Apparently what is probably the premier desktop-oriented Linux distro doesn't think it's stable enough to include, but it's just as good - nay, better - than Aqua and Aero ? From a stability perspective, Beryl and Compiz have quite a way to go. However, the base systems seem more flexible than their proprietary counterparts from what I've seen. Do you know if Aqua or Aero have a plugin system that enables one to add third party effects to the graphics system? For instance, could I write a plugin for either desktop that would make my windows "wobble" when moving them around? Or explode in a shower of sparks when closed? Or would adding such features be built into the operating system and unable to be altered or extended by third party developers?
I don't think it's accurate to say that 3D acceleration on Linux is necessarily better than Aqua and Aero, as it's currently more immature. However, the X based systems seem to me to be more flexible, with a more clearly defined architecture. When this reaches stability, it seems that Linux will enjoy a not insignificant advantage over its competitors. Until then, I'd have to consider it as not better, but perhaps "more promising".
Like I said elsewhere in this thread, those low low Walmart prices come at a cost. In this case, it's an IE only website. Okay, I'll concede that point:)
Though I'd question whether long term it would be less expensive than doing a proper job. Still, when the bottom line is at stake, companies typically look to the present rather than plan for the future, so I can see why they might have just gone with the developer who bid the lowest price.
Realistically, who shuts down Firefox to load a page in IE? To quote another poster, some poetic license may have been taken:)
Still, it doesn't detract from the main point, in that an IE-only site is extra hassle for non-IE users.
In the latest XP Service Pack they added the ability to launch multiple processes, so you can have Firefox and IE going at the same time. I even tried loading calc.exe once while doing that, and it ran all three at once just fine. I'm assuming this is sarcasm, but referring to a specific XP service pack makes it sound oddly specific. Perhaps you should have said, "I hear now XP has the ability to run multiple processes, so you can run both Firefox and IE at, *gasp*, the same time!" Then there would be less ambiguity in what you meant.
I realize you're likely taking some poetic license here, but let's be reasonable. I'll assume you've already installed the IEView extension in Firefox. Actually, I use IETab, and whilst I'm uncertain whether it alters the useragent, none of the IE-only sites I visit have ever had a problem with it. I find having an IE render in a Firefox tab is more convenient than opening up a separate browser.
Still, not everyone is as well equipped as you or I, and I don't know of any equivalent system for Opera.
I do agree with your main point. I just don't think that the market segment interested in purchasing from Walmart *only if* the site was usable outside of IE is large enough that their potential revenue would exceed even the incremental cost of maintaining a browser agnostic site. But if this were the case, why are so many banks and commercial websites browser agnostic, nowadays? Either Walmart's internet video site has sufficiently more complex client-side code (i.e. HTML and Javascript) to make the cost of changing more prohibitive (possible, but to my mind, unlikely), or the company hired to create the website is significantly more incompetent than the industry average.
So, the video only works in Windows (Media Player 10+, presumably). I think it's safe to assume that if you have WMP10, you also have IE, so if making the site IE-only prevents* people from accessing it who can't use the product anyway, what's the big deal? Because, generally speaking, users don't like hassle. Sure, they could close down Firefox and load up IE every time they visit, but they could also just go to a competitor's website instead. Now, it could be that Walmart offers sufficient incentives (such as low prices, monopoly over certain movies) to justify the extra hassle for most people, but this restriction isn't going to do Walmart any favours. Nor does it help that early adopters for services like this tend to be the same technically competent people who use alternative browsers.
In short, it's going to result in a lost percentage of potential users, hence a loss in revenue, hence a loss in profit. It's going to be a small percentage, but when you're dealing with millions of potential customers and tens, if not hundreds, of millions of potential dollars, a small percentage is suddenly a lot of money. Enough to justify the cost of making it standards compliant? Perhaps, perhaps not; but every other major website seems to consider it worth the price.
Please, offer up a more likely explanation. Userland-proc running with privlidges gets comprimised? Sure, most of these machines had exactly one process running as root, and it has been eliminated as a suspect. A user-space remote vulnerability combined with a local root exploit would be the most likely explanation, assuming that all processes with root privileges really are out of the picture. Don't get me wrong; Linux has had a number of local privilege escalation vulnerabilities in the past (and Linux is far from the only kernel that has shown these vulnerabilities). It's the possibility of a remote root exploit that seems rather unlikely to me.
Nope - but 0-1-infinity combined with the law of averages tells us that there are several kernel exploits out there in the wild that are not documented. I don't mind speculation or extrapolation, but I'd prefer if it had some grounding in facts. What facts do you actually have? All you've shown is a list of websites compromised by, apparently, a single attacker, and all the websites happened to run Linux. Now, a remote kernel exploit is certainly an explanation for this, but hardly the only, or even the most likely one.
So far, we have been able to narrow it down to RHEL Kernels and when you have production machines, you need to not jump to conclusions, but use a combination of methods and speed to implement countermeasures. If it only affects RHEL kernels, then its unlikely to be a vulnerability in the trunk Linux kernel. However, I'd be obliged if you revealed your method for narrowing it down to RHEL kernels. How do you know it's a vulnerability in the kernel, and not in a user-space application?
Google is your friend I can see only one remote vulnerability in that list, and there are reasons to doubt its authenticity. Firstly, according to the article, no information was disclosed about the vulnerability when it was reported. Secondly, a later article on the same site reveals that, 4 months later, there was still no information about the supposed vulnerability. If the vulnerability was genuine, one would expect to see some details on it, especially several months after it was announced. Thus, it is unlikely to be a genuine exploit.
Here you go. Feel free to scan the hosts in that list to see what OS/Version they are running. Correlation does not imply causation. There isn't enough information to come to any conclusions about the cause of the vulnerabilities. One would have to perform scans on a suitably large random sample and come up with some strong statistical data that demonstrates it is the kernel at fault, and not a vulnerability in user-space applications. Until you do this, it's just uninformed speculation. There are any number of more likely explanations, given the available data.
is absurd. I specifically said 0-day, which implies NO documentation as of yet. You seem to be claiming that these zero day vulnerabilities in the Linux kernel are common and occurring regularly. Despite this, in the three years 2.6 has been around, none of these vulnerabilities has ever been detected by legitimate sources. This strains believability. Surely at least one of these vulnerabilities would have been detected?
Or perhaps you are claiming that these zero day exploits are a recent and rare phenomenon?
I suspect that we'll see a great deal more virtualization in the future. Certainly that appears to be the direction the major players are moving in, and there are a number of problems that virtualization solves quite nicely. For Microsoft, the big attraction is, I suspect, the ability to easily retain backward compatibility. For server farms, the ability to run several operating systems on the same piece of hardware is a desirable way to cut costs. For minority operating systems, virtualization gives users the opportunity to run non-native applications. Abstraction from the underlying OS and hardware architectures has a great number of benefits, and hardware is becoming fast enough that performance issues can be solved through multiple cores, specialised hardware, and Moore's law.
IMO, the Kernel is turning to crap when script-kiddies from Turkey are using 0-days weekly and the subjugated server count increases by the thousands daily You don't appear to know what you're talking about. Most server exploits, on any platform, rarely involve the kernel, and I can't find any reported vulnerabilities for 2.6 in Secunia that result in the system being compromised by a remote attacker. The worst I found was a vulnerability on PPC architectures that had the potential for an attacker to read kernel memory locations.
If you do know what you're talking about, you'll be able to provide an extensive list of documented vulnerabilities in the Linux kernel that allow a remove attacker to fully compromise the system. Since these vulnerabilities are, in your words, showing up "weekly", you should have no problem in finding a good number.
A quick look at your posting history confirms you're a troll, but hell, I've already written a reply now.
Either you cut-and-pasted, or you have a really weird sense of squirrel "happiness." If ever there was a required list of films for slashdotters to watch before posting, Office Space would be one of them.
One of these is a minor annoyance to the human species. The other is the end of life as we know it. Says who? The Earth's biosphere has undergone climate changes many times more rapid and many times more devastating than it is currently undergoing. Increased CO2 emissions are unlikely to be doing it any good, but nor is it the end of the world by any stretch of the imagination. How can you react so rationally to the threat of terrorism, and yet so irrationally to the threat of global warming?
That said, the side effects of global warming will likely result in a far higher death toll than terrorism. But at the same time, global warming is unlikely to cause as many human deaths as car accidents, HIV, cigarettes, swimming pools and all the other things that people commonly die from. Global warming is obviously an issue, but it's not going to cause climate change on the scale of Venus, because if the Earth's climate were that fragile, we wouldn't be here today.
then for example I hope you're not using or distributing an MP3 player or DVD player. I feel I should point out that since this deal is between Novell and Microsoft, neither of who have patents on MP3 or DVD players, those aren't really good examples. Also, IIRC, the primary problem with DVD players under Linux is not patents, but the DMCA.
And for a while that's just what Novell did. E.g., one of my annoyances with SuSE 10.0 (which is the one I'm using) is that they removed all MP3 codecs, all DVD decoding, etc. They actually crippled their version Xine to no longer play DVDs, and Kaffeine to display a message saying it won't play DVDs for legal reasons. They have an XMMS version that won't play MP3's. (How stupid is that?) Etc. They are playing to the lowest common denominator. Perhaps they should have released a restricted version, for countries with software patents and DRM laws like the US, and an unrestricted version for the rest of the world. However, it's more likely that what they'd do is simply license the technology from the relevant parties and include all the relevant codecs in the version they sell. This would also have the benefit of encouraging people to actually buy their distribution, rather than download the entirely GPLed OpenSuSE version of it.
Funnily enough, that's just what they did. However, that has no connection whatsoever with the licensing deal Novell and Microsoft made, so I'm uncertain why you bring it up. The Novell-Microsoft deal was not about licensing a particular codec or technology, but general protection from vaguely worded patents that Microsoft has managed to slip past the US Patent Office.
But in the end it's just business as usual in corporate land. I find it hard to believe that they'd even bother with some anti-GPL conspiracy there. Most corporations don't fight crusades, anti-GPL or otherwise. Oh, obviously, and I didn't intend to imply anything of the sort. But regardless of Novell's intentions, they knew they were skirting close to the edge of the GPL in making the deal. They obviously decided that cutting a deal with Microsoft was worth the risk of testing the boundaries of the GPL. The FSF isn't out to wage a legal war on companies that consort with Microsoft, but it seems to me that, in the course of creatingthe GPL3, they would be interested in clarifying where the GPL stands on vague patent deals that might potentially infringe on the freedom of developers. If Novell finds that its crossed the boundaries of the GPL3, then that's entirely Novell's fault; it has enough lawyers to have known the risks involved.
Well, now that would be a great way for OSS to shoot itself in the foot. "Here, we'll give you some ideological crusade disguised as a license, and we can revoke it at any time for as little as making a deal with a corporation we don't like, or having more patents than we like, or also distributing some closed source programs we don't like, or simply because we've had a bad day and don't like you any more." Dunno about Novell, but I'm willing to bet that a lot of companies would drop Linux like a hot potato. Heck, I would, and I'm writing this in Linux. I think you've entirely misunderstand the issue. First, a quote of the original Novell press release:
Under the patent agreement, both companies will make up-front payments in exchange for a release from any potential liability for use of each others patented intellectual property, with a net balancing payment from Microsoft to Novell reflecting the larger applicable volume of Microsoft's product shipments. Novell will also make running royalty payments based on a percentage of its revenues from open source products. And now section 7 of the GPL (version 2):
7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. You don't have to be a lawyer to realise that Novell are, at the very least, treading close to the line here. The Novell-Microsoft deal implies that there are patent issues with GPLed software Novell sells, and that royalties are being paid by Novell to avoid litigation. The GPL says that software distributed under the license must incur no additional conditions on anyone who receives a copy. Novell isn't on very solid ground, though it seems like they might just make it through.
Now, even if Novell isn't quite violating the actual wording of the GPL, it's hard to argue they're not going counter to the spirit of the license. If the FSF wants to ensure that the GPL3 draws the line a little more clearly in this area, then its up to them. But they're not doing it just because Novell's getting close to Microsoft; they're doing it to clarify the legal issues surrounding vague patent deals.
And if Novell gets burned by that, well, they've got enough lawyers to have known what they were doing. They took a risk, and it may yet pay off, but if it all goes pear shaped, they've only got themselves to blame.
The value of a law like this is not actually to track the offenders. It's real value is to use as an additional charge once a violator has been caught. It keep the real habitual offenders in jail longer and makes plea bargaining result in longer terms.
An interesting perspective on it. One would also imagine that the good press such a law would generate for the politician proposing it would also be a factor.
The presence of Truecrypt on the base system will reveal the possibility that this is done. Any competent investigator will look. Especially when the partition sizes in use don't add up to the total size of the drive.
If a user has a 1GB Truecrypt volume, but has only used up 100M, this could be indicative of a hidden volume, or it could be that the user hasn't used up all the available free space on the volume. Even if the investigator suspected there was a hidden space, he'd need some evidence that the suspect had an additional encryption key over the one supplied.
Now, this could be found through surveillance of the suspect beforehand (keyloggers, hidden cameras, etc.), but that applies to encrypted USB sticks as well. In addition, there's a chance that your USB stick might be discovered, whilst there's no danger of the same thing happening to a Truecrypt volume. So far as I can see, an encrypted USB stick is considerably less secure than a hidden Truecrypt volume.
Of course, for extra security, why not a hidden Truecrypt volume on an encrypted USB stick?
Re:It's Hard Because it's being done wrong.
on
Why Software is Hard
·
· Score: 1
"Clearly better" is terribly ambiguous; for me, 'hard to understand'(or even 'harder to understand') is a solid indication that it may not actually be better. I disagree somewhat. Just because a programming concept is hard to understand (such as self-referential lazy lists) doesn't imply it is not useful once it is understood. And if a programming abstraction is useful, however difficult it may be to initially understand, then it seems to me that it would be worth using. However, you're right that "Clearly better" is ambiguous, and it really rather depends on what goals you have for the language.
Re:And unlike programmers, you're held accountable
on
Why Software is Hard
·
· Score: 1
If an architect designs a building that falls down, he's done.
But there's no accountability in writing software. It's going to be interesting watching what happens when accountability starts being applied to programmers. I can hear the whining already as the incompetents get forced into flipping burgers: "But I'm not incompetent, I just can't write code fast." I'm cuious how you would legally differentiate between code posted up on the web in the public domain, and a multi-million dollar bespoke software project.
Especially funny, considering the parent post which was blatantly sexist got modded up as insightful. I should point out that blatant sexism and insightful words are not necessarily mutually exclusive.
Re:It's Hard Because it's being done wrong.
on
Why Software is Hard
·
· Score: 1
I'm not sure it matters very much; if someone finds an abstraction that is clearly better, it will quickly be adopted. I'm not quite sure what the OP was on about, as their post was rather hard to parse (too much abstraction?). However, just because an abstraction is useful, doesn't mean that it will be widely adopted. The majority of programmers tend to be rather conservative in their choice of programming language, possibly due to familiarity, or possibly due to the available libraries for it (as new programming languages tend to have sparse standard libraries). Because of this conservatism, mainstream programming languages tend to be very verbose, with little complex abstraction.
However, whilst abstraction is certainly useful, I'm not sure it's necessarily easier, and that's where I disagree with the OP. For instance, if I were to write:
def fib(n):
seq = [1, 1]
for i in range(2, n):
seq.append(seq[i - 1] + seq[i - 2])
return seq
Then it would be pretty obvious what the fib function actually did. But if I were to write:
fib n = take n f
where f = 1 : 1 : zipWith (+) f (tail f)
Then it would be, perhaps, less obvious, even if it is more concise and abstract. To my eyes, a programmer lacking in experience would find the former code easier to understand than the latter. So I think that programming languages, especially mainstream languages would benefit from greater abstraction. But I don't think this would necessarily make them easier.
Better safe than sorry is more than an old saying your grandmother used while admonishing you to take an umbrella.
Rule 1 of IEDs - Make them look like something else. Rule 2 - Place them where they can do the most damage. By that logic we should blow up any object, no matter how innocuous is appears, that is placed in a potentially vulnerable location, just to be "better safe that sorry". See a rubbish bin by the side of the road? Summon the police! An old cardboard box? Call the bomb squad! A parked car? Alert the army!
There's a limit to what security precautions are reasonable, and blowing up random crap exceeds that by a large margin. The authorities of Boston are being mocked not because they took reasonable security precautions, but because they took very unreasonable ones. One would hope that authorities maintaining large cities would act responsibly. In this case, they acted like paranoid schizophrenics.
Here's what I don't get: this is the British police, not some elite hacking group. I think it's safe to say that no matter the level of security expertise of police computer experts, it's always going to be greater than the expertise of government IT staff.
In short, our Tables of Contents are automatically updated for us by the wiki engine. It's cool. Ah, I wasn't aware that MediaWiki could do that. Still... storing a cross-references on a Wiki page seems somewhat untidy to me. However, I can't think of any major practical disadvantages to the Wiki approach if cross-referencing languages to tasks is handled automatically, so it may be a reasonable solution despite my reservations.
Slashdot Mirror
Politics don't have very much to do with it. It's largely a pragmatic decision, rather than an ideological one.
I don't think it's accurate to say that 3D acceleration on Linux is necessarily better than Aqua and Aero, as it's currently more immature. However, the X based systems seem to me to be more flexible, with a more clearly defined architecture. When this reaches stability, it seems that Linux will enjoy a not insignificant advantage over its competitors. Until then, I'd have to consider it as not better, but perhaps "more promising".
Though I'd question whether long term it would be less expensive than doing a proper job. Still, when the bottom line is at stake, companies typically look to the present rather than plan for the future, so I can see why they might have just gone with the developer who bid the lowest price.
Still, not everyone is as well equipped as you or I, and I don't know of any equivalent system for Opera. I do agree with your main point. I just don't think that the market segment interested in purchasing from Walmart *only if* the site was usable outside of IE is large enough that their potential revenue would exceed even the incremental cost of maintaining a browser agnostic site. But if this were the case, why are so many banks and commercial websites browser agnostic, nowadays? Either Walmart's internet video site has sufficiently more complex client-side code (i.e. HTML and Javascript) to make the cost of changing more prohibitive (possible, but to my mind, unlikely), or the company hired to create the website is significantly more incompetent than the industry average.
In short, it's going to result in a lost percentage of potential users, hence a loss in revenue, hence a loss in profit. It's going to be a small percentage, but when you're dealing with millions of potential customers and tens, if not hundreds, of millions of potential dollars, a small percentage is suddenly a lot of money. Enough to justify the cost of making it standards compliant? Perhaps, perhaps not; but every other major website seems to consider it worth the price.
Or perhaps you are claiming that these zero day exploits are a recent and rare phenomenon?
I suspect that we'll see a great deal more virtualization in the future. Certainly that appears to be the direction the major players are moving in, and there are a number of problems that virtualization solves quite nicely. For Microsoft, the big attraction is, I suspect, the ability to easily retain backward compatibility. For server farms, the ability to run several operating systems on the same piece of hardware is a desirable way to cut costs. For minority operating systems, virtualization gives users the opportunity to run non-native applications. Abstraction from the underlying OS and hardware architectures has a great number of benefits, and hardware is becoming fast enough that performance issues can be solved through multiple cores, specialised hardware, and Moore's law.
If you do know what you're talking about, you'll be able to provide an extensive list of documented vulnerabilities in the Linux kernel that allow a remove attacker to fully compromise the system. Since these vulnerabilities are, in your words, showing up "weekly", you should have no problem in finding a good number.
A quick look at your posting history confirms you're a troll, but hell, I've already written a reply now.
That said, the side effects of global warming will likely result in a far higher death toll than terrorism. But at the same time, global warming is unlikely to cause as many human deaths as car accidents, HIV, cigarettes, swimming pools and all the other things that people commonly die from. Global warming is obviously an issue, but it's not going to cause climate change on the scale of Venus, because if the Earth's climate were that fragile, we wouldn't be here today.
Maybe it's just my experience with platformers in my youth, but I don't recall finding those Max Payne mini-levels particularly hard.
Funnily enough, that's just what they did. However, that has no connection whatsoever with the licensing deal Novell and Microsoft made, so I'm uncertain why you bring it up. The Novell-Microsoft deal was not about licensing a particular codec or technology, but general protection from vaguely worded patents that Microsoft has managed to slip past the US Patent Office. But in the end it's just business as usual in corporate land. I find it hard to believe that they'd even bother with some anti-GPL conspiracy there. Most corporations don't fight crusades, anti-GPL or otherwise. Oh, obviously, and I didn't intend to imply anything of the sort. But regardless of Novell's intentions, they knew they were skirting close to the edge of the GPL in making the deal. They obviously decided that cutting a deal with Microsoft was worth the risk of testing the boundaries of the GPL. The FSF isn't out to wage a legal war on companies that consort with Microsoft, but it seems to me that, in the course of creatingthe GPL3, they would be interested in clarifying where the GPL stands on vague patent deals that might potentially infringe on the freedom of developers. If Novell finds that its crossed the boundaries of the GPL3, then that's entirely Novell's fault; it has enough lawyers to have known the risks involved.
Now, even if Novell isn't quite violating the actual wording of the GPL, it's hard to argue they're not going counter to the spirit of the license. If the FSF wants to ensure that the GPL3 draws the line a little more clearly in this area, then its up to them. But they're not doing it just because Novell's getting close to Microsoft; they're doing it to clarify the legal issues surrounding vague patent deals.
And if Novell gets burned by that, well, they've got enough lawyers to have known what they were doing. They took a risk, and it may yet pay off, but if it all goes pear shaped, they've only got themselves to blame.
An interesting perspective on it. One would also imagine that the good press such a law would generate for the politician proposing it would also be a factor.
If a user has a 1GB Truecrypt volume, but has only used up 100M, this could be indicative of a hidden volume, or it could be that the user hasn't used up all the available free space on the volume. Even if the investigator suspected there was a hidden space, he'd need some evidence that the suspect had an additional encryption key over the one supplied.
Now, this could be found through surveillance of the suspect beforehand (keyloggers, hidden cameras, etc.), but that applies to encrypted USB sticks as well. In addition, there's a chance that your USB stick might be discovered, whilst there's no danger of the same thing happening to a Truecrypt volume. So far as I can see, an encrypted USB stick is considerably less secure than a hidden Truecrypt volume.
Of course, for extra security, why not a hidden Truecrypt volume on an encrypted USB stick?
However, whilst abstraction is certainly useful, I'm not sure it's necessarily easier, and that's where I disagree with the OP. For instance, if I were to write: Then it would be pretty obvious what the fib function actually did. But if I were to write: Then it would be, perhaps, less obvious, even if it is more concise and abstract. To my eyes, a programmer lacking in experience would find the former code easier to understand than the latter. So I think that programming languages, especially mainstream languages would benefit from greater abstraction. But I don't think this would necessarily make them easier.
Rule 1 of IEDs - Make them look like something else.
Rule 2 - Place them where they can do the most damage. By that logic we should blow up any object, no matter how innocuous is appears, that is placed in a potentially vulnerable location, just to be "better safe that sorry". See a rubbish bin by the side of the road? Summon the police! An old cardboard box? Call the bomb squad! A parked car? Alert the army!
There's a limit to what security precautions are reasonable, and blowing up random crap exceeds that by a large margin. The authorities of Boston are being mocked not because they took reasonable security precautions, but because they took very unreasonable ones. One would hope that authorities maintaining large cities would act responsibly. In this case, they acted like paranoid schizophrenics.