Even better are car tyre measurements which are in metric (width and profile) and imperial (diameter) at the same time!
Even fully metric countries where few people know how big an inch is still have some things measured in inches: - rim diameters - socket drive. I.e. you can take your 3/8" drive sockets and they'll fit a European ratchet. - screen size
These are things where the measure itself is largely irrelevant for practical use and serves only as a size differential. The numbers can be arbitrary as long as they're consistent, sort of like clothing size.
To be fair, it's not that they don't like consumers, it's that consumers don't (and won't) pay enough. You can't offer real support when most of the machines you sell are $500 craptops. Apple's prices approach business hardware prices, which gives them the kind of margins necessary to offer such good support.
If Apple has shown anything is that consumers can and do pay enough. Maybe if they stopped making 20 models of craptops each and focused on a few ones worth having people would buy them.
It's called a package manager and every major distribution has one.
Every major distribution has their own one that's incompatible with every other major distribution's. That's even though the package systems do the same job. Even distros that use the same package management system don't share compatible repositories.
So you just turned supporting "Linux" into supporting Ubuntu, RedHat, SuSE, etc.
If they find that a pulse is indeed helpful, do you think this solution would work: Taking this pump and sending its output to a bladder with a check valve. The continuous flow will fill the bladder, and once a certain pressure is reached, the check valve opens and sends a pulse of blood out. It's failsafe too, since if the valve breaks you're just left with continuous flow like you have now.
Silly defaults definitely contribute, you're right about that.
Yes, I did list specific issues, but like I said, they're _examples_ of systemic problems. Whatever development processes created them have been creating issues many years now and will continue to do the same for as long as they're not fixed.
My boss summed up Linux very well in 2002: All the plumbing is there, but the faucet is missing. Sadly, it's still true.
That PC speaker control only controls beeps from Gnome apps like hitting backspace in the console. Apparently there's another sound system somewhere that's also working. Which is another really stupid thing in Linux: gratuitous, incompatible duplication. I can think of 4 different incompatible sound servers. Each has their own drivers and controls if you have the misfortune of needing more than one due to apps.
And yes I do have an nVidia card and checked the "use proprietary drivers" box. If it doesn't work then I'm entitled to a message to that effect at the very least. Doing nothing is unacceptable.
These are specific examples of systemic issues. Fix one of these and soon enough they'll be broken again.
I recently tried Ubuntu after leaving Linux as my primary OS in 2003. You're wrong. The GUIs are only fine if you're willing to stick with their narrow limitations. I think it's because they're constantly being rewritten instead of incrementally improved.
Examples:
When I hooked up a second display and clicked "detect displays", it did nothing. No error message, no effect. I see no way to fix this without editing config files manually.
My sound doesn't work at all. It's listed properly in all the config screens, but nothing comes out of the speakers. Now what do I do? I see no easy way to try different driver or other things without delving into a kernel module mess. Hello, terminal.
How do I disable that wretched shutdown beep with a GUI? The mute control has no effect on it, nor does disabling the system beep in the sound preferences.
This is basic stuff that's been an issue for 10 years.
Sorry, but desktop Linux in 2009 gave me the same experience as desktop Linux in 2003. I.e. 3 days of googling and sludging through manuals to get things working. The process is a tad smoother now, but it's still only good for two groups: Grandma who'll leave it the way it is, and experts who live Linux. Almost everyone I've ever met falls somewhere in between. It's hard to be just savvy in Linux. It's all or nothing.
Pretty skins are just that, skin deep.
Don't give me that paid support crap. I've never called MS support. I've never called Apple support. I can figure out how to maintain their systems by using them. If I'm going to have pay someone to help me with how to do basic things in Linux then I might as well just buy one of the other two.
You're right, there was a proof of concept of this as well. I think it was in the early 80s. Someone implemented a compiler that would detect if it was compiling the login command's source and add a back door. It would also detect itself being compiled and made sure the resulting binary also had this ability. So in effect the vulnerability only existed in the binaries and not in the source (login's or cc's).
There was a also a paper about how to combat this. AFAIK the just was that if you had two different compilers (like gcc and icc) it was possible to detect shenanigans. If you had a completely trusted compiler, i.e. a hand assembled one, no matter how crappy then you could detect shenanigans with certainty. You don't have to compile the whole system with your trusted but crummy compiler, once it verifies your normal one then you use that for real work.
My iphone 3g gets charged by USB. The "AC" charger is just a small brick with a USB port that you plug in your iphone cable into (as if it was a computer).
That's because of the flash. License plates are made to be reflective so the flash worked on it even though the plate was far away. Other plates were probably at a wrong angle. The blur is caused by a slow shutter speed, which means the scene was relatively poorly lit. The flash strobe is very fast, so it wasn't affected by the camera shake much.
Time lapse is a video where the frames are shot much slower than they're played back. Speeding up the world, essentially.
This is a regular long exposure. Single frame. Looking at the EXIF data on the original JPEG, the summary's image was a 31 second exposure. Hence why the driver is a bit blurry (he twitched a bit).
Joe the Pedo cares a lot about getting free untraceable internet access.
Oh no you don't. If the politicians don't get to use the "think of children" excuse to justify increased surveillance, shredding the Constitution, and guilty-until-proven-innocent, then we don't get to use it as an explanation for our security decisions.
Let's not have a double standard here; one standard will do just fine.
It's not a question of the children. It's a question of the police coming after ME because Joe used my internet and made it seem like I'm the one looking at kiddie porn.
We went through the same thing when switching to X.org from XFree86. When will nVidia support it? When will ATi support it? When will my driver be ported?
Why is X dealing directly with the drivers anyway? Why isn't there a thin graphics layer in Linux, like a framebuffer that supports acceleration? Write X to that. Then you can switch your X or use whatever GUI you want and you hardware still works. Freedom to choose, right? The mantra of Open Source?
I remember a bunch of very promising GUIs coming up in the early 2000s that really struggled without enough drivers. "The source is open, just port the thousands of drivers!" yeah sure.
What are you smoking? Show me some LARGE mesh networks. There were some attempts, but most seem to fall apart once the person that built them goes away. Mesh networks are hard.
So you're going to do this with your home wifi router, with crappy range, that won't even cross the road between your neighborhood and the next? How are you going to go between cities? Most people would rather take the capitalist approach: hire someone to do it for them. Then you're just forming an ISP, and you're back to where we are today.
We had a guest speaker here at my university just last week talk about this. He's setting up wireless mesh networks in rural Zambia. It's essentially the only communication system they have. Cell phones cost 66 cents/min and the locals make $1/day..
Anyway, they have very limited internet access, with a few hundred machines behind a 128 kbps link. They pay $1100/month for it. No way in hell are they gonna keep downloading all the patches needed on Windows. As such, a Windows machine is only useful for about two months (tops) before the worms eat it.
Destroying the machine with a sledge hammer isn't going to change the election. The votes on the paper tape won't be lost.
Lots of people have access to these things before the election. In some places the precinct captains take them home. The average age of the volunteers at elections is 72. I find old people trust me when I tell them something technical needs to be done. There were examples of viruses, where one infected machine will spread the virus to the others through the central tabulator.
These attacks aren't nuclear blasts. They're light punches. Basic security design would guard against them.
You're right, the ES&S system was for a different study. The one presented is Sequoia. That's what I get for posting tired;)
Thank you for the post, it's great to hear about how the companies are run. Don't take the rest personally, it's a reply to you but addressed to your (former) bosses:
Though most of the difficulties you talk about are things faced by any large project. File management and documentation? Please. All projects have to handle this. Apparently the Sequoia system is also a hodgepodge of many languages, I think they said around 10. That's a lot and makes debugging and audits more difficult while introducing more potential holes. I don't know if the ES&S system is that bad, too.
Hell no the firmware shouldn't be upgradeable in the field. That's another way for undetected tampering to get in. If you're fixing things up right until the last minute, the damn thing isn't ready for prime time. Use the paper ballots for that election. The firmware should only be upgradeable under public supervision.
And what good are the checksums if they're not checked? I don't see why the firmware can't do a checksum of the entire system before each voter comes in. Heck, use a TPM chip, they've been common on consumer machines for the last 2 years. That will give you a chain of trust and help you detect tampering. Anything on the machine should be signed by both the manufacturer and the state. But heck, with hard-coded keys and 16-bit hash functions, it's clear that the security is not only on the back burner, it's implemented by idiots. And I mean that term. Idiots.
As for the screwey state by state laws, yeah, so what. All of that is in the user interface, and can be abstracted pretty easily. Sure it will take time to implement each thing, but not that long. It should have NO effect on security. Heck, get some people who write tax software to do it. The tax code is complicated as hell and they're managing to slog through it.
Sure, it's not just voteCount++, but it's not that difficult that the utter shit that these companies put out is the best that can be done. Hire some competent people for pete's sake. And listen to them!
Stalin said it best: "It's not who votes that counts, but who counts the votes."
California ordered a review of all the machines used in the state last year. They would give access to university security labs to one manufacturer's machines at a secure location. I mean the machines were held in cages over night and there was controlled access for only the researchers, etc. They were asked to evaluate the machines.
UC Santa Barbara did ES&S, and their analysis is here. They also have a short video on the subject, here it is on youtube
In short, all the machines were utter crap. The "seals" can by bypassed by bending some plastic. The locks can be bypassed with a screwdriver. Plus the software is susceptible to viruses, and they managed to make the machine vote for whoever they wanted. Even though all the machines have the VVPT (voter-verified paper trail).
the AC said that's 13 between the US and Cuba ONLY. There are a hell of a lot more routes in the world than just those. Even then, that's more than one a month. That's a LOT.
I'm not trying to defend the TSA, but you claimed that nothing bad was happening when there were no security screenings at all. That's where you're wrong. I'd be perfectly happy to go back to pre-9/11 screenings, but not to drop screenings entirely, which is what it seems you were suggesting.
Planes weren't raining out of the sky before the TSA was around, or even before any security measures were being taken.
Bullcrap. Maybe they weren't raining down, but they got hijacked a hell of a lot in the 70s. The rudimentary metal detectors that kept the guns and machetes off the plane stopped that trend. Sure, there was still the odd hijacking, but it wasn't fashionable anymore.
However the GGP had the impression that Scandinavia has very little corruption. No matter how dry the scandal is, it's still a sign of some sort of corruption.
Slashdot Mirror
Even better are car tyre measurements which are in metric (width and profile) and imperial (diameter) at the same time!
Even fully metric countries where few people know how big an inch is still have some things measured in inches:
- rim diameters
- socket drive. I.e. you can take your 3/8" drive sockets and they'll fit a European ratchet.
- screen size
These are things where the measure itself is largely irrelevant for practical use and serves only as a size differential. The numbers can be arbitrary as long as they're consistent, sort of like clothing size.
To be fair, it's not that they don't like consumers, it's that consumers don't (and won't) pay enough. You can't offer real support when most of the machines you sell are $500 craptops. Apple's prices approach business hardware prices, which gives them the kind of margins necessary to offer such good support.
If Apple has shown anything is that consumers can and do pay enough.
Maybe if they stopped making 20 models of craptops each and focused on a few ones worth having people would buy them.
It's called a package manager and every major distribution has one.
Every major distribution has their own one that's incompatible with every other major distribution's. That's even though the package systems do the same job. Even distros that use the same package management system don't share compatible repositories.
So you just turned supporting "Linux" into supporting Ubuntu, RedHat, SuSE, etc.
If they find that a pulse is indeed helpful, do you think this solution would work:
Taking this pump and sending its output to a bladder with a check valve. The continuous flow will fill the bladder, and once a certain pressure is reached, the check valve opens and sends a pulse of blood out. It's failsafe too, since if the valve breaks you're just left with continuous flow like you have now.
Silly defaults definitely contribute, you're right about that.
Yes, I did list specific issues, but like I said, they're _examples_ of systemic problems. Whatever development processes created them have been creating issues many years now and will continue to do the same for as long as they're not fixed.
My boss summed up Linux very well in 2002: All the plumbing is there, but the faucet is missing.
Sadly, it's still true.
That PC speaker control only controls beeps from Gnome apps like hitting backspace in the console.
Apparently there's another sound system somewhere that's also working. Which is another really stupid thing in Linux: gratuitous, incompatible duplication. I can think of 4 different incompatible sound servers. Each has their own drivers and controls if you have the misfortune of needing more than one due to apps.
And yes I do have an nVidia card and checked the "use proprietary drivers" box. If it doesn't work then I'm entitled to a message to that effect at the very least. Doing nothing is unacceptable.
These are specific examples of systemic issues. Fix one of these and soon enough they'll be broken again.
I recently tried Ubuntu after leaving Linux as my primary OS in 2003. You're wrong. The GUIs are only fine if you're willing to stick with their narrow limitations. I think it's because they're constantly being rewritten instead of incrementally improved.
Examples:
When I hooked up a second display and clicked "detect displays", it did nothing. No error message, no effect. I see no way to fix this without editing config files manually.
My sound doesn't work at all. It's listed properly in all the config screens, but nothing comes out of the speakers. Now what do I do? I see no easy way to try different driver or other things without delving into a kernel module mess. Hello, terminal.
How do I disable that wretched shutdown beep with a GUI? The mute control has no effect on it, nor does disabling the system beep in the sound preferences.
This is basic stuff that's been an issue for 10 years.
Sorry, but desktop Linux in 2009 gave me the same experience as desktop Linux in 2003. I.e. 3 days of googling and sludging through manuals to get things working. The process is a tad smoother now, but it's still only good for two groups: Grandma who'll leave it the way it is, and experts who live Linux. Almost everyone I've ever met falls somewhere in between. It's hard to be just savvy in Linux. It's all or nothing.
Pretty skins are just that, skin deep.
Don't give me that paid support crap. I've never called MS support. I've never called Apple support. I can figure out how to maintain their systems by using them. If I'm going to have pay someone to help me with how to do basic things in Linux then I might as well just buy one of the other two.
You're right, there was a proof of concept of this as well. I think it was in the early 80s. Someone implemented a compiler that would detect if it was compiling the login command's source and add a back door. It would also detect itself being compiled and made sure the resulting binary also had this ability.
So in effect the vulnerability only existed in the binaries and not in the source (login's or cc's).
There was a also a paper about how to combat this. AFAIK the just was that if you had two different compilers (like gcc and icc) it was possible to detect shenanigans. If you had a completely trusted compiler, i.e. a hand assembled one, no matter how crappy then you could detect shenanigans with certainty. You don't have to compile the whole system with your trusted but crummy compiler, once it verifies your normal one then you use that for real work.
My iphone 3g gets charged by USB. The "AC" charger is just a small brick with a USB port that you plug in your iphone cable into (as if it was a computer).
It also doesn't make much sense to have a storage device without a computer to actually make use of it.
That's because of the flash. License plates are made to be reflective so the flash worked on it even though the plate was far away. Other plates were probably at a wrong angle. The blur is caused by a slow shutter speed, which means the scene was relatively poorly lit. The flash strobe is very fast, so it wasn't affected by the camera shake much.
I wonder how many people were saved because someone warned them of the danger by calling/texting them.
Time lapse is a video where the frames are shot much slower than they're played back. Speeding up the world, essentially.
This is a regular long exposure. Single frame. Looking at the EXIF data on the original JPEG, the summary's image was a 31 second exposure. Hence why the driver is a bit blurry (he twitched a bit).
Joe the Pedo cares a lot about getting free untraceable internet access.
Oh no you don't. If the politicians don't get to use the "think of children" excuse to justify increased surveillance, shredding the Constitution, and guilty-until-proven-innocent, then we don't get to use it as an explanation for our security decisions.
Let's not have a double standard here; one standard will do just fine.
It's not a question of the children. It's a question of the police coming after ME because Joe used my internet and made it seem like I'm the one looking at kiddie porn.
The same applies to any other computer crime.
This should have been done when the move to X.org from XFree happened many years ago. Once nVidia ports their driver people stop caring.
We went through the same thing when switching to X.org from XFree86. When will nVidia support it? When will ATi support it? When will my driver be ported?
Why is X dealing directly with the drivers anyway? Why isn't there a thin graphics layer in Linux, like a framebuffer that supports acceleration? Write X to that. Then you can switch your X or use whatever GUI you want and you hardware still works. Freedom to choose, right? The mantra of Open Source?
I remember a bunch of very promising GUIs coming up in the early 2000s that really struggled without enough drivers. "The source is open, just port the thousands of drivers!" yeah sure.
What are you smoking?
Show me some LARGE mesh networks. There were some attempts, but most seem to fall apart once the person that built them goes away. Mesh networks are hard.
So you're going to do this with your home wifi router, with crappy range, that won't even cross the road between your neighborhood and the next? How are you going to go between cities? Most people would rather take the capitalist approach: hire someone to do it for them. Then you're just forming an ISP, and you're back to where we are today.
We had a guest speaker here at my university just last week talk about this. He's setting up wireless mesh networks in rural Zambia. It's essentially the only communication system they have. Cell phones cost 66 cents/min and the locals make $1/day..
Anyway, they have very limited internet access, with a few hundred machines behind a 128 kbps link. They pay $1100/month for it. No way in hell are they gonna keep downloading all the patches needed on Windows. As such, a Windows machine is only useful for about two months (tops) before the worms eat it.
Destroying the machine with a sledge hammer isn't going to change the election. The votes on the paper tape won't be lost.
Lots of people have access to these things before the election. In some places the precinct captains take them home. The average age of the volunteers at elections is 72. I find old people trust me when I tell them something technical needs to be done.
There were examples of viruses, where one infected machine will spread the virus to the others through the central tabulator.
These attacks aren't nuclear blasts. They're light punches. Basic security design would guard against them.
You're right, the ES&S system was for a different study. The one presented is Sequoia. That's what I get for posting tired ;)
Thank you for the post, it's great to hear about how the companies are run. Don't take the rest personally, it's a reply to you but addressed to your (former) bosses:
Though most of the difficulties you talk about are things faced by any large project. File management and documentation? Please. All projects have to handle this. Apparently the Sequoia system is also a hodgepodge of many languages, I think they said around 10. That's a lot and makes debugging and audits more difficult while introducing more potential holes. I don't know if the ES&S system is that bad, too.
Hell no the firmware shouldn't be upgradeable in the field. That's another way for undetected tampering to get in. If you're fixing things up right until the last minute, the damn thing isn't ready for prime time. Use the paper ballots for that election. The firmware should only be upgradeable under public supervision.
And what good are the checksums if they're not checked? I don't see why the firmware can't do a checksum of the entire system before each voter comes in. Heck, use a TPM chip, they've been common on consumer machines for the last 2 years. That will give you a chain of trust and help you detect tampering. Anything on the machine should be signed by both the manufacturer and the state.
But heck, with hard-coded keys and 16-bit hash functions, it's clear that the security is not only on the back burner, it's implemented by idiots. And I mean that term. Idiots.
As for the screwey state by state laws, yeah, so what. All of that is in the user interface, and can be abstracted pretty easily. Sure it will take time to implement each thing, but not that long. It should have NO effect on security. Heck, get some people who write tax software to do it. The tax code is complicated as hell and they're managing to slog through it.
Sure, it's not just voteCount++, but it's not that difficult that the utter shit that these companies put out is the best that can be done. Hire some competent people for pete's sake. And listen to them!
Stalin said it best: "It's not who votes that counts, but who counts the votes."
California ordered a review of all the machines used in the state last year. They would give access to university security labs to one manufacturer's machines at a secure location. I mean the machines were held in cages over night and there was controlled access for only the researchers, etc.
They were asked to evaluate the machines.
UC Santa Barbara did ES&S, and their analysis is here.
They also have a short video on the subject, here it is on youtube
In short, all the machines were utter crap. The "seals" can by bypassed by bending some plastic. The locks can be bypassed with a screwdriver. Plus the software is susceptible to viruses, and they managed to make the machine vote for whoever they wanted. Even though all the machines have the VVPT (voter-verified paper trail).
the AC said that's 13 between the US and Cuba ONLY. There are a hell of a lot more routes in the world than just those. Even then, that's more than one a month. That's a LOT.
I'm not trying to defend the TSA, but you claimed that nothing bad was happening when there were no security screenings at all. That's where you're wrong. I'd be perfectly happy to go back to pre-9/11 screenings, but not to drop screenings entirely, which is what it seems you were suggesting.
Planes weren't raining out of the sky before the TSA was around, or even before any security measures were being taken.
Bullcrap. Maybe they weren't raining down, but they got hijacked a hell of a lot in the 70s. The rudimentary metal detectors that kept the guns and machetes off the plane stopped that trend. Sure, there was still the odd hijacking, but it wasn't fashionable anymore.
I'd be hard pressed to call that stealing. How is that any different from taking it out of the dumpster, which is perfectly legal?
Stealing would be if the equipment was supposed to stay in the facility.
agreed, which is nice.
However the GGP had the impression that Scandinavia has very little corruption. No matter how dry the scandal is, it's still a sign of some sort of corruption.