The "secure computing" preached by MS does not protect against OS bugs, buffer overflows, or any of the myriad local or remote attacks based on software flaws. The only "security" it offers is a way to prevent end users from downloading and installing the software of their choice. I don't mean to minimize the value of this - it is an important base to cover. The "typical" Windows user sees a free screen saver and goes "Ooh! Shiny!" and installs it - thereby joining yet another botnet. When/if Linux reaches Windows marketshare, "typical" Linux users will do the same.
Of course, this turns a Windows/TPM computer into something akin to a game console. I personally don't think there is anything wrong with this - until M$ convinces the government to outlaw real computers because they are "insecure". Or more likely, convinces banks and online merchants to only do business with TPM computers.
well, in a way. The problem is that the drive makers optimized their power saving algorithms for Windows disk access patterns - as you would expect them to since it is 85% of the market. And they didn't provide knobs to twist for other OSes - including new, more efficient versions of Windows.
The irony is that Linux runs afoul of the hard drive power saving tuning because it is too efficient. The gaps between disk accesses are too long, and trigger a head unload while the OS is still active.
The best fix would be to twist a knob to adjust the inactivity timer - but that isn't available. So the simplest fix is to disable power saving on the disk - fine for laptops used as portable desktops. To keep drive power saving without unloading/loading the heads constantly, you have to configure "laptop mode", which uses memory to cache reads/collect writes so as to provide something like 30 minutes between disk accesses for typical word processing/browsing activities.
I've thought about writing a background process (in python or your favorite script language) that monitors iostat - and reads a raw sector every 9 seconds to keep the disk from thinking we are inactive. At the same time, we have our own Linux oriented inactivity timer, and stop reading the raw sectors when the system is truly inactive (other than our own reads).
I have a client who has bellsouth DSL - a business account with a static IP. The ISP owned DSL modem crapped out, and they dutifully sent a technician to replace it. Unfortunately, the new DSL modem is configured like a NAT router to block all incoming connections - and we have no access to it.
I was able to restore email and ssh service via openvpn, but it has been a month, and the client, my boss, and I have tried unsuccessfully to convince half a dozen bellsouth employees that a static IP is not much use with no incoming connections.
At this point, I've advised the client to either downgrade to dynamic IP and demand a refund for the months overpayment, or see if the cable company is any better. I just can't believe how many utterly clueless "tech" people they manage to field.
for whitespace bugs in python. If your programmers insist on using their own personal editors with their own personal tab expansion preferences - then ban tabs. All fixed. Easily automated. Use a CVS script to reject *.py with tab chars.
I have also been bitten by C bugs caused by white space. Someone with a different tab stop had entered the code incorrectly, but it looked correct in my editor (with standard unix 8 space tab stops). Never did notice the misaligned brace until running it through pretty print...
Of course it can. But then it isn't "evolution" in the religious sense that hard core atheists insist on. The official Dogma explicitly requires *undirected* chance plus natural selection as the ultimate origin of anything that appears to be designed. (Notice I said, "ultimate", nitpickers.)
I mean really, philosophical materialism is just as silly as the "the universe must have been created in 7 revolutions of a certain planet as measured 14 billion (or 6000) years into its evolution" camp. ("Evolution" in the continuous change according to a set of rules sense). Did they ever consider that our physical time was itself one the things being (allegedly) created? (Many Church Fathers did - e.g. Augustine)
There are many meanings of "evolution" in common use, so discussions always end up in equivocation with straw and torn blue jeans all over the place.
While someone knowledgeable about the system they are using (i.e. Mac/Windows Pro/BSD/Solaris/Linux distro) will have to tell them a few specifics, it is just a matter of putting in localhost or the SMTP service instead of the ISP.
If the ISP blocks port 25, it costs about $10 USD/mo to contract with someone in another country without such laws to relay mail via port 587 (the standard submission port). Use port 80 if everything else is blocked. My home ISP blocks port 25, for instance, so I have to do that (the port 587 thing). I had no trouble instructing non-technical family on configuring thunderbird to relay through my home machine. (Sharing my SMTP relay service.)
Question:
Someone already noted that GB can force you to divulge encryption keys. However, TLS generates random keys each connection, and keeps no record of them. Does that mean that TLS is illegal in GB?
Anyone except home Windows users has an MTA (or two or three in the case of Linux) included in their OS, and can run their own email. I always use TLS for SMTP. So while the recipient may archive/distribute your email, the ISP won't be able to.
they should specify a characteristic or result. Like mandating open (and archivable) file formats and or open source. Even mandating particular file formats is preferable to mandating a OS technology.
Banning incandescent bulbs was dumb. Our office had bathroom lights on a motion sensor. Good idea. Then they replaced the incandescent bulbs with compact fluorescent - but left the motion sensor. Now they have to replace the mercury laden bathroom bulbs every few months (fluorescents hate frequent power cycles).
While there is no legal reason to expect anything, a simple email notification would be cheap and common courtesy. If I didn't get a notice, my perception of the company would grow substantially more negative. I would not expect any continued access to data (other than the time provided by the notice) - because that is much more expensive and goes beyond common courtesy.
I switched from Windows 95 to RedHat 6.2 many years ago, and except for reboots to upgrade the hardware (started with 200Mhz Pentium I w/ 384M and now have Dual Core w/ 2G) or OS (now on CentOS 5.2), it has crashed only twice - due to a defective USB2.0 card which I replaced.
We run LTSP so that the single server runs the entire family, using old '90s hardware for thin clients. We simply could not afford to run Windows (or Mac).
The curious thing about the 1-click patent is that I don't know anyone that does or would even consider using the feature. I would never use the feature. Like most people, I want to see a summary of my order before the final click to satisfy myself that I *really* need/want to spend the money.
Rich people like Sam Walton would never use it either. The only people using it must those credit card wielding yuppies from teen movies with an infinite supply of someone else's money. I thought people like that only existed in movies - but apparently they are a major profit center for Amazon.
Cox charges $3/mo extra for internet only - vs internet + cable TV. I paid that extra $3/mo for several years on principle (no TV). Finally, Cox offered basic phone + internet for a substantial discount - and I took them up on the offer.
A lot of the power of botnets would be gone if critical networks actually had their own network instead of depending on the global internet. It is very popular to do the "VPN" thing and get a private network for near zero startup cost. But if the VPN is mission critical, then you should actually have your own wires or spectrum. Then if a botnet attacks, you just shut off the global internet at the firewall, and the mission critical stuff keeps going.
If RSA were not considered computationally secure, I might applaud his intent to provide "a better mousetrap".
Since 1024 bit RSA used by DNSSEC is *not* considered computationally secure, I'm sure he'll appreciate your applause.
Also, his "hack" of encoding the key in NS records actually simplifies deployment and could also be used by DNSSEC (at the expense of long DNS server names - *really* long in the case of DNSSEC).
DNSSEC is pre-signed, and can be checked by a client even if a DNS cache is compromised. (If you already have non-forged keys from the root.) But this also means you effectively publish your entire zone.
DNSCurve protects transactions, and depends on secure caches. Clients have to run their own caching nameserver if they don't trust the ISP DNS. (Pretty much the case now.) But you can also continue to use secret names in your zones.
DNSSec pre-signs all DNS records. In order to "sign" "no such record" responses, it is necessary to sign a list of records that don't exist in a zone. This effective publishes your entire zone as a side effect.
DNSCurve encrypts and authenticates the transaction, like SSL. This has the side effect of not needing to publish the entire zone. Instead of getting the public key from special DNSKEY records, DNSCurve stores it in existing NS records, encoded in the server name.
I would like to use DNSKEY records if available, otherwise use the specially encoded servername. That scheme could also gradually transition to widespread DNSKEY support, since both the encoding and DNSKEY could be used. DNSSEC could even use the encoded servername idea - but the names would be *really* long thanks to the longer RSA keys.
Our family knows two girls who blew their brains getting high on nutmeg. In the summer, our street is littered with mulberries - some of them green (hallucinogenic when consumed green). Marijuana grows on the police station lawn. But if they find it in *your* lawn, you could get arrested (or they can just swipe your car on "suspicion" of drug dealing). Teenagers in Hawaii get high (and sometimes die) licking poisonous frogs. Native Americans get high on mushrooms. Bolivians grow coca and make tea. The tiny amounts of cocaine in coca tea are harmless and actually healthful and no more addictive than caffeine.
What do all these drugs have in common? They are all natural substances which cannot reasonably be controlled without obliterating worldwide an entire family of plants, fungi, or amphibians.
While these plants and animals can be and are abused, they are no more dangerous than alcohol or tobacco. The real drug problems come when enterprising dealers with no conscience refine natural intoxicants, or create synthetic ones. Coca is refined into cocaine. Tobacco - addicting enough in pipe and cigar form, is made into cigarettes - far more addicting (and awful smelling to non-smokers). Wine and beer are refined into spirits and Grain Alcohol. Poppies are refined into heroine. PCP and LSD are far more dangerous than nutmeg.
So, I a not a libertarian, but I support any movement to stop the ridiculous attempts to wipe out useful plants and animals - because of some idiots trying for a Darwin award.
IMO, a sane "war on drugs" would target chem labs where the truly dangerous drugs are made or refined. At least then, the people they arrest would actually have to do something illegal - as opposed to not putting enough (toxic and environmentally bad) broad leaf killer on the lawn.
Immune response is like warfare, and our system needs to be trained. But you want your children to train against germs that aren't ultimately that dangerous - not Polio or Scarlet Fever.
My amateur theory is that vaccines can be (more likely to be) a problem when given at too young an age. They should wait until after breast feeding is tapering off at least. There is always *some* risk to a vaccine. But the risk is much smaller than that of facing a deadly microbe unprotected. There is also a risk of exceeding a child's mercury threshold if too many mercury preserved doses are given too close together. (And combining multiple vaccines in one shot helps reduce that risk.)
Chicken pox is not dangerous. I think that is a clue that the industry has crossed over into selling us stuff we don't really need. But that doesn't mean I would stop all vaccines.
I think it was funny because functional programming is already hard enough that adding the reversible requirement seems over the top. In actuality, a reversible computer can run non-reversible code just fine - it would just quickly accumulate "entropy" bits that need to be cleared. Algorithms adapted to reversibility would minimize the "entropy" generated.
Pure functional programming removes all side effects. This make memory optimization (critical to efficient multiprocessing) much easier. It also makes garbage collection easier - but that is pretty much canceled by an increase in garbage.
But beyond functional programming is thermodynamic computing. This starts with functional, but requires all operations to be reversible. Ideally, the total electrons are conserved - you can never clear a bit - just exchange bits (and of course more complex operations like add, mul, etc - but all reversible and charge conserving). Of course real hardware will still need to make up for losses, but power consumption and heat go way down.
The fascinating thing is that thermodynamic programming requires a pool of known 0 bits and known 1 bits. As the algorithm progresses, you can't just throw away results you aren't interested in - you collect the unwanted results in an entropy pool. Eventually, you run out of known bits, and need to clear some entropy bits in order to continue. This takes lots more power (like erasing a flash block). The analogy to real world entropy is striking.
And proprietary cubicles are full of dead ends also. Only the jewels see the light of day (and sometimes bombs are packaged and sold and sometimes jewels are passed over). The only difference with open source is that it is transparent. The whole world gets to see the multitude of dead ends and exploratory projects in addition to the jewels.
The drones are there for the idiot customers. (You know, like the now mythic Word Perfect support story.) When working with the same support group for a while, the drones learn to pass me on to the next tier as soon as they hear my name. Actually, "drone" is an insulting term. They are 1st tier customer support - and their job is to filter out the really stupid problems.
Actually, a CLI makes it simple for the GUI to invoke functionality. So, while it would not be fun for an end user, a CLI is a killer feature to someone that wants an easily customized GUI written in a high level scripting language. The target audience of mobile linux would have lots of such people.
Slashdot Mirror
The "secure computing" preached by MS does not protect against OS bugs, buffer overflows, or any of the myriad local or remote attacks based on software flaws. The only "security" it offers is a way to prevent end users from downloading and installing the software of their choice. I don't mean to minimize the value of this - it is an important base to cover. The "typical" Windows user sees a free screen saver and goes "Ooh! Shiny!" and installs it - thereby joining yet another botnet. When/if Linux reaches Windows marketshare, "typical" Linux users will do the same.
Of course, this turns a Windows/TPM computer into something akin to a game console. I personally don't think there is anything wrong with this - until M$ convinces the government to outlaw real computers because they are "insecure". Or more likely, convinces banks and online merchants to only do business with TPM computers.
well, in a way. The problem is that the drive makers optimized their power saving algorithms for Windows disk access patterns - as you would expect them to since it is 85% of the market. And they didn't provide knobs to twist for other OSes - including new, more efficient versions of Windows.
The irony is that Linux runs afoul of the hard drive power saving tuning because it is too efficient. The gaps between disk accesses are too long, and trigger a head unload while the OS is still active.
The best fix would be to twist a knob to adjust the inactivity timer - but that isn't available. So the simplest fix is to disable power saving on the disk - fine for laptops used as portable desktops. To keep drive power saving without unloading/loading the heads constantly, you have to configure "laptop mode", which uses memory to cache reads/collect writes so as to provide something like 30 minutes between disk accesses for typical word processing/browsing activities.
I've thought about writing a background process (in python or your favorite script language) that monitors iostat - and reads a raw sector every 9 seconds to keep the disk from thinking we are inactive. At the same time, we have our own Linux oriented inactivity timer, and stop reading the raw sectors when the system is truly inactive (other than our own reads).
I have a client who has bellsouth DSL - a business account with a static IP. The ISP owned DSL modem crapped out, and they dutifully sent a technician to replace it. Unfortunately, the new DSL modem is configured like a NAT router to block all incoming connections - and we have no access to it.
I was able to restore email and ssh service via openvpn, but it has been a month, and the client, my boss, and I have tried unsuccessfully to convince half a dozen bellsouth employees that a static IP is not much use with no incoming connections.
At this point, I've advised the client to either downgrade to dynamic IP and demand a refund for the months overpayment, or see if the cable company is any better. I just can't believe how many utterly clueless "tech" people they manage to field.
for whitespace bugs in python. If your programmers insist on using their own personal editors with their own personal tab expansion preferences - then ban tabs. All fixed. Easily automated. Use a CVS script to reject *.py with tab chars.
I have also been bitten by C bugs caused by white space. Someone with a different tab stop had entered the code incorrectly, but it looked correct in my editor (with standard unix 8 space tab stops). Never did notice the misaligned brace until running it through pretty print...
Can't evolution be controlled?
Of course it can. But then it isn't "evolution" in the religious sense that hard core atheists insist on. The official Dogma explicitly requires *undirected* chance plus natural selection as the ultimate origin of anything that appears to be designed. (Notice I said, "ultimate", nitpickers.)
I mean really, philosophical materialism is just as silly as the "the universe must have been created in 7 revolutions of a certain planet as measured 14 billion (or 6000) years into its evolution" camp. ("Evolution" in the continuous change according to a set of rules sense). Did they ever consider that our physical time was itself one the things being (allegedly) created? (Many Church Fathers did - e.g. Augustine)
There are many meanings of "evolution" in common use, so discussions always end up in equivocation with straw and torn blue jeans all over the place.
While someone knowledgeable about the system they are using (i.e. Mac/Windows Pro/BSD/Solaris/Linux distro) will have to tell them a few specifics, it is just a matter of putting in localhost or the SMTP service instead of the ISP.
If the ISP blocks port 25, it costs about $10 USD/mo to contract with someone in another country without such laws to relay mail via port 587 (the standard submission port). Use port 80 if everything else is blocked. My home ISP blocks port 25, for instance, so I have to do that (the port 587 thing). I had no trouble instructing non-technical family on configuring thunderbird to relay through my home machine. (Sharing my SMTP relay service.)
Question:
Someone already noted that GB can force you to divulge encryption keys. However, TLS generates random keys each connection, and keeps no record of them. Does that mean that TLS is illegal in GB?
Anyone except home Windows users has an MTA (or two or three in the case of Linux) included in their OS, and can run their own email. I always use TLS for SMTP. So while the recipient may archive/distribute your email, the ISP won't be able to.
they should specify a characteristic or result. Like mandating open (and archivable) file formats and or open source. Even mandating particular file formats is preferable to mandating a OS technology.
Banning incandescent bulbs was dumb. Our office had bathroom lights on a motion sensor. Good idea. Then they replaced the incandescent bulbs with compact fluorescent - but left the motion sensor. Now they have to replace the mercury laden bathroom bulbs every few months (fluorescents hate frequent power cycles).
While there is no legal reason to expect anything, a simple email notification would be cheap and common courtesy. If I didn't get a notice, my perception of the company would grow substantially more negative. I would not expect any continued access to data (other than the time provided by the notice) - because that is much more expensive and goes beyond common courtesy.
I switched from Windows 95 to RedHat 6.2 many years ago, and except for reboots to upgrade the hardware (started with 200Mhz Pentium I w/ 384M and now have Dual Core w/ 2G) or OS (now on CentOS 5.2), it has crashed only twice - due to a defective USB2.0 card which I replaced.
We run LTSP so that the single server runs the entire family, using old '90s hardware for thin clients. We simply could not afford to run Windows (or Mac).
The curious thing about the 1-click patent is that I don't know anyone that does or would even consider using the feature. I would never use the feature. Like most people, I want to see a summary of my order before the final click to satisfy myself that I *really* need/want to spend the money.
Rich people like Sam Walton would never use it either. The only people using it must those credit card wielding yuppies from teen movies with an infinite supply of someone else's money. I thought people like that only existed in movies - but apparently they are a major profit center for Amazon.
Cox charges $3/mo extra for internet only - vs internet + cable TV. I paid that extra $3/mo for several years on principle (no TV). Finally, Cox offered basic phone + internet for a substantial discount - and I took them up on the offer.
A lot of the power of botnets would be gone if critical networks actually had their own network instead of depending on the global internet. It is very popular to do the "VPN" thing and get a private network for near zero startup cost. But if the VPN is mission critical, then you should actually have your own wires or spectrum. Then if a botnet attacks, you just shut off the global internet at the firewall, and the mission critical stuff keeps going.
If RSA were not considered computationally secure, I might applaud his intent to provide "a better mousetrap".
Since 1024 bit RSA used by DNSSEC is *not* considered computationally secure, I'm sure he'll appreciate your applause.
Also, his "hack" of encoding the key in NS records actually simplifies deployment and could also be used by DNSSEC (at the expense of long DNS server names - *really* long in the case of DNSSEC).
DNSSEC is pre-signed, and can be checked by a client even if a DNS cache is compromised. (If you already have non-forged keys from the root.) But this also means you effectively publish your entire zone.
DNSCurve protects transactions, and depends on secure caches. Clients have to run their own caching nameserver if they don't trust the ISP DNS. (Pretty much the case now.) But you can also continue to use secret names in your zones.
DNSSec pre-signs all DNS records. In order to "sign" "no such record" responses, it is necessary to sign a list of records that don't exist in a zone. This effective publishes your entire zone as a side effect.
DNSCurve encrypts and authenticates the transaction, like SSL. This has the side effect of not needing to publish the entire zone. Instead of getting the public key from special DNSKEY records, DNSCurve stores it in existing NS records, encoded in the server name.
I would like to use DNSKEY records if available, otherwise use the specially encoded servername. That scheme could also gradually transition to widespread DNSKEY support, since both the encoding and DNSKEY could be used. DNSSEC could even use the encoded servername idea - but the names would be *really* long thanks to the longer RSA keys.
Our family knows two girls who blew their brains getting high on nutmeg. In the summer, our street is littered with mulberries - some of them green (hallucinogenic when consumed green). Marijuana grows on the police station lawn. But if they find it in *your* lawn, you could get arrested (or they can just swipe your car on "suspicion" of drug dealing). Teenagers in Hawaii get high (and sometimes die) licking poisonous frogs. Native Americans get high on mushrooms. Bolivians grow coca and make tea. The tiny amounts of cocaine in coca tea are harmless and actually healthful and no more addictive than caffeine.
What do all these drugs have in common? They are all natural substances which cannot reasonably be controlled without obliterating worldwide an entire family of plants, fungi, or amphibians.
While these plants and animals can be and are abused, they are no more dangerous than alcohol or tobacco. The real drug problems come when enterprising dealers with no conscience refine natural intoxicants, or create synthetic ones. Coca is refined into cocaine. Tobacco - addicting enough in pipe and cigar form, is made into cigarettes - far more addicting (and awful smelling to non-smokers). Wine and beer are refined into spirits and Grain Alcohol. Poppies are refined into heroine. PCP and LSD are far more dangerous than nutmeg.
So, I a not a libertarian, but I support any movement to stop the ridiculous attempts to wipe out useful plants and animals - because of some idiots trying for a Darwin award.
IMO, a sane "war on drugs" would target chem labs where the truly dangerous drugs are made or refined. At least then, the people they arrest would actually have to do something illegal - as opposed to not putting enough (toxic and environmentally bad) broad leaf killer on the lawn.
Immune response is like warfare, and our system needs to be trained. But you want your children to train against germs that aren't ultimately that dangerous - not Polio or Scarlet Fever.
My amateur theory is that vaccines can be (more likely to be) a problem when given at too young an age. They should wait until after breast feeding is tapering off at least. There is always *some* risk to a vaccine. But the risk is much smaller than that of facing a deadly microbe unprotected. There is also a risk of exceeding a child's mercury threshold if too many mercury preserved doses are given too close together. (And combining multiple vaccines in one shot helps reduce that risk.)
Chicken pox is not dangerous. I think that is a clue that the industry has crossed over into selling us stuff we don't really need. But that doesn't mean I would stop all vaccines.
I think it was funny because functional programming is already hard enough that adding the reversible requirement seems over the top. In actuality, a reversible computer can run non-reversible code just fine - it would just quickly accumulate "entropy" bits that need to be cleared. Algorithms adapted to reversibility would minimize the "entropy" generated.
Cutting edge, yes. But not warp drive.
http://www.cise.ufl.edu/research/revcomp/
Pure functional programming removes all side effects. This make memory optimization (critical to efficient multiprocessing) much easier. It also makes garbage collection easier - but that is pretty much canceled by an increase in garbage.
But beyond functional programming is thermodynamic computing. This starts with functional, but requires all operations to be reversible. Ideally, the total electrons are conserved - you can never clear a bit - just exchange bits (and of course more complex operations like add, mul, etc - but all reversible and charge conserving). Of course real hardware will still need to make up for losses, but power consumption and heat go way down.
The fascinating thing is that thermodynamic programming requires a pool of known 0 bits and known 1 bits. As the algorithm progresses, you can't just throw away results you aren't interested in - you collect the unwanted results in an entropy pool. Eventually, you run out of known bits, and need to clear some entropy bits in order to continue. This takes lots more power (like erasing a flash block). The analogy to real world entropy is striking.
And proprietary cubicles are full of dead ends also. Only the jewels see the light of day (and sometimes bombs are packaged and sold and sometimes jewels are passed over). The only difference with open source is that it is transparent. The whole world gets to see the multitude of dead ends and exploratory projects in addition to the jewels.
The drones are there for the idiot customers. (You know, like the now mythic Word Perfect support story.) When working with the same support group for a while, the drones learn to pass me on to the next tier as soon as they hear my name. Actually, "drone" is an insulting term. They are 1st tier customer support - and their job is to filter out the really stupid problems.
Actually, a CLI makes it simple for the GUI to invoke functionality. So, while it would not be fun for an end user, a CLI is a killer feature to someone that wants an easily customized GUI written in a high level scripting language. The target audience of mobile linux would have lots of such people.
The natural born citizen issue is actually rather complex (and should have been addressed a year ago):
http://en.wikipedia.org/wiki/Natural-born_citizen
How the US President is elected:
http://en.wikipedia.org/wiki/U.S._Electoral_College
December 5th "consideration" (private discussion of merits of the case) of citizenship issue:
http://donklephant.com/2008/11/23/supreme-court-to-review-obamas-citizenship-2/