It's an interesting read. IMHO the rebuttals sometimes poor phrasing, ie quite early the writer comments that the "Fable" article spews forth a host of references to various studies does put it in slightly less light. All in all it reads more like an opinionated piece than a well researched one. It could also be mentioned that Marcus Brooks (writer of Fable of the Fable) doesn't seem to put forth any new evidence, but is just as guilty of using the same "discredit the source" tactics as he critizises Liebowitz and Margolis for.
If Dvorak is so good then why are there no new studies which demonstrate this?
All that said I wouldn't be suprised if there were better possible layouts. Particularly for programmers a non-us QWERTY can be really bad as it's hard to reach common keys.
You were also wrong on the other account. If the final version is GPL then they can resell or give that away for free if they like. That is part of the point of it all. The GPL doesn't allow you to limit what other people do with it, as long as they do the same (ie they can't change the license).
I find it interesting that you imply that kids shooting each other after playing computer games is as natural as kids playing sports get hurt. Despite a lot of effort there is still no evidence than can demonstrate a causal relationship between playing violent video games and violent behaviour.
Now media doesn't care about this and apparently you think it's a good idea to avoid this confrontation as it "looks bad" instead of trying to do the right thing.
I'm flattered that you don't believe that everyone here are too busy attempting to suck up to the "all knowing media" to lose their capacity to think for themselves.
Let's say we a list of all of our favourite "almost zero probablilities that would kill you". Stuff like getting hit by a meteor, getting struck by lightning, getting killed by debris from a crashing airplane etc. Lets take the top 1000 of those extraordinarily unlikely events and furthermore let's say that they all happen at the same time.
Now that probability isn't zero, there is a chance that it will happen to you as you go home from work today. It's not particularly likely though. And I'm willing to bet that the chance of that happening is a lot higher than that someone will be able to crack your AES encrypted data with longest keylength.
Perhaps that puts things in perspective for you. This isn't the case that "in a milllion billion years" someone can crack your message. The point is that the Universe will end before they have gone over a significant part of the keyspace.
There is one more aspect to consider. What do you do when it goes wrong?
If you have rolled your own you have a better idea of how things hook up and can find the errors easier. If you have something store bought you may not be able to save your data.
And it's my experience that for stuff like NAS this is especially true. Harddisks will fail, it's just a question of time.
Items like this NAS often portray themseves as "Turn key" solutions. In my experience there is no such things. And in many cases you spend as much (or more) time setting those up properly than if you had just done it on your own. (I bet this particular solution will work as soon as you plug it in, the question is for how long.)
You don't. Take a bunch of disks, turn them into RAID5 array. Make a logical volume (LVM on Linux) and add the RAID-array to it. Create a growable device on the LVM and format with a standard gowable FS.
When you get new disks simply create a new RAID5 array and add that to the logical volume and add to your current and grow the FS on it.
You don't want everything on one big RAID0, I lost 200G of data that way. I can say I'll never do that mistake again.
There are software ideas that are unique enough to support a patent. The problem is that every software idea ends up being patented, unique or not.
This effectively makes it very hard for small and independent software developers to exist as they don't have the money to get a patent. Don't have the money to protect against lawsuits for unjustified patents (it takes a lot of money to get a patent overturned). And finally, if they some way get a patent, they can't afford to protect it.
Furthermore a problem with software is that you patent an idea and not a solution. Eg you can patent "buying items with one click" instead of the actual implementation.
My biggest gripe is that I don't see any benefits from software patents. If you can demonstrate that it has some benefits I'd be interested in hearing about it.
The problem with this is that people don't have perspective on just how enourmously big something 2^256 is. You may think that "it's just a question of time" before you can brute force it.
A good perspective a lecturer of mine offered was that the number of known atoms in the Universe is somewhere in the vicinity of 2^200. Now while that is not really a number you can grasp, it still demonstrates the futility of trying to brute force the encryption.
Even if you factor in Mores law then anything above 56-bit is going to be futile to crack. Even a 128-bit symmetric system will take about 75 years before it's down to something which is remotely brute-forceable.
You are more likely to find a weak spot in the encyption scheme than brute-forcing it.
I have yet to actually use SVN, but I'm soon going to as a new project I've joined use it. From the description I got it was CVS but with the biggest "gotchas" fixed. As other people in the thread mentioned it is very easy to migrate for developers.
We got a tip that there is a good book on SVN out from O'Reilly (who else?) and it's also available online, for free Version Control with Subversion.
BTW the project I joined is hosted on BerliOS.de which is a Sourceforge like system which supports SVN for hosted projects (another added feature over SF is Wikis). AFAIK it uses the same system as SF so they are very similar.
I believe there were some projects to make "automatic GUIs" which could parse config files more completely.
Personally I don't use them though, I have found that if you want to be a "power user" it is typically a lot faster to just edit the files directly. This would be true for Windows as well, if it was possible. Personally I think WinXP is at about the limit of complexity for GUI configuration. I often have to search the net or the help in order to find settings for trivial things like hibernation settings. And keep in mind that a typical Linux distro has an order of a magnitude more standard components than Windows.
All that said, I know that sometimes searching man pages is frustrating. But I do find it more frustrating that in Windows I have to search the net for info on how to do some things in the registry or it may just not be possible.
It seems like it would make more sense to queue for 150 days for a movie not "most likely to suck". And for that matter a movie you can't get tickets to the premiere by standing in line for 10 minutes.
I may be a tad hard to get a license to distribute HL2 and D3 though. Particularly as part of a free Live CD.
Now your rant on config files is another matter. Most distros allow you to edit settings through a GUI. Keep in mind that you can't edit all settings in Windows (and 3rd party programs) with one system.
That said, if you give it a try you may come to see why many consider text based configuration superior.
If you do that you can't share the header part freely in order to provide others with an easy interface to your code (while with-holding the actualy implementation). That can be extremely useful if you work on projects large enough that not everyone can work on the same part. (Ie "in the real world" code.)
Putting defs at the top is good for defining "local" functions and variables though. Used with h-files it creates a good separation of private and public information.
Personally I'd be very sceptic of jumping on a wagon that goes contrary to software design practices while not really having any arguments.
A cryptographic hash is constructed so that you can't find a H(x) == H(y) without doing a brute force attack. Naturally doing a brute force on a 128-bit hash is useless.
BTW wouldn't it be theoretically possible that you take two different bz2 files but when you encrypt them you get the same result? Since the input files and thus md5-hashes would be different.
The point is that if you put all your data in one proverbial (and proprietary) basket. It has been demostrated that this is a very bad idea but it doesn't seem to stop people from doing it all over again.
Re:Another useless blog
on
Today in P2P
·
· Score: 1
A good run down on the eMule protocol would be nice. It's quite apparently horribly broken so it would be nice to use it as a "anti-pattern".
Waiting several hours for a download to begin is hardly what I'd call a sign of a functional system.
But then you only need one person to purchase rights and store the file in a decrypted state. You can't do that with WMP but that's just a minor hurdle. (Even if you don't have a player which does it you could always just make a decoder in software.)
I can't really see how this would be implemented securely in software.
The default seems broken. If multiple alternatives exist it will just select the first alternative. That seems pretty broken to me. (There may well be some where to change this behaviour though.)
I would say that after using Unix for a while the WindowsXP command line feels horribly broken. In Unix I often prefer to do things via the command line even though I have multiple good file managers installed. In WinXP it's just not an alternative to do stuff like copy directoties and such via CMD.
The new installer should be able to do that automagically. At least it has always done so for me. Previously you do need to download "debian installer sarge beta" though, if you downloaded the standard one you got the old installer (which required you to do stuff like that).
At least when I used the new installer I could also select "Task select" and then I had quite a few more options. It was still the same type of "Windows system", "Desktop", "Webserver", "File server" etc but quite a few more than 7.
I don't think it was quite complete though because at least I wanted more options than were available. But it sure is a step in the right direction.
You may want to look a bit closer on those examples you posted.
Victorinox (the original Swiss army knife maker) was founded in late 1884, hardly what I'd call a recent invention.
Coffemakers, it's my (and all other serious coffe drinkers that I've met) experience that the _best_ coffee is made with either Fresh press (Freedom press;-) or perculator. Both of these are old inventions. Now you may think that the "King of Coffee" drip makers are really good, but that's mainly marketing. (They are good, but not as good as low tech makers mentioned above.) Grinders are pretty nice nowadays, but I don't think that putting an electric motor on a manual grinder all that big a invention.
LED flashlights are neat though. Particularly since they can be hand powered and still be useable. (Due to low energy consumption.) So this one I'll agree on.
Genrally I'll go with the grandparant and agree that most industries today are led by marketing and not content. Even in table-salt "tech" I have seen a lot of new sea salts with different flavours added and sold at a premium.
I knew about 350 kanji when I was i Japan this past summer. I still couldn't read what was in a piece of sushi when I was standing in the local kombini (unless there was furigana on it as well). I could of course ask the people in the store but since I didn't really care I just learned some that I liked.
And if you learn kanji in Japan you are expected to know all jyoujou-kanji (1946 IIRC) plus about 500 more that are "common knowledge". But most people know a few more in their work field.
Naturally just because you "know" a kanji doesn't mean you can read or understand a composite that it is included in. Learning the kanji shape and basic meaning is just the first, easy, part.;-)
Slashdot Mirror
It's an interesting read. IMHO the rebuttals sometimes poor phrasing, ie quite early the writer comments that the "Fable" article spews forth a host of references to various studies does put it in slightly less light. All in all it reads more like an opinionated piece than a well researched one. It could also be mentioned that Marcus Brooks (writer of Fable of the Fable) doesn't seem to put forth any new evidence, but is just as guilty of using the same "discredit the source" tactics as he critizises Liebowitz and Margolis for.
If Dvorak is so good then why are there no new studies which demonstrate this?
All that said I wouldn't be suprised if there were better possible layouts. Particularly for programmers a non-us QWERTY can be really bad as it's hard to reach common keys.
You were also wrong on the other account. If the final version is GPL then they can resell or give that away for free if they like. That is part of the point of it all. The GPL doesn't allow you to limit what other people do with it, as long as they do the same (ie they can't change the license).
I find it interesting that you imply that kids shooting each other after playing computer games is as natural as kids playing sports get hurt. Despite a lot of effort there is still no evidence than can demonstrate a causal relationship between playing violent video games and violent behaviour.
Now media doesn't care about this and apparently you think it's a good idea to avoid this confrontation as it "looks bad" instead of trying to do the right thing.
I'm flattered that you don't believe that everyone here are too busy attempting to suck up to the "all knowing media" to lose their capacity to think for themselves.
You don't seem to understand.
Let's say we a list of all of our favourite "almost zero probablilities that would kill you". Stuff like getting hit by a meteor, getting struck by lightning, getting killed by debris from a crashing airplane etc. Lets take the top 1000 of those extraordinarily unlikely events and furthermore let's say that they all happen at the same time.
Now that probability isn't zero, there is a chance that it will happen to you as you go home from work today. It's not particularly likely though. And I'm willing to bet that the chance of that happening is a lot higher than that someone will be able to crack your AES encrypted data with longest keylength.
Perhaps that puts things in perspective for you. This isn't the case that "in a milllion billion years" someone can crack your message. The point is that the Universe will end before they have gone over a significant part of the keyspace.
There is one more aspect to consider. What do you do when it goes wrong?
If you have rolled your own you have a better idea of how things hook up and can find the errors easier. If you have something store bought you may not be able to save your data.
And it's my experience that for stuff like NAS this is especially true. Harddisks will fail, it's just a question of time.
Items like this NAS often portray themseves as "Turn key" solutions. In my experience there is no such things. And in many cases you spend as much (or more) time setting those up properly than if you had just done it on your own. (I bet this particular solution will work as soon as you plug it in, the question is for how long.)
You don't. Take a bunch of disks, turn them into RAID5 array. Make a logical volume (LVM on Linux) and add the RAID-array to it. Create a growable device on the LVM and format with a standard gowable FS.
When you get new disks simply create a new RAID5 array and add that to the logical volume and add to your current and grow the FS on it.
You don't want everything on one big RAID0, I lost 200G of data that way. I can say I'll never do that mistake again.
There are software ideas that are unique enough to support a patent. The problem is that every software idea ends up being patented, unique or not.
This effectively makes it very hard for small and independent software developers to exist as they don't have the money to get a patent. Don't have the money to protect against lawsuits for unjustified patents (it takes a lot of money to get a patent overturned). And finally, if they some way get a patent, they can't afford to protect it.
Furthermore a problem with software is that you patent an idea and not a solution. Eg you can patent "buying items with one click" instead of the actual implementation.
My biggest gripe is that I don't see any benefits from software patents. If you can demonstrate that it has some benefits I'd be interested in hearing about it.
The problem with this is that people don't have perspective on just how enourmously big something 2^256 is. You may think that "it's just a question of time" before you can brute force it.
A good perspective a lecturer of mine offered was that the number of known atoms in the Universe is somewhere in the vicinity of 2^200. Now while that is not really a number you can grasp, it still demonstrates the futility of trying to brute force the encryption.
Even if you factor in Mores law then anything above 56-bit is going to be futile to crack. Even a 128-bit symmetric system will take about 75 years before it's down to something which is remotely brute-forceable.
You are more likely to find a weak spot in the encyption scheme than brute-forcing it.
I have yet to actually use SVN, but I'm soon going to as a new project I've joined use it. From the description I got it was CVS but with the biggest "gotchas" fixed. As other people in the thread mentioned it is very easy to migrate for developers.
We got a tip that there is a good book on SVN out from O'Reilly (who else?) and it's also available online, for free Version Control with Subversion.
BTW the project I joined is hosted on BerliOS.de which is a Sourceforge like system which supports SVN for hosted projects (another added feature over SF is Wikis). AFAIK it uses the same system as SF so they are very similar.
The next version of Bluetooth is supposed to have 3 times the bandwidth of the current version. Thus nicely solving that problem.
I believe there were some projects to make "automatic GUIs" which could parse config files more completely.
Personally I don't use them though, I have found that if you want to be a "power user" it is typically a lot faster to just edit the files directly. This would be true for Windows as well, if it was possible. Personally I think WinXP is at about the limit of complexity for GUI configuration. I often have to search the net or the help in order to find settings for trivial things like hibernation settings. And keep in mind that a typical Linux distro has an order of a magnitude more standard components than Windows.
All that said, I know that sometimes searching man pages is frustrating. But I do find it more frustrating that in Windows I have to search the net for info on how to do some things in the registry or it may just not be possible.
It seems like it would make more sense to queue for 150 days for a movie not "most likely to suck". And for that matter a movie you can't get tickets to the premiere by standing in line for 10 minutes.
I may be a tad hard to get a license to distribute HL2 and D3 though. Particularly as part of a free Live CD.
Now your rant on config files is another matter. Most distros allow you to edit settings through a GUI. Keep in mind that you can't edit all settings in Windows (and 3rd party programs) with one system.
That said, if you give it a try you may come to see why many consider text based configuration superior.
If you do that you can't share the header part freely in order to provide others with an easy interface to your code (while with-holding the actualy implementation). That can be extremely useful if you work on projects large enough that not everyone can work on the same part. (Ie "in the real world" code.)
Putting defs at the top is good for defining "local" functions and variables though. Used with h-files it creates a good separation of private and public information.
Personally I'd be very sceptic of jumping on a wagon that goes contrary to software design practices while not really having any arguments.
A cryptographic hash is constructed so that you can't find a H(x) == H(y) without doing a brute force attack. Naturally doing a brute force on a 128-bit hash is useless.
BTW wouldn't it be theoretically possible that you take two different bz2 files but when you encrypt them you get the same result? Since the input files and thus md5-hashes would be different.
The point is that if you put all your data in one proverbial (and proprietary) basket. It has been demostrated that this is a very bad idea but it doesn't seem to stop people from doing it all over again.
A good run down on the eMule protocol would be nice. It's quite apparently horribly broken so it would be nice to use it as a "anti-pattern".
Waiting several hours for a download to begin is hardly what I'd call a sign of a functional system.
Just a minor point here:
Fit more on CDs, DVDs, and other backup media
Anyone stupid enough to encode their data using a proprietary system deserve to lose all their data, IMNSHO.
But then you only need one person to purchase rights and store the file in a decrypted state. You can't do that with WMP but that's just a minor hurdle. (Even if you don't have a player which does it you could always just make a decoder in software.)
I can't really see how this would be implemented securely in software.
The default seems broken. If multiple alternatives exist it will just select the first alternative. That seems pretty broken to me. (There may well be some where to change this behaviour though.)
I would say that after using Unix for a while the WindowsXP command line feels horribly broken. In Unix I often prefer to do things via the command line even though I have multiple good file managers installed. In WinXP it's just not an alternative to do stuff like copy directoties and such via CMD.
As always, YMMV.
The Debian idea is that it is portable. You can use other installers like Ubuntu, Knoppix or Progency to get your Debian going, but that's up to you.
Someday you may be happy that not all people are so short-sighted as to "just make MY setup work dammit!".
The new installer should be able to do that automagically. At least it has always done so for me. Previously you do need to download "debian installer sarge beta" though, if you downloaded the standard one you got the old installer (which required you to do stuff like that).
The new installer is a lot better.
At least when I used the new installer I could also select "Task select" and then I had quite a few more options. It was still the same type of "Windows system", "Desktop", "Webserver", "File server" etc but quite a few more than 7.
I don't think it was quite complete though because at least I wanted more options than were available. But it sure is a step in the right direction.
You may want to look a bit closer on those examples you posted.
;-) or perculator. Both of these are old inventions. Now you may think that the "King of Coffee" drip makers are really good, but that's mainly marketing. (They are good, but not as good as low tech makers mentioned above.) Grinders are pretty nice nowadays, but I don't think that putting an electric motor on a manual grinder all that big a invention.
Victorinox (the original Swiss army knife maker) was founded in late 1884, hardly what I'd call a recent invention.
Coffemakers, it's my (and all other serious coffe drinkers that I've met) experience that the _best_ coffee is made with either Fresh press (Freedom press
LED flashlights are neat though. Particularly since they can be hand powered and still be useable. (Due to low energy consumption.) So this one I'll agree on.
Genrally I'll go with the grandparant and agree that most industries today are led by marketing and not content. Even in table-salt "tech" I have seen a lot of new sea salts with different flavours added and sold at a premium.
I knew about 350 kanji when I was i Japan this past summer. I still couldn't read what was in a piece of sushi when I was standing in the local kombini (unless there was furigana on it as well). I could of course ask the people in the store but since I didn't really care I just learned some that I liked.
;-)
And if you learn kanji in Japan you are expected to know all jyoujou-kanji (1946 IIRC) plus about 500 more that are "common knowledge". But most people know a few more in their work field.
Naturally just because you "know" a kanji doesn't mean you can read or understand a composite that it is included in. Learning the kanji shape and basic meaning is just the first, easy, part.