If I lived in Iran, I would change my name to Moshen. Why? Because I don't
want to sound Christian in a country where that is not favored. (Because
Christians killed Muslims during the Crusades.)
I suggested to a friend of mine whose name is Mohammad that he pick another
name for use in the U.S., since someone named Mohammad had bombed a TWA
flight, and Mohammad Salameh bombed the World Trade Center the first time it
was bombed. He strongly agreed, and now calls himself Mike when communicating
with people who don't understand his culture.
I had a Japanese-Brazilian acquaintance whose last name is Asso, which is
pronounced to rhyme with asshole. When he says his last name, it sounds like
he is saying asshole. If he came here, I would recommend he adopt a different
name.
I heard about a German man, now living in the U.S., who changed his last name.
Before the change, it was Raper, a perfectly good name in German.
Un-intentional communication has killed many Open Source Software projects,
and commercial companies, too. I have found that this is a very radical
opinion on Slashdot, but it is the standard opinion of professional
communicators and marketing people. My opinion is that OSS must adopt good
communication methods to avoid silly problems like this.
I'm not saying that someone who is named Imad should change his name. He
should arrange his communication, however, so people who are new to knowing
him don't read it as "I mad", which is what a native English speaker is likely
to do.
If the software chose the methods of encryption, and the sequence in which the methods were used, based on the password, then chaining would be secure.
The problem with this is that it does not allow public key encryption. So, some independent way must be found to distribute the password. In many cases, however, there is no difficulty with distributing passwords. For example, if employees of a company often visit the home office, they can receive new passwords.
At least it is not a joke. Back before IBM sold PCs, I was selling Morrow Microdecision PCs, that ran the CP/M operating system. Back then it was unusual that someone would own a computer. 4.77 Megahertz for $2,300. No hard drive, 13 inch monochrome monitor.
I chose that trademark to signify exactly what it says.
What is almost never mentioned in discussions of cryptography is that brute
force or most mathematical attacks require that the method of encryption be
known.
If the method of encryption is not known, then it can be impossible to decrypt
a message. For example, if several kinds of strong encryption are used, and
the kinds and order are not known, then brute force or mathematical attacks
don't work. (Using several methods of encryption together is called
"chaining".)
This is of limited use since, in many cases, it is impossible or impractical
or difficult to keep the methods of encryption secret.
Nevertheless, software that used several encryption methods and varied the
methods depending on the passphrase would have value in some cases where there
is plenty of computing power.
It amazes me how often open source authors pick self-destructive names. A serious effort should not be limited by a humorous or trick name.
A name like BouncyCastle will limit the number of people who adopt the software. People are afraid there is a hidden joke they don't understand.
There are times when it is appropriate to be 100 percent serious.
I am NOT saying anything negative about the software. The ONLY negative thing I am saying about the authors is that they are obviously not professional communicators.
Open Source Software needs marketing communication like any product that wants to reach a large number of people.
"Windows XP will not authenticate network access attempts by accounts with blank passwords."
The issue is whether an attacker from outside, who gains access to a computer because of some security hole, would have control over that computer. My understanding is that an attacker would have complete control if there were no password.
In my opinion, you are missing the point. They could meet their own needs and the needs of the world at large at the same time, but seem unable to do so.
Her only fault was not to install one of the many security updates. I've told her to be more careful next time.
You seem to be confusing the two of us. She is an acquaintance who does not understand computers.
If Microsoft cared sufficiently, this would not be a tough problem to solve. Just don't give Outlook Express so much power in the default install.
The Pentium 4 is now just a puppy with big feet.
on
CPU Wars
·
· Score: 3, Insightful
I consider the Northwood to be the "real" Pentium 4, just as other second-generation products like the 100MHz Pentium and "Coppermine" Pentium III have proven to be the "real" versions of Intel processors in the past.
I agree with this. The Pentium 4s we see today are just puppies with very big feet. They will grow up and become something much more impressive.
The presumption has been, however, that Unix/Linux would be used by very knowledgeable people. The presumption of Windows is that people with no experience with it will be using it.
Even if Microsoft doesn't change the way Windows XP operates, it would be sensible to explain the issues carefully on-screen. Recent versions of Mandrake and RedHat do this during install, if I recall correctly.
This is not Windows 95 the article is discussing. It is Windows XP.
Here is a cut-and-paste quote from that article:
"After you install Windows XP, you have the option to create user accounts.
If you create user accounts, by default, they will have an account type of
Administrator with no password."
Even someone who knows how bad Microsoft can be would likely not guess that
Windows XP would be designed to be completely and utterly not secure by
default. So, we will see a lot of stories about compromised Windows XP systems
like this: Some poor guy was testing XP and set up an account to begin using
it, and was rooted while he was still looking around.
1. unauthorized user can autheticate.
2. denial-of-service attack
3. unauthorized user can read files
4. Inject HTML tags into the generated reports.
5. gain root access.
6. denial-of-service attack
7. execute arbitrary code when accessing RPM from untrustworthy source.
8. denial-of-service attack
9. gain root access
Every one of 1 through 9 above are stories about people who made mistakes.
The security problems in Microsoft products, are, in my opinion, not mistakes.
They are the result of policies: 1) Only money matters. If you can make more
money by being sloppy, then do it. 2) Release software with lots of known
shortcomings so that people will want to pay for upgrades later. 3) Relate to
your employees by pushing them.
Items 2, 3, 4, 6, and 8, more than half of those you mentioned, do not allow
destruction to the system itself. One or more Microsoft security bugs that
allow destruction to the system are announced on the average of every month,
if I recall correctly.
I am not anti-Microsoft. I am more pro-Microsoft than Bill Gates. Microsoft is
a company that has $30,000,000,000 dollars in the bank, instead of being used
to clear up the problems in their products.
Today I spent about an hour of my Sunday helping a woman in Brazil clear her
computer of the Badtrans worm. Billions of dollars are being wasted by very
serious Microsoft bugs. The company is not worrying enough about the quality
of its products, in my opinion.
I installed a security bug fix supplied by Microsoft to Internet Explorer on
someone's computer last week, and the security bug fix put all the
network settings back to least security. This has been going on for years.
Microsoft knows this happens. It is a result of policy, not mistake. Why they
do that, I don't know. Maybe it has been dictated by the U.S. government that
Microsoft will make their systems insecure.
We have a problem on Slashdot that many people who read Slashdot don't work
with Microsoft products enough to know how bad things really are.
"CD: You'd think people would examine what someone did at his previous job
before offering him a new one." [Corrections to grammar and spelling
added.]
It's all part of the same kind of thinking. Bomb Afghanistan to save it. (I'm
talking about the first bombing by the U.S. government [1983], not the second
and third.)
Hire someone from a company known for its inability to make secure software,
and put him in charge of what his company always did poorly.
But, of course, maybe he is not really leaving Microsoft, but just working
with a government that doesn't believe in privacy to assure that Microsoft
software will always be compromised by the government.
Look on the bright side. With Microsoft in the White House, no one who truly
wants software security will be running Microsoft products.
I am saying that, for me as a native English speaker, the cost of being
involved with Ruby is high:
Ruby is a language primarily written and maintained by one person. The author
of the language says this in one of the links that I provided. The
documentation in English is poor, and, because there is only one primary
person working on the language, the documentation is likely to remain poor.
That makes a big difference for anyone trying to learn a new computer
language, because it vastly increases the cost (in time) of learning.
Also, if there is poor documentation in English, it has been my experience
that fewer people adopt a new computer language. English is the world's most
common second language. EVERY Japanese student studies English, my Japanese
friends say. A friend in Thailand told me that there was a scholarship program
to teach computer skills to Thais in Japan. The courses were taught in
English.
Try a test: Call the main number of any large German bank. When the operator
says hello in German, just start speaking English. You will find that the
operator immediately switches to perfect English. If German banks think that
communicating in English is important, maybe that is because communicating in
English is important in today's world.
If fewer people adopt a computer language, there will be less development. If
there is less development, then it may become one of the hundreds of languages
that have eventually died. This would increase the cost of adopting Ruby still
further.
Poor communication is a BIG issue with open source software, in my opinion
(and closed source, too). In my opinion, poor communication is the one big
barrier to getting rid of the Microsoft Windows operating system completely. I
don't like Windows because I don't like being abused by Microsoft.
My city, Portland, Oregon, USA, has what is said to be the biggest bookstore
in the world, Powell's. I went to Powell's
technical bookstore and looked at about 20 books on Samba. ALL of them were
very incomplete. ALL of them were poorly written.
I looked at Ruby. It is certainly a heartfelt attempt. However, it seems to me
that yet another poor communicator has written yet another language.
Not only that, but the Ruby creator has created his own syntax. A new language
has one big advantage for the creator: The creator finds the syntax very
familiar. Everyone else must struggle.
"IMO, the Ruby syntax is... often annoying... Ruby requires more typing for
no particular reason, and has an uninspired choice of syntax..."
Eckel again: "... Python has 10 years behind it and a big, very smart, very
active community, a nice number of good books and more on the way, a large set
of libraries and a whole process and team in place for developing the
language. Recent improvements to the language have outstripped whatever Ruby
could offer, I think, and there's currently lots of very good work going on to
further improve Python."
For those who would like to quickly see for themselves, there is a section of
the The Ruby Language FAQ called Show me some Ruby
code
Quotes from Ruby's creator, a Japanese man with an incomplete command
of English:
What is the history of Ruby?
"Well, Ruby was born on February 24 1993. I was talking with my colleague
about the possibility of an object-oriented scripting language. I knew Perl
(Perl4, not Perl5), but I didn't like it really, because it had smell of toy
language (it still has). The object-oriented scripting language seemed very
promising.
"I knew Python then. But I didn't like it, because I didn't think it was a
true object-oriented language -- OO features appeared to be add-on to the
language. As a language manic and OO fan for 15 years, I really wanted a
genuine object-oriented, easy-to-use scripting language. I looked for, but
couldn't find one.
"So, I decided to make it. It took several months to make the interpreter run.
I put it the features I love to have in my language, such as iterators,
exception handling, garbage collection.
"Then, I reorganized the features of Perl into a class library, and
implemented them. I posted Ruby 0.95 to the Japanese domestic newsgroups in
Dec. 1995.
"Since then, highly active mailing lists have been established and web pages
formed."
The U.S. government has separated itself from the people, and has become a largely secret entity in itself. Therefore it is no longer democratic government.
When the government is sneaky, people learn not to trust the government.
When the government is sneaky, much more is lost than ever can be gained by
being sneaky.
Trust is absolutely necessary in a democracy. If we cannot trust our
government, we do not really have a democracy.
When a government cannot be trusted, the government becomes a suspect in every
major crime.
Governments are not sneaky because sneakiness benefits the government.
Governments are sneaky because there are people who like to be sneaky and be
paid for it, and they sometimes gain power.
The facts seem to be this: For years the U.S. government acted in an
un-trustworthy way toward Arabs. For years some Arabs became mentally
unbalanced by this and threatened to retaliate inside the United States.
Now, the U.S. government is using the results of its unwillingness to be
trustworthy to justify even more un-trustworthy behavior.
"We were killing people that were trying to kill us, and our way of
life."
You picked a bad example. During the time the U.S. was killing 2,000,000
people in Vietnam, the average income in Vietnam was under $200 per year. The
Vietnamese were not able to threaten anyone 8,000 miles away, even if they had
heard of us.
The Vietnam war was about whether the north could force their manner of
politics on the south. The U.S. government spent billions of dollars, killed
millions of people, and they north did that anyway.
Slashdot Mirror
Please don't sound superior about this.
If I lived in Iran, I would change my name to Moshen. Why? Because I don't want to sound Christian in a country where that is not favored. (Because Christians killed Muslims during the Crusades.)
I suggested to a friend of mine whose name is Mohammad that he pick another name for use in the U.S., since someone named Mohammad had bombed a TWA flight, and Mohammad Salameh bombed the World Trade Center the first time it was bombed. He strongly agreed, and now calls himself Mike when communicating with people who don't understand his culture.
I had a Japanese-Brazilian acquaintance whose last name is Asso, which is pronounced to rhyme with asshole. When he says his last name, it sounds like he is saying asshole. If he came here, I would recommend he adopt a different name.
I heard about a German man, now living in the U.S., who changed his last name. Before the change, it was Raper, a perfectly good name in German.
Un-intentional communication has killed many Open Source Software projects, and commercial companies, too. I have found that this is a very radical opinion on Slashdot, but it is the standard opinion of professional communicators and marketing people. My opinion is that OSS must adopt good communication methods to avoid silly problems like this.
I'm not saying that someone who is named Imad should change his name. He should arrange his communication, however, so people who are new to knowing him don't read it as "I mad", which is what a native English speaker is likely to do.
--
Links to respected news sources show how U.S. government policy contributed to terrorism: What should be the Response to Violence?
If the software chose the methods of encryption, and the sequence in which the methods were used, based on the password, then chaining would be secure.
The problem with this is that it does not allow public key encryption. So, some independent way must be found to distribute the password. In many cases, however, there is no difficulty with distributing passwords. For example, if employees of a company often visit the home office, they can receive new passwords.
Power for the Future
At least it is not a joke. Back before IBM sold PCs, I was selling Morrow Microdecision PCs, that ran the CP/M operating system. Back then it was unusual that someone would own a computer. 4.77 Megahertz for $2,300. No hard drive, 13 inch monochrome monitor.
I chose that trademark to signify exactly what it says.
What is almost never mentioned in discussions of cryptography is that brute force or most mathematical attacks require that the method of encryption be known.
If the method of encryption is not known, then it can be impossible to decrypt a message. For example, if several kinds of strong encryption are used, and the kinds and order are not known, then brute force or mathematical attacks don't work. (Using several methods of encryption together is called "chaining".)
This is of limited use since, in many cases, it is impossible or impractical or difficult to keep the methods of encryption secret.
Nevertheless, software that used several encryption methods and varied the methods depending on the passphrase would have value in some cases where there is plenty of computing power.
--
Links to respected news sources show how U.S. government policy contributed to terrorism: What should be the Response to Violence?
Oh great. Here's a site that calls itself "I mad".
Poll: Would you use software from a site called "I mad"?
BouncyCastle.
It amazes me how often open source authors pick self-destructive names. A serious effort should not be limited by a humorous or trick name.
A name like BouncyCastle will limit the number of people who adopt the software. People are afraid there is a hidden joke they don't understand.
There are times when it is appropriate to be 100 percent serious.
I am NOT saying anything negative about the software. The ONLY negative thing I am saying about the authors is that they are obviously not professional communicators.
Open Source Software needs marketing communication like any product that wants to reach a large number of people.
"Windows XP will not authenticate network access attempts by accounts with blank passwords."
The issue is whether an attacker from outside, who gains access to a computer because of some security hole, would have control over that computer. My understanding is that an attacker would have complete control if there were no password.
"According to the lecturer, there are over 50 million handicapped people in the United States..."
The population of the United States was 285,663,707 earlier today. That is one out of 6. When you look around you, do you see one handicapped person for every 6 people?
Okay, maybe they don't use Linux, but they aren't handicapped.
--
Links to respected news sources show how U.S. government policy contributed to terrorism: What should be the Response to Violence?
I agree with this. Open Source authors are often poor communicators. They often pick product-destructive names.
Sometimes I love off-topic posts.
In my opinion, you are missing the point. They could meet their own needs and the needs of the world at large at the same time, but seem unable to do so.
Her only fault was not to install one of the many security updates. I've told her to be more careful next time.
You seem to be confusing the two of us. She is an acquaintance who does not understand computers.
If Microsoft cared sufficiently, this would not be a tough problem to solve. Just don't give Outlook Express so much power in the default install.
I consider the Northwood to be the "real" Pentium 4, just as other second-generation products like the 100MHz Pentium and "Coppermine" Pentium III have proven to be the "real" versions of Intel processors in the past.
I agree with this. The Pentium 4s we see today are just puppies with very big feet. They will grow up and become something much more impressive.
It is interesting what you said.
The presumption has been, however, that Unix/Linux would be used by very knowledgeable people. The presumption of Windows is that people with no experience with it will be using it.
Even if Microsoft doesn't change the way Windows XP operates, it would be sensible to explain the issues carefully on-screen. Recent versions of Mandrake and RedHat do this during install, if I recall correctly.
In my post above, I was making the point that Microsoft is much worse than people realize. Here is a link to a Microsoft Knowledgebase article that eloquently makes that point: User Accounts That You Create During Setup Are Administrator Account Types (Q293834)
This is not Windows 95 the article is discussing. It is Windows XP. Here is a cut-and-paste quote from that article:
"After you install Windows XP, you have the option to create user accounts. If you create user accounts, by default, they will have an account type of Administrator with no password."
Even someone who knows how bad Microsoft can be would likely not guess that Windows XP would be designed to be completely and utterly not secure by default. So, we will see a lot of stories about compromised Windows XP systems like this: Some poor guy was testing XP and set up an account to begin using it, and was rooted while he was still looking around.
--
Links to respected news sources show how U.S. government policy contributed to terrorism: What should be the Response to Violence?
1. unauthorized user can autheticate.
2. denial-of-service attack
3. unauthorized user can read files
4. Inject HTML tags into the generated reports.
5. gain root access.
6. denial-of-service attack
7. execute arbitrary code when accessing RPM from untrustworthy source.
8. denial-of-service attack
9. gain root access
Every one of 1 through 9 above are stories about people who made mistakes.
The security problems in Microsoft products, are, in my opinion, not mistakes. They are the result of policies: 1) Only money matters. If you can make more money by being sloppy, then do it. 2) Release software with lots of known shortcomings so that people will want to pay for upgrades later. 3) Relate to your employees by pushing them.
Items 2, 3, 4, 6, and 8, more than half of those you mentioned, do not allow destruction to the system itself. One or more Microsoft security bugs that allow destruction to the system are announced on the average of every month, if I recall correctly.
I am not anti-Microsoft. I am more pro-Microsoft than Bill Gates. Microsoft is a company that has $30,000,000,000 dollars in the bank, instead of being used to clear up the problems in their products.
Today I spent about an hour of my Sunday helping a woman in Brazil clear her computer of the Badtrans worm. Billions of dollars are being wasted by very serious Microsoft bugs. The company is not worrying enough about the quality of its products, in my opinion.
I installed a security bug fix supplied by Microsoft to Internet Explorer on someone's computer last week, and the security bug fix put all the network settings back to least security. This has been going on for years. Microsoft knows this happens. It is a result of policy, not mistake. Why they do that, I don't know. Maybe it has been dictated by the U.S. government that Microsoft will make their systems insecure.
We have a problem on Slashdot that many people who read Slashdot don't work with Microsoft products enough to know how bad things really are.
"CD: You'd think people would examine what someone did at his previous job before offering him a new one." [Corrections to grammar and spelling added.]
It's all part of the same kind of thinking. Bomb Afghanistan to save it. (I'm talking about the first bombing by the U.S. government [1983], not the second and third.)
Hire someone from a company known for its inability to make secure software, and put him in charge of what his company always did poorly.
But, of course, maybe he is not really leaving Microsoft, but just working with a government that doesn't believe in privacy to assure that Microsoft software will always be compromised by the government.
Look on the bright side. With Microsoft in the White House, no one who truly wants software security will be running Microsoft products.
--
Links to respected news sources show how U.S. government policy contributed to terrorism: What should be the Response to Violence?
I am saying that, for me as a native English speaker, the cost of being involved with Ruby is high:
Ruby is a language primarily written and maintained by one person. The author of the language says this in one of the links that I provided. The documentation in English is poor, and, because there is only one primary person working on the language, the documentation is likely to remain poor. That makes a big difference for anyone trying to learn a new computer language, because it vastly increases the cost (in time) of learning.
Also, if there is poor documentation in English, it has been my experience that fewer people adopt a new computer language. English is the world's most common second language. EVERY Japanese student studies English, my Japanese friends say. A friend in Thailand told me that there was a scholarship program to teach computer skills to Thais in Japan. The courses were taught in English.
Try a test: Call the main number of any large German bank. When the operator says hello in German, just start speaking English. You will find that the operator immediately switches to perfect English. If German banks think that communicating in English is important, maybe that is because communicating in English is important in today's world.
If fewer people adopt a computer language, there will be less development. If there is less development, then it may become one of the hundreds of languages that have eventually died. This would increase the cost of adopting Ruby still further.
Poor communication is a BIG issue with open source software, in my opinion (and closed source, too). In my opinion, poor communication is the one big barrier to getting rid of the Microsoft Windows operating system completely. I don't like Windows because I don't like being abused by Microsoft.
My city, Portland, Oregon, USA, has what is said to be the biggest bookstore in the world, Powell's. I went to Powell's technical bookstore and looked at about 20 books on Samba. ALL of them were very incomplete. ALL of them were poorly written.
--
Links to respected news sources show how U.S. government policy contributed to terrorism: What should be the Response to Violence?
I looked at Ruby. It is certainly a heartfelt attempt. However, it seems to me that yet another poor communicator has written yet another language.
Not only that, but the Ruby creator has created his own syntax. A new language has one big advantage for the creator: The creator finds the syntax very familiar. Everyone else must struggle.
Links:
The Ruby Home Page
Ruby Language Reference Manual
The Ruby Language FAQ
Programming in the Ruby language by Joshua D. Drake, who is a good communicator.
A Slashdot story and comments: Programming in the Ruby Language
Positive comments about Ruby:
Introducing the latest open source gem from Japan
Thirty-seven Reasons I Love Ruby by Hal Fulton.
Negative comments about Ruby:
As mentioned above, Bruce Eckel does not like Ruby:
"IMO, the Ruby syntax is
Eckel again: "... Python has 10 years behind it and a big, very smart, very active community, a nice number of good books and more on the way, a large set of libraries and a whole process and team in place for developing the language. Recent improvements to the language have outstripped whatever Ruby could offer, I think, and there's currently lots of very good work going on to further improve Python."
For those who would like to quickly see for themselves, there is a section of the The Ruby Language FAQ called Show me some Ruby code
Quotes from Ruby's creator, a Japanese man with an incomplete command of English:
What is the history of Ruby?
"Well, Ruby was born on February 24 1993. I was talking with my colleague about the possibility of an object-oriented scripting language. I knew Perl (Perl4, not Perl5), but I didn't like it really, because it had smell of toy language (it still has). The object-oriented scripting language seemed very promising.
"I knew Python then. But I didn't like it, because I didn't think it was a true object-oriented language -- OO features appeared to be add-on to the language. As a language manic and OO fan for 15 years, I really wanted a genuine object-oriented, easy-to-use scripting language. I looked for, but couldn't find one.
"So, I decided to make it. It took several months to make the interpreter run. I put it the features I love to have in my language, such as iterators, exception handling, garbage collection.
"Then, I reorganized the features of Perl into a class library, and implemented them. I posted Ruby 0.95 to the Japanese domestic newsgroups in Dec. 1995.
"Since then, highly active mailing lists have been established and web pages formed."
--
Links to respected news sources show how U.S. government policy contributed to terrorism: What should be the Response to Violence?
I agree completely.
The U.S. government has separated itself from the people, and has become a largely secret entity in itself. Therefore it is no longer democratic government.
Awesome.
When the government is sneaky, people learn not to trust the government.
When the government is sneaky, much more is lost than ever can be gained by being sneaky.
Trust is absolutely necessary in a democracy. If we cannot trust our government, we do not really have a democracy.
When a government cannot be trusted, the government becomes a suspect in every major crime.
Governments are not sneaky because sneakiness benefits the government. Governments are sneaky because there are people who like to be sneaky and be paid for it, and they sometimes gain power.
The facts seem to be this: For years the U.S. government acted in an un-trustworthy way toward Arabs. For years some Arabs became mentally unbalanced by this and threatened to retaliate inside the United States.
Now, the U.S. government is using the results of its unwillingness to be trustworthy to justify even more un-trustworthy behavior.
Here are links to respected news sources that show how U.S. government policy contributed to terrorism: What should be the Response to Violence?
"We were killing people that were trying to kill us, and our way of life."
You picked a bad example. During the time the U.S. was killing 2,000,000 people in Vietnam, the average income in Vietnam was under $200 per year. The Vietnamese were not able to threaten anyone 8,000 miles away, even if they had heard of us.
The Vietnam war was about whether the north could force their manner of politics on the south. The U.S. government spent billions of dollars, killed millions of people, and they north did that anyway.
Download the entire document from the U.S. military web site: lg6.doc
Third bullet under question 28: "If you throw a cat out the window of a car, does it become kitty litter?"
Hey, military commanders, don't be mis-treating cats!!!
How U.S. government policy contributed to terrorism: What should be the Response to Violence?
If you throw a cat out the window of a car, does it become kitty litter?