This ignores the fact that the "branch office," while it may seem like a limb of a greater organization, is legally a separate entity, and thus has no basis to request the information from Google USA's servers.
Or, to put it the other way, the sysadmins at Google USA, who presumably have a policy of "we don't disclose data to anyone without a warrant," might get an email from someone in the Brazilian office, but they're not going to just email them a ton of confidential data. They want a warrant, valid in the U.S., because that's where the data is.
Let's assume for a moment that the folks at the server farm in California just sent data out to any Google field office that requested it. Would you want them to disclose anything in the database on the strength of a request from Google Beijing? How about Google Tehran? You can see that the policy starts to get very slippery. Rather than try and deal with and validate requests for information from every corner of the globe, they probably just have a policy that if you want them to turn over data, you have to get a warrant in the U.S. This saves them from being roasted alive by Congress for turning over data (stored in the U.S.) in response to queries from foreign governments; not to mention the loss of public opinion.
The Brazilians could probably obtain the information through diplomatic channels -- it's not as though the United States and Brazil are unfriendly. They could probably have gone through normal means (had someone from their embassy contact the State Department) and gotten a judge in the United States to issue a warrant ordering Google to turn over the information from its U.S.-based servers for use in the investigation. We probably do all sorts of cooperative drug-interdiction with them already, so there's certainly a legal and law enforcement framework for this. It probably would have been faster than what they've been trying to do, which is try and find some legal basis of obtaining information stored in the United States under Brazilian law.
There are reasons that in centuries past, we came up with a whole legal framework for this sort of thing, as it applied to physical goods and people. It's called extradition. At the moment, technology has outpaced law, and we don't have those sorts of agreements for data-sharing and discovery (although INTERPOL could be seen as an early effort in that direction). Eventually, this is going to change, but the Brazilian government is going about things in the wrong way.
Obviously it would entail a slower transferring process than a straight copy, but maybe someone could fix one of the open-source audio tools (Amarok, etc.) to allow you to archive your music in a different format than what you keep on your player?
Basically, keep it losslessly on your computer, but transcode it on-the-fly into a lossy format as you syncronize your player. Keep all the metadata intact (and sync the metadata bidirectionally -- keep playcounts and stuff from the player), but whenever you add new music to your computer from a CD, rip it to FLAC, and then downconvert to MP3 or Ogg as you put it onto the portable device.
I really think this wuld be the best way to do it -- computers are fast enough to make this kind of transcoding practical (reasonably so), and you don't really need the lossless files on your portable device because the playback circuitry and the output device (unless you're using Grados or other very high-quality low-impedence cans) probably aren't good enough to let you tell the difference between a high-bitrate lossy file and the lossless one.
I don't really have anything to add, because I think you pretty much hit all the major points. Particularly regarding Sony; although they've now been swept into the dustbin of history, there was a lot of hype surrounding their first few portable music players (I remember when there was a lot of buzz about their first USB-enabled MiniDisk player, which was horribly braindead). Talk about a company that just can't get anything right but keeps on trying. I guess it's a good thing that they're their own worst enemy, because you can see in their products occasional flashes of brilliance that suggest to me that if they weren't constantly miscalculating the public, they'd probably be running the world.
Anyway, I do think though that the iPod had more going for it than just MP3, there were MP3 players before the iPod -- in fact, I owned one, called a Pontis -- but the iPod achieved a balance between style, capacity, battery life, compatibility, and integration with a nice software suite (iTunes) that nobody else had matched. And to be honest, nobody yet has, although they're inching closer every day.
When you say it "works great with OS X" how do you mean this? I'm going to assume it doesn't integrate with iTunes, as an iPod would (or does it?). Without that, it's hardly a well-integrated experience.
Obviously the blame for this has to go mostly to Apple, since they control iTunes, but the point is that I'm not sure you can really say that any non-Apple MP3 player will ever work as well on a Mac as an iPod does, because only an iPod will integrate so seamlessly with iTunes.
Personally I'd like to have an alternative to the iPod, just to keep Apple developing and keep their prices competitive; however without iTunes compatibility, or a software suite that will really do everything that iTunes does (less the DRM crap), I don't think there's much of anything out there. Right now it's a chicken-and-egg proposition: there's little market for a Mac MP3 player that doesn't integrate with iTunes, and there's no market for an library-manager/player that doesn't support iPods.
If that's what you want to think, fine; but even on platforms other than Linux, you'd be throwing a lot of good software out. Scanners, for instance, often come with "manufacturer blessed" software that sucks outright. Absolutely, no-holds-barred suckage.
Sometimes the best way to use the hardware that you own, is to get the software to run it from a different place. For scanners, you go and buy Silverfast (or VueScan), and throw that CD that came with your scanner in the trash where it belongs.
Linux has taken this attitude one step further, by just making a lot of the 'good software' free and making it come with the OS. To a certain extent Apple does this as well, although it's not Free -- most of the time with hardware on a Mac, you just plug it in and use the software and generic drivers that came with the computer.
To say that the only software that you're "supposed" to use is the stuff that comes with hardware, is just going to damn you to a lifetime of using mediocre software. With a few exceptions, hardware peripheral companies are dreadful at writing software (again, witness scanners) and it's incredibly limiting to assume that something is a "hack" because it comes from elsewhere. Particularly when it may be very expensive and fully supported (i.e. SilverFast).
True, but even the root user isn't exactly the equivalent of Windows' SYSTEM processes. It would be like not only being the root user, but being root and running all your processes with PID 1. Or something like that, the analogies break down because you start to get into architectural differences between UNIX-type systems and the single-user-ness of Windows.
But the point is that Windows' SYSTEM is even a bit above what the root user would be capable of on a UNIX-like system; particularly in regards to logging and ease of covering one's tracks later.
It's not really a wrapper as much as it's a replacement.
The story I heard was that a bunch of Apple engineers got tasked with improving OS X boot times, and the problem they kept running into was the way that init worked. In order to create a good way of launching stuff simultaneously (when possible) and generally making everything boot quickly, they ended up just writing a new system for launching services, and the result was launchd. It also minimizes the number of running daemons at any one time, saving memory and processor cycles, and can start and stop them as-needed. Apparently you can also do some neat stuff like actually feed programs commands rather than just start/stop, but I've never used that.
I think Apple's hope was that other UNIX-ish systems might like the launchd concept and replace init with it, but I'm not sure that the faster boot times will really be worth the retraining costs for systems that aren't booted up often.
The things I dislike about launchd, aside from the traditional UNIX objection to anything which is New And Therefore Bad, is that its config files are XML instead of flat text, which I find obnoxious, and that it makes it marginally more difficult to see what services are running on a given system. You can be running a local mailserver but not have a daemon active, because launchctl will bring up postfix as needed. If you're not looking for it, you can miss the fact that postfix is set up. (However you can program it to bring up particular services and leave them -- in fact you can use init and cron normally, if you like.)
I still use cron for scheduled tasks as well, because I've never wanted to figure out how to replicate cron with Apple's stuff, but I'm told it can do that, too.
Overall I think it's pretty neat, and for a desktop-UNIX system it's a major step forward. For a server or non-desktop environment, I think the benefits are more mixed.
I think it only works for an Administrator user, but given that Microsoft takes a pretty lax approach to local privilege escalations, that doesn't say a whole lot. If someone can get limited-user access, and then escalate to Administrator, and then from there to SYSTEM, it's just making a slightly longer road out of a remote-root.
The point is though, that Apple doesn't have 90+% of the market. If Microsoft only had 30%, then they could bundle whatever they wanted, engage in all sorts of shady exclusivity deals, and generally play the way that got them in trouble in the first place.
The problem is that they have far more marketshare than any single company ought to have, and it would be the same problem whether it was them in that position, or Apple, or IBM, or Sun. A monoculture is bad for the market. (Now granted, a monoculture in one market can be good for other markets that depend on having a large base of users running the same OS, but that's not germane here.)
The best-case scenario would be a handful of large OS vendors, each making systems which competed on their merits with each other. Companies would be free to try and sell them as "complete solutions" (a la Apple) or piecemeal to OEMs and mom-and-pop assemblers for customization.
I don't, and I don't think that most people do, really have a problem with an OS manufacturer bundling a product with their OS in order to provide a better experience to the user. It's just that when there's one vastly dominant OS, the same sort of bundling which could be a useful addon to a small-share company (Apple) becomes damaging and anticompetitive.
If MS wants to play the bundling game, they can give up half their marketshare and then people would probably stop screaming "monopoly" at them constantly.
What I thought was interesting in the article was how many of his complaints were probably due not to bad design per se, but to poor practices -- things like documentation, structural transparency, consistent use of system policies, etc.
What struck me is that there are definitely seeming flaws in Windows that make it insecure as-is, but that it doesn't have to be this way; Microsoft has chosen and continues to choose to operate in such a way that exacerbates rather than minimizes the effect of many of the inherent weaknesses of the platform. A similarly designed system, managed and documented differently, would probably be less problematic.
Thank you. I tried to say this elsewhere in this thread, but I think you put it more succinctly.
There are very few jobs that I've seen, where if you are really qualified, that it's not a "sellers market" in terms of labor (where you, the worker, are selling your labor to your employer). It sometimes seems the other way around because of the preponderance of under- or mis-qualified applicants, or people who need substantial training before their labor is really worth anything. But even during less-than-optimum economic conditions, most people with good general business skills can move from one place to another if they desire, limited by the kind of work they want to do, and the environment they want to do it in. (And naturally, the amount of money they can make.)
The question underlying this whole discussion, and which I haven't seen answered, is how much do employees really value internet access? How much money extra would people need to be paid, to work from a site that's totally locked down? Or how much of a pay cut would you be willing to take, to work in a more relaxed atmosphere? It's difficult to quantify, but that's really what everyone is arguing about.
I think it depends what you major in and what kind of skills you have.
It also depends on how picky you are in terms of what kind of work you'll do, or where you want to live. People who only want to work in a particular city (e.g. NYC, Boston, DC, etc.) or only want to do a particular sort of work, may well have the limited options that you describe. But such was not my experience, or that of other people I know. Granted it was a while back and the economy was a bit different then, but I definitely had a choice of places to work when I graduated college. But then again, I didn't have a lot of other requirements besides a paycheck: I was willing to relocate and travel, and my skills were fairly general.
Obviously, how much "say" a recent college grad has in where they end up working, changes radically depending on the economic environment. When companies are competing for new employees, as they were during the mid to late-90s, workplace perks become significantly more important than during a downturn, when the job itself is almost like a perk. And as I mentioned, the competition for employees differs radically from one region of the country to the other. A company in Boston might be beating college grads off their doormat with a stick, while one in Phoenix, Arizona might be desperately seeking young workers. It all comes down to tradeoffs.
I think that the internet access is similar to the attitudes companies had regarding dress codes a few years ago. Young employees saw suit-and-tie operations not only as personally restrictive, but also indicative of a corporate culture that they might not have liked; in response, a lot of places changed to "dress casual" over time. While we can argue about the merits of professional attire all day, there was definitely a lot of change as a result of companies trying to get rid of the stodgy appearance, and many of these improvments were aimed at recruiting new workers. Internet access could be similar: companies that don't restrict seem like they'd be better places to work, for reasons unrelated to the internet itself -- less overbearing management, more trust of employees, etc.
That's a valid attitude to have. However, if you're trying to recruit young employees in a competitive environment, it's probably not going to get you or your organization very far.
People may be willing to work in your "salt mine" when the economy is doing poorly and the job market is in your favor, but if one of your competitors offers better working conditions and a more enjoyable environment -- by not caring, say, whether people browse the internet so long as they get their jobs done -- then you're probably going to start hemmoraging staff. And that's bad for business.
So in other words, there are valid business reasons for giving your employees something that they value, as a perk. You may be well within your rights, legally and morally, to give them nothing but a desk, a chair, a typewriter, and an hour for lunch, but the end result will probably be you'll either pay through the nose for the same talent that a more-pleasant workplace gets for much less, or you'll only get the sort of employees who can't get work anywhere else.
What I think would be particularly interesting, would be a survey of young employees and college graduates, asking just how much they value (in financial/salary terms) having unrestricted internet access and a relaxed policy about its use. That would really give companies an idea of how much their attitudes are or are not costing them.
Its a perk if they allow these things, but i dont think they should be expected
I think you're actually agreeing with the Microsoft person here. That's exactly what they're saying.
Open internet access is a perk, and it's one that young employees value. So if you want to recruit and retain people, it's something that as an employer, you should consider. Someone might be willing to work for $35k a year at a place with unrestricted internet, but wouldn't touch a locked-off place for less than $40k. (I'm pulling those numbers out of my ass, admittedly, but you see my point I hope.)
I know people who work in informationally secure environments, and they get paid more than I do. But they need to be, because I wouldn't work there without being paid a lot extra -- I value having access to GMail, being able to keep my cellphone on me, being able to read Slashdot during slow periods, etc. Although I find it distracting and don't do it, other people even keep AIM running from work, to talk to their spouses/kids/whatevers at home, and this isn't a problem.
If I was considering a move to a workplace like theirs, where the computers are totally firewalled and nobody has install rights on them, I wouldn't do it unless there was a substantial increase in some other form of compensation, to offset the loss of these niceities.
That's all anyone is saying; you don't have to provide your workers with Internet access, but a growing number of young, educated people expect it, and probably won't take kindly to not having it around. If you want to compete, you'll either give people what they want, or you'll make it up in some other way (probably with pay).
If your computer is vulnerable to malware just from browsing a website, then you should get a more secure computer. Seems to me that's indicative of a larger problem you have, which is using vulnerable systems and not segregating or firewalling them.
OK, so I admit I'm taking a jab at Windows here, but Windows doesn't necessarily imply that you need to lock off the internet or you're going to get hosed by malware: I work in a Windows shop and we have open internet access, and we're not totally compromised. Granted I think the extra work to secure all those Windows machines is more than they're worth, but that's a decision that's way above my pay grade.
There's no reason to just take on premise that your systems should be so insecure as to let casual browsing totally compromise them.
I've worked in a bunch of big offices, and none of them have ever blocked long-distance calls. It's just too much of a pain; you never know when someone might need to make a business call that's long-distance, and with globalization, even international calls aren't that uncommon. Only a very regional business would be able to do with only local telephone access.
Plus, telephone time is cheap. A reasonably sized PBX isn't paying for long-distance service in the same way you are at home, they're just buying the connection in bulk and probably not paying much extra whether the call goes down the street or to Kalamazoo. This is doubly true if it's a VOIP system; the most expensive part is probably giving each employee an incoming POTS number, not allowing them to make outside calls.
Any large company that's paying for its long-distance service by the line-minute really needs to rethink their telecom expenses, because they're getting shafted.
I'm not talking about a known-plaintext attack on the cipher itself. (Although if you knew that the input into the second (the "outer") cipher contained headers, you could use this as part of a known-plaintext attack, but that's not what I was discussing.)
Rather I was just saying that if you have file headers on the intermediate file, then it becomes quite easy to figure out when you've brute-forced the outer layer of encryption. Without these headers, it's much harder to tell when you've gotten the correct key to the outer layer, and are looking at the ciphertext of the second layer, instead of random garbage.
In the worst-case scenario, you would have to try every possible key of the first layer of encryption, and then try every key of the second (inner) layer of encryption against every possible result from the first. This would double the effective keyspace of the system, to 128 bits (assuming two 64-bit ciphers).
In the best-case, you will know immediately when you see the file headers when the outer layer of encryption is broken, so you'll only have to exhaust that 64-bit keyspace, and then do it again on the inner layer. This yields a "65-bit" equivalence.
The attack is brute-force keyspace exhaustion either way; my comment said nothing about any strength or weakness of the cryptographic algorithm. In fact it rather assumed that a known-plaintext attack wouldn't work, because if it did, then you probably wouldn't have to do through keyspace exhaustion.
I agree. The driving tests in most places in the U.S., at least in any places where I've lived, are a complete joke.
And I second the notion that being able to pass a driver's test certainly didn't mean that I really had any clue how to operate a car. The problem is not one of competence: there is no reason why someone who is 15 or 16 years old cannot operate an automobile -- it's really not that hard, but the requirements for doing so are so lax, that it's no wonder we have a ton of really shitty drivers on the roads.
Quite frankly, if people wanted to really make our roads safer, they would make the driving tests tougher; require driving under simulated less-than-ideal conditions and in accident/panic scenarios. It doesn't make any sense to make people drive down a road at 25 MPH, turn around, park, and drive back, and then say that they're qualified to pilot a 6,000-pound SUV at 75 MPH in the driving rain or snow, at night, on an interstate highway. It's madness.
A true test of driving ability ought to require that you test in the type of car you want to drive (and taking a test in a Geo Metro does not make you qualified to drive a Ford Expedition), and that you demonstrate how to maneuver the car through panic stops, emergency lane-changes, and on reduced-traction surfaces. Many accidents that occur today would be avoidable with better driver education and training, we just don't do it.
Also, periodic retesting seems to me to be a no-brainer. We know that people become less safe on the road as they age, and although I respect elderly people's desire for independence, they have no right to drive beyond the point where they are physically and mentally competent to do so. Having a drivers license last 5 or 10 years would do a lot to make sure that people (all people, not just elderly drivers) don't just forget how to properly drive once they become licensed, and it would also be a vehicle for updating techniques and encouraging retraining. Most skilled professions require this, and driving a motor vehicle shouldn't be an exception.
Young drivers take a lot of blame (much of it deserving) but unfortunately, we as a society let them on the road not when they actually know how to drive, but when they're just competent enough to not be an overwhelming hazard to others, in the hope that they'll be able to actually learn how to drive on their own. Replacing this system with a comprehensive driver-education regime would dramatically improve the safety of our roads.
I think a big part of that comes down to the file headers and how you actually implement the cryptographic algorithms into a system.
If you take a plaintext file and encrypt it into a file which has headers ("BEGIN ENCRYPTED CONTENT---"), and then encrypt the result again, assuming the attacker knows how you did it and that the intermediate file has plaintext headers, then they'll know the moment they broke the first 64-bit encryption layer. So in this example, you're basically at 65 bits.
Now if you don't include any headers, so that there's no terribly good way to determine whether you've gotten the right key or not, as you're brute-forcing the first layer, then I think you're right -- the strength of the overall system is somewhere in a grey area between 65 and 128 bits.
If someone was just thinking that they could use a file-encryption utility twice (which produces output files that have plaintext headers) and double the keyspace, they are dead wrong.
Joke all you want, but one of the things that people get coached on when preparing for depositions is how to say a lot of stuff without really saying anything.
However, four hours can stretch into a pretty long time when it's just a bunch of people sitting there asking you questions; I don't think you can really take up quite that much time by filibustering.
The real problem with an open deposition like this, as opposed to one where the topics or even questions are set out beforehand, is that it's a lot harder to prepare the witness for one; SCO's lawyers' goal is probably just to get him to slip up and say something that they can use to further delay proceedings. If the guy's not careful, it could definitely happen.
(Shrug)... I work in consulting. It's very much like I described. Promotions and bonuses are based on your time billed out to clients, so there's a direct tradeoff between how much vacation you take and how much of a raise you don't get. There also tends to be a lot of very aggressive careerism. I don't think people are so competitive that they're actively undermining each other (at least, where I work, YMMV and all that) but there's definitely an understanding that if you want to be in the top 10% (which is where 50+% of bonuses go), then you have to bill more than the other 90. It all depends: do you want an extra few thousand bucks at the end of the year, or do you want to take a vacation? You can have the latter and still have a job indefinitely, so there's no risk of termination (unless you drop below 40 hrs/week by 50 weeks, obviously), it's all about advancement and bonus pay.
I'm not going to name names, because I've worked at enough consultancies to know this is commonplace. It's also prevalent, I'm told, at big law firms when you're low on the totem pole (associates, junior partners, etc.). Probably also goes for just about any place where the number of hours you work feeds into a metric that determines compensation or promotability. (Not to mention jobs where people are actually paid by the hour, where the connection is more obvious.)
Part of the disconnect between the workplace you see, and the one I see, might have to do with the average age of the employees. People who are young, just beginning careers, and who lack any direct family obligations probably put a substantially lower value on vacation time than someone with a husband/wife and a couple of kids, and who is looking more for stability than for quick advancement, does.
Jobs like the ones I'm describing in general probably have a high degree of self-selection involved also; people looking for stability and 40-hour workweeks just don't do them.
This ignores the fact that the "branch office," while it may seem like a limb of a greater organization, is legally a separate entity, and thus has no basis to request the information from Google USA's servers.
Or, to put it the other way, the sysadmins at Google USA, who presumably have a policy of "we don't disclose data to anyone without a warrant," might get an email from someone in the Brazilian office, but they're not going to just email them a ton of confidential data. They want a warrant, valid in the U.S., because that's where the data is.
Let's assume for a moment that the folks at the server farm in California just sent data out to any Google field office that requested it. Would you want them to disclose anything in the database on the strength of a request from Google Beijing? How about Google Tehran? You can see that the policy starts to get very slippery. Rather than try and deal with and validate requests for information from every corner of the globe, they probably just have a policy that if you want them to turn over data, you have to get a warrant in the U.S. This saves them from being roasted alive by Congress for turning over data (stored in the U.S.) in response to queries from foreign governments; not to mention the loss of public opinion.
The Brazilians could probably obtain the information through diplomatic channels -- it's not as though the United States and Brazil are unfriendly. They could probably have gone through normal means (had someone from their embassy contact the State Department) and gotten a judge in the United States to issue a warrant ordering Google to turn over the information from its U.S.-based servers for use in the investigation. We probably do all sorts of cooperative drug-interdiction with them already, so there's certainly a legal and law enforcement framework for this. It probably would have been faster than what they've been trying to do, which is try and find some legal basis of obtaining information stored in the United States under Brazilian law.
There are reasons that in centuries past, we came up with a whole legal framework for this sort of thing, as it applied to physical goods and people. It's called extradition. At the moment, technology has outpaced law, and we don't have those sorts of agreements for data-sharing and discovery (although INTERPOL could be seen as an early effort in that direction). Eventually, this is going to change, but the Brazilian government is going about things in the wrong way.
Obviously it would entail a slower transferring process than a straight copy, but maybe someone could fix one of the open-source audio tools (Amarok, etc.) to allow you to archive your music in a different format than what you keep on your player?
Basically, keep it losslessly on your computer, but transcode it on-the-fly into a lossy format as you syncronize your player. Keep all the metadata intact (and sync the metadata bidirectionally -- keep playcounts and stuff from the player), but whenever you add new music to your computer from a CD, rip it to FLAC, and then downconvert to MP3 or Ogg as you put it onto the portable device.
I really think this wuld be the best way to do it -- computers are fast enough to make this kind of transcoding practical (reasonably so), and you don't really need the lossless files on your portable device because the playback circuitry and the output device (unless you're using Grados or other very high-quality low-impedence cans) probably aren't good enough to let you tell the difference between a high-bitrate lossy file and the lossless one.
Anyone know if this has been implemented?
Bravo.
I don't really have anything to add, because I think you pretty much hit all the major points. Particularly regarding Sony; although they've now been swept into the dustbin of history, there was a lot of hype surrounding their first few portable music players (I remember when there was a lot of buzz about their first USB-enabled MiniDisk player, which was horribly braindead). Talk about a company that just can't get anything right but keeps on trying. I guess it's a good thing that they're their own worst enemy, because you can see in their products occasional flashes of brilliance that suggest to me that if they weren't constantly miscalculating the public, they'd probably be running the world.
Anyway, I do think though that the iPod had more going for it than just MP3, there were MP3 players before the iPod -- in fact, I owned one, called a Pontis -- but the iPod achieved a balance between style, capacity, battery life, compatibility, and integration with a nice software suite (iTunes) that nobody else had matched. And to be honest, nobody yet has, although they're inching closer every day.
When you say it "works great with OS X" how do you mean this? I'm going to assume it doesn't integrate with iTunes, as an iPod would (or does it?). Without that, it's hardly a well-integrated experience.
Obviously the blame for this has to go mostly to Apple, since they control iTunes, but the point is that I'm not sure you can really say that any non-Apple MP3 player will ever work as well on a Mac as an iPod does, because only an iPod will integrate so seamlessly with iTunes.
Personally I'd like to have an alternative to the iPod, just to keep Apple developing and keep their prices competitive; however without iTunes compatibility, or a software suite that will really do everything that iTunes does (less the DRM crap), I don't think there's much of anything out there. Right now it's a chicken-and-egg proposition: there's little market for a Mac MP3 player that doesn't integrate with iTunes, and there's no market for an library-manager/player that doesn't support iPods.
I admit that it looks like a 1908's garage door opener
What would that look like? A hook on the end of a long wooden pole?
If that's what you want to think, fine; but even on platforms other than Linux, you'd be throwing a lot of good software out. Scanners, for instance, often come with "manufacturer blessed" software that sucks outright. Absolutely, no-holds-barred suckage.
Sometimes the best way to use the hardware that you own, is to get the software to run it from a different place. For scanners, you go and buy Silverfast (or VueScan), and throw that CD that came with your scanner in the trash where it belongs.
Linux has taken this attitude one step further, by just making a lot of the 'good software' free and making it come with the OS. To a certain extent Apple does this as well, although it's not Free -- most of the time with hardware on a Mac, you just plug it in and use the software and generic drivers that came with the computer.
To say that the only software that you're "supposed" to use is the stuff that comes with hardware, is just going to damn you to a lifetime of using mediocre software. With a few exceptions, hardware peripheral companies are dreadful at writing software (again, witness scanners) and it's incredibly limiting to assume that something is a "hack" because it comes from elsewhere. Particularly when it may be very expensive and fully supported (i.e. SilverFast).
True, but even the root user isn't exactly the equivalent of Windows' SYSTEM processes. It would be like not only being the root user, but being root and running all your processes with PID 1. Or something like that, the analogies break down because you start to get into architectural differences between UNIX-type systems and the single-user-ness of Windows.
But the point is that Windows' SYSTEM is even a bit above what the root user would be capable of on a UNIX-like system; particularly in regards to logging and ease of covering one's tracks later.
It's not really a wrapper as much as it's a replacement.
The story I heard was that a bunch of Apple engineers got tasked with improving OS X boot times, and the problem they kept running into was the way that init worked. In order to create a good way of launching stuff simultaneously (when possible) and generally making everything boot quickly, they ended up just writing a new system for launching services, and the result was launchd. It also minimizes the number of running daemons at any one time, saving memory and processor cycles, and can start and stop them as-needed. Apparently you can also do some neat stuff like actually feed programs commands rather than just start/stop, but I've never used that.
I think Apple's hope was that other UNIX-ish systems might like the launchd concept and replace init with it, but I'm not sure that the faster boot times will really be worth the retraining costs for systems that aren't booted up often.
The things I dislike about launchd, aside from the traditional UNIX objection to anything which is New And Therefore Bad, is that its config files are XML instead of flat text, which I find obnoxious, and that it makes it marginally more difficult to see what services are running on a given system. You can be running a local mailserver but not have a daemon active, because launchctl will bring up postfix as needed. If you're not looking for it, you can miss the fact that postfix is set up. (However you can program it to bring up particular services and leave them -- in fact you can use init and cron normally, if you like.)
I still use cron for scheduled tasks as well, because I've never wanted to figure out how to replicate cron with Apple's stuff, but I'm told it can do that, too.
Overall I think it's pretty neat, and for a desktop-UNIX system it's a major step forward. For a server or non-desktop environment, I think the benefits are more mixed.
I think it only works for an Administrator user, but given that Microsoft takes a pretty lax approach to local privilege escalations, that doesn't say a whole lot. If someone can get limited-user access, and then escalate to Administrator, and then from there to SYSTEM, it's just making a slightly longer road out of a remote-root.
Yes.
The point is though, that Apple doesn't have 90+% of the market. If Microsoft only had 30%, then they could bundle whatever they wanted, engage in all sorts of shady exclusivity deals, and generally play the way that got them in trouble in the first place.
The problem is that they have far more marketshare than any single company ought to have, and it would be the same problem whether it was them in that position, or Apple, or IBM, or Sun. A monoculture is bad for the market. (Now granted, a monoculture in one market can be good for other markets that depend on having a large base of users running the same OS, but that's not germane here.)
The best-case scenario would be a handful of large OS vendors, each making systems which competed on their merits with each other. Companies would be free to try and sell them as "complete solutions" (a la Apple) or piecemeal to OEMs and mom-and-pop assemblers for customization.
I don't, and I don't think that most people do, really have a problem with an OS manufacturer bundling a product with their OS in order to provide a better experience to the user. It's just that when there's one vastly dominant OS, the same sort of bundling which could be a useful addon to a small-share company (Apple) becomes damaging and anticompetitive.
If MS wants to play the bundling game, they can give up half their marketshare and then people would probably stop screaming "monopoly" at them constantly.
What I thought was interesting in the article was how many of his complaints were probably due not to bad design per se, but to poor practices -- things like documentation, structural transparency, consistent use of system policies, etc.
What struck me is that there are definitely seeming flaws in Windows that make it insecure as-is, but that it doesn't have to be this way; Microsoft has chosen and continues to choose to operate in such a way that exacerbates rather than minimizes the effect of many of the inherent weaknesses of the platform. A similarly designed system, managed and documented differently, would probably be less problematic.
Thank you. I tried to say this elsewhere in this thread, but I think you put it more succinctly.
There are very few jobs that I've seen, where if you are really qualified, that it's not a "sellers market" in terms of labor (where you, the worker, are selling your labor to your employer). It sometimes seems the other way around because of the preponderance of under- or mis-qualified applicants, or people who need substantial training before their labor is really worth anything. But even during less-than-optimum economic conditions, most people with good general business skills can move from one place to another if they desire, limited by the kind of work they want to do, and the environment they want to do it in. (And naturally, the amount of money they can make.)
The question underlying this whole discussion, and which I haven't seen answered, is how much do employees really value internet access? How much money extra would people need to be paid, to work from a site that's totally locked down? Or how much of a pay cut would you be willing to take, to work in a more relaxed atmosphere? It's difficult to quantify, but that's really what everyone is arguing about.
I think it depends what you major in and what kind of skills you have.
It also depends on how picky you are in terms of what kind of work you'll do, or where you want to live. People who only want to work in a particular city (e.g. NYC, Boston, DC, etc.) or only want to do a particular sort of work, may well have the limited options that you describe. But such was not my experience, or that of other people I know. Granted it was a while back and the economy was a bit different then, but I definitely had a choice of places to work when I graduated college. But then again, I didn't have a lot of other requirements besides a paycheck: I was willing to relocate and travel, and my skills were fairly general.
Obviously, how much "say" a recent college grad has in where they end up working, changes radically depending on the economic environment. When companies are competing for new employees, as they were during the mid to late-90s, workplace perks become significantly more important than during a downturn, when the job itself is almost like a perk. And as I mentioned, the competition for employees differs radically from one region of the country to the other. A company in Boston might be beating college grads off their doormat with a stick, while one in Phoenix, Arizona might be desperately seeking young workers. It all comes down to tradeoffs.
I think that the internet access is similar to the attitudes companies had regarding dress codes a few years ago. Young employees saw suit-and-tie operations not only as personally restrictive, but also indicative of a corporate culture that they might not have liked; in response, a lot of places changed to "dress casual" over time. While we can argue about the merits of professional attire all day, there was definitely a lot of change as a result of companies trying to get rid of the stodgy appearance, and many of these improvments were aimed at recruiting new workers. Internet access could be similar: companies that don't restrict seem like they'd be better places to work, for reasons unrelated to the internet itself -- less overbearing management, more trust of employees, etc.
That's a valid attitude to have. However, if you're trying to recruit young employees in a competitive environment, it's probably not going to get you or your organization very far.
People may be willing to work in your "salt mine" when the economy is doing poorly and the job market is in your favor, but if one of your competitors offers better working conditions and a more enjoyable environment -- by not caring, say, whether people browse the internet so long as they get their jobs done -- then you're probably going to start hemmoraging staff. And that's bad for business.
So in other words, there are valid business reasons for giving your employees something that they value, as a perk. You may be well within your rights, legally and morally, to give them nothing but a desk, a chair, a typewriter, and an hour for lunch, but the end result will probably be you'll either pay through the nose for the same talent that a more-pleasant workplace gets for much less, or you'll only get the sort of employees who can't get work anywhere else.
What I think would be particularly interesting, would be a survey of young employees and college graduates, asking just how much they value (in financial/salary terms) having unrestricted internet access and a relaxed policy about its use. That would really give companies an idea of how much their attitudes are or are not costing them.
What, like a Senior Design Apologist would have time to give this sort of interview? They're way too busy working on the new Zune project.
Its a perk if they allow these things, but i dont think they should be expected
I think you're actually agreeing with the Microsoft person here. That's exactly what they're saying.
Open internet access is a perk, and it's one that young employees value. So if you want to recruit and retain people, it's something that as an employer, you should consider. Someone might be willing to work for $35k a year at a place with unrestricted internet, but wouldn't touch a locked-off place for less than $40k. (I'm pulling those numbers out of my ass, admittedly, but you see my point I hope.)
I know people who work in informationally secure environments, and they get paid more than I do. But they need to be, because I wouldn't work there without being paid a lot extra -- I value having access to GMail, being able to keep my cellphone on me, being able to read Slashdot during slow periods, etc. Although I find it distracting and don't do it, other people even keep AIM running from work, to talk to their spouses/kids/whatevers at home, and this isn't a problem.
If I was considering a move to a workplace like theirs, where the computers are totally firewalled and nobody has install rights on them, I wouldn't do it unless there was a substantial increase in some other form of compensation, to offset the loss of these niceities.
That's all anyone is saying; you don't have to provide your workers with Internet access, but a growing number of young, educated people expect it, and probably won't take kindly to not having it around. If you want to compete, you'll either give people what they want, or you'll make it up in some other way (probably with pay).
If your computer is vulnerable to malware just from browsing a website, then you should get a more secure computer. Seems to me that's indicative of a larger problem you have, which is using vulnerable systems and not segregating or firewalling them.
OK, so I admit I'm taking a jab at Windows here, but Windows doesn't necessarily imply that you need to lock off the internet or you're going to get hosed by malware: I work in a Windows shop and we have open internet access, and we're not totally compromised. Granted I think the extra work to secure all those Windows machines is more than they're worth, but that's a decision that's way above my pay grade.
There's no reason to just take on premise that your systems should be so insecure as to let casual browsing totally compromise them.
I've worked in a bunch of big offices, and none of them have ever blocked long-distance calls. It's just too much of a pain; you never know when someone might need to make a business call that's long-distance, and with globalization, even international calls aren't that uncommon. Only a very regional business would be able to do with only local telephone access.
Plus, telephone time is cheap. A reasonably sized PBX isn't paying for long-distance service in the same way you are at home, they're just buying the connection in bulk and probably not paying much extra whether the call goes down the street or to Kalamazoo. This is doubly true if it's a VOIP system; the most expensive part is probably giving each employee an incoming POTS number, not allowing them to make outside calls.
Any large company that's paying for its long-distance service by the line-minute really needs to rethink their telecom expenses, because they're getting shafted.
I'm not talking about a known-plaintext attack on the cipher itself. (Although if you knew that the input into the second (the "outer") cipher contained headers, you could use this as part of a known-plaintext attack, but that's not what I was discussing.)
Rather I was just saying that if you have file headers on the intermediate file, then it becomes quite easy to figure out when you've brute-forced the outer layer of encryption. Without these headers, it's much harder to tell when you've gotten the correct key to the outer layer, and are looking at the ciphertext of the second layer, instead of random garbage.
In the worst-case scenario, you would have to try every possible key of the first layer of encryption, and then try every key of the second (inner) layer of encryption against every possible result from the first. This would double the effective keyspace of the system, to 128 bits (assuming two 64-bit ciphers).
In the best-case, you will know immediately when you see the file headers when the outer layer of encryption is broken, so you'll only have to exhaust that 64-bit keyspace, and then do it again on the inner layer. This yields a "65-bit" equivalence.
The attack is brute-force keyspace exhaustion either way; my comment said nothing about any strength or weakness of the cryptographic algorithm. In fact it rather assumed that a known-plaintext attack wouldn't work, because if it did, then you probably wouldn't have to do through keyspace exhaustion.
Hope this makes things clearer.
I agree. The driving tests in most places in the U.S., at least in any places where I've lived, are a complete joke.
And I second the notion that being able to pass a driver's test certainly didn't mean that I really had any clue how to operate a car. The problem is not one of competence: there is no reason why someone who is 15 or 16 years old cannot operate an automobile -- it's really not that hard, but the requirements for doing so are so lax, that it's no wonder we have a ton of really shitty drivers on the roads.
Quite frankly, if people wanted to really make our roads safer, they would make the driving tests tougher; require driving under simulated less-than-ideal conditions and in accident/panic scenarios. It doesn't make any sense to make people drive down a road at 25 MPH, turn around, park, and drive back, and then say that they're qualified to pilot a 6,000-pound SUV at 75 MPH in the driving rain or snow, at night, on an interstate highway. It's madness.
A true test of driving ability ought to require that you test in the type of car you want to drive (and taking a test in a Geo Metro does not make you qualified to drive a Ford Expedition), and that you demonstrate how to maneuver the car through panic stops, emergency lane-changes, and on reduced-traction surfaces. Many accidents that occur today would be avoidable with better driver education and training, we just don't do it.
Also, periodic retesting seems to me to be a no-brainer. We know that people become less safe on the road as they age, and although I respect elderly people's desire for independence, they have no right to drive beyond the point where they are physically and mentally competent to do so. Having a drivers license last 5 or 10 years would do a lot to make sure that people (all people, not just elderly drivers) don't just forget how to properly drive once they become licensed, and it would also be a vehicle for updating techniques and encouraging retraining. Most skilled professions require this, and driving a motor vehicle shouldn't be an exception.
Young drivers take a lot of blame (much of it deserving) but unfortunately, we as a society let them on the road not when they actually know how to drive, but when they're just competent enough to not be an overwhelming hazard to others, in the hope that they'll be able to actually learn how to drive on their own. Replacing this system with a comprehensive driver-education regime would dramatically improve the safety of our roads.
Can you point to a time in recent computer history where "NOW" wasn't the best time to purchase a new rig?
Say it with me now: Itanium.
I think a big part of that comes down to the file headers and how you actually implement the cryptographic algorithms into a system.
If you take a plaintext file and encrypt it into a file which has headers ("BEGIN ENCRYPTED CONTENT---"), and then encrypt the result again, assuming the attacker knows how you did it and that the intermediate file has plaintext headers, then they'll know the moment they broke the first 64-bit encryption layer. So in this example, you're basically at 65 bits.
Now if you don't include any headers, so that there's no terribly good way to determine whether you've gotten the right key or not, as you're brute-forcing the first layer, then I think you're right -- the strength of the overall system is somewhere in a grey area between 65 and 128 bits.
If someone was just thinking that they could use a file-encryption utility twice (which produces output files that have plaintext headers) and double the keyspace, they are dead wrong.
Women. Cheap. Open.
Pick any two.
Joke all you want, but one of the things that people get coached on when preparing for depositions is how to say a lot of stuff without really saying anything.
However, four hours can stretch into a pretty long time when it's just a bunch of people sitting there asking you questions; I don't think you can really take up quite that much time by filibustering.
The real problem with an open deposition like this, as opposed to one where the topics or even questions are set out beforehand, is that it's a lot harder to prepare the witness for one; SCO's lawyers' goal is probably just to get him to slip up and say something that they can use to further delay proceedings. If the guy's not careful, it could definitely happen.
(Shrug) ... I work in consulting. It's very much like I described. Promotions and bonuses are based on your time billed out to clients, so there's a direct tradeoff between how much vacation you take and how much of a raise you don't get. There also tends to be a lot of very aggressive careerism. I don't think people are so competitive that they're actively undermining each other (at least, where I work, YMMV and all that) but there's definitely an understanding that if you want to be in the top 10% (which is where 50+% of bonuses go), then you have to bill more than the other 90. It all depends: do you want an extra few thousand bucks at the end of the year, or do you want to take a vacation? You can have the latter and still have a job indefinitely, so there's no risk of termination (unless you drop below 40 hrs/week by 50 weeks, obviously), it's all about advancement and bonus pay.
I'm not going to name names, because I've worked at enough consultancies to know this is commonplace. It's also prevalent, I'm told, at big law firms when you're low on the totem pole (associates, junior partners, etc.). Probably also goes for just about any place where the number of hours you work feeds into a metric that determines compensation or promotability. (Not to mention jobs where people are actually paid by the hour, where the connection is more obvious.)
Part of the disconnect between the workplace you see, and the one I see, might have to do with the average age of the employees. People who are young, just beginning careers, and who lack any direct family obligations probably put a substantially lower value on vacation time than someone with a husband/wife and a couple of kids, and who is looking more for stability than for quick advancement, does.
Jobs like the ones I'm describing in general probably have a high degree of self-selection involved also; people looking for stability and 40-hour workweeks just don't do them.