They wouldn't be pirates at all, they'd be like another nation. Governments could decide to allow them to exchange data or to block everything with import restrictions (or even threaten with war). The datacentre wouldn't be protected by a national government, so they'd have to protect themselves against pirates.
Meh, all life uses resources. Humans are just so damn adaptable that they haven't reached an equilibrium (just like what happens temporarily with locust swarms). It's all going to stabilise
Dang, you beat me to it. As much as I love hating on the cloud, this has nothing to do with the cloud, and is just another story of a user that did not back up.
Using a single cloud provider with snapshots is like using a local filesystem with snapshots: very convenient, but not a backup.
Using a service which syncs to multiple computers is like using RAID: gives you better reliability in case the internet goes down or a hard drive crashes, but still not a backup.
Even using two different sync-based cloud providers can screw you over if one provider decides that all your files are deleted, and this is synced. If one of the providers has snapshots, or if the mirroring is not done continuously, then I'll agree to call it a backup.
What is most intriguing to me, though, is that if the universe is both timeless (from the outside) and has time (from the inside), is it possible for us to gain the outside perspective (or any information about that timeless perspective).
This appears to be what they did in the experiment, albeit for a very simple system of two photons
Actually, I may have misunderstood the objection. One could say that approaching psychology with scientific methods is the same as applying those methods to astrology or homeopathy. I.e. one could reject the possibility of causal relationships between the observables used in psych. I think this is wrong, and there exists well tested theories which prove that it's not all BS.
Psychology can be a science. What the paper in this story is discussing is a form of phenomenology (a term which unfortunately has many meanings): determining an empirical relationship between two observables. The best would be to predict a relationship from a set of axioms or more fundamental hypotheses, but it's hard to come by such things in psychology, so doing phenomenology is the only way forward so far. This is not worthless. It is equivalent (for example) to determining how the magnetic field around a wire changes with the current. A lot of such measurements were done before we got Maxwell's equations.
The problem with the model which was critisized is not that they used a specific set of differential equations to describe the problem. It is perfectly valid in science to determine an empirical formula based only on data. (the paper in TFA does make some convincing points about why differential equations can't describe the problem, but they are mainly rooted in the mathematical theory, and can't rule out the case that the formulae work by chance) The problem is that they did not rigorously define neither their input variables, their methodology nor the result of their test. This is also mentioned in the paper, in the context that the parameters must be dimensionless, but it is IMO far more important that they are well defined. If they had specified in detail what they measured, how they transformed the data, etc., then their works could be seen as two parts: 1) a descriptive study, and 2) a hypothesis about how the outputs can be predicted by the inputs. If the inputs and the methodology was well defined, then this hypothesis could be tested. One could compute the "positive / negative" quotient and check with more data. If the hypothesis is confirmed, psychological theorists could attempt to find a consistent explanation for the correlation.
Experiment leading theory is not unusual in science, and in psychology there is not much else to grasp for so far.
systemd is a lot better than shell clusterfuck that there was before.
I agree that it's kind of ugly to have lots of scripts with boilerplate code in them as a configuration management system -- but: it's simple, and it works. System startup is a complex task, and the init scripts manage to do that with code that a competent sysadmin could understand. It is extremely transparent, with a minimum of black box code. So while it is ugly, it is also a very elegant solution in its simplicity. It let sysadmins and power users understand and tweak anything they needed.
People really should stop complaining about dependencies. It suggests that you reuse other people's work, not re-inventing wheels. It doesn't matter whether it uses DBus or internal re-invented IPC mechanism as far as system stability is concerned.
In general this is true, but in this case the dependencies are too heavy. There is a clear hierarchy of importance: the init process is much more important than DBus. Specifically, you don't want the system to be unbootable if dbus fails. It's sort of like if the kernel relied on Avahi to boot. Maybe it's better to have a lightweight custom IPC code instead. Also, there's a big difference between library dependencies and service dependencies. In principle they are the similar, you either pass messages via function calls or via sockets or TCP. In practice there is so much more that could go wrong with a service like dbus than a library. And with non-service libraries you can even link statically, which would be useful to ensure that the init didn't fail after a botched upgrade. Also, having a lot of state outside the filesystem makes it difficult to create chroot environment and to isolate services.
DBus seems to be all about boot speed. In the process they made all kinds of troubleshooting (except performance) significantly harder.
Almost spilled my coffee there, NVidia and VSync in the same sentence? The nVidia linux driver has tearing artifacts on video almost no matter what you do, it's ridiculous. VLC, Dragon player, Totem, all have obvious tearing. mplayer looks better if you disable compositing and turn off all but one monitor, but still has some tearing if you look closely. I just tried xbmc yesterday, and it may be good.
Anyway, "GSync" seems like a good idea. Seems nice for videos with different refresh rates, like displaying 50 fps and 60 fps videos on the same monitor. If this fixed tearing, that would easily be worth $100 to me. For games i'm not sure if I'd prefer a variable frame rate to a consistent low framerate. Would make it obvious when the GPU is doing work, but maybe that's what NVidia wants. Also, it's good that they're not pitching it as a bandwidth saver, because it's not! It should be able to operate at the max frame rate consistently.
There needs to be a fps ceiling, due to limitations of the monitor hardware. I hope this doesn't introduce tearing anyway. Maybe the drawing function could block
This is why I don't get folks that want to hoard gold as a hedge against economic fallout. If civilization collapses, gold becomes worthless. In a collapsed economy, gold has no practical value. If civilization collapses, I want things that will actually be useful. Food. Water. Shelter. Guns. Clothing. These are the currency of a collapsed economy, not pretty baubles or shiny bricks.
Nations fail frequently without a lot of violence or starvation. Gold is useful if the rest of the world keeps going, but your country/region/etc is in a bad crisis.
The goods you mentioned are easy to acquire, and you can't store a lot of wealth in them. If society truly has failed, it's no good to have a lot of land, food or water, this will quickly be looted. If one tries to protect it, one will be killed by the mobs.
Guns is interesting. If you actually try to store your wealth in weaponry, buying lots of guns, it is not sufficient to just arm yourself and the family -- you still will get killed by the mobs, and the guns will be stolen. It *may* be possible to manage the crowds such that this will translate into a lot of power in a disaster situation. This is highly volatile though. In a society which doesn't recognise the value of anything but the bare necessities, the loyalty of your comrades is all you have. I mean, every society is built only on the good faith of the majority of the constituents, but in a disaster scenario there wouldn't be so many people with such large bets riding on the current order of things.
KVM/Qemu is good on the Linux desktop (and probably servers, don't know), seems to be well integrated with the kernel for things like process management, and it has solid support for PCI pass-through. The user interface is pretty decent, with virt-manager, but not as polished as VirtualBox or VMWare. If you need things like high performance graphics, low latency sound, etc., it is somewhat slower, but you can make up for it by giving the VM real hardware (perhaps not convenient on laptops).
My answer is: forget about these old get-off-my-lawn users grumbling and go on, especially if what you are doing makes sense from a usability point of view. Focus on making things easy for new users instead.
Would have agreed if you said "focus on making things better instead". If you break the existing functions for high productivity, and replace it with something that's "easy for new users", it's no wonder people get upset. People are only "new users" for a few days or weeks, then many people require more advanced functionality. So optimising only for "new users" at the cost of more advanced functionality, like Ubuntu and Gnome seem to do, is bound to cause frustration.
...If someone showed up at a bowling alley, entered in a tournament, and just ran down the lane and kicked over the pins...
I love your analogy, may I improve it?
...If someone showed up at a bowling alley, entered in a tournament, and had their robotic Roomba run down the lane and knock over all the pins...
... then Blizzard's action would be equivalent to suing the iRobot company. Except it wouldn't be a Roomba, it would be a specially designed bowling robot
Better yet, put a managed switch which allows port mirroring (or a hub if you are old school) in front of your router and run wireshark on the mirrored port going into the router. That way you will capture any package going to and from the router. Even packages stopped by and sent from the router.
This is so right, I wish I had mod points. If it really is a DoS attack, and you need to find out how they get your IP, then this is the only way. It could be a trojan checking in on IRC, or it could just be some dodgy "cloud service" from a bogus company. If someone has your gmail password they could even look at the IP log of where it was accessed from (this works the other way too)
I keep a hub around for exactly this purpose. If you don't have a hub or a managed switch, there is the option of a PC with two NICs. These are quite common on desctop motherboards. Boot a Linux live-CD and turn off NetworkManager, then look up how to bridge the two NICs (hint: brctl). It is best if you run some live distro which includes wireshark, and which doesn't set up the NICs at boot. Look at the pen testing distros for this
I don't care much for Dr Who, but this is another reason to oppose DRM and be cautious about streaming. If the producers can't be trusted to keep a copy of their works, it's up to the audience to do the archiving. Some works may not be considered popular or good, but may later have a huge cult (or mainstream, in this case) following
I love the comment, great to bring it up, but it's slightly hyperbolic. NSA haven't broken encryption (that we know of).
- They have access to all communicated data, but only the ciphertext if it's encrypted. This means that they can know when you "went to" the psychiatrist on line. The authorities could already learn this from security cameras and cops. It would be easier, though, to search for people with mental problems and to answer whether a given suspect has had therapy.
- SSL security may be circumvented by the NSA having private keys for some big certification authorities. Blind use of SSL could be subject to man in the middle attacks, but the startup could write their own certificate validation code which only accepted their own certificate (if it's not a web app). Or not use SSL, but it's easy to get things wrong if re-implementing a SSL system
- The NSA could do traffic analysis to learn more about the content of the communication. For example, if people are moving or talking on video chat, the bandwidth goes up. Same with text chat, but due to the low overall bandwidth, the application could just transmit padding at a fixed rate for text chat (and maybe audio too)
- The NSA could replace the installer with a back-door'ed one. The startup could implement some DRM-like consistency checks to increase the time it would take to make a back door. Also post the checksum on some (can't remember what it's called) independent channel from where the download files are
So it's still possible to have confidential communication over the internet
Seems I can't use speed as an argument for wired ethernet any more, as I'm not getting consistently over 60 MB/s with wired anyway, for file transfers. Technology is finally catching up, or alternatively, wired technology and OS-level file transfer efficiency have stagnated for long enough.
Some possible caveats, why wired may still be good: 1) Does this include client-to-client transfers, or are those half the speed? 2) Is there any directionality such that multiple clients can use more than the corresponding fraction of the badnwidth 3) what is the range...?
It's probably what will happen in the future, but it's quite problematic as is. There is a positive feedback loop: once you have more money (energy) you can buy more land and set up more solar panels, and exploit more resources. This feedback loop already exists because one can rent out land and houses, but it will be much greater when it can be used to directly generate money. The good part is that there is a built in inflation: it is difficult to store energy for a long time. This will just mean that land and other properties will be the preferred way to store money, and that's pretty much already the case
Keys are good for security, but random passwords of 8 characters (and even less) are totally safe against online brute force attacks. Passwords are frequently needed when new systems are installed. After all, you can't go moving keys around on an USB stick every time a new host is set up.. Using passphrases on the SSH keys is fine, but if we neglect the security of the keys themselves, it turns an online attack into an offline attack: the keys are much easier to brute force, and it can be distributed
My point was that the routers you buy don't have the routing logic implemented in hardware -- it's just your standard ARM (or MIPS?) system on a chip, running BSD or linux and software like dnsmasq. Some routers may have more "embedded" style OSes than that, but with all the functionality they're putting into the new ones, I think many need an advanced OS. (The backbone and ISP routers have more custom hardware). While non-x86 systems are more secure for the same reason that non-Windows systems are more secure, i.e. market share, I don't think it makes a difference on the routers. What could make a difference is storage: on hardware routers it's harder to store new (malicious) code, and there may be more places to hide things on a full laptop (so you do have a point)
I ran a Dell Insiron 1501 as a router for a few years and didn't have any problems (except a ExpressCard NIC, which was later replaced).
So I can actually reply to your real question, sorry I forgot about that:
-- On the Dell I used Fedora. Not recommended. Too many updates and the configuration system is constantly in flux. Apart from that, it did the job perfectly.
-- OpenWRT. Seems good, has its own package manager. I used it on a TP-Link access point to provide advanced network services including an IPv6 tunnel. It was not stable on the TP-Link, so I don't have much experience (would become unresponsive after about ~ 1 week). Seems like the thing you can "set and forget".
-- Debian (rasbian). I then used a Raspberry Pi as an advanced inverse access point, to access a wireless LAN and create a small subnet for my own computers. The hardware wasn't stellar, but the OS could be configured fine to do 1:1 NAT, as well as providing DNS with BIND, NTP, and support short-term DIY projects. A bit more updates than I'd prefer, but I suppose I could have left it alone and it would be fine. I wouldn't use Linux without any additional software if the main purpose is NAT and routing; too much work to set up. My setup was actually simpler than the standard home router stuff, except for BIND.
Many people say to get a router instead because of power consumption, wireless signal strength and stability.
You have to work out the power use yourself (some figures have already been posted by pla). Keep in mind though that a laptop using 20 W also provides 20 W of heating. If you're in a hot climate, you may lose twice by having to run the AC harder. If in a cold climate, with electric (resistive) heating, the 20 W may essentially be free most of the year. Also, if you can eliminate other devices (like a VPN gateway) with the laptop, that could be a win. On the other hand, if you need wired network it seems you can't even get away with an extra switch, as the laptop doesn't have enough ports -- here the dedicated ones clearly win.
The wireless signal can be tested. If you can boot a live-cd you could set up host AP mode and test speed by transferring data and latency with ping.
The stability is hard to gauge. Both netbooks and consumer routers can be quite bad. I ran a Dell Insiron 1501 as a router for a few years and didn't have any problems (except a ExpressCard NIC, which was later replaced).
I wouldnt' go for the laptop due to not having wired network, but otherwise I would definitely pick it. It's great for hosting small DIY services like a webcam. I wouldn't host internal-only services beyond those typically hosted on routers, for security reasons (e.g. if the webserver first binds to the local interface, then after an update binds to both interfaces).
Slashdot Mirror
They wouldn't be pirates at all, they'd be like another nation. Governments could decide to allow them to exchange data or to block everything with import restrictions (or even threaten with war). The datacentre wouldn't be protected by a national government, so they'd have to protect themselves against pirates.
Meh, all life uses resources. Humans are just so damn adaptable that they haven't reached an equilibrium (just like what happens temporarily with locust swarms). It's all going to stabilise
Dang, you beat me to it. As much as I love hating on the cloud, this has nothing to do with the cloud, and is just another story of a user that did not back up.
Using a single cloud provider with snapshots is like using a local filesystem with snapshots: very convenient, but not a backup.
Using a service which syncs to multiple computers is like using RAID: gives you better reliability in case the internet goes down or a hard drive crashes, but still not a backup.
Even using two different sync-based cloud providers can screw you over if one provider decides that all your files are deleted, and this is synced. If one of the providers has snapshots, or if the mirroring is not done continuously, then I'll agree to call it a backup.
What is most intriguing to me, though, is that if the universe is both timeless (from the outside) and has time (from the inside), is it possible for us to gain the outside perspective (or any information about that timeless perspective).
This appears to be what they did in the experiment, albeit for a very simple system of two photons
Actually, I may have misunderstood the objection. One could say that approaching psychology with scientific methods is the same as applying those methods to astrology or homeopathy. I.e. one could reject the possibility of causal relationships between the observables used in psych. I think this is wrong, and there exists well tested theories which prove that it's not all BS.
Psychology can be a science. What the paper in this story is discussing is a form of phenomenology (a term which unfortunately has many meanings): determining an empirical relationship between two observables. The best would be to predict a relationship from a set of axioms or more fundamental hypotheses, but it's hard to come by such things in psychology, so doing phenomenology is the only way forward so far. This is not worthless. It is equivalent (for example) to determining how the magnetic field around a wire changes with the current. A lot of such measurements were done before we got Maxwell's equations.
The problem with the model which was critisized is not that they used a specific set of differential equations to describe the problem. It is perfectly valid in science to determine an empirical formula based only on data. (the paper in TFA does make some convincing points about why differential equations can't describe the problem, but they are mainly rooted in the mathematical theory, and can't rule out the case that the formulae work by chance) The problem is that they did not rigorously define neither their input variables, their methodology nor the result of their test. This is also mentioned in the paper, in the context that the parameters must be dimensionless, but it is IMO far more important that they are well defined. If they had specified in detail what they measured, how they transformed the data, etc., then their works could be seen as two parts: 1) a descriptive study, and 2) a hypothesis about how the outputs can be predicted by the inputs. If the inputs and the methodology was well defined, then this hypothesis could be tested. One could compute the "positive / negative" quotient and check with more data. If the hypothesis is confirmed, psychological theorists could attempt to find a consistent explanation for the correlation.
Experiment leading theory is not unusual in science, and in psychology there is not much else to grasp for so far.
systemd is a lot better than shell clusterfuck that there was before.
I agree that it's kind of ugly to have lots of scripts with boilerplate code in them as a configuration management system -- but: it's simple, and it works. System startup is a complex task, and the init scripts manage to do that with code that a competent sysadmin could understand. It is extremely transparent, with a minimum of black box code. So while it is ugly, it is also a very elegant solution in its simplicity. It let sysadmins and power users understand and tweak anything they needed.
People really should stop complaining about dependencies. It suggests that you reuse other people's work, not re-inventing wheels. It doesn't matter whether it uses DBus or internal re-invented IPC mechanism as far as system stability is concerned.
In general this is true, but in this case the dependencies are too heavy. There is a clear hierarchy of importance: the init process is much more important than DBus. Specifically, you don't want the system to be unbootable if dbus fails. It's sort of like if the kernel relied on Avahi to boot. Maybe it's better to have a lightweight custom IPC code instead. Also, there's a big difference between library dependencies and service dependencies. In principle they are the similar, you either pass messages via function calls or via sockets or TCP. In practice there is so much more that could go wrong with a service like dbus than a library. And with non-service libraries you can even link statically, which would be useful to ensure that the init didn't fail after a botched upgrade. Also, having a lot of state outside the filesystem makes it difficult to create chroot environment and to isolate services.
DBus seems to be all about boot speed. In the process they made all kinds of troubleshooting (except performance) significantly harder.
Almost spilled my coffee there, NVidia and VSync in the same sentence? The nVidia linux driver has tearing artifacts on video almost no matter what you do, it's ridiculous. VLC, Dragon player, Totem, all have obvious tearing. mplayer looks better if you disable compositing and turn off all but one monitor, but still has some tearing if you look closely. I just tried xbmc yesterday, and it may be good.
Anyway, "GSync" seems like a good idea. Seems nice for videos with different refresh rates, like displaying 50 fps and 60 fps videos on the same monitor. If this fixed tearing, that would easily be worth $100 to me. For games i'm not sure if I'd prefer a variable frame rate to a consistent low framerate. Would make it obvious when the GPU is doing work, but maybe that's what NVidia wants. Also, it's good that they're not pitching it as a bandwidth saver, because it's not! It should be able to operate at the max frame rate consistently.
There needs to be a fps ceiling, due to limitations of the monitor hardware. I hope this doesn't introduce tearing anyway. Maybe the drawing function could block
This is why I don't get folks that want to hoard gold as a hedge against economic fallout. If civilization collapses, gold becomes worthless. In a collapsed economy, gold has no practical value. If civilization collapses, I want things that will actually be useful. Food. Water. Shelter. Guns. Clothing. These are the currency of a collapsed economy, not pretty baubles or shiny bricks.
Nations fail frequently without a lot of violence or starvation. Gold is useful if the rest of the world keeps going, but your country/region/etc is in a bad crisis.
The goods you mentioned are easy to acquire, and you can't store a lot of wealth in them. If society truly has failed, it's no good to have a lot of land, food or water, this will quickly be looted. If one tries to protect it, one will be killed by the mobs.
Guns is interesting. If you actually try to store your wealth in weaponry, buying lots of guns, it is not sufficient to just arm yourself and the family -- you still will get killed by the mobs, and the guns will be stolen. It *may* be possible to manage the crowds such that this will translate into a lot of power in a disaster situation. This is highly volatile though. In a society which doesn't recognise the value of anything but the bare necessities, the loyalty of your comrades is all you have. I mean, every society is built only on the good faith of the majority of the constituents, but in a disaster scenario there wouldn't be so many people with such large bets riding on the current order of things.
KVM/Qemu is good on the Linux desktop (and probably servers, don't know), seems to be well integrated with the kernel for things like process management, and it has solid support for PCI pass-through. The user interface is pretty decent, with virt-manager, but not as polished as VirtualBox or VMWare. If you need things like high performance graphics, low latency sound, etc., it is somewhat slower, but you can make up for it by giving the VM real hardware (perhaps not convenient on laptops).
My answer is: forget about these old get-off-my-lawn users grumbling and go on, especially if what you are doing makes sense from a usability point of view. Focus on making things easy for new users instead.
Would have agreed if you said "focus on making things better instead". If you break the existing functions for high productivity, and replace it with something that's "easy for new users", it's no wonder people get upset. People are only "new users" for a few days or weeks, then many people require more advanced functionality. So optimising only for "new users" at the cost of more advanced functionality, like Ubuntu and Gnome seem to do, is bound to cause frustration.
...If someone showed up at a bowling alley, entered in a tournament, and just ran down the lane and kicked over the pins...
I love your analogy, may I improve it?
... then Blizzard's action would be equivalent to suing the iRobot company. Except it wouldn't be a Roomba, it would be a specially designed bowling robot
this story is sort of a dupe minus the (puzzing) gaming angle http://tech.slashdot.org/story/13/06/29/138230/mit-researchers-can-see-through-walls-using-wi-fi
Isn't that like saying it's more wrong to kill someone with a sniper rifle than to beat them to death with fists
Better yet, put a managed switch which allows port mirroring (or a hub if you are old school) in front of your router and run wireshark on the mirrored port going into the router. That way you will capture any package going to and from the router. Even packages stopped by and sent from the router.
This is so right, I wish I had mod points. If it really is a DoS attack, and you need to find out how they get your IP, then this is the only way. It could be a trojan checking in on IRC, or it could just be some dodgy "cloud service" from a bogus company. If someone has your gmail password they could even look at the IP log of where it was accessed from (this works the other way too)
I keep a hub around for exactly this purpose. If you don't have a hub or a managed switch, there is the option of a PC with two NICs. These are quite common on desctop motherboards. Boot a Linux live-CD and turn off NetworkManager, then look up how to bridge the two NICs (hint: brctl). It is best if you run some live distro which includes wireshark, and which doesn't set up the NICs at boot. Look at the pen testing distros for this
I don't care much for Dr Who, but this is another reason to oppose DRM and be cautious about streaming. If the producers can't be trusted to keep a copy of their works, it's up to the audience to do the archiving. Some works may not be considered popular or good, but may later have a huge cult (or mainstream, in this case) following
I love the comment, great to bring it up, but it's slightly hyperbolic. NSA haven't broken encryption (that we know of).
- They have access to all communicated data, but only the ciphertext if it's encrypted. This means that they can know when you "went to" the psychiatrist on line. The authorities could already learn this from security cameras and cops. It would be easier, though, to search for people with mental problems and to answer whether a given suspect has had therapy.
- SSL security may be circumvented by the NSA having private keys for some big certification authorities. Blind use of SSL could be subject to man in the middle attacks, but the startup could write their own certificate validation code which only accepted their own certificate (if it's not a web app). Or not use SSL, but it's easy to get things wrong if re-implementing a SSL system
- The NSA could do traffic analysis to learn more about the content of the communication. For example, if people are moving or talking on video chat, the bandwidth goes up. Same with text chat, but due to the low overall bandwidth, the application could just transmit padding at a fixed rate for text chat (and maybe audio too)
- The NSA could replace the installer with a back-door'ed one. The startup could implement some DRM-like consistency checks to increase the time it would take to make a back door. Also post the checksum on some (can't remember what it's called) independent channel from where the download files are
So it's still possible to have confidential communication over the internet
Yeah that seems to be how we got into this mess. Managers thought that laptops were just tiny televisions
Seems I can't use speed as an argument for wired ethernet any more, as I'm not getting consistently over 60 MB/s with wired anyway, for file transfers. Technology is finally catching up, or alternatively, wired technology and OS-level file transfer efficiency have stagnated for long enough.
Some possible caveats, why wired may still be good: 1) Does this include client-to-client transfers, or are those half the speed? 2) Is there any directionality such that multiple clients can use more than the corresponding fraction of the badnwidth 3) what is the range...?
It's probably what will happen in the future, but it's quite problematic as is. There is a positive feedback loop: once you have more money (energy) you can buy more land and set up more solar panels, and exploit more resources. This feedback loop already exists because one can rent out land and houses, but it will be much greater when it can be used to directly generate money. The good part is that there is a built in inflation: it is difficult to store energy for a long time. This will just mean that land and other properties will be the preferred way to store money, and that's pretty much already the case
Don't mention what the fuck it does or anything.
But it's insanely great !!!
Keys are good for security, but random passwords of 8 characters (and even less) are totally safe against online brute force attacks. Passwords are frequently needed when new systems are installed. After all, you can't go moving keys around on an USB stick every time a new host is set up.. Using passphrases on the SSH keys is fine, but if we neglect the security of the keys themselves, it turns an online attack into an offline attack: the keys are much easier to brute force, and it can be distributed
My point was that the routers you buy don't have the routing logic implemented in hardware -- it's just your standard ARM (or MIPS?) system on a chip, running BSD or linux and software like dnsmasq. Some routers may have more "embedded" style OSes than that, but with all the functionality they're putting into the new ones, I think many need an advanced OS. (The backbone and ISP routers have more custom hardware). While non-x86 systems are more secure for the same reason that non-Windows systems are more secure, i.e. market share, I don't think it makes a difference on the routers. What could make a difference is storage: on hardware routers it's harder to store new (malicious) code, and there may be more places to hide things on a full laptop (so you do have a point)
I ran a Dell Insiron 1501 as a router for a few years and didn't have any problems (except a ExpressCard NIC, which was later replaced).
So I can actually reply to your real question, sorry I forgot about that:
-- On the Dell I used Fedora. Not recommended. Too many updates and the configuration system is constantly in flux. Apart from that, it did the job perfectly.
-- OpenWRT. Seems good, has its own package manager. I used it on a TP-Link access point to provide advanced network services including an IPv6 tunnel. It was not stable on the TP-Link, so I don't have much experience (would become unresponsive after about ~ 1 week). Seems like the thing you can "set and forget".
-- Debian (rasbian). I then used a Raspberry Pi as an advanced inverse access point, to access a wireless LAN and create a small subnet for my own computers. The hardware wasn't stellar, but the OS could be configured fine to do 1:1 NAT, as well as providing DNS with BIND, NTP, and support short-term DIY projects. A bit more updates than I'd prefer, but I suppose I could have left it alone and it would be fine. I wouldn't use Linux without any additional software if the main purpose is NAT and routing; too much work to set up. My setup was actually simpler than the standard home router stuff, except for BIND.
Many people say to get a router instead because of power consumption, wireless signal strength and stability.
You have to work out the power use yourself (some figures have already been posted by pla). Keep in mind though that a laptop using 20 W also provides 20 W of heating. If you're in a hot climate, you may lose twice by having to run the AC harder. If in a cold climate, with electric (resistive) heating, the 20 W may essentially be free most of the year. Also, if you can eliminate other devices (like a VPN gateway) with the laptop, that could be a win. On the other hand, if you need wired network it seems you can't even get away with an extra switch, as the laptop doesn't have enough ports -- here the dedicated ones clearly win.
The wireless signal can be tested. If you can boot a live-cd you could set up host AP mode and test speed by transferring data and latency with ping.
The stability is hard to gauge. Both netbooks and consumer routers can be quite bad. I ran a Dell Insiron 1501 as a router for a few years and didn't have any problems (except a ExpressCard NIC, which was later replaced).
I wouldnt' go for the laptop due to not having wired network, but otherwise I would definitely pick it. It's great for hosting small DIY services like a webcam. I wouldn't host internal-only services beyond those typically hosted on routers, for security reasons (e.g. if the webserver first binds to the local interface, then after an update binds to both interfaces).