Software versions matter because they let you know what's older and what's newer, but that's about it. Case in point: I'm trying to get the Network Block Device client/server setup working on an embedded device running Linux 2.6.26. The client part in the kernel is incomplete if you want to try using it for swapping (but that's another story). The versions of the NBD client (and server kernel patches) range from 2.0 to 2.4, but these have nothing to do with the version of the kernel. It's confusing as hell.
Their approach seems to be doing nothing but speeding up brute-force searching for the key. If it's a "bad" key, like a simple word, this will speed up the search greatly. If it's a "good" key then speeding up the search 100 times is, for all practical purposes, meaningless. Get back to me when you've achieved a 100 * 100 * 100 * 100 * 100 * 100 *100 * 100 faster search.
The 800 lb gorilla in the room that nobody wants to talk about is the extreme lack of progress in language processing. OCR still requires far too much hand-editing of the result to be practical for casual use. Speech recognition is OK, but quite primitive. Speech ouput now sounds pretty good, but underlying all these should be a "natural language" computing infrastructure. Such a beast doesn't exist. That's why there are no "what you say is what you get" word processing programs or ubiquitous speech-control products. It's also why there are no quality translation tools for written or spoken languages.
MIT had high hopes for their AI lab in the late '70s. The Japanese had a crash program that was supposed to lift so called "expert systems" by several orders of magnitude in the late '80s. What ever happened to all the promised innovation? There is still no system capable of taking a piece of paper with handwritten notes and figuring out what information is present on it. Or even distinguish between information and random doodling. Or a system that groks music to the point where you can whistle a tune and it tells you the name and who wrote it.
SELinux controls what resources are used and where. This sounds like it monitors HOW processes behave. SELinux is over hyped. This sounds like a nightmare to configure and control the heuristics. You tweak it and tweak it to avoid false positives and then, inexplicably, it fails to stop something, and what good was it?
[BLOCKQUOTE]How is that different then shutting down a store in Africa because they run a store that is illegal by american standards and accept US currency?[/BLOCKQUOTE] Ask Manuel Noriega. He got the full monty.
I'm surprised my Q actually made it onto the list. Harald has my unending gratitude, not for answering my question, but for all the work he's done pursuing GPL violators. It's obvious more needs to be done. No way should Harald be personally liable for unforseen consequences in this area.
I certainly favor the carrot over the stick, but when you have solid evidence a for-profit company has stolen code and is profiting from it then copyright holders have got to stand up for their rights. I'm glad BusyBox has chosen to stand up for theirs. Personally, I think only the surface has been scratched when it comes to finding out who the bad guys are.
Time to donate a few dollars to Harald and a few more to the SFLC. They're working to protect OSS. I'll use the money I'm NOT donating to politicians this year. Those bastards don't work to protect anybody but themselves and their corrupt friends.
about.com and expertexchange.com come to mind. Thanks for TFA, though, I can pre-emptively block the domain at the router and modify my Google scripts to exclude results from there.
It only gets worse if you believed it was "good" in the first place. These revelations don't make it worse for me since I don't believe they're committed to my privacy at all. Never have been, never will be. Sheesh, I swear some of you people will believe anything! The "do no evil" myth has been one of the most pervasive and unfounded ones of the last decade. Watch what they do, not what they say.
I'm going to block ads no matter where they come from, as can any "consumer". All of a sudden the DoJ is concerned about anti-trust violations. This is bad because it means, within the halls of Justice, they see online advertising as "a big deal" while most online denizens detest all forms of online advertising. OK, some of us allow Google's unobtrusive text-only ads through because they're not too annoying, but if that should change then they're blocked too.
So the "big business" of online ads - that everyone hates - is important to the Justice department. Meanwhile, the MIAA and RIAA are allowed to continue bribing the Congress and being given the right to author their own laws, which are then backed up with the full weight of the US Government behind them.
Both major parties are fucked up, if you ask me. Really, really fucked up. No matter who wins the Presidency nothing much is going to change.
It's interesting to note that there is, and has been, an incredible market for batteries that provide significantly longer life. Instead, technology in this area improves in small increments. Anyone who can truly invent the "better battery" would be rich beyond their dreams.
Keep that in mind when you hear people proclaim that science and technology improvements will help us reduce the need for oil. Gauging the market and payoff potential of green and/or alternative energy sources is difficult. An immediate payoff is available for batteries with significantly enhanced life. So far, nothing.
A 2.5" 30GB laptop unit. It had Firefox stored passwords on it and other things I would consider "personally classified". I got what I needed off of it and used dd to zero it out. Took quite a while to run. When it was done I tossed it in the dumpster. Am I worried? Not one bit - and I didn't need this article or the original TFA to tell me that.
IMO every "security" solution for sale in the computing sector has some degree of snake oil and hype attached to it. That goes for anti-virus software and software firewalls as well. The best products are the ones that get almost no attention because they're free, like GPG.
The internet has not made us "less secure". That's claptrap propaganda designed to suck money out of our pockets for questionable security enhancements that enrich someone's cronies.
I'm not thrilled that Picasa will probably update itself without asking my permission. I seem to remember that happened once before. Seeing as how I need to use Picasa this afternoon, I'll have to de-network the computer first.
I'm REALLY worried that one day the old MusicMatch Jukebox v8 that came with my 4-year-old Dell will be remotely disabled somehow one day because I refuse to upgrade to yahoo or whatever it's turned into now. It seems to randomly connect somewhere and issue "friendly reminders" to me to upgrade. No way, Jose.
Speaking of Google, am I the only person not even remotely interested in their new chrome browser? Probably.
You have stated that your ability to pursue claims against those who violate the GPL is hampered by lack of resources. What amount and type of resources, in your estimate, would be required to pursue all such claims? I'm thinking in terms of everything from vetting the claims to see if they're warranted all the way through the hiring of legal representation to file and pursue lawsuits against the violators.
The vast majority of computer security "incidents" we hear about, and most of the ones we don't hear about, would never have taken place if this was the stance adopted 10 or 15 years ago. Not IT liability... corporate liability. Ultimately it's the corporate level where goals and policies are set and approved, and budget decisions reign supreme.
If the first large-scale data security breach that happened to a retailer or a bank had been made into an example, we wouldn't be seeing what we see today.
We need a Corporate Death Penalty. And since no actual human beings would be put to death, it should be applied fairly liberally. Seriously, a company that fucks up this badly doesn't really deserve to continue operating in any capacity.
If such a penalty were in existence you'd see all of these stories disappear overnight, and I don't mean because the guilty parties would be covering up their transgressions. I mean they would do whatever's necessary to protect their shareholders (the owners) from losing their investment. Security "best practices" would undergo a sea change almost overnight. Not that I expect the lobbyists to allow it to happen, of course.
Come on. Get over yourself. Cops, laywers, doctors, nurses, paramedics, military people... these walks of life deal with human misery, pain and suffering every day. If you're so worried about offending your sunny disposition maybe you should join a convent.
Listen, in any field if you can't take enjoyment out of what you're doing then (a) you should change your profession, or (b) realize if you can't do (a) you're in the same boat with about 80% of the rest of the population.
As a member of the IT world, security-related or otherwise, you have intellectual challenges and brain-teasers to deal with on a constant basis. Testing your knowledge and skill, forcing you to re-evaluate whether you're as good as you think you are every step of the way. And yet, even in such a position you're bound to go through times when you find yourself working for some real asshole(s). They're no fun, either, but you have to keep plugging away.
Either that or apply for a job at the factory where they make those "Have A Nice Day!" bumper stickers. Oh wait... that's in China. Never mind.
I never heard that term, either, but I'm guessing it's someone who knows the entire build process from start to finish. Possibly even wrote the scripts for it. For embedded Linux firmware this would involve shell scripts, custom tools written in C/C++, a ton of Makefiles, maybe a little Buildroot, and how to script the source code control system. Just figuring out how the various SCCS tools do "branching and merging" takes a guru all by itself.
Hyperthreading. I thought I was getting an ultra-tech processor when I bought my Dell 8400 some years back, with its 3.2 GHz P4 hyperthreaded power-sucking processor. Once all the reviews and independent technical evaluations and benchmarks were in, it was revealed that outside of a few niche application areas, hyperthreading wasn't all that great.
It's a good sign Nehalem is also focusing on lowering power usage, the reason Intel had to finally abandon their Tejas plans (the old 8400 Coppermine P4 was a juice junkie). But why return to a feature like hyperthreading that has been thoroughly debunked? New software being written is still struggling with SMP multiple cores and threads running in parallel. Why gum up the works even more with a questionable feature? It makes very little sense to me.
One justification would be if it had the potential to significantly reduce rendering times in animation and CGI applications. I thought Intel's plans for the mid-term were to go towards many-core processors (many more than 4 or even 8). Maybe hyperthreading is just a way to kick software designers in the arse, because software that can really take advantage of multi-threading is scarce. It's really quite amazing how much the hardware has outstripped the ability of software to keep up.
It's the new religion: less choice is good. I've noticed it creeping up in the Linux world. All are geared toward reducing your ability to choose:
1st Commandment: Thou shalt never log in as root. For over a decade I have logged in as root on my own systems and the few times I did something really dumb I had good backups. I've never really been burned. You are not supposed to have any choice here and you are an infidel if you choose to go against the church heierarchy. Perhaps it's a good rule of thumb for less-experienced admins, but I'm getting sick and tired of hearing everywhere a dozen times a day.
2nd Commandment: Thou shalt install SELinux. OK, more for the Redhat-based distros than anything else, but just try to install RHEL, Fedora, or CentOS and try to opt-out completely from SELinux. The best you can do is disable it, but you MUST install it. Merits aside, there is to be no argument on this point. It's religion, which means less choice for you.
3rd Commandment: Thou shalt not build thine own kernel. What ever happened to the traditional hacker's ideal of tinkering? Nothing defines "choice" like running through "make config" or its variants and picking and *gasp* CHOOSING what I want in my kernels. You can barely find information about this activity anymore. Wherever you see it being discussed, you will ALWAYS see the question posed, "Why do you want to do that?"
It's starting to trend toward the Mac mindset. If something doesn't meet your needs then there's a problem with those needs. Choosing a different way is unacceptable and will bring you nothing but trouble. So don't do it.
Slashdot Mirror
Software versions matter because they let you know what's older and what's newer, but that's about it. Case in point: I'm trying to get the Network Block Device client/server setup working on an embedded device running Linux 2.6.26. The client part in the kernel is incomplete if you want to try using it for swapping (but that's another story). The versions of the NBD client (and server kernel patches) range from 2.0 to 2.4, but these have nothing to do with the version of the kernel. It's confusing as hell.
Their approach seems to be doing nothing but speeding up brute-force searching for the key. If it's a "bad" key, like a simple word, this will speed up the search greatly. If it's a "good" key then speeding up the search 100 times is, for all practical purposes, meaningless. Get back to me when you've achieved a 100 * 100 * 100 * 100 * 100 * 100 *100 * 100 faster search.
The 800 lb gorilla in the room that nobody wants to talk about is the extreme lack of progress in language processing. OCR still requires far too much hand-editing of the result to be practical for casual use. Speech recognition is OK, but quite primitive. Speech ouput now sounds pretty good, but underlying all these should be a "natural language" computing infrastructure. Such a beast doesn't exist. That's why there are no "what you say is what you get" word processing programs or ubiquitous speech-control products. It's also why there are no quality translation tools for written or spoken languages.
MIT had high hopes for their AI lab in the late '70s. The Japanese had a crash program that was supposed to lift so called "expert systems" by several orders of magnitude in the late '80s. What ever happened to all the promised innovation? There is still no system capable of taking a piece of paper with handwritten notes and figuring out what information is present on it. Or even distinguish between information and random doodling. Or a system that groks music to the point where you can whistle a tune and it tells you the name and who wrote it.
We still have a long way to go.
This is not Stuff That Matters to Nerds.
Bad Slashdot. Bad.
SELinux controls what resources are used and where. This sounds like it monitors HOW processes behave. SELinux is over hyped. This sounds like a nightmare to configure and control the heuristics. You tweak it and tweak it to avoid false positives and then, inexplicably, it fails to stop something, and what good was it?
[BLOCKQUOTE]How is that different then shutting down a store in Africa because they run a store that is illegal by american standards and accept US currency?[/BLOCKQUOTE]
Ask Manuel Noriega. He got the full monty.
I'm surprised my Q actually made it onto the list. Harald has my unending gratitude, not for answering my question, but for all the work he's done pursuing GPL violators. It's obvious more needs to be done. No way should Harald be personally liable for unforseen consequences in this area.
I certainly favor the carrot over the stick, but when you have solid evidence a for-profit company has stolen code and is profiting from it then copyright holders have got to stand up for their rights. I'm glad BusyBox has chosen to stand up for theirs. Personally, I think only the surface has been scratched when it comes to finding out who the bad guys are.
Time to donate a few dollars to Harald and a few more to the SFLC. They're working to protect OSS. I'll use the money I'm NOT donating to politicians this year. Those bastards don't work to protect anybody but themselves and their corrupt friends.
about.com and expertexchange.com come to mind. Thanks for TFA, though, I can pre-emptively block the domain at the router and modify my Google scripts to exclude results from there.
It only gets worse if you believed it was "good" in the first place. These revelations don't make it worse for me since I don't believe they're committed to my privacy at all. Never have been, never will be. Sheesh, I swear some of you people will believe anything! The "do no evil" myth has been one of the most pervasive and unfounded ones of the last decade. Watch what they do, not what they say.
It's a tacit admission that's one step away: We don't really care about it.
When it comes to customer data, though, it's nothing a few well-placed convictions for willful negligence won't solve.
Especially Americans. Witness the politial campaigns.
I'm going to block ads no matter where they come from, as can any "consumer". All of a sudden the DoJ is concerned about anti-trust violations. This is bad because it means, within the halls of Justice, they see online advertising as "a big deal" while most online denizens detest all forms of online advertising. OK, some of us allow Google's unobtrusive text-only ads through because they're not too annoying, but if that should change then they're blocked too.
So the "big business" of online ads - that everyone hates - is important to the Justice department. Meanwhile, the MIAA and RIAA are allowed to continue bribing the Congress and being given the right to author their own laws, which are then backed up with the full weight of the US Government behind them.
Both major parties are fucked up, if you ask me. Really, really fucked up. No matter who wins the Presidency nothing much is going to change.
It's interesting to note that there is, and has been, an incredible market for batteries that provide significantly longer life. Instead, technology in this area improves in small increments. Anyone who can truly invent the "better battery" would be rich beyond their dreams.
Keep that in mind when you hear people proclaim that science and technology improvements will help us reduce the need for oil. Gauging the market and payoff potential of green and/or alternative energy sources is difficult. An immediate payoff is available for batteries with significantly enhanced life. So far, nothing.
A 2.5" 30GB laptop unit. It had Firefox stored passwords on it and other things I would consider "personally classified". I got what I needed off of it and used dd to zero it out. Took quite a while to run. When it was done I tossed it in the dumpster. Am I worried? Not one bit - and I didn't need this article or the original TFA to tell me that.
IMO every "security" solution for sale in the computing sector has some degree of snake oil and hype attached to it. That goes for anti-virus software and software firewalls as well. The best products are the ones that get almost no attention because they're free, like GPG.
The internet has not made us "less secure". That's claptrap propaganda designed to suck money out of our pockets for questionable security enhancements that enrich someone's cronies.
Count me as a non-customer for this book.
I'm not thrilled that Picasa will probably update itself without asking my permission. I seem to remember that happened once before. Seeing as how I need to use Picasa this afternoon, I'll have to de-network the computer first.
I'm REALLY worried that one day the old MusicMatch Jukebox v8 that came with my 4-year-old Dell will be remotely disabled somehow one day because I refuse to upgrade to yahoo or whatever it's turned into now. It seems to randomly connect somewhere and issue "friendly reminders" to me to upgrade. No way, Jose.
Speaking of Google, am I the only person not even remotely interested in their new chrome browser? Probably.
You have stated that your ability to pursue claims against those who violate the GPL is hampered by lack of resources. What amount and type of resources, in your estimate, would be required to pursue all such claims? I'm thinking in terms of everything from vetting the claims to see if they're warranted all the way through the hiring of legal representation to file and pursue lawsuits against the violators.
The vast majority of computer security "incidents" we hear about, and most of the ones we don't hear about, would never have taken place if this was the stance adopted 10 or 15 years ago. Not IT liability... corporate liability. Ultimately it's the corporate level where goals and policies are set and approved, and budget decisions reign supreme.
If the first large-scale data security breach that happened to a retailer or a bank had been made into an example, we wouldn't be seeing what we see today.
We need a Corporate Death Penalty. And since no actual human beings would be put to death, it should be applied fairly liberally. Seriously, a company that fucks up this badly doesn't really deserve to continue operating in any capacity.
If such a penalty were in existence you'd see all of these stories disappear overnight, and I don't mean because the guilty parties would be covering up their transgressions. I mean they would do whatever's necessary to protect their shareholders (the owners) from losing their investment. Security "best practices" would undergo a sea change almost overnight. Not that I expect the lobbyists to allow it to happen, of course.
Come on. Get over yourself. Cops, laywers, doctors, nurses, paramedics, military people... these walks of life deal with human misery, pain and suffering every day. If you're so worried about offending your sunny disposition maybe you should join a convent.
Listen, in any field if you can't take enjoyment out of what you're doing then (a) you should change your profession, or (b) realize if you can't do (a) you're in the same boat with about 80% of the rest of the population.
As a member of the IT world, security-related or otherwise, you have intellectual challenges and brain-teasers to deal with on a constant basis. Testing your knowledge and skill, forcing you to re-evaluate whether you're as good as you think you are every step of the way. And yet, even in such a position you're bound to go through times when you find yourself working for some real asshole(s). They're no fun, either, but you have to keep plugging away.
Either that or apply for a job at the factory where they make those "Have A Nice Day!" bumper stickers. Oh wait ... that's in China. Never mind.
I never heard that term, either, but I'm guessing it's someone who knows the entire build process from start to finish. Possibly even wrote the scripts for it. For embedded Linux firmware this would involve shell scripts, custom tools written in C/C++, a ton of Makefiles, maybe a little Buildroot, and how to script the source code control system. Just figuring out how the various SCCS tools do "branching and merging" takes a guru all by itself.
Thanks for a concise, factual reply. Now my interest is piqued and I will do a little more reading on the subject.
Can SELinux just quietly go away now? Pretty please? I don't mean just disabling it, which I can already do, I mean not install it at all.
Hyperthreading. I thought I was getting an ultra-tech processor when I bought my Dell 8400 some years back, with its 3.2 GHz P4 hyperthreaded power-sucking processor. Once all the reviews and independent technical evaluations and benchmarks were in, it was revealed that outside of a few niche application areas, hyperthreading wasn't all that great.
It's a good sign Nehalem is also focusing on lowering power usage, the reason Intel had to finally abandon their Tejas plans (the old 8400 Coppermine P4 was a juice junkie). But why return to a feature like hyperthreading that has been thoroughly debunked? New software being written is still struggling with SMP multiple cores and threads running in parallel. Why gum up the works even more with a questionable feature? It makes very little sense to me.
One justification would be if it had the potential to significantly reduce rendering times in animation and CGI applications. I thought Intel's plans for the mid-term were to go towards many-core processors (many more than 4 or even 8). Maybe hyperthreading is just a way to kick software designers in the arse, because software that can really take advantage of multi-threading is scarce. It's really quite amazing how much the hardware has outstripped the ability of software to keep up.
It's the new religion: less choice is good. I've noticed it creeping up in the Linux world. All are geared toward reducing your ability to choose:
1st Commandment: Thou shalt never log in as root. For over a decade I have logged in as root on my own systems and the few times I did something really dumb I had good backups. I've never really been burned. You are not supposed to have any choice here and you are an infidel if you choose to go against the church heierarchy. Perhaps it's a good rule of thumb for less-experienced admins, but I'm getting sick and tired of hearing everywhere a dozen times a day.
2nd Commandment: Thou shalt install SELinux. OK, more for the Redhat-based distros than anything else, but just try to install RHEL, Fedora, or CentOS and try to opt-out completely from SELinux. The best you can do is disable it, but you MUST install it. Merits aside, there is to be no argument on this point. It's religion, which means less choice for you.
3rd Commandment: Thou shalt not build thine own kernel. What ever happened to the traditional hacker's ideal of tinkering? Nothing defines "choice" like running through "make config" or its variants and picking and *gasp* CHOOSING what I want in my kernels. You can barely find information about this activity anymore. Wherever you see it being discussed, you will ALWAYS see the question posed, "Why do you want to do that?"
It's starting to trend toward the Mac mindset. If something doesn't meet your needs then there's a problem with those needs. Choosing a different way is unacceptable and will bring you nothing but trouble. So don't do it.