Many Microsoft users run a modified version of the GNU system every
day, without realizing it. Through a peculiar turn of events, the
version of GNU which is widely used today is more often known as 'Microsoft Windows Services for UNIX 3.0' or SFU , and many users are not aware of the extent of its connection with the GNU Project.
There really is a SFU; it is a subsystem, and these people are
using it. But you can't use a subsystem by itself; a subsystem is
useful only as part of a whole operating system. SFU now inludes
Interix which is normally used in a combination with the GNU
development toolchain and libraries : the system is basically GNU,
with SFU functioning as the compatibility DDL Library layer.
Many users are not fully aware of the distinction between the
compiler toolset, which is SFU, and the whole system, which they also
call `SFU''. The ambiguous use of the name doesn't promote
understanding.
Programmers generally know that is a Subsystem. But since they
have generally heard the whole system called `Interix' as well,
they often envisage a history which fits that name. For example,
many believe that once Softway Systems finished writing the posix
compatibility DDL Libraries, they looked around for other free software, and for no particular
reason most everything necessary to port a Unix-like system was
already available.
What they found was no accident--it was the GNU system. The
available free software added up to a complete system because the
GNU Project had been working since 1984 to make one. The GNU
Manifesto had set forth the goal of developing a free Unix-like system,
called GNU. The Initial Announcement of the GNU Project also
outlines some of the original plans for the GNU system. By the
time Interix was written, the system was almost finished.
Most software projects have the goal of developing a particular
program for a particular job. For example, Softway Systems set out
to build an environment to allow UNIX apps to be ported directly
to NT. Donald Knuth set out to write a text formatter (TeX); Bob
Scheifler set out to develop a window system (X Windows). It's
natural to measure the contribution of this kind of project by
specific programs that came from the project.
If we tried to measure the GNU Project's contribution in this way,
what would we conclude? If you had access to the full source code
of SFU with Interix, you might find found that, GNU software was
the largest single contingent, around 60% of the total source
code, and this included some of the essential major components
without which there could be no compatable subsystem. SFU by
without Interix itself could be about 20%. So if you were going to
pick a name for the system based on who wrote the programs in the
system, the most appropriate single choice would be `GNU''.
But we don't think that is the right way to consider the question.
The GNU Project was not, is not, a project to develop specific
software packages. It was not a project to develop a C compiler,
although we did. It was not a project to develop a text editor,
although we developed one. The GNU Project's aim was to develop a
complete free Unix-like system: GNU.
Many people have made major contributions to the free software in
the system, and they all deserve credit. But the reason it is a
system--and not just a collection of useful programs--is because
the GNU Project set out to make it one. We made a list of the
programs needed to make a complete free system, and we
systematically found, wrote, or found people to write everything
on the list. We wrote essential but unexciting major components,
such as the assembler and linker, because you can't have a system
without them. A complete system needs
One solution would be to use an existing infrastructure that was built for flood filling content - the Usenet news server network.
Create a new first level domain ( like alt, comp, talk etc ) named "rss" and use an extra header to identify the originating rss feed URL. The latter header could be used by the RSS/NNTP reader to select which article bodies to download and to verify each RSS entry to identify fake posts.
I don't quite agree. There is a major difference between encryption and hashing. Combining two or more weak encryption algorithms in serial does not really provide better encryption. However combining two or more relatively weak, but dissimilar hashing algorithms in parallel does deliver a magnitude ( note not exponential ) level of improvement.
The potential solution space that exists to create a binary that generates a differing binary that generates the same checksum for each algorithm is going to be a lot smaller than switching to less unproven single algorithm such as SHA-256.
gokeln wrote: "The resulting improvement in security is not worth the additional cost of computing both.".
That might have been true before 2000, but the effort to calculate both algorithm in parallel ( not SMP, just passing the input bytes to each function ) is negligible with modern CPUs, both PC and embedded. The limiting bottlenecks are the network, hard drive and memory, not the CPU power required
gokeln wrote: "You do not get exponentially improved security"
This kind of attack can be mitigated into non-existance by just using two dissimilar hash algorithms.
Using MD5 with SHA1, or even the older MD2 or MD4 will reduce the probability of creating a compatable binary with the same checksum to virtually zero.
If only one checksum is required then just XOR the resulting checksums from each algorithm.
IDC has always based its survey data around sales of servers with Linux pre-installed. IDC barely scratches the surface. They do not count the number of whitebox systems sold, OEM systems sold with Microsoft's OSs and older hardware now running Linux fulltime.
The last eight Intel servers I installed were all assembled from good quality motherboards, fans and better quality ATX power supplies into run of the mill whitebox full/mid tower cases.
If space is not an issue then I find that taking time to assemble a well laid out PC case delivers better reliability than Intel based 1U or 2U rackmounted servers.
The SCO Group has entered into a series of essentially inherently flawed lawsuits and fraudulent license claims against users of the Linux operating system. Since 1994, Caldera International and the Santa Cruz Operation have been accepting, profiting from and distributing software developed by hundreds of independent developers under the terms of the GPL and LGPL license. The SCO Group has failed to put forward any sustainable legal theory why it should not abide by the terms of the GPL license. Detailed investigation into other facts and evidence which regularly conflict with the SCO Group's various legal claims, filing, press and public statements, raises serous questions which can no longer be explained away by a lack of competence in either the SCO Group's CEOs or the SCO Group's legal representation.
Twelve Step TrustABLE IT: Virtualised Linux Standard Base (VLSB)
in Virtual Demilitarized Network Zones (VDNZ)
from Trusted Build Agents (TBA)
Back in August 11, 1998, Microsoft's Vinod Valloppillil and Josh Cohen released a memorandum titled Linux OS Competitive Analysis: The Next Java VM?,
in which they predicted that Linux would become ubiquitous as a
services platform. However, the title of the paper could be even more
prophetic.
Consider the following.
[1] It is well known that Linux is quite portable, in fact only NETBSD comes close to the number of hardware platforms supported.
[3] Other operating systems, such as BSD and Sun's Solaris can also use a compatbility layer to run applications compiled for Linux directly, without the need for virtualisation.
[5] The above standard also defines a generic subset of the
standards for each hardware platform as a source level application
interface. In fact for an application to be certified for the LSB it
must be tested on two of the plaforms supported by the LSB, one chosen
at random by the testing body. Following the standard, it's not that
difficult a job to write portable C and C++ code : Write once, compile
for each platfom.
[6] The GNU Compiler Collection's future GCC 4.0 Release Series now divides the task of compiling into two stages based around Static Single Assignment trees.
It should be possible to use the new GCC front ends to compile each
language into a SSA tree that represents the common generic subset of
the Linux Standard Base: [5].The resulting SSA tree for a build could
be dumped into files, analogous to Java's JVM intermediate format, and
then complied to native code for the target platform: Write once, run
everywhere.
Be it open or closed source, every binary or script you execute represents a risk. It is possible to introduce hostile code at any point along the build chain, before the point where the binary is checksummed and the result digitally signed.
[7] It is possible to use constraints built into any Linux or
Unix like operating system to isolate and restrict what a binary
executable has access to or can do. Even without employing SELinux's manditory access controls
or chroot/jail'ed environments, it is possible to run a process under a
different user identity and group identity. Unix servers have used this
te
The
mainstream forth estate news organizations, on both sides, have utterly
failed to hold either Democrats or Republicans accountable for claims
that diverge widely from the known facts. In cases where journalists
have made a consistent argument, the news organization has allowed that
position to be "shouted down" by political camp followers repeating the
same lies over and over again though the same outlet. In those same
replies, there was very rarely comments by the news organization when
known facts obviously contradicted the opinion. Many news organizations
seem unwilling to publicly chastise either party for continuing to
avoid addressing serious questions when the facts do not concur. The
result has been an outright failure of the concept of journalistic ethics.
Some
alternative sources, be they partisan or bipartisan organizations,
individuals, websites, documentaries, forums or the blogosphere, have
done a better job at holding both sides accountable. Sadly, even the
most popular alternative source reaches a small fraction of the
audience covered by the mainstream media. However, to even that small
fraction, those same sources have utterly failed to present an overall palatable, concise and coherent position to the opposing or undecided viewers.
The
resulting output from both mainstream and alternative sources has only
polarized each sides opinion of each other, further dividing the nation.
Democracy
is effective only when a large majority of voters are capable of making
an informed choice. In my opinion, the majority of voters, despite who
they voted for, were badly served by those organizations who claim they
are responsible for keeping the public informed. It's not as if the
same could not be said for past elections in any country, but this
election cycle the "Whopper" mud slinging has been so much worse than any election since the introduction of television.
In a lot of ways, both sides campaigns are mirrored by Microsoft's unabated campaign of Fear, Uncertainty and Doubt
( commonly referred to in the information technology sector by the
acronym FUD ). Microsoft's advocates probably consider the use of the
same strategy by both Democrats and Republicans a green light to continue to spread FUD, despite the evidence which contradicts the claims, including Microsoft's own internal research.
Any forum attached to an article that even hints at Linux being used on
the desktop results in a similar barrage of FUD that is familiar in
form to that spouted by the political camp followers. Microsoft's
advocates claim the same thing happens whenever Microsoft's record of
security is mentioned.
Whether choosing a political or consumer platform, it is possible to
make an informed choice when the mainstream political or technical
media performs its role to certain ethical standards.
Only the adoption of the GPL license, along with the Linux exception for user level code, will allow the inclusion of Linux kernel code in the Open Solaris kernel.
You could not insert the GPL'ed source into any LPL, BSD, X11, MIT or SISSL product, without the authors permission, without violating the terms of the GPL license.
Schwartz said Sun hasn't ruled out releasing Solaris under the General Public License (GPL), the license that governs Linux. That would mean that elements of Solaris could theoretically be adopted in Linux, or vice-versa, though integration of core features could prove technologically difficult.
Timeline argues that the trial court erred because it used extrinsic
evidence to contradict portions of the written licensing agreement. We
agree. The trial court found that the parties intended to draft a
sublicensing provision that would protect any Microsoft licensee adding
code or software to Microsoft products, as long as that code or software,
standing alone, did not infringe Timeline's patent. This interpretation,
however, contradicts the language the parties agreed upon in paragraph 2.2
of the agreement:
Timeline hereby further grants to Microsoft, and its Subsidiaries and
Affiliates, a limited right to grant sublicenses of the license granted to
the Licensed Patents under Section 2.1 only to Microsoft's Licensees but
only for the manufacture, use, sale, license, importation, lease or other
distribution or transfer of Licensed Products and for the formation, use,
sale, license, importation, lease or other distribution or transfer of any
combination which includes a Licensed Product, provided, however, that such
sublicensing rights shall not cover or extend to any third party product in
such combination if that third party product itself directly infringes or
contributorily infringes a Licensed Patent. No license is granted herein
to expressly or impliedly sublicense any person or entity to add any
software code or software product to or in combination with any Licensed
Product in a way that constitutes Infringement of a Licensed Patent.
(Emphasis added.) This portion of the agreement expressly denies
sublicensing protection to anyone who adds code or product 'in a way that
constitutes Infringement of a Licensed Patent.' 'Infringement' is defined
within the agreement as including direct or contributory infringement.1
Microsoft argues that the second sentence of paragraph 2.2 was
intended merely to restate the first sentence. But it clearly does not
restate the first sentence, and neither Microsoft nor the trial court has
explained how the words in the second sentence could be so interpreted.
Try as we might, it is impossible to reconcile the wording of the two
sentences with Microsoft's proposed construction.
It should be noted that other database vendors such as Oracle, who licensed the same technology from Timeline Inc, did not choose the same license restriction, but choose a license that allowed all end users to use the API freely.
Even Microsoft's 2004 May 27th
changes which apply only to customers under enterprise licensing
contracts, which Microsoft claims grants greater immunity, contains
many loop holes which greatly negate Microsoft's liability.
The section 6 clause contain exceptions:
Our obligations will not apply to the extent that the claim or adverse
final judgment is based on (i) specifications you provide to us for the
service deliverables; (ii) code or materials provided by you as part of
service deliverables; (iii) your running of the product, fix or service
deliverables after we notify you to discontinue running due to such a
claim; (iv) your combining the product, fix or service deliverables
with a non-Microsoft product, data or business process; (v) damages
attributable to the value of the use of a non-Microsoft product, data
or business process; (vi) your altering the product, fix or service
deliverables; (vii) your distribution of the product, fix or services
deliverable to, or its use for the benefit of, any third party; (viii)
your use of our trademark(s) without express written consent to do so;
or (ix) for any trade secret claim, your acquiring a trade secret (a)
through improper means; (b) under circumstances giving rise to a duty
to maintain its secrecy or limit its use; or (c) from a person (other
than us or our affiliates) who owed to the party asserting the claim a
duty to maintain the secrecy or limit the use of the trade secret. You
will reimburse us for any costs or damages that result from these
actions.
Loophole #1 "(ii) code or materials provided by you
as part of service deliverables" This would effectively still indemnify
Microsoft against most of the Timeline Inc patent claims, as it is the
developer/end user's code ( even visual basic code ) which would be in
violation of Timeline's patent claims.
Timeline
Inc has won a US Washington Court of Appeal judgment against Microsoft
for the right to sue Microsoft's customers, and subsequently sued
Cognos. On February 13, 2004, Cognos settled at cost to Cognos totaling
$1.75 million. http://www.timeline.com/021304PR1.htm
"Microsoft Corporation obtained a license under the above Unisys LZW
patents in September, 1996. Microsoft's license does NOT extend to
software developers or third parties who use Microsoft toolkit,
language, development or operating system products to provide GIF
read/write and/or any other LZW capabilities in their own
products(e.g., by way of DLLs and APIs)."
Other Loopholes include (v) and (vii), but the killer is (iv), which disclaims any indemnity
for users who wish to input any data. (ix)(a), also since literally it
excludes trade secret liability for improper action on anyone's part, including MS.
Does Microsoft's new agreement include such loopholes? Anyone have a link handy?
The point is that you have a lot of very clever people trying to reverse engineer the code, which exposes code which has often undergone very little peer review. Most of the times this also exposes vulnerabilities in the decoding software, some of which are remotely or locally exploitable.
1) The Digital Millennium Copyright Act of 1998 severely restricts the release of any tool which could be used to circumvent DRM technology.
2) Cracking the DRM code is not the same as cracking the key used to encrypt each item of encrypted content. If the key is not accessable then the content cannot be decrypted without major difficulty . If the virus/malware retains the decrypt key only in DRM OS protected resident memory, then the key is not accessable to the user. Also it is possible to construct polymorphic virus code which encrypts the decode key in the virus startup code.
Microsoft's planned Digital Right Management systems are based on the principle of locking the owner of the computer out of the ability to access sections of memory and disk space used by the DRM mediaplayer systems.
Crackers and hackers always find ways to exploit the code to access or share protected content. There is not a DRM system that has not been cracked within months of widespread release.
A stealth virus is one that, while active, hides the modifications it has made to files or boot records. It usually achieves this by monitoring the system functions used to read files or sectors from storage media and forging the results of calls to such functions. This means that programs that try to read infected files or sectors see the original, uninfected form instead of the actual, infected form. Thus the virus's modifications may go undetected by antivirus programs.
OS based DRM systems can still successfully lock a user, and any program, even if is running under localsystem/root privilege, out of areas of diskspace and memory. Microsoft's Mediaplayer , Active-X ( used with some DRM protection ), Real's realplayer, and even Microsoft's and Sun's Java JVMs, have in the past had remotely exploitable vulnerabilities. Such enviable offers the malware creator the ability to hide the virus from any antivirus tool or live forensic analysis.
The DRM encryption offers the ability for the malware to store content, and without the keys to decode the content, it is hidden from any forensic analysis.
The mainstream forth estate news organizations, on both sides, have utterly failed to hold either Democrats or Republicans accountable for claims that diverge widely from the known facts. In cases where journalists have made a consistent argument, the news organization has allowed that position to be "shouted down" by political camp followers repeating the same lies over and over again though the same outlet. ...
... Some alternative sources, be they partisan or bipartisan organizations, individuals, websites, documentaries, forums or the blogosphere, have done a better job at holding both sides accountable. Sadly, even the most popular alternative source reaches a small fraction of the audience covered by the mainstream media. However, to even that small fraction, those same sources have utterly failed to present an overall palatable, concise and coherent position to the opposing or undecided viewers. ...
Baxter's alternative begins with Lee Harvey Oswald's assassination attempt on John F. Kennedy in Dallas. Although Kennedy is hit, he survives, Jacqueline Kennedy taking the fatal bullet. Kennedy's injuries, however, force him to relinquish his office to Lyndon Johnson and act as a cheerleader for the space program he began as president. The space program then continues much as in our world, including the landing of Neil Armstrong and Joe Muldoon on the Moon on July 20, 1969. Baxter's changes come slowly, as if to say the inertia of history must be taken into account. Eventually, Nixon, at Kennedy's urgings, chooses a Mars program instead of merely the shuttle program he chose in our timeline.
One strategy to reduce risk would be to increase the utility of the project:
Don't build just a card, build a standalone Gigabit networked box.
Build a small sized motherboard with Processor and inbuilt Graphics, Sound, USB and Network.
Use a AMD64 or some other processor with hyper transport like bus, and connect the bus as
direct as possible to the Graphics, Sound and Network etc subsystems.
Bypassing the AGP/PCI[-X] bus will deliver better performance and avoid a few patent claims.
Don't bother with any IDE/SATA/SCSI Drive, PCI bus or Non USB[1.1/2] legacy device support.
Have it boot off flashbios and PXE/Etherboot or via a USB device.
Have two * one Gigabit Ethernet network ports as standard, with one port able to
pass though packets from the other, making daisy chaining possible.
Have it capable of adding up to 4gig of standard DDR2 memory.
For display output include DVI plus RGB/S-Video/AV Video PLUS
the ability to send the digital video stream out over Ethernet packets.
The latter ability gives the video the ability to create virtual displays,
Include the ability to receive and mix in Ethernet packet video from other boxes.
For audio output , include optical output plus 5.1 channel sound. Include the
same ability to in/output stream out over Ethernet packets.
It can function as a business graphic remote LTSP/X terminal,
A networked high performance media center/VOIP for HD Displays,
or with enough memory. a diskless workstation,
or with good enough OpenGL performance, an X-Box killing Games Console,
or as a node for a Beowulf multimedia system.
Many Australians have been voicing their concern about this country's front-line role in the campaign to attack Iraq, but so far the Howard Government has stood firm.
So how will it deal with another Australian who's reportedly declared Government policy against Iraq is dumb and not worth the risk?
Well, not so easily, when that opinion comes from a senior analyst in the Office of National Assessment, Andrew Wilkie, and pinned to that is his resignation.
The Office of National Assessment gathers and interprets an enormous flow of global intelligence material and briefs the PM accordingly.
Andrew Wilkie is a Duntroon graduate, a former soldier, a lieutenant colonel and has dropped a bombshell in the national capital tonight with a stinging criticism of the Howard Government's policy on Iraq.
He joins me now from Canberra.
Andrew Wilkie, is it accurate to describe you as a senior analyst with the Office of National Assessment?
ANDREW WILKIE, FORMER ANALYST, OFFICE OF NATIONAL ASSESSMENTS: Yes, Kerry.
KERRY O'BRIEN: And you were originally seconded to work there from the army back in '99.
ANDREW WILKIE: That's right, '99 and 2000 I was seconded there as a strategic analyst in the strategic analysis branch.
KERRY O'BRIEN: And the Office of National Assessments more recently, have you been privy to top level intelligence on areas like terrorism issues and Afghanistan and Iraq?
ANDREW WILKIE: Over the last 15 months or so I've been working global terrorism and transnational issues.
Because I'm one of the very small number of ex-military people in the office, I keep across potential military problems and am called in to work in the national intelligence watch office when those crises blow up.
Hence I've worked on Afghanistan, Kosovo and I was on stand-by to work on Iraq.
KERRY O'BRIEN: Why have you resigned?
ANDREW WILKIE: Kerry, war must obviously be justified and it must obviously be the option of last resort.
I'm not satisfied that in this case it is either justified or it's been viewed as the option of last resort.
KERRY O'BRIEN: Was there a particular moment that pushed you over the edge on this decision, I mean it is a big decision.
You've walked away on a career.
ANDREW WILKIE: It's the biggest decision I think I've ever made in my life.
Frankly I don't know what tomorrow will bring for me.
Was there a particular point in time?
No it's been accumulating over many, many weeks, if not months.
Although there have been some particular incidents which stick in my mind as incidents which annoyed me very much at the time.
For example, when Colin Powell presented evidence to the Security Council some weeks ago now about links between Al Qaeda and Iraq and as far as I'm aware there was no hard evidence and there is still no hard evidence that there is any active cooperation between Iraq and Al Qaeda.
KERRY O'BRIEN: But are you satisfied that you're really in a position to know that, to know that in the face of Colin Powell and all the credibility that he might muster?
ANDREW WILKIE: Yes, we are obviously privy to a substantial flow of intelligence, of hard intelligence from the US.
We haven't seen anything to prove that there is a link between the two organisations.
And, in fact, if you just approach it from first principles, there's a lot of good reasons why there wouldn't be a link.
Unless, of course, Saddam Hussein is pushed into establishing a relationship with Al Qaeda and that's one of the things that I worry about, if there is an invasion of Iraq that that will be just one of the sorts of forces that could push him towards a closer relationship with Al Qaeda.
KERRY O'BRIEN: You wrote an assessment last September on the hu
Companies like Microsoft are sustaining their dominate position in the marketplace by using a state-constructed and granted monopoly, which gives Microsoft the monopoly over it's protocols, effectively just as restrictive as the East India Trading Company trading zone monopoly of the Orient.
Slashdot Mirror
There really is a SFU; it is a subsystem, and these people are using it. But you can't use a subsystem by itself; a subsystem is useful only as part of a whole operating system. SFU now inludes Interix which is normally used in a combination with the GNU development toolchain and libraries : the system is basically GNU, with SFU functioning as the compatibility DDL Library layer.
Many users are not fully aware of the distinction between the compiler toolset, which is SFU, and the whole system, which they also call `SFU''. The ambiguous use of the name doesn't promote understanding.
Programmers generally know that is a Subsystem. But since they have generally heard the whole system called `Interix' as well, they often envisage a history which fits that name. For example, many believe that once Softway Systems finished writing the posix compatibility DDL Libraries, they looked around for other free software, and for no particular reason most everything necessary to port a Unix-like system was already available.
What they found was no accident--it was the GNU system. The available free software added up to a complete system because the GNU Project had been working since 1984 to make one. The GNU Manifesto had set forth the goal of developing a free Unix-like system, called GNU. The Initial Announcement of the GNU Project also outlines some of the original plans for the GNU system. By the time Interix was written, the system was almost finished.
Most software projects have the goal of developing a particular program for a particular job. For example, Softway Systems set out to build an environment to allow UNIX apps to be ported directly to NT. Donald Knuth set out to write a text formatter (TeX); Bob Scheifler set out to develop a window system (X Windows). It's natural to measure the contribution of this kind of project by specific programs that came from the project.
If we tried to measure the GNU Project's contribution in this way, what would we conclude? If you had access to the full source code of SFU with Interix, you might find found that, GNU software was the largest single contingent, around 60% of the total source code, and this included some of the essential major components without which there could be no compatable subsystem. SFU by without Interix itself could be about 20%. So if you were going to pick a name for the system based on who wrote the programs in the system, the most appropriate single choice would be `GNU''.
But we don't think that is the right way to consider the question. The GNU Project was not, is not, a project to develop specific software packages. It was not a project to develop a C compiler, although we did. It was not a project to develop a text editor, although we developed one. The GNU Project's aim was to develop a complete free Unix-like system: GNU.
Many people have made major contributions to the free software in the system, and they all deserve credit. But the reason it is a system--and not just a collection of useful programs--is because the GNU Project set out to make it one. We made a list of the programs needed to make a complete free system, and we systematically found, wrote, or found people to write everything on the list. We wrote essential but unexciting major components, such as the assembler and linker, because you can't have a system without them. A complete system needs
Create a new first level domain ( like alt, comp, talk etc ) named "rss" and use an extra header to identify the originating rss feed URL. The latter header could be used by the RSS/NNTP reader to select which article bodies to download and to verify each RSS entry to identify fake posts.
The potential solution space that exists to create a binary that generates a differing binary that generates the same checksum for each algorithm is going to be a lot smaller than switching to less unproven single algorithm such as SHA-256.
That might have been true before 2000, but the effort to calculate both algorithm in parallel ( not SMP, just passing the input bytes to each function ) is negligible with modern CPUs, both PC and embedded. The limiting bottlenecks are the network, hard drive and memory, not the CPU power required
gokeln wrote: "You do not get exponentially improved security"
When anyone uses the phrase "exponentially improved security", it triggers a link to Avoiding bogus encryption products: Snake Oil FAQ.
Using MD5 with SHA1, or even the older MD2 or MD4 will reduce the probability of creating a compatable binary with the same checksum to virtually zero.
If only one checksum is required then just XOR the resulting checksums from each algorithm.
The last eight Intel servers I installed were all assembled from good quality motherboards, fans and better quality ATX power supplies into run of the mill whitebox full/mid tower cases.
If space is not an issue then I find that taking time to assemble a well laid out PC case delivers better reliability than Intel based 1U or 2U rackmounted servers.
The hand is only there to protect it from the knives ;-).
Every point I made back then has since played out in court as predicted. Even the SCO Group is now relying on the same interpretation of the GPL license in its defence against IBM.
As I stated on March 10, 2004:
Twelve Step TrustABLE IT:
Virtualised Linux Standard Base (VLSB)
in Virtual Demilitarized Network Zones (VDNZ)
from Trusted Build Agents (TBA)
Back in August 11, 1998, Microsoft's Vinod Valloppillil and Josh Cohen released a memorandum titled Linux OS Competitive Analysis: The Next Java VM?, in which they predicted that Linux would become ubiquitous as a services platform. However, the title of the paper could be even more prophetic.
Consider the following.
[1] It is well known that Linux is quite portable, in fact only NETBSD comes close to the number of hardware platforms supported.
[2] What is less well known is that the Linux kernel has even been ported to run on itself, as client for a virtual Monitor platform, and even to run virtualised on other operating systems including Win2K and XP.
[3] Other operating systems, such as BSD and Sun's Solaris can also use a compatbility layer to run applications compiled for Linux directly, without the need for virtualisation.
[4]The Linux Standard Base Mission Statement is to
[5] The above standard also defines a generic subset of the standards for each hardware platform as a source level application interface. In fact for an application to be certified for the LSB it must be tested on two of the plaforms supported by the LSB, one chosen at random by the testing body. Following the standard, it's not that difficult a job to write portable C and C++ code : Write once, compile for each platfom.
[6] The GNU Compiler Collection's future GCC 4.0 Release Series now divides the task of compiling into two stages based around Static Single Assignment trees. It should be possible to use the new GCC front ends to compile each language into a SSA tree that represents the common generic subset of the Linux Standard Base: [5].The resulting SSA tree for a build could be dumped into files, analogous to Java's JVM intermediate format, and then complied to native code for the target platform: Write once, run everywhere.
Be it open or closed source, every binary or script you execute represents a risk. It is possible to introduce hostile code at any point along the build chain, before the point where the binary is checksummed and the result digitally signed.
[7] It is possible to use constraints built into any Linux or Unix like operating system to isolate and restrict what a binary executable has access to or can do. Even without employing SELinux's manditory access controls or chroot/jail'ed environments, it is possible to run a process under a different user identity and group identity. Unix servers have used this te
Unfortunately, the 2004 USA Election has been a victory of FUD over Facts.
The mainstream forth estate news organizations, on both sides, have utterly failed to hold either Democrats or Republicans accountable for claims that diverge widely from the known facts. In cases where journalists have made a consistent argument, the news organization has allowed that position to be "shouted down" by political camp followers repeating the same lies over and over again though the same outlet. In those same replies, there was very rarely comments by the news organization when known facts obviously contradicted the opinion. Many news organizations seem unwilling to publicly chastise either party for continuing to avoid addressing serious questions when the facts do not concur. The result has been an outright failure of the concept of journalistic ethics.
Some alternative sources, be they partisan or bipartisan organizations, individuals, websites, documentaries, forums or the blogosphere, have done a better job at holding both sides accountable. Sadly, even the most popular alternative source reaches a small fraction of the audience covered by the mainstream media. However, to even that small fraction, those same sources have utterly failed to present an overall palatable, concise and coherent position to the opposing or undecided viewers.
The resulting output from both mainstream and alternative sources has only polarized each sides opinion of each other, further dividing the nation.
Democracy is effective only when a large majority of voters are capable of making an informed choice. In my opinion, the majority of voters, despite who they voted for, were badly served by those organizations who claim they are responsible for keeping the public informed. It's not as if the same could not be said for past elections in any country, but this election cycle the "Whopper" mud slinging has been so much worse than any election since the introduction of television.
What does this mean for the tech industry?
In a lot of ways, both sides campaigns are mirrored by Microsoft's unabated campaign of Fear, Uncertainty and Doubt ( commonly referred to in the information technology sector by the acronym FUD ). Microsoft's advocates probably consider the use of the same strategy by both Democrats and Republicans a green light to continue to spread FUD, despite the evidence which contradicts the claims, including Microsoft's own internal research. Any forum attached to an article that even hints at Linux being used on the desktop results in a similar barrage of FUD that is familiar in form to that spouted by the political camp followers. Microsoft's advocates claim the same thing happens whenever Microsoft's record of security is mentioned.
Whether choosing a political or consumer platform, it is possible to make an informed choice when the mainstream political or technical media performs its role to certain ethical standards.
From the International Federation of Journalists:
You could not insert the GPL'ed source into any LPL, BSD, X11, MIT or SISSL product, without the authors permission, without violating the terms of the GPL license.
It should be noted that other database vendors such as Oracle, who licensed the same technology from Timeline Inc, did not choose the same license restriction, but choose a license that allowed all end users to use the API freely.
Even Microsoft's 2004 May 27th changes which apply only to customers under enterprise licensing contracts, which Microsoft claims grants greater immunity, contains many loop holes which greatly negate Microsoft's liability.
r _developers_face_huge/ 4 1479.html
w ww.unisys.com/about__unisys/lzw/
The section 6 clause contain exceptions:
Our obligations will not apply to the extent that the claim or adverse final judgment is based on (i) specifications you provide to us for the service deliverables; (ii) code or materials provided by you as part of service deliverables; (iii) your running of the product, fix or service deliverables after we notify you to discontinue running due to such a claim; (iv) your combining the product, fix or service deliverables with a non-Microsoft product, data or business process; (v) damages attributable to the value of the use of a non-Microsoft product, data or business process; (vi) your altering the product, fix or service deliverables; (vii) your distribution of the product, fix or services deliverable to, or its use for the benefit of, any third party; (viii) your use of our trademark(s) without express written consent to do so; or (ix) for any trade secret claim, your acquiring a trade secret (a) through improper means; (b) under circumstances giving rise to a duty to maintain its secrecy or limit its use; or (c) from a person (other than us or our affiliates) who owed to the party asserting the claim a duty to maintain the secrecy or limit the use of the trade secret. You will reimburse us for any costs or damages that result from these actions.
Loophole #1 "(ii) code or materials provided by you as part of service deliverables" This would effectively still indemnify Microsoft against most of the Timeline Inc patent claims, as it is the developer/end user's code ( even visual basic code ) which would be in violation of Timeline's patent claims.
Microsoft licensed Database/Datawarehouse technology from Timeline Inc, but unlike Oracle and other database vendors, Microsoft chose a license that did not grant Microsoft's customers the right to fully use that technology.
http://www.theregister.co.uk/2003/02/20/sql_serve
Timeline has extended it's patent claims to cover many featured widely used by developers, both ISV and in house.
http://www.winnetmag.com/Article/ArticleID/41479/
Timeline Inc has won a US Washington Court of Appeal judgment against Microsoft for the right to sue Microsoft's customers, and subsequently sued Cognos. On February 13, 2004, Cognos settled at cost to Cognos totaling $1.75 million.
http://www.timeline.com/021304PR1.htm
Microsoft has a history of licensing third party code and patents in such a manner that still leaves developers and users exposed to IP threats. Even going back to the LZH/GIF Unisys patents
http://web.archive.org/web/20020806173115/http://
"Microsoft Corporation obtained a license under the above Unisys LZW patents in September, 1996. Microsoft's license does NOT extend to software developers or third parties who use Microsoft toolkit, language, development or operating system products to provide GIF read/write and/or any other LZW capabilities in their own products(e.g., by way of DLLs and APIs)."
Other Loopholes include (v) and (vii), but the killer is (iv), which disclaims any
indemnity for users who wish to input any data. (ix)(a), also since literally it excludes trade secret liability for improper action on
anyone's part, including MS.
Does Microsoft's new agreement include such loopholes? Anyone have a link handy?
The point is that you have a lot of very clever people trying to reverse engineer the code, which exposes code which has often undergone very little peer review. Most of the times this also exposes vulnerabilities in the decoding software, some of which are remotely or locally exploitable.
2) Cracking the DRM code is not the same as cracking the key used to encrypt each item of encrypted content. If the key is not accessable then the content cannot be decrypted without major difficulty . If the virus/malware retains the decrypt key only in DRM OS protected resident memory, then the key is not accessable to the user. Also it is possible to construct polymorphic virus code which encrypts the decode key in the virus startup code.
Crackers and hackers always find ways to exploit the code to access or share protected content. There is not a DRM system that has not been cracked within months of widespread release.
A stealth virus is one that, while active, hides the modifications it has made to files or boot records. It usually achieves this by monitoring the system functions used to read files or sectors from storage media and forging the results of calls to such functions. This means that programs that try to read infected files or sectors see the original, uninfected form instead of the actual, infected form. Thus the virus's modifications may go undetected by antivirus programs.
OS based DRM systems can still successfully lock a user, and any program, even if is running under localsystem/root privilege, out of areas of diskspace and memory. Microsoft's Mediaplayer , Active-X ( used with some DRM protection ), Real's realplayer, and even Microsoft's and Sun's Java JVMs, have in the past had remotely exploitable vulnerabilities. Such enviable offers the malware creator the ability to hide the virus from any antivirus tool or live forensic analysis.
The DRM encryption offers the ability for the malware to store content, and without the keys to decode the content, it is hidden from any forensic analysis.
Lets ditch the slashdot user account who's karma drops below 20% because of trolling and disallow anonymous posting.
Baxter's alternative begins with Lee Harvey Oswald's assassination attempt on John F. Kennedy in Dallas. Although Kennedy is hit, he survives, Jacqueline Kennedy taking the fatal bullet. Kennedy's injuries, however, force him to relinquish his office to Lyndon Johnson and act as a cheerleader for the space program he began as president. The space program then continues much as in our world, including the landing of Neil Armstrong and Joe Muldoon on the Moon on July 20, 1969. Baxter's changes come slowly, as if to say the inertia of history must be taken into account. Eventually, Nixon, at Kennedy's urgings, chooses a Mars program instead of merely the shuttle program he chose in our timeline.
It's worth listening to, but is only available for one week, the first online (realplayer) episode will be replaced by monday.
Don't build just a card, build a standalone Gigabit networked box.
Build a small sized motherboard with Processor and inbuilt Graphics, Sound, USB and Network. Use a AMD64 or some other processor with hyper transport like bus, and connect the bus as direct as possible to the Graphics, Sound and Network etc subsystems.
Bypassing the AGP/PCI[-X] bus will deliver better performance and avoid a few patent claims.
Don't bother with any IDE/SATA/SCSI Drive, PCI bus or Non USB[1.1/2] legacy device support. Have it boot off flashbios and PXE/Etherboot or via a USB device.
Have two * one Gigabit Ethernet network ports as standard, with one port able to pass though packets from the other, making daisy chaining possible.
Have it capable of adding up to 4gig of standard DDR2 memory.
For display output include DVI plus RGB/S-Video/AV Video PLUS the ability to send the digital video stream out over Ethernet packets.
The latter ability gives the video the ability to create virtual displays, Include the ability to receive and mix in Ethernet packet video from other boxes.
For audio output , include optical output plus 5.1 channel sound. Include the same ability to in/output stream out over Ethernet packets.
It can function as a business graphic remote LTSP/X terminal,
A networked high performance media center/VOIP for HD Displays,
or with enough memory. a diskless workstation,
or with good enough OpenGL performance, an X-Box killing Games Console,
or as a node for a Beowulf multimedia system.
Buy or aquire a copy of Robert Kane Pappas' "Orwell Rolls in His Grave".
Linux 2.6.7-1.494.2.2smp #1 SMP Tue Aug 3 09:59:49 EDT 2004
uptime
00:30:15 up 44 days, 8:53, 6 users, load average: 0.11, 0.14, 0.15