I've avoided the 2.6 kernel and use 2.4 because make menuconfig (yes, there's a plain text file too) because its too bloody confusing.
I find the 2.6 menuconfig alot better than the one for 2.4. Maybe you are just used to the 2.4 way? Whatever has been done with X.org makes X a lot faster now.
Might be Xdamage and friends. I think binary, closed source drivers should be allowed into the main kernel.
Will not happen (impossible license-wise). Maybe it would make installing the ATI drivers and Nvidia drivers easier for the rest of us.
At least nvidia-drivers are not harder to install than on windows. If there are problems, they are not linux problems, but problems of the distro. ATI drivers are another issue, but even there being "allowed into the main kernel" wouldnt help (because devs still couldnt debug it). And I always get some RTFA jerk (there's plenty of nice people though). Perhaps, I've read as much as I can understand and can't use the same technical jargon.
Sometimes the questions that someone asks without understanding of some concepts are completely absurd. Better ask on a friendly IRC channel, where people can clarify what you are after faster. I dont think this is worse than on windows. Actually help resources (IRC, forums, mailinglists) are a lot better for linux than for Windows. As is the commercial support that you can buy (for example Ubuntu 1 yr for the prize of a Windows OEM). I think what is killing Linux is the frequent changes to the way things are done (kernel, X)
No, not doing this kills everybody else (to much backwards compability is a burden. There are emulators for that.) and a high threshold of learning which makes it too hard to convert to.
That wont kill linux. It will only slow down adoption (but it wont affect the existing userbase). I'm comfortable enough using Slackware, but there is still a lot to be done before I replace Windows with Linux.
Almost nobody wants people to get completely rid of windows (quote Linus: "... that will be a completely unintentional side effect"). For most people it would be enough, if there isnt an implicit expectation that every desktop machine runs also a copy of windows.
I doubt someone you know would send you a virus.
If he knows about the virus that might be true. But if that would be the case the problem wouldnt even exist.
don't accept rar files from people you don't know. And, if you do, don't run random executables inside them?
Why are RARs from people I know any better?
but why not take a hash of a hash ?
Because breaking the hash means finding two documents resulting in the same hash. If the first hash ist the same for both documents all hashes of hashes will be the same too.
What you could do is using different hash-algos, but it increases the amount of code to be managed and reviewed thoroughly (security by obscurity rarely works). And it increases the size of the digest - SHA-256 does that too but it keeps the algorithm simple.
1. Is it practical? (I don't think so.) How big is an image to be considered "huge" and create a dent?
You are right. 2^69 is still huge. 6.7E+7 TB. And then you need something to hide in in addition. 2. Wouldn't adding more data create a better separation? (ie. avalance effect?)
Since IIRC SHA-1 flips almost half the bits for each block, the separation doesnt gain much after two or three blocks, because it is statistically already totally unrelated to the original. And since the change in the message (contract text) affects probably two or three blocks, you dont loose much anymore.
Obviously you didn't watch last night's episode of Battlestar Galactica...
(handwaving) There was no Battlestar Galactica on TV yesterday.
At least not here.
Reading the story plot didnt enlighten me at all about what you are trying to say. Please be a bit more specific.
If it actually achieves near-native performance right now, how much better can it get?
It is at 1:4 to 1:5 speeds without the accelerator. With the accelerator the ratio is claimed to be between 1:1 and 1:2. I don't think there's much money up for grabs here, to be honest. But that depends on how good it really is right now.
Depends. If he sells the accelerator to a company and releases the source a few month later under the GPL it might be interesting. A bit like the wine/winex stuff started. If the company manages this in a honest and clever way (unlike transgaming) it might be interesting for the linux community and the company.
Basically, I think Fabrice Bellard just shouted: "I am willing to double-licence this cool stuff.". qemu was already a good alterative to VMware without the accelerator.
With a 3D video card driver for a windows guest OS (closed source by the company) it will be a killerapp.
I presume that finding two colliding contracts both written in a meaningful and legally binding language is harder than finding a simple collision.
Write the contract in MS Word and use huge uncompressed BMPs for the company logos. You have instantly enough space for subtile changes to create collisions.
1) Would someone be willing to pay $38 million (assuming this is correct) to get my credit card number - probably not.
He needs to pay the 38 million only once and can get a million every second day - sounds like a good deal. But OTOH his interest might be different, as you said in your bank merger example. However, there are things that are worth a lot although it is not as obvious as in this case. (Research stuff leading to military and industrial advantages.)
Hardware-accelerated PDF viewers, huh? Aqua beat already does that.
Well and before Aqua beat there were "hardware-accelerated postscript viewers" - but they were normally just called "printers".
And why put a changelog (which should be pretty static) behind a CGI?
Well, it seems to be on a moinmoin-Wiki. Maybe the devs were just used to using it, and did not expect a direct posting of the ChangeLog on/..
true.
Actually the software is Windows XP Home and StarOffice in the link in the first example. This is a better link:
PC Builder, Software
It shows the price for software added to a complete system at a big german store.
Microsoft Windows XP Home Edition, System-builder 79 EUR
Microsoft Office 2003 Basic (just preinstalled) 177 EUR
(IANAL yadda, yadda, but as a sidenote: OEM restrictions to software are not enforcable in germany)
A fair assessment of what they do pay is the difference between otherwise identical configurations with and without Windows. That is what I wanted to find, and so I went shopping. I thought this would be a relatively straightforward number to get. Silly me.
It is a relatively straightforward number to get: 100 EUR.
source: http://siggelkow.de/ (just an example)
Give me tactical shooters like Operation Flashpoint, Ghost Recon and Rainbow Six and I'll get rid of Windows on my home computer.
Starsky voice: Do it. DO it. http://www.truecombat.com/intro.php
Making a gentoo-based LiveCD once were hard handwork since you couldnt just use a knoppix CD as a base and modify it to your needs. However it has been done: SystemRescueCd. gentoo catalyst should make this stuff much easier in the future.
Maybe we should bundle OSS like Microsoft does with the OS and WMP and IE.
Fractions available:
- Slackware and emacs
- debian and vi
- gentoo and kile
- SuSE and nano
- Mandrake and gedit
- Linspire and ted
(Im not sure about these - fractions should be choosen in a way that most people who love the distro hate the editor and vice versa - This way flamewars might actually start to get interesting...)
HAHAHA. Seriously, I am running a gentoo desktop system for more than a year and I run it (except thunderbird and gaim) all from stable and this is far from stable. Every unstable debian box is more stable.
Well, Im running gentoo since Nov 2002. Only a few minor hickups on the way - nothing serious.
And after such a long time, you ask yourself, WTF! why do I compile each package? It doesn't get faster, it just needs enormous time.
Brilliant - it took you a year to realize that? I guess you are not the fastest...
You can use KDE in gentoo, but you should know what you are up to. If you like KDE be prepared for long compile times - Gosh, it doesnt take a genius to realize that.
Back on topic: There are much fewer things to compile for a server, especially no bloated almost-monolitic C++ desktop enviroments...
So for the guys, who are thinking about trying gentoo: If you like KDE, be aware that it is a monster to compile. If you prefer *box/XCFE/fvwm/other lean WM go ahead (you might still end up prefering debian,Slack,FC, though).
But please dont bitch about gentoo because you needed a year to realize that KDE is a huge fucker.
Does that include chumps who can't spell "breaks?"
Depends on the number of languages in which they can spell correct. Or if they can at least set their quotation marks right...
No, you're completely wrong. Think about it - they're discussing how long it takes to upgrade their server, which, on Gentoo, includes compile time.
8:00 Common Vulnerabilities and Exposures publishes a security problem 9:00 A patch is available 9:30 The affected project lead confirms the patch to be valid -> Distros kick in 9:31 debian: Maintainer start building the patched version 9:31 gentoo: Updated ebuild commited in portage 9:35 gentoo: User synced and started building patched version 10:01 debian: Maintainer finished build and commits it 10:05 debian: User installed patched version 10:05 gentoo: User finished build and installed patched version
How long something takes to install in Debian does not include compile time, because it's installing, not compiling because, you know, it's already compiled.
Yeah, I guess debian maintainers have a tooth fairy doing magical 0-time compiles....
And if you tell me now that the compile time is not so important, since validating the patch and regression testing might take much longer, you are right - and destroy the base for the argument of the original poster...
Certainly the Portage team can't test the program better than the developers.
Right, the gentoo devs cant do that. But the ~arch users can. And do.
But if things go wrong and you need them fixed NOW, there's no time to learn. You just call and ask someone who KNOWS.
The fastest way to ask someone to know is *not* the telephone - it online forums and IRC.
But don't you see some difference between doing the above and i.e. apt-getting a binary?
Sure. apt-get is easier to setup. portage is more fexible. For example, if there is a security update available and it is not yet in the apt and in the portage tree (for example because it doesnt work with 2.4 kernels), but is know to work on your system (because you have a 2.6 kernel) you could copy the old ebuild to your OVERLAY, rename it to the new version, and be safe...
After successful emerge you get "n files in/etc need updating". And until you update them, some essential services will be down.
Wrong. Wrong. Wrong. Most services will keep running during the upgrade. So these are the "old" versions running. And most services wont reload config files anyway (even if they change).
That's the normal way, different from elephantine structures in distros like Redhat, that practically clone all the config to distro-native files, from which it's copied, regenerating "standard" configs on each upgrade. Ugly, heavy, obfuscated, but It Works(tm).... until it fucks up one day royally and the admin has no idea whatsoever where it went wrong and how to fix it. He cant even tell his boss how long it will take till stuff works again - it cant get worse.
BTW, with CONFIG_PROTECT and vimdiff etc-update is really straightforward....
stability: Below standard. Bleeding Edge, often beta.
Only true for ~arch.
high-level support options: None?
yes there is noone to blame if it brakes - this is a serious point. But the forum and the IRC channels are pretty good if you filter out the 37337 d00dz...
security: Standard. Maybe a bit above due to easy, high customizablity.
true. But with the exception of BSD, I cant think of a distro that is more secure in the default setup (because there are not many differences anyway in the default). And hopefully portage will run on BSD this year (its planned at least)...
rapid updates: No. Bleeding edge is not equivalent to rapid.
apt-get upgrade apache is rapid - it takes 15s on a fast system.
emerge apache isn't rapid. It takes half a hour.
This argument is wrong - the.deb package also needs half an hour of compile time on the maintainers box. apt and portage are both rapid and easy to upgrade.
ease of administration: Below standard. All typical manual administration by editing standard config files. No centralized "managers".
so true. there are some good tools in portage (webmin for example), but that is by far not the same as YaST.
[...] If I was to manage a farm of 200 different of these I'd easily go crazy.
True, if the systems are really different. If they are clones (for example a serverfarm), gentoo might be an option - as are debian and RH/FC...
This answer was specifically optimized for your question. ... and was installed on all systems from a once-precompiled customized.tbz.
Seriously, gentoo could make sense in a enviroment with many equally equipped systems. But otherwise I think debian or RH/FC is the way to go for larger deployments.
Slashdot Mirror
better use "topic filetype:pdf"
I've avoided the 2.6 kernel and use 2.4 because make menuconfig (yes, there's a plain text file too) because its too bloody confusing.
I find the 2.6 menuconfig alot better than the one for 2.4. Maybe you are just used to the 2.4 way?
Whatever has been done with X.org makes X a lot faster now.
Might be Xdamage and friends.
I think binary, closed source drivers should be allowed into the main kernel.
Will not happen (impossible license-wise).
Maybe it would make installing the ATI drivers and Nvidia drivers easier for the rest of us.
At least nvidia-drivers are not harder to install than on windows. If there are problems, they are not linux problems, but problems of the distro. ATI drivers are another issue, but even there being "allowed into the main kernel" wouldnt help (because devs still couldnt debug it).
And I always get some RTFA jerk (there's plenty of nice people though). Perhaps, I've read as much as I can understand and can't use the same technical jargon.
Sometimes the questions that someone asks without understanding of some concepts are completely absurd. Better ask on a friendly IRC channel, where people can clarify what you are after faster. I dont think this is worse than on windows. Actually help resources (IRC, forums, mailinglists) are a lot better for linux than for Windows. As is the commercial support that you can buy (for example Ubuntu 1 yr for the prize of a Windows OEM).
I think what is killing Linux is the frequent changes to the way things are done (kernel, X)
No, not doing this kills everybody else (to much backwards compability is a burden. There are emulators for that.)
and a high threshold of learning which makes it too hard to convert to.
That wont kill linux. It will only slow down adoption (but it wont affect the existing userbase).
I'm comfortable enough using Slackware, but there is still a lot to be done before I replace Windows with Linux.
Almost nobody wants people to get completely rid of windows (quote Linus: "... that will be a completely unintentional side effect"). For most people it would be enough, if there isnt an implicit expectation that every desktop machine runs also a copy of windows.
The last batch of transactions is the most vulnerable to corruption in case of server failure.
Even MySQL can do transactions now.
I doubt someone you know would send you a virus.
If he knows about the virus that might be true. But if that would be the case the problem wouldnt even exist.
don't accept rar files from people you don't know. And, if you do, don't run random executables inside them?
Why are RARs from people I know any better?
but why not take a hash of a hash ?
Because breaking the hash means finding two documents resulting in the same hash. If the first hash ist the same for both documents all hashes of hashes will be the same too.
What you could do is using different hash-algos, but it increases the amount of code to be managed and reviewed thoroughly (security by obscurity rarely works). And it increases the size of the digest - SHA-256 does that too but it keeps the algorithm simple.
1. Is it practical? (I don't think so.) How big is an image to be considered "huge" and create a dent?
You are right. 2^69 is still huge. 6.7E+7 TB. And then you need something to hide in in addition.
2. Wouldn't adding more data create a better separation? (ie. avalance effect?)
Since IIRC SHA-1 flips almost half the bits for each block, the separation doesnt gain much after two or three blocks, because it is statistically already totally unrelated to the original. And since the change in the message (contract text) affects probably two or three blocks, you dont loose much anymore.
Obviously you didn't watch last night's episode of Battlestar Galactica ...
(handwaving) There was no Battlestar Galactica on TV yesterday.
At least not here.
Reading the story plot didnt enlighten me at all about what you are trying to say. Please be a bit more specific.
If it actually achieves near-native performance right now, how much better can it get?
It is at 1:4 to 1:5 speeds without the accelerator. With the accelerator the ratio is claimed to be between 1:1 and 1:2.
I don't think there's much money up for grabs here, to be honest. But that depends on how good it really is right now.
Depends. If he sells the accelerator to a company and releases the source a few month later under the GPL it might be interesting. A bit like the wine/winex stuff started. If the company manages this in a honest and clever way (unlike transgaming) it might be interesting for the linux community and the company.
Basically, I think Fabrice Bellard just shouted: "I am willing to double-licence this cool stuff.". qemu was already a good alterative to VMware without the accelerator. With a 3D video card driver for a windows guest OS (closed source by the company) it will be a killerapp.
I presume that finding two colliding contracts both written in a meaningful and legally binding language is harder than finding a simple collision.
Write the contract in MS Word and use huge uncompressed BMPs for the company logos. You have instantly enough space for subtile changes to create collisions.
1) Would someone be willing to pay $38 million (assuming this is correct) to get my credit card number - probably not.
He needs to pay the 38 million only once and can get a million every second day - sounds like a good deal. But OTOH his interest might be different, as you said in your bank merger example. However, there are things that are worth a lot although it is not as obvious as in this case. (Research stuff leading to military and industrial advantages.)
Hardware-accelerated PDF viewers, huh? Aqua beat already does that.
Well and before Aqua beat there were "hardware-accelerated postscript viewers" - but they were normally just called "printers".
Many open source developers get paid too.
And why put a changelog (which should be pretty static) behind a CGI? /..
Well, it seems to be on a moinmoin-Wiki. Maybe the devs were just used to using it, and did not expect a direct posting of the ChangeLog on
All those are already on the roadmap IIRC.
However, by discussing consistancy now, one might prevent it to clobber the roadmap later.
true.
Actually the software is Windows XP Home and StarOffice in the link in the first example.
This is a better link: PC Builder, Software
It shows the price for software added to a complete system at a big german store.
Microsoft Windows XP Home Edition, System-builder 79 EUR
Microsoft Office 2003 Basic (just preinstalled) 177 EUR
(IANAL yadda, yadda, but as a sidenote: OEM restrictions to software are not enforcable in germany)
A fair assessment of what they do pay is the difference between otherwise identical configurations with and without Windows. That is what I wanted to find, and so I went shopping. I thought this would be a relatively straightforward number to get. Silly me.
It is a relatively straightforward number to get: 100 EUR. source: http://siggelkow.de/ (just an example)
Give me tactical shooters like Operation Flashpoint, Ghost Recon and Rainbow Six and I'll get rid of Windows on my home computer.
Starsky voice: Do it. DO it.
http://www.truecombat.com/intro.php
Making a gentoo-based LiveCD once were hard handwork since you couldnt just use a knoppix CD as a base and modify it to your needs. However it has been done: SystemRescueCd.
gentoo catalyst should make this stuff much easier in the future.
Maybe we should bundle OSS like Microsoft does with the OS and WMP and IE. ...)
Fractions available:
- Slackware and emacs
- debian and vi
- gentoo and kile
- SuSE and nano
- Mandrake and gedit
- Linspire and ted
(Im not sure about these - fractions should be choosen in a way that most people who love the distro hate the editor and vice versa - This way flamewars might actually start to get interesting
Well, Im running gentoo since Nov 2002. Only a few minor hickups on the way - nothing serious.
And after such a long time, you ask yourself, WTF! why do I compile each package? It doesn't get faster, it just needs enormous time.
Brilliant - it took you a year to realize that? I guess you are not the fastest
You can use KDE in gentoo, but you should know what you are up to. If you like KDE be prepared for long compile times - Gosh, it doesnt take a genius to realize that.
Back on topic: There are much fewer things to compile for a server, especially no bloated almost-monolitic C++ desktop enviroments
So for the guys, who are thinking about trying gentoo: If you like KDE, be aware that it is a monster to compile. If you prefer *box/XCFE/fvwm/other lean WM go ahead (you might still end up prefering debian,Slack,FC, though).
But please dont bitch about gentoo because you needed a year to realize that KDE is a huge fucker.
Depends on the number of languages in which they can spell correct. Or if they can at least set their quotation marks right
No, you're completely wrong. Think about it - they're discussing how long it takes to upgrade their server, which, on Gentoo, includes compile time.
How long something takes to install in Debian does not include compile time, because it's installing, not compiling because, you know, it's already compiled.
Yeah, I guess debian maintainers have a tooth fairy doing magical 0-time compiles
And if you tell me now that the compile time is not so important, since validating the patch and regression testing might take much longer, you are right - and destroy the base for the argument of the original poster
Certainly the Portage team can't test the program better than the developers.
...
/etc need updating". And until you update them, some essential services will be down.
... until it fucks up one day royally and the admin has no idea whatsoever where it went wrong and how to fix it. He cant even tell his boss how long it will take till stuff works again - it cant get worse.
....
Right, the gentoo devs cant do that. But the ~arch users can. And do.
But if things go wrong and you need them fixed NOW, there's no time to learn. You just call and ask someone who KNOWS.
The fastest way to ask someone to know is *not* the telephone - it online forums and IRC.
But don't you see some difference between doing the above and i.e. apt-getting a binary?
Sure. apt-get is easier to setup. portage is more fexible. For example, if there is a security update available and it is not yet in the apt and in the portage tree (for example because it doesnt work with 2.4 kernels), but is know to work on your system (because you have a 2.6 kernel) you could copy the old ebuild to your OVERLAY, rename it to the new version, and be safe
After successful emerge you get "n files in
Wrong. Wrong. Wrong. Most services will keep running during the upgrade. So these are the "old" versions running. And most services wont reload config files anyway (even if they change).
That's the normal way, different from elephantine structures in distros like Redhat, that practically clone all the config to distro-native files, from which it's copied, regenerating "standard" configs on each upgrade. Ugly, heavy, obfuscated, but It Works(tm).
BTW, with CONFIG_PROTECT and vimdiff etc-update is really straightforward
stability: Below standard. Bleeding Edge, often beta.
...
...
.deb package also needs half an hour of compile time on the maintainers box. apt and portage are both rapid and easy to upgrade.
...
Only true for ~arch.
high-level support options: None?
yes there is noone to blame if it brakes - this is a serious point. But the forum and the IRC channels are pretty good if you filter out the 37337 d00dz
security: Standard. Maybe a bit above due to easy, high customizablity.
true. But with the exception of BSD, I cant think of a distro that is more secure in the default setup (because there are not many differences anyway in the default). And hopefully portage will run on BSD this year (its planned at least)
rapid updates: No. Bleeding edge is not equivalent to rapid. apt-get upgrade apache is rapid - it takes 15s on a fast system. emerge apache isn't rapid. It takes half a hour. This argument is wrong - the
ease of administration: Below standard. All typical manual administration by editing standard config files. No centralized "managers".
so true. there are some good tools in portage (webmin for example), but that is by far not the same as YaST.
[...] If I was to manage a farm of 200 different of these I'd easily go crazy.
True, if the systems are really different. If they are clones (for example a serverfarm), gentoo might be an option - as are debian and RH/FC
This answer was specifically optimized for your question.
... and was installed on all systems from a once-precompiled customized .tbz.
Seriously, gentoo could make sense in a enviroment with many equally equipped systems. But otherwise I think debian or RH/FC is the way to go for larger deployments.