Slashdot Mirror


User: Junta

Junta's activity in the archive.

Stories
0
Comments
6,549
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,549

  1. I don't think that's right... on Mastering POSIX File Capabilities · · Score: 1

    Seeing as how you can make an unprivileged account and those programs are prevented from doing this or that. It's just that all recommendations/forums/etc/etc have *always* said 'always run as an administrator account' because Windows applications as a rule may not be well designed for a well secured environment.

    If *everything* was setuid, it wouldn't matter whether you had administrator privilege or not. Also, runas wouldn't be needed for privilege escalation.

  2. Re:Recently become available? on Mastering POSIX File Capabilities · · Score: 4, Informative

    POSIX capabilities are old, the ability to store which capabilities are permitted just like ACLs/owner/permission is new.

    So before, ping gets executed and it's up to ping code to assume/give up unneeded POSIX capabilities as permitted by the rather broad setuid bit. Now, it's execed only with the appropriate capabilities even being possible, without needing the rather broad setuid bit being set. Setuid can be safe with effort, but if the program can operate under a more specific security context, all the better.

  3. Funnily enough.. on Flash Vulnerabilities Affect Thousands of Sites · · Score: 2, Insightful
    gnash does exist, it's a flash clone. So yes, an open-source 'solution' exists, that sn't mature. I can't tell whether you were being satirical in saying it doesn't exist, but just in case..

    As to the question at hand, I don't know enough detail about the vulnerability myself, however note:

    Stamos said Adobe is likely to update its Flash Player so it does a better job of vetting code variables before executing SWF files. But he said interaction with third-party code is such a core part of the way Flash works that updates to the player would likely provide only a partial fix. So while I do not understand the technical details, those that do understand believe some sort of player-side sanity checks would be good to mitigate the consequences. In the open-source world, they would be able to construct a proof-of-concept publicly of a 'hardened' flash plugin that may avoid glaring mistakes. He does concede that while a player-side change could mitigate the exposure, the servers must recompile their end to be complete. Could they do it with Gnash? Maybe, if Gnash was even complete enough to even support the features that can be exploited here, which I don't know.
  4. Not the correct comparison. on Mastering POSIX File Capabilities · · Score: 5, Informative

    Linux has had filesystem ACLs for ages (arbitrary lists of people with sets of permissions above and beyond user/group/world permissions).

    This is essentially a finer-grained setuid. I.e., before, the filesystem permission granularity was 'the /bin/ping program code is permitted to assume root privileges', because ping needed to do *one* thing that only root could do. Code in this position is generally thoroughly audited and such, but presume for a moment a user figured out a buffer overflow using some ICMP pattern that would cause ping to execute arbitrary code. If not written correctly, the results could be disasterous. If well written, the program code has dropped all but the capability it needed, but the kernel/permissions aren't forcing the issue so the code must be trusted.

    Enter this mechanism. Now, you can *force* the issue in the filesystem permissions to never even possibly allow ping anything but what it needed. If ping was badly written to not drop any privileges, and a malicious user overflowed, he'd still only be able to create raw sockets, and nothing more.

    This sort of complexity I'm not sure is dealt with in Windows (or how) I don't even know what may or may not need setuid to be a good example under their architecture. It certainly paves the way for future distributions to have a lot fewer setuid programs to worry about (though, on the flip side, programs with few enhanced capabilities may still be dangerous and yet be less obvious as it isn't setuid, file listing may have to be tweaked to reflect the kinda-setuid nature to leave awareness).

  5. The price comes in.. on Flash Vulnerabilities Affect Thousands of Sites · · Score: 4, Interesting

    With respect to the "No patch in sight from Adobe" part, of course. If such a flaw was discovered by security researchers in firefox, they could do better than merely report the problem, it is within their power to correct the code and issue a third party patch/update if mainstream won't act. The vulnerability may not intrinsically be due to the proprietary nature (though external code audits might arguably occur to help, but I wouldn't guarantee it), but solving those problems cannot be done in a proprietary system except by the vendor.

    The community might ignore such a patch, and it might not even happen that often, but if things were generally dire enough in a projects mainstream, a new leadership could fork the project and that is not unheard of in projects. Of course, it's common for distributions to apply security updates to their packages before upstream merges them, so it isn't *that* strange.

    Not related to security, but the current version of the flash plugin, for example, breaks compatibility with linux opera and konqueror due to Xembed, and packagers hands are kind of tied in terms of what to do about it. Of course, can also point out the ATI drivers, which suffer greatly from problems and are dealt with in a way that doesn't work.

  6. Re:They are more expensive and it won't change on Army Buys Macs to Beef Up Security · · Score: 1

    the ones Consumer Reports publishes every year and which indicate Lenovo laptops have about twice the failure rate. Citation needed. In my googling around, I keep finding Thinkpad and MacBook Pro listed among the top reliability, though Sony hasn't been mentioned. Sometimes they note Lenovo or Apple as being in the lead, but googling for either name by itself and reliability lead to articles not more than 5 months old mentioning those two consistently.

    If you're not interested in the features of a given laptop and look for a laptop without them you can find it cheaper? Really? I never would have guessed. You know if you're looking for a laptop and you're not interested in a functioning screen, you can get a lot of laptops cheaper than anything from Lenovo, mostly used Dells. But that's overstating. A functioning battery, screen, keyboard, pointing device, and networking capabilities I considered to be a general laptop. Yes, the Macbook pro has a few neat features, but then again the Thinkpads have more mouse buttons in the integrated pointer and the trackpoint that is more convenient for touch typst operation of a mouse. It's a trade-off, neither is a strict subset of the other.

    The laptop line is their most competitive offering in the desktop computing space (because any decent laptop vendor is still fairly expensive), and yet it simply will cost more. They do it intentionally, are fully aware their base will bear it, and probably don't think significant expansion can come outside of the embedded space, and therefore doesn't bother dropping prices. The desktop systems are hopeless (need to go over a thousand dollars before decent graphics accelerators exist, and can't get discrete components short of the uber-expensive mac pro).

    Now the iPhone, that is hands down competitively priced, if not bogged down with draconian business dealings between AT&T and Apple. Of course, all smartphones currently suck still, so I'm looking forward to a more fully featured second-gen iPhone, or to see what fruit the Android platform bears.
  7. Re:They are more expensive and it won't change on Army Buys Macs to Beef Up Security · · Score: 1

    Bluetooth is another $30 bucks I included that in my configuration.

    There is no option from Lenovo for 802.11n I left it out, but it's there for $25 dollars more, so add $25 to the T61p price.

    Does the T61p have a built in camera and microphone? Microphone yes, camera, admittedly no. I won't add the price of a webcam as I do recognize having it integrated is a value that isn't comparable to having a separate one, so Macbook pro has that feature (I personally haven't had use of a camera yet, but some people do)

    It has a Firewire port, but does it support Firewire disk mode? Probably not, that feature has been pretty exclusive to the Apple firmware/OS. It's probably quite feasible to implement a BIOS or OS image to do that, but not integrated. I can see theoretically that being useful, but
    I've never had cause to use it instead of a stateless recovery image that is a bit more general purpose.

    They might have the same size and speed of hard drives, but which one is more reliable and from a better manufacturer? What about the reliability of all the other parts? Given the Thinkpad warranty situation, it is in their best interest to invest up front. This is the sort of thing that is only resolved through ongoing market data

    How do the batteries compare? Fine, add the 80 dollar 9-cell battery to be on the safe side. My experience has been that battery life is pretty comparable.

    you still have a laptop that is almost twice as likely to need to be returned due to hardware failure. Huh? My whole point was that in my experience (in an environment of about 8 Thinkpads), reliability has been good and no service calls have needed to be placed.

    Your next paragraph is simply a restatement of your original point ignoring the point that alternative 'professional' league systems are still cheaper. I ignored the low end intentionally to address your point directly. Apple has some exclusive features (as you mentioned, integrated camera, firewire target mode, and I personally like the concept of the magnetic power connector, and of course, exclusive OSX). However, if you don't have explicit interest in those features, as a general laptop, it isn't worth it.
  8. Still doesn't make sense on Notebook Makers Moving to 4 GB Memory As Standard · · Score: 3, Interesting

    AMD and Intel both went with AMD's x86_64 architecture, back in the Pentium 4 days, before any multi-core x86 parts existed. In fact, the first multi-core x86 parts were x86_64 through and through, not any less capable of running 64-bit applications than the single core.

    I'm guessing you are confused because of the Intel Core Duo line that was prominent before Core 2 released. The Intel Core line was released after 64-bit P4s not because of inherent multi-core advantages, but because they realized how the NetBurst architecture was not working out, particularly in low TDP mandated environments like laptops (where they currently were using Pentium-M now, derived from Pentium-III). They released Core in an effort to have a more consistant offering, with lower TDP and better per-clock performance, forsaking 64-bit until Core 2 (except the Xeon family, which stuck with NetBurst until 64-bit was available via Core 2). It had nothing to do with multi-core and would have played out that exact same way if it was just single cores.

  9. Re:How can windows suck so much... on Notebook Makers Moving to 4 GB Memory As Standard · · Score: 1

    Well, to be fair....

    Solaris running on UltraSPARC is different, the processor architecture allowed 64-bit back in the 90s.

    OSX didn't even start 64-bit anything until the G5 came out, because they couldn't. Even then, I seem to recall a bit of weird, half-assery as they began 64-bit. When they announced the move to x86, many (including myself) were thinking it would be a great opportunity to start fresh with 64-bit and only 64-bit, seeing as how Intel64 and AMD64 had been around a while. Then it came out they were using exclusively the Intel Core architecture chips which didn't have 64-bit, and so now they are in a weird state again of 32-bit legacy. To be fair, Intel had no other chip with an appropriate TDP, and little did we know what Core2 was shaping up to be to explain why not AMD. Until Core2 came out, the x86 world did not have a nearly ubiquitous 64-bit extension. Windows XP was released before *any* x86_64 chips existed, they implemented a useless 64-bit XP as a stop-gap that no one cared much about. Vista was their first chance to release 64-bit meaningfully, and they did. Now the confusion over the 32-bit vs. 64-bit editions could cause problems (particularly since they seem to chose to pass the complexity to the users instead of mandating things that would hide the messy details). 32-bit exists because if they ever manipulate Vista to be appropriate for VIA systems, it preserves a market that could expand. I don't know why, since they were developing a new driver model anyway, they would choose not to at least mandate PAE testing and enable the full range of RAM that may support.

    I will also say Linux 64-bt was not without growing pains. A number of drivers upon being ported to 64-bit for a time had screwed up assumptions about allocations, overlooked a 32-bit value storing a pointer here and there, just a mess for anyone trying to follow the transition closely.

    I though agree reporting installed vs usable memory could be annoying, unless accompanied by a 'usable' figure. Microsoft has a tendency to do things in a strangely awkward way, that defies common sense. Having the customers worry about 64 v. 32 bit is a detail they shouldn't expect. Marketing requirements for different product should have been satisfied by the almost-as-confusing plethora of 'editions', so there isn't good justification. They decide people worry about not seeing the total amount of memory match what they paid for, so they patch that over, while exposing users to another potential misunderstanding. Vista's visual effects are ostentatious and aiming more for form than function. Meanwhile, OSX hides the 64-bit/32-bit complexity, offers a single OS variant, and applies Visual effects in a more subtle way when merely eyecandy and more appropriately when functional (i.e. expose). Of course, the marketing demands of a platform meant to move hardware is different from one that is intended to move itself intrinsically, but in the end, users endure an awwkard experience.

  10. Not garish at all... on Specs For the New KITT · · Score: 1

    Two wings in the back, generally riced out looking... nope, not the least bit garish...

  11. Must be boatload... on Specs For the New KITT · · Score: 2, Informative

    Well, the Viper already had it's supercar TV commercial... er... show in the 90s, but either way, it's not nearly as ubiquitous as the Mustang design or the Corvette design.

    Anyway, in the 90s, also, Ford essentially bought out Knight Rider anyway (after my consultation with Wikipedia). In 1997, a show called Team Knight Rider made a brief appearance with a whole set of Ford vehicles.

    After the 1991 flop (which GM was still involved with), the 1997 flop, you'd think Ford/NBC would be able to guess that 10 years later, not much is different.

  12. What makes most sense.. on Specs For the New KITT · · Score: 1

    Is whoever pays the most to be the supercar. Remember that commercial^H^H^H^H^H^H^H^H^H^Hshow that featured the Dodge Viper when it was new?

  13. They are more expensive and it won't change on Army Buys Macs to Beef Up Security · · Score: 1

    Actually if you compare just hardware, from other vendors with similar reliability ratings, Macs are about the same price as other PC hardware. I think this is an incorrect characterization. You compare Sony, but both Sony and Apple aim to be boutique electronic brands. Compare to brands like Lenovo (even when it was IBM) where they don't pretend to be stylish brands that are 'cool' enough to justify a wider margin. Price out a T61p model and compare to any equivalent macbook pro. I just tried, I had to up the spec on the T61p hard drive to be sure spindle speed and capacity were at least as good as bottom-of-the-line macbook pro (bottom pro is 120GB, but might be 7200rpm, so I gave T61p a 160GB 7200 rpm just in case, gave the thinkpad a 1680x1050, the other differences being the T61p has the quadro branded 8600 part instead of the geforce branded one, and the OS is of course different, to be fair I included the most expensive OS they offered, also added Bluetooth to be sure). I can't think of a single spec the T61p falls short of, is engineered for low warranty costs without giving a crappy warranty, and list price is $1,753, while the somewhat less decked out macbook pro is $1,999. If you went for the non-pro lines, you'll still find the equivalent product cheaper.

    Simple fact of the matter is that Apple is a more expensive brand that enjoys wider margins and they love it that way. They could probably drop prices to increase volume, but I'm sure their interpretation of the marketing data in front of them is that staying a boutique brand is the appropriate strategy as a business (i.e., brand acceptance won't go up enough to offset the profit margin drop).

  14. Re:OpenBSD??? on Army Buys Macs to Beef Up Security · · Score: 3, Insightful

    Being certified a Unix doesn't mean but one thing, your organization was willing to throw a pile of money at another organization, nothing more and nothing less. Which was implicitly his point, perhaps you missed the part...

    While openBSD may be more secure, remember the Army is about procedures Essentially declaring that perhaps one bullet point on a requirement to address this problem somewhere was 'UNIX platform'. Technical reality be damned, per the grandparent post, it could be the Army had that criteria and was therefore limited to Solaris, AIX, or OSX in terms of actively released/maintained platforms.

    Of course, even restricted to these choices, Solaris might have been a better choice. OSX is the sort of vendor lock in I would hope my taxpayer dollars wouldn't go toward supporting. Windows is bad enough, but with OSX you get lock-in of hardware and software. Recalling how skiddish the US government got about Thinkpads and the like when Lenovo bought those bits, I wonder what the contingency plan would be if Apple sold off their computing bits to an offshore company. Even in and of the software platform itself, despite the Darwin base, OSX software tends to require the proprietary Quartz/Cocoa underpinnings, so supporting third party software with new hardware without Apple's blessing would be challenging. Windows is a little better in terms of hardware support, but the software portion is bad enough, though at least there is an excuse of the market situation as to why they haven't thrown it out completely.

    Meanwhile, Solaris has an equally reputable backer, doesn't implement many proprietary APIs that common applications would make use of (AIX goes this far as well), has an unlocked x86 implementation (no hardware vendor ties, unlike any other officially certified UNIX), and is also under an open source license. In terms of an official UNIX with options for contingency plans, it doesn't get better than that.

    *BSD, Linux, et. al. may or may not be even better choices, but this was sticking strictly to the assumed criteria of being able to officially declare it a Unix system.

    BTW:

    The Aqua interface is no more special or better than KDE. Which may well be true, but wanted to emphasize the converse is not true. KDE/Gnome/Motif/Xaw/raw Xlib all have full stacks in terms of implementation available as truly open-source. If serious about security, the potential to audit your running stack as resources permit would be great. Also, goes back to the futureproofing mentioned earlier, if ultimately the organization can fork a private copy and do whatever the hell they want, they can avoid vendor lock in.
  15. Not just video... on RIAA Writes Its Own News For Local TV · · Score: 1

    Text mediums have published untouched press releases from companies and company groups for ages. So don't blindly assume television is all corrupt and sold out because of showing press releases and that text to some extent automatically lends credibility. Either you go with a big name in the media, which is far more likely to subject readership/viewership to propaganda press releases, or consult a number of smaller, independent sources (any one of which is likely to be subject to a greater degree of misleading editorial slant, so don't just trust any one). If you really care about a story, make sure it's reported amongst a number of sources and not suspiciously worded exactly the same, whether it be video or text medium. Also, try to be aware of the agenda behind the reporting agencies and be sure you read about it from sets of agencies with likely conflicting agendas with respect to the subject matter.

  16. To play devil's advocate for a moment... on RIAA Writes Its Own News For Local TV · · Score: 1

    I too was amused by the notion that a product that could only exist in a music lover's dream could really exist, just they wouldn't put it together.

    To be fair, a number of collections *can* be put together illegally for sale (or legally not for sale once purchased in other ways) that simply cannot possibly be legally put together by any single record company. Let's say for example, you liked for whatever reason, a handful of tracks by Green Day and The Offspring. Your 'dream' in this case could be a compilation of Greatest Hits between those two groups. However, according to Wikipedia, Green Day is under a label called Reprise, and Columbia Records has The Offspring currently. If either company didn't want the other to release such a thing, no matter what, it wouldn't happen.

    Also, I personally don't know how the business works with respect to signing rights over and transfer of rights with group transfer. It is conceivable that maybe you want merely a Greatest Hits of The Offspring covering their entire career from 1987 to today. The problem there is that depending on the time, one of four different record companies could own the rights to the song (if it works that once produced by the label, the label doesn't transfer those rights to new labels, which I don't know either way). So in order to release a comprehensive collection, you might need the cooperation of all four to go ahead with such a project.

    And finally, they could refer to the simple fact that a dream could encompass an existing product at an incredible price. In this case, bootleggers can charge for media+a little for themselves and be happy, while studios have to recoup production costs and such (which may be overinflated in the pricing, and don't forget the cost of all those lawyers for those nice lawsuits).

    This as described seems a shameful approach, essentially slipping a commercial in as news (however, in the text world, press releases are commonly like this and are published unaltered). On the other hand, I don't mind them informing the public about leeches that sell product that's no better than the public could illegally put together for themselves (except for the plausible deniability for the customer). If someone actually for whatever reason wants to support the industry as fubared as it may be, they should know how to meaningfully contribute to it..

  17. Re:Tempting Fate on Universe May Be Running Out of Time · · Score: 1

    ...destroying all life on Earth.I understand that one of the Manhattan Project scientists was taking bets on whether this would happen. Well, that's pretty obvious which way to bet. I'll always bet the human species will not go extinct. If I'm wrong, go ahead and try to collect.
  18. Re:Some calculations on Silicon Valley Startup Prints $1/watt Solar Panels · · Score: 1

    It will never solve all of our power generation Now I wouldn't proclaim that. As we more efficiently use power and drive up efficient gathering operation, the power needs might be met. I do agree that storing and distributing the power is an orthogonal problem that must be solved to provide dim areas with power.

    If we can extract on average enough electricity such that at any given instant it exceeds tho global demand for power, then can you be sure you have a sustainable power source for Earth until bigger problems arise that require us to not be on Earth anymore (fossil fuels after all are essentially merely solar power stored up over a very long time that is consumed in a much shorter period of time). Note this is all theory, but keep in mind that somewhat better than 20% efficient panels exist in exotic situations, and we drive down power usage per task.

    And while I agree with the sentiment about Solar power and heat, theoretically if the panel only got 20% of the power and acted like a mirror for the other 80%, then in the aggregate it would be less than a black roof would have done (however, I'm sure this isn't close to reality, but it's a theory that could mean something pulling double duty as a mirror and solar panel could do better than a roof tile alone).
  19. Mind the units... on Silicon Valley Startup Prints $1/watt Solar Panels · · Score: 1

    $0.07 per KWh isn't directly comparable to $1/W

    You need to know the lifespan of the solar panels in order to make that comparison. If it lasted one hour, yes, the panels would be less than 1% of 1% as efficient cost wise. If it lasted, say 10,000 hours, then it would be 7 times as cost efficient (breaking even at about 1500 hours). Of course, that's ignoring financial weirdness like capitalization and such. It also ignores that solar panels themselves are useless for continual power unless paired with some uber-efficient power storage technology that would add cost (how else do you get power at night and on cloudy days, how do you provide power during a week of rain). Also, real estate prices come into play, as solar panel power generation obviously requires more land as demand goes up, and since high power demand is near high population density areas, that hurts.

    I keep seeing Wh spoken of when comparing to solar, and it makes it non-trivial to compare since the cost of the 'fuel' in solar is free, it's just setting up your fuel collection costs money that you must recoup over time.

    That said, I think the current situation of solar demanding the most real-estate where prices are highest hurt it from power company perspective. It is however very interesting from a decentralized view. If I could cover my roof with these things, I might be able to drive a fair percentage of my own power (don't know what the Watts/square foot is for this).

  20. Not realize, exactly what they were planning for.. on Microsoft and Google Duke It Out For the Future · · Score: 2, Interesting

    From the day they decided they needed to crush Netscape and replace the web browser with something inherently tied to the OS that just so happened to not match everything else, they had been planning for this. The quote they sought (and still would like to see) was "My apps work when I use IE, but they don't work when I use ... ANYTHING ELSE." They wanted webapp developers to totally embrace VBScript/ActiveX controls and all sorts of goodies as they could think of that would keep people tied to an MS OS instance, *even* if all it was doing was rendering a foreign application. They even continue today with SilverLight to try to displace Flash.

    Of course, the vast majority of the general internet application landscape didn't play out that way (most ignore those things as they don't bring much that other technologies that are more universal do not). But they have been bitten by their own strategy. There is a Pocket Internet Explorer discussion out there where they explain that despite having flash support, they don't implement the VBScript a few select sites did implement to detect IE/flash. So they were bitten by the very sites that drank the Microsoft Kool-Aid.

    But all that aside, it's clear that IE isn't being specifically bitten by any spec deviance (I've not seen things in actual mass deployment not work with IE on the desktop), but it is true that most have avoided the MS-only featureset, and that leaves Microsoft rightfully worried that they will not be able to differentiate in a world where the OS for 90% of the users is merely what the web browser happens to be sitting on.

    For my part, I'm not crazy about a vision of a near-100% webapp-only world. It sounds like the dreamworld of tyrannical content providers (your meda player is a webapp, and thus we never give indefinite licenses). The seperation of data and presentation evaporates (today, mutt, evolution, thunderbird, or Google's web interface are all different ways of interacting with your mail, with useful differences). Webapps need to override drag and drop and right-click contextual menus to compete with the desktop paradigm, and today that doesn't work too well, and when it does I'm personally aggravated that I can't user my browser specified context menu. Privacy becomes even more complicated to protect. Yes, data backup and such becomes someone else's problem, but they won't necessarily protect for free your data from yourself (you delete something, it's gone without a recovery fee), whereas if you can own your data and back it up yourself, you have the option of protecting against that as well.

    All in all, long haul if it were only one of Microsoft or Google, then no matter who won, the users would ultimately lose.

  21. Re:Why not java? on Microsoft and Google Duke It Out For the Future · · Score: 1

    On the install issue, do you really think the process of writing the VM hard drive image to disk will be significantly shorter than the process of writing those same contents to the filesystem (bulk of any desktop install process time)? You will have to install, it doesn't magically get from point A to B without doing *something*, and that process won't be significantly aided by how that data will be interpreted once it gets in the right place.

    How is a bundled VM/application significantly less prone to customization than a standalone application? There is *one* question I ever see an application installer that is related to interoperating with the OS, and that is what directory. Every other question either refers to an intrinsic property of the application itself (program offers two interface strategies, which do you like) or the hardware (is your graphics card appropriate for us to run with x amount of detail at resolution y).

    Now, as it stands, managing each app in a separate VM would be incredibly painful. Each has it's own view on filespace, so two applications working on the same data may have mismatched views. Applying updates to each OS instance is aggravating, any software that any arbitrary OS instance is deemed to require to babysit it (i.e. anti-virus) would have to be licensed n number of times. Not to mention each application vendor would have to cover the cost of the OS license itself, if it preferred a commercial OS base (this could include a Linux image, where they need someone like Monta Vista or Red Hat to help them). Suddenly, from an application perspective, things are more complicated with devices. For example, now there is windowed, full-screen within vm, and I really mean it full screen. Do VMs have the right to hamstring other applications (i.e. if one VM is running something, and another starts Quake up, that means Quake must get fullscreen? How do you handle the privilege model in a way that's fundamentally better than a single OS image does it today?

    Add to that the resource management is even rougher, as you've just advocated a world where shared memory doesn't work, so each library instance *must* be loaded per VM.

    Now are there ways to make the VMs behave in a more smooth manner, but at the cost of bringing the exact same problems VM-per-app advocates seek to solve. Maybe the unified filesystem space is assembled through an internal network, but then you have the same filesystem co-existance situation that exists today (complete with the benefits and issues). Maybe you trivialize the things like requesting full screen so that anyone who asks for it gets it, like apps work today, but again, you've pretty much reverted to the same way things act today. The things that nothing short of segregation by VM instance take care of today are the same things that OSes can't address fundamentally for good reason. From a non-technical perspective, I can't imagine the licensing situation being set straight for OS images in a satisfactory way for software vendors. Also, you are then left with hypervisor requirements (Quake 10 only supports VMWare Desktop Hypervisor version 12, will not run with Xen hypervisor 9), so you just trade one set of requirements for another. The problems that VM/app advocates want to solve inherently require a tradeoff that simply doesn't make sense for the desktop usage, and just injects exact replacements or worse in terms of the problems they see today. Administrators take advantage of virtualization to great benefit in the server world to divide things appropriately, but are paid precisely because they can handle the complexity, and the staff/consultant manages the licensing situation themselves.

    The point is to use a reduced set of hardware to do what groups of servers already running separate images were purposed with historically, and thus the complexity isn't different for those groups, but it is a problem trying to replace usage patterns that come with single system image usage today.

  22. But it isn't... on The Advantages of Upgrading From Vista To XP · · Score: 1

    Not totally at least. 3D acceleration as architected today pairs X with kernel drivers for the DRI stuff. 2D acceleration can get by without a kernel module, but realistically speaking, that's relatively a trivial task in this day and age.

  23. Re:Vista is really annoying... on The Advantages of Upgrading From Vista To XP · · Score: 2, Informative

    1. IO scheduling is a relatively recent addition to the Linux world as well. IO operations could very much screw over the performance the CPU scheduler was trying to create. It's just that those cases at least under linux were a bit more corner case, but you could definitely run into issues with IO load and notice particularly in real-time apps (i.e. a movie player).

    2. Hot patching - I think this has been *possible* under Windows architecture, it's just that MS has been overcautious and lazy, not realizing the irritation they would create. To the credit of being overzealous and lazy, right now I've installed libcairo updates, and *know* the changes aren't in effect in my in-memory copies of programs, and nothing so much as a note telling a less savvy user that this is the case. Firefox bothers to tell you because it's the program I've noticed first and foremost get confused by on-disk updates different from in-memory copies, but the vast majority of library updates don't automatically restart the relevant processes (and if, say, a libcairo update would cause that, the user experience wouldn't be much better, as 98% of the apps the user was actually using would restart, not really better than a reboot).

    3. User-mode drivers under linux are not looked kindly upon in aggregate. Note, for example, the userland ZFS drivers, which discussions have indicated as being a poor-performer, due to the user-land nature. If MS has a path for userland drivers to be faster than Linux' userland drivers, that would be something to their credit. Or, of course, they could have decided it was worth the price and it contributes to the sluggishness Vista is accused of.

    5. I don't know how explorer is 'tied to the OS', but explorer can be skipped in favor of a shell replacement and alternative file managers do exist. I don't know personally about them though.

    6. That isn't a good characterization of process killing under Linux. Processes in Zombie state do not get killed that easily. However, zombie processes aren't *that* bad, but their existence either reflects a very bad state of the parent process (generally what the person noticing the bad performance is actually afflicted by) or by bad coding practice (some things do get fancy with SIGCHLD and screw it up). But the original comment was more along the lines of processes in uninterruptable sleep, which is really annoying and absolutely something that still bites a Linux system to this day. I don't know if Vista does a better job than Linux with whatever is described, or it's just brought to the same level, but Linux is not without unkillable tasks for various reasons.

    The first thing to realize is that Linux is far from perfect, there is always room for improvement. I wouldn't even be surprised if by some very specific feature, Vista managed to pull something off, but I'm not about to pay a dime to be able to make that determination one way or another, since Linux platforms serve me well and generally the community recognizes the shortcomings and works them. If not, FreeBSD or someone else would displace it given time.

  24. Re:Dear MS, Add DX10 to XP and just get it over wi on The Advantages of Upgrading From Vista To XP · · Score: 1

    From what I read, VMware trounces WINE in performance and compatibility. VMware in and of itself can't run a Windows application at all. However, Windows will run under VMware. So whether it's native Windows on the box or under VMware, the point is moot as you've paid microsoft the same either way. Also, vmware performance is not particularly good *especially* when it comes to getting 3D hardware support of the host to the guest (only the workstation edition has the hidden feature, and it sucks both performance wise and compatibility for Direct3D as a result). Even putting 3D aside, VMWare is a *heavy* penalty to IO performance.

    Meanwhile, Wine, when it does work, works a lot better. Graphical glitches in Direct3D games still exist, but not to the extent of VMware's graphics driver 3d feature. IO is snappy. WINE is an alternative implementation of the MS Libraries intended to run under alternative kernels/graphical infrastructures, not an emulator. However, Wine's implementation of the Win32 APIs is still far from perfect, and some applications will continue to misbehave for a while compared to Microsoft's implementation, whether it be under a virtual machine or natively.
  25. Oh... on The Advantages of Upgrading From Vista To XP · · Score: 1

    I googled a little bit and see that Windows capped it at 4GB. Linux had >4GB modes before x86_64 came along, wonder why Windows didn't let you use it, or was it something they reserved artificially for server level OSes?