Firstly, you mention Star Office and then talk about Open Source apps. Star Office isnt open source and probably wont be. I'll assume you mean apps that will work under Linux, or perhaps even free apps in terms of cost.
LaTeX + editor of choice == really nice looking documents, print or on screen. Or you can use one of the graphical front ends (Klyx or something like that?).
the official ssh packages at ssh.com are free for non-commercial use. we have a site license here at u of i, and i don't think we payed anything for it.
Neither are we (JHU). But I meant one of the Windows GUI clients (DataFellows or something simliar). Or, better, pay a bunch of crypto-minded CS students to do a reimplementation. Free servers and Unix clients don't mean much if the majority of people can't (or won't) use them.
OK, yeah, they did it for the challenge, and all that, but wouldn't it be easier to spend the $1000+ they spent for the equipment to buy a faster computer?!?!?
Pushing people to use SSH isn't going to help too much when the majority of students will still have to send passwords in plaintext format over FTP.
scp works fine. And actually sftp is part of the ssh2 distro, and IIRC there are (commercial) windows clients for it as well. If the unis really want security, buy a site license for a Windows ssh2 client, give it to everybody who wants a copy, then turn off telnet and non-anonymous-ftp on all college-owned machines (installing ssh1, ssh2, sftp, etc as replacements), and encourage (but do not require) everyone else on the network to do the same.
How? If the client could provide a zero knowledge proof that the data it was sending to the server was legitiamite, all is well, but that would be impossible (practically speaking). Encryption, OTOH, isn't helpful at all. The client knows everything that is getting encrypted and decrypted, and someone can easily hack/patch the client to dump a copy to a file. It'll prevent other people from altering the game, but that doesn't seem too useful.
I think for genre other than the live-action shoot-em-up, you can keep all the information a player isn't supposed to know on the server, and only dribble it out when appropriate. I admit that I don't have a solution for the LASEUs, but I wouldn't condemn OSS games in general due to the difficulties in producing cheat resistance in one specific genre.
Even in that case, you can probably limit the ability of people to cheat enought that it doesn't matter too much. Not being a game programmer, I really don't know for sure, but that how it would seem (don't hand out stuff to the client you don't actually want the client to know about).
Though Intel is nowhere near the state MS is in, it seems these huge product releases are made out of desperation.
Well, Intel does seem to have a tendency lately to announce products that you can't actually buy. And while the P-IV core is actually supposed to be pretty good (ie they finally have moved past the PPro/PII/PIII core), whether or not anyone will actually be able to buy one is rather debatable (based on their current supply problems with the P-IIIs). Not the mention all the problems Intel has had with their chipsets, fscking hell, it's nuts. And the RDRAM fiasco hasn't helped either.
AMD has taken a huge chunk of Intel's market, but who knows, maybe they might be able to make a comeback?
To be realistic, Intel still has a big chunk of the market (80% maybe?). AMD is doing very well for itself, I agree, but they're nowhere near putting Intel out of business yet. And honestly I would prefer it if they just kept competing with each other, with about 50/50 market share, each producing better and cheaper CPUs until the end of time. Though all I want in the short term is for AMD to come out with SMP chipsets (770... yummy) and then I'll get a dual Thunderbird or Mustang box.
This is the silliest thing I've seen in quite some time. Let me make this simple:
A good hardware router will be faster than any consumer-level-OS based router (W2K, *nix, whatever), at all times. If you want to know if NT/W2K will make a good router compared to Linux or a *BSD, ask. Dedicated hardware wins every time. The only reason to not go that route [a pun!] is cost.
BTW, your best bet for a good Intel-based router is probably FreeBSD. I know Linux has some options to tune it for routing, and it's TCP/IP stack is good, but my gut feeling is that *BSD's will still edge it out.
"finalizers" are (confusingly) called "destructors"
Not that confusing if you know that they're called destructors in C++ (though I believe that C++ destructors are somewhat different from Java finalizers.
These have been peer-reviewed and tested. The chance of blowing the strength of the algorithm with a stupid coding error is too high to risk.
As long as you do test vectors against known implementations (or better, "official" test vectors like the AES algorithms), the odds of an error like that are quite low. After all, the whole point of encryption algorithms is to make things look "random": if you screw up something, you'll notice it. For instance, I was coding SHA-1, and put a typo into one of the magic numbers (IIRC I used 0x5A827996 instead of 0x5A827999). Obviously, the test vectors were totally wrong. And of course my "version" of SHA-1 was probably just about as secure as the real version, as that constant is 2**32 * sqrt(7) or something like that (I can't remember exactly what it is but all the magic numbers in SHA-1 are derived like that). And then I printed intermediate values, realized something was going wrong, check the values, and said "Doh!" <g>
Though obviously it's a lot easier to just go use OpenSSL and be done with it, rather than recoding the whole schmere yet again (unless of course you want to - it is pretty educational, actually).
It is one of the most sarcastic things I've ever read. If you created it on company time, it's even better. If anyone has 30-45 minutes to waste like I did, go read it.
Leisuretown rocks.:) QA Confidential is my favorite as a CS major, but funnily enough, I was introduced to it by my History major roommmate. BTW, if you like weird (and violent) humor, check out Redmeat.
theres been 4 updates so far this year and this release has been around about 4 years!
Right, it's four years old. It's shipping (or was shipped, rather) with stuff that was outdated years ago. If you want to convince me of anything with your statement, show me the errata list for another distro released around the same time and show how much smaller it is than RHs (of course, probably most distros don't update eratta for 4 year old releases).
Also, investigate alternative, and far superior servers for services you want to run.
Kinda makes me mad that most Linux distros only ship with bind and sendmail (and probably most commercial Unices as well). It would be especially nice (for me) if Redhat shipped with qmail and postfix RPMs as well as sendmail. Oh, well, can't have it all <g>.
and a frustrated Apple developer name Bill Atkinson came up with Hypercard as a substitute in the mean time.
Hopefully VB is somewhat more powerful than Hypercard! I've never touched VB, but in middle school I made games and things with Hypercard, and it was (compared to any 'real' language) pitifully weak. I wince at the though of anyone trying to write a real app in Hypercard.:)
I guess COM means you can actually call OS resources in a VB app, at least. And probably the visual-front end stuff is more featurful (IIRC Hypercard's was pretty, well, basic <g>).
Good point... many times it's not the algorithm that's the problem, it's how people go about the exchanging of keys, storing the keys, etc, that compromise a system.
Almost every time, actually. Ross Anderson did a study of ATM systems some years ago, and found that almost all were insecure due to bad implementation, system design, or human errors (rather than attacks based on the algorithms used, typically DES/3DES and RSA).
I also find Mozilla to be more stable than Netscape, but I guess I'm one of those people with problems with Netscape. (nnng - must destroy java banner ads!)
I've always turned off Java{script}, even on Windows, just because it's annoying. So Netscape will only crash 5 or 6 times a day now.:)
Personally, I prefer sales tax to state income tax for several reasons. First, it's a tax on consumption, so everyone -- tourists or residents, rich or poor, pay it in the same fashion. Secondly, it incentivizes not spending your money (investing, savings, etc.) -- whereas if you go to invest money that's had income tax taken out, there goes a chunk of your principal off the top. And third, collecting sales taxes is a lot less expensive from an operational perspective -- compare the outlays vs. dollars returned of the revenue departments of the four states (New Hampshire doesn't count, it has neither) that have no sales tax but do have income tax with those of the nine states which have sales tax but no income tax.
Actually, I agree with you (especially the part about everyone paying, resident or no). However, how many states actually dropped their income tax when they adopted the sales tax? Certainly not in MD (where I'm going to school). I'd rather have just high income taxes (where you can keep track of what's going on and how much you're actually paying in tax), then have several different taxes eating away at my money (actually, OR has a gas tax too but as I don't drive that doesn't bother me too much personally <g>)
And, FWIW, Delaware is getting along just fine, thank you.
As is Oregon. The only economic problems lately have been the closing of timber and pulp mills (which I can't say I like too much, as my Dad works at one). And that is quite unrelated to any sales tax.
Another tax doesn't mean the government will do a better job, it will just find new ways to waste money (I don't like it either, but that's the way I see it).
I honestly don't understand it. Probably most clothing/shoe companies rely on cheap overseas labor (along with cars, industrial equipment and just about everthing else). Has Nike done something particularly bad that everyone hates them for it, or are they just being made an example of (or are they just getting smeared for no reason)?
To quote the review: None of this is news to us: we have all read about Nike's sweatshop labour practices.
I haven't. I've read about people protesting their labor practices, but I've never seen anything describing the results of an (impartial) check of Nike's factories, the conditions found there, and how they compare to other companies working in the same country.
I mean, Perl is reasonably fast most of the time. Is there a real need to optimize? That's the first question you need to ask yourself. If the answer is yes, figure out what's slowing it down. If the algorithms you're using are good, and yet the code is still too slow for acceptable performance in Perl, try to find a standard Perl module (or something on CPAN) that's written in C that does what you want. If that's not avaiable either, write it in (C, C++, Ada95, Objective C, whatever floats your boat) and call it from the shell (be careful about tainted paths, though) - or if you're ambitious, learn SWIG or XS and make a Perl module (then submit it to CPAN!)
If you want real stability and lack of problems, go for the last generation of kernel. For production boxes, 2.0.X boxes are probably a good idea.
For stability, yeah, 2.0.x is good (I've seen year uptimes on multiple 2.0.36 machines). Though of course the hardware support isn't as good, which can be an issue in some cases (ie if your SCSI card/video card/what have you doesn't work in 2.0, you might be in trouble).
Also, there are a lot of nice features in 2.2.x which you may want around, besides the hardware support (NTFS read support, SYN cookies (OK, maybe those were in later 2.0, I can't remember), and a much improved TCP stack, for some quick examples). Probably some security fixes too, though I think generally such fixes are backported to the older kernels if necessary - though that may change when 2.4 comes out, at that point 2.2 is the 'old' kernel, and 2.0 just becomes ancient. I dunno, I never saw too many fixes given for 1.2.x in recent memory.
Software distributed over the 'net?!?!?
on
Copyrant
·
· Score: 1
In a survey released by the BSA in conjunction with the visit, software executives estimated that by 2005, 66 percent of software will be distributed over the Internet, compared to 12 percent today.
Well no duh, how many software are available over the net now? Linux (10s of distros), {Free,Net,Open}BSD, Plan9, and AtheOS, all the associated free (speech) software, not to mention free-beer stuff like BeOS, QNX (soon), Netscape, several different compilers, VMware, and shareware. Sigh. Stupidty strikes again.
Slashdot Mirror
Firstly, you mention Star Office and then talk about Open Source apps. Star Office isnt open source and probably wont be. I'll assume you mean apps that will work under Linux, or perhaps even free apps in terms of cost.
LaTeX + editor of choice == really nice looking documents, print or on screen. Or you can use one of the graphical front ends (Klyx or something like that?).
the official ssh packages at ssh.com are free for non-commercial use. we have a site license here at u of i, and i don't think we payed anything for it.
Neither are we (JHU). But I meant one of the Windows GUI clients (DataFellows or something simliar). Or, better, pay a bunch of crypto-minded CS students to do a reimplementation. Free servers and Unix clients don't mean much if the majority of people can't (or won't) use them.
OK, yeah, they did it for the challenge, and all that, but wouldn't it be easier to spend the $1000+ they spent for the equipment to buy a faster computer?!?!?
Pushing people to use SSH isn't going to help too much when the majority of students will still have to send passwords in plaintext format over FTP.
scp works fine. And actually sftp is part of the ssh2 distro, and IIRC there are (commercial) windows clients for it as well. If the unis really want security, buy a site license for a Windows ssh2 client, give it to everybody who wants a copy, then turn off telnet and non-anonymous-ftp on all college-owned machines (installing ssh1, ssh2, sftp, etc as replacements), and encourage (but do not require) everyone else on the network to do the same.
Encryption would help
How? If the client could provide a zero knowledge proof that the data it was sending to the server was legitiamite, all is well, but that would be impossible (practically speaking). Encryption, OTOH, isn't helpful at all. The client knows everything that is getting encrypted and decrypted, and someone can easily hack/patch the client to dump a copy to a file. It'll prevent other people from altering the game, but that doesn't seem too useful.
I think for genre other than the live-action shoot-em-up, you can keep all the information a player isn't supposed to know on the server, and only dribble it out when appropriate. I admit that I don't have a solution for the LASEUs, but I wouldn't condemn OSS games in general due to the difficulties in producing cheat resistance in one specific genre.
Even in that case, you can probably limit the ability of people to cheat enought that it doesn't matter too much. Not being a game programmer, I really don't know for sure, but that how it would seem (don't hand out stuff to the client you don't actually want the client to know about).
Though Intel is nowhere near the state MS is in, it seems these huge product releases are made out of desperation.
Well, Intel does seem to have a tendency lately to announce products that you can't actually buy. And while the P-IV core is actually supposed to be pretty good (ie they finally have moved past the PPro/PII/PIII core), whether or not anyone will actually be able to buy one is rather debatable (based on their current supply problems with the P-IIIs). Not the mention all the problems Intel has had with their chipsets, fscking hell, it's nuts. And the RDRAM fiasco hasn't helped either.
AMD has taken a huge chunk of Intel's market, but who knows, maybe they might be able to make a comeback?
To be realistic, Intel still has a big chunk of the market (80% maybe?). AMD is doing very well for itself, I agree, but they're nowhere near putting Intel out of business yet. And honestly I would prefer it if they just kept competing with each other, with about 50/50 market share, each producing better and cheaper CPUs until the end of time. Though all I want in the short term is for AMD to come out with SMP chipsets (770... yummy) and then I'll get a dual Thunderbird or Mustang box.
the average person recognizes it, and associates it with a fast computer. Intel has succeeded in making sure EVERYONE knows its product name.
:)
Sure, to the average person Pentium == fast. But geeks hear "Alpha" and start drooling all over themselves.
This is the silliest thing I've seen in quite some time. Let me make this simple:
A good hardware router will be faster than any consumer-level-OS based router (W2K, *nix, whatever), at all times. If you want to know if NT/W2K will make a good router compared to Linux or a *BSD, ask. Dedicated hardware wins every time. The only reason to not go that route [a pun!] is cost.
BTW, your best bet for a good Intel-based router is probably FreeBSD. I know Linux has some options to tune it for routing, and it's TCP/IP stack is good, but my gut feeling is that *BSD's will still edge it out.
"finalizers" are (confusingly) called "destructors"
Not that confusing if you know that they're called destructors in C++ (though I believe that C++ destructors are somewhat different from Java finalizers.
like do you really need sendmail running in the background of you personal box
A lot of people do need sendmail (or, rather, an SMTP daemon of some sort) running, for fetchmail (and/or getting mail directly to your machine).
These have been peer-reviewed and tested. The chance of blowing the strength of the algorithm with a stupid coding error is too high to risk.
As long as you do test vectors against known implementations (or better, "official" test vectors like the AES algorithms), the odds of an error like that are quite low. After all, the whole point of encryption algorithms is to make things look "random": if you screw up something, you'll notice it. For instance, I was coding SHA-1, and put a typo into one of the magic numbers (IIRC I used 0x5A827996 instead of 0x5A827999). Obviously, the test vectors were totally wrong. And of course my "version" of SHA-1 was probably just about as secure as the real version, as that constant is 2**32 * sqrt(7) or something like that (I can't remember exactly what it is but all the magic numbers in SHA-1 are derived like that). And then I printed intermediate values, realized something was going wrong, check the values, and said "Doh!" <g>
Though obviously it's a lot easier to just go use OpenSSL and be done with it, rather than recoding the whole schmere yet again (unless of course you want to - it is pretty educational, actually).
It is one of the most sarcastic things I've ever read. If you created it on company time, it's even better. If anyone has 30-45 minutes to waste like I did, go read it.
:) QA Confidential is my favorite as a CS major, but funnily enough, I was introduced to it by my History major roommmate. BTW, if you like weird (and violent) humor, check out Redmeat.
Leisuretown rocks.
theres been 4 updates so far this year and this release has been around about 4 years!
Right, it's four years old. It's shipping (or was shipped, rather) with stuff that was outdated years ago. If you want to convince me of anything with your statement, show me the errata list for another distro released around the same time and show how much smaller it is than RHs (of course, probably most distros don't update eratta for 4 year old releases).
Also, investigate alternative, and far superior servers for services you want to run.
Kinda makes me mad that most Linux distros only ship with bind and sendmail (and probably most commercial Unices as well). It would be especially nice (for me) if Redhat shipped with qmail and postfix RPMs as well as sendmail. Oh, well, can't have it all <g>.
and a frustrated Apple developer name Bill Atkinson came up with Hypercard as a substitute in the mean time.
:)
Hopefully VB is somewhat more powerful than Hypercard! I've never touched VB, but in middle school I made games and things with Hypercard, and it was (compared to any 'real' language) pitifully weak. I wince at the though of anyone trying to write a real app in Hypercard.
I guess COM means you can actually call OS resources in a VB app, at least. And probably the visual-front end stuff is more featurful (IIRC Hypercard's was pretty, well, basic <g>).
Good point... many times it's not the algorithm that's the problem, it's how people go about the exchanging of keys, storing the keys, etc, that compromise a system.
Almost every time, actually. Ross Anderson did a study of ATM systems some years ago, and found that almost all were insecure due to bad implementation, system design, or human errors (rather than attacks based on the algorithms used, typically DES/3DES and RSA).
I also find Mozilla to be more stable than Netscape, but I guess I'm one of those people with problems with Netscape. (nnng - must destroy java banner ads!)
:)
I've always turned off Java{script}, even on Windows, just because it's annoying. So Netscape will only crash 5 or 6 times a day now.
Personally, I prefer sales tax to state income tax for several reasons. First, it's a tax on consumption, so everyone -- tourists or residents, rich or poor, pay it in the same fashion. Secondly, it incentivizes not spending your money (investing, savings, etc.) -- whereas if you go to invest money that's had income tax taken out, there goes a chunk of your principal off the top. And third, collecting sales taxes is a lot less expensive from an operational perspective -- compare the outlays vs. dollars returned of the revenue departments of the four states (New Hampshire doesn't count, it has neither) that have no sales tax but do have income tax with those of the nine states which have sales tax but no income tax.
Actually, I agree with you (especially the part about everyone paying, resident or no). However, how many states actually dropped their income tax when they adopted the sales tax? Certainly not in MD (where I'm going to school). I'd rather have just high income taxes (where you can keep track of what's going on and how much you're actually paying in tax), then have several different taxes eating away at my money (actually, OR has a gas tax too but as I don't drive that doesn't bother me too much personally <g>)
And, FWIW, Delaware is getting along just fine, thank you.
As is Oregon. The only economic problems lately have been the closing of timber and pulp mills (which I can't say I like too much, as my Dad works at one). And that is quite unrelated to any sales tax.
Another tax doesn't mean the government will do a better job, it will just find new ways to waste money (I don't like it either, but that's the way I see it).
I honestly don't understand it. Probably most clothing/shoe companies rely on cheap overseas labor (along with cars, industrial equipment and just about everthing else). Has Nike done something particularly bad that everyone hates them for it, or are they just being made an example of (or are they just getting smeared for no reason)?
To quote the review: None of this is news to us: we have all read about Nike's sweatshop labour practices.
I haven't. I've read about people protesting their labor practices, but I've never seen anything describing the results of an (impartial) check of Nike's factories, the conditions found there, and how they compare to other companies working in the same country.
I mean, Perl is reasonably fast most of the time. Is there a real need to optimize? That's the first question you need to ask yourself. If the answer is yes, figure out what's slowing it down. If the algorithms you're using are good, and yet the code is still too slow for acceptable performance in Perl, try to find a standard Perl module (or something on CPAN) that's written in C that does what you want. If that's not avaiable either, write it in (C, C++, Ada95, Objective C, whatever floats your boat) and call it from the shell (be careful about tainted paths, though) - or if you're ambitious, learn SWIG or XS and make a Perl module (then submit it to CPAN!)
I guess because ftp.us.kernel.org didn't have the patch at 8:20 CST.
It went up just now - between when I logged in with ncftp and couldn't find it and when I checked with Netscape. 10:17 EST. Enjoy!
If you want real stability and lack of problems, go for the last generation of kernel. For production boxes, 2.0.X boxes are probably a good idea.
For stability, yeah, 2.0.x is good (I've seen year uptimes on multiple 2.0.36 machines). Though of course the hardware support isn't as good, which can be an issue in some cases (ie if your SCSI card/video card/what have you doesn't work in 2.0, you might be in trouble).
Also, there are a lot of nice features in 2.2.x which you may want around, besides the hardware support (NTFS read support, SYN cookies (OK, maybe those were in later 2.0, I can't remember), and a much improved TCP stack, for some quick examples). Probably some security fixes too, though I think generally such fixes are backported to the older kernels if necessary - though that may change when 2.4 comes out, at that point 2.2 is the 'old' kernel, and 2.0 just becomes ancient. I dunno, I never saw too many fixes given for 1.2.x in recent memory.
In a survey released by the BSA in conjunction with the visit, software executives estimated that by 2005, 66 percent of software will be distributed over the Internet, compared to 12 percent today.
Well no duh, how many software are available over the net now? Linux (10s of distros), {Free,Net,Open}BSD, Plan9, and AtheOS, all the associated free (speech) software, not to mention free-beer stuff like BeOS, QNX (soon), Netscape, several different compilers, VMware, and shareware. Sigh. Stupidty strikes again.