The Technion IIT (Closest thing to MIT we have in Israel) has a course which is essentially what was described:
http://webcourse.cs.technion.ac.il/234321
(Much of the informaton will be in Hebrew)
The course grade is 50% a project and 50% a final test. The project includes simulated 'client meetings' (with the TAs), building a requirements document (and meeting with the 'client' again to review these requirements), modeling the application in (eww) UML, and implementing it with tests - all of these are given approximately equal weight in grading. Project is submitted in parts, so if there's something wrong with the spec you've devised - you will be corrected so you don't get screwed later on. Project is done in groups of four.
Note: I absolutely despised this course.
IDF is only specifically concerned with RD&D players - that is LARPers.
By the way, their specific claim is that they are detached from reality... however, in Atuda - an IDF project that allows one to delay his recruitment and get a scollarship to complete a degree before being drafted - one of the popular majors is mathematics.:)
It'd have to be pretty slow WiFi then. 802.11B, the old, slow standard, is 11Mbps. I don't know about the states, but that's 5 times more bandwidth than the best DSL or Cable you can get in Israel. 802.11G, IIRC, gives you 54Mbps. So while yes, WiFi is slow compared to modern Ethernet, it's not at all slow when compared to ISPs.
Are these going to be digitally signed by the authority which releases them, and will whatever devices that 'read' them be equipped to verify the signature? I've been wondering why the don't do this for IDs, as signature verification (public/private, a la PGP) would make counterfeiting much harder, when combined with traiditional anti-counterfeiting measures.
Or will a distributed network of private-key-bruteforcing computers be enough to make short work of any such signature?
What mr. "You can run a clock AND a calculator at the SAME TIME with Windows 1.0!" here is basically saying, that out of the pie that is the money paid for a new computer, software vendors (Microsoft) should get a bigger piece (than the people who actually make the computer itself). They want the price of computer hardware to go down so it'll be easier for them to shove their malfunctioning OS down everyone's throat.
No siree bob. I paid good money for a powerful, reliable set of electronics components. Software is the instruction manual for them to work. Instruction manuals should be Free. Go OSS!
No, that's not it... I'm running OpenBox, and it doesn't create a noticable performance hit (compared UT2004 to with Openbox or without). By the way, you don't even need an xterm. A good way to run games is with xinit - give the full path to the binary, and an X server will pop up running just your game (and shut down when you leave). Works particularily well if you want two X displays - one for the game, and one for other stuff (instant messaging, web-based UT server management and the like).
This is why Free Software tends to be more secure. The project managers tend to be programmers, not non-techy businessmen. They understand the concepts of "still needs work" and "not ready yet" even if a product is late. Commercial software vendors would rather release a program on time and hide any last-minute security flaws that pop up (to be fixed in some patch, which is perhaps another profit generator). Open Source projects, lead by the programmers themselves, will usually prefer to hold back a new version if they feel it's not reliable enough for release. Besides, that's what developer versions are for.
Same here - usually. However, I have the demo installed on both Windows XP and Linux (Gentoo Linux, 2.6 vanilla kernel), and get significantly better performance - 10-15fps - on Windows.
GeForce FX 5700 Ultra
Abit NF7 (nForce II) running an AMD Athlon XP 2600 at 1830.176 Mhz.
1024x768, medium quality, no AA
It might, however, be services that I'm running... although all of them show up at top as using 0.0 CPU. I suspect that the situation will be different a few patches from now - UT2004's performance has certainly improved.
I don't see why e-voting machines have to be running such complicated programs - Windows, for example. What the hell for? If it were up to me, an e-voting machine would be a box with two buttons on it. The buttons would be labeled for the appropriate candidates, and pressing a button would increment the counter for that candidate. Once a button is pressed, the machine gives an audible beep and waits for 60 seconds before any button can be pressed - and the officials make sure that no individual has any more than 30 seconds inside the booth (they should make the actual decision outside). When the day is over, the box is unlocked (it would have a traditional, physical lock) and connected to a printer/monitor via some port which is inside the box (read: box has to be unlocked or broken to connect for output). Finally, the inside of the box also has a 'reset' button, and an uptime timer (to make sure the box has actually been counting for as long as the operator thinks it has). More complicated situation? Add buttons. I can't imagine any scenario that would mandate a machine running software complex enough to run a frickin VBScript interpreter.
Uhh, no, he's not dissing Linux at all. He's saying that one big supercomputer (running Linux, perhaps) will get you more price-performance (bang per buck, I guess) than a Linux cluster.
I think that's the only way we can start to generate some user-awareness to spyware. Every time a site tries to install any software or run a script with any elevated priveleges, the screen should go absolutely blank and stall for 2 seconds, then flash a giant VIRUS WARNING message in blinking red text, and sound a klaxon on the speakers. Then the "do you want to install?" message should appear in a size 6 font, followed by two buttons: A 5x5 pixel dark-gray (remember, the background is black) button for "Yes", and a 200x200 green button for "Yes".
And maybe then people will hesitate to install spyware. I don't know how much good that will do either.
I've never had a problem with microphone ports on sound cards. Both OSS and ALSA have great support for most cheap cards (I'm sure ALSA has a comprehensive list on their site). My latest box has an nForce2 with onboard sound, and its microphone port works perfectly using ALSA (great for UT2004).
I don't think it would make sense to make a USB headset, when basically it's a pair of earphones and a microphone - it should plug into the preexisting ports.
Why the hell should we not be expecting spyware? Spyware is indeed extremely improbable in open source software, but here's a great example - Skype - of an application that is not open sourced. Linux does not inherently make spyware impossible - it's just that most software that is used with Linux is open-source, and therefore easily freed of spyware.
Skype could indeed contain spyware. We can and will probably use the flexibility of various firewalling and sniffing utilities to block it.
Microsoft certainly does not make all of the components in a running Windows system. First of all, I'm pretty sure that most people running Windows are not running any Microsoft hardware except for perhaps a mouse, keyboard, and/or gaming peripheral. So your setup is not 100%-microsoft - it's not even close if you take hardware into account. It gets a lot closer when you look at macs, but nowadays even they use (modified) versions of commodity hardware, such as nVidia and ATI graphics cards. Also, last time I checked, commodity hardware was a good thing, seeing as it drives competition over price and quality.
Now, as for your software department - just take a look at drivers. If you're using an nVidia or ATI card, you are probably using their drivers. Microsoft, as far as I know, did NOT write those, and yet they are an integral part of the system (so integral, as a matter of fact, that nVidia drivers have been known to bring X on Linux to a screeching halt).
Also, if I am not mistaken, Windows uses BSD's TCP/IP stack. True, today the code is maintained by Microsoft coders, but I can't imagine them having needed to completely overhaul it - they are using a modified version of a product (piece of code) that was manufactured (written) by someone else.
And last but not least, a major factor keeping people on Windows is software that is written for it, which they can't do without or find a replacement for which runs on their target OS. Guess what? Most of that software isn't written by Microsoft either. Many people swear by Adobe Photoshop, and don't switch to Linux because they find The Gimp inadequate. Others want to play their favorite computer games, which simply do not work [well] on Linux. And even if, say, their favorite computer game is Microsoft Flight Simulator or Microsoft's Age of Empires - yep, that's right. Microsoft didn't make those. They just bought them.
A large, complex product is best manufactured by multiple specialty manufacturers which adhere to well-known standards. F/OSS supporters know this. Microsoft knows this as well.
Perhaps they are trying to make the point that these things are so cheap, that after 1000 hours they can just be dismantled and rebuilt - with the same extremely-low cost? Maybe businesses will even be able to buy an OLED recycling machine... If this is the case, a business with too many 15" OLED displays would be able to replace them with fewer, bigger ones:)
That's what Mandrake Linux, for example, does (I'm sure many other *nix distributions do as well). Once installation is finished, a small component goes online and downloads all important patches which were made available since the CD it's sitting on was burnt. This makes sense to me from a security standpoint - it should be far easier to secure a single program with independent network code, than a fully up-and-running system.
What's the point of running Linux under Windows? I can only see one purpose: it makes cross-development of applications a bit easier - and then it's not much better than cygwin.
So you gain the ability to run Linux applications natively on Windows. So what? All of the good ones work on Windows anyway... OO.o, Mozilla, Apache, MySQL (I think). The only reason anyone runs those on Linux is because its faster (often) and more stable (almost always) than Windows. The article is a bit misleading in that it makes you thing you have Windows and Linux running in parallel... it's actually Windows running a Linux kernel. So you still can't get it to be any more stable nor faster than Windows.
The other way around would be great: Have Linux run Windows applications natively. Wine is doing a good job, but they still have a long way to go.
IIRC, SCO gave a timeframe (12 hours, I believe) for fixing the problem, while the so-called attack was in progress. Doesn't this prove they are lying?
How likely are we to be able to nuke 'em once we see them? How likely are we to see those anyway? We've had several near-misses that we only detected after the asteroid passed us...
We must remember, however, that Linux can detect the flaws much earlier (more manpower with access to the source), and Windows generally starts counting from the first exploit:)
You do need either physical access or the admin password to get the hashes, don't you?
Also, just curious: Is anything considered more secure than a hash?
Slashdot Mirror
The Technion IIT (Closest thing to MIT we have in Israel) has a course which is essentially what was described: http://webcourse.cs.technion.ac.il/234321 (Much of the informaton will be in Hebrew) The course grade is 50% a project and 50% a final test. The project includes simulated 'client meetings' (with the TAs), building a requirements document (and meeting with the 'client' again to review these requirements), modeling the application in (eww) UML, and implementing it with tests - all of these are given approximately equal weight in grading. Project is submitted in parts, so if there's something wrong with the spec you've devised - you will be corrected so you don't get screwed later on. Project is done in groups of four. Note: I absolutely despised this course.
IDF is only specifically concerned with RD&D players - that is LARPers. By the way, their specific claim is that they are detached from reality... however, in Atuda - an IDF project that allows one to delay his recruitment and get a scollarship to complete a degree before being drafted - one of the popular majors is mathematics. :)
It'd have to be pretty slow WiFi then. 802.11B, the old, slow standard, is 11Mbps. I don't know about the states, but that's 5 times more bandwidth than the best DSL or Cable you can get in Israel. 802.11G, IIRC, gives you 54Mbps. So while yes, WiFi is slow compared to modern Ethernet, it's not at all slow when compared to ISPs.
Are these going to be digitally signed by the authority which releases them, and will whatever devices that 'read' them be equipped to verify the signature? I've been wondering why the don't do this for IDs, as signature verification (public/private, a la PGP) would make counterfeiting much harder, when combined with traiditional anti-counterfeiting measures. Or will a distributed network of private-key-bruteforcing computers be enough to make short work of any such signature?
What mr. "You can run a clock AND a calculator at the SAME TIME with Windows 1.0!" here is basically saying, that out of the pie that is the money paid for a new computer, software vendors (Microsoft) should get a bigger piece (than the people who actually make the computer itself). They want the price of computer hardware to go down so it'll be easier for them to shove their malfunctioning OS down everyone's throat. No siree bob. I paid good money for a powerful, reliable set of electronics components. Software is the instruction manual for them to work. Instruction manuals should be Free. Go OSS!
It would seem that the developers of Unix had a lot of fun trying to skew the statistics so that e would not be the most common English letter.
No, that's not it... I'm running OpenBox, and it doesn't create a noticable performance hit (compared UT2004 to with Openbox or without). By the way, you don't even need an xterm. A good way to run games is with xinit - give the full path to the binary, and an X server will pop up running just your game (and shut down when you leave). Works particularily well if you want two X displays - one for the game, and one for other stuff (instant messaging, web-based UT server management and the like).
This is why Free Software tends to be more secure. The project managers tend to be programmers, not non-techy businessmen. They understand the concepts of "still needs work" and "not ready yet" even if a product is late. Commercial software vendors would rather release a program on time and hide any last-minute security flaws that pop up (to be fixed in some patch, which is perhaps another profit generator). Open Source projects, lead by the programmers themselves, will usually prefer to hold back a new version if they feel it's not reliable enough for release. Besides, that's what developer versions are for.
Same here - usually. However, I have the demo installed on both Windows XP and Linux (Gentoo Linux, 2.6 vanilla kernel), and get significantly better performance - 10-15fps - on Windows. GeForce FX 5700 Ultra Abit NF7 (nForce II) running an AMD Athlon XP 2600 at 1830.176 Mhz. 1024x768, medium quality, no AA It might, however, be services that I'm running... although all of them show up at top as using 0.0 CPU. I suspect that the situation will be different a few patches from now - UT2004's performance has certainly improved.
I don't see why e-voting machines have to be running such complicated programs - Windows, for example. What the hell for? If it were up to me, an e-voting machine would be a box with two buttons on it. The buttons would be labeled for the appropriate candidates, and pressing a button would increment the counter for that candidate. Once a button is pressed, the machine gives an audible beep and waits for 60 seconds before any button can be pressed - and the officials make sure that no individual has any more than 30 seconds inside the booth (they should make the actual decision outside). When the day is over, the box is unlocked (it would have a traditional, physical lock) and connected to a printer/monitor via some port which is inside the box (read: box has to be unlocked or broken to connect for output). Finally, the inside of the box also has a 'reset' button, and an uptime timer (to make sure the box has actually been counting for as long as the operator thinks it has).
More complicated situation? Add buttons. I can't imagine any scenario that would mandate a machine running software complex enough to run a frickin VBScript interpreter.
Damn, that's either a real cheap mainframe, or Windows is a helluva lot more expensive than I remember it to be.
Uhh, no, he's not dissing Linux at all. He's saying that one big supercomputer (running Linux, perhaps) will get you more price-performance (bang per buck, I guess) than a Linux cluster.
I think that's the only way we can start to generate some user-awareness to spyware. Every time a site tries to install any software or run a script with any elevated priveleges, the screen should go absolutely blank and stall for 2 seconds, then flash a giant VIRUS WARNING message in blinking red text, and sound a klaxon on the speakers. Then the "do you want to install?" message should appear in a size 6 font, followed by two buttons: A 5x5 pixel dark-gray (remember, the background is black) button for "Yes", and a 200x200 green button for "Yes". And maybe then people will hesitate to install spyware. I don't know how much good that will do either.
I've never had a problem with microphone ports on sound cards. Both OSS and ALSA have great support for most cheap cards (I'm sure ALSA has a comprehensive list on their site). My latest box has an nForce2 with onboard sound, and its microphone port works perfectly using ALSA (great for UT2004). I don't think it would make sense to make a USB headset, when basically it's a pair of earphones and a microphone - it should plug into the preexisting ports.
Why the hell should we not be expecting spyware? Spyware is indeed extremely improbable in open source software, but here's a great example - Skype - of an application that is not open sourced. Linux does not inherently make spyware impossible - it's just that most software that is used with Linux is open-source, and therefore easily freed of spyware.
Skype could indeed contain spyware. We can and will probably use the flexibility of various firewalling and sniffing utilities to block it.
Microsoft certainly does not make all of the components in a running Windows system. First of all, I'm pretty sure that most people running Windows are not running any Microsoft hardware except for perhaps a mouse, keyboard, and/or gaming peripheral. So your setup is not 100%-microsoft - it's not even close if you take hardware into account. It gets a lot closer when you look at macs, but nowadays even they use (modified) versions of commodity hardware, such as nVidia and ATI graphics cards. Also, last time I checked, commodity hardware was a good thing, seeing as it drives competition over price and quality. Now, as for your software department - just take a look at drivers. If you're using an nVidia or ATI card, you are probably using their drivers. Microsoft, as far as I know, did NOT write those, and yet they are an integral part of the system (so integral, as a matter of fact, that nVidia drivers have been known to bring X on Linux to a screeching halt). Also, if I am not mistaken, Windows uses BSD's TCP/IP stack. True, today the code is maintained by Microsoft coders, but I can't imagine them having needed to completely overhaul it - they are using a modified version of a product (piece of code) that was manufactured (written) by someone else. And last but not least, a major factor keeping people on Windows is software that is written for it, which they can't do without or find a replacement for which runs on their target OS. Guess what? Most of that software isn't written by Microsoft either. Many people swear by Adobe Photoshop, and don't switch to Linux because they find The Gimp inadequate. Others want to play their favorite computer games, which simply do not work [well] on Linux. And even if, say, their favorite computer game is Microsoft Flight Simulator or Microsoft's Age of Empires - yep, that's right. Microsoft didn't make those. They just bought them. A large, complex product is best manufactured by multiple specialty manufacturers which adhere to well-known standards. F/OSS supporters know this. Microsoft knows this as well.
Perhaps they are trying to make the point that these things are so cheap, that after 1000 hours they can just be dismantled and rebuilt - with the same extremely-low cost? Maybe businesses will even be able to buy an OLED recycling machine... If this is the case, a business with too many 15" OLED displays would be able to replace them with fewer, bigger ones :)
That's what Mandrake Linux, for example, does (I'm sure many other *nix distributions do as well). Once installation is finished, a small component goes online and downloads all important patches which were made available since the CD it's sitting on was burnt. This makes sense to me from a security standpoint - it should be far easier to secure a single program with independent network code, than a fully up-and-running system.
...I thought the whole point of windows is that they're supposed to be translucent. :)
It really depends on the game, obviously... Half-Life, for one, would really kick ass as a movie - if done properly. So would Max Payne.
What's the point of running Linux under Windows? I can only see one purpose: it makes cross-development of applications a bit easier - and then it's not much better than cygwin. So you gain the ability to run Linux applications natively on Windows. So what? All of the good ones work on Windows anyway... OO.o, Mozilla, Apache, MySQL (I think). The only reason anyone runs those on Linux is because its faster (often) and more stable (almost always) than Windows. The article is a bit misleading in that it makes you thing you have Windows and Linux running in parallel... it's actually Windows running a Linux kernel. So you still can't get it to be any more stable nor faster than Windows. The other way around would be great: Have Linux run Windows applications natively. Wine is doing a good job, but they still have a long way to go.
IIRC, SCO gave a timeframe (12 hours, I believe) for fixing the problem, while the so-called attack was in progress. Doesn't this prove they are lying?
How likely are we to be able to nuke 'em once we see them? How likely are we to see those anyway? We've had several near-misses that we only detected after the asteroid passed us...
We must remember, however, that Linux can detect the flaws much earlier (more manpower with access to the source), and Windows generally starts counting from the first exploit :)
You do need either physical access or the admin password to get the hashes, don't you? Also, just curious: Is anything considered more secure than a hash?