... because they were a strong proponent of DRM... and unlike DRM on disks they can always update it to stop me from using my right to make a DRM free copy.
Essentially the 64 Bit versions cannot be used in many instances as:
1. 16 Bit software won't run any more 2. Drivers need signatures
Most Windows software obviously still is 32 Bit as it's distributed as binaries. If you ship 64 Bit software you unnecessarily limit your market. Few applications need the advantages of 64 Bit as development started when 16 Megabytes was a lot of RAM.
Firefox also worked on making web standards more and more complex, after all, they are in the standard committees. If they'd refuse to accept dubious standards, and instead focus on trying to make web standards orthogonal and as simple was possible while still keeping them flexible, there would be a healthy competition.
Instead Mozilla keeps semi-implementing standards, while making the GUI less and less usable.
... than surely you should seriously worry. Of course the people quoted are idiots following short term trends.
Programming languages have their area of usefulness. Few, if any, programming languages are more or less general. However a mistake that's often made is to start with the programming language and then look for uses for it. Instead you should first look at your problem, and then find the best programming language for it.
This is why, for example, UNIX was always based on multiple languages for certain problems. You have a layer of tools written in C and (originally) Assembler, then you have a shell which can be scripted, plus you have special languages like the one used in "dc". Most languages are simply not made to power a complete operating system in. If you try that, you'll end up in messes like Windows (C++) or Android (Java).
So in short, if you only know one programming language, or just a small amount of basically identical languages, you should seriously considering another career.
However if you want a steady job in IT where you never have to use your brain and never have to learn more than a few buzzwords, try getting some management position. There you will earn money by sitting in meetings.
Ahh right, the "the sensor is secure" fallacy. Essentially the whole claim of this rant, carefully hidden behind lots of ramblings is, that somehow magically a sensor can get a full picture of what's in front of it, so it can somehow magically differentiate a fake finger from a real one.
Tell you what, even the most expensive systems are trivial to fake. Yes you can measure the pulse of a finger, but a simple silicone "mask" for your finger will give the same signal. Yes you can use a depth sensing camera, but a simple mask will fool that.
Any of those systems essentially takes an "image" of your body part. This may be based on capacitance over a field of sensors, or some ultrasonic echo. You will always be able to just replay that signal... and certainly when you are able to get to the sensor itself.
1. You can change passwords, so even if it gets extracted from your brain (or more likely intercepted from your keyboard), you can simply choose another one.
2. You can voluntarily give up a password without any collateral damage. For example when you get threatened you can just give out the password instead of loosing your finger.
I'm sorry, but Biometry should have been dead when that McGuyver episode came out where he used a latent hand print on a hand print scanner.
Biometry is not suitable for authentication. Essentially using biometry is like using a password you cannot change, but constantly tell anybody around you.
It's trivial to keep your passwords secure, it's much harder to keep your fingerprint or iris pattern secure. Both can even be read out remotely.
... CPU cores typically are publically described in minute detail. After all people need to directly write software for those...
Today the problem lies in proprietary hardware. Hardware for which you cannot write a decent driver as there is no public documentation available. That's the problem with modern SoCs, and that's why the mobile operation system scene is so dead right now.
Yes, and there is no pressure to replace e-mail. E-mail has it's weaknesses, but they are not bad enough to warrant a change.
The technochnology that would be ripe for a complete replacement would be the "web". Those standards are getting way out of hand, spiraling into their doom of evergrowing complexity, with browsers both having security problems and not fully supporting the growing array of partly useless functionality the W3M tries to cram into them.
E-Mail was never meant to be extensible so it was easy for it to escape that doom. A 20 year old e-mail program is just as useful as a new one, while a 20 year old browser will probably crash once you try to open google.com.
... like the inability to remove Cortana, or the many bugs involving parts of the OS replicating OS features like the UI toolkit. Or the bug that the bitmaps of TrueType fonts are ignored so you'll always have those blurry characters. Or the longstanding Windows-Bug that the binary files of programs cannot be deleted when the program is running.... etc...
The feedback probably mostly goes to/dev/null, because many of the bugs either stem from decade old design decisions, or come straight from the marketing department. (which is apparently the most powerful department at Microsoft. Probably much more important than the sales department.)
After all as long as there will be web designers, there will be horribly bad webpages which will consume huge amounts of data. Just keep your webpages plain and simple, avoid Javascript, particularly from foreign domains, and everything will be fine.
It's not your responsibility to adapt the look of your page to the size of the browser window. If the browser is semi decent and you write proper HTML it'll just work everywhere. That's the whole idea behind HTML.
... and that's for portable, but not mobile computing. Essentially when you want to have a computer on a table where you have electricity, but you still want to be able to carry it around.
Essentially you want something like that in a rather rugged case, so it'll withstand some abuse. It doesn't matter how light or thick it is, as it won't be "carried around" with someone, but specifically carried from place A to B, probably as part of some larger setup.
For example this could take part in stage productions controlling the lights, or a video mixer.
However this form factor has one large disadvantage over the classical "portable" one. The keyboard is non-detachable. So you'll always have to be at a fixed distance to the screen. You move the keyboard independently of the rest of your computer. That's not very ergonomically.
My argument is that many programmers design needless complexity into things because they believe they can just "outsource" their problems. For example people design systems with complex file formats they could not parse themselves, then they load a script interpreter which will parse it for them.... and as a side effect execute any code in that file. If they would have chosen a simpler file format, a few lines of code would have been able to parse it perfectly well.
Also there is one particularly toxic way of code reuse and that's dynamically linked libraries. While those sound like a decent idea at first, in reality they have the big disadvantage of not only making your system a lot more brittle, but also increasing start-up times. Increased start-up times mean that, to use the functionality of another program you can no longer economically just start up that program to do you bidding as it would take far to long. Instead people now run things like TLS in a library running in the same memory space so that buffer overruns can simply read the keys and data of other connections or even the rest of your program.
So while code reuse has it's advantages, it can go terribly wrong when it's done wrong... and it's often done wrong.
After all there is no legal way to watch that show without giving away our basic freedoms of "Privaccy and Integrity of Information processing systems" as declared by the German constitutional court in 2008.
Offer it as a DRM-free downloadable copy and people will buy it in hordes.
Yes, particularly since running a "successful" business only requires a certain minimum level of "cleverness" and relies much more on business connections.
Just look at Research in Motion (aka Blackberry). That company is largely run by idiots which chase the iPhone and contradict their main claim (security) by cooperating with everybody on breaking their devices up to a point where they send your e-mail login data to a central server.
I may be wrong, but isn't it that systemd also depends on things like dbus?
And again the problem is the mindset. Even though it might be possible to run systemd in a sane way, distributions now package it with all sorts of crap. The opposition against systemd is not about systemd itself, it's about people who constantly try to re-invent the wheel while not having understood the problem or how to solve problems in general. Just look at alsa and pulseaudio which were both attempts at fixing the previous state of the art... and making it somewhat worse. (i.e. Alsa created unfathomable device names which were written differently in every application instead of the simple/dev/dsp OSS provided, or pulseaudio added crap like software mixing so you'll enjoy the fun of quantisation noise while it won't allow you to automatically switch the number of output channels based on the number of channels your software outputs)
In the spirit of "Do one thing and do it well", systemd's goal is "manage services and dependencies".
If it was it wouldn't include its own DNS server, or it's own timeserver, or it's own logging infrastructure.
The problem with systemd and the whole Freedesktop crowd is that they are trying to solve problems that do not exist anymore. For example you now have hugely complex systems just to make sure your soundcard will only be usable by users logged in locally. While this is, in theory, a great security benefit, most machines today are single user. So in effect it's lots of code that's useless at best and a potential security problem at worst.
Everybody goes through a phase where they think they can re-invent the world and design something cool and complex with the technologies they have just heard of. In the past only large companies could afford such an effort. Microsoft, for example, implemented many of the "new" ideas in Windows. This is why you have things like OLE with it's offspring of OLE automation, or a logging system nobody uses because it's essentially unusable. Windows being so unusable, particularly in the 1990s, was a big push for Linux for "serious" applications.
Now we have a new situation, it's "fancy" to have some work on a Open Source project on your CV, that's why there's a huge pressure for mediocre and bad developers to do something with Open Source. Those mostly are people who still having gone past their "coimplexity is good" phase and don't understand yet, that it's not a good idea to require 5 daemons in the background just to have a GUI running.
Ideally we should take a step back and look at what we _really_ need. Do we really have to have such a complex service management system? Shouldn't it be enough for a desktop system to just have a single shell script booting up X and the window manager and setting up the network? Why do we have a wireless subsystem that needs a "wpa-manager" just to set up the keys to encrypted networks? Why do we have a modem manager that reliably is unable to access your cellular card after a upgrade?
Have you ever tried to write your own minimalistic init-system? I once turned an old SuSE installation into an X-Terminal. It took a shell script of 5 lines and it booted in a few seconds... on an Pentium 90! You can get much faster if you cut all that crap you don't need.
Slashdot Mirror
... because they were a strong proponent of DRM... and unlike DRM on disks they can always update it to stop me from using my right to make a DRM free copy.
Essentially the 64 Bit versions cannot be used in many instances as:
1. 16 Bit software won't run any more
2. Drivers need signatures
Most Windows software obviously still is 32 Bit as it's distributed as binaries. If you ship 64 Bit software you unnecessarily limit your market. Few applications need the advantages of 64 Bit as development started when 16 Megabytes was a lot of RAM.
Firefox also worked on making web standards more and more complex, after all, they are in the standard committees. If they'd refuse to accept dubious standards, and instead focus on trying to make web standards orthogonal and as simple was possible while still keeping them flexible, there would be a healthy competition.
Instead Mozilla keeps semi-implementing standards, while making the GUI less and less usable.
It's larger cells mostly come from being able to use higher powers. That advantage will disappear for unlicensed cells.
It's probably even less secure as its more complex. The focus was more on protecting business models than protecting user data.
... than surely you should seriously worry. Of course the people quoted are idiots following short term trends.
Programming languages have their area of usefulness. Few, if any, programming languages are more or less general. However a mistake that's often made is to start with the programming language and then look for uses for it. Instead you should first look at your problem, and then find the best programming language for it.
This is why, for example, UNIX was always based on multiple languages for certain problems. You have a layer of tools written in C and (originally) Assembler, then you have a shell which can be scripted, plus you have special languages like the one used in "dc". Most languages are simply not made to power a complete operating system in. If you try that, you'll end up in messes like Windows (C++) or Android (Java).
So in short, if you only know one programming language, or just a small amount of basically identical languages, you should seriously considering another career.
However if you want a steady job in IT where you never have to use your brain and never have to learn more than a few buzzwords, try getting some management position. There you will earn money by sitting in meetings.
Well the simplest way for an unsophisticated attacker is to simply cut your finger off.
And seriously, we are already comparing biometry to the second worst authentication scheme... passwords.
If you want something more secure, but more convenient for the user, just add public key authentication to a password.
Ahh right, the "the sensor is secure" fallacy. Essentially the whole claim of this rant, carefully hidden behind lots of ramblings is, that somehow magically a sensor can get a full picture of what's in front of it, so it can somehow magically differentiate a fake finger from a real one.
Tell you what, even the most expensive systems are trivial to fake. Yes you can measure the pulse of a finger, but a simple silicone "mask" for your finger will give the same signal. Yes you can use a depth sensing camera, but a simple mask will fool that.
Any of those systems essentially takes an "image" of your body part. This may be based on capacitance over a field of sensors, or some ultrasonic echo. You will always be able to just replay that signal... and certainly when you are able to get to the sensor itself.
Well yes, they were late into the game. AFAIK that method has first been demonstrated in 2004 by Starbug from the CCC:
http://chaosradio.ccc.de/ctv00...
http://chaosradio.ccc.de/media...
Actually not, there was an even older James Bond movie where he foiled fingerprint authentification via a faked fingerprint.
So in this extreme case, the password would be not safer than biometry, whereas in all other cases it's considerably better.
Of course there are also seriously better alternatives to passwords, for example public key authentication schemes. So in any event, biometry looses.
Well there are 2 big differences here:
1. You can change passwords, so even if it gets extracted from your brain (or more likely intercepted from your keyboard), you can simply choose another one.
2. You can voluntarily give up a password without any collateral damage. For example when you get threatened you can just give out the password instead of loosing your finger.
I'm sorry, but Biometry should have been dead when that McGuyver episode came out where he used a latent hand print on a hand print scanner.
BTW, here's a nice overview video on the topic:
https://media.ccc.de/v/31c3_-_...
Biometry is not suitable for authentication. Essentially using biometry is like using a password you cannot change, but constantly tell anybody around you.
It's trivial to keep your passwords secure, it's much harder to keep your fingerprint or iris pattern secure. Both can even be read out remotely.
... CPU cores typically are publically described in minute detail. After all people need to directly write software for those...
Today the problem lies in proprietary hardware. Hardware for which you cannot write a decent driver as there is no public documentation available. That's the problem with modern SoCs, and that's why the mobile operation system scene is so dead right now.
Well HTML-Mail is mostly spam anyhow.
Yes, and there is no pressure to replace e-mail. E-mail has it's weaknesses, but they are not bad enough to warrant a change.
The technochnology that would be ripe for a complete replacement would be the "web". Those standards are getting way out of hand, spiraling into their doom of evergrowing complexity, with browsers both having security problems and not fully supporting the growing array of partly useless functionality the W3M tries to cram into them.
E-Mail was never meant to be extensible so it was easy for it to escape that doom. A 20 year old e-mail program is just as useful as a new one, while a 20 year old browser will probably crash once you try to open google.com.
... like the inability to remove Cortana, or the many bugs involving parts of the OS replicating OS features like the UI toolkit. Or the bug that the bitmaps of TrueType fonts are ignored so you'll always have those blurry characters. Or the longstanding Windows-Bug that the binary files of programs cannot be deleted when the program is running.... etc...
The feedback probably mostly goes to /dev/null, because many of the bugs either stem from decade old design decisions, or come straight from the marketing department. (which is apparently the most powerful department at Microsoft. Probably much more important than the sales department.)
...but what if the site I want to use uses it.
After all as long as there will be web designers, there will be horribly bad webpages which will consume huge amounts of data. Just keep your webpages plain and simple, avoid Javascript, particularly from foreign domains, and everything will be fine.
It's not your responsibility to adapt the look of your page to the size of the browser window. If the browser is semi decent and you write proper HTML it'll just work everywhere. That's the whole idea behind HTML.
... and that's for portable, but not mobile computing. Essentially when you want to have a computer on a table where you have electricity, but you still want to be able to carry it around.
Essentially you want something like that in a rather rugged case, so it'll withstand some abuse. It doesn't matter how light or thick it is, as it won't be "carried around" with someone, but specifically carried from place A to B, probably as part of some larger setup.
For example this could take part in stage productions controlling the lights, or a video mixer.
However this form factor has one large disadvantage over the classical "portable" one. The keyboard is non-detachable. So you'll always have to be at a fixed distance to the screen. You move the keyboard independently of the rest of your computer. That's not very ergonomically.
My argument is that many programmers design needless complexity into things because they believe they can just "outsource" their problems.
For example people design systems with complex file formats they could not parse themselves, then they load a script interpreter which will parse it for them.... and as a side effect execute any code in that file.
If they would have chosen a simpler file format, a few lines of code would have been able to parse it perfectly well.
Also there is one particularly toxic way of code reuse and that's dynamically linked libraries. While those sound like a decent idea at first, in reality they have the big disadvantage of not only making your system a lot more brittle, but also increasing start-up times. Increased start-up times mean that, to use the functionality of another program you can no longer economically just start up that program to do you bidding as it would take far to long. Instead people now run things like TLS in a library running in the same memory space so that buffer overruns can simply read the keys and data of other connections or even the rest of your program.
So while code reuse has it's advantages, it can go terribly wrong when it's done wrong... and it's often done wrong.
After all there is no legal way to watch that show without giving away our basic freedoms of "Privaccy and Integrity of Information processing systems" as declared by the German constitutional court in 2008.
Offer it as a DRM-free downloadable copy and people will buy it in hordes.
Yes, particularly since running a "successful" business only requires a certain minimum level of "cleverness" and relies much more on business connections.
Just look at Research in Motion (aka Blackberry). That company is largely run by idiots which chase the iPhone and contradict their main claim (security) by cooperating with everybody on breaking their devices up to a point where they send your e-mail login data to a central server.
I may be wrong, but isn't it that systemd also depends on things like dbus?
And again the problem is the mindset. Even though it might be possible to run systemd in a sane way, distributions now package it with all sorts of crap. The opposition against systemd is not about systemd itself, it's about people who constantly try to re-invent the wheel while not having understood the problem or how to solve problems in general. Just look at alsa and pulseaudio which were both attempts at fixing the previous state of the art... and making it somewhat worse. (i.e. Alsa created unfathomable device names which were written differently in every application instead of the simple /dev/dsp OSS provided, or pulseaudio added crap like software mixing so you'll enjoy the fun of quantisation noise while it won't allow you to automatically switch the number of output channels based on the number of channels your software outputs)
If it was it wouldn't include its own DNS server, or it's own timeserver, or it's own logging infrastructure.
The problem with systemd and the whole Freedesktop crowd is that they are trying to solve problems that do not exist anymore. For example you now have hugely complex systems just to make sure your soundcard will only be usable by users logged in locally. While this is, in theory, a great security benefit, most machines today are single user. So in effect it's lots of code that's useless at best and a potential security problem at worst.
Everybody goes through a phase where they think they can re-invent the world and design something cool and complex with the technologies they have just heard of. In the past only large companies could afford such an effort. Microsoft, for example, implemented many of the "new" ideas in Windows. This is why you have things like OLE with it's offspring of OLE automation, or a logging system nobody uses because it's essentially unusable. Windows being so unusable, particularly in the 1990s, was a big push for Linux for "serious" applications.
Now we have a new situation, it's "fancy" to have some work on a Open Source project on your CV, that's why there's a huge pressure for mediocre and bad developers to do something with Open Source. Those mostly are people who still having gone past their "coimplexity is good" phase and don't understand yet, that it's not a good idea to require 5 daemons in the background just to have a GUI running.
Ideally we should take a step back and look at what we _really_ need. Do we really have to have such a complex service management system? Shouldn't it be enough for a desktop system to just have a single shell script booting up X and the window manager and setting up the network? Why do we have a wireless subsystem that needs a "wpa-manager" just to set up the keys to encrypted networks? Why do we have a modem manager that reliably is unable to access your cellular card after a upgrade?
Have you ever tried to write your own minimalistic init-system? I once turned an old SuSE installation into an X-Terminal. It took a shell script of 5 lines and it booted in a few seconds... on an Pentium 90! You can get much faster if you cut all that crap you don't need.