Now the ATA specification allows for 32-byte passwords, so realistically, they could allow for the user password to fully compose the 256-bit AES key (in other words, no hashing needed.) This is a terrible idea. The entropy of a user-memorable password is well below 256 bits, even if it fills the same space. Most bits in a byte aren't even printable, much less typable, in standard encodings, so even the theoretical maximum for a typed-in key is probably around 6 bits per byte. English averages out to around 1.1 bits per byte. Study entropy, it's very important for compression and encryption theory and even practice.
Even worse, if the key is recovered, you'd have the full password in plaintext. At least if you salt and hash it, even a collision on the resulting key does not guarantee you've found the passphrase.
Mono's C# is extremely slow compared even to OpenJDK Java, saying nothing of finely optimised C. It would be very nice if modern optimisations could be brought over from OpenJDK to Mono, but I doubt that will happen anytime soon.
Right, because a delay of maybe an hour in automatic updates in Ubuntu is somehow comparable to up to a month for Windows. Patch tuesday isn't weekly, it's monthly. And in Ubuntu, like in any other distribution, you can request a full update and upgrade at *any* time - it's only the automated check which is staggered and very reasonably so.
Open source programs tend to release updated binaries immediately after the fix is implemented, so you'll have an updated binary long before an attacker gets around to trying the exploit on your machine. It's specifically delayed deployments like Windows Update which make the problem known but don't provide the solution until much later.
That's exactly what I said. The replenishment would increase the size of the population, which is not what the AC parent said, so I addressed the issue of decay of a contained population.
Debian is sponsored by many companies who use it, and lately some development is sponsored as part of the Google Summer of Code. Now you could even argue it's indirectly supported by Canonical, since a lot of the work done on Ubuntu benefits Debian almost as much.
You fail at math. A half-life for an item would be the duration in which a population can be expected to halve. For instance, 1024 keyboards with a half-life of one month will drop to around 512, 256, 128 remaining keyboards after 1, 2 and 3 months respectively. Any individual item has an asymptoptically increasing probability of failure, from 1/2 to 3/4 to 7/8 and beyond.
I really doubt the XO keyboards have anywhere near such a short half-life, and like the summary says, there are many vendors which can be expected to vary significantly.
Except that Sun's work is based on h261, because it's so old that no patents can possibly apply to it any more. Dirac is a current/next-generation codec that's also royalty free, and certainly a lot closer to completion than Sun's offering. The FAQ for OMS considers Theora and Dirac as friendly competition, which is fair enough, but really, why not just put more talent into Dirac?
They do this regularly to enhance the.NET platform. IronPython and RubyCLR have had some of their developers hired. Sun is doing similar things for the Java platform. It remains to be seen whether Microsoft will pervert the projects they talent-tap into using other licenses.
Even Microsoft knows that the open source space has a lot of code, ideas and talent they can legally use, but it seems only the developer-oriented teams (.NET, etc) "get it", and even they are largely bound by the corporate culture of anticompetitive practice.
Windows was bootstrapped with a fair amount of BSDL code, in fact. It's interesting to think how terrible the Windows networking API would be if it hadn't been based on the [already rather bad] Berkeley socket API.
Yeah, because forbidding your remote shell developers to execute binaries is great for their productivity.
My home dir has custom distributions of Java, Python, GCC, etc. and my own scripts, and with noexec I'd be really stuck. I make up for the "security hole" by only allowing myself to log in remotely, and only via pubkey.
If it was that simple, you could argue that Ubuntu Hardy is Windows 7, and since XP compatibility is not an issue, companies should target the "new" platform exclusively.
I suspect that Windows 7 will have an almost WINE-like compatibility system, or at least, it will *have* to in order to keep the base system anywhere near as advanced as modern Linux. And in that context, Linux is simply a much more mature and well-known system, so people may as well just use that.
What I'm saying is, the whole point of Windows is its own legacy. It's not based on interoperable standards. If it is to be replaced by something better, it can only be incrementally better, not a wholesale replacement. As soon as you talk about wholesale replacements, Linux is a much better option than Windows 7 could possibly be.
Windows 7 may even end up being a technical marvel, but by breaking compatibility it will give Linux an even bigger boost than Vista has.
Firstly, NT supports SMP, but it doesn't scale well to utilise it. Windows Server 2008 might be tolerable, but it's not going to compete with current, let alone future, Linux, and the higher the core count, the bigger the divide gets.
Secondly, GCC doesn't care about threading scalability. It's all up to you as the application architect to design a parallel system.
Academic and real-world examples are well known. Once you get the basic ideas down, the vast majority of throughput bottlenecks parallelise out very well, and those that don't never will anyway (e.g. Dynamic Programming algorithms).
Because if nobody does, the club won't exist at all. And the PR boost for going open translates into increased sales. If you help out, others benefit, and are more likely to help out too. Even an interview as old as http://news.zdnet.com/2100-9595_22-828802.html?tag=btxcsim includes:
Most people who were contributing software did so in a form of barter system. They needed a better Linux themselves, and that's why they contributed. Don Becker at NASA describes this as clearly as anyone else when he was asked why he contributes extremely fast Ethernet drivers, which is an extremely sophisticated technology, to the Linux kernel, and then allows Red Hat to make money selling his Ethernet drivers, and he doesn't make any money at it. He said, "Let me get this straight: I write a small Ethernet driver, that I admittedly give away, and Red Hat get to put in a box. And in return I get the complete source code and a license to do whatever I want with a complete 800MB operating system, and you're telling me Red Hat's taking advantage of me?"
You missed the point. The competition should remain in the company's products, not in their in-house development and improvements on open source code. So if a company hacks up an internal Firefox extension to integrate with their intranet, they can share the code and perhaps it is useful elsewhere or has ideas and components that are useful elsewhere. Sure, they're giving the rest of the world a free lunch, but if this effort helps create an ecosystem of sharing in all directions, they'll get back 100-1000 times more. It's like joining a club, you pay your way but you get a lot of benefits and everybody subsidises everybody else. Fortunately the open source club can be joined for free, but it is still supported by the people releasing the code.
What's wrong with publicly stating the religious body backing OOXML development? Microsoft is very fortunate to have so much support from Hell. Why, if they had to supply their own evil or go through commercial channels, the global evil reserves would dry up overnight.
Slashdot Mirror
Even worse, if the key is recovered, you'd have the full password in plaintext. At least if you salt and hash it, even a collision on the resulting key does not guarantee you've found the passphrase.
Mono's C# is extremely slow compared even to OpenJDK Java, saying nothing of finely optimised C. It would be very nice if modern optimisations could be brought over from OpenJDK to Mono, but I doubt that will happen anytime soon.
Right, because a delay of maybe an hour in automatic updates in Ubuntu is somehow comparable to up to a month for Windows. Patch tuesday isn't weekly, it's monthly. And in Ubuntu, like in any other distribution, you can request a full update and upgrade at *any* time - it's only the automated check which is staggered and very reasonably so.
Open source programs tend to release updated binaries immediately after the fix is implemented, so you'll have an updated binary long before an attacker gets around to trying the exploit on your machine. It's specifically delayed deployments like Windows Update which make the problem known but don't provide the solution until much later.
That's exactly what I said. The replenishment would increase the size of the population, which is not what the AC parent said, so I addressed the issue of decay of a contained population.
Debian is sponsored by many companies who use it, and lately some development is sponsored as part of the Google Summer of Code. Now you could even argue it's indirectly supported by Canonical, since a lot of the work done on Ubuntu benefits Debian almost as much.
You fail at math. A half-life for an item would be the duration in which a population can be expected to halve. For instance, 1024 keyboards with a half-life of one month will drop to around 512, 256, 128 remaining keyboards after 1, 2 and 3 months respectively. Any individual item has an asymptoptically increasing probability of failure, from 1/2 to 3/4 to 7/8 and beyond.
I really doubt the XO keyboards have anywhere near such a short half-life, and like the summary says, there are many vendors which can be expected to vary significantly.
Err, what, it's not at all named after Alan Turing, one of the fathers of fundamental computation theory? Or is this a really bad joke?
Except that Sun's work is based on h261, because it's so old that no patents can possibly apply to it any more. Dirac is a current/next-generation codec that's also royalty free, and certainly a lot closer to completion than Sun's offering. The FAQ for OMS considers Theora and Dirac as friendly competition, which is fair enough, but really, why not just put more talent into Dirac?
Mod parent up. He is... oh forget it.
Hey, take it easy on the MCSE :)
Although light will travel from your eye to your fingertip, it's not likely your fingertip will care to receive it.
They do this regularly to enhance the .NET platform. IronPython and RubyCLR have had some of their developers hired. Sun is doing similar things for the Java platform. It remains to be seen whether Microsoft will pervert the projects they talent-tap into using other licenses.
Even Microsoft knows that the open source space has a lot of code, ideas and talent they can legally use, but it seems only the developer-oriented teams (.NET, etc) "get it", and even they are largely bound by the corporate culture of anticompetitive practice.
Windows was bootstrapped with a fair amount of BSDL code, in fact. It's interesting to think how terrible the Windows networking API would be if it hadn't been based on the [already rather bad] Berkeley socket API.
You got modded interesting instead of funny. The mods must know something the rest of us don't.
http://en.wikipedia.org/wiki/Yahooligans
Yeah, because forbidding your remote shell developers to execute binaries is great for their productivity.
My home dir has custom distributions of Java, Python, GCC, etc. and my own scripts, and with noexec I'd be really stuck. I make up for the "security hole" by only allowing myself to log in remotely, and only via pubkey.
If it was that simple, you could argue that Ubuntu Hardy is Windows 7, and since XP compatibility is not an issue, companies should target the "new" platform exclusively.
I suspect that Windows 7 will have an almost WINE-like compatibility system, or at least, it will *have* to in order to keep the base system anywhere near as advanced as modern Linux. And in that context, Linux is simply a much more mature and well-known system, so people may as well just use that.
What I'm saying is, the whole point of Windows is its own legacy. It's not based on interoperable standards. If it is to be replaced by something better, it can only be incrementally better, not a wholesale replacement. As soon as you talk about wholesale replacements, Linux is a much better option than Windows 7 could possibly be.
Windows 7 may even end up being a technical marvel, but by breaking compatibility it will give Linux an even bigger boost than Vista has.
One of the new features of Slashdot's latest upgrade is support for quantum tunneling of posts. Do you like it?
Firstly, NT supports SMP, but it doesn't scale well to utilise it. Windows Server 2008 might be tolerable, but it's not going to compete with current, let alone future, Linux, and the higher the core count, the bigger the divide gets.
Secondly, GCC doesn't care about threading scalability. It's all up to you as the application architect to design a parallel system.
Academic and real-world examples are well known. Once you get the basic ideas down, the vast majority of throughput bottlenecks parallelise out very well, and those that don't never will anyway (e.g. Dynamic Programming algorithms).
In Soviet Microsoft, executives vote to decide *your* behavior.
You missed the point. The competition should remain in the company's products, not in their in-house development and improvements on open source code. So if a company hacks up an internal Firefox extension to integrate with their intranet, they can share the code and perhaps it is useful elsewhere or has ideas and components that are useful elsewhere. Sure, they're giving the rest of the world a free lunch, but if this effort helps create an ecosystem of sharing in all directions, they'll get back 100-1000 times more. It's like joining a club, you pay your way but you get a lot of benefits and everybody subsidises everybody else. Fortunately the open source club can be joined for free, but it is still supported by the people releasing the code.
That's Prof. Geostationary to you, you insensitive clod.
What's wrong with publicly stating the religious body backing OOXML development? Microsoft is very fortunate to have so much support from Hell. Why, if they had to supply their own evil or go through commercial channels, the global evil reserves would dry up overnight.
Ah, but can you prove it via induction? :)