I can testify that XFS on my Debian Sarge kernel (2.6.8?) overwrote my mozilla bookmarks file with NULs when my computer crashed and had to be rebooted. Let's hope that never happens to the important files.
So you put some things in the false partition that you plausibly want to keep secret. e.g photos of you cheating on your spouse etc. You have reason to keep those things secret, but the information is of no use to the police/government.
The real reason for choosing Ubuntu/Debian would be the Debian Policy, not any packaging format. A quote from the linked page:
People often say how they came to Debian because of apt-get, or that apt is the killer app for Debian. But apt-get is not what makes the experience so great: apt-get is a feature readily reproduced (and, in my opinion, never equalled), by other distributions -- call it urpmi, apt4rpm, yum, or what have you. The differentiating factor is Debian policy, and the stringent package format QA process (look at things like apt-listchanges, apt-list-bugs, dpkg-builddeps, pbuilder, pbuilder-uml -- none of which could be implemented so readily lacking a policy (imagine listchangelog without a robust changelog format)). It is really really easy to install software on a Debian box.
This resembles cargo cult religions: that is, apt-get is the visible aspect of Debian's policy system, the same way that cargo-cult practices saw runways and other characteristics as the source of western goods ("cargo"), and built their own replicas, complete with fake wooden headphones for control towers. In the same way, other distributions have created the shallow visible aspect of Debian's packaging infrastructure, without addressing the deep issues of policy. Worse: the conflicts of technical requirements and marketing / economic imperatives often work at cross purposes. Less perversely for most GNU/Linux distros than for proprietary software, but still clearly present.
The two most common problems (which should not happen) are use of non-core packages and hard coding of file seperator characters in pathnames instead of using File.seperator
And assuming a case insensitive filesystem.
Re:I just can't get the hang of vim
on
Vim 7 Released
·
· Score: 1
I can send a buffer to sed and awk and have it replaced in-line.
Well, if you want to do that, there's always the "!" command. I personally can't stand joe's keystrokes. If I use a visual non-modal editor, I prefer the CUA keyset:).
Ah, but those are DEVICE names, that correspond to actual devices - not mount points... Windows has device names too in the kernel's namespace, take a look at WinObj.
Old DOS treated drive letters like mount points. That is easily visible if you use the subst command. Of course, Windows does have mount points (created by using mountvol) - but Windows doesn't make it easy to use them. e.g. try moving the profile (Documents and Settings) directory to another volume.
Last time I tried to do that, I had to install Windows, make C:\Home a mount point, and then reinstall Windows with an unattended response file that specified C:\Home as the user profile directory. Not fun.
Windows (NT) has its advantages like compatibility, a better (more flexible and more complicated) security system, the pluggable kernel subsystems,... But drive letters aren't one of them. On the command line, I now always use cd/d so drive differences don't matter if I use cd.
You might want to try JSLint(documentation) by Douglas Crockford. It checks that variables are defined before use, and also checks for other common mistakes (you can read about them in the documentation).
It is easier to develop code for Linux than for Windows. That is why there are so many more applications for Linux than there are for Windows,
I don't know what kind of code you write. For me, it is very easy to develop code using Windows. Try using Delphi or VB. I don't think you're going to develop the next big programming language or the next hot network security tool using those (at least, not using VB), but for writing everyday small business/database apps it is very easy. (In fact, the slashdot crowd often complains that it is too easy).
Also, maybe your second assertion is true (although I doubt it (see above, writing programs for Windows is very easy)). There's certainly a lot of apps to choose from when I run aptitude (Debian Sarge here). Most of the apps there I really don't think I need (or ever will need). But people often can't switch to Linux because of one or two essential applications that they can't leave behind (yes, even though there are thousands of applications doesn't mean that there's one that does what you need).
The abstraction is insufficient without a universally accessible and intuitive file/device/object model; one that does not require specific application support. There are myriad possible reasons why I may not be able to use your application in a particular context to control such attributes. As it stands, the various components in NT, which can have such metadata applied, are littered across the landscape of the OS.
I can see your point about the components of the OS, but if I want to secure objects specific to my application, do you suppose I should write my own virtual-file-system? Let's say that I write a database server and I want to control access to certain tables using NT Security. That's certainly possible now, but according to your argument, I should make it accessible using some kind of filesystem interface? The permissions / allowed rights for a file, a database table, and a printer are certainly different and the current NT model allows that. It's not "everything is a file" because, well -- not everything is a file.
Besides, the model is quite "universally accessible" although you don't get a nice directory tree view and I'm not too sure about the "intuitive" part. From MSDN:
You can use the GetSecurityInfo function with the following types of objects:
Local or remote files or directories on an NTFS file system
Named pipes
Local or remote printers
Local or remote Windows services
Network shares
Registry keys
Semaphores, events, mutexes, and waitable timers
Processes, threads, jobs, and file-mapping objects
Interactive service window stations and desktops
Directory service objects
The GetSecurityInfo function works with handles. If you want to work with names you can use the GetNamedSecurityInfo function. The object types that can be handled by those functions are documented in the SE_OBJECT_TYPE enumeration.
The nice thing about Windows security ACLs is that they can in theory apply to anything. You can create your own DACLs and have security descriptors for your own application objects - not just files. You can also define the permissions for your own object and define a mapping from the generic read, write, to your own permission system. So in Windows, Printers have that ACL editor dialog to control permissions. Registry entries also have that ACL editor dialog to control permissions. And the permissions / allowable operations are different for printers and registry keys. Your app can also use the default Windows ACL editor (although it says on MSDN it's for Win2k Pro and XP Pro only).
The problem with it is that it is fairly complicated. I'm definitely not a good Windows programmer, but the Win32 calls to set an object's security are quite complex. Thankfully libraries like madSecurity make the job easier.
I don't think it's that hard. In fact, I had to work to find the Guillotine command in the menu. On my Debian (sarge) system with GIMP 2.2.6 I just select the area I want and select Image > Crop Image from the menu.
The so-called "crop or resize" tool is another story altogether. I tried to use it and just after I started to hold the left mouse button down on the image, a dialog box popped up showing the options for the tool, right on top of my image. Not being able to see the cursor when you're holding a crop tool that you are afraid to let go isn't very comforting:).
In the case of the Linux desktops, you could probably hack something together that would work without those components. Arguably you could in Windows too, I guess, by having the Task Manager open (since it allows you to run programs by filename). But Windows is designed as a distribution to use IE as the main shell program. If you kill IE in Windows (go to Task Manager, find "explorer.exe", and kill it - or just crash it, there are plenty of ways to do it), you lose the desktop, the Start menu, and the taskbar. IE is the shell that most people interact with. (It's worth pointing out that "iexplore.exe" is a stub program that essentially just runs "explorer.exe".)
Ah, but Explorer is not the only shell for Windows, there's Litestep, Blackbox for Windows (and itsoffspring), and for the truly hardcore, progman.exe:-) (it still runs on W2K last I tried, although you do have to create all the groups yourself, and no system tray too)
A nice solution would be to use the NTFS Alternate Streams feature. The metadata can be stored inside an alternate stream for the file. I think Microsoft already did this with their Thumbs.db thumbnail files. When I copy one of those to my USB disk (FAT32 formatted), it says that some information can be lost in the Thumbs.db:$encryptable$ file (or something like that, I don't remember exactly).
I don't know about Terminal Services, but last time I checked, the instructions for multiuser setup worked well for my computer with more than one non-admin user. But that's the instructions for OO.o 1.1...
Ahh, found it... Do you believe you have to get the 2.0 setup guide from CVS??? In the PDF it seems that the 2.0 installer has a checkbox to Install for: "Anyone who uses this computer (all users)". Hopefully that will work for you, seeing that 1.1 worked for me.
In case you haven't noticed from the posts on the OpenOffice.org articles, Mac users hate X because it doesn't integrate well with the system.
Most OS X users probably don't have X installed and those who do have it installed only have it installed because they need something that only runs on X. Also notice that even if the program runs on X (like OpenOffice.org does), Mac users still demand a "native" port (one that uses the Carbon/Cocoa toolkit).
The kioslave is cool, just that it has some annoying sides:
Can't set the compression quality
Run kcontrol (KDE Control Center) > Sound & Multimedia > Audio CDs. Look in the "MP3 Encoder" and
"Ogg Vorbis Encoder" tabs. On my system (KDE 3.3.2, Debian sarge) the MP3 Encoder has controls for:
Encoding method
Constant bitrate / Variable bitrate
Stereo / Joint Stereo / Dual Channel / Mono
A "quality" slider
Options
Copyrighted
Original
ISO encoding
Write ID3 tag
Filter Settings
Lowpass filter, Highpass filter (things I don't understand)
Variable Bitrate Settings
Minimal bitrate
Maximal bitrate
Average bitrate
the Ogg Vorbis Encoder has a lot fewer options:
Encoding method
Quality based / Bitrate based
Vorbis Quality Setting
A slider (like the -q parameter to oggenc)
Options
Add track information (track numbers?)
Amazon has a web services API to get at their data. I've used it to get product data for a school project (online shop). And if by "pure XML API" you mean SOAP, then they have that too — although I prefer the REST request style (much more simple).
I don't think it's a hack because KDE runs on other platforms too. kioslaves provide their functionality in a non-platform-specific way (but OTOH, you need to use the KDE libraries).
Slashdot Mirror
I can testify that XFS on my Debian Sarge kernel (2.6.8?) overwrote my mozilla bookmarks file with NULs when my computer crashed and had to be rebooted. Let's hope that never happens to the important files.
So you put some things in the false partition that you plausibly want to keep secret. e.g photos of you cheating on your spouse etc. You have reason to keep those things secret, but the information is of no use to the police/government.
The real reason for choosing Ubuntu/Debian would be the Debian Policy, not any packaging format. A quote from the linked page:
And assuming a case insensitive filesystem.
Well, if you want to do that, there's always the "!" command. I personally can't stand joe's keystrokes. If I use a visual non-modal editor, I prefer the CUA keyset :).
Is "the color of the one I didn't eat" an acceptable answer? ;-)
Ah, but those are DEVICE names, that correspond to actual devices - not mount points... Windows has device names too in the kernel's namespace, take a look at WinObj.
Old DOS treated drive letters like mount points. That is easily visible if you use the subst command. Of course, Windows does have mount points (created by using mountvol) - but Windows doesn't make it easy to use them. e.g. try moving the profile (Documents and Settings) directory to another volume.
Last time I tried to do that, I had to install Windows, make C:\Home a mount point, and then reinstall Windows with an unattended response file that specified C:\Home as the user profile directory. Not fun.
Windows (NT) has its advantages like compatibility, a better (more flexible and more complicated) security system, the pluggable kernel subsystems, ... But drive letters aren't one of them. On the command line, I now always use cd/d so drive differences don't matter if I use cd.
Someone didn't get the joke :).
You might want to try JSLint(documentation) by Douglas Crockford. It checks that variables are defined before use, and also checks for other common mistakes (you can read about them in the documentation).
I don't know what kind of code you write. For me, it is very easy to develop code using Windows. Try using Delphi or VB. I don't think you're going to develop the next big programming language or the next hot network security tool using those (at least, not using VB), but for writing everyday small business/database apps it is very easy. (In fact, the slashdot crowd often complains that it is too easy).
Also, maybe your second assertion is true (although I doubt it (see above, writing programs for Windows is very easy)). There's certainly a lot of apps to choose from when I run aptitude (Debian Sarge here). Most of the apps there I really don't think I need (or ever will need). But people often can't switch to Linux because of one or two essential applications that they can't leave behind (yes, even though there are thousands of applications doesn't mean that there's one that does what you need).
I can see your point about the components of the OS, but if I want to secure objects specific to my application, do you suppose I should write my own virtual-file-system? Let's say that I write a database server and I want to control access to certain tables using NT Security. That's certainly possible now, but according to your argument, I should make it accessible using some kind of filesystem interface? The permissions / allowed rights for a file, a database table, and a printer are certainly different and the current NT model allows that. It's not "everything is a file" because, well -- not everything is a file.
Besides, the model is quite "universally accessible" although you don't get a nice directory tree view and I'm not too sure about the "intuitive" part. From MSDN:
The GetSecurityInfo function works with handles. If you want to work with names you can use the GetNamedSecurityInfo function. The object types that can be handled by those functions are documented in the SE_OBJECT_TYPE enumeration.
The nice thing about Windows security ACLs is that they can in theory apply to anything. You can create your own DACLs and have security descriptors for your own application objects - not just files. You can also define the permissions for your own object and define a mapping from the generic read, write, to your own permission system. So in Windows, Printers have that ACL editor dialog to control permissions. Registry entries also have that ACL editor dialog to control permissions. And the permissions / allowable operations are different for printers and registry keys. Your app can also use the default Windows ACL editor (although it says on MSDN it's for Win2k Pro and XP Pro only).
The problem with it is that it is fairly complicated. I'm definitely not a good Windows programmer, but the Win32 calls to set an object's security are quite complex. Thankfully libraries like madSecurity make the job easier.
I don't think it's that hard. In fact, I had to work to find the Guillotine command in the menu. On my Debian (sarge) system with GIMP 2.2.6 I just select the area I want and select Image > Crop Image from the menu.
The so-called "crop or resize" tool is another story altogether. I tried to use it and just after I started to hold the left mouse button down on the image, a dialog box popped up showing the options for the tool, right on top of my image. Not being able to see the cursor when you're holding a crop tool that you are afraid to let go isn't very comforting :) .
You can use the keypad + and - keys.
Ah, but Explorer is not the only shell for Windows, there's Litestep, Blackbox for Windows (and its offspring), and for the truly hardcore, progman.exe :-) (it still runs on W2K last I tried, although you do have to create all the groups yourself, and no system tray too)
I don't know about you, but this Debian security advisory (+ updated packages) was dated January 20. I ran apt-get update and it showed up on the package list before the advisory was even on the security RSS feed.
A nice solution would be to use the NTFS Alternate Streams feature. The metadata can be stored inside an alternate stream for the file. I think Microsoft already did this with their Thumbs.db thumbnail files. When I copy one of those to my USB disk (FAT32 formatted), it says that some information can be lost in the Thumbs.db:$encryptable$ file (or something like that, I don't remember exactly).
I don't know about Terminal Services, but last time I checked, the instructions for multiuser setup worked well for my computer with more than one non-admin user. But that's the instructions for OO.o 1.1...
Ahh, found it... Do you believe you have to get the 2.0 setup guide from CVS??? In the PDF it seems that the 2.0 installer has a checkbox to Install for: "Anyone who uses this computer (all users)". Hopefully that will work for you, seeing that 1.1 worked for me.
In case you haven't noticed from the posts on the OpenOffice.org articles, Mac users hate X because it doesn't integrate well with the system.
Most OS X users probably don't have X installed and those who do have it installed only have it installed because they need something that only runs on X. Also notice that even if the program runs on X (like OpenOffice.org does), Mac users still demand a "native" port (one that uses the Carbon/Cocoa toolkit).
Run kcontrol (KDE Control Center) > Sound & Multimedia > Audio CDs. Look in the "MP3 Encoder" and "Ogg Vorbis Encoder" tabs. On my system (KDE 3.3.2, Debian sarge) the MP3 Encoder has controls for:
Encoding method Constant bitrate / Variable bitrate Stereo / Joint Stereo / Dual Channel / Mono A "quality" slider Options Copyrighted Original ISO encoding Write ID3 tag Filter Settings Lowpass filter, Highpass filter (things I don't understand) Variable Bitrate Settings Minimal bitrate Maximal bitrate Average bitratethe Ogg Vorbis Encoder has a lot fewer options:
Encoding method Quality based / Bitrate based Vorbis Quality Setting A slider (like the -q parameter to oggenc) Options Add track information (track numbers?)Amazon has a web services API to get at their data. I've used it to get product data for a school project (online shop). And if by "pure XML API" you mean SOAP, then they have that too — although I prefer the REST request style (much more simple).
Delphi, of course! You can do a lot more useful stuff with a couple minutes worth of code!
So you are saying that I can use kioslave to, from a terminal, go and run mplayer on some random video file over ssh, using plain old system calls?
What I said above:kioslaves provide their functionality in a non-platform-specific way (but OTOH, you need to use the KDE libraries). (emphasized for your convenience)
This comment by elconde has info on using the Windows key to run programs (short version: use xbindkeys).
From the Fuse webpage...
I don't think it's a hack because KDE runs on other platforms too. kioslaves provide their functionality in a non-platform-specific way (but OTOH, you need to use the KDE libraries).