Actually, I said that China would most likely pick a fight with the US.
Which is a quick way to get their whole army killed, so that mainland China doesn't seem nearly as crowded anymore. A male-oriented dieoff will help bring the gender ratio back to parity after these decades of discouraged female birth.
I think she meant specifically the button in the upper-right of a browser window which animates as you wait for the page to download. Normally the animation includes a globe and a letter like N, e, or M. (Called a "throbber" in web-professional talk)
However, that's still a red-herring, because there's no reason it really needs to animate at all- or even be a button.
is it really fair to blame the OS when things go bad?
Yes.
Drivers run much closer to the metal than regular apps.
If "the metal" was an intrinsic component of the computer like a CPU or even a PCI card, I'd agree that the driver needs to be low level. But for an external, relatively low-speed device (like USB), there is no excuse to inject the driver into the heart of the kernel. Just have it run like any other process with the bonus ability to read/write a certain special buffer connected to the USB port. The OS should've been designed so that the safest way to write a USB camera driver was also the easiest way.
No hardware I plug in after my computer is already booted should be able to crash my computer. That's a commonsense end-user expectation which Microsoft has yet to live up to.
Drivers have to run in ring 0 irrespective of the operating system. This includes Linux.
Absolutely wrong. Many fine OSes run device drivers for non-critical distant peripherals in userspace.
With Linux, it's actually easy to make a driver for a parellel or USB printer run in userspace- but Windows, for goofy reasons, still has printer drivers at ring 0.
However, it is true that most Linux drivers that you find are ring 0- but that's force of habit, nothing more. (Some drivers benefit from the closeness to the kernel, but most don't actually need that speed)
PS. Technically, a "device driver" is not a "driver".
We work together to make the 802.11x standards as bullet-proof and understood as possible.
There is no need to add security to 802.11x. To do so would be a waste of effort, or even counterproductive.
Adequate networking security already exists for the application-layer that runs on top of whatever physical communication mechanism you have. (It has names like SSL, SSH, VPN, and PGP).
If you extend Wifi to be "secure", then people will depend on it, and may ignore other measures that would protect them not only from radio sniffers, but also from eavesdroppers at the ISP or promiscuous PCs on the local ethernet.
So you hate Democrats, and thus decide to inject them into discussions where a representative politican of either party will behave in exactly the same way.
You might have the syndrome of "I agree with these guys on many positions, so I assume they'll agree with me on everything". That's common amoung optimistic voters who think that a major victory of their party will actually change something. But the fact is that 99% of all politicians want everything that matters to stay just as it is.
He hates Free Enterprise, preferring Big Government.
Both parties claim to love Free Enterprise, but they're both using the same euphemism: what they both really love is Big Business. (Although the D&R each give minorly different levels of preferences to different sectors- for example, the Teamsters are a big business, but loved by only one party)
The Republicans like Big Business- and Big Business likes government-enforced monopolies. Lockheed, Boeing, and Northrop are happy that only NASA can order space vehicles from them. Instead of having to trim margins in a competitive environment, their salaries are paid by taxpayers who can't choose to bring their spaceflight needs to another vendor.
Bush is a close friend of Lockheed CEO Hoffman- he won't do anything to undermine his buddy's lucrative contracts for everything that flies.
Not if you stay on your flight plan and don't have a trajectory leading you into a population center.
There's not enough time to notice. If the operator of a private space-vehicle swaps out the flight plan at the last minute, a totally legit orbital mission can become an unstoppable destroyer of the White House.
If the launch site is a Texan desert, then it'll strike Washington DC in 20 minutes. There's no way an intercept
You might argue that an ABL could sit by the launch pad, and automatically destroy the vehicle if it's aimed the wrong way. That's could work, although it has some major weaknesses, and imposes a high cost on the government. But it would only work for simple ballistic flights. A real space vehicle would have enough control at the orbital level to crash at chosen place on the continent.
Maybe the White House has missiles that can stop a 747 from reaching it- but they can't block a mini-spaceshuttle zooming downward at 5000 mph. So they'll protect themselves the only way they can: by never allowing that vehicle to be built.
Which is why a tech should be forced to vett password changes. Thirty minutes checking some websites in the user's history
Not only would that be a HUGE waste of the tech's time, it still won't work.
Suppose I go to my company's tech office and tell them to set my login to the same password I use for slashdot (which is "oiiiocmm"). There's no way that tech can find it- he can't map my real name to an imaginary handle.
But if I used a word address as my (undisplayed) email contact for slashdot, then CmdrTaco can use that to find my work machines and guess my login name. The admin of a two-bit WWW BBS is not trustworthy.
The only way to be sure a user hasn't already compromised the password she is requesting is to place far too much trust on her. If you trust the user, then you don't need to vett the password. If you don't trust her, then your vetting will be insufficient, so just create a random string instead.
But, under your argument, I might say that I am allowed to use this copy of Windows XP, and make a backup copy.
No, unless you think you can keep a car that your friend gave you after he stole it. Even if "reciept of stolen property" wasn't a crime on its own, the police would still want things returned to their owners.
Naturally, once an illegal action occurs, most everything which derives from it is also illegal.
(link) (link) (link) (link)
Why did you post links that undermine your position? All of those links disagree with your statement, except for one of them which only applies to Australia (which I suppose would naturally have laws similar to Britain). They do however show that some lawyers are ready to argue for anything, even if they know it's wrong.
Here, I'll paste in the first 2 sentences from one of those links, to help you out:
In the opinion of the United States federal courts, digital software embodied in a computer's Random Access Memory (RAM) is sufficiently fixed to constitute a "reproduction" under the Copyright Act.1 As a reproduction, the creation of the RAM embodiment, or the loading of software into RAM, is a potential copyright infringement. However, a close reading of the Act and its legislative history reveals that a digital work embodied in RAM should not be considered a reproduction of the work.
This lawyer-stuff can be tricky, but you have to read a whole 2 sentences, and not just the first one.
Some of the other links support the idea that RAM copying might be illegal reproduction, but they do so weakly, and only contingent to the software having been licensed in the first place, which is not the case with typical GPL distribution.
The last paragraph of the Wikipedia page is also pretty interesting- although I can't respect that article too much, as the first paragraph is blatantly (and politically) wrong.
How odd... you quoted me, and then wrote some stuff after it that had nothing at all to do with what I said. Why did you decide to do that? I'd think you had accidently replied to the wrong post, except that you actually pasted in my own words.
I mean, "fair use"? What's fair use got to do with anything?
All of computer software copyright hinges on the concept that copying the software from your permanent storage to your computer memory in order to run it counts as copying the work.
Wrong- unless you happen to live in Britain. If so, then you are correct, but you should've qualified your remarks as only applying to that one country, and not used the word "All".
Otherwise, in the USA for instance, people are allowed to make temporary copies of anything as necessary for normal use of a product. When you play a CD or DVD, for example, the machine copies chunks of data off the disc into memory buffers. But you don't need to agree to anything to play it.
Except of course if you agree to the GNU General Public License, which the software is licensed under. Then you can use it.
Wrong wrong wrong. If somebody gives you software, you can use it from then on. Once the files are in your possession, you can use them, unless you've somehow signed a specific prior contract promising you won't. The only things you can't do with software you possess is break other laws- primarily copyright, which in most countries prohibits you from copying (or redistributing copies) of a program without explicit consent from the author.
If you don't plan to give out copies of the program, you have no need to agree to the GPL, or even read it.
Now, I don't know Austrian law, but if there is something unique about it that requires specific permission from software authors before you can run their programs, you should've said so.
Obviously only under the terms of the GPL, which explicitly state that you must not hold the author liable for any damages caused.
Wrong. Go read the GPL before lying about it anymore. The GPL mentions there is NO WARRANTY, but just a statement of fact- reminding you that if you thought an author had offered a warranty, that no, she really didn't. It contains no "agreement" of the form "If you decide to use this, you give up all consumer-protection rights and can never sue me"
That's why I want to give them the choice of hand holding or not. It seems you don't.
If you want to learn about Linux, then there is no actual choice. You must learn CLI.
There are many kinds of Linux config GUIs- at least one per each major distro. None of them are the same. Only when you get down to the CLI level are things approximately comprable.
So if a person wants to learn "Red Hat" or "Gentoo", then fine- give her the choice of CLI or GUI. But if she's trying to learn "Linux", CLI is the only way.
Why do you single out Kerry? Considering George W Bush's viewpoints on terrorism, civil liberties, and missile defense- do you think he'll be any more likely to allow private individuals to build huge long-range guided rockets inside the USA?
He'll assign an ABL to zap you on the boost phase!
For that price, the state could have bought every house a solar panel and the pooled energy would be plenty to power the area for a fraction of the price.
As I recall, there are cities in New York state that regularly lead the USA in annual snowfall. How much power will you wring from solar panels in that kind of condition?
The proposed drilling at ANWR was a fraction of what we could possibly do.
Simple fact: the total amount of oil estimated to exist in the ANWR is less than the USA burns in 10 months. Nothing else really matters.
There is oil we don't even know about yet, ripe for the picking.
The assumption that the earth still contains a lot of undiscovered oil is why conservationists whine about running out in 100 years, instead of just 20. (Which is when all currently-known oil fields will be used up)
Where have you seen this? Everyone in the industry I've seen talking about this says that it will last for well over 100 years.
In 1999 some semi-intellectual pro-business journal (maybe it was "Reason") put this on their cover: "No worries about oil! We have enough to last more than 90 years"
That idea was rather shocking to me- I'll still be alive in 85 years, and might like to go for a drive- but they actually considered sub-century time a good thing.
But anyhow, if you lookup the official US Geological Survey estimate for total oil in the world, and divide it by the amount of oil used in the past year, it comes out to around 17 years.
Most nuclear plants have containment structures that were designed to take a military jet crashing into them.
Does anyone have a link to the video of those actual tests being conducted? They were very impressive- the crashing planes were turned to powder without denting the building.
No good security software will accept a password passed on the command line. If they did, it would open more holes than just shell history- consider that most Linux systems allow all users to see every command line that any user is currently running.
ssh, for example, will only let you type a password in a separate interactive prompt. So.bash_history will only hold the passwords if the software was woefully misdesigned.
However, there is a file that might hold the passwords: the virtual memory "swap file". It's unlikely but not impossible that the just-typed password could be swapped from RAM to disk, and then left on disk a long while.
As long as I use a reasonable password for my login account, and I don't leave my computer unlocked, I assume this is a safe approach. Is it not?
Attacks can be made by someone with physical access to your machine (a burglar, janitor, roomate, detective, etc)
She just needs to take a copy of the Windows system password file away with her. If your computer boots from CD (or allows bios access to change that setting), then this is easy for anyone with a purse big enough for a CD + floppy. If the system has a locked-down BIOS, then the attacker faces riskier work: unscrewing the computer to yank the hard drive, stuff it in another machine, and copy the file- then try to bring it back before you notice.
In both those cases, you might get a warning from the unexpected reboot- but that can be explained as a power failure. (Also, some security devices exist to partially protect from both attacks)
Anyway, once the attacker has your password file, it'll take a week or so to brute-force your Windows login. Then she can open that text file just like you do.
The important thing to remember is that although some encryption schemes can protect you if your entire hard drive falls into enemy hands, Microsoft Windows doesn't use one like that. Password Safe is probably a lot better.
Slashdot Mirror
Actually, I said that China would most likely pick a fight with the US.
Which is a quick way to get their whole army killed, so that mainland China doesn't seem nearly as crowded anymore. A male-oriented dieoff will help bring the gender ratio back to parity after these decades of discouraged female birth.
I'm not talking about buttons on web pages.
I think she meant specifically the button in the upper-right of a browser window which animates as you wait for the page to download. Normally the animation includes a globe and a letter like N, e, or M. (Called a "throbber" in web-professional talk)
However, that's still a red-herring, because there's no reason it really needs to animate at all- or even be a button.
End of story.
Give up astroturfing that lie, Mr Silver
is it really fair to blame the OS when things go bad?
Yes.
Drivers run much closer to the metal than regular apps.
If "the metal" was an intrinsic component of the computer like a CPU or even a PCI card, I'd agree that the driver needs to be low level. But for an external, relatively low-speed device (like USB), there is no excuse to inject the driver into the heart of the kernel. Just have it run like any other process with the bonus ability to read/write a certain special buffer connected to the USB port. The OS should've been designed so that the safest way to write a USB camera driver was also the easiest way.
No hardware I plug in after my computer is already booted should be able to crash my computer. That's a commonsense end-user expectation which Microsoft has yet to live up to.
Drivers have to run in ring 0 irrespective of the operating system. This includes Linux.
Absolutely wrong. Many fine OSes run device drivers for non-critical distant peripherals in userspace.
With Linux, it's actually easy to make a driver for a parellel or USB printer run in userspace- but Windows, for goofy reasons, still has printer drivers at ring 0.
However, it is true that most Linux drivers that you find are ring 0- but that's force of habit, nothing more. (Some drivers benefit from the closeness to the kernel, but most don't actually need that speed)
PS. Technically, a "device driver" is not a "driver".
We work together to make the 802.11x standards as bullet-proof and understood as possible.
There is no need to add security to 802.11x. To do so would be a waste of effort, or even counterproductive.
Adequate networking security already exists for the application-layer that runs on top of whatever physical communication mechanism you have. (It has names like SSL, SSH, VPN, and PGP).
If you extend Wifi to be "secure", then people will depend on it, and may ignore other measures that would protect them not only from radio sniffers, but also from eavesdroppers at the ISP or promiscuous PCs on the local ethernet.
4. He is a Democrat.
So you hate Democrats, and thus decide to inject them into discussions where a representative politican of either party will behave in exactly the same way.
You might have the syndrome of "I agree with these guys on many positions, so I assume they'll agree with me on everything". That's common amoung optimistic voters who think that a major victory of their party will actually change something. But the fact is that 99% of all politicians want everything that matters to stay just as it is.
He hates Free Enterprise, preferring Big Government.
Both parties claim to love Free Enterprise, but they're both using the same euphemism: what they both really love is Big Business. (Although the D&R each give minorly different levels of preferences to different sectors- for example, the Teamsters are a big business, but loved by only one party)
The Republicans like Big Business- and Big Business likes government-enforced monopolies. Lockheed, Boeing, and Northrop are happy that only NASA can order space vehicles from them. Instead of having to trim margins in a competitive environment, their salaries are paid by taxpayers who can't choose to bring their spaceflight needs to another vendor.
Bush is a close friend of Lockheed CEO Hoffman- he won't do anything to undermine his buddy's lucrative contracts for everything that flies.
Not if you stay on your flight plan and don't have a trajectory leading you into a population center.
There's not enough time to notice. If the operator of a private space-vehicle swaps out the flight plan at the last minute, a totally legit orbital mission can become an unstoppable destroyer of the White House.
If the launch site is a Texan desert, then it'll strike Washington DC in 20 minutes. There's no way an intercept
You might argue that an ABL could sit by the launch pad, and automatically destroy the vehicle if it's aimed the wrong way. That's could work, although it has some major weaknesses, and imposes a high cost on the government. But it would only work for simple ballistic flights. A real space vehicle would have enough control at the orbital level to crash at chosen place on the continent.
Maybe the White House has missiles that can stop a 747 from reaching it- but they can't block a mini-spaceshuttle zooming downward at 5000 mph. So they'll protect themselves the only way they can: by never allowing that vehicle to be built.
Which is why a tech should be forced to vett password changes. Thirty minutes checking some websites in the user's history
Not only would that be a HUGE waste of the tech's time, it still won't work.
Suppose I go to my company's tech office and tell them to set my login to the same password I use for slashdot (which is "oiiiocmm"). There's no way that tech can find it- he can't map my real name to an imaginary handle.
But if I used a word address as my (undisplayed) email contact for slashdot, then CmdrTaco can use that to find my work machines and guess my login name. The admin of a two-bit WWW BBS is not trustworthy.
The only way to be sure a user hasn't already compromised the password she is requesting is to place far too much trust on her. If you trust the user, then you don't need to vett the password. If you don't trust her, then your vetting will be insufficient, so just create a random string instead.
No, unless you think you can keep a car that your friend gave you after he stole it. Even if "reciept of stolen property" wasn't a crime on its own, the police would still want things returned to their owners.
Naturally, once an illegal action occurs, most everything which derives from it is also illegal.
(link) (link) (link) (link)
Why did you post links that undermine your position? All of those links disagree with your statement, except for one of them which only applies to Australia (which I suppose would naturally have laws similar to Britain). They do however show that some lawyers are ready to argue for anything, even if they know it's wrong.
Here, I'll paste in the first 2 sentences from one of those links, to help you out:
This lawyer-stuff can be tricky, but you have to read a whole 2 sentences, and not just the first one.
Some of the other links support the idea that RAM copying might be illegal reproduction, but they do so weakly, and only contingent to the software having been licensed in the first place, which is not the case with typical GPL distribution.
The last paragraph of the Wikipedia page is also pretty interesting- although I can't respect that article too much, as the first paragraph is blatantly (and politically) wrong.
How odd... you quoted me, and then wrote some stuff after it that had nothing at all to do with what I said. Why did you decide to do that? I'd think you had accidently replied to the wrong post, except that you actually pasted in my own words.
I mean, "fair use"? What's fair use got to do with anything?
All of computer software copyright hinges on the concept that copying the software from your permanent storage to your computer memory in order to run it counts as copying the work.
Wrong- unless you happen to live in Britain. If so, then you are correct, but you should've qualified your remarks as only applying to that one country, and not used the word "All".
Otherwise, in the USA for instance, people are allowed to make temporary copies of anything as necessary for normal use of a product. When you play a CD or DVD, for example, the machine copies chunks of data off the disc into memory buffers. But you don't need to agree to anything to play it.
Except of course if you agree to the GNU General Public License, which the software is licensed under. Then you can use it.
Wrong wrong wrong. If somebody gives you software, you can use it from then on. Once the files are in your possession, you can use them, unless you've somehow signed a specific prior contract promising you won't. The only things you can't do with software you possess is break other laws- primarily copyright, which in most countries prohibits you from copying (or redistributing copies) of a program without explicit consent from the author.
If you don't plan to give out copies of the program, you have no need to agree to the GPL, or even read it.
Now, I don't know Austrian law, but if there is something unique about it that requires specific permission from software authors before you can run their programs, you should've said so.
Obviously only under the terms of the GPL, which explicitly state that you must not hold the author liable for any damages caused.
Wrong. Go read the GPL before lying about it anymore. The GPL mentions there is NO WARRANTY, but just a statement of fact- reminding you that if you thought an author had offered a warranty, that no, she really didn't. It contains no "agreement" of the form "If you decide to use this, you give up all consumer-protection rights and can never sue me"
There already is a EULA. Its called the GPL.
No. No. No! For the last time, moron, the GPL is not an EULA.
GPLed programs never demand the End User to Agree to a License before using the software.
That's why I want to give them the choice of hand holding or not. It seems you don't.
If you want to learn about Linux, then there is no actual choice. You must learn CLI.
There are many kinds of Linux config GUIs- at least one per each major distro. None of them are the same. Only when you get down to the CLI level are things approximately comprable.
So if a person wants to learn "Red Hat" or "Gentoo", then fine- give her the choice of CLI or GUI. But if she's trying to learn "Linux", CLI is the only way.
Poor grandma just knows Billy told her to get Linux...
Mr Gates would never say a thing like that!
John Kerry's ilk
Why do you single out Kerry? Considering George W Bush's viewpoints on terrorism, civil liberties, and missile defense- do you think he'll be any more likely to allow private individuals to build huge long-range guided rockets inside the USA?
He'll assign an ABL to zap you on the boost phase!
For that price, the state could have bought every house a solar panel and the pooled energy would be plenty to power the area for a fraction of the price.
As I recall, there are cities in New York state that regularly lead the USA in annual snowfall. How much power will you wring from solar panels in that kind of condition?
The proposed drilling at ANWR was a fraction of what we could possibly do.
Simple fact: the total amount of oil estimated to exist in the ANWR is less than the USA burns in 10 months. Nothing else really matters.
There is oil we don't even know about yet, ripe for the picking.
The assumption that the earth still contains a lot of undiscovered oil is why conservationists whine about running out in 100 years, instead of just 20. (Which is when all currently-known oil fields will be used up)
Where have you seen this? Everyone in the industry I've seen talking about this says that it will last for well over 100 years.
In 1999 some semi-intellectual pro-business journal (maybe it was "Reason") put this on their cover: "No worries about oil! We have enough to last more than 90 years"
That idea was rather shocking to me- I'll still be alive in 85 years, and might like to go for a drive- but they actually considered sub-century time a good thing.
But anyhow, if you lookup the official US Geological Survey estimate for total oil in the world, and divide it by the amount of oil used in the past year, it comes out to around 17 years.
Most nuclear plants have containment structures that were designed to take a military jet crashing into them.
Does anyone have a link to the video of those actual tests being conducted? They were very impressive- the crashing planes were turned to powder without denting the building.
So my idea was to store a hash of the concatenation of the username AND password, ensuring with a high probability that no two hashes will be alike.
d = hash('password')}
Old way:
I wonder if anyone's password is just 'password'.
forall(user){test(user.hashedpasswor
New way:
I wonder if anyone's password is just 'password'.
forall(user){test(hash(user.login + 'password') = hash('password')}
2nd way requires more hashing to be done through the loop, but isn't really much harder.
even if someone's looking over my shoulder while I type the password, they're not going to get it.
Security through obscurity, that is. (And once you post it on the web, it's not obscure anymore)
.bash_history?
.bash_history will only hold the passwords if the software was woefully misdesigned.
No good security software will accept a password passed on the command line. If they did, it would open more holes than just shell history- consider that most Linux systems allow all users to see every command line that any user is currently running.
ssh, for example, will only let you type a password in a separate interactive prompt. So
However, there is a file that might hold the passwords: the virtual memory "swap file". It's unlikely but not impossible that the just-typed password could be swapped from RAM to disk, and then left on disk a long while.
As long as I use a reasonable password for my login account, and I don't leave my computer unlocked, I assume this is a safe approach. Is it not?
Attacks can be made by someone with physical access to your machine (a burglar, janitor, roomate, detective, etc)
She just needs to take a copy of the Windows system password file away with her. If your computer boots from CD (or allows bios access to change that setting), then this is easy for anyone with a purse big enough for a CD + floppy. If the system has a locked-down BIOS, then the attacker faces riskier work: unscrewing the computer to yank the hard drive, stuff it in another machine, and copy the file- then try to bring it back before you notice.
In both those cases, you might get a warning from the unexpected reboot- but that can be explained as a power failure. (Also, some security devices exist to partially protect from both attacks)
Anyway, once the attacker has your password file, it'll take a week or so to brute-force your Windows login. Then she can open that text file just like you do.
The important thing to remember is that although some encryption schemes can protect you if your entire hard drive falls into enemy hands, Microsoft Windows doesn't use one like that. Password Safe is probably a lot better.
-1: Pedantic answers to rhetorical questions