> The phrase "security through obscurity" has a well established meaning in the discussion of security measures. > It refers specifically to systems that are only secure if the design is not known to the attacker.
Where do you draw the lines between the design and the implementation and the shared secret? Are the criteria that you use to determine whether a given password is strong enough for your purposes part of the design, part of the implementation, or part of the shared secret? Is what port you run the service on part of the design, part of the implementation, or part of the shared secret? If the port number is part of the design of the security system, then what about the sequence of port accesses needed in the case of port knocking? Is that also part of the design, or have we stepped over into the shared secret at that point. (If so, the design is weak, because signals analysis can determine the port sequence even if all the traffic is encrypted.)
More to the point, is which PRNG your system uses part of the design, or part of the shared secret?
You can draw an arbitrary line if you want and say, "It's okay for this stuff to be required to be kept secret, but it's not okay for this other stuff", but unless that line is drawn based on sane criteria (e.g., it's okay for the root password to need to be kept secret because with correct practices it reliably _can_ be kept secret, but it's not okay for the PRNG algorithm to need to be kept secret because it exposes information about itself through the course of normal interactions), it's an arbitrary line. Drawing that line based on something as unrelated to what's really at stake as "is it part of the design or not" is exactly the kind of fuzzy thinking that leads to bad security.
As I said, obscurity (which is just another word for secrets, really) can be an important part of a good security system, but you have to realistically evaluate the security properties of your system in light of how the various components interact. If the interactions between a given component and other aspects of your setup will compromise its secrecy, then the obscurity of that component is unreliable and must be considered as such.
A "stealth" firewall, specifically, is a form of obscurity that can be useful or worthless, depending on how it is employed, what else is going on, and what you are expecting it to do. If you are protecting a strictly client system, and *all* incoming ports are stealth, then it is potentially useful because a remote attacker who does not receive traffic from the client system has no way to know what if anything might be at that address. (What are you protecting against? As-yet undiscovered vulnerabilities in the network stack or firewalling software, perhaps.) The point is, your system is not actively disclosing the secrets, so they can actually stay secret.
On the other hand, if you have port 80 open incoming and are running a webserver that gives away that information to anyone who asks, then stealthing all the *other* ports accomplishes nothing to fifty decimal places. Port 80 is scanned regularly by, unless I am greatly mistaken, every major ring of computer criminals, both the scary knowledgeable ones and the, umm, others. If it's open, you're on their lists, and they *know* what OS you run, unless you've taken special steps to prevent them from being able to figure that out. And no, they don't have to spend extra resources to find this out; it's a sunk cost, because they already scan the whole internet every few days anyhow. Stealthing other ports to keep that information secret is like locking the car doors with the windows rolled all the way down.
Even if you've tweaked the web server to not directly disclose OS information and so forth, the protection provided is still pretty limited, because you're still going to be on said lists, and it's not exactly hard to automate a run of network stack fingerprinting against all the servers that haven't disclosed the information that's wanted
> For the same reason they claim that "stealth" firewalling is only "security through obscurity"
It is.
That in itself doesn't necessarily mean it can't be a useful measure, *in conjunction* with other security measures. Security though obscurity is not adequate security by itself. It can, however, be a meaningful component of an overall secure system.
Passwords are essentially a form of security through obscurity. And if that's the only kind of security you have, that's not very good security. Obscurity is really only useful when combined with other forms of security that serve to protect and preserve the obscurity. For instance, a strong password on a remote login is not by itself very secure if the password is transmitted in cleartext every time you log in. The addition of strong public-key cryptography, however, greatly improves the security. The cryptography by itself does not create security: if the system is using a weak password, no amount of encrypting it in transit will make it secure. You have to have the two together. (Even that is a simplification: there are other things you have to have as well. Not least, the systems you log in *from* must be trusted.)
Similarly, stealth firewalling *by itself* is just about useless. That doesn't necessarily mean it couldn't ever be a meaningful component of an overall secure system, but it does mean there are other factors that have to be taken into consideration as well.
So I once tried to learn find's command-line syntax, because the "learn Linux" resource I was reading at the time (circa 1998) recommended it.
I only occasionally use find, and I never specify any options other than what directory to start from (usually./). For narrowing down, I pipe the results into grep (or, if what I want to do is somewhat complicated, a Perl one-liner). I realize that's probably inefficient with computer resources, but it works well enough, and that way I don't have to mess with find's extremely arcane command-line syntax and badly-written documentation.
I don't mind slightly arcane syntax. I'm comfortable with Perl regular expressions, for instance. But the command-line syntax for find is over the top nasty. I *could* force myself to learn it, but there's no real benefit to doing so. Everything it does can be accomplished in easier-to-remember ways. I'd rather spend my time learning something potentially useful, like Sanskrit, or something interesting, like SMTP.
Besides, whoever recommended find for the described situation was having an idiot moment. What he actually needed was the locate command, which in addition to being easier to use and better documented is also a good deal more efficient with system resources. It doesn't have all of find's capabilities (e.g., limiting the results to _only_ directories), but a quick pipe through grep will take care of that in almost all real-world usage cases, including the one in question. The only reason I can think of to use find in preference to locate is if you're only searching a (relatively) small part of the filesystem hierarchy. (Admittedly, that's a fairly common usage case. But it's not the one the article was talking about.) Or if you don't know how to use grep, I suppose, but grep is rather more important to learn than find, because it's useful for a whole lot more than just locating files.
> No, really, I get it. Linux needs a "killer app" and all that. For me, it's general media munging
For me, it's mostly configurability (or customizeability, or flexibility, or whatever you like to call it).
There's also the fact that once you have something working it generally *continues* to work unless you change something or hardware breaks. That's nice. But while Linux is still better, Windows XP is a lot more competitive in that regard than Windows 98 was, and anyway it's not a really big deal to me on the desktop. (On servers it's a huge deal, but that battle is won. Windows isn't the second or even the third choice in servers, except when a third-party line-of-business app requires it.)
No, the really big selling point for Linux -- or for open-source software in general -- is customizeability. You can make the software behave the way you want. You can arrange the UI the way you want.
Of course, a solid half of the population, maybe more, doesn't *want* to customize the system at all. They want to leave it the way it comes from the factory. Fine, that's their choice. Let them use Windows. If you don't have preconceived ideas about how you want your computer to function, if you're happy to let Microsoft make all those choices for you, then Windows XP is, on the whole, for the most part, really not all that bad.
Vista's a little rough at this point, but let's face it, early adopters always run into some rough edges at first. Try comparing Vista to an early copy of XP that doesn't have SP1 installed, let alone SP2, and then see how Vista looks. (At least Vista blocks most incoming ports by default, so you can connect it to the internet for long enough to run automatic updates without falling prey to multiple worms in the process... XP, if it doesn't have the service packs built into the install CD, needs to be connected from behind an external firewall. And good luck trying to get peer-to-peer file and print sharing working between XP and older Windows systems, notably 98SE. Why did it need to matter which computer got turned on first? Windows 98 never cared about that. I could go on, but if you think back, you probably have your own memories of such frustrations.) Vista's *new*. Of *course* it's rough. Give it some time, it'll shape up. XP certainly has.
When I Vista will shape up, I of course mean it'll shape up relative to other Windows versions. I obviously do not mean that it'll magically transform into Unix. If you want Unix, that's available from other sources. Forget about Vista and just install BSD already, if that's what you want. It isn't "just like Windows XP only newer and better"; in fact, it's rather *unlike* Windows XP. (Unless you compare it against something that's _really_ different, like, say, VMS. In that case Windows and BSD look pretty similar, in much the same way a red Ferari and a black and yellow Bluebird school bus look similar if you compare them to a large-mouth bass.) Unix-like systems will remain Unix-like, and Windows will presumably remain Windows-like. Duh.
If you like Windows XP, you will most likely come around to liking Vista in the future -- once it has been out for a couple or three years, gets some service packs under its belt, accrues better support from various third parties, and so on and so forth. Once it matures, in other words.
That doesn't mean I'm going to want it for my workstation. But then, I never wanted Windows XP for my workstation, either, nor Windows 98 before it, so there's really no news there. Even when Windows 95 was my primary OS, it was always on a multiboot system, and I always had other systems that I used also. In the Windows 3.1 days, I generally exited to DOS and did most of my stuff there. So I'm not really a part of the core target market for Windows. I never was.
I do, however, keep up with Windows enough so that I can support Windows desktops that *other* people use. And looking at things from that perspective, I'm at some point going to be eager
Wikipedia is supposed to be an encyclopedia, not a discussion forum, and so it generally attempts to maintain an encyclopedic tone. (It's not perfect, of course, and things that don't belong occasionally slip in, but the goal is clear.) As a rule, encyclopedias normally contain illustrations, but not many colloquialisms. I don't think all of the Wikipedia editors believe that profanity is something to be religiously proscribed; they simply don't deem it to be conducive to a formal, encyclopedic tone. Wikipedia articles also usually (though I've run into a couple of exceptions) don't have, like, slang and stuff, even though it's, like, you know, totally non-obscene, dude.
I *do* see a fair number of contractions in WP articles, though, and some fairly lax grammar sometimes, albeit usually not quite as bad as in journalistic writing.
> it's the crazy fundamentalist Christians that bomb abortion clinics
Actually, the word fundamentalist means something different in Christian circles. (In a nutshell, it means those who don't want to discard Biblical beliefs in the name of progress.) The usual term for people who bomb buildings is terrorist, and any real fundamentalist Christian wants as little to do with them as can be arranged.
I realize it's a subtle distinction.
There's not really any equivalent (of Christian fundamentalism) in Islam, perhaps because they have never really had a serious Liberal theology movement to content with. Let a whole bunch of mosques start teaching that nothing in the Quran is really true in any literal sense but what's important is that it teaches us to love one another and feel good about ourselves, and I imagine a fundamentalism movement would develop in response.
> They all want the job, which should be enough in itself to disqualify them
You sound like Greenspan, who says in his book that anyone willing to do what it takes to be elected President should be barred from holding the office. (He has, however, a number of good things to say, individually, about several of the Presidents he knew and worked with, though perhaps he says a higher percentage of positive things about Ford than any of the others.)
> I could have sworn there were other democrats running for president too...
Only in theory.
And even at that, what they're really running for is wider recognition, which they want so that they can have a better shot at some other office after they don't get the nomination, or a better shot at the nomination in some future year, or somesuch. Either that or they're completely delusional.
> Or one of the republicans might become president.
That seems very unlikely this time around. Bush only just barely made it last time, even with the advantage of being the incumbent, and the overall mood of the nation has not exactly shifted in his favor since then and does not seem particarly likely to do so in the next few months. Just as in 88 the GOP could not lose, I'm pretty sure in 08 the GOP cannot win, unless something really unusual happens. (If Hillary doesn't get the nomination and runs third-party, for instance, that might just about do it. Or if middle-eastern terrorists manage to somehow kidnap the President and put him on the phone with a gun to his head and demand that he give orders to blah blah blah and instead he orders his own location bombed to stop them, that might do it too.)
No, I think you're looking at either Obama or Hillary as the next US President. I cannot yet predict which.
> Either way, the world loses.
Either way, it's for a four-year term initially, which can be renewed for a second four-year term *if* they make reelection. I'm not saying a bad President can't do any dammage in four years, they can, but with any luck the world may not end.
> (...actually, that's probably longer than many voters have been *alive*)
I'll have you know, I was born during the Ford administration. My parents remember Kennedy. My grandparents (who are still alive) *voted* for Kennedy.
I'm pulling for Obama, primarily because I do *NOT* want Hillary Clinton in office. (Actually, what would be kind of cool would be if Obama got the nomination and Hillary went all Bull Moose on him. That could be interesting. But I'm pretty sure she's too intelligent to do that.)
> I used Linux back in the 90s, but it was such a toy OS it wasn't going to help my career at the time.
I remember the first time I got a distro with the new kernel with the improved virtual memory system. (I want to say that was kernel 2.2 IIRC, but it could have been 2.0 or 2.4, I don't really remember for sure anymore.) Boy, was that a huge improvement. The vm handling in Linux now is better than what's in FreeBSD, but back in the bad old days, if you started running low on swap space, your system would slow down to the point where it could take hours just to close a window, and forget about switching to a text vt and logging on there to kill off a memory-hog process, because the system wouldn't be anywhere near responsive enough to log you in inside the timeout.
Linux has had a lot of improvements over the years, of course, but to my way of thinking that's the really big one.
And yeah, Linux was in the right place at the right time. A lot of programmers became interested early on in using it (and therefore in improving it) at least partly because of the BSD lawsuit thing. Once it achieved a certain critical mass of interested parties,...
But anyway, BSD is important for me because, as an IT professional, I cannot afford to know Linux but ignore other Unix variants. I have to broaden my horizons beyond that. The reason I picked FreeBSD specifically is just because, when I was looking to install, the 6.0 release had just come out, so I grabbed that and used it. I had been thinking about getting into OpenBSD, and still might at some point, although it is also tempting to experiment with other things, like Darwin or Solaris x86, for the same reason I moved from Linux to BSD: I'm building a broader base of knowledge.
FWIW, there are things I like about FreeBSD, and other things where I like the Linux way better, and some areas where I've noticed a difference but not formed an opinion about which is better. And it is possible that some of the areas where I currently like Linux better that's just because it's more what I was used to, and I might eventually get over that as I use more other systems.
But why, oh why, do these Unix variants not have VMS-style file versioning? I really want that. Sure, it uses up more hard drive space, but have you seen the prices and sizes of hard drives lately? I want file versioning.
> However, the judges really wanted to see some sort of garbage collection vs. malloc/free > or even an Intel/AMD mention... Let's see what the rest of the competitors have to offer.
Regarding gc vs malloc, probably the best solution is reference counting. That has the speed of malloc and most of the safety advantages of other, more expensive garbage collection schemes, as long as you don't do anything totally stupid like make cyclic rings of references and lose track of them. Refcounting is the approach Perl takes, so obviously that's the way to do things. Perl does everything the best possible way. Why do other languages even exist?
Obviously, the best combination is Perl, Emacs, KDE, and tcsh, on FreeBSD, on x86-64 hardware, with a Matrox video card and the Turtle Beach Santa Cruz soundcard, with esd for the sound subsystem. Also, be sure to set up Emacs to use Andale Mono, since that's by far the best fixed-width font. Oh, and you'll want sawfish for the window manager, since the default one that comes with KDE sucks, and Firefox and gmc to replace that Konqueror thing.
Your second point is pretty much invalid. If the sole of the shoe were made of military-grade explosives, walking, even jumping, would not cause the explosives to go off. Yes, there *are* explosives that are so unstable they can be set off that way, most famously nitroglycerine, but something like that is too impractical to use. The stuff they make grenades out of and use to blow up bridges isn't shock-sensitive like that.
Not that I'm saying the shoe-scanning is really necessary. Any amount of explosive that you can hide in the sole of a shoe can just as easily be worn under your clothes, I would think.
On the other hand, I don't understand why people make such a big deal about it either. It's not like taking off your shoes is a huge multi-minute inconvenience. It takes, what, six seconds? What a petty thing to whine about. Not being able to take a decent-sized beverage on the flight is a much greater annoyance, as far as I'm concerned.
Actually, I consider both HD DVD and Blu-Ray to be mostly-irrelevant niche products. Consumers aren't ready for another format switch yet. Most households still have VHS players, and many have *multiple* VHS players and only one DVD player (which, admittedly, is usually newer). Pretty much all video-watching households do have DVD players now, but this has only been the case for about a year (since, roughly, Christmas 2006). Many people still have more videotapes than DVDs in their household, though the size of their DVD collections is increasing. All of that is to say, DVD is still the *new* format. People aren't ready for it to be the old format yet.
Add the DVD and Blu-Ray sales figures together, and graph them month-by-month against the sales of VHS and DVD players. DVD is the big number, and the VHS figure is much much smaller (and in the last year or so mostly consists more or less entirely of combination units), but HD-DVD and Blu-Ray, combined, have a smaller figure yet.
Some people have attributed the slow uptake to the format war, but I disagree. I think consumers aren't ready for another change to a new format yet. It's too soon. Enthusiasts are ready, but enthusiasts were ready for LS120 SuperDisk drives too, and yet, for some reason, regular floppy disk drives continued to dominate the market for several more years (until the advent of affordable CD burners, which had the advantage of writing a format that everybody already had a reader for).
Neither HD-DVD nor Blu-Ray will be the successor of DVD, or, at least, not for several years for most people. Probably never, because some future format will come along that's better than all of the above. Based on Flash RAM technology, as likely as not.
You know, this could be just me, but it seems at least vaguely conceivable that the NPD group could potentially be somewhat biased in this matter. In the absense of any independent analysts agreeing with them, I am tempted to give greater weight to the various third parties reporting the opposite view. Not that I'd want to make a snap judgement or anything...
But I do remember when gas was _exactly_ $1/gallon, at the pump, at every gas station, for several years running. My dad used to give me a dollar bill and a one-gallon gas can and send me to get gas for the mower.
Of course, that was regular gasoline. The old car (a Plymouth Duster) could run on that, but the new one (a Chevy Cavalier station wagon, which turned out to be a real lemon, but that's another story) required unleaded fuel only.
> An alcohol engine be ran safely at 12-14 to 1 compression raising efficiency
You're talking about an engine designed specifically for alcohol only. At this point, putting that kind of engine in ordinary vehicles marketed to ordinary consumers would be completely impractical, since in most areas people wouldn't be able to buy fuel for them at anything resembling sane prices. Where I live, for instance, the cheapest solution would be to go to the hardware store and get denatured alcohol (assuming a small percentage of methanol would be okay for the engine), at more than a dollar per quart. Nobody's interested in buying a vehicle with those kinds of requirements. Consequently, auto makers aren't interested in putting alcohol-only engines in cars.
If you want to talk about something that's (at least theoretically) practical in the real world, you have to talk about what ethanol can do in an engine that can also run on gasoline.
> In fact although there are lots of people out there who run > OpenBSD as a workstation OS, I'm not really sure why you'd want to
Same reasons you choose any other distro for your workstation. You want to become more familiar with the system, so that when you use it on servers you'll be more knowledgeable about what you're doing. Doesn't everybody choose their desktop OS that way?
They're *analagous* to papers, but they're clearly not papers as such, not literally anyway.
They could certainly be considered personal effects, though. IANAL, and I don't know the relevant case law, but that seems like the obvious way to categorize them.
Perhaps a more interesting question is the definition of "search". Traditionally a search involved physically going through things, but in the case of electronically stored information a "search" in that sense might not always be necessary, especially if the storage device supports wireless networking and is not entirely secure. I would tend to think that sort of electronic search would fall into the same general category as a wiretap (which I'm pretty sure you need a warrant for, at least if you want anything you find out to be admissible in court), but, again, IANAL, and I don't know the relelvant case law.
Is there a specific book you would recommend? I've been using FreeBSD on my main workstation at home for a while (since a month or so after 6.0 was released IIRC), and while some things about it are comfortable, others still feel a bit alien. I'd be interested in wrapping my mind around FreeBSD's way of doing things a little better. (Just at a power-user level, not as a developer. I write bits of custom app-level code for this and that, mostly in Perl, but I'm not interested in being an OS developer.)
If it matters, I have a pretty good background as a poweruser on various Linux distros, which I first started fooling with in '98. I've lost count of how many different Linux distributions I've worked with, but they still all tend to have some things in common (beyond just the kernel), as I rapidly discovered when I started using FreeBSD (which, despite being Unixey in general, is clearly not Linux). I've also worked with and played with an assortment of non-Unix OSes: DOS, BeOS, old Mac systems,... so I don't need general comp-sci stuff or explanations of how Unix is different from Windows XP. Mostly I just need to understand the things that set FreeBSD apart from other Unices.
Incidentally, the most oustandingly *different* OS I've ever had occasion to work with, in a lot of ways, is VMS. Compared to how different VMS is, Windows and Unix start to look VERY similar, and FreeBSD and Linux may as well be identical. There are things about VMS that I really like... and things that I don't. But either way it's different.
> It will have the rendering engines for 7, 8, 9, 10, 11, 12, 13, 14 embedded in it.
Not in their entirety. Backward compatibility only goes so far.
Consider, for instance, software that was written for Windows 3.1. It was *supposed* to totally work, and in practice usually mostly worked, in Windows 95. Windows 98 didn't mess it up too bad either, apart from some widget and layout issues. But have you tried running it on Windows XP? Haha. Maybe if you install your Windows XP on a FAT32 filesystem, you conceivably might be able to get some of it to sort-of work. With Vista, that's totally not an option, so all the Windows 3.x software will finally be totally unusable. At long last.
Similarly, I would imagine that the broken IE6/7 HTML you see on the web today will mostly work in IE8 and probably in IE9 also, sort of work with some caveats in IE10 and maybe IE11, but by IE12 or so probably not.
Ironically, pages written for and tested in NCSA Mosaic still display fine in IE7 (and in Firefox too as far as that goes), but pages written for IE4 (or Netscape 4 for that matter) not so much. Of course, pages written for Mosaic don't specify anything that a modern web developer would call layout. I mean, you know, they've got paragraph breaks and, well, also they have paragraph breaks. So it's not too hard to get the rendering right.
Maybe he means that he can't count how many years he's been doing web development, because he wasn't old enough to read a calendar yet when he started. If he's, say, twenty years old now, and his dad was doing research at MIT when he was a wee lad, I guess it's conceivable that he could have been introduced to web development (such as it was at the time) along with the alphabet, when he was two or three, and not learned to read a calendar or count years until later.
In fact, I can just imagine some geek professor teaching his son: Dad: What's this letter? Son: Pee. Dad: Good! What sound does it make? Son: puh. puh. puh. Dad: Good! And what does the <p> tag do in a web page? Son: It jumps down and writes in a new place. Dad: What do we call the new place? Son: A pagaf. Dad: PaRAgraph. Say Ruh, ruh, ruh, PaRUHgraph.
Oh, yeah, and speaking as a web developer, the IE8 update can't come too soon. The minute that's available on Windows Update for XP, my days of supporting IE7 will be numbered. IE6? That's already a memory, as far as I'm concerned. If you want to keep it on your corporate intranet for the support of some line-of-business application, that's fine, as long as your users either A) don't also need to browse the web or B) also have access to a modern browser.
I quit supporting IE6 once IE7 had been on Windows Updates (for XP) for a couple of weeks. That was, what, nearly a year ago now? Windows 98 users can download Firefox or Opera, or they can upgrade to an OS that the vendor still supports.
People who specifically want to reminisce about the nineties can keep IE6, IE5, or NCSA Mosaic for all I care, that's their business. But if you want to browse the web, which changes over time, and see it the way it's intended to be, you kind of have to accept the occasional update.
Slashdot Mirror
> The phrase "security through obscurity" has a well established meaning in the discussion of security measures.
> It refers specifically to systems that are only secure if the design is not known to the attacker.
Where do you draw the lines between the design and the implementation and the shared secret? Are the criteria that you use to determine whether a given password is strong enough for your purposes part of the design, part of the implementation, or part of the shared secret? Is what port you run the service on part of the design, part of the implementation, or part of the shared secret? If the port number is part of the design of the security system, then what about the sequence of port accesses needed in the case of port knocking? Is that also part of the design, or have we stepped over into the shared secret at that point. (If so, the design is weak, because signals analysis can determine the port sequence even if all the traffic is encrypted.)
More to the point, is which PRNG your system uses part of the design, or part of the shared secret?
You can draw an arbitrary line if you want and say, "It's okay for this stuff to be required to be kept secret, but it's not okay for this other stuff", but unless that line is drawn based on sane criteria (e.g., it's okay for the root password to need to be kept secret because with correct practices it reliably _can_ be kept secret, but it's not okay for the PRNG algorithm to need to be kept secret because it exposes information about itself through the course of normal interactions), it's an arbitrary line. Drawing that line based on something as unrelated to what's really at stake as "is it part of the design or not" is exactly the kind of fuzzy thinking that leads to bad security.
As I said, obscurity (which is just another word for secrets, really) can be an important part of a good security system, but you have to realistically evaluate the security properties of your system in light of how the various components interact. If the interactions between a given component and other aspects of your setup will compromise its secrecy, then the obscurity of that component is unreliable and must be considered as such.
A "stealth" firewall, specifically, is a form of obscurity that can be useful or worthless, depending on how it is employed, what else is going on, and what you are expecting it to do. If you are protecting a strictly client system, and *all* incoming ports are stealth, then it is potentially useful because a remote attacker who does not receive traffic from the client system has no way to know what if anything might be at that address. (What are you protecting against? As-yet undiscovered vulnerabilities in the network stack or firewalling software, perhaps.) The point is, your system is not actively disclosing the secrets, so they can actually stay secret.
On the other hand, if you have port 80 open incoming and are running a webserver that gives away that information to anyone who asks, then stealthing all the *other* ports accomplishes nothing to fifty decimal places. Port 80 is scanned regularly by, unless I am greatly mistaken, every major ring of computer criminals, both the scary knowledgeable ones and the, umm, others. If it's open, you're on their lists, and they *know* what OS you run, unless you've taken special steps to prevent them from being able to figure that out. And no, they don't have to spend extra resources to find this out; it's a sunk cost, because they already scan the whole internet every few days anyhow. Stealthing other ports to keep that information secret is like locking the car doors with the windows rolled all the way down.
Even if you've tweaked the web server to not directly disclose OS information and so forth, the protection provided is still pretty limited, because you're still going to be on said lists, and it's not exactly hard to automate a run of network stack fingerprinting against all the servers that haven't disclosed the information that's wanted
> For the same reason they claim that "stealth" firewalling is only "security through obscurity"
It is.
That in itself doesn't necessarily mean it can't be a useful measure, *in conjunction* with other security measures. Security though obscurity is not adequate security by itself. It can, however, be a meaningful component of an overall secure system.
Passwords are essentially a form of security through obscurity. And if that's the only kind of security you have, that's not very good security. Obscurity is really only useful when combined with other forms of security that serve to protect and preserve the obscurity. For instance, a strong password on a remote login is not by itself very secure if the password is transmitted in cleartext every time you log in. The addition of strong public-key cryptography, however, greatly improves the security. The cryptography by itself does not create security: if the system is using a weak password, no amount of encrypting it in transit will make it secure. You have to have the two together. (Even that is a simplification: there are other things you have to have as well. Not least, the systems you log in *from* must be trusted.)
Similarly, stealth firewalling *by itself* is just about useless. That doesn't necessarily mean it couldn't ever be a meaningful component of an overall secure system, but it does mean there are other factors that have to be taken into consideration as well.
> What geek doesn't or has never used *nix find?
./). For narrowing down, I pipe the results into grep (or, if what I want to do is somewhat complicated, a Perl one-liner). I realize that's probably inefficient with computer resources, but it works well enough, and that way I don't have to mess with find's extremely arcane command-line syntax and badly-written documentation.
[raises hand]
So I once tried to learn find's command-line syntax, because the "learn Linux" resource I was reading at the time (circa 1998) recommended it.
I only occasionally use find, and I never specify any options other than what directory to start from (usually
I don't mind slightly arcane syntax. I'm comfortable with Perl regular expressions, for instance. But the command-line syntax for find is over the top nasty. I *could* force myself to learn it, but there's no real benefit to doing so. Everything it does can be accomplished in easier-to-remember ways. I'd rather spend my time learning something potentially useful, like Sanskrit, or something interesting, like SMTP.
Besides, whoever recommended find for the described situation was having an idiot moment. What he actually needed was the locate command, which in addition to being easier to use and better documented is also a good deal more efficient with system resources. It doesn't have all of find's capabilities (e.g., limiting the results to _only_ directories), but a quick pipe through grep will take care of that in almost all real-world usage cases, including the one in question. The only reason I can think of to use find in preference to locate is if you're only searching a (relatively) small part of the filesystem hierarchy. (Admittedly, that's a fairly common usage case. But it's not the one the article was talking about.) Or if you don't know how to use grep, I suppose, but grep is rather more important to learn than find, because it's useful for a whole lot more than just locating files.
> No, really, I get it. Linux needs a "killer app" and all that. For me, it's general media munging
For me, it's mostly configurability (or customizeability, or flexibility, or whatever you like to call it).
There's also the fact that once you have something working it generally *continues* to work unless you change something or hardware breaks. That's nice. But while Linux is still better, Windows XP is a lot more competitive in that regard than Windows 98 was, and anyway it's not a really big deal to me on the desktop. (On servers it's a huge deal, but that battle is won. Windows isn't the second or even the third choice in servers, except when a third-party line-of-business app requires it.)
No, the really big selling point for Linux -- or for open-source software in general -- is customizeability. You can make the software behave the way you want. You can arrange the UI the way you want.
Of course, a solid half of the population, maybe more, doesn't *want* to customize the system at all. They want to leave it the way it comes from the factory. Fine, that's their choice. Let them use Windows. If you don't have preconceived ideas about how you want your computer to function, if you're happy to let Microsoft make all those choices for you, then Windows XP is, on the whole, for the most part, really not all that bad.
Vista's a little rough at this point, but let's face it, early adopters always run into some rough edges at first. Try comparing Vista to an early copy of XP that doesn't have SP1 installed, let alone SP2, and then see how Vista looks. (At least Vista blocks most incoming ports by default, so you can connect it to the internet for long enough to run automatic updates without falling prey to multiple worms in the process... XP, if it doesn't have the service packs built into the install CD, needs to be connected from behind an external firewall. And good luck trying to get peer-to-peer file and print sharing working between XP and older Windows systems, notably 98SE. Why did it need to matter which computer got turned on first? Windows 98 never cared about that. I could go on, but if you think back, you probably have your own memories of such frustrations.) Vista's *new*. Of *course* it's rough. Give it some time, it'll shape up. XP certainly has.
When I Vista will shape up, I of course mean it'll shape up relative to other Windows versions. I obviously do not mean that it'll magically transform into Unix. If you want Unix, that's available from other sources. Forget about Vista and just install BSD already, if that's what you want. It isn't "just like Windows XP only newer and better"; in fact, it's rather *unlike* Windows XP. (Unless you compare it against something that's _really_ different, like, say, VMS. In that case Windows and BSD look pretty similar, in much the same way a red Ferari and a black and yellow Bluebird school bus look similar if you compare them to a large-mouth bass.) Unix-like systems will remain Unix-like, and Windows will presumably remain Windows-like. Duh.
If you like Windows XP, you will most likely come around to liking Vista in the future -- once it has been out for a couple or three years, gets some service packs under its belt, accrues better support from various third parties, and so on and so forth. Once it matures, in other words.
That doesn't mean I'm going to want it for my workstation. But then, I never wanted Windows XP for my workstation, either, nor Windows 98 before it, so there's really no news there. Even when Windows 95 was my primary OS, it was always on a multiboot system, and I always had other systems that I used also. In the Windows 3.1 days, I generally exited to DOS and did most of my stuff there. So I'm not really a part of the core target market for Windows. I never was.
I do, however, keep up with Windows enough so that I can support Windows desktops that *other* people use. And looking at things from that perspective, I'm at some point going to be eager
Wikipedia is supposed to be an encyclopedia, not a discussion forum, and so it generally attempts to maintain an encyclopedic tone. (It's not perfect, of course, and things that don't belong occasionally slip in, but the goal is clear.) As a rule, encyclopedias normally contain illustrations, but not many colloquialisms. I don't think all of the Wikipedia editors believe that profanity is something to be religiously proscribed; they simply don't deem it to be conducive to a formal, encyclopedic tone. Wikipedia articles also usually (though I've run into a couple of exceptions) don't have, like, slang and stuff, even though it's, like, you know, totally non-obscene, dude.
I *do* see a fair number of contractions in WP articles, though, and some fairly lax grammar sometimes, albeit usually not quite as bad as in journalistic writing.
Actually, the word fundamentalist means something different in Christian circles. (In a nutshell, it means those who don't want to discard Biblical beliefs in the name of progress.) The usual term for people who bomb buildings is terrorist, and any real fundamentalist Christian wants as little to do with them as can be arranged.
I realize it's a subtle distinction.
There's not really any equivalent (of Christian fundamentalism) in Islam, perhaps because they have never really had a serious Liberal theology movement to content with. Let a whole bunch of mosques start teaching that nothing in the Quran is really true in any literal sense but what's important is that it teaches us to love one another and feel good about ourselves, and I imagine a fundamentalism movement would develop in response.
> They all want the job, which should be enough in itself to disqualify them
You sound like Greenspan, who says in his book that anyone willing to do what it takes to be elected President should be barred from holding the office. (He has, however, a number of good things to say, individually, about several of the Presidents he knew and worked with, though perhaps he says a higher percentage of positive things about Ford than any of the others.)
> I could have sworn there were other democrats running for president too ...
Only in theory.
And even at that, what they're really running for is wider recognition, which they want so that they can have a better shot at some other office after they don't get the nomination, or a better shot at the nomination in some future year, or somesuch. Either that or they're completely delusional.
> Or one of the republicans might become president.
That seems very unlikely this time around. Bush only just barely made it last time, even with the advantage of being the incumbent, and the overall mood of the nation has not exactly shifted in his favor since then and does not seem particarly likely to do so in the next few months. Just as in 88 the GOP could not lose, I'm pretty sure in 08 the GOP cannot win, unless something really unusual happens. (If Hillary doesn't get the nomination and runs third-party, for instance, that might just about do it. Or if middle-eastern terrorists manage to somehow kidnap the President and put him on the phone with a gun to his head and demand that he give orders to blah blah blah and instead he orders his own location bombed to stop them, that might do it too.)
No, I think you're looking at either Obama or Hillary as the next US President. I cannot yet predict which.
> Either way, the world loses.
Either way, it's for a four-year term initially, which can be renewed for a second four-year term *if* they make reelection. I'm not saying a bad President can't do any dammage in four years, they can, but with any luck the world may not end.
> (...actually, that's probably longer than many voters have been *alive*)
I'll have you know, I was born during the Ford administration. My parents remember Kennedy. My grandparents (who are still alive) *voted* for Kennedy.
I'm pulling for Obama, primarily because I do *NOT* want Hillary Clinton in office. (Actually, what would be kind of cool would be if Obama got the nomination and Hillary went all Bull Moose on him. That could be interesting. But I'm pretty sure she's too intelligent to do that.)
> I used Linux back in the 90s, but it was such a toy OS it wasn't going to help my career at the time.
...
I remember the first time I got a distro with the new kernel with the improved virtual memory system. (I want to say that was kernel 2.2 IIRC, but it could have been 2.0 or 2.4, I don't really remember for sure anymore.) Boy, was that a huge improvement. The vm handling in Linux now is better than what's in FreeBSD, but back in the bad old days, if you started running low on swap space, your system would slow down to the point where it could take hours just to close a window, and forget about switching to a text vt and logging on there to kill off a memory-hog process, because the system wouldn't be anywhere near responsive enough to log you in inside the timeout.
Linux has had a lot of improvements over the years, of course, but to my way of thinking that's the really big one.
And yeah, Linux was in the right place at the right time. A lot of programmers became interested early on in using it (and therefore in improving it) at least partly because of the BSD lawsuit thing. Once it achieved a certain critical mass of interested parties,
But anyway, BSD is important for me because, as an IT professional, I cannot afford to know Linux but ignore other Unix variants. I have to broaden my horizons beyond that. The reason I picked FreeBSD specifically is just because, when I was looking to install, the 6.0 release had just come out, so I grabbed that and used it. I had been thinking about getting into OpenBSD, and still might at some point, although it is also tempting to experiment with other things, like Darwin or Solaris x86, for the same reason I moved from Linux to BSD: I'm building a broader base of knowledge.
FWIW, there are things I like about FreeBSD, and other things where I like the Linux way better, and some areas where I've noticed a difference but not formed an opinion about which is better. And it is possible that some of the areas where I currently like Linux better that's just because it's more what I was used to, and I might eventually get over that as I use more other systems.
But why, oh why, do these Unix variants not have VMS-style file versioning? I really want that. Sure, it uses up more hard drive space, but have you seen the prices and sizes of hard drives lately? I want file versioning.
> However, the judges really wanted to see some sort of garbage collection vs. malloc/free
> or even an Intel/AMD mention... Let's see what the rest of the competitors have to offer.
Regarding gc vs malloc, probably the best solution is reference counting. That has the speed of malloc and most of the safety advantages of other, more expensive garbage collection schemes, as long as you don't do anything totally stupid like make cyclic rings of references and lose track of them. Refcounting is the approach Perl takes, so obviously that's the way to do things. Perl does everything the best possible way. Why do other languages even exist?
Obviously, the best combination is Perl, Emacs, KDE, and tcsh, on FreeBSD, on x86-64 hardware, with a Matrox video card and the Turtle Beach Santa Cruz soundcard, with esd for the sound subsystem. Also, be sure to set up Emacs to use Andale Mono, since that's by far the best fixed-width font. Oh, and you'll want sawfish for the window manager, since the default one that comes with KDE sucks, and Firefox and gmc to replace that Konqueror thing.
[drammatic pause]
How was that?
Your second point is pretty much invalid. If the sole of the shoe were made of military-grade explosives, walking, even jumping, would not cause the explosives to go off. Yes, there *are* explosives that are so unstable they can be set off that way, most famously nitroglycerine, but something like that is too impractical to use. The stuff they make grenades out of and use to blow up bridges isn't shock-sensitive like that.
Not that I'm saying the shoe-scanning is really necessary. Any amount of explosive that you can hide in the sole of a shoe can just as easily be worn under your clothes, I would think.
On the other hand, I don't understand why people make such a big deal about it either. It's not like taking off your shoes is a huge multi-minute inconvenience. It takes, what, six seconds? What a petty thing to whine about. Not being able to take a decent-sized beverage on the flight is a much greater annoyance, as far as I'm concerned.
Actually, I consider both HD DVD and Blu-Ray to be mostly-irrelevant niche products. Consumers aren't ready for another format switch yet. Most households still have VHS players, and many have *multiple* VHS players and only one DVD player (which, admittedly, is usually newer). Pretty much all video-watching households do have DVD players now, but this has only been the case for about a year (since, roughly, Christmas 2006). Many people still have more videotapes than DVDs in their household, though the size of their DVD collections is increasing. All of that is to say, DVD is still the *new* format. People aren't ready for it to be the old format yet.
Add the DVD and Blu-Ray sales figures together, and graph them month-by-month against the sales of VHS and DVD players. DVD is the big number, and the VHS figure is much much smaller (and in the last year or so mostly consists more or less entirely of combination units), but HD-DVD and Blu-Ray, combined, have a smaller figure yet.
Some people have attributed the slow uptake to the format war, but I disagree. I think consumers aren't ready for another change to a new format yet. It's too soon. Enthusiasts are ready, but enthusiasts were ready for LS120 SuperDisk drives too, and yet, for some reason, regular floppy disk drives continued to dominate the market for several more years (until the advent of affordable CD burners, which had the advantage of writing a format that everybody already had a reader for).
Neither HD-DVD nor Blu-Ray will be the successor of DVD, or, at least, not for several years for most people. Probably never, because some future format will come along that's better than all of the above. Based on Flash RAM technology, as likely as not.
You know, this could be just me, but it seems at least vaguely conceivable that the NPD group could potentially be somewhat biased in this matter. In the absense of any independent analysts agreeing with them, I am tempted to give greater weight to the various third parties reporting the opposite view. Not that I'd want to make a snap judgement or anything...
_Under_ $1/gallon? No.
But I do remember when gas was _exactly_ $1/gallon, at the pump, at every gas station, for several years running. My dad used to give me a dollar bill and a one-gallon gas can and send me to get gas for the mower.
Of course, that was regular gasoline. The old car (a Plymouth Duster) could run on that, but the new one (a Chevy Cavalier station wagon, which turned out to be a real lemon, but that's another story) required unleaded fuel only.
> An alcohol engine be ran safely at 12-14 to 1 compression raising efficiency
You're talking about an engine designed specifically for alcohol only. At this point, putting that kind of engine in ordinary vehicles marketed to ordinary consumers would be completely impractical, since in most areas people wouldn't be able to buy fuel for them at anything resembling sane prices. Where I live, for instance, the cheapest solution would be to go to the hardware store and get denatured alcohol (assuming a small percentage of methanol would be okay for the engine), at more than a dollar per quart. Nobody's interested in buying a vehicle with those kinds of requirements. Consequently, auto makers aren't interested in putting alcohol-only engines in cars.
If you want to talk about something that's (at least theoretically) practical in the real world, you have to talk about what ethanol can do in an engine that can also run on gasoline.
> In fact although there are lots of people out there who run
> OpenBSD as a workstation OS, I'm not really sure why you'd want to
Same reasons you choose any other distro for your workstation. You want to become more familiar with the system, so that when you use it on servers you'll be more knowledgeable about what you're doing. Doesn't everybody choose their desktop OS that way?
What? Stop looking at me like that.
They're *analagous* to papers, but they're clearly not papers as such, not literally anyway.
They could certainly be considered personal effects, though. IANAL, and I don't know the relevant case law, but that seems like the obvious way to categorize them.
Perhaps a more interesting question is the definition of "search". Traditionally a search involved physically going through things, but in the case of electronically stored information a "search" in that sense might not always be necessary, especially if the storage device supports wireless networking and is not entirely secure. I would tend to think that sort of electronic search would fall into the same general category as a wiretap (which I'm pretty sure you need a warrant for, at least if you want anything you find out to be admissible in court), but, again, IANAL, and I don't know the relelvant case law.
Is there a specific book you would recommend? I've been using FreeBSD on my main workstation at home for a while (since a month or so after 6.0 was released IIRC), and while some things about it are comfortable, others still feel a bit alien. I'd be interested in wrapping my mind around FreeBSD's way of doing things a little better. (Just at a power-user level, not as a developer. I write bits of custom app-level code for this and that, mostly in Perl, but I'm not interested in being an OS developer.)
... so I don't need general comp-sci stuff or explanations of how Unix is different from Windows XP. Mostly I just need to understand the things that set FreeBSD apart from other Unices.
If it matters, I have a pretty good background as a poweruser on various Linux distros, which I first started fooling with in '98. I've lost count of how many different Linux distributions I've worked with, but they still all tend to have some things in common (beyond just the kernel), as I rapidly discovered when I started using FreeBSD (which, despite being Unixey in general, is clearly not Linux). I've also worked with and played with an assortment of non-Unix OSes: DOS, BeOS, old Mac systems,
Incidentally, the most oustandingly *different* OS I've ever had occasion to work with, in a lot of ways, is VMS. Compared to how different VMS is, Windows and Unix start to look VERY similar, and FreeBSD and Linux may as well be identical. There are things about VMS that I really like... and things that I don't. But either way it's different.
> It will have the rendering engines for 7, 8, 9, 10, 11, 12, 13, 14 embedded in it.
Not in their entirety. Backward compatibility only goes so far.
Consider, for instance, software that was written for Windows 3.1. It was *supposed* to totally work, and in practice usually mostly worked, in Windows 95. Windows 98 didn't mess it up too bad either, apart from some widget and layout issues. But have you tried running it on Windows XP? Haha. Maybe if you install your Windows XP on a FAT32 filesystem, you conceivably might be able to get some of it to sort-of work. With Vista, that's totally not an option, so all the Windows 3.x software will finally be totally unusable. At long last.
Similarly, I would imagine that the broken IE6/7 HTML you see on the web today will mostly work in IE8 and probably in IE9 also, sort of work with some caveats in IE10 and maybe IE11, but by IE12 or so probably not.
Ironically, pages written for and tested in NCSA Mosaic still display fine in IE7 (and in Firefox too as far as that goes), but pages written for IE4 (or Netscape 4 for that matter) not so much. Of course, pages written for Mosaic don't specify anything that a modern web developer would call layout. I mean, you know, they've got paragraph breaks and, well, also they have paragraph breaks. So it's not too hard to get the rendering right.
Maybe he means that he can't count how many years he's been doing web development, because he wasn't old enough to read a calendar yet when he started. If he's, say, twenty years old now, and his dad was doing research at MIT when he was a wee lad, I guess it's conceivable that he could have been introduced to web development (such as it was at the time) along with the alphabet, when he was two or three, and not learned to read a calendar or count years until later.
In fact, I can just imagine some geek professor teaching his son:
Dad: What's this letter?
Son: Pee.
Dad: Good! What sound does it make?
Son: puh. puh. puh.
Dad: Good! And what does the <p> tag do in a web page?
Son: It jumps down and writes in a new place.
Dad: What do we call the new place?
Son: A pagaf.
Dad: PaRAgraph. Say Ruh, ruh, ruh, PaRUHgraph.
Oh, yeah, and speaking as a web developer, the IE8 update can't come too soon. The minute that's available on Windows Update for XP, my days of supporting IE7 will be numbered. IE6? That's already a memory, as far as I'm concerned. If you want to keep it on your corporate intranet for the support of some line-of-business application, that's fine, as long as your users either A) don't also need to browse the web or B) also have access to a modern browser.
I quit supporting IE6 once IE7 had been on Windows Updates (for XP) for a couple of weeks. That was, what, nearly a year ago now? Windows 98 users can download Firefox or Opera, or they can upgrade to an OS that the vendor still supports.
People who specifically want to reminisce about the nineties can keep IE6, IE5, or NCSA Mosaic for all I care, that's their business. But if you want to browse the web, which changes over time, and see it the way it's intended to be, you kind of have to accept the occasional update.
> No modern programming language or CPU uses anything but 2's complement integers
Meh. I don't consider a programming language or implementation to be modern unless it autopromotes as necessary to prevent overflow.