Holy balls that is stupid. Why would you use a distributed trust model for a delegated, hierarchical resource? Why the fuck didn't anyone think to delegate trust in the same manner as the domain names we hold the trust in??? Is it NOT obvious or something? I thought this up in a vacuum at 2AM, it is getting so frustrating. Someone saw an opportunity to get rich, and that won over sound engineering. Stellar.
GP is right, and you got the fishing metaphor totally dicked up.
Encryption doesn't matter to a phishing attack, it would only make it look more legit if users expected encryption, but those types of people wouldn't anyway.
I call BS. Have you ever done this? Do you know how many different CA lists are on your computer? Things are intentionally more difficult than they need to be.
Look at what was patented in 2004 *cough*BS*cough* A few dozen of us here just "invented" this system in our heads with our eyes glazed over reading these posts.
BS patents aside, it comes down to money as the other poster says. If you control the trust, you control the money, period. CA's do not validate each and every subdomain you own, nor do they need to once they've confirmed you own the second domain component. CA's should be delegated as granularly as DNS.
Get a free certificate, then. http://www.startssl.com/ generates basic certificates at no charge. It works in most major browsers, and IE support is expected in the near future. Now that startssl exists, there's really no excuse for self-signed certs even inside a corporate firewall, much less for a real public website.
Free, schmee, that is not the problem at all. Why in hell should I trust someone ELSE to verify my ownership of a domain name on MY internal network? The real problem is everything using their own damn CA lists, making it impossible for us to easily publish internal CA certs. Subversion has one, Windows has one, OS X has one, Gnome probably has one, Firefox has one, Java has one, SSH does NOT have one, etc, etc, etc.
Why aren't CA's delegated just like DNS is? I own all of foobar.net, so grant me an intermediate CA responsible for only *.foobar.net and let me verify & issue certs for my own fraking domain names (internal or NOT!). It is much easier to chain an intermediate cert to the server than add a new internal CA to the clients. Obviously, distributing trust to the rightful owners cuts the CA roots out of their silly trust monopolies.
The determination of who owns a domain name TWICE, for registration & certification is a straight up failure. Own the domain, you should own the CA authority, stop owning it, your cert chain is revoked.
The idea that computers will sit in between you and human interaction and make everything about your life better in the process, well, that idea is dying fast. The new tech is the kind that augments your life as quietly and unobtrusively as possible, then gets the hell out of your way. And Wave does not seem designed to get out of the way.
This seems to be where Linux's strength is - replacing proprietary Unix. How lame does the Sun salesman have to be? He couldn't get the USPS to replace their Sun boxes with Linux Sun boxes (Sun makes a complete line of x86 kit that runs Linux). Instead they went to HP. There's precious little difference between an HP x86 box and a Sun x86 box....all I can think is how lame the Sun salesman must have been.
1. The article is about Linux replacing Z/OS, and IBM helps with that. 2. HP & Sun are mostly interchangeable as far as the govt is concerned, and if they stay with one vendor long enough it looks bad. Sun probably didn't want to let go of 1300 midrange (not x86) systems, and over bid anyway.
"This seems to be where Linux's strength is - replacing proprietary Unix." That is real funny, because Sun's real strength was replacing proprietary mainframes with their own open systems. Now UNIX is proprietary (codeword for not having a rational reason for disliking something), and Linux on a freaking zSeries is okeydokey. What the F? I guess IBM's logic is that by having the same OS on your mainframe, and your open systems, you're not locked into IBM mainframe hardware? For everyone else though, If you still have to port your cobol to a new OS, why not run it on cheaper open system hardware.
Running Linux workloads on IFL does not result in any increased IBM software charges for System Z operating systems and middleware, IBM officials said.
The bulk of the money saved was from the proprietary mainframe software they ditched (Z/OS + IBM/CA add-ons?) in favor of Linux & IFL on zSeries. They even kept their old Cobol code in the new IFL Linux environment. The performance gains they're talking about are on the mainframe, because they just threw a ton of new processors at it. The Sun/HP environments aren't described at all, but they saved some money there too. 95% of the article was about the Z/OS to Linux IFL transition where they saved the most. This was somehow (twitter submission & shitty generic Internet news site) lost between/. and the source. Ah-fucking-maaazing.
My favorite line:
There were some hiccups along the way. For instance, the Cobol code converted to Linux was disconnecting with the database. "Even on heavy days, it was fine, but some days, it would disconnect and cause us to have to restart manually," Byrne said.
Developers working on the project had to write software code to restart the system automatically.
And here is was was said about Sun/HP:
The service is moving 1,300 Sun Solaris midrange servers to a Hewlett-Packard Linux environment.
We're achieving significant savings moving from the Sun to the HP environment -- obviously not as materially as the IBM proprietary environment to Linux because the mainframe has had the higher cost to begin with and farther to fall
Throw in some fluff & speculation, write up a nonsensical summary (thanks twitter!) and you get yourself a fantastic example of Slashdot's TOTAL failage. Don't mind me though, enjoy the group think everyone.
The article says voltage drop, not loss of power. The whole point of using an HSM instead of software is so that it does this stuff. It must dump sensitive material or otherwise self destruct when an attack is detected. Someone may have been trying to steal it, while keeping it powered on for all it knew (I've never heard of that, but I know it can't be impossible). Normally, to power one of these things back on, you'd need multiple keys & pins, each given to different people.
Besides, the internal batteries in these things don't last forever, the keys should always be backed up properly. That can be done securely and fairly easily, so I really wonder what their excuse is.
They still wont get it, and you wrote that big ass, frustrated post knowing it.
My advice: give up on Linux. There are more pleasant communities to be a part of, better software, and far more noble ideals worth pursuing. Find those first, and play with whatever is left over.
The problem is most traditional media outlets aren't doing that style of journalism any more. They fire as many of their local people as they can, and rely even more on AP and the intarwebs. Instead of bringing me in-depth local news that I can't get anywhere else and would be willing to pay for, they bring me news that I can find in 470 other locations for free.
For those of you lucky enough to have both the Internet AND a TV, in the US, over the air stations are required to air so many hours of local news each day.
What backwoods little town do you come from where you think you're being shorted in-depth local news? You want to find your local news, go kick a state trooper in the nuts. I'd feel bad for him, but you'd find your local media. How in depth do you want it anyway? Maybe nobody gives a damn about some old house that burned down, or the availability of kerosene at the local mom & pop. Are you SURE you don't have a Foo Chronicle, Bar Tribune, Qux Times, or Gonad Weekly where you're from? Not even a monthly newsletter? Do you have any news to report?
You're saying you'd pay for in-depth local news where you currently have none, and I'm calling you a liar. Pick up a local newspaper (it's even cheaper than big media) and stop bullshitting. I'm guessing you don't actually WANT news, but entertainment, AKA/., AKA blogs. You probably feel entitled to that too, since you can get it 27452 other places free.
Modern tape drives actually have tremendous throughput, and the $/GB crown. Keep in mind that the rated speed/capacity is the raw data to tape AFTER inline hardware compression, meaning you're usually moving twice as much or more data between the host and drive. Now, looking at seek times, they're polar opposites of SSD, but that's not the universal definition of performance:)
MindRover came out about ten years ago with a programming model that sounds like this one.
It was really cool. The GUI generated code in an intermediate language ('Ice', C-ish I think), then compiled that to some kind of VM. You were never meant to see those guts though, and it didn't let you hack the intermediate files. It's a shame, it would have gotten a lot more geek cred, even if it shattered the level playing field:\
This, will probably be limited to the GUI parts, being on a console and all.
to work out the trade-offs between these different feature requests, explain them to the users, and work out the optimum feature set that is actually achievable
Aren't we talking about OSS developers? That might be ideal, but is it realistic?
Forming an S corp is "basic personal finance"?? There's a great deal of information at public libraries, and accessibility doesn't make the contents "basic". You have the opportunity to learn about proper preventative maintenance for your car, so if it breaks down, poo on you; I'm driving.
How about instead of taking the elitist "I know how to take advantage of a complex system, everyone else is a peon" attitude, we all step back to "That system is too fucking complex and self serving, _it_ is supposed to work for _US_."
At least cars have gotten easier to maintain, can't say that for our taxes.
There is nothing excellent about it. Perhaps the mort important weakness is that you cannot really route traffic, but need point-to-point links. If you look at what made the Internet great, you can see that this is a show-stopper.
This isn't much different from how your credit card & ATM transactions are processed.
You're focusing on the network too much rather than the trust model. Instead of all our banks trusting each other directly and sharing keys with each other (way too many banks in the world, and the key exchange process is nothing to joke about), a bank trusts one or more switches, which trust one or more switches, which trust other banks. AFAIK, the actual network connections are private circuits. Did you know that those financial transactions need to be complete within a certain number of milliseconds? That guarantee is not possible using the Internet.
You seem to be suggesting we should use a different trust model, and not use new crypto technology... for the sake of the Internet. An Internet that is probably not appropriate considering the nature of the information that would use this crypto system.
The Internet is just a means to an end, don't get so attached.
So what is your point? We don't have "Windows ME+10" for $99 today. It's "Vista Workstation--" for $199. Probably for the better.
Doesn't look like you even read the GP. In fact, you offer a good explanation for newer Windows home editions costing more than Win9x did... that was the point he was making before you jumped in to argue your non-point.
Actually, Apple who have a tendency to overthink and overdesign everything have some of the worst laptop keyboards for one very simple reason: No delete key.
There's a backspace key labeled 'Delete,' which I cannot figure out the rationale of for the life of me. My full-sized wireless keyboard also has a backspace key labeled "delete" as well as a real delete key labeled in the exact same manner.
A full size Mac keyboard has delete where the PC backspace key is, and "delete ->" where the PC delete key is. What is the confusion there? It is not labeled the same, as forward delete has a right arrow picture on it. Familiarity with PC's aside, delete makes more sense. Delete the last character entered, or the character behind your cursor if you moved it. Explain how "backspacing" the previous character or "deleting" the character_ after_ your cursor makes more sense. The PC scheme only made sense when the cursor was an entire character width, not a thin bar. Then, you "deleted" the character UNDER the cursor, or moved it backwards a space. Macs have standardized on thin text cursors for quite some time now but PC's... some things just never change for decades because there is no consensus, and people forget why things were done in the first place. Take this backspace dogma for example. It no longer makes sense, but you defend it because... you don't even know why.
BTW, on a Mac laptop, delete is where it is on a full size, and fn-delete is a forward delete. Act surprised.
Also irritating is that Apple no longer even offer a full-sized wireless keyboard, while their wired keyboards default to the godawful "compact" model. This is made slightly more bothersome by the fact that Apple's keyboards are otherwise actually quite good, are visually appealing, and take up a very small footprint on my desk. Logitech's keyboards are hideous, enormous, don't use bluetooth, and very often actually cost more money than the equivalent model from Apple.
Maybe Apple was on to something with the compact wireless keyboard then... I have a full sized wireless Logtitech keyboard, and I'll tell you.. it doesn't make sense.. unless you never move it. I've gotten over this and moved on. Big ass keyboard.. taking up way to much space on the coffee table.. ugh.
Slashdot Mirror
OpenOffice is thinking in the same closed way MS does. Microsoft is rigid and dictatorial.
Yet here we are debating over a PROTOTYPE UI screenshot released on a corporate sanctioned BLOG.
Makes you wonder who really missed the forest.
Lift.
Holy balls that is stupid. Why would you use a distributed trust model for a delegated, hierarchical resource? Why the fuck didn't anyone think to delegate trust in the same manner as the domain names we hold the trust in??? Is it NOT obvious or something? I thought this up in a vacuum at 2AM, it is getting so frustrating. Someone saw an opportunity to get rich, and that won over sound engineering. Stellar.
GP is right, and you got the fishing metaphor totally dicked up.
Encryption doesn't matter to a phishing attack, it would only make it look more legit if users expected encryption, but those types of people wouldn't anyway.
I call BS. Have you ever done this? Do you know how many different CA lists are on your computer? Things are intentionally more difficult than they need to be.
This is a good solution. http://www.freepatentsonline.com/y2008/0010448.html
like you said - you work on a lab intranet. You're the one responsible for setting it up properly.
Screw you buddy. The problem is having to deal with a third party trust system for a fucking LAB (read: exclusively first party) environment.
You're not the only one asking WTF.
Look at what was patented in 2004 *cough*BS*cough*
A few dozen of us here just "invented" this system in our heads with our eyes glazed over reading these posts.
BS patents aside, it comes down to money as the other poster says. If you control the trust, you control the money, period. CA's do not validate each and every subdomain you own, nor do they need to once they've confirmed you own the second domain component. CA's should be delegated as granularly as DNS.
Get a free certificate, then. http://www.startssl.com/ generates basic certificates at no charge. It works in most major browsers, and IE support is expected in the near future. Now that startssl exists, there's really no excuse for self-signed certs even inside a corporate firewall, much less for a real public website.
Free, schmee, that is not the problem at all. Why in hell should I trust someone ELSE to verify my ownership of a domain name on MY internal network? The real problem is everything using their own damn CA lists, making it impossible for us to easily publish internal CA certs. Subversion has one, Windows has one, OS X has one, Gnome probably has one, Firefox has one, Java has one, SSH does NOT have one, etc, etc, etc.
Why aren't CA's delegated just like DNS is? I own all of foobar.net, so grant me an intermediate CA responsible for only *.foobar.net and let me verify & issue certs for my own fraking domain names (internal or NOT!). It is much easier to chain an intermediate cert to the server than add a new internal CA to the clients. Obviously, distributing trust to the rightful owners cuts the CA roots out of their silly trust monopolies.
The determination of who owns a domain name TWICE, for registration & certification is a straight up failure. Own the domain, you should own the CA authority, stop owning it, your cert chain is revoked.
The idea that computers will sit in between you and human interaction and make everything about your life better in the process, well, that idea is dying fast. The new tech is the kind that augments your life as quietly and unobtrusively as possible, then gets the hell out of your way. And Wave does not seem designed to get out of the way.
++Insightful
Possibly trying to figure out a way to credibly attack the server market by competing with their supplier of server CPU's in a very awkward way.
PowerPC based Apple servers did not compete with IBM's Power Systems in any way.
I think this example actually shows a forte of Linux as open source. New vulnerability is found very quickly after "new" code is released.
I thought the vulnerability was found first, then the cause.. If that's the case, how did open source help in finding this?
There aren't any important services that run setuid is there?
Oh...
It is a demo, not an example of perfection, and it looks fine on my Mac (with Safari 4)!
Two thoughts:
This seems to be where Linux's strength is - replacing proprietary Unix.
How lame does the Sun salesman have to be? He couldn't get the USPS to replace their Sun boxes with Linux Sun boxes (Sun makes a complete line of x86 kit that runs Linux). Instead they went to HP. There's precious little difference between an HP x86 box and a Sun x86 box....all I can think is how lame the Sun salesman must have been.
1. The article is about Linux replacing Z/OS, and IBM helps with that.
2. HP & Sun are mostly interchangeable as far as the govt is concerned, and if they stay with one vendor long enough it looks bad. Sun probably didn't want to let go of 1300 midrange (not x86) systems, and over bid anyway.
"This seems to be where Linux's strength is - replacing proprietary Unix."
That is real funny, because Sun's real strength was replacing proprietary mainframes with their own open systems. Now UNIX is proprietary (codeword for not having a rational reason for disliking something), and Linux on a freaking zSeries is okeydokey. What the F?
I guess IBM's logic is that by having the same OS on your mainframe, and your open systems, you're not locked into IBM mainframe hardware?
For everyone else though, If you still have to port your cobol to a new OS, why not run it on cheaper open system hardware.
The article was pretty clear.
Running Linux workloads on IFL does not result in any increased IBM software charges for System Z operating systems and middleware, IBM officials said.
The bulk of the money saved was from the proprietary mainframe software they ditched (Z/OS + IBM/CA add-ons?) in favor of Linux & IFL on zSeries. They even kept their old Cobol code in the new IFL Linux environment. The performance gains they're talking about are on the mainframe, because they just threw a ton of new processors at it. The Sun/HP environments aren't described at all, but they saved some money there too. 95% of the article was about the Z/OS to Linux IFL transition where they saved the most. This was somehow (twitter submission & shitty generic Internet news site) lost between /. and the source. Ah-fucking-maaazing.
My favorite line:
There were some hiccups along the way. For instance, the Cobol code converted to Linux was disconnecting with the database. "Even on heavy days, it was fine, but some days, it would disconnect and cause us to have to restart manually," Byrne said.
Developers working on the project had to write software code to restart the system automatically.
And here is was was said about Sun/HP:
The service is moving 1,300 Sun Solaris midrange servers to a Hewlett-Packard Linux environment.
We're achieving significant savings moving from the Sun to the HP environment -- obviously not as materially as the IBM proprietary environment to Linux because the mainframe has had the higher cost to begin with and farther to fall
Throw in some fluff & speculation, write up a nonsensical summary (thanks twitter!) and you get yourself a fantastic example of Slashdot's TOTAL failage. Don't mind me though, enjoy the group think everyone.
The article says voltage drop, not loss of power. The whole point of using an HSM instead of software is so that it does this stuff. It must dump sensitive material or otherwise self destruct when an attack is detected. Someone may have been trying to steal it, while keeping it powered on for all it knew (I've never heard of that, but I know it can't be impossible). Normally, to power one of these things back on, you'd need multiple keys & pins, each given to different people.
Besides, the internal batteries in these things don't last forever, the keys should always be backed up properly. That can be done securely and fairly easily, so I really wonder what their excuse is.
They still wont get it, and you wrote that big ass, frustrated post knowing it.
My advice: give up on Linux. There are more pleasant communities to be a part of, better software, and far more noble ideals worth pursuing. Find those first, and play with whatever is left over.
NY Times is intentionally missing the point, to make their advertisers feel more relevant.
Duh...
The problem is most traditional media outlets aren't doing that style of journalism any more. They fire as many of their local people as they can, and rely even more on AP and the intarwebs. Instead of bringing me in-depth local news that I can't get anywhere else and would be willing to pay for, they bring me news that I can find in 470 other locations for free.
For those of you lucky enough to have both the Internet AND a TV, in the US, over the air stations are required to air so many hours of local news each day.
What backwoods little town do you come from where you think you're being shorted in-depth local news? You want to find your local news, go kick a state trooper in the nuts. I'd feel bad for him, but you'd find your local media. How in depth do you want it anyway? Maybe nobody gives a damn about some old house that burned down, or the availability of kerosene at the local mom & pop. Are you SURE you don't have a Foo Chronicle, Bar Tribune, Qux Times, or Gonad Weekly where you're from? Not even a monthly newsletter? Do you have any news to report?
You're saying you'd pay for in-depth local news where you currently have none, and I'm calling you a liar. Pick up a local newspaper (it's even cheaper than big media) and stop bullshitting. I'm guessing you don't actually WANT news, but entertainment, AKA /., AKA blogs. You probably feel entitled to that too, since you can get it 27452 other places free.
Modern tape drives actually have tremendous throughput, and the $/GB crown. Keep in mind that the rated speed/capacity is the raw data to tape AFTER inline hardware compression, meaning you're usually moving twice as much or more data between the host and drive. Now, looking at seek times, they're polar opposites of SSD, but that's not the universal definition of performance :)
MindRover came out about ten years ago with a programming model that sounds like this one.
It was really cool. The GUI generated code in an intermediate language ('Ice', C-ish I think), then compiled that to some kind of VM. You were never meant to see those guts though, and it didn't let you hack the intermediate files. It's a shame, it would have gotten a lot more geek cred, even if it shattered the level playing field :\
This, will probably be limited to the GUI parts, being on a console and all.
to work out the trade-offs between these different feature requests, explain them to the users, and work out the optimum feature set that is actually achievable
Aren't we talking about OSS developers? That might be ideal, but is it realistic?
Forming an S corp is "basic personal finance"?? There's a great deal of information at public libraries, and accessibility doesn't make the contents "basic". You have the opportunity to learn about proper preventative maintenance for your car, so if it breaks down, poo on you; I'm driving.
How about instead of taking the elitist "I know how to take advantage of a complex system, everyone else is a peon" attitude, we all step back to "That system is too fucking complex and self serving, _it_ is supposed to work for _US_."
At least cars have gotten easier to maintain, can't say that for our taxes.
There is nothing excellent about it. Perhaps the mort important weakness is that you cannot really route traffic, but need point-to-point links. If you look at what made the Internet great, you can see that this is a show-stopper.
This isn't much different from how your credit card & ATM transactions are processed.
You're focusing on the network too much rather than the trust model. Instead of all our banks trusting each other directly and sharing keys with each other (way too many banks in the world, and the key exchange process is nothing to joke about), a bank trusts one or more switches, which trust one or more switches, which trust other banks. AFAIK, the actual network connections are private circuits. Did you know that those financial transactions need to be complete within a certain number of milliseconds? That guarantee is not possible using the Internet.
You seem to be suggesting we should use a different trust model, and not use new crypto technology... for the sake of the Internet. An Internet that is probably not appropriate considering the nature of the information that would use this crypto system.
The Internet is just a means to an end, don't get so attached.
So what is your point? We don't have "Windows ME+10" for $99 today. It's "Vista Workstation--" for $199. Probably for the better.
Doesn't look like you even read the GP. In fact, you offer a good explanation for newer Windows home editions costing more than Win9x did... that was the point he was making before you jumped in to argue your non-point.
Actually, Apple who have a tendency to overthink and overdesign everything have some of the worst laptop keyboards for one very simple reason: No delete key.
There's a backspace key labeled 'Delete,' which I cannot figure out the rationale of for the life of me. My full-sized wireless keyboard also has a backspace key labeled "delete" as well as a real delete key labeled in the exact same manner.
A full size Mac keyboard has delete where the PC backspace key is, and "delete ->" where the PC delete key is. What is the confusion there? It is not labeled the same, as forward delete has a right arrow picture on it. Familiarity with PC's aside, delete makes more sense. Delete the last character entered, or the character behind your cursor if you moved it. Explain how "backspacing" the previous character or "deleting" the character_ after_ your cursor makes more sense. The PC scheme only made sense when the cursor was an entire character width, not a thin bar. Then, you "deleted" the character UNDER the cursor, or moved it backwards a space. Macs have standardized on thin text cursors for quite some time now but PC's... some things just never change for decades because there is no consensus, and people forget why things were done in the first place. Take this backspace dogma for example. It no longer makes sense, but you defend it because... you don't even know why.
BTW, on a Mac laptop, delete is where it is on a full size, and fn-delete is a forward delete. Act surprised.
Also irritating is that Apple no longer even offer a full-sized wireless keyboard, while their wired keyboards default to the godawful "compact" model. This is made slightly more bothersome by the fact that Apple's keyboards are otherwise actually quite good, are visually appealing, and take up a very small footprint on my desk. Logitech's keyboards are hideous, enormous, don't use bluetooth, and very often actually cost more money than the equivalent model from Apple.
Maybe Apple was on to something with the compact wireless keyboard then...
I have a full sized wireless Logtitech keyboard, and I'll tell you.. it doesn't make sense.. unless you never move it. I've gotten over this and moved on. Big ass keyboard.. taking up way to much space on the coffee table.. ugh.