There are several "provably secure" computer systems. As in you can demonstrate they fulfil certain mathematical constraints and those constraints are absolute. Then you have to write the code and prove the code, then you have to hope the prover is correct and the hardwareis correct. Nothing is 100%.
As to the randomisation stuff - yes I've got examples, and we've hit the same thing in Linux with randomisation. You get cases where memory scribbles cause a problem only if the layout happens to be a specific variant (especially with stack randomisation). From "either it dies or it works" you get "1 in 10,000 times xyz app blows up". That does make debugging much much harder. Of course a good reply to that is "so improve the debugging tools".
Perhaps they were thinking "Well we got away with it when it came to DR-DOS and windows"
I imagine the judge supervising the DoJ settlement with Microsoft will be getting some quite interesting letters and asking some very hard questions this coming week.
I can see that happening. Won't be long before ebay is saying things like "You block skype we make ebay block you and suggest other ISPS' if people try and access ebay via your network" . As always it will be the little people who suffer.
Its all horribly horribly simple. No large investor or large vendor wishes IPv6 to happen in the mainstream until all the bogus submarine patents filed around it have expired. Until then its not in the interest of Microsoft, Cisco or anyone else to ship large amounts of IPv6 and get shot at.
Nobody will say that in public because the US doesn't like industries apparently conspiring together against a patent holder but you will hear it in private.
It would not be for a court to order appropriation of the third parties property. Thus the idea that a court would open up software is silly. It may well order the third party to provide it to the defence expert and helpers for analysis but that would be quite different and the evidence in question would undoubtedly be sealed.
The maker isn't the one on trial - the maker of the device is merely the owner of some of the evidence required for justice to occur. Of course if the software is crap that might change in the following negligence suit.
What it may do however is make government think a lot harder about terms and conditions and make sure that government has the power (eg in contracts for supply) to ensure that such devices can be scrutinized and that the code will be handed over for the case itself. That can only be a good thing for both open and competent proprietary vendors.
Volcanic ash is generally extremely toxic. It contains a wide variety of interesting substances such as sulphur and flourine which tend to do bad things to human and animal internals when they mix with water. In addition the nanoparticles are sharp and linked to longer term lung disease.
If nanotech substances are like volcanic ash I'd be about as worried as if they were like asbestos personally.
Well given the name Linux was invented by a third party, and the prior use I hope the mark gets thrown out. And if he's your lawyer you should be ashamed.
We had a similar scan in the EU (Austria primarily) of someone making the same kind of "for the good of Linux' type claims. That one was dealt with in the same way I hope this is.. crushed underfoot.
The US system has problems with reception that the european one doesn't (shades [pardon the pun] of Never-The-Same-Color) but the biggest problem with both digital TV and radio seems not to be price (set top boxes cost very little in the EU now unless of course you buy the DVR edition with external hard disk sync to your PC).
Rather it is power consumption for mobile devices. Battery digital radios are power eaters and while I can get analogue radio on my phone, and Nokia demonstrated analogue TV on a phone nobody seems to have achieved this with digital yet.
Nokia is it seems releasing a Linux based device. When they do that the GPL is quite clear about the patents and that you *have* to give usage. So in fact the GPL says _more_ than Nokia do.
Nor alas is this just PR spin to make them look good. Nokia is lobbying hard to get almost unlimited software patenting allowed in Europe. This press release is part of a game to fool the parliament into believing that open source is not threatened by patents and to make them feel more comfortable. Right now the Finnish MEP's in particular face difficult choices - Nokia is almost "Finland the company" and Linus is "Finland the rockstar" , and they say exactly the reverse about patents.
They get to be in conflict over short time periods - that was the point of that part of the talk. If you need a fix that is provably correct, simple and immediate it tends to be the ugly bandaid type fix. Those go into -ac and expire (in theory) for the next base kernel.
Linus instead is quite happy to say "ok that is a problem but the real fix is to rewrite the logic behind [randomcomponent] to properly ensure that this cannot occur'. That might take a month and is undoubtedly the right answer but it isn't the immediate answer for people hitting the problem currently.
The EU can do a lot without the EU parliament. A lot of the patent process consisted of
"This is bad"
"We can't hear you"
This is a common process in the EU and is also used for passing many other pieces of stupid law (like the EUCD - our DMCA variant). Countries all go "Oh this is terrible but the EU made us do it" while detailed analysis will reveal that *they* put it through the EU themselves, intentionally, so they could all deny knowledge of it.
The EU has some serious reforms needed. It isn't clear to me at least whether the new EU constitution proposal will achieve that. Its a vast document written in legalese and EU acronyms when what actually needs to happen is a simple document that says "Parliament is soverign"
Carpal tunnel syndrome and small business programming really don't sound a good mix to me. That means little healthcare cover, long hours, being forced to fix stuff because nobody else is there to do it when your writes are bad and the like.
There are lots of not quite programming jobs for folks with screwed wrists to consider that might be wiser but which do involve those dreaded meeting things - Consultancy - Review/planning - Support (high level stuff not phone clone)
Anyone having written a million lines of code over a long time ought to know something about how to write software and more importantly both how not to write it and how to rescue it when it is going pear shaped. Hopefully also how to communicate with other members of the human species as well!
Thats a fair summary on the whole although slightly inaccurate.
Several distros are LSB compliant by default (notably the enterprise ones). C++ is defined in the LSB but not in the ISO standard. The reason for this was that the C++ the LSB defines is interim but was needed. Many of us felt it shouldnt be in, and definitely not in the ISO spec since we knew it was transitional. The compromise was LSB defines a transitionary C++ (which will remain supported) and ISO doesnt
You don't need to use the LSB build environment - that is simply a tool for ensuring compliance.
LSB as you rightly say is about server software right now. A push on the desktop front has begun and hopefully things like gtk will get looked at. In addition there is an exploratory working group on java/jvm packaging and standards (java itself is obviously standardised elsewhere)
To get to the stage where you can go into a shop and buy packaged applications the LSB extending to desktop will be important. Many vendors don't stock Linux products because its too confusing in their eyes. At the enterprise level it doesn't matter for small business and home it does.
The LSB was very careful about this aspect of the standard
LSB compliance does not require "rpm" and it does not say anything at all about what tools are used to manage the base system. What it defines is a way to install a package in a given binary format (an RPM binary format subset). If the distribution only uses that for LSB packages or uses alien to convert it to dpkg first that is still just fine.
There had to be a single file format. Within that the goal has been to minimise the restrictins that might create.
Alan
Re:How lightweight, if it requires gtk+?
on
Xfce 4.2.0 Released
·
· Score: 1
I'm running Xfce on a 64Mb pentium box and its pretty reasonable a performer. I've run xfce in the past on 32Mb boxes and it was ok. xfce+sylpheed+abiword works very well on smaller systems. Its also nice on a fast box - Xfce X sessions start essentially instantly on a decent machine unlike gnome/kde
If the sex.com case is precdent and verisign screwed up then I imagine its going to be expensive for them. If verisign has been compromised then the situation is going to look bad for them as they are allegedly trusted enough to handle large numbers of SSL certificates...
Computer monitors are linked to the same kind of effects. Thats why Sweden introduced MPR-II radiation rules for monitor displays (which have since been tightened up).
There is also ongoing concern about police using radar guns having apparently higher rates of brain cancer.
In terms of scale of power however a cellphone is putting out a ton more than the wireless network. The cellphone can peak at 5Watts or so the wireless network is a tiny tiny fraction of that - and the effect on you is non linear so amplifying the distance.
The majority of recommendations I've seen are much more mundane - don't let small children use a cellphone a lot, don't put masts near homes/schools, don't chew your phone while talking 8)
Even if it was a big issue in the future we know that moving theantenna makes a big difference. Radio Amateurs regularly work with 400W (which is enough that touching the cable can give you RF burns) but with the antenna located some distance from the user nobody has any literature or great piece of evidence on harm. The same is true of CB users who are putting out similar power to a mobile phone but at different frequency ranges and generally with the antenna at some distance.
UK can be a lot cheaper according to the US folks I've talked to (obviously not if you go to Oxford/Cambridge). If you are originally a UK citizen then you may also be able to get government aid (eg in Objective 1 areas).
I'd suggest that if you have the opportunity you carry on working part tiime or odd work in your current career. A little bit of computing work tends to pay a lot better than serving behind the student bar or the other "usual" student jobs, and takes less time.
I was lucky to have a very flexible and helpful employer on that last item.
A few musicians make it big enough, most - even formerly famous ones - don't make much if anything, and frequently end with job terms worse than McDonalds.
The second thing to remember is to ask where the counterfeit generated money goes. The music industry will tell you "organised crime", but disturbingly so will quite a few senior people in the front line who really have no reason to produce propoganda.
I'd like to see knowing large scale ("industrial" ?) piracy criminalized. That would actually help no end in dealing with problems of lax enforcement in Asia because you'd be able to viably go after all the large US and EU companies who seem to spend so much time "accidentally and unknowingly" importing other peoples copyright material borrowed in Asia, rebadged and shipped back.
Its called "reverse engineering". Everyone does it. People at Boeing take apart airbus equipment and vice versa, Every car company takes apart each others vehicles. Chip vendors X-ray each others components. 3am poking around may be a bit odd but they could have ordered one train, taken it apart and built some more.
Thats a seperate issue to patents and their enforcability.
Nobody contacted the vendors that I can find, or the official security reporting list for the kernel, or CERT, or any other such body as would be good practice. Apparently they lobbed a private mail at Andrew and it got lost.
No this was just a dumb locking bug. You could reasonably argue that some of the kernel API's for do_brk were less than well designed but thats more historical accident.
Its fixed by 2.6.10-ac6 along with the setsid crash and some other corner case bugs Coverity found.
I'd second your experience. I kept the indexes of Y2K statements for common packages used on Linux and ended up giving statements for a court case involving Y2K failure or lack thereof. Stuff broke, most of it got fixed in time but not all of it. Eg - early 2000 lots of mailing lists emitted messages for the year 100.
Closer to home I did Y2K testing on my fathers amateur radio contact database. Much to his suprise it comprehensively failed.
Sure it was overhyped and the disaster-move division of the press got excited but it was most definitely real, 2038 will be just as big a deal.
If Y2K should have done one thing it would be to teach customers the dangers of being tied to a software provider who could say "oh yes we know, tough shit, upgrade for $1M". I'm not sure it did 8(
Slashdot Mirror
There are several "provably secure" computer systems. As in you can demonstrate they fulfil certain mathematical constraints and those constraints are absolute. Then you have to write the code and prove the code, then you have to hope the prover is correct and the hardwareis correct. Nothing is 100%.
As to the randomisation stuff - yes I've got examples, and we've hit the same thing in Linux with randomisation. You get cases where memory scribbles cause a problem only if the layout happens to be a specific variant (especially with stack randomisation). From "either it dies or it works" you get "1 in 10,000 times xyz app blows up". That does make debugging much much harder. Of course a good reply to that is "so improve the debugging tools".
Linux has supported media with 4K and 2K blocksize for some years (about 7 I think offhand). 2K media comes up with optical disks a lot.
Perhaps they were thinking "Well we got away with it when it came to DR-DOS and windows"
I imagine the judge supervising the DoJ settlement with Microsoft will be getting some quite interesting letters and asking some very hard questions this coming week.
In both cases the people doing the complaining are themselves almost all immigrants, they just got there a bit earlier.
I can see that happening. Won't be long before ebay is saying things like "You block skype we make ebay block you and suggest other ISPS' if people try and access ebay via your network" . As always it will be the little people who suffer.
Alan
Its all horribly horribly simple. No large investor or large vendor wishes IPv6 to happen in the mainstream until all the bogus submarine patents filed around it have expired. Until then its not in the interest of Microsoft, Cisco or anyone else to ship large amounts of IPv6 and get shot at.
Nobody will say that in public because the US doesn't like industries apparently conspiring together against a patent holder but you will hear it in private.
It would not be for a court to order appropriation of the third parties property. Thus the idea that a court would open up software is silly. It may well order the third party to provide it to the defence expert and helpers for analysis but that would be quite different and the evidence in question would undoubtedly be sealed.
The maker isn't the one on trial - the maker of the device is merely the owner of some of the evidence required for justice to occur. Of course if the software is crap that might change in the following negligence suit.
What it may do however is make government think a lot harder about terms and conditions and make sure that government has the power (eg in contracts for supply) to ensure that such devices can be scrutinized and that the code will be handed over for the case itself. That can only be a good thing for both open and competent proprietary vendors.
Volcanic ash is generally extremely toxic. It contains a wide variety of interesting substances such as sulphur and flourine which tend to do bad things to human and animal internals when they mix with water. In addition the nanoparticles are sharp and linked to longer term lung disease.
If nanotech substances are like volcanic ash I'd be about as worried as if they were like asbestos personally.
Well given the name Linux was invented by a third party, and the prior use I hope the mark gets thrown out. And if he's your lawyer you should be ashamed.
We had a similar scan in the EU (Austria primarily) of someone making the same kind of "for the good of Linux' type claims. That one was dealt with in the same way I hope this is.. crushed underfoot.
The US system has problems with reception that the european one doesn't (shades [pardon the pun] of Never-The-Same-Color) but the biggest problem with both digital TV and radio seems not to be price (set top boxes cost very little in the EU now unless of course you buy the DVR edition with external hard disk sync to your PC).
Rather it is power consumption for mobile devices. Battery digital radios are power eaters and while I can get analogue radio on my phone, and Nokia demonstrated analogue TV on a phone nobody seems to have achieved this with digital yet.
Nokia is it seems releasing a Linux based device. When they do that the GPL is quite clear about the patents and that you *have* to give usage. So in fact the GPL says _more_ than Nokia do.
Nor alas is this just PR spin to make them look good. Nokia is lobbying hard to get almost unlimited software patenting allowed in Europe. This press release is part of a game to fool the parliament into believing that open source is not threatened by patents and to make them feel more comfortable. Right now the Finnish MEP's in particular face difficult choices - Nokia is almost "Finland the company" and Linus is "Finland the rockstar" , and they say exactly the reverse about patents.
They get to be in conflict over short time periods - that was the point of that part of the talk. If you need a fix that is provably correct, simple and immediate it tends to be the ugly bandaid type fix. Those go into -ac and expire (in theory) for the next base kernel.
Linus instead is quite happy to say "ok that is a problem but the real fix is to rewrite the logic behind [randomcomponent] to properly ensure that this cannot occur'. That might take a month and is undoubtedly the right answer but it isn't the immediate answer for people hitting the problem currently.
The EU can do a lot without the EU parliament. A lot of the patent process consisted of
"This is bad"
"We can't hear you"
This is a common process in the EU and is also used for passing many other pieces of stupid law (like the EUCD - our DMCA variant). Countries all go "Oh this is terrible but the EU made us do it" while detailed analysis will reveal that *they* put it through the EU themselves, intentionally, so they could all deny knowledge of it.
The EU has some serious reforms needed. It isn't clear to me at least whether the new EU constitution proposal will achieve that. Its a vast document written in legalese and EU acronyms when what actually needs to happen is a simple document that says "Parliament is soverign"
Carpal tunnel syndrome and small business programming really don't sound a good mix to me. That means little healthcare cover, long hours, being forced to fix stuff because nobody else is there to do it when your writes are bad and the like.
There are lots of not quite programming jobs for folks with screwed wrists to consider that might be wiser but which do involve those dreaded meeting things
- Consultancy
- Review/planning
- Support (high level stuff not phone clone)
Anyone having written a million lines of code over a long time ought to know something about how to write software and more importantly both how not to write it and how to rescue it when it is going pear shaped. Hopefully also how to communicate with other members of the human species as well!
Thats a fair summary on the whole although slightly inaccurate.
Several distros are LSB compliant by default (notably the enterprise ones). C++ is defined in the LSB but not in the ISO standard. The reason for this was that the C++ the LSB defines is interim but was needed. Many of us felt it shouldnt be in, and definitely not in the ISO spec since we knew it was transitional. The compromise was LSB defines a transitionary C++ (which will remain supported) and ISO doesnt
You don't need to use the LSB build environment - that is simply a tool for ensuring compliance.
LSB as you rightly say is about server software right now. A push on the desktop front has begun and hopefully things like gtk will get looked at. In addition there is an exploratory working group on java/jvm packaging and standards (java itself is obviously standardised elsewhere)
To get to the stage where you can go into a shop and buy packaged applications the LSB extending to desktop will be important. Many vendors don't stock Linux products because its too confusing in their eyes. At the enterprise level it doesn't matter for small business and home it does.
The LSB was very careful about this aspect of the standard
LSB compliance does not require "rpm" and it does not say anything at all about what tools are used to manage the base system. What it defines is a way to install a package in a given binary format (an RPM binary format subset). If the distribution only uses that for LSB packages or uses alien to convert it to dpkg first that is still just fine.
There had to be a single file format. Within that the goal has been to minimise the restrictins that might create.
Alan
I'm running Xfce on a 64Mb pentium box and its pretty reasonable a performer. I've run xfce in the past on 32Mb boxes and it was ok. xfce+sylpheed+abiword works very well on smaller systems. Its also nice on a fast box - Xfce X sessions start essentially instantly on a decent machine unlike gnome/kde
If the sex.com case is precdent and verisign screwed up then I imagine its going to be expensive for them. If verisign has been compromised then the situation is going to look bad for them as they are allegedly trusted enough to handle large numbers of SSL certificates...
Computer monitors are linked to the same kind of effects. Thats why Sweden introduced MPR-II radiation rules for monitor displays (which have since been tightened up).
There is also ongoing concern about police using radar guns having apparently higher rates of brain cancer.
In terms of scale of power however a cellphone is putting out a ton more than the wireless network. The cellphone can peak at 5Watts or so the wireless network is a tiny tiny fraction of that - and the effect on you is non linear so amplifying the distance.
The majority of recommendations I've seen are much more mundane - don't let small children use a cellphone a lot, don't put masts near homes/schools, don't chew your phone while talking 8)
Even if it was a big issue in the future we know that moving theantenna makes a big difference. Radio Amateurs regularly work with 400W (which is enough that touching the cable can give you RF burns) but with the antenna located some distance from the user nobody has any literature or great piece of evidence on harm. The same is true of CB users who are putting out similar power to a mobile phone but at different frequency ranges and generally with the antenna at some distance.
UK can be a lot cheaper according to the US folks I've talked to (obviously not if you go to Oxford/Cambridge). If you are originally a UK citizen then you may also be able to get government aid (eg in Objective 1 areas).
I'd suggest that if you have the opportunity you carry on working part tiime or odd work in your current career. A little bit of computing work tends to pay a lot better than serving behind the student bar or the other "usual" student jobs, and takes less time.
I was lucky to have a very flexible and helpful employer on that last item.
A few musicians make it big enough, most - even formerly famous ones - don't make much if anything, and frequently end with job terms worse than McDonalds.
The second thing to remember is to ask where the counterfeit generated money goes. The music industry will tell you "organised crime", but disturbingly so will quite a few senior people in the front line who really have no reason to produce propoganda.
I'd like to see knowing large scale ("industrial" ?) piracy criminalized. That would actually help no end in dealing with problems of lax enforcement in Asia because you'd be able to viably go after all the large US and EU companies who seem to spend so much time "accidentally and unknowingly" importing other peoples copyright material borrowed in Asia, rebadged and shipped back.
Its called "reverse engineering". Everyone does it. People at Boeing take apart airbus equipment and vice versa, Every car company takes apart each others vehicles. Chip vendors X-ray each others components. 3am poking around may be a bit odd but they could have ordered one train, taken it apart and built some more.
Thats a seperate issue to patents and their enforcability.
Alan
Nobody contacted the vendors that I can find, or the official security reporting list for the kernel, or CERT, or any other such body as would be good practice. Apparently they lobbed a private mail at Andrew and it got lost.
No this was just a dumb locking bug. You could reasonably argue that some of the kernel API's for do_brk were less than well designed but thats more historical accident.
Its fixed by 2.6.10-ac6 along with the setsid crash and some other corner case bugs Coverity found.
I'd second your experience. I kept the indexes of Y2K statements for common packages used on Linux and ended up giving statements for a court case involving Y2K failure or lack thereof. Stuff broke, most of it got fixed in time but not all of it. Eg - early 2000 lots of mailing lists emitted messages for the year 100.
Closer to home I did Y2K testing on my fathers amateur radio contact database. Much to his suprise it comprehensively failed.
Sure it was overhyped and the disaster-move division of the press got excited but it was most definitely real, 2038 will be just as big a deal.
If Y2K should have done one thing it would be to teach customers the dangers of being tied to a software provider who could say "oh yes we know, tough shit, upgrade for $1M". I'm not sure it did 8(
Alan