I was unaware of SE-Linux, and I am happy that it can do all this cool stuff just like I described and more.
Maybe expirable assets* should be better tracked within companies to prevent expiration issues. In fact I'd think they should be a core feature of any asset tracking package, along with alarms, warnings and emails regarding the assets that are about to pass to the other side.
I do agree that a manual override is important, something that can be applied if and only if it is required.
If a user can't run Trillian on their work computer, they can try to bypass it, but they won't be able to. This is different from enforced password security, where the bypass is a small yellow square of sticky paper.
I don't think you get who I am defining as a user in this case.
Not you. Not me.
I'm talking about your average office person that uses Word, Excel, Powerpoint, maybe a couple of other applications. The people that can barely operate a computer beyond what their job entails. People that are the number one cause of the propogation of worms and viruses and spyware because they click Yes on everything that pops up, because it is a computer, and computers are giant brains that know everything. Okay, I exaggerate, but you must get my point?
Mac OS X has Automator. Let them use something like that to automate tasks.
You are a big proponent of sticking all the security at one location, however I believe that security should be everywhere.
You can bypass the noexec mount option by running ldlinux.so directly with the application name.
Load in application and calculate MD5 - not much slower than loading in the application on its own.
Check the details against a database in memory of approved applications - can't that that long now can it, in comparison with the comparitively vast loading time.
Yes, such a system would be 'horrible to use' if it was your home computer. But I'm talking about a computer provided by a workplace. Bad luck if you can't receive kewl screensavers over IM from lollerkockles696969^^^^ who you've never had any previous with.
Usability - this depends on your definition. A system is perfectly usable if it allows the employee to do their work without allowing them to have a bout of stupidity. Would I want this at home? of course not, it is my computer!
However I did read that some Windows applications still require administrator priveleges to run. All your hard configuration work down the drain when your boss tells you that FooSprockets v3 is a necessary program. I suppose you could serve these applications from a secure box via a remote GUI system however.
I was only using MD5 as an example. You could require that software can only be installed if it is signed by, e.g., your company's IT department. You can limit executable applications to only run out of a few approved locations, regardless of executable flag status. You can then catalogue these applications and ensure that these, and only these applications are ever loaded, and that they are the original versions, etc.
The point is that the user cannot be given something like the pointless SSL certificate browser warnings that allow a user to click "I don't care, let me in anyway". Default Deny, not Default No.
Add that to decent user and group management, acls and so on, and you've got another layer of security. Even if an attacker got access they couldn't install and run keyloggers or so on - they could use nano to edit a website page maybe, but then again, on the production website server maybe you should only have the applications necessary to run the website, everything else can be root only (for running vi or nano to edit httpd.conf, etc). This will become an even more popular setup when virtualisation becomes popular - lets get it done right now!
Now I'm only skimming over the idea, and there are probably issues, but in the end you can let users burn themselves at home, and at least try to keep the corporate network safe from user dumbness.
Whilst I agree that his 'write perfect code' is a bit far reaching, he did point out that decent design beforehand can save a lot of time down the road. Yes, this should be common software engineering methodology, but I'm sure we all know of times when there's a deadline, the boss is angsty and you've got to get something working to keep your job, and a decent design document isn't what he wants to see.
If we limit the issue down to a corporate network, then refusing to run that infested screensaver because it isn't on the list of {Word, Excel, Outlook, Powerpoint,...} would probably save an awful lot of hassle in the long run - well, apart from trojans, so you'd probably have to only execute applications with certain hashes rather than names. If the corporate IT infrastructure was well designed (hah!) at all levels then there would be far fewer issues. On the other hand, take Microsoft software - you need to run it in your corporation, yet you have no control over it.
I bet someone could come up with a Linux distribution that had a database of 'approved' applications (e.g., application name, application path, application MD5) - basically all applications that come on the install - and had a modified kernel that checked that database whenever starting a new process. Hell, it'd make an interesting programming project. In fact, this is something that I would see something like OpenBSD implementing first. You'd also have to do the same for library files of course, and scripts would be an interesting problem - you can run bash or perl for example, but if the script then does unlink on your filesystem because it is bad... you could limit it to only allowing the scripting language to access approved script files (yet another database, and each scripting language would need modification to use this database). As an alternative, possibly the filesystem itself could manage the entire scheme - you can't run something the filesystem refuses to load!
Of course, in the end with these more positive methods is that it still only takes one bad thing to get past the plethora of security systems you've set up.
I'll be migrating my 8 year old Marantz amplifer to the computer room soon (it is being replaced by a Cambridge Audio setup, my current CD player is skipping so I'm getting a 640C to replace it, and I'm now too aesthetically minded and need a matching amp!), so I may soon be getting rid of the cheapy speaker system I'm using currently. I'll probably migrate my equally old Mission 731s up a couple of months later. Considering that these two can still do pretty damn well at 25% volume on the amp downstairs, they should be fine upstairs, hehe.
Good points. Of course a deep shelf would keep the components out of the way of the desk, and maybe the speakers could be wall-mounted.
It's just that soon I'll be getting a new setup for my main hifi (Cambridge Audio 640C and 640A), so an older Marantz amp and (sometimes skippy) Technics CD player will be free for this type of application. I might simply relocate them to the room-that-contains-computers.
I think I once heard that they simply multiplied the actual Watt ratings for the speakers by the number of speakers. So a pair of 10W computer speakers would be 10W * 10W * 2 = 200 MarketingWatts!
I saw these from a brief Google search: "According how audio industry seems to use the term PMPO (peak music power output), in can be anything from 5 to 100 watts of PMPO that equals one real RMS watt." and "The vendor of the product calculates PMPO based on the maximum power output of the device under perfect conditions and 100% efficiency. These conditions are impossible to obtain, and no device can sustain the PMPO power for any significant length of time without being ruined. The PMPO power relies on the fact that amplifiers can provide short bursts of very high power. Over time, these short bursts when averaged with the lower output powers, gives the real value."
I have heard a lot less of PMPO in the UK in recent years, maybe they were banned from using it because it is purely a marketing term that has no grounding in reality.
As an aside, would most computer users be better off getting a real amplifier and real speakers and using them for 10 years rather than dealing with shitty PC speakers? I'm not talking audiophile stuff here, just stuff that you can pick up for a reasonable price. For gaming you'd probably want a decent surround system of course, but most other users?
Not that fast sadly, they're not RAM. I think you'd get more bandwidth out of a 0.85" hard drive!
However the latency should be lower than a hard drive.
Sorry, I don't have any concrete figures. I do remember reading recently that an SD card maker had released a card that was 20x faster than other cards in its class, and was capable of reading at something like 50MB/s now.
Which boots into several virtualised operating systems - one Linux, one FreeBSD, one Mac OS X, and one of these shrunken Windows XPs...
Do your graphics work in Mac OS X, copy it across to the Windows machine to do whatever Windows does well, then upload it to the web server test platform on the Linux partition, which accesses the database you've set up on the FreeBSD part. hehe
Just use it for a year and you'll get your own white Das Keyboard, with the benefit that less used keys will have markings on. The best of both worlds! That's Apple for you:p
Sounds like this backpack is trying to devolve us back into knuckle-dragging apes, albeit apes with GPS navigation, night vision and personal data management capabilities.
an MP3 player, a PDA, night vision goggles, a handheld GPS, a CMOS image decoder, a GSM terminal in talk mode, and Bluetooth.
So... a Motorola A1000 then, apart from the night vision goggles?
and what is a CMOS image decoder? Do they mean a digital camera or camcorder?! Given that they say 'GSM Terminal In Talk Mode' rather than 'Cell Phone' I guess it is...
Wish I had the time to spend all that time playing games.
But instead I have to go and earn money, socialise in the real world, keep the house 'girl friendly', sleep... I'm lucky if I get a couple of hours of gaming time a week, and by that time all I want to play is something extremely violent and gory. If I get too engrossed in a game I risk not getting enough sleep or getting into work late, which isn't good. I hardly ever watch TV, or have the time to read either. I do spend too much time online though, that's my vice I suppose.
I don't give a toss about the graphical style, it isn't as if Link's Awakening was the pinnacle of realism is it? In fact I liked the style, I found it more interesting than Yet Another Realistically Rendered Game (YARRG). I didn't think the graphics were childish. I thought the game was a cheerful, happy game, it made me feel happier playing it. If it had been totally gritty and realistic then it would have been much more depressing.
As a side note, I really didn't ever get into Ocarina Of Time. I tried, but I think it was let down by having the confines of the N64 to work within. It tried to be realistic when the hardware couldn't let it be. I don't think the Gamecube can do it (although it will be better), and I'd even go as far as to say that the next generation consoles will have difficulty imparting good realism. Humans are very good at detecting when real-looking things aren't real, and that gets in the way of actually enjoying the game.
I wonder how many of these moaners also watch Anime or Hentai without issue?
Yeah, but at least you aren't paying 5p a go to get shit from these companies.
Ladbrokes kept texting me, the cunts. I never even told them they could, I haven't even had any dealings with them in the past. Hence, I will never be using Ladbrokes if I ever place a bet in my life.
Even simpler, just make messages (of any sort - SMS, MMS) sender-pays-all.
Many home phones are getting this functionality as well, so even in the UK (Mobile numbers start 07) you can't guarantee in the long run that you will be messaging a mobile or a phone number, although when you are it will be obvious!
That way you can still have your mobile number smushed into the rest of the nation's telephone number scheme, without paying however much to receive spam texts, and sharing the cost of telephone calls.
In addition he did say he would bury the person at Google.
I think that just maybe the police should get involved. Death threats should be taken seriously, and doubly so by people that are obviously not on an even keel.
I think society needs protecting from potential killers like Ballmer.
Good points. A truly open document format that is documented will have a much longer lifespan than a proprietary format that is constantly altered and modified (partially to hinder attempts at compatability).
Of course, I would categorise.txt,.rtf and.html as open formats, but not ideal matches for documents per se, as they lack essential stuff.
I suppose I'd be more likely to read a document that is nicely laid out than something a bit plain as well. So looks are important too.
Windows: Adobe Acrobat Apple: Preview, Adobe Acrobat, X11 (Basically everything else): xpdf and myriad other applications AmigaOS: apdf
The big news isn't that it is PDF however, but that it will be also be OpenOffice.org's file format (presumably the 1.2 OpenDocument format, to be specific). PDF will allow slower migrations for some departments that don't want to jump onto OO.o so soon. Nice that OO.o just happens to support PDF output too.
Slashdot Mirror
I was unaware of SE-Linux, and I am happy that it can do all this cool stuff just like I described and more.
Maybe expirable assets* should be better tracked within companies to prevent expiration issues. In fact I'd think they should be a core feature of any asset tracking package, along with alarms, warnings and emails regarding the assets that are about to pass to the other side.
I do agree that a manual override is important, something that can be applied if and only if it is required.
If a user can't run Trillian on their work computer, they can try to bypass it, but they won't be able to. This is different from enforced password security, where the bypass is a small yellow square of sticky paper.
* domains, certificates, and so on
I don't think you get who I am defining as a user in this case.
Not you. Not me.
I'm talking about your average office person that uses Word, Excel, Powerpoint, maybe a couple of other applications. The people that can barely operate a computer beyond what their job entails. People that are the number one cause of the propogation of worms and viruses and spyware because they click Yes on everything that pops up, because it is a computer, and computers are giant brains that know everything. Okay, I exaggerate, but you must get my point?
Mac OS X has Automator. Let them use something like that to automate tasks.
You are a big proponent of sticking all the security at one location, however I believe that security should be everywhere.
You can bypass the noexec mount option by running ldlinux.so directly with the application name.
Load in application and calculate MD5 - not much slower than loading in the application on its own.
Check the details against a database in memory of approved applications - can't that that long now can it, in comparison with the comparitively vast loading time.
Yes, such a system would be 'horrible to use' if it was your home computer. But I'm talking about a computer provided by a workplace. Bad luck if you can't receive kewl screensavers over IM from lollerkockles696969^^^^ who you've never had any previous with.
Usability - this depends on your definition. A system is perfectly usable if it allows the employee to do their work without allowing them to have a bout of stupidity. Would I want this at home? of course not, it is my computer!
However I did read that some Windows applications still require administrator priveleges to run. All your hard configuration work down the drain when your boss tells you that FooSprockets v3 is a necessary program. I suppose you could serve these applications from a secure box via a remote GUI system however.
I was only using MD5 as an example. You could require that software can only be installed if it is signed by, e.g., your company's IT department. You can limit executable applications to only run out of a few approved locations, regardless of executable flag status. You can then catalogue these applications and ensure that these, and only these applications are ever loaded, and that they are the original versions, etc.
The point is that the user cannot be given something like the pointless SSL certificate browser warnings that allow a user to click "I don't care, let me in anyway". Default Deny, not Default No.
Add that to decent user and group management, acls and so on, and you've got another layer of security. Even if an attacker got access they couldn't install and run keyloggers or so on - they could use nano to edit a website page maybe, but then again, on the production website server maybe you should only have the applications necessary to run the website, everything else can be root only (for running vi or nano to edit httpd.conf, etc). This will become an even more popular setup when virtualisation becomes popular - lets get it done right now!
Now I'm only skimming over the idea, and there are probably issues, but in the end you can let users burn themselves at home, and at least try to keep the corporate network safe from user dumbness.
Well that's cool. Maybe more system administrators need to be 'educated' about using this facility on their networks then?
Whilst I agree that his 'write perfect code' is a bit far reaching, he did point out that decent design beforehand can save a lot of time down the road. Yes, this should be common software engineering methodology, but I'm sure we all know of times when there's a deadline, the boss is angsty and you've got to get something working to keep your job, and a decent design document isn't what he wants to see.
...} would probably save an awful lot of hassle in the long run - well, apart from trojans, so you'd probably have to only execute applications with certain hashes rather than names. If the corporate IT infrastructure was well designed (hah!) at all levels then there would be far fewer issues. On the other hand, take Microsoft software - you need to run it in your corporation, yet you have no control over it.
If we limit the issue down to a corporate network, then refusing to run that infested screensaver because it isn't on the list of {Word, Excel, Outlook, Powerpoint,
I bet someone could come up with a Linux distribution that had a database of 'approved' applications (e.g., application name, application path, application MD5) - basically all applications that come on the install - and had a modified kernel that checked that database whenever starting a new process. Hell, it'd make an interesting programming project. In fact, this is something that I would see something like OpenBSD implementing first. You'd also have to do the same for library files of course, and scripts would be an interesting problem - you can run bash or perl for example, but if the script then does unlink on your filesystem because it is bad... you could limit it to only allowing the scripting language to access approved script files (yet another database, and each scripting language would need modification to use this database). As an alternative, possibly the filesystem itself could manage the entire scheme - you can't run something the filesystem refuses to load!
Of course, in the end with these more positive methods is that it still only takes one bad thing to get past the plethora of security systems you've set up.
I'll be migrating my 8 year old Marantz amplifer to the computer room soon (it is being replaced by a Cambridge Audio setup, my current CD player is skipping so I'm getting a 640C to replace it, and I'm now too aesthetically minded and need a matching amp!), so I may soon be getting rid of the cheapy speaker system I'm using currently. I'll probably migrate my equally old Mission 731s up a couple of months later. Considering that these two can still do pretty damn well at 25% volume on the amp downstairs, they should be fine upstairs, hehe.
Good points. Of course a deep shelf would keep the components out of the way of the desk, and maybe the speakers could be wall-mounted.
It's just that soon I'll be getting a new setup for my main hifi (Cambridge Audio 640C and 640A), so an older Marantz amp and (sometimes skippy) Technics CD player will be free for this type of application. I might simply relocate them to the room-that-contains-computers.
I think I once heard that they simply multiplied the actual Watt ratings for the speakers by the number of speakers. So a pair of 10W computer speakers would be 10W * 10W * 2 = 200 MarketingWatts!
I saw these from a brief Google search: "According how audio industry seems to use the term PMPO (peak music power output), in can be anything from 5 to 100 watts of PMPO that equals one real RMS watt." and "The vendor of the product calculates PMPO based on the maximum power output of the device under perfect conditions and 100% efficiency. These conditions are impossible to obtain, and no device can sustain the PMPO power for any significant length of time without being ruined. The PMPO power relies on the fact that amplifiers can provide short bursts of very high power. Over time, these short bursts when averaged with the lower output powers, gives the real value."
I have heard a lot less of PMPO in the UK in recent years, maybe they were banned from using it because it is purely a marketing term that has no grounding in reality.
As an aside, would most computer users be better off getting a real amplifier and real speakers and using them for 10 years rather than dealing with shitty PC speakers? I'm not talking audiophile stuff here, just stuff that you can pick up for a reasonable price. For gaming you'd probably want a decent surround system of course, but most other users?
Not that fast sadly, they're not RAM. I think you'd get more bandwidth out of a 0.85" hard drive!
However the latency should be lower than a hard drive.
Sorry, I don't have any concrete figures. I do remember reading recently that an SD card maker had released a card that was 20x faster than other cards in its class, and was capable of reading at something like 50MB/s now.
Which boots into several virtualised operating systems - one Linux, one FreeBSD, one Mac OS X, and one of these shrunken Windows XPs...
Do your graphics work in Mac OS X, copy it across to the Windows machine to do whatever Windows does well, then upload it to the web server test platform on the Linux partition, which accesses the database you've set up on the FreeBSD part. hehe
Considering the above post that the core OS was not really advanced over the past few years, only the interface, that makes a lot of sense to me.
Just use it for a year and you'll get your own white Das Keyboard, with the benefit that less used keys will have markings on. The best of both worlds! That's Apple for you :p
Sounds like this backpack is trying to devolve us back into knuckle-dragging apes, albeit apes with GPS navigation, night vision and personal data management capabilities.
an MP3 player, a PDA, night vision goggles, a handheld GPS, a CMOS image decoder, a GSM terminal in talk mode, and Bluetooth.
... a Motorola A1000 then, apart from the night vision goggles?
So
and what is a CMOS image decoder? Do they mean a digital camera or camcorder?! Given that they say 'GSM Terminal In Talk Mode' rather than 'Cell Phone' I guess it is...
Wish I had the time to spend all that time playing games.
... I'm lucky if I get a couple of hours of gaming time a week, and by that time all I want to play is something extremely violent and gory. If I get too engrossed in a game I risk not getting enough sleep or getting into work late, which isn't good. I hardly ever watch TV, or have the time to read either. I do spend too much time online though, that's my vice I suppose.
But instead I have to go and earn money, socialise in the real world, keep the house 'girl friendly', sleep
Wind Waker is my favourite [single player game].
I don't give a toss about the graphical style, it isn't as if Link's Awakening was the pinnacle of realism is it? In fact I liked the style, I found it more interesting than Yet Another Realistically Rendered Game (YARRG). I didn't think the graphics were childish. I thought the game was a cheerful, happy game, it made me feel happier playing it. If it had been totally gritty and realistic then it would have been much more depressing.
As a side note, I really didn't ever get into Ocarina Of Time. I tried, but I think it was let down by having the confines of the N64 to work within. It tried to be realistic when the hardware couldn't let it be. I don't think the Gamecube can do it (although it will be better), and I'd even go as far as to say that the next generation consoles will have difficulty imparting good realism. Humans are very good at detecting when real-looking things aren't real, and that gets in the way of actually enjoying the game.
I wonder how many of these moaners also watch Anime or Hentai without issue?
Yeah, but at least you aren't paying 5p a go to get shit from these companies.
Ladbrokes kept texting me, the cunts. I never even told them they could, I haven't even had any dealings with them in the past. Hence, I will never be using Ladbrokes if I ever place a bet in my life.
Even simpler, just make messages (of any sort - SMS, MMS) sender-pays-all.
Many home phones are getting this functionality as well, so even in the UK (Mobile numbers start 07) you can't guarantee in the long run that you will be messaging a mobile or a phone number, although when you are it will be obvious!
That way you can still have your mobile number smushed into the rest of the nation's telephone number scheme, without paying however much to receive spam texts, and sharing the cost of telephone calls.
Does this count as a death threat?
In addition he did say he would bury the person at Google.
I think that just maybe the police should get involved. Death threats should be taken seriously, and doubly so by people that are obviously not on an even keel.
I think society needs protecting from potential killers like Ballmer.
(yes, this isn't meant in a totally serious way!)
Different from Shrub! :)
:p
But yes, err, maybe it was a bit of a troll.
Good points. A truly open document format that is documented will have a much longer lifespan than a proprietary format that is constantly altered and modified (partially to hinder attempts at compatability).
.txt, .rtf and .html as open formats, but not ideal matches for documents per se, as they lack essential stuff.
Of course, I would categorise
I suppose I'd be more likely to read a document that is nicely laid out than something a bit plain as well. So looks are important too.
Quite possibly the government doesn't want you editing their stuff!
.doc stops me viewing it?
PDF is really quick for me however. Then again, I'm on a Mac. I don't have Office, and therefore Word would be an absolutely terrible choice for me.
Notice how PDF is a minor irritant for you but will still work, whereas
OOo can read Word documents with a varying degree of success. It'll be interesting to see how 1.2's support has progressed.
In terms of platform support it is!
Windows: Adobe Acrobat
Apple: Preview, Adobe Acrobat,
X11 (Basically everything else): xpdf and myriad other applications
AmigaOS: apdf
The big news isn't that it is PDF however, but that it will be also be OpenOffice.org's file format (presumably the 1.2 OpenDocument format, to be specific). PDF will allow slower migrations for some departments that don't want to jump onto OO.o so soon. Nice that OO.o just happens to support PDF output too.
Maybe if the documents were better designed structurally, things like "Export to text" and "Export to HTML" would be enough.
...
Of course, HTML Export is not exactly Word's crowning achievement