A virus spreads because of applications running on a large population of machines share the same security hole. Bearing in mind the sheer number of different Linux distros there are, running different kernels, desktops and daemon applications, there really are very few applications that are common to a lot of machines that would also be capable of propogating a virus.
You mean Linux is secure by obscurity? We all know how secure that is.
Additionally, the tendency for users to run programs at root level on Linux machines is much less than users running programs with administrator priveliges on Windows - this is because the security model on Linux is much simpler, without complexities of things like the registry,
Heard of SELinux policies? ACLs in Linux? The days of rwx are long gone.
such that the only files a normal user can damage (on a properly configured Linux system) are their own ones.
Um, say what? I don't *care* if the OS gets damaged, so long as my files are clean. If you're going to tell me that/usr/ is intact, but my files are all gone, my reaction won't be pretty.
Before I am accused of being a fanboy, the vulnerabilities in Linux (or any UNIX-like OS) are from buffer overflow attacks that cause a running daemon to drop to a (root) shell prompt allowing access to the system. However, these types of attacks are very directed against specific machines because they only work against specific versions of, say, FTP or Telnet on the system. Nowadays, of course, the tendency is to avoid using these daemons on the public internet anyway, instead opting to use secure services like SSH, SFTP & SCP.
What rubbish. What makes you think SSH & friends are immune from buffer overruns? You claim to "work" in OS security. Are you the nightly security guard for an OS company?
I assume you're merely explaining why it's the case and not rationalising it. Of course I agree that's the explanation, but I think it shows a complete lack of perspective. If you're actually justifying it, wow, all I can say is hope you sleep well every night.
Say what? I know America does not care about Iraqis. Your original comment implies *you* don't as well; you're more interested in thousands of soldiers over hundreds of thousands of civilians; that's what pissed me off.
While what you say is all fine and dandy, it's still a net loss for the entire connected world if there are multiple DNS islands. Maybe those commenting are trying to prevent that?
> Here's a thought for non-Americans who care about freedom of speech. You are probably a real minority.
Do you understand basic arithmetic? There are 300 million Americans and 5.7 billion "non-Americans". It's much easier being the majority among 300 million than among 5.7 billion. Comparing the two is stupid.
In fact, in UNIX, in addition to hot-replacing the application, you still have all the options you have in Windows for this: ask the user to quit the application, kill the application processes, or reboot. So, you don't lose anything.
And that's what Linux package managers do: if they come with an important security update in libc, they'll reboot the machine unless you cancel out of it. (It happens once in a blue moon.)
True. Except each package manager has to handle this in code, and every package manager does it differently. If you agree that every package manager *has* to do this (for security reasons), why not spit it out into a layer beneath, i.e. the filesystem? This is what Windows/NTFS does. It's arguably a philosophical issue, and I'm not saying it's necessarily better, but it's indeed something to think about.
While this may be true, it is possible to determine if other programs currently have your (old) library loaded up, and if they don't, you can safely replace it. Yes, it's even possible that one might ask the user to terminate the specific programs that are using the library, and if they don't want/can do that at the moment, to schedule the update for the next boot up.
I agree. That said, a lot of core Windows components use the HTML renderer (like the shell for "Active Desktop" and explorer.exe), and there's no easy way of restarting them [1]. So Microsoft takes the easy way out by requiring a reboot for IE7. I don't agree with them necessarily, but it's not as simple as you write.
[1] "easy" meaning easy for Grandma. You and I can launch cmd.exe, attach ntsd to explorer.exe, kill the process, install IE7 and then restart explorer.exe, but not everyone can. And think of the support costs if Microsoft actually lets customers do this!
(In Unix) if one process deletes a file that is opened by any process, then that file will be unlinked from the filesystem, but remain useable to the process that was already using the file.
This is also broken for a different definition of "broken". If I install a newer version of lib that has a security update, I want all the processes that use the lib to start using the updated version *NOW*.
Notice how I didn't say "A perfect example of why the filesystem model in Unix is insecure".
Except for the very far-right fringe (and rabid anti-H1B posters on this forum called slashdot), I don't think anyone is seriously arguing that we should stop legitimate immigration of people with skills that are in-demand, here in the United States.
Wrong. If I were Spamhaus and I believe the jurisdiction doesn't apply to me, I can do whatever the hell I want, including show the court the finger, lie to it, etc.
Hmm? If spamhaus is based in the UK, they can do whatever the hell they want to a US court - ignore them, show them the finger, feed them bullshit. Nothing is ever inappropriate, or atleast in theory.
Although I speak fluent german, I can't work in Germany or Austria. A company has to advertise for 3 months for an EU resident to fill a slot before they can sponsor a visa for me.
Do you have any idea how US work visas or immigration visas work? Thought not. Do you think it's very different here? Nope.
It's like Veganism...Sounds good on paper, but is unworkable in reality.
I've been Vegan for some years, and am still alive and healthy. Do you care to elaborate on "unworkable in reality"?
Good you didn't attempt to compare MySQL with MS SQL server. MS would have had a field day exposing all the shortcomings in the toy database. Next time consider Firebird or Postgresql or even Ingres, all open-source.
It's not like you need to trust some random poster on/. versus the Oxford University Press. I cited one reference from the US LoC, but if you wanted to, I'm sure you could find more.
And there's still the question of how you'd distinguish vocalic L and retroflex L otherwise.
I don't know about Proto-Indo-European, so I can't comment there. Regarding Devanagari, I am aware that some Sanskrit textbooks use an underneath dot, but I'm also aware that they're wrong. Authoritative textbooks would use the ring. You should probably look at books not typeset using computers - older fonts didn't have the ring, so they might have used the dot as a compromise.
Like I said, since the dot is used for another character, it's simply unworkable. I suspect this ring/dot confusion happened when someone misinterpreted the ring as a dot (smudged printing? lack of ring in some font?). I suspect you'd want references; here's one from the US Libary of Congress:
BTW, nice website! Hope you find the time to update it with other articles. While I've found tons of articles about LaTeX for English, Math symbols, German etc., haven't found too much about using Unicode with LaTeX.
So the Latin Extended Additional Range U+1E00-U+1EFF works for the most part, but there are a couple of pre-composed characters missing. The official policy of Unicode is that introducing more pre-composed characters is impossible, because of normalisation table stability concerns, and also because we can use decomposed characters (aka letters with combining marks) anyway, so there's no motivation.
BTW, if you wanted an example of a missing pre-composed character, its actually vocalic R. vocalic R is *not* transliterated as U+1E5B (which is U+0072 U+0323 in NFD). Its actually U+0072 U+0325 which has no pre-composed form. U+1E5B is Devanagari Letter DDDHA or U+095C. Similarly, vocalic L is U+006C U+0325 and not U+006C U+0323 (same as U+1E37). The latter is used for Devanagari LLLA U+0933 among other things.
Right. And for a Masters thesis, designing a font is worth it, but not for too many other projects (I used LaTeX for my Masters thesis too although I didn't design a font).
I'm afraid I don't have an answer to your question though. Word, OO.o, KOffice all suck, but atleast they do Unicode well (they use Uniscribe/Pango etc.). For the moment, I use OO.o.
Most UTF-8 software doesn't handle Devanagari well. LaTeX is hardly in the stone age compared to other programs.
Now you're just back-pedalling. I have to typeset Devanagari and Tamil. I don't use software that cannot handle it easily. LaTeX, otherwise well-designed, doesn't cut it. So I don't use it anymore.
BTW, lots of UTF-8 software do handle Devanagari/Tamil. Software that don't do any rendering handle it just fine, like bash, vim and most of the GNU utils. On Linux, the ones that do rendering mostly go through either Pango or QT. And then there are software that actually do the heavy lifting themselves - yudit, mlterm etc.
Incidentally, it is possible to typeset very elegant Devanagari with LaTeX. Charles Wilker's A Practical Sanskrit Introductory was typeset in TeX. See his explanation for more details. While Devanagari cannot be entered as straightforwardly as most other scripts, it can still be typeset.
Thanks for the link. I've actually used plain old ucs to typeset Devanagari and Tamil but I had to jump through all kinds of hoops to just key in the script. I have tons of plain-text (UTF-8) files and I wish I could just type in the appropriate LaTeX markup and just run LaTeX. My original thesis, which I stand by, is that (La)TeX was originally designed as an 8-bit system and it shows.
Actually, I find (La)TeX sub-par even for accented Latin (as used in IAST, for example). I don't want to have to treat combining characters differently from regular Latin.
Accented Latin doesn't require combining characters, since macron-ed vowels are distinct characters in Unicode. When I write a LaTeX document with Latin, I enter all characters in just plain, direct UTF-8.
Say what? Macrons are not the only accents. Read up on IAST and tell me how you typeset the Latin transliterations of the Devanagari vocalic R or the Tamil aytham without combining characters.
Slashdot Mirror
A virus spreads because of applications running on a large population of machines share the same security hole. Bearing in mind the sheer number of different Linux distros there are, running different kernels, desktops and daemon applications, there really are very few applications that are common to a lot of machines that would also be capable of propogating a virus.
You mean Linux is secure by obscurity? We all know how secure that is.
Additionally, the tendency for users to run programs at root level on Linux machines is much less than users running programs with administrator priveliges on Windows - this is because the security model on Linux is much simpler, without complexities of things like the registry,
Heard of SELinux policies? ACLs in Linux? The days of rwx are long gone.
such that the only files a normal user can damage (on a properly configured Linux system) are their own ones.
Um, say what? I don't *care* if the OS gets damaged, so long as my files are clean. If you're going to tell me that /usr/ is intact, but my files are all gone, my reaction won't be pretty.
Before I am accused of being a fanboy, the vulnerabilities in Linux (or any UNIX-like OS) are from buffer overflow attacks that cause a running daemon to drop to a (root) shell prompt allowing access to the system. However, these types of attacks are very directed against specific machines because they only work against specific versions of, say, FTP or Telnet on the system. Nowadays, of course, the tendency is to avoid using these daemons on the public internet anyway, instead opting to use secure services like SSH, SFTP & SCP.
What rubbish. What makes you think SSH & friends are immune from buffer overruns? You claim to "work" in OS security. Are you the nightly security guard for an OS company?
Yes.
I assume you're merely explaining why it's the case and not rationalising it. Of course I agree that's the explanation, but I think it shows a complete lack of perspective. If you're actually justifying it, wow, all I can say is hope you sleep well every night.
Say what? I know America does not care about Iraqis. Your original comment implies *you* don't as well; you're more interested in thousands of soldiers over hundreds of thousands of civilians; that's what pissed me off.
What about the blood of hundreds of thousands of Iraqi civilians?
while India has already ordered legislation of software patents.
While what you say is all fine and dandy, it's still a net loss for the entire connected world if there are multiple DNS islands. Maybe those commenting are trying to prevent that?
Do you understand basic arithmetic? There are 300 million Americans and 5.7 billion "non-Americans". It's much easier being the majority among 300 million than among 5.7 billion. Comparing the two is stupid.
Wake me up when MythTV doesn't depend on a toy database and starts supporting real databases.
And that's what Linux package managers do: if they come with an important security update in libc, they'll reboot the machine unless you cancel out of it. (It happens once in a blue moon.)
True. Except each package manager has to handle this in code, and every package manager does it differently. If you agree that every package manager *has* to do this (for security reasons), why not spit it out into a layer beneath, i.e. the filesystem? This is what Windows/NTFS does. It's arguably a philosophical issue, and I'm not saying it's necessarily better, but it's indeed something to think about.
I agree. That said, a lot of core Windows components use the HTML renderer (like the shell for "Active Desktop" and explorer.exe), and there's no easy way of restarting them [1]. So Microsoft takes the easy way out by requiring a reboot for IE7. I don't agree with them necessarily, but it's not as simple as you write.
[1] "easy" meaning easy for Grandma. You and I can launch cmd.exe, attach ntsd to explorer.exe, kill the process, install IE7 and then restart explorer.exe, but not everyone can. And think of the support costs if Microsoft actually lets customers do this!
This is also broken for a different definition of "broken". If I install a newer version of lib that has a security update, I want all the processes that use the lib to start using the updated version *NOW*.
Notice how I didn't say "A perfect example of why the filesystem model in Unix is insecure".
Except for the very far-right fringe (and rabid anti-H1B posters on this forum called slashdot) , I don't think anyone is seriously arguing that we should stop legitimate immigration of people with skills that are in-demand, here in the United States.
Wrong. If I were Spamhaus and I believe the jurisdiction doesn't apply to me, I can do whatever the hell I want, including show the court the finger, lie to it, etc.
Hmm? If spamhaus is based in the UK, they can do whatever the hell they want to a US court - ignore them, show them the finger, feed them bullshit. Nothing is ever inappropriate, or atleast in theory.
Do you have any idea how US work visas or immigration visas work? Thought not. Do you think it's very different here? Nope.
P.S. Yup, I'm a foreign worker in the US.
It's like Veganism...Sounds good on paper, but is unworkable in reality. I've been Vegan for some years, and am still alive and healthy. Do you care to elaborate on "unworkable in reality"?
Good you didn't attempt to compare MySQL with MS SQL server. MS would have had a field day exposing all the shortcomings in the toy database. Next time consider Firebird or Postgresql or even Ingres, all open-source.
It's not like you need to trust some random poster on /. versus the Oxford University Press. I cited one reference from the US LoC, but if you wanted to, I'm sure you could find more.
And there's still the question of how you'd distinguish vocalic L and retroflex L otherwise.
I don't know about Proto-Indo-European, so I can't comment there. Regarding Devanagari, I am aware that some Sanskrit textbooks use an underneath dot, but I'm also aware that they're wrong. Authoritative textbooks would use the ring. You should probably look at books not typeset using computers - older fonts didn't have the ring, so they might have used the dot as a compromise.
r it.pdf
Like I said, since the dot is used for another character, it's simply unworkable. I suspect this ring/dot confusion happened when someone misinterpreted the ring as a dot (smudged printing? lack of ring in some font?). I suspect you'd want references; here's one from the US Libary of Congress:
http://www.loc.gov/catdir/cpso/romanization/sansk
BTW, nice website! Hope you find the time to update it with other articles. While I've found tons of articles about LaTeX for English, Math symbols, German etc., haven't found too much about using Unicode with LaTeX.
This is awesome news, thank you so much!! I'll check it out tonight. If it does handle OT correctly, that'll solve all my typesetting woes.
BTW, if you wanted an example of a missing pre-composed character, its actually vocalic R. vocalic R is *not* transliterated as U+1E5B (which is U+0072 U+0323 in NFD). Its actually U+0072 U+0325 which has no pre-composed form. U+1E5B is Devanagari Letter DDDHA or U+095C. Similarly, vocalic L is U+006C U+0325 and not U+006C U+0323 (same as U+1E37). The latter is used for Devanagari LLLA U+0933 among other things.
Right. And for a Masters thesis, designing a font is worth it, but not for too many other projects (I used LaTeX for my Masters thesis too although I didn't design a font). I'm afraid I don't have an answer to your question though. Word, OO.o, KOffice all suck, but atleast they do Unicode well (they use Uniscribe/Pango etc.). For the moment, I use OO.o.
BTW, lots of UTF-8 software do handle Devanagari/Tamil. Software that don't do any rendering handle it just fine, like bash, vim and most of the GNU utils. On Linux, the ones that do rendering mostly go through either Pango or QT. And then there are software that actually do the heavy lifting themselves - yudit, mlterm etc.
Thanks for the link. I've actually used plain old ucs to typeset Devanagari and Tamil but I had to jump through all kinds of hoops to just key in the script. I have tons of plain-text (UTF-8) files and I wish I could just type in the appropriate LaTeX markup and just run LaTeX. My original thesis, which I stand by, is that (La)TeX was originally designed as an 8-bit system and it shows.
Say what? Macrons are not the only accents. Read up on IAST and tell me how you typeset the Latin transliterations of the Devanagari vocalic R or the Tamil aytham without combining characters.