Unlike other constructs, pointer are very hard to verify for correctness. For example, take the following function:
void readdata(char* s) {fgets(s,100,stdin);}
Is this function safe? There is no way we can tell just by reading the code of the function. We will have to read the whole program to see if there is any way this function could be called with a NULL, unallocated or undersized buffer.
Furthermore, if the buffer is undersized the function will likely appear to act correctly, but may cause an apparently unrelated failure somewhere else in the code, which makes pointer related errors much harder to track down.
We can use a safe C-like language such as Cyclone. But reading the huge number of rules that Cyclone enforces to make pointers safe only reinforces that it is hard it is to be 100% sure that a non-trivial use of a pointer is safe in a C program.
Further more I understand that ~50% of security holes are caused by misuse of pointers. Programmers *will* make mistakes, but programs written in "safe" languages save you from over half of them.
Having said that I write a lot of code in C. However most of it is fairly trivial stuff and not security critical.
Actually Linux runs the kernel in ring 0, so the kernel cannot use virtual memory. Thus each 100 Kb would be allocated from physical memory. Also if the kernel "process" were "killed" that would most definitely affect the rest of the OS.
As I recall, in the days prior to apt-get etc. getting binaries to run was a nightmare of incompatible libraries, so at least isn't any *harder* to get them to run.
You can probably just dchroot into the old root directory to get all your old applications from your previous install to run.
It would be nicer if this were more automated of-course.
Truth be told, it still is a cool thing. I'd love Mozilla to be my official interface to my hard drive as well as the web. Unfortunately, security in such a situation really is tough.
Actually, under the the current Linux (and Windows etc.) security model, seperating the web browser from the file browser does not gain much security. Although firefox doesn't need to read or write large numbers of random files across your home directory, this does not mean it cannot if someone takes control of it using a buffer overflow.
We could constrain firefox using a utility such as Plash. If Konqueror were designed with the Principle of Least Authority in mind we could run as a seperate process, each constrained in a different Plash environment, having only the rights that that particular tab needed (web access or file access, not both). This would allow us to have an integrated UI and enforce the Principle of Least Authority as well.
The only way to good security is to not give untrustworthy applications write access to all your files. There are far worse things they could do than add a few bookmarks, E.g. adding key loggers or (Sony) rootkits.
Ideally all applications would be run through something like the Principle of Least Authority shell which limits the applications so they can only access those files they actually need to function.
> The poster was trying to give you an idea of what it's like to be blind and was not trying to "compare Linux and Windows"
An my point was that your average F/OSS developer cannot really tell whether their app is usable by the blind, because they have no expirence trying to use software without using their eyes. Unless they get good bug reports, they cannot resonably be expected to make their software accessible.
The topic of this story was the gap between the F/OSS and disabled communities. However it seems more effort than it is worth to fully reconcile these communities; it would seems to be far more effecient and effective to have subgroups within the F/OSS community that specialise in accessibility, and have access to beta testers who can effectively judge the accessibility of software. IMHO, These subgroups should include e.g. the Gnome and KDE "Human Interface Guidelines" commitees and large corporation such as Sun that bid for contracts with accessibility requirements.
"first thing your going to do is take that blindfold off". Unfortunately this isn't that useful for comparing Linux and Windows, as I know of no way to use either without taking off my blindfold.
IMHO, the proposal to switch to ODF to be good for blind people. It has given a lot of publicity to the problems faced by the disabled. The KDE and GNOME teams have put a great deal of effort into making Linux accessible to normal people; and the KDE team seem to be eager to further there goals by making Linux accessible to people who face difficulties greater than normal. If we can get it to the point of having blind developers scratching itches, then Linux could become a quite nice OS. It already has the advantage of having been built on the principle that "everything is text".
I would expect that you would be welcome in any group that aims to make Linux more accessible (KDE & GNOME?) It would be interesting to hear your experiences with Linux. E.g. is there a programming language you can use? I imagine python would be a bit of a pain, with its visual layout. Do you use LaTeX or office --- I imagine that "What You See Is What You Get" is not the most popular acronym with the visually impaired.
Ofcourse. The MBR loads the stage 2 boot loader. This isn't much help though if the MBR fails to read in the stage 2 boot loader. (Apparently this isn't what happened here, though it seemed to be at first).
However... I was talking about a html link, i.e. a clickable link. There isn't much point in putting a full web browser in the boot loader, even in the stage 2 boot loader;)
Also if he really was "locked out of his computer" so bad that he couldn't even reinstall the Windows bootloader then either his HDD or BIOS is fscked and there isn't anything grub can do about it.
Perhaps you could provide a link to the forum where this was discussed? Although the webforum is not staffed by paid employees, it does sound as if more constructive solutions could have been proposed.
WTF!!! Are you trying to get your self killed? Refitting a helicopter without any formal qualifications? Do you think we charge $500 an hour to do something that some "software engineer" can do after chatting with their mates on a web forum???
Don't even try to fly the helicopter until we get someone over from London to fix it and certify it is in good condition... Yes, we know its expensive, but it is important to get it checked out every six months anyway. You are damn lucky that it didn't start, it could have crashed, killed everyone, been infected with spyware, leaked your credit card to phishers and deleted all your data.
[[Takes off real engineers hat]]
Yes it is unfortunate that out of 15 million installs, yours had to be the one that failed. It is also unfortunate that no-one knowledgeable was able to help you on the web forum. But you do catch more flies with honey you know, and otherwise you could always pop down to the local computer shop and reinstall your old boot-loader for $50, assuming you don't know how to do that yourself.
Systrace allows you do this with Linux. True capabilities (as in OO constraints rather than POSIX) are even more cool, as they actually make systems simpler by combining authority with designation. For example by saying "cat a" you are both giving cat access to the file "a" and telling cat that "a" is the file you want it to open.
PLASH is a hack that allows you to do something similar under Linux. E.g. it passes in rights to file opened with the GTK file open dialog so that you don't have to confirm that you want to open a files that you have already "passed in" by selecting them in a dialog box.
What the article comes down to is that user accounts are of little use to single user PCs. This is well known by security theorists (E.g. you don't need root access to put a keylogger in ~/.bashrc and steal your bank login info). As the author states, the Linux (and Windows and Novell and...) security model is designed to protect the system from the user, but assumes that the user trusts the software.
OTOH existing "Trusted code" initiatives are the equivalent of delcaring a root-only system secure, because you only let a few hundred "trusted" users log into that machine.
IMHO, Operating systems should move towards the "Principle of Least Authority", that each software module should have the least authority required to function. The ideal way of doing this is for the system to enforce ObjectOriented/Functional/Procedural constraints that all OO, functional and procedural programs define implicitly. For example, if you run "uncompress(const File A,File B)" then obviously "uncompress" does should not be able to access File C because File C is outside its scope. Likewise, if you click on "bunnies.doc" in Konqueror and Konqueror runs "OpenOffice(UI ui, FileSystem::open("~/bunnies.doc")), then OpenOffice should not be able to open "~/.bashrc" because OpenOffice was not passed FileSystem. OpenOffice would only be able to access "~/.bashrc" if it is passed the file by an object which has rights to "~/.bashrc", for example ui::FileOpenDialog. The EROS Operating system is built around this principle.
PLASH is an attempt to retrofit this principle into Linux, and Looks really promising. A program constrained by Plash can only open a file if it is passed it on the command-line or by a GTK fileopen dialogbox.
I find that you can get better pricing from standard SIP providers like SPANTALK (E.g. 10c untimed calls to Australia), and even the voice quality. Unfortunately, generic SIP clients are much harder to set up. For what ever reason SPANTALK doesn't work with kphone/linphone etc, but only really works with xtensoftphone. However... xtensoftphone has roughly 100 configureation options, all with non-standard names, and if they are wrong the only feedback you get is that it just doesn't work. It took me several days to get SPANTALK set up. For this reason I am forced to recommend packaged solutions like Skype to my non-geeky friends, where all they have to enter is their username and password.
Personally I think, that all configuration information should be stored in a single url so that the user of a generic SIP service only has to enter that single url.
Since this is slashdot & all I'd just like to point out that Skype worked fine for me under Linux, but under Windows XP (my sister's machine, honest!) I had huge troubles. First, the microsoft SP2 bluetooth stack doesn't support audio devices, (but does support interfereing with installing of the pre SP2 driver for my device, and the manufacturer went out of business before they released an SP2 compatible driver). Then it decided it didn't want to talk to the regular sound card either. YMMV ofcourse.
As it is, with everything constantly changing, you really wouldn't want to cite Wikipedia from an academic article. (If authors typically used proper citations, that would also be nice).
Perhaps there could be a flag to warn that an edit war was occuring.
The Ad hominem fallacy relates to the source of arguments rather than evidence.
E.g. A lawyer may argue that "the victim was shot, and the defendant was the only person in the basement with a gun, hence the defendant was guilty". In this case claiming that the lawyer is baised is a fallacy, of course the lawyer is biased but the strength of an argument is independant of who presents it.
OTOH, if the witness was biased, they might have been lying, so we would be unable to trust their testimony.
An encyclopedia primarily asserts facts rather than arguments. Hence an an hominem attack against the authors is almost always a valid argument.
Why you should drive a Ferrari (short version)
on
Why Use GTK+?
·
· Score: 2, Funny
Walking can be time consuming, driving a Ferrari is much faster. The Ferrari has the following features:
- A steering wheel for ease of navigation!
- Four wheels providing good stability, even while turning!
- Car seats, so you don't fall though the floor!
- There is even a vibrant community of fuel stations than can refuel your Ferrari!!!
Actually I really liked GTK, coming from Windows.
on
Why Use GTK+?
·
· Score: 1
Using Turbo C (admittedly a Borland product) to write GUI code under windows was a nightmare. It had hundreds of arcane "manpage" like descriptions for the graphics classes, and made you guess the correct way of stringing them together to actually do something useful. GTK, where the documentation told me *exactly* how to do what I wanted to do was a real breath of fresh air to me.
GTK may not be a single line of code, but at least it was a single cut-and-paste from the standard docs.
(I did find Delphi v2.0 was in principle very easy to use, but in practise it's bugs tended to bite).
Actually, standard versions of wrapper 'd be good.
on
Why Use GTK+?
·
· Score: 2, Insightful
Recently the PLASH project had to override the standard GTK file open dialog box to achieve certain security related aims. This was somewhat complicated by the fact that there is no standard GTK file open dialog box function;).
Also it would be one less function that has to be written and maintained across the thousands of projects that use GTK.
A better title would be "Why use a toolkit"?
on
Why Use GTK+?
·
· Score: 2, Interesting
It seems that most of the information would be true for any toolkit, and it isn't clear what toolkit they are attempting to contrast GTK+ with. The only alternative they mention is "writing your own UI code".
It doesn't seem to give any information about GTK+ itself, even what the difference between GTK+ and plain GTK is (I am guessing that GTK+ is simply the C++ bindings for GTK).
Basically, I think this introduction is too simplified and high level. I imagine that anyone who ever even considered writing their own GUI code directly above X or raw devices would immediately see the advantage of using a toolkit, and the only questions remaining would be "which one?" and "why GTK+ rather than e.g. GTK or QT?".
Possibly it is aimed purely at Windows developers. I remember that several years ago Windows GUI code was a beast to write, and I was amazed at how simple GTK was. If Windows is still that bad, I guess just listing GTK+'s features would be enough to make win32 developer's mouths water, but I'd still prefer the article if it made it clear that win32 is what it is comparing GTK+ to, and did a proper compare and contrast. That way I'd actually have a summary of what Microsoft has been up to in the last decade:).
Look, as computer scientists we know that people (i.e. designers) write viruses, they don't just "evolve". So clearly, the existence of viruses proves that God, the Original Intelligent Designer, must exist;)
Well yes, I fell to many of the fallacies of left wing propaganda as a kid. However the reason had as much to do with the fact that I was only given two options and right-wing propaganda made even less sense.
Left-wing propaganda at least had a purpose "i.e. saying x is rude and hurts peoples feelings" where as the right wings stuff just didn't have any purpose, it was just "because God says so in the Bible". But, having actually read the Bible I knew "God had said" lots of strange things most of which were kind of stupid, and they never gave any kind of *reason* for their rules.
It was only much later at university that I came across any kind of justification for the right wing POV that made as much sense as your average AC.
Currently I am of the "burn both their houses" point of view. I tend to vote for whichever party is making the least complete ass of themselves rather than limit myself to any particular ideological perspective.
The homosexual thing kind of makes sense as in "Homosexuals desire for the same gender is innate" and "Homosexuals choose to live with the same gender (just as heterosexuals *could* choose not to), but it isn't really any business of yours".
My real beef with the left wing propaganda is that they assume that anyone who doesn't conform to the ideal of socialist realism is either an oppressor or the oppressed. However it is now fairly obvious to me that the reason that most people choose to live the traditional lifestyle is not because anyone is holding them down but simply because they want to.
Slashdot Mirror
Furthermore, if the buffer is undersized the function will likely appear to act correctly, but may cause an apparently unrelated failure somewhere else in the code, which makes pointer related errors much harder to track down.
We can use a safe C-like language such as Cyclone. But reading the huge number of rules that Cyclone enforces to make pointers safe only reinforces that it is hard it is to be 100% sure that a non-trivial use of a pointer is safe in a C program.
Further more I understand that ~50% of security holes are caused by misuse of pointers. Programmers *will* make mistakes, but programs written in "safe" languages save you from over half of them.
Having said that I write a lot of code in C. However most of it is fairly trivial stuff and not security critical.
Actually Linux runs the kernel in ring 0, so the kernel cannot use virtual memory. Thus each 100 Kb would be allocated from physical memory. Also if the kernel "process" were "killed" that would most definitely affect the rest of the OS.
You can probably just dchroot into the old root directory to get all your old applications from your previous install to run.
It would be nicer if this were more automated of-course.
Actually, under the the current Linux (and Windows etc.) security model, seperating the web browser from the file browser does not gain much security. Although firefox doesn't need to read or write large numbers of random files across your home directory, this does not mean it cannot if someone takes control of it using a buffer overflow.
We could constrain firefox using a utility such as Plash. If Konqueror were designed with the Principle of Least Authority in mind we could run as a seperate process, each constrained in a different Plash environment, having only the rights that that particular tab needed (web access or file access, not both). This would allow us to have an integrated UI and enforce the Principle of Least Authority as well.
Ideally all applications would be run through something like the Principle of Least Authority shell which limits the applications so they can only access those files they actually need to function.
> The poster was trying to give you an idea of what it's like to be blind and was not trying to "compare Linux and Windows"
An my point was that your average F/OSS developer cannot really tell whether their app is usable by the blind, because they have no expirence trying to use software without using their eyes. Unless they get good bug reports, they cannot resonably be expected to make their software accessible.
The topic of this story was the gap between the F/OSS and disabled communities. However it seems more effort than it is worth to fully reconcile these communities; it would seems to be far more effecient and effective to have subgroups within the F/OSS community that specialise in accessibility, and have access to beta testers who can effectively judge the accessibility of software. IMHO, These subgroups should include e.g. the Gnome and KDE "Human Interface Guidelines" commitees and large corporation such as Sun that bid for contracts with accessibility requirements.
In this case "normal" meant "without a PhD in Linuxology" rather than "hearing" or "sighted".
IMHO, the proposal to switch to ODF to be good for blind people. It has given a lot of publicity to the problems faced by the disabled. The KDE and GNOME teams have put a great deal of effort into making Linux accessible to normal people; and the KDE team seem to be eager to further there goals by making Linux accessible to people who face difficulties greater than normal. If we can get it to the point of having blind developers scratching itches, then Linux could become a quite nice OS. It already has the advantage of having been built on the principle that "everything is text".
I would expect that you would be welcome in any group that aims to make Linux more accessible (KDE & GNOME?) It would be interesting to hear your experiences with Linux. E.g. is there a programming language you can use? I imagine python would be a bit of a pain, with its visual layout. Do you use LaTeX or office --- I imagine that "What You See Is What You Get" is not the most popular acronym with the visually impaired.
It strikes me that Sun will be thinking hard about the best way to meet accessibility requirements so that they can win this bid.
I heard they were the second most likely thing to cause fires, after heaters.
Ofcourse. The MBR loads the stage 2 boot loader. This isn't much help though if the MBR fails to read in the stage 2 boot loader. (Apparently this isn't what happened here, though it seemed to be at first).
However... I was talking about a html link, i.e. a clickable link. There isn't much point in putting a full web browser in the boot loader, even in the stage 2 boot loader ;)
Also if he really was "locked out of his computer" so bad that he couldn't even reinstall the Windows bootloader then either his HDD or BIOS is fscked and there isn't anything grub can do about it.
Perhaps you could provide a link to the forum where this was discussed? Although the webforum is not staffed by paid employees, it does sound as if more constructive solutions could have been proposed.
WTF!!! Are you trying to get your self killed? Refitting a helicopter without any formal qualifications? Do you think we charge $500 an hour to do something that some "software engineer" can do after chatting with their mates on a web forum???
Don't even try to fly the helicopter until we get someone over from London to fix it and certify it is in good condition... Yes, we know its expensive, but it is important to get it checked out every six months anyway. You are damn lucky that it didn't start, it could have crashed, killed everyone, been infected with spyware, leaked your credit card to phishers and deleted all your data.
[[Takes off real engineers hat]]
Yes it is unfortunate that out of 15 million installs, yours had to be the one that failed. It is also unfortunate that no-one knowledgeable was able to help you on the web forum. But you do catch more flies with honey you know, and otherwise you could always pop down to the local computer shop and reinstall your old boot-loader for $50, assuming you don't know how to do that yourself.
PLASH is a hack that allows you to do something similar under Linux. E.g. it passes in rights to file opened with the GTK file open dialog so that you don't have to confirm that you want to open a files that you have already "passed in" by selecting them in a dialog box.
OTOH existing "Trusted code" initiatives are the equivalent of delcaring a root-only system secure, because you only let a few hundred "trusted" users log into that machine.
IMHO, Operating systems should move towards the "Principle of Least Authority", that each software module should have the least authority required to function. The ideal way of doing this is for the system to enforce ObjectOriented/Functional/Procedural constraints that all OO, functional and procedural programs define implicitly. For example, if you run "uncompress(const File A,File B)" then obviously "uncompress" does should not be able to access File C because File C is outside its scope. Likewise, if you click on "bunnies.doc" in Konqueror and Konqueror runs "OpenOffice(UI ui, FileSystem::open("~/bunnies.doc")), then OpenOffice should not be able to open "~/.bashrc" because OpenOffice was not passed FileSystem. OpenOffice would only be able to access "~/.bashrc" if it is passed the file by an object which has rights to "~/.bashrc", for example ui::FileOpenDialog. The EROS Operating system is built around this principle.
PLASH is an attempt to retrofit this principle into Linux, and Looks really promising. A program constrained by Plash can only open a file if it is passed it on the command-line or by a GTK fileopen dialogbox.
Personally I think, that all configuration information should be stored in a single url so that the user of a generic SIP service only has to enter that single url.
Since this is slashdot & all I'd just like to point out that Skype worked fine for me under Linux, but under Windows XP (my sister's machine, honest!) I had huge troubles. First, the microsoft SP2 bluetooth stack doesn't support audio devices, (but does support interfereing with installing of the pre SP2 driver for my device, and the manufacturer went out of business before they released an SP2 compatible driver). Then it decided it didn't want to talk to the regular sound card either. YMMV ofcourse.
Cameron B, Makhlouf T, 2004, Prostate Cancer, Wikipedia, availiable http://en.wikipedia.org/wiki/Prostate_cancer#2004
As it is, with everything constantly changing, you really wouldn't want to cite Wikipedia from an academic article. (If authors typically used proper citations, that would also be nice).
Perhaps there could be a flag to warn that an edit war was occuring.
The Ad hominem fallacy relates to the source of arguments rather than evidence.
E.g. A lawyer may argue that "the victim was shot, and the defendant was the only person in the basement with a gun, hence the defendant was guilty". In this case claiming that the lawyer is baised is a fallacy, of course the lawyer is biased but the strength of an argument is independant of who presents it.
OTOH, if the witness was biased, they might have been lying, so we would be unable to trust their testimony.
An encyclopedia primarily asserts facts rather than arguments. Hence an an hominem attack against the authors is almost always a valid argument.
- A steering wheel for ease of navigation!
- Four wheels providing good stability, even while turning!
- Car seats, so you don't fall though the floor!
- There is even a vibrant community of fuel stations than can refuel your Ferrari!!!
GTK may not be a single line of code, but at least it was a single cut-and-paste from the standard docs. (I did find Delphi v2.0 was in principle very easy to use, but in practise it's bugs tended to bite).
Also it would be one less function that has to be written and maintained across the thousands of projects that use GTK.
It doesn't seem to give any information about GTK+ itself, even what the difference between GTK+ and plain GTK is (I am guessing that GTK+ is simply the C++ bindings for GTK).
:).
Basically, I think this introduction is too simplified and high level. I imagine that anyone who ever even considered writing their own GUI code directly above X or raw devices would immediately see the advantage of using a toolkit, and the only questions remaining would be "which one?" and "why GTK+ rather than e.g. GTK or QT?". Possibly it is aimed purely at Windows developers. I remember that several years ago Windows GUI code was a beast to write, and I was amazed at how simple GTK was. If Windows is still that bad, I guess just listing GTK+'s features would be enough to make win32 developer's mouths water, but I'd still prefer the article if it made it clear that win32 is what it is comparing GTK+ to, and did a proper compare and contrast. That way I'd actually have a summary of what Microsoft has been up to in the last decade
Look, as computer scientists we know that people (i.e. designers) write viruses, they don't just "evolve". So clearly, the existence of viruses proves that God, the Original Intelligent Designer, must exist ;)
Well yes, I fell to many of the fallacies of left wing propaganda as a kid. However the reason had as much to do with the fact that I was only given two options and right-wing propaganda made even less sense.
Left-wing propaganda at least had a purpose "i.e. saying x is rude and hurts peoples feelings" where as the right wings stuff just didn't have any purpose, it was just "because God says so in the Bible". But, having actually read the Bible I knew "God had said" lots of strange things most of which were kind of stupid, and they never gave any kind of *reason* for their rules.
It was only much later at university that I came across any kind of justification for the right wing POV that made as much sense as your average AC.
Currently I am of the "burn both their houses" point of view. I tend to vote for whichever party is making the least complete ass of themselves rather than limit myself to any particular ideological perspective.
The homosexual thing kind of makes sense as in "Homosexuals desire for the same gender is innate" and "Homosexuals choose to live with the same gender (just as heterosexuals *could* choose not to), but it isn't really any business of yours".
My real beef with the left wing propaganda is that they assume that anyone who doesn't conform to the ideal of socialist realism is either an oppressor or the oppressed. However it is now fairly obvious to me that the reason that most people choose to live the traditional lifestyle is not because anyone is holding them down but simply because they want to.