A firewall ? Theo de Raadt just said that a firewall won't fix the windows security, for very good reasons.
This is what he said:
Microsoft's security problems have to do with its Web client which probably has 300 to 500 vulnerabilities in it which a firewall will never block as they are all in http, all inside a TCP session and a packet filter does not help you.
This is only partially true. IE vulnerabilities are numerous, but they aren't the most dangerous. To take advantage of them, the user has to load a malicious WWW page. More danger comes with open ports that let the hacker take control of any running Windows system with public IP regardless of the user actions and those CAN be blocked by a firewall.
There is also quite a different kind of firewall - the reverse one, ideally implemented outside the user's PC (cable modem/ISP router/etc) that blocks outgoing attacks in case the PC gets zombified. Too bad this is probably too costly to happen on a mass scale.
It runs everything (1) on everything (2) without performance hit (3).
(1) Uhm, err, the current version only runs Pacman, which required some modifications to the binary
(2) only on Windows XP, but we're working on the Win 98 version.
(3) The technology used allows for theoretical performance equal or even exceeding the native hardware. This will work in next version, "FlyingPig 6.0".
A microkernel sandboxes things like drivers and has them run in something more like user space; as a result, just as process on Linux can't crash the kernel, a driver on L4 can't crash the kernel.
It has always bugged me - how well does the sandboxing work with devices that use DMA to write their data directly to the memory? Can't a bad driver order a device to overwrite a piece of kernel memory?
Is it practically possible to learn the stuff in any other way besides doing it for a living, moving on up slowly from basic J2SE? Anyone here taken the leap, and how?
I took the leap from a very basic Java knowledge (some hello worlds) to J2EE. Some hints:
1. Motivation. Motivation helps. There's no motivation like being on an important project that uses J2EE, but this of course is usually beyond your control, unless you want to bluff your way into such a project (not recommended).
2. Books. Avoid learning anything from pure specs.
The books that helped me: "Java Enterprise in a Nutshell" from O'Reilly (Nutshell my ass, that's the thickest book in my room). "Enterprise JavaBeans" from O'Reilly, "Bitter EJB" (can't grab it now, so no details).
3. Practice. I downloaded the Websphere Studio Application Developer (trial version) from IBM and started monkeying with it the moment I've heard about J2EE being used in the new project.
4. Forget the APIs (at least their details). Try to make a mental map of the most important stuff - Container, Client, Beans and how they relate to each other. Once you got that, you can fill the details like APIs & such.
The submitter is stupid. This has nothing to do with being an example. Unless the example is, if you break the law and get caught, you'll be subjected to the punishment laid out in the law books.
You mean that the punishment is determined solely by the content of the law books? Gee, I wonder why people spend so much money on lawyers.
Re:From an author - Glad to see the interest now
on
Slate is Bootstrapped
·
· Score: 1
My partner on the project plans on full compilation without a C back-end, but also that it will take time, so I can't promise you guys a darned thing yet - don't hold your breath! (He's a talented guy, and great to work with, but things like this take time to develop.)
Hey, compile it back to Lisp! CMUCL has a very effective lisp compiler! Gee, I'm a genius, wonder why I haven't created my own programming language yet...
I don't think open source is a at a disadvantage in the strategic planning arena, except to the degree that organizations that are highly biased towards top down control (which may be a valid style depending on the business ) may find the forbidding aspect of proprietary licenses an attractive way to limit individual initiative.
I don't think that the "top down" vs "individual initiative" choice is in any way correlated with the opensource vs proprietary choice. If I were to design a work environment that totally stiffles any individual initiative, I'd run every desktop off a sealed custom CD, which I find moderately easy to do with Linux, very hard with Windows. I'm not even sure whether it's possible without "reverse engineering", which is of course prohibited by the licence.
Games
full functionality IM
Loads of Windows-specific-only business appliactions
Support from all hardware vendors
Let me remind you of the context, namely chosing the OS for an organization.
Games? Obviously not important.
Full functionality IM? I don't know what you mean by full functionality - Jabber/Gaim/whatever do well enough in the office environment.
Loads of Windows-specific-only business applications? Yup. This can be a problem, but when you save umpty thousands of bucks on Windows licences, you can pay for having an application written from scratch just for you (or having an existing opensource app customized). OpenOffice/Mozilla does the rest.
Support from all hardware vendors is seldom an issue - corporate desktops run on standard hardware. Ok, if you've got a hundred machines with nonstandard hardware, then you have your OS options limited.
"I just want the decision to be based on facts, not religion," says Taylor. "People are saying, 'It's not Microsoft, so it must be great.' Tell us what Linux does that we can't do. Don't tell us you're deploying Linux just because you can."
Let me turn this question around: what does Windows do that Linux doesn't? For me, Linux is already there ( on several hundred desktop machines running a java client). So why should I pay several hundred bucks for each license?
(1) Cost of catastrophe: $1,000,000.
(2) Chance of catastrophe: 5%
(3) Cost of setting up parallel system, including hardware, software licenses, system administration: $250,000.
If (1) times (2) is less than (3), then it's actually better not to spend the money on (3).
Next week, a doctor with a flashlight will show us the ultimate source of business estimates.
See, I never print photos on my PC (which is why I don't need an inkjet* with highly expensive ink (1 liter = 1 kg Gold)), but bring or send them to the photoshop instead.
The ink is only that expensive if you buy the original cartridges from your printer manufacturer. The printer manufacturers strive to make their cartridges incompatible with everything else, but for most ink printers you can get a decent continuous flow system. This way you buy only ink, which costs an order of magnitude less per liter than cartridge ink and adds satisfaction of not being screwed by the printer manufacturer.
The only downside is that you lose your warranty, but if you print a lot, then you can quickly buy a new printer with the money saved:-)
Is that protection against canaries? Protection with Japanese kunf-fu canaries? Or protection for canaries? I mean, the kung-fu canaries have potential...
I've always heard people say this. The problem with this argument is that it is impossible to prove one way or the other. If you say the really good criminals aren't caught and that they leave no trace, then how do we know they exist? Equally how do we know that they don't exist. It is like a conspiracy theory.
I agree that crimes leave traces, but there are unresolved crimes - check crime detection rates anywhere. You can get away with murder, stating otherwise just goes against the facts.
Second, even with very conservative estimates of how much the US people spend on illegal drugs, prostitution and similar activities, one has to wonder where all this money goes. The simplest explanation is that it goes to smart criminals.
Its hard to imagine mass transit solving the last mile effectively, and the segway (small electric etc . . . ) Is most certainly a better solution that hydrocarbon convertors.
I have a solution for the last mile problem in mass transit. The project code-name is "walking" and I think I'll market it as Legway.
Stupid excuses like "this cost us millions to produce, so we're not going to give the code away to you and our competitors, which would eventually cause us to lose so much revenue we'd not be able to make any more cards/drivers for you at all"?
While I wouldn't go so far as to call this excuse "stupid", it is certaintly far from "convincing".
"This cost us millions to produce" doesn't imply "we'll lose something by disclosing it".
How exactly would this cause losses? By reducing sales? Perhaps, if the drivers weren't free to start with.
By giving away some knowledge that would be unobtainable without the drivers' source? C'mon, the high-tech companies have the technology to reverse-engineer the card firmware and probably most of the integrated circuits - some puny drivers that don't even require soldering to obtain are no match for them.
At the bottom of the food chain are people like you, who are easily fooled by the "let's make the world a better place" rhetoric and who are so enthusiastic about technology that writing open-source - or any source for that matter - is the absolutely best imaginable way to spend their time. It doesn't matter whether you love what you are doing and consider this the hobby you want to spend 110% of your time on: It's exploitation by companies who are not at all interested in creating stuff. They want to use your stuff for free. That's why they trick you into doing it.
It's idiocy. It's bigotry. If you want to put your skills to work and you need to support a family, your work and work results can't be free. Software is the immediate result and the manifestation of what your learned and what you know. How much is that worth? Nothing? Think again.
Hm... I use this system called "Linux" and a bunch of apps that I got for free. I develop Java applications (which I get paid for) in a free environment (Eclipse). How much is this worth?
I think of my code released under GPL as a sort of repayment of the above. I don't feel like the sucker Clemens tries to convince me that I am.
Microsoft, which denies pressuring @stake to fire Geer, says the
comparison between computers and living organisms works only so well.
"Once you start down the road with that analogy, you get stuck in it," said
Scott Charney, chief security strategist for Redmond, Wash.-based Microsoft.
Charney says monoculture theory doesn't suggest any reasonable solutions;
more use of the Linux (news - web sites) open-source operating system, a rival
to Microsoft Windows, might create a "duoculture," but that would hardly deter
sophisticated hackers.
True diversity, Charney said, would require
thousands of different operating systems, which would make integrating
computer systems and networks virtually impossible. Without a Microsoft
monoculture, he said, most of the recent progress in information technology
could not have happened.
Microsoft still want us to believe that the only way to integrate is to run One System (theirs) everywhere. They don't get (more precisely: don't want to) common open standards and protocols.
And they are wrong about "duoculture". Linux, having many parties behind it(many distros, different kernel versions) has much mure internal variety than all versions of Windows out there.
Slashdot Mirror
There is also quite a different kind of firewall - the reverse one, ideally implemented outside the user's PC (cable modem/ISP router/etc) that blocks outgoing attacks in case the PC gets zombified. Too bad this is probably too costly to happen on a mass scale.
(1) Uhm, err, the current version only runs Pacman, which required some modifications to the binary
(2) only on Windows XP, but we're working on the Win 98 version.
(3) The technology used allows for theoretical performance equal or even exceeding the native hardware. This will work in next version, "FlyingPig 6.0".
1. Motivation. Motivation helps. There's no motivation like being on an important project that uses J2EE, but this of course is usually beyond your control, unless you want to bluff your way into such a project (not recommended).
2. Books. Avoid learning anything from pure specs. The books that helped me: "Java Enterprise in a Nutshell" from O'Reilly (Nutshell my ass, that's the thickest book in my room). "Enterprise JavaBeans" from O'Reilly, "Bitter EJB" (can't grab it now, so no details).
3. Practice. I downloaded the Websphere Studio Application Developer (trial version) from IBM and started monkeying with it the moment I've heard about J2EE being used in the new project.
4. Forget the APIs (at least their details). Try to make a mental map of the most important stuff - Container, Client, Beans and how they relate to each other. Once you got that, you can fill the details like APIs & such.
Enlightening Elastomeric Experiences - the research site about the use of latex/ rubber for meditation, yoga & spiritual development...
Games? Obviously not important.
Full functionality IM? I don't know what you mean by full functionality - Jabber/Gaim/whatever do well enough in the office environment.
Loads of Windows-specific-only business applications? Yup. This can be a problem, but when you save umpty thousands of bucks on Windows licences, you can pay for having an application written from scratch just for you (or having an existing opensource app customized). OpenOffice/Mozilla does the rest.
Support from all hardware vendors is seldom an issue - corporate desktops run on standard hardware. Ok, if you've got a hundred machines with nonstandard hardware, then you have your OS options limited.
Cons:
- It limits the block nesting level within a proc.
Pros:
- It limits the block nesting level within a proc.
- It makes it hard to misread the indent.
The only downside is that you lose your warranty, but if you print a lot, then you can quickly buy a new printer with the money saved :-)
Second, even with very conservative estimates of how much the US people spend on illegal drugs, prostitution and similar activities, one has to wonder where all this money goes. The simplest explanation is that it goes to smart criminals.
"This cost us millions to produce" doesn't imply "we'll lose something by disclosing it". How exactly would this cause losses? By reducing sales? Perhaps, if the drivers weren't free to start with.
By giving away some knowledge that would be unobtainable without the drivers' source? C'mon, the high-tech companies have the technology to reverse-engineer the card firmware and probably most of the integrated circuits - some puny drivers that don't even require soldering to obtain are no match for them.
I think of my code released under GPL as a sort of repayment of the above. I don't feel like the sucker Clemens tries to convince me that I am.
And they are wrong about "duoculture". Linux, having many parties behind it(many distros, different kernel versions) has much mure internal variety than all versions of Windows out there.