Stallman is not quite so black and white about the world as you are, and has consistently placed emphasis on the value of cooperation. You do not have to be totally independent and self-sufficient in order to experience freedom.
You will also find that the FSF over the years have had to make a number of compromises, because sticking to principles at all costs is not the most effective way to bring about change. You will see compromises in the use of licences such as the LGPL, the wording of the patent sections in the GPLv3, and so on. Only those who live in your black and white world would see compromise as the same as hypocrisy.
When you buy food from someone else, you are free to do with it pretty much whatever you want. You can eat it, you can share it with your family, you can cook it anyway you like. Can't you come up with a better example than that?
And if you really think free software is no big deal, then why spend so much time with ad-hominem attacks? What is your motive?
Stallman writes "If we don't want to live in a jungle, we must change our attitudes. We must start sending the message that a good citizen is one who cooperates when appropriate, not one who is successful at taking from others. I hope that the free software movement will contribute to this: at least in one area, we will replace the jungle with a more efficient system which encourages and runs on voluntary cooperation."
Doesn't seem too fixated to me, just keeping his actions as a change agent to a manageable subset of all the things in society that need improvement.
Yes - you aren't sure what Linus thinks about "Open Source", because his role is not an advocacy one. His interest is as much an engineering one as anything, and it is the open source software development model that interests him:
I like the *process*. I like writing software. I like trying to make things work better. In many ways, the end result is unimportant – it’s really just the excuse for the whole experience. It’s why I started Linux to begin with – sure, I kind of needed an OS, but I needed a *project* to work on more than I needed the OS.
[from the techcrunch interview this year]
But having said that, his deliberate choice to use the GPL advances the cause of free software; whether you want to spend all day defining terms and factions is up to you.
Fortunately most software businesses are not selling software, they are selling problem solving. They are providing a way for their customers to achieve a goal using software. Preventing the customer from accessing or modifying the program that they paid for is, in the long run, counter-productive. Locking customers in to your services might be good for short term profit, but it isn't a good business.
Can you give even one example of anyone relevant who wants to sue Nvidia and AMD for releasing proprietary Linux drivers? No, thought not. Richard will tell you that you end up with a non-free distro, but hey, that's just pointing out the obvious. The FSF are well known for the view that non-free software is morally wrong; but their approach has not been to make legal changes, but to encourage the development of free software and set up a licence framework that will protect the freedom of end-users, and then to educate users.
And just because Linus disagrees with the GPLv3 changes and has different goals to the FSF, doesn't mean that he disagrees with the GPL. He chose to use GPLv2, and thinks that it is close to what a licence should be. Pragmatism is not his only driver; he may not have articulated what he means by "open source" as clearly as others, but actions speak as loudly as words for a programmer.
Robust discussion is a hallmark of the free software world; you have been mislead if you think Linus would contemplate giving up GPL just because of a few mailing list flame wars.
A elderly friend of my parents got one of these scam calls; the caller at the end of the line explained to her that "they could see that there was a problem with her computer" and that they could help her to fix it. She said "there sure is a problem; I took it down to the rubbish tip last month".
That's a bit unfair - the victims may be gullible, but when the public are constantly being being thrown news of real and imagined malware threats, the less knowledgeable ones are at an unfair disadvantage. Remember, these scammers are unashamedly lying and extorting money; their victims are not necessarily stupid, just too trusting of a cold caller. Without trust our society would not function; the fault here lies squarely with the scammers. If you think that the victims need more education, then it is your responsibility to inform them of the risks, not to call them "idiots".
I spent nearly 15 minutes on the line to one guy who tried to talk me through pressing the Windows button in the bottom right hand corner of the screen.
I didn't even have to lie; I repeatedly told him I was running Linux, so I didn't have a Windows button. He thought I was an idiot, kept on trying to explain how to bring up the Windows control panel so that I could see the "error messages". Eventually in frustration he put on his supervisor, who after learning I ran Linux, apologized and quickly hung up on me.
And even if the administrators or technical department didn't want to configure time synchronization, then it is their responsibilty to ensure that all "medical devices" are calibrated at appropriate intervals, which should include setting the time.
There isn't a lot of science behind it; it is an exercise in simple probability. Once you define the set of likely passwords, then the time to crack it is directly proportional to the size of that set. So if for example the password is a random 4 character lowercase password, then there are 26 times 26 times 26 times 26 ways to build it. You might want to include 1, 2, and 3 character passwords in that total, but whatever, that gives you a rough idea of how hard it is.
The software covers about a dozen password strategies, calculating the set of passwords that use that strategy (for a particular length password). But it does not cover all the strategies that people might come up with, and forcing people use the software would mean that they will come up with relatively easy-to-guess ways around it. Hence my spaced-out password looks hard to the software, but it might not be too hard for a real person to guess my strategy, and once they have, I am cactus.
It is hard to quantify how likely a particular strategy is, but we know from experience that humans aren't that creative; simply choosing a different strategy does not make the password much stronger. What matters most is the size of the set of passwords that would result from that strategy.
Unfortunately there aren't as many culturally significant phrases as you might think. For example, wikiquote, which is quite comprehensive, has only about 20000 pages, each with say around a hundred quotes. This amounts to a set of only two million possibilities (which include most of the ones you suggested). We can quibble about the exact number, but I think I am being generous because some of these are much more popular than others and would be tested first. In comparison, a mere two words chosen randomly from a dictionary of common words will have a similar number of combinations (and none are more likely than any other, because they are chosen at random).
I understand your point that memorability is an issue. But it is the combination of random choices that best achieves password strength. The point of choosing words instead of characters is not that they are more memorable (four words is roughly as hard to remember as four characters), but that the set of words is larger than the set of characters. Although there are quite a few fandom phrases, they aren't going to be chosen at random by the individual, and they have only chosen one.
To be honest, if you cannot remember a strong random password or passphrase, then it is better to write it down rather than make it weaker. At least then you only have to physically secure the piece of paper, and a piece of paper is not subject to network attacks.
Using the same package manager doesn't necessarily mean there aren't other major differences. It isn't easy to define 'base distros'; how much does a fork have to change before you consider it a separate distro? I classify Ubuntu as 'based on' Debian, not because it shares the same package manager, but because it currently continues to derive packages from the Debian system (with additional patches). Whereas while Mandriva and its forks have originated in Red Hat, they no longer draw from it.
These variations of spatial and temporal language are not uncommon.
I lived for a time in a mountainous language area in Papua New Guinea, Awa tokples, where the basic greetings encoded whether the person being greeted came from uphill, downhill, or roughly level.There were also a number of language particles that encoded elevation and were used when giving directions. I am not aware of words for left and right (meaning direction, rather than hand).
Some Aboriginal languages such as Guugu Yimithirr and Arrernte use compass directions rather than relative directions. The Levinson group at Nijmegen have devised psycholinguistic tests where subjects exhibit the cognitive difference between these absolute and relative systems (for example, in the order that one might recollect the placing of three different objects in a line after moving to a table placed at 180 degrees to the original one).
Rafael Nunez and his team showed that amongst older speakers of the Chilean language Aymara, the psychological association of time with forward and backward is the reverse of the national language Spanish. Younger speakers tended to follow the Spanish mode rather than the original Aymara one.
For projects with limited resources, it is quite normal to use a subset of the language. For example, you may eschew use of the heap library functions in C, or the use of floating point calculations.
I too use C++ (a subset), even for embedded systems as small as AVR. Having a restrictive environment doesn't mean you can't use object classes and templates.
The main risk with using C++ in a tight memory space is hidden use of the heap (for example in the STL). I don't find that code bloat is a problem if you know what you are doing.
Slashdot Mirror
Stallman is not quite so black and white about the world as you are, and has consistently placed emphasis on the value of cooperation. You do not have to be totally independent and self-sufficient in order to experience freedom.
You will also find that the FSF over the years have had to make a number of compromises, because sticking to principles at all costs is not the most effective way to bring about change. You will see compromises in the use of licences such as the LGPL, the wording of the patent sections in the GPLv3, and so on. Only those who live in your black and white world would see compromise as the same as hypocrisy.
When you buy food from someone else, you are free to do with it pretty much whatever you want. You can eat it, you can share it with your family, you can cook it anyway you like. Can't you come up with a better example than that?
And if you really think free software is no big deal, then why spend so much time with ad-hominem attacks? What is your motive?
Stallman writes "If we don't want to live in a jungle, we must change our attitudes. We must start sending the message that a good citizen is one who cooperates when appropriate, not one who is successful at taking from others. I hope that the free software movement will contribute to this: at least in one area, we will replace the jungle with a more efficient system which encourages and runs on voluntary cooperation."
Doesn't seem too fixated to me, just keeping his actions as a change agent to a manageable subset of all the things in society that need improvement.
maybe; but those people already have concussion from their previous accident
And don't forget the prior art of this one:
http://gagravaar.files.wordpress.com/2010/03/appleii-right.jpg
Oh, wait...
Even a deliberate MD5 collision is not easy. I'm skeptical that you found one by accident, particularly with such an interesting member of the pair.
that live by litigation, shall perish by litigation
Yes - you aren't sure what Linus thinks about "Open Source", because his role is not an advocacy one. His interest is as much an engineering one as anything, and it is the open source software development model that interests him:
I like the *process*. I like writing software. I like trying to make things work better. In many ways, the end result is unimportant – it’s really just the excuse for the whole experience. It’s why I started Linux to begin with – sure, I kind of needed an OS, but I needed a *project* to work on more than I needed the OS.
[from the techcrunch interview this year]
But having said that, his deliberate choice to use the GPL advances the cause of free software; whether you want to spend all day defining terms and factions is up to you.
Fortunately most software businesses are not selling software, they are selling problem solving. They are providing a way for their customers to achieve a goal using software. Preventing the customer from accessing or modifying the program that they paid for is, in the long run, counter-productive. Locking customers in to your services might be good for short term profit, but it isn't a good business.
And your post is full of false speculation.
Can you give even one example of anyone relevant who wants to sue Nvidia and AMD for releasing proprietary Linux drivers? No, thought not. Richard will tell you that you end up with a non-free distro, but hey, that's just pointing out the obvious. The FSF are well known for the view that non-free software is morally wrong; but their approach has not been to make legal changes, but to encourage the development of free software and set up a licence framework that will protect the freedom of end-users, and then to educate users.
And just because Linus disagrees with the GPLv3 changes and has different goals to the FSF, doesn't mean that he disagrees with the GPL. He chose to use GPLv2, and thinks that it is close to what a licence should be. Pragmatism is not his only driver; he may not have articulated what he means by "open source" as clearly as others, but actions speak as loudly as words for a programmer.
Robust discussion is a hallmark of the free software world; you have been mislead if you think Linus would contemplate giving up GPL just because of a few mailing list flame wars.
not to mention Neil Armstrong
With the exception of places like Snowtown of course.
haha - yes you're right, he must have said left hand side. My feeble excuse is that it's been a while since I've used Windows...
A elderly friend of my parents got one of these scam calls; the caller at the end of the line explained to her that "they could see that there was a problem with her computer" and that they could help her to fix it. She said "there sure is a problem; I took it down to the rubbish tip last month".
That's a bit unfair - the victims may be gullible, but when the public are constantly being being thrown news of real and imagined malware threats, the less knowledgeable ones are at an unfair disadvantage. Remember, these scammers are unashamedly lying and extorting money; their victims are not necessarily stupid, just too trusting of a cold caller. Without trust our society would not function; the fault here lies squarely with the scammers. If you think that the victims need more education, then it is your responsibility to inform them of the risks, not to call them "idiots".
I spent nearly 15 minutes on the line to one guy who tried to talk me through pressing the Windows button in the bottom right hand corner of the screen.
I didn't even have to lie; I repeatedly told him I was running Linux, so I didn't have a Windows button. He thought I was an idiot, kept on trying to explain how to bring up the Windows control panel so that I could see the "error messages". Eventually in frustration he put on his supervisor, who after learning I ran Linux, apologized and quickly hung up on me.
Informative post.
And even if the administrators or technical department didn't want to configure time synchronization, then it is their responsibilty to ensure that all "medical devices" are calibrated at appropriate intervals, which should include setting the time.
There isn't a lot of science behind it; it is an exercise in simple probability. Once you define the set of likely passwords, then the time to crack it is directly proportional to the size of that set. So if for example the password is a random 4 character lowercase password, then there are 26 times 26 times 26 times 26 ways to build it. You might want to include 1, 2, and 3 character passwords in that total, but whatever, that gives you a rough idea of how hard it is.
The software covers about a dozen password strategies, calculating the set of passwords that use that strategy (for a particular length password). But it does not cover all the strategies that people might come up with, and forcing people use the software would mean that they will come up with relatively easy-to-guess ways around it. Hence my spaced-out password looks hard to the software, but it might not be too hard for a real person to guess my strategy, and once they have, I am cactus.
It is hard to quantify how likely a particular strategy is, but we know from experience that humans aren't that creative; simply choosing a different strategy does not make the password much stronger. What matters most is the size of the set of passwords that would result from that strategy.
Unfortunately there aren't as many culturally significant phrases as you might think. For example, wikiquote, which is quite comprehensive, has only about 20000 pages, each with say around a hundred quotes. This amounts to a set of only two million possibilities (which include most of the ones you suggested). We can quibble about the exact number, but I think I am being generous because some of these are much more popular than others and would be tested first. In comparison, a mere two words chosen randomly from a dictionary of common words will have a similar number of combinations (and none are more likely than any other, because they are chosen at random).
I understand your point that memorability is an issue. But it is the combination of random choices that best achieves password strength. The point of choosing words instead of characters is not that they are more memorable (four words is roughly as hard to remember as four characters), but that the set of words is larger than the set of characters. Although there are quite a few fandom phrases, they aren't going to be chosen at random by the individual, and they have only chosen one.
To be honest, if you cannot remember a strong random password or passphrase, then it is better to write it down rather than make it weaker. At least then you only have to physically secure the piece of paper, and a piece of paper is not subject to network attacks.
You seem rather trusting of the figures that come out of this bit of software.
"p a s s w o r d 1"
gives a result of 427445 centuries
Of the Linux versions
1) mypasswordsafe is no longer maintained
2) password gorilla is not particularly fast
3) pwsafe is still in beta
Having said that, they all seem to work fine with no major issues. The last one is the most similar to the current Windows version.
apparently we can ask the governor general nicely
What " SECURITY RISKS " do torrent / file sharing pose for the HOMELAND that department supposed to protect ?
information leaks? big zip files of diplomatic cables? who knows.
though perhaps "homeland" is one of those ministry of truth kind of names
Using the same package manager doesn't necessarily mean there aren't other major differences. It isn't easy to define 'base distros'; how much does a fork have to change before you consider it a separate distro? I classify Ubuntu as 'based on' Debian, not because it shares the same package manager, but because it currently continues to derive packages from the Debian system (with additional patches). Whereas while Mandriva and its forks have originated in Red Hat, they no longer draw from it.
Suse, Puppy, Arch, a number of Mandriva forks, etc
These variations of spatial and temporal language are not uncommon.
I lived for a time in a mountainous language area in Papua New Guinea, Awa tokples, where the basic greetings encoded whether the person being greeted came from uphill, downhill, or roughly level.There were also a number of language particles that encoded elevation and were used when giving directions. I am not aware of words for left and right (meaning direction, rather than hand).
Some Aboriginal languages such as Guugu Yimithirr and Arrernte use compass directions rather than relative directions. The Levinson group at Nijmegen have devised psycholinguistic tests where subjects exhibit the cognitive difference between these absolute and relative systems (for example, in the order that one might recollect the placing of three different objects in a line after moving to a table placed at 180 degrees to the original one).
Rafael Nunez and his team showed that amongst older speakers of the Chilean language Aymara, the psychological association of time with forward and backward is the reverse of the national language Spanish. Younger speakers tended to follow the Spanish mode rather than the original Aymara one.
For projects with limited resources, it is quite normal to use a subset of the language. For example, you may eschew use of the heap library functions in C, or the use of floating point calculations.
I too use C++ (a subset), even for embedded systems as small as AVR. Having a restrictive environment doesn't mean you can't use object classes and templates.
The main risk with using C++ in a tight memory space is hidden use of the heap (for example in the STL). I don't find that code bloat is a problem if you know what you are doing.