I admit, I'm not very familiar with Pachelbel's work. I'm familiar with Canon in D, of course, which is so ubiquitous it's well neigh impossible to miss, but I try not to judge a composer by his single most famous work, for two reasons.
First, even a great composer can write something that's more popular than it deserves to be and not representative of the rest of his work (e.g., BWV 565, which must be Bach's eighth or tenth most famous work but is FAR from being his eighth or tenth best). Anybody can write drivel occasionally, and hoi polloi can unaccountably latch onto it and just about forget they ever wrote anything else. Romeo and Juliet is perhaps the best example: not only is it easily the weakest of Shakespeare's tragic plays, it's also about five times as popular as the rest of them put together.
Second, it can also go the other way: sometimes an artist really has *one* really good work in him, and once he's written that, the rest of his career consists either of resting on his laurels or else turning out lower-quality works because it's all he can do. Cervantes, having written Don Quixote, was not destined subsequently to write anything else as noteworthy, not for lack of trying.
So without hearing some of his other work, I don't really know what I think of Pachelbel.
> Yes but when you download Open Office or install star office the look and feel is > subtley different they have their own logo's and design.
The look-and-feel design is probably not so much an issue (you can't trademark your whole UI), but the logo is another matter. Logos are a large part of what trademark law exists to protect, and unlike the product name ("Office", which is such a generic term and so closely related to the nature of the product's functionality that it is probably not a valid defensible trademark), the logo for MS Office is distinctive. If the "logo" were, say, an icon of a little piece of paper with writing on it, that would be much harder to defend, but the MS Office logo as it stands is... clearly a logo. I don't see how a competitor could ultimately get away with using Microsoft's product logo on a competing product.
With that said, I _don't_ see the MS Office logo on the Instacoll site. Not that I looked very hard, but I'm not seeing it featured visibly in the top corner or anything.
> I never understood how you can copyright three chords.
Heh.
What would be really great would be if you couldn't copyright music without counterpoint, on account of its being too trivial. Something tells me that particular reform won't be quick in coming, though.
In all seriousness, of course, it isn't the three chords themselves that are copyrightable, but a particular _arrangement_ of the three chords (or, even, just the arrangement of lead notes that form the melody line). That and the lyrics. Not that that low standard makes for good music, or anything, but yeah, it's copyrightable. For much the same reason, the lyrics to (This Song's Just) Six Words Long, and the linguistically challenged songs it parodies, are copyrightable also.
> Also older unixs ignore anything longer than an 8 character password, you are free to have a > longer one, thay'll just let you in regardless of what you type for character 9+.
How old is "older" in this context?
Because that's an extremely bad design, with a terrible failure mode. Hard limits on password length are Very Bad, but _silent_ limits on the _effective_ length are much, much worse. I have a hard time imagining that any such systems would still be in widespread use (on public-facing systems anyway) by now, with 15+ years under our belts of hard lessons about the sheer size and chaos that is the public internet.
> The main reason to not use sentence length passwords is _stupid_ yet common > password strength checkers do a dictionary check.
Okay, but if you know how to do your own strength calculations, why listen to what a flawed password strength checker is telling you? As I've noted before, a typical dictionary (e.g.,/usr/dict/words on my FreeBSD system) has a couple hundred thousand words in it, so stringing four arbitrary words together, assuming that the attacker knows you generated your passwords in this fashion, would take significantly longer to brute-force than a traditional eight-character mixed-alphanumeric mess (in fact, about as long as a _twelve_ character mixed-case alphanumeric mess), despite also being rather easier to remember. If you throw in a word that's unlikely to be in most dictionaries (common proper nouns don't count here; cracker dictionaries include them, for obvious reasons), then it's even stronger. Even quite minor mangling makes it even stronger.
Personally I like to make up my own pseudowords to throw into the mix for one of the words, resulting in something along these lines... forsakenly-namblifuzined-apolysis-toad arecaine-amoretto-became-malapulchrated gnophlichootsie-ninth-woodpeck-astern
It's difficult to exactly calculate the strength of those, but without question they are significantly stronger than the all-dictionary-words equivalent, and not very much harder to remember. Rainbow tables, in conjunction with distributed computing (using e.g., a botnet) would help (assuming the tables were constructed based on some knowledge of the password structure, e.g., assuming it uses dictionary words and is long), but assuming your system uses reasonable key strengthening measures (e.g., salt), that's only going to get an attacker so far.
And, of course, if a naive attacker tries to use the simple approach (try all single chars, then all permutations of two chars, then three, and so on), then they aren't going to get to passwords that long within your lifetime, and rainbow tables would probably not help much even _without_ strengthening measures.
This all assumes you're defending against remote attackers who can't do on-site surveillance. Otherwise you have to deal with possibilities like a hidden camera watching you type the password. It also assumes the user isn't going to install a trojan that comes with a keystroke sniffer, or give the password out over the phone in response to some kind of social engineering ("Hi, I'm calling from Gartner, and we're conducting a survey of information security practices, especially as regards typical password strength...") or cetera.
> The truth is that my wonderful Mother in Law had her computer > infected by merely clicking the subject line of an email on > her otherwise patched computer with antivirus and a hardware > firewall on a DSL connection. What did she do that she shouldn't > have?
Is this a trick question? It seems too obvious: she presumably double-clicked on the Outlook Express icon. Oops, her bad. Everyone who knows anything about computer security knows you don't do that...
> I don't think it's possible to predict what people are going to > click because it all depends on the type of message and the wording.
You're assuming people *read* the question before clicking. That's an even more bogus assumption than the article's absurd notion that people either always click yes or always click no. The relative position of the buttons (e.g., which one's on the right) is a much larger factor than the wording.
There *are* people who always click yes or always click no, and there *are* people who read the wording, but these people (all three categories combined, even) are very much in the minority. Most folks just frob an arbitrary button. (Incidentally, if there's an X in the upper right-hand corner of the window, that has to be considered as one of the buttons the user might click.) There may be a bias toward positive buttons (yes, ok) versus negative ones (no, cancel) (or vice versa, but I think the positive bias is more common), but there may very well also be a bias toward the button on the right or, depending on the user, the one on the left. And there's usually a bias toward the button that happens to be closest to the mouse pointer at the time. And none of these biases are 100%. Sometimes it depends on the user's mood. For instance, a given user might often click Yes but sometimes hit Enter and get the default button and, but sometimes the user might get fed-up with dialog boxes and start clicking the X in the corner. The pattern varies somewhat from user to user, but in general it's a messy pattern, and it only has anything to do with the wording for the single-digit percentage of users who actually read the thing.
> If the person accepts it, then they're an idiot and the plugin > battens down the OS for the duration of the transaction so that > all the other spyware can't get at it.
That was my understanding of what the article was saying. Problem is, it's not even theoretically possible to do. If the OS is already infected, nothing you can do can, short of wiping the drive and reinstalling from scratch, can give you a clean system. You could do your transaction in a VM, but nothing stops the host system from spying on the VM.
> and OpenBSD uses (a rather paranoid) 128 bits. Since it doesn't require any more effort > from the user, and only a tiny amount of resources, there's no reason not to use a large salt.
If it costs so little and has so much value, why does OpenBSD use such a piddling amount? 128 bits? Given the size of modern computer storage (both primary and secondary) and processing power, why not just use a couple dozen kilobytes of salt and have done? I mean, sure, it's overkill, but the nice thing about a good solid healthy dose of overkill is, you can stop worrying about whether it's really _enough_, and whether advances in technology in a couple of years might cause you to need to upgrade it. Why use 2-4 times as much salt as the competition, when you can just as easily use several *hundred* times as much?
(My guess at the answer is that there really *is* a cost to using more salt, so OpenBSD stops at 128 bits because they figure it's *enough*, and more would degrade performace or incur some other cost. But that's just a guess.)
On the other hand, I tend to think salt is mostly important because people use such weak passwords. If people would just stop trying to scrimp a couple of keystrokes and finally break down and use nice long 30+ character passwords, it would make brute-force attacks a *LOT* harder. For stuff where security actually matters, I tend to think sentence-length passwords are entirely reasonable.
ISTR a User Friendly strip where Erwin set some dude's password to ampersandforwardslashforwardslash rightsquarebrackethyphencapitalAsemicolonsemicolon. (Okay, so it's more likely that Erwin actually meant that he set it to &//]-A;;, but the spelled-out version is more spectacular, IMO.)
Of course, you still have to worry about your passwords being discovered via surveillance, social engineering, or good old rubber hose cryptanalysis...
With Windows 7 RTM _theoretically_ due in late 2009 or 2010 (in the same sense that Longhorn was due out in 2003, or maybe it was 2002, I don't remember precisely), and no sane sysadmin approving an upgrade to a new Microsoft OS until at least the first service pack, the question is, will Windowx XP SP2 still have extended support by the time Windows 7 SP1 comes out?
Completely aside from the security concerns, laptops are just plain painful to have to work with. From the end user's perspective, you've got a tiny little screen, a squished-up little low-quality keyboard that's hard to type on, and a pointing device that's so bad most people end up not using it. (An increasing number of laptop users carry around a USB mouse along with the laptop, which helps somewhat.) And then there's the maintenance issue. If anything goes wrong with the thing (hardwarily), you pretty much might as well just toss it and buy a new one, and that's a bit salty for most people. A laptop is a fairly big purchase, not really big like a house or a new car, but big enough that most people expect to be able to get them repaired, and laptops are typically difficult to fix. Having the peripherals built in is especially troublesome in this regard. In some cases you can send the thing in to the manufacturer, who may or may not be able to repair it, but that takes at least a couple of weeks, and meanwhile you've got no computer, which is increasingly unacceptable to many people. A desktop you can generally get fixed locally, in a day or two.
On top of all that, if you want to really use it "anywhere" like people think they will before they buy them, you have to fool around worrying about the current state of the battery all the time, which is such a pain that after a few weeks most laptop users just keep them plugged into an electrical outlet all the time. They still carry them around between different outlets (e.g., the office, the living room, the bedroom, maybe even the library), of course, but as computing and especially networking become more and more pervasive, there are going to just *be* computers in all of those places anyhow, and you'll be able to easily connect to any of them from any of the others, which pretty much negates most of the benefits of having a laptop.
Furthermore, laptops are pretty big to carry around. Too big to really be convenient. If you could get by with a much smaller device, something small enough to hold in one hand, that would be better. Cellphones are dominating that market right now, and they are if possible even more pervasive than laptops. Their feature set is still fairly limited at the moment, but it's growing, and it's already enough that people complain about the learning curve, so you know where that's headed. Give them a few years and the main advantage of the laptop will be its larger keyboard and screen, but for those things the laptop can't compete with desktop computers.
When you add to all that the cost of a laptop, which is typically as much as two or three regular PCs, the laptop no longer looks like such a good deal.
I'm not saying laptops don't have their uses, but I don't think they'll be anywhere near as popular twenty years from now as they are right now. I think a combination of pervasive network computing and smaller devices will eventually make them irrelevant. If you can check your mail and get maps on a handheld device (which can probably also make phone calls), and you can connect to your home system remotely and use it more or less as if it were local from pretty much any room of any building in the developed world, you won't need or want a laptop.
I know in the movies people use laptops to check their email on the beach, but in the real world people don't go to the beach to check email, and even if they do they can check it on their cellphone or whatever. In the real world people mainly use the laptop so they have a computer both at work and at home, and maybe in the hotel when they travel, and so forth. Once there are computers in all those places, the demand for laptops will decline.
I don't have any individual files that large. I think about 600MB is my record.
> not case sensitive
It's case preserving (well, under most OSes it is), and that's good enough for my data partition. I don't want to have a file named foo and another file in the same directory named FOO. Maybe you do want that, but I don't. That would just be pointlessly confusing.
> no support for permissions
For a system partition that would be a real killer, but for a partition that only holds my personal data, it just doesn't matter, at all.
> no journaling
Again, this matters more for a system partition than for a data partition.
> no symlinks
Yeah, I admit, that's a little annoying.
> I tend to use EXT3, linux/bsd support it natively, and third party drivers are available for osx and windows.
I don't want to limit myself to just those systems. I've already tried out all those systems (and several others), so there's an excellent chance the next OS that I want to try will be something else. But whatever it is, it'll almost certainly support FAT32. Everything does. The only more widely supported filesystems are FAT12, FAT16, and ISO9660. The first two don't support large enough filesystems for my purposes, and ISO9660 isn't really suitable for a data partition. (Oh, and incidentally, FreeBSD supports ext2, so it could read the data from an ext3 filesystem, but unless there's a recent development I've missed, it doesn't support the ext3 journaling. I'm a couple of point releases behind the latest, so it is possible that this has changed recently.)
> As for using a fat32 file-system I prefer ext3 since it is a Journaling file-system and does > recover quite well from abuse while fat32 does not.
ext3 is not yet widely enough supported for my purposes, as far as my data partition goes. (I like to play around with various OSes...) I do sometimes use it for / partitions, when the OS in question supports that. (At the moment I'm on FreeBSD, so / is ufs of course.)
As far as recovering from abuse, I suppose it depends what kind of abuse you're talking about, but FAT32 is a very *simple* filesystem and therefore tends to recover with reasonable grace from things like disk sectors going bad. (Typically you only lose one or two files. Or, rather, the changes to one or two files since your last backup.) The only time I ever had severe filesystem corruption on a FAT32 filesystem (in the form, just in case you wanted to know, of crosslinking -- more than one file using the same sectors at the same time) was when I was running DOS. Not Windows. DOS. This was on a 20MB hard drive, BTW. I've had severe filesystem corruption on ext2/3 partitions on several occasions (to the extent where multiple large sections of the directory hierarchy became unreadable). Fortunately these were system partitions, not data partitions, so all I had to do was reinstall the OS and I was good to go.
Of course, no filesystem is robust enough to eliminate the need for backups. Sometimes a disk goes bad all at once, not the media but the mechanism or PCB, so that you just can't get anything from it full stop, and in that case it makes no difference what filesystem you were using, you just have to get another disk and use your backups. And then there's the building fire contingency, which is why you always want to have _offsite_ backups.
Yeah, I too tend to make four partitions:/,/boot,/data, and swap. I use a FAT32 partition for/data (which is on a separate drive) so that if I switch OSes I don't have to worry about things like whether Knoppix supports ufs or whether FreeBSD comes with Reiser compiled in. Everything supports FAT32.
> And what is ~20 Mloc? About 20 million locations?
LOC stands for "lines of code", but it's meaningless if you don't know stuff like what language they're written in, whether that counts comments and documentation, what the general style of the code is, and so on. I mean, a function that takes as an argument a name that might be in any of several formats, normalizes it, and returns the same name in a very specific format, by the time you comment everything out the wazoo and build in the documentation, can be two hundred lines, or you can golf it down to one line, and that's in the same language. On top of that, one line written in a VHLL (say, Perl) is worth about twenty lines, on average, of code written in a third-generation language (e.g., C).
So what's 20 million lines of code? Without more information, there's no way to know. In theory that could be anything from a simple HTML parser right on up to an operating system with built-in web browser and office suite.
Didn't you get the memo? TPS reports are out. The total quality studies showed that they didn't improve overall synergy, so the management had a think-outside-the-box session and did away with them. Now instead we're filling out TPC cards for every fifteen minutes, documenting what we did with our time. There's a peer review program for the TPC cards as well, so we can cross-evaluate our coworkers' productivity.
"Most of the world" is an exaggeration, but maybe not by as much as you think. Putting the Commonwealth of Nations together with the US and France starts to look, if you squint, like the bulk of the developed world.
With that said, Veterans Day is not really a major holiday in the US. Banks are generally closed, plus the post office, and otherwise it's pretty much business as usual for the bulk of the population. In other words, it's just about as big a deal as Columbus Day. There are greeting card holidays with no legal status at all that get more widespread observance. I don't know how it is in the Commonwealth, but if they observe Remembrance Day the way we observe Vets Day, it's a pretty minor holiday.
Memorial Day is much more widely observed, though. A lot of businesses close for that. Not as many as for the Fourth, but a lot nonetheless, especially for a political holiday. (The really big holidays in the US, the ones that are generally observed with more than one day's worth of festivities, are religious in nature: Thanksgiving and Christmas. Easter probably would be the third big one, except it's always on a Sunday, so most non-retail white-collar businesses and government offices are already closed anyway.)
> Memorial Day is for fallen soldiers and Veterans Day is for all who served (living and dead).
That's splitting hairs. Apart from maybe the immediate families of the soldiers concerned, people either remember and honor the people who fought in wars, or they don't.
Then there's Labor Day. Virtually nobody even KNOWS anymore what that was originally supposed to be, but in practice it now serves exactly the same purpose as Memorial Day: a lot of people get a day off work and probably have a barbeque with their families or something. (Not that this isn't several orders of magnitude more worthwhile than New Years...)
The thing about national holidays is that, politically, you can never reduce the number of them. It's relatively easy to add one, but pretty soon you have too many. One per month is clearly far too many, but there's no way to cut back without deeply offending someone, and sooner or later there's going to be another push to add one for something... You pretty much need a full-scale revolution every few hundred years just to reset the count, and that's just messed up.
If you want to cross an ocean anonymously, the usual method is to get on a boat.
Note that I don't claim to know enough about the Reiser case to say whether there's a reasonable chance the alleged victim may actually be alive. But yeah, it's possible for a reasonably resourceful person to get from the US to Russia without people knowing.
> Does this apply to simply using the fonts in a document?
When it comes to font licensing, that's pretty much a FAQ. The answer is no: provided you aren't actually *embedding* the font in the document, a document is not a derivative work of every font it uses.
> Obviously you don't have any trouble getting invites to 'those' sorts of parties, then!
Nope, no trouble at all. I don't get invited to many parties, so there's seldom any trouble about having to come up with excuses. Which is good, because being one of those weirdos who isn't willing to outright lie, I tend to have difficulty making up excuses and would usually just blurt out the truth, something along the lines of "Well, I was planning to stay home alone that night and maybe read a little..." That's socially awkward, so just not getting invited in the first place is really better. Fortunately, most of my friends aren't big partiers either, so that works out pretty well.
I'd be satisfied if it could just print me up a finite improbability generator. Then all we need is some open-source software to calculate the exact improbabilities of things.
Slashdot Mirror
I admit, I'm not very familiar with Pachelbel's work. I'm familiar with Canon in D, of course, which is so ubiquitous it's well neigh impossible to miss, but I try not to judge a composer by his single most famous work, for two reasons.
First, even a great composer can write something that's more popular than it deserves to be and not representative of the rest of his work (e.g., BWV 565, which must be Bach's eighth or tenth most famous work but is FAR from being his eighth or tenth best). Anybody can write drivel occasionally, and hoi polloi can unaccountably latch onto it and just about forget they ever wrote anything else. Romeo and Juliet is perhaps the best example: not only is it easily the weakest of Shakespeare's tragic plays, it's also about five times as popular as the rest of them put together.
Second, it can also go the other way: sometimes an artist really has *one* really good work in him, and once he's written that, the rest of his career consists either of resting on his laurels or else turning out lower-quality works because it's all he can do. Cervantes, having written Don Quixote, was not destined subsequently to write anything else as noteworthy, not for lack of trying.
So without hearing some of his other work, I don't really know what I think of Pachelbel.
> Yes but when you download Open Office or install star office the look and feel is
> subtley different they have their own logo's and design.
The look-and-feel design is probably not so much an issue (you can't trademark your whole UI), but the logo is another matter. Logos are a large part of what trademark law exists to protect, and unlike the product name ("Office", which is such a generic term and so closely related to the nature of the product's functionality that it is probably not a valid defensible trademark), the logo for MS Office is distinctive. If the "logo" were, say, an icon of a little piece of paper with writing on it, that would be much harder to defend, but the MS Office logo as it stands is... clearly a logo. I don't see how a competitor could ultimately get away with using Microsoft's product logo on a competing product.
With that said, I _don't_ see the MS Office logo on the Instacoll site. Not that I looked very hard, but I'm not seeing it featured visibly in the top corner or anything.
> I never understood how you can copyright three chords.
Heh.
What would be really great would be if you couldn't copyright music without counterpoint, on account of its being too trivial. Something tells me that particular reform won't be quick in coming, though.
In all seriousness, of course, it isn't the three chords themselves that are copyrightable, but a particular _arrangement_ of the three chords (or, even, just the arrangement of lead notes that form the melody line). That and the lyrics. Not that that low standard makes for good music, or anything, but yeah, it's copyrightable. For much the same reason, the lyrics to (This Song's Just) Six Words Long, and the linguistically challenged songs it parodies, are copyrightable also.
> Also older unixs ignore anything longer than an 8 character password, you are free to have a
> longer one, thay'll just let you in regardless of what you type for character 9+.
How old is "older" in this context?
Because that's an extremely bad design, with a terrible failure mode. Hard limits on password length are Very Bad, but _silent_ limits on the _effective_ length are much, much worse. I have a hard time imagining that any such systems would still be in widespread use (on public-facing systems anyway) by now, with 15+ years under our belts of hard lessons about the sheer size and chaos that is the public internet.
So basically you're saying that the interface has been malapulchrated?
(Yes, I _was_ just looking for an excuse to use that word.)
> The main reason to not use sentence length passwords is _stupid_ yet common
/usr/dict/words on my FreeBSD system) has a couple hundred thousand words in it, so stringing four arbitrary words together, assuming that the attacker knows you generated your passwords in this fashion, would take significantly longer to brute-force than a traditional eight-character mixed-alphanumeric mess (in fact, about as long as a _twelve_ character mixed-case alphanumeric mess), despite also being rather easier to remember. If you throw in a word that's unlikely to be in most dictionaries (common proper nouns don't count here; cracker dictionaries include them, for obvious reasons), then it's even stronger. Even quite minor mangling makes it even stronger.
> password strength checkers do a dictionary check.
Okay, but if you know how to do your own strength calculations, why listen to what a flawed password strength checker is telling you? As I've noted before, a typical dictionary (e.g.,
Personally I like to make up my own pseudowords to throw into the mix for one of the words, resulting in something along these lines...
forsakenly-namblifuzined-apolysis-toad
arecaine-amoretto-became-malapulchrated
gnophlichootsie-ninth-woodpeck-astern
It's difficult to exactly calculate the strength of those, but without question they are significantly stronger than the all-dictionary-words equivalent, and not very much harder to remember. Rainbow tables, in conjunction with distributed computing (using e.g., a botnet) would help (assuming the tables were constructed based on some knowledge of the password structure, e.g., assuming it uses dictionary words and is long), but assuming your system uses reasonable key strengthening measures (e.g., salt), that's only going to get an attacker so far.
And, of course, if a naive attacker tries to use the simple approach (try all single chars, then all permutations of two chars, then three, and so on), then they aren't going to get to passwords that long within your lifetime, and rainbow tables would probably not help much even _without_ strengthening measures.
This all assumes you're defending against remote attackers who can't do on-site surveillance. Otherwise you have to deal with possibilities like a hidden camera watching you type the password. It also assumes the user isn't going to install a trojan that comes with a keystroke sniffer, or give the password out over the phone in response to some kind of social engineering ("Hi, I'm calling from Gartner, and we're conducting a survey of information security practices, especially as regards typical password strength...") or cetera.
> It would have to be specifically programmed to compromise that particular plugin.
Probably so. However, you're a major online vendor, that doesn't really help you, because the blackhats *will* target you.
> The truth is that my wonderful Mother in Law had her computer
> infected by merely clicking the subject line of an email on
> her otherwise patched computer with antivirus and a hardware
> firewall on a DSL connection. What did she do that she shouldn't
> have?
Is this a trick question? It seems too obvious: she presumably double-clicked on the Outlook Express icon. Oops, her bad. Everyone who knows anything about computer security knows you don't do that...
> I don't think it's possible to predict what people are going to
> click because it all depends on the type of message and the wording.
You're assuming people *read* the question before clicking. That's an even more bogus assumption than the article's absurd notion that people either always click yes or always click no. The relative position of the buttons (e.g., which one's on the right) is a much larger factor than the wording.
There *are* people who always click yes or always click no, and there *are* people who read the wording, but these people (all three categories combined, even) are very much in the minority. Most folks just frob an arbitrary button. (Incidentally, if there's an X in the upper right-hand corner of the window, that has to be considered as one of the buttons the user might click.) There may be a bias toward positive buttons (yes, ok) versus negative ones (no, cancel) (or vice versa, but I think the positive bias is more common), but there may very well also be a bias toward the button on the right or, depending on the user, the one on the left. And there's usually a bias toward the button that happens to be closest to the mouse pointer at the time. And none of these biases are 100%. Sometimes it depends on the user's mood. For instance, a given user might often click Yes but sometimes hit Enter and get the default button and, but sometimes the user might get fed-up with dialog boxes and start clicking the X in the corner. The pattern varies somewhat from user to user, but in general it's a messy pattern, and it only has anything to do with the wording for the single-digit percentage of users who actually read the thing.
> If the person accepts it, then they're an idiot and the plugin
> battens down the OS for the duration of the transaction so that
> all the other spyware can't get at it.
That was my understanding of what the article was saying. Problem is, it's not even theoretically possible to do. If the OS is already infected, nothing you can do can, short of wiping the drive and reinstalling from scratch, can give you a clean system. You could do your transaction in a VM, but nothing stops the host system from spying on the VM.
> and OpenBSD uses (a rather paranoid) 128 bits. Since it doesn't require any more effort
> from the user, and only a tiny amount of resources, there's no reason not to use a large salt.
If it costs so little and has so much value, why does OpenBSD use such a piddling amount? 128 bits? Given the size of modern computer storage (both primary and secondary) and processing power, why not just use a couple dozen kilobytes of salt and have done? I mean, sure, it's overkill, but the nice thing about a good solid healthy dose of overkill is, you can stop worrying about whether it's really _enough_, and whether advances in technology in a couple of years might cause you to need to upgrade it. Why use 2-4 times as much salt as the competition, when you can just as easily use several *hundred* times as much?
(My guess at the answer is that there really *is* a cost to using more salt, so OpenBSD stops at 128 bits because they figure it's *enough*, and more would degrade performace or incur some other cost. But that's just a guess.)
On the other hand, I tend to think salt is mostly important because people use such weak passwords. If people would just stop trying to scrimp a couple of keystrokes and finally break down and use nice long 30+ character passwords, it would make brute-force attacks a *LOT* harder. For stuff where security actually matters, I tend to think sentence-length passwords are entirely reasonable.
ISTR a User Friendly strip where Erwin set some dude's password to ampersandforwardslashforwardslash rightsquarebrackethyphencapitalAsemicolonsemicolon. (Okay, so it's more likely that Erwin actually meant that he set it to &//]-A;;, but the spelled-out version is more spectacular, IMO.)
Of course, you still have to worry about your passwords being discovered via surveillance, social engineering, or good old rubber hose cryptanalysis...
> With Windows 7 due in late 2009 or 2010,
With Windows 7 RTM _theoretically_ due in late 2009 or 2010 (in the same sense that Longhorn was due out in 2003, or maybe it was 2002, I don't remember precisely), and no sane sysadmin approving an upgrade to a new Microsoft OS until at least the first service pack, the question is, will Windowx XP SP2 still have extended support by the time Windows 7 SP1 comes out?
Completely aside from the security concerns, laptops are just plain painful to have to work with. From the end user's perspective, you've got a tiny little screen, a squished-up little low-quality keyboard that's hard to type on, and a pointing device that's so bad most people end up not using it. (An increasing number of laptop users carry around a USB mouse along with the laptop, which helps somewhat.) And then there's the maintenance issue. If anything goes wrong with the thing (hardwarily), you pretty much might as well just toss it and buy a new one, and that's a bit salty for most people. A laptop is a fairly big purchase, not really big like a house or a new car, but big enough that most people expect to be able to get them repaired, and laptops are typically difficult to fix. Having the peripherals built in is especially troublesome in this regard. In some cases you can send the thing in to the manufacturer, who may or may not be able to repair it, but that takes at least a couple of weeks, and meanwhile you've got no computer, which is increasingly unacceptable to many people. A desktop you can generally get fixed locally, in a day or two.
On top of all that, if you want to really use it "anywhere" like people think they will before they buy them, you have to fool around worrying about the current state of the battery all the time, which is such a pain that after a few weeks most laptop users just keep them plugged into an electrical outlet all the time. They still carry them around between different outlets (e.g., the office, the living room, the bedroom, maybe even the library), of course, but as computing and especially networking become more and more pervasive, there are going to just *be* computers in all of those places anyhow, and you'll be able to easily connect to any of them from any of the others, which pretty much negates most of the benefits of having a laptop.
Furthermore, laptops are pretty big to carry around. Too big to really be convenient. If you could get by with a much smaller device, something small enough to hold in one hand, that would be better. Cellphones are dominating that market right now, and they are if possible even more pervasive than laptops. Their feature set is still fairly limited at the moment, but it's growing, and it's already enough that people complain about the learning curve, so you know where that's headed. Give them a few years and the main advantage of the laptop will be its larger keyboard and screen, but for those things the laptop can't compete with desktop computers.
When you add to all that the cost of a laptop, which is typically as much as two or three regular PCs, the laptop no longer looks like such a good deal.
I'm not saying laptops don't have their uses, but I don't think they'll be anywhere near as popular twenty years from now as they are right now. I think a combination of pervasive network computing and smaller devices will eventually make them irrelevant. If you can check your mail and get maps on a handheld device (which can probably also make phone calls), and you can connect to your home system remotely and use it more or less as if it were local from pretty much any room of any building in the developed world, you won't need or want a laptop.
I know in the movies people use laptops to check their email on the beach, but in the real world people don't go to the beach to check email, and even if they do they can check it on their cellphone or whatever. In the real world people mainly use the laptop so they have a computer both at work and at home, and maybe in the hotel when they travel, and so forth. Once there are computers in all those places, the demand for laptops will decline.
> fat32 is a really quite crappy filesystem...
I suppose it depends what you want...
> No support for files over 4gb
I don't have any individual files that large. I think about 600MB is my record.
> not case sensitive
It's case preserving (well, under most OSes it is), and that's good enough for my data partition. I don't want to have a file named foo and another file in the same directory named FOO. Maybe you do want that, but I don't. That would just be pointlessly confusing.
> no support for permissions
For a system partition that would be a real killer, but for a partition that only holds my personal data, it just doesn't matter, at all.
> no journaling
Again, this matters more for a system partition than for a data partition.
> no symlinks
Yeah, I admit, that's a little annoying.
> I tend to use EXT3, linux/bsd support it natively, and third party drivers are available for osx and windows.
I don't want to limit myself to just those systems. I've already tried out all those systems (and several others), so there's an excellent chance the next OS that I want to try will be something else. But whatever it is, it'll almost certainly support FAT32. Everything does. The only more widely supported filesystems are FAT12, FAT16, and ISO9660. The first two don't support large enough filesystems for my purposes, and ISO9660 isn't really suitable for a data partition. (Oh, and incidentally, FreeBSD supports ext2, so it could read the data from an ext3 filesystem, but unless there's a recent development I've missed, it doesn't support the ext3 journaling. I'm a couple of point releases behind the latest, so it is possible that this has changed recently.)
> As for using a fat32 file-system I prefer ext3 since it is a Journaling file-system and does
> recover quite well from abuse while fat32 does not.
ext3 is not yet widely enough supported for my purposes, as far as my data partition goes. (I like to play around with various OSes...) I do sometimes use it for / partitions, when the OS in question supports that. (At the moment I'm on FreeBSD, so / is ufs of course.)
As far as recovering from abuse, I suppose it depends what kind of abuse you're talking about, but FAT32 is a very *simple* filesystem and therefore tends to recover with reasonable grace from things like disk sectors going bad. (Typically you only lose one or two files. Or, rather, the changes to one or two files since your last backup.) The only time I ever had severe filesystem corruption on a FAT32 filesystem (in the form, just in case you wanted to know, of crosslinking -- more than one file using the same sectors at the same time) was when I was running DOS. Not Windows. DOS. This was on a 20MB hard drive, BTW. I've had severe filesystem corruption on ext2/3 partitions on several occasions (to the extent where multiple large sections of the directory hierarchy became unreadable). Fortunately these were system partitions, not data partitions, so all I had to do was reinstall the OS and I was good to go.
Of course, no filesystem is robust enough to eliminate the need for backups. Sometimes a disk goes bad all at once, not the media but the mechanism or PCB, so that you just can't get anything from it full stop, and in that case it makes no difference what filesystem you were using, you just have to get another disk and use your backups. And then there's the building fire contingency, which is why you always want to have _offsite_ backups.
And while we're doing silly chemistry rhymes...
A mosquito was heard to complain
that a chemist had poisoned his brain.
The source of his sorrow
was 4-4 dichloro
diphenyltrichloroethane.
Yeah, I too tend to make four partitions: /, /boot, /data, and swap. I use a FAT32 partition for /data (which is on a separate drive) so that if I switch OSes I don't have to worry about things like whether Knoppix supports ufs or whether FreeBSD comes with Reiser compiled in. Everything supports FAT32.
> And what is ~20 Mloc? About 20 million locations?
LOC stands for "lines of code", but it's meaningless if you don't know stuff like what language they're written in, whether that counts comments and documentation, what the general style of the code is, and so on. I mean, a function that takes as an argument a name that might be in any of several formats, normalizes it, and returns the same name in a very specific format, by the time you comment everything out the wazoo and build in the documentation, can be two hundred lines, or you can golf it down to one line, and that's in the same language. On top of that, one line written in a VHLL (say, Perl) is worth about twenty lines, on average, of code written in a third-generation language (e.g., C).
So what's 20 million lines of code? Without more information, there's no way to know. In theory that could be anything from a simple HTML parser right on up to an operating system with built-in web browser and office suite.
> How much time do you spend on TPS reports?
Didn't you get the memo? TPS reports are out. The total quality studies showed that they didn't improve overall synergy, so the management had a think-outside-the-box session and did away with them. Now instead we're filling out TPC cards for every fifteen minutes, documenting what we did with our time. There's a peer review program for the TPC cards as well, so we can cross-evaluate our coworkers' productivity.
"Most of the world" is an exaggeration, but maybe not by as much as you think. Putting the Commonwealth of Nations together with the US and France starts to look, if you squint, like the bulk of the developed world.
With that said, Veterans Day is not really a major holiday in the US. Banks are generally closed, plus the post office, and otherwise it's pretty much business as usual for the bulk of the population. In other words, it's just about as big a deal as Columbus Day. There are greeting card holidays with no legal status at all that get more widespread observance. I don't know how it is in the Commonwealth, but if they observe Remembrance Day the way we observe Vets Day, it's a pretty minor holiday.
Memorial Day is much more widely observed, though. A lot of businesses close for that. Not as many as for the Fourth, but a lot nonetheless, especially for a political holiday. (The really big holidays in the US, the ones that are generally observed with more than one day's worth of festivities, are religious in nature: Thanksgiving and Christmas. Easter probably would be the third big one, except it's always on a Sunday, so most non-retail white-collar businesses and government offices are already closed anyway.)
> Memorial Day is for fallen soldiers and Veterans Day is for all who served (living and dead).
That's splitting hairs. Apart from maybe the immediate families of the soldiers concerned, people either remember and honor the people who fought in wars, or they don't.
Then there's Labor Day. Virtually nobody even KNOWS anymore what that was originally supposed to be, but in practice it now serves exactly the same purpose as Memorial Day: a lot of people get a day off work and probably have a barbeque with their families or something. (Not that this isn't several orders of magnitude more worthwhile than New Years...)
The thing about national holidays is that, politically, you can never reduce the number of them. It's relatively easy to add one, but pretty soon you have too many. One per month is clearly far too many, but there's no way to cut back without deeply offending someone, and sooner or later there's going to be another push to add one for something... You pretty much need a full-scale revolution every few hundred years just to reset the count, and that's just messed up.
> People don't fly anonymously, do they?
If you want to cross an ocean anonymously, the usual method is to get on a boat.
Note that I don't claim to know enough about the Reiser case to say whether there's a reasonable chance the alleged victim may actually be alive. But yeah, it's possible for a reasonably resourceful person to get from the US to Russia without people knowing.
> Does this apply to simply using the fonts in a document?
When it comes to font licensing, that's pretty much a FAQ. The answer is no: provided you aren't actually *embedding* the font in the document, a document is not a derivative work of every font it uses.
> Obviously you don't have any trouble getting invites to 'those' sorts of parties, then!
Nope, no trouble at all. I don't get invited to many parties, so there's seldom any trouble about having to come up with excuses. Which is good, because being one of those weirdos who isn't willing to outright lie, I tend to have difficulty making up excuses and would usually just blurt out the truth, something along the lines of "Well, I was planning to stay home alone that night and maybe read a little..." That's socially awkward, so just not getting invited in the first place is really better. Fortunately, most of my friends aren't big partiers either, so that works out pretty well.
> ...until it can print another 3D printer.
I'd be satisfied if it could just print me up a finite improbability generator. Then all we need is some open-source software to calculate the exact improbabilities of things.