How about the global part of the in-memory web application config:
* Part of the salt that is global (the same for all passwords)
* A XOR value to apply to the per-userId part of the salt
* A symmetric key (for encrypting the data in the DB column)
Were all loaded at runtime when the application starts and held in memory only. This information would be loaded at runtime using bi-directional SSL certificate authentication with locked down IP addresses of a remote system holding this data. (the same principal can be applied to securing armoured private key parts of your regular SSL certificates allowing a sites https:/// to function)
The symmetric key is used to actually encrypt the data that is stored in SQL (so the salted hashes are stored in the DB encrypted using a symmetric key that the non-SQL server has present only in memory). This is to help thwart column/file/backup content reads from the SQL system should that occur via any compromised mechanism.
Your SQL server is then locked down so it will never allow a SELECT of the column and access is only possible via store procedure(s) which allows access one-at-a-time (as you suggest) but in order for the stored procedue to allow read back of the encrypted. Access to run the stored proc is restricted to this different SQL login account whose only function is to serve high-security parts.
Your SQL connection used for authentication and high-security parts of your web-app itself is SSL/TLS encrypted and the DB server mandates its use with a valid client certificate in order to allow access to the stored procedures. Alternatively another mechism is required for the SQL server to authenticate the client to allow read-back maybe some value also derived from knowing the correct password but extreme consideration over what is sent over the write needs to be made, better to just assure SSL/TLS is used for SQL connection.
The password hash itself would use PBKDF2 the only reasonable choice surely.
Add into this that your web server uses signed code (like signed Java bytecode) and a VM based language to help avoid buffer exploits of the webserver/application code itself.
That must further restict quite a few attack vectors and the main (expensive) hosting setup can be a regular 2 host setup. Maybe the 3rd system in the mix would be an enterprise grade raspberry-pi that provides this service and console access only.
Then maybe in a future point in time what is being spoken actually affects me. Then I may choose to defend or attack it.
There is no point in expending unnecessary effort in defending or attacking a speech that does not affect anything. Call this the preservation of energy if you will.
But a developer is a user and a user is a developer. There is no legal barrier to changing your role.
Ah you are still thinking along the lines of BSD, where the it is possible to have a situation that a user can never become a developer because the source code is witheld.
Freedom is also marked by the ability to change hats and wear multiple hats at once through my own choice and will. If you are denying me of any of my choices then that option must have less freedom by definition, since you are maintaining a class separation between you and me.
With OpenVPN permutate the data with a random IV and CBC XOR derived from a secret key you agree with website (via an independant channel). This will remove markers easily identifiable from the observable stream during the connection/handshake process before payload data is conveyed.
Put an agreed about of fixed or variable length random data on the front of the TCP connection data (just after connect) send in random chunk sizes with random time delays, if using variable length random data this can be encoded in a bit pattern that acts as a premable to indicate the start of the real data. Think like layer 1 signal encoding where it is possible to recover data delimeters ouot of essentially white noise and maintain a 50/50 random zero-bit to one-bit dispersion in the data regardless of what the plaintext data is. Do this in both directions (random length variable data).
So does random data survive the DPI ? or does it detect the protocol from well-known constructs the decide to block ?
Yes lets have "click to play" for all plugins that would be great. A user definable option plugin-by-plugin.
Also when there is 1 or more items in a web page that require click to play lets also have an user preference option for a drop-down bar to appear (the bar that sometimes appears due to popup blocking and file downloading at the top of the main web-page area).
This feature would be a great addition to Firefox and would show no discrimation towards Java in particular, then I could disable Flash by default as well!
If your new body of work is a derivative of library L then both P and L can demand the source (from the moment you distribute it to another party), but practically L may never know your derivative existed if the matter is kept private.
If your new body of work is not a derivative of library L then the terms of your new body of work is a private matter between you and P under any terms you choose. Look at it another way you could distribute just your body of work and have P reconstruct the whole by indepenantly downloading library L. Just for good measure you could implement a crappy implementation of L to help prove your new body of work is not a derivative since it can be substituted out for another implementation. But when you come to putting application A into operation you would always use the GPL version of library L as its is considered better performing.
If you distribute a modified version of library L then both P and L can demand the source. Since this is a derivative of L and the terms of being able to redistribute it at all dictate this clause. You main own the Copyright on some parts of the code base (you added/changed) but you have additional obligations to forfill under Copyleft from the first moment you redistribute your derivative.
But you are right if everyone looked at their top end products at least Airbus have one you can actually buy. 827 orders for something for which 0 have been delivered isn't worth anything, I bet over 95% of those contract are voidable purely due to the delays in achieving delivery milestones.
To go back to the original posers point the current new orders on products lines that can be delivered is a better indicator or which organisation is doing better. The future looks sweet for Airbus.
Great just as DNSSEC is is viable. Try intercepting DNS traffic to modify it then.
I don't believe the ISPs concerned have any interest in implementing the policy, it is entirely a monetry loss to them, so they are just seeking to tick off the legal compliance box with a fair interpretation of the law.
Ha ha.... the point of targeting Java language version 1.4 is for maximum compatibilty, specially when a library does not use or require any 1.5/1.6 or 1.7 features.
It is not like this library does not work on newer JVM versions. It is not like this library runs slower on newer JVM versions.
J2SE standards of those newer runtimes might very well have implemented some of the collections functionality/features that Apache Collectiosn provides.
So I think it is you who misunderstand the reasons why a library might still be compiled and target older JVM runtimes. Are you tell slashdot that you would never use this library because it targets 1.4 ? Ha ha.. you must be stupid.
By nature a collections library is more about computer sciences algorityms, as such a core libary which many things can use and in some way features and functionality that might well have been a useful edition to the J2SE and java.* namespace. However hindsight is a wonderful thing and only so many man hours were available back then to create the work back then.
Wayland is not here to replace X (for X11 applications). Please research it!
Think of Wayland as like to final abstraction of arbitration of the display, such that multiple users of the display can use it at the same time in co-ordination. The X servers (XFree86/X.org) were never really based around that thought. X11 protocol is just one suite and method of accessing a framebuffer but designed around 1980s technology and requirements. It has served us well but time for something better.
Even I (a long standing Unix user) admit that building an API for drawing to a frame buffer around serialization and a ping-ping stalling queue is a bad idea. This is the problem with X11, sure plenty of band-aid has been applied with extensions but its time to make application transparent networking an optional module.
Yes network transparency this is a great feature, but not at the cost of not being able to keep up with the performance benefits available to us by making the applications have closer access to the GPU. Both the parallel processing capability of a commodity GPU and the memory bandwidth of a modern computer deserve to allow applications to all simulteneously draw into their bit of the 1Gb RAM in my video card to prepare their part of the desktop scene.
For many purposes RDP/VNC like network transpency is what many actually need on the practical side.
However network transparency of client<>server applications is also very useful to some. Network transparency is something that should be bolted on top of it, not underlying it. The networking protocol to replace X11 should be bi-directional pipelined with multiple outstanding requests, it should allow for graphic objects to be created (like GCs) without the needs for a round-trip to the server to learn of the server assigned unique id number for it, so you can then re-use that id in another command. It should be a given that the server will let you have it and you should begin sending your configure GC and use GC instructions piplined behind it right away(without having to wait for a server response). A problem with X11 is the ping-pong stalling of the network pipeline this now a fundimental design flaw IMHO and the reason for the high-context switching rate, although never to be a problem in future due to multi-core CPU developments.
If anything Wayland will help someone develop that replacement as a display inside a display.
I think of Wayland as a way to bring threading to Unix GUIs. No longer do they all shoe-horn their data through a single monolithic process via a long straw. Now Linux can think about providing near direct access to hardware accelerated drawing primitives all arbitrated by the kernel and a display/window manager process.
You might try and cite all those fancy optional X server extensions as methods but they are all band aids over a network transparency premise which most people actually don't care a hoot about anymore. Stop living in the 1980s.
But Apache has (recently) been re-elected into the Java Community Process (JCP), along with Red Hat over the past weeks. The Oracle friendly candidate was rejected by the JCP. This issue was always due to play out in the JCP as actions to inhibit that process have been taken in the past.
So what may happen is the JCP process as we know it now might break down, where Oracle will not be allowed to act or make decisions due to democracy and getting out-voted by proposals from other JCP members. So what will Oracle do then, declare the JCP process void because no one will pass them the ball ? This only continues to segregate and divide Oracle from the rest of the pack.
If the JCP process breaks down, won't that be bad for Oracle stock price ? A few careless whispers from a dark corner when in that predicament, about the next big thing and how big-business will address compatibility with the language formally going by the name Java and suddenly the elected group have the backing of the public to start a revolution and dethrone the King. Its the stock price (or lack of it) that counts!
Re: Ballmer's recent announcement of sale of 1.2 Billion in stock
Maybe he just sees the US markets and the Dow Jones is still due for a large correction (in the coming years) and that he does not think he will himself still be in the driving seat by the time global economies pick up again. I do not see this is 'trouble at Microsoft' just a wealthy man protecting his wealth through diversification.
After all the US is now leading the race to the bottom with the printing press (Re: QE2), if I were Balmer I too would want to be moving my wealth out of the USA, since everything is about be become more expensive there (this is the side effect of cranking that printing press, the world won't let you escape what is owed, raw materials/assets will be become more expensive to soak up that money, which in turn diminishes your ability to export your way out of the hole).
Huh.... the oil leaking into the gulf was not being collected into the supply chain. However the suspension of all deep sea drilling that is being injected into the supply chain might change the price.... BUT.... we're in a global recession, recession means lower demand and with the correct planning at organisations such as OPEC the well head pumping rate and pricing is adjusted to suit their requirements (i.e. there are plenty of providers to pick up the slack and keep the refinery filled due to deep sea drilling suspension).
I believe the main problem with oil in the world is lack of refinery capacity and unwillingness to invest the mega money into this area since a return is viable over the long term but the long term outlook for the particular type of oil that would be refined in such a facility is a decline in production. Which means the return on investment may not be possible at current oil prices.
The jury is still out on if Red Hat is switching to KVM. Lets get the thing released with RHEL 6 first, then lets get Enterprise support, then lets see if it cuts the mustard. Of course I welcome the R&D effort into the project but it is still unclear by collective agreement that it is a _replacement_ for Xen. This will still take a few years to achieve after the release of RHEL with Enterprise KVM support as users become confident enough to replace Xen installations with it to gain the advantages they are looking for.
Xen is also on its own course to improve public relations after a period of stagnation (and possibly alienation) by not innovating enough.
Google's Java-like VM and the majority of the Android plattform is open source. That is contributed back to humanity. Even the rumours about lack of Kernel developments being thrown back are not really a bad problem, the code is out there for the community to look at, clean up, and push into mainline itself. Be thankful that Google took the time to write the code in the first place. It is not as-if the Android platform is mature yet and the amount of new hardware arriving on the scene each year adds to the fact that some of the drivers used in todays handsets could well be out of date by the time you replace it in 2 years time, out of date as in no one makes anything using them anymore.
Google often represents itself in the Java Community Process for the real Java(tm). Google make heavy use of real Java(tm) across their various public and private project. They (and their employees) provide a great many resources online from projects/code to documentation to videos on for new stuff that their R&D dreams up.
So to say Google is not contributing to the core Java platform show ignorance.
Cores that are not in use do not carry an overhead into the performance of those cores that are in use. Core management has no overhead if those cores are idle and put to sleep. Sure you can design your OS if you choose to where it does redundant work managing an idle core. But I don't know of any OS that does this.
It is naive to think that adding cores decreases measured output performance due to additional overhead in hardwre, you can't compare hardware to software. Since hardware unlike software will always solve the problem by using parallel logic steps at the cost of a few more gates, so when they added the cores they also added logic to make all the functions work in that design with the same (usually better) performance.
Hardware logic solutions of large chips inherently solve their problems in parallel. This is why such things as full disk encryption in hardware in a hard disk controller board are entirely possible with zero measureable difference in bulk IO throughout (200Mb/sec), sure you might get 0.01% loss in command/response latency when its enabled due to the delay line / pipeline effect. But throughput performance doesn't have to drop, the question is will the vendor spend enough money improving the logic to achieve those goals, the cost of a gate to fabricate is cheap; the cost of an engineer to design/test the logic is expensive.
I agree with the cache and memory bus utilization and preasure for multiple core, but again this is only relevant to cores that are not idle. The underlying premice of your statements is that idle cores cost performance. This is Rubbish.
Having the OS for example perform IO and interupt handling on another core while the main application/process is running will always be a performance win, now the IO overhead of the application went negative, since the core the application is running on is no longer also having to manage disk IO requests itself.
.... Certificate is revoked, OS refuses to recognize driver, security hole is closed.
Or am I missing something?
Does it ? How ?
A slashdot poster already said the OS doesn't actively ensure the certificate trust chain is as uptodate as possible before every driver install. To be as uptodate as possible it must download and update in realtime revocation lists. Otherwise how is it going to know that this key used to be a good citizen and now he is a baddie ?
I presume the password you talk of with the bank relates to the password that protects the private key. There is no such thing as a signed/unsigned private key, since it is the public key part that gets signed (and only that part).
The key signer (VeriSign) is not required to know the password of the private key, nor are they required to know the the private key. All they require is the unsigned public key (which does not need to be protected in any way, since every bit of it will be made public on your SSL port shortly anyway).
The only thing you would check when the signed public key comes back from the key signer is that the two halves match and relate and that the your key that came back is identical to the one you sent them. They just added some extra data to it but all your original data is still in there.
You then only need the private key password to unlock it so that the SSL endpoints (as in software) running on your port 443 to provide HTTPS service will work with the keypair.
Also given the above process, is not not necessary to go via the whole process every year to renew/extend the certificate expiry, you just resend (or have them reuse) the same unsigned public key part as the basis of the signing request. The signing process stamps in a new serial number and new start/end dates for expiry purposes. This presumes there has not been any compromise to the information for the whole time, however being a bank rotating a new private key and new private key password every year would be a good thing to do. This will ensure that old security information does become worthless over time.
The Retail edition of Windows 7 comes with both 32bit and 64bit licenses. Only one installed copy though.
This maybe part of the reason there is more proliferation of 64bit because some people can go back to 32bit if they wanted. There was no purchase choice to make.
The result of being found doing something against the law must have a punishment which negates the additional profit created from the crime.
Also I agree the possible imprisonment (or better) possible brancrupcy (then shareholders loose which are really pulling the strings).
Possible ways to deal with these matters are to make the fine the financial amount that not only includes the additional profit created (or some estimation of it) but also the entire costs of bringing the matter to trial (this would include costs that would not otherwise be included). Like investigation costs pre-trial.
Another factor is to randomly pick on one company (within the consortium) to be forced to pay the majorty of the overall fine (this is the risk of going into bankcrupcy aspect. by making an example of them) and Im sure there is some kind of "Game Theory" to this measure. In that it will forever more create a division between/across those that previously consorted since someone got out lightly, someone got out heavily which will further disrupt the possibility of doing it again. Possible counter measures to this (if it would cause bankrupcy) would be allowing the state to take significant shareholder % in the corporation, so that they had access to fine repayments through future profits, had access to future board level decisions. Being able to pay the fine over time also means there would be an amount of interest and additional costs thrown in but ultimately that company would not go into bancrupcy (a win for shareholders!). Or course this is somewhat difficult cross-international-borders.
And there lies the problems. The telco regulators should force telecoms companies to offer premium service limitations at customer request, i.e. a customer SHOULD be able to phone up and request a maximum limit say of £40 per month to premium services (voice calls and SMS) if a mobile subscriber goes upto their limit within the month then the network contact them by SMS and even a customer services outbound call to advise the customer of the situation. Some customers might want to have the limit lifted so the hoop jumping can begin (with credit checks / payment etc).
But as far as I know no mobile operator in the UK will provide such a service to contract customers (even though its technically possible, since PAYG exists!).
I could go on and say the same for banks, banks don't seem to have a concept of reject any transaction that takes you over your hard credit limit, it costs next to nothing to attempt to process a transaction and then decline it (look to the credit card industry for that). But they couldn't make money charing you overlimit charges and the interest on top. Rip off Britain!
Slashdot Mirror
How about the global part of the in-memory web application config:
* Part of the salt that is global (the same for all passwords)
* A XOR value to apply to the per-userId part of the salt
* A symmetric key (for encrypting the data in the DB column)
Were all loaded at runtime when the application starts and held in memory only. This information would be loaded at runtime using bi-directional SSL certificate authentication with locked down IP addresses of a remote system holding this data. (the same principal can be applied to securing armoured private key parts of your regular SSL certificates allowing a sites https:/// to function)
The symmetric key is used to actually encrypt the data that is stored in SQL (so the salted hashes are stored in the DB encrypted using a symmetric key that the non-SQL server has present only in memory). This is to help thwart column/file/backup content reads from the SQL system should that occur via any compromised mechanism.
Your SQL server is then locked down so it will never allow a SELECT of the column and access is only possible via store procedure(s) which allows access one-at-a-time (as you suggest) but in order for the stored procedue to allow read back of the encrypted. Access to run the stored proc is restricted to this different SQL login account whose only function is to serve high-security parts.
Your SQL connection used for authentication and high-security parts of your web-app itself is SSL/TLS encrypted and the DB server mandates its use with a valid client certificate in order to allow access to the stored procedures. Alternatively another mechism is required for the SQL server to authenticate the client to allow read-back maybe some value also derived from knowing the correct password but extreme consideration over what is sent over the write needs to be made, better to just assure SSL/TLS is used for SQL connection.
The password hash itself would use PBKDF2 the only reasonable choice surely.
Add into this that your web server uses signed code (like signed Java bytecode) and a VM based language to help avoid buffer exploits of the webserver/application code itself.
That must further restict quite a few attack vectors and the main (expensive) hosting setup can be a regular 2 host setup. Maybe the 3rd system in the mix would be an enterprise grade raspberry-pi that provides this service and console access only.
Not in age of Websockets RFC6455 ]:->
ermm.. yes this is how the world works.
Stuff I don't agree with I can choose to ignore.
Then maybe in a future point in time what is being spoken actually affects me. Then I may choose to defend or attack it.
There is no point in expending unnecessary effort in defending or attacking a speech that does not affect anything. Call this the preservation of energy if you will.
Yes but I can pick my MAC address with the wifi device and so I can keep changing it.
But a developer is a user and a user is a developer. There is no legal barrier to changing your role.
Ah you are still thinking along the lines of BSD, where the it is possible to have a situation that a user can never become a developer because the source code is witheld.
Freedom is also marked by the ability to change hats and wear multiple hats at once through my own choice and will. If you are denying me of any of my choices then that option must have less freedom by definition, since you are maintaining a class separation between you and me.
With OpenVPN permutate the data with a random IV and CBC XOR derived from a secret key you agree with website (via an independant channel). This will remove markers easily identifiable from the observable stream during the connection/handshake process before payload data is conveyed.
Put an agreed about of fixed or variable length random data on the front of the TCP connection data (just after connect) send in random chunk sizes with random time delays, if using variable length random data this can be encoded in a bit pattern that acts as a premable to indicate the start of the real data. Think like layer 1 signal encoding where it is possible to recover data delimeters ouot of essentially white noise and maintain a 50/50 random zero-bit to one-bit dispersion in the data regardless of what the plaintext data is. Do this in both directions (random length variable data).
So does random data survive the DPI ? or does it detect the protocol from well-known constructs the decide to block ?
Yeah but, forgetting to run it results in a chronic failure at the next reboot (which could be a month away).
Yes lets have "click to play" for all plugins that would be great. A user definable option plugin-by-plugin.
Also when there is 1 or more items in a web page that require click to play lets also have an user preference option for a drop-down bar to appear (the bar that sometimes appears due to popup blocking and file downloading at the top of the main web-page area).
This feature would be a great addition to Firefox and would show no discrimation towards Java in particular, then I could disable Flash by default as well!
Is it possible the detector moved 18 metres in the time the experiment took ?
Due to earths rotation / travel around run / travel through space. How does general relativity play into this?
How about they reverse the experiment, swap the source end and the detector end of the long tube and repeat.
If your new body of work is a derivative of library L then both P and L can demand the source (from the moment you distribute it to another party), but practically L may never know your derivative existed if the matter is kept private.
If your new body of work is not a derivative of library L then the terms of your new body of work is a private matter between you and P under any terms you choose. Look at it another way you could distribute just your body of work and have P reconstruct the whole by indepenantly downloading library L. Just for good measure you could implement a crappy implementation of L to help prove your new body of work is not a derivative since it can be substituted out for another implementation. But when you come to putting application A into operation you would always use the GPL version of library L as its is considered better performing.
If you distribute a modified version of library L then both P and L can demand the source. Since this is a derivative of L and the terms of being able to redistribute it at all dictate this clause. You main own the Copyright on some parts of the code base (you added/changed) but you have additional obligations to forfill under Copyleft from the first moment you redistribute your derivative.
What a load of bollox.
http://www.telegraph.co.uk/finance/newsbysector/industry/defence/8585437/Airbus-pulls-Grizzly-out-of-Paris-Air-Show.html
http://event.airbus.com/airshows/bourget2011/news/news-detail/article/airbus-with-new-order-record-at-paris-air-show-2011.html
http://www.msnbc.msn.com/id/43515274/ns/business-us_business/t/airbus-soars-over-boeing-saleswise-air-show/
But you are right if everyone looked at their top end products at least Airbus have one you can actually buy. 827 orders for something for which 0 have been delivered isn't worth anything, I bet over 95% of those contract are voidable purely due to the delays in achieving delivery milestones.
To go back to the original posers point the current new orders on products lines that can be delivered is a better indicator or which organisation is doing better. The future looks sweet for Airbus.
Great just as DNSSEC is is viable. Try intercepting DNS traffic to modify it then.
I don't believe the ISPs concerned have any interest in implementing the policy, it is entirely a monetry loss to them, so they are just seeking to tick off the legal compliance box with a fair interpretation of the law.
Ha ha.... the point of targeting Java language version 1.4 is for maximum compatibilty, specially when a library does not use or require any 1.5/1.6 or 1.7 features.
It is not like this library does not work on newer JVM versions. It is not like this library runs slower on newer JVM versions.
J2SE standards of those newer runtimes might very well have implemented some of the collections functionality/features that Apache Collectiosn provides.
So I think it is you who misunderstand the reasons why a library might still be compiled and target older JVM runtimes. Are you tell slashdot that you would never use this library because it targets 1.4 ? Ha ha.. you must be stupid.
By nature a collections library is more about computer sciences algorityms, as such a core libary which many things can use and in some way features and functionality that might well have been a useful edition to the J2SE and java.* namespace. However hindsight is a wonderful thing and only so many man hours were available back then to create the work back then.
Wayland is not here to replace X (for X11 applications). Please research it!
Think of Wayland as like to final abstraction of arbitration of the display, such that multiple users of the display can use it at the same time in co-ordination. The X servers (XFree86/X.org) were never really based around that thought. X11 protocol is just one suite and method of accessing a framebuffer but designed around 1980s technology and requirements. It has served us well but time for something better.
Even I (a long standing Unix user) admit that building an API for drawing to a frame buffer around serialization and a ping-ping stalling queue is a bad idea. This is the problem with X11, sure plenty of band-aid has been applied with extensions but its time to make application transparent networking an optional module.
Yes network transparency this is a great feature, but not at the cost of not being able to keep up with the performance benefits available to us by making the applications have closer access to the GPU. Both the parallel processing capability of a commodity GPU and the memory bandwidth of a modern computer deserve to allow applications to all simulteneously draw into their bit of the 1Gb RAM in my video card to prepare their part of the desktop scene.
For many purposes RDP/VNC like network transpency is what many actually need on the practical side.
However network transparency of client<>server applications is also very useful to some. Network transparency is something that should be bolted on top of it, not underlying it. The networking protocol to replace X11 should be bi-directional pipelined with multiple outstanding requests, it should allow for graphic objects to be created (like GCs) without the needs for a round-trip to the server to learn of the server assigned unique id number for it, so you can then re-use that id in another command. It should be a given that the server will let you have it and you should begin sending your configure GC and use GC instructions piplined behind it right away(without having to wait for a server response). A problem with X11 is the ping-pong stalling of the network pipeline this now a fundimental design flaw IMHO and the reason for the high-context switching rate, although never to be a problem in future due to multi-core CPU developments.
If anything Wayland will help someone develop that replacement as a display inside a display.
I think of Wayland as a way to bring threading to Unix GUIs. No longer do they all shoe-horn their data through a single monolithic process via a long straw. Now Linux can think about providing near direct access to hardware accelerated drawing primitives all arbitrated by the kernel and a display/window manager process.
You might try and cite all those fancy optional X server extensions as methods but they are all band aids over a network transparency premise which most people actually don't care a hoot about anymore. Stop living in the 1980s.
But Apache has (recently) been re-elected into the Java Community Process (JCP), along with Red Hat over the past weeks. The Oracle friendly candidate was rejected by the JCP. This issue was always due to play out in the JCP as actions to inhibit that process have been taken in the past.
So what may happen is the JCP process as we know it now might break down, where Oracle will not be allowed to act or make decisions due to democracy and getting out-voted by proposals from other JCP members. So what will Oracle do then, declare the JCP process void because no one will pass them the ball ? This only continues to segregate and divide Oracle from the rest of the pack.
If the JCP process breaks down, won't that be bad for Oracle stock price ? A few careless whispers from a dark corner when in that predicament, about the next big thing and how big-business will address compatibility with the language formally going by the name Java and suddenly the elected group have the backing of the public to start a revolution and dethrone the King. Its the stock price (or lack of it) that counts!
Re: Ballmer's recent announcement of sale of 1.2 Billion in stock
Maybe he just sees the US markets and the Dow Jones is still due for a large correction (in the coming years) and that he does not think he will himself still be in the driving seat by the time global economies pick up again. I do not see this is 'trouble at Microsoft' just a wealthy man protecting his wealth through diversification.
After all the US is now leading the race to the bottom with the printing press (Re: QE2), if I were Balmer I too would want to be moving my wealth out of the USA, since everything is about be become more expensive there (this is the side effect of cranking that printing press, the world won't let you escape what is owed, raw materials/assets will be become more expensive to soak up that money, which in turn diminishes your ability to export your way out of the hole).
Huh.... the oil leaking into the gulf was not being collected into the supply chain. However the suspension of all deep sea drilling that is being injected into the supply chain might change the price.... BUT.... we're in a global recession, recession means lower demand and with the correct planning at organisations such as OPEC the well head pumping rate and pricing is adjusted to suit their requirements (i.e. there are plenty of providers to pick up the slack and keep the refinery filled due to deep sea drilling suspension).
I believe the main problem with oil in the world is lack of refinery capacity and unwillingness to invest the mega money into this area since a return is viable over the long term but the long term outlook for the particular type of oil that would be refined in such a facility is a decline in production. Which means the return on investment may not be possible at current oil prices.
The jury is still out on if Red Hat is switching to KVM. Lets get the thing released with RHEL 6 first, then lets get Enterprise support, then lets see if it cuts the mustard. Of course I welcome the R&D effort into the project but it is still unclear by collective agreement that it is a _replacement_ for Xen. This will still take a few years to achieve after the release of RHEL with Enterprise KVM support as users become confident enough to replace Xen installations with it to gain the advantages they are looking for.
Xen is also on its own course to improve public relations after a period of stagnation (and possibly alienation) by not innovating enough.
What a load of hogwash.
Google's Java-like VM and the majority of the Android plattform is open source. That is contributed back to humanity. Even the rumours about lack of Kernel developments being thrown back are not really a bad problem, the code is out there for the community to look at, clean up, and push into mainline itself. Be thankful that Google took the time to write the code in the first place. It is not as-if the Android platform is mature yet and the amount of new hardware arriving on the scene each year adds to the fact that some of the drivers used in todays handsets could well be out of date by the time you replace it in 2 years time, out of date as in no one makes anything using them anymore.
Google often represents itself in the Java Community Process for the real Java(tm). Google make heavy use of real Java(tm) across their various public and private project. They (and their employees) provide a great many resources online from projects/code to documentation to videos on for new stuff that their R&D dreams up.
So to say Google is not contributing to the core Java platform show ignorance.
Rubbish.
Cores that are not in use do not carry an overhead into the performance of those cores that are in use. Core management has no overhead if those cores are idle and put to sleep. Sure you can design your OS if you choose to where it does redundant work managing an idle core. But I don't know of any OS that does this.
It is naive to think that adding cores decreases measured output performance due to additional overhead in hardwre, you can't compare hardware to software. Since hardware unlike software will always solve the problem by using parallel logic steps at the cost of a few more gates, so when they added the cores they also added logic to make all the functions work in that design with the same (usually better) performance.
Hardware logic solutions of large chips inherently solve their problems in parallel. This is why such things as full disk encryption in hardware in a hard disk controller board are entirely possible with zero measureable difference in bulk IO throughout (200Mb/sec), sure you might get 0.01% loss in command/response latency when its enabled due to the delay line / pipeline effect. But throughput performance doesn't have to drop, the question is will the vendor spend enough money improving the logic to achieve those goals, the cost of a gate to fabricate is cheap; the cost of an engineer to design/test the logic is expensive.
I agree with the cache and memory bus utilization and preasure for multiple core, but again this is only relevant to cores that are not idle. The underlying premice of your statements is that idle cores cost performance. This is Rubbish.
Having the OS for example perform IO and interupt handling on another core while the main application/process is running will always be a performance win, now the IO overhead of the application went negative, since the core the application is running on is no longer also having to manage disk IO requests itself.
.... Certificate is revoked, OS refuses to recognize driver, security hole is closed.
Or am I missing something?
Does it ? How ?
A slashdot poster already said the OS doesn't actively ensure the certificate trust chain is as uptodate as possible before every driver install. To be as uptodate as possible it must download and update in realtime revocation lists. Otherwise how is it going to know that this key used to be a good citizen and now he is a baddie ?
I presume the password you talk of with the bank relates to the password that protects the private key. There is no such thing as a signed/unsigned private key, since it is the public key part that gets signed (and only that part).
The key signer (VeriSign) is not required to know the password of the private key, nor are they required to know the the private key. All they require is the unsigned public key (which does not need to be protected in any way, since every bit of it will be made public on your SSL port shortly anyway).
The only thing you would check when the signed public key comes back from the key signer is that the two halves match and relate and that the your key that came back is identical to the one you sent them. They just added some extra data to it but all your original data is still in there.
You then only need the private key password to unlock it so that the SSL endpoints (as in software) running on your port 443 to provide HTTPS service will work with the keypair.
Also given the above process, is not not necessary to go via the whole process every year to renew/extend the certificate expiry, you just resend (or have them reuse) the same unsigned public key part as the basis of the signing request. The signing process stamps in a new serial number and new start/end dates for expiry purposes. This presumes there has not been any compromise to the information for the whole time, however being a bank rotating a new private key and new private key password every year would be a good thing to do. This will ensure that old security information does become worthless over time.
The Retail edition of Windows 7 comes with both 32bit and 64bit licenses. Only one installed copy though.
This maybe part of the reason there is more proliferation of 64bit because some people can go back to 32bit if they wanted. There was no purchase choice to make.
I'm sure volume licensing shaves off the options.
The result of being found doing something against the law must have a punishment which negates the additional profit created from the crime.
Also I agree the possible imprisonment (or better) possible brancrupcy (then shareholders loose which are really pulling the strings).
Possible ways to deal with these matters are to make the fine the financial amount that not only includes the additional profit created (or some estimation of it) but also the entire costs of bringing the matter to trial (this would include costs that would not otherwise be included). Like investigation costs pre-trial.
Another factor is to randomly pick on one company (within the consortium) to be forced to pay the majorty of the overall fine (this is the risk of going into bankcrupcy aspect. by making an example of them) and Im sure there is some kind of "Game Theory" to this measure. In that it will forever more create a division between/across those that previously consorted since someone got out lightly, someone got out heavily which will further disrupt the possibility of doing it again. Possible counter measures to this (if it would cause bankrupcy) would be allowing the state to take significant shareholder % in the corporation, so that they had access to fine repayments through future profits, had access to future board level decisions. Being able to pay the fine over time also means there would be an amount of interest and additional costs thrown in but ultimately that company would not go into bancrupcy (a win for shareholders!). Or course this is somewhat difficult cross-international-borders.
And there lies the problems. The telco regulators should force telecoms companies to offer premium service limitations at customer request, i.e. a customer SHOULD be able to phone up and request a maximum limit say of £40 per month to premium services (voice calls and SMS) if a mobile subscriber goes upto their limit within the month then the network contact them by SMS and even a customer services outbound call to advise the customer of the situation. Some customers might want to have the limit lifted so the hoop jumping can begin (with credit checks / payment etc).
But as far as I know no mobile operator in the UK will provide such a service to contract customers (even though its technically possible, since PAYG exists!).
I could go on and say the same for banks, banks don't seem to have a concept of reject any transaction that takes you over your hard credit limit, it costs next to nothing to attempt to process a transaction and then decline it (look to the credit card industry for that). But they couldn't make money charing you overlimit charges and the interest on top. Rip off Britain!