I agree with you but there are a couple of points to keep in mind: The stock price and revenue is not a necessarily good indication of market share when the competition has no stock price and there is also good evidence of increasing linux/OSS use.
With 6 billion plus people in the world the M$ stock price could just mean they've managed to mantain their existing user base with the other 5 billion odd people in the world taking up alternatives.
Also, see my sig. Just in the last few months, the number of google hits for linux exceeded that of windows. Not scientific of course but interesting nonetheless.
---
GNU/Linux, the world's #1 OS by hits. M$ windows #2. Open Office the world's #1 office suite. M$ office #2. Apache, the world's #1 web server. M$ IIS #2. Evolution, the world's #1 email client, M$ outlook #2. Unfortunately mozilla family browsers are still #2, M$ internet explorer is #1, but watch firefox (#3) grow.
Congratulations everybody, world domination is at hand.;-)
Innocent #1 contributes $1000, innocent #2 contributes $1000,..., innocent #100000+ contributes $1000. Income $35,000,000,000+ per year, cost of development a minute fraction of that, despite what they claim in their annual report.
Looks like market failure and the next best thing to a pyramid scheme to me.
It's caused by broken IP law that allows one player in a market to make a huge multiple of net profit of what another player could make, even if the product is identical. That huge net profit allows them to "compete" both legitimately and unethically in ways that mean the free market is dead and the product[s] can never become a commodity item with non-monopoly profit margins.
---
It's wrong that an intellectual property creator should not be rewarded for their work. It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons. Reform IP law and stop the M$/RIAA abuse.
There is an optimum price point for everything, and it isn't always 0...
It approaches zero per user when a piece of software produced by one person can be used by billions. Anything else is market failure. It's only niche software where a significant cost per user makes sense.
---
Any large public or private organisation paying recurring, per-seat licensing for software is being economically stupid.
Are we now advocating that all content must be available for all platforms? That's just silly.
No it's not. Stop trying to deceptively conflate code and data.
It's quite reasonable to expect most data/content to be available on any useful platform. Anything else is market lockin, anti-competive and when on a large scale should invoke anti-trust law.
Not entirely clear. Wouldn't be if the number of files is long or in separate folders (requiring scrolling etc.). For your example a cut/copy/paste command line equivalent might be something like:
fcopy file1file2... - Remember file selection.
fcut file1file2... - Remember file selection and remember to delete them.
fadd file1file2... - Add file selection to existing selection.
fpaste - Paste file selection in current directory and delete source if necessary.
Verbose cp/mv/cd in other words.
Could be used for interaction between GUI and CLI app's though and copy/cut/paste can manipulate objects other than files.
Congress shall make no law... abridging the freedom of speech,
You mean the congress created civil law that allows private NDA's to be enforced is invalid?
Good, that's often how it should be. Unfortunately, excessive law stops that from being the reality.
Free markets depend on making informed decisions based on the free flow of truthful information. When that flow stops the free market is dead. Companies and marketing parasites like to muddy the waters about that simple fact.
---
Scientific, evidence based IP law. Now there's a thought.
While DSPs would certainly be faster for graphics than a regular CPU, you just can't beat a special-purpose pipeline, designed specifically for graphics.
True, but only if you have significant resources to invest in design and development and can amortise that huge up-front cost over many units.
I'd like to leverage existing, off-the-shelf general purpose design as much as possible to reduce the initial investment, particularly since the card is not planned to be a top performer anyway.
I've worked as a device driver writer on dozens of different image processing and graphics architectures (inhouse, not commercial) and it's really struck me that complex, special purpose, "high performance" hardware is vastly overrated. My experience has been that hardware engineers tend to over estimate the performance of special purpose hardware when compared to mass market processors, mainly because special purpose hardware is usually at least a generation behind the mass market general purpose devices.
Without exception the fast special purpose hardware turned out to be slow in practice and hard to work with due to many factors including the inability to handle corner cases (e.g. overflow or divide by zero), the inability to express data in the appropriate form (e.g. FP v. 16 bit integer), inability to work efficiently with software for functions not implementable in hardware (e.g. can't access critical registers efficiently), inability to scale (e.g. limited addressing, limited word size and single threaded) and bottlenecks in key places, particularly in getting data in and out. The mass market graphics cards get around these problems by throwing huge resources at it (and even then still tend to be buggy) but an OSS project can't afford to do that.
It's hard to put into words but the simple, fast, general purpose architectures with clean designs were a breath of fresh air and definitely gave the best overall result, including performance, when combined with decent software.
A bit like RISC and CISC in CPU's. Simple and fast, not complex and hardwired.
Display cards have historically tended from dedicated hardware pipelines to GPU's. The complexity and variety of problems are graphics subsystem must handle is extraordinary. I can tell you now that as a device driver developer flexibility and ease of programming is what's important, not getting speed in some obscure function I'm probably not going to use because it's missing something critical like overflow handling.
I don't want to over-emphasise these points but the hardware developers definitely should do a cost benefit analysis on alternative architectural approaches and talk to the software people about it.
Makes sense. Something I've also wondered about is why we don't go for a more unusual, risky design using commodity parts and glue.
Commodity parts have unbeatable price/performance and by being creative with the design (e.g. like the old Amiga chipset) it might be possible to get substantial performance while minimising special purpose hardware.
For example, rather than the single, fast pipeline design the current highend cards use why not create a semi-general purpose card with eight or sixteen cheaper DSP's processing different slices of the image with some limited FPGA glue to split the input and combine the output. While the part count might be high it should be conceptually simple and flexible while applying the strength of OSS - cheap, commodity software - and the strength of the mass market - cheap, commodity hardware. Other possibilities are to use cheaper, older graphic chips in parallel and/or to bounce key parts of the 3D processing to the very fast main CPU.
In other words put the complexity into the software and apply KISS and repetition to the hardware. Complexity in the hardware means delay and being behind the curve. It's also not very future proof or flexible.
As other posters have noted no patent is worthless if a potential infringee cannot afford to take a very expensive chance in court.
---
It's wrong that an intellectual property creator should not be rewarded for their work. It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons. Reform IP law and stop the M$/RIAA abuse.
Shocking! Shocking! A blogger might have an agenda? Next thing you know, there will be gambling in the casino, and prayer in the church...
Stop trying to rationalise. If it is clear in the ad that it is paid advertising then no problem. If they push paid messages while pretending to be normal consumers then they are liars.
The difference between known-paid advertising and stealth lying is important. If it wasn't marketers wouldn't be continuously trying to find ways to trick consumers.
Truthful communication is easy. Marketers/advertisers like to pretend it isn't.
---
Repetitive advertising is noise and compromises free speech.
And in both groups you will find people who believe that execution speed is the measurement of code quality.
It's been my experience that execution speed is a very good indication of code quality.
Decent code performance is actually not that hard and programmers who fail that simple test are likely to be poor overall. In particular, algorithm selection has a dramatic effect on code performance and programmers who aren't even capable of choosing the right algorithm, usually a 5 minutes of planning task, are going to do everything wrong.
---
Don't be a programmer-bureaucrat; someone who substitutes marketing buzzwords and software bloat for verifiable improvements.
It just seems like a huge waste of money to duplicate the database, and the data is not patented (just copyrighted), so that shouldn't stop it's usage in research.
See my sig. Think about it.
---
Large public or private organisations paying recurring, per-seat licensing for software are being economically stupid.
It's weak in the sense that hardware access can often override it.
It's weak in the sense that hardware access can always override it.
No, a decent software encrypted filesystem is perfectly capable of blocking any brute force attack, including special purpose hardware.
Actually, to a lesser extent this is even true of TPMs. The ones that IBM is making, at least, are not really designed to resist hardware attacks. Extracting the TPM's master key would require significant expertise, and maybe even a scanning electron microscope, but it could be done for a relatively low cost, given the right equipment.
No, this can only get data that is not stored encrypted. The fundamental problem is that the PC+software combination has to authenticate the person using it. If somebody else can authenticate the same way then they have compromised that person's data. TPM doesn't change that.
This is in contrast to real security modules, which are designed to detect any attempt to open them and react by zeroing the master key.
Which TPM will have in generation two or three, particularly when the existing TPM chip gets compromised significantly. Why do you think it's going to stand still? This is only the first step.
There are some applications for which software encryption is adequately secure. For others, who don't have enemies sufficiently capable and determined to crack a TPM (i.e. most people and businesses), TPM-level security is adequate.
Hardware encrypts using the same algorithms as software. The only extra security that TPM gives is stopping the PC owner without sophisticated hardware from controlling their own PC when running software purchased from somebody else. That's fundamentally what TPM does - transfer control of your PC to the vendor's OS software and thus the vendor.
TPM does not particularly improve general purpose encryption or customer security, except in the sense that only software trusted by the vendor will run.
Others I've worked for require FIPS 140-2 level 4-certified devices, deployed in a vault with very restricted access, armed guards and periodic review by the NSA (interestingly, these were purely private-sector organizations, but ones whose well-being was nevertheless considered essential to national security).
Interesting but not relevant to the question at hand.
I've wondered for years why M$/Intel didn't mandate a swipe card reader in the standard PC keyboard. They're dirt cheap, would allow passwords to go the way of the dodo and swipe cards are the separate hardware key material you're talking about.
The problem with that idea is that magnetic stripe cards are very insecure. Unless you have kept very careful track of your card, you can never know if it's been copied. This defeats the essential element of the concept of "something you have" in authentication, which is that it's something you have that you are fairly certain no one else does.
This applies equally to any physical key and nobody has much problem with those. At some stage the PC user has to identify themselves with a token, whether that token be a password, card or biometry. All can be compromised. TPM doesn't change that.
Many parts of the industry are moving rapidly towards smart cards, which are also cheap (the readers are actually cheaper than magstripe readers -- no moving parts, so they're very cheap to manufacture) and much more secure. Their contents can be extracted, but the extraction process is relatively difficult (similar to a TPM), and destructive.
True, I was thinking of a few years back when smart cards weren't available.
The PC owner is no longer in control and the general purpose PC is now a proprietary device locked down by the vendor where interroperability doesn't exist.
I've been fiddling with using my ThinkPad T40's TPM to bin
The problem with software encryption is that it's always fundamentally weak.
It's weak in the sense that hardware access can often override it. I want the possibility of that back door, even if, for some users, theft of the hardware and access to the data might be a problem. They can use software encryption, not passwords, so that stolen hardware is not a problem.
I've wondered for years why M$/Intel didn't mandate a swipe card reader in the standard PC keyboard. They're dirt cheap, would allow passwords to go the way of the dodo and swipe cards are the separate hardware key material you're talking about.
You may not have much flexibility with how Microsoft chooses to employ it, however.
Yep, and that's the problem. The PC owner is no longer in control and the general purpose PC is now a proprietary device locked down by the vendor where interroperability doesn't exist. Market manipulation on a grand scale and the death of the free market in PC compatible software.
---
Copyright is a privilege, not a right.
Re:Why isn't more government stuff open source?
on
NASA Goes SourceForge
·
· Score: 1
... Of course, that would be horrendously expensive...
versus
... Making a project open source costs bug-all....
No. In a copyright free world anybody could use the code incorporating "GPL"'ed code. In a copyright restricted world, code incorporating BSD code can only be used in the way the creator of the derivative work says so e.g. paid for.
GPL is an appropriate tool for a copyright world if you want more libré software, even at the cost of less users. BSD is good if you don't care if your software is used in a closed source product and just want to increase the userbase. Just depends on your priorities. Both are streets ahead of the typical closed source license.
---
Large public or private organisations paying perpetual, recurring, per-seat licensing for software are being economically stupid.
Re:Why isn't more government stuff open source?
on
NASA Goes SourceForge
·
· Score: 1
There are two purposes to be served by making a project open source. First and foremost, you allow outsider to participate in its development, which speeds development and gives the original authors a source of free peer review. Second, and rather less important, it allows outsiders to download and use the software.
And thirdly, it gives transparency to government. And fourthly it allows people to mix and match tax payer funded software and for government departments to help each other. And fifthly it allows unplanned synergies to occur (e.g. helping third world governments). And sixthly...
Me, I just say that in a free country the fruits of government by default should be free (libré) to the taxpayer who funded it. Making a project open source costs bug-all. It only starts costing if you want to market it or provide high levels of support.
Finally, there's the security issue -- opening up software can reveal security bugs.
Depends on the software. For the vast majority of software security is not relevant. For the software that security does matter it can be dealt with on a case-by-case basis.
It looks like mostly a way of keeping stuff on hard-drives secret. As such this is not so bad in view of how frequent notebook-theft is, or how big the security problems of second-hand equipment are.
And if you lose the key, you're toast. No thank you, The problem with many encryption systems is that they're unforgiving and do not allow people to make mistakes. We're only human.
I prefer encryption in software, where I have control and flexibility. Not locked into the vendor's anal, inappropriate idea of what protection should be in my circumstances.
No: every code will have to be scrutinized by NASA people and then, if accepted, checked in to the *real* source code repository well protected within NASA facilities so, for practical purpouses, the public repo will be a "read only" one.
Nonsense, many OSS projects have benevolent dictators vetting every patch. NASA is no different.
"True collaboration" is all about mutual confidence, and this cannot be grown at a NASA project, no matter SF or not.
Nonsense, many commercially sponsored OSS projects have built communities. NASA is no different.
That's why you don't see this whole flood of OSS from the feds.
Nonsense, government funded researchers create a huge amount of open source software. Ever heard of publish or perish?
---
Commercial software bigots - a dying breed.
Re:Why isn't more government stuff open source?
on
NASA Goes SourceForge
·
· Score: 1
Just because we pay for it, doesn't mean we're entitled to open access to it.
Just because we pay for it, doesn't mean we're not entitled to open access to it.
The automatic assumption that public servants have the right to restrict information from the public is wrong. Some countries have freedom-of-information laws where, by default, information is open, not closed, and public servants must give specific reasons, such as military security or privacy, why the public is not entitled to access.
This sort of inane "spread the love, give away your work for free, and make the world a better place" is so unrealistic it is laughable.
Blind commercial zealotry is equally laughable.
Fact is mass market software is long overdue becoming a commodity item. When one person can write a piece of software and a billion can use it the cost-benefit is insane - why doesn't mass market software cost a buck a copy? Because of broken free markets and anti-competitive business practices.
Open source is just the free market in action, forcing closed source bigots to realise they only survive because of anti-competitive business practices and the economic network effect. I look forward to the day when all mass market software is a commodity and closed source is banished to niche markets. The free, open source desktop is already here and more than functional enough for 95% of the general population. It's only going to get better.
---
Modern marketing - a great substitute for a quality product
The sad fact is that the majority of OS projects don't ever make it to version 1.0
I'd be worried if they did. Not all ideas are good or worthwhile, in the open source or closed source worlds. It's just that in the open source world the pruning process is more visible.
While I like formal methods and use them occasionally it's worth remembering that if you have to use informal methods to translate the customer specifications to the formal domain (and you do!) then you don't really have a formal method at all. It's just an informal hack that may or may not be better than other informal hacks like rapid prototyping etc.
Like programs, formal methods are a tightrope - one false step and you're history. Having said that in many problem domains formal methods are a good fit. e.g. well defined realtime systems but probably not user interfaces because the user is complex and fuzzily defined. Depends on what you mean by a formal method of course.
---
Large public or private organisations paying perpetual, recurring, per-seat licensing for software are being economically stupid.
Slashdot Mirror
I agree with you but there are a couple of points to keep in mind: The stock price and revenue is not a necessarily good indication of market share when the competition has no stock price and there is also good evidence of increasing linux/OSS use.
With 6 billion plus people in the world the M$ stock price could just mean they've managed to mantain their existing user base with the other 5 billion odd people in the world taking up alternatives.
Also, see my sig. Just in the last few months, the number of google hits for linux exceeded that of windows. Not scientific of course but interesting nonetheless.
---
GNU/Linux, the world's #1 OS by hits. M$ windows #2.
Open Office the world's #1 office suite. M$ office #2.
Apache, the world's #1 web server. M$ IIS #2.
Evolution, the world's #1 email client, M$ outlook #2.
Unfortunately mozilla family browsers are still #2, M$ internet explorer is #1, but watch firefox (#3) grow.
Congratulations everybody, world domination is at hand. ;-)
This sounds like a pyramid scheme...
As compared to the M$ pyramid scheme?
Innocent #1 contributes $1000, innocent #2 contributes $1000, ..., innocent #100000+ contributes $1000. Income $35,000,000,000+ per year, cost of development a minute fraction of that, despite what they claim in their annual report.
Looks like market failure and the next best thing to a pyramid scheme to me.
It's caused by broken IP law that allows one player in a market to make a huge multiple of net profit of what another player could make, even if the product is identical. That huge net profit allows them to "compete" both legitimately and unethically in ways that mean the free market is dead and the product[s] can never become a commodity item with non-monopoly profit margins.
---
It's wrong that an intellectual property creator should not be rewarded for their work.
It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons.
Reform IP law and stop the M$/RIAA abuse.
There is an optimum price point for everything, and it isn't always 0...
It approaches zero per user when a piece of software produced by one person can be used by billions. Anything else is market failure. It's only niche software where a significant cost per user makes sense.
---
Any large public or private organisation paying recurring, per-seat licensing for software is being economically stupid.
Are we now advocating that all content must be available for all platforms? That's just silly.
No it's not. Stop trying to deceptively conflate code and data.
It's quite reasonable to expect most data/content to be available on any useful platform. Anything else is market lockin, anti-competive and when on a large scale should invoke anti-trust law.
---
DRM - destroying free markets one step at a time.
Not entirely clear. Wouldn't be if the number of files is long or in separate folders (requiring scrolling etc.). For your example a cut/copy/paste command line equivalent might be something like:
Verbose cp/mv/cd in other words.
Could be used for interaction between GUI and CLI app's though and copy/cut/paste can manipulate objects other than files.
---
Copyright is a privilege, not a right.
Congress shall make no law ... abridging the freedom of speech,
You mean the congress created civil law that allows private NDA's to be enforced is invalid?
Good, that's often how it should be. Unfortunately, excessive law stops that from being the reality.
Free markets depend on making informed decisions based on the free flow of truthful information. When that flow stops the free market is dead. Companies and marketing parasites like to muddy the waters about that simple fact.
---
Scientific, evidence based IP law. Now there's a thought.
While DSPs would certainly be faster for graphics than a regular CPU, you just can't beat a special-purpose pipeline, designed specifically for graphics.
True, but only if you have significant resources to invest in design and development and can amortise that huge up-front cost over many units.
I'd like to leverage existing, off-the-shelf general purpose design as much as possible to reduce the initial investment, particularly since the card is not planned to be a top performer anyway.
I've worked as a device driver writer on dozens of different image processing and graphics architectures (inhouse, not commercial) and it's really struck me that complex, special purpose, "high performance" hardware is vastly overrated. My experience has been that hardware engineers tend to over estimate the performance of special purpose hardware when compared to mass market processors, mainly because special purpose hardware is usually at least a generation behind the mass market general purpose devices.
Without exception the fast special purpose hardware turned out to be slow in practice and hard to work with due to many factors including the inability to handle corner cases (e.g. overflow or divide by zero), the inability to express data in the appropriate form (e.g. FP v. 16 bit integer), inability to work efficiently with software for functions not implementable in hardware (e.g. can't access critical registers efficiently), inability to scale (e.g. limited addressing, limited word size and single threaded) and bottlenecks in key places, particularly in getting data in and out. The mass market graphics cards get around these problems by throwing huge resources at it (and even then still tend to be buggy) but an OSS project can't afford to do that.
It's hard to put into words but the simple, fast, general purpose architectures with clean designs were a breath of fresh air and definitely gave the best overall result, including performance, when combined with decent software.
A bit like RISC and CISC in CPU's. Simple and fast, not complex and hardwired.
Display cards have historically tended from dedicated hardware pipelines to GPU's. The complexity and variety of problems are graphics subsystem must handle is extraordinary. I can tell you now that as a device driver developer flexibility and ease of programming is what's important, not getting speed in some obscure function I'm probably not going to use because it's missing something critical like overflow handling.
I don't want to over-emphasise these points but the hardware developers definitely should do a cost benefit analysis on alternative architectural approaches and talk to the software people about it.
---
Are you a creator or a consumer?
Makes sense. Something I've also wondered about is why we don't go for a more unusual, risky design using commodity parts and glue.
Commodity parts have unbeatable price/performance and by being creative with the design (e.g. like the old Amiga chipset) it might be possible to get substantial performance while minimising special purpose hardware.
For example, rather than the single, fast pipeline design the current highend cards use why not create a semi-general purpose card with eight or sixteen cheaper DSP's processing different slices of the image with some limited FPGA glue to split the input and combine the output. While the part count might be high it should be conceptually simple and flexible while applying the strength of OSS - cheap, commodity software - and the strength of the mass market - cheap, commodity hardware. Other possibilities are to use cheaper, older graphic chips in parallel and/or to bounce key parts of the 3D processing to the very fast main CPU.
In other words put the complexity into the software and apply KISS and repetition to the hardware. Complexity in the hardware means delay and being behind the curve. It's also not very future proof or flexible.
---
DRM - destroying free markets one step at a time.
As other posters have noted no patent is worthless if a potential infringee cannot afford to take a very expensive chance in court.
---
It's wrong that an intellectual property creator should not be rewarded for their work.
It's equally wrong that an IP creator should be rewarded too many times for the one piece of work, for exactly the same reasons.
Reform IP law and stop the M$/RIAA abuse.
Shocking! Shocking! A blogger might have an agenda? Next thing you know, there will be gambling in the casino, and prayer in the church...
Stop trying to rationalise. If it is clear in the ad that it is paid advertising then no problem. If they push paid messages while pretending to be normal consumers then they are liars.
The difference between known-paid advertising and stealth lying is important. If it wasn't marketers wouldn't be continuously trying to find ways to trick consumers.
Truthful communication is easy. Marketers/advertisers like to pretend it isn't.
---
Repetitive advertising is noise and compromises free speech.
And in both groups you will find people who believe that execution speed is the measurement of code quality.
It's been my experience that execution speed is a very good indication of code quality.
Decent code performance is actually not that hard and programmers who fail that simple test are likely to be poor overall. In particular, algorithm selection has a dramatic effect on code performance and programmers who aren't even capable of choosing the right algorithm, usually a 5 minutes of planning task, are going to do everything wrong.
---
Don't be a programmer-bureaucrat; someone who substitutes marketing buzzwords and software bloat for verifiable improvements.
It just seems like a huge waste of money to duplicate the database, and the data is not patented (just copyrighted), so that shouldn't stop it's usage in research.
See my sig. Think about it.
---
Large public or private organisations paying recurring, per-seat licensing for software are being economically stupid.
Gotta love the idea of having to have a working implementation of the idea, that would at least weed out a fair amount of dodgy patents.
Only patents that don't matter.
---
zealotry n : excessive intolerance of opposing views.
It's weak in the sense that hardware access can often override it.
It's weak in the sense that hardware access can always override it.
No, a decent software encrypted filesystem is perfectly capable of blocking any brute force attack, including special purpose hardware.
Actually, to a lesser extent this is even true of TPMs. The ones that IBM is making, at least, are not really designed to resist hardware attacks. Extracting the TPM's master key would require significant expertise, and maybe even a scanning electron microscope, but it could be done for a relatively low cost, given the right equipment.
No, this can only get data that is not stored encrypted. The fundamental problem is that the PC+software combination has to authenticate the person using it. If somebody else can authenticate the same way then they have compromised that person's data. TPM doesn't change that.
This is in contrast to real security modules, which are designed to detect any attempt to open them and react by zeroing the master key.
Which TPM will have in generation two or three, particularly when the existing TPM chip gets compromised significantly. Why do you think it's going to stand still? This is only the first step.
There are some applications for which software encryption is adequately secure. For others, who don't have enemies sufficiently capable and determined to crack a TPM (i.e. most people and businesses), TPM-level security is adequate.
Hardware encrypts using the same algorithms as software. The only extra security that TPM gives is stopping the PC owner without sophisticated hardware from controlling their own PC when running software purchased from somebody else. That's fundamentally what TPM does - transfer control of your PC to the vendor's OS software and thus the vendor.
TPM does not particularly improve general purpose encryption or customer security, except in the sense that only software trusted by the vendor will run.
Others I've worked for require FIPS 140-2 level 4-certified devices, deployed in a vault with very restricted access, armed guards and periodic review by the NSA (interestingly, these were purely private-sector organizations, but ones whose well-being was nevertheless considered essential to national security).
Interesting but not relevant to the question at hand.
I've wondered for years why M$/Intel didn't mandate a swipe card reader in the standard PC keyboard. They're dirt cheap, would allow passwords to go the way of the dodo and swipe cards are the separate hardware key material you're talking about.
The problem with that idea is that magnetic stripe cards are very insecure. Unless you have kept very careful track of your card, you can never know if it's been copied. This defeats the essential element of the concept of "something you have" in authentication, which is that it's something you have that you are fairly certain no one else does.
This applies equally to any physical key and nobody has much problem with those. At some stage the PC user has to identify themselves with a token, whether that token be a password, card or biometry. All can be compromised. TPM doesn't change that.
Many parts of the industry are moving rapidly towards smart cards, which are also cheap (the readers are actually cheaper than magstripe readers -- no moving parts, so they're very cheap to manufacture) and much more secure. Their contents can be extracted, but the extraction process is relatively difficult (similar to a TPM), and destructive.
True, I was thinking of a few years back when smart cards weren't available.
The PC owner is no longer in control and the general purpose PC is now a proprietary device locked down by the vendor where interroperability doesn't exist.
I've been fiddling with using my ThinkPad T40's TPM to bin
The problem with software encryption is that it's always fundamentally weak.
It's weak in the sense that hardware access can often override it. I want the possibility of that back door, even if, for some users, theft of the hardware and access to the data might be a problem. They can use software encryption, not passwords, so that stolen hardware is not a problem.
I've wondered for years why M$/Intel didn't mandate a swipe card reader in the standard PC keyboard. They're dirt cheap, would allow passwords to go the way of the dodo and swipe cards are the separate hardware key material you're talking about.
You may not have much flexibility with how Microsoft chooses to employ it, however.
Yep, and that's the problem. The PC owner is no longer in control and the general purpose PC is now a proprietary device locked down by the vendor where interroperability doesn't exist. Market manipulation on a grand scale and the death of the free market in PC compatible software.
---
Copyright is a privilege, not a right.
versus
Hmmm.
---
You communist! Breathing shared air!
Thus, GPLed code would basically be BSD licensed.
No. In a copyright free world anybody could use the code incorporating "GPL"'ed code. In a copyright restricted world, code incorporating BSD code can only be used in the way the creator of the derivative work says so e.g. paid for.
GPL is an appropriate tool for a copyright world if you want more libré software, even at the cost of less users. BSD is good if you don't care if your software is used in a closed source product and just want to increase the userbase. Just depends on your priorities. Both are streets ahead of the typical closed source license.
---
Large public or private organisations paying perpetual, recurring, per-seat licensing for software are being economically stupid.
There are two purposes to be served by making a project open source. First and foremost, you allow outsider to participate in its development, which speeds development and gives the original authors a source of free peer review. Second, and rather less important, it allows outsiders to download and use the software.
And thirdly, it gives transparency to government. And fourthly it allows people to mix and match tax payer funded software and for government departments to help each other. And fifthly it allows unplanned synergies to occur (e.g. helping third world governments). And sixthly ...
Me, I just say that in a free country the fruits of government by default should be free (libré) to the taxpayer who funded it. Making a project open source costs bug-all. It only starts costing if you want to market it or provide high levels of support.
Finally, there's the security issue -- opening up software can reveal security bugs.
Depends on the software. For the vast majority of software security is not relevant. For the software that security does matter it can be dealt with on a case-by-case basis.
---
Commercial software bigots - a dying breed.
It looks like mostly a way of keeping stuff on hard-drives secret. As such this is not so bad in view of how frequent notebook-theft is, or how big the security problems of second-hand equipment are.
And if you lose the key, you're toast. No thank you, The problem with many encryption systems is that they're unforgiving and do not allow people to make mistakes. We're only human.
I prefer encryption in software, where I have control and flexibility. Not locked into the vendor's anal, inappropriate idea of what protection should be in my circumstances.
---
DRM - destroying free markets one step at a time.
No: every code will have to be scrutinized by NASA people and then, if accepted, checked in to the *real* source code repository well protected within NASA facilities so, for practical purpouses, the public repo will be a "read only" one.
Nonsense, many OSS projects have benevolent dictators vetting every patch. NASA is no different.
"True collaboration" is all about mutual confidence, and this cannot be grown at a NASA project, no matter SF or not.
Nonsense, many commercially sponsored OSS projects have built communities. NASA is no different.
---
Commercial software bigots - a dying breed.
That's why you don't see this whole flood of OSS from the feds.
Nonsense, government funded researchers create a huge amount of open source software. Ever heard of publish or perish?
---
Commercial software bigots - a dying breed.
Just because we pay for it, doesn't mean we're entitled to open access to it.
Just because we pay for it, doesn't mean we're not entitled to open access to it.
The automatic assumption that public servants have the right to restrict information from the public is wrong. Some countries have freedom-of-information laws where, by default, information is open, not closed, and public servants must give specific reasons, such as military security or privacy, why the public is not entitled to access.
---
Copyright is a privilege, not a right.
This sort of inane "spread the love, give away your work for free, and make the world a better place" is so unrealistic it is laughable.
Blind commercial zealotry is equally laughable.
Fact is mass market software is long overdue becoming a commodity item. When one person can write a piece of software and a billion can use it the cost-benefit is insane - why doesn't mass market software cost a buck a copy? Because of broken free markets and anti-competitive business practices.
Open source is just the free market in action, forcing closed source bigots to realise they only survive because of anti-competitive business practices and the economic network effect. I look forward to the day when all mass market software is a commodity and closed source is banished to niche markets. The free, open source desktop is already here and more than functional enough for 95% of the general population. It's only going to get better.
---
Modern marketing - a great substitute for a quality product
The sad fact is that the majority of OS projects don't ever make it to version 1.0
I'd be worried if they did. Not all ideas are good or worthwhile, in the open source or closed source worlds. It's just that in the open source world the pruning process is more visible.
---
Commercial software bigots - a dying breed.
Just math.
While I like formal methods and use them occasionally it's worth remembering that if you have to use informal methods to translate the customer specifications to the formal domain (and you do!) then you don't really have a formal method at all. It's just an informal hack that may or may not be better than other informal hacks like rapid prototyping etc.
Like programs, formal methods are a tightrope - one false step and you're history. Having said that in many problem domains formal methods are a good fit. e.g. well defined realtime systems but probably not user interfaces because the user is complex and fuzzily defined. Depends on what you mean by a formal method of course.
---
Large public or private organisations paying perpetual, recurring, per-seat licensing for software are being economically stupid.