A normal Linux installation is also read-only, for non-root users. It's probably not quite as bulletproof as a mounted read-only disk image, but I believe that FHS-compliant distributions should always work with/usr/ mounted read-only, at least.
If there are things an unprivileged user can do to screw up the system, they are normally security holes, and should be fixed. (Not saying they don't exist - read-only mounts can still be useful if you are really paranoid.) (One thing you might worry about is hitting the reset button and corrupting the disk - a CD-ROM is certainly immune to that, though journalling filesystems should be robust against it too.)
Hmm, so the 'amount' of hash cash postage is probabilistic, but then so is the determination of what is spam and what isn't. It is unlikely that a spammer would run the hash cash code and get very good luck to hit long collisions by accident, so the length of collision found is a reasonable indicator of the computing time put in.
Correct me if I'm wrong - but surely a collision of 6 bits could not take any less time to find than one of 5 bits, and quite likely would take longer. So, a longer collision should be treated as better, though the probabilistic weighting you give to this might have to be carefully chosen.
I envisage that the amount of computation could be variable by the client, and it would be one of several factors weighed. For example with Spamassassin you might see something like
HTML.........1.0 points.....Message contains HTML
HASH_CASH....-3.5 points....Hash cash payment of 35 computrons
Total score: -2.5 points ==> not spam
As usual, the Spamassassin developers would look at their corpus of spam and ham and derive the right weighting for different amounts of hash cash postage. Users could tweak it themselves if they wanted.
Personally I favour computing-time payments like hash cash; they'd be an equal impediment to sending out large numbers of messages, but wouldn't require all the banking infrastructure of micropayments, just a small bit of code on the client to verify the 'postage'.
The biggest problem with charging postage in terms of computation expense is that spammers might use worms and viruses to hijack individual PCs to do the computation and send out the messages. Whereas if you are requiring real money, hijacking a PC to pay that is a serious offence and more likely to be investigated by legal authorities.
Mailing lists would need to be marked by subscribers as not-requiring-payment (whether in cash or computation). This is no different to the current situation where you have to explicitly subscribe to a list.
Micropayments don't have to change SMTP at all. The client can discard or bounce the message if it doesn't have appropriate payment. In fact, this is probably the better way to do things since it puts control of what to receive in the hands of the recipient, not the sender or some mail server (which is what caused the spam problem in the first place).
Mittens stop your hands losing heat. The heatpipe gloves take heat away from one part of the body and move it to another (less essential) part, and probably increase the total heat loss a bit.
The heatpipe gloves would reduce your core body temperature. Mittens would not.
There may be aplications where there isn't much or any GNU software used at all...
Care to name one?
Of course, if you run a Linux system without the GNU C library and other GNU software then there is no reason to call it 'GNU/Linux'. Similarly, you can run a GNU system with most of the same software but no Linux kernel.
Is it possible to buy one of these devices and put Linux on it? Any of them? Would a new distribution need to be made for each, or is there one distribution for a particular CPU family that would work on many devices using that CPU?
I think the Forbes article is reasonably balanced. It is right in one thing: turning junk fax prevention or spam prevention into a big lawyer-fest is not the best way.
What we need is a system where the recipient decides whether to accept a message, rather than showing all messages that the sender chooses to send. This decision by the recipient can be made by filtering for particular keywords, but that can be worked around and generates an arms race between spammers and spam-blockers. Better would be a system where a small payment is required, *set by the recipient*. So if you really dislike getting faxes, set the charge at one dollar and then businesses will only send to you if they have a good chance of recouping that cost (which means: a product you might actually want to buy).
It's not necessary that the recipient get the $1 payment; it would be enough for spam-blocking to require the sender to take a dollar bill and burn it. Or you can use computing time as a substitute for money, as in Hash Cash or Penny Black.
I'm not concerned about Crossover Office and other 'added value' stuff; might even pay for that. I meant more the installer, configuration tools, init scripts and so on.
True, you can only do so much for the user, but it doesn't have to make it so difficult for the user to distinguish what is safe and what isn't.
Choose to 'Open' a text attachment and it displays in Notepad - safe. Choose to 'Open' a.exe (or an obscure extension like.pif) and it runs it. OK - there is now a warning, and that's an important step forwards.
You don't have to log in as administrator, but I've usually found that it's rather difficult to get Windows working as you want unless your normal account has administrator privileges. By contrast in Linux I run as non-root and have no difficulty installing software and so on.
The cure for that, of course, is to send the exe inside a zip file. Apparently there have been worms that did this. And with easy-to-use zipfile support in Windows...
If encryption is added to Windows, we'll see worms that say 'please run the attached file, the password is "fred"'.
there is no safe mechanism to _open_ a file without the risk of _running_ it.
Blatant lie. I can right-click any file and get "Open with" as part of the pop-up menu so that I can open any file in any app I want.
Fair point. What I should have said was there is no obvious and default way. For naive users, the default settings should be the most secure, and you should have to take extra steps to do something potentially dangerous. But the Windows philosophy, on the whole, is that the default action ('Open') is as insecure as possible, and if you want to protect yourself you have to go through Open With, etc. It doesn't help that a culture of sending around binary executables is encouraged ('electronic Christmas cards' and so on).
Even with a very cunning driver (whether computer or human) you need some margin in front of and behind the car. But if you could just rotate all four wheels to point in the same direction you could easily get in and out of spaces no bigger than the car. This kind of four-wheel steering might be useful for overtaking and swerving as well.
The virus exploits the massive Windows bug that clicking on an attachment is enough to run an executable with full user priveleges (root privileges, often) and that there is no safe mechanism to _open_ a file without the risk of _running_ it.
People seem to be unquestioningly talking about 'blocking' pop-ups as though your computer had to actively take measures to avoid these intrusions. But all it means is using a web browser that does not execute the Javascript code. There are plenty of browsers with no Javascript at all, and it is not part of any HTML standard.
Similarly, using lynx is not 'image blocking'.
There is a grey area when you try to have Javascript support enabled but limit the things a script is allowed to do. But really this is just closing security holes in the original Javascript specs (popups are a form of DoS attack).
Release BSD under the GPL and I'll try it out, otherwise, forget it.
For code released under the new BSD licence it's entirely possible to release it under the GPL. You could even do that yourself. Perhaps you mean something else?
The most trusting users are in South Korea while Swedes are the biggest skeptics about the veracity of Web news.
Probably they are still mindful of the Swedish Lemon Angels recipe cited as an example of untrustworthy web content. (Idiot ZDnet broke the link to the article: see here instead.)
How can the prion be heatproof? Surely there is _some_ temperature that will destroy it. You mean that it's resistant to high temperatures that would denature most other proteins. What matters is whether there is a temperature hot enough to destroy the prion but cold enough not to damage medical instruments.
To run older binaries you usually just need to make sure you have the old libraries installed. Get an old Slackware CD or whatever, copy the libraries and symlinks to/usr/lib/, and that should be it.
The Great Computer Language Shoot-Out compares many more languages in a variety of benchmarks, although it doesn't have C# yet. The key thing to note is that high-level compiled languages like ML or Scheme perform slower than C, but much much faster than interpreted scripting languages like Perl.
Slashdot Mirror
A normal Linux installation is also read-only, for non-root users. It's probably not quite as bulletproof as a mounted read-only disk image, but I believe that FHS-compliant distributions should always work with /usr/ mounted read-only, at least.
If there are things an unprivileged user can do to screw up the system, they are normally security holes, and should be fixed. (Not saying they don't exist - read-only mounts can still be useful if you are really paranoid.) (One thing you might worry about is hitting the reset button and corrupting the disk - a CD-ROM is certainly immune to that, though journalling filesystems should be robust against it too.)
Hmm, so the 'amount' of hash cash postage is probabilistic, but then so is the determination of what is spam and what isn't. It is unlikely that a spammer would run the hash cash code and get very good luck to hit long collisions by accident, so the length of collision found is a reasonable indicator of the computing time put in.
Correct me if I'm wrong - but surely a collision of 6 bits could not take any less time to find than one of 5 bits, and quite likely would take longer. So, a longer collision should be treated as better, though the probabilistic weighting you give to this might have to be carefully chosen.
I envisage that the amount of computation could be variable by the client, and it would be one of several factors weighed. For example with Spamassassin you might see something like
HTML.........1.0 points.....Message contains HTML
HASH_CASH....-3.5 points....Hash cash payment of 35 computrons
Total score: -2.5 points ==> not spam
As usual, the Spamassassin developers would look at their corpus of spam and ham and derive the right weighting for different amounts of hash cash postage. Users could tweak it themselves if they wanted.
Personally I favour computing-time payments like hash cash; they'd be an equal impediment to sending out large numbers of messages, but wouldn't require all the banking infrastructure of micropayments, just a small bit of code on the client to verify the 'postage'.
The biggest problem with charging postage in terms of computation expense is that spammers might use worms and viruses to hijack individual PCs to do the computation and send out the messages. Whereas if you are requiring real money, hijacking a PC to pay that is a serious offence and more likely to be investigated by legal authorities.
Mailing lists would need to be marked by subscribers as not-requiring-payment (whether in cash or computation). This is no different to the current situation where you have to explicitly subscribe to a list.
Micropayments don't have to change SMTP at all. The client can discard or bounce the message if it doesn't have appropriate payment. In fact, this is probably the better way to do things since it puts control of what to receive in the hands of the recipient, not the sender or some mail server (which is what caused the spam problem in the first place).
Mittens stop your hands losing heat. The heatpipe gloves take heat away from one part of the body and move it to another (less essential) part, and probably increase the total heat loss a bit.
The heatpipe gloves would reduce your core body temperature. Mittens would not.
Of course, if you run a Linux system without the GNU C library and other GNU software then there is no reason to call it 'GNU/Linux'. Similarly, you can run a GNU system with most of the same software but no Linux kernel.
Is it possible to buy one of these devices and put Linux on it? Any of them? Would a new distribution need to be made for each, or is there one distribution for a particular CPU family that would work on many devices using that CPU?
I think the Forbes article is reasonably balanced. It is right in one thing: turning junk fax prevention or spam prevention into a big lawyer-fest is not the best way.
What we need is a system where the recipient decides whether to accept a message, rather than showing all messages that the sender chooses to send. This decision by the recipient can be made by filtering for particular keywords, but that can be worked around and generates an arms race between spammers and spam-blockers. Better would be a system where a small payment is required, *set by the recipient*. So if you really dislike getting faxes, set the charge at one dollar and then businesses will only send to you if they have a good chance of recouping that cost (which means: a product you might actually want to buy).
It's not necessary that the recipient get the $1 payment; it would be enough for spam-blocking to require the sender to take a dollar bill and burn it. Or you can use computing time as a substitute for money, as in Hash Cash or Penny Black.
I'm not concerned about Crossover Office and other 'added value' stuff; might even pay for that. I meant more the installer, configuration tools, init scripts and so on.
The review doesn't mention one of the most important criteria: what are the copying conditions for Xandros?
True, you can only do so much for the user, but it doesn't have to make it so difficult for the user to distinguish what is safe and what isn't.
.exe (or an obscure extension like .pif) and it runs it. OK - there is now a warning, and that's an important step forwards.
Choose to 'Open' a text attachment and it displays in Notepad - safe. Choose to 'Open' a
You don't have to log in as administrator, but I've usually found that it's rather difficult to get Windows working as you want unless your normal account has administrator privileges. By contrast in Linux I run as non-root and have no difficulty installing software and so on.
The cure for that, of course, is to send the exe inside a zip file. Apparently there have been worms that did this. And with easy-to-use zipfile support in Windows...
If encryption is added to Windows, we'll see worms that say 'please run the attached file, the password is "fred"'.
Even with a very cunning driver (whether computer or human) you need some margin in front of and behind the car. But if you could just rotate all four wheels to point in the same direction you could easily get in and out of spaces no bigger than the car. This kind of four-wheel steering might be useful for overtaking and swerving as well.
The virus exploits the massive Windows bug that clicking on an attachment is enough to run an executable with full user priveleges (root privileges, often) and that there is no safe mechanism to _open_ a file without the risk of _running_ it.
People seem to be unquestioningly talking about 'blocking' pop-ups as though your computer had to actively take measures to avoid these intrusions. But all it means is using a web browser that does not execute the Javascript code. There are plenty of browsers with no Javascript at all, and it is not part of any HTML standard.
Similarly, using lynx is not 'image blocking'.
There is a grey area when you try to have Javascript support enabled but limit the things a script is allowed to do. But really this is just closing security holes in the original Javascript specs (popups are a form of DoS attack).
The answer to this question is the same as the answer to every other fricking legal advice question posted on Slashdot: Talk to your lawyer.
Bob Atkins explains the importance of sensor size for image quality in digital cameras.
Probably they are still mindful of the Swedish Lemon Angels recipe cited as an example of untrustworthy web content. (Idiot ZDnet broke the link to the article: see here instead.)
How can the prion be heatproof? Surely there is _some_ temperature that will destroy it. You mean that it's resistant to high temperatures that would denature most other proteins. What matters is whether there is a temperature hot enough to destroy the prion but cold enough not to damage medical instruments.
To run older binaries you usually just need to make sure you have the old libraries installed. Get an old Slackware CD or whatever, copy the libraries and symlinks to /usr/lib/, and that should be it.
The Great Computer Language Shoot-Out compares many more languages in a variety of benchmarks, although it doesn't have C# yet. The key thing to note is that high-level compiled languages like ML or Scheme perform slower than C, but much much faster than interpreted scripting languages like Perl.