At least give the program a somewhat descriptive name
You mean like Excel, PowerPoint, Outlook, Visio, Access, Oracle, or Winamp?
As we all know a product can only become successful if it has a clearly descriptive name like those above. I know whenever I want password and authentication software I think of access, when I want a scientific data visualization library I think of Visio, and it is clear that Winamp is software to provide fine tuning for your desktop volume controls.
Oddly however; stupidly named programs like Firefox (what on earth does that do?) seem to be doing okay.
Have you ever taken part in a GIMP renaming brainstorm session?
I'm not saying GIMP is the best name, but when you demand an obvious name that associates with the field you suddenly find lots of other people who were thinking the same thing.
If you're using Mono for GNOME/GTK development, it's actually quite stable, and much more usable than trying to write applications in old-fashioned C.
Yes, but let's be honest here: if you're writing a GTK/GNOME application you're writing a reasonably high level application and pretty much anything (Java, Python, hell even C++, bindings) would be "much more usable" than "old-fashioned C".
Please note that I am not dissing Mono. Variety is nice, and C# does provide a relatively nice language to be able to code GUI applications in. My issue is with the common implication that C# is unique in this - it isn't. Try out PyGTK for instance (particularly with libGlade).
Databases that I know of that have a transation log etc. such that sudden power outages etc. can, at worst result in the last transaction failing, but no database or table corruption:
PostgreSQL Sybase ASE Sybase IQ Oracle NCR Teradata DB2 MS SQL
I'm sure there are more. Why is everyone bringing up MS SQL server? It isn't that much less of a toy than MySQL. Sure, it does transactions, but compared to Oracle, ASE, DB2 and Teradata it is lightweight.
I was (foolishly) hoping that this thread wouldn't get dragged into a left-right debate. I was wrong.
Before resorting to foolish hopes I usually consider Fisher's Deduction:
"The more issues a person tries to artificially shoehorn down into a Liberal/Conservative dichotomy, the more certain you can be that the person is an American."
Then consider what percentage of Slashdot posters are from the US. Odds are if an article has any political aspects there will be a number of posters who feel the need to cast it into a false dichotomy. It's exactly this sort of situation that memes like Fisher's deduction were created to help alleviate. Do your part and spread the meme.
If I get the latest SUSE distro to run on my toaster oven, but have trouble getting the 5.1 audio to play out through the speakers in the dishwasher, no maintenance agreement in the world is going to get them to return my call...
Actually if the maintenance agreement doesn't have any clauses about actions that will void the warranty then yes, they will have to return your call, as much as you don't like it. You'll note, however, that most hardware warranties (which are contractual agreements) specifically state when the warranty becomes void.
Check the product specs on the side of the software box you purchased. I'll wager "WINE atop Linux" is not included as a supported OS.
You see, the difference is that the specs on the side of the box are just that, suggested requirements. They are not contractual, they are not part of the warranty. The EULA is the contractual warranty, and that says nothing about voiding the warranty by running it on anything other than MS Windows. Perhaps Microsoft could add such a clause to the EULA for Office. They'd probably get their ass kicked quite resoundingly over antitrust issues for doing that.
If you can hack around this, more power to you, but MS is under no legal or ethical obligation to support your efforts.
They don't have to help you, no. But they are not allowed to specifically hinder you in a product tieing manner.
If you buy a Ford car, have it break down, take it to the manufacturer and they say "I'm sorry, you haven't fitted Ford brand tires, we can't help you", despite there being no clause in the warranty about what type of tires must be used (maybe there was a "requires Ford brand tires" in the owners manual) you can take them to court over that. Same issue here. It is not that Microsoft is failing to go out of their way to support you, but rather that they have specifically gone out of their way to deny you support.
I am curious as to whether CrossOver Office people will manage to band together and file a class action suit. Enough users to spread the cost, and given the strength of the case...
Of course IANAL, and perhaps the case is, in fact weak. If I were a CrossOver Office user I would be busy looking into my options and asking a real lawyer exactly how string the case is though...
In other words, you've already stepped out of bounds, and you're expecting Microsoft to cater to that when they don't have to
No, he's not. Microsoft is welcome to not do anythign particularly special to support him running Office under WINE. I expect (though you'd have to get confirmation from the OP) that if the update simply didn't work because of issues with WINE not emulating things properly etc. then he wouldn't be complaining. He is complaining not because Microsoft is failing to go out of their way to support him, but because they are going out of their way to specifically exclude him from even trying to use the available support.
Would you expect Apple to provide updates for versions of OS X running under PearPC? Or a hacked iTunes running on Windows 3.1, or any other weird exotic situation you can think of that was never supported by the creators to begin with?
I think I would expect to have the same access to updates for OS X or iTunes, presuming I'd paid for them, as any other customer. I wouldn't expect Apple to do anything special if those updates failed to work with my weird hacked up configuration, but that is something different from beign told "No! You are not even allowed to see if it might work!".
I am not contractually obligated to run OS X on a Mac, nor Office on Windows. I am responsible for any problems with the way I choose to run the software that I cause. Part of my purchase, however, is a purchase of ongoing updates as they are released. Whether those updates run or not on my setup is my problem. Microsoft, or Apple, as far as I am aware is contractually obligated to provide access to released updates to anyone who purchased the product.
No offense. But it sounds like people are searching for things to dismiss this study. Um, yes, a Linux guy changed his mind after seeing the conclusions of the study. That means it's not a valid study?
Exactly. Regardless of the validity of the study the Linux community should be taking this the same way they've taken other comparisons in the past: as a spur to make the changes and improvements necessary to make Linux simply that much better than the opposition.
Right now that means, if you're a developer, you ought to be spending a little time learning about SELinux and how it works. SELinux provides a framework for security, but it is only as secure as the applications running in that framework. If the applications respect and take advantage of it, it is a huge gain, if they don't then it provides little real improvement.
One of the big security claims for Linux over Windows is user accounts. The fact is that both Windows and Linux have differing user accounts with differing permissions. On Windows, however, there are many applications that don't care about user accounts - they expect Administrator level access. On Linux non root accounts are fundamental and almost all the (user) applications understand that they can't expect to be root. That means that on Windows the user accounts and permissions, despite being implemented and available, don't provide too as much security as they do on Linux.
Right now SELinux is the same way - there's a new security framework (roles, mandatory access controls), but the applications ignore it: they fail to respect the new boundaries, or they fail to take advantage of the compartmentalization of lowest privilege systems that SELinux allows. The community needs to take the step toward embracing this new, better, security framework.
Claims like this study should be the spur to get the community to do that! Help spread awareness of the task...
Did you ever wonder why the NSA used RedHat as its base for SELinux? If Windows is so superior why didn't they use Windows as the base of their in-house secure operation system?
To be fair the NSA didn't use Windows because they didn't have ready access to the Windows source code. Nor is SELinux their secure in-house OS, rather it is a demo of how the NSA think things should be done.
Look at it this way, the NSA INFOSEC people had been working with secure OSs with Mandatory Access Controls and applications that made use of that. When they looked at the rest of the world they realised that, despite MAC etc. being openly published security architectures, no commercially available OS was actually offering such things. They grabbed Linux, because it was open source and popular, and hacked in basic MAC and rewrote some of the base utilities (ls, ssh, etc.) to understand and use that as a demonstration to the community of "Look, you can write a secure system, it really isn't that hard, see, we even got you started!".
Since then things have pushed along and we have the LSM which helps modularise the SELinux kernel changes. What we don't have is most of our applications rewritten to respect/take advantage of MAC. That's what people who want to see Linux become more secure should be working on. Compare it to the Windows Adminstrator account - in theory you don't have to run as Administrator, but in practice there are so many applications that don't respect and take advantage of different user accounts that you almost have to. Similarly for SELinux right now you are in theory more secure, but in practice there are so many applications that don't respect and take advantage of different roles (in the SELinux context) that in practice it doesn't make anywhere near as much different as it should.
If you develop software for Linux you should take the time to familiarise yourself with the architectural changes to security in SELinux and try and code accordingly.
There is no way if she had to write a paper back in her school days, about the future, that if she mentioned this, se would be told she has such a creative mind but not realistic.
Sure, but had you asked a schoolkid from 1969 to write a paper about space travel in the year 2005 and the kid managed predict it accurately he/she would have been given an F by the teacher for being completely, unreasonably, pathetically pessimistic (and possibly expelled for being a subversive communist when they write that all US orbital launch capability in 2005 was bought from Russia and Europe!)
Back then most people expected us to have a permanent moon base by now. Manned missions to Mars would have been assumed as well. Somewhere in there we seriously lost momentum.
You know, searching through every search engine and reading every website contradicts what you're posting and confirms the website I linked to.
Except that every link you've posted has been marketing material, articles based on marketing material, or articles summarising the marketing material. On the other hand Leo McGarry has been explaining (quite well as far as I am concerned) how the actual rendering model works from a developers perspective. Oddly enough, he makes a lot more sense when you stop and think how to do the graphics rendering at the level he's talking about.
Are you actually suggesting that Quartz2D is internally passing around PDFs for rendering? Do you realise how silly that sounds in comparison to what Leo McGarry is suggesting?
Let's step away from Quartz for a moment and consider Cairo the (potentially) new X rendering system. It uses an SVG rendering model. Does that mean they are passing around big XML/SVG files in memory whenever they want to draw anything? Hell no. It simply means the internal drawing model uses similar structures as SVG - instead of rendering in bitmap pixel by pixel terms it has concepts of areas, fills, etc. It is never actually rendering anything in SVG! If it wanted to output to an SVG file... well that would be easy, because the models are similar so the translation would be simple. If they want to render an SVG file that too would be easy because they can simply translate the SVG into their drawing model.
Well, my suggestion is to combine together multiple desktops with something like this, which allows you to group and control windows elegantly, and potentially in complex and useful ways. If groups could, for instance, hint to the taskbar to group their entries, and applications were capable of hinting to the WM whether to create a new group for its subwindows... well, then you'd have some very useful new window control/management tools available to you.
I think your complaints with regard to the Cylon plan are, at this stage, unfair. Up to the end o the first season we still don't really know exactly what the Cylon's motivations and intentions are. They onviously have a very complex and involved plan, but we certainly don't yet know even a fraction of it. Why did they want to kill so many humans in the first place? Even that simple question is still unclear. Of course this just leaves the writers with the quandary of how to explain all of this. I must admit I have the feeling that they don't have a grand plan either and are simply putting off the inevitable by keeping everything vague. Who knows, maybe by the end of the whole show we'll have an excellent explanation of the Cylon plot that fully explains all their actions. Then again we may have a bunch of hole ridden drivel. For now we're just horribly incomplete.
I do agree that Baltar and the Cylon testing has been just silly. That doesn't bode well for how the rest will be handled.
Jedidiah.
Re:Let me be the first to say...
on
SHA-1 Broken
·
· Score: 1
If not, can we reasonably move to H(x)=MD5(SHA-1(x))?
No, not really. For starters it doesn't really help at all, but equally significantly (for those in this thread suggesting things like MD5(SHA-1(x)+x) and such like) combining things together doesn't automatically make it more secure. In fact security can stay the same, or even be reduced by such combination/composition. There's a reason 3DES is used rather than 2DES and it isn't just because 3 is bigger than 2. 2DES wouldn't actually give you any benefit over single DES.
Cryptographic algorithms, be they encryption schemes or hash algorithms, need to be carefully contructed and (ideally) mathematically proved. Oddly enough mixing them together can actually introduce new properties that make the system easier to break.
Jedidiah.
Re:Broken, but not for everything...
on
SHA-1 Broken
·
· Score: 1
But for storing passwords, and other operations where collisions are not important, it doesn't matter much, even if there's another password that can generate the same hash, you still need to brute-force it.
No, you don't need to brute force it, and that's the point. Brute forcing means using a raw naive approach that simply tries every possibility. For SHA-1 that takes, on average, 2**80 operations to find your collision. Any method that is faster than this naieve approach is a break. The method being discussed does not simply try every combination (I have been unable to find a preprint, so I don't actually know what they are doing), but takes another approach. That approach requires only 2**69 operations. That is significantly massively faster. It is 2**11 times faster. By cryptographic standards this is a very very significant improvement.
Yes 2**69 is still a rather large number of operations, and thus SHA-1 passwords etc. are probably safe for now. A break in an algorithm is a bad sign however - improved breaks can tend to follow along behind. We'll have to wait and see how this pans out (I'm still keen to actually get a hold of the paper).
communism: 1 a : a theory advocating elimination of private property b : a system in which goods are owned in common and are available to all as needed
Open-source *is* a communist structure, and we all know how well that structure worked out in Russia.
The problem is that these definitions are based on physical property not "intellectual property". It could be argued that an open source developer has private property and full possession of his/her code. His/Her code is not communally owned. No one can take his/her code away from him/her. A person, can, however, make a copy (using their own labour and expense) of the code and use that. They then own that copy that they made. The fact that it is trivial to copy code (click on the link to make a copy of what's on the FTP site onto your local machine), and hence the labour and expense is negligible, doesn't mean private property doesn't exist.
If you have a nice car that I like, and I go away and make my own copy of that car after asking you if I can have a good look at your car (to which you agreed) - that doesn't mean that your car is comunally owned, or that you are not in complete possession of your car. You are welcome to not let me look at your car, but the act of looking hardly makes your car comunally owned. You are welcome to do what you like (take your car for a drive) anytime you like without negotiating with the community - that is an open source developer is perfectly welcome to delete/move their code off an FTP site anytime they like. They have no obligation to leave it there - it is their copy of the code, and they can do with it as they please.
The system should not only zap all control corporations have over their file formats and protocols, but shield them from shareholder lawsuits when the company freely lets others compete based on merit, not litigation-dodging fitness. I am sick of these lawsuits where some pipsqueek sues a company under such pretenses. Do you own even a percentage point of the stock? I own stock in Wal Mart, but I don't lord that over the greeters.
Well yes, but you're probably sensible. Consider the number of shareholders any large company will have, then consider the corollary to Sturgeon's law:
"In any sufficiently large collection of people 90% of them will be idiots"
Seriously. It's one of the things I like about strongly typed languages; the ability to utterly restrict input to what is supposed to be inputted.
I think you mean static typing, and besides, this is silly. I would much rather have the flexibility and ease of a dynamically typed language combined with more flexible restrictions available in Design by Contract. Instead of just checking the "type" of the data being input into a function I can have strict contractual obligations about what a function accepts as input and what it returns as output. I can even define invariant properties of objects.
A lot of vulnerablities come through allowing someone to give (for example) a chunk of code as an input.
But what if you wanted "a chunk of code" as input for certain things? With static typing all you've got is that it does indeed conform to the type you expected. With DbC you can be more specific as to the properties (like what commands the code object tries to execute) you expect. Vastly superior, and yet you cna still have all the benefits of a dynamically typed language.
Yes, yes, you can do the same thing as DbC's pre and post conditions by putting a list of assert statements at the top and bottom of the function, but when it is built into the language you are more likely to use it. Also note that object invariants are a little harder just using asserts. In the end DbC is about giving you provable code, which is a good thing.
So let's drop the pointless clinging to static typing and instead use DbC. If only the Python people would accept Contract Python in then we'd be all set!
Now if you were a serious UNIX and hardware hacker you'd have your cat feeding system work by regsitering the food dispenser as/dev/cat, have the raw byte instruction sequence required to make the dispenser operate stored in a file/food, and then, indeed, you simply add
Certainly no one knows his little brother better than he does, but he may as well use Python and GCompris instead of Perl/Tk to hack together some educational games for his little brother. Why not use some of the already developed open source material out there targetted precisely toward this sort of thing. You could put together a new simple game with GCompris in no time flat, and it already has over 60 little games (from chess to algebra games to geography to reading) bundled already.
I don't know what level you're targetting, but I haven't seen any (high modded posts) mention GCompris yet. It's simple, colourful, pleasantly interactive and has a nice wide variety of different educational games packaged up. Better yet it does a good job of building up some core libraries so that its very easy to write new games in Python very quickly. It may be targetted at a slightly lower learning level than you're looking for, but then again, it may not be. At the least it is certainly worth a look.
#2 needs solved fast. apt-get/synaptic 'do it' but have major flaws, in that it is centralized, and therefore resources are lacking (you will have some things that are 2/3 major revisions behind because noone has packaged them for the apt-get repo you have). Plus it's no good for commercial software, which like it or not is not going to vanish.
Yup, apt/Synaptic work great for the base distribution, but if you want anything n ot in the distribution you'e in trouble. Fortunately this problem was noted a while ago by some people, and solutions have been in the works for some time. Autopackage is not quite finished yet, but is API stable now, and provides a great way for application developers (including commercial developers) to create distribution neutral easy install binary packages. If you haven't seen it then it's worth a look. Expect to see support for Autopackage increase dramatically over the next year or two as more projects take it up as a packaging system.
Have a common to all distro's install tool that is very easy to use (perhaps a RPM front end).
Well Synaptic is a fairly universal install frontend for all distro based software - it runs on Debian (and all debian based distros), Fedora, SuSE, Connectiva. All you have to do is install the damn thing (it comes by default with several of those distro options). As for third party packages, try Autopackage. Yes they're still finishing things off, and yes, it's going to take developers bothering to package their software with it, but the promise it offers is, I think, enough that we can expect to see it become fairly standard over the next couple of years.
KDE vs Gnome wars: put an end to it.
Um, it is. Or are you going to say all the GNOME developers have to go and work on KDE (or vice versa)? So who says who "wins"? And who really cares if there are 2 seperate desktops if they integrate increasingly well via FD.o standards?
Slashdot Mirror
At least give the program a somewhat descriptive name
You mean like Excel, PowerPoint, Outlook, Visio, Access, Oracle, or Winamp?
As we all know a product can only become successful if it has a clearly descriptive name like those above. I know whenever I want password and authentication software I think of access, when I want a scientific data visualization library I think of Visio, and it is clear that Winamp is software to provide fine tuning for your desktop volume controls.
Oddly however; stupidly named programs like Firefox (what on earth does that do?) seem to be doing okay.
Have you ever taken part in a GIMP renaming brainstorm session?
Paint (taken)
Photoshop (taken)
Photopaint (taken)
Paintshop (taken)
ImagePaint (taken)
Imageshop (taken)
Photostudio (taken)
PaintStudio (taken)
Studiopaint (taken)
Imagestudio (taken)
PhotoImage (taken)
ImagePhoto (taken)
.
.
.
I'm not saying GIMP is the best name, but when you demand an obvious name that associates with the field you suddenly find lots of other people who were thinking the same thing.
Jedidiah.
If you're using Mono for GNOME/GTK development, it's actually quite stable, and much more usable than trying to write applications in old-fashioned C.
Yes, but let's be honest here: if you're writing a GTK/GNOME application you're writing a reasonably high level application and pretty much anything (Java, Python, hell even C++, bindings) would be "much more usable" than "old-fashioned C".
Please note that I am not dissing Mono. Variety is nice, and C# does provide a relatively nice language to be able to code GUI applications in. My issue is with the common implication that C# is unique in this - it isn't. Try out PyGTK for instance (particularly with libGlade).
Jedidiah.
There's some genius there actually. You see Microsoft can then run a campaign saying
"Linux IsNot reliable"
"Linux IsNot secure"
etc. and not run into any truth in advertising laws, as clearly Linux and reliable are not the same object.
When the FOSS community comes out to point out that by the same logic
"Microsoft IsNot trustworthy"
Microsoft can sue them into the ground for failing to license the IsNot patent.
Jedidiah.
Databases that I know of that have a transation log etc. such that sudden power outages etc. can, at worst result in the last transaction failing, but no database or table corruption:
PostgreSQL
Sybase ASE
Sybase IQ
Oracle
NCR Teradata
DB2
MS SQL
I'm sure there are more. Why is everyone bringing up MS SQL server? It isn't that much less of a toy than MySQL. Sure, it does transactions, but compared to Oracle, ASE, DB2 and Teradata it is lightweight.
Jedidiah.
I was (foolishly) hoping that this thread wouldn't get dragged into a left-right debate. I was wrong.
Before resorting to foolish hopes I usually consider Fisher's Deduction:
"The more issues a person tries to artificially shoehorn down into a Liberal/Conservative dichotomy, the more certain you can be that the person is an American."
Then consider what percentage of Slashdot posters are from the US. Odds are if an article has any political aspects there will be a number of posters who feel the need to cast it into a false dichotomy. It's exactly this sort of situation that memes like Fisher's deduction were created to help alleviate. Do your part and spread the meme.
Jedidiah.
If I get the latest SUSE distro to run on my toaster oven, but have trouble getting the 5.1 audio to play out through the speakers in the dishwasher, no maintenance agreement in the world is going to get them to return my call...
Actually if the maintenance agreement doesn't have any clauses about actions that will void the warranty then yes, they will have to return your call, as much as you don't like it. You'll note, however, that most hardware warranties (which are contractual agreements) specifically state when the warranty becomes void.
Check the product specs on the side of the software box you purchased. I'll wager "WINE atop Linux" is not included as a supported OS.
You see, the difference is that the specs on the side of the box are just that, suggested requirements. They are not contractual, they are not part of the warranty. The EULA is the contractual warranty, and that says nothing about voiding the warranty by running it on anything other than MS Windows. Perhaps Microsoft could add such a clause to the EULA for Office. They'd probably get their ass kicked quite resoundingly over antitrust issues for doing that.
If you can hack around this, more power to you, but MS is under no legal or ethical obligation to support your efforts.
They don't have to help you, no. But they are not allowed to specifically hinder you in a product tieing manner.
If you buy a Ford car, have it break down, take it to the manufacturer and they say "I'm sorry, you haven't fitted Ford brand tires, we can't help you", despite there being no clause in the warranty about what type of tires must be used (maybe there was a "requires Ford brand tires" in the owners manual) you can take them to court over that. Same issue here. It is not that Microsoft is failing to go out of their way to support you, but rather that they have specifically gone out of their way to deny you support.
Jedidiah.
I am curious as to whether CrossOver Office people will manage to band together and file a class action suit. Enough users to spread the cost, and given the strength of the case...
Of course IANAL, and perhaps the case is, in fact weak. If I were a CrossOver Office user I would be busy looking into my options and asking a real lawyer exactly how string the case is though...
Jedidiah.
In other words, you've already stepped out of bounds, and you're expecting Microsoft to cater to that when they don't have to
No, he's not. Microsoft is welcome to not do anythign particularly special to support him running Office under WINE. I expect (though you'd have to get confirmation from the OP) that if the update simply didn't work because of issues with WINE not emulating things properly etc. then he wouldn't be complaining. He is complaining not because Microsoft is failing to go out of their way to support him, but because they are going out of their way to specifically exclude him from even trying to use the available support.
Would you expect Apple to provide updates for versions of OS X running under PearPC? Or a hacked iTunes running on Windows 3.1, or any other weird exotic situation you can think of that was never supported by the creators to begin with?
I think I would expect to have the same access to updates for OS X or iTunes, presuming I'd paid for them, as any other customer. I wouldn't expect Apple to do anything special if those updates failed to work with my weird hacked up configuration, but that is something different from beign told "No! You are not even allowed to see if it might work!".
I am not contractually obligated to run OS X on a Mac, nor Office on Windows. I am responsible for any problems with the way I choose to run the software that I cause. Part of my purchase, however, is a purchase of ongoing updates as they are released. Whether those updates run or not on my setup is my problem. Microsoft, or Apple, as far as I am aware is contractually obligated to provide access to released updates to anyone who purchased the product.
Jedidiah.
No offense. But it sounds like people are searching for things to dismiss this study. Um, yes, a Linux guy changed his mind after seeing the conclusions of the study. That means it's not a valid study?
Exactly. Regardless of the validity of the study the Linux community should be taking this the same way they've taken other comparisons in the past: as a spur to make the changes and improvements necessary to make Linux simply that much better than the opposition.
Right now that means, if you're a developer, you ought to be spending a little time learning about SELinux and how it works. SELinux provides a framework for security, but it is only as secure as the applications running in that framework. If the applications respect and take advantage of it, it is a huge gain, if they don't then it provides little real improvement.
One of the big security claims for Linux over Windows is user accounts. The fact is that both Windows and Linux have differing user accounts with differing permissions. On Windows, however, there are many applications that don't care about user accounts - they expect Administrator level access. On Linux non root accounts are fundamental and almost all the (user) applications understand that they can't expect to be root. That means that on Windows the user accounts and permissions, despite being implemented and available, don't provide too as much security as they do on Linux.
Right now SELinux is the same way - there's a new security framework (roles, mandatory access controls), but the applications ignore it: they fail to respect the new boundaries, or they fail to take advantage of the compartmentalization of lowest privilege systems that SELinux allows. The community needs to take the step toward embracing this new, better, security framework.
Claims like this study should be the spur to get the community to do that! Help spread awareness of the task...
Jedidiah.
Did you ever wonder why the NSA used RedHat as its base for SELinux? If Windows is so superior why didn't they use Windows as the base of their in-house secure operation system?
To be fair the NSA didn't use Windows because they didn't have ready access to the Windows source code. Nor is SELinux their secure in-house OS, rather it is a demo of how the NSA think things should be done.
Look at it this way, the NSA INFOSEC people had been working with secure OSs with Mandatory Access Controls and applications that made use of that. When they looked at the rest of the world they realised that, despite MAC etc. being openly published security architectures, no commercially available OS was actually offering such things. They grabbed Linux, because it was open source and popular, and hacked in basic MAC and rewrote some of the base utilities (ls, ssh, etc.) to understand and use that as a demonstration to the community of "Look, you can write a secure system, it really isn't that hard, see, we even got you started!".
Since then things have pushed along and we have the LSM which helps modularise the SELinux kernel changes. What we don't have is most of our applications rewritten to respect/take advantage of MAC. That's what people who want to see Linux become more secure should be working on. Compare it to the Windows Adminstrator account - in theory you don't have to run as Administrator, but in practice there are so many applications that don't respect and take advantage of different user accounts that you almost have to. Similarly for SELinux right now you are in theory more secure, but in practice there are so many applications that don't respect and take advantage of different roles (in the SELinux context) that in practice it doesn't make anywhere near as much different as it should.
If you develop software for Linux you should take the time to familiarise yourself with the architectural changes to security in SELinux and try and code accordingly.
[/rant]
Jedidiah.
There is no way if she had to write a paper back in her school days, about the future, that if she mentioned this, se would be told she has such a creative mind but not realistic.
Sure, but had you asked a schoolkid from 1969 to write a paper about space travel in the year 2005 and the kid managed predict it accurately he/she would have been given an F by the teacher for being completely, unreasonably, pathetically pessimistic (and possibly expelled for being a subversive communist when they write that all US orbital launch capability in 2005 was bought from Russia and Europe!)
Back then most people expected us to have a permanent moon base by now. Manned missions to Mars would have been assumed as well. Somewhere in there we seriously lost momentum.
Jedidiah.
You know, searching through every search engine and reading every website contradicts what you're posting and confirms the website I linked to.
Except that every link you've posted has been marketing material, articles based on marketing material, or articles summarising the marketing material. On the other hand Leo McGarry has been explaining (quite well as far as I am concerned) how the actual rendering model works from a developers perspective. Oddly enough, he makes a lot more sense when you stop and think how to do the graphics rendering at the level he's talking about.
Are you actually suggesting that Quartz2D is internally passing around PDFs for rendering? Do you realise how silly that sounds in comparison to what Leo McGarry is suggesting?
Let's step away from Quartz for a moment and consider Cairo the (potentially) new X rendering system. It uses an SVG rendering model. Does that mean they are passing around big XML/SVG files in memory whenever they want to draw anything? Hell no. It simply means the internal drawing model uses similar structures as SVG - instead of rendering in bitmap pixel by pixel terms it has concepts of areas, fills, etc. It is never actually rendering anything in SVG! If it wanted to output to an SVG file... well that would be easy, because the models are similar so the translation would be simple. If they want to render an SVG file that too would be easy because they can simply translate the SVG into their drawing model.
But by all means, keep trolling, it is amusing.
Jedidiah.
How do you manage 15+ applications that are open?
Well, my suggestion is to combine together multiple desktops with something like this, which allows you to group and control windows elegantly, and potentially in complex and useful ways. If groups could, for instance, hint to the taskbar to group their entries, and applications were capable of hinting to the WM whether to create a new group for its subwindows... well, then you'd have some very useful new window control/management tools available to you.
Jedidiah.
Some spoiler warnings would have been good there!
I think your complaints with regard to the Cylon plan are, at this stage, unfair. Up to the end o the first season we still don't really know exactly what the Cylon's motivations and intentions are. They onviously have a very complex and involved plan, but we certainly don't yet know even a fraction of it. Why did they want to kill so many humans in the first place? Even that simple question is still unclear. Of course this just leaves the writers with the quandary of how to explain all of this. I must admit I have the feeling that they don't have a grand plan either and are simply putting off the inevitable by keeping everything vague. Who knows, maybe by the end of the whole show we'll have an excellent explanation of the Cylon plot that fully explains all their actions. Then again we may have a bunch of hole ridden drivel. For now we're just horribly incomplete.
I do agree that Baltar and the Cylon testing has been just silly. That doesn't bode well for how the rest will be handled.
Jedidiah.
If not, can we reasonably move to H(x)=MD5(SHA-1(x))?
No, not really. For starters it doesn't really help at all, but equally significantly (for those in this thread suggesting things like MD5(SHA-1(x)+x) and such like) combining things together doesn't automatically make it more secure. In fact security can stay the same, or even be reduced by such combination/composition. There's a reason 3DES is used rather than 2DES and it isn't just because 3 is bigger than 2. 2DES wouldn't actually give you any benefit over single DES.
Cryptographic algorithms, be they encryption schemes or hash algorithms, need to be carefully contructed and (ideally) mathematically proved. Oddly enough mixing them together can actually introduce new properties that make the system easier to break.
Jedidiah.
But for storing passwords, and other operations where collisions are not important, it doesn't matter much, even if there's another password that can generate the same hash, you still need to brute-force it.
No, you don't need to brute force it, and that's the point. Brute forcing means using a raw naive approach that simply tries every possibility. For SHA-1 that takes, on average, 2**80 operations to find your collision. Any method that is faster than this naieve approach is a break. The method being discussed does not simply try every combination (I have been unable to find a preprint, so I don't actually know what they are doing), but takes another approach. That approach requires only 2**69 operations. That is significantly massively faster. It is 2**11 times faster. By cryptographic standards this is a very very significant improvement.
Yes 2**69 is still a rather large number of operations, and thus SHA-1 passwords etc. are probably safe for now. A break in an algorithm is a bad sign however - improved breaks can tend to follow along behind. We'll have to wait and see how this pans out (I'm still keen to actually get a hold of the paper).
Jedidiah.
communism: 1 a : a theory advocating elimination of private property b : a system in which goods are owned in common and are available to all as needed
Open-source *is* a communist structure, and we all know how well that structure worked out in Russia.
The problem is that these definitions are based on physical property not "intellectual property". It could be argued that an open source developer has private property and full possession of his/her code. His/Her code is not communally owned. No one can take his/her code away from him/her. A person, can, however, make a copy (using their own labour and expense) of the code and use that. They then own that copy that they made. The fact that it is trivial to copy code (click on the link to make a copy of what's on the FTP site onto your local machine), and hence the labour and expense is negligible, doesn't mean private property doesn't exist.
If you have a nice car that I like, and I go away and make my own copy of that car after asking you if I can have a good look at your car (to which you agreed) - that doesn't mean that your car is comunally owned, or that you are not in complete possession of your car. You are welcome to not let me look at your car, but the act of looking hardly makes your car comunally owned. You are welcome to do what you like (take your car for a drive) anytime you like without negotiating with the community - that is an open source developer is perfectly welcome to delete/move their code off an FTP site anytime they like. They have no obligation to leave it there - it is their copy of the code, and they can do with it as they please.
Jedidiah.
The system should not only zap all control corporations have over their file formats and protocols, but shield them from shareholder lawsuits when the company freely lets others compete based on merit, not litigation-dodging fitness. I am sick of these lawsuits where some pipsqueek sues a company under such pretenses. Do you own even a percentage point of the stock? I own stock in Wal Mart, but I don't lord that over the greeters.
Well yes, but you're probably sensible. Consider the number of shareholders any large company will have, then consider the corollary to Sturgeon's law:
"In any sufficiently large collection of people 90% of them will be idiots"
The result follows easily.
Jedidiah.
Seriously. It's one of the things I like about strongly typed languages; the ability to utterly restrict input to what is supposed to be inputted.
I think you mean static typing, and besides, this is silly. I would much rather have the flexibility and ease of a dynamically typed language combined with more flexible restrictions available in Design by Contract. Instead of just checking the "type" of the data being input into a function I can have strict contractual obligations about what a function accepts as input and what it returns as output. I can even define invariant properties of objects.
A lot of vulnerablities come through allowing someone to give (for example) a chunk of code as an input.
But what if you wanted "a chunk of code" as input for certain things? With static typing all you've got is that it does indeed conform to the type you expected. With DbC you can be more specific as to the properties (like what commands the code object tries to execute) you expect. Vastly superior, and yet you cna still have all the benefits of a dynamically typed language.
Yes, yes, you can do the same thing as DbC's pre and post conditions by putting a list of assert statements at the top and bottom of the function, but when it is built into the language you are more likely to use it. Also note that object invariants are a little harder just using asserts. In the end DbC is about giving you provable code, which is a good thing.
So let's drop the pointless clinging to static typing and instead use DbC. If only the Python people would accept Contract Python in then we'd be all set!
Jedidiah.
I tried that, but apparently I have Speedy Gonzales attached to my machine and the cat is struggling:
/dev/mouse
/dev/mouse: permission denied
bash$ cat
cat:
If the cat has to get permission from the mouse, there are always going to be problems.
Jedidiah.
cat food > /dev/cat
/dev/cat, have the raw byte instruction sequence required to make the dispenser operate stored in a file /food, and then, indeed, you simply add
/food > /dev/cat
Now if you were a serious UNIX and hardware hacker you'd have your cat feeding system work by regsitering the food dispenser as
30 9,18 * * * cat
to your crontab.
Jedidiah.
Certainly no one knows his little brother better than he does, but he may as well use Python and GCompris instead of Perl/Tk to hack together some educational games for his little brother. Why not use some of the already developed open source material out there targetted precisely toward this sort of thing. You could put together a new simple game with GCompris in no time flat, and it already has over 60 little games (from chess to algebra games to geography to reading) bundled already.
Jedidiah.
I don't know what level you're targetting, but I haven't seen any (high modded posts) mention GCompris yet. It's simple, colourful, pleasantly interactive and has a nice wide variety of different educational games packaged up. Better yet it does a good job of building up some core libraries so that its very easy to write new games in Python very quickly. It may be targetted at a slightly lower learning level than you're looking for, but then again, it may not be. At the least it is certainly worth a look.
Jedidiah.
#2 needs solved fast. apt-get/synaptic 'do it' but have major flaws, in that it is centralized, and therefore resources are lacking (you will have some things that are 2/3 major revisions behind because noone has packaged them for the apt-get repo you have). Plus it's no good for commercial software, which like it or not is not going to vanish.
Yup, apt/Synaptic work great for the base distribution, but if you want anything n ot in the distribution you'e in trouble. Fortunately this problem was noted a while ago by some people, and solutions have been in the works for some time. Autopackage is not quite finished yet, but is API stable now, and provides a great way for application developers (including commercial developers) to create distribution neutral easy install binary packages. If you haven't seen it then it's worth a look. Expect to see support for Autopackage increase dramatically over the next year or two as more projects take it up as a packaging system.
Jedidiah.
Have a common to all distro's install tool that is very easy to use (perhaps a RPM front end).
Well Synaptic is a fairly universal install frontend for all distro based software - it runs on Debian (and all debian based distros), Fedora, SuSE, Connectiva. All you have to do is install the damn thing (it comes by default with several of those distro options). As for third party packages, try Autopackage. Yes they're still finishing things off, and yes, it's going to take developers bothering to package their software with it, but the promise it offers is, I think, enough that we can expect to see it become fairly standard over the next couple of years.
KDE vs Gnome wars: put an end to it.
Um, it is. Or are you going to say all the GNOME developers have to go and work on KDE (or vice versa)? So who says who "wins"? And who really cares if there are 2 seperate desktops if they integrate increasingly well via FD.o standards?
Jedidiah