You don't really understand how they make chips, do you?
It costs $X to make a wafer of CPU's. The more CPU's you get from that wafer, the cheaper each CPU costs. Large CPU Dies means fewer CPU's per wafer, thus high cost per wafer. Thus, each CPU die has a higher cost to manufacture than smaller dies.
Here's a free clue. Even if IE was 100% W3C compatible (whatever that means) and every other browser was as well (they're not) there would still be no guarantee that code that renders a certain way on one browser will look the same on any other browser. There are a variety of reasons for this, including platform specifics (fonts, font-sizes, default stylesheets, undefined behaviors, etc..).
Yes, your work is greatly reduced by having standards compliance across all browsers, but until the standard doesn't have loopholes the size of pitsburgh, there will always be differences.
The answer you will get is that ACID2 isn't a compliance test, something the tests authors also state. Acid tests a subset of features, plus several features that aren't a part of the standard, plus some deliberately malformed code.
Believe it or not, there is a valid reason for this. My understanding is that they designed the UI to make it more difficult for spoofing attacks where the site hides the controls and then creates new ones that show false information. The new, non-modifiable design addresses a major phishing issue, but at the cost of flexibility in the layout of controls.
Perhaps he might answer that they're doing the best that they can with the limited resources Microsoft has allocated to the IE team, and that it wasn't possible to completely rewrite IE from the ground up and implement every W3C standard 100% (despite no other browser having achieved that goal either) in the time frame required to ship a new release.
No, you're right, there's no other possible anser than that it's a conspiracy to deliberately keep the web broken. (rolling eyes)
You boot your computer, and it's sitting at a login prompt. How is this any less secure than sitting at a password prompt to boot the computer? Especially when you have a trusted boot path like the Trusted Computer Platform provides. you can't run programs, you can't do anything short of using a logic probe to try to decode the binary signals in-memory.
If you have a sufficiently strong login process, a boot password is just superfluous.
Having just read his links, I see that he didn't exactly phrase his comments correctly. He wasn't merely getting an encrypted root filesystem.
However, be that as it may, this technique is still vulnerable to several man-in-the-middle style attacks, such as installing a trojan in the initrd, something that cannot be done with a trusted computing platform encryption. Further, the use of hashes creates a collision attack vector. One need only generate a passphrase that creates the same hash, which depending on the hashing used may be easier than others. Obviously, the original hash has to be unencrypted, so you know what the has value is, which is half (if not more) of the battle.
The question is, how badly does the guy that stole your laptop want that info? It's certainly better than nothing and will likely deter all but the targeted industrial (or governmental) espionage attacks. Then again, i'd rather use the best solution, rather than a "good enough" one. Isn't that why people use Linux instead of Windows in the first place?
You're still missing the point that the part that does the initial decryption has to be unencrypted, and in order to do that, it needs access to some form of unencrypted key or you face a number of obstacles, such as giving the boot password to any user that might use that computer, or allowing mulitple passphrases to decrypt the data (thus weakening the strength of the encryption).
It doesn't matter how many times and in how many different places you encrypt the data if the root encryption procedure is vulnerable, and if untrusted code can be booted, then that's precisely what it is...
That's just it, by using an unencrypted initrd, you are giving the attacker nearly all the information they need to crack the system. You're giving them the algorithm used (easily figured out from the code in the initrd).
However, that's not even the real issue. Suppose I worked for the CIA or FBI or NSA. I could easily install a keylogger or data dumper in that initrd and the next time you boot your system capture any data you enter, such as that pesky passphrase. You have an insecure boot channel, which provides plenty of opportunity for attack.
The TPM chip provides a secure path to the startup files by using, among other techniques, a two-phase handshake that requires the boot record to match the encrypted hash in the chip, and vice versa. If the boot files have been altered, the TPM chip won't allow the OS to boot.
But, even beyond all that, as i've said in other messages... requiring a passphrase to boot the computer simply isn't workable for a variety of reasons. The OS has to be able to boot without the user entering anything. And that is why your scenario really doesnt work.
Entering a password at boot time is not a viable solution. The computer has to be able to boot the OS to a login prompt, which will allow the user to enter their password to decrypt their personal files.
Requiring a password at boot time has a number of problems. First, you either have to give everyone that uses the computer the same password to boot the system, or you need to use a multi-key encryption routine, which might difficult to maintain as you add or remove new users. Then there's the issue of users having to enter two different passwords (for security, you wouldn't want them to be the same) just to log in.
What you want is for the machine to boot and automatically decrypt the public filesystem information (the OS, and various other directories) securely (ie, it is tied to the machine via a TPM chip of some sort) without the need to identify the user, since you need a valid username and password to login this shouldn't be a security risk over and above any other security risk of someone stealing your laptop and having as much time as they need to fiddle with it.
Yes, but this ignores one point. If you're encrypting your root filesystem, and you don't want to have to enter a password to simply boot the computer (as opposed to logging in) then the system has to be able to decrypt the boot record, and all the OS system files to boot the OS to the login prompt (thus not having to enter a password twice, or give a single password to multiple users of the computer, or allow multiple passwords to decrypt the volume).
Using only encrypted filesystems, then the decryption keys for the public areas have to be available unencrypted, because you need to be able to boot enough of the OS to be able to read the filesystem and decode everything.
What eCryptfs does not solve is the issue of system integrity, and secure temporary storage. What good is it to encrypt your files if they can just scan your swap partition looking for data? or/tmp? or, as someone else said, they trojan other files on your system?
Encrypted filesystems are not the same thing as full disk encryption. FDE also encrypts partition tables, boot sectors, etc... everything, and typically requires some kind of hardware assistance like a TPM chip. There is also "mostly" full disk encryption which has an unecrypted boot record but has everything else encrypted.
The point of a FDE is that your encryption keys are locked in a TPM chip of some sort, and you can't retrieve them with software. Encrypted filesystems require your boot partition have the encryption keys unencrypted so that they can be read, which sort of mitigates the whole point.
Can vista users stretch the desktop icons and folder icons? Do they scale well?
Yes, you can set them to any size you like and they look good even at small and large sizes.
Can vista users with bad dexterity or shaking hands left-alt-right-mouse-drag a dialog box or window to resize it? Can a vist user double-click the title bar and scroll up, shade-up or resize a window besides just maximize/plunk-back-to-previous size?
This is an example of faulty logic. You should be asking if Vista has certain functionality, not if certain functionality can be achieved by specific actions. You also seem to be mixing accessibility features with non-accessibility features in the same question. Maybe you should think more about this and rephrase your point.
Vista has a number of new accessibility features, can a vista user left-alt-left-mouse to drag an in-the-way window out to the side?
Again, you're asking a question about a specific way of doing things, rather than if those things can be accomplished.
What I think you're getting at is using alternative ways to adjust windows. If that's the case, then the answer is No, but there are a number of third party tools to do these.
Can a vista user bring to focus on mouse-over any window the user wants? Without a hassle? With user-selected responsiveness?
If you mean focus follows mouse, then yes. That's in XP too, by the way, but you have to turn it on using TweakUI.
Can a vista user switch to different desktops as efficiently as KDE and Gnome users can? Can vista users roll the scroll wheel over the taskbar or Kicker-wannabe and switch different virtual desktops AND to a select application? Does the vista desktop icon update in realtime like KDE's Kasbar thumbnails reflect the desktop contents?
This assumes that different desktops are required. Or that a majority of end users would even want them, or use them them. There are a lot of third party virtual desktop apps, including some that do what you want. Even nVidia's driver set includes a virtual desktop manager.
Can a vista user split a virtual desktop's apps off from the Main Taskbar/kicker to an auxiliary task bar for more refined self-organization?
Can a vista user use glassy effects on a GPU or graphics card that is sufficient for KDE and Gnome?
Now you're just getting silly. You're basically saying "Can a BMW driver go 150 mph while only burning the amount of gas that a Prius would"?
Does vista have a wealth of Superkaramba-like widgets that are USEFUL and not dullard ripoffs of OSX or ripoffs of lesser KDE/Gnome widgets reinterpreded from OSX?
Vista is still new, and not yet final. No, it doesn't have the wealth of widgets that a 2 year-old OS does, but give it a year and check back.
Your questions are phrased in a "Do you still beat your wife" manner, which means they aren't intended to ask real questions, but are instead saying "Does Vista act exactly, without any difference, like the OS I use". The answer is, of course, no. It's different.
Actually, I've run vista on 256MB of RAM. You can't install it on such, but i've installed it with 512, then pulled a stick and it booted and ran just fine.
Vista seems to utilize memory if you've got it, and if you don't, it scales back on it's usage. With 256MB it booted to using about 63% of physical memory, and running non-memory intensive apps (ie word, excel, IE, etc..) was just as fast as the machine I had vista installed on with 1GB (but vista on that machine was using 800MB of memory.. so go figure). Granted, with 256MB, Vista automatically disabled Aero and the desktop compositing engine, but it was still every bit as fast.
UAC does ask permissions a lot when you are new to the OS. You're digging around and looking at things, installing lots of new apps all once, etc.. so yeah, UAC seems to pop up a lot. After you've been using it for a few months, it's far less common.
And, more importantly, Apple can keep the set of hardware they need to support small by denying hardware that's a few generations old from using the new OS.
This is a weird situation, really. Imagine a situation where an achitect designs a new building with a lot of revolutionary features, but, because of vandals and incompetant contractors, taks 5 years to get the building built. Meanwhile, a number of other developers saw his plans filed at the city planning office, and copied some of the new and innovative features and gets their much smaller building finished in 3 years. When the original building is finally opened, people walk around and say "Oh look, they copied that other building".
That's basically what happened with Vista. Many of those features that Microsoft is claimed to be "copying" or "catching up" to where originally designed and showcased back in the day after XP shipped, but because Microsoft couldn't get Vista out the door, Apple and Linux were able to implement many of those features before Microsoft was able to.
You can pretty much configure windows do anything that you can with any X window manager, by the use of third party apps. Windows is designed for the common user, with some attention given to the less popular scenarios, but they provide the API's and hooks to allow developers to create almost any kind of environment they want.
It's a lot easier to add features than to remove them. Why do you think Firefox ships with a limited set of functionality and lets extension developers add on the rest?
You're falling into the obvious fallacy that everyone must do things the way you do them. Most people have no need to "group their windows" because they simply don't open that many of them. Many people don't need to "group their windows" because the taskbar works sufficently well for them to bring the app they want to use to the forefront. A lot of people are very proficient with using alt-tab to switch between the apps they use, and are only usually working with one primary app at a time. Very few people leave all their apps running 24x7 on virtual desktops, sucking up memory and system resources they could be using to better advantage with the apps they are using at that moment.
In other words, most people are largely single-tasking. Not massively mutlitasking, and thus don't really need virtual desktops. After all, they don't have 9 physical desks that they getup and move to for differen tasks, do they? Why should they do that on a computer?
You know, i've used a lot of these explorer replacements, and the problem the all seem to have is that they're obesely piggish. They take forever to launch, they have noticable pauses between actions, etc... Plus, they try to be everything for everyone.. file viewers, graphics galleries, media players, whatever.. Stock explorer has always been very fast, and that's why I keep falling back to that, regardless of it's lack of features...
Re:IT and Divorce? It is my experience.
on
IT and Divorce?
·
· Score: 1
If your wife had patience and understanding you would have made it ok.
That's really the problem. People get into relationships without really understanding the life or needs of the other. I'm not necessarily blaming the wife here. It's possible the guy misrepresented what he was willing to offer the wife, and she rightfully felt betrayed when he couldn't provide it. However, I think women need to understand that "good provider" often means "works a lot and may not always be there for your every whim".
It really amazes me how some women want their cake and to eat it too. They want a man who's always around, attentive, family man who spends all his time with the family, but they also want a nice home, money to go shopping with, lots of expensive food to go around, etc...
Now, I'm not saying that men aren't equally hypocritical. They want a wife who looks perfect (despite having born several children), young, keeps a nice house, puts dinner on the table when he gets home, attentive to their needs (when they want them to be), but puts their children first, and maybe even works a full time job.
Both are unreasonable, and I think marriages would last a lot longer if people could understand their partner more.
Slashdot Mirror
You don't really understand how they make chips, do you?
It costs $X to make a wafer of CPU's. The more CPU's you get from that wafer, the cheaper each CPU costs. Large CPU Dies means fewer CPU's per wafer, thus high cost per wafer. Thus, each CPU die has a higher cost to manufacture than smaller dies.
Here's a free clue. Even if IE was 100% W3C compatible (whatever that means) and every other browser was as well (they're not) there would still be no guarantee that code that renders a certain way on one browser will look the same on any other browser. There are a variety of reasons for this, including platform specifics (fonts, font-sizes, default stylesheets, undefined behaviors, etc..).
Yes, your work is greatly reduced by having standards compliance across all browsers, but until the standard doesn't have loopholes the size of pitsburgh, there will always be differences.
The answer you will get is that ACID2 isn't a compliance test, something the tests authors also state. Acid tests a subset of features, plus several features that aren't a part of the standard, plus some deliberately malformed code.
ACID and ACID2 are not standards compliance tests. In fact, the WaSP project specifically says so.
Believe it or not, there is a valid reason for this. My understanding is that they designed the UI to make it more difficult for spoofing attacks where the site hides the controls and then creates new ones that show false information. The new, non-modifiable design addresses a major phishing issue, but at the cost of flexibility in the layout of controls.
Wow, such narrow thinking.
Perhaps he might answer that they're doing the best that they can with the limited resources Microsoft has allocated to the IE team, and that it wasn't possible to completely rewrite IE from the ground up and implement every W3C standard 100% (despite no other browser having achieved that goal either) in the time frame required to ship a new release.
No, you're right, there's no other possible anser than that it's a conspiracy to deliberately keep the web broken. (rolling eyes)
I'm not sure why you think there aren't that many window managers for Windows. There are at least a dozen. Look up litestep, Talisman, ObjectX, etc..
Nice of you to ignore the rest of my message.
You boot your computer, and it's sitting at a login prompt. How is this any less secure than sitting at a password prompt to boot the computer? Especially when you have a trusted boot path like the Trusted Computer Platform provides. you can't run programs, you can't do anything short of using a logic probe to try to decode the binary signals in-memory.
If you have a sufficiently strong login process, a boot password is just superfluous.
Having just read his links, I see that he didn't exactly phrase his comments correctly. He wasn't merely getting an encrypted root filesystem.
However, be that as it may, this technique is still vulnerable to several man-in-the-middle style attacks, such as installing a trojan in the initrd, something that cannot be done with a trusted computing platform encryption. Further, the use of hashes creates a collision attack vector. One need only generate a passphrase that creates the same hash, which depending on the hashing used may be easier than others. Obviously, the original hash has to be unencrypted, so you know what the has value is, which is half (if not more) of the battle.
The question is, how badly does the guy that stole your laptop want that info? It's certainly better than nothing and will likely deter all but the targeted industrial (or governmental) espionage attacks. Then again, i'd rather use the best solution, rather than a "good enough" one. Isn't that why people use Linux instead of Windows in the first place?
You're still missing the point that the part that does the initial decryption has to be unencrypted, and in order to do that, it needs access to some form of unencrypted key or you face a number of obstacles, such as giving the boot password to any user that might use that computer, or allowing mulitple passphrases to decrypt the data (thus weakening the strength of the encryption).
It doesn't matter how many times and in how many different places you encrypt the data if the root encryption procedure is vulnerable, and if untrusted code can be booted, then that's precisely what it is...
That's just it, by using an unencrypted initrd, you are giving the attacker nearly all the information they need to crack the system. You're giving them the algorithm used (easily figured out from the code in the initrd).
However, that's not even the real issue. Suppose I worked for the CIA or FBI or NSA. I could easily install a keylogger or data dumper in that initrd and the next time you boot your system capture any data you enter, such as that pesky passphrase. You have an insecure boot channel, which provides plenty of opportunity for attack.
The TPM chip provides a secure path to the startup files by using, among other techniques, a two-phase handshake that requires the boot record to match the encrypted hash in the chip, and vice versa. If the boot files have been altered, the TPM chip won't allow the OS to boot.
But, even beyond all that, as i've said in other messages... requiring a passphrase to boot the computer simply isn't workable for a variety of reasons. The OS has to be able to boot without the user entering anything. And that is why your scenario really doesnt work.
No, because the keys have to be used to actually decrypt the data. Hashing the keys would not give you that ability.
Entering a password at boot time is not a viable solution. The computer has to be able to boot the OS to a login prompt, which will allow the user to enter their password to decrypt their personal files.
Requiring a password at boot time has a number of problems. First, you either have to give everyone that uses the computer the same password to boot the system, or you need to use a multi-key encryption routine, which might difficult to maintain as you add or remove new users. Then there's the issue of users having to enter two different passwords (for security, you wouldn't want them to be the same) just to log in.
What you want is for the machine to boot and automatically decrypt the public filesystem information (the OS, and various other directories) securely (ie, it is tied to the machine via a TPM chip of some sort) without the need to identify the user, since you need a valid username and password to login this shouldn't be a security risk over and above any other security risk of someone stealing your laptop and having as much time as they need to fiddle with it.
Yes, but this ignores one point. If you're encrypting your root filesystem, and you don't want to have to enter a password to simply boot the computer (as opposed to logging in) then the system has to be able to decrypt the boot record, and all the OS system files to boot the OS to the login prompt (thus not having to enter a password twice, or give a single password to multiple users of the computer, or allow multiple passwords to decrypt the volume).
Using only encrypted filesystems, then the decryption keys for the public areas have to be available unencrypted, because you need to be able to boot enough of the OS to be able to read the filesystem and decode everything.
What eCryptfs does not solve is the issue of system integrity, and secure temporary storage. What good is it to encrypt your files if they can just scan your swap partition looking for data? or /tmp? or, as someone else said, they trojan other files on your system?
Encrypted filesystems are not the same thing as full disk encryption. FDE also encrypts partition tables, boot sectors, etc... everything, and typically requires some kind of hardware assistance like a TPM chip. There is also "mostly" full disk encryption which has an unecrypted boot record but has everything else encrypted.
The point of a FDE is that your encryption keys are locked in a TPM chip of some sort, and you can't retrieve them with software. Encrypted filesystems require your boot partition have the encryption keys unencrypted so that they can be read, which sort of mitigates the whole point.
Can vista users stretch the desktop icons and folder icons? Do they scale well?
Yes, you can set them to any size you like and they look good even at small and large sizes.
Can vista users with bad dexterity or shaking hands left-alt-right-mouse-drag a dialog box or window to resize it? Can a vist user double-click the title bar and scroll up, shade-up or resize a window besides just maximize/plunk-back-to-previous size?
This is an example of faulty logic. You should be asking if Vista has certain functionality, not if certain functionality can be achieved by specific actions. You also seem to be mixing accessibility features with non-accessibility features in the same question. Maybe you should think more about this and rephrase your point.
Vista has a number of new accessibility features,
can a vista user left-alt-left-mouse to drag an in-the-way window out to the side?
Again, you're asking a question about a specific way of doing things, rather than if those things can be accomplished.
What I think you're getting at is using alternative ways to adjust windows. If that's the case, then the answer is No, but there are a number of third party tools to do these.
Can a vista user bring to focus on mouse-over any window the user wants? Without a hassle? With user-selected responsiveness?
If you mean focus follows mouse, then yes. That's in XP too, by the way, but you have to turn it on using TweakUI.
Can a vista user switch to different desktops as efficiently as KDE and Gnome users can? Can vista users roll the scroll wheel over the taskbar or Kicker-wannabe and switch different virtual desktops AND to a select application? Does the vista desktop icon update in realtime like KDE's Kasbar thumbnails reflect the desktop contents?
This assumes that different desktops are required. Or that a majority of end users would even want them, or use them them. There are a lot of third party virtual desktop apps, including some that do what you want. Even nVidia's driver set includes a virtual desktop manager.
Can a vista user split a virtual desktop's apps off from the Main Taskbar/kicker to an auxiliary task bar for more refined self-organization?
I use Oscar's Multi-Monitor taskbar for a similar feature.
Can a vista user use glassy effects on a GPU or graphics card that is sufficient for KDE and Gnome?
Now you're just getting silly. You're basically saying "Can a BMW driver go 150 mph while only burning the amount of gas that a Prius would"?
Does vista have a wealth of Superkaramba-like widgets that are USEFUL and not dullard ripoffs of OSX or ripoffs of lesser KDE/Gnome widgets reinterpreded from OSX?
Vista is still new, and not yet final. No, it doesn't have the wealth of widgets that a 2 year-old OS does, but give it a year and check back.
Your questions are phrased in a "Do you still beat your wife" manner, which means they aren't intended to ask real questions, but are instead saying "Does Vista act exactly, without any difference, like the OS I use". The answer is, of course, no. It's different.
Actually, I've run vista on 256MB of RAM. You can't install it on such, but i've installed it with 512, then pulled a stick and it booted and ran just fine.
Vista seems to utilize memory if you've got it, and if you don't, it scales back on it's usage. With 256MB it booted to using about 63% of physical memory, and running non-memory intensive apps (ie word, excel, IE, etc..) was just as fast as the machine I had vista installed on with 1GB (but vista on that machine was using 800MB of memory.. so go figure). Granted, with 256MB, Vista automatically disabled Aero and the desktop compositing engine, but it was still every bit as fast.
UAC does ask permissions a lot when you are new to the OS. You're digging around and looking at things, installing lots of new apps all once, etc.. so yeah, UAC seems to pop up a lot. After you've been using it for a few months, it's far less common.
And, more importantly, Apple can keep the set of hardware they need to support small by denying hardware that's a few generations old from using the new OS.
This is a weird situation, really. Imagine a situation where an achitect designs a new building with a lot of revolutionary features, but, because of vandals and incompetant contractors, taks 5 years to get the building built. Meanwhile, a number of other developers saw his plans filed at the city planning office, and copied some of the new and innovative features and gets their much smaller building finished in 3 years. When the original building is finally opened, people walk around and say "Oh look, they copied that other building".
That's basically what happened with Vista. Many of those features that Microsoft is claimed to be "copying" or "catching up" to where originally designed and showcased back in the day after XP shipped, but because Microsoft couldn't get Vista out the door, Apple and Linux were able to implement many of those features before Microsoft was able to.
You can pretty much configure windows do anything that you can with any X window manager, by the use of third party apps. Windows is designed for the common user, with some attention given to the less popular scenarios, but they provide the API's and hooks to allow developers to create almost any kind of environment they want.
It's a lot easier to add features than to remove them. Why do you think Firefox ships with a limited set of functionality and lets extension developers add on the rest?
You're falling into the obvious fallacy that everyone must do things the way you do them. Most people have no need to "group their windows" because they simply don't open that many of them. Many people don't need to "group their windows" because the taskbar works sufficently well for them to bring the app they want to use to the forefront. A lot of people are very proficient with using alt-tab to switch between the apps they use, and are only usually working with one primary app at a time. Very few people leave all their apps running 24x7 on virtual desktops, sucking up memory and system resources they could be using to better advantage with the apps they are using at that moment.
In other words, most people are largely single-tasking. Not massively mutlitasking, and thus don't really need virtual desktops. After all, they don't have 9 physical desks that they getup and move to for differen tasks, do they? Why should they do that on a computer?
You know, i've used a lot of these explorer replacements, and the problem the all seem to have is that they're obesely piggish. They take forever to launch, they have noticable pauses between actions, etc... Plus, they try to be everything for everyone.. file viewers, graphics galleries, media players, whatever.. Stock explorer has always been very fast, and that's why I keep falling back to that, regardless of it's lack of features...
If your wife had patience and understanding you would have made it ok.
That's really the problem. People get into relationships without really understanding the life or needs of the other. I'm not necessarily blaming the wife here. It's possible the guy misrepresented what he was willing to offer the wife, and she rightfully felt betrayed when he couldn't provide it. However, I think women need to understand that "good provider" often means "works a lot and may not always be there for your every whim".
It really amazes me how some women want their cake and to eat it too. They want a man who's always around, attentive, family man who spends all his time with the family, but they also want a nice home, money to go shopping with, lots of expensive food to go around, etc...
Now, I'm not saying that men aren't equally hypocritical. They want a wife who looks perfect (despite having born several children), young, keeps a nice house, puts dinner on the table when he gets home, attentive to their needs (when they want them to be), but puts their children first, and maybe even works a full time job.
Both are unreasonable, and I think marriages would last a lot longer if people could understand their partner more.