I used to develop a GPL app, the GNUstep-based character map Charmap. It had a few dozen users, and I'm pretty sure none of them ever took a single look at the source. Only the very biggest applications get attention, and very often quite uncritical examination at that. Not true in my experience. I run two minor (between 20k-30k downloads each) OSS projects and I get a regular flow of patches from users. People do read your code; they'll even complement you on aspects of your coding, or ask a question about style when submitting a patch if it's not in one of their major languages.
And that's just the tip of the iceberg. I regularly look at the code of other software, because I'm always thinking of ideas to improve/modify it. Yesterday, for example, I spent an hour hacking evince, in order to switch off a few features that annoy me and change its behaviour slightly. I'll never submit those patches, though, since they take the software in a different direction to what the evince team wants. I'd guess that for every patch that gets received, there's many more that never get submitted.
Mind you, just because I hack software, it doesn't mean that I go through the code with a fine-toothed comb - I grep for what I'm looking for, do a quick hack and get the hell out of there. So to call it "peer-reviewed" is wrong, I'd agree with that. Any cleverly obfuscated evil code is almost certainly going to be missed - nobody wants to spend time deciphering poorly written code.
1) Make media easier to start using. I'm sure there are a dozen distro teams working on this right now, so I'm probably preaching to the choir...but it needs to be said, lest no one say it at all. I've had issues making media work in Linux recently, and am sticking with Vista at the moment because I can't find a few consecutive hours to devote to troubleshooting the matter. The problem with DVDs (which is what I assume you mean by "media") is that playing them under linux requires circumventing the DMCA. Hence distros that are created in the USA (or in a country with a trade agreement with the USA that includes the DMCA) can't include software such as DeCSS by default.
You want DVDs to play under Linux by default? Go talk to your government!
They don't have to suspect everyone, they only have to suspect the _very_few_ who have truecrypt.
We're all within 48 hours from Guantanamo Bay. The USA/CIA has kidnapped people in other countries (e.g. Italy) officially without the consent of those countries. And Guantanamo, as my orange protest badge says, is state terrorism. But at least we hope that the countries we live in aren't like that... and if they are, well, you're screwed if you use any form of encryption or do anything even a little out of the ordinary. When your legal rights are forcibly removed, there's nothing you can do... but if they haven't been, then using truecrypt and handing over only one key should not be seen as an admission of guilt.
I may be wrong but Truecrypt only supports 2 such volumes per volume. So they'll just ask you for both keys for every volume. No, my point was that truecrypt also supports an encrypted volume without a hidden volume inside it. How do they know you've got a hidden volume just because you're using truecrypt? You might simply be using it because it provides transparent real-time encryption and is OSS. And you might have three separate encrypted volumes, but say that only one of those has a hidden volume, to which you reveal the keys. How do they know if you're telling the truth? Put simply, they can't.
If you can hide that cdrom so well, you might as well put the data on the cdrom (or USB drive) and hide it. If you do it well enough, even if they find it they may be interrogating someone else instead;). Oh, indeed:) And that's the ultimate point, isn't it? The ones who are really trying to hide something won't get caught, but in order to demonstrate that "something is being done", ordinary, innocent citizens will get falsely imprisoned through stupid laws like this.
The last I checked: 1) Truecrypt is not a default install on any popular operating system 2) The container requires Truecrypt software to work.
And so if in UK (or other countries with similar laws, like mine) they ever find truecrypt software in your possession, you'll be in for a very long interrogation. If you can hide the truecrypt software so well that nobody else can find it, then your need for truecrypt is quite low isn't it? Well, I'm not an expert in this myself, but as I understand it, the ability to have a hidden volume within the encrypted volume is not the primary purpose of truecrypt, which aims to provide a real-time encrypted filesystem. Say, for example, I have/home,/usr/local and/opt on different partitions, and all are encrypted with truecrypt. I might simply value the real-time encryption offered by the software and not have a hidden volume on any partition. Or I might have a hidden volume on one, two or all three volumes - I could have one or two "dummy" hidden volumes, and one intentionally hidden volume.
The thing is, nobody is going to be able to tell... they simply have to take your word for it. Otherwise you've got a police-state situation where people are permanently incarcerated merely on the suspicion of having material that they're not revealing... and if that becomes reality then the use of truecrypt will be the least of your worries!
That said, the truecrypt website also explains the completely undetectable use of truecrypt via a bootable cdrom... and if you really wanted to hide stuff, I suspect you'd take that route instead of just keeping the software lying around.
Considering you're replying to an article with the TrueCrypt wikipedia link, it's astonishing that you failed to read this section of the page:
TrueCrypt volumes, be they stored in a file or a device/partition, intentionally do not contain any discernible "signatures" or unencrypted headers. As cipher algorithms are designed to be indistinguishable from a pseudorandom permutation without knowing the key, the presence of data on the encrypted volume is also undetectable unless there are known weaknesses in the cipher. This means that it is impossible to prove that any file or partition is a TrueCrypt volume (rather than random data) without having the password to mount it. [my emphasis]
Put simply, if your law enforcement agency can't tell if TrueCrypt's being used, then they have two options: (a) assume that everyone using any form of encryption is using TrueCrypt, and keep everyone in jail until they release two keys for their encrypted volume (which would get extremely messy, since most people probably aren't using TrueCrypt) or (b) let you go.
So... is that statement from the wikipedia article wrong, or are you?
The general explanation, as I have seen it given many many times previously, is that, rather than write a/. story which links to some science/tech article, roland will paraphrase the article in his blog, and link the/. story to his paraphrase. This is a means of gaining ad revenue for himself and his employers (ZDnet, I think?), but it doesn't give any ad revenue to those who actually did and wrote up the research.
Is this true? I don't know. I never RTFA. The links are to the original story. The "Roland Piquepaille" link goes to his blog, but it's unlikely anyone will be clicking on that one unless they're interested in the guy... in which case, good for him.
Incidentally, if there are any ads generating revenue on that blog, I'm not seeing them thanks to adblock. I doubt/. is the best place to try to get ad revenue, somehow...
Remember how you lost the OS war to Microsoft? Its because Windows had more apps, and it didn't matter that it sucked. Clearly you don't remember the OS war, because there never was one. Macs were hideously overpriced and very few people could afford them. Windows wasn't exactly pretty, but it was cheaper, got the job done and was many times more stable than MacOS before the days of OSX.
Apple actually had the edge on Windows as far as software went, back in the day - especially in graphic design. Photoshop, Illustrator and QuarkXpress, to name just a few, were first developed for the Macintosh and were only ported to Windows in the post-Windows 3.1 world. Microsoft Word was brought to MacOS in 1985 and was arguably a better product than its independently developed Windows sibling (Word 4 for the Mac has a special place in my heart - it was uncluttered, elegant, small and powerful).
But... Macs were expensive and their Motorola architecture was slow. They never got the market penetrance for anyone (other than niche markets) to take their product seriously. And then Windows95 came out with pre-emptive multitasking (which shitted all over the appallingly unstable cooperative multitasking of pre-OSX MacOS) and it was all over.
What Apple's done right with the iPod is to keep the price competitive. The real issue with the iPhone for most users will be its price (and possibly the networks it can work on)... 3rd party applications really aren't going to be a big selling point for most people (unfortunately!)
Sarcasm aside, that is exactly the same reason why unlockers shouldn't bitch if their iPhones become iBricks. They are using them in a way the manufacturer hadn't intended them to be used. So if I buy a laptop that is "designed for Windows" I shouldn't be able to run linux on it? Since when did purchase of a piece of hardware imply what types of software you could use on it?
Wine, of necessity, has a (yechhh) Registry Yeah, registry databases suck. Good thing they're only found on Windows...
As regards your initial assumption, though - Picasa for linux uses a modified WINE environment, not your standard WINE installation. This means that the registry entries are in ~/.picasa/ and inaccessible by normal WINE applications. So unless you've configured your system to use the Picasa variant of WINE as standard, you're probably safe enough...
I rather like reading posts like that, personally, and the new/. comments display system encourages the practise - doing it allows as much of an abbreviated reply to be read as possible.
(However, I agree that the particular post you were referring to was confusing: this was because the first letter of the sentence was capitalised and there was no starting elipsis, thus giving nothing to indicate that it was a run-on line from the subject...)
first of all, the only user that gets sudo by default is the user that actually sets the os up. every other added user has to be given sudo permissions manually. how is this different to the first user having the root password (which they had to know to install it in your 'better model'. No, I'm talking about a hostile attack from an outside source, not from a trusted user. Obviously, once a user has sudo privileges, they effectively *are* root for all intents and purposes (in that it's pretty simple to compromise the system after that). However, if a hostile attacker has to crack both your password *and* the root password, that's an extra password that needs breaking.
Similarly, assuming you were able to grab the password in a non-sudo system But you need both a user password and the root password in this case. It's an extra level of security.
Ok, so there's no way to know the root password. But you can still reset it, and then you'll be able to login as root normally (locally, at least). Not that someone who manages to break in remotely using a sudo-able account would find that useful anyway, for the reasons I've pointed previously. I would have thought the bigger danger is the following: sudo passwd su rm -rf/etc/sudoers [do whatever you want at this point without anyone being able to stop you...]
The point being, once you've set a root password and disabled a normal user's ability to use sudo, they simply can't stop you from doing whatever you like to their system unless they're actually near the box and can hit the power switch (in which case, they can reboot with a live CD and restore the/etc/sudoers file and reset the password...) They can't even shut the system down remotely.
I can never remember which one is faster, "Hi Speed" or "Full Speed". As I was explaining to someone the other day, you've got the alternative of "Full Speed", which isn't, or "High Speed", which is full speed.
Personally, I was hoping they'd call this new standard "Full High Speed", and then the next standard "High Full Speed". After that can come "Highly High Full Speed", "Fully High Full Speed" and "Speedy Full High Speed".
I'm sure it makes more sense if you're high at the time...
The trouble is gnome's workspaces are not intuitive, they are not linked to each other in any way so it's hard to visualise where you are in the system. Beryl's cube is great for this and just as easy to use. What's not good about it is all the confusion over desktops, workspaces and viewports. Especially the fact that Gnome's workspaces can't be synced with Beryl meaning that all the open windows on the system show up in the taskbar on all viewports. Which is stupid. Hey, I'm not arguing with the fact that GNOME sucks (and so does KDE). And if Beryl works for you (and you're not frying your balls off using a hot GPU on your lap!), even better. It all looks very pretty, although I doubt the usefulness of many of the bells and whistles. It reminds me a bit of e16 (which was a great WM, if rather unfortunately flaky).
All I'm saying, though, is that there are alternatives. Using IceWM and ROX I get a desktop environment with a total memory footprint of about 12 meg. They use extraordinarily little CPU, and I've happily used them on a P120 laptop in the past. Maybe you don't get out-of-focus windows or drop-shadows or whatnot, but I reckon that would piss me off more than anything:)
Drag a window around in a Windows using GDI. You might see the hall of mirrors effect; moreso if something's waiting on something else to finish. No, I don't get this at all. This type of behaviour should rarely, if ever, happen on a low-latency linux desktop.
I originally thought the same thing with Beryl (the breakoff from Compiz, which is now remerging into compiz-fusion), and thought, "hey it looks nice, but that's about it". I left it installed on my machine as it was pretty stable and didn't see a need to remove it. After a while I started rearranging and managing my desktop-- all development work in one window, terminal windows in another, email/web browser in another, and the last for visualization apps (imageJ, matlab, etc.). It wasn't until I had all four desktops being active used that I realized how much easier it was to multitask with a more sophisticated windows manager. I could actively switch between desktops fast, drag and drop items from one desktop to the other, separate global and local task switchers-- all much faster and with less downtime than before. Now I find it rather limiting to use a linux box that doesn't have it installed. You do realise that just about any linux window manager can do all that you've described??
The only ones I know of that can't do this are TWM and Metacity. It's just unfortunate that the latter is shipped as GNOME's default WM...
Maybe this'll help, with a decent 3d graphics chipset, it makes the desktop more responsive by offloading the desktop rendering to the GPU completely. But 99.9% of this rendering is rendering you don't need! Why are wobbling windows necessary in my life??
I use IceWM, and with a current uptime of over 35 days, it's used my CPU for a total of 10 minutes, with an average CPU usage that doesn't register on a ps aux listing. If your desktop rendering is so CPU intensive you need to offload it to your GPU, you've got problems.
You make your system less safe by doing that How on earth are you making your system less safe by enabling a root passwd?? Your remote services shouldn't accept a root login by default anyway, and if your user account has sudo privileges then anyone with your passwd will own the system...
I've had various cell phones for 10 years now. Cell phones have a VERY clear distinction between OFF (phone goes to voice mail, no calls or texts come in, texts show up when you turn it on and they get retrieved, no missed calls are tracked but voicemail is registered) and SLEEP (phone is in low power mode, the buttons don't work, the screen is off, phonecalls/texts/vms come in). I really don't understand why this is something new and complicated for everyone to understand. It is not like this is a "new" feature... You don't want "activity" you need to turn off the phone. It has ALWAYS been like that I've had various mobile phones for eight years now, and I've never seen a single one that had a "Sleep/wake" button that implied a sleep mode. For that matter, I've never had one that blanked the screen and refused to respond to key presses when locked. And I've never heard of anyone calling locking their phone, "putting it to sleep". As I pointed out, even the Apple iPhone manual doesn't use that terminology - so why give a button that name?
Remember, we're dealing with technologically illiterate people here...
Sleep keeps the input devices and often the network interfaces active to some extent so that the device can be told to wake if it is needed. Oh, so your laptop wakes up every five minutes to check your email when you've put it to sleep with your mail client running?? Bullshit.
The issue here was that the phone regularly *downloaded* information using foreign carriers. And it was doing that because the phone wasn't *asleep*, it was merely *locked*. In other words, the device was still active, even though the button name suggested otherwise.
But I guess you can't suggest that an Apple product is defective by design on/....
It was pre-installed, so maybe he can't. Most vendors seem to provide a ghost image of the factory HD, or the install CD itself, but maybe his didn't. If his laptop didn't ship with Vista, then he can hardly be blamed for not having Vista installed, now, can he?
He should have an OEM CD, though, and can just wipe and re-install. I've had to do this when my current laptop had (hardware-related) problems, and it's pretty standard practice in the linux-laptop world. It sucks, but there's nothing you can do.
However, for anyone about to do this, do consider using something like Mondo to backup your PC (and don't forget to verify the backups!!) That way, restoring your system *after* repair is as easy as shoving the disc in and playing tetris for a few hours:)
Slashdot Mirror
And that's just the tip of the iceberg. I regularly look at the code of other software, because I'm always thinking of ideas to improve/modify it. Yesterday, for example, I spent an hour hacking evince, in order to switch off a few features that annoy me and change its behaviour slightly. I'll never submit those patches, though, since they take the software in a different direction to what the evince team wants. I'd guess that for every patch that gets received, there's many more that never get submitted.
Mind you, just because I hack software, it doesn't mean that I go through the code with a fine-toothed comb - I grep for what I'm looking for, do a quick hack and get the hell out of there. So to call it "peer-reviewed" is wrong, I'd agree with that. Any cleverly obfuscated evil code is almost certainly going to be missed - nobody wants to spend time deciphering poorly written code.
You want DVDs to play under Linux by default? Go talk to your government!
"one minute of pulling provides 10 minutes of power"
Browse porn and recharge your batteries
We're all within 48 hours from Guantanamo Bay. The USA/CIA has kidnapped people in other countries (e.g. Italy) officially without the consent of those countries. And Guantanamo, as my orange protest badge says, is state terrorism. But at least we hope that the countries we live in aren't like that
1) Truecrypt is not a default install on any popular operating system
2) The container requires Truecrypt software to work.
And so if in UK (or other countries with similar laws, like mine) they ever find truecrypt software in your possession, you'll be in for a very long interrogation. If you can hide the truecrypt software so well that nobody else can find it, then your need for truecrypt is quite low isn't it? Well, I'm not an expert in this myself, but as I understand it, the ability to have a hidden volume within the encrypted volume is not the primary purpose of truecrypt, which aims to provide a real-time encrypted filesystem. Say, for example, I have
The thing is, nobody is going to be able to tell
That said, the truecrypt website also explains the completely undetectable use of truecrypt via a bootable cdrom
Put simply, if your law enforcement agency can't tell if TrueCrypt's being used, then they have two options: (a) assume that everyone using any form of encryption is using TrueCrypt, and keep everyone in jail until they release two keys for their encrypted volume (which would get extremely messy, since most people probably aren't using TrueCrypt) or (b) let you go.
So
Is this true? I don't know. I never RTFA. The links are to the original story. The "Roland Piquepaille" link goes to his blog, but it's unlikely anyone will be clicking on that one unless they're interested in the guy
Incidentally, if there are any ads generating revenue on that blog, I'm not seeing them thanks to adblock. I doubt
Apple actually had the edge on Windows as far as software went, back in the day - especially in graphic design. Photoshop, Illustrator and QuarkXpress, to name just a few, were first developed for the Macintosh and were only ported to Windows in the post-Windows 3.1 world. Microsoft Word was brought to MacOS in 1985 and was arguably a better product than its independently developed Windows sibling (Word 4 for the Mac has a special place in my heart - it was uncluttered, elegant, small and powerful).
But
What Apple's done right with the iPod is to keep the price competitive. The real issue with the iPhone for most users will be its price (and possibly the networks it can work on)
As regards your initial assumption, though - Picasa for linux uses a modified WINE environment, not your standard WINE installation. This means that the registry entries are in ~/.picasa/ and inaccessible by normal WINE applications. So unless you've configured your system to use the Picasa variant of WINE as standard, you're probably safe enough
... can work it out just fine.
/. comments display system encourages the practise - doing it allows as much of an abbreviated reply to be read as possible.
...)
I rather like reading posts like that, personally, and the new
(However, I agree that the particular post you were referring to was confusing: this was because the first letter of the sentence was capitalised and there was no starting elipsis, thus giving nothing to indicate that it was a run-on line from the subject
sudo passwd
su
rm -rf
[do whatever you want at this point without anyone being able to stop you
The point being, once you've set a root password and disabled a normal user's ability to use sudo, they simply can't stop you from doing whatever you like to their system unless they're actually near the box and can hit the power switch (in which case, they can reboot with a live CD and restore the
Seems a bad security model if you ask me
Personally, I was hoping they'd call this new standard "Full High Speed", and then the next standard "High Full Speed". After that can come "Highly High Full Speed", "Fully High Full Speed" and "Speedy Full High Speed".
I'm sure it makes more sense if you're high at the time
All I'm saying, though, is that there are alternatives. Using IceWM and ROX I get a desktop environment with a total memory footprint of about 12 meg. They use extraordinarily little CPU, and I've happily used them on a P120 laptop in the past. Maybe you don't get out-of-focus windows or drop-shadows or whatnot, but I reckon that would piss me off more than anything
The only ones I know of that can't do this are TWM and Metacity. It's just unfortunate that the latter is shipped as GNOME's default WM
I use IceWM, and with a current uptime of over 35 days, it's used my CPU for a total of 10 minutes, with an average CPU usage that doesn't register on a ps aux listing. If your desktop rendering is so CPU intensive you need to offload it to your GPU, you've got problems.
Remember, we're dealing with technologically illiterate people here
The issue here was that the phone regularly *downloaded* information using foreign carriers. And it was doing that because the phone wasn't *asleep*, it was merely *locked*. In other words, the device was still active, even though the button name suggested otherwise.
But I guess you can't suggest that an Apple product is defective by design on
He should have an OEM CD, though, and can just wipe and re-install. I've had to do this when my current laptop had (hardware-related) problems, and it's pretty standard practice in the linux-laptop world. It sucks, but there's nothing you can do.
However, for anyone about to do this, do consider using something like Mondo to backup your PC (and don't forget to verify the backups!!) That way, restoring your system *after* repair is as easy as shoving the disc in and playing tetris for a few hours