So what's your point in the second paragraph? I totally argee with everything there. If you don't know your password has been compromised then the cracker will break into all 10 boxes which allows exponential potential for cracking especially if you don't rotate your passwords and don't keep seperate passwords for different systems.
Also you missed half of my points. The longer you keep a password the more insecure it is. Period. Like I asked, can you be sure that over the years that people have never glanced over your shoulder and seen your password as you type it? Can you be sure that no one was monitoring your keyboard? Hell, have you ever typed in any of those passwords on a insecure machine?
The longer you keep the password the more likely it's going to be able to be cracked by brute-force methods. The only thing that any brute for tactic needs is time, and you can mathmaticly gurantee that your attacker can only search a small percentage of the key-space for your password if you rotate them.
However, if you rotated passwords you would only have to account for the time since your last rotation.
And if we're talking joe-luser here, people will write down passwords no matter how often you change them. Writing down is just like shoulder surfing. If you don't ever have to write, type, say, or otherwise communicate the password then it'll be secure. However if someone writes down their password and it gets stolen, which is the more favorable senario, the one where the password remains active forever because it's easy to remember for the user, or the one where the password is active for 4 weeks and then is changed thus denying access to the password thief?
The whole point is that you never know that your password has been compromised until it's too late, but if you can limit the window that a password is active you've dramaticly improved your security.
I choose the former, because (A) it makes my life easier, and (B) it's worked quite well for me.
Unfortunately security isn't about making one's life easier or we'd all have unfettered access to everything. This mentality is the down fall of any security system. This is the equivilent of proping open the bank safe with a chair. Sure, now it's easier for you to get to your money, but it's also that much eaiser for everyone else.
OK, let's spell this out again. If that's the author of the 50 second clip is using a viral license like the GPL, don't use the 50 seconds worth of video! You should know about the licensing issues so it's not like it's any surprise.
I don't understand where your sense of entitlement is coming from. You aren't being forced to use GPLed code in your project, but if you do the people who spent all their time/money making the code require you to share your code wich depends upon the work these nice people did.
Could you offer up any reason why people should do work for you without any return? (If you do, try to avoid analogies, since, as shown in this thread, they can be unclear and misleading.)
That's the point. Given enough time every password is insecure. While having very simple passwords is bad, just leaving the same password forever is even worse. Who knows who has your password after years of use. I shoulder-surf passwords all the time. Think about everyone who's been in the same room with you when you've typed your password over all this time. Would you trust them with the password? Passwords aren't the only weak link in a system. What about compomised systems with trojaned logins, keygrabbers, or network sniffers?
Also, YOU USE THE SAME PASSWORD ON TEN SYSTEMS?!?! So, now instead of cracking one box, anyone who breaks into any one of the 10 systems immediately has access to them all. Awesome.
As for your weak password arguement, that should be taken care of when the user changes the password. If you ensure that they have atleast 6 characters: one capitalized letter, one lower case letter, and one number that's a minimum 1.6*10^10 combinations. Not bad.
Now, not matter how easy/difficult the password is it won't stop people from putting up post-it notes. The weakest link in any secure system is always the humans who interact with it.
So, I'd re-evaluate my practices if I were you. I mean if you're just using these passwords on your home boxen, sure go ahead and use the same thing all over the place for as longs as you'd like. (I know I do.) However, if people are depending on you to keep their data secure, you need to be more proactive in your security.
Well, you see selling alcohol to minors is against the law. The store is not responsible for the actions of the minor on the alcohol. If the minor then drives while intoxicated the store doesn't get a ticket.
That's the overall problem with current law suite. There's no law agains making it, but the large corporations that hold the copyrights have the money and the lawyers to bend the law to include whoever they feel.
However, IANAL, so if you can point me out the law that any of this software is breaking then that'd settle the issue and prove that this is just "stunt defense".
I've worked for serveral smaller companies. Most recently I worked at a semi-well known video game company that the employees had come from another lesser well known company. When I first started working there I was very excited, and I worked my ass off, but as time went on I knew that the company was doomed. They had programmers that would simply lie about what they knew and how much work was being completed. They made dead-lines that were impossible to hit, and when they were missed it was like, "Oh well we've got to do better next time." The biggest problem is that they still to this day don't realize that they have a problem.
Why is this? Because simply the people who managed the programmers did not have a clue about what the programmers were doing. If some one told them that a bug was caused by this or that, they had to trust them. They had no way of seeing how much was being produced by any individual. Programmers often took credit for those "below" them, and those who were being ripped off were seen as the slackers.
In most businesses there's a progression from the ground up. You work in a clothing store as a stocker or cashier, eventually you'll be the one who becomes the manager if you stick with it and are a good employee. In my experience no one want to let the programmers manage because they have "poor people skills" or whatever so outsiders with no relevant programming experience are brought in. While a lot of these people are doing their jobs to the best of their ablity, they just can't manage the development of software with out actually developing it.
So, I've taken the next step. I'm starting my own company. I'm a programmer and I know how to make software, and I know what causes bugs, what holds up production, and what keeps programmers happy. However, I will try to avoid the mistakes I've seen. For example, I will not be trying to manage a sales team, I will bring people who have relvant experience, and let them do that job.
BTW, these aren't just imagined problems at this company, their currently in Chapter 11, and the magic eight ball says "outlook not so good".
I'm also a big collector of computer hardware. My only problem with slackware is that it's so X86 centric. Though because of that, I've grown fond of running OpenBSD. (I haven't had any need to use NetBSD, yet.)
There was a sparc port but it died. Stampede (the Mandrake of the Slackware world), was going to have a fancy build system for a bunch of platforms, but I haven't seen anything out of those guys in months.
I work for a game company, and one of our next projects is going to be a multiplayer interplanetary action/advententure style game. I have been looking into ways to fractally generated planets quite a bit. While this software does look cool (especially the textures), it still has the one problem that hurts it's usablity in multi-user worlds, it changes shape dramaticly between certian levels of detail. If I think I'm hiding behind a hill, I should be hiding behind a hill on everyone else's front-ends no matter how far away they are.
I wish I had known about this interview before hand so I could pose this problem to Dr. Musgrave himself, since he seems eager to use this in multi-user worlds.
I'd disagree. In every software project that has limited resources, the more features you add the more concessions that you'll have to make in order to get those features. Having a small set of highly specific tools is always better. If you have one tool that tries to do everything, eventually your going to have to force a interface on one type of action that isn't the best way for that type of action.
I wish companies would depend upon trade secrets. Then all they'd have to do is keep their employees under NDA and that'd be the end of the IP war zone. Companies realize however that their "secrets" are extremely obvious once they show their implementation and that's why patents and the DMCA exist.
As I tell the president of my company (and anyone else who'll listen) I'm all about protecting implementation, but trying to protect a process is just plain wrong!
I agree this is the mentality of a lot of geeks. Many claim they have "libertarian" values and take the stance you describe.
Libertarianism supports personal freedom. Freedom to donate to whom you wish in the amounts that you wish, but it also requires personal responsiblity. The responsiblity to actually donate your time and money to causes that are important to you.
That's the problem here, and it's far more pervasive than geeks alone. Americans shun personal responsiblity. They even give up their freedoms in order to aviod responsiblity. They feel more comfortable paying taxes and having their money funneled to programs they don't support.
No political system that requires personal responsiblity is going to work in this country unless there is a major shift in values. Libertarianism, communism, direct democracy, are all flawed because they rely on the citizens. Only the represtative republic sufficiently removes responsiblity from the individual, but it has a lot of compromises.
The funny thing about this is that the reason that they have that disclaimer is because the Stampede Technologies was going to sue them and take their domain.
I'm disappointed, especially in the big prize area. I wish more effort was put into giving the money to people who don't have an corporate support. Let's look at some of the various canidates:
GNOME - funded by RedHat Wine - funded by Corel Mozilla - funded by AOL XMMS - funded by OSS
Not that these projects deserve recognition, but come on! Now the whole "best open source book" topic makes me cringe. Who does the money go to? The author? The publisher?
I just want to see more projects succeed. These projects have gotten what they deserve. I just want to see new projects grow.
I've already got some code, some ideas, a domain and a machine. If you (or anyone else) want to get in touch with me I'd love to hear from you. My ideas are far more community based, and I think it'd be great. I've been trying to work on it forever, but I keep losing intrest because I'm the only one doing anything with it.
Exactly. I don't understand what sort of weird open source dimension Rob lives in. I've never seen a new release with that worked on anyone but the creator's system. There are many projects that I've watched that when they started didn't even have makefiles. Rob really doesn't seem to understand the benefits of opensource. I'm sure there's many of us out there that can figure out his code no matter what he claims. He's just being extremely arrogant
OK I misfigured the percent, but now I'll give the numbers I used to generate it in the first place so you will know. All figures come from the 3 months endingon Sept. 30 and all numbers are in dollars.
Electronics: Customer: 10,286 mil Intersegment: 728 mil Total: 11,014 mil
Game: Customer: 1,312 mil Intersegment: 52 mil Total: 1,364 mil
Now taking the Electronics Intersegment and applying all of the Electroni cs Intersegment sales to the Game total gives us:
Hypothetical Game total: 2,092 mil Total Sales: 15,259 mil
Finally giving us:
Game Percentage 8.9% Hypothetical Game Percentage: 13.7%
13.7% as opposed to 8.9% is a big deal, but still it doesn't approach anywhere near 50%. That was the original point.
Ok.. seeing as how this thread is dead, this is really for the benefit of tc and anyone who might happen to see this some time in the future.
The game segement (including pc and ps) is far less then 50%. In fact it makes up only a little less than 7% of Sony's income. Check out their quarterly report.
I don't understand why anyone would possibly think that this is a risky manuver other than because Sony told them it was. Stocks split all the time. Sony is currently weighing in at 270. Stocks constantly split as they approach the 300 range. This is an awesome marketing ploy if they can convince everyone that they are willing to bet the entire company on this new system. In reality however, if the PS2 flops, stock split or not, sony is still going to be in business. They are far too diversified to let one product destroy them.
In their defense most people dont' have an extra couple of years to evaluate each and every choice. I chose debian because I heard about it and looked at the web site and decided it was for me. If I buy a car I look at consumer reports, my parents, my friends and then make a purtchess. I don't go to a university for 10 years getting a degree in mechanical engineering and electrical engineering to pick the car for me.
Exactly my point. To expand on your analogy. You know that you want a SUV, an economy car, a sports car, etc. You don't see reviews of cars that pit all the different groups against each other, because that makes no sense. I think it'd be fair to rank the "ease of use" based distros, or the "power user" ones, but not against each other. If I want a distro that allows me to control exactly what I have installed and make major modifications easily this reviews reccomendations don't help me at all.
I started to use slackware but they just didn't get it. . . . Sure I could compile [every] package that I want to use but the time (not to mention the disk space that I lack) disuade me from doing it.
See this is exactly why I like slackware. I like compiling my own stuff. I use a lot of CVS based programs with CVS libs. I don't want to be limited by my distro. To bring this back to the point of the article: This review didn't help me with that. it's the problem with CNET. It's sorta just a bitch, and I've got to remember their audience as others have pointed out. Although, I'm sure there are plenty of people who are tried of dependancy checking that doen't want to go out and download every distro just to find one that they like. I little bit of a wider perspective when reviewing the distros and refraining from assigning number to these distros.
Correct. But I still think that the goals of someone using linux (for the most part) usually overlap for most things. Most desktop users actually have a pretty clear idea of what they want.
Agreed. Although, assuming that what they are looking for is a graphical installer, and commitment to a package format is not always correct.
I just want to be clear. I obviously love Slackware. It's the best distro for me, but it may not be for you. I'm not alone in my opinion, however. What I would like for the reviewers to have done is say: "If you want easy, go here. If you want customisable go here, if you want support go here, if you want cheap go here."
Slashdot Mirror
So what's your point in the second paragraph? I totally argee with everything there. If you don't know your password has been compromised then the cracker will break into all 10 boxes which allows exponential potential for cracking especially if you don't rotate your passwords and don't keep seperate passwords for different systems.
Also you missed half of my points. The longer you keep a password the more insecure it is. Period. Like I asked, can you be sure that over the years that people have never glanced over your shoulder and seen your password as you type it? Can you be sure that no one was monitoring your keyboard? Hell, have you ever typed in any of those passwords on a insecure machine?
The longer you keep the password the more likely it's going to be able to be cracked by brute-force methods. The only thing that any brute for tactic needs is time, and you can mathmaticly gurantee that your attacker can only search a small percentage of the key-space for your password if you rotate them.
However, if you rotated passwords you would only have to account for the time since your last rotation.
And if we're talking joe-luser here, people will write down passwords no matter how often you change them. Writing down is just like shoulder surfing. If you don't ever have to write, type, say, or otherwise communicate the password then it'll be secure. However if someone writes down their password and it gets stolen, which is the more favorable senario, the one where the password remains active forever because it's easy to remember for the user, or the one where the password is active for 4 weeks and then is changed thus denying access to the password thief?
The whole point is that you never know that your password has been compromised until it's too late, but if you can limit the window that a password is active you've dramaticly improved your security.
I choose the former, because (A) it makes my life easier, and (B) it's worked quite well for me.
Unfortunately security isn't about making one's life easier or we'd all have unfettered access to everything. This mentality is the down fall of any security system. This is the equivilent of proping open the bank safe with a chair. Sure, now it's easier for you to get to your money, but it's also that much eaiser for everyone else.
OK, let's spell this out again. If that's the author of the 50 second clip is using a viral license like the GPL, don't use the 50 seconds worth of video! You should know about the licensing issues so it's not like it's any surprise.
I don't understand where your sense of entitlement is coming from. You aren't being forced to use GPLed code in your project, but if you do the people who spent all their time/money making the code require you to share your code wich depends upon the work these nice people did.
Could you offer up any reason why people should do work for you without any return? (If you do, try to avoid analogies, since, as shown in this thread, they can be unclear and misleading.)
dictionary *or* brute force-- has broken it yet.
That's the point. Given enough time every password is insecure. While having very simple passwords is bad, just leaving the same password forever is even worse. Who knows who has your password after years of use. I shoulder-surf passwords all the time. Think about everyone who's been in the same room with you when you've typed your password over all this time. Would you trust them with the password? Passwords aren't the only weak link in a system. What about compomised systems with trojaned logins, keygrabbers, or network sniffers?
Also, YOU USE THE SAME PASSWORD ON TEN SYSTEMS?!?! So, now instead of cracking one box, anyone who breaks into any one of the 10 systems immediately has access to them all. Awesome.
As for your weak password arguement, that should be taken care of when the user changes the password. If you ensure that they have atleast 6 characters: one capitalized letter, one lower case letter, and one number that's a minimum 1.6*10^10 combinations. Not bad.
Now, not matter how easy/difficult the password is it won't stop people from putting up post-it notes. The weakest link in any secure system is always the humans who interact with it.
So, I'd re-evaluate my practices if I were you. I mean if you're just using these passwords on your home boxen, sure go ahead and use the same thing all over the place for as longs as you'd like. (I know I do.) However, if people are depending on you to keep their data secure, you need to be more proactive in your security.
Well, you see selling alcohol to minors is against the law. The store is not responsible for the actions of the minor on the alcohol. If the minor then drives while intoxicated the store doesn't get a ticket.
That's the overall problem with current law suite. There's no law agains making it, but the large corporations that hold the copyrights have the money and the lawyers to bend the law to include whoever they feel.
However, IANAL, so if you can point me out the law that any of this software is breaking then that'd settle the issue and prove that this is just "stunt defense".
I've worked for serveral smaller companies. Most recently I worked at a semi-well known video game company that the employees had come from another lesser well known company. When I first started working there I was very excited, and I worked my ass off, but as time went on I knew that the company was doomed. They had programmers that would simply lie about what they knew and how much work was being completed. They made dead-lines that were impossible to hit, and when they were missed it was like, "Oh well we've got to do better next time." The biggest problem is that they still to this day don't realize that they have a problem.
Why is this? Because simply the people who managed the programmers did not have a clue about what the programmers were doing. If some one told them that a bug was caused by this or that, they had to trust them. They had no way of seeing how much was being produced by any individual. Programmers often took credit for those "below" them, and those who were being ripped off were seen as the slackers.
In most businesses there's a progression from the ground up. You work in a clothing store as a stocker or cashier, eventually you'll be the one who becomes the manager if you stick with it and are a good employee. In my experience no one want to let the programmers manage because they have "poor people skills" or whatever so outsiders with no relevant programming experience are brought in. While a lot of these people are doing their jobs to the best of their ablity, they just can't manage the development of software with out actually developing it.
So, I've taken the next step. I'm starting my own company. I'm a programmer and I know how to make software, and I know what causes bugs, what holds up production, and what keeps programmers happy. However, I will try to avoid the mistakes I've seen. For example, I will not be trying to manage a sales team, I will bring people who have relvant experience, and let them do that job.
BTW, these aren't just imagined problems at this company, their currently in Chapter 11, and the magic eight ball says "outlook not so good".
While that is impressive, I find it hard to believe that the sites that get slashdotted have the kind of bandwidth slashdot does.
I'm also a big collector of computer hardware. My only problem with slackware is that it's so X86 centric. Though because of that, I've grown fond of running OpenBSD. (I haven't had any need to use NetBSD, yet.)
There was a sparc port but it died. Stampede (the Mandrake of the Slackware world), was going to have a fancy build system for a bunch of platforms, but I haven't seen anything out of those guys in months.
I work for a game company, and one of our next projects is going to be a multiplayer interplanetary action/advententure style game. I have been looking into ways to fractally generated planets quite a bit. While this software does look cool (especially the textures), it still has the one problem that hurts it's usablity in multi-user worlds, it changes shape dramaticly between certian levels of detail. If I think I'm hiding behind a hill, I should be hiding behind a hill on everyone else's front-ends no matter how far away they are.
I wish I had known about this interview before hand so I could pose this problem to Dr. Musgrave himself, since he seems eager to use this in multi-user worlds.
You can always put a different .profile in ~root, or add this to your /etc/profile:
if [ "`id -u`" = "0" ]; then
#setup root prompt
else
#setup user prompt
fi
ph33r my prompt! Color, upper asci, username, machine and date!!!
\ [\304\[\033[0;34m\[(\[\033[0;36m\[\u@\h\[\033[0;34 m\[)-(\[\0
3 [0;34m\[\304\n\300[\[\033[0;36m\[\w\[
(Actually I kinda ripped the idea off from Mandrake (the Enlightenment guy), but there are some changes).
export PS1="\[\033[11m\[\033[0;34m\[\332\304\[\033[1;34m
33[1;34m\[\`date +\"%a %B %-d %l:%M%P\"\`\[\033[0;34m\[)\[\033[1;34m\[\304\[\03
\033[0;34m\[]:\[\033[0;0m\[ \[\033[10m"
Try starting a garden grown entirely in granite
I'd disagree. In every software project that has limited resources, the more features you add the more concessions that you'll have to make in order to get those features. Having a small set of highly specific tools is always better. If you have one tool that tries to do everything, eventually your going to have to force a interface on one type of action that isn't the best way for that type of action.
Duh, I was thinking about it from the wrong perspective.
That should be 1000000/24/60/60 and that comes out to 11.57 hits a second.
Also you only did 100,000/60/24/24 so if that was the break down it'd be 28.93 hits per second.
Yay math!
um... are you saying that x, y and z can't be used as dimensions because I can't be at (1,1,1) and (2,2,2) at the same time?
I wish companies would depend upon trade secrets. Then all they'd have to do is keep their employees under NDA and that'd be the end of the IP war zone. Companies realize however that their "secrets" are extremely obvious once they show their implementation and that's why patents and the DMCA exist.
As I tell the president of my company (and anyone else who'll listen) I'm all about protecting implementation, but trying to protect a process is just plain wrong!
I agree this is the mentality of a lot of geeks. Many claim they have "libertarian" values and take the stance you describe.
Libertarianism supports personal freedom. Freedom to donate to whom you wish in the amounts that you wish, but it also requires personal responsiblity. The responsiblity to actually donate your time and money to causes that are important to you.
That's the problem here, and it's far more pervasive than geeks alone. Americans shun personal responsiblity. They even give up their freedoms in order to aviod responsiblity. They feel more comfortable paying taxes and having their money funneled to programs they don't support.
No political system that requires personal responsiblity is going to work in this country unless there is a major shift in values. Libertarianism, communism, direct democracy, are all flawed because they rely on the citizens. Only the represtative republic sufficiently removes responsiblity from the individual, but it has a lot of compromises.
Anyhow, that's my rant.
The funny thing about this is that the reason that they have that disclaimer is because the Stampede Technologies was going to sue them and take their domain.
I'm disappointed, especially in the big prize area. I wish more effort was put into giving the money to people who don't have an corporate support. Let's look at some of the various canidates:
GNOME - funded by RedHat
Wine - funded by Corel
Mozilla - funded by AOL
XMMS - funded by OSS
Not that these projects deserve recognition, but come on! Now the whole "best open source book" topic makes me cringe. Who does the money go to? The author? The publisher?
I just want to see more projects succeed. These projects have gotten what they deserve. I just want to see new projects grow.
I've already got some code, some ideas, a domain and a machine. If you (or anyone else) want to get in touch with me I'd love to hear from you. My ideas are far more community based, and I think it'd be great. I've been trying to work on it forever, but I keep losing intrest because I'm the only one doing anything with it.
Exactly. I don't understand what sort of weird open source dimension Rob lives in. I've never seen a new release with that worked on anyone but the creator's system. There are many projects that I've watched that when they started didn't even have makefiles. Rob really doesn't seem to understand the benefits of opensource. I'm sure there's many of us out there that can figure out his code no matter what he claims. He's just being extremely arrogant
OK I misfigured the percent, but now I'll give the numbers I used to generate it in the first place so you will know. All figures come from the 3 months endingon Sept. 30 and all numbers are in dollars.
Electronics:
Customer: 10,286 mil
Intersegment: 728 mil
Total: 11,014 mil
Game:
Customer: 1,312 mil
Intersegment: 52 mil
Total: 1,364 mil
Now taking the Electronics Intersegment and applying all of the Electroni
cs Intersegment sales to the Game total gives us:
Hypothetical Game total: 2,092 mil
Total Sales: 15,259 mil
Finally giving us:
Game Percentage 8.9%
Hypothetical Game Percentage: 13.7%
13.7% as opposed to 8.9% is a big deal, but still it doesn't approach anywhere near 50%. That was the original point.
Ok.. seeing as how this thread is dead, this is really for the benefit of tc and anyone who might happen to see this some time in the future.
The game segement (including pc and ps) is far less then 50%. In fact it makes up only a little less than 7% of Sony's income. Check out their quarterly report.
I don't understand why anyone would possibly think that this is a risky manuver other than because Sony told them it was. Stocks split all the time. Sony is currently weighing in at 270. Stocks constantly split as they approach the 300 range. This is an awesome marketing ploy if they can convince everyone that they are willing to bet the entire company on this new system. In reality however, if the PS2 flops, stock split or not, sony is still going to be in business. They are far too diversified to let one product destroy them.
In their defense most people dont' have an extra couple of years to evaluate each and every choice. I chose debian because I heard about it and looked at the web site and decided it was for me. If I buy a car I look at consumer reports, my parents, my friends and then make a purtchess. I don't go to a university for 10 years getting a degree in mechanical engineering and electrical engineering to pick the car for me.
Exactly my point. To expand on your analogy. You know that you want a SUV, an economy car, a sports car, etc. You don't see reviews of cars that pit all the different groups against each other, because that makes no sense. I think it'd be fair to rank the "ease of use" based distros, or the "power user" ones, but not against each other. If I want a distro that allows me to control exactly what I have installed and make major modifications easily this reviews reccomendations don't help me at all.
I started to use slackware but they just didn't get it. . . . Sure I could compile [every] package that I want to use but the time (not to mention the disk space that I lack) disuade me from doing it.
See this is exactly why I like slackware. I like compiling my own stuff. I use a lot of CVS based programs with CVS libs. I don't want to be limited by my distro. To bring this back to the point of the article: This review didn't help me with that. it's the problem with CNET. It's sorta just a bitch, and I've got to remember their audience as others have pointed out. Although, I'm sure there are plenty of people who are tried of dependancy checking that doen't want to go out and download every distro just to find one that they like. I little bit of a wider perspective when reviewing the distros and refraining from assigning number to these distros.
Correct. But I still think that the goals of someone using linux (for the most part) usually overlap for most things. Most desktop users actually have a pretty clear idea of what they want.
Agreed. Although, assuming that what they are looking for is a graphical installer, and commitment to a package format is not always correct.
I just want to be clear. I obviously love Slackware. It's the best distro for me, but it may not be for you. I'm not alone in my opinion, however. What I would like for the reviewers to have done is say: "If you want easy, go here. If you want customisable go here, if you want support go here, if you want cheap go here."