Google could do this. Using IBM's algorithms which were on Slashdot recently, it might even be possible to keep everything encrypted on the server and only decrypt on the client so the data is safe even if the server is compromised. (Note: That was an article about a new and experimental cryptographic algorithm which may not be ready for serious use yet.)
There is a problem: Google wants to show ads and encrypted data gives them no clues about what ads to show. If there is really a market for it, then maybe they should develop a paid version with encryption that a business could trust. Another possibility would be a Google Docs appliance to be put behind the company's VPN. (Or does that already exist?)
The SQLite paid options include some extra features and support ("expedited bug fixes and fast, authoritative answers to common SQLite programming questions"). They do give you something for your money.
OOo is written mainly in C++. The Java controversy was a result of some features being implemented in Java, but those have worked with GCJ/GNU Classpath since 2005 (around that time, specific effort was made to make sure OOo would work with free Java implementation), which made the Java use in OOo a non-issue.
OpenOffice.org is not a great piece of software. It just happens to not be Java's fault in this instance.
From the description, it sounds similar to the Kademlia protocol used by the Kad network (basically serverless ed2k) and the BitTorrent DHT (distributed tracker / trackerless torrent support).
As details on Skype's protocol are sparse, it would likely be difficult to compare the features of the two protocols.
Gnash is not terribly compatible with Flash last I checked. They are working on it. Admittedly, I have not taken a close look at it in a while. Maybe I will install it again and see if it works well enough now for me to go without Adobe's Flash implementation.
Yes, the N810 is a horrible example of a good media player. I recently more or less gave on on trying to get mine to play media files straight as far too often it would have frame rates best quantified in seconds per frame instead of frames per second. I now run videos through tablet-encode first, which, even on its highest quality setting, sets the resolution of its output to 400x240 (for the N810's 800x480 screen) -- which actually ends up looking fine, but maybe I am just not that picky about video quality.
Given how underpowered the N810 is as a media player -- especially since that is apparently partly due to some bad design decisions on some on the internal interconnects -- and that it is still able to play YouTube videos, any new device using more recent ARM chips that made any attempt to play videos should have no trouble displaying Flash videos full screen.
It can't be fixed in software? What do you suggest as an alternative? Hardware? Magic? Hardware security can have bugs, too -- and I am not really sure what hardware security has to do with the types of bugs AppArmor is designed to protect against. Anyway, it seems silly to think of hardware as fundamentally different from software. Both express complicated logic, which can easily have mistakes unless the author is very careful.
Yes, AppArmor and SELinux do nothing if your code has no exploitable bugs. Unfortunately, code occasionally does have exploitable bugs, so it makes sense to have extra layers like the IE8 sandbox to limit the damage exploits can do.
Agreed. As Google has complained about on the topic of browser sandboxing, Linux is a bit behind in protecting programs from their own exploits. On the other hand, the Ubuntu project is actively working on using AppArmor more, which can greatly limit the damage an exploited program can do by listing which files and directories each program is allowed to read/write/execute.
Flash is pretty inefficient, but it does run (admittedly not great) on the N810 which has a 400MHz ARM processor, which is a generation behind the Cortex A8s, so a Cortex A8 should have no real trouble with Flash.
I hope some non-Adobe Flash implementation is ready for real use soon as the only possible reason for Flash to be as slow as it is is that Adobe must not care at all about its speed.
If they are worried about the idea of tracking visitors (which seems reasonable), then why don't they just store the user's preferences directly in the cookies? The idea of storing user preferences server-side is just a bandwidth saving trick (because the preferences will tend to be bigger than an index into the site's users table) because cookies get sent with every request. There: nothing unique appears in the cookies, so they cannot be used for tracking people.
I mostly agree with you. I would very much like a browser with the privacy settings you described. There is already the "Accept third-party cookies" option (I think all modern browser have a similar option), but I am not sure exactly what that does.
On the other hand, cookies are not needed for logins. In fact, they are a rather insecure way to do logins as anyone who can see your cookies can take over your session. For example, if you are on an open Wi-Fi hotspot and view any website that uses cookie logins and allows viewing logged-in pages without encryption, then anyone on the same hotspot can see your cookies and hijack your session. There was an automated attack specifically for GMail a little while ago (which Google added a "require HTTPS" option to secure against), but the same principle works for any site that does not require HTTPS (so it [hopefully] won't affect your bank).
Instead, logins should be done using HTTP digest authentication. As HTTP auth actually authenticates each request separately (as HTTP is stateless so it has to), it does not get tied to an IP, but still works without cookies. Additionally, it never sends the user's password in the clear, so even if the user is tricked into logging into a phisher's server, the phisher gets no useful information.
Unfortunately, although all modern desktop browsers support digest auth (some more obscure mobile browsers might not), the UI is horrible. I have yet to see a browser even indicate clearly that the HTTP auth was not basic (read: send password in the clear which should come with as many click-through steps as Firefox's current setup for self-signed certificates). Also, users have been trained for years to expect login boxes to appear as part of a web page, not as part of the web browser.
Using cookies for authentication is bad idea. They are currently the preferred solution for UI and historical, not technical, reasons. The browser vendors should be working on a sane authentication UI, so we can stop using them for that purpose.
Bad idea. If you run Linux on a Pentium II, then you should run a recent lightweight distro like Puppy Linux. Linux 2.6 has a lot of interesting recent performance improvements including the new scheduler.
On the other hand, choosing the current most popular Linux distro is likely to get you a similar slowdown over time as more is considered standard. For example, Ubuntu runs various system tasks like checking for updates in the background by default which will be completely unnoticeable on a recent machine but would make a Pentium II crawl. On the other hand, I believe each release of Ubuntu is usually reported as being faster than the last like each release of OS X is reported as being faster than the last. Successive releases of the OS being slower seems to be a Windows-specific meme -- and I am not even sure how true it is because the obvious slowdowns like visual effects can be disabled.
See Singularity, Microsoft's research operating system written primarily in C#. It uses an extended version of C# called Sing# in unsafe mode for implementing the parts that cannot be managed code (along with a little assembly and C code). The "See also" section on that page lists a few other research operating systems based on similar concepts, mostly using C# or Java. None of them are likely to see real use any time soon, but it is an interesting area of research.
Unsurprisingly, copyright law applies to copies. (Admittedly, trying to use that reading does get a bit fuzzy in the area of performances, which aren't exactly copies.) The owner of a copyright gets control over copies/broadcasts/performances of their work and some control over works deemed "derivative" of the original, nothing more.
Libraries do not make copies, and therefore copyright law does not apply to them. They simply lend out physical copies they bought which is perfectly legal by the first-sale doctrine. They may hurt profits, but then so may lending media among friends and used media sales. Although, DRM is targeted at basically those "problems".
From a practical point of view, libraries only let you keep the media for a limited time, so it is qualitatively different from pirating the media and keeping your own copy forever. Also, of course, you may have to wait for the library to have a copy available if the item is popular.
See Manna for one sci-fi view of what happens when robots take over all of the jobs. It is supposed to be realistic, but I think it, like a lot of near future sci-fi, overestimates the speed of technological progress.
Languages don't make things automatically safe, but they can help. Memory safety and type safety are properties of a programming language that make entire classes of errors impossible. Of course, you can write bad code in any language, but, say, a having code execute via a buffer overflow is pretty unlikely in Java unless there is a bug in the Java implementation.
I have pretty much no experience with C++, but it sounds like using the features which are not memory or type safe is strongly discouraged (which I assume could be checked with static code analysis), so it is a bit misleading to suggest that languages like Java and C# are "better" than C++ due to having those safety features.
I remember reading that WebOS included a Palm OS emulator, but no one seems to mention it in reviews. Did I misunderstand? It seems like Palm should be heavily pushing the fact that there is a huge catalog of Palm OS PDA apps. I assume this would still leave the Palm Pre far behind the iPhone in application support due to modern smart phone applications probably making heavy use of internet access, but it would still cover a lot, especially in the category of games.
Why are they so often portrayed as helpless victims instead of held up as examples of negligence, of what not to do?
Because the security systems are idiotic.
Some of this is due to historical reasons: the internet was never supposed to be secure. SSL is around for when something should be secure, but it is not used for everything that actually needs security. For example, a lot of websites, including some webmail websites, will transmit passwords encrypted and then switch to normal HTTP and transmit the almost-as-sensitive login cookie in the clear. Because DNS is not secure (yet), the user will not even know if they even connected to the real website at that point. Phishing attacks show that that the very concept of domain names to identify websites -- at least as currently used -- is somewhat broken (that, at least, I can understand recommending user education for). Of course, there is a serious issue that a login should never involve letting the server see your password in the clear -- there are plenty simple ways to avoid that while still using password authentication.
But that is all pretty minor: the GP suggests a scam based on asking for a credit card payment for internet access and using that to steal credit card details. The entire concept of a banking system where anyone you give any money can drain your account is pretty silly. Credit cards have legal protections so you are not actually liable for such payments, but they should not be possible in the first place.
Depends on the state. Some do have separate limits based on age differences for people under the age of consent. For example, in Pennsylvania, for minors aged 13-15, the age difference must be under 4 years (so a 15 year old and an 18 year old is okay even though the former is a minor and the latter is not) while the age of consent in Pennsylvania is 16.
I think you forgot a link. I am not sure if you just wanted the Wikipedia page on BeOS or a link straight to Haiku.
Linux has some tweaks in the kernel settings which are pretty much labeled "use this one option on a server and that option on a desktop". I assume desktop-oriented distros like Fedora and Ubuntu choose the desktop-friendly options. Then again, you may remember the drama over Con Kolivas maintaining a fork with more desktop-friendly options and saying that the other kernel devs just weren't that interested in working on such improvements.
Also, if a modern desktop/laptop computer is swapping out programs, something is wrong. With over 1GB of memory or so, that should not be necessary. You could probably get away with a good amount less memory and still not need a swap file/partition.
There's a simple solution, anyway. Now that Firefox has Theora and Vorbis built-in, various OSS-friendly sites like Wikipedia should just switch and REQUIRE that to view audio/video, users MUST have support.
Switch? Wikipedia has been using Ogg Vorbis and Theora exclusively for years. I don't think you are going to see much demand for Theora support unless YouTube switches to Theora-only, which, needless to say, is very unlikely.
The tag already supports fallbacks to different codecs. See Video for Everybody for details. The browser will look at the sources specified in order until it finds one it can decode.
Slashdot Mirror
Google could do this. Using IBM's algorithms which were on Slashdot recently, it might even be possible to keep everything encrypted on the server and only decrypt on the client so the data is safe even if the server is compromised. (Note: That was an article about a new and experimental cryptographic algorithm which may not be ready for serious use yet.)
There is a problem: Google wants to show ads and encrypted data gives them no clues about what ads to show. If there is really a market for it, then maybe they should develop a paid version with encryption that a business could trust. Another possibility would be a Google Docs appliance to be put behind the company's VPN. (Or does that already exist?)
The SQLite paid options include some extra features and support ("expedited bug fixes and fast, authoritative answers to common SQLite programming questions"). They do give you something for your money.
OOo is written mainly in C++. The Java controversy was a result of some features being implemented in Java, but those have worked with GCJ/GNU Classpath since 2005 (around that time, specific effort was made to make sure OOo would work with free Java implementation), which made the Java use in OOo a non-issue.
OpenOffice.org is not a great piece of software. It just happens to not be Java's fault in this instance.
From the description, it sounds similar to the Kademlia protocol used by the Kad network (basically serverless ed2k) and the BitTorrent DHT (distributed tracker / trackerless torrent support).
As details on Skype's protocol are sparse, it would likely be difficult to compare the features of the two protocols.
Gnash is not terribly compatible with Flash last I checked. They are working on it. Admittedly, I have not taken a close look at it in a while. Maybe I will install it again and see if it works well enough now for me to go without Adobe's Flash implementation.
Yes, the N810 is a horrible example of a good media player. I recently more or less gave on on trying to get mine to play media files straight as far too often it would have frame rates best quantified in seconds per frame instead of frames per second. I now run videos through tablet-encode first, which, even on its highest quality setting, sets the resolution of its output to 400x240 (for the N810's 800x480 screen) -- which actually ends up looking fine, but maybe I am just not that picky about video quality.
Given how underpowered the N810 is as a media player -- especially since that is apparently partly due to some bad design decisions on some on the internal interconnects -- and that it is still able to play YouTube videos, any new device using more recent ARM chips that made any attempt to play videos should have no trouble displaying Flash videos full screen.
It can't be fixed in software? What do you suggest as an alternative? Hardware? Magic? Hardware security can have bugs, too -- and I am not really sure what hardware security has to do with the types of bugs AppArmor is designed to protect against. Anyway, it seems silly to think of hardware as fundamentally different from software. Both express complicated logic, which can easily have mistakes unless the author is very careful.
Yes, AppArmor and SELinux do nothing if your code has no exploitable bugs. Unfortunately, code occasionally does have exploitable bugs, so it makes sense to have extra layers like the IE8 sandbox to limit the damage exploits can do.
Agreed. As Google has complained about on the topic of browser sandboxing, Linux is a bit behind in protecting programs from their own exploits. On the other hand, the Ubuntu project is actively working on using AppArmor more, which can greatly limit the damage an exploited program can do by listing which files and directories each program is allowed to read/write/execute.
Flash is pretty inefficient, but it does run (admittedly not great) on the N810 which has a 400MHz ARM processor, which is a generation behind the Cortex A8s, so a Cortex A8 should have no real trouble with Flash.
I hope some non-Adobe Flash implementation is ready for real use soon as the only possible reason for Flash to be as slow as it is is that Adobe must not care at all about its speed.
If they are worried about the idea of tracking visitors (which seems reasonable), then why don't they just store the user's preferences directly in the cookies? The idea of storing user preferences server-side is just a bandwidth saving trick (because the preferences will tend to be bigger than an index into the site's users table) because cookies get sent with every request. There: nothing unique appears in the cookies, so they cannot be used for tracking people.
I mostly agree with you. I would very much like a browser with the privacy settings you described. There is already the "Accept third-party cookies" option (I think all modern browser have a similar option), but I am not sure exactly what that does.
On the other hand, cookies are not needed for logins. In fact, they are a rather insecure way to do logins as anyone who can see your cookies can take over your session. For example, if you are on an open Wi-Fi hotspot and view any website that uses cookie logins and allows viewing logged-in pages without encryption, then anyone on the same hotspot can see your cookies and hijack your session. There was an automated attack specifically for GMail a little while ago (which Google added a "require HTTPS" option to secure against), but the same principle works for any site that does not require HTTPS (so it [hopefully] won't affect your bank).
Instead, logins should be done using HTTP digest authentication. As HTTP auth actually authenticates each request separately (as HTTP is stateless so it has to), it does not get tied to an IP, but still works without cookies. Additionally, it never sends the user's password in the clear, so even if the user is tricked into logging into a phisher's server, the phisher gets no useful information.
Unfortunately, although all modern desktop browsers support digest auth (some more obscure mobile browsers might not), the UI is horrible. I have yet to see a browser even indicate clearly that the HTTP auth was not basic (read: send password in the clear which should come with as many click-through steps as Firefox's current setup for self-signed certificates). Also, users have been trained for years to expect login boxes to appear as part of a web page, not as part of the web browser.
Using cookies for authentication is bad idea. They are currently the preferred solution for UI and historical, not technical, reasons. The browser vendors should be working on a sane authentication UI, so we can stop using them for that purpose.
Bad idea. If you run Linux on a Pentium II, then you should run a recent lightweight distro like Puppy Linux. Linux 2.6 has a lot of interesting recent performance improvements including the new scheduler.
On the other hand, choosing the current most popular Linux distro is likely to get you a similar slowdown over time as more is considered standard. For example, Ubuntu runs various system tasks like checking for updates in the background by default which will be completely unnoticeable on a recent machine but would make a Pentium II crawl. On the other hand, I believe each release of Ubuntu is usually reported as being faster than the last like each release of OS X is reported as being faster than the last. Successive releases of the OS being slower seems to be a Windows-specific meme -- and I am not even sure how true it is because the obvious slowdowns like visual effects can be disabled.
See Singularity, Microsoft's research operating system written primarily in C#. It uses an extended version of C# called Sing# in unsafe mode for implementing the parts that cannot be managed code (along with a little assembly and C code). The "See also" section on that page lists a few other research operating systems based on similar concepts, mostly using C# or Java. None of them are likely to see real use any time soon, but it is an interesting area of research.
Unsurprisingly, copyright law applies to copies. (Admittedly, trying to use that reading does get a bit fuzzy in the area of performances, which aren't exactly copies.) The owner of a copyright gets control over copies/broadcasts/performances of their work and some control over works deemed "derivative" of the original, nothing more.
Libraries do not make copies, and therefore copyright law does not apply to them. They simply lend out physical copies they bought which is perfectly legal by the first-sale doctrine. They may hurt profits, but then so may lending media among friends and used media sales. Although, DRM is targeted at basically those "problems".
From a practical point of view, libraries only let you keep the media for a limited time, so it is qualitatively different from pirating the media and keeping your own copy forever. Also, of course, you may have to wait for the library to have a copy available if the item is popular.
Copyright has nothing to do with plagiarism. Plagiarism is fraud. Plagiarism of a public domain work is still fraud.
See Manna for one sci-fi view of what happens when robots take over all of the jobs. It is supposed to be realistic, but I think it, like a lot of near future sci-fi, overestimates the speed of technological progress.
Languages don't make things automatically safe, but they can help. Memory safety and type safety are properties of a programming language that make entire classes of errors impossible. Of course, you can write bad code in any language, but, say, a having code execute via a buffer overflow is pretty unlikely in Java unless there is a bug in the Java implementation.
I have pretty much no experience with C++, but it sounds like using the features which are not memory or type safe is strongly discouraged (which I assume could be checked with static code analysis), so it is a bit misleading to suggest that languages like Java and C# are "better" than C++ due to having those safety features.
I remember reading that WebOS included a Palm OS emulator, but no one seems to mention it in reviews. Did I misunderstand? It seems like Palm should be heavily pushing the fact that there is a huge catalog of Palm OS PDA apps. I assume this would still leave the Palm Pre far behind the iPhone in application support due to modern smart phone applications probably making heavy use of internet access, but it would still cover a lot, especially in the category of games.
Why are they so often portrayed as helpless victims instead of held up as examples of negligence, of what not to do?
Because the security systems are idiotic.
Some of this is due to historical reasons: the internet was never supposed to be secure. SSL is around for when something should be secure, but it is not used for everything that actually needs security. For example, a lot of websites, including some webmail websites, will transmit passwords encrypted and then switch to normal HTTP and transmit the almost-as-sensitive login cookie in the clear. Because DNS is not secure (yet), the user will not even know if they even connected to the real website at that point. Phishing attacks show that that the very concept of domain names to identify websites -- at least as currently used -- is somewhat broken (that, at least, I can understand recommending user education for). Of course, there is a serious issue that a login should never involve letting the server see your password in the clear -- there are plenty simple ways to avoid that while still using password authentication.
But that is all pretty minor: the GP suggests a scam based on asking for a credit card payment for internet access and using that to steal credit card details. The entire concept of a banking system where anyone you give any money can drain your account is pretty silly. Credit cards have legal protections so you are not actually liable for such payments, but they should not be possible in the first place.
Yeah, no problems at all...
Depends on the state. Some do have separate limits based on age differences for people under the age of consent. For example, in Pennsylvania, for minors aged 13-15, the age difference must be under 4 years (so a 15 year old and an 18 year old is okay even though the former is a minor and the latter is not) while the age of consent in Pennsylvania is 16.
I think you forgot a link. I am not sure if you just wanted the Wikipedia page on BeOS or a link straight to Haiku.
Linux has some tweaks in the kernel settings which are pretty much labeled "use this one option on a server and that option on a desktop". I assume desktop-oriented distros like Fedora and Ubuntu choose the desktop-friendly options. Then again, you may remember the drama over Con Kolivas maintaining a fork with more desktop-friendly options and saying that the other kernel devs just weren't that interested in working on such improvements.
Also, if a modern desktop/laptop computer is swapping out programs, something is wrong. With over 1GB of memory or so, that should not be necessary. You could probably get away with a good amount less memory and still not need a swap file/partition.
Some sources say that over 80% of desktop computers are infected with a virus called Windows.
Hey, that's my line! ;-)
There's a simple solution, anyway. Now that Firefox has Theora and Vorbis built-in, various OSS-friendly sites like Wikipedia should just switch and REQUIRE that to view audio/video, users MUST have support.
Switch? Wikipedia has been using Ogg Vorbis and Theora exclusively for years. I don't think you are going to see much demand for Theora support unless YouTube switches to Theora-only, which, needless to say, is very unlikely.
The tag already supports fallbacks to different codecs. See Video for Everybody for details. The browser will look at the sources specified in order until it finds one it can decode.