Re:Only 12 months security support of old releases
on
Debian Sarge Coming Soon
·
· Score: 2, Insightful
Well, the difference is that noone pays us Debian Developers to do the work. The security team is pretty small and their work is needed for the new stable release. But I'm sure that if you volunteer to do all the security fixes for 4-5 years, noone would mind too much (well, you'd have to pay for the diskspace too, of course, since this would mean that we'd probably end up with old-old-stable, old-stable, and stable...
If you read the Linux-OMAP mailing list, you'll find this:
The kernel stuff (except the WLAN module, to which we have NDA
limitations) will be published and merged to the public OMAP tree as
soon as I find the time.
and then noticed that the errors were that if a file contained a name like a reserved word e.g. "access.h" or "filesystem.c" then Nautilus couldn't copy it
Huh? I just tested your statement and I'm totally unable to reproduce this. Care to elaborate on the exact details on what you did to get this error?
If I rent the media, I can accept DRM. If I buy it, I expect to be able to have full consumer rights to it (backups, playback on any chosen type of device, transfer to other formats, etc).
I say nay simply because they still, after 4 generations, do not support OGG Vorbis (not OGG Flac either, for that matter). Oh, and the iPod doesn't support simply music drag'n'drop either.
No, we're definitely not (but I guess you were trying to be funny?!) There are still characters left in Toy Story 1 and we haven't even begun using characters from Toy Story 2. And when we've used them, there's always Monsters Inc, A Bug's Life (which hopefully would be short...), Finding Nemo, The Incredibles...
Definitely works for me... But honestly, I don't really expect a browser for a screen that's at least 6 times too small for a real browsing to be useful. Try the new 7710 for a real browsing experience.
There are several models of Nokia-phones (and I'm pretty confident this holds for other brands as well) that allows you create caller groups and then set that group to use a specific profile (thus you can disable the ringtone for that group)... Maybe not exactly what you want, but at least a step on the way. I fully agree about the camera bit; I'm currently owning a Nokia 6820, and that one's pretty perfect, apart from the totally unnecessary camera. Having a browser on such a phone is "interesting". Imagine reading Slashdot on a 160x160 pixel screen =)
Actually, this is not really a postponed version of the same phone; the phone (the 7700 if I remember correctly) you're refering was indeed cancelled (and for good reasons too...), but this model (7710) was initially developed as a follow-up. In fact, the 7700 was until very recently available in the list of phones on Nokias website as "Technology preview. Not for sale" or similar.
You're missing the point. The reason a password shouldn't contain dictionary words is because then they'll be cracked by a dictionary. Even a LARGE dictionary search (say a million words) with some extra variants (like testing o/0, a/4, etc...), totalling say a hundred million attempts is much faster than a bruteforce hack of a password.
For a 8 character password, where each letter is chosen from a character set of 64 characters, you'd have 64^8 passwords to search (281474976710656, of course that also includes a lot of trivials...). For each additional character you multiply by 64. Quite a bit more to search, even if you subtract he number of dictionary words...
The "typical" embedded device, think microwave oven, trip computer in a car, etc, does not need USB, preemptive multitasking, etc, and uses a very simplified memory management (in most cases static allocations), since they have absolute control over the running applications. Try not to think of embedded devices as being only handhelds and wifi AP's. It is quite common for embedded systems to run on 8-bit or 16-bit CPUs (even if ARM is probably the most used processor these days for the more CPU demanding systems). 4k is a lot when you write applications for an 8-bit CPU.
The first number is the device (8 being the default setting for the first disk-drive, unless you altered the dip-switches), the second telling that the program shouldn't be reallocated on load, but rather loaded at the start-address it had when saved.
The reason I recommend people not to use 2.0 in a hostile multi-user environment, is because the feedback I receive for every new release (or pre-release) of 2.0 is virtually non-existing; I think the record feedback for a release is somewhere in the vicinity of 10 users. Furthermore, no large distribution runs the 2.0-kernel any longer, thus no active auditing takes place.
Also, since any large code-rewrites is out of the question for the 2.0-series, so some things are not fixable at all.
I never said the 2.0-series has got a lot of exploits that's known to me; all known exploits are, to the best of my knowledge, fixed in 2.0.40. And I never said I didn't bother to fix them (read my post again!) I just said I won't bother rushing out a new release (as in a 2.0.41, 2.0.42,...) if a new exploit is discovered, I only release a new pre-patch.
Well, I released patch-2.0.40-pre1 (the first pre-patch for the 2.0.40-kernel) very soon after I first got to know about the exploit (in 2001), so no, I don't feel particularly guilty about this. People who still use 2.0-kernels for their machines shouldn't use them for multi-user purposes in a hostile environment (and firewall them _very_ carefully if they dare to connect them to the Internet), something I have stated publicly several times.
Of course I still include fixes for this kind of bugs when I get reports about them, but I won't rush a new 2.0-kernel when a new exploit surfaces, just a new pre-patch with the fix. If I had a broad user-base that could test every pre-patch thoroughly and provide me with feedback, the situation might've been different.
Indeed I have no degree; that didn't stop my last employer from hiring me though (I had to go because of lack of work.) Primadonna attitude? Dunno; if you mean that I have a strong opinion on how things are supposed to be done (the right way, rather than the quick'n'dirty way), then that might be true... Poor social skills? That's something for my friends to judge, I guess. Haven't perceived any problems so far, though.
Slashdot Mirror
Well, the difference is that noone pays us Debian Developers to do the work. The security team is pretty small and their work is needed for the new stable release. But I'm sure that if you volunteer to do all the security fixes for 4-5 years, noone would mind too much (well, you'd have to pay for the diskspace too, of course, since this would mean that we'd probably end up with old-old-stable, old-stable, and stable...
Probably, but we've been running graphical quake on it, so why bother? =)
If you read the Linux-OMAP mailing list, you'll find this:
Yes.
But not for this purpose. http://subversion.tigris.org/subversion-linus.html
Hmmm, then what is the free ADC membership called? I know I got one for free...
Student ADC memberships ARE for free. They don't include a free copy of MacOS X though =)
Huh? I just tested your statement and I'm totally unable to reproduce this. Care to elaborate on the exact details on what you did to get this error?
If I rent the media, I can accept DRM. If I buy it, I expect to be able to have full consumer rights to it (backups, playback on any chosen type of device, transfer to other formats, etc).
Ever heard of IMDB? It's useful for things like this... Here's the entry for The O.C.
They have been doing that as well. Or at least provided really helpful bug reports to the LKML.
I say nay simply because they still, after 4 generations, do not support OGG Vorbis (not OGG Flac either, for that matter). Oh, and the iPod doesn't support simply music drag'n'drop either.
No, we're definitely not (but I guess you were trying to be funny?!) There are still characters left in Toy Story 1 and we haven't even begun using characters from Toy Story 2. And when we've used them, there's always Monsters Inc, A Bug's Life (which hopefully would be short...), Finding Nemo, The Incredibles...
Definitely works for me... But honestly, I don't really expect a browser for a screen that's at least 6 times too small for a real browsing to be useful. Try the new 7710 for a real browsing experience.
There are several models of Nokia-phones (and I'm pretty confident this holds for other brands as well) that allows you create caller groups and then set that group to use a specific profile (thus you can disable the ringtone for that group)... Maybe not exactly what you want, but at least a step on the way. I fully agree about the camera bit; I'm currently owning a Nokia 6820, and that one's pretty perfect, apart from the totally unnecessary camera. Having a browser on such a phone is "interesting". Imagine reading Slashdot on a 160x160 pixel screen =)
Actually, this is not really a postponed version of the same phone; the phone (the 7700 if I remember correctly) you're refering was indeed cancelled (and for good reasons too...), but this model (7710) was initially developed as a follow-up. In fact, the 7700 was until very recently available in the list of phones on Nokias website as "Technology preview. Not for sale" or similar.
Sic is used to point out that although it looks like a typo, it's not (or at least, the typo is not made by the editors...)
Yup, the worst movie I've ever seen is one of the most top-grossing. Independence Day. It sucks sooo majorly.
You're missing the point. The reason a password shouldn't contain dictionary words is because then they'll be cracked by a dictionary. Even a LARGE dictionary search (say a million words) with some extra variants (like testing o/0, a/4, etc...), totalling say a hundred million attempts is much faster than a bruteforce hack of a password.
For a 8 character password, where each letter is chosen from a character set of 64 characters, you'd have 64^8 passwords to search (281474976710656, of course that also includes a lot of trivials...). For each additional character you multiply by 64. Quite a bit more to search, even if you subtract he number of dictionary words...
The "typical" embedded device, think microwave oven, trip computer in a car, etc, does not need USB, preemptive multitasking, etc, and uses a very simplified memory management (in most cases static allocations), since they have absolute control over the running applications. Try not to think of embedded devices as being only handhelds and wifi AP's. It is quite common for embedded systems to run on 8-bit or 16-bit CPUs (even if ARM is probably the most used processor these days for the more CPU demanding systems). 4k is a lot when you write applications for an 8-bit CPU.
Yeah, a butterfly, animated dog or paperclip or similar is soooo much more mature/useful. *Kaplonk*
The first number is the device (8 being the default setting for the first disk-drive, unless you altered the dip-switches), the second telling that the program shouldn't be reallocated on load, but rather loaded at the start-address it had when saved.
The reason I recommend people not to use 2.0 in a hostile multi-user environment, is because the feedback I receive for every new release (or pre-release) of 2.0 is virtually non-existing; I think the record feedback for a release is somewhere in the vicinity of 10 users. Furthermore, no large distribution runs the 2.0-kernel any longer, thus no active auditing takes place.
Also, since any large code-rewrites is out of the question for the 2.0-series, so some things are not fixable at all.
I never said the 2.0-series has got a lot of exploits that's known to me; all known exploits are, to the best of my knowledge, fixed in 2.0.40. And I never said I didn't bother to fix them (read my post again!) I just said I won't bother rushing out a new release (as in a 2.0.41, 2.0.42, ...) if a new exploit is discovered, I only release a new pre-patch.
Regards: David Weinehall
Well, I released patch-2.0.40-pre1 (the first pre-patch for the 2.0.40-kernel) very soon after I first got to know about the exploit (in 2001), so no, I don't feel particularly guilty about this. People who still use 2.0-kernels for their machines shouldn't use them for multi-user purposes in a hostile environment (and firewall them _very_ carefully if they dare to connect them to the Internet), something I have stated publicly several times.
Of course I still include fixes for this kind of bugs when I get reports about them, but I won't rush a new 2.0-kernel when a new exploit surfaces, just a new pre-patch with the fix. If I had a broad user-base that could test every pre-patch thoroughly and provide me with feedback, the situation might've been different.
Regards: David Weinehall
Indeed I have no degree; that didn't stop my last employer from hiring me though (I had to go because of lack of work.) Primadonna attitude? Dunno; if you mean that I have a strong opinion on how things are supposed to be done (the right way, rather than the quick'n'dirty way), then that might be true... Poor social skills? That's something for my friends to judge, I guess. Haven't perceived any problems so far, though.