When a password is compromised, it allows corporate assets to be accessed.
There are two things that they put this restriction in place for.
One is because once a hacker gains access to a system, you don't want the hacker to have access to it indefinitely.
The other is that users tend to use a single password for every system, and in some cases databases or memory dumps have to be sent to software vendors or, worse, open source groups for diagnosis.
These databases or dumps could contain sensitive data such as passwords, etc. and if someone finds a dump in google from 10 years ago, or if the company/group you sent your database or dump to doesn't dispose of the data in a secure way (or even if they just don't store it in a secure way) then at least it's likely that they have a dated copy of the passwords that they can't use to access current systems.
If you want to complain, the real problem is that companies don't require ISV's to secure the passwords adequately in the databases they are stored in. If the passwords were secure in the databases in the first place, then it wouldn't be as big of a deal.
Providing the capability to view an access log also helps a lot. This needs to be viewable by users and not just the admin, but only for themselves. If you're out sick or whatever, you're a lot more likely to notice an unauthorized access in a log than your boss or a security admin would be.
The big issue I have is the requirement for things like at least one upper and one lower case letter, at least one number, at least one of "$_.!". I would rather see a test that looked for dictionairy attacks, etc. because each requirement like this excludes billions of possible combinations that the hacker has to try.
Pop in any DVD, read the FBI warning at the front.
The FBI will become involved if you give them a ring and can give enough evidence that someone is intentionally and systematically violating your copyright. A Cease and Desist/lawsuit doesn't discourage people as much as 10 years in jail does.
Read the article -- 15 games installed on the hard drive, not one DVD provided with it. Mod chip allowed the games to run without the disks.
So essentially this is $15 x $40 = $600 of software per unit they sold, and they had a few units on display and obviously were making more, so you're talking making a business off of selling that $600 of stolen product multiple times.
Nothing heroic, nothing right about doing this. It's stealing directly $600 per unit from the developers, if they sold 10 units or 100 units, that's pretty significant in terms of lost sales, etc.
Application level security is the only thing that fixes the problem, although a lot of Linux users are pretending this issue won't impact them.
When you install a RPM, you often have to change to root. This is the same way the spyware gets in on Windows in the vast majority of cases (yes, some comes in through exploits or worms, but most of it comes attached with a program that a user chooses to install).
You can say don't log on as root, and that's a fine solution, except it doesn't fix anything. All your documents, all your processes are still open to any program that you run. Any network rights you have, any shares you have, all those are still available to any program that you run.
My arguement is that no application, ever, should be able to touch any file in/etc,/lib,/sbin,/bin, etc. regardless of what user is logged in, regardless of if it is root, without having been directly given permission to do so by the active user.
My arguement is that I should have to tell a program that it is allowed to connect to internet before it can exert that practice. If a program watns to "go into the background," I should have some say in that.
Application level security is an absolute requirement in order to cut these things off, and will help a lot with worms, viruses, etc.
Keep in mind the GPL is just an EULA with a different name: End User License Agreement - EULA General Program License Agreement - GPL
When the GPL works in the communities favor, licensing is a good thing. When a spyware uses the same mechanism to "authorize" it's use, it's a bad thing.
Application Level Security fixes this problem. Why does program A have permission to remove program B without prompting the user during an install in the first place?
It's an OS level issue, not a legal one. The OS shouldn't allow this behavior (or most of the rest of what spyware does) in the first place, regardless of the user under which the software is run and regardless of the EULA.
A future version (presumably 7.x) will be able to run either on BeOS or Linux. If you're familiar with BeOS, it's kernel is very Unix-like anyway. Devices are in/dev, etc. so really this isn't as extreme as it sounds.
Palm snapped up BeOS so it could get better multimedia support and somewhat better device support. It also brought a full C runtime library to PalmOS, as well as better file system support. BeOS was always fast and lightweight.
It's served this purpose, but 6.x device adoption rate has been extremely slow. Manufacturers continue to ship 5.x devices.
Meanwhile Microsoft and Linux chip away at market share.
A lot of companies aren't picking Linux for their PDA's because it's open source, or because they think it will be popular. A lot of them are picking it up because it has support for the peripherals attached to their devices, and a lot are picking it up because there is a huge mind share that knows how to write device drivers.
But running Linux means having to develop a UI, etc. Not being based off of the two "standard" UI's (Microsoft's and Palms) limits your ability to get software onto the shelves at retail chains.
Most PalmOS software is distributed on CDroms that are almost entirely empty. If it is a matter of compiling from Eclipse and copying the files onto the CD Rom, most vendors will do that for software to support the new devices.
Shareware authors, open source programers, etc. will gladly distribute binaries for multiple architectures, if it's just a matter of a check box in Eclipse.
So what you've got is a win for PalmSource (they sell more PalmOS), a win for Linux (it gets more devices) and a win for software developers (who need only develop to PalmOS to run on Linux devices).
Lenova bought the ThinkPad and ThinkCenter names. The full press release from IBM says that the eventual goal is for the PC's to be named Lenova ThinkPad and Lenova ThinkCenter. Only the IBM label has a time period.
IBM hasn't manufactured its own PCs in years, it has outsourced the manufacturing. A 20% stake in a company that is actually manufacturing PCs is comparable, if not even an improvement, over their current situation I would imagine.
Meanwhile, the last real expansion market for PCs and laptops is Asia, and Lenova, being an asian company, has a huge leg up in that region over other companies. People in Asia want to buy Asian PCs running Asian OSes, they don't want to buy from US manufacturers and be dependent on the US or Microsoft. There've been numerous articles about this lately in the news and on slashdot.
It's a win for IBM, and it's a win for Lenova who goes overnight from a 2% market share to 80% stake in a 7% market share. IBM is at 5% market share and stable, and the decision isn't likely to impact that number much at all. They've been struggling to get any money out at all, with all the outsourcing, for years.
The real solution for this remains application level security, something neither Windows nor Linux has.
An untrusted application, regardless of if it is built from source, received by e-mail, or appears on your hard drive from God himself needs to be viewed with sceptisism until you can verify the source.
So long as operating systems depend solely on user level security to prevent attacks, the brainless monkeys sitting between the keyboard and the screen will click and run the applications.
Is it an issue on Linux? It will be, regardless of what anyone on/. says to the contrary. Go join (any project)-devel, and wait a couple hours, and you'll see:
From: Some Clueless Newbie (newbie@hotmail.com) subj: HELP?!!!!!!!!!!!!!!!!!! date: today I can't compile! please help!
Note that the clueless newbie won't give any accurate information on their problem (so that anyone can help), and will usually repeat their message 8 to 10 times over a 4 day period of time, ignoring all the replies of "what do you need?"
If I responded to the newbie's problem with a root kit attached to the end of an e-mail message and told them to run it, they would.
You can say that's not the average Linux user, and I'll agree with you, but the fact someone has taken a Linux distros CD and popped it in their drive in no way causes a brain to sprout in their head if there was not previously one there.
There are Linux programs, and I know you've seen them, that suggest that you run them as root so they can access video and audio. While you can just grant access to these devices, and adjust the Linux configuration so root isn't required, it's a lot faster solution to tell the people to run as root, and tech support looks for fast fixes.
This is what has happened on Windows, and if you believe Linux is going to displace Windows, you'll expect the same thing to happen there.
Most Windows NT distributions (I'm not sure about XP Home) in fact do ask for you to create a separate user account unless you're in a domain. The issue is that software is often poorly written, and requires access that it shouldn't, and so the user's run as admin to run that software.
But at any rate, letting a user be compromised is only academically better than letting the entire system be compromised.
Oddly enough, Microsoft's version of OS/2 supported this feature a very long time ago. And oddly enough, NT still has infrastructure support on NTFS for the OS/2 mechanism for handling this.
You are kidding yourself if you think that this would have any impact.
URI/URL is no more secure than MIME, because the problem is the ignorant monkey sitting between the keyboard and the screen who has been conditioned to click anything.
It's pretty clear that the spammers and the people writing the various trojans, worms, etc. are more than capable of compromising FTP servers or using zombies as FTP servers. Once they have the zombie, they can turn off fire walls, scanners, etc. so that they can get access to what they need.
Then they can send a URL like: ftp://www.microsoft.com@compromised.machine .net:91 23/file/whatever
The issue isn't MIME, the issue isn't attachment, the issue is the brainless monkey sitting between the keyboard and the screen who clicks on things.
You know the pop-ups, banner ads, etc. that look like Windows message boxes?
That's the target market for trojans. The people who will believe that the graphic really is Windows trying to tell them something important in a banner advertisement.
First of all, the earth is coming out of an ice age. In geologic terms, the ice ages were yesterday, and the day before it was hot and sunny. Right now, we're in spring after the ice age, and it's hard to predict if we've reached summer or not, but we know it's not as hot as it was before the winter.
We haven't been observing long enough to be able to make any conclusion about what's going on in geological terms.
What we do know is that humans are contributing to the polution and were not before. Scientists are mixed on how much the contribution matters, and not long ago, were predicting that there would be ice ages (the theory before global warming).
Kyoto makes sense to a point for a number of reasons unrelated to global warming, and as I said nobody is debating either that warming is occurring nor that humans contribute to it. The debate is largely over how much of it is natural and how much is not.
However, Kyoto doesn't apply to many countries, and this is where the Senate took exception, and it's not been resolved.
Kyoto does nobody any good if all the poluters move to third world countries exempt from the treaty. It won't cut polution, and it will hurt the economy.
That, right there, is why the Senate rejected it, and I believe it is a reasonable and correct decision personally.
It's a global problem. If member countries are still allowed to deal with countries that can produce things without obeying the treaty, then the polution will just move off shore, to those locations, and the global problem will remain.
Asymetric key encryption is. You have a trusted authority issue a key, and sign it. You can verify the key file hasn't been tampered with, and they can revoke the certificate. It's harder to fake, even if they can spoof a MD5, because you can connect out to the certificate authority and ask if the certificate is valid, and they can revoke them if there's problem.
If you're downloading a package, presumably you're wanting to know that it's the right package, and that it's from whomever it says its from. An MD5 hash does not get you that capability, asymetric encryption does.
Only someone who knows your distribution's private key can produce your distribution's packages. The public key is verified by a neutral 3rd party that can revoke accidents or hackers once they're discovered.
So you know both that the distribution wasn't tampered with (because it decrypts) and that the distribution is from who they say it is from (because it decrypts), and you have a neutral 3rd party vouching for the facts who has a vested interest in retaining business by not letting people fake other people's signatures.
Tarpit doesn't actually work, and is an exceptionally bad idea.
The concept "seems" sound, but spam bots open a windowed TCP port, dump a file to it, then close it. They don't care about the 4xx series message, because they never read from the port. They don't care you're only processing one byte every 5 minutes, because they dumped the whole thing and moved on to a new server already.
The $199 Dish Network receiver reliably has been able to control the VCR and DVD-RAM recorders without my presence. I pick a show off the menu, I tell it "record this show," it kicks on the recorder automatically.
It works best if the receiver and the device it's controlling are behind an enclosure, with a sheet of glass, but it's worked relatively reliably for Dish.
The other advantage over the cheaper is that the pay channels, Sci-Fi and a few others are broadcast in AC3 (Dolby Digital), and the 2nd level of players have an optic out jack.
OK, you guys have read the other articles from Sun about GNU/Linux, have you not?
Here is how Sun's market actually works.
Company X says "we need a new database server that can handle 10,000 transactions per year, and we'd like to hear proposals."
Company Y and Company Z each submit to Company X a total solution saying "we can provide such a server for a trillion rubbles."
Company X compares the bids, and based on a lot of factors, it decides on either Company Y or Z's proposal, and enters into a contract with one or the other.
What you have to understand is that is what motivates everything that Sun says. It is totally clueless to go "Sun is claiming Red Hat owns Linux." They are talking about Red Hat's Linux distribution. The word Distribution is implied, just like when you talk about Debian Linux or SuSE Linux or GenToo Linux.
IBM and HP both were shipping Red Hat for a while. Most independent contractors will pitch Red Hat as a solution. From Sun's standpoint and viewpoint, Red Hat is their competitor, not Linux.
They've been very clear and very consistent in that view point from day one. They live or die off of enterprise grade systems, not off of a handful of individual servers bought by random small IT departments. It's the multi-million and multi-billion dollar contracts, contracts with companies like Walmart, that Sun makes its money off of.
Right now, that market is being hotly contested and the players Sun identifies are, indeed, correct.
Nokia is doing this as well, and doesn't offer an "x" button. The animation pops up and fills the entire screen, scrolling with the screen as you try to scroll it out of the way...
I really prefer Google AdSense or Amazon's advertising feature, using the former at my own sites these days. The nice thing about these featuers is that you get relevent (usually) links, they are unobtrusive, and they take insignificant amounts of bandwidth compared to the rest of the page.
I can't imagine what sort of person clicks on a rapidly flashing banner saying "you're the millionth visitor to this website click here for an item" blinking rapidly and annoyingly in a box usually marked clearly as "sponsor" or "advertisement" on a page and buys whatever product is there.
Before you get out your tin foil hats, the times that I've seen Google do this for links pointed at my website, it's been either after a period of several days outage or it's been due to a stale URI/URL.
When you do this, Google can try to hit the site first, and then falls back to the archive. I've not checked Usenet in particular, but it's the pattern I've seen in other links it has modified in this way.
The real reason why you don't see Worms and Viruses on MacOS and Linux is that Unix, in general, is an unatractive target.
A virus writer needs to know the ABI, processor architecture, etc. Preferably, they want to know the libraries they need are installed, etc. too.
On GNU/Linux, this is all chaotic and difficult to manage. Even with a PNG or JPEG exploit, you'd have to know server side the version of the kernel, etc. to send the correct exploit.
Windows is relatively constant. You have an ABI that's been unchanged for years, you have x86 processor, you have a cloud of DLLs you know are always there.
That's more why Windows is attacked, it's a much more desirable environment.
The GPL/LGPL are horrid beasts that attempt to inflict a world view.
When you add code to a GPL infected program, the virus steps into your code and covers it. This is because you've created either a combined or derived work by incorporating any portion of a GPLed program (even a header file or library).
The GPL requires you to provide source code upon request for 3 years. You may charge for media and shipping, if you feel like it, and don't have to provide it electronically.
This is only required, however, if you redistribute the covered code. If you are using it for an inhouse application, or for a server (for example), as long as you're not redistributing the program you've not fallen under the GPL.
The best way to think about this is like credit cards.
Would you want to give a copy of your credit card permanently to each store that you might ever want to shop at so that they could tell that it was you when you came back?
With a certificate based solution such as PGP or SSL, you have to have a copy of the signing certificate on each device that you want to use to access a service. You must have a copy of the reading certificate on each service that you want to access.
If any of those devices has a security compromise, etc. then you must go to each site that you would access and update the information.
However, with the single sign on solution, one site has the information to verify that you are you, through whatever technology is available, using any mechanism available. You can access the protected sites from any device, anywhere.
Instead of the sites getting all the information about you, all they get is a number. The organization providing single sign in can confirm you are really who you say you are.
With single sign on, if your information becomes compromised, you know who to blame, and so that party will reasonably try to resolve disputes.
If you look at it like a credit card, if your credit card becomes compromised, you call the bank and tell them, and then they stop accepting new charges. If you see a charge you don't agree with, you can call and investigate it and usually you can get it rolled back.
This same thing would hold true for single sign on. If there's a problem, if you think people are using your single sign on, you have someone you can go to and complain to to get the problem resolved.
From a website standpoint, it means that the website doesn't have to verify your e-mail address or anything else to give you access, all it needs to do is verify that you have a valid token. This means no more "you can't use this feature until you receive the e-mail that we sent you" and it means your e-mail address isn't propogated to hundreds of sites with privacy policies that could change at any time (and that could become sources of spam).
Sony sells recorders. Sony sells media. Sony sells players. Sony sells music.
I fail to see why the fact that they sell a recorder means that they want you to rip off their CDs and post them to Kazaa. You want to steal music, steal music, but don't say "OMG Sony is being confusing here."
The documentation with my MD recorder specifically mentions the fact that MDs recorded from commercial CDs cannot be copied. This same thing goes for copies of CDs made on audio equipment.
It's how copyright was intended to work. You publish a book, you copyright it. Anyone who wants the book buys it from you. That is what copyright was intended for, and that's how Sony is trying to use it.
The issue is that on Kazaa, you're not giving one copy to a friend. You're giving hundreds of thousands of copies to people who you don't know and who you have never met.
what I'm really worried about is that legitimate uses of bit torrent and kazaa are going to get drowned out because of a bunch of college students who aren't willing to pay $8 for a CD (sometims as high as $15...).
Real-time 3d graphics of cinematic quality will always be too slow for general purpose CPUs
Most Graphics processing units (GPU's) do very little of the actual work you see in the renering pipeline. Most, at best, push some triangles through. Some of the newer ones have capabilities to do more advanced work.
developing a game with AI that needs ten times the power of todays CPUs will take many man years and may not be that welcomed by the console audience.
However physics systems -- blowing things up, interactive buildings, terrain, etc. are things console gamers eat up, and these things are performed in the simulation tree in the game engine by the main CPU, and not by the video card, in the vast majority of cases (all current cases that I know of).
Additionally, watch X-Play for a few minutes, listen to them complain about the AI in console games, and then say that gamers don't want a better AI.
It's very difficult to do multithreaded apps, and the difficulty rises exponentially with the number of threads.
Incorrect.
Each thread is a separate program which should be isolated from other programs except for input and output, exactly as every Unix program is already typically designed.
The complexity of the system varies linearly, and only linearly, with the number of resources that must be synchronized. This is because the threads should not be interdependent.
You can eliminate even this linear encroachment in many cases by using circular buffers and limiting the number of writers.
Sony developed a platform that can move insanely great amount of graphics around, with the ability to do real-time raytracing, rather than providing so much general-purpose processing power.
Well here's the issue. I can raytrace fine, in real time, moderately complex objects at 320x240 even on relatively low-end hardware. It's not that difficult, it doesn't take as much processor power as most people are throwing at the problem.
The thing is, polygons are a ton easier to work with in the physics engine, in the AI engine, in the collision engine, when doing hit tests, etc. The graphics processor does not do all of this work in any modern game that currently exists, and aren't even remotely close to doing so on video hardware that currently costs more than many people's computers from nVidia and ATI.
Sony could waste its money trying to provide this feature through graphics hardware, as you suggest, or they could continue to buy 3rd party video hardware (NEC PowerVR) from a company that makes its entire business out of graphics processors.
So far as moving data around, PowerPC used to be pretty good at that compared to x86's, it used to be far beyond x86's.
Sony developed a graphics architecture that could really be parallelised, so instead of bringing out a totally new console, they could just up the graphics spec by adding more chips. They could save millions of dollars from developing and advertising the new console
The big issue here is without multithreading or a multiprocessor core, this would be meaningless.
Lets say you have a physics engine. This needs to do some transforms. If the physics engine runs on the same thread the game runs on, then you have a problem because every time that you do a transform (and you'll be doing a lot of them), your game stops while it waits on the card. If you've got a really slow bus (like an AGP bus, or even a PCIx bus), you could be waiting a long time for the data to come back.
And so you need multiple threads.
If the arguement is the graphics chips could do the physics, etc. then essentially you're still multithreading, because you're going to send a program to the graphics chip, and it's going to run it.
It can be argued you could do physics with vertex shaders, etc. but most game physics are complicated enough you really need to be in code to do it.
The big thing with parallel graphics chips is that there aren't a lot of methods of making it work. either you divide the screen in half and use
From the article: Yesterday, Valve disabled approximately 20,000 Steam accounts which had been used to try to access Half-Life 2 without purchasing it. The method used was extremely easy for Valve to trace and confirm, and so there is no question that the accounts disabled were used to try and illegally obtain Half-Life 2.
Accounts also may be closed due to fraudulent activity in an attempt to obtain additional products for your Steam Account. This includes Credit Card fraud, theft of accounts you do not own and using cracked versions of Valve games.
--
There is a direct link to what to do if you believe they made an error, etc.
I think this part of the message is vitally important, compared to the other piece, because people are going "oh I applied a no-cd patch, etc."
Note that the steam agreement does say you won't alter the software. Note you can also get a no-cd patch (as other posts have been saying) by simply uninstalling the game, and then running it via Steam.
And note, when you install a Steam game from CD, it doesn't necessarily copy the entire CD (or CDs) into the cache. When you play the game over Steam, the steam title has the option of loading files from the CD that aren't present in Steam's cache (and AFAIK there's no way to turn this option off from the steam client).
This "might" be why one of the CDs has to be in the drive, because it might be reading an index (I've not licensed Steam to develop games, just investigated licensing it, and that's one of the features in the list).
If you uninstally the game, and run it from Steam (without the CD being installed), it won't ask you for the CD when you run.
I don't have a CD -- it cannot ask me for it. Everyone who I know who already had it preloaded via Steam, and then registered using a retail key is also playing diskless without a crack.
Slashdot Mirror
Or a 3rd party will.
When a password is compromised, it allows corporate assets to be accessed.
There are two things that they put this restriction in place for.
One is because once a hacker gains access to a system, you don't want the hacker to have access to it indefinitely.
The other is that users tend to use a single password for every system, and in some cases databases or memory dumps have to be sent to software vendors or, worse, open source groups for diagnosis.
These databases or dumps could contain sensitive data such as passwords, etc. and if someone finds a dump in google from 10 years ago, or if the company/group you sent your database or dump to doesn't dispose of the data in a secure way (or even if they just don't store it in a secure way) then at least it's likely that they have a dated copy of the passwords that they can't use to access current systems.
If you want to complain, the real problem is that companies don't require ISV's to secure the passwords adequately in the databases they are stored in. If the passwords were secure in the databases in the first place, then it wouldn't be as big of a deal.
Providing the capability to view an access log also helps a lot. This needs to be viewable by users and not just the admin, but only for themselves. If you're out sick or whatever, you're a lot more likely to notice an unauthorized access in a log than your boss or a security admin would be.
The big issue I have is the requirement for things like at least one upper and one lower case letter, at least one number, at least one of "$_.!". I would rather see a test that looked for dictionairy attacks, etc. because each requirement like this excludes billions of possible combinations that the hacker has to try.
It's a federal offense, punishible by jail time.
Pop in any DVD, read the FBI warning at the front.
The FBI will become involved if you give them a ring and can give enough evidence that someone is intentionally and systematically violating your copyright. A Cease and Desist/lawsuit doesn't discourage people as much as 10 years in jail does.
Read the article -- 15 games installed on the hard drive, not one DVD provided with it. Mod chip allowed the games to run without the disks.
So essentially this is $15 x $40 = $600 of software per unit they sold, and they had a few units on display and obviously were making more, so you're talking making a business off of selling that $600 of stolen product multiple times.
Nothing heroic, nothing right about doing this. It's stealing directly $600 per unit from the developers, if they sold 10 units or 100 units, that's pretty significant in terms of lost sales, etc.
The vast majority does, sadly enough.
/etc, /lib, /sbin, /bin, etc. regardless of what user is logged in, regardless of if it is root, without having been directly given permission to do so by the active user.
Application level security is the only thing that fixes the problem, although a lot of Linux users are pretending this issue won't impact them.
When you install a RPM, you often have to change to root. This is the same way the spyware gets in on Windows in the vast majority of cases (yes, some comes in through exploits or worms, but most of it comes attached with a program that a user chooses to install).
You can say don't log on as root, and that's a fine solution, except it doesn't fix anything. All your documents, all your processes are still open to any program that you run. Any network rights you have, any shares you have, all those are still available to any program that you run.
My arguement is that no application, ever, should be able to touch any file in
My arguement is that I should have to tell a program that it is allowed to connect to internet before it can exert that practice. If a program watns to "go into the background," I should have some say in that.
Application level security is an absolute requirement in order to cut these things off, and will help a lot with worms, viruses, etc.
Keep in mind the GPL is just an EULA with a different name:
End User License Agreement - EULA
General Program License Agreement - GPL
When the GPL works in the communities favor, licensing is a good thing. When a spyware uses the same mechanism to "authorize" it's use, it's a bad thing.
Application Level Security fixes this problem. Why does program A have permission to remove program B without prompting the user during an install in the first place?
It's an OS level issue, not a legal one. The OS shouldn't allow this behavior (or most of the rest of what spyware does) in the first place, regardless of the user under which the software is run and regardless of the EULA.
PalmOS 6 is based on BeOS.
/dev, etc. so really this isn't as extreme as it sounds.
A future version (presumably 7.x) will be able to run either on BeOS or Linux. If you're familiar with BeOS, it's kernel is very Unix-like anyway. Devices are in
Palm snapped up BeOS so it could get better multimedia support and somewhat better device support. It also brought a full C runtime library to PalmOS, as well as better file system support. BeOS was always fast and lightweight.
It's served this purpose, but 6.x device adoption rate has been extremely slow. Manufacturers continue to ship 5.x devices.
Meanwhile Microsoft and Linux chip away at market share.
A lot of companies aren't picking Linux for their PDA's because it's open source, or because they think it will be popular. A lot of them are picking it up because it has support for the peripherals attached to their devices, and a lot are picking it up because there is a huge mind share that knows how to write device drivers.
But running Linux means having to develop a UI, etc. Not being based off of the two "standard" UI's (Microsoft's and Palms) limits your ability to get software onto the shelves at retail chains.
Most PalmOS software is distributed on CDroms that are almost entirely empty. If it is a matter of compiling from Eclipse and copying the files onto the CD Rom, most vendors will do that for software to support the new devices.
Shareware authors, open source programers, etc. will gladly distribute binaries for multiple architectures, if it's just a matter of a check box in Eclipse.
So what you've got is a win for PalmSource (they sell more PalmOS), a win for Linux (it gets more devices) and a win for software developers (who need only develop to PalmOS to run on Linux devices).
Lenova bought the ThinkPad and ThinkCenter names. The full press release from IBM says that the eventual goal is for the PC's to be named Lenova ThinkPad and Lenova ThinkCenter. Only the IBM label has a time period.
IBM hasn't manufactured its own PCs in years, it has outsourced the manufacturing. A 20% stake in a company that is actually manufacturing PCs is comparable, if not even an improvement, over their current situation I would imagine.
Meanwhile, the last real expansion market for PCs and laptops is Asia, and Lenova, being an asian company, has a huge leg up in that region over other companies. People in Asia want to buy Asian PCs running Asian OSes, they don't want to buy from US manufacturers and be dependent on the US or Microsoft. There've been numerous articles about this lately in the news and on slashdot.
It's a win for IBM, and it's a win for Lenova who goes overnight from a 2% market share to 80% stake in a 7% market share. IBM is at 5% market share and stable, and the decision isn't likely to impact that number much at all. They've been struggling to get any money out at all, with all the outsourcing, for years.
The real solution for this remains application level security, something neither Windows nor Linux has.
/. says to the contrary. Go join (any project)-devel, and wait a couple hours, and you'll see:
An untrusted application, regardless of if it is built from source, received by e-mail, or appears on your hard drive from God himself needs to be viewed with sceptisism until you can verify the source.
So long as operating systems depend solely on user level security to prevent attacks, the brainless monkeys sitting between the keyboard and the screen will click and run the applications.
Is it an issue on Linux? It will be, regardless of what anyone on
From: Some Clueless Newbie (newbie@hotmail.com)
subj: HELP?!!!!!!!!!!!!!!!!!!
date: today
I can't compile! please help!
Note that the clueless newbie won't give any accurate information on their problem (so that anyone can help), and will usually repeat their message 8 to 10 times over a 4 day period of time, ignoring all the replies of "what do you need?"
If I responded to the newbie's problem with a root kit attached to the end of an e-mail message and told them to run it, they would.
You can say that's not the average Linux user, and I'll agree with you, but the fact someone has taken a Linux distros CD and popped it in their drive in no way causes a brain to sprout in their head if there was not previously one there.
There are Linux programs, and I know you've seen them, that suggest that you run them as root so they can access video and audio. While you can just grant access to these devices, and adjust the Linux configuration so root isn't required, it's a lot faster solution to tell the people to run as root, and tech support looks for fast fixes.
This is what has happened on Windows, and if you believe Linux is going to displace Windows, you'll expect the same thing to happen there.
Most Windows NT distributions (I'm not sure about XP Home) in fact do ask for you to create a separate user account unless you're in a domain. The issue is that software is often poorly written, and requires access that it shouldn't, and so the user's run as admin to run that software.
But at any rate, letting a user be compromised is only academically better than letting the entire system be compromised.
Oddly enough, Microsoft's version of OS/2 supported this feature a very long time ago. And oddly enough, NT still has infrastructure support on NTFS for the OS/2 mechanism for handling this.
You are kidding yourself if you think that this would have any impact.
e .net:91 23/file/whatever
URI/URL is no more secure than MIME, because the problem is the ignorant monkey sitting between the keyboard and the screen who has been conditioned to click anything.
It's pretty clear that the spammers and the people writing the various trojans, worms, etc. are more than capable of compromising FTP servers or using zombies as FTP servers. Once they have the zombie, they can turn off fire walls, scanners, etc. so that they can get access to what they need.
Then they can send a URL like:
ftp://www.microsoft.com@compromised.machin
The issue isn't MIME, the issue isn't attachment, the issue is the brainless monkey sitting between the keyboard and the screen who clicks on things.
You know the pop-ups, banner ads, etc. that look like Windows message boxes?
That's the target market for trojans. The people who will believe that the graphic really is Windows trying to tell them something important in a banner advertisement.
Nobody debates global warming.
The debate is centered over a number of things.
First of all, the earth is coming out of an ice age. In geologic terms, the ice ages were yesterday, and the day before it was hot and sunny. Right now, we're in spring after the ice age, and it's hard to predict if we've reached summer or not, but we know it's not as hot as it was before the winter.
We haven't been observing long enough to be able to make any conclusion about what's going on in geological terms.
What we do know is that humans are contributing to the polution and were not before. Scientists are mixed on how much the contribution matters, and not long ago, were predicting that there would be ice ages (the theory before global warming).
Kyoto makes sense to a point for a number of reasons unrelated to global warming, and as I said nobody is debating either that warming is occurring nor that humans contribute to it. The debate is largely over how much of it is natural and how much is not.
However, Kyoto doesn't apply to many countries, and this is where the Senate took exception, and it's not been resolved.
Kyoto does nobody any good if all the poluters move to third world countries exempt from the treaty. It won't cut polution, and it will hurt the economy.
That, right there, is why the Senate rejected it, and I believe it is a reasonable and correct decision personally.
It's a global problem. If member countries are still allowed to deal with countries that can produce things without obeying the treaty, then the polution will just move off shore, to those locations, and the global problem will remain.
MD5 isn't the right way to detect tampering.
Asymetric key encryption is. You have a trusted authority issue a key, and sign it. You can verify the key file hasn't been tampered with, and they can revoke the certificate. It's harder to fake, even if they can spoof a MD5, because you can connect out to the certificate authority and ask if the certificate is valid, and they can revoke them if there's problem.
If you're downloading a package, presumably you're wanting to know that it's the right package, and that it's from whomever it says its from. An MD5 hash does not get you that capability, asymetric encryption does.
Only someone who knows your distribution's private key can produce your distribution's packages. The public key is verified by a neutral 3rd party that can revoke accidents or hackers once they're discovered.
So you know both that the distribution wasn't tampered with (because it decrypts) and that the distribution is from who they say it is from (because it decrypts), and you have a neutral 3rd party vouching for the facts who has a vested interest in retaining business by not letting people fake other people's signatures.
Tarpit doesn't actually work, and is an exceptionally bad idea.
The concept "seems" sound, but spam bots open a windowed TCP port, dump a file to it, then close it. They don't care about the 4xx series message, because they never read from the port. They don't care you're only processing one byte every 5 minutes, because they dumped the whole thing and moved on to a new server already.
Spammers don't use real SMTP.
The $199 Dish Network receiver reliably has been able to control the VCR and DVD-RAM recorders without my presence. I pick a show off the menu, I tell it "record this show," it kicks on the recorder automatically.
It works best if the receiver and the device it's controlling are behind an enclosure, with a sheet of glass, but it's worked relatively reliably for Dish.
The other advantage over the cheaper is that the pay channels, Sci-Fi and a few others are broadcast in AC3 (Dolby Digital), and the 2nd level of players have an optic out jack.
OK, you guys have read the other articles from Sun about GNU/Linux, have you not?
Here is how Sun's market actually works.
Company X says "we need a new database server that can handle 10,000 transactions per year, and we'd like to hear proposals."
Company Y and Company Z each submit to Company X a total solution saying "we can provide such a server for a trillion rubbles."
Company X compares the bids, and based on a lot of factors, it decides on either Company Y or Z's proposal, and enters into a contract with one or the other.
What you have to understand is that is what motivates everything that Sun says. It is totally clueless to go "Sun is claiming Red Hat owns Linux." They are talking about Red Hat's Linux distribution. The word Distribution is implied, just like when you talk about Debian Linux or SuSE Linux or GenToo Linux.
IBM and HP both were shipping Red Hat for a while. Most independent contractors will pitch Red Hat as a solution. From Sun's standpoint and viewpoint, Red Hat is their competitor, not Linux.
They've been very clear and very consistent in that view point from day one. They live or die off of enterprise grade systems, not off of a handful of individual servers bought by random small IT departments. It's the multi-million and multi-billion dollar contracts, contracts with companies like Walmart, that Sun makes its money off of.
Right now, that market is being hotly contested and the players Sun identifies are, indeed, correct.
Nokia is doing this as well, and doesn't offer an "x" button. The animation pops up and fills the entire screen, scrolling with the screen as you try to scroll it out of the way...
I really prefer Google AdSense or Amazon's advertising feature, using the former at my own sites these days. The nice thing about these featuers is that you get relevent (usually) links, they are unobtrusive, and they take insignificant amounts of bandwidth compared to the rest of the page.
I can't imagine what sort of person clicks on a rapidly flashing banner saying "you're the millionth visitor to this website click here for an item" blinking rapidly and annoyingly in a box usually marked clearly as "sponsor" or "advertisement" on a page and buys whatever product is there.
Just FYI,
Before you get out your tin foil hats, the times that I've seen Google do this for links pointed at my website, it's been either after a period of several days outage or it's been due to a stale URI/URL.
When you do this, Google can try to hit the site first, and then falls back to the archive. I've not checked Usenet in particular, but it's the pattern I've seen in other links it has modified in this way.
The real reason why you don't see Worms and Viruses on MacOS and Linux is that Unix, in general, is an unatractive target.
A virus writer needs to know the ABI, processor architecture, etc. Preferably, they want to know the libraries they need are installed, etc. too.
On GNU/Linux, this is all chaotic and difficult to manage. Even with a PNG or JPEG exploit, you'd have to know server side the version of the kernel, etc. to send the correct exploit.
Windows is relatively constant. You have an ABI that's been unchanged for years, you have x86 processor, you have a cloud of DLLs you know are always there.
That's more why Windows is attacked, it's a much more desirable environment.
The GPL/LGPL are horrid beasts that attempt to inflict a world view. When you add code to a GPL infected program, the virus steps into your code and covers it. This is because you've created either a combined or derived work by incorporating any portion of a GPLed program (even a header file or library). The GPL requires you to provide source code upon request for 3 years. You may charge for media and shipping, if you feel like it, and don't have to provide it electronically. This is only required, however, if you redistribute the covered code. If you are using it for an inhouse application, or for a server (for example), as long as you're not redistributing the program you've not fallen under the GPL.
The best way to think about this is like credit cards.
Would you want to give a copy of your credit card permanently to each store that you might ever want to shop at so that they could tell that it was you when you came back?
With a certificate based solution such as PGP or SSL, you have to have a copy of the signing certificate on each device that you want to use to access a service. You must have a copy of the reading certificate on each service that you want to access.
If any of those devices has a security compromise, etc. then you must go to each site that you would access and update the information.
However, with the single sign on solution, one site has the information to verify that you are you, through whatever technology is available, using any mechanism available. You can access the protected sites from any device, anywhere.
Instead of the sites getting all the information about you, all they get is a number. The organization providing single sign in can confirm you are really who you say you are.
With single sign on, if your information becomes compromised, you know who to blame, and so that party will reasonably try to resolve disputes.
If you look at it like a credit card, if your credit card becomes compromised, you call the bank and tell them, and then they stop accepting new charges. If you see a charge you don't agree with, you can call and investigate it and usually you can get it rolled back.
This same thing would hold true for single sign on. If there's a problem, if you think people are using your single sign on, you have someone you can go to and complain to to get the problem resolved.
From a website standpoint, it means that the website doesn't have to verify your e-mail address or anything else to give you access, all it needs to do is verify that you have a valid token. This means no more "you can't use this feature until you receive the e-mail that we sent you" and it means your e-mail address isn't propogated to hundreds of sites with privacy policies that could change at any time (and that could become sources of spam).
OK...
Sony sells recorders. Sony sells media. Sony sells players. Sony sells music.
I fail to see why the fact that they sell a recorder means that they want you to rip off their CDs and post them to Kazaa. You want to steal music, steal music, but don't say "OMG Sony is being confusing here."
The documentation with my MD recorder specifically mentions the fact that MDs recorded from commercial CDs cannot be copied. This same thing goes for copies of CDs made on audio equipment.
It's how copyright was intended to work. You publish a book, you copyright it. Anyone who wants the book buys it from you. That is what copyright was intended for, and that's how Sony is trying to use it.
The issue is that on Kazaa, you're not giving one copy to a friend. You're giving hundreds of thousands of copies to people who you don't know and who you have never met.
what I'm really worried about is that legitimate uses of bit torrent and kazaa are going to get drowned out because of a bunch of college students who aren't willing to pay $8 for a CD (sometims as high as $15...).
Real-time 3d graphics of cinematic quality will always be too slow for general purpose CPUs
Most Graphics processing units (GPU's) do very little of the actual work you see in the renering pipeline. Most, at best, push some triangles through. Some of the newer ones have capabilities to do more advanced work.
developing a game with AI that needs ten times the power of todays CPUs will take many man years and may not be that welcomed by the console audience. However physics systems -- blowing things up, interactive buildings, terrain, etc. are things console gamers eat up, and these things are performed in the simulation tree in the game engine by the main CPU, and not by the video card, in the vast majority of cases (all current cases that I know of).
Additionally, watch X-Play for a few minutes, listen to them complain about the AI in console games, and then say that gamers don't want a better AI.
It's very difficult to do multithreaded apps, and the difficulty rises exponentially with the number of threads.
Incorrect.
Each thread is a separate program which should be isolated from other programs except for input and output, exactly as every Unix program is already typically designed.
The complexity of the system varies linearly, and only linearly, with the number of resources that must be synchronized. This is because the threads should not be interdependent.
You can eliminate even this linear encroachment in many cases by using circular buffers and limiting the number of writers.
Sony developed a platform that can move insanely great amount of graphics around, with the ability to do real-time raytracing, rather than providing so much general-purpose processing power.
Well here's the issue. I can raytrace fine, in real time, moderately complex objects at 320x240 even on relatively low-end hardware. It's not that difficult, it doesn't take as much processor power as most people are throwing at the problem.
The thing is, polygons are a ton easier to work with in the physics engine, in the AI engine, in the collision engine, when doing hit tests, etc. The graphics processor does not do all of this work in any modern game that currently exists, and aren't even remotely close to doing so on video hardware that currently costs more than many people's computers from nVidia and ATI.
Sony could waste its money trying to provide this feature through graphics hardware, as you suggest, or they could continue to buy 3rd party video hardware (NEC PowerVR) from a company that makes its entire business out of graphics processors.
So far as moving data around, PowerPC used to be pretty good at that compared to x86's, it used to be far beyond x86's.
Sony developed a graphics architecture that could really be parallelised, so instead of bringing out a totally new console, they could just up the graphics spec by adding more chips. They could save millions of dollars from developing and advertising the new console
The big issue here is without multithreading or a multiprocessor core, this would be meaningless.
Lets say you have a physics engine. This needs to do some transforms. If the physics engine runs on the same thread the game runs on, then you have a problem because every time that you do a transform (and you'll be doing a lot of them), your game stops while it waits on the card. If you've got a really slow bus (like an AGP bus, or even a PCIx bus), you could be waiting a long time for the data to come back.
And so you need multiple threads.
If the arguement is the graphics chips could do the physics, etc. then essentially you're still multithreading, because you're going to send a program to the graphics chip, and it's going to run it.
It can be argued you could do physics with vertex shaders, etc. but most game physics are complicated enough you really need to be in code to do it.
The big thing with parallel graphics chips is that there aren't a lot of methods of making it work. either you divide the screen in half and use
From the article:
Yesterday, Valve disabled approximately 20,000 Steam accounts which had been used to try to access Half-Life 2 without purchasing it. The method used was extremely easy for Valve to trace and confirm, and so there is no question that the accounts disabled were used to try and illegally obtain Half-Life 2.
Accounts also may be closed due to fraudulent activity in an attempt to obtain additional products for your Steam Account. This includes Credit Card fraud, theft of accounts you do not own and using cracked versions of Valve games.
--
There is a direct link to what to do if you believe they made an error, etc.
I think this part of the message is vitally important, compared to the other piece, because people are going "oh I applied a no-cd patch, etc."
Note that the steam agreement does say you won't alter the software. Note you can also get a no-cd patch (as other posts have been saying) by simply uninstalling the game, and then running it via Steam.
And note, when you install a Steam game from CD, it doesn't necessarily copy the entire CD (or CDs) into the cache. When you play the game over Steam, the steam title has the option of loading files from the CD that aren't present in Steam's cache (and AFAIK there's no way to turn this option off from the steam client).
This "might" be why one of the CDs has to be in the drive, because it might be reading an index (I've not licensed Steam to develop games, just investigated licensing it, and that's one of the features in the list).
If you uninstally the game, and run it from Steam (without the CD being installed), it won't ask you for the CD when you run.
I don't have a CD -- it cannot ask me for it. Everyone who I know who already had it preloaded via Steam, and then registered using a retail key is also playing diskless without a crack.