Wow, I hand't heard. This is really big news. When did Microsoft Open-Source windows?
Seriously, though, what makes you think that this alliance is solely, or even primarily, aimed at out-marketing GNOME? From what (little) I have seen, the KDE folk, or at least the core developers, tend to treat GNOME by ignoring it as much as humanly possible. Basically, they just don't care. This seems to be a very sane approach, especially compared with the vitriol that I have seen from the GNOME core. Serious Open Source users know about KDE/KDE 2 and don't need any more info or propaganda (which is very unlikely to change their viewpoint, anyway). If I were influential in the KDE league, I know I would be aiming squarely at newbies who are still a little lost, to present the options to them more than anything else, and Windows users who would love to escape, but don't know how.
Oh my, what an eloquent and tightly-argued response. Your wit has quite won me over and your obvious extreme intelligence simply dazzles me.
I must admit I was leaning towards a contrary view to your own, but now I can do no other than wholeheartedly agree with whatever you say, simply on the basis of this masterful rebutal.
I've heard it said that Yourdon is an evangelist, not a practitioner. In other words, he talks a lot but doesn't do much.
You may be interested in checking out Tom DeMarco, who is most definitely a practitioner of the art. A very interesting exercise is to read one of his early books, where he is evangelizing, such as "Structured Analysis and System Specification", then immediately read "Peopleware", which is a collection of hard-gained wisdom from years of experience. It's really amusing what he has to say about Methodologies, which he himself has evangelized.
True, I recall the same, now that you remind me. The problem was that Californian regulations stipulated a tri-phase catalytic converter that would reduce CO, NOx and VOCs. Now, lean-burns have lower VOC and CO outputs than conventional engines after conversion, so such a converter makes absolutely no sense, but it is required by CA law... The tri-phase converter raises the exhaust pressure beyond what a lean-burn engine can work with, so lean-burns are in practice illegal in California. A mono-phase NOx converter would have been quite practical, but the authoroties had a regulation, and that was all that mattered to them.
All of the above is subject to memory, which should not be assumed fully reliable.
Actually, the catalytic converter is a very good argument for the point you seem to be arguing against. A Japanese company (Honda, I think) had a lean-burn engine that emitted less polution than conventional engines with converters. Because of US (read: Californian) regulations requiring converters, they were unable to introduce cars powered by these engines to the States. The result was more polution than would have been the case if the regulations had not applied, at least in this case. This is a problem with mandating means rather than results, and is widespread in American government ($10,000 hammer, anyone?).
While there would be no guarantee that a few hundred polution sources would be any more sensibly regulated than many million cars are, at least correcting regulatory screw-ups would be a lot easier.
Rambus multiplexes the heck out of everything, to get lower pin counts. Address selection involves sending a string of values accross the bus. Data comes back in a burst of values. To get even similar performance, the Rambus architecture has to run their narrower bus several times faster and faster parallel busses have more problems - their harder to synchronize, have higher energy emissions and hence potentially more cross-talk and they are subject to resonant interference at shorter distances. This last was the problem that tubed the Intel three-slot controllers. Rambus thought they were clever enough to work around these problems, which aparantly they weren't.
They also seem to have failed to find out the frequency of different memory access modes (burst sequntial vs. random, what lengths predominate etc.) in a typical system, so they produced a system tuned for long sequential data burst. This resulted in high latencies which kill Rambus performance in typical useage (though it should really fly in streaming applications).
I'm not sure, but it looks somewhat like the court gave Microsoft what the feds requested for MS, while it gave the feds what MS requested for them. In the process, MS ends up on the short end. A subtle way for the court to tell MS not to play games?
Hmm, let's see. 125 pages from the feds + 25 pages from the states who are also suing = 150 pages. Gosh! That's the same as the court is allowing Microsoft. Who'd a thunk it!
You cannot logically make the statement that AMD is cheaper without making relative comparisons for the new chips to their new chips.
Well... to paraphrase the old Greek saw, "Beware how picky you act, for the Gods may be pickier!"
You cannot logically deduce that AMD will be - the original poster was predicting, after all - but you given recent history you can logically induce the relative pricings. Logicians do study inductive logic as well these days, you know.
Not everything is Aristotelian (or Platonic).
Please infer plentiful smiley faces, this post is tounge-in-cheek.
As everyone else has pointed out, way too obvious. I mean, come on - divide by 0?? Not to mention the deliberate (sp.?) and shallow misunderstanding of the subject.
But, seeing as you changed the subject to phoney math, how about this:
1 = 1 (right?)
1 = 1 * 1
1 = -1 * -1
so:
1 * 1 = -1 * -1
now x = y => sqrt(x) = sqrt(y),
so:
sqrt( 1 * 1 ) = sqrt( -1 * -1 )
and as we all know, sqrt( x * x ) = x,
so:
1 = -1!
Much more satisfying - no divide by 0! Just the cavalier assumption that sqrt is a single valued function and some blythe disregard for the domain of the values discussed.
wouldn't you start your sentence, regardless of the appellate process?
Yes, he would. Which brings up an interesting point: Judge Jackson placed interim procedural remedies on M$, which he lifted when the Justice Department applied to have the procedure "fast-tracked" to the Supreme Court. Now that the whole mess has been sent back through the normal appeals procedure, shouldn't the procedural remedies be reapplied?
This is unfair, you are not giving NASA its full due with respect to safety. Everyone knows that their real-estate is inspected by Russian building inspectors and passes with flying colours (colors to USians:-)
TANSTAAFL was invented by a SciFi author (Heinlein if I am not mistaken) and used in his fiction. Hence, the parent of this thread was a QUOTE and as such is totally exempt from grammatical rules. If you have a problem, take it up with the original author (but you'll have to hold a seance to do so:-)
The more money that "moves around" (i.e. the more buying and selling that occurs), the stronger the economy, or so I've been told. The more people save money, the less it moves around, and the velocity of money goes down.
Well now, are you actually saying that savings are a BAD THING(tm)? I don't think most economist would agree with you. Whether a lower velocity is indicative of a strong or a week economy depends entirely upon the reason the money is being saved.
If an economy is in deflation (like the Japanese one), people hang onto cash because prices are likely to fall, forcing prices down even more. Here an increase in monetary velocity would increase the health of the economy.
Conversely, consider an economy that is in hyperinflation. Noone wants to hold cash for any lenght of time, because it rapidly loses its value. Velocity sky-rockets. Is this a healthy economy?
If money is being saved to invest in future production (however indirectly) the savings will probably improve the health of the economy. If money is being spent because of rising incomes and confidence in the future, the increased spending will probably improve the health of the economy, but only if there is spare capacity to absorb the extra spending. Otherwise, inflation will result.
Economics is like that. The very same change in an economic metric can be good or bad, depending on the circumstances. BTW, IANAE.
but it's not "idiots like me" that invented suitcase nuke bombs, biological weapons, and Ryder trucks
No indeed, the first two were invented by government munitions developers. The last is not really all that relevant to the discussion as stolen vehicles are even more anonymous than rented ones.
Just as a point of reference though, somewhere between 5,000 and 10,000 Americans die in traffic accidents each year (sorry, I don't recall the accurate figures and am too lazy to look them up). How many US citizens were killed by terrorists in the entire last decade? Probably not even 1,000. Should we therefore ban cars?
IT IS THE DUTY OF THE GOVERNMENT TO PROTECT ME AND MY FAMILY
And what, pray tell, constrains a government to perform its "duty"? There is no such thing as absolute safety, any more than there is absolute freedom. It's all relative and there is a balance to be struck. Where that balance lies depends on many things such as socially accepted values and technological capabilities. Simply pompously proclaiming the "the government has a duty" will acheive nothing, the work of building the institutions that ensure the good behaviour of the government is far harder than that.
What kind of a personal tragedy will it take for you to understand that there are certain realities that make your Franklinesque fantasy world a logistical impossibility?
More to the point, what kind of national obscenity will it take to open your eyes to the danger of government misbehaviour?
What killed more people last century (and every century before), terrorism or unrestrained government? (If you answer terrorism, you have obviously forgotten the "big three" murderers of the 20th century, Hitler, Stalin and Mao).
I agree that those who refuse to live by the rules of a civilized society and commit willful murder and mayhem should lose the protection of the said society's rules, but that doesn't justify abandoning those rules for everyone. The issue here is not whether law enforcement agancies should be allowed to spy on known or suspected (provided there is good, solid reason for suspicion) killers, the issue is whether an untrustworthy agency should be allowed to spy on everyone in the country. If you say "yes", consider that you are putting in place the tools for a Despot who may kill you with no more compunction than the terrorist you fear.
Just because the US democracy has never fallen to totalitarian rule does not mean it can - after all it happened in Russia and Germany both in the 20th century.
This technology is something the OS community should really keep an eye on. Simply being able to run winzzzz at the same time as linux/BSD/Be/whatever is interesting enough. But that's just the start of the possibilities here.
With Open Source Plex86, it will be really easy to build a custom reverse engineering tool. Want a parallel port scanner? Don't have the protocol? Log all the output to the printer port. Easier said than done under winzzzz - unless its running under Plex86, which is already intercepting the I/O. Simply re-write the I/O traps in Plex86 (OK, not so simply, but certainly do-able) and log the traffic for later analysis. Same goes for WinModems. Possibly even for graphics cards with PCI/AGP I/O.
This is really exiting, and these are just the start. Support this project, folks, it's worth it!
I don't know whether full disclosure is a good idea or not, but I do know that this whole argument is specious and devoid of merit or even real meaning. The fact is, the only way to really KNOW whether full disclosure is better or worse in outcome than hidden reporting would be to set up two, otherwise identical, non-comminicating populations one of which used full disclosure and the other of which used hidden reporting. Measure the relative cost of maintainance and repair after attack in both and then you know for certain (unless the two are so close that there is little to choose anyway).
This is obviously impossible.
Your moralistic reasoning is a poor third choice in this imperfect world (yes, third choice). To discuss this topic even remotely meaningfully you would have to know (and Disclose!:-) the following:
1) How long is the delay from disclosure to fix (min, max, mean or equivalent other distribution characteristics) for both approaches? 2) What is the usage curve for script kiddies after public disclosure? 3) How likely is the flaw to be detected and circulated amongst the "black hat" community, what probability/time curve does this follow?
A fourth issue, which I will simply skirt over is how long it takes maintainers to apply a publicized security patch? The answer is usually far too long (going on never). Whether this is because of overworked/lazy/incompetent administrators or clueless managers or greedy, penny wise, pound foolish companies is a whole other question (left as an exercise for the reader). I will say that I strongly suspect that the reason for the prevelance of script kiddies is poor pushing appaling avarage administration WRT security, not the availability of cracker kits (to which, most of the time, defenses are already available but not implemented).
Unless you have answers or reasonable approximations to the above questions and are prepared to do the (difficult) math, you are simply venting hot air (as are your opponents).
If you can prove your point, please do so. If not, please go fart somewhere else, it stinks enough around here already.
Uh, yes, it is hard to make a "tamper proof chip". Smart cards have been "broken" by timing responses and measuring current draws. But surely you don't think that a hardware solution is easier to crack than a "closed" driver, do you? I work as a driver writer and in house we have developed "wrappers" for sterio video output. The same techniques would let you trace into any "closed" driver quite easily with a kernel-level debugger such as WinDebug (yuck!) or SoftIce. When Plex86 hits the streets for real, it will be quite easy to add tracing code to watch I/O to any card with a "closed" driver. What price "security through closure" then?
If I was a card manufacturer with proprietory technology to protect, I would definitely be burying it in hardware and "dumbing down" the interface as much as I possibly could without hurting performance.
Microsoft has done one thing that no other computer company or organization has even approached accomplishing. They developed an OS that can support an extremely wide range of hardware, and brought computing to what you would refer to as the average user. This is a common myth, but there really isn't any truth in it. Before Windows, before DOS even, there were Unix and CP/M, which were both supported on a wide range of hardware. Unix over more architectures, but CPM probably supported more different hardware peripherals and more weird CPU buses. There were also CP/M derivatives such as MP/M and concurrent DOS (and DRI DOS) that ran on all the early IMB and compatible systems.
So perhaps microsoft brought the GUI to IMB PC land? *Wrong!!* Before Windows there was GEM, which was in most ways superior. There were also many character-mode semi-graphic shells. MS didn't innovate, they copied furiously and still would not have been where they are Today if DRI hadn't fumbled their early dealings with IBM.
In my view, if Microsoft had not existed, we would be in a pretty similar position now in personal computing but probably wouldn't have a nasty, exploitative monopolist trying to deny users any choice or freedom, or at least not as effective a monopolist. We wouldn't be any further behind and, given the drag that I believe MS is exerting on the whole industry, might well be a lot further ahead.
Also, what happens if you upgrade the motherboard? Suddenly you have a different BIOS, and bye-bye recovery disc. No doubt M$ will claim that that is a "different" machine. I say that's garbage - the old mobo is not running windoze in any form and the CPU box is still there. It's the SAME machine, just a better mobo (could GM charge you again if you changed the engine in your car?). This is just another case of an abusive corporation abusing its customers. If these CDs aren't illegal, the law is broken.
This is true, but not particularly relevant to the original question. The answer to that is that the "bandwidth" of the atmosphere is for all practical purposes infinite. Even if you have only a narrow band to use, communications can be either directional or local (or both). For local transmission, simply use low powered transmitters that are not detectable beyond a limited range. For directional, use something like a laser, maser or phased-array transmitter. Either of these approaches allows a vast increase in the total throughput over a simple "broadcast everywhere" approach. Of course, they have their own headaches, like crossing cell boundaries and tracking directions, but in theory the amount of information that you could send is much greater than the amount that you would in practice want to send.
Exactly. The issue is not whether Linux is secure or not but whether or not it can be proven secure with current methods. As current methods require an algorithmic functional specification which can be logically proven consistent and coherent and Linux most definitely DOES NOT possess such specifications, Linux cannot currently be proven in this limited, theoretical sense.
So what is the issue? It could equally validly be any of the following (and no doubt others):
Perhaps Linux really cannot be trusted (in the common-sense meaning of the word, rather than the formal, mathematical meaning in the lecture).
Perhaps proof mechanisms are inherently too limited to be applied to all real-world situations.
Perhaps current proof mechanisms are too simplistic and promitive to handle something like open source but future approaches will provide useful metrics. For instance, though logical consistency proofs may be forever outside the realms of this approach, perhaps stochastic methods will give probability scores that, though not absolute, are nonetheless useful.
Take your pick, they are equally plausible to me. I personally have serious doubts about the certainty that formal methods instill in some. They are all based at some point on assumptions of fact that may be true now but could be overturned by new technologies. For instance, a proof of a crypto method might assume that computing is in some sense inherently serial. Look what happens to such a proof if quantum computing takes off and essentially infinite parallel processing algorithms arrive.
Still, whatever you feel, understand that the professor almost certainly means something different from you when he says "trusted".
Slashdot Mirror
Wow, I hand't heard. This is really big news. When did Microsoft Open-Source windows?
Seriously, though, what makes you think that this alliance is solely, or even primarily, aimed at out-marketing GNOME? From what (little) I have seen, the KDE folk, or at least the core developers, tend to treat GNOME by ignoring it as much as humanly possible. Basically, they just don't care. This seems to be a very sane approach, especially compared with the vitriol that I have seen from the GNOME core. Serious Open Source users know about KDE/KDE 2 and don't need any more info or propaganda (which is very unlikely to change their viewpoint, anyway). If I were influential in the KDE league, I know I would be aiming squarely at newbies who are still a little lost, to present the options to them more than anything else, and Windows users who would love to escape, but don't know how.
Oh my, what an eloquent and tightly-argued response. Your wit has quite won me over and your obvious extreme intelligence simply dazzles me.
I must admit I was leaning towards a contrary view to your own, but now I can do no other than wholeheartedly agree with whatever you say, simply on the basis of this masterful rebutal.
I've heard it said that Yourdon is an evangelist, not a practitioner. In other words, he talks a lot but doesn't do much.
You may be interested in checking out Tom DeMarco, who is most definitely a practitioner of the art. A very interesting exercise is to read one of his early books, where he is evangelizing, such as "Structured Analysis and System Specification", then immediately read "Peopleware", which is a collection of hard-gained wisdom from years of experience. It's really amusing what he has to say about Methodologies, which he himself has evangelized.
True, I recall the same, now that you remind me. The problem was that Californian regulations stipulated a tri-phase catalytic converter that would reduce CO, NOx and VOCs. Now, lean-burns have lower VOC and CO outputs than conventional engines after conversion, so such a converter makes absolutely no sense, but it is required by CA law... The tri-phase converter raises the exhaust pressure beyond what a lean-burn engine can work with, so lean-burns are in practice illegal in California. A mono-phase NOx converter would have been quite practical, but the authoroties had a regulation, and that was all that mattered to them.
All of the above is subject to memory, which should not be assumed fully reliable.
Actually, the catalytic converter is a very good argument for the point you seem to be arguing against. A Japanese company (Honda, I think) had a lean-burn engine that emitted less polution than conventional engines with converters. Because of US (read: Californian) regulations requiring converters, they were unable to introduce cars powered by these engines to the States. The result was more polution than would have been the case if the regulations had not applied, at least in this case. This is a problem with mandating means rather than results, and is widespread in American government ($10,000 hammer, anyone?).
While there would be no guarantee that a few hundred polution sources would be any more sensibly regulated than many million cars are, at least correcting regulatory screw-ups would be a lot easier.
Rambus multiplexes the heck out of everything, to get lower pin counts. Address selection involves sending a string of values accross the bus. Data comes back in a burst of values. To get even similar performance, the Rambus architecture has to run their narrower bus several times faster and faster parallel busses have more problems - their harder to synchronize, have higher energy emissions and hence potentially more cross-talk and they are subject to resonant interference at shorter distances. This last was the problem that tubed the Intel three-slot controllers. Rambus thought they were clever enough to work around these problems, which aparantly they weren't.
They also seem to have failed to find out the frequency of different memory access modes (burst sequntial vs. random, what lengths predominate etc.) in a typical system, so they produced a system tuned for long sequential data burst. This resulted in high latencies which kill Rambus performance in typical useage (though it should really fly in streaming applications).
I'm not sure, but it looks somewhat like the court gave Microsoft what the feds requested for MS, while it gave the feds what MS requested for them. In the process, MS ends up on the short end. A subtle way for the court to tell MS not to play games?
Hmm, let's see. 125 pages from the feds + 25 pages from the states who are also suing = 150 pages. Gosh! That's the same as the court is allowing Microsoft. Who'd a thunk it!
Duh...
You cannot logically make the statement that AMD is cheaper without making relative comparisons for the new chips to their new chips.
Well... to paraphrase the old Greek saw, "Beware how picky you act, for the Gods may be pickier!"
You cannot logically deduce that AMD will be - the original poster was predicting, after all - but you given recent history you can logically induce the relative pricings. Logicians do study inductive logic as well these days, you know.
Not everything is Aristotelian (or Platonic).
Please infer plentiful smiley faces, this post is tounge-in-cheek.
As everyone else has pointed out, way too obvious. I mean, come on - divide by 0?? Not to mention the deliberate (sp.?) and shallow misunderstanding of the subject.
But, seeing as you changed the subject to phoney math, how about this:
1 = 1 (right?)
1 = 1 * 1
1 = -1 * -1
so:
1 * 1 = -1 * -1
now x = y => sqrt(x) = sqrt(y),
so:
sqrt( 1 * 1 ) = sqrt( -1 * -1 )
and as we all know, sqrt( x * x ) = x,
so:
1 = -1!
Much more satisfying - no divide by 0! Just the cavalier assumption that sqrt is a single valued function and some blythe disregard for the domain of the values discussed.
wouldn't you start your sentence, regardless of the appellate process?
Yes, he would. Which brings up an interesting point: Judge Jackson placed interim procedural remedies on M$, which he lifted when the Justice Department applied to have the procedure "fast-tracked" to the Supreme Court. Now that the whole mess has been sent back through the normal appeals procedure, shouldn't the procedural remedies be reapplied?
This is unfair, you are not giving NASA its full due with respect to safety. Everyone knows that their real-estate is inspected by Russian building inspectors and passes with flying colours (colors to USians :-)
TANSTAAFL was invented by a SciFi author (Heinlein if I am not mistaken) and used in his fiction. Hence, the parent of this thread was a QUOTE and as such is totally exempt from grammatical rules. If you have a problem, take it up with the original author (but you'll have to hold a seance to do so:-)
The more money that "moves around" (i.e. the more buying and selling that occurs), the stronger the economy, or so I've been told. The more people save money, the less it moves around, and the velocity of money goes down.
Well now, are you actually saying that savings are a BAD THING(tm)? I don't think most economist would agree with you. Whether a lower velocity is indicative of a strong or a week economy depends entirely upon the reason the money is being saved.
If an economy is in deflation (like the Japanese one), people hang onto cash because prices are likely to fall, forcing prices down even more. Here an increase in monetary velocity would increase the health of the economy.
Conversely, consider an economy that is in hyperinflation. Noone wants to hold cash for any lenght of time, because it rapidly loses its value. Velocity sky-rockets. Is this a healthy economy?
If money is being saved to invest in future production (however indirectly) the savings will probably improve the health of the economy. If money is being spent because of rising incomes and confidence in the future, the increased spending will probably improve the health of the economy, but only if there is spare capacity to absorb the extra spending. Otherwise, inflation will result.
Economics is like that. The very same change in an economic metric can be good or bad, depending on the circumstances. BTW, IANAE.
An operating system is better if it has more bugs and more users??? Vulnerability = bugs * users!!!
"does not mean it can" should, of course, have read "does not mean it cannot". Too quick to click, and missed "preview" to boot. *sigh*
but it's not "idiots like me" that invented suitcase nuke bombs, biological weapons, and Ryder trucks
No indeed, the first two were invented by government munitions developers. The last is not really all that relevant to the discussion as stolen vehicles are even more anonymous than rented ones.
Just as a point of reference though, somewhere between 5,000 and 10,000 Americans die in traffic accidents each year (sorry, I don't recall the accurate figures and am too lazy to look them up). How many US citizens were killed by terrorists in the entire last decade? Probably not even 1,000. Should we therefore ban cars?
IT IS THE DUTY OF THE GOVERNMENT TO PROTECT ME AND MY FAMILY
And what, pray tell, constrains a government to perform its "duty"? There is no such thing as absolute safety, any more than there is absolute freedom. It's all relative and there is a balance to be struck. Where that balance lies depends on many things such as socially accepted values and technological capabilities. Simply pompously proclaiming the "the government has a duty" will acheive nothing, the work of building the institutions that ensure the good behaviour of the government is far harder than that.
What kind of a personal tragedy will it take for you to understand that there are certain realities that make your Franklinesque fantasy world a logistical impossibility?
More to the point, what kind of national obscenity will it take to open your eyes to the danger of government misbehaviour?
What killed more people last century (and every century before), terrorism or unrestrained government? (If you answer terrorism, you have obviously forgotten the "big three" murderers of the 20th century, Hitler, Stalin and Mao).
I agree that those who refuse to live by the rules of a civilized society and commit willful murder and mayhem should lose the protection of the said society's rules, but that doesn't justify abandoning those rules for everyone. The issue here is not whether law enforcement agancies should be allowed to spy on known or suspected (provided there is good, solid reason for suspicion) killers, the issue is whether an untrustworthy agency should be allowed to spy on everyone in the country. If you say "yes", consider that you are putting in place the tools for a Despot who may kill you with no more compunction than the terrorist you fear.
Just because the US democracy has never fallen to totalitarian rule does not mean it can - after all it happened in Russia and Germany both in the 20th century.
This technology is something the OS community should really keep an eye on. Simply being able to run winzzzz at the same time as linux/BSD/Be/whatever is interesting enough. But that's just the start of the possibilities here.
With Open Source Plex86, it will be really easy to build a custom reverse engineering tool. Want a parallel port scanner? Don't have the protocol? Log all the output to the printer port. Easier said than done under winzzzz - unless its running under Plex86, which is already intercepting the I/O. Simply re-write the I/O traps in Plex86 (OK, not so simply, but certainly do-able) and log the traffic for later analysis. Same goes for WinModems. Possibly even for graphics cards with PCI/AGP I/O.
This is really exiting, and these are just the start. Support this project, folks, it's worth it!
I don't know whether full disclosure is a good idea or not, but I do know that this whole argument is specious and devoid of merit or even real meaning. The fact is, the only way to really KNOW whether full disclosure is better or worse in outcome than hidden reporting would be to set up two, otherwise identical, non-comminicating populations one of which used full disclosure and the other of which used hidden reporting. Measure the relative cost of maintainance and repair after attack in both and then you know for certain (unless the two are so close that there is little to choose anyway).
:-) the following:
This is obviously impossible.
Your moralistic reasoning is a poor third choice in this imperfect world (yes, third choice). To discuss this topic even remotely meaningfully you would have to know (and Disclose!
1) How long is the delay from disclosure to fix (min, max, mean or equivalent other distribution characteristics) for both approaches?
2) What is the usage curve for script kiddies after public disclosure?
3) How likely is the flaw to be detected and circulated amongst the "black hat" community, what probability/time curve does this follow?
A fourth issue, which I will simply skirt over is how long it takes maintainers to apply a publicized security patch? The answer is usually far too long (going on never). Whether this is because of overworked/lazy/incompetent administrators or clueless managers or greedy, penny wise, pound foolish companies is a whole other question (left as an exercise for the reader). I will say that I strongly suspect that the reason for the prevelance of script kiddies is poor pushing appaling avarage administration WRT security, not the availability of cracker kits (to which, most of the time, defenses are already available but not implemented).
Unless you have answers or reasonable approximations to the above questions and are prepared to do the (difficult) math, you are simply venting hot air (as are your opponents).
If you can prove your point, please do so. If not, please go fart somewhere else, it stinks enough around here already.
Thank you, have a nice day.
One OS to rule them all,
One OS to find them,
One OS to bring them all,
and in the darkness bind them.
bind them? Is this a TCP session (Tolkein Corrution Protocol;-)?
Uh, yes, it is hard to make a "tamper proof chip". Smart cards have been "broken" by timing responses and measuring current draws. But surely you don't think that a hardware solution is easier to crack than a "closed" driver, do you? I work as a driver writer and in house we have developed "wrappers" for sterio video output. The same techniques would let you trace into any "closed" driver quite easily with a kernel-level debugger such as WinDebug (yuck!) or SoftIce. When Plex86 hits the streets for real, it will be quite easy to add tracing code to watch I/O to any card with a "closed" driver. What price "security through closure" then?
If I was a card manufacturer with proprietory technology to protect, I would definitely be burying it in hardware and "dumbing down" the interface as much as I possibly could without hurting performance.
Microsoft has done one thing that no other computer company or organization has even approached accomplishing. They developed an OS that can support an extremely wide range of hardware, and brought computing to what you would refer to as the average user.
This is a common myth, but there really isn't any truth in it. Before Windows, before DOS even, there were Unix and CP/M, which were both supported on a wide range of hardware. Unix over more architectures, but CPM probably supported more different hardware peripherals and more weird CPU buses. There were also CP/M derivatives such as MP/M and concurrent DOS (and DRI DOS) that ran on all the early IMB and compatible systems.
So perhaps microsoft brought the GUI to IMB PC land? *Wrong!!* Before Windows there was GEM, which was in most ways superior. There were also many character-mode semi-graphic shells. MS didn't innovate, they copied furiously and still would not have been where they are Today if DRI hadn't fumbled their early dealings with IBM.
In my view, if Microsoft had not existed, we would be in a pretty similar position now in personal computing but probably wouldn't have a nasty, exploitative monopolist trying to deny users any choice or freedom, or at least not as effective a monopolist. We wouldn't be any further behind and, given the drag that I believe MS is exerting on the whole industry, might well be a lot further ahead.
To sum
Also, what happens if you upgrade the motherboard? Suddenly you have a different BIOS, and bye-bye recovery disc. No doubt M$ will claim that that is a "different" machine. I say that's garbage - the old mobo is not running windoze in any form and the CPU box is still there. It's the SAME machine, just a better mobo (could GM charge you again if you changed the engine in your car?). This is just another case of an abusive corporation abusing its customers. If these CDs aren't illegal, the law is broken.
This is true, but not particularly relevant to the original question. The answer to that is that the "bandwidth" of the atmosphere is for all practical purposes infinite. Even if you have only a narrow band to use, communications can be either directional or local (or both). For local transmission, simply use low powered transmitters that are not detectable beyond a limited range. For directional, use something like a laser, maser or phased-array transmitter. Either of these approaches allows a vast increase in the total throughput over a simple "broadcast everywhere" approach. Of course, they have their own headaches, like crossing cell boundaries and tracking directions, but in theory the amount of information that you could send is much greater than the amount that you would in practice want to send.
Exactly. The issue is not whether Linux is secure or not but whether or not it can be proven secure with current methods. As current methods require an algorithmic functional specification which can be logically proven consistent and coherent and Linux most definitely DOES NOT possess such specifications, Linux cannot currently be proven in this limited, theoretical sense.
So what is the issue? It could equally validly be any of the following (and no doubt others):
Perhaps Linux really cannot be trusted (in the common-sense meaning of the word, rather than the formal, mathematical meaning in the lecture).
Perhaps proof mechanisms are inherently too limited to be applied to all real-world situations.
Perhaps current proof mechanisms are too simplistic and promitive to handle something like open source but future approaches will provide useful metrics. For instance, though logical consistency proofs may be forever outside the realms of this approach, perhaps stochastic methods will give probability scores that, though not absolute, are nonetheless useful.
Take your pick, they are equally plausible to me. I personally have serious doubts about the certainty that formal methods instill in some. They are all based at some point on assumptions of fact that may be true now but could be overturned by new technologies. For instance, a proof of a crypto method might assume that computing is in some sense inherently serial. Look what happens to such a proof if quantum computing takes off and essentially infinite parallel processing algorithms arrive.
Still, whatever you feel, understand that the professor almost certainly means something different from you when he says "trusted".