They could have at least done a little bit better on the black premium model. I know they're trying to balance performance with cheap, but it would be great to have a well-built small laptop that packs enough 3D punch for gaming. I was seriously considering one of these for my next "PC" until I saw that.
OK, I'll admit that there are a lot of rootkits being passed around in the open. More than in the past, and most of them include the source code. The only reason this should be a problem for McAfee is if they aren't able to keep up with the volume. Would they rather that these things circulated underground so that 10x more sites would fall victim before McAfee managed to capture an example to analyze?
Full disclosure is the best way to force the holes that make the rootkits possible to be addressed sooner rather than later. McAfee should be grateful that these things are getting posted where they can use them to make their offerings more secure. Instead, they come off as a bunch of whiners.
They support community standards, have a better-safe-than-sorry policy on patent-encumbered stuff, fully support a Free, rapid-release cycle distro with no GPL incompatible components at all (unlike some other large distros have done).
Really? This is news. I was not aware that Red Hat had quit shipping:
Apache OpenSSL PHP Mozilla
Because all of these use licenses which the FSF says on its web site are not compatible with the GPL.
It's up to the distro how they want their defaults. Again, a distribution thing. Again, default config thing a packager could easily change. A distro could easily change the default.
However, Slackware did not change any of these KDE defaults. But they are "mostly distribution issues"?
Furthermore, you're wrong about anti-aliased fonts working by default if you compile from source. I compiled KDE 3.3 from source and have observed the exact same bug. When configuring a new KDE account, whether you get anti-aliased fonts is dependant on how much "eye-candy" you ask for. You can have kpersonalizer show details of the exact options you'll get, and can move the eye-candy slider until you see the "anti-aliased fonts" box is checked, but you still won't get them at login. You'll need to go to the fonts setup page and ask for them again, and then log out and back in.
I think Slackware was a good distribution to review KDE on because it makes the least changes to KDE. All of these quirks come with KDE 3.3, and none of them were caused by the distribution.
Slack 9.0 is mostly optimized from i386 to i586 depending on the packages, so expect Yoper to be _much_ faster.
Slackware is already optimized with -mcpu=i686, and has been for a long time (yes, even Slackware 9.0). The fact that it also uses -march=i486 really doesn't slow it down, since very few things make use of the extended opcodes.
Since processor optimizations are often touted as a major advantage, I'd be interested in knowing a few programs where the difference between "-march=i486 -mcpu=i686" and "-march=i686 -mcpu=i686" is measurable. I've been unable to find any so far.
Oh really? Donovan being the Director of Symantec, this means his company is seeing exploits on Linux?
That's front page news. Who? Where? What vuln? Which distro?
Have you been living in a cave? A quick look at BugTraq shows many vulnerabilities in Linux, some that could be exploited to create trojans. Just look at all the image loader holes that have been turning up the last few weeks. You can bet there will be more, too.
Of course, the problem is nowhere near as big as with Windows, but the statement that attempts are seen and that Linux is becoming more of a target is absolutely true. There have been worms on Linux already, like the one a few years back that exploited rpc.statd, and more recently the pre-privsep OpenSSH. There's a reason that rootkits (and rootkit hunters) exist for Linux.
Only a fool would believe that Linux is completely immume from this.
Honestly. Mozilla includes everything and the kitchen sink. That's overkill for most users. As the Gnome folks learned the hard way a few good options are much more welcome than every little tidbit of configurability.
Any idea how the shift from the old Mozilla to the new Firefox will affect projects like Galeon and Epiphany? I've been trying to find out if Firefox will provide compatible Gecko libraries for third party Gecko-based browsers such as these, but haven't had much luck.
Oh, and solving the "black tape electrical goo" problem mentioned in the parent post isn't that hard, it dissolves pretty well in lighter fluid.
The best product for dissolving glues or other adhesives without damaging plastics is this stuff called Bestine, which I believe is actually hexane. It's sold in art supply shops as a thinner for rubber cement.
Gotta be careful with it as it's highly flammable, but there's nothing else like it. Wipes away stuff that would otherwise be a major pain in the ass to remove like it's not even there.
Platters from dead hard drives make really cool sounding wind chimes. They also develop an interesting patina after a little bit of outdoor weathering.
Finally, a browser that can defeat reigning champs NCSA Mosaic, Arena, and Cello! *Anything* that breaks their monopoly-like dominance of the Web browser market will be welcomed!
I'd love to see the dominance of NCSA Mosaic broken, since it's called Internet Explorer these days (just check Help -> About).
Yes, the OTP is the way to go -- sequence of random bytes, which you simply XOR with your message. Dump out/dev/random to a CD-R or DVD-R, make a copy for your friend, and you've both got nice one-time-pads that will probably last you quite some time.
Actually, if you reuse a one time pad and a few samples of encrypted data are intercepted, it becomes trivial to crack. Hence the name: One Time Pad.
I wouldn't consider MD5 "broken" unless someone had discovered an easy way to add bits to an existing file to produce a desired checksum. If that were the case, I'd be seriously concerned.
Finding a single example of an MD5 collision in 80000 CPU hours is an interesting exercise, but I think we always knew collisions were possible (with any hash function), and I fail to see how this finding reduces the security of MD5 in any practical way.
EDS is by no means a Windows shop. They work extensively with "big iron" mainframes. In fact, they recently got the contract to handle the database of terrorist information that'll be used at airports. Likely this will be hosted on a 390 or something... Windows can't handle that kind of I/O.
The basic premise is that Linux must find a next-generation filesystem to keep pace with Microsoft and Apple, both of whom are promising new filesystems in a year or two.
And neither of whom have a journaled filesystem yet, while Linux has many to choose from.
Conclusion: Microsoft and Apple need a new filesystem soon if they are to keep up with Linux.
This is what really annoys me about this system and companies like Creative Labs (who haven't made an innovative product since the mid-90s). They simply buy up all sorts of technology (Aureal, Sensaura, EMU, Ensoniq, etc.) and slack off with their own products.
Hmmm, how about the Creative Nomad Jukebox 3? It's been out for quite a while, but there's still nothing from anyone else with a 40GB hard drive and the ability to record from an optical digital audio source directly to MP3 in real time, or as uncompressed WAV up to 48KHz, and then transfer it out over IEEE1394 or USB. It's starting to replace DAT in field recording applications all over the place, and it's only a few hundred dollars. A pro hard drive recorder would cost an order of magnitude more and hold an order of magnitude less. I'd say that is an innovative recent product from Creative that I and many other people are very happy with.
You are right to be annoyed with the system. Creative, however, is swimming in the same shark tank with everyone else and unless the system changes, it's kill or be killed. Like any other company with a legal department, they will have their jackass moments, but you really can't say they aren't creative.
According to a recent BugTraq by Jaco Swart, all the new firmware does is change the backdoor username from "super" to "superman" and the password to "21241036".
Does Netgear really think the security community is that stupid? They should be ashamed.
Surely, forking only occurs when either a project can sensibly go in two directions, or if the maintainers of the main project give up on it?
Maybe in a perfect world, but in the real world forking also occurs when there's money to be made or lost. Surely Java's enemies would love to encourage forking it (if it were possible) simply to undermine the portability of Java code (Java's best feature).
I don't believe in security through obscurity, but I also don't believe in publishing backdoor passwords.
Considering how many vendors will have a bug reporter the run-around until they finally disclose the problem, you pretty much have to believe in one or the other. On the basis of what you say above, my opinion is that you do believe in security through obscurity, but you are continuing to fool yourself into believing otherwise.
Kirk has been involved with FreeBSD since forever and knows damn well that FreeBSD isn't documenting where code contributions come from any differently than Linux is.
Yes, it's an important topic, but Kirk choosing Linux as his example is just plain wacko.
Agreed. A lot of people won't believe anything until there's been an official denial.
Besides, you look at the list of people they got to talk to them, and you know they're just baiting everyone for more quotes to take out of context. Glad I didn't talk to them.
Actually, I abused both a Silver and Gold Mitsui in this way and they both survived.
Was it dye side up during testing?
I flipped them a few times, but started out with a week or so of dye side up. If I'd imagined anyone other than myself would care, I would have taken some notes. Sorry for the uncontrolled nature of the experiment (or maybe it's more accurately a case study, or just another rumor).
Did you leave it outside at all times during rain, snow, other bad weather?
At that time of the year it never rains here. Since I plan to keep my discs dry, I was more interested in the effects of light and UV radiation.
Where can I get these Mitsui gold/MAM-A CD-Rs?
I've been happy with the service I get from Dan at American Digital (http://www.am-dig.com). Usual disclaimer: I'm just a satified customer and don't work for am-dig.
Slashdot Mirror
They could have at least done a little bit better on the black premium model. I know they're trying to balance performance with cheap, but it would be great to have a well-built small laptop that packs enough 3D punch for gaming. I was seriously considering one of these for my next "PC" until I saw that.
I didn't think there would be any difference for everyday desktop use, but the system did feel a tad more responsive over all.
I see you used the official Gentoo benchmark suite.
Full disclosure is the best way to force the holes that make the rootkits possible to be addressed sooner rather than later. McAfee should be grateful that these things are getting posted where they can use them to make their offerings more secure. Instead, they come off as a bunch of whiners.
They support community standards, have a better-safe-than-sorry policy on patent-encumbered stuff, fully support a Free, rapid-release cycle distro with no GPL incompatible components at all (unlike some other large distros have done).
Really? This is news. I was not aware that Red Hat had quit shipping:
Apache
OpenSSL
PHP
Mozilla
Because all of these use licenses which the FSF says on its web site are not compatible with the GPL.
It's up to the distro how they want their defaults.
Again, a distribution thing.
Again, default config thing a packager could easily change.
A distro could easily change the default.
However, Slackware did not change any of these KDE defaults. But they are "mostly distribution issues"?
Furthermore, you're wrong about anti-aliased fonts working by default if you compile from source. I compiled KDE 3.3 from source and have observed the exact same bug. When configuring a new KDE account, whether you get anti-aliased fonts is dependant on how much "eye-candy" you ask for. You can have kpersonalizer show details of the exact options you'll get, and can move the eye-candy slider until you see the "anti-aliased fonts" box is checked, but you still won't get them at login. You'll need to go to the fonts setup page and ask for them again, and then log out and back in.
I think Slackware was a good distribution to review KDE on because it makes the least changes to KDE. All of these quirks come with KDE 3.3, and none of them were caused by the distribution.
Slack 9.0 is mostly optimized from i386 to i586 depending on the packages, so expect Yoper to be _much_ faster.
Slackware is already optimized with -mcpu=i686, and has been for a long time (yes, even Slackware 9.0). The fact that it also uses -march=i486 really doesn't slow it down, since very few things make use of the extended opcodes.
Since processor optimizations are often touted as a major advantage, I'd be interested in knowing a few programs where the difference between "-march=i486 -mcpu=i686" and "-march=i686 -mcpu=i686" is measurable. I've been unable to find any so far.
Oh really? Donovan being the Director of Symantec, this means his company is seeing exploits on Linux?
That's front page news. Who? Where? What vuln? Which distro?
Have you been living in a cave? A quick look at BugTraq shows many vulnerabilities in Linux, some that could be exploited to create trojans. Just look at all the image loader holes that have been turning up the last few weeks. You can bet there will be more, too.
Of course, the problem is nowhere near as big as with Windows, but the statement that attempts are seen and that Linux is becoming more of a target is absolutely true. There have been worms on Linux already, like the one a few years back that exploited rpc.statd, and more recently the pre-privsep OpenSSH. There's a reason that rootkits (and rootkit hunters) exist for Linux.
Only a fool would believe that Linux is completely immume from this.
And claiming compliance with Windows (i.e. the logo; same as with LSB) costs you what? Anybody?
Your soul.
That's why there is linuxbase.org.
Oh yeah, an ass-ugly extra runtime environment that costs $3000 to claim compliance with is going to solve everything.
Just try going to http://linuxbase.org and you'll see what a great plan they have.
Honestly. Mozilla includes everything and the kitchen sink. That's overkill for most users. As the Gnome folks learned the hard way a few good options are much more welcome than every little tidbit of configurability.
Any idea how the shift from the old Mozilla to the new Firefox will affect projects like Galeon and Epiphany? I've been trying to find out if Firefox will provide compatible Gecko libraries for third party Gecko-based browsers such as these, but haven't had much luck.
Oh, and solving the "black tape electrical goo" problem mentioned in the parent post isn't that hard, it dissolves pretty well in lighter fluid.
The best product for dissolving glues or other adhesives without damaging plastics is this stuff called Bestine, which I believe is actually hexane. It's sold in art supply shops as a thinner for rubber cement.
Gotta be careful with it as it's highly flammable, but there's nothing else like it. Wipes away stuff that would otherwise be a major pain in the ass to remove like it's not even there.
Platters from dead hard drives make really cool sounding wind chimes. They also develop an interesting patina after a little bit of outdoor weathering.
Finally, a browser that can defeat reigning champs NCSA Mosaic, Arena, and Cello! *Anything* that breaks their monopoly-like dominance of the Web browser market will be welcomed!
I'd love to see the dominance of NCSA Mosaic broken, since it's called Internet Explorer these days (just check Help -> About).
Yes, the OTP is the way to go -- sequence of random bytes, which you simply XOR with your message. Dump out /dev/random to a CD-R or DVD-R, make a copy for your friend, and you've both got nice one-time-pads that will probably last you quite some time.
Actually, if you reuse a one time pad and a few samples of encrypted data are intercepted, it becomes trivial to crack. Hence the name: One Time Pad.
I wouldn't consider MD5 "broken" unless someone had discovered an easy way to add bits to an existing file to produce a desired checksum. If that were the case, I'd be seriously concerned.
Finding a single example of an MD5 collision in 80000 CPU hours is an interesting exercise, but I think we always knew collisions were possible (with any hash function), and I fail to see how this finding reduces the security of MD5 in any practical way.
EDS is by no means a Windows shop. They work extensively with "big iron" mainframes. In fact, they recently got the contract to handle the database of terrorist information that'll be used at airports. Likely this will be hosted on a 390 or something... Windows can't handle that kind of I/O.
The basic premise is that Linux must find a next-generation filesystem to keep pace with Microsoft and Apple, both of whom are promising new filesystems in a year or two.
And neither of whom have a journaled filesystem yet, while Linux has many to choose from.
Conclusion: Microsoft and Apple need a new filesystem soon if they are to keep up with Linux.
This is what really annoys me about this system and companies like Creative Labs (who haven't made an innovative product since the mid-90s). They simply buy up all sorts of technology (Aureal, Sensaura, EMU, Ensoniq, etc.) and slack off with their own products.
Hmmm, how about the Creative Nomad Jukebox 3? It's been out for quite a while, but there's still nothing from anyone else with a 40GB hard drive and the ability to record from an optical digital audio source directly to MP3 in real time, or as uncompressed WAV up to 48KHz, and then transfer it out over IEEE1394 or USB. It's starting to replace DAT in field recording applications all over the place, and it's only a few hundred dollars. A pro hard drive recorder would cost an order of magnitude more and hold an order of magnitude less. I'd say that is an innovative recent product from Creative that I and many other people are very happy with.
You are right to be annoyed with the system. Creative, however, is swimming in the same shark tank with everyone else and unless the system changes, it's kill or be killed. Like any other company with a legal department, they will have their jackass moments, but you really can't say they aren't creative.
Great, Red Hat already misused the term engineer, now how about architect?
Maybe I'm just too sensitive...
According to a recent BugTraq by Jaco Swart, all the new firmware does is change the backdoor username from "super" to "superman" and the password to "21241036".
Does Netgear really think the security community is that stupid? They should be ashamed.
Surely, forking only occurs when either a project can sensibly go in two directions, or if the maintainers of the main project give up on it?
Maybe in a perfect world, but in the real world forking also occurs when there's money to be made or lost. Surely Java's enemies would love to encourage forking it (if it were possible) simply to undermine the portability of Java code (Java's best feature).
I don't believe in security through obscurity, but I also don't believe in publishing backdoor passwords.
Considering how many vendors will have a bug reporter the run-around until they finally disclose the problem, you pretty much have to believe in one or the other. On the basis of what you say above, my opinion is that you do believe in security through obscurity, but you are continuing to fool yourself into believing otherwise.
Kirk has been involved with FreeBSD since forever and knows damn well that FreeBSD isn't documenting where code contributions come from any differently than Linux is.
Yes, it's an important topic, but Kirk choosing Linux as his example is just plain wacko.
I don't think Linus should bother.
Agreed. A lot of people won't believe anything until there's been an official denial.
Besides, you look at the list of people they got to talk to them, and you know they're just baiting everyone for more quotes to take out of context. Glad I didn't talk to them.
Was it a mitsui 'golddisk'?
Actually, I abused both a Silver and Gold Mitsui in this way and they both survived.
Was it dye side up during testing?
I flipped them a few times, but started out with a week or so of dye side up. If I'd imagined anyone other than myself would care, I would have taken some notes. Sorry for the uncontrolled nature of the experiment (or maybe it's more accurately a case study, or just another rumor).
Did you leave it outside at all times during rain, snow, other bad weather?
At that time of the year it never rains here. Since I plan to keep my discs dry, I was more interested in the effects of light and UV radiation.
Where can I get these Mitsui gold/MAM-A CD-Rs?
I've been happy with the service I get from Dan at American Digital (http://www.am-dig.com). Usual disclaimer: I'm just a satified customer and don't work for am-dig.