That statement is only true if 'people' == 'developers compentent enough to maintain kernel code'.
Or people who can hire or persuade such developers.
If Linux is to gain widespread acceptance, then for 99.9%+ percent of the population, it will be equally difficult to remove an easter egg from the Linux kernel as is to remove the flight simulator from Microsoft Excel.
99.9% of mainstream users will be unable to change the source directly, true. But follow the math here: if as few as 1,000 people want something changed, and 99.9% of them can't do it, that leaves one who can. Meanwhile, many of the other 999 will be bitching about it in various fora, which will probably influence others, especially if they have a legitimate complaint.
Also, I would expect a certain positive correlation between inclination to be annoyed at a misfeature, and ability to do something about it. So I think your 99.9% figure is high.
It is also at least possible for many sufficiently motivated people to learn how to program and influence an open project they care about. In any case, 99.9% unable to change open software is certainly better than 100% unable to change closed software.
I believe it is the development paradigm you are espousing here that is one of the largest roadblocks to mainstream acceptance - you've implicitly excluded the large majority of the 'people' who could be using Linux, without even noticing that you did.
Given that most people can't program, can you suggest an alternative paradigm that would increase participation?
Finally, it must be said: people who have paid for software, and are forbidden to fix it themselves (or hire someone to fix it), have legitimate cause for complaint if their vendor doesn't fix it for them. People who have gotten software for free, and are free to change it in any way they like, have no claim at all on the developers. "If it breaks, you get to keep both pieces."
Well, it is optional, but as a gedankenexperiment, let's suppose it weren't. If something gets into the kernel (or any other open project), it's because people want it there. If it isn't made optional, and no one forks a version without it, it's because not enough people dislike it enough.
Contrast this with the flight simulator in Excel. It went in because some people at Microsoft wanted it, and it won't come out because no one else can make that decision. It would take a major effort by millions of irate customers to make Microsoft take it out; it just wouldn't be worth their while for less. Hell, the irate customers can't even make them fix real bugs. It's all they can do to make them fix security holes (sometimes *cough* Outlook *cough*). And now Microsoft wants people to shut up about the security holes. It's too much trouble for them. Why are you people bothering us about security? Can't you see we're busy writing the next version to take another billion from you?
Hmm, that transformed in midstream from an essay on development paradigms to an anti-MS rant. I must be in Slashdot:)
Linus likes very small patches, everything broken down into little chunks of functionality. Alan is ok with bigger patches. What do you like and dislike in the patches people send you?
Disprovable?
on
God's Debris
·
· Score: 2, Insightful
I cannot think of a single statement in the book that can be proven incorrect.
Well, do you mean you applied tests to the statements and they were not disproved? Or do you mean there would be no possible way to disprove them? The latter case is called "nondisprovable" or "untestable". A theory that can't be tested is useless.
I used to think in those terms. Then it occurred to me that the U.S. is a nuclear power, and unlike the Soviet Union, it's not balanced by any other large nuclear power. If it goes all the way totalitarian, the rest of the world is fucked. So we'd damned well better keep it honest.
Any thoughts about possible future legal threats to Freenet, and technical / political / legal countermeasures? Speaking primarily from a U.S. perspective.
There are only 2^32 possible IP addresses under IPv4, so it wouldn't take very long. Now, if they appended a secret salt value before applying MD5, that would be another matter.
Well, that's me. Small home user. I already have things set up so everything I want to backup is in one place (or mirrored with scripts). I just run the script and copy the.bz2 to a floppy. 650 MB will greatly relieve the cramped feeling:) And I want a CD-R anyway for music and data transfer, so I may as well use it for backup instead of buying and finding room for a tape drive.
I suggest that the security community take Microsoft at their word. Don't publish exploits. In fact, don't even publish vulnerabilities. After all, merely knowing that a vulnerability exists makes a virus writer's job easier. Let Microsoft take all responsibility for their own security. Those who buy their software are paying them for a secure product. Why should unpaid third parties help Microsoft improve their products, especially when Microsoft complains about it?
I suggest that those with an interest in security focus their efforts on improving free software, where their contributions will be appreciated instead of condemned. If this results in free software becoming more secure, while Microsoft continues to wear brown paper bags, at least they will not be able to blame "information anarchy".
Re:He SHOULD care about the competition...
on
Torvalds Tells All
·
· Score: 1
Well, they could possibly mess things up, in the US, for a while. It wouldn't stand, and while I doubt Linus would want to pull up stakes and move back to Finland while we muddled through it, I think he probably would if Congress pulled something so boneheaded and kept him from using Linux.
Good point, but easily fixed. Just check for changes once an hour and copy any changed files to disk. Or, with a little more work, set things up so it acts as a write-through cache.
The use I was envisioning wouldn't involve a lot of changes anyway. Basically I just want a high-persistence cache. It would certainly make my current, five-year-old, P-133, 32 MB EDO beast a lot more usable. God, I want the new one now...
Three problems with that. First, the PC I am about to build will have 256 MB of PC-2100, which at $130/GB is not economical for this use. Second, I would have to copy the programs into the RAM disk after every reboot. Third, paying for software? Running Windows? Get real. I sometimes pay for distribution media but I haven't paid for software in years.
Well, yeah, at the high end RAM is about $50/gig, disk is less than 2. They're talking about the low end, a couple of gigs or less.
Re:He SHOULD care about the competition...
on
Torvalds Tells All
·
· Score: 1
Microsoft is in deadly competition with Linux, because Microsoft is in it for the money, and because Linux has great potential to weaken or destroy Microsoft's ability to make money.
Linus is not in any kind of competition with Microsoft, because Linus is in it for fun, and because Microsoft cannot do a single thing to weaken or destroy Linus' ability to have fun hacking the kernel. Linux companies have to worry about Microsoft. Linus doesn't.
Anyone who thinks Linus should be concerned about Microsoft's moves does not understand Linus. He is not a businessman, or a general, or a leader, or an ideologue, or a diplomat. He is a hacker. Try reading Kernel Traffic sometime, you'll see what I mean.
Sun Chairman and CEO Scott McNealy held a press conference today to warn corporate IT executives about the insidious, "Pac-Man-like" nature of the Intel x86 architecture. "Look at this!" he exclaimed, pointing to a chart. "The Intel architecture is gobbling up the entire computer market!"
Not being able to oblige the terrorists to use it is the very least of the govt's concern, because anybody not using it will just be easily spotted, which is in fact the whole interest:
It's not that simple. Let's say I'm a terrorist leader in the fictional nation of Fatwah. I have planted several agents in the U.S. They have not smuggled anything in except themselves and a memorized key phrase - one per agent, in case someone is caught.
Now, I want to send them some orders. So first, I post some illegal, no-backdoors crypto software on Usenet. The NSA notices this and is very incensed, but can do nothing. All they know is that someone, somewhere in the world, has posted this. Maybe they trace it back to Fatwah, but that's as far as they can go.
Meanwhile, my agents have downloaded everything in that newsgroup, and there's no way of telling who they are.
Over the next several weeks, I encrypt my orders and post them on Usenet. Same situation - they know someone's communicating, they don't know who the recipients are, they can't do a damned thing about it.
Each message contains instructions on how to reply, e.g., "To acknowledge receipt, post a message on alt.whatever at a certain time using certain words". My agents reply as instructed. No one else would have any clue that this is a terrorist communication.
Really, if terrorists want to communicate secretly, the only way to prevent it is to shut down the entire internet, and probably the entire phone network as well.
I notice you didn't mention Blowfish. It's been around for over ten years IIRC, and I'm not aware of any published attacks except against variants with a greatly reduced number of rounds. OpenBSD uses it for password hashing, which strikes me as a mark of quality. Yes, it takes a while to change keys (which is good from a brute-force attack standpoint), but once you do the precalculation it's nice and fast.
Slashdot Mirror
Repeat after me:
GNU General Public License.
GNU General Public License.
GNU General Public License...
Or people who can hire or persuade such developers.
If Linux is to gain widespread acceptance, then for 99.9%+ percent of the population, it will be equally difficult to remove an easter egg from the Linux kernel as is to remove the flight simulator from Microsoft Excel.
99.9% of mainstream users will be unable to change the source directly, true. But follow the math here: if as few as 1,000 people want something changed, and 99.9% of them can't do it, that leaves one who can. Meanwhile, many of the other 999 will be bitching about it in various fora, which will probably influence others, especially if they have a legitimate complaint.
Also, I would expect a certain positive correlation between inclination to be annoyed at a misfeature, and ability to do something about it. So I think your 99.9% figure is high.
It is also at least possible for many sufficiently motivated people to learn how to program and influence an open project they care about. In any case, 99.9% unable to change open software is certainly better than 100% unable to change closed software.
I believe it is the development paradigm you are espousing here that is one of the largest roadblocks to mainstream acceptance - you've implicitly excluded the large majority of the 'people' who could be using Linux, without even noticing that you did.
Given that most people can't program, can you suggest an alternative paradigm that would increase participation?
Finally, it must be said: people who have paid for software, and are forbidden to fix it themselves (or hire someone to fix it), have legitimate cause for complaint if their vendor doesn't fix it for them. People who have gotten software for free, and are free to change it in any way they like, have no claim at all on the developers. "If it breaks, you get to keep both pieces."
Contrast this with the flight simulator in Excel. It went in because some people at Microsoft wanted it, and it won't come out because no one else can make that decision. It would take a major effort by millions of irate customers to make Microsoft take it out; it just wouldn't be worth their while for less. Hell, the irate customers can't even make them fix real bugs. It's all they can do to make them fix security holes (sometimes *cough* Outlook *cough*). And now Microsoft wants people to shut up about the security holes. It's too much trouble for them. Why are you people bothering us about security? Can't you see we're busy writing the next version to take another billion from you?
Hmm, that transformed in midstream from an essay on development paradigms to an anti-MS rant. I must be in Slashdot :)
Linus likes very small patches, everything broken down into little chunks of functionality. Alan is ok with bigger patches. What do you like and dislike in the patches people send you?
Well, do you mean you applied tests to the statements and they were not disproved? Or do you mean there would be no possible way to disprove them? The latter case is called "nondisprovable" or "untestable". A theory that can't be tested is useless.
I used to think in those terms. Then it occurred to me that the U.S. is a nuclear power, and unlike the Soviet Union, it's not balanced by any other large nuclear power. If it goes all the way totalitarian, the rest of the world is fucked. So we'd damned well better keep it honest.
Any thoughts about possible future legal threats to Freenet, and technical / political / legal countermeasures? Speaking primarily from a U.S. perspective.
There are only 2^32 possible IP addresses under IPv4, so it wouldn't take very long. Now, if they appended a secret salt value before applying MD5, that would be another matter.
Thanks for the input.
Any opinions? Thanks.
Darn...that reminds me of something...some news site on the web. Can't remember what it's called.
I suggest that those with an interest in security focus their efforts on improving free software, where their contributions will be appreciated instead of condemned. If this results in free software becoming more secure, while Microsoft continues to wear brown paper bags, at least they will not be able to blame "information anarchy".
Well, they could possibly mess things up, in the US, for a while. It wouldn't stand, and while I doubt Linus would want to pull up stakes and move back to Finland while we muddled through it, I think he probably would if Congress pulled something so boneheaded and kept him from using Linux.
The use I was envisioning wouldn't involve a lot of changes anyway. Basically I just want a high-persistence cache. It would certainly make my current, five-year-old, P-133, 32 MB EDO beast a lot more usable. God, I want the new one now...
Three problems with that. First, the PC I am about to build will have 256 MB of PC-2100, which at $130/GB is not economical for this use. Second, I would have to copy the programs into the RAM disk after every reboot. Third, paying for software? Running Windows? Get real. I sometimes pay for distribution media but I haven't paid for software in years.
Hell, put gcc and the libraries and header files on it - building a kernel would fly.
All you people who keep talking about power loss, think rechargeable battery...
Well, yeah, at the high end RAM is about $50/gig, disk is less than 2. They're talking about the low end, a couple of gigs or less.
Linus is not in any kind of competition with Microsoft, because Linus is in it for fun, and because Microsoft cannot do a single thing to weaken or destroy Linus' ability to have fun hacking the kernel. Linux companies have to worry about Microsoft. Linus doesn't.
Anyone who thinks Linus should be concerned about Microsoft's moves does not understand Linus. He is not a businessman, or a general, or a leader, or an ideologue, or a diplomat. He is a hacker. Try reading Kernel Traffic sometime, you'll see what I mean.
Jesus, someone put it on Freenet quick! They'll have an injunction against that site within a day or two!
Intel had no comment at press time.
I wish we had another couple hundred level-headed, knowledgeable, rational, principled people like Phil Zimmermann in this country. Especially now.
Is that all? Time flies...
It's not that simple. Let's say I'm a terrorist leader in the fictional nation of Fatwah. I have planted several agents in the U.S. They have not smuggled anything in except themselves and a memorized key phrase - one per agent, in case someone is caught.
Now, I want to send them some orders. So first, I post some illegal, no-backdoors crypto software on Usenet. The NSA notices this and is very incensed, but can do nothing. All they know is that someone, somewhere in the world, has posted this. Maybe they trace it back to Fatwah, but that's as far as they can go.
Meanwhile, my agents have downloaded everything in that newsgroup, and there's no way of telling who they are.
Over the next several weeks, I encrypt my orders and post them on Usenet. Same situation - they know someone's communicating, they don't know who the recipients are, they can't do a damned thing about it.
Each message contains instructions on how to reply, e.g., "To acknowledge receipt, post a message on alt.whatever at a certain time using certain words". My agents reply as instructed. No one else would have any clue that this is a terrorist communication.
Really, if terrorists want to communicate secretly, the only way to prevent it is to shut down the entire internet, and probably the entire phone network as well.
"Captain, the enemy vessel is firing again! Shields buckling!"
"Captain, the enemy commander is hailing us. He demands our immediate surrender."
"Captain?"
"Captain?!"
"...Oh boy."
I notice you didn't mention Blowfish. It's been around for over ten years IIRC, and I'm not aware of any published attacks except against variants with a greatly reduced number of rounds. OpenBSD uses it for password hashing, which strikes me as a mark of quality. Yes, it takes a while to change keys (which is good from a brute-force attack standpoint), but once you do the precalculation it's nice and fast.