I thought they were aiming for compatibility, not plain compliance.
That depends on whether you want interoperability NOW and only now or continuing interoperability. By implementing the standard properly, they are opening the door to proper and easily referenced interoperability. Constantly hacking their solution to keep up with the hacks that everyone else is using to circumvent the standard will just lead to document standards being as messed up as web standards. At this point, all Sun needs to do to keep up compatibility is actually finish the ODF standard and then implement it properly themselves.
I assure you the compatibility burden is on Sun, not Microsoft. Microsoft Office is the industry leader and standard for office suites.
Interesting, but isn't Openoffice the generally accepted reference implimentation, even if it is not 100% of the way there yet? I'm pretty sure the other apps in the MS blog list use OpenOffice.org that way too. Really, there is no real excuse.
The generally accepted reference is and should be the OASIS ODF standard itself. Digging through the source code of competing products to see which assumptions they made while implementing a standard does not constitute proper standards behavior. There's no reason to assume OpenOffice is the correct implementation of ODF, since Sun went to great lengths to get governance of the standard outside their organization. The question is whether Microsoft wants to implement the standard itself or write a minor OpenOffice compatibility layer into their software. OpenOffice is not necessarily a juggernaut product, anyway.
Their implementation passes compliance testing as far as ODF 1.1 is concerned. In fact, it's the only implementation that does for spreadsheets (aside from Kspread, apparently). At the same time, it also serves the purpose of both increasing compatibility and exposing the weakness of the standard and format. If Sun wants ODF to be the de facto office standard, they should tie up the many vague loose ends that allow Microsoft to do a perfectly compliant implementation that is incompatible. The examples outlined in the msdn blog demonstrate just how open ended and inconsistent this "standard format" is.
If anyone is interested in specifically what is "broken"(read: incompatible with OpenOffice.org 3.0)... which I doubt... here is some very good information detailing which decisions were made in implementing ODF and why they were made:
The last couple blog posts should be what everyone is looking for.
Beyond this, Microsoft is simply implementing ODF 1.1 because ODF 1.2 is not done yet. If Microsoft is going to support a standard, they will support the standard not the most popular implementation's interpretation of the standard.
List of contributors to the linux kernel : Companies like IBM, Intel, SGI, MIPS, Freescale, HP, etc. are all working to ensure that Linux runs well on their hardware. (source : http://www.linuxfoundation.org/publications/linuxkerneldevelopment.php ). They clearly are teens in a basement, not professionals.
It's still a mess, though. They put in enough to work to make sure that it works on their hardware, but it's still like the 1 million monkeys on typewriters writing shakespeare. The kernel is always outdated, insecure, and inconsistent. Just because enterprises throw a couple coders its direction doesn't mean it's very competitive technologically. As the quality level of the platform continues to hover between poor to mediocre, I think more companies are going to find professional commercial systems more cost effective.
The boomtown growth of the web 2.0 world is probably over. Cost matters again.
Could you define "modern kernel design" for me ?
A pure microkernel with user-mode drivers, to start out. That's a pretty simple bar right there. Mach is just a microkernel running as a chunk of monolithic kernel. It's a clever way to avoid having to write a modern and secure networking stack, but it's still a crutch.
The linux kernel can not be compiled with visual studio. And the scripts I use dailly are far more easy to write with gnu tools: sh/sed/awk/perl/ruby/tr/gnuplot/make/gcc than with windows tools. But it is possible to do the same thing in windows of course (C is turning complete anyway).
So you develop like people used to in the 70's and early 80's? It's not as though you can't use unix. For instance, Sun offers a much better debugger and profiling tools that still work with gcc and those doesn't cost anything for students.
What I do is a "professional" use of linux since I work with it and people that work with me (in the same university or not) work with it also. Of course, it is still possible to define professional otherwise...
That's funny, you sound an awful lot like a CS undergrad to me.
First of all, I am not looking for employment, I am employed. Thank you very much. If you really are concerned for my employment, high performance computing systems does not run on windows nowadays, but usually in a linux environment. Test done on Ms windows cluster version (or whatever it is called) shows that it is pretty shitty.
The HPC market is tied to economic growth. I suspect Oracle and Microsoft are going to wipe out a lot of the linux market with Solaris and Windows respectively, now that they're focused on HPC. Linux isn't a terribly impressive product in any category, so it's going to be an easy target for well funded enterprises as long as there's growth in the HPC market. I think Microsoft has only started offering competitive products in the HPC line and Oracle is going to manage Sun's assets much better than Sun ever did.
It's open but it's archaic... much of the hardships and issues you face developing for it do not accurately reflect the state of computer science outside of academia and legacy business applications. Even Minix 3 is a far better example of modern kernel and system design. If you were able to get these sorts of features working under the microkernel architecture of Minix 3, you would be more well prepared to work on modern kernels for research or future employment.
I do not need that kind of feature. I need a mailing system, a web browser and my compilation/debugging/analyzing tools that are fairly easy to write in a unix environment.
You're not going to do better than Visual Studio for those sorts of things. The best kernels are designed as processes first before ever reaching the hardware. Furthermore, the only reason you don't require enterprise level features is because you're not at an enterprise. You threw me off by saying this was a "professional" use of linux. This is an academic use of linux, which is pretty trendy now-a-days.
All the tools I need, that are perfectly adapted to my problems and that I can change/shape to something more suitable if I need.
Once more, your tools will be more customizable but they'll always be inferior on the most basic levels. You just don't possess the expertise of the visual studio team for writing advanced compilers, profilers, and debuggers. If you limit your scope of education to the linux platform, you never will be, either.
Strangely I thought that microkernels came out of universities and were used by mac os and windows nowadays... I must be wrong.
Mac OS X does not represent modern kernel design by any stretch of the imagination. All their magic happens above the kernel. Windows, on the other hand, has a professionally designed hybrid kernel. The monolithic kernel design in linux is and always has been dated, since it was developed in the 90's with a 1970's architecture.
The article is absolutely right... these issues are always going to be problem on Linux. Some of these issues are old stand-by's from UNIX, after all. We can address many API and kernel stability and compatibility as well as sound and video issues if we are willing to simply stop using linux on the desktop and keep it as a server system, like its developers and contributors seem to intend.
I believe Haiku OS is doing an excellent job of meeting many of the problems laid out and is well en-route to provide a sane and stable free desktop system. What part of *the rules* says we can't solve desktop issues by throwing out Linux's outdated unix workstation desktop paradigm? Why not just develop a pure free desktop system and give end users the gift of consistency? With stable driver API's and a well designed GUI toolkit, we could find ourselves providing a competitive and far more lightweight (no joke) desktop solution that uses less power (like horsepower not wattage) and yet maintains much source compatibility with all this POSIX software we've amassed.
It's not "reinventing the wheel" it's building the wagon wheel instead of trying to chisel a wheel out of a limestone cube. You've got the POSIX model, you've got the free software ecosystem, what's stopping us from scrapping the infinite headaches that are cludging UNIX and X into the desktop and just making a for-real desktop system? This article was about the Desktop, not the workstation after all. If you don't believe that this system is making progress, just dd (or flashnul) it onto a usb stick and boot it up. You might be surprised.
With a little bit of developer attention, this could slingshot ahead of Ubuntu in usability in literally a year or so. Just like that- a decade of desktop linux development could be surpassed just like that by simply stretching outside that constrained model. Let's just let linux be the server it wants to be.
So let's talk about linux on a desktop for professional use. I am studying many/multi core architectures with numa memory. The goal is to achieve the best parallelism possible on small data size. It requires a very fine tuning of the machine. No graphics (too much process running), custom kernel to change scheduling policies, custom kernel to access hardware counters (basically, PAPI support). This cannot be done on windows, so the testing machine runs linux.
First off, you just mentioned some lame pet project that has nothing to do with the desktop then added a quick addendum mentioning that a Windows desktop somehow *couldn't* access this. This is a stretch of the imagination in terms of desktop use. You're studying NUMA? So you're a student fiddling around with the linux kernel? Or- don't tell me some unfortunate company is paying you to waste your time with that instead of licensing a professional operating system...
You actually don't need to recompile windows to get to these features because it's got a more modern modular design.
Obviously the desktop that controls it runs linux also. Otherwise it would be pain in the ass.
So you couldn't SSH into your little toy system with PuTTy or connect using serial over HyperTerminal? This certainly doesn't sound impressive enough for you to be using a probe or anything. Why, if you used Windows on the host desktop then you'd have access to Outlook and enterprise-level networking and productivity applications on your workstation. Why, your company might even be able to enforce group policies! But somehow it just doesn't seem like any company would be wasting their time with this unless they were completely incapable of cost-benefit analysis. They'd be slow-cooking themselves a product while burning expensive engineer and IT time and implementation downtime instead of simply licensing something and having it implemented rapidly.
So what is this linux desktop really offering you?
Or maybe you're in school. The more educational institutions rely on linux to teach operating system concepts, the more we'll be preparing students to design the future operating systems of the 1970's.
You can say that it a niche. Well Gaming is a niche too.
Fiddling with a linux system to try to make it do complex tasks is a niche or hobby or what have you. Gaming is a simply massive market that's packed to the brim with revenue. So it may be a niche, but not in the same way.
He is correct. I think piracy has become so convenient that it literally takes self-control not to do it when you hit any hiccups getting media. It's sometimes easier to torrent than rent a movie.
He has not considered the minor possibility of serving the end-users with his products. I guess sale by litigation is the new capitalism.
Hulu has probably done more to combat media piracy than any number of massive and vicious lawsuits. So has netflix with their new content delivery system. I will always hit up Hulu and youtube's new shows tab and such before hitting up the torrents. I can't imagine I am the only person who does this.
Maybe they should attempt delivering their content in a way that people want.
At the latest when my GF wanted to burn a simple mp3 file and Brasero mumbled something about an "missing gstreamer plugin" she said, that (Ubuntu) Linux is still too complicated for normal users. I couldn't really argue with her, just explain the Why's and How's of proprietary stuff and the legal issues of their use. Installed the restricted stuff (which she'd have had no idea to even look for!) and she was set and likes it.
I've tried this before. A female friend of mine ended up using Ubuntu for quite a long time, but she just grew increasingly frustrated with minor things. Finally, when she decided she wanted to edit videos off her camera, it reached the boiling point. Despite using it for a year, she had no idea how to do it or how to go about it. Most recently, she just contacted her brother and asked him how to get rid of linux on the PC for good.
Similarly, I even see Linux netbooks being listed on craigslist with people saying "I don't really think I am good enough at computers to use linux." So there's another example of people using it and not really *getting* the usability paradigm. I don't think it's uncommon, either. The NYTimes did an article on the up and coming Ubuntu desktop within the last year and described it as having random problems that there's no easy way to fix-- and I think that's pretty much the same experience I have. I always hit some problem with Ubuntu that I just blast through solving without even thinking about it and the moment anyone non-technical sees it, they're like "what the hell are you doing? How did you know to look there?"
I'm going to share a little secret with you, slashdot: I don't think common users want to learn UNIX. You know, not with things like Macs and Windows boxes floating around. I mean, windows may be obnoxious sometimes, but people really dig that (often dangerous) level of compatibility with the software they have lying around and know. Furthermore, I think a lot of linux desktops do a really good job at looking like usable well-designed systems, without actually being usable well-designed systems. Seriously, draw a line sometime across popular open source applications looking for the path your eyes need to follow to do certain tasks and you will understand the kind of work that goes into usability research. It's more than just *looking* usable.
Someday, you should really look into how much Help documentation is built into Windows. Or--how much you can get done with a Mac without hitting any "minor" hiccups like you do on linux. The difference may be cosmetic to most of you, but I am slowly getting more convinced that most linux users have Stockholm Syndrome. This is coming from someone who used linux die-hard for years, but then returned to Windows, finding my new tolerance level for technical problems and skill level made using Windows dreamy-easy and effortless.
Right, so you concede on your original claim that SELinux was a patch to bring it up to comparability with other commercial systems, windows included?
No, it's a security module hacked onto the kernel. It is not the first example of Mandatory Access Control, either. I think SELinux brought Linux up to par with Trusted Solaris from 2000. The NSA saw fit to harden Solaris years before they bothered with Linux.
At that time, consumer-level Windows was not designed with those security goals in mind.
Given how it goes over and above what MS offers and has had it for longer?
It went over what Microsoft offered at the time. NT 6's security model is equivalent if not beyond SELinux. They may be equivalent in MAC's, but group policy got far more fine-grained in NT 6, and their DEP/NX implementation is much better.
It's only helping if people are using it in either case, too.
As for the MS security model... LOL
It's not any less impressive than the Linux security model. These just aren't very secure systems. I still contend that NT 6 is more secure than current Linux, whatever you might add to it. The difference is negligible, though.
I, personally, would be very surprised if a stripped down NT 6 system could achieve a higher grade, simply because it requires (semi) formal design from the ground up, not hacked on later.
The NT kernel changes and develops at a more rapid rate than the linux kernel. It's about a decade or so ahead in most respects... I don't think Linux has even caught up to NT 5 yet, in some ways. (I've seen the code) The point I am trying to make is that Microsoft has more control over their platform than any specific party involved in Linux. However, they won't be able to do it without dropping all manner of backwards compatibility, which is just built-in insecurity. Whether its general win32 compatibility in Vista or POSIX in Linux, compatibility with legacy systems means insecurity. If it were Microsoft or the linux horde getting it to the next security level, though, I'd say Microsoft has a better shot at this.
I think the level of overconfidence in the Linux community over security is just dangerous. This viral sense of immunity from attack is starting to spread to naive buyers within the government- on a whole, I think this attitude is going to and has already cost our government networks some level of security. I am not recommending Windows as an alternative, merely making the point that Linux really is not more secure at this time. If that doesn't worry you, it should.
At this time, any of these systems should be well virtualized where they can't hurt themselves or others in any security context behind a secure separation kernel like Integrity PC or something.
I say again, you don't know what SELinux is, go and read about it.
I'm sorry. It's just a mandatory access control scheme and connected set of security policies. These fine grained controls are great for enforcing policy on a multi-user systems, but they still can't protect these systems from well-funded attackers. SELinux is a retro-fitted security model, no matter how you look at it. The security model is a later addition to an otherwise completely insecure system, and it still only works until it works. Devices and drivers can still DMA all over the system and destroy the security model. It's got a lot of armor on it now, but that's only going to protect it from conventional attackers.
It is impossible for a system designed like Linux to ever achieve a higher security certification than it current has. The system is completely maxed-out in security and it still does not offer the level of verification the NSA considers ideal (EAL 6+/7).
On top of that, I have read about ACL's. They do not provide the same capabilities as SELinux in any way, they are simply an extended set of user top object permission mappings. SELinux goes much further than that in defining different permission levels for the same user, on the same file, dependant on what program they are running at the time. D/SACL does not provide this.
MAC's vs the DAC's available in Windows XP are a minor detail in the scope of what I was originally talking about, to be fair. The level of enforcement they offer still succeeds mostly in protecting users from themselves and their own organization and casual malicious attacks. The system is secure until the security model is violated. Windows XP SP2 has still seen fewer critical exploits than the equivalent RHEL... there's something to be said about just having cleaner code and architecture. SELinux has effectively defeated Windows XP, Microsoft's now unsupported prior product, in keeping to front door closed, but that's not going to stop someone from coming in through the wall. The above article was about "organized attacks".
It's all just terms unless they are actually practically keeping the system safe, though.
One might maintain that the SELinux features necessary to lock down a system are more intrusive in Linux than in Windows Vista, for instance, so when it comes to remote attacks and exploits, a Vista user is probably safer in that more of these features might be enabled by default. If I remember correctly, when running SELinux on a Fedora system, certain basic features of the system will not work due to security policy. Certain bundled applications might not even run properly.
If you look at the actual number of critical exploits released for the various major desktop systems yearly, Vista suffers from the fewest as compared to Linux or Mac OS X at the highest. Despite implementing Mandatory Access Control, Mac OS X systems, for instance, remain easily remote exploitable. Linux, on the other hand, cannot truly secure itself without completely wrecking what POSIX compliance it has.
But it's all moot because none of these systems have a true protected memory architecture. I wouldn't be surprised if a more stripped down and less backwards-compatible NT 6.x system was able to achieve the next EAL level, but it simply won't happen with Linux. If an open source system accomplishes this, it will be one with a different kernel.
You have no idea what SELinux is, go read a book. It's not group policy.
Yes, it basically is a series of security policies and mandatory access controls comparable to the MAC's and ACL's in NT. I suggest you go read up on the Windows security model, because it offers similar relevant features to their model.
You know, the NSA offers security consulting to Sun and Microsoft, as well. You simply don't see the NSA security work that goes into Windows because it's closed source. FLASK has been openly adapted to FreeBSD, Solaris, and Darwin also, but these systems still see their fair share of security flaws. It isn't a silver bullet.
SELinux was a shot in the arm for Linux security, it's industry-competitive but certainly not unique and it is far from the last page in security for multi user systems.
SELinux is about very, very granular control over which processes running as which users have access to which files - i.e. running something other than passwd, even as root, would have no access to/etc/shadow. But a verified passwd binary can access it.
Windows does not have a weak security model. It's when these security models are broken that problems occur. Linux is generally more protected than Windows through artificial means... you just don't run untrusted code in Linux nearly as often if ever. If you have any sort of execution privileges (or any access at all, really), you can always use a POSIX-like system's shared memory architecture to break the security model.
Furthermore, talking about SELinux's security model as though it's anything more than an extension of Linux's security model is just misleading. We could talk about all sorts of features regarding NT's fine-grained ACL's and group-policy and such, but they only work when they work- when they're not broken. Although a default Windows desktop with the user running as administrator is quite insecure, a well maintained enterprise windows system that is fully enforcing its policy and security model to its fullest extent is as secure an SELinux system, if not more. Modern Windows systems are generally more secure against remote attacks because they're loaded up with anti-exploit code. They have more anti-exploit code because they're more often exploited- it's very trial and error.
SELinux was a process where linux was retro-fitted with a competitive level of security. It brings Linux to the plate in terms of security, and that was very important considering how wide the adoption of linux had gotten up to the point that it was introduced. If too many businesses and schools etc. had adopted linux with the misguided belief that the unix security model was somehow able to stand on its own against attacks, it would have been a national security problem.
CC is about design documentation and validation.
The common criteria is very relevant. Any level of "secure" Linux is a toy to a well-funded and dedicated attacker, especially if the attacker is able to plant exploit code within hardware in use by the systems running it. With all our computer hardware coming from China, for instance, our operating systems should be completely immune from attack from untrusted hardware. If a hardware device or driver has any capability of taking down the system from the inside, then it is simply not secure enough to deal with the sort of attacks we will see. The level of confidence people have in the NSA's emergency bandage work on the Linux security model simply demonstrates that we're poorly outfitted to deal with cyber attacks as a population.
Can a poorly-funded open source software become as secure as a well-funded proprietary software?
We're not supposed to acknowledge these sorts of things on slashdot...
People throw barrels of money at Linux, but it's simply a weak and archaic design. There's a lot of money and effort going towards it, but it's poorly organized so it lacks vision. The reality is that you can't "retro-fit" security to be above the EAL 4+ security level, which linux is currently at. It's that simple. Implementing security on linux will always be a case of "retro-fitting" because it lacks a modern kernel design at the very core.
Some might argue that this makes the linux kernel easier to develop for or more accessible, but any system that goes beyond the big three in security will likely be a true micro-kernel that is written entirely by highly skilled and qualified developers. Microsoft's kernel has a much more rapid development cycle and sees far more architectural changes... it's about a decade "ahead" of linux right now. However, they have to secure the entire stack on top of the kernel, also, which suffers from *more compatibility*... so it's easier to come across a generic piece of untrusted code for it. If people ran as much untrusted code on SELinux as they ran on Windows, it would be quite clear that it's no more secure than anything else mainstream.
CCEAL 4+ is the highest level one can attain without designing for CC from the ground up.
I disagree. I think this simply represents a deficiency in operating system security. It isn't tricks or hacks that gets an operating system above 4, simply attention to detail and modern design. The NSA is very forward about best practices in security when writing operating systems, it's simply ignored by most of the consumer market.
SELinux presents much tougher security than is commonly available on commercial systems... There are hardened variants of others (solaris, for instance), but none of the vanilla, commonly available OS variants come close to SELinux.
Actually, I believe the version of Windows XP verified was suitably vanilla SP2-- or at least that's what the validation report seems to suggest. I maintain that SELinux simply gets Linux to the point that it's technically as secure as Windows from an abstract perspective. Linux vs. Windows security is only a matter of maintenance and implementation. Microsoft has enough control over Windows to theoretically improve on this, but I don't believe it's possible for Linux to exceed the security level it's at without scrapping the kernel as it stands and rethinking it from the ground up. EAL 4+ represents design where security was taken into account, but it's still not at the level of security we should require for government networks. It's essential these products are run behind highly secure separation kernels.
Unless they had it disabled the Red Hat systems they used would have had SELinux enabled by default so if their linux systems really were a sieve then that doesn't speak to highly of SELinux and the NSA.
SELinux merely brings linux up to par with other popular commercial systems in security, not beyond them. It brings Linux to the level where it may receive a government EAL 4+ certification, which certifies that the system is safe from casual or inadvertent attacks. These systems do not reflect the level of security necessary to defend government networks.
They weren't testing the operating systems, they were testing the cadets. A linux system is a sieve for the NSA-- I think this simply demonstrates that the team using the Linux boxes knew their system better than the teams on Windows or Solaris respectively. It's clear that a group of passionate linux admins can maintain an acceptably secure system at this level of expertise.
However, actually infiltrating the systems would have proven nothing. I guarantee the *level of difficulty* the NSA used in order to properly test the undergrads is beneath what the Chinese government would use if trying to infiltrate a U.S. site.
The reality is that none of these three systems are acceptably secure for government networks one their... if you're relying on just the Unix security model or Windows security model, you're basically wide opened to a dedicated and well-funded attack. It's situations like these where you need to keep your systems well behind a decent level of virtualization like secure separation kernels with more than competent internal security policies. The operating system like Windows, Linux, or Solaris, is really just the "interface" to the system for the users, so to speak.
This is probably the most common sentiment you'll find in reference to DOSBox. Everyone just loves this project... I think it really is because it has one singular focus and succeeds whole-heartedly at it. Also, the project has done a great job of remaining very gracefully platform agnostic. It's brought back the old Keen series and Little Big Adventure and such to me, on any system I might want to play it on.
Now that even games on Steam are starting to ship packaged with DOSBox, you really have to take some time to reflect on how much this has done for an archive of almost forgotten and still very valuable games.
It wouldn't matter if they did keep statistics, because Firefox, Opera, and yes even IE all work under Linux too. And headers can be tweaked to say whatever the owners want them to say.
It would take an organized effort for such a large volume of people to skew statistical results to that level. Just because it's possible doesn't make it even remotely plausible. Such a movement does not exist.
Which just brings us back to square one: why did you make such a ridiculous statement, when you knew you couldn't back it up? Then, when I called you on it, you wrote page after page after page of attempts to distract, misdirect, change the subject, make straw-man arguments, and insult.
I was just really surprised by your first comment, it was as if the person reading my comment had no grasp on society other than a dictionary like reference on terms... and it slowly drew out into this cascading wave of stupidity as your awkwardly choked over every single thing I said, responses ranging from obnoxious superiority to oblivious assumptions on the software market. It went from sad to hilarious so fast that I couldn't stop the lulz from rolling. It was like shooting fish in the barrel.. and it was a barrel of endless fish!
I have made my point, over and over. You were wrong about FOSS. At the very least, you have no rational basis for making the claim that you did. And you have finally admitted it. That is all I was waiting for.
I gave you a completely rational basis. I explained that the communities are correlated and cited the fixation on piracy by open source-centric media outlets. You clearly possess no higher level thinking ability as you fail to grasp that although correlation is not causation, non-causation does not imply non-correlation. The communities are pooled and statistical evidence would probably back it up. You can't argue with that point because all you have is the claim that they're "not the same thing". That argument is below the scope of the claim and you clearly have no statistics, either.
There was only one point in this conversation, and I have stated as much several times: whether FOSS had anything to do with illegal downloading. You made a rather extraordinary claim, and never backed it up, even once. I am still waiting.
I am not sure if this point is lost on you or not since you're blindingly dense, but there aren't really good statistics for the operating system breakdown among pirates. By design, the statistics regarding piracy are intentionally obscured and obfuscated. For instance, if thepiratebay or mininova posted their site statistics somewhere showing which operating systems and browsers most frequently browsed their site, it would only take a percentage of over the total market share (1%) of linux users to demonstrate that linux users have a higher tendency towards piracy. Since these figures are not available as far as I can tell, different evidence needs to be sought.
Popular news sites for people interested in F/OSS, such as slashdot, arstechnica, reddit, digg, and boingboing demonstrate a fixation on stories regarding anything related to mininova, thepiratebay, or any other p2p legal affair. It could easily be inferred that free software advocates have no respect for intellectual property, so one might make the observation that people involved in free software are also more likely to be sympathetic towards media piracy. It's easy to make this claim anecdotally by simply reading comment threads on slashdot. If you followed enough users, you could probably draw a connection. This isn't caused by Free software, but I believe that the general zeitgeist of the community is connected. I believe with the proper statistics, a correlation could be drawn between these communities showing that linux users have a higher tendency toward media piracy in reference to their community size than Mac or Windows users. I believe the only community that would surpass linux users in per capita piracy would be pirated Windows users IF that community was differentiated from regular Windows. It's just a freeloading mindset.
The subcultures of libertarianism, free software advocacy, and anti-drm advocacy share similar undertones regarding the rights of media content owners to enforce licenses on users. I think the anti-DRM bent is one of convenience, not idealism. The idealism grows from frustration regarding a culture that thrives on reverse engineering and exploiting content protecting technologies from DVDCSS2 to reverse engineered codecs to pirated media.
The fact that these are two different distinct interests doesn't mean that they don't share a community... one is not endemically linked to the other but there is strong cultural correlation. You could draw a Venn diagram across these various communities and you would find free software advocacy and piracy linked in much the same way Nazi party sympathies and anti-semitism might be linked or Liberal voters and sympathies towards homosexual rights or those who drive hummers and vote republican. They're distinct but pooled.
I am not getting hard figures for you because talking to you isn't terribly interesting or rewarding.
Keep those personal and OS insults coming! This is definitely more entertaining than TV. I haven't seen anyone make such an ass of himself since George Bush.
Was that humor? Very... topical. All you've done is baselessly refute my points for like 10 messages. In almost every case, you've given a dense and narrow-minded response that has simply exposed that you're a muddied mess of slashdot and F/OSS dogma. This whole time I've been making the point that these cultures share common membership and you're just affirming that with every single awkward unnatural response. It's like a mix between captain of the debate team and captain of the magic the gathering club.
Beyond this, you're immune to broad context, utterly witless, and probably fat. I usually don't take things this far, but this is fucking hilarious. I am just floored that someone actually employs you in something consumer technology related. I think it's a sign that the market is doomed and uninspired. You better pray that companies like Apple, Microsoft, and Adobe are still around so you open source types still have things to rip-off.
A web browser is a slower less consistent version of.NET? That is what you said. What did you mean?
A cross-platform architecture-independent application API. The web browser is being used like an application API instead of a document interpreter with things like facebook and google docs and such.
The rest of it is just more of the same: insults and incoherent gibbering.
You can use a screen reader if you have difficulty reading. It will deliver my impassioned insults to you in a gentle, calming, monotone narration.
Oh shit, do they even have that sort of thing in linux? Better hit IRC or the forums!
There is the only one answer this can possibly deserve: (bold faced text laughing)
What is that even a reply to? You're a perl script, aren't you? I should have known. That's why every single one of your responses is generic and seems to lack any semblance of wit or introspection. It must be so lonely being a girl who reads slashdot that you've lost any and all ability to communicate with other people. You poor ugly duckling.
You totally suck at not responding... are you one of those crazy chicks who starts her day off with a drug cocktail of anti-depressants and various psych meds and ends it with a nice soothing cutting session? Because this is obsessive behavior right here. As a trained physician, I am going to have to recommend you stop wasting your employer's time and get back into the goddamn kitchen already.
Furthermore, while Canonical doesn't include it, and it's clearly illegal in the United States, I include DVDCSS as perfectly legitimate as well. Just because the US courts have their head up their ass and think it's OK to make it illegal to play one's own DVD on one's own DVD player doesn't mean that refusing to accept that is a case of being "opportunistic" rather than "idealistic". Rather, it's a case of being "idealistic" rather than "legalistic".
This is exactly the connection I was looking to draw. I am not arguing the sanity of any of this, just that it's not legal. Canonical distributes MP3 in the loosest sense... they make it available with the user's understanding that it might not be legal, but keep it available since it is legal in some countries. The whole IP market is sort of shady and illogical, but it's been around for well over a century in the U.S.
Somehow, companies like Microsoft would get the crap sued out of them if they offered a lot of this functionality without paying tons of license fees and yet Canonical can boast it for free because whenever you sue F/OSS, it makes you like you're punching a kitten and it's almost not worth the lost public image. However, if Canonical ever gets to the point where it's large enough, we will see lawsuits on matters like these that will require hacked solutions like blocking restricted packages in the U.S.
I am all for the controlled distribution of media since I have worked in entertainment, but I sincerely do believe that the legitimate market needs to compete with the illegitimate market instead of quashing it.
You silly person. A web browser is a graphical interface. What did you think it was? But I know, I know... you don't understand that. Funny that you say that *I* don't understand, considering that apparently I had to explain to you that GNOME and GTK are also graphical interfaces
I take it you're not really known around the "office"(I use this term very lightly because no company could possibly be productive with a full set of open source apps) for your communication skills? I know what GNOME/GTK is... and a web browser is a document interpreter so don't kid yourself. I know you jackasses want to make it into the new application API for the future but that shit is just retarded. In effect, it's just being used like a slower less consistent version of.NET or Java in the 90's and it's probably the least efficient use of computing power for productivity ever conceived. Is it viewing documents or running applications? No matter what bullshit you accomplish on that shitty little system, firefox is always going to suck all the power into the worst memory management and threading model available. It's like sucking a watermelon through a garden hose, but hell, the fact that you're somehow employed despite having the comprehension and communication ability of an autistic suggests that you know a lot about that.
What a weird way to put it. I am pretty sure you mean that you can communicate with the GTK API using Ruby. Of course you can. After all, that is what the Ruby/GTK+ library is for. But that is not even close what you said, this time or the last.
Seriously? Are you autistic or are you just foreign or something? English must not be your first language because I just tried this in google and it appears that Google has better natural language comprehension than you. I typed what I said into Google and the first link explained how to write an application with Ruby/GTK+. I said and I quote "go build a frontend for something in Ruby". First off, it was a dismissal like go fuck a tree, which I probably should have used instead since it's simpler and it seems like you really need to get laid. The way you interpreted it was almost unix-like in its incoherence, it's like even your brain is wired in that lame sort of local client/server model of thinking. You probably parse these comments into a filesystem mentally, too.
I am not going to bother to go any further. The rest of this is just more drivel of the same quality, which is to say: really not worth my time. I don't know why I bothered. Good bye.
You failed again! It's because you and your whole community are full of retards. You can't write usable software, so you have to do the next best thing and argue that your software is usable and decent... and yet even the most cost minded corporations often won't touch it despite having a pricetag of 0. That's a really bad sign. Linux for the end-user is like a narrow canyon with steep walls... it's fine as long as you walk firmly down the beaten path, but the moment you try to do anything unintended you immediately are faced with the lack of consistency and coherence and have to scale the wall to get anywhere else. It's an awful experience and it's obviously made you into a hardened and mangle-minded creature who can only communicate at the level of technical clarity required for a shell interpreter.
These arguments are all your community has! For one magical moment, in this fantasy you create to talk about how wonderful free software is, everything works just as it should! And yet there's not a single thing offered by the community that isn't just some sort of also-ran. It's like arguing the merits of eating out of dumpsters instead of at a restaurant because it's FREE! Oh, it's the same food... it's just a little older and sometimes it makes you sick but you're an idiot if you pay for it, you know?
I look at you poor bastards proudly and defiantly chowing down at the dumpster... and I just feel sad for you. You poor creatures, if only some friendly person would just give you a Mac or something... hopefully you find a Richard Gere to your Pretty Woman one day.
Of course you could. But that is not what it is designed for, and that is not the way it normally works. There are already perfectly good front-ends for Ruby, so why would you want to re-invent the wheel? You even named two of them: GNOME and GTK+. There are also Windows front-ends for Ruby (IronRuby for.NET comes to mind). Or, you can write a Web interface and run a Ruby server on your local machine... but local or not, that is still back-end
I am not talking about web servers for fuck's sake! Graphical interfaces, you retarded broad! I meant like writing an interface for an application, a graphical interface like... like... like this bullshit:
See? Someone tossed a GUI on something using Ruby. It's like throwing words into a goddamn Cuisinart trying to communicate anything to you.
It is very interesting to me how you got that completely backward, even though I have explained it twice: GNOME is the interface, or front end. Ruby is the back end. GNOME handles user interaction, Ruby the main logic. At least, that is the way it was intended to be organized, and the way it is almost always used. If you want to do it the other way around, by all means do so. See you in a year or so.
I was trying to interpret your backwards fairy speak into regular words but it just wasn't working. I get it... but you CAN write a GTK app in the language "Ruby".
I just mentioned that it was helping Microsoft on its way downhill. And it does so indirectly as well as directly: Open Office runs on OS X, Linux, and Windows.
Somehow, despite running on all three platforms and being free and unprofitable for Sun, it's barely kicking like... 15% of the market? Wow! Impressive. They can't even give this shit away. What happens when Oracle decides that Ooo is a waste of time? Do you really think these projects come from the "community"?
I don't know a single person who has gone out and bought a copy of Word or Excel for years now. And that is just one example. Photoshop? Bleh. I use Xara for illustration and some photo editing, The Gimp for the rest. Admittedly, Xara is commercial software, but there is also and Open Source version available.
What corner of imaginationland do you live and work in? Do you work at an one of those little open source firms? I can't believe you're comparing The Gimp and Xara to Photoshop... you might have mastered using The Gimp to edit out your flat tire and manipulate your photos to make you look thinner, but it just isn't an industry standard. In industries like advertising and entertainment where appearance matters, people use real applications that cost money.
That 1% figure was only from one source; others estimate it closer to 5% or 6%.
Holy shit! So Mac OS X literally crawled out of the mud from a failed company and ran over venerable linux, which was the next big thing since like 1995? I guarantee the results are skewed because a lot of weekend warriors probably boot into linux occasionally, then have to reboot into Windows whenever shit doesn't work because they don't have time to hang out on IRC and forums to burn a goddamn dvd or something.
Maybe it's never crashed (I have serious doubts about that), but applications do, and it is s--l--o--w. I hope you're having fun with it. And it's too bad that you did not take an hour or two to learn how to set up your Linux properly before trying to tweak the settings. Most people I know say "RTFM".
Slow? Why don't you benchmark that slowness using firefox on linux v. vista? How about you check out your opengl 2.1 performance on any graphics chip that isn't running nvidia's proprietary X solution? The problem is that there is no fucking manual... most of the crap in the linux system is undocumented. It's supported by the forums unle
Slashdot Mirror
I thought they were aiming for compatibility, not plain compliance.
That depends on whether you want interoperability NOW and only now or continuing interoperability. By implementing the standard properly, they are opening the door to proper and easily referenced interoperability. Constantly hacking their solution to keep up with the hacks that everyone else is using to circumvent the standard will just lead to document standards being as messed up as web standards. At this point, all Sun needs to do to keep up compatibility is actually finish the ODF standard and then implement it properly themselves.
I assure you the compatibility burden is on Sun, not Microsoft. Microsoft Office is the industry leader and standard for office suites.
Interesting, but isn't Openoffice the generally accepted reference implimentation, even if it is not 100% of the way there yet? I'm pretty sure the other apps in the MS blog list use OpenOffice.org that way too. Really, there is no real excuse.
The generally accepted reference is and should be the OASIS ODF standard itself. Digging through the source code of competing products to see which assumptions they made while implementing a standard does not constitute proper standards behavior. There's no reason to assume OpenOffice is the correct implementation of ODF, since Sun went to great lengths to get governance of the standard outside their organization. The question is whether Microsoft wants to implement the standard itself or write a minor OpenOffice compatibility layer into their software. OpenOffice is not necessarily a juggernaut product, anyway.
Their implementation passes compliance testing as far as ODF 1.1 is concerned. In fact, it's the only implementation that does for spreadsheets (aside from Kspread, apparently). At the same time, it also serves the purpose of both increasing compatibility and exposing the weakness of the standard and format. If Sun wants ODF to be the de facto office standard, they should tie up the many vague loose ends that allow Microsoft to do a perfectly compliant implementation that is incompatible. The examples outlined in the msdn blog demonstrate just how open ended and inconsistent this "standard format" is.
If anyone is interested in specifically what is "broken"(read: incompatible with OpenOffice.org 3.0)... which I doubt... here is some very good information detailing which decisions were made in implementing ODF and why they were made:
http://blogs.msdn.com/dmahugh/default.aspx
The last couple blog posts should be what everyone is looking for.
Beyond this, Microsoft is simply implementing ODF 1.1 because ODF 1.2 is not done yet. If Microsoft is going to support a standard, they will support the standard not the most popular implementation's interpretation of the standard.
List of contributors to the linux kernel : Companies like IBM, Intel, SGI, MIPS, Freescale, HP, etc. are all working to ensure that Linux runs well on their hardware. (source : http://www.linuxfoundation.org/publications/linuxkerneldevelopment.php ). They clearly are teens in a basement, not professionals.
It's still a mess, though. They put in enough to work to make sure that it works on their hardware, but it's still like the 1 million monkeys on typewriters writing shakespeare. The kernel is always outdated, insecure, and inconsistent. Just because enterprises throw a couple coders its direction doesn't mean it's very competitive technologically. As the quality level of the platform continues to hover between poor to mediocre, I think more companies are going to find professional commercial systems more cost effective.
The boomtown growth of the web 2.0 world is probably over. Cost matters again.
Could you define "modern kernel design" for me ?
A pure microkernel with user-mode drivers, to start out. That's a pretty simple bar right there. Mach is just a microkernel running as a chunk of monolithic kernel. It's a clever way to avoid having to write a modern and secure networking stack, but it's still a crutch.
The linux kernel can not be compiled with visual studio. And the scripts I use dailly are far more easy to write with gnu tools: sh/sed/awk/perl/ruby/tr/gnuplot/make/gcc than with windows tools. But it is possible to do the same thing in windows of course (C is turning complete anyway).
So you develop like people used to in the 70's and early 80's? It's not as though you can't use unix. For instance, Sun offers a much better debugger and profiling tools that still work with gcc and those doesn't cost anything for students.
What I do is a "professional" use of linux since I work with it and people that work with me (in the same university or not) work with it also. Of course, it is still possible to define professional otherwise...
That's funny, you sound an awful lot like a CS undergrad to me.
First of all, I am not looking for employment, I am employed. Thank you very much. If you really are concerned for my employment, high performance computing systems does not run on windows nowadays, but usually in a linux environment. Test done on Ms windows cluster version (or whatever it is called) shows that it is pretty shitty.
The HPC market is tied to economic growth. I suspect Oracle and Microsoft are going to wipe out a lot of the linux market with Solaris and Windows respectively, now that they're focused on HPC. Linux isn't a terribly impressive product in any category, so it's going to be an easy target for well funded enterprises as long as there's growth in the HPC market. I think Microsoft has only started offering competitive products in the HPC line and Oracle is going to manage Sun's assets much better than Sun ever did.
The linux kernel is open. That's what I need.
It's open but it's archaic... much of the hardships and issues you face developing for it do not accurately reflect the state of computer science outside of academia and legacy business applications. Even Minix 3 is a far better example of modern kernel and system design. If you were able to get these sorts of features working under the microkernel architecture of Minix 3, you would be more well prepared to work on modern kernels for research or future employment.
I do not need that kind of feature. I need a mailing system, a web browser and my compilation/debugging/analyzing tools that are fairly easy to write in a unix environment.
You're not going to do better than Visual Studio for those sorts of things. The best kernels are designed as processes first before ever reaching the hardware. Furthermore, the only reason you don't require enterprise level features is because you're not at an enterprise. You threw me off by saying this was a "professional" use of linux. This is an academic use of linux, which is pretty trendy now-a-days.
All the tools I need, that are perfectly adapted to my problems and that I can change/shape to something more suitable if I need.
Once more, your tools will be more customizable but they'll always be inferior on the most basic levels. You just don't possess the expertise of the visual studio team for writing advanced compilers, profilers, and debuggers. If you limit your scope of education to the linux platform, you never will be, either.
Strangely I thought that microkernels came out of universities and were used by mac os and windows nowadays... I must be wrong.
Mac OS X does not represent modern kernel design by any stretch of the imagination. All their magic happens above the kernel. Windows, on the other hand, has a professionally designed hybrid kernel. The monolithic kernel design in linux is and always has been dated, since it was developed in the 90's with a 1970's architecture.
The article is absolutely right... these issues are always going to be problem on Linux. Some of these issues are old stand-by's from UNIX, after all. We can address many API and kernel stability and compatibility as well as sound and video issues if we are willing to simply stop using linux on the desktop and keep it as a server system, like its developers and contributors seem to intend.
I believe Haiku OS is doing an excellent job of meeting many of the problems laid out and is well en-route to provide a sane and stable free desktop system. What part of *the rules* says we can't solve desktop issues by throwing out Linux's outdated unix workstation desktop paradigm? Why not just develop a pure free desktop system and give end users the gift of consistency? With stable driver API's and a well designed GUI toolkit, we could find ourselves providing a competitive and far more lightweight (no joke) desktop solution that uses less power (like horsepower not wattage) and yet maintains much source compatibility with all this POSIX software we've amassed.
It's not "reinventing the wheel" it's building the wagon wheel instead of trying to chisel a wheel out of a limestone cube. You've got the POSIX model, you've got the free software ecosystem, what's stopping us from scrapping the infinite headaches that are cludging UNIX and X into the desktop and just making a for-real desktop system? This article was about the Desktop, not the workstation after all. If you don't believe that this system is making progress, just dd (or flashnul) it onto a usb stick and boot it up. You might be surprised.
http://www.haiku-os.org/
With a little bit of developer attention, this could slingshot ahead of Ubuntu in usability in literally a year or so. Just like that- a decade of desktop linux development could be surpassed just like that by simply stretching outside that constrained model. Let's just let linux be the server it wants to be.
So let's talk about linux on a desktop for professional use. I am studying many/multi core architectures with numa memory. The goal is to achieve the best parallelism possible on small data size. It requires a very fine tuning of the machine. No graphics (too much process running), custom kernel to change scheduling policies, custom kernel to access hardware counters (basically, PAPI support). This cannot be done on windows, so the testing machine runs linux.
First off, you just mentioned some lame pet project that has nothing to do with the desktop then added a quick addendum mentioning that a Windows desktop somehow *couldn't* access this. This is a stretch of the imagination in terms of desktop use. You're studying NUMA? So you're a student fiddling around with the linux kernel? Or- don't tell me some unfortunate company is paying you to waste your time with that instead of licensing a professional operating system...
What's this? NUMA support!
http://msdn.microsoft.com/en-us/library/aa363804(VS.85).aspx
You actually don't need to recompile windows to get to these features because it's got a more modern modular design.
Obviously the desktop that controls it runs linux also. Otherwise it would be pain in the ass.
So you couldn't SSH into your little toy system with PuTTy or connect using serial over HyperTerminal? This certainly doesn't sound impressive enough for you to be using a probe or anything. Why, if you used Windows on the host desktop then you'd have access to Outlook and enterprise-level networking and productivity applications on your workstation. Why, your company might even be able to enforce group policies! But somehow it just doesn't seem like any company would be wasting their time with this unless they were completely incapable of cost-benefit analysis. They'd be slow-cooking themselves a product while burning expensive engineer and IT time and implementation downtime instead of simply licensing something and having it implemented rapidly.
So what is this linux desktop really offering you?
Or maybe you're in school. The more educational institutions rely on linux to teach operating system concepts, the more we'll be preparing students to design the future operating systems of the 1970's.
You can say that it a niche. Well Gaming is a niche too.
Fiddling with a linux system to try to make it do complex tasks is a niche or hobby or what have you. Gaming is a simply massive market that's packed to the brim with revenue. So it may be a niche, but not in the same way.
He is correct. I think piracy has become so convenient that it literally takes self-control not to do it when you hit any hiccups getting media. It's sometimes easier to torrent than rent a movie.
He has not considered the minor possibility of serving the end-users with his products. I guess sale by litigation is the new capitalism.
Hulu has probably done more to combat media piracy than any number of massive and vicious lawsuits. So has netflix with their new content delivery system. I will always hit up Hulu and youtube's new shows tab and such before hitting up the torrents. I can't imagine I am the only person who does this.
Maybe they should attempt delivering their content in a way that people want.
At the latest when my GF wanted to burn a simple mp3 file and Brasero mumbled something about an "missing gstreamer plugin" she said, that (Ubuntu) Linux is still too complicated for normal users. I couldn't really argue with her, just explain the Why's and How's of proprietary stuff and the legal issues of their use. Installed the restricted stuff (which she'd have had no idea to even look for!) and she was set and likes it.
I've tried this before. A female friend of mine ended up using Ubuntu for quite a long time, but she just grew increasingly frustrated with minor things. Finally, when she decided she wanted to edit videos off her camera, it reached the boiling point. Despite using it for a year, she had no idea how to do it or how to go about it. Most recently, she just contacted her brother and asked him how to get rid of linux on the PC for good.
Similarly, I even see Linux netbooks being listed on craigslist with people saying "I don't really think I am good enough at computers to use linux." So there's another example of people using it and not really *getting* the usability paradigm. I don't think it's uncommon, either. The NYTimes did an article on the up and coming Ubuntu desktop within the last year and described it as having random problems that there's no easy way to fix-- and I think that's pretty much the same experience I have. I always hit some problem with Ubuntu that I just blast through solving without even thinking about it and the moment anyone non-technical sees it, they're like "what the hell are you doing? How did you know to look there?"
I'm going to share a little secret with you, slashdot: I don't think common users want to learn UNIX. You know, not with things like Macs and Windows boxes floating around. I mean, windows may be obnoxious sometimes, but people really dig that (often dangerous) level of compatibility with the software they have lying around and know. Furthermore, I think a lot of linux desktops do a really good job at looking like usable well-designed systems, without actually being usable well-designed systems. Seriously, draw a line sometime across popular open source applications looking for the path your eyes need to follow to do certain tasks and you will understand the kind of work that goes into usability research. It's more than just *looking* usable.
Someday, you should really look into how much Help documentation is built into Windows. Or--how much you can get done with a Mac without hitting any "minor" hiccups like you do on linux. The difference may be cosmetic to most of you, but I am slowly getting more convinced that most linux users have Stockholm Syndrome. This is coming from someone who used linux die-hard for years, but then returned to Windows, finding my new tolerance level for technical problems and skill level made using Windows dreamy-easy and effortless.
Right, so you concede on your original claim that SELinux was a patch to bring it up to comparability with other commercial systems, windows included?
No, it's a security module hacked onto the kernel. It is not the first example of Mandatory Access Control, either. I think SELinux brought Linux up to par with Trusted Solaris from 2000. The NSA saw fit to harden Solaris years before they bothered with Linux.
At that time, consumer-level Windows was not designed with those security goals in mind.
Given how it goes over and above what MS offers and has had it for longer?
It went over what Microsoft offered at the time. NT 6's security model is equivalent if not beyond SELinux. They may be equivalent in MAC's, but group policy got far more fine-grained in NT 6, and their DEP/NX implementation is much better.
It's only helping if people are using it in either case, too.
As for the MS security model... LOL
It's not any less impressive than the Linux security model. These just aren't very secure systems. I still contend that NT 6 is more secure than current Linux, whatever you might add to it. The difference is negligible, though.
I, personally, would be very surprised if a stripped down NT 6 system could achieve a higher grade, simply because it requires (semi) formal design from the ground up, not hacked on later.
The NT kernel changes and develops at a more rapid rate than the linux kernel. It's about a decade or so ahead in most respects... I don't think Linux has even caught up to NT 5 yet, in some ways. (I've seen the code) The point I am trying to make is that Microsoft has more control over their platform than any specific party involved in Linux. However, they won't be able to do it without dropping all manner of backwards compatibility, which is just built-in insecurity. Whether its general win32 compatibility in Vista or POSIX in Linux, compatibility with legacy systems means insecurity. If it were Microsoft or the linux horde getting it to the next security level, though, I'd say Microsoft has a better shot at this.
I think the level of overconfidence in the Linux community over security is just dangerous. This viral sense of immunity from attack is starting to spread to naive buyers within the government- on a whole, I think this attitude is going to and has already cost our government networks some level of security. I am not recommending Windows as an alternative, merely making the point that Linux really is not more secure at this time. If that doesn't worry you, it should.
At this time, any of these systems should be well virtualized where they can't hurt themselves or others in any security context behind a secure separation kernel like Integrity PC or something.
I say again, you don't know what SELinux is, go and read about it.
I'm sorry. It's just a mandatory access control scheme and connected set of security policies. These fine grained controls are great for enforcing policy on a multi-user systems, but they still can't protect these systems from well-funded attackers. SELinux is a retro-fitted security model, no matter how you look at it. The security model is a later addition to an otherwise completely insecure system, and it still only works until it works. Devices and drivers can still DMA all over the system and destroy the security model. It's got a lot of armor on it now, but that's only going to protect it from conventional attackers.
It is impossible for a system designed like Linux to ever achieve a higher security certification than it current has. The system is completely maxed-out in security and it still does not offer the level of verification the NSA considers ideal (EAL 6+/7).
On top of that, I have read about ACL's. They do not provide the same capabilities as SELinux in any way, they are simply an extended set of user top object permission mappings. SELinux goes much further than that in defining different permission levels for the same user, on the same file, dependant on what program they are running at the time. D/SACL does not provide this.
MAC's vs the DAC's available in Windows XP are a minor detail in the scope of what I was originally talking about, to be fair. The level of enforcement they offer still succeeds mostly in protecting users from themselves and their own organization and casual malicious attacks. The system is secure until the security model is violated. Windows XP SP2 has still seen fewer critical exploits than the equivalent RHEL... there's something to be said about just having cleaner code and architecture. SELinux has effectively defeated Windows XP, Microsoft's now unsupported prior product, in keeping to front door closed, but that's not going to stop someone from coming in through the wall. The above article was about "organized attacks".
It's all just terms unless they are actually practically keeping the system safe, though.
One might maintain that the SELinux features necessary to lock down a system are more intrusive in Linux than in Windows Vista, for instance, so when it comes to remote attacks and exploits, a Vista user is probably safer in that more of these features might be enabled by default. If I remember correctly, when running SELinux on a Fedora system, certain basic features of the system will not work due to security policy. Certain bundled applications might not even run properly.
If you look at the actual number of critical exploits released for the various major desktop systems yearly, Vista suffers from the fewest as compared to Linux or Mac OS X at the highest. Despite implementing Mandatory Access Control, Mac OS X systems, for instance, remain easily remote exploitable. Linux, on the other hand, cannot truly secure itself without completely wrecking what POSIX compliance it has.
But it's all moot because none of these systems have a true protected memory architecture. I wouldn't be surprised if a more stripped down and less backwards-compatible NT 6.x system was able to achieve the next EAL level, but it simply won't happen with Linux. If an open source system accomplishes this, it will be one with a different kernel.
You have no idea what SELinux is, go read a book. It's not group policy.
Yes, it basically is a series of security policies and mandatory access controls comparable to the MAC's and ACL's in NT. I suggest you go read up on the Windows security model, because it offers similar relevant features to their model.
You know, the NSA offers security consulting to Sun and Microsoft, as well. You simply don't see the NSA security work that goes into Windows because it's closed source. FLASK has been openly adapted to FreeBSD, Solaris, and Darwin also, but these systems still see their fair share of security flaws. It isn't a silver bullet.
SELinux was a shot in the arm for Linux security, it's industry-competitive but certainly not unique and it is far from the last page in security for multi user systems.
SELinux is about very, very granular control over which processes running as which users have access to which files - i.e. running something other than passwd, even as root, would have no access to /etc/shadow. But a verified passwd binary can access it.
Windows does not have a weak security model. It's when these security models are broken that problems occur. Linux is generally more protected than Windows through artificial means... you just don't run untrusted code in Linux nearly as often if ever. If you have any sort of execution privileges (or any access at all, really), you can always use a POSIX-like system's shared memory architecture to break the security model.
Furthermore, talking about SELinux's security model as though it's anything more than an extension of Linux's security model is just misleading. We could talk about all sorts of features regarding NT's fine-grained ACL's and group-policy and such, but they only work when they work- when they're not broken. Although a default Windows desktop with the user running as administrator is quite insecure, a well maintained enterprise windows system that is fully enforcing its policy and security model to its fullest extent is as secure an SELinux system, if not more. Modern Windows systems are generally more secure against remote attacks because they're loaded up with anti-exploit code. They have more anti-exploit code because they're more often exploited- it's very trial and error.
SELinux was a process where linux was retro-fitted with a competitive level of security. It brings Linux to the plate in terms of security, and that was very important considering how wide the adoption of linux had gotten up to the point that it was introduced. If too many businesses and schools etc. had adopted linux with the misguided belief that the unix security model was somehow able to stand on its own against attacks, it would have been a national security problem.
CC is about design documentation and validation.
The common criteria is very relevant. Any level of "secure" Linux is a toy to a well-funded and dedicated attacker, especially if the attacker is able to plant exploit code within hardware in use by the systems running it. With all our computer hardware coming from China, for instance, our operating systems should be completely immune from attack from untrusted hardware. If a hardware device or driver has any capability of taking down the system from the inside, then it is simply not secure enough to deal with the sort of attacks we will see. The level of confidence people have in the NSA's emergency bandage work on the Linux security model simply demonstrates that we're poorly outfitted to deal with cyber attacks as a population.
Can a poorly-funded open source software become as secure as a well-funded proprietary software?
We're not supposed to acknowledge these sorts of things on slashdot...
People throw barrels of money at Linux, but it's simply a weak and archaic design. There's a lot of money and effort going towards it, but it's poorly organized so it lacks vision. The reality is that you can't "retro-fit" security to be above the EAL 4+ security level, which linux is currently at. It's that simple. Implementing security on linux will always be a case of "retro-fitting" because it lacks a modern kernel design at the very core.
Some might argue that this makes the linux kernel easier to develop for or more accessible, but any system that goes beyond the big three in security will likely be a true micro-kernel that is written entirely by highly skilled and qualified developers. Microsoft's kernel has a much more rapid development cycle and sees far more architectural changes... it's about a decade "ahead" of linux right now. However, they have to secure the entire stack on top of the kernel, also, which suffers from *more compatibility*... so it's easier to come across a generic piece of untrusted code for it. If people ran as much untrusted code on SELinux as they ran on Windows, it would be quite clear that it's no more secure than anything else mainstream.
CCEAL 4+ is the highest level one can attain without designing for CC from the ground up.
I disagree. I think this simply represents a deficiency in operating system security. It isn't tricks or hacks that gets an operating system above 4, simply attention to detail and modern design. The NSA is very forward about best practices in security when writing operating systems, it's simply ignored by most of the consumer market.
SELinux presents much tougher security than is commonly available on commercial systems... There are hardened variants of others (solaris, for instance), but none of the vanilla, commonly available OS variants come close to SELinux.
Actually, I believe the version of Windows XP verified was suitably vanilla SP2-- or at least that's what the validation report seems to suggest. I maintain that SELinux simply gets Linux to the point that it's technically as secure as Windows from an abstract perspective. Linux vs. Windows security is only a matter of maintenance and implementation. Microsoft has enough control over Windows to theoretically improve on this, but I don't believe it's possible for Linux to exceed the security level it's at without scrapping the kernel as it stands and rethinking it from the ground up. EAL 4+ represents design where security was taken into account, but it's still not at the level of security we should require for government networks. It's essential these products are run behind highly secure separation kernels.
Unless they had it disabled the Red Hat systems they used would have had SELinux enabled by default so if their linux systems really were a sieve then that doesn't speak to highly of SELinux and the NSA.
SELinux merely brings linux up to par with other popular commercial systems in security, not beyond them. It brings Linux to the level where it may receive a government EAL 4+ certification, which certifies that the system is safe from casual or inadvertent attacks. These systems do not reflect the level of security necessary to defend government networks.
They weren't testing the operating systems, they were testing the cadets. A linux system is a sieve for the NSA-- I think this simply demonstrates that the team using the Linux boxes knew their system better than the teams on Windows or Solaris respectively. It's clear that a group of passionate linux admins can maintain an acceptably secure system at this level of expertise.
However, actually infiltrating the systems would have proven nothing. I guarantee the *level of difficulty* the NSA used in order to properly test the undergrads is beneath what the Chinese government would use if trying to infiltrate a U.S. site.
The reality is that none of these three systems are acceptably secure for government networks one their... if you're relying on just the Unix security model or Windows security model, you're basically wide opened to a dedicated and well-funded attack. It's situations like these where you need to keep your systems well behind a decent level of virtualization like secure separation kernels with more than competent internal security policies. The operating system like Windows, Linux, or Solaris, is really just the "interface" to the system for the users, so to speak.
This is probably the most common sentiment you'll find in reference to DOSBox. Everyone just loves this project... I think it really is because it has one singular focus and succeeds whole-heartedly at it. Also, the project has done a great job of remaining very gracefully platform agnostic. It's brought back the old Keen series and Little Big Adventure and such to me, on any system I might want to play it on.
Now that even games on Steam are starting to ship packaged with DOSBox, you really have to take some time to reflect on how much this has done for an archive of almost forgotten and still very valuable games.
It wouldn't matter if they did keep statistics, because Firefox, Opera, and yes even IE all work under Linux too. And headers can be tweaked to say whatever the owners want them to say.
It would take an organized effort for such a large volume of people to skew statistical results to that level. Just because it's possible doesn't make it even remotely plausible. Such a movement does not exist.
Which just brings us back to square one: why did you make such a ridiculous statement, when you knew you couldn't back it up? Then, when I called you on it, you wrote page after page after page of attempts to distract, misdirect, change the subject, make straw-man arguments, and insult.
I was just really surprised by your first comment, it was as if the person reading my comment had no grasp on society other than a dictionary like reference on terms... and it slowly drew out into this cascading wave of stupidity as your awkwardly choked over every single thing I said, responses ranging from obnoxious superiority to oblivious assumptions on the software market. It went from sad to hilarious so fast that I couldn't stop the lulz from rolling. It was like shooting fish in the barrel.. and it was a barrel of endless fish!
I have made my point, over and over. You were wrong about FOSS. At the very least, you have no rational basis for making the claim that you did. And you have finally admitted it. That is all I was waiting for.
I gave you a completely rational basis. I explained that the communities are correlated and cited the fixation on piracy by open source-centric media outlets. You clearly possess no higher level thinking ability as you fail to grasp that although correlation is not causation, non-causation does not imply non-correlation. The communities are pooled and statistical evidence would probably back it up. You can't argue with that point because all you have is the claim that they're "not the same thing". That argument is below the scope of the claim and you clearly have no statistics, either.
There was only one point in this conversation, and I have stated as much several times: whether FOSS had anything to do with illegal downloading. You made a rather extraordinary claim, and never backed it up, even once. I am still waiting.
I am not sure if this point is lost on you or not since you're blindingly dense, but there aren't really good statistics for the operating system breakdown among pirates. By design, the statistics regarding piracy are intentionally obscured and obfuscated. For instance, if thepiratebay or mininova posted their site statistics somewhere showing which operating systems and browsers most frequently browsed their site, it would only take a percentage of over the total market share (1%) of linux users to demonstrate that linux users have a higher tendency towards piracy. Since these figures are not available as far as I can tell, different evidence needs to be sought.
Popular news sites for people interested in F/OSS, such as slashdot, arstechnica, reddit, digg, and boingboing demonstrate a fixation on stories regarding anything related to mininova, thepiratebay, or any other p2p legal affair. It could easily be inferred that free software advocates have no respect for intellectual property, so one might make the observation that people involved in free software are also more likely to be sympathetic towards media piracy. It's easy to make this claim anecdotally by simply reading comment threads on slashdot. If you followed enough users, you could probably draw a connection. This isn't caused by Free software, but I believe that the general zeitgeist of the community is connected. I believe with the proper statistics, a correlation could be drawn between these communities showing that linux users have a higher tendency toward media piracy in reference to their community size than Mac or Windows users. I believe the only community that would surpass linux users in per capita piracy would be pirated Windows users IF that community was differentiated from regular Windows. It's just a freeloading mindset.
The subcultures of libertarianism, free software advocacy, and anti-drm advocacy share similar undertones regarding the rights of media content owners to enforce licenses on users. I think the anti-DRM bent is one of convenience, not idealism. The idealism grows from frustration regarding a culture that thrives on reverse engineering and exploiting content protecting technologies from DVDCSS2 to reverse engineered codecs to pirated media.
The fact that these are two different distinct interests doesn't mean that they don't share a community... one is not endemically linked to the other but there is strong cultural correlation. You could draw a Venn diagram across these various communities and you would find free software advocacy and piracy linked in much the same way Nazi party sympathies and anti-semitism might be linked or Liberal voters and sympathies towards homosexual rights or those who drive hummers and vote republican. They're distinct but pooled.
I am not getting hard figures for you because talking to you isn't terribly interesting or rewarding.
Keep those personal and OS insults coming! This is definitely more entertaining than TV. I haven't seen anyone make such an ass of himself since George Bush.
Was that humor? Very... topical. All you've done is baselessly refute my points for like 10 messages. In almost every case, you've given a dense and narrow-minded response that has simply exposed that you're a muddied mess of slashdot and F/OSS dogma. This whole time I've been making the point that these cultures share common membership and you're just affirming that with every single awkward unnatural response. It's like a mix between captain of the debate team and captain of the magic the gathering club.
Beyond this, you're immune to broad context, utterly witless, and probably fat. I usually don't take things this far, but this is fucking hilarious. I am just floored that someone actually employs you in something consumer technology related. I think it's a sign that the market is doomed and uninspired. You better pray that companies like Apple, Microsoft, and Adobe are still around so you open source types still have things to rip-off.
A web browser is a slower less consistent version of .NET? That is what you said. What did you mean?
A cross-platform architecture-independent application API. The web browser is being used like an application API instead of a document interpreter with things like facebook and google docs and such.
The rest of it is just more of the same: insults and incoherent gibbering.
You can use a screen reader if you have difficulty reading. It will deliver my impassioned insults to you in a gentle, calming, monotone narration.
Oh shit, do they even have that sort of thing in linux? Better hit IRC or the forums!
There is the only one answer this can possibly deserve: (bold faced text laughing)
What is that even a reply to? You're a perl script, aren't you? I should have known. That's why every single one of your responses is generic and seems to lack any semblance of wit or introspection. It must be so lonely being a girl who reads slashdot that you've lost any and all ability to communicate with other people. You poor ugly duckling.
You totally suck at not responding... are you one of those crazy chicks who starts her day off with a drug cocktail of anti-depressants and various psych meds and ends it with a nice soothing cutting session? Because this is obsessive behavior right here. As a trained physician, I am going to have to recommend you stop wasting your employer's time and get back into the goddamn kitchen already.
Furthermore, while Canonical doesn't include it, and it's clearly illegal in the United States, I include DVDCSS as perfectly legitimate as well. Just because the US courts have their head up their ass and think it's OK to make it illegal to play one's own DVD on one's own DVD player doesn't mean that refusing to accept that is a case of being "opportunistic" rather than "idealistic". Rather, it's a case of being "idealistic" rather than "legalistic".
This is exactly the connection I was looking to draw. I am not arguing the sanity of any of this, just that it's not legal. Canonical distributes MP3 in the loosest sense... they make it available with the user's understanding that it might not be legal, but keep it available since it is legal in some countries. The whole IP market is sort of shady and illogical, but it's been around for well over a century in the U.S.
Somehow, companies like Microsoft would get the crap sued out of them if they offered a lot of this functionality without paying tons of license fees and yet Canonical can boast it for free because whenever you sue F/OSS, it makes you like you're punching a kitten and it's almost not worth the lost public image. However, if Canonical ever gets to the point where it's large enough, we will see lawsuits on matters like these that will require hacked solutions like blocking restricted packages in the U.S.
I am all for the controlled distribution of media since I have worked in entertainment, but I sincerely do believe that the legitimate market needs to compete with the illegitimate market instead of quashing it.
You silly person. A web browser is a graphical interface. What did you think it was? But I know, I know... you don't understand that. Funny that you say that *I* don't understand, considering that apparently I had to explain to you that GNOME and GTK are also graphical interfaces
I take it you're not really known around the "office"(I use this term very lightly because no company could possibly be productive with a full set of open source apps) for your communication skills? I know what GNOME/GTK is... and a web browser is a document interpreter so don't kid yourself. I know you jackasses want to make it into the new application API for the future but that shit is just retarded. In effect, it's just being used like a slower less consistent version of .NET or Java in the 90's and it's probably the least efficient use of computing power for productivity ever conceived. Is it viewing documents or running applications? No matter what bullshit you accomplish on that shitty little system, firefox is always going to suck all the power into the worst memory management and threading model available. It's like sucking a watermelon through a garden hose, but hell, the fact that you're somehow employed despite having the comprehension and communication ability of an autistic suggests that you know a lot about that.
What a weird way to put it. I am pretty sure you mean that you can communicate with the GTK API using Ruby. Of course you can. After all, that is what the Ruby/GTK+ library is for. But that is not even close what you said, this time or the last.
Seriously? Are you autistic or are you just foreign or something? English must not be your first language because I just tried this in google and it appears that Google has better natural language comprehension than you. I typed what I said into Google and the first link explained how to write an application with Ruby/GTK+. I said and I quote "go build a frontend for something in Ruby". First off, it was a dismissal like go fuck a tree, which I probably should have used instead since it's simpler and it seems like you really need to get laid. The way you interpreted it was almost unix-like in its incoherence, it's like even your brain is wired in that lame sort of local client/server model of thinking. You probably parse these comments into a filesystem mentally, too.
I am not going to bother to go any further. The rest of this is just more drivel of the same quality, which is to say: really not worth my time. I don't know why I bothered. Good bye.
You failed again! It's because you and your whole community are full of retards. You can't write usable software, so you have to do the next best thing and argue that your software is usable and decent... and yet even the most cost minded corporations often won't touch it despite having a pricetag of 0. That's a really bad sign. Linux for the end-user is like a narrow canyon with steep walls... it's fine as long as you walk firmly down the beaten path, but the moment you try to do anything unintended you immediately are faced with the lack of consistency and coherence and have to scale the wall to get anywhere else. It's an awful experience and it's obviously made you into a hardened and mangle-minded creature who can only communicate at the level of technical clarity required for a shell interpreter.
These arguments are all your community has! For one magical moment, in this fantasy you create to talk about how wonderful free software is, everything works just as it should! And yet there's not a single thing offered by the community that isn't just some sort of also-ran. It's like arguing the merits of eating out of dumpsters instead of at a restaurant because it's FREE! Oh, it's the same food... it's just a little older and sometimes it makes you sick but you're an idiot if you pay for it, you know?
I look at you poor bastards proudly and defiantly chowing down at the dumpster... and I just feel sad for you. You poor creatures, if only some friendly person would just give you a Mac or something... hopefully you find a Richard Gere to your Pretty Woman one day.
Of course you could. But that is not what it is designed for, and that is not the way it normally works. There are already perfectly good front-ends for Ruby, so why would you want to re-invent the wheel? You even named two of them: GNOME and GTK+. There are also Windows front-ends for Ruby (IronRuby for .NET comes to mind). Or, you can write a Web interface and run a Ruby server on your local machine... but local or not, that is still back-end
I am not talking about web servers for fuck's sake! Graphical interfaces, you retarded broad! I meant like writing an interface for an application, a graphical interface like... like... like this bullshit:
http://fxtwitter.rubyforge.org/
See? Someone tossed a GUI on something using Ruby. It's like throwing words into a goddamn Cuisinart trying to communicate anything to you.
It is very interesting to me how you got that completely backward, even though I have explained it twice: GNOME is the interface, or front end. Ruby is the back end. GNOME handles user interaction, Ruby the main logic. At least, that is the way it was intended to be organized, and the way it is almost always used. If you want to do it the other way around, by all means do so. See you in a year or so.
I was trying to interpret your backwards fairy speak into regular words but it just wasn't working. I get it... but you CAN write a GTK app in the language "Ruby".
I just mentioned that it was helping Microsoft on its way downhill. And it does so indirectly as well as directly: Open Office runs on OS X, Linux, and Windows.
Somehow, despite running on all three platforms and being free and unprofitable for Sun, it's barely kicking like... 15% of the market? Wow! Impressive. They can't even give this shit away. What happens when Oracle decides that Ooo is a waste of time? Do you really think these projects come from the "community"?
I don't know a single person who has gone out and bought a copy of Word or Excel for years now. And that is just one example. Photoshop? Bleh. I use Xara for illustration and some photo editing, The Gimp for the rest. Admittedly, Xara is commercial software, but there is also and Open Source version available.
What corner of imaginationland do you live and work in? Do you work at an one of those little open source firms? I can't believe you're comparing The Gimp and Xara to Photoshop... you might have mastered using The Gimp to edit out your flat tire and manipulate your photos to make you look thinner, but it just isn't an industry standard. In industries like advertising and entertainment where appearance matters, people use real applications that cost money.
That 1% figure was only from one source; others estimate it closer to 5% or 6%.
Holy shit! So Mac OS X literally crawled out of the mud from a failed company and ran over venerable linux, which was the next big thing since like 1995? I guarantee the results are skewed because a lot of weekend warriors probably boot into linux occasionally, then have to reboot into Windows whenever shit doesn't work because they don't have time to hang out on IRC and forums to burn a goddamn dvd or something.
Maybe it's never crashed (I have serious doubts about that), but applications do, and it is s--l--o--w. I hope you're having fun with it. And it's too bad that you did not take an hour or two to learn how to set up your Linux properly before trying to tweak the settings. Most people I know say "RTFM".
Slow? Why don't you benchmark that slowness using firefox on linux v. vista? How about you check out your opengl 2.1 performance on any graphics chip that isn't running nvidia's proprietary X solution? The problem is that there is no fucking manual... most of the crap in the linux system is undocumented. It's supported by the forums unle