They don't exactly go out of their way to draw attention to the fact that the signatures even exist, do they? The mention of signing is after the paragraphs of recent news, which most users are not likely looking at when they go to download the file. The.sign file is hidden in the file structure, no link on the main page.
The fact that they provide a nice, bold link to the current version without even a smaller link to its corresponding signature is a pretty big oversight. Even basic projects generally provide a link to at least an md5sum.
If the package signing key gets out in the wild, that is a problem. Aside from that, you cannot really have an issue where someone creates a fake package and gets it past a check, because they simply cannot generate the correct signature. SSL has a flaw that a browser will see "*.google.com" and trust it, even if it was not issued by the actual CA that Google uses. That issue does not exist with signed packages.
Also, when I go to kernel.org I generally see a lot of.tar.bz2 files for download. What's to stop an attacker from packaging a patched source and putting it in the place where most of the rolling release distributions are actually pulling it from? So what if the source tree is clean, if the packaged version is not then there was a problem.
No, it's not. All they have done is fixed their DNS so things like Akamai (and Google's own distributed system) can function as designed.
In the past if you switched over to Google's DNS or OpenDNS, you ended up with a slower Internet experience in some ways, as the CDNs would send data from the node located closest to the DNS server, rather than the client. If you were a user in Europe, you might very well be receiving a YouTube stream from within the US. This has changed, as the CDN can tell the location of the client apart from the DNS server the client is using and use the appropriate frontend.
None of this has been an issue for the normal ISP-provided DNS users.
Also of note is Akamai is not supported at the moment, so a large chunk of the CDN traffic is still broken. Also, Google's own DNS benchmarker, namebench, often shows better performance from ISP servers than OpenDNS or Google's, simply due to the location. If an ISP server is not misbehaving by hijacking typos and such, there isn't too much reason to switch (that I can see).
I think it's more likely a beneficial symptom of the Mac UI in general. The universal menu means an application like Word with only the ribbon would have a giant grey bar at the top with "Word" and nothing else. It looks ugly, and the application window itself can't really get any more streamlined than it already was anyway.
On Windows each window has its own menu, so removing all of the menues and streamlining the window is visually acceptable, even if it removes (needed) functionality.
The ribbon on the Mac is not nearly as bad as on Windows, specifically because the menues are still there and you are not forced to use the ribbon for every single thing you want to accomplish.
Interestingly, Office Mac 2011 includes a variation of the ribbon, but still includes the menues as well. Apple's built in help system also includes a quick search, so even if you don't know which menu an item is in, you can find it pretty quickly. To me this is really the best of both worlds, and an example of what Microsoft should have done with the Windows version, because nobody's workflow is needlessly interrupted.
On Windows Office, assuming I have to do anything nonstandard, I spend more time looking for and searching online due to the ribbon than I do actually working on the project.
Why, that sounds just like the time that Apple still had over a billion in the bank and Microsoft paid them off to settle a copyright infringement case.
The copyright infringement was not look and feel, but code stolen by a third party company on behalf of Intel/Microsoft. Quicktime code knowingly ended up in Media Player which was shipping at that point.
I do not believe he is talking about businesses ripping off the code, rather the GPL zealots. The same who often do not contribute back, or ONLY license changes as GPL such that BSD-licensed software cannot use them.
Or they could port Dalvik to something other than Linux. Android is not GPL, it's Apache. In the case of 3.0+ it is currently closed source even. They release the bits they are supposed to.
I have no doubt that if licensing changed, so would the kernel.
That picture is not Apple's, it was an artist's representation (they hid that little tidbit in page 2). Without seeing the actual picture, we do not know if they rearranged anything.
"The complaint is only available for viewing at the court in The Hague. Due to these restrictions, Webwereld has made a rendering of Apple's flawed evidence to present the findings visually."
If you're going to complain about icon sizes, you need to blame some Webwereld artist.
"The complaint is only available for viewing at the court in The Hague. Due to these restrictions, Webwereld has made a rendering of Apple's flawed evidence to present the findings visually."
This isn't Apple's image, any measurement of tiny differences or similarities is moot, because some artist made the image you're basing it on. The article also says the aspect ratio was not altered.
"The complaint is only available for viewing at the court in The Hague. Due to these restrictions, Webwereld has made a rendering of Apple's flawed evidence to present the findings visually."
Image in the article is not the image in the complaint, it is just an artist's rendering of what they think it looked like.
Except fsn was real file manager for IRIX. You can get fsv to recreate your own favorite Jurassic Park scene from the comfort and safety of your own home.
Within a week or two of Google+ being released, people here and elsewhere mentioned that it would not get very far or ever be popular without Apps and Games specifically. Now that they're deploying them (in an intelligent way), it's a horrible idea and shows Google has no innovation and is only copying Facebook. You can't have it both ways.
If you want to make an apple pie from scratch you must first invent the universe... like that one time I went golfing with Barack Obama and Derek Jeter! (Cue random clip of the previous)
And if you're not going to use the admin GUIs anyway, there's really no reason to switch to anything. The article is complaining about changes in the admin GUI, if you are competent enough to configure the thing through the command line, you're not losing any functionality.
The service is coming, Slashgear has reported mention of a "Games Stream" in some Google Help docs (now removed), which hints that the games along with the spam will be available, but you'll be able to ignore it much more easily.
Slashdot Mirror
Security is not the focus, this has been made clear.
Yeah, those do nothing for the archive files sitting on the kernel.org homepage.
They don't exactly go out of their way to draw attention to the fact that the signatures even exist, do they? The mention of signing is after the paragraphs of recent news, which most users are not likely looking at when they go to download the file. The .sign file is hidden in the file structure, no link on the main page.
The fact that they provide a nice, bold link to the current version without even a smaller link to its corresponding signature is a pretty big oversight. Even basic projects generally provide a link to at least an md5sum.
If the package signing key gets out in the wild, that is a problem. Aside from that, you cannot really have an issue where someone creates a fake package and gets it past a check, because they simply cannot generate the correct signature. SSL has a flaw that a browser will see "*.google.com" and trust it, even if it was not issued by the actual CA that Google uses. That issue does not exist with signed packages.
Also, when I go to kernel.org I generally see a lot of .tar.bz2 files for download. What's to stop an attacker from packaging a patched source and putting it in the place where most of the rolling release distributions are actually pulling it from? So what if the source tree is clean, if the packaged version is not then there was a problem.
No, it's not. All they have done is fixed their DNS so things like Akamai (and Google's own distributed system) can function as designed.
In the past if you switched over to Google's DNS or OpenDNS, you ended up with a slower Internet experience in some ways, as the CDNs would send data from the node located closest to the DNS server, rather than the client. If you were a user in Europe, you might very well be receiving a YouTube stream from within the US. This has changed, as the CDN can tell the location of the client apart from the DNS server the client is using and use the appropriate frontend.
None of this has been an issue for the normal ISP-provided DNS users.
Also of note is Akamai is not supported at the moment, so a large chunk of the CDN traffic is still broken. Also, Google's own DNS benchmarker, namebench, often shows better performance from ISP servers than OpenDNS or Google's, simply due to the location. If an ISP server is not misbehaving by hijacking typos and such, there isn't too much reason to switch (that I can see).
I think it's more likely a beneficial symptom of the Mac UI in general. The universal menu means an application like Word with only the ribbon would have a giant grey bar at the top with "Word" and nothing else. It looks ugly, and the application window itself can't really get any more streamlined than it already was anyway.
On Windows each window has its own menu, so removing all of the menues and streamlining the window is visually acceptable, even if it removes (needed) functionality.
The ribbon on the Mac is not nearly as bad as on Windows, specifically because the menues are still there and you are not forced to use the ribbon for every single thing you want to accomplish.
Interestingly, Office Mac 2011 includes a variation of the ribbon, but still includes the menues as well. Apple's built in help system also includes a quick search, so even if you don't know which menu an item is in, you can find it pretty quickly. To me this is really the best of both worlds, and an example of what Microsoft should have done with the Windows version, because nobody's workflow is needlessly interrupted.
On Windows Office, assuming I have to do anything nonstandard, I spend more time looking for and searching online due to the ribbon than I do actually working on the project.
Why, that sounds just like the time that Apple still had over a billion in the bank and Microsoft paid them off to settle a copyright infringement case.
The copyright infringement was not look and feel, but code stolen by a third party company on behalf of Intel/Microsoft. Quicktime code knowingly ended up in Media Player which was shipping at that point.
I do not believe he is talking about businesses ripping off the code, rather the GPL zealots. The same who often do not contribute back, or ONLY license changes as GPL such that BSD-licensed software cannot use them.
Or they could port Dalvik to something other than Linux. Android is not GPL, it's Apache. In the case of 3.0+ it is currently closed source even. They release the bits they are supposed to.
I have no doubt that if licensing changed, so would the kernel.
That picture is not Apple's, it was an artist's representation (they hid that little tidbit in page 2). Without seeing the actual picture, we do not know if they rearranged anything.
You saw Apple's image?
The one in the article is not Apple's image.
"The complaint is only available for viewing at the court in The Hague. Due to these restrictions, Webwereld has made a rendering of Apple's flawed evidence to present the findings visually."
If you're going to complain about icon sizes, you need to blame some Webwereld artist.
Did you even read the caption in TFA?
"The complaint is only available for viewing at the court in The Hague. Due to these restrictions, Webwereld has made a rendering of Apple's flawed evidence to present the findings visually."
This isn't Apple's image, any measurement of tiny differences or similarities is moot, because some artist made the image you're basing it on. The article also says the aspect ratio was not altered.
"Lifting" - This is what you call it when you don't pay for a license to a product.
Apple didn't "lift" anything, they paid Xerox, and Xerox invested in Apple.
No, "they" didn't.
"The complaint is only available for viewing at the court in The Hague. Due to these restrictions, Webwereld has made a rendering of Apple's flawed evidence to present the findings visually."
Image in the article is not the image in the complaint, it is just an artist's rendering of what they think it looked like.
Except fsn was real file manager for IRIX. You can get fsv to recreate your own favorite Jurassic Park scene from the comfort and safety of your own home.
This is a great comment.
Within a week or two of Google+ being released, people here and elsewhere mentioned that it would not get very far or ever be popular without Apps and Games specifically. Now that they're deploying them (in an intelligent way), it's a horrible idea and shows Google has no innovation and is only copying Facebook. You can't have it both ways.
Ah yes, Seth MacFarlane... I can see it now:
If you want to make an apple pie from scratch you must first invent the universe... like that one time I went golfing with Barack Obama and Derek Jeter! (Cue random clip of the previous)
Except you can do both. I have reset my password multiple times.
And if you're not going to use the admin GUIs anyway, there's really no reason to switch to anything. The article is complaining about changes in the admin GUI, if you are competent enough to configure the thing through the command line, you're not losing any functionality.
They already did this competition, the final homes have been announced.
It does not check anything, and now even the server software got rid of the serial numbers and serial checking.
The service is coming, Slashgear has reported mention of a "Games Stream" in some Google Help docs (now removed), which hints that the games along with the spam will be available, but you'll be able to ignore it much more easily.