For me, the most interesting thing happening in Wine has been the ReactOS project. Basically, it's an attempt to clone the Windows NT operating system.
I would imagine that thanks to the story that came through 6 hours later, ReactOS will start improving a great deal faster.
Tainted or not, once the source is out there you can't put it back in the bottle.
When you move your mouse cursor over the icons, a picture appears inside of the icon that is more representative of its function.
Sounds like it was brought to us by the same committee that decided to not "clutter up" the display with underscores letting you know which Alt+letter keys did what; instead, the underscores don't appear until you hit Alt (and how would you know that hitting Alt would have any effect without the underscores to guide you?).
I'm all for advanced interface development but I don't see any reason not to put that picture inside the icon by default. If it absolutely must change when you mouse-over it, give it a different outline or something instead of hiding functionality. Makes it too much like an old Sierra game; as another responder said, having to mouse all over everything on the screen is counter-productive.
I'm not bashing -- this is (hopefully) constructive criticism. I think the idea of a new OS is great and I wish them success in their development.
Um, as I said "forged" - remember we're not establishing a connection, and if there's no need to get a packet back, then it's very easy to send a spoofed IP.
If your attacker is forging the specific IP you're coming from, you've got more problems than securing a knocking algorithm.
Which reminds me of another general problem with this idea. Whats to stop an attacker from sending forged packets to the kock ports? Even a low level spray of packets would add enough random "knocks" to effectively lock you out of your own service.
Not a problem: keep track of the IP.
So the attacker is locked out of connecting over that port, but (unless s/he had already taken over your client machine and was knocking from there!), you can still get in.
I don't know a whole lot about networking so I don't know whether this is valid, but it seems to me that this can be made even more secure by modifying the packets being sent to knock with.
So not only does it have to be a specific sequence of ports to knock on, i.e.:
100, 102, 104, 106, 100, 103
to get in, but you also have to send the right data to each port, something like (port:byte):
100:ac 102:dc 104:00, 106:ff, 100:be, 103:ad
Now, I'm no network hacker but I can't see how such a lock could be picked (man-in-the-middle attack, perhaps, but other than that?).
I just love the idea of having all packets dropped until someone sends "shave & a haircut!" - then letting them in for a bit.
Heh, two bits, natch.;-)
As other posters have said, this is the coolest thing I've seen on/. in quite some time. (SCO is great humor and morbid curiosity like rubbernecking at car crashes, but that's not really why I come here -- I love the technology bits, and nanodot.org doesn't update fast enough.)
I completely agree with you. We're keeping all our eggs in one very fragile basket.
I'm currently reading Dan Simmons' "Hyperion" and just finished the third person's history, the poet, who lived on Earth during the period when a black hole got into the core and started pulling everything apart, causing massive earthquakes and whatnot before eventually destroying the entire planet.
This is science fiction; however, the possibility of annihilation is very real, through whatever form (grey goo, anyone?). Colonizing and terraforming the planets and moons in our solar system which can support Earth-bound life should be a top priority.
The applications of utility fog are boundless, but one I'm sure parents would love is the "security blanket" for their kids - the fog would act as smart 24/7 airbag extending for several feet around the body so little Timmy never gets bruised falling down the stairs...
The Timmy's of the world then learn a new game: "how far can I fall without getting bruised?"
Similar concepts are explored in "The Metamorphosis of Prime Intellect" -- highly recommended (free!) reading. Localroger's short story (novella, really) has characters entering "death pacts" where the computer tasked with Asimov's three laws (which won't let anyone die or be hurt), temporarily turns a blind eye while people "duel" and, when one is almost dead, it resets them.
This will completely change the experience of growing up. It'll be a lot less traumatic, I would imagine (but then traumas will just come in different forms, most of them psychological/social).
Invisible machines are just that, invisible. The machines can be machines to kill. If they are not detected, they can accomplish their goal.
I found the fortune surprisingly appropriate for this discussion: "Never worry about theory as long as the machinery does what it's supposed to do." -- R. A. Heinlein
So just explain to them to use IE for their bank, and Mozilla for browsing the web.
Once they see the reduction in pop-ups and ads (not to mention the amazing benefits of tabbed browsing news sites), they'll agree: the right tool for the job.
Jupiter's core is under such intense heat and pressure that it is speculated that it consists of metallic hydrogen, in either liquid or solid form. This theory helps explain its powerful magnetic field.
Sorry I couldn't RTFL, but it timed out. I'm wondering if it discusses just how close Jupiter is to becoming a star?
If so, I wonder how many more probes (mass) we have to send to it in order to get the furnace started.;-)
Bullshit efforts certification efforts like EAL and NGSCB undermine and threaten open source and play right in to the hands of the major corperations. In today's world, the most important corperation producing operating systems is, you've guessed it: Microsoft!
There's gotta be some sort of certification guidelines for these certifications. I mean, companies aren't just going to fly in there blind and see what's wrong with their products -- that's wasteful. They'll likely get tons of documentation on what things are checked and why, giving them opportunity to improve their product prior to spending money on the certifications.
So if the requirements are spelled out for us, why not make a community-based effort to create a testbed for each level of certification? Then every developer could set up a spare system and have it run tests after they make changes. Yes, the complete testbed would probably take days or weeks to complete, but after having been completed once it could (dreaming, here?) scan the code and see which parts changed, and based on that, determine which tests need to be re-run.
The testing could also be distributed somewhat, using VMs in multiple hosts. Whether this be a single lab (OSDL?) or distributed across the Internet like SETI@home et al, it would decrease the time required to run through all the tests. (And of course there would have to be some sort of verification of the results, as well, so we don't have attackers corrupting the results like distributed.net saw a few years ago.)
there was a pretty neat one using claymation from a few years ago, as an adjunct to the text. i think it was in Tads - a quick look through the competitions from previous years and nothing rang a bell for me - maybe someone else knows it.
I believe that game was The Neverhood -- ring any bells?
You can record all you want, but to play media you'll need it to be legitmately registered and thus subject to copyright verification, or whatever else is deemed necessary.
Exactly. As I said:
So the obvious answer is only studios can have "record" buttons.
They'll defend to the death their right to keep you paying. You'll need special keys to be a publisher, and they won't give those out to just anyone. Only member companies, which means only those individuals or groups who can come up with the membership fee, most likely several grand.
Meanwhile the torrents are coming down at 30KB/s... They've already lost the battle. (Yeah, DSL sucks get cable...)
bit like the "patriot act" , call it a positive name and no one will oppose it
The worst part about the terrorist bit is these people are reacting to the US Government meddling in their affairs. So they meddle back. But the US is much more powerful, so invades.
Is Bush's plan world domination? We're spreading ourselves a bit thin militarily for that, but he's got the legal part covered.
So what's gonna happen when we decide we've had it with the corporations meddling in our affairs, and decide to meddle back (deCSS, et al)?
[...] make analog equipment ridiculously obsolete - ie quit making it, so people have to make their own or pay ludicrous amounts for old equipment - so for most people it isnt worth the effort, and unfortunately that's what I think will eventually happen.
Yeah, but the thing about unwrapping the encryption is it only has to be done once. Then it can be shared digitally, after being re-recorded. So the obvious answer is only studios can have "record" buttons. That'll foil the holdouts until their equipment degrades to the point they can't buy parts.
I think we'll be off the planet by then, though. They can keep their rules.
I would imagine that thanks to the story that came through 6 hours later, ReactOS will start improving a great deal faster.
Tainted or not, once the source is out there you can't put it back in the bottle.
But I think it was just a poorly-worded submission.
Sounds like it was brought to us by the same committee that decided to not "clutter up" the display with underscores letting you know which Alt+letter keys did what; instead, the underscores don't appear until you hit Alt (and how would you know that hitting Alt would have any effect without the underscores to guide you?).
I'm all for advanced interface development but I don't see any reason not to put that picture inside the icon by default. If it absolutely must change when you mouse-over it, give it a different outline or something instead of hiding functionality. Makes it too much like an old Sierra game; as another responder said, having to mouse all over everything on the screen is counter-productive.
I'm not bashing -- this is (hopefully) constructive criticism. I think the idea of a new OS is great and I wish them success in their development.
You're right. And if your attacker knows you well enough to be able to spoof your IP address, port knocking is the least of your worries.
If your attacker is forging the specific IP you're coming from, you've got more problems than securing a knocking algorithm.
My statement stands.
Not a problem: keep track of the IP.
So the attacker is locked out of connecting over that port, but (unless s/he had already taken over your client machine and was knocking from there!), you can still get in.
So not only does it have to be a specific sequence of ports to knock on, i.e.:
to get in, but you also have to send the right data to each port, something like (port:byte): Now, I'm no network hacker but I can't see how such a lock could be picked (man-in-the-middle attack, perhaps, but other than that?).Heh, two bits, natch. ;-)
As other posters have said, this is the coolest thing I've seen on /. in quite some time. (SCO is great humor and morbid curiosity like rubbernecking at car crashes, but that's not really why I come here -- I love the technology bits, and nanodot.org doesn't update fast enough.)
Well, I think the answer's obvious. The same reason that drug companies scorn rain forest treatments and marijuana: because it can't be patented.
I'm currently reading Dan Simmons' "Hyperion" and just finished the third person's history, the poet, who lived on Earth during the period when a black hole got into the core and started pulling everything apart, causing massive earthquakes and whatnot before eventually destroying the entire planet.
This is science fiction; however, the possibility of annihilation is very real, through whatever form (grey goo, anyone?). Colonizing and terraforming the planets and moons in our solar system which can support Earth-bound life should be a top priority.
No way would Microsoft back another duel like that!
And in fact, as other responders have pointed out, they now have text in the EULA preventing you from backing that same duel.
Shows they have a lot of faith in their products.
The Timmy's of the world then learn a new game: "how far can I fall without getting bruised?"
Similar concepts are explored in "The Metamorphosis of Prime Intellect" -- highly recommended (free!) reading. Localroger's short story (novella, really) has characters entering "death pacts" where the computer tasked with Asimov's three laws (which won't let anyone die or be hurt), temporarily turns a blind eye while people "duel" and, when one is almost dead, it resets them.
This will completely change the experience of growing up. It'll be a lot less traumatic, I would imagine (but then traumas will just come in different forms, most of them psychological/social).
I found the fortune surprisingly appropriate for this discussion: "Never worry about theory as long as the machinery does what it's supposed to do." -- R. A. Heinlein
Next... "un-un-pentium"? "I'm not not licking toads..."
Once they see the reduction in pop-ups and ads (not to mention the amazing benefits of tabbed browsing news sites), they'll agree: the right tool for the job.
Yeah, I'll trade SCO's 357 licenses for a .357 of my own...
Sorry I couldn't RTFL, but it timed out. I'm wondering if it discusses just how close Jupiter is to becoming a star?
If so, I wonder how many more probes (mass) we have to send to it in order to get the furnace started. ;-)
There's gotta be some sort of certification guidelines for these certifications. I mean, companies aren't just going to fly in there blind and see what's wrong with their products -- that's wasteful. They'll likely get tons of documentation on what things are checked and why, giving them opportunity to improve their product prior to spending money on the certifications.
So if the requirements are spelled out for us, why not make a community-based effort to create a testbed for each level of certification? Then every developer could set up a spare system and have it run tests after they make changes. Yes, the complete testbed would probably take days or weeks to complete, but after having been completed once it could (dreaming, here?) scan the code and see which parts changed, and based on that, determine which tests need to be re-run.
The testing could also be distributed somewhat, using VMs in multiple hosts. Whether this be a single lab (OSDL?) or distributed across the Internet like SETI@home et al, it would decrease the time required to run through all the tests. (And of course there would have to be some sort of verification of the results, as well, so we don't have attackers corrupting the results like distributed.net saw a few years ago.)
I believe that game was The Neverhood -- ring any bells?
Exactly. As I said:
They'll defend to the death their right to keep you paying. You'll need special keys to be a publisher, and they won't give those out to just anyone. Only member companies, which means only those individuals or groups who can come up with the membership fee, most likely several grand.
Meanwhile the torrents are coming down at 30KB/s... They've already lost the battle. (Yeah, DSL sucks get cable...)
Isn't that why they bought VirtualPC? So they could integrate the VM into their new OS so it could play back all those old apps?
Replace the " and" with a ";" and you'll have 3 more chars, to finish it with ("re."). Agree strongly with the quote btw.
Cheers,
Thing 1
The worst part about the terrorist bit is these people are reacting to the US Government meddling in their affairs. So they meddle back. But the US is much more powerful, so invades.
Is Bush's plan world domination? We're spreading ourselves a bit thin militarily for that, but he's got the legal part covered.
So what's gonna happen when we decide we've had it with the corporations meddling in our affairs, and decide to meddle back (deCSS, et al)?
Yeah, but the thing about unwrapping the encryption is it only has to be done once. Then it can be shared digitally, after being re-recorded. So the obvious answer is only studios can have "record" buttons. That'll foil the holdouts until their equipment degrades to the point they can't buy parts.
I think we'll be off the planet by then, though. They can keep their rules.