A centralized search provider cannot help but have complete information about searches coming from a given IP. Even if we use a P2P search, the peers we end up using can profile us. To increase privacy, one could generate more searches. It is trivial to write a shell script to wget a bogus google search every minute or so, pick a few words at random out of the result and use them for the next request.
In defense of Slackware, keeping both Gnome and KDE is redundant. The Ubuntu team (to name just one), apparently, agrees with me. Both DEs serve the same basic purpose: to GUIfy the system configuration and file management. Why would anyone need both? Do you like Gnome? Get a distro with Gnome. Like KDE? Get a distro with KDE. Then there are distros with both of them working, more or less: get one of those if you need to switch every day. But you wouldn't get Slackware anyway, if having a nice DE was that critical to you. Slackware's main strength is transparency; I use Slackware because I want a very fine level of control, and I don't want the system to do anything without me telling it to. Ergo, I use neither Gnome nor KDE, but WindowMaker, a WM so sublime, it still feels like a modern desktop, even though not a single update came through in 4 years.
And like others noted, what are these "production systems" that need Gnome? What part of Gnome is so critical to your server or build environment? If you know what you are doing, or if you are poised to learn how the system works, you will be using XFCE or lighter. There is nothing I can think of that KDE or Gnome will do for you that you cannot accomplish in seconds in bash. (Some tasks may require scripting, but that's what Gnome does too, right? Except that it does a lot of other things, which screws you over in the long run.)
I was reading Gardner when I was a kid, too. Something from Aha! series, iirc. His writing on logic and set theory, and Conway's life and other automata influenced my interests in a very dramatic way.
So your notion of "sufficient rigor" includes an appeal to authority (in this case, things must be true because MathWorks says they are) and your proof methods include "test it on a finite set of inputs"? I am not saying that tools like Matlab are altogether useless, but there is no reason to be satisfied with them when free software is available to fit the same bill. Compared to tools like GNU Octave, Matlab is just a toy, offering nothing but heuristics.
I know it is silly to expect for everyone to switch to free software by tomorrow. I know that the industrial process will not stand for that, and I am a realist. But I do believe that we must all switch eventually, and the sooner the better.
An example is the fast Fourier tranform and Matlab even uses an open source version of it called FFTW.
How do you know it uses it? May be it does something else? Did you step through it in Assembly? Did anyone? What about operations where they don't use open-sourced algorithms? You failed again to prove to me that Matlab is doing what you claim it is doing.
I can write a close-sourced program that proves twin prime conjecture. According to me, it will construct the formal proof, step through it verifying its validity, and then print out 1 if the proof is correct, 0 otherwise. Only you cannot see the code. You call this math?
How do you know what Matlab does? By testing it on a few inputs where you know the correct answer? That's not how we do things in math: we prove things to be correct; when we say that something is true, we back it up by a step-by-step description for how to derive that fact from axioms. If you conceal a chunk of your proof, you haven't proven anything.
What does this even mean? No one can check your work, because no one knows what you did. You yourself don't know what you did. People advocating close-sourced software in science are advocating using black-boxes, and are plain wrong.
Well, then 98% of published chemical research is voodoo.
If you say so.
Companies aren't going to write open software to control the $750K spectrometer they just sold you
If that is true, and I don't think it is, then these companies you are referring to are not qualified to produce scientific equipment, and other companies or the government should step into their place.
IMHO, nothing but free software should be used in science and science education. Any research relying on results produced by close-sourced software is voodoo.
When Virtual Security mirrors Physical Security - people should expect more from virtual security? How is a Night watchmen not a form of "vulnerability management" and "attack detection"?
I agree about the physical security: with software, we are confronted with a very similar set of problems.
All security in general is reactive.
I am not sure what that means. If I have a safe, for example, as a solution to my policy of restricting access, then I have something that is both proactive and reactive. The safe is proactive because it make unauthorized access via a blowtorch much more expensive than authorized access via a combination. It is reactive because it makes undetectable unauthorized access prohibitively expensive. I don't see why software security is different.
I am not a professional security specialist, but, with all due respect, I think that I have a clearer understanding of security philosophy than the author of TFA. At times, he seems to be completely lost.
He spends a lot of time attacking strawmen. He analyzes some definitions, for example: "A system is secure if it behaves precisely in the manner intended - and does nothing more." I would not dignify this with a comment, because this is the definition of bug-free software, nothing else.
"A system is secure if and only if it starts in a secure state and cannot enter an insecure state." Does this even mean anything, unless we define "secure state"? He is right about one thing: these are bad definitions. In fact, they are so bad, I can hardly see what they have to do with the software security.
The focus is almost exclusively on reactive, secondary security measures: vulnerability management, malware and attack detection, sandboxing
He disses the reactive approach, even though it is one of the cornerstones of the physical security. A system that cannot be compromised surreptitiously is often a less attractive target than the one that can, making it more secure in practice. And why is sandboxing in this list? Correct me, but it is the poster child of proactive approach. If your hypervisor or interpreter or whatever sandbox you are using is bug-free and is effective at enforcing your security policy, then the entire process is completely secure.
Which brings me to my next point. I'll go ahead and try to give a reasonable definition of software security. The software is secure if it is effective at enforcing the given security policy. I don't have to say that it is bug-free: it's an underlying assumption, because if the software has a bug which allows for violation of your policy, then the software is not effective at enforcing it.
I am perplexed by the omission of the policy notion from TFA. How can we start talking about security if we did not define what we are trying to secure ourselves from? Let's take one very popular policy, say, restriction of access to data. Despite of all of complaints in TFA, the problem is largely solved. To be more specific, let us imagine that we have a policy as follows:
(1) Data has to reside on a networked host (otherwise the problem would be trivial).
(2) Data has to be available upon an authorized request over the network.
(3) Data has to be available upon an authorized local request.
(4) Data should not be even detectable by an unauthorized agent.
(5) The same networked host has to be able to service unrelated public requests (e.g., HTTP).
I am not a professional, but even I can probably slam together a system, over a weekend, to implement this policy. OpenBSD, one restricted account apache to serve public requests, another restricted account apache with SSL to serve the data, reasonable file permissions. Good luck compromising me without social engineering.
I guess what I am trying to say is, there is nothing wrong with our understanding of software security. The reason the field looks so bad is because people design overly complicated, contradictory, or outright brain-dead security policies.
Oh, don't underestimate them. They do want to patent math, they are just waiting for their balls to swell a bit more. Then they can come out of the woodwork and say that math, for some bullshit reason, does not constitute "abstract thought", and presto, they will have an internally consistent law.
You got modded redundant because I already patented patenting patenting, as a part of my patent portfolio which includes, among other things, the patent for
Proprietary software vendors do stand to benefit from software patents if they can make (as they currently hope) things like GNU/Linux illegal to distribute without a license fee. IMHO, this is THE reason why software patents are in such vogue right now, as they are the last hope of a scoundrel who failed in the free market simply because he couldn't produce a product that's anywhere as good as the free software.
Well, actually, I did claim just now that they are the only weapon against the bath tub guy, and I think this is true. Care to name a law that prevents me from pouring tub water into a can that says "Pepsi Cola" and taking that to the market?
No. May be it's because you forgot to present any kind of argument. Patents and copyrights distort free market by cementing monopolies. They put a tax on all production and dissemination of new ideas, while giving nothing in return to the public. I cannot substantiate the last claim, but neither can anyone prove that patents and copyrights increase innovation or production. Without proof either way, these laws should be considered useless and bad, because they do cost a lot to us, the public, to enforce. The trade mark law prevents scam. It can, and is sometimes used to stifle free expression, but it is trivial to circumvent, if commentary and criticism is all you are after.
you and stallman fail because you assume trademark is the only weapon we have against the asshole selling bathtub bilge water as pepsi
I never claimed it is the only weapon. To my best knowledge, neither did Stallman.
You are like a poster child for Stallman's rant about the evils of the term "IP". You are attacking the trademark law without realizing that it keeps you safe from Pepsi Cola that was made in your neighbor's bath tub. The only reason you are doing it is because you bought into the "IP" rhetoric. Throw your errors when you see people use the words "IP" to make an argument, not when they point out that "IP" is a useless umbrella term that only serves to confuse.
Slashdot Mirror
A centralized search provider cannot help but have complete information about searches coming from a given IP. Even if we use a P2P search, the peers we end up using can profile us. To increase privacy, one could generate more searches. It is trivial to write a shell script to wget a bogus google search every minute or so, pick a few words at random out of the result and use them for the next request.
I am talking about this.
Nethack does have a GUI.
Curses? I don't think GUI means what you think it means.
In defense of Slackware, keeping both Gnome and KDE is redundant. The Ubuntu team (to name just one), apparently, agrees with me. Both DEs serve the same basic purpose: to GUIfy the system configuration and file management. Why would anyone need both? Do you like Gnome? Get a distro with Gnome. Like KDE? Get a distro with KDE. Then there are distros with both of them working, more or less: get one of those if you need to switch every day. But you wouldn't get Slackware anyway, if having a nice DE was that critical to you. Slackware's main strength is transparency; I use Slackware because I want a very fine level of control, and I don't want the system to do anything without me telling it to. Ergo, I use neither Gnome nor KDE, but WindowMaker, a WM so sublime, it still feels like a modern desktop, even though not a single update came through in 4 years.
And like others noted, what are these "production systems" that need Gnome? What part of Gnome is so critical to your server or build environment? If you know what you are doing, or if you are poised to learn how the system works, you will be using XFCE or lighter. There is nothing I can think of that KDE or Gnome will do for you that you cannot accomplish in seconds in bash. (Some tasks may require scripting, but that's what Gnome does too, right? Except that it does a lot of other things, which screws you over in the long run.)
Yeah, but would you have any cash left to spare for coke and hookers? Didn't thinks so...
I was reading Gardner when I was a kid, too. Something from Aha! series, iirc. His writing on logic and set theory, and Conway's life and other automata influenced my interests in a very dramatic way.
So your notion of "sufficient rigor" includes an appeal to authority (in this case, things must be true because MathWorks says they are) and your proof methods include "test it on a finite set of inputs"? I am not saying that tools like Matlab are altogether useless, but there is no reason to be satisfied with them when free software is available to fit the same bill. Compared to tools like GNU Octave, Matlab is just a toy, offering nothing but heuristics.
I know it is silly to expect for everyone to switch to free software by tomorrow. I know that the industrial process will not stand for that, and I am a realist. But I do believe that we must all switch eventually, and the sooner the better.
An example is the fast Fourier tranform and Matlab even uses an open source version of it called FFTW.
How do you know it uses it? May be it does something else? Did you step through it in Assembly? Did anyone? What about operations where they don't use open-sourced algorithms? You failed again to prove to me that Matlab is doing what you claim it is doing.
I can write a close-sourced program that proves twin prime conjecture. According to me, it will construct the formal proof, step through it verifying its validity, and then print out 1 if the proof is correct, 0 otherwise. Only you cannot see the code. You call this math?
They know exactly what it does. Matlab ...
How do you know what Matlab does? By testing it on a few inputs where you know the correct answer? That's not how we do things in math: we prove things to be correct; when we say that something is true, we back it up by a step-by-step description for how to derive that fact from axioms. If you conceal a chunk of your proof, you haven't proven anything.
What does this even mean? No one can check your work, because no one knows what you did. You yourself don't know what you did. People advocating close-sourced software in science are advocating using black-boxes, and are plain wrong.
You are drinking out of a sphere. Cows, due to the hole that is the digestive tract, are also donut-shaped, as are most eaters on earth.
Well, then 98% of published chemical research is voodoo.
If you say so.
Companies aren't going to write open software to control the $750K spectrometer they just sold you
If that is true, and I don't think it is, then these companies you are referring to are not qualified to produce scientific equipment, and other companies or the government should step into their place.
If you cannot see the code, how do you know if you are reproducing the results? You have no idea how the results were obtained in the first place.
Donuts are topologists' coffee mugs.
IMHO, nothing but free software should be used in science and science education. Any research relying on results produced by close-sourced software is voodoo.
When Virtual Security mirrors Physical Security - people should expect more from virtual security? How is a Night watchmen not a form of "vulnerability management" and "attack detection"?
I agree about the physical security: with software, we are confronted with a very similar set of problems.
All security in general is reactive.
I am not sure what that means. If I have a safe, for example, as a solution to my policy of restricting access, then I have something that is both proactive and reactive. The safe is proactive because it make unauthorized access via a blowtorch much more expensive than authorized access via a combination. It is reactive because it makes undetectable unauthorized access prohibitively expensive. I don't see why software security is different.
I am not a professional security specialist, but, with all due respect, I think that I have a clearer understanding of security philosophy than the author of TFA. At times, he seems to be completely lost.
He spends a lot of time attacking strawmen. He analyzes some definitions, for example: "A system is secure if it behaves precisely in the manner intended - and does nothing more." I would not dignify this with a comment, because this is the definition of bug-free software, nothing else. "A system is secure if and only if it starts in a secure state and cannot enter an insecure state." Does this even mean anything, unless we define "secure state"? He is right about one thing: these are bad definitions. In fact, they are so bad, I can hardly see what they have to do with the software security.
The focus is almost exclusively on reactive, secondary security measures: vulnerability management, malware and attack detection, sandboxing
He disses the reactive approach, even though it is one of the cornerstones of the physical security. A system that cannot be compromised surreptitiously is often a less attractive target than the one that can, making it more secure in practice. And why is sandboxing in this list? Correct me, but it is the poster child of proactive approach. If your hypervisor or interpreter or whatever sandbox you are using is bug-free and is effective at enforcing your security policy, then the entire process is completely secure.
Which brings me to my next point. I'll go ahead and try to give a reasonable definition of software security. The software is secure if it is effective at enforcing the given security policy. I don't have to say that it is bug-free: it's an underlying assumption, because if the software has a bug which allows for violation of your policy, then the software is not effective at enforcing it.
I am perplexed by the omission of the policy notion from TFA. How can we start talking about security if we did not define what we are trying to secure ourselves from? Let's take one very popular policy, say, restriction of access to data. Despite of all of complaints in TFA, the problem is largely solved. To be more specific, let us imagine that we have a policy as follows:
(1) Data has to reside on a networked host (otherwise the problem would be trivial).
(2) Data has to be available upon an authorized request over the network.
(3) Data has to be available upon an authorized local request.
(4) Data should not be even detectable by an unauthorized agent.
(5) The same networked host has to be able to service unrelated public requests (e.g., HTTP).
I am not a professional, but even I can probably slam together a system, over a weekend, to implement this policy. OpenBSD, one restricted account apache to serve public requests, another restricted account apache with SSL to serve the data, reasonable file permissions. Good luck compromising me without social engineering.
I guess what I am trying to say is, there is nothing wrong with our understanding of software security. The reason the field looks so bad is because people design overly complicated, contradictory, or outright brain-dead security policies.
Oh, don't underestimate them. They do want to patent math, they are just waiting for their balls to swell a bit more. Then they can come out of the woodwork and say that math, for some bullshit reason, does not constitute "abstract thought", and presto, they will have an internally consistent law.
You got modded redundant because I already patented patenting patenting, as a part of my patent portfolio which includes, among other things, the patent for
<patent> ::= "patenting" | "patenting " <patent>
Proprietary software vendors do stand to benefit from software patents if they can make (as they currently hope) things like GNU/Linux illegal to distribute without a license fee. IMHO, this is THE reason why software patents are in such vogue right now, as they are the last hope of a scoundrel who failed in the free market simply because he couldn't produce a product that's anywhere as good as the free software.
Well, actually, I did claim just now that they are the only weapon against the bath tub guy, and I think this is true. Care to name a law that prevents me from pouring tub water into a can that says "Pepsi Cola" and taking that to the market?
Meh. At least we agree on what matters.
seems pretty abusive, no?
No. May be it's because you forgot to present any kind of argument. Patents and copyrights distort free market by cementing monopolies. They put a tax on all production and dissemination of new ideas, while giving nothing in return to the public. I cannot substantiate the last claim, but neither can anyone prove that patents and copyrights increase innovation or production. Without proof either way, these laws should be considered useless and bad, because they do cost a lot to us, the public, to enforce. The trade mark law prevents scam. It can, and is sometimes used to stifle free expression, but it is trivial to circumvent, if commentary and criticism is all you are after.
you and stallman fail because you assume trademark is the only weapon we have against the asshole selling bathtub bilge water as pepsi
I never claimed it is the only weapon. To my best knowledge, neither did Stallman.
I am a citizen of Russian Federation. I'll start voting and caring in general when it actually makes a tiny bit of difference.
You are like a poster child for Stallman's rant about the evils of the term "IP". You are attacking the trademark law without realizing that it keeps you safe from Pepsi Cola that was made in your neighbor's bath tub. The only reason you are doing it is because you bought into the "IP" rhetoric. Throw your errors when you see people use the words "IP" to make an argument, not when they point out that "IP" is a useless umbrella term that only serves to confuse.