I don't think so. I am actually much more afraid that we actually get Wayland soon by default, but gradually lose backwards compatibility to rarely used but hard-to-replace applications (and of course network transparency). I seriously do not see that we will gain anything.
Exactly. That you should only use ssh to tunnel X and only between trusted hosts is well known. It would be nice if you could run untrusted clients on X (and the X security extension was meant for this), but nobody seems to work on this. This would be vastly more useful IMHO than re-building everything on top of a dumbed down protocol: Wayland.
The solution the Wayland guys offer for remote desktop: Use RDP. As if this proprietary protocol from Microsoft never had security problems....
Also, for a different perspective. Look at this: http://media.ccc.de/browse/con...... and don't jump to conclusions based on the title. Just watch and pay attention especially with respect to the comments about security of core X11 vs. Qt. And then maybe don't use KD anymore.
In my opinion, breaking compatibility with the X protocol would be the biggest strategic blunder Linux community coud do. Even bigger than messing with the GUI in stupid ways exactly when everybody using Windows is frustrated with the GUI
If you don't check for an error due to sloppy coding, you get a failure sometime later which can be quite hard to debug. If you don't handle an exception, your program exits, and if you can repro the problem under a debugger, any good debugger will break where the exception is thrown - immediately debuggable. Which approach better protects customer data from bugs?
Without exceptions, you would put in an assertion which would give you the same debuggability (and the compiler would warn if you completely forget to handle the return code). The only advantage of exceptions is that you can ignore the error on the intermedate level and try to handle it higher level instead. This might be useful, but opens up an entire class of new - and very hard to debug - failures from code which is not exception-safe. RAII helps with this, but has its limits.
In fact, what you say seems to be in agreement with my statement: "Provided you never have cyclic mutable graphs" "only some memory and resource leaks go away".
You can wrote very fast an elegant code in C++ just as easily as in C - it's just a different tool set. C++ is not for writing code using the same approach one uses with C; It's terrible for that.
True, because it is basically terrible for everything, it is terrrible also for using it in the same way as C.
But once you understand scoped objects, all memory and resource leaks go away (well, you can attach something to a global structure and forget about it, but you can mess that up in any language). That alone is a huge win.
Yes, RAII is nice. But only *some* memory and resource leaks go away, basically the ones which are trivial, because allocation and deallocation simply follow lexical scope. Ofcourse, this is only trivial in languages which do not have exceptions. Exceptions make this simple thing very complicated, and without RAII it is indeed almost impossible to avoid resource leaks in C++. But without exceptions, it is not so much of a deal. In other words, RAII had to be invented after the fact to make exceptions usable in C++ because - again - some feature were introduced without much thought.
C++ has one terrible, fundamental flaw: the learning curve is too high. There's just about nothing where the "right way" is obvious, or even common. And so few people get to real expertise that there's not a common library that collects all those right ways and makes them easy to learn! It's a tragedy, really.
This is only a tragedy for people who have to use C++ or think they have to. There is nothing more liberaring than to realize that all this complexity of C++ is completely unnecessary.
I disagree that the complexity from C++ is only the result of being the compromise of these three properties. Ofcourse, such a language would be somewhat more difficult than a new language without backwards compatibility to C, but I still think that most complexity in C++ comes from adding whatever feature was cool at the time *without too much thought*. I had to debug my fair share of subtle problems in C++ code (mostly from other people - I stopped using C++ for my own projects years ago) and usually the problems are the new language features that C++ added to C which cause problems. I know excellent programmers who can use them correctly, but most don't. The reason is that they have surprising and hard to understand properties. See, for example, the keynote of Scott Meyer (Effective C++) at the d language conference this year. He lists a lot of arbitrary design flaws in C++.
Please understand that there are many gaps in our knowledge in almost all areas of science. The conclusion that "clearly they don't understand the system" because there are some effects which are not yet completely understood is basically the standard argument brought up by all kinds of people against scentific findings which go against their esoteric beliefs.
For example: "they don't know how life originated, clearly they do not understand life so evolution is wrong and god created the earth 6000 years ago". Or: "they don't know how the brain works, clearly they do not understand anything about it so how can they know that mind does not life in another esoteric dimension where it can commincate with the deaths".
This kind of argument ignores that there is a lot of stuff we actually do know - including the climate. I kindly suggest hat you leave it to people who studied these problems to comment about what "we" know about it and what not and not try extrapolate from your helpdesk experience about something you cannot possible have any clue about from working at a helpdesk.
This is circular reasoning. You can just turn that argument around: If the law says the inventions always belong to the inventor and not to the company, then the salary cannot be compensation for the rights to the inventions. If the company is not happy with this, then DON'T OFFER THAT JOB. See, works either way.
No, as far as I know it runs Wayland. The same as Jolla. I would replace my aging N9 with a new Linux phone with X11, but sadly there is none. We now have Linux phones with no backwards compatibility to Linux... Sigh.
Something like this: http://srp.stanford.edu/links.... I wonder why this has never been implemented in openssh. (There are patches and it is supported by lsh).
It seems you are right about the password authentication. Somehow I thought SSH would do something more clever where the password is not sent over the network, but this does not seem to be the case. In this case public key would still be safer (two factors), but SSH would not leak your password during a MITM attack.
I doubt this. There are people who verify the fingerprints. And even if you do this only sometimes this is useful. So a large scale MITM attack on ssh would be very obvious. Also if you do a MITM on ssh you would not be able to obtain the password, because it is not transmitted. So to expand the attack they would need to MITM the ssh connections and then use this to install a backdoor. I would say this is far to intrusive to do on a large scale.
Somehow these journals need to be paid for their work. Peer review is not free, publishing is not free. Just putting it all out on the Internet for free is not a viable business model, as is proven by the many pay-to-publish crap journals discussed here many times recently.
While I agree with most other things you said, I think you got this completely wrong. Peer review is done by volunteers and publishing is relatively cheap (and the traditional scientific publishers make a lot of profit). You can easily operate a journal with very minor resources. And this is exactly the reason there are many pay-to-publish journals which are crap. It is just very cheap to set them up. But not all of these journals are crap (PLOS ONE is the most prominent example of a highly-ranked journals of this kind) and those which are crap are not because they are pay-to-publish. And many traditional publishers have crap journals too (remember the fake journals from Elsevier?). There is simply no direct relationship between the publishing model and quality.
The real reason the good journals are still mostly the traditional ones is simply momentum. As a scientist you need to publish in good journals to get attention to your work. The good journals get to select the most interesting research because everybody submits there first. And the readers (other scientists) read these journals exactly because it has the most interesting content. It is a self-sustaining cycle. Because - as you said - scientists have usually free institutional access to most journals, there is also not too much pressure for change. Only the public gets screwed because it does not get direct access to the research output and also because university libraries have to pay for the over-priced journals. But things are slowly changing because funding agencies start to demand open-access.
The violation of Bell's inequalities shows that there are no local hidden variable theories, but there might be non-local hidden variable theories. But in contrast to what you seem to think, non-local hidden variables theories do not necessarily enable faster than light (FTL) communication. .
I am still angry about Nokia. 10 thousands of jobs lost and the only mobile platform which was nice from a technology point of view destroyed. All for a hopeless attempt to get some market shared for Windows Mobile.
Well, the truth is we have the non-locality anyway. Whatever happens which reduces the measurement to a definite result is non-local. And - ofcourse - there has to be something like this. Stil, I am not too convinced by the pilot wave theory, but it is at least an attempt to deal with the inherent problems of QM by trying to create a proper physical theory, not by philosophical bullshit.
Rather obviously it does not work out in the wash. This discussion was about the massive waste of energy in the US which leads to a per capita consumption which is about twice that of other highly developed countries such as Japan and Germany and order of magnitude compared to developing countries. The externalities of the energy use affect people globally (like the war in Iraq and its dire consquences or global warming). As such, your idea that "It's not to anyone's detriment other than the person spending" is simple wrong.
I am not sure why you think rewriting in a different way is the solution. One could also refactor and fix bugs (which is being done).
For example the implementation of the core X protocol has been described as good by the guy who found these bugs (because bugs have already been fixed in the past). New code will not automatically be better: E.g. compare his comments about Qt and KDE.
From looking at it superficially, Wayland seems to be a pretty good code quality though. I am just not too much a fan of breaking compatibility with the on-the-wire protocol of X.
Slashdot Mirror
I don't think so. I am actually much more afraid that we actually get Wayland soon by default, but gradually lose backwards compatibility to rarely used but hard-to-replace applications (and of course network transparency). I seriously do not see that we will gain anything.
Why would you #ifdef out assertions in production code?
It's quite easy to write "all exception safe all the time" code in C++, in ways that even the junior guys can't screw up.
Ofcourse... Dream on.
Exactly. That you should only use ssh to tunnel X and only between trusted hosts is well known. It would be nice if you could run untrusted clients on X (and the X security extension was meant for this), but nobody seems to work on this. This would be vastly more useful IMHO than re-building everything on top of a dumbed down protocol: Wayland.
The solution the Wayland guys offer for remote desktop: Use RDP. As if this proprietary protocol from Microsoft never had security problems....
Also, for a different perspective. Look at this: ... and don't jump to conclusions based on the title. Just watch and pay attention especially with respect to the comments about security of core X11 vs. Qt. And then maybe don't use KD anymore.
http://media.ccc.de/browse/con...
In my opinion, breaking compatibility with the X protocol would be the biggest strategic blunder Linux community coud do. Even bigger than messing with the GUI in stupid ways exactly when everybody using Windows is frustrated with the GUI
If you don't check for an error due to sloppy coding, you get a failure sometime later which can be quite hard to debug. If you don't handle an exception, your program exits, and if you can repro the problem under a debugger, any good debugger will break where the exception is thrown - immediately debuggable. Which approach better protects customer data from bugs?
Without exceptions, you would put in an assertion which would give you the same debuggability (and the compiler would warn if you completely forget to handle the return code). The only advantage of exceptions is that you can ignore the error on the intermedate level and try to handle it higher level instead. This might be useful, but opens up an entire class of new - and very hard to debug - failures from code which is not exception-safe. RAII helps with this, but has its limits.
I understand RAII just fine.
In fact, what you say seems to be in agreement with my statement: "Provided you never have cyclic mutable graphs" "only some memory and resource leaks go away".
You can wrote very fast an elegant code in C++ just as easily as in C - it's just a different tool set. C++ is not for writing code using the same approach one uses with C; It's terrible for that.
True, because it is basically terrible for everything, it is terrrible also for using it in the same way as C.
But once you understand scoped objects, all memory and resource leaks go away (well, you can attach something to a global structure and forget about it, but you can mess that up in any language). That alone is a huge win.
Yes, RAII is nice. But only *some* memory and resource leaks go away, basically the ones which are trivial, because allocation and deallocation simply follow lexical scope. Ofcourse, this is only trivial in languages which do not have exceptions. Exceptions make this simple thing very complicated, and without RAII it is indeed almost impossible to avoid resource leaks in C++. But without exceptions, it is not so much of a deal. In other words, RAII had to be invented after the fact to make exceptions usable in C++ because - again - some feature were introduced without much thought.
C++ has one terrible, fundamental flaw: the learning curve is too high. There's just about nothing where the "right way" is obvious, or even common. And so few people get to real expertise that there's not a common library that collects all those right ways and makes them easy to learn! It's a tragedy, really.
This is only a tragedy for people who have to use C++ or think they have to. There is nothing more liberaring than to realize that all this complexity of C++ is completely unnecessary.
I disagree that the complexity from C++ is only the result of being the compromise of these three properties. Ofcourse, such a language would be somewhat more difficult than a new language without backwards compatibility to C, but I still think that most complexity in C++ comes from adding whatever feature was cool at the time *without too much thought*. I had to debug my fair share of subtle problems in C++ code (mostly from other people - I stopped using C++ for my own projects years ago) and usually the problems are the new language features that C++ added to C which cause problems. I know excellent programmers who can use them correctly, but most don't. The reason is that they have surprising and hard to understand properties. See, for example, the keynote of Scott Meyer (Effective C++) at the d language conference this year. He lists a lot of arbitrary design flaws in C++.
Please understand that there are many gaps in our knowledge in almost all areas of science. The conclusion that "clearly they don't understand the system" because there are some effects which are not yet completely understood is basically the standard argument brought up by all kinds of people against scentific findings which go against their esoteric beliefs.
For example: "they don't know how life originated, clearly they do not understand life so evolution is wrong and god created the earth 6000 years ago". Or: "they don't know how the brain works, clearly they do not understand anything about it so how can they know that mind does not life in another esoteric dimension where it can commincate with the deaths".
This kind of argument ignores that there is a lot of stuff we actually do know - including the climate. I kindly suggest hat you leave it to people who studied these problems to comment about what "we" know about it and what not and not try extrapolate from your helpdesk experience about something you cannot possible have any clue about from working at a helpdesk.
This is circular reasoning. You can just turn that argument around: If the law says the inventions always belong to the inventor and not to the company, then the salary cannot be compensation for the rights to the inventions. If the company is not happy with this, then DON'T OFFER THAT JOB. See, works either way.
No, as far as I know it runs Wayland. The same as Jolla. I would replace my aging N9 with a new Linux phone with X11, but sadly there is none. We now have Linux phones with no backwards compatibility to Linux... Sigh.
Something like this: http://srp.stanford.edu/links....
I wonder why this has never been implemented in openssh. (There are patches and it is supported by lsh).
It seems you are right about the password authentication. Somehow I thought SSH would do something more clever where the password is not sent over the network, but this does not seem to be the case. In this case public key would still be safer (two factors), but SSH would not leak your password during a MITM attack.
I doubt this. There are people who verify the fingerprints. And even if you do this only sometimes this is useful. So a large scale MITM attack on ssh would be very obvious. Also if you do a MITM on ssh you would not be able to obtain the password, because it is not transmitted. So to expand the attack they would need to MITM the ssh connections and then use this to install a backdoor. I would say this is far to intrusive to do on a large scale.
Somehow these journals need to be paid for their work. Peer review is not free, publishing is not free. Just putting it all out on the Internet for free is not a viable business model, as is proven by the many pay-to-publish crap journals discussed here many times recently.
While I agree with most other things you said, I think you got this completely wrong. Peer review is done by volunteers and publishing is relatively cheap (and the traditional scientific publishers make a lot of profit). You can easily operate a journal with very minor resources. And this is exactly the reason there are many pay-to-publish journals which are crap. It is just very cheap to set them up. But not all of these journals are crap (PLOS ONE is the most prominent example of a highly-ranked journals of this kind) and those which are crap are not because they are pay-to-publish. And many traditional publishers have crap journals too (remember the fake journals from Elsevier?). There is simply no direct relationship between the publishing model and quality.
The real reason the good journals are still mostly the traditional ones is simply momentum. As a scientist you need to publish in good journals to get attention to your work. The good journals get to select the most interesting research because everybody submits there first. And the readers (other scientists) read these journals exactly because it has the most interesting content. It is a self-sustaining cycle. Because - as you said - scientists have usually free institutional access to most journals, there is also not too much pressure for change. Only the public gets screwed because it does not get direct access to the research output and also because university libraries have to pay for the over-priced journals. But things are slowly changing because funding agencies start to demand open-access.
The violation of Bell's inequalities shows that there are no local hidden variable theories, but there might be non-local hidden variable theories. But in contrast to what you seem to think, non-local hidden variables theories do not necessarily enable faster than light (FTL) communication.
.
I am still angry about Nokia. 10 thousands of jobs lost and the only mobile platform which was nice from a technology point of view destroyed. All for a hopeless attempt to get some market shared for Windows Mobile.
Well, the truth is we have the non-locality anyway. Whatever happens which reduces the measurement to a definite result is non-local. And - ofcourse - there has to be something like this. Stil, I am not too convinced by the pilot wave theory, but it is at least an attempt to deal with the inherent problems of QM by trying to create a proper physical theory, not by philosophical bullshit.
Non-locality means transmission of information with faster-than-light speeds
No. There is some kind of non-locality which does not imply FTL transmisson of information.The effects in QM are exactly of this kind.
Sadly, the CIA has already set a new standard here.
Rather obviously it does not work out in the wash. This discussion was about the massive waste of energy in the US which leads to a per capita consumption which is about twice that of other highly developed countries such as Japan and Germany and order of magnitude compared to developing countries. The externalities of the energy use affect people globally (like the war in Iraq and its dire consquences or global warming). As such, your idea that "It's not to anyone's detriment other than the person spending" is simple wrong.
I am not sure why you think rewriting in a different way is the solution. One could also refactor and fix bugs (which is being done).
For example the implementation of the core X protocol has been described as good by the guy who found these bugs (because
bugs have already been fixed in the past). New code will not automatically be better: E.g. compare his comments about Qt and KDE.
From looking at it superficially, Wayland seems to be a pretty good code quality though. I am just not too much a fan of breaking
compatibility with the on-the-wire protocol of X.
Yes.
Why can't you use ssh -X ?
Yes, most Linux distributions seem to have used -tcp nolisten for quite a while. ssh -X still works fine and is very useful (IMHO).
Original story:
http://it.slashdot.org/story/1...
CCC talk:
http://media.ccc.de/browse/con...