Does it really matter if the boot process is fast, or should it simply appear fast?
Here's the simple one: First thing init should do is fire up X with a login prompt. Start everything else in the background. By the time most users have entered their credentials, the other services have started up.
You'd probably gain 30% speedup. With no need to rewrite the init system.
If you RTFA, you'll see this is aimed at desktops with a GUI, which is somewhere that startup time is very important.
Since when? This system goes from power button to wdm login in about 30 sec. If installing and tweaking a new init system takes 15 minutes and saves me 10 sec. on bootup, I need to boot a lot just to recover that time.
My laptop takes incredibly longer to boot Linux than Windows XP.
And you blame that on init? My notebook takes about 38 sec. until wdm login, and I could certainly reduce that by at least 10 if I would spend some time optimizing the boot process. But, as above, if I spend half an hour doing that, what is the net gain?
My iPAQ takes a long time to boot Linux, compared to the startup of WinCE.
The least part of the startup process on the iPAQ is wasted on init. QPE (if you use it) takes much longer than the whole init process that precedes it. Besides, it really doesn't matter on the iPAQ, where you reboot once every few months at most.
Init works perfectly well for desktops. You can even tweak it very easily. You can speed it up with minimal effort, if you want to spend a little time (especially figuring out dependencies).
Most importantly: It's a generic mechanism. It works reasonably well for all systems. Yeah, maybe you can do 5% better with a custom tool geared to one specific use. Please do if you want. Please don't sell that is The Right Thing(tm) to the rest of the world.
a) Software is complex, hardware is unreliable, you can never prove that it works correctly.
b) The same is true for hundreds of other markets which do have liability laws.
c) Liability would hurt Free Software a lot (we simply can't afford it, since there's no income to offset any costs).
d) Liability can be limited to gross negliegence. It already is in other areas.
e) Liability can be limited by cost, e.g. your maximum liability is sales price times x. No sale, no cost.
f) The EULA clauses are not entirely safe. Depending on local jurisdiction, you can usually not rid yourself of liability completely just by saying so. In most of europe, for example, liabilities due to intent or gross negliegence can not be protected against by contract.
g) Yes, introducing full software liability would put Microsoft out of business within the week. Also most other companies.
h) Not introducing at least limited liability will damage the IT industry in the long run, as it will prevent the move to professionalism and reliability that every mature industry makes. I'm pretty sure the first cars weren't exactly reliable, either.
i) Software isn't the same as automobiles. Differences have to be taken into account.
j) The market place is not a panacea. Especially not when it has been successfully cornered.
k) It may well be one possible solution to decide that since Microsoft enjoys a monopoly position, their responsibilities (e.g. liabilities) are higher than everyone elses.
l) In the end, politicians will decide. In the US that means corporate money decides, in the EU it means party lines decide. Both will turn against software companies and pro liabilities exactly when the other industries has suffered enough from software bugs.
m) Until then, enjoy the show. Write Free Software, especially anonymous distribution systems. When liability becomes law, continue to write Free Software and distribute it through anonymous channels. Crypto signatures and public keys can make two-way communication possible without identifying the author.
Which utilities have low barriers of entry? Supplying a country with anything will always require considerable prior investments. Neither power, nor water, garbage, phone service, etc. is something you can start in your garage.
That was a rhetorical question, wasn't it? The picture is clear on all utilities: Privatisation has almost always had the same effect:
* In the short run, prices plummet and more alternatives appear. * In the long run, after a low number of de-facto monopolists remain, prices rise and reliability and service go down
Exceptions I know about are:
* Some 2nd world countries that were forced to privatisation by the WTO, where the first step was skipped (water in south america, great topic) * A few 1st world countries who - so far - managed to keep competition going, usually by the dreaded government intervention against emerging monopolies.
The problem is simple: As a government company, a utilities' purpose is to supply something to the people, be it water, power or phone service. As a commercial entity, its purpose is to make money for its stockholders. If regular blackouts increase your profits, we will see more of them. If firing half your service people, reducing maintainance costs and saving the R&D money for future developments rises the stock prices, that is what we will see to happen.
Whenever was that a reason? Robbers ignore the law, too. That doesn't mean we should make robbery legal, does it?
2. Laws are meaningless unless enforced. How will it be enforced? When I get hit with spam that violates this law, who do I complain to? Who will investigate my complaint and then pursue and punish the spammers?
That is the interesting question, and the one that will likely take more time to solve. But with $1000 fines per piece I can imagine that something will happen. Those are billions we're talking about, all Cal needs to do is collect.
3. Where will all the money and resources come from to enforce this law
The spammers. That is what fines are for, you know?
4. What about all the spam originating from servers outside the U.S.
Bullshit argument. 90% of the spammers are US citizen. True, they bounce their crap off in the entire world, but if you can trace them, you will find they sit just down the street.
You also forgot one point: Just by making it illegal, you will move some spammers out of the business. A lot of them really think what they do is all ok. When they can no longer hide behind that argument, a few of them just might decide to pack up and play somewhere else. There are cowards everywhere, and I'd guess the ratio is pretty high amongst spammers.
Most kids do get taught how to ride a bike, including riding with a local cop during elementary school.
For alcohol (and other drugs), we desperately need a better drug education on how to use which drugs safely (including which drugs can't be used safely). I've seen way too many drunk people who were a danger both to themselves and others.
Your problem is that you will still suffer from the next Melissa/CodeRed/Blaster/whatever outbreak, because when the pipes are saturated, they are saturated and your encrypted tunnels go down.
If all the windows viruses would only affect windows systems, I couldn't care less. It's that they affect us all that bothers me.
When you think about it, though, it isn't the users fault. Sure, users could be more educated, but why force them?
The machine should be inherently safe. 90% of the people who own computers use it for maybe a dozen tasks or less. 99% of the users have no use whatsoever for the primary virus propagation vector (arbitrary execution of code in e-mail).
The problem is that the computer market is far from mature. We're still in the "oh look, it's shiny and has colours" stage. Features still sell more than safe basic operation. In a mature market, functionality and simplicity often win out. Good cars sell a lot more than fancy cars. Sure there's niche markets, but I'm talking about the mainstream.
So, maybe we should just wait a couple more years and things will change on their own.
Until then, I propose we simply pass a law that sending me a virus allows me to sue you for $50 in small claims court, no matter if you did it intentionally or not. People would switch to more secure systems faster than you can say attorney.
Just for going online? There should be a mandatory course for using computers at all.
Hey, hey - before you mod "Troll", think about this:
* You can't drive without a license * You can't operate heavy machinery * You can't practice medicine
etc.
We already cover most points where people can do damage to either themselves or others with mandatory education. It makes sense, too.
It doesn't have to be "elitest". It can be as simple as driving school in most of the US, where you hop in a car with the local sherrif for 10 minutes and show him that you know which pedal does what.
Of course, computers being more complicated, there's also a different answer. I'll post that in a new reply, so you can mod this one down all you like.:)
You can run a brute-force attack against it. But you have no way of knowing that what you decrypt is the actual plain text. Any text of the correct length is a valid plain text.
Here's a string encrypted with a one-time pad:
FJERZFTHWRTUWZNE
Depending on my OTP, it can decrypt to either "SlashdotForever!", or "OneTimePads=Good". Actually, it's neither. It's my credit-card number. If you can decrypt it, it's yours.
That's why we have community products. For music, CDDB works pretty good and is a working real-life example.
Other metadata is automatically inserted. When you install OpenOffice, it asks for your name and inserts that as the author into any new documents you create, for example.
Sure, the metadata on my personal machine will never be comparable to what a library could do. But it doesn't have to be - it has to be useful for me, not - like the library - for thousands of people with very different interests and approaches.
Exactly how do you put a fictitious legal entity in Jail?
By closing it down, of course. The purpose of jail is to seperate a criminal from society, and moving him into a location where you can keep him under control. For corporations, you close them down (seperation) and freeze all their assets (prevention of running away).
"In this article [...] makes the case for a repressive regime for our country. He argues that the promotion of choice of GUI as a positive feature of using Democracy is detrimental to its chances of attacking (Terrorism|Communism|Enemyism)'s grip. From the article: '...the open society community must recognize that its primary goals: freedom of choice, freedom of speech, and freedom to vote, are not the goals of the average user.' In particular he argues that the choice of presidents between (all those choices), is not one that a former oppressed men, even a fairly politically competent one, is going to able to make an informed choice on, and that they should not be forced to make that choice in order to get good use out of any government they might want to use."
Yeah, I couldn't agree more. Freedom is a scary thing, so let's take it away.
This ain't a problem you can solve yourself. It all depends on your boss.
If you have a good boss, you can talk to him about work overload, and he will help you put priorities on the projects and fight off people who want to hassle you. In short: A good boss will make sure that you can put as much of your time into actually working, and he will be the one saying "no" for you. That's his job. You're there for technical skills, not for corporate politics.
If your boss sucks, he'll leave everything to you and then blame you if things go wrong. One surefire sign I've found for this kind of boss is that if you complain to him that you can't get all the work done, he replies with something like "well, then stay longer". If you have a boss of that kind, my advise is to get the hell out.
Talking to people will generally help (as in "ok, I've written down your problem, so I won't forget it, but I have x other tasks right now and it will take y hours/days before I can work on it."). However, for most people if they do have a serious problem, that is the most important thing in the company and you will probably spend way too much time arguing with them - time you could have spent fixing the problem.
What you can do here is to work on getting an image of reliability. If everyone in the company knows that you will remember their problem, for example, they are less likely to call in to "remind" you.
A "todo" list really is your best friend. It makes sure that when the shit hits the fan, you have some documentation to fall back to, and you can show everyone that you would have gotten to the printer right after the CEOs secretaries mouse problem and the network outage on floor 3.
Important point! Now how do we fix that? Or at least prevent it from perpetuating?
If I knew that, I would be spreading the gospel left, right and center.
Personally, I think the system is broken and needs to be put out of its misery. Or, since we can't do that, at least stopped from infecting yet more areas of the economy, which isn't too healthy right now anyways.
That's why I've joined the protest. At the moment, that's what we can do.
Not all sites run by geeks are visited only by geeks.
I have an online game. It has about 400 active players. The majority are not geeks. Most of them will learn today what the problem with software patents is (namely that the game they're playing might well go away if I get sued because I use a progress bar or whatever).
As a matter of fact, there was some discussion on the Full Disclosure mailing list whether or not Blaster was exactly that. It was so poorly written, and used such a beautiful exploit that many security people (myself included) can't fathom how someone could possibly waste this exploit for such a crappy worm.
The black death wiped out half of europes population, yet it created no natural immunity in the survivors. Today we have a smaller-scale problem of the same kind with HIV.
In windows, some viruses have and do cause changes for the better. I hate windows with a passion, but I can't deny that some things have improved. Other virus outbreaks just kill a couple thousand machines and that's that.
There's one important difference to biology: When windows gets infected, Linux and other OSes gain the same knowledge boost and might make changes to protect themselves against future viruses. Thus, the network as a whole is also made stronger.
So I have a box that's unsecured...so what? That's MY business, NOT yours!
Wrong. I happen to do virus propagation research at the moment, and I can prove both mathematically and through simulation that the larger the infectable population, the worse the outbreak will be (i.e. the faster the worm or virus will spread).
This is, of course, well known in human virus research and is why vaccination is mandatory in many countries.
There are differences between biology and electronics. This isn't one of them.
The protest is growing fast. There are now over 1000 websites participating. It is afternoon here in europe right now, so expect a few more as the geeks come home from work.
It's a fairly high-profile activity. The FFII has fought this fight very much on their own for two or three years. Good to see they finally get some broad support.
Not to repeat what dozens have said, one fallacity is often overlooked:
When you talk about patents, many people have the lone inventor in a mental picture, and it's easy to convince them that he needs protection against the greedy corporations trying to steal his idea.
If you discuss software patents with someone, make sure you wipe out that picture. 99% of all patents are owned by the greedy corporations, not by the lone inventors.
Tested that just now.
Boot time before change: 41 seconds (*)
after Change: 31 seconds
That was a change that took about 15 seconds.
(*) not 30 as I remembered. Well, I've changed some stuff after I last checked.
Point was made repeatedly about elevators and XP:
Does it really matter if the boot process is fast, or should it simply appear fast?
Here's the simple one:
First thing init should do is fire up X with a login prompt. Start everything else in the background. By the time most users have entered their credentials, the other services have started up.
You'd probably gain 30% speedup. With no need to rewrite the init system.
If you RTFA, you'll see this is aimed at desktops with a GUI, which is somewhere that startup time is very important.
Since when? This system goes from power button to wdm login in about 30 sec. If installing and tweaking a new init system takes 15 minutes and saves me 10 sec. on bootup, I need to boot a lot just to recover that time.
My laptop takes incredibly longer to boot Linux than Windows XP.
And you blame that on init? My notebook takes about 38 sec. until wdm login, and I could certainly reduce that by at least 10 if I would spend some time optimizing the boot process. But, as above, if I spend half an hour doing that, what is the net gain?
My iPAQ takes a long time to boot Linux, compared to the startup of WinCE.
The least part of the startup process on the iPAQ is wasted on init. QPE (if you use it) takes much longer than the whole init process that precedes it.
Besides, it really doesn't matter on the iPAQ, where you reboot once every few months at most.
Init works perfectly well for desktops. You can even tweak it very easily. You can speed it up with minimal effort, if you want to spend a little time (especially figuring out dependencies).
Most importantly: It's a generic mechanism. It works reasonably well for all systems. Yeah, maybe you can do 5% better with a custom tool geared to one specific use. Please do if you want. Please don't sell that is The Right Thing(tm) to the rest of the world.
a) Software is complex, hardware is unreliable, you can never prove that it works correctly.
b) The same is true for hundreds of other markets which do have liability laws.
c) Liability would hurt Free Software a lot (we simply can't afford it, since there's no income to offset any costs).
d) Liability can be limited to gross negliegence. It already is in other areas.
e) Liability can be limited by cost, e.g. your maximum liability is sales price times x. No sale, no cost.
f) The EULA clauses are not entirely safe. Depending on local jurisdiction, you can usually not rid yourself of liability completely just by saying so. In most of europe, for example, liabilities due to intent or gross negliegence can not be protected against by contract.
g) Yes, introducing full software liability would put Microsoft out of business within the week. Also most other companies.
h) Not introducing at least limited liability will damage the IT industry in the long run, as it will prevent the move to professionalism and reliability that every mature industry makes. I'm pretty sure the first cars weren't exactly reliable, either.
i) Software isn't the same as automobiles. Differences have to be taken into account.
j) The market place is not a panacea. Especially not when it has been successfully cornered.
k) It may well be one possible solution to decide that since Microsoft enjoys a monopoly position, their responsibilities (e.g. liabilities) are higher than everyone elses.
l) In the end, politicians will decide. In the US that means corporate money decides, in the EU it means party lines decide. Both will turn against software companies and pro liabilities exactly when the other industries has suffered enough from software bugs.
m) Until then, enjoy the show. Write Free Software, especially anonymous distribution systems. When liability becomes law, continue to write Free Software and distribute it through anonymous channels. Crypto signatures and public keys can make two-way communication possible without identifying the author.
Which utilities have low barriers of entry? Supplying a country with anything will always require considerable prior investments. Neither power, nor water, garbage, phone service, etc. is something you can start in your garage.
Free markets cause power blackouts?
That was a rhetorical question, wasn't it? The picture is clear on all utilities: Privatisation has almost always had the same effect:
* In the short run, prices plummet and more alternatives appear.
* In the long run, after a low number of de-facto monopolists remain, prices rise and reliability and service go down
Exceptions I know about are:
* Some 2nd world countries that were forced to privatisation by the WTO, where the first step was skipped (water in south america, great topic)
* A few 1st world countries who - so far - managed to keep competition going, usually by the dreaded government intervention against emerging monopolies.
The problem is simple: As a government company, a utilities' purpose is to supply something to the people, be it water, power or phone service.
As a commercial entity, its purpose is to make money for its stockholders. If regular blackouts increase your profits, we will see more of them. If firing half your service people, reducing maintainance costs and saving the R&D money for future developments rises the stock prices, that is what we will see to happen.
Oh, sorry, have seen happening.
1. Spammers will ignore the law.
Whenever was that a reason? Robbers ignore the law, too. That doesn't mean we should make robbery legal, does it?
2. Laws are meaningless unless enforced. How will it be enforced? When I get hit with spam that violates this law, who do I complain to? Who will investigate my complaint and then pursue and punish the spammers?
That is the interesting question, and the one that will likely take more time to solve. But with $1000 fines per piece I can imagine that something will happen. Those are billions we're talking about, all Cal needs to do is collect.
3. Where will all the money and resources come from to enforce this law
The spammers. That is what fines are for, you know?
4. What about all the spam originating from servers outside the U.S.
Bullshit argument. 90% of the spammers are US citizen. True, they bounce their crap off in the entire world, but if you can trace them, you will find they sit just down the street.
You also forgot one point: Just by making it illegal, you will move some spammers out of the business. A lot of them really think what they do is all ok. When they can no longer hide behind that argument, a few of them just might decide to pack up and play somewhere else. There are cowards everywhere, and I'd guess the ratio is pretty high amongst spammers.
Don't you think that their website is not really the critical element of the emergency service?
Maybe not a license, but at least education, yes.
Most kids do get taught how to ride a bike, including riding with a local cop during elementary school.
For alcohol (and other drugs), we desperately need a better drug education on how to use which drugs safely (including which drugs can't be used safely).
I've seen way too many drunk people who were a danger both to themselves and others.
Your problem is that you will still suffer from the next Melissa/CodeRed/Blaster/whatever outbreak, because when the pipes are saturated, they are saturated and your encrypted tunnels go down.
If all the windows viruses would only affect windows systems, I couldn't care less. It's that they affect us all that bothers me.
When you think about it, though, it isn't the users fault. Sure, users could be more educated, but why force them?
The machine should be inherently safe. 90% of the people who own computers use it for maybe a dozen tasks or less.
99% of the users have no use whatsoever for the primary virus propagation vector (arbitrary execution of code in e-mail).
The problem is that the computer market is far from mature. We're still in the "oh look, it's shiny and has colours" stage. Features still sell more than safe basic operation.
In a mature market, functionality and simplicity often win out. Good cars sell a lot more than fancy cars. Sure there's niche markets, but I'm talking about the mainstream.
So, maybe we should just wait a couple more years and things will change on their own.
Until then, I propose we simply pass a law that sending me a virus allows me to sue you for $50 in small claims court, no matter if you did it intentionally or not. People would switch to more secure systems faster than you can say attorney.
Just for going online? There should be a mandatory course for using computers at all.
:)
Hey, hey - before you mod "Troll", think about this:
* You can't drive without a license
* You can't operate heavy machinery
* You can't practice medicine
etc.
We already cover most points where people can do damage to either themselves or others with mandatory education. It makes sense, too.
It doesn't have to be "elitest". It can be as simple as driving school in most of the US, where you hop in a car with the local sherrif for 10 minutes and show him that you know which pedal does what.
Of course, computers being more complicated, there's also a different answer. I'll post that in a new reply, so you can mod this one down all you like.
You can run a brute-force attack against it. But you have no way of knowing that what you decrypt is the actual plain text. Any text of the correct length is a valid plain text.
Here's a string encrypted with a one-time pad:
FJERZFTHWRTUWZNE
Depending on my OTP, it can decrypt to either "SlashdotForever!", or "OneTimePads=Good". Actually, it's neither. It's my credit-card number. If you can decrypt it, it's yours.
That's why we have community products. For music, CDDB works pretty good and is a working real-life example.
Other metadata is automatically inserted. When you install OpenOffice, it asks for your name and inserts that as the author into any new documents you create, for example.
Sure, the metadata on my personal machine will never be comparable to what a library could do. But it doesn't have to be - it has to be useful for me, not - like the library - for thousands of people with very different interests and approaches.
Exactly how do you put a fictitious legal entity in Jail?
By closing it down, of course. The purpose of jail is to seperate a criminal from society, and moving him into a location where you can keep him under control.
For corporations, you close them down (seperation) and freeze all their assets (prevention of running away).
But you still like to have a choice of different cars, don't you?
"In this article [...] makes the case for a repressive regime for our country. He argues that the promotion of choice of GUI as a positive feature of using Democracy is detrimental to its chances of attacking (Terrorism|Communism|Enemyism)'s grip. From the article: '...the open society community must recognize that its primary goals: freedom of choice, freedom of speech, and freedom to vote, are not the goals of the average user.' In particular he argues that the choice of presidents between (all those choices), is not one that a former oppressed men, even a fairly politically competent one, is going to able to make an informed choice on, and that they should not be forced to make that choice in order to get good use out of any government they might want to use."
Yeah, I couldn't agree more. Freedom is a scary thing, so let's take it away.
This ain't a problem you can solve yourself. It all depends on your boss.
If you have a good boss, you can talk to him about work overload, and he will help you put priorities on the projects and fight off people who want to hassle you.
In short: A good boss will make sure that you can put as much of your time into actually working, and he will be the one saying "no" for you. That's his job. You're there for technical skills, not for corporate politics.
If your boss sucks, he'll leave everything to you and then blame you if things go wrong. One surefire sign I've found for this kind of boss is that if you complain to him that you can't get all the work done, he replies with something like "well, then stay longer".
If you have a boss of that kind, my advise is to get the hell out.
Talking to people will generally help (as in "ok, I've written down your problem, so I won't forget it, but I have x other tasks right now and it will take y hours/days before I can work on it.").
However, for most people if they do have a serious problem, that is the most important thing in the company and you will probably spend way too much time arguing with them - time you could have spent fixing the problem.
What you can do here is to work on getting an image of reliability. If everyone in the company knows that you will remember their problem, for example, they are less likely to call in to "remind" you.
A "todo" list really is your best friend. It makes sure that when the shit hits the fan, you have some documentation to fall back to, and you can show everyone that you would have gotten to the printer right after the CEOs secretaries mouse problem and the network outage on floor 3.
Important point! Now how do we fix that? Or at least prevent it from perpetuating?
If I knew that, I would be spreading the gospel left, right and center.
Personally, I think the system is broken and needs to be put out of its misery. Or, since we can't do that, at least stopped from infecting yet more areas of the economy, which isn't too healthy right now anyways.
That's why I've joined the protest. At the moment, that's what we can do.
Not all sites run by geeks are visited only by geeks.
I have an online game. It has about 400 active players. The majority are not geeks. Most of them will learn today what the problem with software patents is (namely that the game they're playing might well go away if I get sued because I use a progress bar or whatever).
As a matter of fact, there was some discussion on the Full Disclosure mailing list whether or not Blaster was exactly that. It was so poorly written, and used such a beautiful exploit that many security people (myself included) can't fathom how someone could possibly waste this exploit for such a crappy worm.
Partially correct.
The black death wiped out half of europes population, yet it created no natural immunity in the survivors. Today we have a smaller-scale problem of the same kind with HIV.
In windows, some viruses have and do cause changes for the better. I hate windows with a passion, but I can't deny that some things have improved.
Other virus outbreaks just kill a couple thousand machines and that's that.
There's one important difference to biology: When windows gets infected, Linux and other OSes gain the same knowledge boost and might make changes to protect themselves against future viruses. Thus, the network as a whole is also made stronger.
So I have a box that's unsecured...so what? That's MY business, NOT yours!
Wrong. I happen to do virus propagation research at the moment, and I can prove both mathematically and through simulation that the larger the infectable population, the worse the outbreak will be (i.e. the faster the worm or virus will spread).
This is, of course, well known in human virus research and is why vaccination is mandatory in many countries.
There are differences between biology and electronics. This isn't one of them.
The protest is growing fast. There are now over 1000 websites participating. It is afternoon here in europe right now, so expect a few more as the geeks come home from work.
It's a fairly high-profile activity. The FFII has fought this fight very much on their own for two or three years. Good to see they finally get some broad support.
Not to repeat what dozens have said, one fallacity is often overlooked:
When you talk about patents, many people have the lone inventor in a mental picture, and it's easy to convince them that he needs protection against the greedy corporations trying to steal his idea.
If you discuss software patents with someone, make sure you wipe out that picture. 99% of all patents are owned by the greedy corporations, not by the lone inventors.