There is probably nothing inherently more expensive about an SEM than about a lot of consumer electronics. What makes those kinds of devices expensive is that their market is small: small sales volumes means develoment and fixed production costs cannot be spread over many units.
Google's web cache and USENET archives are already skirting the edges of copyright law, because Google is copying, for commercial gain, content that is clearly not in the public domain and content for which nobody has ever given them permission to copy it. If they do this with Gmail, at least it's voluntary and explicit.
Of course, if you are worried about E-mail getting archived and falling into the wrong hands, well, there is nothing you can do. Everything you create on-line risks being stored and backed up somewhere. The only way you can be reasonably sure that you aren't being recorded is in a face-to-face meeting in a reasonably secure place and with a person you know and trust.
speculates in his blog that the real product Google is creating isn't web search or email, but a massively scalable, distributed computing platform.
That would be a bad business move: that's a small market. Furthermore, just because their product works well in-house doesn't mean it makes a good software or service product.
So what? It's usually possible to construct a bunch of theories that all describe one particular phenomena (though they don't agree on all phenomena). Should we stop observing phenomena? [...] Well, we should always ask whether a given experiment is worth its cost. But we don't do experiments merely to judge between competing hypotheses. If GPB measured frame-dragging whose magnitude was incontroveribly different from that predicted by GR, then we'd know we'd have to develop a "decent alternative hypothesis" -- even if we don't have any now -- because GR would simply be wrong.
When was the last time you dug in your yard to see whether there was a buried treasure there? I bet you haven't: you make the reasonable assumption that there is no treasure buried there and digging costs valuable time. Until you receive additional information, the cost is simply not worth the expected benefit.
When we have a choice, we don't do things merely because we might find things, we do things because we think that there is reasonable probability that they are successful. I don't see that "reasonable probability" for these experiments. When an experiment costs hundreds of millions of dollars, money that could be used for other research with a far larger probability of finding results, we need to do this kind of cost-benefit analysis.
Besides, while many of them have frame dragging, they don't all agree on the amount of frame dragging. GPB is sensitive enough to measure the strength of the dragging.
Yes, and what are those alternatives? Are they plausible? By how much do they differ? Can't we distinguish between them more cheaply? I haven't seen a good justification of the experiment in terms of such an analysis. In fact, anything I can find on NASA's site just talks about "verifying two extraordinary predictions of Einstein's theory" and "testing Einstein's theory".
If you know of a paper (maybe on ArXiv) that actually looks at the possible alternative theories that this experiment lets us distinguish, then please point at it, because most of the justifications of this experiments seem to be fluff.
neither necessary nor sufficient
on
Gates on Winsecurity
·
· Score: 2, Informative
says that Microsoft is 'working with microprocessor companies, including Intel and AMD, to help Windows...support hardware-enforced data execute protection (also known as NX, or no execute)'
Marking pages as being executable or not has been a feature of many processor families for decades. It's generally a useful feature, but it is neither necessary nor sufficient for making opearting systems secure: after all, Linux, BSD, and Solaris manage to be much more secure than Windows running on the same processors.
Bitch to whoever decided that that app should have an installer.
You think people write installers for fun? They usually write them because they don't have a choice, because the OS lacks some piece of functionality or other that lets the system adapt dynamically.
Besides, Mac-style drag-and-drop installs have their own problems: they don't get updated properly and they don't verify or deal with dependencies on install; they just dump the mess into the user's lap.
If MS Office can be a drag and drop install, almost anything can.
You got it backwards: the bigger and less integrated a package is, the less it needs an installer. After all, a 500M package can just carry all its own libraries with it and not worry about the fact that it will be out of sync with the rest of the world.
So create another disk image, run the installer, and point it at your new image. Once mounted, a disk image is just another volume.
Yes, and your shiny, new disk image will contain lots of references to paths and other configuration data that you ran the installer on originally. So, you have a disk image, but it won't run correctly.
Many theories of gravity, even those disagreeing wildly with GR, have frame dragging. If there are no decent alternative hypotheses that make different predictions, is it really worth spending hundreds of millions of dollars on conducting this experiment?
Yes, it's nice to include all the dependencies in a single directory. However, there is a reason why not every Gnome desktop accessory includes 500M of Gnome libraries--disk space is cheap, but it isn't that cheap.
Something like Zero Install should be combined with some form of duplicate file detection or duplicate block detection and sharing. Furthermore, to avoid a lot of tricky bookkeeping, there should be copy-on-write. And that kind of functionality really is best implemented in the file system itself. So, something to think about for the next major release of "ext". (Note that Microsoft is implementing something like this, but they certainly weren't the first to come up with it.)
Note that the same thing should also happen on downloads: you only download application components you don't already have locally. NFS isn't a good protocol for that, but WebDAV could handle it.
Yes, someone should indeed point that out to Steve Jobs. Many Mac applications these days come with installers that drop bits all over the file system, and many of those don't come with clean uninstallers, making the problem worse.
This is why the japanese should build up a military. We'd have mechs walking around and defending tokyo from alien invasions in no time.
I hope they can attract the alien invasion to go along with the military--after all, that would quickly resolve the scientific question of whether there is intelligent life (elsewhere?) in the universe.
Such passports include fingerprint and iris identification features that make the documents virtually impossible to counterfeit. U.S. passports haven't been upgraded with those features yet, either.
Until the US implements its own biometric passports, this is pointless from a security point of view--terrorists will just forge US passports and enter the US with even shorter lines. So, the stated reason makes no sense.
That means that either the Bush administration is stupid or that they are doing this deliberately to annoy the Europeans. We know better, but European politicians will naturally assume the latter and view it as a deliberate statement by the US that the US wishes to cool relations with Europe.
The same could be said for any security measure that you come up with.
No, the same could not be said for any security measure. Some security measures actually would be effective in preventing the harm terrorism does: secure cockpit doors, remote control of passenger airplanes, replacing air travel by other means of transportation, etc. But those require investments by the airlines, whereas these ineffective measures just require spending your tax dollars.
I'm a lot less disturbed by this "strong authentication" of foreign travellers to the U.S. than I am of all the policies applying to U.S. citizens with no oversight or public review.
Well, you should be disturbed by them. Contrary to what you may have been led to believe, most of the protections of the US Constitution are not limited to US citizens, they were intended to apply to all people within its jurisdiction.
But, apart from such legal and political technicalities, think about what both these kinds of policies and your kind of statements send to the world. Basically, they are saying "we don't care about the rights of others; other nations are second class as far as we are concerned; we can treat you like shit, in ways we wouldn't treat our own worst criminals" (foreign visitors to the US already have very few of the legal protections and protection against unreasonable government actin that even US criminals have).
That kind of treatment has grave consequences for the US. You can bet that European voters who visit the US will increasingly vote for politicians that are not friendly towards the US because of this kind of treatment--what point is there in supporting a nation that commits such gross violations of privacy and treats its allies like that?).
Furthermore, tourism to the US will probably drop even further, and tourism is of huge economic importance to the US. That's not just because of the increasing invonvenience involved in traveling to the US. It's also because many of the visitors that the US attracts come because the US has a certain mystique as the "land of the free", but that image is hard to maintain if people who come here are fingerprinted, recorded, screened, and tracked.
Fine, but that's always going to be true, no matter what you do - none of us are omniscient, after all.
So? Less ignorance is still better than more ignorance.
This would be a good place to show how someone else buying a diamond hurts you personally.
Easy. DeBeers sells roughly $5.5 billion dollars per year. What economic activity does that create? Destructive mining in Africa, lots of security jobs (many of them non-US), lots of marketing, lots of real estate investment. It would do you and me and anybody else in the US a whole lot of good if that kind of money instead went into R&D jobs and manufacturing. In particular R&D spending generates far more economic activity per dollar and a far bigger increase in our standard of living than a dollar spent on digging up African mud.
Saying, for example, that buying diamonds is "lining the pockets of DeBeers" is one of those trivially true things that doesn't tell anyone they didn't already know.
I bet most people don't know that and don't think about it when buying a diamond. Furthermore, I suspect that most people don't think about what many other people really think of them when they buy certain products that are marketed as "luxury products for image-conscious buyers". We will just have to agree to disagree on our assessments here.
Why would you assume that people happen to share your values, particularly those people who have decided to go out and buy a diamond? It's all well and good to talk about the bad things that happen when people don't have all the available information, but when you talk about specific decisions, you really have no way of knowing what information those people have,
I don't have to know because it doesn't matter. If I want to convince you of not doing something by saying "don't do X because it leads to Y", there is no point in explicitly addressing the case where you actually like "outcome Y"--presumably, you'll figure that one out for yourself, and if you don't, all the better as far as I'm concerned.
Same deal: you're simply assuming that people who don't act in accordance with what you think is the optimal course are lacking information you have.
No, I merely don't care about those other people in making statements. That's not a personal foible, it's the way language works in the real world.
If you act in some way because you lack information or haven't reasoned something through, I can convince you. If you have all the information and have reasoned things through for yourself, and you act differently because you have different preferences, then there is no point in taking you into account in such an argument at all.
If the government were to expend less effort pursuing and punishing those who exploit software flaws, then consumers would become less willing to pay for insecure software. (And as a side-effect, FBI agents would have more time to hunt actual terrorists)
Yes, I agree completely. While there may be some cases where police enforcement against "cyber criminals" may be justified, but if a company chooses software with frequent and significant security holes, the consequences of their choices should be theirs alone to bear.
Wouldnt it just be easier to pass laws making software vendors responsible for the bugs that they produce instead of spending our tax money to provide a shelter for insecure code?
Security is an engineering tradeoff, just like speed and usability. I don't want every software vendor to have to conform to the highest level of security out of fear of getting sued.
The people who should worry about this sort of thing are the buyers of software. If your car mechanic can't fix your car in time because his PC got broken into, you go to a different car mechanic and he will go out of business. If a hotel can't accept reservations because their reservation system got hacked, they go out of business. For small businesses, those kinds of feedback mechanisms work pretty directly and after that sort of thing has happened once to a small business owner, they'll generally have learned their lessons.
The problem is with non-competitive markets: many people have to buy Windows no matter how insecure it is because the software they need only runs on Windows. And you can't change airlines or banks just because they keep having security problems--there are too few of them around.
If we create efficient, competitive markets in software, banking, airlines, etc., then the security of software will adjust to the optimal levels demanded by the market. Our problem is not lack of government regulation, it is lack of efficient markets.
In short, if we want secure software, the government should simply get more aggressive on anti-trust enforcement again. And they should do so first of all against Microsoft so that buyers have a real choice. That's the sort of government activity we need, not bogus "security standards" which aren't going to work anyway.
These companies are basically trying to erect additional barriers to entry into the software market: costly certification and training requirements, costly documentation requirements, etc. They know that they can satisfy them, but a small software vendor or an OSS project can't.
And they make those recommendations knowing full well that they won't work. If they knew how to make more secure software, they'd already be doing it. A bit of training and certification just is not sufficient for making software more secure.
what seemed to be a reasonable plan of action [...] However, at this early stage I see nothing more than an attempt to codify a national stance on computer security.
What's there to "codify"? What's reasonable about it? There is not a shred of evidence that the "strategy" described in the report will do anything to improve security.
At this point, we have to conclude that people continue to buy insecure software either (1) because they don't have a choice because of Microsoft's monopoly, or (2) because they don't care about security. If (1) applies, then the solution is to break up Microsoft's monopoly and give people a choice in software; then they can pick the level of security they like. If (2) applies, then what business does the government have to force a level of security into products that buyers don't want?
Maybe those are the scariest lines for a paranoid schizophrenic, or for an anarchist who would prefer to settle all disputes with guns or fists.
Normal people have a more nuanced view of the world and look for context. For example, they might be happy that a bad marriage is over and they can go on with their life, and they might be happy to receive that disaster relief check from FEMA or to have the EPA follow up on some report of pollution by a company in the area.
Developers should use processes that consistently produce secure software.
Yes, they should. Why don't they? Because nobody really knows how to do that. And the things we do know how to do don't get done because they cost money.
While government regulation makes sense in many areas, in this one it doesn't. A far better approach would be a free market approach: if the product is defective (i.e., if it crashes, if it has a security hole, etc.), you should get your money back. Of course, companies like Microsoft and Sun know they would be bankrupt if they had to take financial responsibility for the harm they cause.
Those are two very different technologies. The first one points to an article about cortical (brain) stimulation. The second one points to an article about retinal stimulation.
That's a very old idea. In fact, it was one of the motivations behind creating spectrograms. Unfortunately, when it was tried, real-world users just had too many problems with it for it to be useful. Maybe it's worth giving it another try, with a modern handheld computer and better UI, but I wouldn't get my hopes up.
Microsoft doesn't just settle for $2bn if there isn't something big in it for them. That's not a matter of money for Microsoft, it's a matter of pride.
What this really amounts to is that Sun is going downhill fast and Microsoft is effectively buying the assets. Sun gets a $2bn infusion of cash and lays of 3300 people. In return, Microsoft gets cross-licenses to Sun's patents. Why would Microsoft be interested in this? Because Sun has lots of patents on Java and VM related technologies that Sun could use to create problems for Microsoft's C#/.NET effort.
If it wasn't already clear to you that Sun was an unreliable partner for OSS work, this "settlement" should bring it into focus.
These "power users," if they're smart enough to know how to configure CUPS on Linux, are presumably smart enough to figure out how to do the same thing on Mac OS X, right?
It has nothing to do with "smarts", but with complexity and implementation. Where are the printer drivers on MacOS? How are they implemented? How do you test them when something goes wrong? On Linux, BSD, and UNIX, the answer is simple: it's all handled through command linte filters. They are easy to test, easy to modify, easy to script, easy to replace. MacOS, in contrast, in addition to CUPS, has the old Mac printing architecture and, in addition, presumably uses a completely different means of turning programmatic output into bitmaps for printers.
So in this particular instance, at least, your "power users" lose nothing by using a Mac and gain a great GUI.
What "great GUI"? Judging by the problems friends have had with it ("the rest of us"), the native MacOS X GUI for printer management is a usability disaster. The Macintosh printing GUI is an example of how a bad GUI is worse than none at all, and it's an example that, while Apple often does decent GUI work, sometimes they just screw up badly.
While a Qt/X11-based version of Qtopia has been worked on, OpenZaurus still seems to be based on Qt/Embedded. They do distribute TinyX as an add-on, but having an X server as an add-on to Qt/Embedded nowhere near as good as having the Qtopia applications actually interoperate with X11 applications.
If you have to reflash the ROM, that kind of destroys the appeal of having a supported, ready-made solution from a commercial vendor. After all, why get a Zaurus? I could also reflash an iPaq.
Slashdot Mirror
There is probably nothing inherently more expensive about an SEM than about a lot of consumer electronics. What makes those kinds of devices expensive is that their market is small: small sales volumes means develoment and fixed production costs cannot be spread over many units.
Google's web cache and USENET archives are already skirting the edges of copyright law, because Google is copying, for commercial gain, content that is clearly not in the public domain and content for which nobody has ever given them permission to copy it. If they do this with Gmail, at least it's voluntary and explicit.
Of course, if you are worried about E-mail getting archived and falling into the wrong hands, well, there is nothing you can do. Everything you create on-line risks being stored and backed up somewhere. The only way you can be reasonably sure that you aren't being recorded is in a face-to-face meeting in a reasonably secure place and with a person you know and trust.
speculates in his blog that the real product Google is creating isn't web search or email, but a massively scalable, distributed computing platform.
That would be a bad business move: that's a small market. Furthermore, just because their product works well in-house doesn't mean it makes a good software or service product.
So what? It's usually possible to construct a bunch of theories that all describe one particular phenomena (though they don't agree on all phenomena). Should we stop observing phenomena? [...] Well, we should always ask whether a given experiment is worth its cost. But we don't do experiments merely to judge between competing hypotheses. If GPB measured frame-dragging whose magnitude was incontroveribly different from that predicted by GR, then we'd know we'd have to develop a "decent alternative hypothesis" -- even if we don't have any now -- because GR would simply be wrong.
When was the last time you dug in your yard to see whether there was a buried treasure there? I bet you haven't: you make the reasonable assumption that there is no treasure buried there and digging costs valuable time. Until you receive additional information, the cost is simply not worth the expected benefit.
When we have a choice, we don't do things merely because we might find things, we do things because we think that there is reasonable probability that they are successful. I don't see that "reasonable probability" for these experiments. When an experiment costs hundreds of millions of dollars, money that could be used for other research with a far larger probability of finding results, we need to do this kind of cost-benefit analysis.
Besides, while many of them have frame dragging, they don't all agree on the amount of frame dragging. GPB is sensitive enough to measure the strength of the dragging.
Yes, and what are those alternatives? Are they plausible? By how much do they differ? Can't we distinguish between them more cheaply? I haven't seen a good justification of the experiment in terms of such an analysis. In fact, anything I can find on NASA's site just talks about "verifying two extraordinary predictions of Einstein's theory" and "testing Einstein's theory".
If you know of a paper (maybe on ArXiv) that actually looks at the possible alternative theories that this experiment lets us distinguish, then please point at it, because most of the justifications of this experiments seem to be fluff.
says that Microsoft is 'working with microprocessor companies, including Intel and AMD, to help Windows...support hardware-enforced data execute protection (also known as NX, or no execute)'
Marking pages as being executable or not has been a feature of many processor families for decades. It's generally a useful feature, but it is neither necessary nor sufficient for making opearting systems secure: after all, Linux, BSD, and Solaris manage to be much more secure than Windows running on the same processors.
Bitch to whoever decided that that app should have an installer.
You think people write installers for fun? They usually write them because they don't have a choice, because the OS lacks some piece of functionality or other that lets the system adapt dynamically.
Besides, Mac-style drag-and-drop installs have their own problems: they don't get updated properly and they don't verify or deal with dependencies on install; they just dump the mess into the user's lap.
If MS Office can be a drag and drop install, almost anything can.
You got it backwards: the bigger and less integrated a package is, the less it needs an installer. After all, a 500M package can just carry all its own libraries with it and not worry about the fact that it will be out of sync with the rest of the world.
So create another disk image, run the installer, and point it at your new image. Once mounted, a disk image is just another volume.
Yes, and your shiny, new disk image will contain lots of references to paths and other configuration data that you ran the installer on originally. So, you have a disk image, but it won't run correctly.
Many theories of gravity, even those disagreeing wildly with GR, have frame dragging. If there are no decent alternative hypotheses that make different predictions, is it really worth spending hundreds of millions of dollars on conducting this experiment?
Yes, it's nice to include all the dependencies in a single directory. However, there is a reason why not every Gnome desktop accessory includes 500M of Gnome libraries--disk space is cheap, but it isn't that cheap.
Something like Zero Install should be combined with some form of duplicate file detection or duplicate block detection and sharing. Furthermore, to avoid a lot of tricky bookkeeping, there should be copy-on-write. And that kind of functionality really is best implemented in the file system itself. So, something to think about for the next major release of "ext". (Note that Microsoft is implementing something like this, but they certainly weren't the first to come up with it.)
Note that the same thing should also happen on downloads: you only download application components you don't already have locally. NFS isn't a good protocol for that, but WebDAV could handle it.
Yes, someone should indeed point that out to Steve Jobs. Many Mac applications these days come with installers that drop bits all over the file system, and many of those don't come with clean uninstallers, making the problem worse.
This is why the japanese should build up a military. We'd have mechs walking around and defending tokyo from alien invasions in no time.
I hope they can attract the alien invasion to go along with the military--after all, that would quickly resolve the scientific question of whether there is intelligent life (elsewhere?) in the universe.
Such passports include fingerprint and iris identification features that make the documents virtually impossible to counterfeit. U.S. passports haven't been upgraded with those features yet, either.
Until the US implements its own biometric passports, this is pointless from a security point of view--terrorists will just forge US passports and enter the US with even shorter lines. So, the stated reason makes no sense.
That means that either the Bush administration is stupid or that they are doing this deliberately to annoy the Europeans. We know better, but European politicians will naturally assume the latter and view it as a deliberate statement by the US that the US wishes to cool relations with Europe.
The same could be said for any security measure that you come up with.
No, the same could not be said for any security measure. Some security measures actually would be effective in preventing the harm terrorism does: secure cockpit doors, remote control of passenger airplanes, replacing air travel by other means of transportation, etc. But those require investments by the airlines, whereas these ineffective measures just require spending your tax dollars.
I'm a lot less disturbed by this "strong authentication" of foreign travellers to the U.S. than I am of all the policies applying to U.S. citizens with no oversight or public review.
Well, you should be disturbed by them. Contrary to what you may have been led to believe, most of the protections of the US Constitution are not limited to US citizens, they were intended to apply to all people within its jurisdiction.
But, apart from such legal and political technicalities, think about what both these kinds of policies and your kind of statements send to the world. Basically, they are saying "we don't care about the rights of others; other nations are second class as far as we are concerned; we can treat you like shit, in ways we wouldn't treat our own worst criminals" (foreign visitors to the US already have very few of the legal protections and protection against unreasonable government actin that even US criminals have).
That kind of treatment has grave consequences for the US. You can bet that European voters who visit the US will increasingly vote for politicians that are not friendly towards the US because of this kind of treatment--what point is there in supporting a nation that commits such gross violations of privacy and treats its allies like that?).
Furthermore, tourism to the US will probably drop even further, and tourism is of huge economic importance to the US. That's not just because of the increasing invonvenience involved in traveling to the US. It's also because many of the visitors that the US attracts come because the US has a certain mystique as the "land of the free", but that image is hard to maintain if people who come here are fingerprinted, recorded, screened, and tracked.
Fine, but that's always going to be true, no matter what you do - none of us are omniscient, after all.
So? Less ignorance is still better than more ignorance.
This would be a good place to show how someone else buying a diamond hurts you personally.
Easy. DeBeers sells roughly $5.5 billion dollars per year. What economic activity does that create? Destructive mining in Africa, lots of security jobs (many of them non-US), lots of marketing, lots of real estate investment. It would do you and me and anybody else in the US a whole lot of good if that kind of money instead went into R&D jobs and manufacturing. In particular R&D spending generates far more economic activity per dollar and a far bigger increase in our standard of living than a dollar spent on digging up African mud.
Saying, for example, that buying diamonds is "lining the pockets of DeBeers" is one of those trivially true things that doesn't tell anyone they didn't already know.
I bet most people don't know that and don't think about it when buying a diamond. Furthermore, I suspect that most people don't think about what many other people really think of them when they buy certain products that are marketed as "luxury products for image-conscious buyers". We will just have to agree to disagree on our assessments here.
Why would you assume that people happen to share your values, particularly those people who have decided to go out and buy a diamond? It's all well and good to talk about the bad things that happen when people don't have all the available information, but when you talk about specific decisions, you really have no way of knowing what information those people have,
I don't have to know because it doesn't matter. If I want to convince you of not doing something by saying "don't do X because it leads to Y", there is no point in explicitly addressing the case where you actually like "outcome Y"--presumably, you'll figure that one out for yourself, and if you don't, all the better as far as I'm concerned.
Same deal: you're simply assuming that people who don't act in accordance with what you think is the optimal course are lacking information you have.
No, I merely don't care about those other people in making statements. That's not a personal foible, it's the way language works in the real world.
If you act in some way because you lack information or haven't reasoned something through, I can convince you. If you have all the information and have reasoned things through for yourself, and you act differently because you have different preferences, then there is no point in taking you into account in such an argument at all.
If the government were to expend less effort pursuing and punishing those who exploit software flaws, then consumers would become less willing to pay for insecure software. (And as a side-effect, FBI agents would have more time to hunt actual terrorists)
Yes, I agree completely. While there may be some cases where police enforcement against "cyber criminals" may be justified, but if a company chooses software with frequent and significant security holes, the consequences of their choices should be theirs alone to bear.
Wouldnt it just be easier to pass laws making software vendors responsible for the bugs that they produce instead of spending our tax money to provide a shelter for insecure code?
Security is an engineering tradeoff, just like speed and usability. I don't want every software vendor to have to conform to the highest level of security out of fear of getting sued.
The people who should worry about this sort of thing are the buyers of software. If your car mechanic can't fix your car in time because his PC got broken into, you go to a different car mechanic and he will go out of business. If a hotel can't accept reservations because their reservation system got hacked, they go out of business. For small businesses, those kinds of feedback mechanisms work pretty directly and after that sort of thing has happened once to a small business owner, they'll generally have learned their lessons.
The problem is with non-competitive markets: many people have to buy Windows no matter how insecure it is because the software they need only runs on Windows. And you can't change airlines or banks just because they keep having security problems--there are too few of them around.
If we create efficient, competitive markets in software, banking, airlines, etc., then the security of software will adjust to the optimal levels demanded by the market. Our problem is not lack of government regulation, it is lack of efficient markets.
In short, if we want secure software, the government should simply get more aggressive on anti-trust enforcement again. And they should do so first of all against Microsoft so that buyers have a real choice. That's the sort of government activity we need, not bogus "security standards" which aren't going to work anyway.
rather than a scheme for total world domination.
These companies are basically trying to erect additional barriers to entry into the software market: costly certification and training requirements, costly documentation requirements, etc. They know that they can satisfy them, but a small software vendor or an OSS project can't.
And they make those recommendations knowing full well that they won't work. If they knew how to make more secure software, they'd already be doing it. A bit of training and certification just is not sufficient for making software more secure.
what seemed to be a reasonable plan of action [...] However, at this early stage I see nothing more than an attempt to codify a national stance on computer security.
What's there to "codify"? What's reasonable about it? There is not a shred of evidence that the "strategy" described in the report will do anything to improve security.
At this point, we have to conclude that people continue to buy insecure software either (1) because they don't have a choice because of Microsoft's monopoly, or (2) because they don't care about security. If (1) applies, then the solution is to break up Microsoft's monopoly and give people a choice in software; then they can pick the level of security they like. If (2) applies, then what business does the government have to force a level of security into products that buyers don't want?
Maybe those are the scariest lines for a paranoid schizophrenic, or for an anarchist who would prefer to settle all disputes with guns or fists.
Normal people have a more nuanced view of the world and look for context. For example, they might be happy that a bad marriage is over and they can go on with their life, and they might be happy to receive that disaster relief check from FEMA or to have the EPA follow up on some report of pollution by a company in the area.
Developers should use processes that consistently produce secure software.
Yes, they should. Why don't they? Because nobody really knows how to do that. And the things we do know how to do don't get done because they cost money.
While government regulation makes sense in many areas, in this one it doesn't. A far better approach would be a free market approach: if the product is defective (i.e., if it crashes, if it has a security hole, etc.), you should get your money back. Of course, companies like Microsoft and Sun know they would be bankrupt if they had to take financial responsibility for the harm they cause.
Those are two very different technologies. The first one points to an article about cortical (brain) stimulation. The second one points to an article about retinal stimulation.
That's a very old idea. In fact, it was one of the motivations behind creating spectrograms. Unfortunately, when it was tried, real-world users just had too many problems with it for it to be useful. Maybe it's worth giving it another try, with a modern handheld computer and better UI, but I wouldn't get my hopes up.
Microsoft doesn't just settle for $2bn if there isn't something big in it for them. That's not a matter of money for Microsoft, it's a matter of pride.
What this really amounts to is that Sun is going downhill fast and Microsoft is effectively buying the assets. Sun gets a $2bn infusion of cash and lays of 3300 people. In return, Microsoft gets cross-licenses to Sun's patents. Why would Microsoft be interested in this? Because Sun has lots of patents on Java and VM related technologies that Sun could use to create problems for Microsoft's C#/.NET effort.
If it wasn't already clear to you that Sun was an unreliable partner for OSS work, this "settlement" should bring it into focus.
These "power users," if they're smart enough to know how to configure CUPS on Linux, are presumably smart enough to figure out how to do the same thing on Mac OS X, right?
It has nothing to do with "smarts", but with complexity and implementation. Where are the printer drivers on MacOS? How are they implemented? How do you test them when something goes wrong? On Linux, BSD, and UNIX, the answer is simple: it's all handled through command linte filters. They are easy to test, easy to modify, easy to script, easy to replace. MacOS, in contrast, in addition to CUPS, has the old Mac printing architecture and, in addition, presumably uses a completely different means of turning programmatic output into bitmaps for printers.
So in this particular instance, at least, your "power users" lose nothing by using a Mac and gain a great GUI.
What "great GUI"? Judging by the problems friends have had with it ("the rest of us"), the native MacOS X GUI for printer management is a usability disaster. The Macintosh printing GUI is an example of how a bad GUI is worse than none at all, and it's an example that, while Apple often does decent GUI work, sometimes they just screw up badly.
While a Qt/X11-based version of Qtopia has been worked on, OpenZaurus still seems to be based on Qt/Embedded. They do distribute TinyX as an add-on, but having an X server as an add-on to Qt/Embedded nowhere near as good as having the Qtopia applications actually interoperate with X11 applications.
If you have to reflash the ROM, that kind of destroys the appeal of having a supported, ready-made solution from a commercial vendor. After all, why get a Zaurus? I could also reflash an iPaq.