I suspect that we need real engineering in the software discipline. I would refuse, based on ethics, to participate in such a venture. And yet, if you do, you are likely to be dismissed (as was the original crtic of this venture: http://www.theregister.co.uk/2004/09/06/ams_goes_w indows_for_warships/ )
I don't think it would be for frequent writes -- that can kill flash. Especially if there is a fixed area for these writes (unless there is a write spreader thingum in the flash).
Flash does retain information over a power-cycle, and the "seek time" is zero.
I think I would put commonly used small files on the flash that are NOT written very much. Stuff like the old "CONFIG.SYS" of DOS days. Perhaps application relocation information, and resolved load information (seek to HERE and do a BIG READ).
I am trying to figure out what kind of improvement I could get. The load information caching may result in a fairly impressive gain (given the DLL and DLL nesting typically used). Small file caching? It depends on application level behaviour. The OS kernel ITSELF should not benefit from these things, "outer" OS layers (GUI) should benefit slightly.
Microsoft seems to be TERRIFIED of VMware (EMC). Why? Is is because VMware allows the use of Windows UNDER Linux? (Whereas, it seems, Microsofts preferred approach will be Linux under Windows?).
Of course, having Linux as the HOST OS means that driver vendors will have to support Linux more in the enterprise. And, I believe that Linux is the "better" OS in that the kernel has gone through a more stringent review process.
But all of these statements -- that the Windows Virtualization Technology will be stunning, that Virtualization belongs in the OS, etc. seems to be thowing FUD directly at VMware (and, I assure you, the VMware product is "stunning" -- I particularly like the Server product running on Linux).
To my knowledge (or my opinion, if you prefer), Microsoft ONLY reacts this strongly if their platform is being threatened. And I don't see what the introduction of a bit more enterprise driver support does to threaten Windows.
Ok, I have a guess: It could be that Linux is so good that it makes for a more solid OS base. This then provides a compelling platform to begin virtualizing Windows Servers on. But, if the enterprise is ALREADY basing on Linux, why not start transitioning to native Linux? After all, its stable enough to host Windows, right? A chink in the platform.
But that implies that Microsoft believes that Linux is that good...
When it comes to music, it's not "piracy" in Canada. We have the personal copy provision.
Basically, you can go into a music store with a blank CD, COPY a CD, and take the copy home. Perfectly legal. As for "on-line" -- you are not allowed to post music to a "bulletin board", but P2P sharing is fine.
I just want the same for Movies, Audio Books, and other works that can have an electronic distribution.
Of course I *still* need to get the right to distribute a work, but people can personally copy a work.
Why pay for pressed CDs? To get the liners, artwork, etc. More to the point, though, why does ANYONE in Canada buy from the Apple Music Store? That's got me puzzled...
I am for it. Bump that levy. And make it apply to ALL digital content, and not just music.
Given that I just got a cease-and-desist for sharing "Click" (my network was), and I don't want to have to bother with it -- I want movies treated the same as music is here in Canada.
Unfortunately, I predict that the Candian Recording lobby will "convince" the government to eliminate the levy, and put in strict DMCA style regulations; you know, to conform to the American model.
Maybe I am alone here, but, on reflection, I LIKE the levy. The idea of spending a bit more up front to keep the weasels away appeals to me. I don't really want the government trying to introduce "micro-payments" (I am sure they would REALLY fuck that up). I don't want an "on-line" levy -- because a lot of on-line activity is NOT for "copyright material". But media commonly used for that purpose? Sure, give them the levy.
"1) A novice must be able to install any software, update it remove it etc.
2) Upgrading, downgrading or using multiple versions of the same software must be easy.
3) Finding where all files of an application is must be trivial. Unless absolutely necessary, nothing can be spread out, or arbitrarily placed! (/usr/local/bin anyone?)"
In a word: NO.
A novice must NOT be able to install any software. An absurd idea, at best. We can discuss this matter further, but this treads into the security area.
I agree with point (2); Unix offers multiple shared object versions to assist with this.
I think that with point )3) you are on the wrong track. Each of these directories does have a purpose. For example, a Linux (Unix -- I'll use Linux for here on) box can be booted WITHOUT having/usr available. A typical "full" distribution has several megabytes outside of/usr, and several gigabytes IN/usr. Specifically,/usr can be mounted over a LAN, allowing MOST of the OS to be shared. The corrollary of this is/usr can be mounted READ-ONLY./usr/local are "local" additiona to/usr. Specifically stuff that is NOT in the standard distribution. Which is why/usr/local is automatically targetted by GNU autoconfig based "source software". If there is anything in/usr/local, you know the system is running "custom" applications./etc is for configuration, and is per-machine. But it is NOT for application state information. That is in/var. Per-user customization and state is in the users home directory.
Now, this stuff is probably not important for a single machine running at home. Apples OS X departs signficantly. But this stuff is important when trying to expand a system and network. There IS a reason its done this way. Bear in mind that even the "mainstream" Linux vedors occasionally screw up. For example, Redhat 9 Linux put the hardware detection code (used at bootup) into the/usr area. It could be removed (by disabling the hardware detect at boot), thus restoring/usr mount after boot functionality.
Isolated processes, running on hardware or VMs, or as processes under an OS. Using network semantics to communicate. A simple model -- forget about threads and the attendant semantic issues. The model is already supported, and even "Windows" can participate (although that locks us into the SOCKETS API). On top of that we can have RPC, shared storage, time and identification services, etc.
Works wonders, and it has brought us to where we are today. The model can continue growing. Except that it really isn't the "preferred" model for Windows development. Indeed, the preferred Windows methodology is to use MSVC, and bind the application code into the GUI. Windows doesn't even ship with an X server!
For HPC, we need somewhat different models -- the latencies imposed by typical network stacks do not permit the performance levels needed by the computation "parcels". But, this is (generally) dealt with by source language extensions, that hide the interconnect issues.
Is this the future? Maybe, (or not, I am horrible at this game). But it is the present. My home computer is a network. Storage is centralized into a RAID-5 server, serving out NFS directories, including HOME directories, and Operating Environment pieces. Using automount, of course, to give a consistent internal view of the filesystem. Stations use NIS for login, and automount maps, etc. giving consistent login and home directories and tools. NTP keeps the time the same on the different parts. IMAP provides consistent mail services. DHCP handles the mundane assignment of IP address space assignment, and informing the parts of where such things as the local NTP resources are. It doesn't matter whether a part is running on a machine, or under a Virtual Machine (I deploy VMware server). A CVS server handles projects, and an SQL (MySQL) server handles database storage as needed (for media tracking for MythTV, mostly, although there are other databases).
It Just Works. The Network Is The Computer. Two ideas, melded together. Of course, Windows is an ugly stepchild in my environment (It works, but needs tweaking, and there is an almost ungodly amount of bending in the infrastructure for support). MAC OS X? I don't know. Nobody has ever tried an Apple laptop in my home office, so I can't comment. (but, initial feelings -- NIS support may or may not work, NFS probably does, X probably does, automounter seems to be almost a foreign idea to most MAC users I talk with -- take that with a grain of salt). Solaris? An easy fit -- I use it. Linux? A no-brainer, HP/UX and AIX? Easy. (though I don't use them).
I even extend the network with fixed-function devices (DSM-320 DLink media receiver). It uses the "UPNP standard". Now, I am not sure that standard was actually needed, but I do support it.
All brought to us by the "simple" POSIX API and semantics, and SOCKETS.
A new direction of OS design? Its a bit a marketing show. Its easy to add glitz and shizzle to upper UI elements, but the OS is generally considered the resource controlling layer.
I don't want to make it sound like I think that layer is static. I think static is a good thing for basing current and future developement, but extensions are certainly welcome. The biggest changes, in my opinion, are the support for "zero-copy" operations. These can require either a great deal of care in setting up the exact circumstances under which such an optimization can be utilized, or a new API, opening the feature up to broader use. Fast select semantics, possibly through a new API are another such area.
Then we have the implementation of that layer -- the big news being virtualization and complete isolation.
Everything else I have seen is, to be kind, a marketing driven "OS feature" that really shouldn't be discussed as an OS feature. This includes "3D desktops", the whole idea of a desktop, included applications, and even "what applications are supported".
The last point is important. If the semantics of the OS conf
The definition of "licensed device" is very clear. The user must designate a hardware device as such. The license is clear that it refers to the combination of licensed device and the program. This is the intent -- it is further clarified for "blade" systems.
The grant is for 1 or 2 processors on the hardware device; this is further clarified.
The virtual machine clause simply states that the user does NOT have the right to run the program virtual or emulated on the licensed device (which is the hardware that was designated). It makes no mention of using it twice, or anything -- indeed it clearly states that if the software is installed on the designated licensed device, it cannot be used in a VM or under an emulator.
There is no license grant for running Vista Home under Parallels on a MAC, or under VMware. In fact, there is an explicit license prohibition.
Which means that if you do it, you are in violation of that license.
Caveat emptor. I don't think the penalty would amount to much, but I won't do it (not without legal clarification from Microsoft).
The license defines "licensed device" as "Before you use the software under a license, you must assign that license to one device (physical hardware system). That device is the "licensed device." A hardware partition or blade is considered to be a separate device." (quote from the license).
It is stated that the physical hardware is the "licensed device", so it is not possible to use these versions of Vista under a Virtual Machine (or emulation, eg. BOCHS).
"USE WITH VIRTUALIZATION TECHNOLOGIES. You may not use the software installed on the licensed device within a virtual (or otherwise emulated) hardware system."
This is licensed software. It is licensed to be run on a single device. The relevant part of the license is:
"License Model. The software is licensed on a per copy per device basis... INSTALLATION AND USE RIGHTS. Before you use the software under a license, you must assign that license to one device (physical hardware system). That device is the "licensed device." A hardware partition or blade is considered to be a separate device. a. Licensed Device. You may install one copy of the software on the licensed device. You may
use the software on up to two processors on that device at one time. Except as provided in the
Storage and Network Use (Ultimate edition) sections below, you may not use the software on any
other device."
If you put the two together, the result is strange. Apparently, you can designate the computer running a virtual machine as a "licensed device". You can even INSTALL Vista Home on it. You just can't USE it. Nor can you use it on emulated hardware such as BOCHS, either.
Specifically, there is a license prohibition against that use. To do this, you need Ultimate. But even with Ultimate on a VM or emulated system, you are not licensed to use Microsoft DRM.
But, yes, I find ACLs *very* hard to manage. In general, RWX is easy to work with -- may need to create extra groups, but I can follow, document, and understand.
For me, bandwidth is a problem. People in my neighbourhood have caps if they use cable broadband. And that includes me.
For me, selection is a problem. Ever since Blockbuster started with the their "new" keep the movie for too long, and you bought it policy, they don't seem to be restocking old popular movies.
What I would like is something similar to the Kodak photo kiosks already in WalMart stores. A kiosk that allows me to browse songs and movies, with short samples. When I find content that I like, it will transfer to media, and bill me. It would have to burn DVDs and CDs, and produce cover art. It would be nice to produce MP3 and MP4 for portable players directly as well (at a much reduced cost) and write to flash media and USB media.
If something like a media content kiosk is produced, the next step would be to open the content delivery "on-line" as well (I imagine that there would be a repository, or repositories of material to be sent to the kiosks).
"Asus A8R32-MVP with *** Socket AM2 ***? using DDR memory. And an FX 60? He obviously has a 939-system. How far can we trust this guy to have opinions on drivers and stuff?"
I don't understand what the issue is. Please explain. I am not up on this terminology or equipment models...
I am assuming that the system as described is not possible. This would, of course, invalidate the results.
I use my MP3 player to avoid saying "Hi" to anyone. But then, I am an anti-social bastard.
For what it's worth (and it ain't much, but it may help identification of other anti-social bastards), here is what is on my MP3 player (artists only, it's probably weird enough):
AC/DC, Elvis Presley, Etta James, George Thorogood, Holly Stell, Led Zepplin, Mozart, David Wilcox, Rolling Stones, Stray Cats, The Beatles, Leonard Cohen, The Ramones, Eric Clapton & JJ Cale, Violent Femmes.
So, its only a 1GB player; mostly because I am a cheap anti-social bastard.
If you hear of anyone with that playlist, I recommend you RUN AWAY. Because I probably don't want to talk to you, either.
Grandma REQUIRES someone look at her Windows computer every six months. Grandma cannot reinstall Windows -- doesn't even know where to start.
And how is this different from Linux?
The issue(s) in the article are interoperability with Microsoft applications that are designed to prevent interoperability.
Since Microsoft has already forced me into a Linux/Unix infrastructure (read my other posts to determine how/why), I don't have those non-interop applications.
I then try to introduce Windows into an OPEN infrastructure. In my case, NIS, AUTOMOUNT (using NIS maps), NFS, DHCP. Windows does respect DHCP (although there are some strange issues), NFS has FINALLY been released with Vista, NIS can be supported (sort of). NIS for login? Its doable... but tough (I found instructions, but have not successfully implemented). AUTOMOUNT? Only if I write custom scripts (I figured out how, but it is tough, and I haven't ever actually had the time to implement the solution). In any case, it takes a lot of effort to incorporate XP into a "standard interop infrastructure". Vista is a bit better (given the NFS support).
And its not just Linux -- Solaris, HPUX, AIX as well. All of these Operating Environments interoperate, support POSIX, support X Windows, NFS, NIS, etc. How does Winodws fit it? It becomes a separate sub-network that talks to itself. Good for Microsoft, bad for me.
There is a solution specifically for Exchange; the web based access. It "jusrt works".
You assume that I am in the US? I quoted the price of XP in Canadian dollars.
Anyway, there is the on-going power consumption factor. My boxes draw 70 to 140 watts (typical, startup current is higher). I am sure that the "mini-itx" system would draw less. Maybe as low as 30 watts (or am I being hopeful?). Even at that, it would take YEARS to make up the cost. Factor in the environmental cost of disposing of the old machine (these are not "green") and I don't think I can justify the replacement. At least not as long as the old machine still works.
Of course, you can convince me... If a new machine over two years is less expensive than the old machine, I'll go for it -- including XP. In a formula:
new machine cost + power = old machine power + disposal environment cost
If that cannot be met (and I don't think so), I stand by my assertion that Microsoft should open up Windows 98se (not open source, but licensing).
"* Windows XP is a fairly stable operating system, with no serious architectural flaw for office use, software development, workstation or hobbyist use."
-- Given that it costs $230 CDN, I should hope so.
"* William H Gates III has stepped away from the company's spotlight and is leveraging his wealth in a remarkably, socially responsible way, making this accumulation truly beneficial to the world that has created it."
-- Sure
"* Desktop Operating System peculiarities are growing more irrelevant every year in most domains. The general indifference around the release of Vista is the best proof of this."
-- Only because the discussion is about eye candy, not the actual OS. And, the discussion is XP vs Visa.
"* No true credible alternative OS has emerged after fifteen years of trying in each and every way : free software, commercial OS companies (Be), alternative OSs pushed by proprietary hardware vendors (Apple, Sun), etc."
-- Only if you consider XP (or Vista) a credible alternative to Solaris. Or Linux. My argument is that after BILLIONS of dollars of investment, Microsoft has not produced a credible alternative to Fedora Core.
"* In the domain of software development, MS's contributions with.NET and C# are objectively superior to most of their predecessors (I'm talking mainstream environments, not niche or academic ones like Scheme, Haskell or SmallTalk). These are probably the best contribution to mainstream application and system development environment, since Kernighan tried system programming in a high level language and made C. They also have some of the best advanced research in that domain."
-- C# competing against Java,.NET competing against, what, Java class libraries? Pushing C# with Windows, after being sued by SUN (successfully) for attempting to pollute Java? Ok, C# was a small improvement to Java; but Java improved (incrementally) as well.
"* By experience, I have found out that it is easier to tweak XP to behave as a Hobbyist's or developper's UNIX box, than it os to tweak Linux into doing properly all that XP does. Install Cygwin, a proper text editor, MS's free command line compiler suite, and learn how to configure the Terminal, and you're done."
-- And my experience is that MS's free command line compiler suite works fine under WINE, so I can cross develop on Linux/BSD for Windows. Anyway, I don't know what XP does that I need. My MythTV box runs fine, I can play DVDs, and it talks to my DSM-320 "media extender". I have networking, including NIS sign on, shared directories, RAID 5 storage server. VISTA (not XP) will do NFS (finally), NIS is possible with the Microsoft Unix add-in, but automount still isn't (although NIS sign-on can be made to work). I lose functionality by going to XP. I guess that Microsoft supports some kind of media kit for XP, supporting the DSM-320. I tried the supplied uPnP software that came with it (having a Windows machine), and it doesn't work well (certainly not as good as the built-in MythTV support for uPnP). I run Fedora Core 5 as my primary dev machine, on a Pentium II/400 with 256MB and an 8GB hard disk. Having TRIED XP on a similar machine, I wouldn't dare. By the way, that machine is shared, others work on it as well, AND it runs WINE and the MS command line compilers (for cross-dev).
I keep thinking "now is the time I should try out Microsoft"; I give it a whirl. I end up SEVERLY disappointed. Objectively, MS makes no products that fit into my infrastructure: my dual-proc Pentium Pro with 128MB that is my gateway machine. Quality hardware, has run since 1998. I *could* replace it, but then it ends up in a landfill. It was a $6000 machine when new. I rescued it from landfill fate in 2000. XP on it?
My storage server? A Pentium II/266, 128MB, Again, a landfill rescue. Quality hardware (GL 300 s
Good points - it does VI, compile commands, and even spreadsheets (I use SC). The control key is in the right place. It should last a long time (its already been a long time). Its power requirement is low. I don't get distracted by "pretty pictures". I get amazing geek cred.
Bad points - the keyboard is a bit flimsy (I would like to use my Model-M on it!). I still need access to a GUI because a lot of web sites won't work with lynx. (and why not?).
Yes, the GUI is nice, but most of what I do is based on CHARACTERS. Even when I program for Windows, I code in C++, using CHARACTERS. No, the MS IDE won't work, but I prefer VI anyway.
When I do accounting, I work with CHARACTERS and NUMBERS. SC and VI work just fine. I can switch to a GUI when I need it -- but the terminal keeps me on task.
But that is what DRM must do -- hide the "secret" in the content. The soft DVD player did NOT make it easy to find the key. However, HD has to work pretty much "to the metal". The key was not "identified", in the sense of being reversed.
The attack is simpler. We know the key must be in memory SOMEWHERE. So, try decrypting with all possible memory bytes. For each 1MB of memory the player takes, the keyspace is effectively only 20 bits. The key is "brute forced" across the player. The key of interest is not in the read-only portion of memory (not a player key), which reduces the search space.
How to protect against this: the key may be broken up and hidden in its construction. Instead of storing the bytes in sequence, they can be (say) separated. If the key is known to be in a 1MB region of memory, this can provide up to 20 bits additional keyspace for each byte. But, the pattern of access can be determined by watching the processor, so this would be defeated. Basically, the attack would be to watch all data accesses, and determine which is incoming encrypted. All other access would be potential keyspace, which can the be "bruted". I would estimate that only up to 12 key bits per byte would be added (watching page access is trivial). Which makes the brute force attack possible again. The AES crypto core itself could come under attack -- not to break AES encryption, but simply to determine where its key is coming from.
This attack cannot really be defended against. Except if we either (1) move the key storage to somewhere more secure, or (2) modify the "Operating System" to not allow content-vendor untrusted software. The soft player would need to survive all possible attacks that may result in other code to be executed (thus allowing injection of monitoring software). Which means the player software needs to be either "perfect" in a security sense, or that the OS cannot allow any "untrusted" drivers (ring 0 code) to be run WHILE the player is running, AND not permit any application access to the player (to prevent fuzzing attacks, etc.), AND not allow direct data recovery from (say) screen buffers (which means, in turn, that the entire GUI has to be hardened, as well as the fancy 3D drivers, etc.).
Much easier to just "sandbox" trusted applications by forcing them to run separately (in a sense) from all untrusted applications. Since a possible attack is to recover frame data from the (say texture memory) graphics subsystem, no display of other applications can be allowed.
The computer would need to be converted into a simple HD content player while the HD content is playing.
So, you are correct. Key-jacking will be possible and practical in the future (at least as long as it is needed)
An accepted offer cannot be treated this way. Here's why:
You are entitled to the compensation in the offer. Anything less is "substantive dismissal".
You can now NOT work for the company, and receive ALL benefits for a period of at least your probation. Settle out for three months of salary, and all (potential) relocation expenses, signing bonus, etc.
Since you are now entitled to this much, the offer on the table is: (1) you are going to be a nice guy, and accept the original offer, or (2) will accept a payout, or (3) will take a higher signing bonus (to pay for your unanticipated legal expenses), and take the offer.
The crypto is only as strong as the algorithm, and the method used for key management.
The argument that DRM is "workable" breaks down because the encrypted message is delivered to a party who is expected to BOTH decrypt the message, and NOT know the keys. But the keys had to be used to effect the decryption!
Basically, it makes very little sense.
The only way that DRM can work is if the playback device does not trust its user. Which means that it CANNOT be a general purpose computer.
The next generation of "DRM Operating Systems" cannot support general purpose computing. Pretty much the only way to guarantee that DRM will work is for such a computer to not allow ANY non-DRM compliant software while DRM content is playing.
In other words, while the DRM movie is playing, your spreadsheet won't.
But, since music playback while working is common, we can safely predict that DRM restrictions will be lifted from music. Movies? The next generation may well support "single tasking while movie is playing" mode.
If this is not done (as well as locking out all non-DRM approved drives and kernel extensions), the keyset can be recovered from the player software.
This crack just demonstrates this particular weakness. When I probe a cryptosystem, I look at the algorithm used (are there errors in the implementation? is it a good crypto algorithm? etc.), the keys (key length, is brute force possible or is the key recoverable from a known encyrpted plaintext, was the key produced by someone sane, or an idiot, etc.) and key management (where and how are keys stored and published etc.).
Remember "Spaceballs": the code is: "1", "2", "3", "4".
It is also good to remember that once a single digital copy is "cracked", the work doesn't have to be done for that title again.
If your computer has been rooted, it really IS ball game over. Just sitting here thinking how I would exploit a rooted system that someone uses for banking...
1 - establish account offshore that offers SWIFT transfer (or other convenient inter-bank wire), and can deal with bank that requires no ID. 2 - Monitor victims on-line banking activity for a couple of months. 3 - Intercept after online session has next been established. 4a - Inject low level "noise" transfer, if victims balance is medium level 4b - Take it all, if victim balance is at high level. 5 - Complete transfer from SWIFT bank next day, to "no ID" bank. 6 - transfer from "no ID" to Bahamanian account (Swiss account, you pick). Cash out.
Ob.Holywood: Add sound effects, and visual effects as appropriate: "I'm in!" and up/down counters with ticking.
Of course this doesn't work if you DON'T do on-line banking; this is a good thing(tm) because on-line activity would otherwise be exceptional.
Bear in mind that this is the first solution I came up with. And I suspect it would be very workable. Especially, if that "Digipass" gave you a sense of security.
Thing thing you "Trust": the thing that you have faith in because you have no other choice. And that which you must trust, you must be able to verify. With Internet Banking, you do not trust the network (thus, we use cyrptographically sound protocols). You trust your password, and are forced to trust your computer. (And, you trust your bank). So, secure that computer, and don't give out your password. I wouldn't trust a digikey, simply because I have no way of verifying (I can restrict access to my computer, and my password is under my control).
The digikey in no way mitigates responsibility for keeping your computer secure.
Slashdot Mirror
Thank you, ergo98. Very good response.
w indows_for_warships/ )
And yet, W2K is being deployed in this way.
I suspect that we need real engineering in the software discipline. I would refuse, based on ethics, to participate in such a venture. And yet, if you do, you are likely to be dismissed (as was the original crtic of this venture: http://www.theregister.co.uk/2004/09/06/ams_goes_
So here I sit, thinking about this...
I don't think it would be for frequent writes -- that can kill flash. Especially if there is a fixed area for these writes (unless there is a write spreader thingum in the flash).
Flash does retain information over a power-cycle, and the "seek time" is zero.
I think I would put commonly used small files on the flash that are NOT written very much. Stuff like the old "CONFIG.SYS" of DOS days. Perhaps application relocation information, and resolved load information (seek to HERE and do a BIG READ).
I am trying to figure out what kind of improvement I could get. The load information caching may result in a fairly impressive gain (given the DLL and DLL nesting typically used). Small file caching? It depends on application level behaviour. The OS kernel ITSELF should not benefit from these things, "outer" OS layers (GUI) should benefit slightly.
I can't wait until an actor (actress) wins a Best Peformance Oscar for a "touched up" performance, and it then comes out...
Would that be the Motion Picture Industries' "Milli Vanilli" moment?
But then, this is all staged anyway, you know, to get our minds off of the National ID cards. (where did I put my 'foil hat?)
Microsoft seems to be TERRIFIED of VMware (EMC). Why? Is is because VMware allows the use of Windows UNDER Linux? (Whereas, it seems, Microsofts preferred approach will be Linux under Windows?).
Of course, having Linux as the HOST OS means that driver vendors will have to support Linux more in the enterprise. And, I believe that Linux is the "better" OS in that the kernel has gone through a more stringent review process.
But all of these statements -- that the Windows Virtualization Technology will be stunning, that Virtualization belongs in the OS, etc. seems to be thowing FUD directly at VMware (and, I assure you, the VMware product is "stunning" -- I particularly like the Server product running on Linux).
To my knowledge (or my opinion, if you prefer), Microsoft ONLY reacts this strongly if their platform is being threatened. And I don't see what the introduction of a bit more enterprise driver support does to threaten Windows.
Ok, I have a guess: It could be that Linux is so good that it makes for a more solid OS base. This then provides a compelling platform to begin virtualizing Windows Servers on. But, if the enterprise is ALREADY basing on Linux, why not start transitioning to native Linux? After all, its stable enough to host Windows, right? A chink in the platform.
But that implies that Microsoft believes that Linux is that good...
When it comes to music, it's not "piracy" in Canada. We have the personal copy provision.
Basically, you can go into a music store with a blank CD, COPY a CD, and take the copy home. Perfectly legal. As for "on-line" -- you are not allowed to post music to a "bulletin board", but P2P sharing is fine.
I just want the same for Movies, Audio Books, and other works that can have an electronic distribution.
Of course I *still* need to get the right to distribute a work, but people can personally copy a work.
Why pay for pressed CDs? To get the liners, artwork, etc. More to the point, though, why does ANYONE in Canada buy from the Apple Music Store? That's got me puzzled...
I am for it. Bump that levy. And make it apply to ALL digital content, and not just music.
Given that I just got a cease-and-desist for sharing "Click" (my network was), and I don't want to have to bother with it -- I want movies treated the same as music is here in Canada.
Unfortunately, I predict that the Candian Recording lobby will "convince" the government to eliminate the levy, and put in strict DMCA style regulations; you know, to conform to the American model.
Maybe I am alone here, but, on reflection, I LIKE the levy. The idea of spending a bit more up front to keep the weasels away appeals to me. I don't really want the government trying to introduce "micro-payments" (I am sure they would REALLY fuck that up). I don't want an "on-line" levy -- because a lot of on-line activity is NOT for "copyright material". But media commonly used for that purpose? Sure, give them the levy.
Just my opinion.
"1) A novice must be able to install any software, update it remove it etc.
/usr available. A typical "full" distribution has several megabytes outside of /usr, and several gigabytes IN /usr. Specifically, /usr can be mounted over a LAN, allowing MOST of the OS to be shared. The corrollary of this is /usr can be mounted READ-ONLY. /usr/local are "local" additiona to /usr. Specifically stuff that is NOT in the standard distribution. Which is why /usr/local is automatically targetted by GNU autoconfig based "source software". If there is anything in /usr/local, you know the system is running "custom" applications. /etc is for configuration, and is per-machine. But it is NOT for application state information. That is in /var. Per-user customization and state is in the users home directory.
/usr area. It could be removed (by disabling the hardware detect at boot), thus restoring /usr mount after boot functionality.
2) Upgrading, downgrading or using multiple versions of the same software must be easy.
3) Finding where all files of an application is must be trivial. Unless absolutely necessary, nothing can be spread out, or arbitrarily placed! (/usr/local/bin anyone?)"
In a word: NO.
A novice must NOT be able to install any software. An absurd idea, at best. We can discuss this matter further, but this treads into the security area.
I agree with point (2); Unix offers multiple shared object versions to assist with this.
I think that with point )3) you are on the wrong track. Each of these directories does have a purpose. For example, a Linux (Unix -- I'll use Linux for here on) box can be booted WITHOUT having
Now, this stuff is probably not important for a single machine running at home. Apples OS X departs signficantly. But this stuff is important when trying to expand a system and network. There IS a reason its done this way. Bear in mind that even the "mainstream" Linux vedors occasionally screw up. For example, Redhat 9 Linux put the hardware detection code (used at bootup) into the
And you have it.
BEGIN RANT
Isolated processes, running on hardware or VMs, or as processes under an OS. Using network semantics to communicate. A simple model -- forget about threads and the attendant semantic issues. The model is already supported, and even "Windows" can participate (although that locks us into the SOCKETS API). On top of that we can have RPC, shared storage, time and identification services, etc.
Works wonders, and it has brought us to where we are today. The model can continue growing. Except that it really isn't the "preferred" model for Windows development. Indeed, the preferred Windows methodology is to use MSVC, and bind the application code into the GUI. Windows doesn't even ship with an X server!
For HPC, we need somewhat different models -- the latencies imposed by typical network stacks do not permit the performance levels needed by the computation "parcels". But, this is (generally) dealt with by source language extensions, that hide the interconnect issues.
Is this the future? Maybe, (or not, I am horrible at this game). But it is the present. My home computer is a network. Storage is centralized into a RAID-5 server, serving out NFS directories, including HOME directories, and Operating Environment pieces. Using automount, of course, to give a consistent internal view of the filesystem. Stations use NIS for login, and automount maps, etc. giving consistent login and home directories and tools. NTP keeps the time the same on the different parts. IMAP provides consistent mail services. DHCP handles the mundane assignment of IP address space assignment, and informing the parts of where such things as the local NTP resources are. It doesn't matter whether a part is running on a machine, or under a Virtual Machine (I deploy VMware server). A CVS server handles projects, and an SQL (MySQL) server handles database storage as needed (for media tracking for MythTV, mostly, although there are other databases).
It Just Works. The Network Is The Computer. Two ideas, melded together. Of course, Windows is an ugly stepchild in my environment (It works, but needs tweaking, and there is an almost ungodly amount of bending in the infrastructure for support). MAC OS X? I don't know. Nobody has ever tried an Apple laptop in my home office, so I can't comment. (but, initial feelings -- NIS support may or may not work, NFS probably does, X probably does, automounter seems to be almost a foreign idea to most MAC users I talk with -- take that with a grain of salt). Solaris? An easy fit -- I use it. Linux? A no-brainer, HP/UX and AIX? Easy. (though I don't use them).
I even extend the network with fixed-function devices (DSM-320 DLink media receiver). It uses the "UPNP standard". Now, I am not sure that standard was actually needed, but I do support it.
All brought to us by the "simple" POSIX API and semantics, and SOCKETS.
A new direction of OS design? Its a bit a marketing show. Its easy to add glitz and shizzle to upper UI elements, but the OS is generally considered the resource controlling layer.
I don't want to make it sound like I think that layer is static. I think static is a good thing for basing current and future developement, but extensions are certainly welcome. The biggest changes, in my opinion, are the support for "zero-copy" operations. These can require either a great deal of care in setting up the exact circumstances under which such an optimization can be utilized, or a new API, opening the feature up to broader use. Fast select semantics, possibly through a new API are another such area.
Then we have the implementation of that layer -- the big news being virtualization and complete isolation.
Everything else I have seen is, to be kind, a marketing driven "OS feature" that really shouldn't be discussed as an OS feature. This includes "3D desktops", the whole idea of a desktop, included applications, and even "what applications are supported".
The last point is important. If the semantics of the OS conf
The definition of "licensed device" is very clear. The user must designate a hardware device as such. The license is clear that it refers to the combination of licensed device and the program. This is the intent -- it is further clarified for "blade" systems.
The grant is for 1 or 2 processors on the hardware device; this is further clarified.
The virtual machine clause simply states that the user does NOT have the right to run the program virtual or emulated on the licensed device (which is the hardware that was designated). It makes no mention of using it twice, or anything -- indeed it clearly states that if the software is installed on the designated licensed device, it cannot be used in a VM or under an emulator.
There is no license grant for running Vista Home under Parallels on a MAC, or under VMware. In fact, there is an explicit license prohibition.
Which means that if you do it, you are in violation of that license.
Caveat emptor. I don't think the penalty would amount to much, but I won't do it (not without legal clarification from Microsoft).
The license defines "licensed device" as "Before you use the software under a license, you must
assign that license to one device (physical hardware system). That device is the "licensed device."
A hardware partition or blade is considered to be a separate device." (quote from the license).
It is stated that the physical hardware is the "licensed device", so it is not possible to use these versions of Vista under a Virtual Machine (or emulation, eg. BOCHS).
"USE WITH VIRTUALIZATION TECHNOLOGIES. You may not use the software installed on the
licensed device within a virtual (or otherwise emulated) hardware system."
This is licensed software. It is licensed to be run on a single device. The relevant part of the license is:
"License Model. The software is licensed on a per copy per device basis...
INSTALLATION AND USE RIGHTS. Before you use the software under a license, you must
assign that license to one device (physical hardware system). That device is the "licensed device."
A hardware partition or blade is considered to be a separate device.
a. Licensed Device. You may install one copy of the software on the licensed device. You may
use the software on up to two processors on that device at one time. Except as provided in the
Storage and Network Use (Ultimate edition) sections below, you may not use the software on any
other device."
If you put the two together, the result is strange. Apparently, you can designate the computer running a virtual machine as a "licensed device". You can even INSTALL Vista Home on it. You just can't USE it. Nor can you use it on emulated hardware such as BOCHS, either.
Specifically, there is a license prohibition against that use. To do this, you need Ultimate. But even with Ultimate on a VM or emulated system, you are not licensed to use Microsoft DRM.
I don't like it. But that's the way it's written.
Sorry, I don't have mod points.
But, yes, I find ACLs *very* hard to manage. In general, RWX is easy to work with -- may need to create extra groups, but I can follow, document, and understand.
For me, bandwidth is a problem. People in my neighbourhood have caps if they use cable broadband. And that includes me.
For me, selection is a problem. Ever since Blockbuster started with the their "new" keep the movie for too long, and you bought it policy, they don't seem to be restocking old popular movies.
What I would like is something similar to the Kodak photo kiosks already in WalMart stores. A kiosk that allows me to browse songs and movies, with short samples. When I find content that I like, it will transfer to media, and bill me. It would have to burn DVDs and CDs, and produce cover art. It would be nice to produce MP3 and MP4 for portable players directly as well (at a much reduced cost) and write to flash media and USB media.
If something like a media content kiosk is produced, the next step would be to open the content delivery "on-line" as well (I imagine that there would be a repository, or repositories of material to be sent to the kiosks).
Just dreaming...
whatever it is.
"Asus A8R32-MVP with *** Socket AM2 ***? using DDR memory. And an FX 60? He obviously has a 939-system. How far can we trust this guy to have opinions on drivers and stuff?"
I don't understand what the issue is. Please explain. I am not up on this terminology or equipment models...
I am assuming that the system as described is not possible. This would, of course, invalidate the results.
I use my MP3 player to avoid saying "Hi" to anyone. But then, I am an anti-social bastard.
For what it's worth (and it ain't much, but it may help identification of other anti-social bastards), here is what is on my MP3 player (artists only, it's probably weird enough):
AC/DC, Elvis Presley, Etta James, George Thorogood, Holly Stell, Led Zepplin, Mozart, David Wilcox, Rolling Stones, Stray Cats, The Beatles, Leonard Cohen, The Ramones, Eric Clapton & JJ Cale, Violent Femmes.
So, its only a 1GB player; mostly because I am a cheap anti-social bastard.
If you hear of anyone with that playlist, I recommend you RUN AWAY. Because I probably don't want to talk to you, either.
Grandma REQUIRES someone look at her Windows computer every six months. Grandma cannot reinstall Windows -- doesn't even know where to start.
And how is this different from Linux?
The issue(s) in the article are interoperability with Microsoft applications that are designed to prevent interoperability.
Since Microsoft has already forced me into a Linux/Unix infrastructure (read my other posts to determine how/why), I don't have those non-interop applications.
I then try to introduce Windows into an OPEN infrastructure. In my case, NIS, AUTOMOUNT (using NIS maps), NFS, DHCP. Windows does respect DHCP (although there are some strange issues), NFS has FINALLY been released with Vista, NIS can be supported (sort of). NIS for login? Its doable... but tough (I found instructions, but have not successfully implemented). AUTOMOUNT? Only if I write custom scripts (I figured out how, but it is tough, and I haven't ever actually had the time to implement the solution). In any case, it takes a lot of effort to incorporate XP into a "standard interop infrastructure". Vista is a bit better (given the NFS support).
And its not just Linux -- Solaris, HPUX, AIX as well. All of these Operating Environments interoperate, support POSIX, support X Windows, NFS, NIS, etc. How does Winodws fit it? It becomes a separate sub-network that talks to itself. Good for Microsoft, bad for me.
There is a solution specifically for Exchange; the web based access. It "jusrt works".
I second this choice.
Either that, or the venerable 68hc11 part. 8k eeprom and 192 bytes of ram. Easy to program -- gives early exposure to assembler.
Given that the article, obstensibly about kernel performance, makes no effort to actually cover kernel performance...
I was suckered in; it looked like a worthy topic. Now, I ask myself: Why did I bother?
You assume that I am in the US? I quoted the price of XP in Canadian dollars.
Anyway, there is the on-going power consumption factor. My boxes draw 70 to 140 watts (typical, startup current is higher). I am sure that the "mini-itx" system would draw less. Maybe as low as 30 watts (or am I being hopeful?). Even at that, it would take YEARS to make up the cost. Factor in the environmental cost of disposing of the old machine (these are not "green") and I don't think I can justify the replacement. At least not as long as the old machine still works.
Of course, you can convince me... If a new machine over two years is less expensive than the old machine, I'll go for it -- including XP. In a formula:
new machine cost + power = old machine power + disposal environment cost
If that cannot be met (and I don't think so), I stand by my assertion that Microsoft should open up Windows 98se (not open source, but licensing).
"* Windows XP is a fairly stable operating system, with no serious architectural flaw for office use, software development, workstation or hobbyist use."
.NET and C# are objectively superior to most of their predecessors (I'm talking mainstream environments, not niche or academic ones like Scheme, Haskell or SmallTalk). These are probably the best contribution to mainstream application and system development environment, since Kernighan tried system programming in a high level language and made C. They also have some of the best advanced research in that domain."
.NET competing against, what, Java class libraries? Pushing C# with Windows, after being sued by SUN (successfully) for attempting to pollute Java? Ok, C# was a small improvement to Java; but Java improved (incrementally) as well.
-- Given that it costs $230 CDN, I should hope so.
"* William H Gates III has stepped away from the company's spotlight and is leveraging his wealth in a remarkably, socially responsible way, making this accumulation truly beneficial to the world that has created it."
-- Sure
"* Desktop Operating System peculiarities are growing more irrelevant every year in most domains. The general indifference around the release of Vista is the best proof of this."
-- Only because the discussion is about eye candy, not the actual OS. And, the discussion is XP vs Visa.
"* No true credible alternative OS has emerged after fifteen years of trying in each and every way : free software, commercial OS companies (Be), alternative OSs pushed by proprietary hardware vendors (Apple, Sun), etc."
-- Only if you consider XP (or Vista) a credible alternative to Solaris. Or Linux. My argument is that after BILLIONS of dollars of investment, Microsoft has not produced a credible alternative to Fedora Core.
"* In the domain of software development, MS's contributions with
-- C# competing against Java,
"* By experience, I have found out that it is easier to tweak XP to behave as a Hobbyist's or developper's UNIX box, than it os to tweak Linux into doing properly all that XP does. Install Cygwin, a proper text editor, MS's free command line compiler suite, and learn how to configure the Terminal, and you're done."
-- And my experience is that MS's free command line compiler suite works fine under WINE, so I can cross develop on Linux/BSD for Windows. Anyway, I don't know what XP does that I need. My MythTV box runs fine, I can play DVDs, and it talks to my DSM-320 "media extender". I have networking, including NIS sign on, shared directories, RAID 5 storage server. VISTA (not XP) will do NFS (finally), NIS is possible with the Microsoft Unix add-in, but automount still isn't (although NIS sign-on can be made to work). I lose functionality by going to XP. I guess that Microsoft supports some kind of media kit for XP, supporting the DSM-320. I tried the supplied uPnP software that came with it (having a Windows machine), and it doesn't work well (certainly not as good as the built-in MythTV support for uPnP). I run Fedora Core 5 as my primary dev machine, on a Pentium II/400 with 256MB and an 8GB hard disk. Having TRIED XP on a similar machine, I wouldn't dare. By the way, that machine is shared, others work on it as well, AND it runs WINE and the MS command line compilers (for cross-dev).
I keep thinking "now is the time I should try out Microsoft"; I give it a whirl. I end up SEVERLY disappointed. Objectively, MS makes no products that fit into my infrastructure: my dual-proc Pentium Pro with 128MB that is my gateway machine. Quality hardware, has run since 1998. I *could* replace it, but then it ends up in a landfill. It was a $6000 machine when new. I rescued it from landfill fate in 2000. XP on it?
My storage server? A Pentium II/266, 128MB, Again, a landfill rescue. Quality hardware (GL 300 s
A REALLY big AHEM.
I use a Wyse 30. It even uses green phospor.
Good points - it does VI, compile commands, and even spreadsheets (I use SC). The control key is in the right place. It should last a long time (its already been a long time). Its power requirement is low. I don't get distracted by "pretty pictures". I get amazing geek cred.
Bad points - the keyboard is a bit flimsy (I would like to use my Model-M on it!). I still need access to a GUI because a lot of web sites won't work with lynx. (and why not?).
Yes, the GUI is nice, but most of what I do is based on CHARACTERS. Even when I program for Windows, I code in C++, using CHARACTERS. No, the MS IDE won't work, but I prefer VI anyway.
When I do accounting, I work with CHARACTERS and NUMBERS. SC and VI work just fine. I can switch to a GUI when I need it -- but the terminal keeps me on task.
But that is what DRM must do -- hide the "secret" in the content. The soft DVD player did NOT make it easy to find the key. However, HD has to work pretty much "to the metal". The key was not "identified", in the sense of being reversed.
The attack is simpler. We know the key must be in memory SOMEWHERE. So, try decrypting with all possible memory bytes. For each 1MB of memory the player takes, the keyspace is effectively only 20 bits. The key is "brute forced" across the player. The key of interest is not in the read-only portion of memory (not a player key), which reduces the search space.
How to protect against this: the key may be broken up and hidden in its construction. Instead of storing the bytes in sequence, they can be (say) separated. If the key is known to be in a 1MB region of memory, this can provide up to 20 bits additional keyspace for each byte. But, the pattern of access can be determined by watching the processor, so this would be defeated. Basically, the attack would be to watch all data accesses, and determine which is incoming encrypted. All other access would be potential keyspace, which can the be "bruted". I would estimate that only up to 12 key bits per byte would be added (watching page access is trivial). Which makes the brute force attack possible again. The AES crypto core itself could come under attack -- not to break AES encryption, but simply to determine where its key is coming from.
This attack cannot really be defended against. Except if we either (1) move the key storage to somewhere more secure, or (2) modify the "Operating System" to not allow content-vendor untrusted software. The soft player would need to survive all possible attacks that may result in other code to be executed (thus allowing injection of monitoring software). Which means the player software needs to be either "perfect" in a security sense, or that the OS cannot allow any "untrusted" drivers (ring 0 code) to be run WHILE the player is running, AND not permit any application access to the player (to prevent fuzzing attacks, etc.), AND not allow direct data recovery from (say) screen buffers (which means, in turn, that the entire GUI has to be hardened, as well as the fancy 3D drivers, etc.).
Much easier to just "sandbox" trusted applications by forcing them to run separately (in a sense) from all untrusted applications. Since a possible attack is to recover frame data from the (say texture memory) graphics subsystem, no display of other applications can be allowed.
The computer would need to be converted into a simple HD content player while the HD content is playing.
So, you are correct. Key-jacking will be possible and practical in the future (at least as long as it is needed)
An accepted offer cannot be treated this way. Here's why:
You are entitled to the compensation in the offer. Anything less is "substantive dismissal".
You can now NOT work for the company, and receive ALL benefits for a period of at least your probation. Settle out for three months of salary, and all (potential) relocation expenses, signing bonus, etc.
Since you are now entitled to this much, the offer on the table is: (1) you are going to be a nice guy, and accept the original offer, or (2) will accept a payout, or (3) will take a higher signing bonus (to pay for your unanticipated legal expenses), and take the offer.
The ball is in your court.
This is not legal advice -- talk to your lawyer.
The crypto is only as strong as the algorithm, and the method used for key management.
The argument that DRM is "workable" breaks down because the encrypted message is delivered to a party who is expected to BOTH decrypt the message, and NOT know the keys. But the keys had to be used to effect the decryption!
Basically, it makes very little sense.
The only way that DRM can work is if the playback device does not trust its user. Which means that it CANNOT be a general purpose computer.
The next generation of "DRM Operating Systems" cannot support general purpose computing. Pretty much the only way to guarantee that DRM will work is for such a computer to not allow ANY non-DRM compliant software while DRM content is playing.
In other words, while the DRM movie is playing, your spreadsheet won't.
But, since music playback while working is common, we can safely predict that DRM restrictions will be lifted from music. Movies? The next generation may well support "single tasking while movie is playing" mode.
If this is not done (as well as locking out all non-DRM approved drives and kernel extensions), the keyset can be recovered from the player software.
This crack just demonstrates this particular weakness. When I probe a cryptosystem, I look at the algorithm used (are there errors in the implementation? is it a good crypto algorithm? etc.), the keys (key length, is brute force possible or is the key recoverable from a known encyrpted plaintext, was the key produced by someone sane, or an idiot, etc.) and key management (where and how are keys stored and published etc.).
Remember "Spaceballs": the code is: "1", "2", "3", "4".
It is also good to remember that once a single digital copy is "cracked", the work doesn't have to be done for that title again.
No it doesn't.
If your computer has been rooted, it really IS ball game over. Just sitting here thinking how I would exploit a rooted system that someone uses for banking...
1 - establish account offshore that offers SWIFT transfer (or other convenient inter-bank wire), and can deal with bank that requires no ID.
2 - Monitor victims on-line banking activity for a couple of months.
3 - Intercept after online session has next been established.
4a - Inject low level "noise" transfer, if victims balance is medium level
4b - Take it all, if victim balance is at high level.
5 - Complete transfer from SWIFT bank next day, to "no ID" bank.
6 - transfer from "no ID" to Bahamanian account (Swiss account, you pick). Cash out.
Ob.Holywood: Add sound effects, and visual effects as appropriate: "I'm in!" and up/down counters with ticking.
Of course this doesn't work if you DON'T do on-line banking; this is a good thing(tm) because on-line activity would otherwise be exceptional.
Bear in mind that this is the first solution I came up with. And I suspect it would be very workable. Especially, if that "Digipass" gave you a sense of security.
Thing thing you "Trust": the thing that you have faith in because you have no other choice. And that which you must trust, you must be able to verify. With Internet Banking, you do not trust the network (thus, we use cyrptographically sound protocols). You trust your password, and are forced to trust your computer. (And, you trust your bank). So, secure that computer, and don't give out your password. I wouldn't trust a digikey, simply because I have no way of verifying (I can restrict access to my computer, and my password is under my control).
The digikey in no way mitigates responsibility for keeping your computer secure.