Without the ocmplete source and toolchain, you canot verify anything definitively.
Who placed that restriction on the toolchain? You did. If a company cannot provide what the government needs to audit the software, then it will lose a potentially huge government contract.
"Many eyes" is not necessarly better (or trust orthy). You also assume that the OSS project is large enough to be under such public scrutiny. But on to the next point:
So what happens when the customer wants the code reviewed, but each reviewer has to be approved by the code manufacturer?
The more difficult that they make the process, the more of a chance that they have of losing a potential client the size of a government agency.
OSS is no easier to validate than a proprietary application to which the source is available.
And most NDAs contain clauses preventing you from releasing anything you find that would be detrimental to the company - for example, any statement that would intimate there is a security hole.
How is that a problem? And anyways, an NDA wouldn't do them well if they are attempting espionage.:)
If its "shared privately", how can you know that the people who are supposed to vet it have done a proper job, that they kow what they're talking about instead of blowing smoke out their asses?
That problem is not solved by using OSS rather than (shared source) proprietary applications. The auditor of OSS can be just as braindead as the auditor of the (shared source) proprietary applications.
We've seen too many examples of "consultants" who do exactly that - Laura Didio (Didiot) being a prime example, claiming to have seen the source code, etc., and it turns out she hasn't got a clue.
Once again, that is not solved by using OSS.
Then there's a problem with stuff that seemed secure at the time, but that, with advances in understanding, turns out to be insecure. So you would hav to do continuous audits on already-reviewed code.
Yes, you would. You would on both OSS and (shared source) proprietary software.
The only trustworthy process is one that can be verified - in other words, open.
The license isn't the issue here, it's the available of the code to the customers. The code can be available without being OSS.
Audioscrobbler is a computer system that builds up a detailed profile of your musical taste. After installing an Audioscrobbler Plugin, your computer sends the name of every song you play to the Audioscrobbler Server. With this information, the Audioscrobbler server builds you a 'Musical Profile'. Statistics from your Musical Profile are shown on your Audioscrobbler User Page, available for everyone to view.
Actually XBOX can only accept up to a 120 gb drive. Also, one major thing keeping this from being a great HTPC is the fact that there is no video input.
Slashdot Mirror
Eternal Sunshine of the Spotless Mind, Garden State, The Life Aquatic, The Incredibles.
There are just as many examples of original flicks to counter the remakes. As always, you choose what you watch.
Clinton replaced Warren Christopher with Madeleine Albright.
There are other GPL viewers and drawers available such as TundraDraw (available on sf for linux and windows) and PabloDraw (Windows-only)
You might want to check out Sager.
Be warned though, these are more like "portable desktops" than laptops. These machines are HEAVY and don't have much of a batery life.
Without the ocmplete source and toolchain, you canot verify anything definitively.
Who placed that restriction on the toolchain? You did.
If a company cannot provide what the government needs to audit the software, then it will lose a potentially huge government contract.
"Many eyes" is not necessarly better (or trust orthy). You also assume that the OSS project is large enough to be under such public scrutiny.
But on to the next point:
So what happens when the customer wants the code reviewed, but each reviewer has to be approved by the code manufacturer?
The more difficult that they make the process, the more of a chance that they have of losing a potential client the size of a government agency.
OSS is no easier to validate than a proprietary application to which the source is available.
Gvernments should not use ANY software without a proper security audit. Case closed.
I agree completely.
Not exactly a process that scales well.
:)
:)
Everything scales well to a government budget.
And most NDAs contain clauses preventing you from releasing anything you find that would be detrimental to the company - for example, any statement that would intimate there is a security hole.
How is that a problem?
And anyways, an NDA wouldn't do them well if they are attempting espionage.
Are you saying OS == operating system or OS == Open Source.
I intended it to mean "Open Source," but I believe that proprietary software software should be audited by governments before used, as well.
Without everything (full source, toolchain, build scripts and flags) you cannot verify that you even hae the right source.
The application does not have to be available under an OSS license to have the full source available.
If its "shared privately", how can you know that the people who are supposed to vet it have done a proper job, that they kow what they're talking about instead of blowing smoke out their asses?
That problem is not solved by using OSS rather than (shared source) proprietary applications. The auditor of OSS can be just as braindead as the auditor of the (shared source) proprietary applications.
We've seen too many examples of "consultants" who do exactly that - Laura Didio (Didiot) being a prime example, claiming to have seen the source code, etc., and it turns out she hasn't got a clue.
Once again, that is not solved by using OSS.
Then there's a problem with stuff that seemed secure at the time, but that, with advances in understanding, turns out to be insecure. So you would hav to do continuous audits on already-reviewed code.
Yes, you would. You would on both OSS and (shared source) proprietary software.
The only trustworthy process is one that can be verified - in other words, open.
The license isn't the issue here, it's the available of the code to the customers. The code can be available without being OSS.
That was the original point that I was alluding to, but source doesn't have to be "Open" to be shared privately.
Governments should not use OS without a proper security audit. Once you can verify the nature of the code, there should be no obstruction to using it.
Offer? Not as far as I know...
Support? Yes.
HDTV is broadcast at 20mbit, give or take
But when Quake 3 came out i could run it on a P233 (with MMX!), voodoo 2 12meg and 128MB ram. iD engines scale all the way.
:)
I ran Quake 3 fine on a K6-2 300MHz with 64MB of RAM and a 4MB nVidia Riva 128.
Your words are very true.
The audioscrobbler database is available under a creative commons license.
http://www.audioscrobbler.com
Audioscrobbler is a computer system that builds up a detailed profile of your musical taste. After installing an Audioscrobbler Plugin, your computer sends the name of every song you play to the Audioscrobbler Server. With this information, the Audioscrobbler server builds you a 'Musical Profile'. Statistics from your Musical Profile are shown on your Audioscrobbler User Page, available for everyone to view.
there have been windows solutions long before that card was available.
In OS X, when you grab something that is ejectable, then the trash can changed into an eject button.
Nights into Dreams!
Single-handedly sold the saturn to me.
Oops.. I should have specified that I was referring to the PC version.
What are the reccomended (or required) system specs for this setup?
Actually XBOX can only accept up to a 120 gb drive.
Also, one major thing keeping this from being a great HTPC is the fact that there is no video input.
That's all speculation.
I'd be more interested in the specs of those machines rather than the number of machines. Wonder if that will ever be revealed. :)