Version 1.0 had six security-related bugs that have now been fixed, and a new verison is out (1.0.1). If you compare this to version 1.0 of any proprietary Web-related software, I think you'll see the difference. Six sounds like a big number until you start having to use more than just fingers and toes to keep track of JUST the major security problems!
Mozilla is also easier to find those bugs in. I feel much more confident that Mozilla's security problems will be found and fixed than I do with any proprietary software.
1) C++ is a low-level language with a small number of high-level extensions that are much harder to use than in any truly high-level language. No run-time instantiation of code, no closures, no eval. C++ is not a high-level language, all advocacy asside.
2) Operator overloading is terribly useful You are absolutely right, and I would never question that. It's also one of the easiest things to do to your language to make it deadly to maintain. I've seen C++ programs that use * to access encapsulated objects, () to reverse order items, and all sorts of other heinous things that have made me cringe whenever I have to debug someone else's C++. In C, macros are bad enough, but at least they don't change the basic semantics of the language.
3) Multiple inheritence can also be useful Again, of course it can. That's not a good enough reason to slap it on the language. It needs to fit cleanly and without causing more problems than it solves.
4) There are four casting operators for a reason. You're not supposed to cast in C++. That's got to be one of the funniest things I've ever heard about any programming language. Thanks.
5) And templates are mana from heaven. Templates are a work-around for not having high-level language constructs. I would like templates if my goal were to write a high-level language, but it would be torture to have to use them all the time. Just look at the contortions you have to go through for iterators. In a high-level language, you just iterate because integers and database connections aren't all that different.
6) take that, Java [...] beats the Java [...] Java is a somewhat cleaner C++. It has a much nicer object model, but ulitmately Java's problems are more crippling than C++'s. Please don't use Java as a counter-example of useful high-level languages. Python, Perl, Scheme, CL and their ilk are where I'd go to compare.
7) If you take a look at the equivilent data structures in C, you'll realize how much better the STL is. C is a hard-core low-level language. It's the ultimate roll-your-own and about as low-level as you can ever get and still remain portable (that was, after all the goal). Libraries like glib (which have many of the things you're used to in STL) add on some very nice features, but ultimately C always remains low-level. If you want high-level constructs, you program in a high level language and use C to write the bits that need to be efficient. Best tools for the job. A useful motto.
IMHO the time has come to pick the best of bread and go with one shell. Others should be around as "extras", but we should all decide what the primary shell for all UNIX and UNIX-like systems should be.
Most users seem to use bash under Linux. [t]csh is most popular under Solaris. ksh is the HP/UX fav. *BSD users tend to stick with the csh-shells.
And then, of course there's zsh, which I use sometimes at work because there's a cluster of zsh geeks who have added some nice dotfile goodies for it.
What's the best shell? It really doesn't mater. Quoting is saner in the sh-variants. Command-line editing, history etc is better in zsh and bash. Variable syntax is nicer in (especially arrays) in *csh. Functions are most powerful in the later-day *sh variants. POSIX specifies a subset of most sh implementations.
Personally, I think bash should take over the world just because it's what lots of Linux systems expect as the root shell, it ties for best of many features with zsh. Has most, if not all, of ksh and ships with most platforms as included or optional add-on.
The basic strength of the GPL is that it is optional. You do not need to be bound by the GPL in order to use GPLed software. Given that, I don't really see how version 3 of the GPL can combat trusted computing. Will it address software that makes use of trusted computing features? That would be a mistake, given that hardware-assisted system security will likely benefit greatly from the hardware DRM features. It would be nice, for example, to have system logs be absolutely protected from tampering by hardware DRM.
I dunno. I'll wait for the draft and see then. For now "You may distribute this software under version 2 of the GNU General Public License (GNU GPL) or, at your option, any later version" will continue to be in my programs.
C++ was a noble idea, a worthy goal and a wonderful experiment. Sometime around '91-'95 the C++ community should have smartened up and realized that the language was growing so many tumerous work-arounds for the basic problems in its design that it wasn't worth the effort.
Can we all just send Bjarne a thank-you note for the effort and go back to C? If you want a high-level language, use one (Scheme, Python, Perl, CL, it really doesn't matter a whole lot) and write the code that you need to be efficient in C (and in some cases, even assembly).
Problem solved.
BTW: In case anyone thinks I'm just a mindless anti-C++ bigot, I really do like the basic idea. I think if it had stopped at adding classes to C, it might have been workable. But there were too many places in the design where the old C tradition of giving you enough rope to hang yourself was extendted to hights undreamed. Overloading was the first and most obvious mistake. Nice feature, but let's face it: even the core libraries found themselves seduced into turning the bitwise shift operator into an IO method. Then there was C++'s unfortunate foray into multiple inheritance. But, I knew it was truly over the day I learned that there were now *four* different casting operators!
It's too bad, but I think we learned a lot. Time to shut off the lights and move out.
Or, for much less than $129 I can get an OS (Windows XP), that absolutely runs MS Office and which definitely runs vrtually all other Windows apps.
Linux is useful and fun for us nerds, but is a bit of a sell to non-nerds, and I don't see the above selling proposition as favoring SUSE for desktop applications -- Linux has no inherent appeal to non-nerds.
Linux appeals to many demographics. The key is that Linux is not actively marketed to those demographics. Every home user I've gotten to really try out Linux has found that it meets or exceeds most of their needs, and the big seller is that it saves them having to go out and purchase dozens of software packages that just come with your average Linux distribution.
I disagree that hiding intellegence is a worthwhile goal. I know of many people that do not (and probably could not) hide their intellegence, and yet fit into social groups that are not as intelligent. What's hard for many people who can reason faster than most of their peers is that they never achieve the ability to communicate
This sort of communication is frought with pitfalls and traps and seeming illogic. It may not even be an interesting problem to solve, as much of the complexity involved has to do with human defence mechanisms, which will not be present in full in any AI we produce (unless we do so my copying the structure of a human brain, which seems to be a technology that is quite a ways off).
A machine should be able to, for example, explain a concept slowly and in ways that can be understood by the listener without feeling that their dominance is in question (thus resorting to sarcasm or being condescending) or that they need to respond to a challenge to their dignity (thus giving up or pushing the person to understand things they aren't ready for).
That covers much of the problem with teaching. Then the reverse has many of the same pitfalls. You have to be able to know when to accept incorrect information or incomplete responses or to give incorrect information.
I remember a time in High School when I realized that people who said "what's up" didn't want an answer, but just an acknowlegement. The problem? I could not bring myself to "violate" my own understanding of what it meant to communicate. I understood that sayind "s'up" in response would be sufficient, and even appreciated, but I couldn't say it. It seemed alien and wrong. Therein lies the rub!
That depends on your metrics. When you speak of abstract throught, you're automatically applying a set of logical "filters" that have to do with evaluating the intellegence of humans whith whom you interact and "opponents" with whom you must contend. In many ways, many machines already out-think humans in creative ways, but they are savants for the most part, only capable of thinking in narrowly pre-determined areas. We are constrained this way too. We cannot think four-dimensionally, for example. But, we do not consider that to be a major limitation. Perhaps someone who could think four-dimensionally would think of a human mind as "unintelligent".
Bottom-line: machines keep getting smarter, but the problem of CONVINCING A HUMAN that you are smart means having some sort of survival and/or communication skills. Those problems are probably still 5-20 years off and involve massive learning simulations that will take years to evolve a suitable program. In the end, we'll probably be able to cut down on the time it took nature to create a human brain by a factor of several million, and improve on it substantially (removing a lot of the archaic reflexive responses, and replacing them with the ability to work in very large groups without breaking down, etc).
There are four issues at stake here, and I'm sure Microsoft's lobbiests will try to confuse them, so let's not help.
1. What license should government funded projects use: the answer is, of course, the same as has always been the case: none. Government funded development is by default Public Domain and always should be!
2. Should government dollars be spent (ala NSA extensions to Linux security) to modify GPLed software? Answer: yes, but only where it makes sense. The way MS wants this argument to go is this: Gov$$ should not go to GPLed programs; NSA cannot update Linux (as an example); Linux cannot be made secure to NSA specs; Govt cannot use Linux. The (I hope) obvious solution is that the NSA can make mods to GPLed software, just as they have been known to make mods to proprietary software. The diffs are, of course, theirs. They wrote the code, they own it. If they feel that it's not a matter of national security, they can release the code diffs (without context, of course) as Public Domain, just as schools used to release UNIX security and bugfix diffs. The derived product will, of course, be under the GPL. No problems here. (see #4 for why this is a bit of a red herring argument)
3. Should Govt be allowed to use open source software and specifically GPLed software. Yes, certainly. There is no more restriction on GPLed software than proprietary software. In fact, since you're not allowed to distribute mods to proprietary software at all, it's much more open. If the government chooses to use BSD or GNU/Hurd or Linux or whatever, they certainly should. Integration should be opened for the normal RFP/bidding process, of course. Proprietary software must be able to compete in the market fairly, but so must free/open software!
4. Here comes the really ugly one: should govt. be allowed to modify software. Yep, that's what Microsoft really wants to ask. They want the govt to not be able to code, and thus be totally dependant on software companies. Bottom line: this is why open source software exists. Choice, period.
This is a non-argument if you apply sufficient logic, folks. Don't let yourself get lead into a license debate when what's really going on is MS trying to strong-arm congress into disallowing open source software in government.
Correct. Sorry, I was thinking of one of the other Ximian folks (who'se name I've forgotten, of course). Not Miguel, but the other one who was interviewed recently (not on slashdot, but slashdot had a link to the interview).
This is emenantly reasonable. Ximian (Havoc's company) exists to serve corporate users via Gnome and the Ximian/Gnome applications. This is their focus, and as with every open source development projet the thing that any given developer or group of developers should focus on is what they care about most (scratch your own itch, and you will care about it).
I think one of the things that people forget most often is that the corporate users is, by and large, are us. Yes, some of the people who read this are in school, but soon (and sooner than you might want) you will be joining the workforce. If you work on open source software now, will you stop because you got a job? I certainly didn't.
To say that Ximian or Red Hat or IBM or Transmeta or Cisco or HP (the company, not Havoc:) or Mass General Hospital or MIT has "hijacked" open source development is to ignore that OSS' biggest strength is that we are the developers and we are the users.
What many in the development community are having a hard time with is that the early adopter phase is ending and more traditional development is going on. This is because more traditional developers are realizing that they too have itches to scratch!
You might want to read more carefully. The DMCA does say that reverse engineering is allowed, but only for purposes of developing interoperable software:
(f) REVERSE ENGINEERING- (1) Notwithstanding the provisions of subsection (a)(1)(A), a person who has lawfully obtained the right to use a copy of a computer program may circumvent a technological measure that effectively controls access to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program that are necessary to achieve interoperability of an independently created computer program with other programs, and that have not previously been readily available to the person engaging in the circumvention, to the extent any such acts of identification and analysis do not constitute infringement under this title.
Now, as for restricting free speach... heh. The law makes security testing semi-legal by defining a number of tests for legitimate testing. One of these is
whether the information derived from the security testing was used or maintained in a manner that does not facilitate infringement under this title
This phrase is scary as hell for people who do security testing, since their activities are essentially judged based on how well behaved their audience is. This is why companies that do security audits are (as in the case of the Red Hat audits) requiring that the results not be released. If they are released to the public, then those security audits could be construed as a violation of the DMCA! So you are right. The DMCA does not restrict speach per se. It just makes companies that perform security evaluation scared as hell to speak....
If you wish to argue these points further, please cite the specific portions of the text that you feel contradict what I've said here. Thanks.
How can you say that "standards" are what lead to wide-spread adoption? The IBM PC was a defacto standard that was mutated through a thousand little and large vendors who changed it over time. It maintained its dominance mostly because the market deeply wanted a cheap, flexible option, and was not unduly bothered by the constant shifing standards (XT->IDE->ATA/xxx->?, ISA->EISA->VESA->PCI->AGP, etc, competing video "standards" that weren't, etc, etc).
Same goes for Windows. Here's an example of a locked-in proprietary solution. You'd think that they could remain internally consistant, but APIs change radically every release. You go from one widdget API to another. Support is dropped at odd times. DDE becomes COM becomes COM+ (nothing like COM, of course) becomes.Net, etc.
Now you pan over to protocols. Have you tried to code against SSL only to have to re-code because now the target you want to talk to is SSL3, and your code no longer works? Have you tried talking to SMB only to have Microsoft add in another spin?
These are all widely adopted de-facto or even well organized standards. They change. They break backward compatibility from time to time. This is software (and in some cases, hardware). Cope.
Ding! This is the correct answer. Yes, telling people about security holes is a DMCA violation under every interpretation of the law that I've seen (other than the cursory, "it only covers copying mp3s d00d!")
Out of context (the parent was modded down) your comment seems a little odd. One lousy key is a pretty huge item. There are 104 (2?) keys on your average PC keyboard, and there are very few of those that I'd be willing to part with (scroll lock I can do without). If a keyboard didn't have an enter key or a control key, I wouldn't buy it....
And now you can all laugh at the sick guy (I have a head cold) for describing how a rotating cypher attack can be used against an OTP, thus rendering a century of research moot.
I'm also confused by the assertion that OTP suffers from known plaintext attacks, but his does not.
For those not clear, let me explain: in an OTP, you might say:
"take pad K (a sequence of random bits) and xor it with plaintext P."
This is both the encryption and decryption step. If you know that I'm likely to be talking about the "World Trade Center", you can then plug that key phrase into the resulting cyphertext at every possible point and look at the result. If you get a message back that looks like:
"T*e atta** **ll *e at ******* on t*e World Trade Center"
you can be pretty sure that you've identified part of the message because the result looks an awful lot like reasonable english. There are statistical ways to do this without having to attack it by eyeballing english. They're even pretty reliable.
Of course, I'm oversimplifiying, but bottom line: I don't see how you can perform "one-time-pad-like" unbreakable encryption and not suffer from this problem without also solving the problem for OTPs.
Now, on to "MTPs". If your idea is: "use an OTP as the generator for a function which produces many pads in a pre-determined sequence", stop now it's been done. If your idea is: "use an OTP plus a permutor as the generators for a function which produces one OTP per unique permutor", stop now it's been done.
I'm not talking about weaknesses. I'm saying you can't patent these ideas because they are as old as the hills.
I really can't say MacOS X is a more attractive commercial solution than XP [...] a closed UNIX variant
Wowza! I need to start paying attention. Last I knew, Darwin (the OS part of MacOS/X, not to be confused with the proprietary GUI, Aqua) was an open source project! Man, am I behind the times!
It was Larry Niven who predicted the idea of "flash crowds". Of course, he was envisioning physical crowds via teleportation, but the basic idea still holds. It's only going to get worse as more and more people use the net.
Look at it this way: in a primative society, a clan or village would usually have a storyteller or sage who gathered the news of the world in story form and re-told as appropriate. We should not be supprised that it takes millions, perhaps even hundreds of millions of people to be the story-tellers to 6 billion (that's a US billion).
If the Internet had a higher percentage of useful sites for news (not just talking jpeg-heads, but innovative ways of conveying the STORIES that the news represents), then no one of them would be loaded down and the backbones would be the only bottleneck. Notice that so many of us flocked to Slashdot when the towers fell? Wonder why? Because Slashdot, for good or ill, is our community's storyteller, and we instinctively come here to understand how our community is reacting.
Man! I agree with you and your post makes me want to argue against it....
I think what you want to say is this:
In cases such as ignorning a burn center's request to lower the temp on your coffee because your market research shows that the burn cases won't cost you as much money as you save buying cheap beans, there's clearly a certain amount of neglegence.
Then the question becomes is that neglegence criminal? If we had an effective process for going after such cases and prosecuting them a criminal neglegence cases rather than relying on the victims to launch a civil case, then it would be entirely reasonable to remove punative damages. But, somehow we got it in our heads that making someone "pay" meant litterally setting a price tag on any given transgression.
And you are right - the basis of quantum physics is that you CANNOT measure the photon properties using any technique at all without altering them. If there is a clever way around this it would mean that the laws of physics as we understand them are quite wrong.
Could have been said, circa Newton: "The basis of physics is that time's passage is constant between any two bodies. If there is a clever way around this, it would mean that the laws of physics as we understand them are quite wrong."
Could have been said, circa Einstein: "The basis of relativistic physics is that actions happen independantly and interact through the transfer of energy, which is bounded by C... quite wrong... God... dice...":-)
It's not that Newton was "quite wrong" or that Einstein was "quite wrong", but rather that they were both correct for a certain problem domain. I suspect that the current work on quantum cryptography will fall apart once we get the GUFT nailed down.
Symmetric key cryptography is sensitive to brute-force and possibly cryptanalysis
Everything is susceptable to brute force. Don't buy it? Try to keep a secret, and I will send some brutes over to your house to torture you... Brute force always works:-) FWIW, I think I was on crack, and said "symetric key" when I meant "asymetric key". Obviously, broadcasting your symetric key over public media, as I suggested, would be a very bad thing:-)
Sending a courier with symetric key data or a one time pad has the disadvantage of being subject to undetectable interception. When you send 6 couriers with the public portion of an asymetric key, any 5 of them can be intercepted, but a) getting the public portion does not allow decryption and b) replacing the courier/key can be detected by comparing all 6 when they arrive. Expand the number of couriers as required.
Even photons must create some gravity. It would be possible to detect them if the detector was sensitive enougth.
You miss the point. The information is not encoded by modulating the frequency or the amplitude of the photons, it's done by manipulating quantum variables that are sensitive to observation. So, when you snoop the data, you change it, and the stream becomes corrupt. Personally, I just don't see how this beats symetric key cryptography where you can communicate the public portion in the clear (e.g. encode it into public transmissions or send out six couriers with the same info, since you don't care if one of them is intercepted).
I wasn't concerned with what KDE folks do. Don't take that the wrong way, I'm not concerned with what Gnome folks do, or Xm (sp?) or any other desktop.
This is going to be hard for the community to swallow, and in the end it will cause a lot of die-hard people to get very angry. But, the bottom line is: there will be no Gnome or KDE desktops in 5 years. There will be Gnome and KDE applications and libraries, but the desktop is getting more and more abstracted out of the control of the various software platforms on which desktops are built.
Once that happens, I'll be very interested in finding out how desktop software projects respond. Clearly interoperation between applications that rely on different back-ends will become more and more of an issue. I know that the "camps" have been saying that "cut-n-paste is enough" for a long time, but that toon will have to change if, e.g., KMail wants to take advantage of evolution's user-base or Mozilla starts getting increasing numbers of bugs filed against failure to use Galeon, Konq or lynx's bookmarks.
Heck, free operating systems may eventually be dragged, kicking and screaming into the world of well-integrated software:-)
Ximian, Red Hat, KDE, Gnome, Bluecurve.... what do all of these terms have in common?
They're not window managers. Please, do not confuse integrated desktop systems (KDE, Gnome), desktop distributions (Ximian) and themes (Bluecurve, Ximian North) with window managers (metacity, kwm, sawfish, windowmaker, twm, etc).
Version 1.0 had six security-related bugs that have now been fixed, and a new verison is out (1.0.1). If you compare this to version 1.0 of any proprietary Web-related software, I think you'll see the difference. Six sounds like a big number until you start having to use more than just fingers and toes to keep track of JUST the major security problems!
Mozilla is also easier to find those bugs in. I feel much more confident that Mozilla's security problems will be found and fixed than I do with any proprietary software.
1) C++ is a low-level language with a small number of high-level extensions that are much harder to use than in any truly high-level language. No run-time instantiation of code, no closures, no eval. C++ is not a high-level language, all advocacy asside.
2) Operator overloading is terribly useful You are absolutely right, and I would never question that. It's also one of the easiest things to do to your language to make it deadly to maintain. I've seen C++ programs that use * to access encapsulated objects, () to reverse order items, and all sorts of other heinous things that have made me cringe whenever I have to debug someone else's C++. In C, macros are bad enough, but at least they don't change the basic semantics of the language.
3) Multiple inheritence can also be useful Again, of course it can. That's not a good enough reason to slap it on the language. It needs to fit cleanly and without causing more problems than it solves.
4) There are four casting operators for a reason. You're not supposed to cast in C++. That's got to be one of the funniest things I've ever heard about any programming language. Thanks.
5) And templates are mana from heaven. Templates are a work-around for not having high-level language constructs. I would like templates if my goal were to write a high-level language, but it would be torture to have to use them all the time. Just look at the contortions you have to go through for iterators. In a high-level language, you just iterate because integers and database connections aren't all that different.
6) take that, Java [...] beats the Java [...] Java is a somewhat cleaner C++. It has a much nicer object model, but ulitmately Java's problems are more crippling than C++'s. Please don't use Java as a counter-example of useful high-level languages. Python, Perl, Scheme, CL and their ilk are where I'd go to compare.
7) If you take a look at the equivilent data structures in C, you'll realize how much better the STL is. C is a hard-core low-level language. It's the ultimate roll-your-own and about as low-level as you can ever get and still remain portable (that was, after all the goal). Libraries like glib (which have many of the things you're used to in STL) add on some very nice features, but ultimately C always remains low-level. If you want high-level constructs, you program in a high level language and use C to write the bits that need to be efficient. Best tools for the job. A useful motto.
IMHO the time has come to pick the best of bread and go with one shell. Others should be around as "extras", but we should all decide what the primary shell for all UNIX and UNIX-like systems should be.
Most users seem to use bash under Linux. [t]csh is most popular under Solaris. ksh is the HP/UX fav. *BSD users tend to stick with the csh-shells.
And then, of course there's zsh, which I use sometimes at work because there's a cluster of zsh geeks who have added some nice dotfile goodies for it.
What's the best shell? It really doesn't mater. Quoting is saner in the sh-variants. Command-line editing, history etc is better in zsh and bash. Variable syntax is nicer in (especially arrays) in *csh. Functions are most powerful in the later-day *sh variants. POSIX specifies a subset of most sh implementations.
Personally, I think bash should take over the world just because it's what lots of Linux systems expect as the root shell, it ties for best of many features with zsh. Has most, if not all, of ksh and ships with most platforms as included or optional add-on.
The basic strength of the GPL is that it is optional. You do not need to be bound by the GPL in order to use GPLed software. Given that, I don't really see how version 3 of the GPL can combat trusted computing. Will it address software that makes use of trusted computing features? That would be a mistake, given that hardware-assisted system security will likely benefit greatly from the hardware DRM features. It would be nice, for example, to have system logs be absolutely protected from tampering by hardware DRM.
I dunno. I'll wait for the draft and see then. For now "You may distribute this software under version 2 of the GNU General Public License (GNU GPL) or, at your option, any later version" will continue to be in my programs.
C++ was a noble idea, a worthy goal and a wonderful experiment. Sometime around '91-'95 the C++ community should have smartened up and realized that the language was growing so many tumerous work-arounds for the basic problems in its design that it wasn't worth the effort.
Can we all just send Bjarne a thank-you note for the effort and go back to C? If you want a high-level language, use one (Scheme, Python, Perl, CL, it really doesn't matter a whole lot) and write the code that you need to be efficient in C (and in some cases, even assembly).
Problem solved.
BTW: In case anyone thinks I'm just a mindless anti-C++ bigot, I really do like the basic idea. I think if it had stopped at adding classes to C, it might have been workable. But there were too many places in the design where the old C tradition of giving you enough rope to hang yourself was extendted to hights undreamed. Overloading was the first and most obvious mistake. Nice feature, but let's face it: even the core libraries found themselves seduced into turning the bitwise shift operator into an IO method. Then there was C++'s unfortunate foray into multiple inheritance. But, I knew it was truly over the day I learned that there were now *four* different casting operators!
It's too bad, but I think we learned a lot. Time to shut off the lights and move out.
Or, for much less than $129 I can get an OS (Windows XP), that absolutely runs MS Office and which definitely runs vrtually all other Windows apps.
Linux is useful and fun for us nerds, but is a bit of a sell to non-nerds, and I don't see the above selling proposition as favoring SUSE for desktop applications -- Linux has no inherent appeal to non-nerds.
Linux appeals to many demographics. The key is that Linux is not actively marketed to those demographics. Every home user I've gotten to really try out Linux has found that it meets or exceeds most of their needs, and the big seller is that it saves them having to go out and purchase dozens of software packages that just come with your average Linux distribution.
I disagree that hiding intellegence is a worthwhile goal. I know of many people that do not (and probably could not) hide their intellegence, and yet fit into social groups that are not as intelligent. What's hard for many people who can reason faster than most of their peers is that they never achieve the ability to communicate
This sort of communication is frought with pitfalls and traps and seeming illogic. It may not even be an interesting problem to solve, as much of the complexity involved has to do with human defence mechanisms, which will not be present in full in any AI we produce (unless we do so my copying the structure of a human brain, which seems to be a technology that is quite a ways off).
A machine should be able to, for example, explain a concept slowly and in ways that can be understood by the listener without feeling that their dominance is in question (thus resorting to sarcasm or being condescending) or that they need to respond to a challenge to their dignity (thus giving up or pushing the person to understand things they aren't ready for).
That covers much of the problem with teaching. Then the reverse has many of the same pitfalls. You have to be able to know when to accept incorrect information or incomplete responses or to give incorrect information.
I remember a time in High School when I realized that people who said "what's up" didn't want an answer, but just an acknowlegement. The problem? I could not bring myself to "violate" my own understanding of what it meant to communicate. I understood that sayind "s'up" in response would be sufficient, and even appreciated, but I couldn't say it. It seemed alien and wrong. Therein lies the rub!
Will computers ever think like we do?
I hope not.
Will computers ever out-think humans?
Almost certainly.
How soon?
That depends on your metrics. When you speak of abstract throught, you're automatically applying a set of logical "filters" that have to do with evaluating the intellegence of humans whith whom you interact and "opponents" with whom you must contend. In many ways, many machines already out-think humans in creative ways, but they are savants for the most part, only capable of thinking in narrowly pre-determined areas. We are constrained this way too. We cannot think four-dimensionally, for example. But, we do not consider that to be a major limitation. Perhaps someone who could think four-dimensionally would think of a human mind as "unintelligent".
Bottom-line: machines keep getting smarter, but the problem of CONVINCING A HUMAN that you are smart means having some sort of survival and/or communication skills. Those problems are probably still 5-20 years off and involve massive learning simulations that will take years to evolve a suitable program. In the end, we'll probably be able to cut down on the time it took nature to create a human brain by a factor of several million, and improve on it substantially (removing a lot of the archaic reflexive responses, and replacing them with the ability to work in very large groups without breaking down, etc).
There are four issues at stake here, and I'm sure Microsoft's lobbiests will try to confuse them, so let's not help.
1. What license should government funded projects use: the answer is, of course, the same as has always been the case: none. Government funded development is by default Public Domain and always should be!
2. Should government dollars be spent (ala NSA extensions to Linux security) to modify GPLed software? Answer: yes, but only where it makes sense. The way MS wants this argument to go is this: Gov$$ should not go to GPLed programs; NSA cannot update Linux (as an example); Linux cannot be made secure to NSA specs; Govt cannot use Linux. The (I hope) obvious solution is that the NSA can make mods to GPLed software, just as they have been known to make mods to proprietary software. The diffs are, of course, theirs. They wrote the code, they own it. If they feel that it's not a matter of national security, they can release the code diffs (without context, of course) as Public Domain, just as schools used to release UNIX security and bugfix diffs. The derived product will, of course, be under the GPL. No problems here. (see #4 for why this is a bit of a red herring argument)
3. Should Govt be allowed to use open source software and specifically GPLed software. Yes, certainly. There is no more restriction on GPLed software than proprietary software. In fact, since you're not allowed to distribute mods to proprietary software at all, it's much more open. If the government chooses to use BSD or GNU/Hurd or Linux or whatever, they certainly should. Integration should be opened for the normal RFP/bidding process, of course. Proprietary software must be able to compete in the market fairly, but so must free/open software!
4. Here comes the really ugly one: should govt. be allowed to modify software. Yep, that's what Microsoft really wants to ask. They want the govt to not be able to code, and thus be totally dependant on software companies. Bottom line: this is why open source software exists. Choice, period.
This is a non-argument if you apply sufficient logic, folks. Don't let yourself get lead into a license debate when what's really going on is MS trying to strong-arm congress into disallowing open source software in government.
Correct. Sorry, I was thinking of one of the other Ximian folks (who'se name I've forgotten, of course). Not Miguel, but the other one who was interviewed recently (not on slashdot, but slashdot had a link to the interview).
This is emenantly reasonable. Ximian (Havoc's company) exists to serve corporate users via Gnome and the Ximian/Gnome applications. This is their focus, and as with every open source development projet the thing that any given developer or group of developers should focus on is what they care about most (scratch your own itch, and you will care about it).
:) or Mass General Hospital or MIT has "hijacked" open source development is to ignore that OSS' biggest strength is that we are the developers and we are the users.
I think one of the things that people forget most often is that the corporate users is, by and large, are us. Yes, some of the people who read this are in school, but soon (and sooner than you might want) you will be joining the workforce. If you work on open source software now, will you stop because you got a job? I certainly didn't.
To say that Ximian or Red Hat or IBM or Transmeta or Cisco or HP (the company, not Havoc
What many in the development community are having a hard time with is that the early adopter phase is ending and more traditional development is going on. This is because more traditional developers are realizing that they too have itches to scratch!
If you wish to argue these points further, please cite the specific portions of the text that you feel contradict what I've said here. Thanks.
How can you say that "standards" are what lead to wide-spread adoption? The IBM PC was a defacto standard that was mutated through a thousand little and large vendors who changed it over time. It maintained its dominance mostly because the market deeply wanted a cheap, flexible option, and was not unduly bothered by the constant shifing standards (XT->IDE->ATA/xxx->?, ISA->EISA->VESA->PCI->AGP, etc, competing video "standards" that weren't, etc, etc).
.Net, etc.
Same goes for Windows. Here's an example of a locked-in proprietary solution. You'd think that they could remain internally consistant, but APIs change radically every release. You go from one widdget API to another. Support is dropped at odd times. DDE becomes COM becomes COM+ (nothing like COM, of course) becomes
Now you pan over to protocols. Have you tried to code against SSL only to have to re-code because now the target you want to talk to is SSL3, and your code no longer works? Have you tried talking to SMB only to have Microsoft add in another spin?
These are all widely adopted de-facto or even well organized standards. They change. They break backward compatibility from time to time. This is software (and in some cases, hardware). Cope.
Ding! This is the correct answer. Yes, telling people about security holes is a DMCA violation under every interpretation of the law that I've seen (other than the cursory, "it only covers copying mp3s d00d!")
Please mod up the parent.
Link works fine in Moz on Windows. Loads pretty fast, though it's image-heavy and a pretty awful page in general.
Out of context (the parent was modded down) your comment seems a little odd. One lousy key is a pretty huge item. There are 104 (2?) keys on your average PC keyboard, and there are very few of those that I'd be willing to part with (scroll lock I can do without). If a keyboard didn't have an enter key or a control key, I wouldn't buy it....
Would you?
And now you can all laugh at the sick guy (I have a head cold) for describing how a rotating cypher attack can be used against an OTP, thus rendering a century of research moot.
:-)
I'm going home now...
I'm also confused by the assertion that OTP suffers from known plaintext attacks, but his does not.
For those not clear, let me explain: in an OTP, you might say:
"take pad K (a sequence of random bits) and xor it with plaintext P."
This is both the encryption and decryption step. If you know that I'm likely to be talking about the "World Trade Center", you can then plug that key phrase into the resulting cyphertext at every possible point and look at the result. If you get a message back that looks like:
"T*e atta** **ll *e at ******* on t*e World Trade Center"
you can be pretty sure that you've identified part of the message because the result looks an awful lot like reasonable english. There are statistical ways to do this without having to attack it by eyeballing english. They're even pretty reliable.
Of course, I'm oversimplifiying, but bottom line: I don't see how you can perform "one-time-pad-like" unbreakable encryption and not suffer from this problem without also solving the problem for OTPs.
Now, on to "MTPs". If your idea is: "use an OTP as the generator for a function which produces many pads in a pre-determined sequence", stop now it's been done. If your idea is: "use an OTP plus a permutor as the generators for a function which produces one OTP per unique permutor", stop now it's been done.
I'm not talking about weaknesses. I'm saying you can't patent these ideas because they are as old as the hills.
I really can't say MacOS X is a more attractive commercial solution than XP [...] a closed UNIX variant
Wowza! I need to start paying attention. Last I knew, Darwin (the OS part of MacOS/X, not to be confused with the proprietary GUI, Aqua) was an open source project! Man, am I behind the times!
It was Larry Niven who predicted the idea of "flash crowds". Of course, he was envisioning physical crowds via teleportation, but the basic idea still holds. It's only going to get worse as more and more people use the net.
Look at it this way: in a primative society, a clan or village would usually have a storyteller or sage who gathered the news of the world in story form and re-told as appropriate. We should not be supprised that it takes millions, perhaps even hundreds of millions of people to be the story-tellers to 6 billion (that's a US billion).
If the Internet had a higher percentage of useful sites for news (not just talking jpeg-heads, but innovative ways of conveying the STORIES that the news represents), then no one of them would be loaded down and the backbones would be the only bottleneck. Notice that so many of us flocked to Slashdot when the towers fell? Wonder why? Because Slashdot, for good or ill, is our community's storyteller, and we instinctively come here to understand how our community is reacting.
Man! I agree with you and your post makes me want to argue against it....
I think what you want to say is this:
In cases such as ignorning a burn center's request to lower the temp on your coffee because your market research shows that the burn cases won't cost you as much money as you save buying cheap beans, there's clearly a certain amount of neglegence.
Then the question becomes is that neglegence criminal? If we had an effective process for going after such cases and prosecuting them a criminal neglegence cases rather than relying on the victims to launch a civil case, then it would be entirely reasonable to remove punative damages. But, somehow we got it in our heads that making someone "pay" meant litterally setting a price tag on any given transgression.
And you are right - the basis of quantum physics is that you CANNOT measure the photon properties using any technique at all without altering them. If there is a clever way around this it would mean that the laws of physics as we understand them are quite wrong.
... quite wrong ... God ... dice..." :-)
:-) FWIW, I think I was on crack, and said "symetric key" when I meant "asymetric key". Obviously, broadcasting your symetric key over public media, as I suggested, would be a very bad thing :-)
Could have been said, circa Newton: "The basis of physics is that time's passage is constant between any two bodies. If there is a clever way around this, it would mean that the laws of physics as we understand them are quite wrong."
Could have been said, circa Einstein: "The basis of relativistic physics is that actions happen independantly and interact through the transfer of energy, which is bounded by C
It's not that Newton was "quite wrong" or that Einstein was "quite wrong", but rather that they were both correct for a certain problem domain. I suspect that the current work on quantum cryptography will fall apart once we get the GUFT nailed down.
Symmetric key cryptography is sensitive to brute-force and possibly cryptanalysis
Everything is susceptable to brute force. Don't buy it? Try to keep a secret, and I will send some brutes over to your house to torture you... Brute force always works
Sending a courier with symetric key data or a one time pad has the disadvantage of being subject to undetectable interception. When you send 6 couriers with the public portion of an asymetric key, any 5 of them can be intercepted, but a) getting the public portion does not allow decryption and b) replacing the courier/key can be detected by comparing all 6 when they arrive. Expand the number of couriers as required.
Even photons must create some gravity. It would be possible to detect them if the detector was sensitive enougth.
You miss the point. The information is not encoded by modulating the frequency or the amplitude of the photons, it's done by manipulating quantum variables that are sensitive to observation. So, when you snoop the data, you change it, and the stream becomes corrupt. Personally, I just don't see how this beats symetric key cryptography where you can communicate the public portion in the clear (e.g. encode it into public transmissions or send out six couriers with the same info, since you don't care if one of them is intercepted).
I wasn't concerned with what KDE folks do. Don't take that the wrong way, I'm not concerned with what Gnome folks do, or Xm (sp?) or any other desktop.
:-)
This is going to be hard for the community to swallow, and in the end it will cause a lot of die-hard people to get very angry. But, the bottom line is: there will be no Gnome or KDE desktops in 5 years. There will be Gnome and KDE applications and libraries, but the desktop is getting more and more abstracted out of the control of the various software platforms on which desktops are built.
Once that happens, I'll be very interested in finding out how desktop software projects respond. Clearly interoperation between applications that rely on different back-ends will become more and more of an issue. I know that the "camps" have been saying that "cut-n-paste is enough" for a long time, but that toon will have to change if, e.g., KMail wants to take advantage of evolution's user-base or Mozilla starts getting increasing numbers of bugs filed against failure to use Galeon, Konq or lynx's bookmarks.
Heck, free operating systems may eventually be dragged, kicking and screaming into the world of well-integrated software
Ximian, Red Hat, KDE, Gnome, Bluecurve.... what do all of these terms have in common?
They're not window managers. Please, do not confuse integrated desktop systems (KDE, Gnome), desktop distributions (Ximian) and themes (Bluecurve, Ximian North) with window managers (metacity, kwm, sawfish, windowmaker, twm, etc).