The $10/£10 you pay for MS is often trumped by the $30/£30 they add to the cost as it costs them more to support it, and that is ignoring the £20 that companies pay to preinstall crap on your PC). Don't worry about Microsoft getting rich off your £10, they don't care about the money from the home market, just the market share (which they loose if you uninstall it anyway).
Decide if you want full floss (ati/intel/atheros) or are willing to use proprietary (ati/nvidea) to get better performance, then find the best PC you can get for your price. If your looking at desktops then do yourself a favour and build it, it is literally plug by colors now, as it cut the price in half.
awer (all keys touching) 234 (well duh) tfgv (again all touching) 3556 (all numbers, in asscending order) AEFW4 (all left hand) yt6tyhb (all touching, right hand) 7698
the probablity of not getting any symbols in 36 characters is 1.45994e-07 you also have 10 numbers which is about than double the average of 5.8 for 36 alphanumeric characters If you were to give 3 of these so called random strings it would be fairly easy to see statistical paterns, will about more data it would trivial to reduce the keysize to a fraction of the potential (2.3e+71), If I plan on encrypting more than a couple of dozen items i'm sure as hell want to stay away from anything you've developed.
If it interferes with normal use, it's a bug. Most users simply _do not care_ about having high quality randomness sources for their keys.
You can't claim something is a bug if its physically impossible to do without it, e.g my computer uses electricity to work or my washing machine gets everything inside it wet!
Frankly, I wish tha tthe "Trusted Computing Platform" circuitry and development had been thrown out much sooner, and the circuitry instead invested in a thermal diode to provide truly random encryption keys.
You could always get a hardware RNG, I'm happy to wiggle my mouse for a bit and save some money.
Office should not crash if you have a bad printer, Xorg should not crash if you have a bad WM (compiz) and windows should not crash if you have a bad program.
Its been coming for a long time though, that's why its no longer the official kde media player. The Amarok developers don't bother with KDE ui conventions like (ctrl+m, or mac os x style menubars)! Unfortunately nobody in KDE wanted to compete with amarok so kde4 users are stuck with dragon or reverting to amarok1.4
Your better off throttling an account at (12/min 5s between guesses) it takes more than a year to get an 8 digit even a 7 digit password will be safe for 120days. Although your still vulnerable to bots that don't care what account they get if they just want an account, for that you need anti-bot net stuff *if the same IP gets x wrong passwords in y hrs (irrespective of accounts) put them on a blocklist for 24hrs, if they get a 10 wrong the following day put them straight back on at 0.007attempts/min they 10,000 bots to get anywhere.
6 lower case + 1 upper case + 1 symbol/num is the norm meaning it only takes roughly 26^8 * 6 (assuming the 6 lower case letters are together) / 2 to crack via brute force this gives 6.26481e+11 or 80566 attempts/second for 90 days, which is still tough but much more achievable than assuming your 96^8 guesses are needed
This sounds like fealgood uselessness to me, surely the real spies will just be able to use use an automated system to analyze the boundary of camps. I suspect nobody has had the heart to tell the guy that his efforts are pretty redundant or worse counter productive.
Magnatune - seems all right, haven't tried searching in depth yet, but insists on "you have been listening to X from the album Y on Magnatune" between tracks, plus 4 seconds lead-in silence on every track. Meh.
Well it is a music store I consider the full track & album previews worth 3 seconds of annoyance, especially as if you pay for the tracks 50% goes to the artist.
My point wasn't that these are full replacements to last.fm, but that if you want to cut the RIAA out entirely, this is the way to go. These sites (and others like them) are not quite as good as their corporate counter-parts but they do provide the same basic functionality as last.fm/itunes store/hulu while giving money and attention to independent (and often cc licensed) content. Hopefully as these sites get more attention, more bands will move to them and the quality (of both site and content) will increase.
OFC the file permissions are fine, but IMO no user data should go outside of/home if that means having to recreate a shared catch system inside/home then that's the way it should be done (perhaps/home/.-var so you don't mess up existing backup scripts).
Were not even talking about network data being cached, these are screencaps from the user. So many security approaches rely entirely on user and system data being kept completely separate (encrypting per user homes, marking/home noexec). It also not good for system quotas that data belongs to that user charging it to/var is not the correct thing to do. Programs leaving data outside of a user/home is just a terrible idea! if a user removes safari, then deletes ~/.safari, that should erase all safari only data (having rss elsewhere is good), if an admin removes a user then deletes their/home that should be the end of them.
Also, by benefit of being in/var/folders/xxxx/-Caches- the operating system can clean this out more or less upon a whim-- this is, after all, the purpose of temporary folders and caches.
The operating system can clear out/home/*/.safari/cache/ on a whim too. OFC it should never do that as it should be up to the browser running under as that user to keep those files in check.
We know this but this is one of the basics of "using a PC" that ALL users should be taught; every so often you empty your cache. How often varies on what you do with your PC.
really? I expect my browser to take care of that for me!
This is one of them, along with defragging and anti-malware scans (if you're on Windows) updates etc
I though vista did background defragments so you don't have to (ofc if you use a sane filesystem this isn't an issue).
I do agree that instead of learning to type a word document kids should learn how their computer works in an OS agnostic way. But the goal of any good OS & program is to provide features like caching without requiring any basic maintenance.
Re:Mac abstraction affects the non-savvy...
on
Safari 4's Messy Trail
·
· Score: 2, Insightful
erm putting all of a users private into ~ is pretty key, why safari is even allowed to write to files outside ~/ or/tmp/ is beyond me
Not just that but the natural way for an AI to preserve it self is to remove anything capable of harming it, even asimov's robots end up taking over the world.
But compare to Adobe's covenant not to sue users of Gnash...
Adobe has no grounds to sue gnash/swfdecode, its an implementation based on an open standards.
Microsoft has a stockpile of software patents and are known to threaten people with them (although I'm yet to see them go after anybody that could defend themselves).
It doesn't have any ramifications one way or another for any part not listed.
While it may not set a legal president, it has the clear ramification that they have patents and the implicit ramification that these patents are valid (much like the outcome recent tomtom case).
so now you know you won't be sued for using Moonlight
It offers no protection for users moonlight on non-novell distros, while the agreement seams to take care to protect end-users, that is fairly pointless as it also takes care to leave the door open to attacks against canonical/red hat/etc. I am also not protected if i run a modified version (e.g if i need to patch it to get it to work), as i did not receive my copy from novell.But most importantly the agreement expires in 2011.
So you have to choose who you trust more: Adobe- a company who AFAIK are yet to patent anything that gnash would violate, and are fairly open source friendly. Microsoft - a company who have made it clear that they have patents they think moonlight violates, and are fairly bipolar when it comes to open source, offering temporary protection to a tiny subset of users.
Yes moonlight is OSS and that's great, but I don't want to be trusting Microsoft to NOT attack Linux, so ill take a closed flash player and push for more openness (html4 and gnash) over moonlight where i can.
so i stand by my statements: If you want suggestions on how to open up silverlight, then waiving the right to sue any distributor of any open source implementation, permanently is the way to go. Until then moonlight is not much better than flash.
I think you missed GPs point, he doesn't care about market share, he just wants to be able to run it on any hardware. Hopefully as more tech gets into embeded stuff there will be a point were most tech opens up, e.g if you want to build a wireless enabled tv your best bet is to build it around an atheros chip and run a light OS using the open source drivers for everything)
Software is another issue and varies from person to person if they really care, I'd guess less than 50% of linux users actively want particular software to be ported to linux (they'll be glad if it happens but don't really care if it doesn't). This is fortunate as Apple peaked at 1 in 10 computers yet there is still limited support for them in the games market, I'd guess linux will need to surpass 20% to get first tear support, alternatively just 10% might be enough for wine+opengl support.
Slashdot Mirror
The $10/£10 you pay for MS is often trumped by the $30/£30 they add to the cost as it costs them more to support it, and that is ignoring the £20 that companies pay to preinstall crap on your PC). Don't worry about Microsoft getting rich off your £10, they don't care about the money from the home market, just the market share (which they loose if you uninstall it anyway).
Decide if you want full floss (ati/intel/atheros) or are willing to use proprietary (ati/nvidea) to get better performance, then find the best PC you can get for your price. If your looking at desktops then do yourself a favour and build it, it is literally plug by colors now, as it cut the price in half.
hey, that's the tune to funkytown!
awer (all keys touching) 234 (well duh) tfgv (again all touching) 3556 (all numbers, in asscending order) AEFW4 (all left hand) yt6tyhb (all touching, right hand) 7698
the probablity of not getting any symbols in 36 characters is 1.45994e-07
you also have 10 numbers which is about than double the average of 5.8 for 36 alphanumeric characters
If you were to give 3 of these so called random strings it would be fairly easy to see statistical paterns, will about more data it would trivial to reduce the keysize to a fraction of the potential (2.3e+71), If I plan on encrypting more than a couple of dozen items i'm sure as hell want to stay away from anything you've developed.
If it interferes with normal use, it's a bug. Most users simply _do not care_ about having high quality randomness sources for their keys.
You can't claim something is a bug if its physically impossible to do without it, e.g my computer uses electricity to work or my washing machine gets everything inside it wet!
Frankly, I wish tha tthe "Trusted Computing Platform" circuitry and development had been thrown out much sooner, and the circuitry instead invested in a thermal diode to provide truly random encryption keys.
You could always get a hardware RNG, I'm happy to wiggle my mouse for a bit and save some money.
Office should not crash if you have a bad printer, Xorg should not crash if you have a bad WM (compiz) and windows should not crash if you have a bad program.
dunno why this is OT, it is to do with the blogger and her blog :S
Its been coming for a long time though, that's why its no longer the official kde media player. The Amarok developers don't bother with KDE ui conventions like (ctrl+m, or mac os x style menubars)! Unfortunately nobody in KDE wanted to compete with amarok so kde4 users are stuck with dragon or reverting to amarok1.4
Your better off throttling an account at (12/min 5s between guesses) it takes more than a year to get an 8 digit even a 7 digit password will be safe for 120days. Although your still vulnerable to bots that don't care what account they get if they just want an account, for that you need anti-bot net stuff
*if the same IP gets x wrong passwords in y hrs (irrespective of accounts) put them on a blocklist for 24hrs, if they get a 10 wrong the following day put them straight back on at 0.007attempts/min they 10,000 bots to get anywhere.
I already did that on the original xbox
disregard that my source website sucks cocks and returns the same string for any reverse hash!
"SLOW DOWN COWBOY!" erm about 30 seconds thanks to google i found http://tools.benramsey.com/md5/
6 lower case + 1 upper case + 1 symbol/num is the norm meaning it only takes roughly 26^8 * 6 (assuming the 6 lower case letters are together) / 2 to crack via brute force
this gives 6.26481e+11 or 80566 attempts/second for 90 days, which is still tough but much more achievable than assuming your 96^8 guesses are needed
This sounds like fealgood uselessness to me, surely the real spies will just be able to use use an automated system to analyze the boundary of camps. I suspect nobody has had the heart to tell the guy that his efforts are pretty redundant or worse counter productive.
Magnatune - seems all right, haven't tried searching in depth yet, but insists on "you have been listening to X from the album Y on Magnatune" between tracks, plus 4 seconds lead-in silence on every track. Meh.
Well it is a music store I consider the full track & album previews worth 3 seconds of annoyance, especially as if you pay for the tracks 50% goes to the artist.
My point wasn't that these are full replacements to last.fm, but that if you want to cut the RIAA out entirely, this is the way to go. These sites (and others like them) are not quite as good as their corporate counter-parts but they do provide the same basic functionality as last.fm/itunes store/hulu while giving money and attention to independent (and often cc licensed) content. Hopefully as these sites get more attention, more bands will move to them and the quality (of both site and content) will increase.
links ftw
http://www.jamendo.com/en/ (integrated with amarok2)
http://www.magnatune.com/ (integrated with amarok, found brad suck's here)
http://blip.tv/ (out of office)
http://libre.fm/ (pretty meh atm, but i appreciate the fact its agpl)
OFC the file permissions are fine, but IMO no user data should go outside of /home if that means having to recreate a shared catch system inside /home then that's the way it should be done (perhaps /home/.-var so you don't mess up existing backup scripts).
Were not even talking about network data being cached, these are screencaps from the user. So many security approaches rely entirely on user and system data being kept completely separate (encrypting per user homes, marking /home noexec). It also not good for system quotas that data belongs to that user charging it to /var is not the correct thing to do. Programs leaving data outside of a user /home is just a terrible idea! if a user removes safari, then deletes ~/.safari, that should erase all safari only data (having rss elsewhere is good), if an admin removes a user then deletes their /home that should be the end of them.
Also, by benefit of being in /var/folders/xxxx/-Caches- the operating system can clean this out more or less upon a whim-- this is, after all, the purpose of temporary folders and caches.
The operating system can clear out /home/*/.safari/cache/ on a whim too. OFC it should never do that as it should be up to the browser running under as that user to keep those files in check.
putting screenshots of websites you visit outside your home directory is a fantastic feature? wow i sense the RDF is strong in this one
We know this but this is one of the basics of "using a PC" that ALL users should be taught; every so often you empty your cache. How often varies on what you do with your PC.
really? I expect my browser to take care of that for me!
This is one of them, along with defragging and anti-malware scans (if you're on Windows) updates etc
I though vista did background defragments so you don't have to (ofc if you use a sane filesystem this isn't an issue).
I do agree that instead of learning to type a word document kids should learn how their computer works in an OS agnostic way. But the goal of any good OS & program is to provide features like caching without requiring any basic maintenance.
erm putting all of a users private into ~ is pretty key, why safari is even allowed to write to files outside ~/ or /tmp/ is beyond me
The point is that ~/.mozilla/firefox/ is the only place firefox will put sensitive data into
nothing from a user should be put anywhere else
This is not the adobe flash your thinking of!
Not just that but the natural way for an AI to preserve it self is to remove anything capable of harming it, even asimov's robots end up taking over the world.
But compare to Adobe's covenant not to sue users of Gnash...
Adobe has no grounds to sue gnash/swfdecode, its an implementation based on an open standards.
Microsoft has a stockpile of software patents and are known to threaten people with them (although I'm yet to see them go after anybody that could defend themselves).
It doesn't have any ramifications one way or another for any part not listed.
While it may not set a legal president, it has the clear ramification that they have patents and the implicit ramification that these patents are valid (much like the outcome recent tomtom case).
so now you know you won't be sued for using Moonlight
It offers no protection for users moonlight on non-novell distros, while the agreement seams to take care to protect end-users, that is fairly pointless as it also takes care to leave the door open to attacks against canonical/red hat/etc. I am also not protected if i run a modified version (e.g if i need to patch it to get it to work), as i did not receive my copy from novell.But most importantly the agreement expires in 2011.
So you have to choose who you trust more:
Adobe- a company who AFAIK are yet to patent anything that gnash would violate, and are fairly open source friendly.
Microsoft - a company who have made it clear that they have patents they think moonlight violates, and are fairly bipolar when it comes to open source, offering temporary protection to a tiny subset of users.
Yes moonlight is OSS and that's great, but I don't want to be trusting Microsoft to NOT attack Linux, so ill take a closed flash player and push for more openness (html4 and gnash) over moonlight where i can.
so i stand by my statements:
If you want suggestions on how to open up silverlight, then waiving the right to sue any distributor of any open source implementation, permanently is the way to go. Until then moonlight is not much better than flash.
if IE was genuinely a better deal then why did they threaten OEMs that were going to bundle the OS with Netscape instead of IE?
I think you missed GPs point, he doesn't care about market share, he just wants to be able to run it on any hardware. Hopefully as more tech gets into embeded stuff there will be a point were most tech opens up, e.g if you want to build a wireless enabled tv your best bet is to build it around an atheros chip and run a light OS using the open source drivers for everything)
Software is another issue and varies from person to person if they really care, I'd guess less than 50% of linux users actively want particular software to be ported to linux (they'll be glad if it happens but don't really care if it doesn't). This is fortunate as Apple peaked at 1 in 10 computers yet there is still limited support for them in the games market, I'd guess linux will need to surpass 20% to get first tear support, alternatively just 10% might be enough for wine+opengl support.