The old 8 bit computers e.g. Commodore 64 (I had an Amstrad 6128) were great in this way.
The old 8 bit computers also all had identical, known hardware, so there was no need for driver updates. They were far less complex, so there was far less chance of bugs. They were far less interconnected (if at all), so far less chance of (exploitable) security holes.
Likewise, as another poster points out, your microwave does essentially nothing compared to your PC. A better comparison would be a satellite receiver or PVR. I've had one of each, and they both take a non-significant amount of time to boot before they're usable. In fact, my gut feeling is that they take around as long as my PC.
Having the OS on some sort of non-volatile storage would be good for fast boots, but how often do you boot your PC? I boot my home one once per day, and my work one once in a blue moon. The advantages of that sort of a system just don't outweigh the potential problems associated with it, for me at least.
Then buy a motherboard that supports ACPI properly - I can switch my machine off from its own power switch without Windows bitching at me.
(No, you can't do it at the mains, that's just the way modern filesystems are, sorry. They cache writes for performance reasons; if you kill the power before everything's been written to disk, you can kiss data goodbye.)
I see. Other people than you should care enough to sacrifice their wealth.
I think a lot of people dislike CEOs (and other top-level execs) for a few reasons:
1) They get paid a literal fortune, often 50 times what an engineer/programmer gets or more (and so 100 times that of a "normal" position, 200 times that of a janitor, etc)
2) People don't understand what they do and so don't value it (witness the posts here essentially saying that engineers are irreplacable, while anyone can manage)
3) If you or I fuck up big time, we get fired. If an executive-level employee fucks up big time, they get a huge pay-off ($40m for Carly?) and walk into another similar job somewhere else (not that they *need* to work!)
For example, the previous chairman of the company I'm at burnt through about £12billion (about 80-90% of the company's cash reserves) all-but crippling it, then left with a multi-million pound pay-out.
Besides that, there's an old saying - "from each according to their means, to each according to their needs". CEOs and their ilk have the means to provide for an awful lot of needs...
Charity. Voluntary charity. The kind where the person that needs help asks for help. And then someone helps them voluntarily. And then they say "thank you" when they get help. And they try hard to be worthy of the help that they recieved.
I see people on the streets everyday trying to live off that sort of charity. I don't see too many people giving.
So now you have 15,000 less people to lead/manage but you still have the same number of executives and managers. That seems to create a very top heavy structure and those tend to fall over both in the management world and the engineering world.
You're reading it wrong. They're not saying "we're not getting rid of managers, just engineers, sales, secretaries, etc", they're saying "all the top-level managers - directors, senior executives, division heads - will remain".
Don't worry, plenty of middle- and lower-management roles will be going amongst those 15,000. It's the jobs at the top that will remain (just as they always do - you don't get rid of your friends unless you absolutely have to, and besides, you might want to work with them again some day...)
It's nothing to do with the firewall, the exploit is in rdesktop. The firewall allows incoming rdesktop connections by default (iirc), hence the "even with the firewall on" comment.
I'd imagine that it's partly due to how much harder it is to write good multi-threaded code that scales well with increasing numbers of CPUs.
Yes, you're running the same code whether you have 1 CPU or 8, but if you do have more than one then you're actually benefiting from the additional effort (design, development, testing, etc). I imagine that the rationale is that it was harder and more expensive to write, why not charge more for it?
On top of that, the vast majority of multi-CPU users are business users, which tend to have more money and be prepared to spend it; you charge what the market will bear.
So, in the case of Disneyland, they are maoving from 1-factor (somthing you have) to 2 (something you have and something you are). Even if someone steals your card, they have to build a fake hand (it's checking hand geometry, not fingerprints) and use it unnoticed. However the real aim is to prevent peopel from shaing their cards. It's easy to give away a token, much harder to make a convincing fake hand and not get caught.
That doesn't answer the question - if your biometric identifier is compromised and revoked, how do you authenticate yourself in such a two-factor scheme? You still have the card, but you no longer have the biometric aspect.
How do you prove that you've not just borrowed someone else's card?
Likewise for an ATM, if it uses a fingerprint and PIN. Without the fingerprint, how do you gain access? (Just like today - no card, no access)
Sure, n-factor authentication makes it harder for someone to impersonate you. However, if for whatever reason one of htose factors is rendered unusable to you, you must replace it. That, as the OP points out, is impossible in the case of a biometric identifier.
That's probably the case, but now the hacker has a list of usernames and password hashes to run an attack against.
Sure, it'll take a while, and probably isn't worth the effort for something like this, but if you have the md5 hashes, then given time, you have the passwords.
Well, it's just human nature. On the other hand though, it's a little different for government. They not only volunteered for the post, they spent a fair amount of time, money and effort convincing the very people they're now wishing weren't there that they were the right person for the job, that they'd represent their needs and the needs of the country as a whole better than anyone else going for the job.
They stood up and said "pick me to represent you, I'll do a good job, I have your best interests at heart", got picked, and are now saying "God, I wish I didn't have to represent these people"
Well, some of us morons weren't expecting 20 minutes or so of pure schmaltz at the end, complete with a grating utter bullshit "explanation" of why his mother could only stay for 24 hours. (But then, Star Trek tends to grate on me at times; the curse of a physics degree...)
Other than ruining it in that way, yes, it was a fine film.
I'm all about cursing and not linking intelligence factor to it but, man, that post was worthless trolling!
Really? You think? He's only posted it (or very similar variations on it) at least three times in this thread that I've noticed, and I've jumped in late...
But those barriers are by no means insurmountable, it just adds another step or two to the process of creating malware. There's plenty of malware available for Windows that masquerades as normal software (or piggy backs on it, "supporting" it a la Kazaa), there's no reason it won't be so for other OSes if it starts becoming worth the little shits' while to target them too.
Besies which, on a Unix box, it needn't be an executable, it could be an rpm or similar. Sure, you'd most likely restrict your target demographic to those who use a compatible distro, but there are only a few package formats anyway, and most distros can use "alien" formats too, if needs be.
You're just one shell-script attachment away from disaster when a user gets an email instructing them to save the attachment off, chmod +x it, and execute it, not knowing it contains the ever-useful "rm -rf" command inside.
Not even that; just create an rpm and tell people to rpm -i it.
If *nix ever became as ubiquitous as Windows is now, it would assuredly happen, I'll set my watch and warrant on it.
I gree with you 100% there. The best security model in the world can't save a machine from a rogue (or hopelessly naive) user with the administrative password.
Many Windows programs, including some from Microsoft, require administrative privileges to operate.
Then those programs are broken, and should not be used.
I've worked in secure environments (as in, government-type secure). You do not get local admin rights on your machines, yet somehow, you still manage to get your work done...
1. Compare WinXP operation system to the whole distribution is stupid.
Why? The distributor has the source to every single package included with the distribution, and chooses to include them.
Why can they not then be held accountable for failing to spot security holes? If it's not practical to audit so much code to the required degree, then perhaps they should pare their distro down until it *is* possible.
-It is not in compliance with the GPL, and therefore illegal;
That's a serious claim; do you have any proof to back it up?
-none of the hardware manufacturers sells drivers, they sell hardware, dammit
So what? It's their code, they wrote it, shouldn't they be free to release it under whatever licence they see fit? I imagine you'd be pissed if people constantly lobbied you to release your code under a closed source licence rather than an open one, why should they react any differently?
You install it, there's no apps (or crap ones - compare IE to Firefox or Outlook Express to Evolution), or you pay lots of money to get them.
What apps do you get with a Linux distro that aren't also available for free download for Windows?
You run as root by default, not for ease of use (how difficult is 'type your passsword to continue' that Fedora and OS X do?) but because Microsoft and Windows developers couldn't be bothered fixing things.
Since Win 2k at least you've had the "Run as..." 'command' that allows you to do just that on Windows.
And you get spyware and viruses as a result,
The sort of people who do, are the sort who would get them for *any* platform, because they're the sort who just blindly click "ok" on every dialogue without reading it. I've been running XP for about 3 years, and have never had a single spyware or virus infection.
To get a feel for "the objectives of the community", you must speak with a representative sample of that community. It seems to me that the easiest way to do that is right here, at slashdot.
Yes, we are all individuals, yes we all believe and want different things, but the same comments are made (and modded up to +4 or +5) time and time again. That would certainly seem to imply that "the slashdot readership" holds a certain opinion, and by extension, that (at least part of) the open source community does so too.
More than that, Windows gently reminds you at appropriate times that you really ought to have patches download and install themselves automatically. ("At appropriate times" means on the Windows Update site, and in the Security Centre)
Now, you may argue that that's a bad idea, you should always know what's being installed on your machine and what it might break, etc, and I'd agree. The flip side of that though is that anything that increases the likelihood of home users installing security updates has got to be a Good Thing.
[It's been 4 minutes since you last successfully posted a comment
1) the score is in the public domain (Mozart died centuries ago!), anyone can perform it
2) anyone who does perform it (or depending on the exact details of the agreement, commissions such a performance) owns the rights to that performance
3) the BBC commissioned such a performance, and owns the rights to it
4) it is this performance that the BBC is distributing
5) no-one is suing anyone; no-one has any legal grounds to do so
6) the idiot who's mouthing off is being a cry-baby about the government (the BBC is state-owned, but independently managed) giving away for free things that he and his associates are trying to sell, claiming that it's "unfair competition"
The BBC is perfectly within its legal rights to do what it is doing. What's more, as I help fund the BBC (through the licence fee), it could be argued that I have a moral right to access these recordings, as I helped pay for them. But then I tend to believe that anything that is produced by or on behalf of the government should be accessible to all (where appropriate - obviously there should be exceptions for security reasons, I don't want to know the details of troop movements, etc)
I wouldn't worry about it, it's not like moderation here actually matters. For that matter, whoever modded you may simply have slipped, and been going for Interesting - you can't change your mind.
The old 8 bit computers e.g. Commodore 64 (I had an Amstrad 6128) were great in this way.
The old 8 bit computers also all had identical, known hardware, so there was no need for driver updates. They were far less complex, so there was far less chance of bugs. They were far less interconnected (if at all), so far less chance of (exploitable) security holes.
Likewise, as another poster points out, your microwave does essentially nothing compared to your PC. A better comparison would be a satellite receiver or PVR. I've had one of each, and they both take a non-significant amount of time to boot before they're usable. In fact, my gut feeling is that they take around as long as my PC.
Having the OS on some sort of non-volatile storage would be good for fast boots, but how often do you boot your PC? I boot my home one once per day, and my work one once in a blue moon. The advantages of that sort of a system just don't outweigh the potential problems associated with it, for me at least.
Then buy a motherboard that supports ACPI properly - I can switch my machine off from its own power switch without Windows bitching at me.
(No, you can't do it at the mains, that's just the way modern filesystems are, sorry. They cache writes for performance reasons; if you kill the power before everything's been written to disk, you can kiss data goodbye.)
/Especially CEOs.../
I see. Other people than you should care enough to sacrifice their wealth.
I think a lot of people dislike CEOs (and other top-level execs) for a few reasons:
1) They get paid a literal fortune, often 50 times what an engineer/programmer gets or more (and so 100 times that of a "normal" position, 200 times that of a janitor, etc)
2) People don't understand what they do and so don't value it (witness the posts here essentially saying that engineers are irreplacable, while anyone can manage)
3) If you or I fuck up big time, we get fired. If an executive-level employee fucks up big time, they get a huge pay-off ($40m for Carly?) and walk into another similar job somewhere else (not that they *need* to work!)
For example, the previous chairman of the company I'm at burnt through about £12billion (about 80-90% of the company's cash reserves) all-but crippling it, then left with a multi-million pound pay-out.
Besides that, there's an old saying - "from each according to their means, to each according to their needs". CEOs and their ilk have the means to provide for an awful lot of needs...
Charity. Voluntary charity. The kind where the person that needs help asks for help. And then someone helps them voluntarily. And then they say "thank you" when they get help. And they try hard to be worthy of the help that they recieved.
I see people on the streets everyday trying to live off that sort of charity. I don't see too many people giving.
So now you have 15,000 less people to lead/manage but you still have the same number of executives and managers. That seems to create a very top heavy structure and those tend to fall over both in the management world and the engineering world.
You're reading it wrong. They're not saying "we're not getting rid of managers, just engineers, sales, secretaries, etc", they're saying "all the top-level managers - directors, senior executives, division heads - will remain".
Don't worry, plenty of middle- and lower-management roles will be going amongst those 15,000. It's the jobs at the top that will remain (just as they always do - you don't get rid of your friends unless you absolutely have to, and besides, you might want to work with them again some day...)
It will be really interesting to see the generation that grew up warez and freeware begin to start running major corporations.
Bear in mind that most of the generation running companies now grew up with taping records off their friends, before graduating to copying videos.
It's nothing to do with the firewall, the exploit is in rdesktop. The firewall allows incoming rdesktop connections by default (iirc), hence the "even with the firewall on" comment.
I'd imagine that it's partly due to how much harder it is to write good multi-threaded code that scales well with increasing numbers of CPUs.
Yes, you're running the same code whether you have 1 CPU or 8, but if you do have more than one then you're actually benefiting from the additional effort (design, development, testing, etc). I imagine that the rationale is that it was harder and more expensive to write, why not charge more for it?
On top of that, the vast majority of multi-CPU users are business users, which tend to have more money and be prepared to spend it; you charge what the market will bear.
So, in the case of Disneyland, they are maoving from 1-factor (somthing you have) to 2 (something you have and something you are). Even if someone steals your card, they have to build a fake hand (it's checking hand geometry, not fingerprints) and use it unnoticed. However the real aim is to prevent peopel from shaing their cards. It's easy to give away a token, much harder to make a convincing fake hand and not get caught.
That doesn't answer the question - if your biometric identifier is compromised and revoked, how do you authenticate yourself in such a two-factor scheme? You still have the card, but you no longer have the biometric aspect.
How do you prove that you've not just borrowed someone else's card?
Likewise for an ATM, if it uses a fingerprint and PIN. Without the fingerprint, how do you gain access? (Just like today - no card, no access)
Sure, n-factor authentication makes it harder for someone to impersonate you. However, if for whatever reason one of htose factors is rendered unusable to you, you must replace it. That, as the OP points out, is impossible in the case of a biometric identifier.
That's probably the case, but now the hacker has a list of usernames and password hashes to run an attack against.
Sure, it'll take a while, and probably isn't worth the effort for something like this, but if you have the md5 hashes, then given time, you have the passwords.
Well, it's just human nature. On the other hand though, it's a little different for government. They not only volunteered for the post, they spent a fair amount of time, money and effort convincing the very people they're now wishing weren't there that they were the right person for the job, that they'd represent their needs and the needs of the country as a whole better than anyone else going for the job.
They stood up and said "pick me to represent you, I'll do a good job, I have your best interests at heart", got picked, and are now saying "God, I wish I didn't have to represent these people"
4GB? Luxury! I had a 500MB hdd on my first PC. No, I didn't have a lot of space left once Win 95 was installed...
Well, some of us morons weren't expecting 20 minutes or so of pure schmaltz at the end, complete with a grating utter bullshit "explanation" of why his mother could only stay for 24 hours. (But then, Star Trek tends to grate on me at times; the curse of a physics degree...)
Other than ruining it in that way, yes, it was a fine film.
I'm all about cursing and not linking intelligence factor to it but, man, that post was worthless trolling!
Really? You think? He's only posted it (or very similar variations on it) at least three times in this thread that I've noticed, and I've jumped in late...
But those barriers are by no means insurmountable, it just adds another step or two to the process of creating malware. There's plenty of malware available for Windows that masquerades as normal software (or piggy backs on it, "supporting" it a la Kazaa), there's no reason it won't be so for other OSes if it starts becoming worth the little shits' while to target them too.
Besies which, on a Unix box, it needn't be an executable, it could be an rpm or similar. Sure, you'd most likely restrict your target demographic to those who use a compatible distro, but there are only a few package formats anyway, and most distros can use "alien" formats too, if needs be.
You're just one shell-script attachment away from disaster when a user gets an email instructing them to save the attachment off, chmod +x it, and execute it, not knowing it contains the ever-useful "rm -rf" command inside.
Not even that; just create an rpm and tell people to rpm -i it.
If *nix ever became as ubiquitous as Windows is now, it would assuredly happen, I'll set my watch and warrant on it.
I gree with you 100% there. The best security model in the world can't save a machine from a rogue (or hopelessly naive) user with the administrative password.
Many Windows programs, including some from Microsoft, require administrative privileges to operate.
Then those programs are broken, and should not be used.
I've worked in secure environments (as in, government-type secure). You do not get local admin rights on your machines, yet somehow, you still manage to get your work done...
1. Compare WinXP operation system to the whole distribution is stupid.
Why? The distributor has the source to every single package included with the distribution, and chooses to include them.
Why can they not then be held accountable for failing to spot security holes? If it's not practical to audit so much code to the required degree, then perhaps they should pare their distro down until it *is* possible.
-It is not in compliance with the GPL, and therefore illegal;
That's a serious claim; do you have any proof to back it up?
-none of the hardware manufacturers sells drivers, they sell hardware, dammit
So what? It's their code, they wrote it, shouldn't they be free to release it under whatever licence they see fit? I imagine you'd be pissed if people constantly lobbied you to release your code under a closed source licence rather than an open one, why should they react any differently?
You install it, there's no apps (or crap ones - compare IE to Firefox or Outlook Express to Evolution), or you pay lots of money to get them.
What apps do you get with a Linux distro that aren't also available for free download for Windows?
You run as root by default, not for ease of use (how difficult is 'type your passsword to continue' that Fedora and OS X do?) but because Microsoft and Windows developers couldn't be bothered fixing things.
Since Win 2k at least you've had the "Run as..." 'command' that allows you to do just that on Windows.
And you get spyware and viruses as a result,
The sort of people who do, are the sort who would get them for *any* platform, because they're the sort who just blindly click "ok" on every dialogue without reading it. I've been running XP for about 3 years, and have never had a single spyware or virus infection.
What else would you use to form it though?
To get a feel for "the objectives of the community", you must speak with a representative sample of that community. It seems to me that the easiest way to do that is right here, at slashdot.
Yes, we are all individuals, yes we all believe and want different things, but the same comments are made (and modded up to +4 or +5) time and time again. That would certainly seem to imply that "the slashdot readership" holds a certain opinion, and by extension, that (at least part of) the open source community does so too.
Did you mean a Pentium-M?
Well, he said "p4-m", so I'm guessing yes...
That's automated build, genius, not automated release. It's part of the build process, not the release process...
More than that, Windows gently reminds you at appropriate times that you really ought to have patches download and install themselves automatically. ("At appropriate times" means on the Windows Update site, and in the Security Centre)
Now, you may argue that that's a bad idea, you should always know what's being installed on your machine and what it might break, etc, and I'd agree. The flip side of that though is that anything that increases the likelihood of home users installing security updates has got to be a Good Thing.
[It's been 4 minutes since you last successfully posted a comment
Editors, can we *please* get this fixed?]
No.
1) the score is in the public domain (Mozart died centuries ago!), anyone can perform it
2) anyone who does perform it (or depending on the exact details of the agreement, commissions such a performance) owns the rights to that performance
3) the BBC commissioned such a performance, and owns the rights to it
4) it is this performance that the BBC is distributing
5) no-one is suing anyone; no-one has any legal grounds to do so
6) the idiot who's mouthing off is being a cry-baby about the government (the BBC is state-owned, but independently managed) giving away for free things that he and his associates are trying to sell, claiming that it's "unfair competition"
The BBC is perfectly within its legal rights to do what it is doing. What's more, as I help fund the BBC (through the licence fee), it could be argued that I have a moral right to access these recordings, as I helped pay for them. But then I tend to believe that anything that is produced by or on behalf of the government should be accessible to all (where appropriate - obviously there should be exceptions for security reasons, I don't want to know the details of troop movements, etc)
I wouldn't worry about it, it's not like moderation here actually matters. For that matter, whoever modded you may simply have slipped, and been going for Interesting - you can't change your mind.