I remember hearing that Konqueror allows using Gecko instead of KHTML. If that functionality is already in place then there can be a third rendering engine should anybody want it.
Konqueror, AFAIK, is a container for plugins. KHTML is open, there shouldn't be any problem with creating a compatible replacement for it. Nothing is really stopping you from rewriting the file manager and all the other plugins Konqueror uses.
It's Open Source. If you really want to rip Konqueror off KDE, you're perfectly free to do so.
You can also go for the less drastic route, and submit patches to the KDE team if you think it should be more replaceable.
AFAIK, KDE has no apps that hijack your file associations. If you change something is should stay that way.
Somebody should make a website listing all those numbers, and keeping them up to date. Sure, people are going to annoy a lot somebody for a week or two, but then the story disappears from the front page, people forget...
There should be some good place where to find the phone numbers of all those morons so that they hear from people who are unhappy with their methods for a few months at least.
Why? Because they don't try to be the damn world police. Face it, there was no reason to attack Saddam. First the excuse was 9/11. But oops, that wasn't it. Then it was the the missiles, but oops! he didn't have any after all. No, finally the reason was that he's evil.
No country is perfect, and the US should look at its own faults before trying to "fix" what's wrong in other places. Let's see, what country calls itself the "land of the free" while allows putting people in prison without judging them first? What country applies the death penalty to teenagers and people with obvious mental problems? The US is quicky becoming not much better than the dictators it tries to "liberate" other countries from.
I think it's the fact that random data in those places is actually an uncommon occurrence. And depending on the tool used, it might leave some way of identifying the presence of data.
Of course it can all be solved by making every image contain hidden data from/dev/random.
Well, that was interesting. Got to admit you have a point there with the different formats.
I have nothing against biometrics when used well, actually. I'm just worried that in the public perception they're turning into a magical solution for all security problems, just like what happened with XML. Sure it's good and all that, but sticking it everywhere makes very little sense.
Of course, there will be a few places that need paranoid security that'll do proper authentication with biometrics, security card and password. But I'm pretty sure that the way things go, for every place where they're used right there will be at least 20 where they're used wrong.
About ov511, $500 happens to be pretty expensive, and that's part of the problem. The system I tried was somewhere about $300 I think, and neither the sensor nor the software looked very impressive. The price, and the problem of that many people don't really understand what biometrics are for is going to create lots of headaches in the future, I think.
Your first objection isn't actually a problem. Any successful system is going to be deployed widely or the maker will go bankrupt, or at least stop selling it. This means that pretty much any system you will find is going to be deployed somewhere else, perhaps in thousands of places.
Second, the closed formats aren't a huge problem. All you need to is to get the hardware, pay a smart guy to reverse-engineer the format, and get some data. I'm pretty sure that with some clever thinking biometric data can be converted between several systems.
Second objection: Somebody mentioned that the card contains clear text account numbers. So if you know the PIN, and you have the account numbers you can make a card, identical to the original.
The difference between dead and alive tissue sure is nice, but will never be perfect. Sensors exposed to the weather will have to be made less sensitive, to avoid annoying people with cold hands. Somebody will inevitably install the cheapest sensors available that don't check for that. And it's doubtful that you'll be put behind the bars for trying unsuccessfully. Biometric systems to and will fail a lot commonly, due to issues like people with cold hands, people with circulation problems, burns, dirt on the sensor... After the 128th failure in a day the guard will just not pay any attention at all to it.
I have tested a fingerprint scanner myself. An expensive one too. Let me tell you what it was. It was a cheap grayscale sensor (ov511 if you're interested) that Linux detected as a common webcam. That's right, it's a cheap webcam in a specially built plastic body, and I could see my fingerprint with camstream. It didn't have any signs of doing any checks at all. The sensor got dirty very quickly, and breathing on it seemed to partially revive the image.
Note that I didn't say anything about OSS being a magic recipe for success or anything like that. My point was that even if nobody would voluntarily work on some program, it doesn't mean that making it OSS will be useless. Not only volunteers work on OSS software.
And of course there are many companies with very specific demands. Then, there are many that just need something more or less simple. Say if a company wants a program that does authentication with a smartcard, it's probably not going to be very difficult to replace a password authentication mechanism with that. It should be easier than writing your own program, anyway.
Yeah, I read Applied Cryptography a few times as well, and that doesn't make me a crypto expert. Bruce Schneier himself said "A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography".
So, care to enlighten us about what exactly is wrong with their system?
Not necessarily. The fact that nobody would like to work on a store management program for free doesn't mean making it open source doesn't make sense. Somebody working for another company and being paid for it could use it.
Here's the thing: As far as I can see, for most companies the development of this kind of software is an expense they'd love to get rid of, but which is necessary to manage their stuff.
So, suppose a small company that needs its own program for whatever reason. They hire you to code it and say that the problem is that they need the program RIGHT NOW, so unfortunately something usable needs to be ready in 3 months max. It's very unlikely that something good can come out of a requirement like that, unless you find an OSS package, and adapt it for the company's needs.
vadim@alice vadim $ gcc hello.c hello.c: In function `main': hello.c:2: warning: return type of `main' is not `int' vadim@alice vadim $./a.out Hello, world! vadim@alice vadim $ echo $? 14
If you declare it void then the return value is going to be random garbage, which will confuse anything that expects that non-zero values indicate an error of some kind.
I won't see that improvement for a long time though. Here I haven't even worked with XP for longer than an hour, pretty much everybody has 98 or 2K. And we'll probably move to Linux anyway.
Well, really, it's not so useless. For example, think of how dangerous it is to install a fresh copy of Windows on a machine with a direct Internet connection. There's a certain chance there that your box will be infected before you have time to install the latest patches and Service Pack.
Even if the default install is useless for any real work, if it's good enough to pull whatever security patches are needed without danger, then it's a very useful thing.
I think that every OS should allow to perform an installation where during all the installation process and immediately after finishing it, it's in a firewalled state, to ensure nothing can get through while you're getting it up to date.
Oh, I am sure that there are very few people who really sit down and think "Hmm... how could I find an exploit in the kernel?". I think it's much more likely that it's some fairly normal programmer, working on something completely unrelated who one day makes a call the wrong way and finds that it crashes the kernel. And there comes the choice, to be a nice guy and send a mail to LKML, or to check that nobody seems to have noticed it yet and use it to break into some interesting place?
No, that's completely wrong. Let's try with the same database example. Even for the $20,000 that it costs to get a MS SQL Server license, I doubt you'll get a lot of support from them. Sure they may give decent support, but they'll almost certainly not add features just for you, and will drop the support for your version after a while.
Now, your company runs on PostgreSQL and needs feature X added? Depending on the feature, it could perfectly happen that somebody would be willing to do it for less than $20,000. And when 5 years pass and your program still works, you can pay a programmer, from the PostreSQL team or outside it to fix whatever bug is giving you problems.
Even if the PostgeSQL project dies completely you will still be able to find programmers to continue development, or at least fix the issues that make your migration harder than it should be. Could you hope for any kind of help if MS went bankrupt one day, or completely stopped work on databases? Definitely not.
Heh. The only license that works the way you like is the BSD, or alternatively, the public domain. Try working at MS for a while and see if you can have complete control over your own work.
Have a Mac? Like artificial life? Try Creatures [mikeash.com]
That's not Creatures. Not even 10% of it, it seems. There was a Creatures game made by CyberLife, which was also available for the Mac in its first version, IIRC.
What "lots"? The worst thing that can happen is getting everybody's key revoked. Sure it could be quite a mess, but other than annoying everybody and forcing the developers to make new keys it wouldn't really accomplish anything.
A revokation key has little attractiveness, IMO. By most part, having your key rekoved doesn't stop you from communicating, nor it allows whoever got it pretend it's you. Nothing stops you from having more than one key either. You don't have to use the Debian one for everything.
Safekeeping is easy too. Print it on paper (it looks same as a PGP ASCII-armored key), store somewhere safe (put it in a bank for safekeeping) and then agree that when there's enough people who think the key should be revoked, go fetch the paper and type the key on the computer.
There's really no reason to keep them on a computer. Revoking your key isn't something you do often.
Er, if you can't trust the Debian developers, then why would you install Debian in the first place?
The point of the idea would be that breaking into the server wouldn't allow you to modify packages - you'd need a developer's private key to sign it too, or get the developer to sign a bad package.
When it's found security is compromised, all that is needed is to revoke the developer's key. If apt-get is changed so that it checks for revokations before installing the package, the damage will be much less.
The case of a malicious developer is somewhat harder to handle though, since only somebody with the private key can issue a revokation cert. But this could be quite easily worked around, like forcing every developer to submit a revokation certificate for safekeeping. Then if the developer was found to be malicious the revokation could be sent to the key servers without having the private key.
Debian needs a master key. The key signs the developer's keys. This way if somebody breaks into the server, every package is signed by its maintainer. Compromising one maintainer's key only leaves his/her packages vulnerable.
The firewall has 3 network cards, I could add another one, and there you go, 4 port switch. The computer itself was free. It's easy to find a P100 in a dumpster these days.
I do understand the good part of using a firewall, but I still prefer rolling my own. It's more interesting (I'm not a networking god, so practice is good), I can set up any configuration, have logging, and even do things like automatically blocking IPs if I want (I know this can be dangerous).
Now, I will admit that getting all I need running for a floppy took some effort, but I find it an useful experience.
Slashdot Mirror
You know, you can probably get rid of it yourself.
Simply take kbabel, and make language files for a k-less system. If it bothers people that much they could have perfectly done that a long time ago.
Well, several points:
I remember hearing that Konqueror allows using Gecko instead of KHTML. If that functionality is already in place then there can be a third rendering engine should anybody want it.
Konqueror, AFAIK, is a container for plugins. KHTML is open, there shouldn't be any problem with creating a compatible replacement for it. Nothing is really stopping you from rewriting the file manager and all the other plugins Konqueror uses.
It's Open Source. If you really want to rip Konqueror off KDE, you're perfectly free to do so.
You can also go for the less drastic route, and submit patches to the KDE team if you think it should be more replaceable.
AFAIK, KDE has no apps that hijack your file associations. If you change something is should stay that way.
Weird, we have WinRAR, WinZIP, Winamp, WinMX, winhelp, winchat, winfax, winmine, winoldap, winsock, winspool, and nobody seems to complain much.
Here's an idea:
Somebody should make a website listing all those numbers, and keeping them up to date. Sure, people are going to annoy a lot somebody for a week or two, but then the story disappears from the front page, people forget...
There should be some good place where to find the phone numbers of all those morons so that they hear from people who are unhappy with their methods for a few months at least.
One? There are many.
Why? Because they don't try to be the damn world police. Face it, there was no reason to attack Saddam. First the excuse was 9/11. But oops, that wasn't it. Then it was the the missiles, but oops! he didn't have any after all. No, finally the reason was that he's evil.
No country is perfect, and the US should look at its own faults before trying to "fix" what's wrong in other places. Let's see, what country calls itself the "land of the free" while allows putting people in prison without judging them first? What country applies the death penalty to teenagers and people with obvious mental problems? The US is quicky becoming not much better than the dictators it tries to "liberate" other countries from.
I think it's the fact that random data in those places is actually an uncommon occurrence. And depending on the tool used, it might leave some way of identifying the presence of data.
/dev/random.
Of course it can all be solved by making every image contain hidden data from
Well, that was interesting. Got to admit you have a point there with the different formats.
I have nothing against biometrics when used well, actually. I'm just worried that in the public perception they're turning into a magical solution for all security problems, just like what happened with XML. Sure it's good and all that, but sticking it everywhere makes very little sense.
Of course, there will be a few places that need paranoid security that'll do proper authentication with biometrics, security card and password. But I'm pretty sure that the way things go, for every place where they're used right there will be at least 20 where they're used wrong.
About ov511, $500 happens to be pretty expensive, and that's part of the problem. The system I tried was somewhere about $300 I think, and neither the sensor nor the software looked very impressive. The price, and the problem of that many people don't really understand what biometrics are for is going to create lots of headaches in the future, I think.
Actually, there is an unofficial continuation of LOTR. There are several books by Nick Perumov that continue the story.
You have too much faith in this stuff.
Your first objection isn't actually a problem. Any successful system is going to be deployed widely or the maker will go bankrupt, or at least stop selling it. This means that pretty much any system you will find is going to be deployed somewhere else, perhaps in thousands of places.
Second, the closed formats aren't a huge problem. All you need to is to get the hardware, pay a smart guy to reverse-engineer the format, and get some data. I'm pretty sure that with some clever thinking biometric data can be converted between several systems.
Second objection: Somebody mentioned that the card contains clear text account numbers. So if you know the PIN, and you have the account numbers you can make a card, identical to the original.
The difference between dead and alive tissue sure is nice, but will never be perfect. Sensors exposed to the weather will have to be made less sensitive, to avoid annoying people with cold hands. Somebody will inevitably install the cheapest sensors available that don't check for that. And it's doubtful that you'll be put behind the bars for trying unsuccessfully. Biometric systems to and will fail a lot commonly, due to issues like people with cold hands, people with circulation problems, burns, dirt on the sensor... After the 128th failure in a day the guard will just not pay any attention at all to it.
I have tested a fingerprint scanner myself. An expensive one too. Let me tell you what it was. It was a cheap grayscale sensor (ov511 if you're interested) that Linux detected as a common webcam. That's right, it's a cheap webcam in a specially built plastic body, and I could see my fingerprint with camstream. It didn't have any signs of doing any checks at all. The sensor got dirty very quickly, and breathing on it seemed to partially revive the image.
Note that I didn't say anything about OSS being a magic recipe for success or anything like that. My point was that even if nobody would voluntarily work on some program, it doesn't mean that making it OSS will be useless. Not only volunteers work on OSS software.
And of course there are many companies with very specific demands. Then, there are many that just need something more or less simple. Say if a company wants a program that does authentication with a smartcard, it's probably not going to be very difficult to replace a password authentication mechanism with that. It should be easier than writing your own program, anyway.
Yeah, I read Applied Cryptography a few times as well, and that doesn't make me a crypto expert. Bruce Schneier himself said "A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography".
So, care to enlighten us about what exactly is wrong with their system?
Not necessarily. The fact that nobody would like to work on a store management program for free doesn't mean making it open source doesn't make sense. Somebody working for another company and being paid for it could use it.
Here's the thing: As far as I can see, for most companies the development of this kind of software is an expense they'd love to get rid of, but which is necessary to manage their stuff.
So, suppose a small company that needs its own program for whatever reason. They hire you to code it and say that the problem is that they need the program RIGHT NOW, so unfortunately something usable needs to be ready in 3 months max. It's very unlikely that something good can come out of a requirement like that, unless you find an OSS package, and adapt it for the company's needs.
Wow, that definitely took some time.
I won't see that improvement for a long time though. Here I haven't even worked with XP for longer than an hour, pretty much everybody has 98 or 2K. And we'll probably move to Linux anyway.
Oh, of course you'll have to add software, just like with any system. Windows doesn't exactly come with a lot of useful stuff either.
Well, really, it's not so useless. For example, think of how dangerous it is to install a fresh copy of Windows on a machine with a direct Internet connection. There's a certain chance there that your box will be infected before you have time to install the latest patches and Service Pack.
Even if the default install is useless for any real work, if it's good enough to pull whatever security patches are needed without danger, then it's a very useful thing.
I think that every OS should allow to perform an installation where during all the installation process and immediately after finishing it, it's in a firewalled state, to ensure nothing can get through while you're getting it up to date.
Oh, I am sure that there are very few people who really sit down and think "Hmm... how could I find an exploit in the kernel?". I think it's much more likely that it's some fairly normal programmer, working on something completely unrelated who one day makes a call the wrong way and finds that it crashes the kernel. And there comes the choice, to be a nice guy and send a mail to LKML, or to check that nobody seems to have noticed it yet and use it to break into some interesting place?
No, that's completely wrong. Let's try with the same database example. Even for the $20,000 that it costs to get a MS SQL Server license, I doubt you'll get a lot of support from them. Sure they may give decent support, but they'll almost certainly not add features just for you, and will drop the support for your version after a while.
Now, your company runs on PostgreSQL and needs feature X added? Depending on the feature, it could perfectly happen that somebody would be willing to do it for less than $20,000. And when 5 years pass and your program still works, you can pay a programmer, from the PostreSQL team or outside it to fix whatever bug is giving you problems.
Even if the PostgeSQL project dies completely you will still be able to find programmers to continue development, or at least fix the issues that make your migration harder than it should be. Could you hope for any kind of help if MS went bankrupt one day, or completely stopped work on databases? Definitely not.
Heh. The only license that works the way you like is the BSD, or alternatively, the public domain. Try working at MS for a while and see if you can have complete control over your own work.
What "lots"? The worst thing that can happen is getting everybody's key revoked. Sure it could be quite a mess, but other than annoying everybody and forcing the developers to make new keys it wouldn't really accomplish anything.
A revokation key has little attractiveness, IMO. By most part, having your key rekoved doesn't stop you from communicating, nor it allows whoever got it pretend it's you. Nothing stops you from having more than one key either. You don't have to use the Debian one for everything.
Safekeeping is easy too. Print it on paper (it looks same as a PGP ASCII-armored key), store somewhere safe (put it in a bank for safekeeping) and then agree that when there's enough people who think the key should be revoked, go fetch the paper and type the key on the computer.
There's really no reason to keep them on a computer. Revoking your key isn't something you do often.
Er, if you can't trust the Debian developers, then why would you install Debian in the first place?
The point of the idea would be that breaking into the server wouldn't allow you to modify packages - you'd need a developer's private key to sign it too, or get the developer to sign a bad package.
When it's found security is compromised, all that is needed is to revoke the developer's key. If apt-get is changed so that it checks for revokations before installing the package, the damage will be much less.
The case of a malicious developer is somewhat harder to handle though, since only somebody with the private key can issue a revokation cert. But this could be quite easily worked around, like forcing every developer to submit a revokation certificate for safekeeping. Then if the developer was found to be malicious the revokation could be sent to the key servers without having the private key.
That's fairly simple.
Debian needs a master key. The key signs the developer's keys. This way if somebody breaks into the server, every package is signed by its maintainer. Compromising one maintainer's key only leaves his/her packages vulnerable.
So now I suppose we're going to see news like that there are 300K players in the Matrix game and still no Neo?
It'll be interesting to see what happens when people get there.
The firewall has 3 network cards, I could add another one, and there you go, 4 port switch. The computer itself was free. It's easy to find a P100 in a dumpster these days.
I do understand the good part of using a firewall, but I still prefer rolling my own. It's more interesting (I'm not a networking god, so practice is good), I can set up any configuration, have logging, and even do things like automatically blocking IPs if I want (I know this can be dangerous).
Now, I will admit that getting all I need running for a floppy took some effort, but I find it an useful experience.