I just finished "The Puzzle Palace" and "The Code Book" and I would disagree with you. There was a detailed story about a tech at GCHQ who was selling data to the East Germans. They gave him a briefcase with several years of one-time-pads, and the schedule for one of their Numbers Stations. The briefcase had a false bottom and also contained secret writing material with fake letters that he could send to a maildrop in Germany for return communication.
Key distribution is not so much of a problem if you only intend to communicate once a week or so, and you wouldn't even have to use all those keys--just have an identifier that says "No messages for you today!"
BTW: Sent from one of those QNX bootdisks! Fast teeheehee.
Linux does this, and I am very thankful. (And remember kiddies, leaving a running Ethereal on a busy network while you go to lunch is a baaadd idea! The machine was unresponsive (although still responded to pings in 0.5ms) and constantly swapping for about a half hour after I got back, until the kernel decided to kill the right process.)
According to their website it "works like a SCSI drive" and has Linux support. My guess is that it has its own SCSI controller on the card, which may have been tweaked to support the high bandwidth (110MB/sec) of the RAM. What does Ultra2 SCSI support, 80MB/sec? This might be useful as an external SCSI device but you would lose performance, I think.
While I love the GUS as much as the next guy (I have two!) I am not aware of there being this level of support for Linux. Maybe in the ALSA drivers? Linux only has support for one program to have the sound device opened at a time, making those 32 channels go to waste, and I am not aware of an app that can take advantage of the onboard RAM for samples (except for XMP), even MIDI doesn't work (AFAIK you have to use TiMidity which is a software GUS emulator!!). The GUS has the most support with old DOS games and MOD players (the Windows driver was abandoned before DirectSound support could be added). Many moons ago I asked Gravis to opensource their drivers but they refused, probably some third party code or something.
You just haven't played Doom or System Shock if you haven't heard the crystal clear, hardware accelerated audio from a GUS. I keep an old (mid '80s) NEC 386-16 w/1.5MB RAM around to play MODs. It can play 8 channels of 44khz 16bit audio with waveform displays for each channel, crystal clear. Only now do mainstream cards offer multiple, hardware buffered, channels and downloadable samples that the GUS had 10 years ago.
Annother important point when talking about biometrics is the fact that your finger doesn't change much. In effect you will be using the same passphrase at multiple organizations that require the fingerprint scan. What's to say that an unscrupulous organization won't record your fingerprint scan and replay it to other machines, or use it to create a prosthesis that can mimic your finger in any way that is important for the scanners (I think they determine live/deadness by the conductivity of the tissue, which is a measurement you would have)
These scanners could go a long way towards addressing this. Each user could have their own, trusted, scanner that merely unlocks a crypto key(s) on board that are actually used to authenticate. If the hardware was open enough so you could trust is this could be a very good thing.
For your organization it probably wouldn't make sense at this time to change, but keep a transition in the back of your mind. Try and move things to more open standards (RTF instead of DOC, Web-based apps, etc.) Maybe sometime later, if you don't crawl up some vendors ass, you will be able to easily transition to a Free Software archetecture.
I also take some minor objection to the statement that "MS is standing behind the product", since when?!? Last I checked the MS EULA had the same statement the GPL does, "This product is not warranteed for fitness for any particular purpose", blah blah blah. Sure you could BUY support but then you are in the same boat anyway. I haven't personally dealt with MS support but you would want to at least test to see if they are competant and responsive to problems (look in the MS KB and note how many bugs have the notice "We are aware of this problem, but have no fix at this time." from the mid '90s)
Of course what you are stating is that the upgrade and training costs involved with a proprietary solution are $0 which is just untrue. You can't upgrade(downgrade) MS Office or Windows versions without some retrainging and loss of productivity. Imagine trying to move people from Win9x to WinNT (at least trying to move to something with rudimentary memory protection, etc.) without incurring any support or retraining costs. Not gunna happen.
You should also factor in not just the sticker price (free=0 proprietary=$$$) but the long term support. In the free software world bugs get squashed, only recently has MS (as an example) even attempted to fix security problems in its line of OS's, and only your particular vendor can do this. If you need feature, or bugfix, X you have to wait for the benevelance of your vendor, and most of the time they will tell you to go fuck off. With Free Software you, the administrator and user, are in control of development. (enough rambling on this front)
Also think on a longer term, what about the upgrade cycle. Right now in PC operating systems you have a violent upgrade cycle where the useful life for a machine is only a year or two and you have to deal with several "forced" product upgrade rollouts. If you pick the right free software (not an easy task but you should be looking at all your options anyway) you may not have to upgrade for many years, if at all. During this time your users can learn the software more deeply and become faster and more productive. I use LaTeX as an example, it has been frozen for many, many years. LaTeX provides very nice printed output as well as HTML through LaTeX2HTML. I have only created about three reports using LaTeX but feel that I have been much more productive during this time. Even with the learning curve I produce much higher quality documents and I believe that it still takes less time than fiddling with page layout by hand.
Anyway, enough ranting on my part. I hope that whatever technological solution you pick is the right one for your organization and userbase, weather it be free or non-free. I just got out of bed so I need food and coffee. See ya.
Yeah, same boat. I got a pretty good butt-chewing after replying to some fool who had just emailed everyone in the Global Address book (Exchange 5.x). The IT management had some wierd policy about not creating mail aliases so the user had to select everyone in the Address book and put them in the To: field (about 1500 users). I hit "Reply All" without thinking and kindly pointed him to various Urban Legend, Hoax and Virus resources on the INternet and asked him to check his facts better next time.
About 5 minutes later the mail admin calls me (I was just a low level tech) and asks who the hell I think I am and what the fuck I think I am doing. Apparently the Exchange servers (3 IIRC) crapped out under the load. I was told to "never-never" and sent on my way with a very red face.
Next time kiddies I tell of the time that I brought an entire mailserver box (OS and all) down just by doing a simple IMAP view of my mailbox.
I'm not sure how hiring a developer to make something from scratch would be cheaper or easier, you now have an unsupported legacy system that no one else knows about but your developer. It seems to me that a better solution, if you want something customized, is to hire that same developer to improve on PHPHelpdesk or IRM (assuming you need something that big, maybe just some simple forms would work). Just finishing the features you need should be simpler, faster and cheaper than developing an entire system yourself. Not only do you get a nicer system, since the changes get rolled back into the main tree you also have lifetime support (and additional features) from everyone else.
Any chance of compiling bash for VMS, I don't have the source in front of me but I have seen projects that are source compatable with both UNIX and VMS (as well as Windows and OS/2).
Open Source means that the security bugs in most programs are fixable, not that they don't happen. For some people who have the time to audit every line of code of every program installed on the system this may just be a belt-and-suspenders approach.
Look at the errata or security page for any Linux or UNIX distro, look at the history of BIND or Sendmail. It is better/easier to wrap these library calls than audit every line of software (including closed sourse stuff you may have??) or blindly trust that every programmer is perfect and never makes a mistake that comprimises security.
Uh, why would it have to run as root to have an exploit? Being able to run arbitrary code as a priviledged user (as opposed to unpriviledged, like "nobody") gives much greater access to the system than many network services, also it is often trivial to elevate your privileges once you have shell access to a system (rootkits anyone?). And how devistating would it be to have your home directory blown away, sure the "system" is ok but your data has gone to heaven. Systems can be reinstalled from CD very easily, data cannot.
I am playing with libsafe right now and haven't as yet suffered any adverse effects. It is a good stopgap measure until libc is fixed and/or the development environment is fixed because asking every programmer, big and small, to manually check these function calls every time is just asking for things to be missed through incompetance, ignorance or just plain mistakes. I mean how come we still have buffer overflow problems in this day and age, this should have been fixed 10 years ago. The current system of every program manually having to implement this stuff for every call of a function doesn't work.
Actually that isn't so stupid, they own Netscape and are funding much of the Mozilla development. I wouldn't be supprised if AOL 6 was based on Navigator 6 and re-written over time into XUL, etc. etc. Navigator 6 PR1 already comes with an AIM client written in Mozilla, Neoplanet has a version of their web browser linked against libGecko (implying that it wouldn't be too difficult to retool AOL 5 from mshtml.dll to libGecko.so).
AOL has no love for MS, they were the primary persecutors that got the 1995 consent decree slapped on Microsoft, and what of the IM wars? I surmise that AOL will run away from Windows, IE and MS at the first opportunity, I even remember seeing a Slashdot article about AOL possibly comming out with their own Linux box/distro pre-setup for AOL.
IIRC from the last thread when NS PR1 came out it was stated that DHTML is different because in Mozilla it is based strictly on the W3C standard while NS 4.x and IE have made their proprietary extentions and only have part of the DHTML standard supported. Mozilla is more standards compliant, on all fronts, but this breaks backwards compatability on many pages, the upside is that once they are coded around the actual standard (who woulda' thunk?) this kind of thing won't happen again.
Re:downloading... i hope there have been bug fixes
on
Mozilla Milestone 15
·
· Score: 1
Heck, I'm using Netscape Mozilla PR1 and find it to be more stable than Communicator 4.72 on the same machine. It is sometimes more responsive (depends on operation) and looks a darn sight better/more readable (it really puts my TrueType fonts to good use).
Speed is improving with every release (which are not even beta yet!!!) and all the debugging code is still in. Expect a vast (2x++??) improvement when the final version ships this summer/fall
Heck, Bruce is usually the first, and loudest, to mention GPL violations and clueless companies (remeber the stink about Corel). If he states, repeadedly, that it is probably just an honest mistake then I would generally believe him. Let's just make sure that Be fixes this little indescretion and not sweat it. I would hate for a nifty OS like Be to be drug through the mud if it isn't deserved.
"The defense is a novel one, but if Napster wins this, I predict the law will be rewritten in eight minutes," said Neil Rosini, a lawyer at New York law firm Franklin, Weinrib, Rudell & Vassallo, who represents online music firm MyPlay. "The DMCA was never intended for companies like Napster."
Pretty funny to use a broken law in this way, I wonder how it will effect the ability of the DMCA to be repealed. Could they point to us and say, "See they use the DMCA therefore they must like it. Any whining is just being hypocritical." I sure hope not.
NPR/BBC is a good combination, I listen to them driving to/from work every day. NPRs reporting tends to be well balanced and fair most of the time, they will follow important stories with real coverage (E. Timor, etc.) instead of the 5 second blurb that would be on TV news. NPR even did a three episode expose of Echelon for crissake (also hinting that Bamford will be putting out a sequel to The Puzzle Palace soon.)
BBC WorldService gives a more worldwide view, since their target market is NOT the U.S., they have more stories from Africa, India, former British colonies, etc. which aren't even covered by mainstream press.
Ok, Linux runs on more than three platforms (not as many as NetBSD but no need to bend the truth). How about MIPS, ARM, SPARC, Alpha, PowerPC, M68K, i386(and compats) and on a wide range of hardware in these processor groups (NetBSD does not support 25 different processer arch just 25 different hardware arch although there are a few that Linux doesn't have like ns32k, sh3/4, vax)
What about Objective C and/or GNUStep? How come GNOME isn't based around those? Objective C is supposed to be the bees knees when it comes to GUI programming, even better than C++ (at least for C hackers).
Not just language barrier but cultural differences can cause problems too. I remember a movie about the friction caused by a Japanese management contingent taking over a US manufacturing plant, I think it starred Michael Keaton, or Michael Douglas. And I remember from my time in Germany the friction between US nationals and German nationals in mixed offices. The CW was that the Germans took every opportunity to take off work, they had strong unions and large benefits. The Americans thought that they were just pampered and lazy and there was some friction there.
What about Deutchland? When I was there I talked to a GTE tech rep who stated that they were selling the Germans 10yr old analog switches and stuff that GTE didn't even use anymore, and the Germans were deploying the stuff as a new upgrade. That and I remember Deutche Telekom having all the earmarks of a monopoly, bad service, low quality and obscenely high prices. This was a couple of years ago, maybe things have changed.
Slashdot Mirror
I just finished "The Puzzle Palace" and "The Code Book" and I would disagree with you. There was a detailed story about a tech at GCHQ who was selling data to the East Germans. They gave him a briefcase with several years of one-time-pads, and the schedule for one of their Numbers Stations. The briefcase had a false bottom and also contained secret writing material with fake letters that he could send to a maildrop in Germany for return communication.
Key distribution is not so much of a problem if you only intend to communicate once a week or so, and you wouldn't even have to use all those keys--just have an identifier that says "No messages for you today!"
BTW: Sent from one of those QNX bootdisks! Fast teeheehee.
Linux does this, and I am very thankful. (And remember kiddies, leaving a running Ethereal on a busy network while you go to lunch is a baaadd idea! The machine was unresponsive (although still responded to pings in 0.5ms) and constantly swapping for about a half hour after I got back, until the kernel decided to kill the right process.)
According to their website it "works like a SCSI drive" and has Linux support. My guess is that it has its own SCSI controller on the card, which may have been tweaked to support the high bandwidth (110MB/sec) of the RAM. What does Ultra2 SCSI support, 80MB/sec? This might be useful as an external SCSI device but you would lose performance, I think.
While I love the GUS as much as the next guy (I have two!) I am not aware of there being this level of support for Linux. Maybe in the ALSA drivers? Linux only has support for one program to have the sound device opened at a time, making those 32 channels go to waste, and I am not aware of an app that can take advantage of the onboard RAM for samples (except for XMP), even MIDI doesn't work (AFAIK you have to use TiMidity which is a software GUS emulator!!). The GUS has the most support with old DOS games and MOD players (the Windows driver was abandoned before DirectSound support could be added). Many moons ago I asked Gravis to opensource their drivers but they refused, probably some third party code or something.
You just haven't played Doom or System Shock if you haven't heard the crystal clear, hardware accelerated audio from a GUS. I keep an old (mid '80s) NEC 386-16 w/1.5MB RAM around to play MODs. It can play 8 channels of 44khz 16bit audio with waveform displays for each channel, crystal clear. Only now do mainstream cards offer multiple, hardware buffered, channels and downloadable samples that the GUS had 10 years ago.
Annother important point when talking about biometrics is the fact that your finger doesn't change much. In effect you will be using the same passphrase at multiple organizations that require the fingerprint scan. What's to say that an unscrupulous organization won't record your fingerprint scan and replay it to other machines, or use it to create a prosthesis that can mimic your finger in any way that is important for the scanners (I think they determine live/deadness by the conductivity of the tissue, which is a measurement you would have)
These scanners could go a long way towards addressing this. Each user could have their own, trusted, scanner that merely unlocks a crypto key(s) on board that are actually used to authenticate. If the hardware was open enough so you could trust is this could be a very good thing.
For your organization it probably wouldn't make sense at this time to change, but keep a transition in the back of your mind. Try and move things to more open standards (RTF instead of DOC, Web-based apps, etc.) Maybe sometime later, if you don't crawl up some vendors ass, you will be able to easily transition to a Free Software archetecture.
I also take some minor objection to the statement that "MS is standing behind the product", since when?!? Last I checked the MS EULA had the same statement the GPL does, "This product is not warranteed for fitness for any particular purpose", blah blah blah. Sure you could BUY support but then you are in the same boat anyway. I haven't personally dealt with MS support but you would want to at least test to see if they are competant and responsive to problems (look in the MS KB and note how many bugs have the notice "We are aware of this problem, but have no fix at this time." from the mid '90s)
Choose your poison wisely.
Of course what you are stating is that the upgrade and training costs involved with a proprietary solution are $0 which is just untrue. You can't upgrade(downgrade) MS Office or Windows versions without some retrainging and loss of productivity. Imagine trying to move people from Win9x to WinNT (at least trying to move to something with rudimentary memory protection, etc.) without incurring any support or retraining costs. Not gunna happen.
You should also factor in not just the sticker price (free=0 proprietary=$$$) but the long term support. In the free software world bugs get squashed, only recently has MS (as an example) even attempted to fix security problems in its line of OS's, and only your particular vendor can do this. If you need feature, or bugfix, X you have to wait for the benevelance of your vendor, and most of the time they will tell you to go fuck off. With Free Software you, the administrator and user, are in control of development. (enough rambling on this front)
Also think on a longer term, what about the upgrade cycle. Right now in PC operating systems you have a violent upgrade cycle where the useful life for a machine is only a year or two and you have to deal with several "forced" product upgrade rollouts. If you pick the right free software (not an easy task but you should be looking at all your options anyway) you may not have to upgrade for many years, if at all. During this time your users can learn the software more deeply and become faster and more productive. I use LaTeX as an example, it has been frozen for many, many years. LaTeX provides very nice printed output as well as HTML through LaTeX2HTML. I have only created about three reports using LaTeX but feel that I have been much more productive during this time. Even with the learning curve I produce much higher quality documents and I believe that it still takes less time than fiddling with page layout by hand.
Anyway, enough ranting on my part. I hope that whatever technological solution you pick is the right one for your organization and userbase, weather it be free or non-free. I just got out of bed so I need food and coffee. See ya.
Yeah, same boat. I got a pretty good butt-chewing after replying to some fool who had just emailed everyone in the Global Address book (Exchange 5.x). The IT management had some wierd policy about not creating mail aliases so the user had to select everyone in the Address book and put them in the To: field (about 1500 users). I hit "Reply All" without thinking and kindly pointed him to various Urban Legend, Hoax and Virus resources on the INternet and asked him to check his facts better next time.
About 5 minutes later the mail admin calls me (I was just a low level tech) and asks who the hell I think I am and what the fuck I think I am doing. Apparently the Exchange servers (3 IIRC) crapped out under the load. I was told to "never-never" and sent on my way with a very red face.
Next time kiddies I tell of the time that I brought an entire mailserver box (OS and all) down just by doing a simple IMAP view of my mailbox.
I'm not sure how hiring a developer to make something from scratch would be cheaper or easier, you now have an unsupported legacy system that no one else knows about but your developer. It seems to me that a better solution, if you want something customized, is to hire that same developer to improve on PHPHelpdesk or IRM (assuming you need something that big, maybe just some simple forms would work). Just finishing the features you need should be simpler, faster and cheaper than developing an entire system yourself. Not only do you get a nicer system, since the changes get rolled back into the main tree you also have lifetime support (and additional features) from everyone else.
Any chance of compiling bash for VMS, I don't have the source in front of me but I have seen projects that are source compatable with both UNIX and VMS (as well as Windows and OS/2).
Of course, it is much harder if you lay down and don't even try.
Open Source means that the security bugs in most programs are fixable, not that they don't happen. For some people who have the time to audit every line of code of every program installed on the system this may just be a belt-and-suspenders approach.
Look at the errata or security page for any Linux or UNIX distro, look at the history of BIND or Sendmail. It is better/easier to wrap these library calls than audit every line of software (including closed sourse stuff you may have??) or blindly trust that every programmer is perfect and never makes a mistake that comprimises security.
Uh, why would it have to run as root to have an exploit? Being able to run arbitrary code as a priviledged user (as opposed to unpriviledged, like "nobody") gives much greater access to the system than many network services, also it is often trivial to elevate your privileges once you have shell access to a system (rootkits anyone?). And how devistating would it be to have your home directory blown away, sure the "system" is ok but your data has gone to heaven. Systems can be reinstalled from CD very easily, data cannot.
I am playing with libsafe right now and haven't as yet suffered any adverse effects. It is a good stopgap measure until libc is fixed and/or the development environment is fixed because asking every programmer, big and small, to manually check these function calls every time is just asking for things to be missed through incompetance, ignorance or just plain mistakes. I mean how come we still have buffer overflow problems in this day and age, this should have been fixed 10 years ago. The current system of every program manually having to implement this stuff for every call of a function doesn't work.
Rant mode off please. . . please.
Actually that isn't so stupid, they own Netscape and are funding much of the Mozilla development. I wouldn't be supprised if AOL 6 was based on Navigator 6 and re-written over time into XUL, etc. etc. Navigator 6 PR1 already comes with an AIM client written in Mozilla, Neoplanet has a version of their web browser linked against libGecko (implying that it wouldn't be too difficult to retool AOL 5 from mshtml.dll to libGecko.so).
AOL has no love for MS, they were the primary persecutors that got the 1995 consent decree slapped on Microsoft, and what of the IM wars? I surmise that AOL will run away from Windows, IE and MS at the first opportunity, I even remember seeing a Slashdot article about AOL possibly comming out with their own Linux box/distro pre-setup for AOL.
IIRC from the last thread when NS PR1 came out it was stated that DHTML is different because in Mozilla it is based strictly on the W3C standard while NS 4.x and IE have made their proprietary extentions and only have part of the DHTML standard supported. Mozilla is more standards compliant, on all fronts, but this breaks backwards compatability on many pages, the upside is that once they are coded around the actual standard (who woulda' thunk?) this kind of thing won't happen again.
Heck, I'm using Netscape Mozilla PR1 and find it to be more stable than Communicator 4.72 on the same machine. It is sometimes more responsive (depends on operation) and looks a darn sight better/more readable (it really puts my TrueType fonts to good use).
I don't know about 1 and 2 but for the rest, these are already implemented.
Heck, Bruce is usually the first, and loudest, to mention GPL violations and clueless companies (remeber the stink about Corel). If he states, repeadedly, that it is probably just an honest mistake then I would generally believe him. Let's just make sure that Be fixes this little indescretion and not sweat it. I would hate for a nifty OS like Be to be drug through the mud if it isn't deserved.
Also from the article.
Pretty funny to use a broken law in this way, I wonder how it will effect the ability of the DMCA to be repealed. Could they point to us and say, "See they use the DMCA therefore they must like it. Any whining is just being hypocritical." I sure hope not.
BBC WorldService gives a more worldwide view, since their target market is NOT the U.S., they have more stories from Africa, India, former British colonies, etc. which aren't even covered by mainstream press.
Ok, Linux runs on more than three platforms (not as many as NetBSD but no need to bend the truth). How about MIPS, ARM, SPARC, Alpha, PowerPC, M68K, i386(and compats) and on a wide range of hardware in these processor groups (NetBSD does not support 25 different processer arch just 25 different hardware arch although there are a few that Linux doesn't have like ns32k, sh3/4, vax)
What about Objective C and/or GNUStep? How come GNOME isn't based around those? Objective C is supposed to be the bees knees when it comes to GUI programming, even better than C++ (at least for C hackers).
And would the standards of most Civilized countries stand in the US, esp. with the Moral Majority, et. al?
Just my $0.02.
What about Deutchland? When I was there I talked to a GTE tech rep who stated that they were selling the Germans 10yr old analog switches and stuff that GTE didn't even use anymore, and the Germans were deploying the stuff as a new upgrade. That and I remember Deutche Telekom having all the earmarks of a monopoly, bad service, low quality and obscenely high prices. This was a couple of years ago, maybe things have changed.