Nice troll. Terrorists, drug dealers, and pedophiles will use this. So will jaywalkers and speeders. Heck, even maybe a few of the more subversive PTA members will use it. They will probably also use SSL with stronger than 40-bit keys to buy stuff online! I for one, will only use 40-bit SSL and will not use encrypted IM. Furthermore, I will begin a curtian-burning campaign and push to make envelopes and non-transparent shipping packaging illegal. Terrorists will be less able to send bombs, drug dealers will be less able to mail E, and pedophiles will be less able to exchange smutt. Terrorists will be less able to mix nitrourea in their kitchens, drug dealers will be less able to set up meth labs in their bedrooms, and pedophiles will be less able to hide their dirty deeds.
Burn your curtains! Fight terrorists, drug dealers, and perverts!
Oohh! Let's make it illegal to manufacture or import a car that can go faster than 50 m.p.h. Sure, there a few places that have faster speed limits, but if you can go 70 on a highway, you can go 70 in a neighborhood. We better limit ourselves to 50 m.p.h.
I will also stop buying baking soda and Sudaphed so that Uncle Sam can better track down people making meth and crack in their garages. Better stop buying tinfoil, drain cleaner, oragnge juice, soap, nail polish remover, paint thinnner, peroxide, solid fuel tablets, asparin, bleach, wax, vaseline, deisel or kerosene, instant cold packs, model airplane fuel, ammonium nitrate or urea fertilizers, baby laxitive, amonia, toilet bowl cleaner, or weed killer because terrorists can use those to make incindiaries and explosives. Boycot anything mildly related to anything dangerous! Hard drives, video tape, cameras, film and camcorders are used by perverts! Oh, and lets make smutt sites publish their membership lists, so I'll know which school teachers should be fired as potential pedophiles. I think the American Communist Party should also be forced to publish its membership list, as well as the KKK, and the Freemasons. While we're at it, lets make every mosque, synagog, temple, and church publish lists of attendees online. Lets put webcams on every street light, and next year let's install vidscreens in every room in every building! Freedom is slavery!
If you want to boycott everything that's mildy related to something illegal, you'll have to live in a sod shack (wood is the main raw material in smokeless gunpowder) with no electricity (electrolysis can be used to make sodium chlorate from salt water) and wipe your ass with poison Ivy (natural gas, air, and toilet paper can be used to make nitrocellulose). You better eat snails cooked in solar ovens and vegetables, since knives, and guns (maybe arrows and spears too) are used for crime every day. Natural gas and wood gas can both be used in making explosives, and charcoal mixed with liquid air is a virtually undetectable explosive used by those evil Germans for mining in WWII. Solid fuel tablets can be used to make RDX, butane and propane can be used in fuel-air explosives and their canisters can make good improvised mortar bombs (ask the IRA). You pretty much can't cook without using something that can be made into an explosive. Hope none of your vegetables were fertilized with either of the two most economical fertilizers, as they are the raw ingredients for most car bombs worldwide. Salt, sugar, water, electricity and salt substitute can be used to make the bombs that were set off in Bali less than a year ago, IIRC. A steak knife and a tin can can be used for the annode and cathode in a sodium-chlorate producing electrolytic cell, so you better get rid of those too.
There a litterally thousands of things in your own home that a mildly intelligent person could use to injure dozens if not kill hundreds of people. Crypto is rather mild compared to things you use every day without thinking, and crypto has crime-detering qualites not shared by most of the potentially explosive chemicals in your home. The world is dangerous. Wake up and
That was me. And what I actually said was that Microsoft support probably two or three orders of magnitude more hardware than Apple, which seems to me like a reasonable estimate. Iï½d say Apple only support a couple of hundred different bits of hardware, at most.
200 x 1x10^3 = 2x10^5. Three orders of magnitude more than a couple hundred is hundreds of thousands, so the grandparent's paraphrase is in line with your statement. If this is not wat you meant, you should use less hyperbole. I also believe there are more than 200 drivers and chipsets supported by Apple, but I could be wrong.
>I am just trying to dispell the myth that MS >spends lots of money and time on writing device >drivers for every computer component in the >world. It's just no true.
It certainly is true, it isnï½t a myth. Out of the box XP would support most mainstream bits of PC hardware produced in the last 7 - 8 years.
The grandparent isn't saying the myth is you can run XP on everything under the Sun. The grandparent is saying the myth is MS pays a shitload to develop drivers for everything uner the Sun. "Nu-uh, the sky is blue" isn't a good counter-argument for "The street is green".
As far as who is correct, I don't know. I'm just saying you need to tighten down your arguments if you're going to have a meaningful debate. Be more precise in your arguments and make sure you read and understand the gradparent's arguments before replying.
Also, you appear to be posting non-ASCII MS "smart-quotes". I advise against this. They are non-standad characters and display as "?" on many systems.
Sorry if this comes across as mean, it's just that it bugs me to watch people argue but not properly adress eachother's points.
Yes, we all know that buying software causes development costs to go up retroactively. Somoene should really use this phenomenon to send messages into the past.
Sorry, the knee-jerk "it's more popular" defense usually makes a little sense, but not against the development costs argument. Not that I blame you, the MS lawyers did try and use basically the same defense in the anti-trust case.
Your proposal is doable on any standard hardware that offers memory protection, no cryptographic keys needed.
If a program was able to tell the OS that it could be shut down by programs signed by keys A, B, and C, that would suffice. You modify the PE or Elf format to include signatures. Mandatory Acess Controls can also prevent one program run by user D from killing another program run by user D.
Making users non-administrators and running virus checkers as seperate users would also prevent some potential problems. Mail clients could use IPC to pass emails to the virus checkers and get a thumbs-up or thumbs-down.
Now, as far as Palladium goes, I think there's a pretty simple alternative.
Really what I'd like to see is L4 or another nanokernel and a few low-level drivers in the frimware along with a Forth interpreter for OpenFirmware. Your firmware would be a viable but minimalist OS, where before booting you could edit the fingerprintsof PKs allowed to sign kernels. Booting would simply be playing two-kernel-monte with the firmware kernel and a signed kernel off the HD. 1 MB and 2 MB EEPROMs are cheap enough that putting a viable OS in the firmware is looking quite attractive. Imagine having a rescue floppy built into your mobo. The QNX demo floppy shows you can do a hell of a lot in 1,440 KB.
My SGI Indy firmware loads the Linux kernel directly off the HD and directly executes it. The firmware doesn't have a fully functional kernel like LinuxBIOS, but it suffices for a bootloader in firmware. It would be easy to add signature checking to the process, along with a small menu for entering/deleting PK fingerprints. If you ship with the fingerprints from the dozen most common OS vendors, 99.99% of people will not touch
the settings or know they're even there, but you still get all of the integrity guarantees of Palladium. You would of course make NVRAM locked out at a hardware level durring the boot process, wich could only be undone by triggering a POST. This solution requires no new harware besides the NVRAM lockout, and the NVRAM lockout really isn't that important if you can assume the OS will prevent writing to NVRAM. The NVRAM lockout could be skipped in the first generation for the sake of easing adoption.
Like I said earlier, my SGI firmware already does most of what's needed, as does LinuxBIOS. Apple and Sun firmware is already quite advanced and I don't imagine adding the required functionality would be that hard. Really the only advantage Palladium adds over current hardware with a BIOS upgrade is DRM. Palldium also carries a lot of baggage. I would love to see AMD come out with an improved x86-64 BIOS that includes most of the bootloader along with signature checking, if not a full nanokernel OS in firmware. Hardware NVRAM locking would also be nice.
You would be violating the GPL if you require an NDA as part of seeing your modified kernel code. OTOH, you could copy the source to a CDR or pay someone to engrave it on a bowling ball, tatoo it on a rabbid pitbull, or whatever... then shove it up McBride's ass and send SCO a bill for the media costs... provided they ordered the source code.
Unless alphabetized is the form in which you manipulate the code, you would also need to provide regular source as well. However, if you wanted to put both forms on two pitbulls and shove them both up McBride's ass, I believe that would be allowed by the GPL.
Also, could someone please explain to me why boringly predictable stereotypical slashdot feedback is being modded up?
Becuase of boringly predictable slashdot moderation. Remember, more than half the population is below average intelligence. The Slashdot crew probably does significantly better, but that still isn't saying much. The majority of Slashdot users could also outrace most snails. I get the impression that a lot of Slashdot users are also young, have ADHD, or are otherwise patience-impared. Anything that sounds intelligent will get moded up very rapidly, even if it has glaring logical flaws. Well thought out posts that the majority will disagree with or modestly display their thoughtfullness will not get modded up. Reverse psychology also works wonders on moderators. I recomend trying a humorous outlook on stupididty; it's much healthier than getting all ticked off.
I think you're right, except for the hardware argument... All of your major Free OSes support a much larger variety of hardware than WinXP. NT 3.51 was multi-platform, but I don't think XP will boot on a 386. Will it boot on a Pentium Pro even? XP definately won't boot on my SGI or Sun Machines, nor support any of my SBus expansion cards.
On the other hand, there are a lot more third-party drivers in windows, and most if not all of them run in ring 0. Buggy third-party video drivers at least in the past supposedly caused most of MS's reputation for poor stability Many XFree86 drivers run substancially in user space, as I understand it. I had X lock up once, and I was able to borrow my apartment mate's machine to ssh into the box and cleanly restart. This probably would have been a BSOD in MS Windows.
The people "beta-testing" Free software tend to do much wierder stuff to their machines than the people beta-testing MS Windows and this helps you to find strange interaction problems.
You also forget that the free OSes need to be more modular because the development model requires a huge amount of coarse-grained parallelism over communications channels that probably have substancially higher latency than inter-Microsoft communications. Modularity is also just part of the UNIX culture and some parts of the OSS culture. A lack of modularity certainly doesn't help prevent unforseen interactions. I think the lack of modularity causes MS more problems than people realize.
My MIT fraternity house was broken into last night and two laptops stolen. Does anyone know of any free projects to integrate tracking software in LILO or GRUB?... I've got a little time to kill this summer...
Another idea is to disable booting off of the floppy/CD and have a stripped down linux install with VMWare set to go full-screen on startup. Most theives will think they've wiped the HD, and you can have background processes that monitor everything and can do things even after bootup. Something to download and run a signed shell script at startup and every 24 hours would be nice. You could have it install tools as need be. Keystroke logs and sniffed network traffic should be sufficient to identify just about anyone within a month of acquiring the computer.
<aside>
I don't know what kind of theif breaks into a house, walks past the house weight room, and sees the composite photo full of 45 guys in their prime and stays in the house... It's almost as bad as breaking into a house and seeing five handguns on the mantle and pistol targets and awards all over the place. Most fraternities have a special word that means "bring everyone, a brother is in peril, most likely a fight". For instance, one of the other houses uses the word "Canada". A guy trying to steal a bike from that house couldn't figure out why the guy wrestling with him kept yelling "Canada"... until 30+ people arrived. He was lucky he picked one of the nice-guy houses. I think they just surrouned him and gave him a good talking to before escorting him out the back door. I'm pretty sure getting beaten by 45 fraternity brothers until they get borred and call the police about someone attacking them doesn't feel good. MIT frat boys aren't that much weaker than frat boys at other schools. Plus, there's always a good chance of someone thinking to grab the splitting maul on their way past the tool room and someone grabbing a couple of bats on their way past the athletics closet.
Most stolen computers I think get sold ASAP. The majority of laptop theives I would guess steal all kinds of things. They probably target laptops because they're portortable and vluable not becuase the theives are technically proficient.
There may be laptop "chop shops" where the more connected theives sell the laptops to get reformatted and such, but I would guess a lot of the laptop thieves turn the machine on at least once before selling them, just out of curiosity, maybe even connected to the Internet, or at least within range of an airsnort-able wireless hub...
You are confusing heterogenous implementations with heterogenous protocols.
Neither ssh1 nor ssh2 has been shown to have major flaws in the practical sense. There have been some flaws in some implementations.
You seem to be saying that because IIS has had a bunch of problems, the "diverse" solution is to use HTTP, FTP, Gopher, IRC and AIM for html transport.
Most of the people arguing in favor of diversity are merely saying that if IIS, Apache, Tomcat, Zope, Tux, and an O'caml/Perl/C#/whatever webserver were all in roughly equal abundance, the Internet wouldn't have been so badly hammered by CodeRed traffic. This kind of diversity based on open protocols doesn't hurt interoperability one bit. Epidemics still follow your standard s-curve, but the exponent in the exponential growth phase is smaller and the plateau is lower.
Diversity in protocols is also nice, but as you point out, it is much less practical.
First of all, RC4 is a very poor cipher choice unless you have really good reasons to the contrary. I'm not going to get into weak keys and startup-up behavior other than to say RC4 has many problems that require very careful use, which is the main reason WEP wireless encryption is a joke. Any of the AES finaists in CFB mode will be much better choices.
Secondly, why not disable root by default and make a lot more things SUID root? Your nifty admin apps wouldn't need the user to enter a password and could still effectively prevent the user from screwing stuff up too badly. You could then do a local backup that the user physically couldn't get at. A daily backup, a weekly backup and a monthly backup would be sufficient. The SUID root admin app could allow them to restore $HOME without giving them write/delete acess to the backup file. I agree that online backups would also be nice in many situations. However, I think a lot of people are underestimating the utility of making the system rootless and providing safe admin tools. I'm not aware of any OS that does automatic incremental backups "out of the box". If their software packages all had two install options (global install or install in $HOME) that would be great, too.
Oops, my bad. I do have an "unstable" SGI Indy, but I goofed on the names. My x86 box is indeed testing... I might migrate to unstable on both bxes, but have not yet.
IMHO, dpkg and apt-get would be just about perfect if they included signatures in the packages.
I wondered something similar, like since when are blue LED's a violation of the DMCA?
Well, this is the same Bunny from MIT that used an FPGA to lift the BIOS RC4 encryption keys out of the XBox. Presumably the book details that little trick, too.
2600.com got in trouble for hyperlinking to an offshore site that had DeCSS.
How very ironic it was that one of the owers used the pseudonym "Emmanuel Goldstien". The MPAA Thought Police would have him in the cellar of mimiluv in an instant if they could.
There is more documentation for windows than i can shake a stick at. To this day, i haven't met one issue that i didn't resolve via MSDN, KB or Google/Newsgroups.
I half agree with you there. The grandparent was spouting FUD. Sometimes there are those settings that just don't make sense. My houemate's laptop couldn't get a DHCP share from our router. Suppport was no help. I finaly figuredout that the MS driver doesn't fall back to unauthenticated DHCP when authentication is not required by the DHCP server; it has to be manually turned off. (It had been surpiticiously turned on by Verizon's DSL setup software.)
Considering you rarely need any support with Windows, and setting up the simplest things on Linux is a torture. Do we also want to spend the time figuing out something that the program creator should have?
The same could be said of doing anything remotely non-trivial under Windows. Things work great when you want what 90% of people want, but in my experience it's harder to customize Windows apps. Also note that when I wanted to install Apache, all I did was type "apt-get install apache" and my computer went out, polled some servers, grabbed the package, and installed apache. No inserting CDs and deoubleclicking on the wizard or scouring the web and downloading a wizard then double clicking. Same thing with Zope, XMMS, unzip, tftpd, dhcpd, and sever hundred other packages I decided to install a few months after OS installation time.
Also note that my machine tracks Debian "testing" and does an apt-get dist-upgrade nightly. I went from Potatoe to Sid without noticing. I could have instead set my machine to track Potatoe until it was EOL'd, but I opted for seamless upgrades. Did you set windowsupdate update you from Win2k AS to Win2k3 Server over night as soon as Win2k3 Server came out? What do you mean you can't do that under Windows? It would certainyl be convinent for MS if your machines could be set to apgrade themselves (after you paid your MS license fees, of course).
Windows also reports less annual bugs than Linux, this [zdnet.com.au] is an old article, but the pattern continues to this day. A little search on SecurityFocus will show you.
English certanly isn't your native language, so I'll go easy on you here. Your statement seems to indicate that the bugs had less impact or were in some other way smaller. This is laughable. SQLSlammer, Nimda, etc. anyone? In english, the term for comparing countable quantities is "fewer". MS certainly releases fewer bug reports. However, it often keeps many bugs under wraps and realeaseses all of their bug reports with the service pack that fixes them. Linux bugs are usually reported individually. Also consider that there are almost as many if not more GPG and Apache installations on Win32 as compared to Linux. However, a cross-platform GPG or Apache bug gets counted only as a Linux bug. On top of that,
Linux distributions report bugs in things that would be considered minor third-party software under Windows. Debian has over 3,000 packages. There are Debian packages for HTTP and FTP servers I've never heard of. A bug in any one of those, or any of the several mp3 or video players gets counted as a Linux bug. Now, go find the 5 most popular mp3 players for windows, and the 5 most popular http servers and the 5 most popular ftp servers, don't forget to add at least one shh server, at least one ssh client, the 5 most popular office suites, add Python, Ocaml, Perl, Ruby, a Forth implementation, an SML implemetation, the 5 most popular web browsers, a network time synchronization tool, some tools for hacking your desktop, a registry cleaner (the cloest thing Win32 has to Debian's Cruft packge), several file encryption programs... you get the point. Bugs in all of these things and more are counted as Debian bugs. The same goes for other Linux distros.
It's a combination hardware/software system. Knowing MS, there will be an exploitble buffer over run somewhere in the software portion. The question is: will the hardware or software hackers break it first? With the XBox, the hardware guys beat the software guys by a few months. Way back before the XBox came out I predicted in a post that a software crack would come out shortly. (It was a pretty safe prediction. All games run in ring 0 and from all of the manufacturers, so you only need one exploitable buffer/heap overflow or similar problem in one game and you can overflow GRUB/LILO/etc. into evecuting in ring 0.)
My understanding is that the trusted computing base will use a special driver with its own set of trusted interupts. I think in order to overwrite the trusted driver, you need the MMU to be running in secure mode, otherwise the trusted interupts will make it decrypt whatever you wrote there into gibberish. Writing to memory with the correct keypair in the MMU would require the writing to be done by the secure driver itself, thus you need to be able to haijack the driver or otherwise trick it. I would assume once you have control of the trusted driver, you can set the MMU to be secure for the code segment and insecure for the data segment of theprogram you want to crack. The program will run due to the code segment decrypting properly, but reads and writes of data will be in the clear. Keep those version 1 CDs, they will be much more careful after they get stung once. Of course, a buffer overflow in your media player itself will also get around DRM.
I could also be wrong. I don't know too many details of the system and filled in the details I don't know with guesses. They may very well only use one keypair for the trusted driver and let the trusted driver securely store data on behaf of the userspace programs using its keypair.
When they say "public/private key pair", are they talking about RSA? If so, they had a couple of managers skim Applied Cryptography instead of hiring real cryptographers. Maybe it's time to take out a patent before they figure out the right way to do it.
2.4 GHz won't gothrough soil very well. Make sure it's not 802.11 b.
You're better off with anonymizing proxies and an encrypted fs. A plausable reason for keeping a large file of random bits on your HD is also a good idea.
I have to wonder if this will move the Linux kernal closer to the level of the Windows Kernal [READ, EASE OF USE - NOT SECURITY] for overall marketability to individuals.
Umm... do you have some vague notion of what the kernel is? First of all, it isn't spelled with an "a". Secondly, ease of use of a kernel is a very messed up concept and I'm not even sure what it means. The kernel isn't easy or hard to use any more than winsock.dll is easy or hard to use. Very few programmers interact with the kernel except through libraries, so "easy of use" (whatever you mean by that) is much more important in the low-level libraris than the kernel. How does this affect marketability to individuals? Both POSIX and Win32 APIs are available on both systems. Are you referring to clean kernel interfaces, clean kernel implementation, availablility of the source for better understanding, or some other metric?
Kernel: That word... you keep using it. I do not think it means what you think it means.
I think you're thinking about UI. The GUI, the shell, the command line, the layout of the directories, etc. are all very very far removed from the kernel. In theory you could run explorer (the Win32 shell, not IE) on top of WINE, along with all of the Win32 programs and the user would have identical ease of use as Windows. 99.99% of users couldn't tell it wasn't the NT kernel and couldn't show evidence of it being Linux even if told (without watching the boot sequence). Asking about "ease of use" of a kernel is like asking about the top speed of your house. Neither question makes much sense unless you further define your strange thinking. You could guess that the person is asking how fast a house would be going when it hit the ground if dropped from 60,000 feet up (terminal velociy) just like you could assume a person is talking about how clean a kernel's APIs are. However, the usual sense of ease of use as realated to marketing to individuals is ease of use of the UI. I can only make educated guesses as to what strange thoughts are going through your head. For all I know, you filled hard drive platters up with both kernels and are attempting to use the platters to cut 440 stainless bar stock and are referring to the different metal cutting characteristics of kernel-filled HD platters. Please clarify exactly how you think the ease of use of the NT and Linux kerenls differ.
The probability of your luggage getting lost is much less than 1%. If you keep backups on your person, you'll actually save time over driving even if your laptop is lost, assuming the data is important enough to your clients for them to lend you a computer if the airline loses your laptop.
You are either exagerating, being irrational, or are extrememly unlucky.
Umm... backups? The time spent reintalling everything after the flight would be less than the time spent driving instead of flying even if all of your data was lost with 100% probablility the moment you checked your laptop. On top of that, the probablility of data loss is low. Don't pawn off your irrational paranoia as being rational.
If your data is really that valuable and you don't have a tape or CDR backup at home and another backup in your carry on, you are insane. If you don't back up because you are affraid of data theft and don't use encryption, you are lazy.
Now if you're belly-aching just to belly-ache, that's fine, but I called you on it.
Power drops as the square of the distance. A cell phone 10m from the antenna has 2,500 times the effect of a cellphone 500m away. I'm also sure they're being extra cautious. One or two cellphones are probably fine 99% of the time, but that 1% where the radio is just startig to go bad or those times when 15 people on the plane forget to turn off their cells is no good. Also remember that a lot of aircraft are essentially big aluminum tubes that will partially reflect outgoing transmissions back into the interior of the plane.
I'm sure that sometimes cellphones are scapegoats for other problems, but remember that with the number of flights that happen every day, things that have infintessimal probablilities of causing problems will cause a few incidents a year. Even something that will cause a problem 0.001% of the time will cause at least a few problems per year.
Extremely rare combinations will happen fairly often in aircraft simply due to the number of flights. Maybe a gamboy and five Dell laptops and five cellphones left on will interact poorly and cause a problem in all of the VOR systems from a particular company made on the first of the month. This is still a problem, but hard to test for. If in some extrememly rare circumstances cellphones cause problems, it's easier just to ban cellphones.
Slashdot Mirror
Burn your curtains! Fight terrorists, drug dealers, and perverts!
Oohh! Let's make it illegal to manufacture or import a car that can go faster than 50 m.p.h. Sure, there a few places that have faster speed limits, but if you can go 70 on a highway, you can go 70 in a neighborhood. We better limit ourselves to 50 m.p.h.
I will also stop buying baking soda and Sudaphed so that Uncle Sam can better track down people making meth and crack in their garages. Better stop buying tinfoil, drain cleaner, oragnge juice, soap, nail polish remover, paint thinnner, peroxide, solid fuel tablets, asparin, bleach, wax, vaseline, deisel or kerosene, instant cold packs, model airplane fuel, ammonium nitrate or urea fertilizers, baby laxitive, amonia, toilet bowl cleaner, or weed killer because terrorists can use those to make incindiaries and explosives. Boycot anything mildly related to anything dangerous! Hard drives, video tape, cameras, film and camcorders are used by perverts! Oh, and lets make smutt sites publish their membership lists, so I'll know which school teachers should be fired as potential pedophiles. I think the American Communist Party should also be forced to publish its membership list, as well as the KKK, and the Freemasons. While we're at it, lets make every mosque, synagog, temple, and church publish lists of attendees online. Lets put webcams on every street light, and next year let's install vidscreens in every room in every building! Freedom is slavery!
If you want to boycott everything that's mildy related to something illegal, you'll have to live in a sod shack (wood is the main raw material in smokeless gunpowder) with no electricity (electrolysis can be used to make sodium chlorate from salt water) and wipe your ass with poison Ivy (natural gas, air, and toilet paper can be used to make nitrocellulose). You better eat snails cooked in solar ovens and vegetables, since knives, and guns (maybe arrows and spears too) are used for crime every day. Natural gas and wood gas can both be used in making explosives, and charcoal mixed with liquid air is a virtually undetectable explosive used by those evil Germans for mining in WWII. Solid fuel tablets can be used to make RDX, butane and propane can be used in fuel-air explosives and their canisters can make good improvised mortar bombs (ask the IRA). You pretty much can't cook without using something that can be made into an explosive. Hope none of your vegetables were fertilized with either of the two most economical fertilizers, as they are the raw ingredients for most car bombs worldwide. Salt, sugar, water, electricity and salt substitute can be used to make the bombs that were set off in Bali less than a year ago, IIRC. A steak knife and a tin can can be used for the annode and cathode in a sodium-chlorate producing electrolytic cell, so you better get rid of those too.
There a litterally thousands of things in your own home that a mildly intelligent person could use to injure dozens if not kill hundreds of people. Crypto is rather mild compared to things you use every day without thinking, and crypto has crime-detering qualites not shared by most of the potentially explosive chemicals in your home. The world is dangerous. Wake up and
200 x 1x10^3 = 2x10^5. Three orders of magnitude more than a couple hundred is hundreds of thousands, so the grandparent's paraphrase is in line with your statement. If this is not wat you meant, you should use less hyperbole. I also believe there are more than 200 drivers and chipsets supported by Apple, but I could be wrong.
The grandparent isn't saying the myth is you can run XP on everything under the Sun. The grandparent is saying the myth is MS pays a shitload to develop drivers for everything uner the Sun. "Nu-uh, the sky is blue" isn't a good counter-argument for "The street is green".As far as who is correct, I don't know. I'm just saying you need to tighten down your arguments if you're going to have a meaningful debate. Be more precise in your arguments and make sure you read and understand the gradparent's arguments before replying.
Also, you appear to be posting non-ASCII MS "smart-quotes". I advise against this. They are non-standad characters and display as "?" on many systems.
Sorry if this comes across as mean, it's just that it bugs me to watch people argue but not properly adress eachother's points.
Yes, we all know that buying software causes development costs to go up retroactively. Somoene should really use this phenomenon to send messages into the past.
Sorry, the knee-jerk "it's more popular" defense usually makes a little sense, but not against the development costs argument. Not that I blame you, the MS lawyers did try and use basically the same defense in the anti-trust case.
If a program was able to tell the OS that it could be shut down by programs signed by keys A, B, and C, that would suffice. You modify the PE or Elf format to include signatures. Mandatory Acess Controls can also prevent one program run by user D from killing another program run by user D.
Making users non-administrators and running virus checkers as seperate users would also prevent some potential problems. Mail clients could use IPC to pass emails to the virus checkers and get a thumbs-up or thumbs-down.
Now, as far as Palladium goes, I think there's a pretty simple alternative.
Really what I'd like to see is L4 or another nanokernel and a few low-level drivers in the frimware along with a Forth interpreter for OpenFirmware. Your firmware would be a viable but minimalist OS, where before booting you could edit the fingerprintsof PKs allowed to sign kernels. Booting would simply be playing two-kernel-monte with the firmware kernel and a signed kernel off the HD. 1 MB and 2 MB EEPROMs are cheap enough that putting a viable OS in the firmware is looking quite attractive. Imagine having a rescue floppy built into your mobo. The QNX demo floppy shows you can do a hell of a lot in 1,440 KB.
My SGI Indy firmware loads the Linux kernel directly off the HD and directly executes it. The firmware doesn't have a fully functional kernel like LinuxBIOS, but it suffices for a bootloader in firmware. It would be easy to add signature checking to the process, along with a small menu for entering/deleting PK fingerprints. If you ship with the fingerprints from the dozen most common OS vendors, 99.99% of people will not touch the settings or know they're even there, but you still get all of the integrity guarantees of Palladium. You would of course make NVRAM locked out at a hardware level durring the boot process, wich could only be undone by triggering a POST. This solution requires no new harware besides the NVRAM lockout, and the NVRAM lockout really isn't that important if you can assume the OS will prevent writing to NVRAM. The NVRAM lockout could be skipped in the first generation for the sake of easing adoption.
Like I said earlier, my SGI firmware already does most of what's needed, as does LinuxBIOS. Apple and Sun firmware is already quite advanced and I don't imagine adding the required functionality would be that hard. Really the only advantage Palladium adds over current hardware with a BIOS upgrade is DRM. Palldium also carries a lot of baggage. I would love to see AMD come out with an improved x86-64 BIOS that includes most of the bootloader along with signature checking, if not a full nanokernel OS in firmware. Hardware NVRAM locking would also be nice.
Unless alphabetized is the form in which you manipulate the code, you would also need to provide regular source as well. However, if you wanted to put both forms on two pitbulls and shove them both up McBride's ass, I believe that would be allowed by the GPL.
Becuase of boringly predictable slashdot moderation. Remember, more than half the population is below average intelligence. The Slashdot crew probably does significantly better, but that still isn't saying much. The majority of Slashdot users could also outrace most snails. I get the impression that a lot of Slashdot users are also young, have ADHD, or are otherwise patience-impared. Anything that sounds intelligent will get moded up very rapidly, even if it has glaring logical flaws. Well thought out posts that the majority will disagree with or modestly display their thoughtfullness will not get modded up. Reverse psychology also works wonders on moderators. I recomend trying a humorous outlook on stupididty; it's much healthier than getting all ticked off.
On the other hand, there are a lot more third-party drivers in windows, and most if not all of them run in ring 0. Buggy third-party video drivers at least in the past supposedly caused most of MS's reputation for poor stability Many XFree86 drivers run substancially in user space, as I understand it. I had X lock up once, and I was able to borrow my apartment mate's machine to ssh into the box and cleanly restart. This probably would have been a BSOD in MS Windows.
The people "beta-testing" Free software tend to do much wierder stuff to their machines than the people beta-testing MS Windows and this helps you to find strange interaction problems.
You also forget that the free OSes need to be more modular because the development model requires a huge amount of coarse-grained parallelism over communications channels that probably have substancially higher latency than inter-Microsoft communications. Modularity is also just part of the UNIX culture and some parts of the OSS culture. A lack of modularity certainly doesn't help prevent unforseen interactions. I think the lack of modularity causes MS more problems than people realize.
Another idea is to disable booting off of the floppy/CD and have a stripped down linux install with VMWare set to go full-screen on startup. Most theives will think they've wiped the HD, and you can have background processes that monitor everything and can do things even after bootup. Something to download and run a signed shell script at startup and every 24 hours would be nice. You could have it install tools as need be. Keystroke logs and sniffed network traffic should be sufficient to identify just about anyone within a month of acquiring the computer.
<aside>
I don't know what kind of theif breaks into a house, walks past the house weight room, and sees the composite photo full of 45 guys in their prime and stays in the house... It's almost as bad as breaking into a house and seeing five handguns on the mantle and pistol targets and awards all over the place. Most fraternities have a special word that means "bring everyone, a brother is in peril, most likely a fight". For instance, one of the other houses uses the word "Canada". A guy trying to steal a bike from that house couldn't figure out why the guy wrestling with him kept yelling "Canada"... until 30+ people arrived. He was lucky he picked one of the nice-guy houses. I think they just surrouned him and gave him a good talking to before escorting him out the back door. I'm pretty sure getting beaten by 45 fraternity brothers until they get borred and call the police about someone attacking them doesn't feel good. MIT frat boys aren't that much weaker than frat boys at other schools. Plus, there's always a good chance of someone thinking to grab the splitting maul on their way past the tool room and someone grabbing a couple of bats on their way past the athletics closet.
There may be laptop "chop shops" where the more connected theives sell the laptops to get reformatted and such, but I would guess a lot of the laptop thieves turn the machine on at least once before selling them, just out of curiosity, maybe even connected to the Internet, or at least within range of an airsnort-able wireless hub...
Haha.. nice sig! Is it original? Mind if I steal it?
Neither ssh1 nor ssh2 has been shown to have major flaws in the practical sense. There have been some flaws in some implementations.
You seem to be saying that because IIS has had a bunch of problems, the "diverse" solution is to use HTTP, FTP, Gopher, IRC and AIM for html transport.
Most of the people arguing in favor of diversity are merely saying that if IIS, Apache, Tomcat, Zope, Tux, and an O'caml/Perl/C#/whatever webserver were all in roughly equal abundance, the Internet wouldn't have been so badly hammered by CodeRed traffic. This kind of diversity based on open protocols doesn't hurt interoperability one bit. Epidemics still follow your standard s-curve, but the exponent in the exponential growth phase is smaller and the plateau is lower.
Diversity in protocols is also nice, but as you point out, it is much less practical.
Secondly, why not disable root by default and make a lot more things SUID root? Your nifty admin apps wouldn't need the user to enter a password and could still effectively prevent the user from screwing stuff up too badly. You could then do a local backup that the user physically couldn't get at. A daily backup, a weekly backup and a monthly backup would be sufficient. The SUID root admin app could allow them to restore $HOME without giving them write/delete acess to the backup file. I agree that online backups would also be nice in many situations. However, I think a lot of people are underestimating the utility of making the system rootless and providing safe admin tools. I'm not aware of any OS that does automatic incremental backups "out of the box". If their software packages all had two install options (global install or install in $HOME) that would be great, too.
IMHO, dpkg and apt-get would be just about perfect if they included signatures in the packages.
How very ironic it was that one of the owers used the pseudonym "Emmanuel Goldstien". The MPAA Thought Police would have him in the cellar of mimiluv in an instant if they could.
abuse@hotmail.com has not been checked in several months and so the account has been deactivated.
I half agree with you there. The grandparent was spouting FUD. Sometimes there are those settings that just don't make sense. My houemate's laptop couldn't get a DHCP share from our router. Suppport was no help. I finaly figuredout that the MS driver doesn't fall back to unauthenticated DHCP when authentication is not required by the DHCP server; it has to be manually turned off. (It had been surpiticiously turned on by Verizon's DSL setup software.)
The same could be said of doing anything remotely non-trivial under Windows. Things work great when you want what 90% of people want, but in my experience it's harder to customize Windows apps. Also note that when I wanted to install Apache, all I did was type "apt-get install apache" and my computer went out, polled some servers, grabbed the package, and installed apache. No inserting CDs and deoubleclicking on the wizard or scouring the web and downloading a wizard then double clicking. Same thing with Zope, XMMS, unzip, tftpd, dhcpd, and sever hundred other packages I decided to install a few months after OS installation time.
Also note that my machine tracks Debian "testing" and does an apt-get dist-upgrade nightly. I went from Potatoe to Sid without noticing. I could have instead set my machine to track Potatoe until it was EOL'd, but I opted for seamless upgrades. Did you set windowsupdate update you from Win2k AS to Win2k3 Server over night as soon as Win2k3 Server came out? What do you mean you can't do that under Windows? It would certainyl be convinent for MS if your machines could be set to apgrade themselves (after you paid your MS license fees, of course).
English certanly isn't your native language, so I'll go easy on you here. Your statement seems to indicate that the bugs had less impact or were in some other way smaller. This is laughable. SQLSlammer, Nimda, etc. anyone? In english, the term for comparing countable quantities is "fewer". MS certainly releases fewer bug reports. However, it often keeps many bugs under wraps and realeaseses all of their bug reports with the service pack that fixes them. Linux bugs are usually reported individually. Also consider that there are almost as many if not more GPG and Apache installations on Win32 as compared to Linux. However, a cross-platform GPG or Apache bug gets counted only as a Linux bug. On top of that, Linux distributions report bugs in things that would be considered minor third-party software under Windows. Debian has over 3,000 packages. There are Debian packages for HTTP and FTP servers I've never heard of. A bug in any one of those, or any of the several mp3 or video players gets counted as a Linux bug. Now, go find the 5 most popular mp3 players for windows, and the 5 most popular http servers and the 5 most popular ftp servers, don't forget to add at least one shh server, at least one ssh client, the 5 most popular office suites, add Python, Ocaml, Perl, Ruby, a Forth implementation, an SML implemetation, the 5 most popular web browsers, a network time synchronization tool, some tools for hacking your desktop, a registry cleaner (the cloest thing Win32 has to Debian's Cruft packge), several file encryption programs... you get the point. Bugs in all of these things and more are counted as Debian bugs. The same goes for other Linux distros.
My understanding is that the trusted computing base will use a special driver with its own set of trusted interupts. I think in order to overwrite the trusted driver, you need the MMU to be running in secure mode, otherwise the trusted interupts will make it decrypt whatever you wrote there into gibberish. Writing to memory with the correct keypair in the MMU would require the writing to be done by the secure driver itself, thus you need to be able to haijack the driver or otherwise trick it. I would assume once you have control of the trusted driver, you can set the MMU to be secure for the code segment and insecure for the data segment of theprogram you want to crack. The program will run due to the code segment decrypting properly, but reads and writes of data will be in the clear. Keep those version 1 CDs, they will be much more careful after they get stung once. Of course, a buffer overflow in your media player itself will also get around DRM.
I could also be wrong. I don't know too many details of the system and filled in the details I don't know with guesses. They may very well only use one keypair for the trusted driver and let the trusted driver securely store data on behaf of the userspace programs using its keypair.
When they say "public/private key pair", are they talking about RSA? If so, they had a couple of managers skim Applied Cryptography instead of hiring real cryptographers. Maybe it's time to take out a patent before they figure out the right way to do it.
You're better off with anonymizing proxies and an encrypted fs. A plausable reason for keeping a large file of random bits on your HD is also a good idea.
Umm... do you have some vague notion of what the kernel is? First of all, it isn't spelled with an "a". Secondly, ease of use of a kernel is a very messed up concept and I'm not even sure what it means. The kernel isn't easy or hard to use any more than winsock.dll is easy or hard to use. Very few programmers interact with the kernel except through libraries, so "easy of use" (whatever you mean by that) is much more important in the low-level libraris than the kernel. How does this affect marketability to individuals? Both POSIX and Win32 APIs are available on both systems. Are you referring to clean kernel interfaces, clean kernel implementation, availablility of the source for better understanding, or some other metric?
Kernel: That word... you keep using it. I do not think it means what you think it means.
I think you're thinking about UI. The GUI, the shell, the command line, the layout of the directories, etc. are all very very far removed from the kernel. In theory you could run explorer (the Win32 shell, not IE) on top of WINE, along with all of the Win32 programs and the user would have identical ease of use as Windows. 99.99% of users couldn't tell it wasn't the NT kernel and couldn't show evidence of it being Linux even if told (without watching the boot sequence). Asking about "ease of use" of a kernel is like asking about the top speed of your house. Neither question makes much sense unless you further define your strange thinking. You could guess that the person is asking how fast a house would be going when it hit the ground if dropped from 60,000 feet up (terminal velociy) just like you could assume a person is talking about how clean a kernel's APIs are. However, the usual sense of ease of use as realated to marketing to individuals is ease of use of the UI. I can only make educated guesses as to what strange thoughts are going through your head. For all I know, you filled hard drive platters up with both kernels and are attempting to use the platters to cut 440 stainless bar stock and are referring to the different metal cutting characteristics of kernel-filled HD platters. Please clarify exactly how you think the ease of use of the NT and Linux kerenls differ.
You are either exagerating, being irrational, or are extrememly unlucky.
If your data is really that valuable and you don't have a tape or CDR backup at home and another backup in your carry on, you are insane. If you don't back up because you are affraid of data theft and don't use encryption, you are lazy.
Now if you're belly-aching just to belly-ache, that's fine, but I called you on it.
I'm sure that sometimes cellphones are scapegoats for other problems, but remember that with the number of flights that happen every day, things that have infintessimal probablilities of causing problems will cause a few incidents a year. Even something that will cause a problem 0.001% of the time will cause at least a few problems per year.
Extremely rare combinations will happen fairly often in aircraft simply due to the number of flights. Maybe a gamboy and five Dell laptops and five cellphones left on will interact poorly and cause a problem in all of the VOR systems from a particular company made on the first of the month. This is still a problem, but hard to test for. If in some extrememly rare circumstances cellphones cause problems, it's easier just to ban cellphones.
If you install any Free OS, or any non-MS OS actually, on this thing and leave the computer part in service, I kill you.
How long until people figure out how to steal the computer out of the iLoo? And you thought XBoxen made cheap beow... nevermind.