Recently, I think we've had some pretty good demonstrations of the false sense of security we've all smugly adapted regarding open source:
oTrojaning of popular open source software (such as OpenSSH and tcpdump). oRepetitive exploits in the same software, such as the recent BIND exploits in the latest version (and the eighty or ninety exploits that came before it). oProgrammers releasing details of security flaws after their platform is covered but before everybody else has a chance to patch the problem.
So I think he may have a point. Closed source isn't secure, to be sure, but irregardless these continual problems with dealing with security flaws in free software beg the question of whether or not the open source methodology is much better in 'root'ing out problems.
Note: I'm just talking about security, not overall quality of product. I still use open source because I feel it is superior to closed source in so many ways. However, I want to burst this bubble we've collectively got about "Thousands of eyes on the source code mean we're all safer", because obviously it isn't turning out that way.
If it only emits beta radiation, there isn't much to worry about. Beta particles can be stopped by a sheet of paper. Just make sure your phone is wrapped in paper and you're good to go.
SSL and SSH are great when you can use them, but there are circumstances when software-level encryption is prohibitive for one reason or another (too costly, unavailable, breaks things). Windows file shares are a pretty good example of the latter, as are NFS shares or a system that just doesn't support it.
You can establish an SSH session to a Linux system rather easily, but maybe the six-year-old AS/400 sitting on the internal corporate network doesn't. Upgrading the AS/400 is an expensive proposition. Implementing a VPN solution, perhaps at the border router or with another internal system, is probably the best method with current 802.11 hardware. But if the hardware supports encryption, everything is transparent.
Hardware-level encryption certainly doesn't absolve the end user of the responsibility of encrypting Internet communications. However, on an internal network, I think you should be able to trust your wireless connections to the same degree you can trust your wired ones. At worst, hardware-level encryption is a wasted step, but it would give some protection to the average user who expects the internal network to be protected.
For one thing, 802.11 should probably be implementing encryption in the hardware by default. Who wants their data going over the airwaves unencrypted, anyway? Additionally, having it in the hardware would make actually using it easier than trying to work something like FreeS/WAN.
I don't actually own one myself (and I'll retract the pricey comment, because I'd heard the unit with the HDD was going for a few hundred more) but I'm referring to the FM output. Then again, I've gotten used to the transmitters you can hook your portable CD player to for the car, and kind of assumed the general lack of quality of the signal had to do with the limitation of the output wattage the FCC assigns to try to prevent consumer equipment from stomping on a neighbor's reception of a radio station.
but all in all, a pretty nifty gadget for people who are into that sort of thing. The fidelity is decent for something its size, and while transfers take a while it's really neat to be able to hum a song you've got stuck in your head and have it tell you what it is (depending on your singing voice, I suppose).
I don't know how fast it is in beaming from one unit to another, but as the article mentions I wouldn't assume it's that fast -- just guessing, but maybe on the order of swapping one or two songs rather than several CDs within a reasonable amount of time? Much faster, and I imagine we'll be seeing the Napster debacle all over again...
Is eBay the most appropriate venue for indies?
on
Ebay vs. Musician
·
· Score: 5, Insightful
Given that eBay is an auction site, that indies are by nature not likely to have the kind of demand that would make auctioning their music worthwhile, and that CD-Rs of their music being pressed by them isn't something that is likely to be in a strictly limited supply, what's the advantage of selling your own music on eBay over setting up your own website or using one designed to push independent music that already exists?
Advertising is something like 1/3 of the cost of a drug nowadays. No doubt a small amount of this is essential to break a drug into the public consciousness, but much of the rest in many cases is intended to persuade a potential customer to bug the hell out of a doctor to prescribe something that may or may not be necessary. I'd suggest that this is one example of the type of fat that can be trimmed to make generous gestures like providing AIDS medication to the dying in impoverished nations a little more palatable.
I keep seeing the concept that, somehow, there is this sacrosanct bubble of massive profitability surrounding 'ideas' or 'creativity' that must never ever be tampered with lest it pop and we are swept back into the Dark Ages covered with pox because our artists stop singing, actors stop acting, programmers stop coding and biochemists throw their hands up in despair because they're surrounded by a world of need without any financial means to create. It is as ridiculous as the idea we simply give everything away. There is a happy medium involving slightly more modest returns and the deaths of a few million fewer people, once we embrace the idea that philantrophy can come ahead of luxury.
Re:Why aren't Oopses dumped to swap?
on
Linux 3.0
·
· Score: 2, Interesting
I can only guess, but two reasons this might be the case are that the swap doesn't necessarily have to reside in its own partition but can be in a file or simply unused on a system, or (more likely) that this prevents the possibility of obliterating the dump in the process of trying to view it. Also, the software apparently lets you do a 'crash dump' from a live system, which would be inconvenient to have overwrite swap...
This seems like the safest option, because it's isolated from the Linux system at any other point, but it would be nice to get the swap option as well for people who aren't interested in the fancy stuff unless something goes seriously wrong.
Technically speaking, if you're not using a SMP system you're processing logic asynchronously.
But more to the point: while asynchronous logic may appear to offer a simple tradeoff (slower processing time for more efficient battery life), recent advances in microsilic design make the argument for asynchronous components moot. For one thing, while two synchronous ICs take twice the power of one asynchronous IC (not quite because of the impedance caused by the circuit pathway between two chips, but that's negligible under most circumstances), they will in general arrive at a result twice as quickly as its serial pal. Twice as quick, relatively equal power consumption.
The real reason for the drive towards asynchronicity is to cut down on the costs of an embedded design. Most people don't need their toaster to process the 'Is the bread hot enough' instruction with twice the speed of other people's toasters. But for PDAs (Personal Data Assistants) or computer peripherals I wouldn't accept an asychronous design unless it was half as much.
My most anticipated feature
on
Linux 3.0
·
· Score: 5, Insightful
LKCD: Linux Kernel Crash Dumps. Really, I wish this had been there for the first half of 2.4 (testing-pre?). Supposedly it'll be able to save an image of kernel memory when the kernel panics to a special partition so that it can be recovered after reboot allowing easy analysis of the image. This alone should cut down greatly on the amount of work required to submit bug reports.
I think we might very well have hit rock-bottom. I mean, I suppose there has always been an empowered bunch screwing over the masses to stay in power, but it doesn't make much sense that we've got enough food to eat and enough science to keep people well and we're willing to hold it all back like this.
I never much liked the need for the idea of intellectual property (although I'm hard-pressed to come up with an alternate system that'll work as well on the whole), but somehow when we're talking about lives rather than Napster and hearing the same exact story from the people who 'own' the IP (we just wouldn't have the incentive to produce if we don't have total control) it makes the whole idea sound pretty dumb.
As I understand it, there are a number of constraints that would make a straight comparison impossible.
For one thing, the complexity of the electronics they've got to jam in the drive goes up because they need hardware to interpret CD and DVD. Also, there are something like three different wavelengths to support with the laser (CD-R, CD-RW, and DVD) IIRC.
Technically, the drive will be capable of spinning both at the same speed, but it's the interpretation of the data that comes in that is the limiting factor in this case.
While the 3G band remains mostly unfettered by the electronic noise that crowds the 900Mhz band, the extremely short wavelength (which sits immediately below infrared) is prone to strange forms of interference. Whereas your average 802.11b card will slow down but continue to function in a field of interference, blinking lights within the red wavelength will cause a connection to blink on and off simultaneously, at least in the portion of the waveband the data stream occupies (the voice stream is uneffected, but we're talking broadband Internet). Also problematic because of their proximity to the band are the ultrasonic devices employed in smaller Australian towns to keep the wallaby off the roads, however to a lesser degree because of the difference in spectral category of signals involved.
Apparently, they're working on a system to reduce undesirable field harmonics, which is part of what is causing the delay.
True, it is not probable that the industry can find a way to effectively protect a compact-disc from illegal copying without violating the specification, but how many average Britney Spears fans pay careful attention to how 'in spec' their CD collections are? What's the effective difference between a compact-disc and music on a plastic wafer that will play back pretty much anywhere but won't let people record from it, other than the preventing copying part?
On a related note (since I try to stomp out FUD where I find it), I'd have a hard time saying that the industry's intent is to destroy fair use. Where's the profit in that? I have little doubt that the problems that are occurring are because they're trying to -comply- with spec, not obliterate it -- namely, the problems some have noted with copy-protected compact discs are because the industry is trying to protect its content while remaining compatible with an obsolete standard. I have little doubt that when the next generation of media arrives, with effective digital rights management built in, that it will have the capability to deliver content and permit fair use while preventing the sort of rampant piracy that is driving small record chains out of business. I think that the free market will probably be the best way to determine how importantly fair use should factor in to these new designs.
True, not many people are using it on the desktop anymore, but there are still a number of things that Minix excels at. It was adapted to embedded computing before Linux, for one thing, because it could run the 286 processor in extended mode. It makes a much more efficient/lightweight server than any *BSD, and is actually responsible for a large segment of the Apache userbase on the Internet yet goes underreported because the server string in the apache-minix package says Linux. Additionally, the code is (IMHO) much easier to follow for CS students, and demonstrates many more esoteric yet practical systems engineering principles than can be found in its fork (Linux).
So no, I wouldn't fire off that 'Minix is dying' troll just yet; the presence of Minix filesystem compatibility in its friendly rivals betrays the foothold Minix yet retains among many of the computers that power the Internet today. We wouldn't argue that Linux is dying simply because it doesn't have nearly the desktop share of Microsoft Windows, because we are aware that it is churning away out there just beneath the consciousness of most computer users. So too we should remember that Minix occupies as well a place within our hearts as well as within the Internet.
This is 'Best of Slashdot' week. They're rerunning all the top stories, and I think this Friday they're playing 'Voices From The Hellmouth 11: Katz Strikes Back'.
This isn't the first time I've seen a segment of the Open Source/Free Software community turn on itself. What is it that causes these kinds of conflicts and mistrust? Are inflated egos allowed to remain because of their coding ability where in the business world they would have been let go? Is it because people invest themselves more personally than if they were working for money? Or is it just a situation where muckrakers can thrive because everything is done openly?
I worry that this sort of thing feeds into the 'crackpot' image many in business seem to have of the community...
I've read a number of items on Politech -- the writer's mailing list -- dealing with the DMCA and DeCSS lawsuits, so I'd guess that he's at least somewhat aware that this is a thorny issue. On the other hand, journalism has traditionally been about 'Damn the torpedos; full speed ahead' in our country (something that's easy to forget when mainstream journalism has become as neutered and insipid as it is today).
On the other hand, maybe it wouldn't have been such a bad idea on his part to actually link a Linux version instead of or in addition to the Windows one to make the point a little clearer.
The recording and movie industries are probably quite capable of embracing the concept of P2P -- but not in the guise it has today. They're just trying to lock everything down so that you can't move your content digitally without their consent, whether by Internet, LAN, CD-R, or Zip disk. Once (if) that happens, I'm sure they'd be pleased to reopen the door to some extent on file trading, for a price.
Besides trying to cut down on 'piracy', they're aiming at carving more revenue streams out of things we've taken for granted. Witness the 'copy-protected' CDs that won't play in your computer but allow you to access a portion of the manufacturer's website in order to hear the songs. Before, we'd simply put the CD in and listen through Media Player (or similar); now, we have to visit their site and watch their ads while streaming the songs over the Internet. Ostensibly, it's about copy protection, but it's also being billed as a way to direct your customers to your site every time they want to listen to their CD on their computer.
Again, once they've got everything locked down, they'll be free to push proprietary formats that do all sorts of things. I imagine they'd like to know how much a particular artist/song is actually being listened to -- now they can find out, at least at the computer level. They almost definitely would like to rent music as well as sell it -- now it's possible, and they can pay a pittance for distribution because they can fob the bandwidth usage off to the users. Distribution over the Internet can be even cheaper for them because end-users can be part of the scheme. But first, they want to stamp out the possibility of 'freer' formats of their material existing, and certainly any ability to convert from locked format to free format.
I wouldn't think that they'd need more than the DMCA as a club, but I suppose they're using this horrid bit of law as a hedge against the possibility of that horrid bit of law being overturned. It's apparently a lot easier to feed crap into the U.S. Code than it is to scoop it out.
Dictionary-based brute force attacks such as those commonly used to crack lousy passwords have been in use for years now to harvest viable e-mail addresses. The last three addresses I've had have all been hit this way, two certainly unused and unpublished and one used only for Bugtraq and communication with three people who understand bcc:.
Basically, the address harvester has a program that connects directly to the mail server of my ISP and 'sends' lots of identical (mostly empty and therefore quickest to send) messages through the connection, generating a different To: portion from 'words' likely to appear in a username for each message. Every time a message fails to go through, the harvester is notified, so for every message that DOES go through the program writes the To: e-mail address that was generated for that message to a file of valid addresses.
Based on my experience, if you get a blank message and don't know the sender you can usually expect to get many more messages from people you don't know in the future -- with no mistakes necessary on your part to do so.
What's a good programming language in general?
on
Applied Java Patterns
·
· Score: -1, Offtopic
This book looks like it'll help greatly with Java programming, but I was wondering... what programming language is the best for designing applications in without being overly complicated? While I agree with the article that C++ is probably the best to learn algorithms with, surely there must be something out there that is just as robust but easier.
Actually, it was kind of interesting to watch a number of them I pegged as believing in what the Right to Life movement has to stand for waffle on the whole issue, almost as if they believe that human life exists at that scale and it would be a horrible sin to tamper with it unless there is an unrealized but vast profit to be made.
Slashdot Mirror
oTrojaning of popular open source software (such as OpenSSH and tcpdump).
oRepetitive exploits in the same software, such as the recent BIND exploits in the latest version (and the eighty or ninety exploits that came before it).
oProgrammers releasing details of security flaws after their platform is covered but before everybody else has a chance to patch the problem.
So I think he may have a point. Closed source isn't secure, to be sure, but irregardless these continual problems with dealing with security flaws in free software beg the question of whether or not the open source methodology is much better in 'root'ing out problems.
Note: I'm just talking about security, not overall quality of product. I still use open source because I feel it is superior to closed source in so many ways. However, I want to burst this bubble we've collectively got about "Thousands of eyes on the source code mean we're all safer", because obviously it isn't turning out that way.
If it only emits beta radiation, there isn't much to worry about. Beta particles can be stopped by a sheet of paper. Just make sure your phone is wrapped in paper and you're good to go.
You can establish an SSH session to a Linux system rather easily, but maybe the six-year-old AS/400 sitting on the internal corporate network doesn't. Upgrading the AS/400 is an expensive proposition. Implementing a VPN solution, perhaps at the border router or with another internal system, is probably the best method with current 802.11 hardware. But if the hardware supports encryption, everything is transparent.
Hardware-level encryption certainly doesn't absolve the end user of the responsibility of encrypting Internet communications. However, on an internal network, I think you should be able to trust your wireless connections to the same degree you can trust your wired ones. At worst, hardware-level encryption is a wasted step, but it would give some protection to the average user who expects the internal network to be protected.
For one thing, 802.11 should probably be implementing encryption in the hardware by default. Who wants their data going over the airwaves unencrypted, anyway? Additionally, having it in the hardware would make actually using it easier than trying to work something like FreeS/WAN.
I don't actually own one myself (and I'll retract the pricey comment, because I'd heard the unit with the HDD was going for a few hundred more) but I'm referring to the FM output. Then again, I've gotten used to the transmitters you can hook your portable CD player to for the car, and kind of assumed the general lack of quality of the signal had to do with the limitation of the output wattage the FCC assigns to try to prevent consumer equipment from stomping on a neighbor's reception of a radio station.
I don't know how fast it is in beaming from one unit to another, but as the article mentions I wouldn't assume it's that fast -- just guessing, but maybe on the order of swapping one or two songs rather than several CDs within a reasonable amount of time? Much faster, and I imagine we'll be seeing the Napster debacle all over again...
Given that eBay is an auction site, that indies are by nature not likely to have the kind of demand that would make auctioning their music worthwhile, and that CD-Rs of their music being pressed by them isn't something that is likely to be in a strictly limited supply, what's the advantage of selling your own music on eBay over setting up your own website or using one designed to push independent music that already exists?
I keep seeing the concept that, somehow, there is this sacrosanct bubble of massive profitability surrounding 'ideas' or 'creativity' that must never ever be tampered with lest it pop and we are swept back into the Dark Ages covered with pox because our artists stop singing, actors stop acting, programmers stop coding and biochemists throw their hands up in despair because they're surrounded by a world of need without any financial means to create. It is as ridiculous as the idea we simply give everything away. There is a happy medium involving slightly more modest returns and the deaths of a few million fewer people, once we embrace the idea that philantrophy can come ahead of luxury.
This seems like the safest option, because it's isolated from the Linux system at any other point, but it would be nice to get the swap option as well for people who aren't interested in the fancy stuff unless something goes seriously wrong.
But more to the point: while asynchronous logic may appear to offer a simple tradeoff (slower processing time for more efficient battery life), recent advances in microsilic design make the argument for asynchronous components moot. For one thing, while two synchronous ICs take twice the power of one asynchronous IC (not quite because of the impedance caused by the circuit pathway between two chips, but that's negligible under most circumstances), they will in general arrive at a result twice as quickly as its serial pal. Twice as quick, relatively equal power consumption.
The real reason for the drive towards asynchronicity is to cut down on the costs of an embedded design. Most people don't need their toaster to process the 'Is the bread hot enough' instruction with twice the speed of other people's toasters. But for PDAs (Personal Data Assistants) or computer peripherals I wouldn't accept an asychronous design unless it was half as much.
LKCD: Linux Kernel Crash Dumps. Really, I wish this had been there for the first half of 2.4 (testing-pre?). Supposedly it'll be able to save an image of kernel memory when the kernel panics to a special partition so that it can be recovered after reboot allowing easy analysis of the image. This alone should cut down greatly on the amount of work required to submit bug reports.
I never much liked the need for the idea of intellectual property (although I'm hard-pressed to come up with an alternate system that'll work as well on the whole), but somehow when we're talking about lives rather than Napster and hearing the same exact story from the people who 'own' the IP (we just wouldn't have the incentive to produce if we don't have total control) it makes the whole idea sound pretty dumb.
For one thing, the complexity of the electronics they've got to jam in the drive goes up because they need hardware to interpret CD and DVD. Also, there are something like three different wavelengths to support with the laser (CD-R, CD-RW, and DVD) IIRC.
Technically, the drive will be capable of spinning both at the same speed, but it's the interpretation of the data that comes in that is the limiting factor in this case.
Apparently, they're working on a system to reduce undesirable field harmonics, which is part of what is causing the delay.
On a related note (since I try to stomp out FUD where I find it), I'd have a hard time saying that the industry's intent is to destroy fair use. Where's the profit in that? I have little doubt that the problems that are occurring are because they're trying to -comply- with spec, not obliterate it -- namely, the problems some have noted with copy-protected compact discs are because the industry is trying to protect its content while remaining compatible with an obsolete standard. I have little doubt that when the next generation of media arrives, with effective digital rights management built in, that it will have the capability to deliver content and permit fair use while preventing the sort of rampant piracy that is driving small record chains out of business. I think that the free market will probably be the best way to determine how importantly fair use should factor in to these new designs.
So no, I wouldn't fire off that 'Minix is dying' troll just yet; the presence of Minix filesystem compatibility in its friendly rivals betrays the foothold Minix yet retains among many of the computers that power the Internet today. We wouldn't argue that Linux is dying simply because it doesn't have nearly the desktop share of Microsoft Windows, because we are aware that it is churning away out there just beneath the consciousness of most computer users. So too we should remember that Minix occupies as well a place within our hearts as well as within the Internet.
This is 'Best of Slashdot' week. They're rerunning all the top stories, and I think this Friday they're playing 'Voices From The Hellmouth 11: Katz Strikes Back'.
I worry that this sort of thing feeds into the 'crackpot' image many in business seem to have of the community...
On the other hand, maybe it wouldn't have been such a bad idea on his part to actually link a Linux version instead of or in addition to the Windows one to make the point a little clearer.
FRIEND: Dude, I just like, totally ripped this CD off from the store.
FANNING: Hey, check this out, man: I just discovered a bodacious way to rip off CDs without shoplifting!
FRIEND: Excellent!
FANNING: It works with porn, too!
FRIEND: Sixty-nine, dude!
FANNING: Whoa.
Besides trying to cut down on 'piracy', they're aiming at carving more revenue streams out of things we've taken for granted. Witness the 'copy-protected' CDs that won't play in your computer but allow you to access a portion of the manufacturer's website in order to hear the songs. Before, we'd simply put the CD in and listen through Media Player (or similar); now, we have to visit their site and watch their ads while streaming the songs over the Internet. Ostensibly, it's about copy protection, but it's also being billed as a way to direct your customers to your site every time they want to listen to their CD on their computer.
Again, once they've got everything locked down, they'll be free to push proprietary formats that do all sorts of things. I imagine they'd like to know how much a particular artist/song is actually being listened to -- now they can find out, at least at the computer level. They almost definitely would like to rent music as well as sell it -- now it's possible, and they can pay a pittance for distribution because they can fob the bandwidth usage off to the users. Distribution over the Internet can be even cheaper for them because end-users can be part of the scheme. But first, they want to stamp out the possibility of 'freer' formats of their material existing, and certainly any ability to convert from locked format to free format.
I wouldn't think that they'd need more than the DMCA as a club, but I suppose they're using this horrid bit of law as a hedge against the possibility of that horrid bit of law being overturned. It's apparently a lot easier to feed crap into the U.S. Code than it is to scoop it out.
I know that seems like an awful lot of money, but does it even approach the amount the industry gained through its unfair practices?
Basically, the address harvester has a program that connects directly to the mail server of my ISP and 'sends' lots of identical (mostly empty and therefore quickest to send) messages through the connection, generating a different To: portion from 'words' likely to appear in a username for each message. Every time a message fails to go through, the harvester is notified, so for every message that DOES go through the program writes the To: e-mail address that was generated for that message to a file of valid addresses.
Based on my experience, if you get a blank message and don't know the sender you can usually expect to get many more messages from people you don't know in the future -- with no mistakes necessary on your part to do so.
This book looks like it'll help greatly with Java programming, but I was wondering... what programming language is the best for designing applications in without being overly complicated? While I agree with the article that C++ is probably the best to learn algorithms with, surely there must be something out there that is just as robust but easier.
Actually, it was kind of interesting to watch a number of them I pegged as believing in what the Right to Life movement has to stand for waffle on the whole issue, almost as if they believe that human life exists at that scale and it would be a horrible sin to tamper with it unless there is an unrealized but vast profit to be made.