So password guess-ability is a big issue. In which case certificates are more secure than even "hard" passwords, never mind the ones people usually pick.
Yeah. Or, he could go the actual, user-friendly route and just implement connection throttling, tarpitting, or similar technology to limit inbound ssh attempts.
As you say, this is not the kind of attack the question was about. But the point is that PKI is fundamentally more secure.
It sure is! And, like most security measures, there is a tradeoff between the security provided and user and administrative overhead and costs. And as I already said, for most people, the cost-benefit analysis for PKI simply fails.
Remember, security is all about risk management. The risk of some brilliant hacker walking into the office, swiping some passwords, and using that to gain access to a corporate network is, for most industries, companies, and individuals, just not that great. And if it's a real concern, you're much better off limiting physical access by using keycards and hiring a security guard.
I actually go one step further: after IPv6-enabling my site, I only allow v6 ssh inbound. Since Teredo makes it possible to get v6 from nearly anywhere, it doesn't cause any inconvenience, and ssh attacks have basically vanished. 'course, it won't last forever, but it works great right now.
Password guess-ability is not the big security issue. The problem with passwords is that people write them down and leave them in unsecure locations [stanbiron.com]. Or they fall victim to phishers or other social engineers.
Except, of course, that's not the class of attack the individual posting the question was asking about. His problem is securing a site from random attackers on the internets, not from attacks as a result of a breach of physical security.
Furthermore, other than cases of internal attacks (ie, disgruntled employees, etc), or honest-to-god corporate espionage, the risk of a written-down password being pilfered and used as an attack vector into a system is next to nil. As such, switching to non-password-based authentication fails the cost-benefit ratio for your average admin (the cost primarily being in time, both for the supporting admin and the confused users), and in fact, when comparing the dangers of complex passwords being written down and then stolen, versus weak passwords being guessed by a random attacker, the former is *far* less likely in general, and thus a far more preferable situation.
Since when did Slashdot ever use 80% of an article verbatim?
Sorry, no, any website doing *that* should be shut down. I hate those assholes. They're the reason why a search for a given term in Google pops up thousands of sites with the *exact same content*, just ripped from one another.
Or maybe it's good that Mint and others exist, as then Canonical can focus on what they see as their vision, and those other distros can cater to the whims of other users.
Why does the standard gamut of replies to criticism of any OSS project always include "well, you don't have to use it...".
Uhh, because that's the correct answer? Ubuntu is driven by a vision, and users will use it or not because of that vision. Don't like the vision? Change distros. It's not the job, nor can it be the job, of Ubuntu to cater to ever single whim and desire of its potential userbase.
The same is true of people who bitch about Debian being too behind-the-times, Gentoo being too much of a pain with all the compiling, Fedora for... whatever reason some jackoffs don't like Fedora. Fortunately, the distro world is absolutely lousy with high-quality distros... aside from the four already mentioned, there's OpenSUSE, Mandrake, and I'm sure many others I've left out.
So, KDE whiners and Ubuntu theme haters, please: fuck off and find your own distro.
The primary reason that youth seems not to like it is a cool factor thing, not because the music itself is in some way offensive.
Or maybe they just, you know, don't like it, in the same way that I don't like country or punk. Yes, I know, it's shocking: not everyone has to like classical! *gasp*
The only real justification for a dedicated e-reader device is that it can be locked to a company's book service.
Yeah! It's like the iPod! The only justification for that thing is so that you can be locked into iTunes. But everyone knows you can just plug headphones into a laptop, and then you can play back whatever you want! Idiot sheeple...
And you'd be wrong. The people buying these things probably have no idea they can even get books outside of Amazon's walled garden. As such, why would they care what the reader could read, so long as it works well with Amazon's online store?
As an aside, though, the Kindle *is* open in terms of "what you can read on it". i.e. you can populate it with unencrypted content that hasn't been purchased through Amazon's system.
They could also burn money and give stuff away for free.
Loss leaders are not generally a good idea if you want to make progress in business.
"Loss leader"? I don't think that means what you think that means. The 3G plans are paid for by incorporating the cost into the price of the book, and since you only use 3G when you buy a book (generally speaking), any use of the plan is immediately paid for when the book is purchased.
Plus, they're great for reading in bed. Anyone who's tried to read lying on their side knows how much of an *enormous* pain in the ass regular paper books are. It's just not doable. But an ereader is perfectly comfortable.
I'm pretty sure they don't realize that this to some degree is the public face of KDE
And that's Kubuntu's problem, somehow? If the KDE guys don't like it, maybe they can lend some talent to the project. But it sure as hell isn't Ubuntu's job to be KDE's ambassador to the world. Hell, by your argument, it'd be better for KDE if the Kubuntu project simply ceased to exist.
He blew off or dismissed most of the important questions. As other commenters have said, he didn't acknowledge Ubuntu's terrible implementation of KDE, Gnome's short comings, nor the sound issue.
Oh, you KDE whiners. Everything about Gnome sucks. Everything about KDE rules.
Did it every occur to you that some people might actually hold the opposite opinion? That they might be glad Ubuntu chose a single desktop to focus on, rather than dividing their efforts, and picks Gnome, which is sleek, clean, and works, rather than the horrible, ugly, cluttered mess that is KDE?
No, of course not! KDE is the shit, amirite! Clearly Canonical are just idiots!
Have you any idea what's going on in Kubuntu with Operation Timelord? That's as close as you can get to saying 'We're tired of Ubuntu is fucking us, so we're blowing this popstand and doing it right.'
Buh? As far as I can tell, "Operation Timelord" is as close as Kubuntu can get to admitting that they've fucked up in the past and need to fix some things. Every single one of the items they plan to tackle to improve the project addresses how *Kubuntu* is managed. Improving localization, changing how bugs are tracked, decided not to release shitty KDE packages... that's all work in Kubuntu's camp, and has nothing to do with core Ubuntu.
Sometimes that openness will mean embracing Microsoft in order to meet a customer's needs.
and somehow extrapolate it to the point where you fear a 'new "don't offend Microsoft" vibe'. Well done! You've clearly demonstrated the utter crazy that seems to infuse the more rabid among "freedom-first software advocates"!
And the "annoying" part is quite subjective, of course. I never had trouble with it in any of the languages where I had to deal with it (Python, Haskell, F#) - quite the opposite, in fact.
Yes, but lets take Haskell as an example. In Haskell, you don't nest your code that deep. At most you'll have maybe one let or where block, and if you need to go deeper, you'll start splitting things out into multiple functions. It's simply the nature of the way the code is written and organized. As such, you're never indenting very deep.
But Python inherits directly from Algol and similar nested-block languages, where multiple lexical levels, up to three, four, or more levels deep (thanks to classes, functions, loops, conditionals, lambdas, etc), are extremely common. In that case, suddenly that whitespace becomes very significant indeed, and far more tedious to deal with.
So yeah, for Haskell or F# I don't mind at all, because the very nature of the language means deep indentation just doesn't happen that often, and the language itself actively discourages it by making it really really annoying.:) But for imperative, block-oriented languages, I'm sorry, there's just no good reason for semantically significant indentation (decent programmers format their own code and don't need the language enforcing it for them), and solid reasons against it.
That's a perfect example of a solid theoretical concern that never, ever comes up in practice.
Yes, people never move code between lexical levels. oO
And by the way, yes, I've come across this in real-life. Yes, it's really fucking annoying. And yes, it turned me off Python as a primary scripting language (given the plethora of alternatives, there's no reason to put up with an annoyance like that when I can move to a language that better suits my way of working).
Interesting! That's definitely better. Pity you can't put the 'pass' at the same level of the 'if', so that the block is more clearly delimited. But at least this is an improvement (I wonder if Vim can also use 'pass' as an auto-indent hint...).
Junior coders only don't indent because they think it's stupid
Uh, I think you mean programming neophytes.
I have *never* met a "junior coder", ie a new employee fresh out of school, who didn't understand the value of indentation. And if I *did* come across such an individual, a) they would've never gotten past our interview cycle, and b) if they somehow squeaked through, they'd be terminated immediately, as it's clear they are unable to perform the job for which they've been hired.
For the neophytes, they're write ugly code for a while, get bad grades for style, and then gradually improve, and eventually learn the value of it. But that's why they go to school in the first place.
Yes, really. It is *impossible* for PythonMode to, without fail, *correctly* auto-indent a piece of Python code. For example, given this:
if expression:
do something do something else
It is impossible for the editor to determine whether or not I wanted that second expression executed within the context of the if block, barring my delimiting the block explicitly, which, unfortunately, I can't do in Python. Of course, this is a trivial example, but the minute you start moving blocks of code around, particularly between various lexical levels, it can quickly become quite tedious ensuring that the code is indented properly, as the editor can't do it for me.
For example, suppose I have this:
if expression:
do something
do another thing
if another expr:
do one more thing
And I then move the code as follows:
if expression:
do something if another expr:
do one more thing
do another thing
Do you know what I meant to do? Did I intend to move the second if within the first, or did I intend for that second expression in the first if statement to execute in the second if statement? Answer: you have no idea, because the lack of bracing makes it impossible to determine where the blocks are supposed to start and end.
Now, maybe you're a magical experienced programmer who never has to refactor anything (your low UID would suggest you aren't a newb, though your comment seems to suggest otherwise). But the rest of us cut/copy/paste blocks of code pretty damn frequently. And Python's very nature cripples an editor's ability to help the programmer get such operations right.
Bah, not laches, promissory estoppel. Though, reading more comments, it looks like that doesn't work, as Activision had a "subject to approval" clause in their little gentlemen's agreement, which provides a rather nice loophole for Vivendi.
Slashdot Mirror
So password guess-ability is a big issue. In which case certificates are more secure than even "hard" passwords, never mind the ones people usually pick.
Yeah. Or, he could go the actual, user-friendly route and just implement connection throttling, tarpitting, or similar technology to limit inbound ssh attempts.
As you say, this is not the kind of attack the question was about. But the point is that PKI is fundamentally more secure.
It sure is! And, like most security measures, there is a tradeoff between the security provided and user and administrative overhead and costs. And as I already said, for most people, the cost-benefit analysis for PKI simply fails.
Remember, security is all about risk management. The risk of some brilliant hacker walking into the office, swiping some passwords, and using that to gain access to a corporate network is, for most industries, companies, and individuals, just not that great. And if it's a real concern, you're much better off limiting physical access by using keycards and hiring a security guard.
I actually go one step further: after IPv6-enabling my site, I only allow v6 ssh inbound. Since Teredo makes it possible to get v6 from nearly anywhere, it doesn't cause any inconvenience, and ssh attacks have basically vanished. 'course, it won't last forever, but it works great right now.
Password guess-ability is not the big security issue. The problem with passwords is that people write them down and leave them in unsecure locations [stanbiron.com]. Or they fall victim to phishers or other social engineers.
Except, of course, that's not the class of attack the individual posting the question was asking about. His problem is securing a site from random attackers on the internets, not from attacks as a result of a breach of physical security.
Furthermore, other than cases of internal attacks (ie, disgruntled employees, etc), or honest-to-god corporate espionage, the risk of a written-down password being pilfered and used as an attack vector into a system is next to nil. As such, switching to non-password-based authentication fails the cost-benefit ratio for your average admin (the cost primarily being in time, both for the supporting admin and the confused users), and in fact, when comparing the dangers of complex passwords being written down and then stolen, versus weak passwords being guessed by a random attacker, the former is *far* less likely in general, and thus a far more preferable situation.
anyone who even participated in the popularization of karaoke should be tried by an international court.
I know! Fucking assholes having fun *singing*! How dare they! Bastards!
Well, given the fair use doctrine still exists, there will always be a lower bound at which their legal actions will no longer have any basis.
Since when did Slashdot ever use 80% of an article verbatim?
Sorry, no, any website doing *that* should be shut down. I hate those assholes. They're the reason why a search for a given term in Google pops up thousands of sites with the *exact same content*, just ripped from one another.
Or maybe it's good that Mint and others exist, as then Canonical can focus on what they see as their vision, and those other distros can cater to the whims of other users.
Why does the standard gamut of replies to criticism of any OSS project always include "well, you don't have to use it...".
Uhh, because that's the correct answer? Ubuntu is driven by a vision, and users will use it or not because of that vision. Don't like the vision? Change distros. It's not the job, nor can it be the job, of Ubuntu to cater to ever single whim and desire of its potential userbase.
The same is true of people who bitch about Debian being too behind-the-times, Gentoo being too much of a pain with all the compiling, Fedora for... whatever reason some jackoffs don't like Fedora. Fortunately, the distro world is absolutely lousy with high-quality distros... aside from the four already mentioned, there's OpenSUSE, Mandrake, and I'm sure many others I've left out.
So, KDE whiners and Ubuntu theme haters, please: fuck off and find your own distro.
The primary reason that youth seems not to like it is a cool factor thing, not because the music itself is in some way offensive.
Or maybe they just, you know, don't like it, in the same way that I don't like country or punk. Yes, I know, it's shocking: not everyone has to like classical! *gasp*
The only real justification for a dedicated e-reader device is that it can be locked to a company's book service.
Yeah! It's like the iPod! The only justification for that thing is so that you can be locked into iTunes. But everyone knows you can just plug headphones into a laptop, and then you can play back whatever you want! Idiot sheeple...
And you'd be wrong. The people buying these things probably have no idea they can even get books outside of Amazon's walled garden. As such, why would they care what the reader could read, so long as it works well with Amazon's online store?
As an aside, though, the Kindle *is* open in terms of "what you can read on it". i.e. you can populate it with unencrypted content that hasn't been purchased through Amazon's system.
They could also burn money and give stuff away for free.
Loss leaders are not generally a good idea if you want to make progress in business.
"Loss leader"? I don't think that means what you think that means. The 3G plans are paid for by incorporating the cost into the price of the book, and since you only use 3G when you buy a book (generally speaking), any use of the plan is immediately paid for when the book is purchased.
Bah, that's not a trick, that's just a hacky workaround to deal with a limitation in the format. :)
Plus, they're great for reading in bed. Anyone who's tried to read lying on their side knows how much of an *enormous* pain in the ass regular paper books are. It's just not doable. But an ereader is perfectly comfortable.
I'm pretty sure they don't realize that this to some degree is the public face of KDE
And that's Kubuntu's problem, somehow? If the KDE guys don't like it, maybe they can lend some talent to the project. But it sure as hell isn't Ubuntu's job to be KDE's ambassador to the world. Hell, by your argument, it'd be better for KDE if the Kubuntu project simply ceased to exist.
Bug bug bug BUG "bug" "BUG"!
Why, for god sakes, are the last two "bugs" in quotes? Are they some sort of ironic bugs? Is the wink implied?
(yes, this is a ripped off joke)
He blew off or dismissed most of the important questions. As other commenters have said, he didn't acknowledge Ubuntu's terrible implementation of KDE, Gnome's short comings, nor the sound issue.
Oh, you KDE whiners. Everything about Gnome sucks. Everything about KDE rules.
Did it every occur to you that some people might actually hold the opposite opinion? That they might be glad Ubuntu chose a single desktop to focus on, rather than dividing their efforts, and picks Gnome, which is sleek, clean, and works, rather than the horrible, ugly, cluttered mess that is KDE?
No, of course not! KDE is the shit, amirite! Clearly Canonical are just idiots!
Or, then again... maybe not.
Have you any idea what's going on in Kubuntu with Operation Timelord? That's as close as you can get to saying 'We're tired of Ubuntu is fucking us, so we're blowing this popstand and doing it right.'
Buh? As far as I can tell, "Operation Timelord" is as close as Kubuntu can get to admitting that they've fucked up in the past and need to fix some things. Every single one of the items they plan to tackle to improve the project addresses how *Kubuntu* is managed. Improving localization, changing how bugs are tracked, decided not to release shitty KDE packages... that's all work in Kubuntu's camp, and has nothing to do with core Ubuntu.
Wow, well, done, you managed to take this quote:
and somehow extrapolate it to the point where you fear a 'new "don't offend Microsoft" vibe'. Well done! You've clearly demonstrated the utter crazy that seems to infuse the more rabid among "freedom-first software advocates"!
And the "annoying" part is quite subjective, of course. I never had trouble with it in any of the languages where I had to deal with it (Python, Haskell, F#) - quite the opposite, in fact.
Yes, but lets take Haskell as an example. In Haskell, you don't nest your code that deep. At most you'll have maybe one let or where block, and if you need to go deeper, you'll start splitting things out into multiple functions. It's simply the nature of the way the code is written and organized. As such, you're never indenting very deep.
But Python inherits directly from Algol and similar nested-block languages, where multiple lexical levels, up to three, four, or more levels deep (thanks to classes, functions, loops, conditionals, lambdas, etc), are extremely common. In that case, suddenly that whitespace becomes very significant indeed, and far more tedious to deal with.
So yeah, for Haskell or F# I don't mind at all, because the very nature of the language means deep indentation just doesn't happen that often, and the language itself actively discourages it by making it really really annoying. :) But for imperative, block-oriented languages, I'm sorry, there's just no good reason for semantically significant indentation (decent programmers format their own code and don't need the language enforcing it for them), and solid reasons against it.
That's a perfect example of a solid theoretical concern that never, ever comes up in practice.
Yes, people never move code between lexical levels. oO
And by the way, yes, I've come across this in real-life. Yes, it's really fucking annoying. And yes, it turned me off Python as a primary scripting language (given the plethora of alternatives, there's no reason to put up with an annoyance like that when I can move to a language that better suits my way of working).
Interesting! That's definitely better. Pity you can't put the 'pass' at the same level of the 'if', so that the block is more clearly delimited. But at least this is an improvement (I wonder if Vim can also use 'pass' as an auto-indent hint...).
Junior coders only don't indent because they think it's stupid
Uh, I think you mean programming neophytes.
I have *never* met a "junior coder", ie a new employee fresh out of school, who didn't understand the value of indentation. And if I *did* come across such an individual, a) they would've never gotten past our interview cycle, and b) if they somehow squeaked through, they'd be terminated immediately, as it's clear they are unable to perform the job for which they've been hired.
For the neophytes, they're write ugly code for a while, get bad grades for style, and then gradually improve, and eventually learn the value of it. But that's why they go to school in the first place.
Yes, really. It is *impossible* for PythonMode to, without fail, *correctly* auto-indent a piece of Python code. For example, given this:
if expression:
do something
do something else
It is impossible for the editor to determine whether or not I wanted that second expression executed within the context of the if block, barring my delimiting the block explicitly, which, unfortunately, I can't do in Python. Of course, this is a trivial example, but the minute you start moving blocks of code around, particularly between various lexical levels, it can quickly become quite tedious ensuring that the code is indented properly, as the editor can't do it for me.
For example, suppose I have this:
if expression:
do something
do another thing
if another expr:
do one more thing
And I then move the code as follows:
if expression:
do something
if another expr:
do one more thing
do another thing
Do you know what I meant to do? Did I intend to move the second if within the first, or did I intend for that second expression in the first if statement to execute in the second if statement? Answer: you have no idea, because the lack of bracing makes it impossible to determine where the blocks are supposed to start and end.
Now, maybe you're a magical experienced programmer who never has to refactor anything (your low UID would suggest you aren't a newb, though your comment seems to suggest otherwise). But the rest of us cut/copy/paste blocks of code pretty damn frequently. And Python's very nature cripples an editor's ability to help the programmer get such operations right.
Bah, not laches, promissory estoppel. Though, reading more comments, it looks like that doesn't work, as Activision had a "subject to approval" clause in their little gentlemen's agreement, which provides a rather nice loophole for Vivendi.