Are you serious?! Have you SEEN the update manager on Ubuntu?
I am very serious.
The update manager in Ubuntu and other distros I have extensive experience with are wonderful for updating an OS. But the applications are lumped right in with the OS, so the burden falls on Canonical to distribute/patch/update (and, egads, support) all the applications a user might want.
As I said, that is a nightmare for almost everyone involved: The user gets app deprivation, the app developer gets discouraged and moves to OS X or Windows, the distro gets pressed to support and even change all kinds of apps that frankly are way beyond their field of expertise not to mention their available manpower.
"Windows... windows... Windows... etc."
Idiocy from the church of Windows-hating. Funny how at times like this the Linux fanbois avert their eyes from the fact that OS X is not only gaining market share away from Windows, but is also wiping the floor with "Linux" in the desktop space.
Oh, but if Windows does it then it must be wrong, whatever it is and however much the practice was invented on other platforms like Macintosh in the first place.
There are many free things that catch on with the public without massive marketing campaigns.
Consider Firefox, which was mainly a word-of-mouth effort. We were 'selling' a program with a consistent UI that made all the features readily discoverable. Firefox also has a simple identity: When you sit down in front of a Firefox, you know what UI and features you're getting. And when others modify Firefox outside of Mozilla's purview, they are forced to change the name so that "Firefox" doesn't become meaningless to the average end-user the way "Linux" has.
In short, no one other than the most avid techies know just what they are getting when they are sold/given a "Linux" system.
From the standpoints of marketing and tech support, its a nightmare.
It has little to do with the OS merely being 'different' than Mac or Windows, otherwise all these smartphones running everything from Symbian to custom Linux-based stacks would suffer the same returns problem (and for the most part, they don't).
Installing and updating software applications is a royal beeotch.
With a Windows setup (horrible warts and all), you just download and install your software packages as on a desktop PC.
But with Linux-based stuff, since you're not dealing with a well-defined platform, you will almost never encounter a neatly-packaged application that will install with a few clicks. So you are stuck with outdated/missing apps in the distros repository, or wrestling with downloaded rpms and debs and their dependency nightmares.
The lack of a well-defined desktop platform and the adherence to software repository culture that inserts itself between the user and the app developers are to blame here.
It doesn't have to be this way in FOSS. As it happens though the politics of defining a platform that ISVs can target directly just aren't there yet.
No, the fact of the matter is that Skype, when they stated that their software was encrypted end-to-end, lied.
I think they might have been telling the truth at the start.
But then they got bought by a US corporation and then Congress revised CALEA regulations to cover all data, not just POTS telephone network.
In the end though, closed stuff can't be trusted for maintaining security.
Now, this 'Administrative layer' that eBay references is intriguing! So the Skype protocols perhaps have a way of telling a client to use a SuperNode middleman instead of going peer to peer.
Ramms+ein is right: Open source will not solve the problem of computerized voting, which transforms the ballot from a physical object that can be read by any poll worker, into an electromagnetic blip that cannot be verified except through extremely indirect and convoluted means using teams of hard-to-find experts.
As you may know, the 'normal' transactions we perform on computers every week are coming under increasingly successful attack. And that is WITH the benefit of the transactions carrying the identities of the people involved.
Anonymous transactions like the vote are far more vulnerable to error and tampering and are unsuitable for computerization except for peripheral functions like printing.
No amount of OSS review will help in an environment of high stakes subterfuge, especially when the remaining non-OSS layers of the systems are endlessly complex by comparison with paper ballots. Just ONE inappropriate logic gate or bit out of billions in those little machines can throw an election.
Media reform (ownership regulation, equal time for qualifying candidates)
Electoral reform (physical and fully auditable ballots, banishing the electoral college, plurality voting, etc.)
Reform of banking and finance sectors (start with close reevaluation of the Fed).
But I would place media reform as probably the first or second priority in returning the country to a saner path. These highly-concentrated corporate wealth centers now have major stakes or own the mass media outlets, and those media have so little in common with the average person that they are turning many important issues into incoherent and emotional posturing (when they're not stumping for new wars, that is). The public can't hash out important issues like this.
You still have to pay for that extra level of vertical integration, plus a substantial application suite, to get a Mac on your desk.
The hardware is also top-tier in quality, which not everyone wants.
The usual solution to this dilemma is to spin off a differently-branded division for the cheaper stuff. And that's still a risk because it tends to cheapen the corporate culture over time.
Your cache and browsing history can be detected by websites too. Firefox has extensions to deal with these.
In Opera, the easiest way to deal with cache privacy and "web bugs" may be to switch its image-loading mode to only load images from the originating website (the site in the address bar).
I don't know exactly what to do about keeping the browsing history private in Opera; turn off javascript I suppose.
MS has a very long history of entering product categories that are already well-represented by their developer base. Office apps, web browser, database servers, etc. They have also frequently announced their intent to buy companies just to acquire trade secrets that said company, then turn away and announce their own product.
When they do acquire a company, the result is usually that investors flee from the competitors, so what once was a competitive software category becomes depopulated.
Apple has broken compatibility more often with OS X, but they had to drink deep from the innovation well for a long time. Since Tiger, OS X has stabilized and has upstaged Vista in a big way.
OTOH, OS X is an oasis of stability compared to using a Linux-based system in a desktop role. Linux does not represent an alternative platform to the monopoly desktop because the former isn't a platform; at least OS X does offer an alternative platform.
Compare MS software revenues to the revenues of the rest of the Windows developers. On a bar graph, companies like Wordperfect, Novell and Lotus used to appear prominently... now there isn't even a recognizable blip compared to MS. And really, who is even left? Computer Associates?
This disparity is far less pronounced in Apple's case. They have moved-in on only one app developer of consequence, Adobe, with FinalCut. In the case of Pages, etc. they are hitting MS and frankly I refuse to count that against Apple.
We have seen it for thousands of generations, the oppressed/rebel kid/cool dude becomes the oppressor. Apple is the new Microsoft. Pretty soon Google will be the new Microsoft, who knows what next.
They're all becoming like MS because the wealthy corporate types are increasingly waging class warfare against the lower and middle classes. The former are extremely fearful of the freedoms that permitted them to attain such power and riches for themselves.
Many of the killer apps that defined the personal computing revolution were authored authored and nurtured independently on Jobs' platforms. There is the spreadsheet (Visicalc on Apple II), desktop publishing (Quark and Adobe on MacOS), and the web browser (WorldWideWeb on NeXT aka OS X). Although not creating the image editing category on the desktop, Photoshop was born on the Mac. Apple later gained a knack for video editing, forcing Adobe to get off their behind and improve Premiere.
Now is today's Apple taking a page from Microsoft? Yes... Any OS vendor that regularly forces members of its own developer base out of the market is displaying MS-like behavior. But overall Apple's track record for enabling 3rd party development is (or was) very good indeed.
From what I gather, dark matter is well-established by both the gravitational lensing observations, and by the dynamics of galaxy rotation.
OTOH, dark energy is currently in an entirely separate class of theory that is mainly speculation.
There are so many interesting questions when you look at this 'dark flow' phenomenon. Is it caused by dark matter? Perhaps a gigantic primordial singularity? A region of space-time that collapsed after the big band? Or is it a 'dark' energy from another dimension pushing those galaxies in that direction? What if inflation occurs unevenly? How about the idea that another space-time (or 'brane') could be colliding with or 'pouring' into ours?
They are joining the IETF to accomplish this, and interestingly the USA is pursuing the same goal at the IETF re: anonymity (though not naming dissidents).
It is in neither governments' interest to keep IPV4 and the practice of NATing around. Security theater may push applications on an IPV6 Internet to increasingly reject users at NAT'ed, re-used IPs.
LAN security is as important an aspect of physical security as any other.
The rest of what you're saying seems pretty specious, esp. the hand waving about BGP; That's like worrying about whether the Russian Navy warship is going to break into your safety deposit box at the Post Office.:-D
With all of the worry over warrant-less spying, webmasters and an increasing number of clients will probably just opt for a validation system they already know (https) and reap the data encryption benefit at the same time.
So, the attacker just changes the MX record to mail.evil.com.
Sure, real simple... Just need to find mail and DNS servers sitting on the same subnet as some cheesy, infested PCs. Then execute the attack which BTW leaves the attacker with a verified IP/identity and a big "arrest me!" sign on their back.
The US government doesn't administer any of this, and they're not by any means the first mover on this. They just happen to control quite a few websites and make press releases.
So there are other TLDs already on DNSSEC?
Its still highly centralized and the official status of not being controlled by US govt is merely a pretense in a country that so frequently goes on a war footing. It is also the same govt that is now working with China in the IETF to irradicate anonymity from the Internet.
As far as sending e-mail via SSL, are you familiar with what MX records do? It should be clear that SSL provides absolutely no protection for MX record poisoning.
It can protect a mailer from sending mail through an impostor. I believe that MX records might still be sabotaged by an attacker, such that routing preferences could be forged and causing traffic problems; though I am not aware of such an attack ever happening.
DNSSEC protects things that aren't secured by https, like MX records.
And if email is sent via SSL connections?
What is so bad about making SSL/https the default? All digital signature schemes are based on crypto anyway; actually performing the crypto uses hardly any more resources than validating DNS because the burden is almost all in the public key overhead.
Who would administer the root cert? Oh, let me guess... the U.S. of A. government who just happens to be the first mover on implementing this more-centralized-than-https scheme.
But I suppose one can feel secure that DNSSEC is working even as MITM attacks insert browser and other exploits into unencrypted data (which will be more, not less common because of the extra load DNSSEC will be placing on servers).
Even the convenience is questionable. Just maybe DNSSEC would prevent webmasters from having to convert "http://etc" links to "https://etc" en-masse.
Then again, if the sensitive parts of the site are already https, then why bother? Even from a resource-use perspective, the crypto burden may be only slightly less than https.
Relying on bugs and physical access (for crissesake) is not an attack on the protocol itself. Esp. when the implementation being discussed is a six year-old version.
Every complex piece of software has bugs, particularly early-on. You seem to think that DNSSEC implementations will somehow be an exception.
Somehow I knew if you responded, you would start with the assumption that users will bypass the certificate warning.
My users don't accept bogus certificates; they know to watch for the Lock + proper domain together in the address bar because I communicate basic browsing knowledge to them. So what is wrong with your users?
Slashdot Mirror
Are you serious?! Have you SEEN the update manager on Ubuntu?
I am very serious.
The update manager in Ubuntu and other distros I have extensive experience with are wonderful for updating an OS. But the applications are lumped right in with the OS, so the burden falls on Canonical to distribute/patch/update (and, egads, support) all the applications a user might want.
As I said, that is a nightmare for almost everyone involved: The user gets app deprivation, the app developer gets discouraged and moves to OS X or Windows, the distro gets pressed to support and even change all kinds of apps that frankly are way beyond their field of expertise not to mention their available manpower.
"Windows... windows... Windows... etc."
Idiocy from the church of Windows-hating. Funny how at times like this the Linux fanbois avert their eyes from the fact that OS X is not only gaining market share away from Windows, but is also wiping the floor with "Linux" in the desktop space.
Oh, but if Windows does it then it must be wrong, whatever it is and however much the practice was invented on other platforms like Macintosh in the first place.
There are many free things that catch on with the public without massive marketing campaigns.
Consider Firefox, which was mainly a word-of-mouth effort. We were 'selling' a program with a consistent UI that made all the features readily discoverable. Firefox also has a simple identity: When you sit down in front of a Firefox, you know what UI and features you're getting. And when others modify Firefox outside of Mozilla's purview, they are forced to change the name so that "Firefox" doesn't become meaningless to the average end-user the way "Linux" has.
In short, no one other than the most avid techies know just what they are getting when they are sold/given a "Linux" system.
From the standpoints of marketing and tech support, its a nightmare.
It has little to do with the OS merely being 'different' than Mac or Windows, otherwise all these smartphones running everything from Symbian to custom Linux-based stacks would suffer the same returns problem (and for the most part, they don't).
Installing and updating software applications is a royal beeotch.
With a Windows setup (horrible warts and all), you just download and install your software packages as on a desktop PC.
But with Linux-based stuff, since you're not dealing with a well-defined platform, you will almost never encounter a neatly-packaged application that will install with a few clicks. So you are stuck with outdated/missing apps in the distros repository, or wrestling with downloaded rpms and debs and their dependency nightmares.
The lack of a well-defined desktop platform and the adherence to software repository culture that inserts itself between the user and the app developers are to blame here.
It doesn't have to be this way in FOSS. As it happens though the politics of defining a platform that ISVs can target directly just aren't there yet.
No, the fact of the matter is that Skype, when they stated that their software was encrypted end-to-end, lied.
I think they might have been telling the truth at the start.
But then they got bought by a US corporation and then Congress revised CALEA regulations to cover all data, not just POTS telephone network.
In the end though, closed stuff can't be trusted for maintaining security.
Now, this 'Administrative layer' that eBay references is intriguing! So the Skype protocols perhaps have a way of telling a client to use a SuperNode middleman instead of going peer to peer.
I think you, like very many others, confuse paranoia with prudence and vigilance.
Paranoia is based on irrational fear, while vigilance depends on observation and rational assessment of one's situation and/or opponents.
Most of the existing shortcuts in KDE are re-assignable, and you can make the desktop more Mac-like than Gnome in some respects:
For instance, You can create a Mac-like menu-bar at the top where your app menus display instead of separately in each app window.
Ramms+ein is right: Open source will not solve the problem of computerized voting, which transforms the ballot from a physical object that can be read by any poll worker, into an electromagnetic blip that cannot be verified except through extremely indirect and convoluted means using teams of hard-to-find experts.
As you may know, the 'normal' transactions we perform on computers every week are coming under increasingly successful attack. And that is WITH the benefit of the transactions carrying the identities of the people involved.
Anonymous transactions like the vote are far more vulnerable to error and tampering and are unsuitable for computerization except for peripheral functions like printing.
No amount of OSS review will help in an environment of high stakes subterfuge, especially when the remaining non-OSS layers of the systems are endlessly complex by comparison with paper ballots. Just ONE inappropriate logic gate or bit out of billions in those little machines can throw an election.
Media reform (ownership regulation, equal time for qualifying candidates)
Electoral reform (physical and fully auditable ballots, banishing the electoral college, plurality voting, etc.)
Reform of banking and finance sectors (start with close reevaluation of the Fed).
But I would place media reform as probably the first or second priority in returning the country to a saner path. These highly-concentrated corporate wealth centers now have major stakes or own the mass media outlets, and those media have so little in common with the average person that they are turning many important issues into incoherent and emotional posturing (when they're not stumping for new wars, that is). The public can't hash out important issues like this.
This might be a good place to start.
Other interesting links:
http://www.stopbigmedia.com/chart.php
http://www.thenation.com/doc/20080616/mcchesney
You still have to pay for that extra level of vertical integration, plus a substantial application suite, to get a Mac on your desk.
The hardware is also top-tier in quality, which not everyone wants.
The usual solution to this dilemma is to spin off a differently-branded division for the cheaper stuff. And that's still a risk because it tends to cheapen the corporate culture over time.
Trusted Platform Module chip plus EFi firmware.
I'd guess this dongle contains a TPM chip for use with EFi-based motherboards.
Your cache and browsing history can be detected by websites too. Firefox has extensions to deal with these.
In Opera, the easiest way to deal with cache privacy and "web bugs" may be to switch its image-loading mode to only load images from the originating website (the site in the address bar).
I don't know exactly what to do about keeping the browsing history private in Opera; turn off javascript I suppose.
MS has a very long history of entering product categories that are already well-represented by their developer base. Office apps, web browser, database servers, etc. They have also frequently announced their intent to buy companies just to acquire trade secrets that said company, then turn away and announce their own product.
When they do acquire a company, the result is usually that investors flee from the competitors, so what once was a competitive software category becomes depopulated.
Apple has broken compatibility more often with OS X, but they had to drink deep from the innovation well for a long time. Since Tiger, OS X has stabilized and has upstaged Vista in a big way.
OTOH, OS X is an oasis of stability compared to using a Linux-based system in a desktop role. Linux does not represent an alternative platform to the monopoly desktop because the former isn't a platform; at least OS X does offer an alternative platform.
Compare MS software revenues to the revenues of the rest of the Windows developers. On a bar graph, companies like Wordperfect, Novell and Lotus used to appear prominently... now there isn't even a recognizable blip compared to MS. And really, who is even left? Computer Associates?
This disparity is far less pronounced in Apple's case. They have moved-in on only one app developer of consequence, Adobe, with FinalCut. In the case of Pages, etc. they are hitting MS and frankly I refuse to count that against Apple.
We have seen it for thousands of generations, the oppressed/rebel kid/cool dude becomes the oppressor. Apple is the new Microsoft. Pretty soon Google will be the new Microsoft, who knows what next.
They're all becoming like MS because the wealthy corporate types are increasingly waging class warfare against the lower and middle classes. The former are extremely fearful of the freedoms that permitted them to attain such power and riches for themselves.
I think the parent is way off base.
Many of the killer apps that defined the personal computing revolution were authored authored and nurtured independently on Jobs' platforms. There is the spreadsheet (Visicalc on Apple II), desktop publishing (Quark and Adobe on MacOS), and the web browser (WorldWideWeb on NeXT aka OS X). Although not creating the image editing category on the desktop, Photoshop was born on the Mac. Apple later gained a knack for video editing, forcing Adobe to get off their behind and improve Premiere.
Now is today's Apple taking a page from Microsoft? Yes... Any OS vendor that regularly forces members of its own developer base out of the market is displaying MS-like behavior. But overall Apple's track record for enabling 3rd party development is (or was) very good indeed.
From what I gather, dark matter is well-established by both the gravitational lensing observations, and by the dynamics of galaxy rotation.
OTOH, dark energy is currently in an entirely separate class of theory that is mainly speculation.
There are so many interesting questions when you look at this 'dark flow' phenomenon. Is it caused by dark matter? Perhaps a gigantic primordial singularity? A region of space-time that collapsed after the big band? Or is it a 'dark' energy from another dimension pushing those galaxies in that direction? What if inflation occurs unevenly? How about the idea that another space-time (or 'brane') could be colliding with or 'pouring' into ours?
There have been discoveries of dark matter, and they are at least understandable by lay people like myself. Here is a video of one.
...allegedly shows China's intentions to eradicate anonymity on the Internet to bring dissidents into line.
http://news.cnet.com/8301-13578_3-10040152-38.html
They are joining the IETF to accomplish this, and interestingly the USA is pursuing the same goal at the IETF re: anonymity (though not naming dissidents).
It is in neither governments' interest to keep IPV4 and the practice of NATing around. Security theater may push applications on an IPV6 Internet to increasingly reject users at NAT'ed, re-used IPs.
LAN security is as important an aspect of physical security as any other.
The rest of what you're saying seems pretty specious, esp. the hand waving about BGP; That's like worrying about whether the Russian Navy warship is going to break into your safety deposit box at the Post Office. :-D
With all of the worry over warrant-less spying, webmasters and an increasing number of clients will probably just opt for a validation system they already know (https) and reap the data encryption benefit at the same time.
So, the attacker just changes the MX record to mail.evil.com.
Sure, real simple... Just need to find mail and DNS servers sitting on the same subnet as some cheesy, infested PCs. Then execute the attack which BTW leaves the attacker with a verified IP/identity and a big "arrest me!" sign on their back.
The chances of this happening are...?
The US government doesn't administer any of this, and they're not by any means the first mover on this. They just happen to control quite a few websites and make press releases.
So there are other TLDs already on DNSSEC?
Its still highly centralized and the official status of not being controlled by US govt is merely a pretense in a country that so frequently goes on a war footing. It is also the same govt that is now working with China in the IETF to irradicate anonymity from the Internet.
As far as sending e-mail via SSL, are you familiar with what MX records do? It should be clear that SSL provides absolutely no protection for MX record poisoning.
It can protect a mailer from sending mail through an impostor. I believe that MX records might still be sabotaged by an attacker, such that routing preferences could be forged and causing traffic problems; though I am not aware of such an attack ever happening.
DNSSEC protects things that aren't secured by https, like MX records.
And if email is sent via SSL connections?
What is so bad about making SSL/https the default? All digital signature schemes are based on crypto anyway; actually performing the crypto uses hardly any more resources than validating DNS because the burden is almost all in the public key overhead.
Who would administer the root cert? Oh, let me guess... the U.S. of A. government who just happens to be the first mover on implementing this more-centralized-than-https scheme.
But I suppose one can feel secure that DNSSEC is working even as MITM attacks insert browser and other exploits into unencrypted data (which will be more, not less common because of the extra load DNSSEC will be placing on servers).
What a fool's solution.
Even the convenience is questionable. Just maybe DNSSEC would prevent webmasters from having to convert "http://etc" links to "https://etc" en-masse.
Then again, if the sensitive parts of the site are already https, then why bother? Even from a resource-use perspective, the crypto burden may be only slightly less than https.
Stop behaving like a hysterical hack!
Relying on bugs and physical access (for crissesake) is not an attack on the protocol itself. Esp. when the implementation being discussed is a six year-old version.
Every complex piece of software has bugs, particularly early-on. You seem to think that DNSSEC implementations will somehow be an exception.
Somehow I knew if you responded, you would start with the assumption that users will bypass the certificate warning.
My users don't accept bogus certificates; they know to watch for the Lock + proper domain together in the address bar because I communicate basic browsing knowledge to them. So what is wrong with your users?
Where is this "lot of OSS" I'm wondering about?
Or is it OSS that Google just uses?