What about Apache helicopters or M1 tanks, which are probably shown with much more accuracy in games, and are certainly larger and more obvious objects. Do they have to pay a license for these? If not, why for guns?
So you think it is ok to use "MSFT" even though *YOU* say it is "snarky". But for some reason "M$" is not ok, even though your argument basically is that it is "snarky". Right. The problem is pretty obvious: you think putting a symbol for currency into your beloved companies name is an insult and you will do anything you can to stop it. If it was just "snarky" or "childish" the best thing to do would be to ***IGNORE*** it, but you can't do that because you realize that the usage is not as uncommon as you desperately wish.
I also think it is interesting that your response said "Lunix" as an example of an equivalent. I assume you meant to say "Linsux" but it is pretty telling. A better equivalent would be calling Open Source "O$$", which might even be a sensible thing to use in cases where it is done for profit, either legitimately or in some underhanded way.
You can check my posting history and see that I use "Microsoft" all the time (I used to use "MicroSoft" because I thought that was correct but some incredibly irate person thought *that* was an insult!).
This is NOT "security through obscurity". The method is well documented (at least it is for Linux, and posts here have specified quite a few times without doubt that Window's version is somewhat better, which means that it must be documented just as well).
The fact that a random number is chosen to control the algorithm does not make it use "obscurity". Otherwise you could make the same claim about *every* for of encryption. I don't think there is any that work if the attacker knows the key.
The rest of your post is logical (though the Slashdot summary points out that this attack probably works on other operating systems, so your idea that this is not known here is pretty stupid).
However I find it fascinating how using "M$" leads to such rabid foaming spew as your first paragraph. I notice that is somebody says "microsuck" or says Bill Gates is Hitler, or some other obviously childish thing, nobody says anything. But if anybody *dares* to put a symbol used for money into an abbreviation for your darling company, you go completely nuts with endless repetitions of "you are being childish". If it really was childish then you would not have to say anything, so your diatribe shows you are desperate to make it true and don't really believe it.
The truth is that "M$" is the shortest way to write this that is not ambiguous and reads correctly. "MS" is the abbreviation for Mississippi, Multiple Sclerosis, Morgan Stanley (the official abbreviation!). And it reads as "miss", while "M$" reads to me as at least "msppp" which is a little closer to triggering the word "Microsoft" in my head.
You can say "childish" all you want but it does not make it so. Your saying this is proof that it isn't.
Yes you cannot steal information. However you can steal credit. It is called plagiarism. Yes, if I rip a copy of Metallica's album that is not stealing. If I somehow convince people that the result is my own band's work and not Metallica's, then that *is* stealing!
In any case the original post is silly. If Microsoft wanted to violate copyright on some GNU code, it does not matter whether they have done something to the app store to allow it to be put in there. In fact if anything this is the opposite, since before it would have been impossible to put software using GNU components into the app store without violating the copyright.
A tax on wealth instead of income.. isnt that what the liberals wanted?
Perhaps a *progressive* tax on wealth, which property taxes certainly are not!
IMHO income and transaction taxes are better. Property tax means that you don't really own the taxed property (if you had no income and your only asset was the taxed property, you would be forced to sell it to pay the tax). But I can't figure out any way to make transaction taxes progressive, so we are left with income taxes (the "flat tax" proposes a refund to make it progressive, but the proposers of that don't realize that this refund would be a government give-out program about 100 times bigger than all the present-day entitlement programs, with amazing amounts of graft, corruption, and loopholes).
Same thing in Los Angeles. Take a look at a map of the few light rail lines that are built. The one going west (the green line) gets almost to the airport, then takes a sharp turn away, as though it was repelled by some anti-rail-line field. It is ridiculous.
Windows does boot, but code depending on decryption keys from the hardware does not work. Currently little or no code does this, but a practical thing to make work is encrypted storage. However I do expect the first use of this is DRM applications refusing to work, which will be annoying, and misleading people into believing this actual feature is just another bad customer-hating thing from Microsoft.
I think the whole argument is that whether you can add keys depends on the computer manufacturer. It sounds like the majority only have the ability to turn secure boot off. And on ARM Microsoft has explicitly said that this is not allowed at all, even though the ability to add keys (as I have been trying to point out) does not compromise the signed copy of Windows in any way.
The GetVariable() call returns a decryption key that the hardware calculated. If secure boot is turned off then it returns the wrong value. Your patched version cannot return the correct value because you do not know it.
Actually the "value" is the state of the decryption chip, not anything that can be read. Either you have to get the decryption chip into the same state (supposedly impossible unless you know the master key, which would just let you sign a bad copy of Windows anyway), or you would have to find a *lot* of bugs in Windows to exploit to read and save all the decrypted data and then patch it so every attempt to decrypt returns the right data.
When you turn off secure boot, Windows DOES NOT BOOT! It cannot because it will not see correct decoding keys read from the hardware. The virus cannot do much other than brick the machine, which it can do already in a much worse way by modifying a file so Windows refuses to boot whether or not secure boot is on.
The more useful feature that RMS really should insist on is that the user can add their own keys. But all this means is that you can boot either Windows or Linux without having to change the bios setting, and Linux can also take advantage of secure boot features. It does not mean that Windows can be patched by the virus (as the user's key is not useable to re-sign it as it will check that it was signed by a Microsoft key). Also means Linux cannot be patched by the virus either, provided the users put the signing key somewhere the virus cannot find it.
It will not be able to set a decoding key that the following code needs, so no the following code will not work. It does not just do an if statement, it expects to read a decoding key from a piece of hardware and use that to decode parts of the system.
The unsigned or differently-signed bootloader is not able to load Windows, because it will leave the machine in a different state that Windows will refuse to load from (ie wrong keys produced by the hardware). So such bootloaders are pretty limited. I could imagine a *huge* piece of Malware that is an entire copy of Windows but the user will lose any personal data stored on the disk in secure encrypted directories so this may be easily noticed, especially if Microsoft defaults to this encryption (which perversely would be in their interest as anybody converting a machine to dual-boot would have to turn off the encryption on any data that they want Linux to be able to read from the Windows partition).
So the ability to install arbitrary bootloaders does not seem like a problem to me.
There are also a lot of cases of people going across the border to receive drug treatments in the US for drugs that while legal in Canada, are not on the approved drug list for certain conditions so are not covered for use.
Can you explain this? I would understand avoiding a wait but you already described this in a previous sentence.
It seems unlikely there is any way the Canadian health service will cover the cost of the drug in the US that it won't cover in Canada. So it would be full price in both countries, so I don't see how going into the US would save money. Possibly it is a drug that is not available at all in Canada even if not covered? But my understanding is that there are far more drugs available in Canada than the US as the FDA has stricter regulations.
As far as the ATF is concerned, an AR-15 lower receiver is a gun because it is the part of the gun that is serialized.
Why is this? It seems like the serial number should be attached to some more important part of the gun, like the barrel? Especially since the barrel leaves rifling marks that are used to identify weapons. I would also suspect the barrel is going to be the last part to be 3D printed (not because of materials but because of the need to make it have a very straight hole and the ease of doing this with traditional machining). Or put a serial number on all the major parts?
In his example the bettor trying to make money has to put 5x as large of a bet on the capped market than he puts on the uncapped market, thus making the limit far smaller on the uncapped market. Couldn't this make the arbitrage betting so inefficient, or even impossible (if the smaller amount falls below the minimum unit you can bet) that in fact the markets can remain with different odds?
You did not understand what he is arguing. He is saying, exactly like you are, that the disparity would self-correct and make the two markets have equal odds.
The problem he is arguing is that if one of those markets is not doing something to prevent manipulation, then because of the self-correction that manipulation will actually spread to all markets. including ones trying to prevent it with things like caps.
In West Los Angeles. Three districts voting in same building, for some reason my line was short but the others long. They use the ink-dot paper ballot. I voted very quickly because I already marked the booklet with my votes and they line up and are easy to copy to the real ballot. If you are paranoid, check the number of one of the black dots after you remove the ballot from the machine to see if it is one of the numbers you voted for, to make sure the ballot was mounted in the machine correctly. It is then inserted into a reader that checks for correct marks (no over votes) and into the box. I have been told this machine is not doing the counting, just checking, and the ballots are machine-scanned for counting later.
Only interesting thing was that a woman in front of me was ejected for wearing an Obama t-shirt. However I think she turned it inside-out and was back in right behind me and I'm pretty certain allowed to vote.
What about the MotoBlur interface? Especially on the pre-Android phones (I have a Moto Android phone and have disabled all the main-screen tiles, but it sure seems like that is what they were).
No the problem with XDBE is that it was designed for on-screen clipped windows. The back buffer is assumed to be clipped by overlapping windows. This added a *lot* of crap to link the two buffers permanently together and it appears it is such a mess that the implementation is slower even when this is not needed. Two unrelated buffers with a blt between them is pretty much the best you can do with the X api. Wayland lets the client tell the server to just "use" the new buffer, eliminating the unnecessary blt.
Your idea to eliminate the async window borders will not work. X does not have any method for the client to tell which window resize event it is responding do so the wm cannot tell if it is drawing the borders around the correct window contents. No number of double or triple buffers is ever going to fix it. A fix that would work and fit with how X11 is to add an api so the wm just tells the client what size it wants the window to be but it is the client's job to resize the window, plus a "I am done drawing" message from client to wm. Then the wm could use the size of the window to figure out how big to draw the borders. Still a pain in the ass as the wm may be resizing and thus has to still keep track of the "desired" window size which will be different than the "current" window size. Also there is a latency problem in that the wm has to wait for the "I am done drawing" message from the client before starting to draw the window borders.
If you have ever tried to get the window decorations to be "correct" (such as reliably knowing if there will be a close box so you can avoid having another method of closing the window) you would know just how much of an incredible horror server-side decorations are. Apparently you have not done this or just given up.
No, XDBE is slower than making a pixmap, drawing to that, and copying to the main window, at least on XOrg. I know because I had to delete all uses of XDBE from fltk because it was slower.
The protocol or the xorg implementation? If the latter, then there's no reason to nuke the protocol and all its advantages.
I suspect the implementation, not the protocol. It seems like it would be trivial to add a "flush drawing" op (for back compatibility it must be called once, otherwise the server has to flush after every draw). Another more tricky but workable solution is to make it do this internally when XNextEvent is called.
Not with coompositing window, it's not a problem.
It is possible to avoid, but very wasteful, even for compositing window managers. Basically you have to have 2 copies of both the window border and contents and you cannot switch to the new ones until you are certain that both have been updated. Another option is for the compositing wm to defer *all* updates of the screen until it is known that all resized windows have both the contents and border redrawn, though this allows bad clients to block updates to the screen.
In Wayland the client draws both the contents and border into it's own buffer and the sending of that buffer pointer to the server is the "I am done" indicator. The server never even sees a partially-updated window. This is why it will be much cleaner and faster.
Slashdot Mirror
What about Apache helicopters or M1 tanks, which are probably shown with much more accuracy in games, and are certainly larger and more obvious objects. Do they have to pay a license for these? If not, why for guns?
So you think it is ok to use "MSFT" even though *YOU* say it is "snarky". But for some reason "M$" is not ok, even though your argument basically is that it is "snarky". Right. The problem is pretty obvious: you think putting a symbol for currency into your beloved companies name is an insult and you will do anything you can to stop it. If it was just "snarky" or "childish" the best thing to do would be to ***IGNORE*** it, but you can't do that because you realize that the usage is not as uncommon as you desperately wish.
I also think it is interesting that your response said "Lunix" as an example of an equivalent. I assume you meant to say "Linsux" but it is pretty telling. A better equivalent would be calling Open Source "O$$", which might even be a sensible thing to use in cases where it is done for profit, either legitimately or in some underhanded way.
You can check my posting history and see that I use "Microsoft" all the time (I used to use "MicroSoft" because I thought that was correct but some incredibly irate person thought *that* was an insult!).
This is NOT "security through obscurity". The method is well documented (at least it is for Linux, and posts here have specified quite a few times without doubt that Window's version is somewhat better, which means that it must be documented just as well).
The fact that a random number is chosen to control the algorithm does not make it use "obscurity". Otherwise you could make the same claim about *every* for of encryption. I don't think there is any that work if the attacker knows the key.
The rest of your post is logical (though the Slashdot summary points out that this attack probably works on other operating systems, so your idea that this is not known here is pretty stupid).
However I find it fascinating how using "M$" leads to such rabid foaming spew as your first paragraph. I notice that is somebody says "microsuck" or says Bill Gates is Hitler, or some other obviously childish thing, nobody says anything. But if anybody *dares* to put a symbol used for money into an abbreviation for your darling company, you go completely nuts with endless repetitions of "you are being childish". If it really was childish then you would not have to say anything, so your diatribe shows you are desperate to make it true and don't really believe it.
The truth is that "M$" is the shortest way to write this that is not ambiguous and reads correctly. "MS" is the abbreviation for Mississippi, Multiple Sclerosis, Morgan Stanley (the official abbreviation!). And it reads as "miss", while "M$" reads to me as at least "msppp" which is a little closer to triggering the word "Microsoft" in my head.
You can say "childish" all you want but it does not make it so. Your saying this is proof that it isn't.
Anybody unable to tell the difference between making a copy of a Metallica album, and claiming you wrote and performed that copy, is a troll.
Yes you cannot steal information. However you can steal credit. It is called plagiarism. Yes, if I rip a copy of Metallica's album that is not stealing. If I somehow convince people that the result is my own band's work and not Metallica's, then that *is* stealing!
In any case the original post is silly. If Microsoft wanted to violate copyright on some GNU code, it does not matter whether they have done something to the app store to allow it to be put in there. In fact if anything this is the opposite, since before it would have been impossible to put software using GNU components into the app store without violating the copyright.
A tax on wealth instead of income.. isnt that what the liberals wanted?
Perhaps a *progressive* tax on wealth, which property taxes certainly are not!
IMHO income and transaction taxes are better. Property tax means that you don't really own the taxed property (if you had no income and your only asset was the taxed property, you would be forced to sell it to pay the tax). But I can't figure out any way to make transaction taxes progressive, so we are left with income taxes (the "flat tax" proposes a refund to make it progressive, but the proposers of that don't realize that this refund would be a government give-out program about 100 times bigger than all the present-day entitlement programs, with amazing amounts of graft, corruption, and loopholes).
Or "Apollo-Domain-Like".
Same thing in Los Angeles. Take a look at a map of the few light rail lines that are built. The one going west (the green line) gets almost to the airport, then takes a sharp turn away, as though it was repelled by some anti-rail-line field. It is ridiculous.
Windows does boot, but code depending on decryption keys from the hardware does not work. Currently little or no code does this, but a practical thing to make work is encrypted storage. However I do expect the first use of this is DRM applications refusing to work, which will be annoying, and misleading people into believing this actual feature is just another bad customer-hating thing from Microsoft.
I think the whole argument is that whether you can add keys depends on the computer manufacturer. It sounds like the majority only have the ability to turn secure boot off. And on ARM Microsoft has explicitly said that this is not allowed at all, even though the ability to add keys (as I have been trying to point out) does not compromise the signed copy of Windows in any way.
I think it is pretty funny that when I defend Microsoft's design as actually working, you claim I am "giving in to FUD from the FSF".
I guess this shows what "high uid folks" are like.
The GetVariable() call returns a decryption key that the hardware calculated. If secure boot is turned off then it returns the wrong value. Your patched version cannot return the correct value because you do not know it.
Actually the "value" is the state of the decryption chip, not anything that can be read. Either you have to get the decryption chip into the same state (supposedly impossible unless you know the master key, which would just let you sign a bad copy of Windows anyway), or you would have to find a *lot* of bugs in Windows to exploit to read and save all the decrypted data and then patch it so every attempt to decrypt returns the right data.
When you turn off secure boot, Windows DOES NOT BOOT! It cannot because it will not see correct decoding keys read from the hardware. The virus cannot do much other than brick the machine, which it can do already in a much worse way by modifying a file so Windows refuses to boot whether or not secure boot is on.
The more useful feature that RMS really should insist on is that the user can add their own keys. But all this means is that you can boot either Windows or Linux without having to change the bios setting, and Linux can also take advantage of secure boot features. It does not mean that Windows can be patched by the virus (as the user's key is not useable to re-sign it as it will check that it was signed by a Microsoft key). Also means Linux cannot be patched by the virus either, provided the users put the signing key somewhere the virus cannot find it.
It will not be able to set a decoding key that the following code needs, so no the following code will not work. It does not just do an if statement, it expects to read a decoding key from a piece of hardware and use that to decode parts of the system.
The unsigned or differently-signed bootloader is not able to load Windows, because it will leave the machine in a different state that Windows will refuse to load from (ie wrong keys produced by the hardware). So such bootloaders are pretty limited. I could imagine a *huge* piece of Malware that is an entire copy of Windows but the user will lose any personal data stored on the disk in secure encrypted directories so this may be easily noticed, especially if Microsoft defaults to this encryption (which perversely would be in their interest as anybody converting a machine to dual-boot would have to turn off the encryption on any data that they want Linux to be able to read from the Windows partition).
So the ability to install arbitrary bootloaders does not seem like a problem to me.
Did they add strlcpy and strlcat?
Is it possible for the search to return things other than local files?
IMHO if it really cannot return anything other than local files, then it certainly should never send the search information out.
If, as I suspect, it is trying to return a search of both the web and local files then it has to send the info out.
It would be nice if there was an obvious way to say "only look at local files" but the lack of that is not as nefarious as RMS makes it out to be.
There are also a lot of cases of people going across the border to receive drug treatments in the US for drugs that while legal in Canada, are not on the approved drug list for certain conditions so are not covered for use.
Can you explain this? I would understand avoiding a wait but you already described this in a previous sentence.
It seems unlikely there is any way the Canadian health service will cover the cost of the drug in the US that it won't cover in Canada. So it would be full price in both countries, so I don't see how going into the US would save money. Possibly it is a drug that is not available at all in Canada even if not covered? But my understanding is that there are far more drugs available in Canada than the US as the FDA has stricter regulations.
As far as the ATF is concerned, an AR-15 lower receiver is a gun because it is the part of the gun that is serialized.
Why is this? It seems like the serial number should be attached to some more important part of the gun, like the barrel? Especially since the barrel leaves rifling marks that are used to identify weapons. I would also suspect the barrel is going to be the last part to be 3D printed (not because of materials but because of the need to make it have a very straight hole and the ease of doing this with traditional machining). Or put a serial number on all the major parts?
In his example the bettor trying to make money has to put 5x as large of a bet on the capped market than he puts on the uncapped market, thus making the limit far smaller on the uncapped market. Couldn't this make the arbitrage betting so inefficient, or even impossible (if the smaller amount falls below the minimum unit you can bet) that in fact the markets can remain with different odds?
You did not understand what he is arguing. He is saying, exactly like you are, that the disparity would self-correct and make the two markets have equal odds.
The problem he is arguing is that if one of those markets is not doing something to prevent manipulation, then because of the self-correction that manipulation will actually spread to all markets. including ones trying to prevent it with things like caps.
In West Los Angeles. Three districts voting in same building, for some reason my line was short but the others long. They use the ink-dot paper ballot. I voted very quickly because I already marked the booklet with my votes and they line up and are easy to copy to the real ballot. If you are paranoid, check the number of one of the black dots after you remove the ballot from the machine to see if it is one of the numbers you voted for, to make sure the ballot was mounted in the machine correctly. It is then inserted into a reader that checks for correct marks (no over votes) and into the box. I have been told this machine is not doing the counting, just checking, and the ballots are machine-scanned for counting later.
Only interesting thing was that a woman in front of me was ejected for wearing an Obama t-shirt. However I think she turned it inside-out and was back in right behind me and I'm pretty certain allowed to vote.
What about the MotoBlur interface? Especially on the pre-Android phones (I have a Moto Android phone and have disabled all the main-screen tiles, but it sure seems like that is what they were).
No the problem with XDBE is that it was designed for on-screen clipped windows. The back buffer is assumed to be clipped by overlapping windows. This added a *lot* of crap to link the two buffers permanently together and it appears it is such a mess that the implementation is slower even when this is not needed. Two unrelated buffers with a blt between them is pretty much the best you can do with the X api. Wayland lets the client tell the server to just "use" the new buffer, eliminating the unnecessary blt.
Your idea to eliminate the async window borders will not work. X does not have any method for the client to tell which window resize event it is responding do so the wm cannot tell if it is drawing the borders around the correct window contents. No number of double or triple buffers is ever going to fix it. A fix that would work and fit with how X11 is to add an api so the wm just tells the client what size it wants the window to be but it is the client's job to resize the window, plus a "I am done drawing" message from client to wm. Then the wm could use the size of the window to figure out how big to draw the borders. Still a pain in the ass as the wm may be resizing and thus has to still keep track of the "desired" window size which will be different than the "current" window size. Also there is a latency problem in that the wm has to wait for the "I am done drawing" message from the client before starting to draw the window borders.
If you have ever tried to get the window decorations to be "correct" (such as reliably knowing if there will be a close box so you can avoid having another method of closing the window) you would know just how much of an incredible horror server-side decorations are. Apparently you have not done this or just given up.
XDBESwapBuffers seems up to the task
No, XDBE is slower than making a pixmap, drawing to that, and copying to the main window, at least on XOrg. I know because I had to delete all uses of XDBE from fltk because it was slower.
The protocol or the xorg implementation? If the latter, then there's no reason to nuke the protocol and all its advantages.
I suspect the implementation, not the protocol. It seems like it would be trivial to add a "flush drawing" op (for back compatibility it must be called once, otherwise the server has to flush after every draw). Another more tricky but workable solution is to make it do this internally when XNextEvent is called.
Not with coompositing window, it's not a problem.
It is possible to avoid, but very wasteful, even for compositing window managers. Basically you have to have 2 copies of both the window border and contents and you cannot switch to the new ones until you are certain that both have been updated. Another option is for the compositing wm to defer *all* updates of the screen until it is known that all resized windows have both the contents and border redrawn, though this allows bad clients to block updates to the screen.
In Wayland the client draws both the contents and border into it's own buffer and the sending of that buffer pointer to the server is the "I am done" indicator. The server never even sees a partially-updated window. This is why it will be much cleaner and faster.