Good for you!
Interestingly, your message confirms RdRand *could* be subverted. Luckily now we also know that you would notice, and I'm sure in that case you would let us know;)
Knowing how to "code" isn't enough, you need to study the codebase. A tiny fraction of those who know how to code have studied the mailpile codebase enough to catch a backdoor. I would say, practially speaking... 0 outside the core developers.
Right now, you're probably right. As far as I can see it's not much used yet. But as usage grows, so would the number of contributors looking at the code, to add a new feature of fix a bug, each time increasing the chance malicious code or vulnerability would be found.
Backdoors or snooping are best hidden with plausible deniability. Even if you discover one, it won't be obvious that it was intentional, it will be no more newsworthy than a typical vulnerability report.
Right. Open source does not magically guarantee the absence of vulnerabilities (accidental or intentional). But it makes them easier to detect by the community, and harder to hide malicious code.
Take the snooping revealed to be happening in Skype. Would it be that easy to do with open-source clients and servers?
You can read the source code and confirm that it's all legit? The average user can't read source code! These claims are all worthless.
An answer to that is that even though only 0.1% of users can read source code,...
- 5% know somebody who can read code;
- 30% know somebody who knows somebody who can read code;
-...
- 100% know a newspaper who would publish the story if a single expert read the source code and discovered there is snooping hidden in it (by then a host of other experts can simply confirm this fact)
Given this, it's quite likely that if an open source tool contains malicious code, and it is widely used, this will be revealed eventually. Of course there is no 100% guarantee. But this claim is far from worthless. You can have much higher confidence that an open-source tool does not have hidden snooping compared to closed-source, and this even if you can't or won't read the source code yourself.
Yes you'll have to press a key to approve the Linux bootloader, every time it boots. Not kidding, RTFA.
I don't think so. From TFA:
"To facilitate repeat booting (and to make the pre-bootloader useful for booting hard disks as well as USB keys or DVDs) the pre-bootloader will also check to see if the platform is booting in Setup Mode and if it is, will ask the user for permission to install the signature of loader.efi into the authorized signatures database. If the user gives permission, the signature will be installed and loader.efi will then boot up without any present user tests on all subsequent occasions even after the platform is placed back into secure boot mode."
I know many believe that's the case, but there's no conclusive evidence - at least none that isn't the "just trust us wink-wink, our all knowing leaders would never lie to you, and we're perfectly trust-worthy" kind. You know, don't let the problem of actual *evidence* worry your pretty little head. Leave that to the big serious folks. [Who incidentally have financial ties to the military-industrial complex and are hauling home cash by the truck-load.]
Interesting point: you should not only consider the risk (for instance of climate change), but rather compare the cost of doing something and the cost of doing nothing. Of course that process alone does not guarantee it is objective: it matters greatly how you define and estimate such costs. This specific economist is accused by some of bias in this regard.
I'm not sure if this is on-topic or not, but this one of the reasons why the BSD license is better than the GPL. It allows you to open source everything except the code with the business value. The GPL forces you to open source everything.
Wrong. The GPL doesn't force the copyright owner to do anything, it only give obligations (and rights) to people accepting the license.
They could BSD or GPL the non-business value code, and still release the whole under whatever license they choose (including proprietary).
Alternatively, they could relase the business value code under the GPL, which might solve their dilema. This would attract attention and allow community contributions, but proprietary competitor could not legally use it in their produce. This is where the GPL shines.
Reminds me how the way drives recognized 1.44MB floppies (3.5") from 720KB ones was by checking if there was a hole in the bottom-right corner (the bottom-left corner being for write protection). And sure enough, if you made a hole in a 720KB floppy it would be possible to format it as 1.44. There might have been a few more errors, but I remember when HD floppies were 3-4 times more expensive, so it was definitely worth it. At least for a teenager with only pocket money. Ah, those floppy drilling afternoons... Mais où sont les neiges d'antan?
In general I would agree, if the conclusion is debatable (even if ever so slightly). But if you find more dogs than cats in your neighbourhood, you could as well declare there are less cats than dogs, because it is formally equivalent. The case we are talking about now is actually the same degree of equivalence (I just did the math, it's worth to do it once to convince yourself).
I get your point. But since the two sentences are statistically equivalent, it is completely irrelevant which method you used, they lead to the same conclusion. So you could very well examine the population of people who spend a lot of time on the internet, find that they are more depressed than average, and conclude that "people showing signs of depression are more likely to spend a lot of time surfing the internet".
D be the number of depressed people;
A be the number of internet addicted people;
DA be the number of depressed and internet addicted people.
T be the total number of people.
Then:
"internet addicts are more likely than the general population to be depressed" means "the proportion of DA among A is greater than the proportion of D among T", or "DA/A > D/T", which is mathematically equivalent (since all number are positive) to "DA*T > D*A".
"depressed people could be less likely than the general population to be internet addicts" means "the proportion of DA among D is greater than the proportion of A among T", or "DA/D < A/T", which is equivalent "DA*T < D*A".
it is feasible that, although internet addicts are more likely than the general population to be depressed, depressed people could be less likely than the general population to be internet addicts.
A general dissatisfaction with life seems to be one of the hallmarks of humanity and that is a good thing. We wouldn't be where we are if we were all content just living off the land like the other animals.
True, we would be... all content! I'm so glad to be dissatisfied with life instead!;)
Well, "spending a lot of time on the internet and showing signs of depression are correlated" would be good, but clearly not understood straight away by many people. One could argue it is better than to be wrongly understood by those people (and then even people understanding correlation can be influenced by the "wrong" formulations, when not paying full attention), and it could provide the opportunity to explain the concept. Yes, it's a pain, but then the fact that not knowing it makes you much more vulnerable to manipulation might justify it. Definitely this is something that should be given more attention in schools, until "correlation" becomes as much understood as "likely".
No, it doesn't.
The summary says "more likely"; that is, as internet use increases, the probability of depression increases. That is the definition of correlation.
Implying causation would be using a word like "cause". (I know, tricky concept) Which the summary doesn't.
The word "cause" would assert causation. When the summary says:
People who spend a lot of time surfing the internet are more likely to show signs of depression
it suggests causation, because that does not sound the same as:
People showing signs of depression are more likely to spend a lot of time surfing the internet
One might agree that those sentences are formally equivalent (in an idealized version of english), but the way most people speak, those sentences suggest different causations.
Slashdot Mirror
hundreds of years of public mathematic geniusses have been thinking about fast factoring of prime numbers
There is a pretty fast algorithm for factoring prime numbers.
Which you can also do in Gnome with GPaste.
Good for you! Interestingly, your message confirms RdRand *could* be subverted. Luckily now we also know that you would notice, and I'm sure in that case you would let us know ;)
It doesn't do that. What makes you think it does?
Parent it saying it's not supposed to do that, but it *could*. What makes you sure it couldn't?
Knowing how to "code" isn't enough, you need to study the codebase. A tiny fraction of those who know how to code have studied the mailpile codebase enough to catch a backdoor. I would say, practially speaking... 0 outside the core developers.
Right now, you're probably right. As far as I can see it's not much used yet. But as usage grows, so would the number of contributors looking at the code, to add a new feature of fix a bug, each time increasing the chance malicious code or vulnerability would be found.
Backdoors or snooping are best hidden with plausible deniability. Even if you discover one, it won't be obvious that it was intentional, it will be no more newsworthy than a typical vulnerability report.
Right. Open source does not magically guarantee the absence of vulnerabilities (accidental or intentional). But it makes them easier to detect by the community, and harder to hide malicious code. Take the snooping revealed to be happening in Skype. Would it be that easy to do with open-source clients and servers?
You can read the source code and confirm that it's all legit? The average user can't read source code! These claims are all worthless.
An answer to that is that even though only 0.1% of users can read source code, ...
Given this, it's quite likely that if an open source tool contains malicious code, and it is widely used, this will be revealed eventually. Of course there is no 100% guarantee. But this claim is far from worthless. You can have much higher confidence that an open-source tool does not have hidden snooping compared to closed-source, and this even if you can't or won't read the source code yourself.
Ok, so who wants to print the "This is a bit, this is a byte" slides, and send them to the judge, so he can find the error of his ways?
Are you quoting this?
Whilst in Vietnam, I found unsigned Ubuntu update packages coming down off an official mirror.
That would be worth reporting for investigation.
Yes you'll have to press a key to approve the Linux bootloader, every time it boots. Not kidding, RTFA.
I don't think so. From TFA: "To facilitate repeat booting (and to make the pre-bootloader useful for booting hard disks as well as USB keys or DVDs) the pre-bootloader will also check to see if the platform is booting in Setup Mode and if it is, will ask the user for permission to install the signature of loader.efi into the authorized signatures database. If the user gives permission, the signature will be installed and loader.efi will then boot up without any present user tests on all subsequent occasions even after the platform is placed back into secure boot mode."
The fact that most climate science is not peer-reviewed ...
Can you back up that claim?
What program? What evidence.
I know many believe that's the case, but there's no conclusive evidence - at least none that isn't the "just trust us wink-wink, our all knowing leaders would never lie to you, and we're perfectly trust-worthy" kind. You know, don't let the problem of actual *evidence* worry your pretty little head. Leave that to the big serious folks. [Who incidentally have financial ties to the military-industrial complex and are hauling home cash by the truck-load.]
Actually, even the U.S. Agencies See No Move by Iran to Build a Bomb.
Interesting point: you should not only consider the risk (for instance of climate change), but rather compare the cost of doing something and the cost of doing nothing. Of course that process alone does not guarantee it is objective: it matters greatly how you define and estimate such costs. This specific economist is accused by some of bias in this regard.
I'm not sure if this is on-topic or not, but this one of the reasons why the BSD license is better than the GPL. It allows you to open source everything except the code with the business value. The GPL forces you to open source everything.
Wrong. The GPL doesn't force the copyright owner to do anything, it only give obligations (and rights) to people accepting the license.
They could BSD or GPL the non-business value code, and still release the whole under whatever license they choose (including proprietary).
Alternatively, they could relase the business value code under the GPL, which might solve their dilema. This would attract attention and allow community contributions, but proprietary competitor could not legally use it in their produce. This is where the GPL shines.
Reminds me how the way drives recognized 1.44MB floppies (3.5") from 720KB ones was by checking if there was a hole in the bottom-right corner (the bottom-left corner being for write protection). And sure enough, if you made a hole in a 720KB floppy it would be possible to format it as 1.44. There might have been a few more errors, but I remember when HD floppies were 3-4 times more expensive, so it was definitely worth it. At least for a teenager with only pocket money. Ah, those floppy drilling afternoons... Mais où sont les neiges d'antan?
French trader Kerviel was sentenced to $6.7 billion. http://www.nytimes.com/2010/10/06/business/global/06bank.html
In general I would agree, if the conclusion is debatable (even if ever so slightly). But if you find more dogs than cats in your neighbourhood, you could as well declare there are less cats than dogs, because it is formally equivalent. The case we are talking about now is actually the same degree of equivalence (I just did the math, it's worth to do it once to convince yourself).
I get your point. But since the two sentences are statistically equivalent, it is completely irrelevant which method you used, they lead to the same conclusion. So you could very well examine the population of people who spend a lot of time on the internet, find that they are more depressed than average, and conclude that "people showing signs of depression are more likely to spend a lot of time surfing the internet".
If you really want to be technical
OK, let's be technical. Let:
D be the number of depressed people; A be the number of internet addicted people; DA be the number of depressed and internet addicted people. T be the total number of people.
Then: "internet addicts are more likely than the general population to be depressed" means "the proportion of DA among A is greater than the proportion of D among T", or "DA/A > D/T", which is mathematically equivalent (since all number are positive) to "DA*T > D*A".
"depressed people could be less likely than the general population to be internet addicts" means "the proportion of DA among D is greater than the proportion of A among T", or "DA/D < A/T", which is equivalent "DA*T < D*A".
it is feasible that, although internet addicts are more likely than the general population to be depressed, depressed people could be less likely than the general population to be internet addicts.
No.
A general dissatisfaction with life seems to be one of the hallmarks of humanity and that is a good thing. We wouldn't be where we are if we were all content just living off the land like the other animals.
True, we would be ... all content! I'm so glad to be dissatisfied with life instead! ;)
Well, "spending a lot of time on the internet and showing signs of depression are correlated" would be good, but clearly not understood straight away by many people. One could argue it is better than to be wrongly understood by those people (and then even people understanding correlation can be influenced by the "wrong" formulations, when not paying full attention), and it could provide the opportunity to explain the concept. Yes, it's a pain, but then the fact that not knowing it makes you much more vulnerable to manipulation might justify it. Definitely this is something that should be given more attention in schools, until "correlation" becomes as much understood as "likely".
No, it doesn't. The summary says "more likely"; that is, as internet use increases, the probability of depression increases. That is the definition of correlation. Implying causation would be using a word like "cause". (I know, tricky concept) Which the summary doesn't.
The word "cause" would assert causation. When the summary says:
People who spend a lot of time surfing the internet are more likely to show signs of depression
it suggests causation, because that does not sound the same as:
People showing signs of depression are more likely to spend a lot of time surfing the internet
One might agree that those sentences are formally equivalent (in an idealized version of english), but the way most people speak, those sentences suggest different causations.
https://develop.participatoryculture.org/trac/democracy/browser/tags/Miro-2.0.4/tv/portable/frontends/widgets/prefpanel.py#L287
Even in a distributed system there is somebody at the top. There has to be, otherwise where do you start from a blank slate?
http://en.wikipedia.org/wiki/Distributed_hash_table
No, you haven't!
with AMD's absolutely dominating anything else on the market for both performance and low power
Are you saying that AMD has something that beats the Pentium M? Can you back that up?