More eye candy usually leads to lower GUI performance. Just compare KDE3 and fvwm2 on the same machine. You can't infer OS performance in general from GUI performance alone.
I have a dual 350Mhz Pentium II w/ 256mb RAM running XP Pro and it's very snappy. For starters, go to Control Panel, System, Advanced, Performance, Settings and set it to "Adjust for best performance" on Visual Effects.
This is simply not going to work. Many open-source projects are funded by US government. Need I point out Precedents for Government Funding of Open Source Projects? They clearly believe in open source, or they would not allow for the code to be revealed.
This article is false. I just tried this in Word 2000 with a protected document. When I try to save it as HTML it brings up a dialog box saying that "some of the features in this document aren't supported by Web browsers" and "Password to unprotect document for tracked changes, comments and forms will be lost". In the resulting.html there is nothing about the password.
Clearly the article was a joke. The Credits at the end of it give it away: "Magnus from the Microsoft Security Response Center for his fast
responses and for showing a decent sense of humour.:-)"
I don't like talking to people... unless it's about work. I don't have much to talk about and just sit silent if the subject of the discussion is non-technical, because I don't have much interest in things outside of work. Oh and I make jokes that make people laugh for some reason, that's about all I can do socially. Oh and I can also talk about how I have nothing to talk about.
I am quite busy at work. And so I don't have any friends. When I come home from work I just want to rest, eat and sleep. That's my life. My present job took me months to find, and if I lose it, I'll be totally screwed, because I have 0 connections. Now how do I get these connections?!
The system can auto-engage a small rocket engine, making you safely fly over that car. Or it can actually send a signal to the other car, forcing it to stop.
A counter-question: does it matter? Suppose the cutting edge of research is in academia. Obviously industry is what actually gets products out to the customers. So, even though academia may be further ahead, it takes times to take their ideas and unpolished code and make them work in practical applications, and researchers are often not interested in doing that. So if you want to take something that you can use, you may just forget about academia unless you want to spend lots of time making a product out of stuff from research papers and then suffering the legal consequences...
He must refer to some non-standard digital certificates that Microsoft and no one else uses, shrouded in layers of undocumented APIs. Sounds kind of like getting NetBIOS connections table without using nbtstat.exe. Could be done, but good luck trying to do it!
How about modern papers that can help a wanna-be CS graduate student (who only has a BA) to find enough passion and specialization in the field to at least formulate a statement of purpose for graduate school? It's ok to suggest ones that are highly technical. I am trying to come up with a very rough outline of my future research program. I heard that without going into this level of detail one can't hope to get into a top CS graduate school in USA.
I am not accusing RoadRunner of anything. I can't blame them. I am not a business user. I was merely pointing out that, RoadRunner, while not a backbone provider, is a significant enough ISP to be "prepared", yet it didn't fully withstand the blackout.
Do spammers check whether email addresses in replies they get actually come from people they sent their messages to? I've been wondering what will happen if I reply to spammer X with forged sender address of spammer Y and reply to spammer Y with forged sender address of spammer X. Can try spoofing IP addresses of senders for good measure too... what do you think?
Isn't that precisely why SCO doesn't want to disclose the code publicly? They don't *want* a Linux fork that's free of their IP, because they won't be able to threaten users of completely SCO-less Linux. They don't want to give the offending code to IBM either, because they are afraid IBM will help make a SCO-less Linux fork.
Presumably the vendor can generate updates, which you can put on a floppy and read into the device, at which point the device will display the MD5 on a tiny LED screen and ask you to confirm that you want to install it. You press the green button and it puts it into programmable memory... not that hard to do hardware updates, really. One can add key authentication and other schemes on top of this to make it hard for someone to make a fake "update" site.
By a non-bridging configuration I meant a configuration where you don't actually check packets, you let them go through and check on machines periodically. Not the best approach, but doable.
Ok, so technically this hardware device is not much better than Snort, but at least it's cool:-)
The whole point is that the hardware that does just filtering is *less* general purpose than a computer (e.g. it is impossible to alter its configuration at all, in the extreme case) and so it may be easier to close attack entry points on it and prove it to be non-vulnerable... and I didn't assume a bridging configuration. If you assume a bridging configuration then it can be compromised (when I said compromised I assumed compromised in such a way that malware goes through), leaving all machines bridged from it vulnerable. Thus I have to disagree with your judgement.
The economy under DMCA is no longer free, since now the US government can arbitrarily eliminate companies that they don't like at any point in time by interpreting DMCA any way they feel like, because it leaves them tons of room for interpretation. You could say this isn't really different from the way things were before, but now it just makes it a lot easier for the government to do this.
Speed. Servers often are already too loaded to run more apps that check for signatures.
A hardware device is usually harder to hack than the software platform doing checking. A clever piece of malware can compromise the checking machine itself.
If checking is done by a secondary machine, by the time it detects the malware the infected machine may be significantly damaged already. A hardware device placed between the network and the machine, on the other hand, can stop things early enough.
The use of source packages would suggest that they contain fixes and workarounds for bugs present in the pure tarballs code or documented build processes. If that is the case, why aren't these things contributed back to the build instructions and tarballs? Configure goes through a long phase of tuning options to my particular system. If it can't do it right, it's worthless. There is no excuse for bugs.
I am struggling to understand the reasoning behind his assertions:
This is the alluring pitch of open source software. We may have to give up project planning, quality control, coding standards, accountability, version control, and support, but it's FREE and we get the ability to modify the source code ourselves, something that is extremely dangerous to do, was discredited decades ago, and few people do anyway.
For a closed-source project one cannot trust what the software's coding standards were. Open source projects' coding standards are there for everyone to see. A closed-source vendor often has no incentive to improve coding standards or quality, since they get to charge you for support for bugs that bad coding standards lead to. Why is modifying source code dangerous? If you can see the source, you can justify the cost of changes needed for some feature or bugfix. If you can't see it, the vendor can make up a high price estimate. Version control can be provided by a mature open-source tool called cvs.
I think the author is hopelessly confused. "Open source" software does not magically kill off third-party experts who can be paid to plan, do quality assurance and work on the code. In fact, because it's open, it is easier to become an expert!
While your aging, over-21 staff demands high salaries and benefits, and fusses with security, documentation, and project planning, cyber sapiens work for a few dollars an hour and can manage several projects in their heads without writing a single thing down.
Open source projects can always be documented because someone could always figure out the missing pieces from the source code, which is much easier than trying to figure out from binaries. Linux Documentation Project, for example, is a great resource. Microsoft's MSDN documentation is so poor that its online version often fails to find function names that I can directly browse to! Don't believe me? Go to MSDN Library and search for GetDiskFreeSpaceEx. No matches. Now browse to it by going up to the top level, Windows Development, Windows Base Services, Files and I/O, SDK Documentation, Storage, Storage Reference, Disk Management Reference, Disk Management Functions. See? It's right there! There are also countless errors in "quality" documentation like MSDN that don't get fixed.
Slashdot Mirror
More eye candy usually leads to lower GUI performance. Just compare KDE3 and fvwm2 on the same machine. You can't infer OS performance in general from GUI performance alone.
You can try starting regedit, going to HKEY_CURRENT_USER\Control Panel\Desktop and setting MenuShowDelay to 0.
I have a dual 350Mhz Pentium II w/ 256mb RAM running XP Pro and it's very snappy. For starters, go to Control Panel, System, Advanced, Performance, Settings and set it to "Adjust for best performance" on Visual Effects.
Can you please provide a reference for your assertion of Microsoft's ability to remotely deactivate Windows XP? I think you just made it up.
This is simply not going to work. Many open-source projects are funded by US government. Need I point out Precedents for Government Funding of Open Source Projects? They clearly believe in open source, or they would not allow for the code to be revealed.
Clearly the article was a joke. The Credits at the end of it give it away: "Magnus from the Microsoft Security Response Center for his fast responses and for showing a decent sense of humour. :-)"
I don't like talking to people... unless it's about work. I don't have much to talk about and just sit silent if the subject of the discussion is non-technical, because I don't have much interest in things outside of work. Oh and I make jokes that make people laugh for some reason, that's about all I can do socially. Oh and I can also talk about how I have nothing to talk about.
I am quite busy at work. And so I don't have any friends. When I come home from work I just want to rest, eat and sleep. That's my life. My present job took me months to find, and if I lose it, I'll be totally screwed, because I have 0 connections. Now how do I get these connections?!
Just wait until relaying someone else's illegally acquired data becomes illegal by law...
The system can auto-engage a small rocket engine, making you safely fly over that car. Or it can actually send a signal to the other car, forcing it to stop.
Can I see your problem and the proof you wrote? I am curious to see an example of induction leading to a wrong result.
A counter-question: does it matter? Suppose the cutting edge of research is in academia. Obviously industry is what actually gets products out to the customers. So, even though academia may be further ahead, it takes times to take their ideas and unpolished code and make them work in practical applications, and researchers are often not interested in doing that. So if you want to take something that you can use, you may just forget about academia unless you want to spend lots of time making a product out of stuff from research papers and then suffering the legal consequences...
He must refer to some non-standard digital certificates that Microsoft and no one else uses, shrouded in layers of undocumented APIs. Sounds kind of like getting NetBIOS connections table without using nbtstat.exe. Could be done, but good luck trying to do it!
They were able to sniff a cleartext password a normal user was using.
How about modern papers that can help a wanna-be CS graduate student (who only has a BA) to find enough passion and specialization in the field to at least formulate a statement of purpose for graduate school? It's ok to suggest ones that are highly technical. I am trying to come up with a very rough outline of my future research program. I heard that without going into this level of detail one can't hope to get into a top CS graduate school in USA.
I am not accusing RoadRunner of anything. I can't blame them. I am not a business user. I was merely pointing out that, RoadRunner, while not a backbone provider, is a significant enough ISP to be "prepared", yet it didn't fully withstand the blackout.
RoadRunner in Central New York lost connectivity then, affecting me for about a day.
Do spammers check whether email addresses in replies they get actually come from people they sent their messages to? I've been wondering what will happen if I reply to spammer X with forged sender address of spammer Y and reply to spammer Y with forged sender address of spammer X. Can try spoofing IP addresses of senders for good measure too... what do you think?
Isn't that precisely why SCO doesn't want to disclose the code publicly? They don't *want* a Linux fork that's free of their IP, because they won't be able to threaten users of completely SCO-less Linux. They don't want to give the offending code to IBM either, because they are afraid IBM will help make a SCO-less Linux fork.
Presumably the vendor can generate updates, which you can put on a floppy and read into the device, at which point the device will display the MD5 on a tiny LED screen and ask you to confirm that you want to install it. You press the green button and it puts it into programmable memory... not that hard to do hardware updates, really. One can add key authentication and other schemes on top of this to make it hard for someone to make a fake "update" site. By a non-bridging configuration I meant a configuration where you don't actually check packets, you let them go through and check on machines periodically. Not the best approach, but doable. Ok, so technically this hardware device is not much better than Snort, but at least it's cool :-)
The whole point is that the hardware that does just filtering is *less* general purpose than a computer (e.g. it is impossible to alter its configuration at all, in the extreme case) and so it may be easier to close attack entry points on it and prove it to be non-vulnerable... and I didn't assume a bridging configuration. If you assume a bridging configuration then it can be compromised (when I said compromised I assumed compromised in such a way that malware goes through), leaving all machines bridged from it vulnerable. Thus I have to disagree with your judgement.
The economy under DMCA is no longer free, since now the US government can arbitrarily eliminate companies that they don't like at any point in time by interpreting DMCA any way they feel like, because it leaves them tons of room for interpretation. You could say this isn't really different from the way things were before, but now it just makes it a lot easier for the government to do this.
The use of source packages would suggest that they contain fixes and workarounds for bugs present in the pure tarballs code or documented build processes. If that is the case, why aren't these things contributed back to the build instructions and tarballs? Configure goes through a long phase of tuning options to my particular system. If it can't do it right, it's worthless. There is no excuse for bugs.
For a closed-source project one cannot trust what the software's coding standards were. Open source projects' coding standards are there for everyone to see. A closed-source vendor often has no incentive to improve coding standards or quality, since they get to charge you for support for bugs that bad coding standards lead to. Why is modifying source code dangerous? If you can see the source, you can justify the cost of changes needed for some feature or bugfix. If you can't see it, the vendor can make up a high price estimate. Version control can be provided by a mature open-source tool called cvs.
I think the author is hopelessly confused. "Open source" software does not magically kill off third-party experts who can be paid to plan, do quality assurance and work on the code. In fact, because it's open, it is easier to become an expert!
Open source projects can always be documented because someone could always figure out the missing pieces from the source code, which is much easier than trying to figure out from binaries. Linux Documentation Project, for example, is a great resource. Microsoft's MSDN documentation is so poor that its online version often fails to find function names that I can directly browse to! Don't believe me? Go to MSDN Library and search for GetDiskFreeSpaceEx. No matches. Now browse to it by going up to the top level, Windows Development, Windows Base Services, Files and I/O, SDK Documentation, Storage, Storage Reference, Disk Management Reference, Disk Management Functions. See? It's right there! There are also countless errors in "quality" documentation like MSDN that don't get fixed.