Because if we, as customers, demand that they do, they'll have to. The way to demand it is to state that we dislike the fact they didn't, and go to someone who does, or if that someone doesn't exist, to someone who has provided more sources.
A source code release would be good for the customers, for the community and for the general progress of mobile devices such as ebook readers. That's why we should insist that source code should be released.
Debian runs on the Neo Freerunner, and there's software for the phone functionality. You can make calls, receive and send SMS, connect over GPRS and read your email, browse, use the GPS. It's usable, although running desktop apps on a phone can be frustrating sometimes. And it's slow. There's a project to run Debian on Nokia N900, however it's incomplete and because of a few proprietary components you can't "compile and install" something to make the phone work. The community is working on replacing those.
The original OS on the phone is Maemo, which is essentially Debian-based, X-based, and you can compile and run it except for those few components. You can also run full Debian in a chroot. You can also port the apps missing in Debian from there any time you wish. It's non-trivial perhaps.
You can run Kubuntu on N900. The phone functionality in Debian and Kubuntu is being worked on.
If the RF spectrum in his house is running Gentoo, he could compile a kernel with the rotating staircase deadline scheduler or the brain fuck scheduler, and all devices will timeshare the spectrum just fine.
I mean, the eye can't focus that closely, so the lens would have to project an image that appears to be coming from further away, or be aimed in such way that the current focus of the eye doesn't matter, and it always enters the retina at the right spots.
Is this the whole Wave with the web interface, because from the first glance it appears to be just the protocol and the APIs? Also, would this include federation between servers, because if I recall correctly it was never enabled in the Google Wave servers, so I suppose it's not ready either.
I think that AdBlocking on a phone can only improve the usage.I don't see what problem you could possibly have with the idea? AdBlock Plus on my N900 works great, and makes certain sites much less intensive on my phone. Unfortunately, there's no NoScript equivalent for the Maemo browser, which IMO is a must have as well.
Um, Scotty gave us transparent aluminium, i.e. the thinnest transparent material. Not the lightest material. Light and thin aren't the same thing yet, at least not before a few coordinate system transformations.
I usually put black and white paint on my face and put black metal clothing with lots of spines and an axe. I hope that's not included in the blacklist of obnoxious behaviours.
Re:In a 100 years Occupy will be equiv. with STUPI
on
Occupy Flash?
·
· Score: 2
I'm sorry, but you've missed one important criticism:
It's a proprietary non-standard technology controlled by a single company with a single proprietary working implementation. Whether you like the other technologies used in the web, they aren't controlled by a single company, and have multiple implementations letting you choose the most secure or stable one. With Flash, you're stuck with Adobe's implementation, especially on platforms that are overlooked (such as GNU/Linux and non-x86 hardware such as mobile devices), and if unfixed bugs pop up, you can't fix them. At the moment I can't play mp3 sounds in Flash, because Adobe have incorrectly used memcpy instead of memmove, but my distro can't fix that with a patch.
What's more, the open standard technologies with free implementations easily yield to developments on the part of the client. Want to extract information from HTML? That's easy. Want to learn a HTML 5/JavaScript inside a daemon on your server? That's not difficult. Want to alter the behaviour of a HTML 5/JavaScript application with GreaseMonkey or NoScript? Please, go ahead.
That's a false dichotomy. Either there are no aliens, or there are aliens parking starships everywhere. The universe is a huge thing. It's also an empty thing. Expecting alien space parking garages everywhere is beyond science fiction and is quite ludicrous.
It's one thing for aliens to exist. It's another for them to be common. It's optimistic to then expect that they are more advanced than us. It's amazing if they are all into space travel. It would be quite startling if they are into interstellar travel. It would be madness if they are into intergalactic travel, not even Star Trek has done that. And even then, expecting to detect their spaceship exhaust in every corner of the universe is beyond imagination.
So you're worried more about certain people who would have to find new jobs rather than something that could potentially improve the Internet significantly for everyone? Would you rather we have a proprietary plugin like Flash as a defacto standard forever just to help them save their precious jobs? I'm not making light of people "losing" their jobs, I'm happy about it. And not because it is something good, but because it enables something good to happen.
That's the definition of trusted computing - it trusts someone else, and not the owner. So that someone else, or anyone who compromises them, gets to control your device before you do.
So, you're frustrated that we are still talking about a serious issue that we haven't yet resolved? If it bugs you so much, do something that would help in solving it faster. The people who offer the solutions linked in the summary are doing something, and although I'm hesitant we should choose them, they have presented two options. What have you done?
A reputation system is good if you have a distributed anonymous network of sites, and it will perhaps do a great job there. But it has the potential to be abused and it is way too complicated. Why not go with something simpler?
1. Use the DNS CERT record and ensure that we use dnssec with all zones up to the root signed (or another DNS security scheme). 2. Remember the last certificate and warn the user every time when it changes. Notify the user that he should signal for an issue if it changes too often.
Of course, that's vulnerable of the root servers are cracked, but if that happens, you're fucked anyway. It's much more difficult to exploit than multiple certificate authorities which sign certificates when you have *no* way to detect a failure on their part.
I heard that there could be issues with dnssec, but there are also solutions offered, so, why go with something far more complicated?
- I have a ham radio modified to record secret police channels so that I can catch them when they are involved in secret government plots against us - I'm recording the data from a distant radio source with my telescope - I'm certain it's the aliens contacting us, even if <a href="https://wwws.whitehouse.gov/petitions#!/response/searching-et-no-evidence-yet">they are denying it</a>! - I'm recording the sound of me masturbating to my new Star Trek Linux desktop theme while listening to the new OpenBSD release songs - I have a camera with a telescoping lens pointed at the cute geek girl next door while she's masturbating - I'm downloading the video series "How to talk with girls without creeping them out"
Then, I'm XORing the five sources together, which produces a stream with entropy good enough to satisfy my randomness needs.
/dev/random is already gathering environmental entropy from hardware sources and (except if you're running it on a virtual machine), it should produce data with good entropy that's truly random and is not comping from a pseudo RNG algorithm.
Now, of course, if you XOR it with the network data you might increase entropy, but if it happens that/dev/random already uses it, you're not gaining anything, or in fact make things worse.
But, please, if you think that/dev/random isn't providing data that's random enough, suggestions and patches would be welcome. Even if they don't get accepted in the mainline kernel, you can still distribute them.
Another issue: I'd encrypt the data from the network source or XOR it with a pseudo RNG, because otherwise you might be leaking sensitive data through your "random" numbers.
It's a questionable decision, yes. However, the vulnerability wouldn't be any less worse if it was in userspace. And Microsoft weren't exactly the first. There was a time when the X11 server parsed fonts directly, and it was running as root, perhaps with some privileges dropped along the way. It wasn't kernel mode, but you still had a font parser running as root. So, they weren't the only geniuses who thought so.
But yeah, the X11 world has improved a lot since then, font parsing and rendering by the client, in userspace, and with an unprivileged account -- all great ideas that Microsoft might want to follow.
That's why NoScript disables embedded fonts along with other possible attack vectors.
Even on GNU/Linux, font rendering is not to be assumed safe. In particular, freetype was never designed with the idea to parse fonts from various untrusted sources, so security in the font parser has always been secondary up until recently, so there might be many security holes in it lurking. It also had a vulnerability lately, of course it got quickly fixed.
- Printing is not "up to par". KDE 3.5 used to have a printing system that anyone could envy, in KDE 4.x printing barely works (bug 180051) - PIM is not "up to par". KDE 3.5 used to have a sync feature, a bit clumsy, but it worked. The sync feature in KDE 4.x is only available in SVN and barely works. And don't get me started with syncing with my phone...
And I could cite you the bug database all day, giving you an example of bugs that make features really uncomfortable to use. I am subscribed to at least a dozen bugs, all that affect my productivity, while in KDE 3.5 I had little or no issues. - I have issues with network shares. - I have issues with instant messaging (granted, some of them existed with 3.5, but the fixes were commited right before the KDE 4 fiasco started) - I have issues with the text editors - I have issues with using KDE over SSH - I have issues with performance (maybe I should upgrade my ancient quad-core PC with 8 GB RAM)
Most of these are not fixed in 4.7, which is not available for all distros yet, so even if they were, it doesn't matter. You know, KDE 3.5 was stable, mature and polished. KDE used to be a pain in the ass, but with 3.5 all the issues slowly disappeared. It was already available everywhere, in all distros. KDE 4.7 just got out, and it's filled with issues I cursed KDE 3.3 or 3.4 for. Compared to KDE 3.5, KDE 4.7 is still crap. And slow.
Slashdot Mirror
Because if we, as customers, demand that they do, they'll have to. The way to demand it is to state that we dislike the fact they didn't, and go to someone who does, or if that someone doesn't exist, to someone who has provided more sources.
A source code release would be good for the customers, for the community and for the general progress of mobile devices such as ebook readers. That's why we should insist that source code should be released.
As long as they own the copyright, yes, they can.
Debian runs on the Neo Freerunner, and there's software for the phone functionality. You can make calls, receive and send SMS, connect over GPRS and read your email, browse, use the GPS. It's usable, although running desktop apps on a phone can be frustrating sometimes. And it's slow.
There's a project to run Debian on Nokia N900, however it's incomplete and because of a few proprietary components you can't "compile and install" something to make the phone work. The community is working on replacing those.
The original OS on the phone is Maemo, which is essentially Debian-based, X-based, and you can compile and run it except for those few components. You can also run full Debian in a chroot. You can also port the apps missing in Debian from there any time you wish. It's non-trivial perhaps.
You can run Kubuntu on N900. The phone functionality in Debian and Kubuntu is being worked on.
OpenVPN is amazing, the only downside is that it doesn't support IPv6 expect in tap mode. But you can always configure tap mode yourself, right?
If the RF spectrum in his house is running Gentoo, he could compile a kernel with the rotating staircase deadline scheduler or the brain fuck scheduler, and all devices will timeshare the spectrum just fine.
I mean, the eye can't focus that closely, so the lens would have to project an image that appears to be coming from further away, or be aimed in such way that the current focus of the eye doesn't matter, and it always enters the retina at the right spots.
Is this the whole Wave with the web interface, because from the first glance it appears to be just the protocol and the APIs? Also, would this include federation between servers, because if I recall correctly it was never enabled in the Google Wave servers, so I suppose it's not ready either.
I think that AdBlocking on a phone can only improve the usage.I don't see what problem you could possibly have with the idea? AdBlock Plus on my N900 works great, and makes certain sites much less intensive on my phone. Unfortunately, there's no NoScript equivalent for the Maemo browser, which IMO is a must have as well.
Um, Scotty gave us transparent aluminium, i.e. the thinnest transparent material. Not the lightest material. Light and thin aren't the same thing yet, at least not before a few coordinate system transformations.
I usually put black and white paint on my face and put black metal clothing with lots of spines and an axe. I hope that's not included in the blacklist of obnoxious behaviours.
I'm sorry, but you've missed one important criticism:
It's a proprietary non-standard technology controlled by a single company with a single proprietary working implementation. Whether you like the other technologies used in the web, they aren't controlled by a single company, and have multiple implementations letting you choose the most secure or stable one. With Flash, you're stuck with Adobe's implementation, especially on platforms that are overlooked (such as GNU/Linux and non-x86 hardware such as mobile devices), and if unfixed bugs pop up, you can't fix them. At the moment I can't play mp3 sounds in Flash, because Adobe have incorrectly used memcpy instead of memmove, but my distro can't fix that with a patch.
What's more, the open standard technologies with free implementations easily yield to developments on the part of the client. Want to extract information from HTML? That's easy. Want to learn a HTML 5/JavaScript inside a daemon on your server? That's not difficult. Want to alter the behaviour of a HTML 5/JavaScript application with GreaseMonkey or NoScript? Please, go ahead.
With Flash? Haha, good luck!
That's a false dichotomy. Either there are no aliens, or there are aliens parking starships everywhere. The universe is a huge thing. It's also an empty thing. Expecting alien space parking garages everywhere is beyond science fiction and is quite ludicrous.
It's one thing for aliens to exist. It's another for them to be common. It's optimistic to then expect that they are more advanced than us. It's amazing if they are all into space travel. It would be quite startling if they are into interstellar travel. It would be madness if they are into intergalactic travel, not even Star Trek has done that. And even then, expecting to detect their spaceship exhaust in every corner of the universe is beyond imagination.
So you're worried more about certain people who would have to find new jobs rather than something that could potentially improve the Internet significantly for everyone? Would you rather we have a proprietary plugin like Flash as a defacto standard forever just to help them save their precious jobs? I'm not making light of people "losing" their jobs, I'm happy about it. And not because it is something good, but because it enables something good to happen.
Come on, there are worse things to spill on the cabin floor. It's one of the more benign liquid explosives.
That's the definition of trusted computing - it trusts someone else, and not the owner. So that someone else, or anyone who compromises them, gets to control your device before you do.
So, you're frustrated that we are still talking about a serious issue that we haven't yet resolved? If it bugs you so much, do something that would help in solving it faster. The people who offer the solutions linked in the summary are doing something, and although I'm hesitant we should choose them, they have presented two options. What have you done?
A reputation system is good if you have a distributed anonymous network of sites, and it will perhaps do a great job there. But it has the potential to be abused and it is way too complicated. Why not go with something simpler?
1. Use the DNS CERT record and ensure that we use dnssec with all zones up to the root signed (or another DNS security scheme).
2. Remember the last certificate and warn the user every time when it changes. Notify the user that he should signal for an issue if it changes too often.
Of course, that's vulnerable of the root servers are cracked, but if that happens, you're fucked anyway. It's much more difficult to exploit than multiple certificate authorities which sign certificates when you have *no* way to detect a failure on their part.
I heard that there could be issues with dnssec, but there are also solutions offered, so, why go with something far more complicated?
Point a webcam at a fireplace? Boy...
- I have a ham radio modified to record secret police channels so that I can catch them when they are involved in secret government plots against us
- I'm recording the data from a distant radio source with my telescope - I'm certain it's the aliens contacting us, even if <a href="https://wwws.whitehouse.gov/petitions#!/response/searching-et-no-evidence-yet">they are denying it</a>!
- I'm recording the sound of me masturbating to my new Star Trek Linux desktop theme while listening to the new OpenBSD release songs
- I have a camera with a telescoping lens pointed at the cute geek girl next door while she's masturbating
- I'm downloading the video series "How to talk with girls without creeping them out"
Then, I'm XORing the five sources together, which produces a stream with entropy good enough to satisfy my randomness needs.
/dev/random is already gathering environmental entropy from hardware sources and (except if you're running it on a virtual machine), it should produce data with good entropy that's truly random and is not comping from a pseudo RNG algorithm.
Now, of course, if you XOR it with the network data you might increase entropy, but if it happens that /dev/random already uses it, you're not gaining anything, or in fact make things worse.
But, please, if you think that /dev/random isn't providing data that's random enough, suggestions and patches would be welcome. Even if they don't get accepted in the mainline kernel, you can still distribute them.
Another issue: I'd encrypt the data from the network source or XOR it with a pseudo RNG, because otherwise you might be leaking sensitive data through your "random" numbers.
It's a questionable decision, yes. However, the vulnerability wouldn't be any less worse if it was in userspace. And Microsoft weren't exactly the first. There was a time when the X11 server parsed fonts directly, and it was running as root, perhaps with some privileges dropped along the way. It wasn't kernel mode, but you still had a font parser running as root. So, they weren't the only geniuses who thought so.
But yeah, the X11 world has improved a lot since then, font parsing and rendering by the client, in userspace, and with an unprivileged account -- all great ideas that Microsoft might want to follow.
That's why NoScript disables embedded fonts along with other possible attack vectors.
Even on GNU/Linux, font rendering is not to be assumed safe. In particular, freetype was never designed with the idea to parse fonts from various untrusted sources, so security in the font parser has always been secondary up until recently, so there might be many security holes in it lurking. It also had a vulnerability lately, of course it got quickly fixed.
http://hackademix.net/2010/03/24/why-noscript-blocks-web-fonts/
Bullshit, I just installed cpuburn on my smartphone so that I can be ahead of Apple fanboys.
Only sensible if the comments were moderated in a sensible way...
If I had mod points, I would mod you down! I always moderate the comments in a sensible way!
The intended usage.
KDE 4.7 is up to par with what?
- Printing is not "up to par". KDE 3.5 used to have a printing system that anyone could envy, in KDE 4.x printing barely works (bug 180051)
- PIM is not "up to par". KDE 3.5 used to have a sync feature, a bit clumsy, but it worked. The sync feature in KDE 4.x is only available in SVN and barely works. And don't get me started with syncing with my phone...
And I could cite you the bug database all day, giving you an example of bugs that make features really uncomfortable to use. I am subscribed to at least a dozen bugs, all that affect my productivity, while in KDE 3.5 I had little or no issues.
- I have issues with network shares.
- I have issues with instant messaging (granted, some of them existed with 3.5, but the fixes were commited right before the KDE 4 fiasco started)
- I have issues with the text editors
- I have issues with using KDE over SSH
- I have issues with performance (maybe I should upgrade my ancient quad-core PC with 8 GB RAM)
Most of these are not fixed in 4.7, which is not available for all distros yet, so even if they were, it doesn't matter. You know, KDE 3.5 was stable, mature and polished. KDE used to be a pain in the ass, but with 3.5 all the issues slowly disappeared. It was already available everywhere, in all distros. KDE 4.7 just got out, and it's filled with issues I cursed KDE 3.3 or 3.4 for. Compared to KDE 3.5, KDE 4.7 is still crap. And slow.