I don't think so... no catastrophe can cure us at this stage. We are far too gone now. Back in 1914 if you saw somebody lying wounded on road you would take him/her to the hostpital, today you Rob the person.
Are you just in a cynical mood this morning, or are you always this way? Things really haven't changed that much, it all depends on who comes along. Maybe there are more people who would just walk by, or worse, but I would suggest that this is because more people are already disenfranchised by the societies that they live in. Actually, the appathetic fraction probably hasn't changed that much.
The really interesting thing is that we are talking about this today. Until the GPL and the explosion of Open/Free source software that eventually followed, it was taken as fact that no one would create original works if they could not have some exclusive property right to it. The critical thing is to prevent someone else from making a profit from your hard work, and not sharing their own work.
What is particularly damaging to the Wright Brothers' reputation is the claim that they did exactly that. Apparently, there had been a lot of sharing of information in the community that was trying to acheive powered flight, but the Wrights just took what they could and gave nothing back. Then they attempted to use the patent system to claim ownership of the entire field. It is shameful, as is the same process as it occurs today.
But you have to bring the sample back if you want to actually gather some microbes and bring them back for deeper studies. If they really are microbes, we would want to know what they use for genetic information, and if it is DNA, then we want to sequence it to see where it comes from.
I wonder if you could have a probe dip into the atmosphere, maybe without even slowing (much) from the Earth to Venus trip, and still have enough momentum to get back out. Ok, so it is a bit hard to collect samples at mach 2+ (probably plus a lot), and even if you could they might be destroyed in the process.
You definitely don't want to land, then launch. All this activity is in the upper atmosphere anyway.
That's a reference to the case I was referring to. It was element 118 that was claimed to be discovered. There's a much more detailed comment with a link and everything, so I guess mine was redundant (sorry).
Apparently, it is pretty unusual. I recently heard a report on NPR about another case, and they were saying it was pretty much unique. The research involved in this case was the discovery of new elements. It wasn't conclusive that he had falsified, but there was some stuff that was pretty hard to explain any other way. The guy involved insisted that he hadn't and colleagues couldn't really believe it, except for the evidence.
To be more specific, his position is that you can't restrict what people do with the software, even if you wanted to. It's more of a legal position than anything else.
I've been looking at projects under an extended GPL called the GGPL, which pulls together GPL, the UN charter on human rights, and a set of sustainable development principles. My first reaction to the language about not using products under this license in war of any kind was similar. Just how would you stop them, legally, or practically.
You probably can't, but that doesn't mean you can't disapprove, and say so. Most of the effect is social anyway, and making a stand can be pretty effective in this domain. Legitimate millitary people would stay away, and the others probably wouldn't know about it anyway, or be bound by it in any case.
So I say, tollerate and disaprove, which is more or less what is happening in this case. It is RedHat's right to do it, and it is his right to disapprove of what they have done. I'm sure he knows he has no legal standing to object.
The Slashdot community, on the other hand, has for years appended a third comment: we're superior, we're Linux buffs, we're the best, and we apply patches.
Just because those are the posts you see doesn't mean everyone thinks this. I, for one, admit to not always being as vigilent as I would like to be. There are many things to attend to, so you can't be on top of everything, but we all know that you only have yourself to blame if you miss something important. The dynamics of the community help a lot, so it isn't as big of a problem. The second point helps a lot, and the way MS hides their bugs just makes it harder even if you do everythng you can.
> If you show me a list of documented, unpatched holes, I'll show you a mailing list / IRC channel / news group that just found a list of things to do for the afternoon.
Very valid point. So let me ask you (plural you here) -- when was the last time you spent an afternoon coding, testing, reviewing, and QCing a patch? Maybe you're one of the admirable group who actually does code patches in your spare time. But, more likely, I suspect, is that the vast majority of the readers of this message never have and never will submit a patch.
There are many roles in the community, not everyone has to spend all their time chasing bugs to contribute. In fact, it would be a duplication of efforts, and not really useful. Using the code is an important role too, and your responsibility there is to give feedback without annoying the developers while they work. Also, keep in mind that many are scratching their own itch on another project, so they leave this to the domain experts.
> Inexperienced teenagers (a large subset of all teenagers) and newbies are unable to refute your statement that Linux is as bad as Windows
I'm sorry, but I couldn't let this one go. The original poster didn't make such a statement. Not even such an inference. The post, instead, merely pointed out the hypocrisy demonstrated by the attitudes described.
You missed his point here completely. The original poster did say "Linux is as bad as Windows", which is patently false. He was just saying that not everyone can refute this statement with a cogent argument. Many can, and he did above.
1) They have a single platform they can use to push their services from
Correct me if I'm wrong, but isn't the important part of this platform on the server, not the client? MS is still losing on the server, so if the LA supports passport clients in their server implementations, the game is up. MS clients such as IE are not likely to support LA client protocols, but so what? They will still be able to connect to all servers. More open clients can support both, but are only likely to do this if they can trust the passport implementations.
So MS has three choices:
1) Don't play (no non-MS client or server implementations of Passport allowed, I take no MS implementation of LA to be a given).
2) Allow other clients (no non-MS servers).
3) Allow other servers (no non-MS clients).
In 1), if you use MS clients, you will only function with MS servers (.NET platform). This is a lose for them since they don't have much market penetration in the server side.
With 2), only MS clients would be disadvantaged, unless they added LA support to their clients (won't happen).
Case 3) would be interesting because all clients would be able to play with open servers, but only clients that adopt passport will be able to access.NET servers (I'm assuming MS server ==.NET server until they abandon that for something new). This situation could persist for a while since non-MS clients and MS servers are likely to be the minorities for some time. It can't be helpful in selling.NET to a wider audience.
I almost forgot that there is a forth case, but MS is not going to play nice, so that won't happen anyway.
Depending on how this is done, it can be a good thing. The point is to have the greatest possible interoperability, without compromising the security of your personal information. The real critical issue in all of this is who (or more to the point, whose code) controls my private information. Even if the data is stored on a server, that's ok if it is encrypted and the private key is safely protected on my local machine under security protocols that I can control (choose). The private data can be held on any number of servers, and sent back to my local machine for parcelling out as required. Authentication shouldn't require sending out private data, but rather challenge/response that can only be correct if I possess the proper keys.
Passport must be made open to third party scrutiny if they want to play with everyone else. Industry standards are that they must publish their design and code for open third party review and analysis. I personally would not accept less, and would be shirking my professional responsibilities not to advise this to anyone I do work for. I assume they have not done so, nor do they plan to. I would also expect the Liberty Alliance to have a similar standard to mine, and if not I wouldn't advise anyone to use that either.
The logic of symetric and asymetric key systems isn't that deep, although their can be a lot of hazards in the implementation. The only good solution to this is lots of eyes, and all responsible professionals should insist on it.
But personally, I agree with what another Slashdot reader said: its the browser's job to look after a user's password. a single username and password for all your site's is absolutly retarded security-wise.
Well, not the browser itself, but an independant security module that can be accessed by the browser and any other program that needs to. Having one or many user names isn't really the issue, and the only password needed should be to open up your locally stored private key chain.
That puts all the load on protecting that private key chain, and anything you can do to secure that information is a good thing. Single point of failure isn't the issue that people make it out to be. The issue is keeping the most sensitive data, the private keys that can open up everything, private. Opening them up in the memory of your PC is better than trusting that function to a third party, but better is to never expose the private keys.
One cool job I had was for a company trying to market a secure messaging system. They went belly up before the dotcom crash, but the technology was very cool. It was a message hub system with key escrow and the works. The actual message processing was done by a purpose built box that had no disks or permanent storage, just a network connection. The keys were stored in PC/MCIA cards that had processors and non-volatile storage, and only half of the key was stored on each card. The only place you would ever have private or session keys in clear text was on the closed box or half of one inside the PC/MCIA cards.
The point is that it might be good to have a sub-processor that can do things with the private keys, but never have them in clear text outside of that. This could be done with the kind of physical tokens that some people have suggested when single sign on came up before. Although some will find this excessive, I think it is a good idea.
There must be information about the hardware specifications, since AMD and Intel are working on building it. It would seem counter-productive to keep this part of it secret.
Assuming that there is some core of the technology that makes sense, can't we find a way to use the hardware features to do something useful? We know the MS implementation will be just as effective as the rest of their security efforts, so it is most likely to just piss customers off.
Now that there is a baseline sequence for humans, we need to do the same for all the great apes. I would think this would be valuable on a number of levels.
This is why we can't just do the diff, although I would think order of billions would be a bit big on most platforms as well.
It's just too funny that they think these tactics really work for them. Since they are sharing source with trusted partners, they can get beyond the "several thousand employees", but they just don't get what it is all about. The question is, what is the motivation? The profit motive is central to everything they and their partners do, and it shows.
It is really dangerous for them to share their code even in this limited way, because it is likely to get out when they do. Since it is a given that security is never perfect, it will get out, and possible make their code even more vulnerable. They still try to say that Linux has just as many security bugs, while freely admitting that they have not designed for security in the first place. I find this statement particularly humorous:
With the launch of the initiative, Microsoft halted production on new code in all of its products and charged employees with scanning through every line of existing code in search of vulnerabilities.
That's from the Valentine article. I hope he isn't as clueless as this statement suggests. The idea that you can find security holes with this method would suggest he is not competent to hold the job title. Security takes a systematic approach starting from architecture, and including a lot of theoretical work to back it up. Only then can you expect to find security bugs by looking for hazards in the code. If they had done this in the first place, there are a large number of features that never would have gone in.
Admittedly, the open/free source community is a bit smaller than "the rest of the world", but they have the right motivation. Just how receptive do you think MS will be to reported problems? Is MS going to give your company a discount on licenses for some future product, or more likely will they attempt to minimize the importance of any flaw because it means more work for them to fix it?
When commercial companies embrace GPL practices, they are motivated to solve the problems that relate to their own products. This only works because you can't get without giving. GPL means that your competitor can't get the benefit without giving back the enhancements they make as well. Unless you are big enough to do it all yourself, there is always way more that you get from GPL than you give. If anyone attempts to cheat, it's all out in the open.
To close, I'd like to point out the FUD line that closes the article:
The big issue there, he said, was a reluctance to accept legal liability for open-source software.
I guess we are to assume that they will be replacing all those standard disclaimers with a statement of fitness and accept liability when they fail to deliver.
They got their monopoly by providing the OS for an open platform. Apple is still missing the boat in this respect (rumors that there is an OS-X for Intel arch. suggest they may change;-), what makes MS think they can push a new closed format on the consumer. What makes everyone think they won't fail in this.
The modders should and probably do expect this. It's the people buying the mods I don't understand. If you don't like what MS is doing, don't participate. Ok, I get the angle that if you buy and Xbox and never get more than one or two MS certified games, they lose money, but that just seems like a silly pursuit to me.
What I really wonder is how Sony and Nintendo will respond to this. We know about the Linux kits for PS/2, but is anyone doing anything interesting with them? Don't you think it would be good for them to join Apple and have a really open discussion about how to do DRM in a consumer friendly manner? The only way MS can win is if everyone else sits on their ass and lets it happen.
When I first started working in the early 80s I consciously steered away from IBM technology because I knew they had already peaked. History showed that this was true even though very few could see it. "Nobody was ever fired for buying big-blue systems" was ubiquitous just like the the attitudes that MS will steamroller everyone is today. Guess what, MS could be yesterday's news in five years. The pace of change is even faster now and the Gates empire is nothing compared to the old IBM, so this prediction isn't that way out.
Stop buying into their marketing, and don't try to play their game. It was already clear in the mid 80s that MS would compete relentlessly with the very software companies that made the platform popular in the first place. They have abused trust at every turn and will get what they deserve.
Interesting. I'd never read about that, but I expected that there would be start and end codes for genes as well as binding sites for control proteins. The binding of control proteins probably also relates to the topology stuff too. The bound proteins would influence how and where a strand folds and such.
Of course, the computational problem of predicting or simulating how this happens is one of the very hard ones. As I understand it, it is complex enough just understanding how the proteins fold into the correct final form, and there are diseases that involve this not happening correctly for some proteins.
A lot of people think that knowing the DNA sequence is like knowing the code for a program. Even if it was, you don't know the entry points very well, but even more significant is the large amount of state that is held in the topology in addition to the sequence. It is logical that it is this type of state that is central in the development of multi-cellulars, and cell differentiation as well.
A few more generations of Moore's law and maybe we can start to attack the really interesting problems computationally, but for now we will have to be satisfied with baby steps. I have difficulty understanding the mentality of the commercial entities that are trying to capitalize on the little bits that are emerging now. This stuff screams for open collaborative research even more than computer technologies. Come to think of it, in the end it most of it will be computer technology, and mostly software at that.
If a 70000 workforce says that wanna work on M$ why should anyone stop them.... But I guess this wont be true, there will be numerous who are opposing this.... and in this case slashdotters cant do anything except slashdot the DOI site every second day.... Its upto those employees to get together and raise a ruckus.
Beside the fact that the employees probably had almost nothing to do with the decision, it is objectively bad for the government to lock up our information in a propriatary format.
The real tragedy of this will come down the road, when not even current MS crap (if they survive) will be able to read the obsolete Word2002 formats stored in the archive. Even today, I expect that you would have some problems reading at least some old windows document formats in the most current editions.
MS development processes are so ad-hoc and market driven that they cannot even keep track of all the external representation formats that they have created. They just don't get it. The reason that experienced and skilled software architects and designers insist on supporting mature standards is because otherwise it turns into an unmanagable mess. Stability is way more important than wiz bang features. Note that this is also the source of many of their security problems, at least the ones that aren't due to allowing program fragments to run from untrusted sources, but I digress.
This is also why the Linux platform is so much better. Even though it is not yet at a maturity and stability level that satisfies us, it is still completely usable because it doesn't just abandon standards in an attempt to gain market dominance. Once a standard is established and has become stable, you can be certain that it will be widely adopted. In this environment, any number of projects can implement that standard, and users have a choice to stay with the old reliable tool, or upgrade to get more features and functionality. Or even use both situationally.
"When the merger presented itself, one of the things we sought to do was make sure that (the new) HP's commitment was as strong or stronger than Compaq's," Sinneck said.
I might have suggested that there were close connections between some HP people and MS before the merger led to this ill-fated merger, but apparently they have been doing this to themselves for a long time.
Are they just killing off their Unix server business, or was that already more or less complete before the merger.
Perahps someone can tell us how putting in an insecure system after having a judge tell you to disconnect improves transparency. We all know this change can't improve the situation.
Don't they have some responsibility to do something about this? Something in line with industry standard practices.
Unless you pulled the hair out by the roots, there would be no DNA present. Even if there was, it probably wouldn't be useful for sequencing for very long.
This makes me wonder if they will make the customers sign a release to giving Ventner access to statistical data within their genome. One question the completed Human Genome did not answer is how genes vary from person to person - and the only way to answer that question is to sequence lots of genomes. If Ventner can get others to pay for the work and then patent the results that would certainly be a good business move.
Well, yes, this gets to the heart of the matter. Now that they have sequenced the whole thing for at least one human, the real interesting question is how it varies, and then of course how those variations relate to physical traits, diseases, resistence to disease, and so on. I'm sure they want access to the whole thing, not just the statistics. Once you have enough of them, you can start to map variations.
One thing that I'm a little unclear on from the reports. Are they actually sequencing the whole thing, or just the sections that are parts of genes (i.e. code for proteins). I always understood it to be the former, including all the vast areas that do not code for anything (that they know of). I've always been curious to know if these areas code for other things.
It's not such a stretch to immagine that these areas contain what we engineers would call "out of band" data that could relate to developmental sequencing or even generational memory (ok, maybe that's a stretch, but possible).
Just by having the entire sequences of a large number of individuals would make some explorations of this data possible just as pure data. If you find out of band areas that are near identical in all people, that would be a strong indication that it codes for something important.
This is hardly news or interesting. Some people are more likely to suffer from certain conditions, and you can know about this from family history or DNA.
In my opinion, this is a problem with insurance companies, not with having information. The bottom line is that insurance works best when it protects us against unknowable random events, and this is absolutely not the case with health care.
This just gets worse as the science gets better. Of course, not everyone has in the world has this problem. At least it is better than not having access to health care, but I digress.
Well, I almost can. Apparently nature.com is one of those sites that think they know better than you what size the fonts should be. I have my font sizes set to 20 and the display resolution to 150 dpi, and I still get a font so tiny I can barely read it. I really don't need the additional eye strain. I'm using Mozilla on RH 7.3
Does anyone know any way see this in a readable font?
Seems to me the primary problem would be one of security. Say I follow my target around while pointing a highly directional 802.11 antenna at him--virtually guaranteeing that his phone will pick my hop every time he tries to connect. Does the fact that the target is establishing the connection to me obviate my need for a wiretap order to log all his packets?
Seems to me that security should be an end-to-end concern of any application over TCP/IP. We have secure versions of many important apps, but not all. https and ssh handle some of the most critical aspects, and certainly IP-phones should be encrypted even if it isn't a particularly long key.
By the way, with analog cell phones, you can just follow your target around with a standard scanner and probably pick up any call they make. A bit harder with digital, but no more secure. Note that in your example, you don't have to 'capture' their signal either, just monitor it.
This is ALMOST the way it is. However, you forgot an important demographic in the tech sector these days...those who are recent college graduates.
I'm sorry you are having a bad time of it. I did say that it might take some adjustments. All I'm saying here is that the long term looks good. The technology doesn't get any simpler, and it gets more capable, so we have to work harder just to keep up. The dotcom boom was really a bad thing for all of us, even if a few did very well for a short period, the hangover is awful.
I'm out of work for the second time during the downturn, and I have 20 years in development and admin. It took from Memorial Day til November last year. It's hard to say if I'm technically unemployed now as I'm not looking for a conventional job this time. That means I'm busy, but I don't know where the next paycheck comes from.
I know it is hard to take, but you will find the right situation if you keep and open mind and keep at it. Take something else in the meantime if you have to, but things won't stay down in tech forever.
I don't think you are really replying to the parent, but rather to two levels up. You have already gathered other comments that relate to the lack of stability in the high tech market, and that relates directly to my comment. I never suggested they would work longer for less, just that it is an easy out for industries that do nothing to manage their labor pool long term.
Frankly, some of the number I was hearing thrown around for salaries in the 98-99 timeframe were getting pretty outrageous because of the dotcom boom, although it never really benefitted me that much. And if you looked at the rest of my comment you would know that I don't have a problem with immigration, just that some industries get better treatment.
Frankly, it is about time that some of the deadwood that passes itself off as technical talent had to worry about the same issues that face most workers in the U.S. and most of the developed world. Sure, it puts pressure on the labor market, but that is why it is up to each of us to stay current and stay productive.
Any technical person worth their salt will be able to find productive work for the forseeable future. Sure you might have to make adjustments and it might take some time in the middle of a downturn, but you have nothing to complain about when compared to the average blue-collar worker whose company downsized, closed a plant or shut down completely.
That said, I'm still not that happy about the way certain industries can import labor instead of treating the people who are here better. At least most illegal immigrants are doing jobs that few citizens will take, and I think their status should be normalized to prevent abuse. Also, as long as I am this far off topic, there needs to be some normalization of labor conditions worldwide. Trade normalization is fundamentally unfair without it.
Slashdot Mirror
I don't think so... no catastrophe can cure us at this stage. We are far too gone now. Back in 1914 if you saw somebody lying wounded on road you would take him/her to the hostpital, today you Rob the person.
Are you just in a cynical mood this morning, or are you always this way? Things really haven't changed that much, it all depends on who comes along. Maybe there are more people who would just walk by, or worse, but I would suggest that this is because more people are already disenfranchised by the societies that they live in. Actually, the appathetic fraction probably hasn't changed that much.
The really interesting thing is that we are talking about this today. Until the GPL and the explosion of Open/Free source software that eventually followed, it was taken as fact that no one would create original works if they could not have some exclusive property right to it. The critical thing is to prevent someone else from making a profit from your hard work, and not sharing their own work.
What is particularly damaging to the Wright Brothers' reputation is the claim that they did exactly that. Apparently, there had been a lot of sharing of information in the community that was trying to acheive powered flight, but the Wrights just took what they could and gave nothing back. Then they attempted to use the patent system to claim ownership of the entire field. It is shameful, as is the same process as it occurs today.
But you have to bring the sample back if you want to actually gather some microbes and bring them back for deeper studies. If they really are microbes, we would want to know what they use for genetic information, and if it is DNA, then we want to sequence it to see where it comes from.
I wonder if you could have a probe dip into the atmosphere, maybe without even slowing (much) from the Earth to Venus trip, and still have enough momentum to get back out. Ok, so it is a bit hard to collect samples at mach 2+ (probably plus a lot), and even if you could they might be destroyed in the process.
You definitely don't want to land, then launch. All this activity is in the upper atmosphere anyway.
That's a reference to the case I was referring to. It was element 118 that was claimed to be discovered. There's a much more detailed comment with a link and everything, so I guess mine was redundant (sorry).
Apparently, it is pretty unusual. I recently heard a report on NPR about another case, and they were saying it was pretty much unique. The research involved in this case was the discovery of new elements. It wasn't conclusive that he had falsified, but there was some stuff that was pretty hard to explain any other way. The guy involved insisted that he hadn't and colleagues couldn't really believe it, except for the evidence.
To be more specific, his position is that you can't restrict what people do with the software, even if you wanted to. It's more of a legal position than anything else.
I've been looking at projects under an extended GPL called the GGPL, which pulls together GPL, the UN charter on human rights, and a set of sustainable development principles. My first reaction to the language about not using products under this license in war of any kind was similar. Just how would you stop them, legally, or practically.
You probably can't, but that doesn't mean you can't disapprove, and say so. Most of the effect is social anyway, and making a stand can be pretty effective in this domain. Legitimate millitary people would stay away, and the others probably wouldn't know about it anyway, or be bound by it in any case.
So I say, tollerate and disaprove, which is more or less what is happening in this case. It is RedHat's right to do it, and it is his right to disapprove of what they have done. I'm sure he knows he has no legal standing to object.
The Slashdot community, on the other hand, has for years appended a third comment: we're superior, we're Linux buffs, we're the best, and we apply patches.
Just because those are the posts you see doesn't mean everyone thinks this. I, for one, admit to not always being as vigilent as I would like to be. There are many things to attend to, so you can't be on top of everything, but we all know that you only have yourself to blame if you miss something important. The dynamics of the community help a lot, so it isn't as big of a problem. The second point helps a lot, and the way MS hides their bugs just makes it harder even if you do everythng you can.
> If you show me a list of documented, unpatched holes, I'll show you a mailing list / IRC channel / news group that just found a list of things to do for the afternoon.
Very valid point. So let me ask you (plural you here) -- when was the last time you spent an afternoon coding, testing, reviewing, and QCing a patch? Maybe you're one of the admirable group who actually does code patches in your spare time. But, more likely, I suspect, is that the vast majority of the readers of this message never have and never will submit a patch.
There are many roles in the community, not everyone has to spend all their time chasing bugs to contribute. In fact, it would be a duplication of efforts, and not really useful. Using the code is an important role too, and your responsibility there is to give feedback without annoying the developers while they work. Also, keep in mind that many are scratching their own itch on another project, so they leave this to the domain experts.
> Inexperienced teenagers (a large subset of all teenagers) and newbies are unable to refute your statement that Linux is as bad as Windows
I'm sorry, but I couldn't let this one go. The original poster didn't make such a statement. Not even such an inference. The post, instead, merely pointed out the hypocrisy demonstrated by the attitudes described.
You missed his point here completely. The original poster did say "Linux is as bad as Windows", which is patently false. He was just saying that not everyone can refute this statement with a cogent argument. Many can, and he did above.
1) They have a single platform they can use to push their services from
Correct me if I'm wrong, but isn't the important part of this platform on the server, not the client? MS is still losing on the server, so if the LA supports passport clients in their server implementations, the game is up. MS clients such as IE are not likely to support LA client protocols, but so what? They will still be able to connect to all servers. More open clients can support both, but are only likely to do this if they can trust the passport implementations.
So MS has three choices:
1) Don't play (no non-MS client or server implementations of Passport allowed, I take no MS implementation of LA to be a given).
2) Allow other clients (no non-MS servers).
3) Allow other servers (no non-MS clients).
In 1), if you use MS clients, you will only function with MS servers (.NET platform). This is a lose for them since they don't have much market penetration in the server side.
With 2), only MS clients would be disadvantaged, unless they added LA support to their clients (won't happen).
Case 3) would be interesting because all clients would be able to play with open servers, but only clients that adopt passport will be able to access .NET servers (I'm assuming MS server == .NET server until they abandon that for something new). This situation could persist for a while since non-MS clients and MS servers are likely to be the minorities for some time. It can't be helpful in selling .NET to a wider audience.
I almost forgot that there is a forth case, but MS is not going to play nice, so that won't happen anyway.
Depending on how this is done, it can be a good thing. The point is to have the greatest possible interoperability, without compromising the security of your personal information. The real critical issue in all of this is who (or more to the point, whose code) controls my private information. Even if the data is stored on a server, that's ok if it is encrypted and the private key is safely protected on my local machine under security protocols that I can control (choose). The private data can be held on any number of servers, and sent back to my local machine for parcelling out as required. Authentication shouldn't require sending out private data, but rather challenge/response that can only be correct if I possess the proper keys.
Passport must be made open to third party scrutiny if they want to play with everyone else. Industry standards are that they must publish their design and code for open third party review and analysis. I personally would not accept less, and would be shirking my professional responsibilities not to advise this to anyone I do work for. I assume they have not done so, nor do they plan to. I would also expect the Liberty Alliance to have a similar standard to mine, and if not I wouldn't advise anyone to use that either.
The logic of symetric and asymetric key systems isn't that deep, although their can be a lot of hazards in the implementation. The only good solution to this is lots of eyes, and all responsible professionals should insist on it.
But personally, I agree with what another Slashdot reader said: its the browser's job to look after a user's password. a single username and password for all your site's is absolutly retarded security-wise.
Well, not the browser itself, but an independant security module that can be accessed by the browser and any other program that needs to. Having one or many user names isn't really the issue, and the only password needed should be to open up your locally stored private key chain.
That puts all the load on protecting that private key chain, and anything you can do to secure that information is a good thing. Single point of failure isn't the issue that people make it out to be. The issue is keeping the most sensitive data, the private keys that can open up everything, private. Opening them up in the memory of your PC is better than trusting that function to a third party, but better is to never expose the private keys.
One cool job I had was for a company trying to market a secure messaging system. They went belly up before the dotcom crash, but the technology was very cool. It was a message hub system with key escrow and the works. The actual message processing was done by a purpose built box that had no disks or permanent storage, just a network connection. The keys were stored in PC/MCIA cards that had processors and non-volatile storage, and only half of the key was stored on each card. The only place you would ever have private or session keys in clear text was on the closed box or half of one inside the PC/MCIA cards.
The point is that it might be good to have a sub-processor that can do things with the private keys, but never have them in clear text outside of that. This could be done with the kind of physical tokens that some people have suggested when single sign on came up before. Although some will find this excessive, I think it is a good idea.
There must be information about the hardware specifications, since AMD and Intel are working on building it. It would seem counter-productive to keep this part of it secret.
Assuming that there is some core of the technology that makes sense, can't we find a way to use the hardware features to do something useful? We know the MS implementation will be just as effective as the rest of their security efforts, so it is most likely to just piss customers off.
Now that there is a baseline sequence for humans, we need to do the same for all the great apes. I would think this would be valuable on a number of levels.
This is why we can't just do the diff, although I would think order of billions would be a bit big on most platforms as well.
U.S. Government agencies must use open standards in all data transactions and data archives. Sincere Choice states this clearly.
It's just too funny that they think these tactics really work for them. Since they are sharing source with trusted partners, they can get beyond the "several thousand employees", but they just don't get what it is all about. The question is, what is the motivation? The profit motive is central to everything they and their partners do, and it shows.
It is really dangerous for them to share their code even in this limited way, because it is likely to get out when they do. Since it is a given that security is never perfect, it will get out, and possible make their code even more vulnerable. They still try to say that Linux has just as many security bugs, while freely admitting that they have not designed for security in the first place. I find this statement particularly humorous:
With the launch of the initiative, Microsoft halted production on new code in all of its products and charged employees with scanning through every line of existing code in search of vulnerabilities.
That's from the Valentine article. I hope he isn't as clueless as this statement suggests. The idea that you can find security holes with this method would suggest he is not competent to hold the job title. Security takes a systematic approach starting from architecture, and including a lot of theoretical work to back it up. Only then can you expect to find security bugs by looking for hazards in the code. If they had done this in the first place, there are a large number of features that never would have gone in.
Admittedly, the open/free source community is a bit smaller than "the rest of the world", but they have the right motivation. Just how receptive do you think MS will be to reported problems? Is MS going to give your company a discount on licenses for some future product, or more likely will they attempt to minimize the importance of any flaw because it means more work for them to fix it?
When commercial companies embrace GPL practices, they are motivated to solve the problems that relate to their own products. This only works because you can't get without giving. GPL means that your competitor can't get the benefit without giving back the enhancements they make as well. Unless you are big enough to do it all yourself, there is always way more that you get from GPL than you give. If anyone attempts to cheat, it's all out in the open.
To close, I'd like to point out the FUD line that closes the article:
The big issue there, he said, was a reluctance to accept legal liability for open-source software.
I guess we are to assume that they will be replacing all those standard disclaimers with a statement of fitness and accept liability when they fail to deliver.
The modders should and probably do expect this. It's the people buying the mods I don't understand. If you don't like what MS is doing, don't participate. Ok, I get the angle that if you buy and Xbox and never get more than one or two MS certified games, they lose money, but that just seems like a silly pursuit to me.
What I really wonder is how Sony and Nintendo will respond to this. We know about the Linux kits for PS/2, but is anyone doing anything interesting with them? Don't you think it would be good for them to join Apple and have a really open discussion about how to do DRM in a consumer friendly manner? The only way MS can win is if everyone else sits on their ass and lets it happen.
When I first started working in the early 80s I consciously steered away from IBM technology because I knew they had already peaked. History showed that this was true even though very few could see it. "Nobody was ever fired for buying big-blue systems" was ubiquitous just like the the attitudes that MS will steamroller everyone is today. Guess what, MS could be yesterday's news in five years. The pace of change is even faster now and the Gates empire is nothing compared to the old IBM, so this prediction isn't that way out.
Stop buying into their marketing, and don't try to play their game. It was already clear in the mid 80s that MS would compete relentlessly with the very software companies that made the platform popular in the first place. They have abused trust at every turn and will get what they deserve.
Of course, the computational problem of predicting or simulating how this happens is one of the very hard ones. As I understand it, it is complex enough just understanding how the proteins fold into the correct final form, and there are diseases that involve this not happening correctly for some proteins.
A lot of people think that knowing the DNA sequence is like knowing the code for a program. Even if it was, you don't know the entry points very well, but even more significant is the large amount of state that is held in the topology in addition to the sequence. It is logical that it is this type of state that is central in the development of multi-cellulars, and cell differentiation as well.
A few more generations of Moore's law and maybe we can start to attack the really interesting problems computationally, but for now we will have to be satisfied with baby steps. I have difficulty understanding the mentality of the commercial entities that are trying to capitalize on the little bits that are emerging now. This stuff screams for open collaborative research even more than computer technologies. Come to think of it, in the end it most of it will be computer technology, and mostly software at that.
Beside the fact that the employees probably had almost nothing to do with the decision, it is objectively bad for the government to lock up our information in a propriatary format.
The real tragedy of this will come down the road, when not even current MS crap (if they survive) will be able to read the obsolete Word2002 formats stored in the archive. Even today, I expect that you would have some problems reading at least some old windows document formats in the most current editions.
MS development processes are so ad-hoc and market driven that they cannot even keep track of all the external representation formats that they have created. They just don't get it. The reason that experienced and skilled software architects and designers insist on supporting mature standards is because otherwise it turns into an unmanagable mess. Stability is way more important than wiz bang features. Note that this is also the source of many of their security problems, at least the ones that aren't due to allowing program fragments to run from untrusted sources, but I digress.
This is also why the Linux platform is so much better. Even though it is not yet at a maturity and stability level that satisfies us, it is still completely usable because it doesn't just abandon standards in an attempt to gain market dominance. Once a standard is established and has become stable, you can be certain that it will be widely adopted. In this environment, any number of projects can implement that standard, and users have a choice to stay with the old reliable tool, or upgrade to get more features and functionality. Or even use both situationally.
I might have suggested that there were close connections between some HP people and MS before the merger led to this ill-fated merger, but apparently they have been doing this to themselves for a long time.
Are they just killing off their Unix server business, or was that already more or less complete before the merger.
Don't they have some responsibility to do something about this? Something in line with industry standard practices.
Unless you pulled the hair out by the roots, there would be no DNA present. Even if there was, it probably wouldn't be useful for sequencing for very long.
Well, yes, this gets to the heart of the matter. Now that they have sequenced the whole thing for at least one human, the real interesting question is how it varies, and then of course how those variations relate to physical traits, diseases, resistence to disease, and so on. I'm sure they want access to the whole thing, not just the statistics. Once you have enough of them, you can start to map variations.
One thing that I'm a little unclear on from the reports. Are they actually sequencing the whole thing, or just the sections that are parts of genes (i.e. code for proteins). I always understood it to be the former, including all the vast areas that do not code for anything (that they know of). I've always been curious to know if these areas code for other things.
It's not such a stretch to immagine that these areas contain what we engineers would call "out of band" data that could relate to developmental sequencing or even generational memory (ok, maybe that's a stretch, but possible).
Just by having the entire sequences of a large number of individuals would make some explorations of this data possible just as pure data. If you find out of band areas that are near identical in all people, that would be a strong indication that it codes for something important.
In my opinion, this is a problem with insurance companies, not with having information. The bottom line is that insurance works best when it protects us against unknowable random events, and this is absolutely not the case with health care.
This just gets worse as the science gets better. Of course, not everyone has in the world has this problem. At least it is better than not having access to health care, but I digress.
Does anyone know any way see this in a readable font?
Seems to me that security should be an end-to-end concern of any application over TCP/IP. We have secure versions of many important apps, but not all. https and ssh handle some of the most critical aspects, and certainly IP-phones should be encrypted even if it isn't a particularly long key.
By the way, with analog cell phones, you can just follow your target around with a standard scanner and probably pick up any call they make. A bit harder with digital, but no more secure. Note that in your example, you don't have to 'capture' their signal either, just monitor it.
I'm sorry you are having a bad time of it. I did say that it might take some adjustments. All I'm saying here is that the long term looks good. The technology doesn't get any simpler, and it gets more capable, so we have to work harder just to keep up. The dotcom boom was really a bad thing for all of us, even if a few did very well for a short period, the hangover is awful.
I'm out of work for the second time during the downturn, and I have 20 years in development and admin. It took from Memorial Day til November last year. It's hard to say if I'm technically unemployed now as I'm not looking for a conventional job this time. That means I'm busy, but I don't know where the next paycheck comes from.
I know it is hard to take, but you will find the right situation if you keep and open mind and keep at it. Take something else in the meantime if you have to, but things won't stay down in tech forever.
Frankly, some of the number I was hearing thrown around for salaries in the 98-99 timeframe were getting pretty outrageous because of the dotcom boom, although it never really benefitted me that much. And if you looked at the rest of my comment you would know that I don't have a problem with immigration, just that some industries get better treatment.
Any technical person worth their salt will be able to find productive work for the forseeable future. Sure you might have to make adjustments and it might take some time in the middle of a downturn, but you have nothing to complain about when compared to the average blue-collar worker whose company downsized, closed a plant or shut down completely.
That said, I'm still not that happy about the way certain industries can import labor instead of treating the people who are here better. At least most illegal immigrants are doing jobs that few citizens will take, and I think their status should be normalized to prevent abuse. Also, as long as I am this far off topic, there needs to be some normalization of labor conditions worldwide. Trade normalization is fundamentally unfair without it.