With 30% dead, lots of regular jobs are going undone, and regular things aren't being bought.
The music store only has employees for a few days of the week. They have to shut down on the other days. Nobody wants to be out buying music anyway though. The rent doesn't get paid. The store closes. The landlord now has an empty storefront. That hurts business for his other tenents. Also, he still has to pay his taxes. The Burger King can't staff their place. Do they just close up shop?
Businesses find themselves needing to shrink and consolidate, fast. That is majorly disruptive. Facilities must be closed. Employees may need to move; some will refuse.
Everything becomes inefficient as businesses collapse. Shortages come and go, interspersed with surplusses that get wasted.
Whole towns need to be abandoned. When a small place loses the only food store, the people have to move elsewhere.
The police are in disarray, just like every other organization. The now-idle masses are starving, bored, irrational, and willing to take great risks because death appears likely anyway. The New Orleans looting was nothing, really. Imagine something like that accross the whole world. There will be no help coming from outside.
Eventually, the farms aren't tended. The cattle aren't fed. Transportation is unreliable. Fuel may be mostly unavailable. Real food shortages set in.
Way more than 30% die. Maybe 99% or more. Very few of us have a backyard garden that can completely feed the family.
People fall back on idiotic superstitions, as they have done since the very first humans.
Welcome to the Dark Ages II. (this time, Protestant and Islamic)
All video formats are now illegal. (or is there now an XML video abomination?) All audio formats are now illegal. Probably all image formats are now illegal.
The main use of vector units is running crappy Windows gamer "benchmarks" and MacOS Photoshop "benchmarks". The games don't even use the vector units all that much. It's just the benchmarks that use the vector units.
In the real world, vector units aren't good for much at all. You can do radar processing with them, but that isn't exactly a desktop app. Linux can use them for software RAID.
Java has strictly-defined floating-point math that is incompatible with the x86. An x86 chip must save floating-point options out to memory to force the exponent to be the right size.
JIT/emulation systems in general, including Java, do better with more registers. The G4 has about 6x as many once you exclude registers that are unavailable. (about 5 for x86, but at least 30 for the G4)
We're not testing the compiler. IMHO, turning optimization OFF would be a fine idea, or at least unobjectionable.
The only important thing is that the compiler choices and options are fair. Using gcc on the Opteron and icc on the Core Duo would not be fair. Using gcc everywhere, with the same options, it completely fair.
One can also define "fair" as "all systems tweaked to the max", but this is rather difficult to do right. (see also: OS benchmarks, where the benchmarker knows all the ways to tweak the OS he uses most often)
Boeing built a "prototype" without a horizontal tail piece. They were going to add one for the final version.
Well gee. That's a whole different plane. You might as well be changing the number of engines, switching from aluminum to composite, or putting canards on the front.
Lots of companies profit from organs. The only one left out is the donor -- via their estate of course, for the suffering family.
The organs are "not sold" of course. Selling them would be illegal! No, they just charge really high handling fees. Somehow this is considered legal despite the $0 price cap.
I suppose the proper response from potential donors is this: charge a "handling fee" for the "work" of signing the donor card. Another way would be to have some sort of a futures market against the handling fees; anybody signing up to be a donor gets a share (purchased for $1 perhaps) in the futures related to handling the organs.
They used "she" in a reference to the original UNIX developers.
Let's see, which one is the woman? Ken, Dennis, or Brian?
Note: the names are not Kendra, Denise, and Brianna!
These guys are called "greybeards" even, because they have grey beards. Transvestite bearded ladies? Eeeew.
I'm reminded of the icky 9-11 statue showing 3 firefighters raising a US flag over the ruins of the World Trade Center. In reality, all were white. In the statue: black, hispanic, asian.
To admin the system, you need to change roles. No single role can do everything, and many role-to-role transitions are prohibited.
So there is NOT an administrative login that lets you do everything. There are numerous limited-capability administrative logins, sort of. They are not related to UID.
First you'd log in as root, since the old UID-based system is still being enforced. You'd need to do this from the console to get put into a role which is able to transition to something interesting. Then you run the an su-like command, called "newrole" I think, to gain one specific ability. For example, there may be a "backup" role that lets you read any file and a "net" role that lets you change network settings. Neither role can execute files written by the other.
On a Fedora box, do "ls -Z" or "ps Zax" to see the security info. (by default, Fedora enables a fairly lax version of this -- but I did once get permission denied as root with a default Fedora install)
Bitfrost isn't one single technology. It's the integration of several existing Linux technologies with a nice GUI, installer, set of keys, etc.
The neat jailing feature has been in Linux for years, though mostly unused. You can access it via either the clone() or unshare() system call. In combination with bind mounts and PID namespaces, you get the ability to jail quite effectively. To learn more:
man 2 clone man 2 unshare man 8 mount
SE Linux is of course the other major underlying ability, and then there's the new GUI and app installer to tie it all together in a usable way.
The child can request a laptop-specific developer key.
The kernel and firmware can be upgraded via this key. (writing regular apps does not require the key)
There is a 14-day waiting period to give time for stolen laptops to be reported. Keys are obviously not provided for stolen laptops.
The GPLv3 merly requires that the key be provided upon request. I don't think 14 days would be disqualifying. In any case, neither the kernel nor the firmware are GPLv3.
The concept, called mandatory access control, goes back decades. It comes from the US military. It was originally based on the classified info system (SECRET, TOP SECRET, etc.) and was intended to stop insiders causing leaks. Insiders tend to make dumb security mistakes, and sometimes even sell secrets to the enemy. Mandatory access control stops that cold.
A few years back, the NSA wrote an implementation of this for Linux. It's called SE Linux. It's a bit modernized, supporting more than just the old military-style security levels.
Linux also has CLONE_NEWNS, which is based on features from an old research OS called Plan 9. That, combined with some neat tricks involving mount points, gives you something like chroot() with extra power.
Most of the code has been around for years. OLPC just integrated it nicely into the app installer and made the user experience tolerable.
The ACLs are usually almost like the ones Windows uses, with a few minor differences:
a. UNIX-like systems normally still use rwx. b. Windows normally disables checking permissions on parent directories. c. Windows does a funny sort of inheritance thing that kills performance. (thus the above speed hack)
The stuff OLPC is using is way more powerful though. An ACL on your own data file will not protect your data from being damaged by a trojan. The OLPC project uses mandatory access control (mostly a domain-type-role enforcement mechanism) to stop such problems.
Our rfork() is called clone(), or unshare() if you don't need a new thread/process.
When you want a new namespace, you specify the CLONE_NEWNS flag. (root only, sorry, because of setuid concerns)
Once you have a new namespace, you can unmount things you don't need. You can do bind mounts, which let you graft directories onto other places. You can use a bind mount to make a read-only copy of something, then unmount the original... all without mucking up processes that aren't part of the same CLONE_NEWNS group. Portions of the filesystem tree can be shared as well, in case you really do want changes to appear to both sides of the CLONE_NEWNS. Access to things can be permanently given up within the CLONE_NEWNS group, making for a rather fine jail that generally beats jail(8) quite severely.
There are extra goodies for stuff like isolating the view of system time, the view of executing processes, etc.
Programming is allowed. There is even a "view source" button on the keyboard!
Sharing programs (binary executables) with your friends is easy and encouraged. All programs are severely sandboxed by default, so there is no problem unless the attacker finds a bug in the CPU hardware. The sandboxing is really well thought out; an app bundle (install package) can request camera access or net access but not both. Apps never get more permissions than they requested at install time, excepting when an advanced child modifies the permissions.
Linux has a few features that make this possible. The first is of course SE Linux policy, which could be adjusted by the app installer. The second is CLONE_NEWNS with bind mounts, allowing app-specific views of the filesystem that simply lack any unneeded files.
The only mildly troublesome restriction is that kernel and firmware modifications require that the child request a laptop-specific developer key from OLPC. There is a 14-day waiting period intended to allow time for laptop theft to be reported; you can't get a developer key for a stolen laptop.
In court, Microsoft claimed that exposing their source would endanger national security.
A couple years later, after the trial was over, Microsoft gives in to Chinese government demands for the source code.
You really think that this kind of 3rd-party review is good? Hint: it is highly unlikely that the Chinese government would report any interesting discoveries back to Microsoft.
Your wikipedia link supports me rather well. Perhaps you should read it again, to the very end.
CBS was backwards, ABC couldn't decide and liked yellow... but other than that it was pretty much red for the democrats and blue for the republicans. This goes back to 1888. It is followed for similar conservative/libral divisions in numerous other countries.
The old way is still supported on Apple-specific filesystems, but Apple has learned to deal with the non-Apple world. Apple even ships MacOS X with many files being single-fork (data only) with file extensions, where formerly this was not done. An example is fonts, many of which now bear.otf extensions.
Windows shares, FAT-formatted media, and Joliet (Windows CD-ROM format) media are all common.
As for Linux, both magic and xattr are lame. They both cause extra disk seeks. At 5 ms per seek, a directory with 200 files will take an extra second to examine. With 2000 files, that's an extra 10 seconds. File magic is inaccurate and, worse yet, fundamentally unfixable by the user. The xattr feature is usually disabled, doesn't work on all filesystems (hello FAT), isn't even remotely portable, and suffers from xattr marks getting lost by unaware tools.
"open the ones it understands while ignoring the rest"
I browse to the file in any of GNOME, Windows XP, Vista, KDE, or MacOS X. I click or double-click on the icon for that file, as is appropriate for my OS. The OS runs the app associated with ogg files. The app does not understand the file.
So you think the app should then IGNORE the file? Woah. I click and nothing happens. Sweet. That's a user experience all right!
The use of ogg for audio helps to make Ogg Theora unviable, because clicking on an ogg file will start an audio player.
Slashdot Mirror
With 30% dead, lots of regular jobs are going undone, and regular things aren't being bought.
The music store only has employees for a few days of the week. They have to shut down on the other days. Nobody wants to be out buying music anyway though. The rent doesn't get paid. The store closes. The landlord now has an empty storefront. That hurts business for his other tenents. Also, he still has to pay his taxes. The Burger King can't staff their place. Do they just close up shop?
Businesses find themselves needing to shrink and consolidate, fast. That is majorly disruptive. Facilities must be closed. Employees may need to move; some will refuse.
Everything becomes inefficient as businesses collapse. Shortages come and go, interspersed with surplusses that get wasted.
Whole towns need to be abandoned. When a small place loses the only food store, the people have to move elsewhere.
The police are in disarray, just like every other organization. The now-idle masses are starving, bored, irrational, and willing to take great risks because death appears likely anyway. The New Orleans looting was nothing, really. Imagine something like that accross the whole world. There will be no help coming from outside.
Eventually, the farms aren't tended. The cattle aren't fed. Transportation is unreliable. Fuel may be mostly unavailable. Real food shortages set in.
Way more than 30% die. Maybe 99% or more. Very few of us have a backyard garden that can completely feed the family.
People fall back on idiotic superstitions, as they have done since the very first humans.
Welcome to the Dark Ages II. (this time, Protestant and Islamic)
We can use hydrogen bombs.
Let's ship 50 thousand of them by DC-9 planes.
All video formats are now illegal. (or is there now an XML video abomination?)
All audio formats are now illegal.
Probably all image formats are now illegal.
Whee.... this'll be entertaining.
The main use of vector units is running crappy Windows gamer "benchmarks" and MacOS Photoshop "benchmarks". The games don't even use the vector units all that much. It's just the benchmarks that use the vector units.
In the real world, vector units aren't good for much at all. You can do radar processing with them, but that isn't exactly a desktop app. Linux can use them for software RAID.
The proper fix is to run multiple copies of the benchmark.
I'm using Linux, with single-threaded apps, but so what? I run lots of things at once:
X, window manager, xterm, editor -- that is 4, plus the kernel
X, xterm, tar, gzip -- that is 4, plus the kernel
X, xterm, make, bash, cc1, cc1, cc1, gas, gas, ld... -- that's a lot of things!
Java is big-endian, like the SPARC and G4.
Java has strictly-defined floating-point math that is incompatible with the x86. An x86 chip must save floating-point options out to memory to force the exponent to be the right size.
JIT/emulation systems in general, including Java, do better with more registers. The G4 has about 6x as many once you exclude registers that are unavailable. (about 5 for x86, but at least 30 for the G4)
We're not testing the compiler. IMHO, turning optimization OFF would be a fine idea, or at least unobjectionable.
The only important thing is that the compiler choices and options are fair. Using gcc on the Opteron and icc on the Core Duo would not be fair. Using gcc everywhere, with the same options, it completely fair.
One can also define "fair" as "all systems tweaked to the max", but this is rather difficult to do right. (see also: OS benchmarks, where the benchmarker knows all the ways to tweak the OS he uses most often)
Boeing built a "prototype" without a horizontal tail piece. They were going to add one for the final version.
Well gee. That's a whole different plane. You might as well be changing the number of engines, switching from aluminum to composite, or putting canards on the front.
Lots of companies profit from organs. The only one left out is the donor -- via their estate of course, for the suffering family.
The organs are "not sold" of course. Selling them would be illegal! No, they just charge really high handling fees. Somehow this is considered legal despite the $0 price cap.
I suppose the proper response from potential donors is this: charge a "handling fee" for the "work" of signing the donor card. Another way would be to have some sort of a futures market against the handling fees; anybody signing up to be a donor gets a share (purchased for $1 perhaps) in the futures related to handling the organs.
OK, so you know SE Linux exists and isn't anything new. It works great.
Though with a mild policy, Fedora has enabled it by default since Fedora Core 5.
OLPC is willing to adjust apps to be tolerant of high security. That makes the SE Linux UI much easier to do.
They used "she" in a reference to the original UNIX developers.
Let's see, which one is the woman? Ken, Dennis, or Brian?
Note: the names are not Kendra, Denise, and Brianna!
These guys are called "greybeards" even, because they have grey beards. Transvestite bearded ladies? Eeeew.
I'm reminded of the icky 9-11 statue showing 3 firefighters raising a US flag over the ruins of the World Trade Center. In reality, all were white. In the statue: black, hispanic, asian.
I don't want to use a video player for audio files. The GUI is probably not optimal for audio.
Ignoring streams is still no good.
To admin the system, you need to change roles. No single role can do everything, and many role-to-role transitions are prohibited.
So there is NOT an administrative login that lets you do everything. There are numerous limited-capability administrative logins, sort of. They are not related to UID.
First you'd log in as root, since the old UID-based system is still being enforced. You'd need to do this from the console to get put into a role which is able to transition to something interesting. Then you run the an su-like command, called "newrole" I think, to gain one specific ability. For example, there may be a "backup" role that lets you read any file and a "net" role that lets you change network settings. Neither role can execute files written by the other.
On a Fedora box, do "ls -Z" or "ps Zax" to see the security info. (by default, Fedora enables a fairly lax version of this -- but I did once get permission denied as root with a default Fedora install)
The UID really was zero, which is NOT a regular user account. It's a normal root account.
I couldn't even write to files that were world-writable, owned by root or not.
Do an "ls -Z" on a default Fedora install to see what is going on. Fedora can be nearly like the system described if you install the "strict" policy.
To admin the system, you need to change roles. No single role can do everything, and many role-to-role transitions are prohibited.
Bitfrost isn't one single technology. It's the integration of several existing Linux technologies with a nice GUI, installer, set of keys, etc.
The neat jailing feature has been in Linux for years, though mostly unused. You can access it via either the clone() or unshare() system call. In combination with bind mounts and PID namespaces, you get the ability to jail quite effectively. To learn more:
man 2 clone
man 2 unshare
man 8 mount
SE Linux is of course the other major underlying ability, and then there's the new GUI and app installer to tie it all together in a usable way.
The child can request a laptop-specific developer key.
The kernel and firmware can be upgraded via this key. (writing regular apps does not require the key)
There is a 14-day waiting period to give time for stolen laptops to be reported. Keys are obviously not provided for stolen laptops.
The GPLv3 merly requires that the key be provided upon request. I don't think 14 days would be disqualifying. In any case, neither the kernel nor the firmware are GPLv3.
If you edited your SE Linux policy, you'd be half-way there. The other part, jailing the apps, requires severe GNOME/KDE hacking.
The concept, called mandatory access control, goes back decades. It comes from the US military. It was originally based on the classified info system (SECRET, TOP SECRET, etc.) and was intended to stop insiders causing leaks. Insiders tend to make dumb security mistakes, and sometimes even sell secrets to the enemy. Mandatory access control stops that cold.
A few years back, the NSA wrote an implementation of this for Linux. It's called SE Linux. It's a bit modernized, supporting more than just the old military-style security levels.
Linux also has CLONE_NEWNS, which is based on features from an old research OS called Plan 9. That, combined with some neat tricks involving mount points, gives you something like chroot() with extra power.
Most of the code has been around for years. OLPC just integrated it nicely into the app installer and made the user experience tolerable.
Basically all UNIX-like systems support ACLs now.
The ACLs are usually almost like the ones Windows uses, with a few minor differences:
a. UNIX-like systems normally still use rwx.
b. Windows normally disables checking permissions on parent directories.
c. Windows does a funny sort of inheritance thing that kills performance. (thus the above speed hack)
The stuff OLPC is using is way more powerful though. An ACL on your own data file will not protect your data from being damaged by a trojan. The OLPC project uses mandatory access control (mostly a domain-type-role enforcement mechanism) to stop such problems.
Our rfork() is called clone(), or unshare() if you don't need a new thread/process.
When you want a new namespace, you specify the CLONE_NEWNS flag. (root only, sorry, because of setuid concerns)
Once you have a new namespace, you can unmount things you don't need. You can do bind mounts, which let you graft directories onto other places. You can use a bind mount to make a read-only copy of something, then unmount the original... all without mucking up processes that aren't part of the same CLONE_NEWNS group. Portions of the filesystem tree can be shared as well, in case you really do want changes to appear to both sides of the CLONE_NEWNS. Access to things can be permanently given up within the CLONE_NEWNS group, making for a rather fine jail that generally beats jail(8) quite severely.
There are extra goodies for stuff like isolating the view of system time, the view of executing processes, etc.
Programming is allowed. There is even a "view source" button on the keyboard!
Sharing programs (binary executables) with your friends is easy and encouraged. All programs are severely sandboxed by default, so there is no problem unless the attacker finds a bug in the CPU hardware. The sandboxing is really well thought out; an app bundle (install package) can request camera access or net access but not both. Apps never get more permissions than they requested at install time, excepting when an advanced child modifies the permissions.
Linux has a few features that make this possible. The first is of course SE Linux policy, which could be adjusted by the app installer. The second is CLONE_NEWNS with bind mounts, allowing app-specific views of the filesystem that simply lack any unneeded files.
The only mildly troublesome restriction is that kernel and firmware modifications require that the child request a laptop-specific developer key from OLPC. There is a 14-day waiting period intended to allow time for laptop theft to be reported; you can't get a developer key for a stolen laptop.
In court, Microsoft claimed that exposing their source would endanger national security.
A couple years later, after the trial was over, Microsoft gives in to Chinese government demands for the source code.
You really think that this kind of 3rd-party review is good? Hint: it is highly unlikely that the Chinese government would report any interesting discoveries back to Microsoft.
Your wikipedia link supports me rather well. Perhaps you should read it again, to the very end.
CBS was backwards, ABC couldn't decide and liked yellow... but other than that it was pretty much red for the democrats and blue for the republicans. This goes back to 1888. It is followed for similar conservative/libral divisions in numerous other countries.
The old way is still supported on Apple-specific filesystems, but Apple has learned to deal with the non-Apple world. Apple even ships MacOS X with many files being single-fork (data only) with file extensions, where formerly this was not done. An example is fonts, many of which now bear .otf extensions.
Windows shares, FAT-formatted media, and Joliet (Windows CD-ROM format) media are all common.
As for Linux, both magic and xattr are lame. They both cause extra disk seeks. At 5 ms per seek, a directory with 200 files will take an extra second to examine. With 2000 files, that's an extra 10 seconds. File magic is inaccurate and, worse yet, fundamentally unfixable by the user. The xattr feature is usually disabled, doesn't work on all filesystems (hello FAT), isn't even remotely portable, and suffers from xattr marks getting lost by unaware tools.
"open the ones it understands while ignoring the rest"
I browse to the file in any of GNOME, Windows XP, Vista, KDE, or MacOS X. I click or double-click on the icon for that file, as is appropriate for my OS. The OS runs the app associated with ogg files. The app does not understand the file.
So you think the app should then IGNORE the file? Woah. I click and nothing happens. Sweet. That's a user experience all right!
The use of ogg for audio helps to make Ogg Theora unviable, because clicking on an ogg file will start an audio player.