I'm on the verge of putting XP back on the system now, I just need to set aside a couple of days out my schedule (which is about what it takes to reinstall the many various apps I need --- I'm happy that you could do it 4 hours but for me that's impossible, I need amongst others Visual Studio 6, Visual Studio 2005, Photoshop, Eraser, Apache/PHP/MySQL, PostgreSQL, TortoiseSVN, Firefox, Opera, my mail client, PuTTY, Total Commander, a proper text editor, doxygen, Private Disk Light, the cellphone software, the digital camera software, codecs, VLC, WinAmp, Skype, Pidgin, OpenOffice, MS Office 2007, VNC viewer, anti-virus and many more - that's a good two or three days of just straight installing:/).
Yes, this is the true cost of running Windows. I just get the latest Fedora CD, install everything, and it's done. If a package got left out I just say 'smart install whatever'. If I want one or two obscure applications not included with Fedora then it takes half an hour of fiddling around to add third-party RPM repositories and do 'smart upgrade'. And they say that installing apps on Linux is a pain...
Perhaps it's not an entirely fair comparison because 'cellphone software', 'digital camera software', proprietary codecs and other semi-junkware isn't included.
Separation of memory and cpu registers does not make a virtual machine. Sorry. We've had that for decades now.
See Wikipedia:
Virtual machines are separated in two major categories, based on their use and degree of correspondence to any real machine. A system virtual machine provides a complete system platform which supports the execution of a complete operating system (OS). In contrast, a process virtual machine is designed to run a single program, which means that it supports a single process. An essential characteristic of a virtual machine is that the software running inside is limited to the resources and abstractions provided by the virtual machine -- it cannot break out of its virtual world.
What operating systems provide is a process virtual machine. The process doesn't have access to the underlying hardware; it sees a virtual memory space that doesn't correspond to the physical memory, and runs on a virtual CPU (the virtual CPU may support extra instructions not handled by the physical CPU, as with current Linux/ARM floating point operations). A virtual machine doesn't have to mean a system virtual machine capable of running a whole OS, although indeed you can write operating systems designed to run in an ordinary Unix process container.
It's certainly true that the process running in the virtual machine cannot break out of its world. If you don't believe me, try to write a C program that directly accesses the disk controller or physical memory. Anything the process does must be done using the facilities provided by the OS.
Yes, virtual machines have existed for decades now. We are mostly using process virtual machines in Unix-like and Windows systems. System virtual machines have been around for decades too, of course, just not on the desktop.
Evolution is not an explanation. It's what happens when animals change over time. Some may disagree that this happened; for example they may say that God just made some dinosaur bones. But generally, it's accepted as fact, just as a round earth is accepted as fact even though some say the earth is flat.
(Indeed, the fact that an archaeologist dug up the bones could also be questioned. How do you know that Satan didn't just implant a false memory?)
Now, the explanation for evolution could be natural selection, or it could be intelligent design, or something else.
Note that all modern operating systems do run each process in its own virtual machine. The process sees its own memory space that has no relation to the physical memory layout of the machine (indeed, it may even be bigger) and it has no direct access to the hardware. It gets CPU time that doesn't correspond to any one physical CPU; it may get timeslices from different CPUs if the operating system decides this. If it wants to read or write a file, it has to make a call to the operating system which first checks it has the appropriate permissions and then arranges for the I/O without allowing the user process to talk to the disk directly. Nor can processes access memory belonging to a different process, unless both agree to set up a shared memory scheme.
The problem is not lack of virtualization. Everything is virtualized already. The problem is excessive permissions given to the programs running in each virtual address space. For example, the web browser should not have any rights to save files outside a designated 'downloads' directory.
WTF? Are you suggesting that users should avoid infection by not visiting websites with a domain 'less than a few weeks old'? How are they going to verify this information before each page click? If this is really a good rule to follow, it needs to be built into the browser. You can't rely on users not to do something stupid when the definition of 'stupid' gets wider and wider each year.
It only takes one site to compromise the user's machine if the user is running something exploitable. Surely the only sensible way is to treat every site as untrusted. If running with executable content disabled is necessary to avoid infection, then executable content needs to be turned off for all sites except those specifically on a whitelist (and authenticated with SSL certificates or whatnot).
Even if we are a simulation in a computer, it's still true that horses used to have toes and now they have hooves. This is a fact; even literalist religious types take it as fact; they just have some kooky explanation for why things are that way. There may be a very few people who believe that evolution has not happened - that all the creatures on God's earth today are just the same as they have always been, but then again there are people who fervently believe the earth is flat. Nonetheless it is a fact that the earth is round.
Evolution is a fact. For example dinosaurs used to exist and they don't now; horses, dogs and cats have changed. This is accepted by everyone. What is in dispute is the explanation for that evolution. It could be caused by natural selection or by something else (certainly by something else in the case of the three animals mentioned). Natural selection is a scientific theory. So be careful with the terminology.
Basically, Microsoft reserves the right to sue you for software patent infringements. So do thousands of other big software companies and patent troll outfits. The new thing now is that Microsoft likes to generate FUD by producing partial waivers and promises that apply to some people in limited circumstances (Novell customers, people 'implementing a Covered Specification', and so on). The inadequacy of this promise draws attention to the implicit threat to tie you up in swpat lawsuits, which was always there - but until this masterstroke of PR the threat wasn't commented on much.
Ignore the vague language and develop software as you always have.
It's interesting that the main reason given by the Commissioner is that some artists who had a hit record 50 years ago will no longer get a regular income. This is Slashdot, and I don't need to rehearse again the arguments about the true purpose of copyright being to benefit the public, not artists or publishers. However we should note the emotive argument here (if you don't extend copyright, poor Cliff Richard might starve) and maybe do something about it.
The Commissioner said that CD of out-of-copyright recordings cost just as much to the consumer as copyrighted ones. If the record companies really cared about the artists, they would voluntarily pay royalties even though copyright doesn't require it; after all, they are passing on the cost to the consumer. But remember Radiohead's recent album release where you pay what you want to download it. It is likely they got more money that way than by a normal record deal. So how about a site to download out-of-copyright music recordings that lets you pay as much or as little as you want directly to the artist? The artists might get rather more money from this site than they would from the meagre royalties the record company used to pay them when the recording was in copyright. This would draw attention to the public domain and help demolish the myth that the copyright lobbyists only have the artists' interests at heart.
The trouble is, the techniques that help you disentangle a bundle of cables not attached to any equipment are not applicable when some of the cables are plugged in and need to stay plugged in, as usually in real life. They need a variant of the sport where there are thirty cables, some plugged into various patch panels at both ends, some at one end only, and some free; your task is to extract the loose and dangling cables and leave the working ones.
Just the other day, I helped an enterprise client do some work in MSSQL - they had to import LITERALLY DOZENS of customer records from an SQL database into a spreadsheet. We managed to do this quite easily by clicking the mouse for a few hours together, setting the ODBC drivers up using heaps of helpful GUI tools. We then managed to get the spreadsheet to AUTOMATICALLY TOTAL all of the postcodes for the customer records, and even calculate the AVERAGE of the postcodes.
Try doing THAT with your little shareware database !! Hmmph !
Who the hell decided that the DTD should be identified with an http: URI anyway? It's as though some people think that any URI has to begin with http:. If you're not meant to fetch it using the hypertext transfer protocol, don't make a URI that says you should.
He's saying "aim for as much security as you can get" not "aim for 100% impregnable", there is no such thing. Even Open BSD isn't impregnable, despite their claims.
I don't think the OpenBSD people have ever claimed that; only that they have a fairly good track record of not shipping exploitable code.
But anyway, the fact that 100% security is not possible does not mean that it isn't a worthwhile target to aim for. Looking at the sorry state of most computer security, I don't think its problems are caused by aiming too high; quite the opposite.
What do you mean, the problem is usually the user? That's like disclaiming responsibility for a roof that leaks when it rains by saying 'the problem is the weather'. No, we all understand that users are stupid, and it is the security professional's job to design a system that works even when faced with stupidity. Not to speculate about an ideal world where stupidity does not exist.
In this particular case, why should it be a risk to disclose your email address by ccing everyone? What kind of broken system exposes you to malware or spam just because your address is publicly known? Surely the whole point of having an address is that you can disclose it safely. On the other hand, if you decide that email addresses should not be disclosed and that cc'ing everyone is a security risk, why does the mail client provide an easy option to do it?
Linux used to have some thing called iBCS (Intel Binary Compatibility Standard) where you could run (some? all?) SCO Unix binaries on your Linux/i386 box, but it rotted and iBCS2 was recently pulled from the kernel.
Slashdot Mirror
Perhaps it's not an entirely fair comparison because 'cellphone software', 'digital camera software', proprietary codecs and other semi-junkware isn't included.
It's certainly true that the process running in the virtual machine cannot break out of its world. If you don't believe me, try to write a C program that directly accesses the disk controller or physical memory. Anything the process does must be done using the facilities provided by the OS.
Yes, virtual machines have existed for decades now. We are mostly using process virtual machines in Unix-like and Windows systems. System virtual machines have been around for decades too, of course, just not on the desktop.
Thanks, but neither my post nor the grandparent used 'open source' as a verb.
Evolution is not an explanation. It's what happens when animals change over time. Some may disagree that this happened; for example they may say that God just made some dinosaur bones. But generally, it's accepted as fact, just as a round earth is accepted as fact even though some say the earth is flat.
(Indeed, the fact that an archaeologist dug up the bones could also be questioned. How do you know that Satan didn't just implant a false memory?)
Now, the explanation for evolution could be natural selection, or it could be intelligent design, or something else.
It's good to see that they have overcome their open source constipation.
Note that all modern operating systems do run each process in its own virtual machine. The process sees its own memory space that has no relation to the physical memory layout of the machine (indeed, it may even be bigger) and it has no direct access to the hardware. It gets CPU time that doesn't correspond to any one physical CPU; it may get timeslices from different CPUs if the operating system decides this. If it wants to read or write a file, it has to make a call to the operating system which first checks it has the appropriate permissions and then arranges for the I/O without allowing the user process to talk to the disk directly. Nor can processes access memory belonging to a different process, unless both agree to set up a shared memory scheme.
The problem is not lack of virtualization. Everything is virtualized already. The problem is excessive permissions given to the programs running in each virtual address space. For example, the web browser should not have any rights to save files outside a designated 'downloads' directory.
WTF? Are you suggesting that users should avoid infection by not visiting websites with a domain 'less than a few weeks old'? How are they going to verify this information before each page click? If this is really a good rule to follow, it needs to be built into the browser. You can't rely on users not to do something stupid when the definition of 'stupid' gets wider and wider each year.
It only takes one site to compromise the user's machine if the user is running something exploitable. Surely the only sensible way is to treat every site as untrusted. If running with executable content disabled is necessary to avoid infection, then executable content needs to be turned off for all sites except those specifically on a whitelist (and authenticated with SSL certificates or whatnot).
Even if we are a simulation in a computer, it's still true that horses used to have toes and now they have hooves. This is a fact; even literalist religious types take it as fact; they just have some kooky explanation for why things are that way. There may be a very few people who believe that evolution has not happened - that all the creatures on God's earth today are just the same as they have always been, but then again there are people who fervently believe the earth is flat. Nonetheless it is a fact that the earth is round.
Things falling to the ground is a fact; one explanation for it is Newton's theory of gravitation, also called gravity.
Evolution is a fact. For example dinosaurs used to exist and they don't now; horses, dogs and cats have changed. This is accepted by everyone. What is in dispute is the explanation for that evolution. It could be caused by natural selection or by something else (certainly by something else in the case of the three animals mentioned). Natural selection is a scientific theory. So be careful with the terminology.
Basically, Microsoft reserves the right to sue you for software patent infringements. So do thousands of other big software companies and patent troll outfits. The new thing now is that Microsoft likes to generate FUD by producing partial waivers and promises that apply to some people in limited circumstances (Novell customers, people 'implementing a Covered Specification', and so on). The inadequacy of this promise draws attention to the implicit threat to tie you up in swpat lawsuits, which was always there - but until this masterstroke of PR the threat wasn't commented on much.
Ignore the vague language and develop software as you always have.
So... how can you tweak your Bittorrent client to fool Comcast into thinking it is making lots of small downloads?
This has already happened.
It's interesting that the main reason given by the Commissioner is that some artists who had a hit record 50 years ago will no longer get a regular income. This is Slashdot, and I don't need to rehearse again the arguments about the true purpose of copyright being to benefit the public, not artists or publishers. However we should note the emotive argument here (if you don't extend copyright, poor Cliff Richard might starve) and maybe do something about it.
The Commissioner said that CD of out-of-copyright recordings cost just as much to the consumer as copyrighted ones. If the record companies really cared about the artists, they would voluntarily pay royalties even though copyright doesn't require it; after all, they are passing on the cost to the consumer. But remember Radiohead's recent album release where you pay what you want to download it. It is likely they got more money that way than by a normal record deal. So how about a site to download out-of-copyright music recordings that lets you pay as much or as little as you want directly to the artist? The artists might get rather more money from this site than they would from the meagre royalties the record company used to pay them when the recording was in copyright. This would draw attention to the public domain and help demolish the myth that the copyright lobbyists only have the artists' interests at heart.
Demonstrably not true. When did you last use a fork or a bottle opener?
The trouble is, the techniques that help you disentangle a bundle of cables not attached to any equipment are not applicable when some of the cables are plugged in and need to stay plugged in, as usually in real life. They need a variant of the sport where there are thirty cables, some plugged into various patch panels at both ends, some at one end only, and some free; your task is to extract the loose and dangling cables and leave the working ones.
Who the hell decided that the DTD should be identified with an http: URI anyway? It's as though some people think that any URI has to begin with http:. If you're not meant to fetch it using the hypertext transfer protocol, don't make a URI that says you should.
But I always set the desktop background to black anyway!
But anyway, the fact that 100% security is not possible does not mean that it isn't a worthwhile target to aim for. Looking at the sorry state of most computer security, I don't think its problems are caused by aiming too high; quite the opposite.
What do you mean, the problem is usually the user? That's like disclaiming responsibility for a roof that leaks when it rains by saying 'the problem is the weather'. No, we all understand that users are stupid, and it is the security professional's job to design a system that works even when faced with stupidity. Not to speculate about an ideal world where stupidity does not exist.
In this particular case, why should it be a risk to disclose your email address by ccing everyone? What kind of broken system exposes you to malware or spam just because your address is publicly known? Surely the whole point of having an address is that you can disclose it safely. On the other hand, if you decide that email addresses should not be disclosed and that cc'ing everyone is a security risk, why does the mail client provide an easy option to do it?
You could boot from a floppy or a CD and mount the whole disk (/dev/sda) as your root filesystem. Dunno if TrueCrypt supports this out of the box.
What remaining SCO user base?
Linux used to have some thing called iBCS (Intel Binary Compatibility Standard) where you could run (some? all?) SCO Unix binaries on your Linux/i386 box, but it rotted and iBCS2 was recently pulled from the kernel.