In other news, middle managers and bureaucrats continue to turn corporate and federal policy into quaint, local strategies of turf-building and funds-gathering worldwide.
Oh, dear. I participated in some of this. It was often _much_ cheaper to invest, up front, in newer hardware and software that would last for 3-5 years with a single massive upgrade now, than to find and fix this component here, find and fix that component there, and roll out one system changed at a time. As one of the engineers dealing with the pain from users and management, the new hardware was partly an efficient use of capital funds, and partly blatant bribes to get people to turn _loose_ of their old hardware that they couldn't be bothered to keep maintained, and get it under contemporary operating systems, hardware support, consistent hardware, etc. It took those bribes of "ooohhh, shiny new hardware" to get secretaries to go offline while we added changes to their mailers and printing services and desktops that they'd gotten used to.
So, no, it wasn't wasted where I worked. The new setup was vastly cleaner and designed from the ground up, rather than accumulated, and gave us resources and excuses to fix old issues. That saved us incredible amounts of work in IT and sped up desktop operations tremendously, and made our clients far happier, despite temporary disruptions.
It's difficult to guess if the Linux setups have the resources to handle the print spools, which can get quite bulky when the printer gets stuck. And getting the Windows drivers set up to be installed automatically from a Samba print server is a bit tricky. But it's certainly feasible.
If I may recommend, do not use Gentoo for this. Having to recompile and adjust, rather than having pre-defined packages to work with, is a nightmare for such basic services as Samba printing. And CUPS printing configuration can be rather tricky for inexperienced admins, especially if they want to do things that are remotely tricky. But Samba and CUPS are far more robust printing services than Windows print servers.
Given Microsoft's history of embrace and extend, and the resulting interference with open standards such as Java and Kerberos, and their gaming of open standards for OpenOffice, saying that they "provide jobs" is like saying that the Mafia support the local police. Microsoft has a history of software development, but it's not founded on innovation. It's founded on theft. Take a good look at the current Microsoft Word and XML lawsuits with lfj: they stole wholesale from developers who shard information with them as business partners. And this sort of thing is _typical_ of them.
The FSF is very cautious in order to keep its hands clean. Involvement in obviously "tainted" projects such as Codeplex could put free software projects at risk of Microsoft's litigious behavior, and at risk of losing the "free as in speech" part of FSF software by having the code "extended", without source code or with patent encumberment, by Microsoft, and forcing free software developers to play catchup. That's been happening with Samba for years, it happened with Kerberos in Active Directory (described here at Slashdot at http://slashdot.org/article.pl?sid=00/03/02/0958226&mode=thread), it happened with Java (which was finally settled out of court in Sept. 2009), and it keeps happening.
Trusting Microsoft and cooperating in Codeplex to "help create jobs" is like buying heroin to "stimulate the economy in Afghanistan".
I'm afraid they may have been "reliable", but they were reliable at sucking, hard. Their uses of out-of-date BIOS and chipsets in their top-of-the-line models meant that you couldn't install PATA hard drivers larger than 128 Gig without buying an add-on controller card for a ridiculously long time: their systems were power limited, not by the power supply, but by the ventilation to cool components. And they were often under-equipped in the capacity to _install_ RAM. Who cares if the hardware is "rock solid", which in my experience it was not, if it's half the capacity and twice the price of a pizza box that cost less? Buy two pizza boxes and set them to failover!
Now, _DEC_ hardware could survive Armageddon, both in performance and in surviving mistreatment. I was very sad when Compaq bought that manufacturing line from DEC.
I'm afraid I haven't been able to find my original notes on this from that old theology course: I apparently discarded those notes many years ago when moving.
But in a logical sense, please do not confuse modern copyright law with ancient copyright law. Copyrights were issued by _kings_, and as the Wikipedia articles point out, used to be called "monopolies". There was no legal reason for them to be issued automatically, or to expire, in that era. And _yes_, copyright can be and has always been used by some to prevent not duplication that is not profitable to the copyright owner, but to control access to the relevant information. The key to understanding copyright, and I say this as a programmer and an author and a "not-a-lawyer", is that it its _use_ is to control information.
Money is an interesting issue, but you're right: its issues of counterfeiting, and the immense value of it, have created far tougher laws to control its printing.
Oh, dear. I don't know that I even have the college notes I remember writing about this in a fascinating theological history course. But the arguments about psalters in 557 in the Wikipedia article on the Bible that is the _kind_ of argument I referred to, and the various "synods" and gatherings to decide what documents are and are not in the Bible certainly imply something like a copyright, to prevent publication of non-standard editions.
That 557 argument does seem to seriously predate copyright law, though. I'll dig for my ancient notes.
This was a big reason for the invention of copyright in the _first_ place, to control publication of the Bible. This was partly to prevent "unlettered" people from re-interpreting things in conflict with official doctrine, and is a big part of why documents are kept from citizens throughout history.
The other reason was to prevent modified copies from being published. If you own a print shop, it's relatively easy to modify the text to your advantage, and if you're maintaining a centralized organization like a government, or a church, you do _not_ want people editing the key rulebook without your knowledge and using it locally. Worse yet, they might publish it in local languages instead of Latin, and then _anyone_ could understand its words without a priest!
Schneier's write up is mistaken. It's the difference between saying "people can break my windows, so I won't lock my door" and not spending huge amounts of money on an unbreakable or unpickable lock. A very modest level of encryption, enough to prevent casual snooping by unequipped news reporters or enemies in the field with few resources, would seem to represent a quantum leap in protection of the data being gathered.
A very modest level of encryption, say equivalent to the old 40-bit SSL encryption, should suffice to block casual cracking and be feasible with the limited resources in drones. Since the control channel _is_ encrypted, it should also be possible to turn the encryption on or off depending on the designated receiver's capabilities to allow backwards compatibility.
Oh, using an ssh-agent with Subversion and its available 'svn+ssh' is the only even vaguely secure and supported way to use Subversion. But that 'svn+ssh' back end is a nightmare. Unless you add _additonal_ security configurations, the 'svnserve' on the backend of the Subversion server is its own serious security issue, which the Subversion documentation fails to address. Let's be honest: security for Subversion is a glued on afterthought.
Git, instead, uses the SSH keys with a limited shell specific to git, without the intervening and cumbersome and feature-burdened 'svnserve' daemon. And it has several quite usable tools available for management of the userkeys for the necessary shared account, tools like 'gitosis'. Using these tools, instead of having to roll your own for Subversion, eases a lot of the task. It's what I'd expect a commercially supported system to provide, and remains a major feature difference between these popular source control systems.
It's not a general purpose solution. It's tuned to a single user, with a limited vocabulary, and a particular microphone/speaker configuration. That reduces the complexity needed by orders of magnitude, especially regional accent and uncommon vocabulary problems. Solving limited, special problems is almost always easier than "general solutions". And given the ludicrous expense of full-blown current solutions, and their frequently abominable errors, I'm not surprised that such a limited solution might work well with the resources of a modern cell phone.
There is even _less_ guarantee that MS format documents will be correctly displayed or formatted by _any_ tool. Microsoft has repeatedly been shown, in court, to publish documentation of their formats so bad that it is useless to other developers. And the changes between MS Word versions are frequently terribly mishandled by even the best of Microsoft's tools.
In general, the few documents that do not display correctly in OpenOffice which I've not encountered were prey to time-wasting layout micromanagers, who specified every single character's position for esthetic effects that have nothing to do with actual content, and the mishandling is a good indicator that the document itself is written by a paper-work pusher collecting their management salary for picking fonts.
And have you ever _tried_ to get MS Office support, as opposed to commercial OpenOffice support or even open source support for OpenOffice? Go ahead: try to get help with Hebrew printing, or Microsoft mishandling of Unicode.
I can't speak to all the games for which this is true. Halo 2, from Microsoft, is an example of them deliberately blocking its use on XP, without the DirectX issue, and there are published hacks to make Halo 2 work on XP. (I ran into that when testing Halo 2 problems for an eager relative who lacked a Vista box to play it on.)
But this is the sort of thing that occurs for all older operating systems.
Re:Is the newest version deployed everywhere?
on
GSM Decryption Published
·
· Score: 2, Interesting
Did you read the EFF published paper on DES? That's not "differential cryptanalysis". It was simple brute force with dedicated hardware. And the issue wasn't the algorithm, it was the key length, which lent itself to brute force attack in a surprisingly reasonable amount of time.
I agree that key management remains an issue. Subversion is the worst popular example, with its habit of storing your passwords in your home directory in plain text, with no expiration and no utility for flushing them.
Yes, they have. But phone taps used to require a court order. (This is no longer true in the USA with the Patriot Act and other unconstitutional laws in play.) But a "point and tap this phone" technology is a wonderful dream for legitimate police trailing drug runners or smugglers who use throw away phones, and it's even more wonderful for illegal wiretaps to avoid leaving any paper trail of the tap with the telephone company or any outside agency.
There have been numerous attempts to provide genuinely secure telephone technologies, such as the "Clipper Chip" technologies. Those foundered when it was found that, with a significant negotiation time, you could put in your own keys, ones for which the US government did _not_ have registered copies. That killed the project dead, although most of the technology was sound. The Clipper Chip was also noticeable in that it ruined the career of Dorothy Denning, a formerly respected security expert who espoused the technology and its classified algorithms. That classification led directly to the mishandling of the "Law Enforcement Access Field", the checksum used to ensure that keys used were only those registered with the federal government.
Look it up: a big factor that helped kill it was that anyone who cared enough could easily buy encryption technologies from overseas, and it would cost American manufacturers business. (Do any of the rest of us remember getting our encryption software for UNIX systems on separate tapes?)
_I_ use OS images, by preference. Not everyone has the leisure to do so, nor does that OS image necessarily work on all hardware. Leading edge aptops purchased with company money by salespeople who insist on the latest advertised features,in particular, have some rather odd chipsets and can require vendor provided media to provide basic network and touchscreen functionality.
In this case, it had been just such a laptop from a vendor who makes it difficult to download drivers for slightly out of date hardware. So we used the vendor's installation media, XP with service pack 1.
That incident was some years ago. There are ways to protect against bad managers, and bad projects. In that particular case, it involved getting the excited new engineer in a one-on-one discussion and showing him where the problems were so he could fix them on his own time, and outlasting the particular bad manager by being _right_ about predicted problems, and having solutions in place ready to go with my manager, with the bad manager's name, date, and time on his claims that it wouldn't happen, to bring to the annual review meetings at my manager's level.
But it took more than a year, and other departments had to deal with things in their own way. Accessing one manager's email to the employee they were sleeping with, attaching a copy of the state's laws on sexual harassment, and forwarding it to the mailing list for the board, the mailing list for HR, the mailing list for the corporate layers, and their spouses was one approach to a manager who refused to follow basic screen locking and password handling policy.
Linus invented 'git' much more recently, in 2005. If you haven't reviewed it for source control, and compared it to Subversion at Subversion's expense, I urge you to do so. It is lighter weight, _far_ faster, allows remote development far more easily, and actually pays attention to security with its far better handling of SSH keys and its built-in GPG signatures for software tags.
I can also attest that you only give up on life at 40 if your first 40 years weren't worth living. And in that case, your age probably wasn't the problem.
Most used or not, it's 8 years old, and the update cost of a newly purchased machine with a plain OS installation disk includes roughly 2 Gig of downloaded data, and at least 5 reboots. (Measured last week on a clean installation of Windows XP Pro.) Even popular games that are shipping now do not run under it: that tells me it's obsolete.
Make that "selective standardization". The DRDOS lawsuits demonstrated that Microsoft could, and did, directly manipulate standard API's to threaten or interfere with other businesses. (Look up the "AARD Code" craziness.)
Oh, dear. My friend, I have been kicked _off_ of projects because I insisted on architecting them correctly from the ground up, and didn't accept the "mine runs 20 times as fast, let's use this!!!" version with no usable error messages, spewing log messages to read by hand, and no security, when I demonstrated that the reason it ran 20 times as fast was because the programmer cherrypicked his test cases and then multipled by the size of the whole set of targets.
The engineer who did the alternate design made big errors which took a long time to clean up. But the fundamental error was on the manager's part, who believed excited new hype about the magic of using a new language instead of the actual data I handed them: hype consistently won out over measured data there, and it was rampant in the newly hired managers as the company grew.
They'll be used on external USB drives, with the features not well-documented on the box or the advertisement. And your average non-Geek buying a new drive for their old system will also run into this.
He'll have a fascinating device, he'll learn lessons in morals and human ethics for the entire world, and he'll learn more about how things work in both software and hardware than any Windows/Microsoft environment can teach him. It also won't run the latest Windows shooter games, but will allow useful browsing, networking, and access to data to actually do programming with.
In other news, middle managers and bureaucrats continue to turn corporate and federal policy into quaint, local strategies of turf-building and funds-gathering worldwide.
Film at 11.
Then pay more attention. Microsoft was convicted of various illegal monopoly behaviors.
Oh, dear. I participated in some of this. It was often _much_ cheaper to invest, up front, in newer hardware and software that would last for 3-5 years with a single massive upgrade now, than to find and fix this component here, find and fix that component there, and roll out one system changed at a time. As one of the engineers dealing with the pain from users and management, the new hardware was partly an efficient use of capital funds, and partly blatant bribes to get people to turn _loose_ of their old hardware that they couldn't be bothered to keep maintained, and get it under contemporary operating systems, hardware support, consistent hardware, etc. It took those bribes of "ooohhh, shiny new hardware" to get secretaries to go offline while we added changes to their mailers and printing services and desktops that they'd gotten used to.
So, no, it wasn't wasted where I worked. The new setup was vastly cleaner and designed from the ground up, rather than accumulated, and gave us resources and excuses to fix old issues. That saved us incredible amounts of work in IT and sped up desktop operations tremendously, and made our clients far happier, despite temporary disruptions.
It's difficult to guess if the Linux setups have the resources to handle the print spools, which can get quite bulky when the printer gets stuck. And getting the Windows drivers set up to be installed automatically from a Samba print server is a bit tricky. But it's certainly feasible.
If I may recommend, do not use Gentoo for this. Having to recompile and adjust, rather than having pre-defined packages to work with, is a nightmare for such basic services as Samba printing. And CUPS printing configuration can be rather tricky for inexperienced admins, especially if they want to do things that are remotely tricky. But Samba and CUPS are far more robust printing services than Windows print servers.
Given Microsoft's history of embrace and extend, and the resulting interference with open standards such as Java and Kerberos, and their gaming of open standards for OpenOffice, saying that they "provide jobs" is like saying that the Mafia support the local police. Microsoft has a history of software development, but it's not founded on innovation. It's founded on theft. Take a good look at the current Microsoft Word and XML lawsuits with lfj: they stole wholesale from developers who shard information with them as business partners. And this sort of thing is _typical_ of them.
The FSF is very cautious in order to keep its hands clean. Involvement in obviously "tainted" projects such as Codeplex could put free software projects at risk of Microsoft's litigious behavior, and at risk of losing the "free as in speech" part of FSF software by having the code "extended", without source code or with patent encumberment, by Microsoft, and forcing free software developers to play catchup. That's been happening with Samba for years, it happened with Kerberos in Active Directory (described here at Slashdot at http://slashdot.org/article.pl?sid=00/03/02/0958226&mode=thread), it happened with Java (which was finally settled out of court in Sept. 2009), and it keeps happening.
Trusting Microsoft and cooperating in Codeplex to "help create jobs" is like buying heroin to "stimulate the economy in Afghanistan".
I'm afraid they may have been "reliable", but they were reliable at sucking, hard. Their uses of out-of-date BIOS and chipsets in their top-of-the-line models meant that you couldn't install PATA hard drivers larger than 128 Gig without buying an add-on controller card for a ridiculously long time: their systems were power limited, not by the power supply, but by the ventilation to cool components. And they were often under-equipped in the capacity to _install_ RAM. Who cares if the hardware is "rock solid", which in my experience it was not, if it's half the capacity and twice the price of a pizza box that cost less? Buy two pizza boxes and set them to failover!
Now, _DEC_ hardware could survive Armageddon, both in performance and in surviving mistreatment. I was very sad when Compaq bought that manufacturing line from DEC.
I'm afraid I haven't been able to find my original notes on this from that old theology course: I apparently discarded those notes many years ago when moving.
But in a logical sense, please do not confuse modern copyright law with ancient copyright law. Copyrights were issued by _kings_, and as the Wikipedia articles point out, used to be called "monopolies". There was no legal reason for them to be issued automatically, or to expire, in that era. And _yes_, copyright can be and has always been used by some to prevent not duplication that is not profitable to the copyright owner, but to control access to the relevant information. The key to understanding copyright, and I say this as a programmer and an author and a "not-a-lawyer", is that it its _use_ is to control information.
Money is an interesting issue, but you're right: its issues of counterfeiting, and the immense value of it, have created far tougher laws to control its printing.
Oh, dear. I don't know that I even have the college notes I remember writing about this in a fascinating theological history course. But the arguments about psalters in 557 in the Wikipedia article on the Bible that is the _kind_ of argument I referred to, and the various "synods" and gatherings to decide what documents are and are not in the Bible certainly imply something like a copyright, to prevent publication of non-standard editions.
That 557 argument does seem to seriously predate copyright law, though. I'll dig for my ancient notes.
This was a big reason for the invention of copyright in the _first_ place, to control publication of the Bible. This was partly to prevent "unlettered" people from re-interpreting things in conflict with official doctrine, and is a big part of why documents are kept from citizens throughout history.
The other reason was to prevent modified copies from being published. If you own a print shop, it's relatively easy to modify the text to your advantage, and if you're maintaining a centralized organization like a government, or a church, you do _not_ want people editing the key rulebook without your knowledge and using it locally. Worse yet, they might publish it in local languages instead of Latin, and then _anyone_ could understand its words without a priest!
Schneier's write up is mistaken. It's the difference between saying "people can break my windows, so I won't lock my door" and not spending huge amounts of money on an unbreakable or unpickable lock. A very modest level of encryption, enough to prevent casual snooping by unequipped news reporters or enemies in the field with few resources, would seem to represent a quantum leap in protection of the data being gathered.
A very modest level of encryption, say equivalent to the old 40-bit SSL encryption, should suffice to block casual cracking and be feasible with the limited resources in drones. Since the control channel _is_ encrypted, it should also be possible to turn the encryption on or off depending on the designated receiver's capabilities to allow backwards compatibility.
Oh, using an ssh-agent with Subversion and its available 'svn+ssh' is the only even vaguely secure and supported way to use Subversion. But that 'svn+ssh' back end is a nightmare. Unless you add _additonal_ security configurations, the 'svnserve' on the backend of the Subversion server is its own serious security issue, which the Subversion documentation fails to address. Let's be honest: security for Subversion is a glued on afterthought.
Git, instead, uses the SSH keys with a limited shell specific to git, without the intervening and cumbersome and feature-burdened 'svnserve' daemon. And it has several quite usable tools available for management of the userkeys for the necessary shared account, tools like 'gitosis'. Using these tools, instead of having to roll your own for Subversion, eases a lot of the task. It's what I'd expect a commercially supported system to provide, and remains a major feature difference between these popular source control systems.
It's not a general purpose solution. It's tuned to a single user, with a limited vocabulary, and a particular microphone/speaker configuration. That reduces the complexity needed by orders of magnitude, especially regional accent and uncommon vocabulary problems. Solving limited, special problems is almost always easier than "general solutions". And given the ludicrous expense of full-blown current solutions, and their frequently abominable errors, I'm not surprised that such a limited solution might work well with the resources of a modern cell phone.
There is even _less_ guarantee that MS format documents will be correctly displayed or formatted by _any_ tool. Microsoft has repeatedly been shown, in court, to publish documentation of their formats so bad that it is useless to other developers. And the changes between MS Word versions are frequently terribly mishandled by even the best of Microsoft's tools.
In general, the few documents that do not display correctly in OpenOffice which I've not encountered were prey to time-wasting layout micromanagers, who specified every single character's position for esthetic effects that have nothing to do with actual content, and the mishandling is a good indicator that the document itself is written by a paper-work pusher collecting their management salary for picking fonts.
And have you ever _tried_ to get MS Office support, as opposed to commercial OpenOffice support or even open source support for OpenOffice? Go ahead: try to get help with Hebrew printing, or Microsoft mishandling of Unicode.
I can't speak to all the games for which this is true. Halo 2, from Microsoft, is an example of them deliberately blocking its use on XP, without the DirectX issue, and there are published hacks to make Halo 2 work on XP. (I ran into that when testing Halo 2 problems for an eager relative who lacked a Vista box to play it on.)
But this is the sort of thing that occurs for all older operating systems.
Did you read the EFF published paper on DES? That's not "differential cryptanalysis". It was simple brute force with dedicated hardware. And the issue wasn't the algorithm, it was the key length, which lent itself to brute force attack in a surprisingly reasonable amount of time.
I agree that key management remains an issue. Subversion is the worst popular example, with its habit of storing your passwords in your home directory in plain text, with no expiration and no utility for flushing them.
Yes, they have. But phone taps used to require a court order. (This is no longer true in the USA with the Patriot Act and other unconstitutional laws in play.) But a "point and tap this phone" technology is a wonderful dream for legitimate police trailing drug runners or smugglers who use throw away phones, and it's even more wonderful for illegal wiretaps to avoid leaving any paper trail of the tap with the telephone company or any outside agency.
There have been numerous attempts to provide genuinely secure telephone technologies, such as the "Clipper Chip" technologies. Those foundered when it was found that, with a significant negotiation time, you could put in your own keys, ones for which the US government did _not_ have registered copies. That killed the project dead, although most of the technology was sound. The Clipper Chip was also noticeable in that it ruined the career of Dorothy Denning, a formerly respected security expert who espoused the technology and its classified algorithms. That classification led directly to the mishandling of the "Law Enforcement Access Field", the checksum used to ensure that keys used were only those registered with the federal government.
Look it up: a big factor that helped kill it was that anyone who cared enough could easily buy encryption technologies from overseas, and it would cost American manufacturers business. (Do any of the rest of us remember getting our encryption software for UNIX systems on separate tapes?)
When the size of the patches, slipstreamed or not, approaches the size of the OS, it's obsolete.
_I_ use OS images, by preference. Not everyone has the leisure to do so, nor does that OS image necessarily work on all hardware. Leading edge aptops purchased with company money by salespeople who insist on the latest advertised features,in particular, have some rather odd chipsets and can require vendor provided media to provide basic network and touchscreen functionality.
In this case, it had been just such a laptop from a vendor who makes it difficult to download drivers for slightly out of date hardware. So we used the vendor's installation media, XP with service pack 1.
That incident was some years ago. There are ways to protect against bad managers, and bad projects. In that particular case, it involved getting the excited new engineer in a one-on-one discussion and showing him where the problems were so he could fix them on his own time, and outlasting the particular bad manager by being _right_ about predicted problems, and having solutions in place ready to go with my manager, with the bad manager's name, date, and time on his claims that it wouldn't happen, to bring to the annual review meetings at my manager's level.
But it took more than a year, and other departments had to deal with things in their own way. Accessing one manager's email to the employee they were sleeping with, attaching a copy of the state's laws on sexual harassment, and forwarding it to the mailing list for the board, the mailing list for HR, the mailing list for the corporate layers, and their spouses was one approach to a manager who refused to follow basic screen locking and password handling policy.
Linus invented 'git' much more recently, in 2005. If you haven't reviewed it for source control, and compared it to Subversion at Subversion's expense, I urge you to do so. It is lighter weight, _far_ faster, allows remote development far more easily, and actually pays attention to security with its far better handling of SSH keys and its built-in GPG signatures for software tags.
I can also attest that you only give up on life at 40 if your first 40 years weren't worth living. And in that case, your age probably wasn't the problem.
Most used or not, it's 8 years old, and the update cost of a newly purchased machine with a plain OS installation disk includes roughly 2 Gig of downloaded data, and at least 5 reboots. (Measured last week on a clean installation of Windows XP Pro.) Even popular games that are shipping now do not run under it: that tells me it's obsolete.
Make that "selective standardization". The DRDOS lawsuits demonstrated that Microsoft could, and did, directly manipulate standard API's to threaten or interfere with other businesses. (Look up the "AARD Code" craziness.)
Oh, dear. My friend, I have been kicked _off_ of projects because I insisted on architecting them correctly from the ground up, and didn't accept the "mine runs 20 times as fast, let's use this!!!" version with no usable error messages, spewing log messages to read by hand, and no security, when I demonstrated that the reason it ran 20 times as fast was because the programmer cherrypicked his test cases and then multipled by the size of the whole set of targets.
The engineer who did the alternate design made big errors which took a long time to clean up. But the fundamental error was on the manager's part, who believed excited new hype about the magic of using a new language instead of the actual data I handed them: hype consistently won out over measured data there, and it was rampant in the newly hired managers as the company grew.
They'll be used on external USB drives, with the features not well-documented on the box or the advertisement. And your average non-Geek buying a new drive for their old system will also run into this.
Buyer, beware.
He'll have a fascinating device, he'll learn lessons in morals and human ethics for the entire world, and he'll learn more about how things work in both software and hardware than any Windows/Microsoft environment can teach him. It also won't run the latest Windows shooter games, but will allow useful browsing, networking, and access to data to actually do programming with.