Hopefully the more eyes looking at the source code will mean that more of the security problems will be fixed earlier and that the overall quality of the product will be improved.
I think Microsoft are more worried that it is them that are going to be blown away by Open Source, so they are striking first. Once open source alternatives become standard for home users, it will ruin Microsoft. They are trying to stop the movement before it has too much momentum that it becomes unstoppable. Perhaps patent laws will save them, since they can get them established before anyone cares. Who knows whether they will succeed...
If you do a GRP (Package) install, it takes about 3 hours. You can learn something from it too, so the extra hour or two it takes to install will be help you save an hour later.
Just because a problem is hard or impossible to solve doesn't make it automatically equivalent to the halting problem.
Even if they are equivalent, it doesn't mean that nothing can be done to help the situation. Consider this: It is impossible to write a program which determines if another program halts or not, but it IS possible to determine for some programs that they do halt. For example programs with no control flow statments (jumps) will always halt when they hit the last statement.
In a similar fashion - some programs could be proven to not haven any buffer flows - for example if they do not contain any buffers at all, or else if all the buffer operations are performed via an interface which has been proved to be safe. We don't need to write a program that can check all valid C programs, just one that can determine that there are no buffer overflows in this restricted version of C. If some construct is used that is outside of the subset C this program can find, then it is unknown whether there are buffer overflows, but the programmer can be notified of this and modify their program so that it can be proved ot be safe.
Now the question is, if it is worth confining ourselves in a subset of C just for security? Perhaps for some applications (top secret military work?) the answers is yes, but on the whole probably not.
Alternatively as you pointed out, using a higher level language is a simpler/better solution for most of us.
Regards,
Mark.
Thank you for your reply.
I don't think this is really a practical solution when you don't know how many devices will be used in advance. When a device is unplugged and a new device plugged in, the same device number (sda1) is not reused, even though it is free, so you can in fact exceed the number of USB ports, by swapping devices.
Plus if you copy and paste the line then you will end up with the mount point being the same. If you modify the mount point, then the user is left confused as to where the device has been mounted and will have to use dmesg then cat/etc/fstab to find out. (Is there an easier way?)
Multiple partitions on a drive? This really does break the sda1 argument unless you want to put an upper limit on the number of partitions on a USB drive. Shame, because Windows does not have this problem.
Sure a system administrator could fix these problems or enforce rules on the users so that these problems are avoided, but why should it be so hard in the first place while the Windows way of handling it 'just works'.
I'm not saying that Windows is much better - I just think that they have got it right here. I think that it is possible to fix it in Linux, but not by using the suggested method.
I would propose using a hotplug solution which mounts each device to a fixed location, based on the identity of the device, so that when a user returns it is mounted to the same place as last time. This can be enhanced futher to automatically create icons on the desktop when the device is plugged in.
Basically, for a single user system, fine - you are right, editing fstab as the need arises provides a simple and robust solution. For multiple user systems where users may switch frequently (schools?), I don't think editing fstab is a real solution.
This works until you put your second USB device in and then you realise that you can't access the second device's files at all because it isn't called sda1.
Thanks for clearing that up. It seems unbelievable that it would take 7 years to get a patent through the system, and even then they have not checked it for prior art. But I reread the patent and, yes it is true. If they had reviewed it immediately instead of waiting so long, maybe the prior art would have been easier for them to find.
I agree that referring to IE3 implies that it is an old patent, but why is it dated 'August 31, 2004'. Perhaps the application was written a long time ago but it was only just submitted recently? Am I missing something?
I solve the problem of missing dependencies by using a package manager to automatically download and install dependencies. There are many distros that support this by default, maybe yours does too?
Even then, the real toolbar can be made to appear off the screen (on Gnome), so unless you resize the window, you won't notice that there are two status bars. Even when I disabled all advanced javascript options, the spoof site was still pretty convincing at first glance.
Slashdot Mirror
Hopefully the more eyes looking at the source code will mean that more of the security problems will be fixed earlier and that the overall quality of the product will be improved.
I think Microsoft are more worried that it is them that are going to be blown away by Open Source, so they are striking first. Once open source alternatives become standard for home users, it will ruin Microsoft. They are trying to stop the movement before it has too much momentum that it becomes unstoppable. Perhaps patent laws will save them, since they can get them established before anyone cares. Who knows whether they will succeed...
Tools->Preferences->Browser->Firefox
If you do a GRP (Package) install, it takes about 3 hours. You can learn something from it too, so the extra hour or two it takes to install will be help you save an hour later.
Just because a problem is hard or impossible to solve doesn't make it automatically equivalent to the halting problem. Even if they are equivalent, it doesn't mean that nothing can be done to help the situation. Consider this: It is impossible to write a program which determines if another program halts or not, but it IS possible to determine for some programs that they do halt. For example programs with no control flow statments (jumps) will always halt when they hit the last statement. In a similar fashion - some programs could be proven to not haven any buffer flows - for example if they do not contain any buffers at all, or else if all the buffer operations are performed via an interface which has been proved to be safe. We don't need to write a program that can check all valid C programs, just one that can determine that there are no buffer overflows in this restricted version of C. If some construct is used that is outside of the subset C this program can find, then it is unknown whether there are buffer overflows, but the programmer can be notified of this and modify their program so that it can be proved ot be safe. Now the question is, if it is worth confining ourselves in a subset of C just for security? Perhaps for some applications (top secret military work?) the answers is yes, but on the whole probably not. Alternatively as you pointed out, using a higher level language is a simpler/better solution for most of us. Regards, Mark.
Use the following command:
equery is part of gentoolkit (emerge gentoolkit).
He bought there product and now he is helping advertising it by encouraging others to do the same. That's being pretty nice, I would say.
Thank you for your reply. I don't think this is really a practical solution when you don't know how many devices will be used in advance. When a device is unplugged and a new device plugged in, the same device number (sda1) is not reused, even though it is free, so you can in fact exceed the number of USB ports, by swapping devices. Plus if you copy and paste the line then you will end up with the mount point being the same. If you modify the mount point, then the user is left confused as to where the device has been mounted and will have to use dmesg then cat /etc/fstab to find out. (Is there an easier way?)
Multiple partitions on a drive? This really does break the sda1 argument unless you want to put an upper limit on the number of partitions on a USB drive. Shame, because Windows does not have this problem.
Sure a system administrator could fix these problems or enforce rules on the users so that these problems are avoided, but why should it be so hard in the first place while the Windows way of handling it 'just works'.
I'm not saying that Windows is much better - I just think that they have got it right here. I think that it is possible to fix it in Linux, but not by using the suggested method.
I would propose using a hotplug solution which mounts each device to a fixed location, based on the identity of the device, so that when a user returns it is mounted to the same place as last time. This can be enhanced futher to automatically create icons on the desktop when the device is plugged in.
Basically, for a single user system, fine - you are right, editing fstab as the need arises provides a simple and robust solution. For multiple user systems where users may switch frequently (schools?), I don't think editing fstab is a real solution.
This works until you put your second USB device in and then you realise that you can't access the second device's files at all because it isn't called sda1.
Thanks for clearing that up. It seems unbelievable that it would take 7 years to get a patent through the system, and even then they have not checked it for prior art. But I reread the patent and, yes it is true. If they had reviewed it immediately instead of waiting so long, maybe the prior art would have been easier for them to find.
I agree that referring to IE3 implies that it is an old patent, but why is it dated 'August 31, 2004'. Perhaps the application was written a long time ago but it was only just submitted recently? Am I missing something?
Never use the '-U' (--upgradeonly) switch for emerge. This can break things. Use: emerge -auDv world && revdep-rebuild
Yes please!! Do I need to tell a joke? My email is muzzy@muzzy.dk
Has anyone tried Mute? This is anonymous P2P. I don't use it myself. http://mute-net.sourceforge.net/
Thats what the niceness setting is for. Try it.
I solve the problem of missing dependencies by using a package manager to automatically download and install dependencies. There are many distros that support this by default, maybe yours does too?
Even then, the real toolbar can be made to appear off the screen (on Gnome), so unless you resize the window, you won't notice that there are two status bars. Even when I disabled all advanced javascript options, the spoof site was still pretty convincing at first glance.