It is not at all clear that Windows (CIFS or SMB) semantics are correct.
NFS is more so, but users tend to subvert the protocol (early "OK" returns) for performance.
NFS allows a power fail on the file server, and have the server rebooted (after possible repairs), without affecting clients (except for a potentially long delay in calls).
But then, users complain "NFS causes my application to hang up". Basically this move problem cannot be solved without an end-to-end solution. Which isn't in the CIFS/SMB design. Which is also why I am frustrated that Microsoft doesn't include an NFS client fs (I don't know about Apple).
(And, it forces me to put SAMBA on the file servers as well).
Yes, compiling source, even autoconf'd is not ideal. But, if the application is NOT OTHERWISE AVAILABLE -- at least you can try.
If the application is not available AND the source is "closed" you can't. End of story. "OOOh, that shiny application is only available on IBM Z-Series. I want it on my Windows Server".
The user having the problem CAN pay to have it fixed -- heck, that's part of what I do... By the hour, or fixed price ports. And I am not alone in the "ecosystem".
I do not a "newish" TV. I have a 32" analog tube, and a 42" analog rear projection 16x9 format (analog, including component input, 1080i, and *yes*, it resolves 1080i in its full glory, unlike most "newish" TVs).
I subscribe to basic cable, but only as a side effect of cable internet... The only way I have to effectively drive the 42" is to download shows from bittorrent, and feed them out through a "newish" video card to component.
I also use a media extender box to drive the 32". Does a good job for the 32" (which also has component inputs).
I think the point is that the CableCard *should* be a standard plug-in peripheral, using a standard interface. PCMCIA format seems ideal - it would be useable in laptops, standard PCs, and could be easily added to TVs and set-top boxes.
If the CableCard is not in such a standard format implies that there is an attempt to lock out potential users of the technology. A laptop would then have to have a CableCard to USB interface adapter. Specifically, the CableCard is then locked to the source of the cable.
But even that is not done properly. If the CableCard needs to be locked to the source (cable), the cable should be routed THROUGH the CableCard, along with a side channel. The side channel would be for crypto exchange; the CableCard should have CableIN CableOUT USBcrypto connectors.
Since the content is digital, the CableCard does not have to be locked in such a way. The PCMCIA solution is also workable. Logically, there are also three "connectors". The cable signal is routed through the CableCard (sent to it, and retrieved from it). The crypto side channel is also sent through the CableCard (and, of course, part of the crypto side channel is derived from the cable signal itself).
The "problem" with these implementations is that decrypted content can be stored in a home-brew PVR.
But a CableCard should be available in PCMCIA format...
STORM (mostly) just installs and hides. It doesn't DO anything that a user would notice. The only thing it does (which, generally, is not noticed) is mutate itself twice an hour.
Only a small fraction of STORM infected systems try to spread STORM. An even smaller fraction act as a distributed control net.
Since the control net is distributed, it is very difficult to trace. Since STORM is...quiet... it isn't noticed (and that's why estimates on how many systems are infected vary so wildly).
A "counter-STORM" would have to infect wildly to begin to be effective. Because it cannot know how far the STORM "infection" has spread. And that would be too disruptive (basically, the equivalent of a STORM attack itself). You can try to lop off the commanding systems, but just more would pop up. You can try to lop off DNS, but STORM has a counter-measure for that as well (rapid DNS cycling).
I use a dual PPRO 200 for routing, web serving, mail. Consumption is under 80 watts. For RAID file server, I pressed an IBM GL300 (266 Mhz Pentium II) into service. Only 4 drives at present, though. Seems fully capable of saturating the cable, so I haven't felt the need to replace it (although I have been looking at some lower power systems).
My biggest problem is the MythTV box. Can't for the life of me get the thing to respond to a wake-on-lan packet (the mainboard claims the capability). As a result, the thing is "always on" -- and sucking power. Its a 1.3Ghz AMD.
I use an old 400Mhz HP workstation with an LCD screen as my terminal. Works great. Computations are relegated to another box, which I turn off as much as possible.
Both the PPRO and the PII file server use a UPS, nothing else. So far, its working.
It would be nice to be able to explicitly control the core availability (assuming a power savings) on modern processors. Have it idle on a single core at 40 watts or less, and be able to bring it up depending on use (or expected use). A nice simple command line interface. I won't be going with a quad-core based on power consumption! I will find a mainboard where wake-on-lan actually works, and build a small cluster of those (I want to start investigating near-realtime or realtime video transcode).
Actually, I think Antigua is COUNTING on not seeing a single sou from the US.
Because Antigua has already proposed something even more "spicy" and interesting to the WTO. Because of the vast difference in size between the two nations, Antigua has proposed that they be allowed to simply opt out of WTO obligations wrt the US.
A simple, and if implemented, effective remedy.
Because the WTO holds up copyright -- and if exempted, Antigua would be able to produce and market legal copies of movies and cds. Now we know that the "pirate" market is already in the range of (approx) 100 billion, and this happens to be the fine -- so the punishment fits.
Of course, the US may then turn around and simply obliterate Antigua...
Why do we play games? Kids do it to simulate world experience in a safe environment. It's part of learning.
As we get older, our concept of gaming changes. Generally, people still use gaming to learn; but the games become... different. We take up bridge, chess, and physical leisure (skiing, etc.).
Playing a twitch video game -- may sharpen your vision system, given sufficient play, but really doesn't teach anything.
I developed a system that decoded phototypsetting codes, and imaged onto a laserprinter.
I wrote the software using Borland Turbo Pascal, 8087, so it required a math coprocessor. One of the sales reps aquired a 286 laptop that didn't have a socket for a coprocessor, and wanted to demo the software.
I used Borland Turbo C to do a quick hack to emulate the 8087. Worked fine, but I didn't want to support it. Still, it was (somewhat) useful, and I released it as a hack (emul87 on simtel).
Fast forward 8 or 9 years... I got a call from someone claiming to be a "consultant", who had a client using emul87. Apparently, it didn't work on a new machine! And if I didn't fix it RIGHT AWAY, I would be SUED!
Of course I told him to take a flying fuck at a rolling doughnut -- and he went away.
When adding 1/3 + 1/3 + 1/3, the computer needs to do 4 integer adds.
If 1/3 becomes 0.333.., the computer needs to do 2 floating adds. Which is faster? Please note that most CPUs have multiple integer units, and only a single floating point unit.
So much for slowing things down (perceptibly). Most people do not use spreadsheets for heavy duty numerics work. Most people do not know about propogating error terms in calculations.
The original spreadsheet (Visicalc) was coded to run in a minimal amount of memory. The use of floating point arithmetic could be excused. The text-based SC spreadsheet ALSO uses a minimal amount of memory. But current "general use" spreadsheet programs use megabytes of RAM. They should use accurate math as much as possible. If trig, log, etc. functions are used -- yes, I can understand putting the calculation into a floating point domain. Or, if explicit data typing is used. But not for casual use.
I want EXACT representation if at all possible. And it is. And it isn't difficult. Why does a simple training language like Scheme support this, and not a juggernaught like Excel?
First, a BCD arbitrary precision math package weighs in at around 8K bytes (binary estimation for x86).
Second, the OOcalc approach can be reviewed (I haven't bothered).
Third, these numbers can be represented in an exact format without the mess of BCD (scaled integers). If I were writing a program used by accountants, I would use scaled integers of arbitrary length. I would only convert into floating point when a transendential function is used. I would also use rational numbers as much as possible (after all 1/3*3 should be 1, yes?).
Fourth, there are systems that use these approaches to great success (and no one calls them "bloated"); I give you Smalltalk (Squeak), and the number stack in Scheme.
Again, I HAVEN'T reviewed OOCalc (because I honestly don't use it), but the software I *do* use for basic math doesn't suffer from these issues because it can't (by design).
Are you telling me that a math system for ordinary people DOES suffer from these issues (specifically, Excel)? People who use the computer without knowledge of the limitations and characteristics of floating point numbers? And who possibly depend on the correctness of the answers? Now, heres another thing - if the person uses a pocket calculator, 1/3 is either IMMEDIATELY displayed as "0.3333.." to the limit of the display, or is (in some calculators) kept as 1/3. But the effect is exposed. If 1/2 is calculated, the answer is exact in either case, and a chain calculation (*2) works as expected. But with a spread sheet, a conversion between the two can happen with the user seeing it!
I find it mind-boggling. Maybe I should crank out a simple Scheme based spreadsheet. Perhaps call it "AccurateAnswers", or "CalculatesForSure".
Excel is wrong. Possibly OOCalc is wrong (I don't know). Please hold peoples toes over the fire until it is right.
Let's examine this (the notion that Apple is primarily a hardware company)?
I can buy a Mac computer, but I don't see anny way of "unbundling" OS X. (trust me, I'd love that option; a Mac Mini without OS X, or any of its built-in applications, without the Apple keyboard, mouse, or display -- something I would actually buy quite a lot of!).
I can buy OS X, without a computer (but it won't run on much other that a Mac).
I can't buy an iPhone without software.
The only "official" way to update an iPod is to use an Apple software "client". The iPod is worthless without this (or hackers to figure out what the software/firmware is doing). Compare and contrast against most other mp3 players, where the device simply appears as a disk.
Even back in the days of the Apple ][, the system was distinguished from its competition by the provided software (on that machine, its ROM).
Maybe you want to say "Apple is primarily a SYSTEMS company, not a software company".
=== Now that I have completed a post that may be construed as slightly critical of Apple, its products, or its philosophy, I expect to be modded (as usual) into oblivion. As a pre-emptive strike, let me say that I find most Apple users to be so offensive to me that I find myself prejudiced against all Apple users. Go ahead, and PLEASE make me your foe.
I see that this is executable content from someone you have no trust relation with. Please DON'T run this: OK Continue.
You have continued, and possibly don't understand the implications of your actions. I will save the program to disk, and you will have to open a command line, and execute it manually. Save Cancel Continue
So you really want to run this program. We will first download the program, quarantine it, install or update your virus and trojan checker after the quarantine period (default is 1 week), check the software and then (if it passes), run it. Would you like to continue? Cancel Continue
Software has been quarantined. You will be reminded next week.
---
I believe that should work for most computer users I know.
I too would consider games -- if they were packaged with WINE, or a compatibility sticker, or ports for the systems I actually use. Commercial software as well.
The systems I use? Linux x86 and Solaris x86.
Linux is used because it *is* compatible with standards (POSIX, C99, NIS, NFS, etc.). It is also the "first support" platform for TeX, LyX, OpenOffice, Apache, Postgresql, Oracle, Gnumeric, etc. (Cygwin under Windows is actually PAINFUL - forking is so damn slow).
I find it incredible that so many are willing to accept second rate solutions, in order to be able to use a platform that does well at "gaming" in a commercial environment. I can understand Windows XP for home use, but for office use? (Has the math in Excel(tm) been fixed? The last time I used Word(tm) for an intensive table based document, it crashed after a certain number of edits -- leaving the document unrecoverable. Has *that* been fixed? Is formatting in Word rational yet? Is Internet Explorer still a component of the desktop and help system, rendering the entire infrastructure insecure? Does Windows still demand a "virus checker" on every boot, even if it isn't public network connected? And so on.)
I do have an Xbox for FPS gaming, and that works great.
and the "white list" philosophy is what Linux distributions generally use.
Specifically, I use Fedora. There are the standard repositories that hold software, and the repository is under peer review. I use some other repositories (livna, for example), and I trust those repositories as well.
(almost) All software comes from these repositories, which are, in essence white listed. Since I am a programmer, I install some things from source (tcc, redhat source navigator) that are not in the repositories, but those are white listed as well, and I have to keep up with security advisories on those pieces of software myself.
In a nutshell, all software I use is white listed by sites that I trust, and I don't install anything else.
But then, I am a Linux user, so I guess I am a bit of an early adopter.
I only use MIL STD 810 laptops. Currently, still using a Panasonic CF-27. I use Linux on the laptop.
Points in favour:
1 - Somewhat of a defensive shield against small arms fire.
2 - Good offensive weapon (hit or throw at attacker -- they probably won't EXPECT you to ever do that with your LAPTOP). If you do score a hit, great, otherwise, take the added opportunity to run.
3 - Encrypted file system. Key for file system (sensitive material) held on external storage, with access passphrase.
4 - Built like a tank, so it just won't die.
5 - "Protective case" is a waste of effort.
Points against:
1 - Slow
2 - Not enough RAM
3 - Small hard disk
4 - Build like a tank, so it just won't die (never get to replace it, unless it is actually stolen)
5 - Confuses some TSA people -- they wonder why it can't be X-rayed!
7 - Weighs around 2.5 kilos.
I don't use a "phone home" system -- the hardware is either insured, or worthless (depending on age, my CF-27 is rapidly approaching "worthless"). The data is encrypted with AES encryption so I am not worried.
So I am called in to do some software work at a major company (names suppressed to protect everyone).
"Internet access" is requested, in order to facilitate communication (read, status updates, keep track of work process, on-line manuals). "Internet access" is granted -- um... sort of.
No "web mail" is permitted. No "ssh" connection is permitted. No internal email address is supplied. Basically, no email is allowed.
No browsing is permitted, except on one Windows XP based machine (I work on Unix). It is possible to "ftp" to and from the Unix machines. There are multiple workers on the project.
Your honour, I was just distributing high quality ring tones, produced by converting audio CD into mp3 format, and, as has been argued by the RIAA, the ring tones are not derivitive works; therefore no copyright violation has occurred.
Multiple mouse buttons have been a "standard" since Doug Englebart.
The "menu bar" as exploration tool is not kind to power users. Context right click menus are far better (no need to "overshoot" because your cursor is ALREADY on the menu, and thus "Fitts Law" does not apply).
The idea that interfaces should be standardized for new users is, well, painful for experienced users. It should be possible to adjust and dress a GUI completely. So far, the common use of this is "skinning" which is (almost) purely cosmetic. I should be able to drag menu items around, add them to right-click menus, adjust dialogs as I see fit, etc.
After all, the GUI simply generates events that are processed. Typically the GUI is generated with a layout program; why isn't this functionality exposed?
I use a Panasonic Toughbook CF-27. 9 years old now, and the battery is STILL good (but due to be replaced). It won't die...
#1 use - hitting Thinkpads and Apple laptops; hardly fair, but it makes a really good dent. Titanium case, gel-packed hard drive, and a floating screen make this indestructible when compared with other laptops.
A couple of problems: Since it is so sturdy, I find it hard to justify replacing. As a result, I get "Mhz envy" -- this one is "only" 300Mhz. But it does Linux very well (including touch-screen support). Also, "only" 800x600 LCD. And "only" 128MB RAM.
But it won't ever have a cracked case, or crashed hard disk. And, as a bonus, I *can* use it as a hammer...
Guess I won't be running Windows XP real soon (or Apple OSX). Older Fedora Core 5 works wonderfully, though.
Given that the vulerability exploited is a system call race, it may be that the "unwrapped" system calls may be exploited as well.
Basically, wrapping the call (supposed to increase security) make the race more exploitable. It is NOT "sudo" that is at fault, specifically, because sudo (in its current release) does not do call wrapping.
There is an easy solution available -- simply disallow all execution between the time the system call is invoked, and all parameters have been copied to system space. Alternatively, do not allow threading, and mapping of memory used for parameters in an active call (a bit more difficult).
A security audited system call interface is needed, along with a prohibition on wrapping system calls expected by an application (because those wraps could be exploited by an attacking program).
And you are right -- Windows is probably more vulnerable to this, simply because there are more system calls that use buffer pointers.
But this entire class of exploit is "local only", which means that the system needs to be comprimised another way first; this can be used to obtain root, or use unauthorized resources.
SELinux can be used to prevent much of the damage possible, as can Trusted Solaris. I don't know if there is a Windows eqivalent.
Slashdot Mirror
No, I do understand how https works...
Here is how the interception works... (I haven't tried this out, yet).
You use your ISP, and request https://just_a_site.com./ The ISP intercepts this, and returns a redirect response. This sends you to https://the_isp.com/proxy?just_a_site.com. This succeeds, and your browser does a key exchange with the ISP. The ISP key exchanges with the remote site, and proxies all traffic.
I think this can be ameliorated by exchanging cookies before https, and demanding the cookie when encrypted, with the client IP encoded into the cookies.
The ISP can still do "man in the middle". The ISP can afford to purchase a crypto key that the typical browser will accept without question. In turn, the ISP can talk to the site (using HTTPS), and then (re)encrypt to the user browser.
Or... the ISP can offer HTTP access to HTTPS sites: as a service. HTTPS only really works if the user is vigilant. This, of course, has been proven to be wrong (witness the proliferation of trojan software).
The fundamental model of "Give me this arbitrary page" and having it delivered without hassle is the issue. The easiest defense against "man in the middle" (ssh saying "the ip has changed, you may be subject to attack") confuses even some programmers I know. End Users? Forget about it.
Remote File System semantics are HARD. Very hard.
It is not at all clear that Windows (CIFS or SMB) semantics are correct.
NFS is more so, but users tend to subvert the protocol (early "OK" returns) for performance.
NFS allows a power fail on the file server, and have the server rebooted (after possible repairs), without affecting clients (except for a potentially long delay in calls).
But then, users complain "NFS causes my application to hang up". Basically this move problem cannot be solved without an end-to-end solution. Which isn't in the CIFS/SMB design. Which is also why I am frustrated that Microsoft doesn't include an NFS client fs (I don't know about Apple).
(And, it forces me to put SAMBA on the file servers as well).
I call BS.
Yes, compiling source, even autoconf'd is not ideal. But, if the application is NOT OTHERWISE AVAILABLE -- at least you can try.
If the application is not available AND the source is "closed" you can't. End of story. "OOOh, that shiny application is only available on IBM Z-Series. I want it on my Windows Server".
The user having the problem CAN pay to have it fixed -- heck, that's part of what I do... By the hour, or fixed price ports. And I am not alone in the "ecosystem".
So where do I get Windows for $0?
Inquiring minds want to know...
Or are you suggesting running the free Windows tools under Linux?
I do not a "newish" TV. I have a 32" analog tube, and a 42" analog rear projection 16x9 format (analog, including component input, 1080i, and *yes*, it resolves 1080i in its full glory, unlike most "newish" TVs).
I subscribe to basic cable, but only as a side effect of cable internet... The only way I have to effectively drive the 42" is to download shows from bittorrent, and feed them out through a "newish" video card to component.
I also use a media extender box to drive the 32". Does a good job for the 32" (which also has component inputs).
Why should I bother to upgrade my kit?
I think the point is that the CableCard *should* be a standard plug-in peripheral, using a standard interface. PCMCIA format seems ideal - it would be useable in laptops, standard PCs, and could be easily added to TVs and set-top boxes.
If the CableCard is not in such a standard format implies that there is an attempt to lock out potential users of the technology. A laptop would then have to have a CableCard to USB interface adapter. Specifically, the CableCard is then locked to the source of the cable.
But even that is not done properly. If the CableCard needs to be locked to the source (cable), the cable should be routed THROUGH the CableCard, along with a side channel. The side channel would be for crypto exchange; the CableCard should have CableIN CableOUT USBcrypto connectors.
Since the content is digital, the CableCard does not have to be locked in such a way. The PCMCIA solution is also workable. Logically, there are also three "connectors". The cable signal is routed through the CableCard (sent to it, and retrieved from it). The crypto side channel is also sent through the CableCard (and, of course, part of the crypto side channel is derived from the cable signal itself).
The "problem" with these implementations is that decrypted content can be stored in a home-brew PVR.
But a CableCard should be available in PCMCIA format...
Not just ethics -- its just not practical.
...quiet... it isn't noticed (and that's why estimates on how many systems are infected vary so wildly).
STORM (mostly) just installs and hides. It doesn't DO anything that a user would notice. The only thing it does (which, generally, is not noticed) is mutate itself twice an hour.
Only a small fraction of STORM infected systems try to spread STORM. An even smaller fraction act as a distributed control net.
Since the control net is distributed, it is very difficult to trace. Since STORM is
A "counter-STORM" would have to infect wildly to begin to be effective. Because it cannot know how far the STORM "infection" has spread. And that would be too disruptive (basically, the equivalent of a STORM attack itself). You can try to lop off the commanding systems, but just more would pop up. You can try to lop off DNS, but STORM has a counter-measure for that as well (rapid DNS cycling).
I use a dual PPRO 200 for routing, web serving, mail. Consumption is under 80 watts. For RAID file server, I pressed an IBM GL300 (266 Mhz Pentium II) into service. Only 4 drives at present, though. Seems fully capable of saturating the cable, so I haven't felt the need to replace it (although I have been looking at some lower power systems).
My biggest problem is the MythTV box. Can't for the life of me get the thing to respond to a wake-on-lan packet (the mainboard claims the capability). As a result, the thing is "always on" -- and sucking power. Its a 1.3Ghz AMD.
I use an old 400Mhz HP workstation with an LCD screen as my terminal. Works great. Computations are relegated to another box, which I turn off as much as possible.
Both the PPRO and the PII file server use a UPS, nothing else. So far, its working.
It would be nice to be able to explicitly control the core availability (assuming a power savings) on modern processors. Have it idle on a single core at 40 watts or less, and be able to bring it up depending on use (or expected use). A nice simple command line interface. I won't be going with a quad-core based on power consumption! I will find a mainboard where wake-on-lan actually works, and build a small cluster of those (I want to start investigating near-realtime or realtime video transcode).
Good luck with your rig!
Actually, I think Antigua is COUNTING on not seeing a single sou from the US.
Because Antigua has already proposed something even more "spicy" and interesting to the WTO. Because of the vast difference in size between the two nations, Antigua has proposed that they be allowed to simply opt out of WTO obligations wrt the US.
A simple, and if implemented, effective remedy.
Because the WTO holds up copyright -- and if exempted, Antigua would be able to produce and market legal copies of movies and cds. Now we know that the "pirate" market is already in the range of (approx) 100 billion, and this happens to be the fine -- so the punishment fits.
Of course, the US may then turn around and simply obliterate Antigua...
Games are for kids.
Why do we play games? Kids do it to simulate world experience in a safe environment. It's part of learning.
As we get older, our concept of gaming changes. Generally, people still use gaming to learn; but the games become... different. We take up bridge, chess, and physical leisure (skiing, etc.).
Playing a twitch video game -- may sharpen your vision system, given sufficient play, but really doesn't teach anything.
Way back... way, way back...
I developed a system that decoded phototypsetting codes, and imaged onto a laserprinter.
I wrote the software using Borland Turbo Pascal, 8087, so it required a math coprocessor. One of the sales reps aquired a 286 laptop that didn't have a socket for a coprocessor, and wanted to demo the software.
I used Borland Turbo C to do a quick hack to emulate the 8087. Worked fine, but I didn't want to support it. Still, it was (somewhat) useful, and I released it as a hack (emul87 on simtel).
Fast forward 8 or 9 years... I got a call from someone claiming to be a "consultant", who had a client using emul87. Apparently, it didn't work on a new machine! And if I didn't fix it RIGHT AWAY, I would be SUED!
Of course I told him to take a flying fuck at a rolling doughnut -- and he went away.
So, this stuff happens. Go figure.
Slow things down? Why?
Keeping a rational object 1/3 is as simple as
object: numerator=1 demonimator=2
Both are simple integers.
When adding 1/3 + 1/3 + 1/3, the computer needs to do 4 integer adds.
If 1/3 becomes 0.333.., the computer needs to do 2 floating adds. Which is faster? Please note that most CPUs have multiple integer units, and only a single floating point unit.
So much for slowing things down (perceptibly). Most people do not use spreadsheets for heavy duty numerics work. Most people do not know about propogating error terms in calculations.
The original spreadsheet (Visicalc) was coded to run in a minimal amount of memory. The use of floating point arithmetic could be excused. The text-based SC spreadsheet ALSO uses a minimal amount of memory. But current "general use" spreadsheet programs use megabytes of RAM. They should use accurate math as much as possible. If trig, log, etc. functions are used -- yes, I can understand putting the calculation into a floating point domain. Or, if explicit data typing is used. But not for casual use.
I want EXACT representation if at all possible. And it is. And it isn't difficult. Why does a simple training language like Scheme support this, and not a juggernaught like Excel?
Who, there, ceyoyo!
First, a BCD arbitrary precision math package weighs in at around 8K bytes (binary estimation for x86).
Second, the OOcalc approach can be reviewed (I haven't bothered).
Third, these numbers can be represented in an exact format without the mess of BCD (scaled integers). If I were writing a program used by accountants, I would use scaled integers of arbitrary length. I would only convert into floating point when a transendential function is used. I would also use rational numbers as much as possible (after all 1/3*3 should be 1, yes?).
Fourth, there are systems that use these approaches to great success (and no one calls them "bloated"); I give you Smalltalk (Squeak), and the number stack in Scheme.
Again, I HAVEN'T reviewed OOCalc (because I honestly don't use it), but the software I *do* use for basic math doesn't suffer from these issues because it can't (by design).
Are you telling me that a math system for ordinary people DOES suffer from these issues (specifically, Excel)? People who use the computer without knowledge of the limitations and characteristics of floating point numbers? And who possibly depend on the correctness of the answers? Now, heres another thing - if the person uses a pocket calculator, 1/3 is either IMMEDIATELY displayed as "0.3333.." to the limit of the display, or is (in some calculators) kept as 1/3. But the effect is exposed. If 1/2 is calculated, the answer is exact in either case, and a chain calculation (*2) works as expected. But with a spread sheet, a conversion between the two can happen with the user seeing it!
I find it mind-boggling. Maybe I should crank out a simple Scheme based spreadsheet. Perhaps call it "AccurateAnswers", or "CalculatesForSure".
Excel is wrong. Possibly OOCalc is wrong (I don't know). Please hold peoples toes over the fire until it is right.
Let's examine this (the notion that Apple is primarily a hardware company)?
I can buy a Mac computer, but I don't see anny way of "unbundling" OS X. (trust me, I'd love that option; a Mac Mini without OS X, or any of its built-in applications, without the Apple keyboard, mouse, or display -- something I would actually buy quite a lot of!).
I can buy OS X, without a computer (but it won't run on much other that a Mac).
I can't buy an iPhone without software.
The only "official" way to update an iPod is to use an Apple software "client". The iPod is worthless without this (or hackers to figure out what the software/firmware is doing). Compare and contrast against most other mp3 players, where the device simply appears as a disk.
Even back in the days of the Apple ][, the system was distinguished from its competition by the provided software (on that machine, its ROM).
Maybe you want to say "Apple is primarily a SYSTEMS company, not a software company".
=== Now that I have completed a post that may be construed as slightly critical of Apple, its products, or its philosophy, I expect to be modded (as usual) into oblivion. As a pre-emptive strike, let me say that I find most Apple users to be so offensive to me that I find myself prejudiced against all Apple users. Go ahead, and PLEASE make me your foe.
But something like:
---
I see that this is executable content from someone you have no trust relation with. Please DON'T run this: OK Continue.
You have continued, and possibly don't understand the implications of your actions. I will save the program to disk, and you will have to open a command line, and execute it manually. Save Cancel Continue
So you really want to run this program. We will first download the program, quarantine it, install or update your virus and trojan checker after the quarantine period (default is 1 week), check the software and then (if it passes), run it. Would you like to continue? Cancel Continue
Software has been quarantined. You will be reminded next week.
---
I believe that should work for most computer users I know.
Thank you...
I too would consider games -- if they were packaged with WINE, or a compatibility sticker, or ports for the systems I actually use. Commercial software as well.
The systems I use? Linux x86 and Solaris x86.
Linux is used because it *is* compatible with standards (POSIX, C99, NIS, NFS, etc.). It is also the "first support" platform for TeX, LyX, OpenOffice, Apache, Postgresql, Oracle, Gnumeric, etc. (Cygwin under Windows is actually PAINFUL - forking is so damn slow).
I find it incredible that so many are willing to accept second rate solutions, in order to be able to use a platform that does well at "gaming" in a commercial environment. I can understand Windows XP for home use, but for office use? (Has the math in Excel(tm) been fixed? The last time I used Word(tm) for an intensive table based document, it crashed after a certain number of edits -- leaving the document unrecoverable. Has *that* been fixed? Is formatting in Word rational yet? Is Internet Explorer still a component of the desktop and help system, rendering the entire infrastructure insecure? Does Windows still demand a "virus checker" on every boot, even if it isn't public network connected? And so on.)
I do have an Xbox for FPS gaming, and that works great.
and the "white list" philosophy is what Linux distributions generally use.
Specifically, I use Fedora. There are the standard repositories that hold software, and the repository is under peer review. I use some other repositories (livna, for example), and I trust those repositories as well.
(almost) All software comes from these repositories, which are, in essence white listed. Since I am a programmer, I install some things from source (tcc, redhat source navigator) that are not in the repositories, but those are white listed as well, and I have to keep up with security advisories on those pieces of software myself.
In a nutshell, all software I use is white listed by sites that I trust, and I don't install anything else.
But then, I am a Linux user, so I guess I am a bit of an early adopter.
I only use MIL STD 810 laptops. Currently, still using a Panasonic CF-27. I use Linux on the laptop.
Points in favour:
1 - Somewhat of a defensive shield against small arms fire.
2 - Good offensive weapon (hit or throw at attacker -- they probably won't EXPECT you to ever do that with your LAPTOP). If you do score a hit, great, otherwise, take the added opportunity to run.
3 - Encrypted file system. Key for file system (sensitive material) held on external storage, with access passphrase.
4 - Built like a tank, so it just won't die.
5 - "Protective case" is a waste of effort.
Points against:
1 - Slow
2 - Not enough RAM
3 - Small hard disk
4 - Build like a tank, so it just won't die (never get to replace it, unless it is actually stolen)
5 - Confuses some TSA people -- they wonder why it can't be X-rayed!
7 - Weighs around 2.5 kilos.
I don't use a "phone home" system -- the hardware is either insured, or worthless (depending on age, my CF-27 is rapidly approaching "worthless"). The data is encrypted with AES encryption so I am not worried.
YMMV, or course.
So I am called in to do some software work at a major company (names suppressed to protect everyone).
"Internet access" is requested, in order to facilitate communication (read, status updates, keep track of work process, on-line manuals). "Internet access" is granted -- um... sort of.
No "web mail" is permitted. No "ssh" connection is permitted. No internal email address is supplied. Basically, no email is allowed.
No browsing is permitted, except on one Windows XP based machine (I work on Unix). It is possible to "ftp" to and from the Unix machines. There are multiple workers on the project.
No laptops are permitted (or USB keys, etc.).
Comment?
Your honour, I was just distributing high quality ring tones, produced by converting audio CD into mp3 format, and, as has been argued by the RIAA, the ring tones are not derivitive works; therefore no copyright violation has occurred.
We argue estopel, and the defense rests.
But, I need some money. Please send me some. I work my ass off, so I deserve your support.
Thanks!
Multiple mouse buttons have been a "standard" since Doug Englebart.
The "menu bar" as exploration tool is not kind to power users. Context right click menus are far better (no need to "overshoot" because your cursor is ALREADY on the menu, and thus "Fitts Law" does not apply).
The idea that interfaces should be standardized for new users is, well, painful for experienced users. It should be possible to adjust and dress a GUI completely. So far, the common use of this is "skinning" which is (almost) purely cosmetic. I should be able to drag menu items around, add them to right-click menus, adjust dialogs as I see fit, etc.
After all, the GUI simply generates events that are processed. Typically the GUI is generated with a layout program; why isn't this functionality exposed?
An example of "doing it right" -- look at Squeak.
I use a Panasonic Toughbook CF-27. 9 years old now, and the battery is STILL good (but due to be replaced). It won't die...
#1 use - hitting Thinkpads and Apple laptops; hardly fair, but it makes a really good dent. Titanium case, gel-packed hard drive, and a floating screen make this indestructible when compared with other laptops.
A couple of problems: Since it is so sturdy, I find it hard to justify replacing. As a result, I get "Mhz envy" -- this one is "only" 300Mhz. But it does Linux very well (including touch-screen support). Also, "only" 800x600 LCD. And "only" 128MB RAM.
But it won't ever have a cracked case, or crashed hard disk. And, as a bonus, I *can* use it as a hammer...
Guess I won't be running Windows XP real soon (or Apple OSX). Older Fedora Core 5 works wonderfully, though.
Given that the vulerability exploited is a system call race, it may be that the "unwrapped" system calls may be exploited as well.
Basically, wrapping the call (supposed to increase security) make the race more exploitable. It is NOT "sudo" that is at fault, specifically, because sudo (in its current release) does not do call wrapping.
There is an easy solution available -- simply disallow all execution between the time the system call is invoked, and all parameters have been copied to system space. Alternatively, do not allow threading, and mapping of memory used for parameters in an active call (a bit more difficult).
A security audited system call interface is needed, along with a prohibition on wrapping system calls expected by an application (because those wraps could be exploited by an attacking program).
And you are right -- Windows is probably more vulnerable to this, simply because there are more system calls that use buffer pointers.
But this entire class of exploit is "local only", which means that the system needs to be comprimised another way first; this can be used to obtain root, or use unauthorized resources.
SELinux can be used to prevent much of the damage possible, as can Trusted Solaris. I don't know if there is a Windows eqivalent.