Anecdotally speaking, it's amusing to note that PC Week is laid out, DPPed and so forth entirely on Macintoshes. The only part that happens on their beloved Wintel machines is the original composition.
(source: the PC Week humor and Q&A columnist, about a month ago)
One thing I like a lot right off -- I often avoid slashdot discussions because once they get above 150 postings or so, they take forever to load, and under NS4 you can't see them until the last has been. Now with the progressive display, I can get randomly flipped around parts of the discussion as tables render and the vertical size of the page jumps around. Which is actually a significant improvement.
I like it. It's coming along great. We're going to owe the Mozilla coders beer for pretty much the rest of their natural lives if they get this thing out the door.
FWIW, this sort of toilet seat is not all that uncommon -- it's often obligatory for handicapped persons, for some of whom it's difficult to get onto or off of a standard-height toilet. The better handicapped toilet seats have a 2-3" thick seat, though, and a somewhat different arrangement of hinge and plumbing to allow them to fold upwards.
Less structurally sound versions are those where the little feet on the underside of the seat (the ones that raise the seat 0.25" or so off the surface of the porcelain, useful for being able to easily raise the seat amongst other features) are replaced with much taller versions -- those with a knowledge of physics will recognize that this isn't nearly as structurally sound as the solid described above, and lateral force (such as leaning sideways searching for toilet paper) would have a much better chance of breaking the feet off, with the attendant potential for injury.
The article sounded insufficiently researched; the phrasing of that paragraph, logically, states "MS doesn't have easter eggs" and "an MS spokeman said... pride in product blahblahblah." So presumably the spokesman is just speaking the party line, and the first sentence is Ms. Claymon making a mistake. One big easter egg that comes immediately to mind is the long and elaborate win95 credits, which entailed making a folder on the desktop, renaming it a bunch of times, then opening it, which yielded a ~5m animation of a lot of names, teams, departments, etc., that made the thing. And while I regard win95 as a festering pile of badly engineered manure, I strongly feel that engineers should be able to include easter eggs, so long as they're made so you have to be deliberately looking for them to find them.
One conceivable reason for the over-18 stipulation has to do with the legal binding in the EULA -- since for the most part minors aren't (legally) considered capable of making any decisions, having them click a button agreeing to a license agreement doesn't necessarily make the EULA binding as it would be with an adult.
IOW, the American government's approach to dealing with minors sucks, as if that point needed any more reinforcement.
As it happens, there really is a company based around blue-green algae which announced its IPO fairly recently. The company's called Cell Tech, it's based in Oregon (I think), and gets most of its sales from network marketing (a fairly common recourse for companies that need a substantial sales volume and have nowhere near the capital necessary to foment a desire for their products). Mostly they make nutritional supplements based on the algae. They send some to improverished countries who have disease problems related to general malnutrition. The people I've encountered who were into it were a fairly nice lot, if a little scary from their extreme level of interest in a single cyanobacteria.
There was one curious thing about the article -- it stated that Hotmail signing on "adds legitimacy to the MAPS effort."
I've been known to be a bit perjorative about these things, but legitimacy is one of the last things I'd ascribe to the emissions of hotmail, and most services like it.
These take a radically different approach to file updates by logging modifications for files in a log and later at some time checkpointing the logs.
Reading is roughly as fast as traditional file systems that always update the files directly. Writing is much faster as only updates are appended to a log. All this is transparent to the user. It is in reliability and particularly in checking file system integrity that these file systems really shine. Since the data before last checkpointing is known to be good only the log has to be checked, and this is much faster than for traditional file systems.
Note that while logging filesystems keep track of changes made to both data and inodes, journaling filesystems keep track only of inode changes.
Well, roughly and generally (and possibly somewhat innacurately), a journaling filesystem is one that writes its data in such a way as, should a crash or power failure or similar event occur, the disk is left in a runnable state and there should be no data loss beyond a possible loss of the changes that were being written to a file. A consequence of journaling is that in such events, since the filesystem does not need fixing after a crash, a machine using it for a really huge disk can restart far more quickly than would be required if a fsck had to be run across an entire filesystem, as happens with ext2.
FWIW, Alan Cox did mention that he was considering merging reiserfs in with the stable kernel -- it was in the fairly short list of big-thing additions in the "maybe" pile. It would be nice to see it get into the stable tree, assuming that it's sufficiently rock-like to permit it.
Presumably by now the CVS archive has been checked out thousands of times today -- openprojects had a fairly nice CVS server, IIRC, and the code is small. Presumably whoever moved against the authors was trying to stop dissemination, but the code escaped -- like the Australian rabbit retention fence, there were already rabbits on both sides of the fence, and an attack by the movie industry just makes it spread faster.
There is little to fear -- the fact that the industry went after the authors already suggests that they're archeologically ignorant of how an information network functions. Before they made their stupid attack, there were perhaps a hundred copies of the source. Now there are thousands, spreading all over with an O(n^2) growth surface area, and they'll never be able to catch them all (my copies are in two secured machines far enough apart that a strategic nuclear warhead couldn't get them both, and no paper trail -- some friendly overseas mirrors would help, though).
If it does come to a court case against the linux-dvd authors, though, it would be great to see organized OSS community resistance -- legal defense funds, PR/letter efforts, source-code T-shirts and such stuff. As the OSS community grows in scope, it will naturally tend to come in contact with more legal pigheadedness, and it would be useful to have some sort of organized defenses (conventional and guerilla types) to cope with an attack.
True enough -- vendor response to security problems has historically been pitiful. Though in this case, I have to wonder whether it would have been desirable -- had CSS not been broken, but instead quietly reported and fixed, DVD would still be closed, the vendors would still be dragging their coattails through high-nosed proprietary BS, and work would have continued on breaking the new revision. That's assuming it was fixable, since lots of DVDs and players have shipped, and any adjustments would have to sustain backwards compatibility.
The security research ethic as taught in universities is that you tell the vendor and give them time to ship a fix before a vulnerability becomes common knowledge, but if the vendor doesn't produce a fix (as they often don't), full-disclosure is among the available options.
Which comes to the other point, namely that the movie industry liked DVD largely because it was (a) somewhat more desirable for consumers while costing less to manufacture, and (b) closed, and therefore subject to more control over how it moved -- like how most players don't allow you to skip over the usual copy-this-and-die FBI warning at the beginning, and some don't allow skipping of the various logos at the beginning. By and large, the computer community had no interest in letting it remain closed (we've been trying to reverse-engineer it all this time, remember), and has never based itself on the potential profit to be made by already greedy conglomerates.
And, based on the coverage sofar, the security on CSS was a poor engineering job -- as tends to happen to closed security systems. 40 bit keys don't work anymore, and in general, anyone who designs a security system without adequate consideration of the factors deserves what happens.
One possibility is that the music industry will try to distance itself from DVD, but I doubt it, unless they have some unannounced alternative up their sleeves (DVD2? Same thing plus a firmware "upgrade" to the players?), the alternative is VHS, which is much easier to copy than DVD, though harder to make a new master in a counterfeit manufactury.
I'd speculate that in 1-3y bandwidth will have gotten to where VOMs can be moved around the way MP3s are now, and it will continue to have a negligible effect on industry earnings, and we'll hear tons of whining from the movie industry. Then Microsoft will put out Microsoft Video System, which will itself get cracked in a few days, and then there will be sardonic laughter. insuff des
Linuxgames also ran a brief posting: mitch pointed out that Creative not only released the source code to their SB Live! drivers, but also the source to their dxr2 DVD decoder drivers. The source can be found in the same place as the SB Live! source, at opensource.creative.com. Better and better.
Tempting as the idea is to use a net-election as an equalizer, we haven't yet learned how to run an impartial online poll. It's been repeatedly illustrated that the kind of polls that are most widely accessible to people (CGI-based web-hosted ones) are also grossly easy to ballot-stuff the results. Somewhat more secure polling methods have far smaller potential voting bodies. Even the web, which does provide a data conduit to a lot of people, would demographically distort in favor of those who have such access (underdeveloped nations would be underrepresented, e.g. the ones getting their domain names plundered). Beyond that, an online vote would be distorted by exposure -- as the effect of slashdot readers on straw polls has repeatedly shown. Likewise language -- have a vote in English, you'll sway in favor of the English-speaking parts of the world. Have a multilingual vote and the vote will favor the language on the front page. Have a multilingual vote with every language represented in random order, and you'll get a result biased in favor of regions with faster net connections. Half of the users of the web can't figure out how to fill out a form, much less think about what they're putting down ("elect esther dyson, she gives good porn pix me too"). And so forth.
Rather cynical, actually. None of that is to say that the votes presently conducted out there in the Real World are any less distorted -- probably worse, look at the goobers who keep getting elected because they got media attention and money.
I'd suggest Bastille Day, which would be quite apropriate, except that I don't want to wait until next July.
On July 14, 1789, the storming of the Bastille immediately became a symbol of historical dimension; it was proof that power no longer resided in the King as God's representative, but in the people, in accordance with the theories developed by their philosophers of the eighteenth century. On July 16th, the Revolution had succeeded. The storming of the Bastille symbolizes, for all citizens of France, liberty, democracy and the struggle against all forms of oppression.
A good holiday. We won't get to use it for 2.4, but I'd like to see some really hoopy OSS thing come out then, unless one already has and I've missed it.
Oh, that should definitely be cited in the article. "The difficulty with intrusion detection is the prospect of compromise to those components of the system necessary to detect the intrusion to begin with," said I.L. Milne, an expert at Purdue University's research center. Added one Slashdot reader on the topic, "First post."
I rather wonder to what degree this sort of thing is due to some excess quantity of (h|cr)acker types in Russia and how much is due to the relatively poor state of computer security in much of the eastern and third world. Less money, older technology, less security information readily available, fewer trained security people, lesser availability of systems leading to less experienced userbase, that kind of thing. A great many of the security attacks I've seen have involved second- and third-world staging points, I presume largely for that reason (I fondly remember one from Chile in particular).
IIRC, Gibson proposed something of this nature in
Count Zero
, where a jockey realized that old silicon (with poor security) never dies, and that much of it had wound up in cash-starved nations in Africa; he staged a mass attack against entire African nations, made off with a lot of ill-protected money, and triggered mass famine and governmental collapse, that kind of thing.
Though I'm willing also to concede that the East just has a large (cr|h)acker population -- as Linus has pointed out (on why Linux got done and why complex tech things happen in unlikely European nooks), "the winters are long and dark.":)
Curiously, in this entertaining piece of PR, they cite Nasdaq as a supporting example of how wonderful NT is. Right next to a section on how much better NT's security is purported to be. Recall how last week Nasdaq got hacked through a hole in IIS? Golly.
I have to wonder how clearly they thought this thing through.
True, most manager-people would probably prefer a single huge package that fixed everything. It'd be a misnomer, since huge fixes never fix everything (any more than lots of little fixes do, though those can achieve better granularity). But the people who do the work wouldn't need to apply 21 different updates, unless they were running all of the packages needing upgrades -- that's part of why upgrades published on a per-package basis works out well -- if you need to upgrade crond, the fix is about 500k and just fixes cron. If all you're running is crond, then 500k later it's fixed. A typical MS Service Pack is huge, and contains a ton of things which may or may not have needed replacing. Moreover, because the MS service packs are so wide-ranging, they require a greater quantity of more difficult testing to validate that it works. With an apache update, say, you know what to test.
However, in deference to the long expertise of corporate IT managers, I hereby propose the following Industry Standard for Manageable Updates. Call it the RedHat Service Pack specification. I expect to see it hailed as a wonder of technological innovation and a great leap forward for the Linux communiy in providing security management:
Packaging (this part is proprietary, you don't need to even see it. avert your eyes):
ls *rpm | sed 's/^/rpm -Uvh/' > UPDATE.sh
tar cvf RH-SP3.TAR UPDATE.sh *.rpm
I expect news of this great manageability innovation to be trumpeted throughout the tech news industry. It should be referenced in the sales pages for Maximum RPM, but may require a separate publication of its own to explain this great technology to the world, especially the technology press.
The vagaries of press organizations is still curious. Yesterday ZDnet was running an article claiming that if Linux wanted entry into the enterprise market, it would have to make its security updates more "manageable." Today they posted this article under the section heading of "Enterprise Linux."
Agreed -- recall ZDNet's stated rationale (or rationalization) for not installing any of the updates: "The hackpcweek.com test was not meant to be easy but was meant to be practical and to reflect the habits of corporate IT."
Which presumably doesn't mean that they believe corporate IT to be a bunch of ignorant layabouts, but if I were a corporate IT person, and a reader of their publication, and also in the slightest bit competent with Linux, I'd be insulted. Perhaps they don't grasp the significance of a discrete package upgrade -- something MS has never really gone for. Root compromise hole in crond? Well, upgrade crond -- redhat publishes the bloody rpm -Uvh... command to do that in every security advisory. It's a different methodology -- we usually have one upgrade package per main package -- and that, in the UNIX scheme of things, makes vastly more sense than clobbering all our package management systems (far superior to that offerred by poor NT) in favor of what they call "[making] fixes available in a more manageable manner."
ZD didn't do enough research while orchestrating this PR stunt, I suspect. Bring on the derision. ):
Yes, there is -- they're calling it the RedHat Update Agent, and its main job seems to be to perform RPM upgrades automatically as they become available. It's hardly new, and if ZDnet had done any research (they read the HOWTOs, and Apache's security docs, and ignored the rest), they might have found it. AutoRPM has been in common usage for quite a while now -- it's a nifty little app that picks up the updates from FTP, NFS mount, etc., checks the PGP signatures, and installs the upgrades, then notifies you that it happened so you can check its work. Closes the vulnerability gap a bit.
You betcha. The US taxpayers shelled out an inordinate amount of money a while back to upgrade them to MS Exchange 5, I think it is (from one version down), because flaws in the old version were killing the system.
Not to say automatically that a UNIX box could have handled it better (the implication is sufficient), but it does point out some things, most of which have already been elucidated here, and which will likely be further so once the Exchange/sendmail/qmail/exim/cheeseburger brigates start having at it.
Unfortunately, I suspect that the PR mess may be handled as a "regrettable abuse of government computing resources" and overlook completely that it's happening to the whole network.:)
Most Congressbots have aides whose jobs include summarizing the opinions in their email, as with postal and telephone contacts -- those that don't throw the email away automatically, anyway. Presumably they can't filter their mail, lest some hapless Citizen's Heartfelt Feedback be lost, so I wonder how the summaries go. "450 letters in favor of the new social security reform bill," "275 urging cutting defense spending for this year's budget, 16 notes praising your passage of Yoghurt Appreciation Week, and 520 offers for free porn site passwords, email lists and html programming classes."
Slashdot Mirror
(source: the PC Week humor and Q&A columnist, about a month ago)
I like it. It's coming along great. We're going to owe the Mozilla coders beer for pretty much the rest of their natural lives if they get this thing out the door.
Less structurally sound versions are those where the little feet on the underside of the seat (the ones that raise the seat 0.25" or so off the surface of the porcelain, useful for being able to easily raise the seat amongst other features) are replaced with much taller versions -- those with a knowledge of physics will recognize that this isn't nearly as structurally sound as the solid described above, and lateral force (such as leaning sideways searching for toilet paper) would have a much better chance of breaking the feet off, with the attendant potential for injury.
The flight simulator in Excel comes to mind also.
One conceivable reason for the over-18 stipulation has to do with the legal binding in the EULA -- since for the most part minors aren't (legally) considered capable of making any decisions, having them click a button agreeing to a license agreement doesn't necessarily make the EULA binding as it would be with an adult.
IOW, the American government's approach to dealing with minors sucks, as if that point needed any more reinforcement.
As it happens, there really is a company based around blue-green algae which announced its IPO fairly recently. The company's called Cell Tech, it's based in Oregon (I think), and gets most of its sales from network marketing (a fairly common recourse for companies that need a substantial sales volume and have nowhere near the capital necessary to foment a desire for their products). Mostly they make nutritional supplements based on the algae. They send some to improverished countries who have disease problems related to general malnutrition. The people I've encountered who were into it were a fairly nice lot, if a little scary from their extreme level of interest in a single cyanobacteria.
You betcha. Radio Shack and MS -- they deserve one another. :)
I've been known to be a bit perjorative about these things, but legitimacy is one of the last things I'd ascribe to the emissions of hotmail, and most services like it.
Well, roughly and generally (and possibly somewhat innacurately), a journaling filesystem is one that writes its data in such a way as, should a crash or power failure or similar event occur, the disk is left in a runnable state and there should be no data loss beyond a possible loss of the changes that were being written to a file. A consequence of journaling is that in such events, since the filesystem does not need fixing after a crash, a machine using it for a really huge disk can restart far more quickly than would be required if a fsck had to be run across an entire filesystem, as happens with ext2.
FWIW, Alan Cox did mention that he was considering merging reiserfs in with the stable kernel -- it was in the fairly short list of big-thing additions in the "maybe" pile. It would be nice to see it get into the stable tree, assuming that it's sufficiently rock-like to permit it.
There is little to fear -- the fact that the industry went after the authors already suggests that they're archeologically ignorant of how an information network functions. Before they made their stupid attack, there were perhaps a hundred copies of the source. Now there are thousands, spreading all over with an O(n^2) growth surface area, and they'll never be able to catch them all (my copies are in two secured machines far enough apart that a strategic nuclear warhead couldn't get them both, and no paper trail -- some friendly overseas mirrors would help, though).
If it does come to a court case against the linux-dvd authors, though, it would be great to see organized OSS community resistance -- legal defense funds, PR/letter efforts, source-code T-shirts and such stuff. As the OSS community grows in scope, it will naturally tend to come in contact with more legal pigheadedness, and it would be useful to have some sort of organized defenses (conventional and guerilla types) to cope with an attack.
The security research ethic as taught in universities is that you tell the vendor and give them time to ship a fix before a vulnerability becomes common knowledge, but if the vendor doesn't produce a fix (as they often don't), full-disclosure is among the available options.
Which comes to the other point, namely that the movie industry liked DVD largely because it was (a) somewhat more desirable for consumers while costing less to manufacture, and (b) closed, and therefore subject to more control over how it moved -- like how most players don't allow you to skip over the usual copy-this-and-die FBI warning at the beginning, and some don't allow skipping of the various logos at the beginning. By and large, the computer community had no interest in letting it remain closed (we've been trying to reverse-engineer it all this time, remember), and has never based itself on the potential profit to be made by already greedy conglomerates.
And, based on the coverage sofar, the security on CSS was a poor engineering job -- as tends to happen to closed security systems. 40 bit keys don't work anymore, and in general, anyone who designs a security system without adequate consideration of the factors deserves what happens.
One possibility is that the music industry will try to distance itself from DVD, but I doubt it, unless they have some unannounced alternative up their sleeves (DVD2? Same thing plus a firmware "upgrade" to the players?), the alternative is VHS, which is much easier to copy than DVD, though harder to make a new master in a counterfeit manufactury.
I'd speculate that in 1-3y bandwidth will have gotten to where VOMs can be moved around the way MP3s are now, and it will continue to have a negligible effect on industry earnings, and we'll hear tons of whining from the movie industry. Then Microsoft will put out Microsoft Video System, which will itself get cracked in a few days, and then there will be sardonic laughter. insuff des
Linuxgames also ran a brief posting: mitch pointed out that Creative not only released the source code to their SB Live! drivers, but also the source to their dxr2 DVD decoder drivers. The source can be found in the same place as the SB Live! source, at opensource.creative.com. Better and better.
Rather cynical, actually. None of that is to say that the votes presently conducted out there in the Real World are any less distorted -- probably worse, look at the goobers who keep getting elected because they got media attention and money.
A good holiday. We won't get to use it for 2.4, but I'd like to see some really hoopy OSS thing come out then, unless one already has and I've missed it.
Oh, that should definitely be cited in the article. "The difficulty with intrusion detection is the prospect of compromise to those components of the system necessary to detect the intrusion to begin with," said I.L. Milne, an expert at Purdue University's research center. Added one Slashdot reader on the topic, "First post."
Ack. That was meant to be an underline. And now it's produced some <<bad HTML, too. Rob, save me.
IIRC, Gibson proposed something of this nature in
- Count Zero
, where a jockey realized that old silicon (with poor security) never dies, and that much of it had wound up in cash-starved nations in Africa; he staged a mass attack against entire African nations, made off with a lot of ill-protected money, and triggered mass famine and governmental collapse, that kind of thing.Though I'm willing also to concede that the East just has a large (cr|h)acker population -- as Linus has pointed out (on why Linux got done and why complex tech things happen in unlikely European nooks), "the winters are long and dark." :)
I have to wonder how clearly they thought this thing through.
However, in deference to the long expertise of corporate IT managers, I hereby propose the following Industry Standard for Manageable Updates. Call it the RedHat Service Pack specification. I expect to see it hailed as a wonder of technological innovation and a great leap forward for the Linux communiy in providing security management:
Packaging (this part is proprietary, you don't need to even see it. avert your eyes):
Installing:
I expect news of this great manageability innovation to be trumpeted throughout the tech news industry. It should be referenced in the sales pages for Maximum RPM, but may require a separate publication of its own to explain this great technology to the world, especially the technology press.
The vagaries of press organizations is still curious. Yesterday ZDnet was running an article claiming that if Linux wanted entry into the enterprise market, it would have to make its security updates more "manageable." Today they posted this article under the section heading of "Enterprise Linux."
Which presumably doesn't mean that they believe corporate IT to be a bunch of ignorant layabouts, but if I were a corporate IT person, and a reader of their publication, and also in the slightest bit competent with Linux, I'd be insulted. Perhaps they don't grasp the significance of a discrete package upgrade -- something MS has never really gone for. Root compromise hole in crond? Well, upgrade crond -- redhat publishes the bloody rpm -Uvh ... command to do that in every security advisory. It's a different methodology -- we usually have one upgrade package per main package -- and that, in the UNIX scheme of things, makes vastly more sense than clobbering all our package management systems (far superior to that offerred by poor NT) in favor of what they call "[making] fixes available in a more manageable manner."
ZD didn't do enough research while orchestrating this PR stunt, I suspect. Bring on the derision. ):
Yes, there is -- they're calling it the RedHat Update Agent, and its main job seems to be to perform RPM upgrades automatically as they become available. It's hardly new, and if ZDnet had done any research (they read the HOWTOs, and Apache's security docs, and ignored the rest), they might have found it. AutoRPM has been in common usage for quite a while now -- it's a nifty little app that picks up the updates from FTP, NFS mount, etc., checks the PGP signatures, and installs the upgrades, then notifies you that it happened so you can check its work. Closes the vulnerability gap a bit.
You betcha. The US taxpayers shelled out an inordinate amount of money a while back to upgrade them to MS Exchange 5, I think it is (from one version down), because flaws in the old version were killing the system.
Not to say automatically that a UNIX box could have handled it better (the implication is sufficient), but it does point out some things, most of which have already been elucidated here, and which will likely be further so once the Exchange/sendmail/qmail/exim/cheeseburger brigates start having at it.
Unfortunately, I suspect that the PR mess may be handled as a "regrettable abuse of government computing resources" and overlook completely that it's happening to the whole network. :)
Most Congressbots have aides whose jobs include summarizing the opinions in their email, as with postal and telephone contacts -- those that don't throw the email away automatically, anyway. Presumably they can't filter their mail, lest some hapless Citizen's Heartfelt Feedback be lost, so I wonder how the summaries go. "450 letters in favor of the new social security reform bill," "275 urging cutting defense spending for this year's budget, 16 notes praising your passage of Yoghurt Appreciation Week, and 520 offers for free porn site passwords, email lists and html programming classes."