I thought I'd point out a misleading bit in the summary for those not familiar with OpenID
You don't type your password into "someone else's website" The only "someone else" is your OpenID provider. You get redirected to their page, authenticate in *some undefined manner* (could be a a client side certificate, or a password...)
You enter your OpenID into the website you want to 'log in' to, that's it. The site determines what OpenID provider to talk to, and eventually gets back a nod about your given identity.
Some games I'm not so sure about. Perhaps no demo. Maybe the demo is too short or is missing too many features. And in my experience, most of these that I'm not sure about end up getting deleted or forgotten about not long after install - a lot of times I'm left feeling glad that I didn't buy the game, but not necessarily at any fault of the developer. Different tastes! And yes, that's what demos are for. But if the demo doesn't exist or doesn't tell me enough, a no-effort pirated copy is a hell of a lot easier on my vague mental relation with you as a developer than, say, buying and attempting to return it with a BS excuse.
And no, I won't claim that I run out and buy it the second I decide it's worth the money. It's just too damn convenient NOT to, and a lot cheaper as well. (Though I'd feel a bit more generous for an independent title)
It's all about making the process terribly convenient at all stages. Steam and Blizzard have decent systems in place.
-Bittorrent is good. Blizz uses it for WoW patches to great effect. They don't care about piracy of course, but it's still a good alternative to pressing DVDs. All it takes is some web seeds with Akami or such.
-Re-download is good. One can download WoW and expansions by logging in to the WoW site. One can get Steam games on any computer, just have to download Steam. Would you rather me torrent it when I lose the CD and contribute ever so slightly to less legitimate piracy?
-Activation and CD checks are bullshit that make us look for cracks. It's too easy to lose the CDs, and we all know what happened with Bioshock.
-Preloading is good. Blizzard does this with patches, Steam does this with not yet released games. Yes, it's 1 month until ship. But let people place digital download orders long in advance - let them buy on impulse as soon as they play the demo. 99 percent of your assets will be the same on launch day as they are some time before.
-Logging in to play is bad. WoW is excused, but not Steam games. Let us download it anywhere with one purchase, play offline as normal - add a check for multiplayer to disallow multiple copies online w/ single account # as seen in current games. Doesn't hurt anything really. Sure, it's terribly easy to download a copy just for a friend, but I would advise you not to care.
-10 minute time limits on demos and such are retarded. Make it a good, solid demo. They can pirate at anyway and your bandwidth is dirt cheap thanks to Bittorrent - give us the first 25 percent. It's not like shittier demos with arbitrary constraints reduce piracy or increase sales. Yes, we know it's probably unfinished at the time of the _first_ demo. Release another one _after_ release. The polished one, bit identical up to level 5...
Yes, you still need to press disks. Just come to terms with the fact that if it's good enough, it will be pirated, so don't piss people off in trying to think otherwise. Put your game online, embrace peer to peer, and take away all the little excuses pirates have stood by.
Funny I think that people are so cautious to trust computers here, but they're fine for everything else. Just make it open. We can gain some advantages.
-Immediately before voting, you are handed a number. How we generate these numbers is up for debate. Perhaps they are centrally generated and serial. Perhaps a hash of name + DOB + other stuff. Each choice here opens different doors.
-Barcode equivalent to said number must be scanned at the machine. Number must also be entered on an onscreen key pad.
- Number + voting choices + timestamp + voting machine id are stored in a central database. Immediately. Nothing local.
-You get a receipt with your Number + voting choices + timestamp + machine ID. It also has these other handy value on there. A digital signature, created by said central authority with its private key. The public key is well known long in advance.
-After the election, the entire result set is made available for download. Yeah, a recount is a big fucking deal. We have these neat machines that are good at math. The bigger deal here is that if you check the database after you voted and the entry for your number doesn't match, you scream bloody murder. If you don't trust the machine, any party can verify the central authority's signature.
-But in addition to 'any' party, it is critical to have a non-networked verification appliance, which does nothing but verify the central signature for you before you physically leave. If you scream bloody murder at this point, we can consider the plain-text part of the receipt trusted. You obviously couldn't have faked the entire receipt while being watched by everyone. More on this soon.
Nice huh? Let's recap some advantages here: -You can verify that your vote was counted and correctly -You can't determine who voted for whom, except yourself. -The receipt actually means something
Let's elaborate on that third point. There are several means of lying to you, which can't easily be solved without adding machines into the mix
-What if the receipt says you voted for X but the machine recorded you as voting for Y? This is as good as pressing the wrong button. The signatures will both be valid. But if the plain-text portion shows the wrong candidate, you'll notice and scream. If the plain-text portion doesn't match the the central signature (the one most directly relevant to proper recording) you will catch this at the non-networked verifier. The receipt can still be trusted having not left the polling place, so you will be allowed to vote on another machine, as meanwhile the machine you previously used is marked for a serious investigation...
-What if the central authority records whatever it wants but produces a normal signature? The receipt will be considered entirely valid and endorsed. People will notice quickly as they check the database from home. You have a paper trail that can be trusted. What if the signature is bogus? People notice before they leave the polling place.
Up to this point? Criminal negligence bordering on treason. Open source needs to step up.
It concerns me that credit card numbers and social security numbers are these all-important pieces of "your identity" that must be carefully safeguarded at all costs. Nobody can know! Except all those entities that ask for then. Like these 'Clear' guys. And exactly 9,267 waiters.
Proof of identity that is equivalent to the identity itself, in entirety, hmmm? Why can any number of people impersonate you, but are trusted not to? Why can your identity be "stolen" from a third party?
I cry for the day when society at large discovers what the sweet loving fuck a private key is, and perhaps even a respectable comprehension of what defines "secure." Security is not so just because your government and the man in the uniform assures you that things are _better_ now, or even simply that the status quo is _perfectly fine_. It's a small subset of your typical Americans (in my experience) that when presented with the latest breakthrough in airport security, have a response beginning with "Couldn't they still just..." Most are sheep. And a lot of the smarter ones still feel just a teensy bit better. It doesn't take a hacker's mindset to poke holes in the elaborate security handwavings presented day to day. Do they not care?
Identity is a funny thing here. People are scared shitless of a big brother style national ID card, but line up for state drivers licenses, of which fakes are made plentiful to satisfy the desires of even the most low budgeted of teenagers. Supposedly the government knows you exist if you have a birth certificate. SSN supposedly optional, but I'd love to see someone try. But the government as well as everything private seems to forget who you are from building to building - each asking you again for that same basic info. In practice most things are just as anonymous as they are online. Go ahead, lie about whatever you want. See if they notice. I'm Nat Tellin half the time.
Think for a moment about how you would create a 'new' identity. How terribly possible it is to simply disappear, and pop up again somewhere else as a new person. Bonus points for looking totally benign under scrutiny - perhaps you 'immigrated' from Canada using some thin mask of false credential. Just as long as you keep telling the same lies to all the right people, really. At what point have you succeeded? Genuine but falsified photo id? SSN? Credit history?
All that defines you is ability to provide a series of opaque alphanumeric values that you freely give to most anyone, but are next to impossible to verify.
You're trusting FireGPG at that point. As well as Firefox, GPG, and (the majority of the time) Windows XP or Vista. Those last two worry me the most.
The main FireGPG download page (http://getfiregpg.org/install.html) as well as the xpi are both served over plain http, not https, and the package is not signed. Author not verified, huh. Here's my unencrypted text and password for my key anyway.
I'll give the benefit of the doubt to Firefox and GPG due to being a bit more high-profile, and last I checked the Firefox installer is always signed.
Weakest link and all. Scary stuff with recent laws to combat terr'ists like us.
Gnome has that annoying 'users are retarded' concept. I used to use KDE 3 because it had lots and lots of configuration options, some of which might be useful.
I tried a 4.1 RC recently. The 'plasma' system is terribly underdeveloped. In a lot of cases, the 'settings' dialog is...one checkbox. These aren't just widgets - you see this issue with a lot of major UI components. Like the desktop.
This will never stop with the current security model. Attacks like this work just as well on the other major operating systems. Let's move away from reactive security and fix the root cause.
Though I certainly wouldn't care to summarize the entire thing, here's what it comes down to.
User programs don't automatically get the running user's full rights. A calculator has no reason to delete your documents, so why should it be able to? And without your knowledge to boot. On the OLPCs, documents are kept in a special storage area. It isn't a matter of owner read access. In general, for a program to get a user's file poofed in to its chroot sandbox, it has to ask the document service (which presents a consistent dialog). Further, a text editor doesn't need to access the network. The user can access the network, but his or her programs can only do so if explicitly allowed to (various such rights are set at install time, configurable later). Certain combinations of program rights are disallowed at install time (such as both network access and webcam access) but can be enabled later. Plus a lot more.
Sudo/UAC sound nice and all until you realize that programs and users are separate entities.
Yes, there's a lot to learn from the OLPC project. It's designed to be used (safely) by computer-illiterate children who can't (or can scarcely) read. If you think that sounds like a good description of computer users in general, then you're absolutely right. Security as seen in *nix and Windows makes perfect sense for protecting users from each other. That was the goal back in the day. The people with access to a server were supposed to have a general idea of what they were doing (entirely on them if they didn't), and in that case *nix security works well. But computers have gotten more personal, and that assumption is now blatantly false. Anyone thinkng that Windows security problems stop at buffer overflows, or that Linux on the desktop will change anything, is a fool.
In a world without government incompetence and corruption, that would be an excellent idea.
I can only imagine how painful a government computer-safety course would be for us geeks. Think of the blatant ads for security products in exchange for 'donations' or 'contributions', and an entire unit of thinkofthechildren nonsense. Think of a course which says that the only way to properly use the internet is with Windows 7 and Internet Explorer.
Its blade length and style varied, but it was generally 7-14 inches. However, the blades of Irish versions often were as much as 21 inches in length. From Wiki. Emphasis mine:)
Though I certainly wouldn't care to summarize the entire thing, here's what it comes down to.
User programs don't automatically get the running user's full rights. A calculator has no reason to delete your documents, so why should it be able to? And without your knowledge to boot. On the OLPCs, documents are kept in a special storage area. It isn't a matter of owner read access. In general, for a program to get a user's file poofed in to its chroot sandbox, it has to ask the document service (which presents a consistent dialog). Further, a text editor doesn't need to access the network. The user can access the network, but his or her programs can only do so if explicitly allowed to (various such rights are set at install time, configurable later). Certain combinations of program rights are disallowed at install time (such as both network access and webcam access) but can be enabled later. Plus a lot more.
Sudo/UAC sound nice and all until you realize that programs and users are separate entities.
Yes, there's a lot to learn from the OLPC project. It's designed to be used (safely) by computer-illiterate children who can't (or can scarcely) read. If you think that sounds like a good description of computer users in general, then you're absolutely right. Security as seen in *nix and Windows makes perfect sense for protecting users from each other. That was the goal back in the day. The people with access to a server were supposed to have a general idea of what they were doing (entirely on them if they didn't), and in that case *nix security works well. But computers have gotten more personal, and that assumption is now blatantly false. Anyone thinkng that Windows security problems stop at buffer overflows, or that Linux on the desktop will change anything, is a fool.
...will people have to live in fear of contracting DNA. It is alarming how widespread it is among people today -- it can be a fatal mistake to assume that you do not already have DNA. Seek medical care immediately for treatment of symptoms. I really can't stress this enough: virtually every living thing with DNA will *DIE* within a matter of decades! Please, make sure your children get this vaccine before it's too late for us all.
ESX reminds me of Xen. I'm sure someone will gladly step up to correct me, but this is my take on it.
According to the last paper I read on the subject, in one operating mode of Xen (perhaps the one that requires processor support?) it does in fact run 'under' all of the domains, but doesn't know everything about the hardware. The 'Dom0' domain has special status and is the only one that has to be patched (with processor support that is. You need processor support to run Windows for example). Dom0 can communicate with the hypervisor (start domains and such), but more importantly the hypervisor intercepts certain ops by the guest domains, and passes them along to Dom0 for actual processing.
This makes sense for VMWare.
-VMWare doesn't want to write drivers for every hadware device that vmkernel needs to use. -VMWare doesn't want to open source their hypervisor. It very likely shares a good chunk of code with their other products. It's their bread and butter.
So this is their solution.
-FROM WHAT I CAN TELL, as with Xen, hardware support is decided by the 'service console', Dom0 in Xen speak. Correct me if I'm wrong. I haven't found a specific mention of hardware stuff being passed to the service console by vmkernel, but this seems likely. -They patch Red Hat to provide support for the above. IANAL, but it seems certain that they will have to provide their patches. I really can't say if the hypervisor can be called a 'derived work'. This is an interesting case. I'd personally say that vmkernel is not much unlike the nVidia module TFA mentioned. vmkernel could just as well run with a Windows host if either of the two was modified to communicate with the other. The kernel patches serve that purpose in the current setup -- it's more like 'Linux is patched to interface with something proprietary' than 'Something proprietary is based on Linux'.
I'm not familiar with the Xen startup process, but it appears that vmkernel is only loaded partway through the boot process. Host kernel loads, everything comes to a grinding halt, vmkernel sticks its fingers where they don't belong, and is from then on controls the hardware. It's a strange design decision that raises questions. I thought that the Xen hypervisor loaded earlier in the boot process, but I haven't verified that.
Slashdot Mirror
I thought I'd point out a misleading bit in the summary for those not familiar with OpenID
You don't type your password into "someone else's website"
The only "someone else" is your OpenID provider. You get redirected to their page, authenticate in *some undefined manner* (could be a a client side certificate, or a password...)
You enter your OpenID into the website you want to 'log in' to, that's it. The site determines what OpenID provider to talk to, and eventually gets back a nod about your given identity.
I'd gladly pay for more games.
Some games I'm not so sure about. Perhaps no demo. Maybe the demo is too short or is missing too many features. And in my experience, most of these that I'm not sure about end up getting deleted or forgotten about not long after install - a lot of times I'm left feeling glad that I didn't buy the game, but not necessarily at any fault of the developer. Different tastes! And yes, that's what demos are for. But if the demo doesn't exist or doesn't tell me enough, a no-effort pirated copy is a hell of a lot easier on my vague mental relation with you as a developer than, say, buying and attempting to return it with a BS excuse.
And no, I won't claim that I run out and buy it the second I decide it's worth the money. It's just too damn convenient NOT to, and a lot cheaper as well. (Though I'd feel a bit more generous for an independent title)
It's all about making the process terribly convenient at all stages. Steam and Blizzard have decent systems in place.
-Bittorrent is good. Blizz uses it for WoW patches to great effect. They don't care about piracy of course, but it's still a good alternative to pressing DVDs. All it takes is some web seeds with Akami or such.
-Re-download is good. One can download WoW and expansions by logging in to the WoW site. One can get Steam games on any computer, just have to download Steam. Would you rather me torrent it when I lose the CD and contribute ever so slightly to less legitimate piracy?
-Activation and CD checks are bullshit that make us look for cracks. It's too easy to lose the CDs, and we all know what happened with Bioshock.
-Preloading is good. Blizzard does this with patches, Steam does this with not yet released games. Yes, it's 1 month until ship. But let people place digital download orders long in advance - let them buy on impulse as soon as they play the demo. 99 percent of your assets will be the same on launch day as they are some time before.
-Logging in to play is bad. WoW is excused, but not Steam games. Let us download it anywhere with one purchase, play offline as normal - add a check for multiplayer to disallow multiple copies online w/ single account # as seen in current games. Doesn't hurt anything really. Sure, it's terribly easy to download a copy just for a friend, but I would advise you not to care.
-10 minute time limits on demos and such are retarded. Make it a good, solid demo. They can pirate at anyway and your bandwidth is dirt cheap thanks to Bittorrent - give us the first 25 percent. It's not like shittier demos with arbitrary constraints reduce piracy or increase sales. Yes, we know it's probably unfinished at the time of the _first_ demo. Release another one _after_ release. The polished one, bit identical up to level 5...
Yes, you still need to press disks. Just come to terms with the fact that if it's good enough, it will be pirated, so don't piss people off in trying to think otherwise. Put your game online, embrace peer to peer, and take away all the little excuses pirates have stood by.
Everyone is making fun of the invasion of a democratic^H^H^H^H^H^H^H^H^H^H country?
Fixed.
Let's not that pretend form of government in any way dictates quality.
I was playing Chaos Theory earlier today.
It's probably those damn masse kernels. This probably started in South Korea.
Funny I think that people are so cautious to trust computers here, but they're fine for everything else. Just make it open. We can gain some advantages.
-Immediately before voting, you are handed a number. How we generate these numbers is up for debate. Perhaps they are centrally generated and serial. Perhaps a hash of name + DOB + other stuff. Each choice here opens different doors.
-Barcode equivalent to said number must be scanned at the machine. Number must also be entered on an onscreen key pad.
- Number + voting choices + timestamp + voting machine id are stored in a central database. Immediately. Nothing local.
-You get a receipt with your Number + voting choices + timestamp + machine ID. It also has these other handy value on there. A digital signature, created by said central authority with its private key. The public key is well known long in advance.
-After the election, the entire result set is made available for download. Yeah, a recount is a big fucking deal. We have these neat machines that are good at math. The bigger deal here is that if you check the database after you voted and the entry for your number doesn't match, you scream bloody murder. If you don't trust the machine, any party can verify the central authority's signature.
-But in addition to 'any' party, it is critical to have a non-networked verification appliance, which does nothing but verify the central signature for you before you physically leave. If you scream bloody murder at this point, we can consider the plain-text part of the receipt trusted. You obviously couldn't have faked the entire receipt while being watched by everyone. More on this soon.
Nice huh? Let's recap some advantages here:
-You can verify that your vote was counted and correctly
-You can't determine who voted for whom, except yourself.
-The receipt actually means something
Let's elaborate on that third point.
There are several means of lying to you, which can't easily be solved without adding machines into the mix
-What if the receipt says you voted for X but the machine recorded you as voting for Y? This is as good as pressing the wrong button. The signatures will both be valid. But if the plain-text portion shows the wrong candidate, you'll notice and scream. If the plain-text portion doesn't match the the central signature (the one most directly relevant to proper recording) you will catch this at the non-networked verifier. The receipt can still be trusted having not left the polling place, so you will be allowed to vote on another machine, as meanwhile the machine you previously used is marked for a serious investigation...
-What if the central authority records whatever it wants but produces a normal signature? The receipt will be considered entirely valid and endorsed. People will notice quickly as they check the database from home. You have a paper trail that can be trusted. What if the signature is bogus? People notice before they leave the polling place.
Up to this point? Criminal negligence bordering on treason. Open source needs to step up.
Linux is a kernel! Let's not forget that.
Ubuntu switched over to the Shuttleworthnix microkernel in, if I recall, Pimpin' Polecat.
Not entirely! As a matter of fact, I hate puppies. I'm more of a cat person.
Your undead savior,
Zombie-jesus
It concerns me that credit card numbers and social security numbers are these all-important pieces of "your identity" that must be carefully safeguarded at all costs. Nobody can know! Except all those entities that ask for then. Like these 'Clear' guys. And exactly 9,267 waiters.
Proof of identity that is equivalent to the identity itself, in entirety, hmmm? Why can any number of people impersonate you, but are trusted not to? Why can your identity be "stolen" from a third party?
I cry for the day when society at large discovers what the sweet loving fuck a private key is, and perhaps even a respectable comprehension of what defines "secure." Security is not so just because your government and the man in the uniform assures you that things are _better_ now, or even simply that the status quo is _perfectly fine_. It's a small subset of your typical Americans (in my experience) that when presented with the latest breakthrough in airport security, have a response beginning with "Couldn't they still just..."
Most are sheep. And a lot of the smarter ones still feel just a teensy bit better.
It doesn't take a hacker's mindset to poke holes in the elaborate security handwavings presented day to day. Do they not care?
Identity is a funny thing here. People are scared shitless of a big brother style national ID card, but line up for state drivers licenses, of which fakes are made plentiful to satisfy the desires of even the most low budgeted of teenagers. Supposedly the government knows you exist if you have a birth certificate. SSN supposedly optional, but I'd love to see someone try. But the government as well as everything private seems to forget who you are from building to building - each asking you again for that same basic info. In practice most things are just as anonymous as they are online. Go ahead, lie about whatever you want. See if they notice. I'm Nat Tellin half the time.
Think for a moment about how you would create a 'new' identity. How terribly possible it is to simply disappear, and pop up again somewhere else as a new person. Bonus points for looking totally benign under scrutiny - perhaps you 'immigrated' from Canada using some thin mask of false credential. Just as long as you keep telling the same lies to all the right people, really. At what point have you succeeded? Genuine but falsified photo id? SSN? Credit history?
All that defines you is ability to provide a series of opaque alphanumeric values that you freely give to most anyone, but are next to impossible to verify.
Not if you use https://mail.google.com/ as your login page. Handy trick, but it should be the default.
You're trusting FireGPG at that point. As well as Firefox, GPG, and (the majority of the time) Windows XP or Vista. Those last two worry me the most.
The main FireGPG download page (http://getfiregpg.org/install.html) as well as the xpi are both served over plain http, not https, and the package is not signed. Author not verified, huh. Here's my unencrypted text and password for my key anyway.
I'll give the benefit of the doubt to Firefox and GPG due to being a bit more high-profile, and last I checked the Firefox installer is always signed.
Weakest link and all. Scary stuff with recent laws to combat terr'ists like us.
KDE was very tweakable last time
Not this time.
Gnome has that annoying 'users are retarded' concept. I used to use KDE 3 because it had lots and lots of configuration options, some of which might be useful.
I tried a 4.1 RC recently. The 'plasma' system is terribly underdeveloped. In a lot of cases, the 'settings' dialog is...one checkbox. These aren't just widgets - you see this issue with a lot of major UI components. Like the desktop.
Polishing the knob huh?
No wonder the developers didn't finish everything in time for 4.0!
(Sorry - that one got me. Google it if needed)
Measuring the internet in kiloclits is like measuring the diameter of our galaxy in nanometers.
Numbers like that are a waste of perfectly good zeroes (that could otherwise be used for the encoded storage of more clits).
This will never stop with the current security model. Attacks like this work just as well on the other major operating systems. Let's move away from reactive security and fix the root cause.
BitFrost (see http://wiki.laptop.org/go/OLPC_Bitfrost [laptop.org]) is the set of security mechanisms present in the OLPC.
Though I certainly wouldn't care to summarize the entire thing, here's what it comes down to.
User programs don't automatically get the running user's full rights. A calculator has no reason to delete your documents, so why should it be able to? And without your knowledge to boot. On the OLPCs, documents are kept in a special storage area. It isn't a matter of owner read access. In general, for a program to get a user's file poofed in to its chroot sandbox, it has to ask the document service (which presents a consistent dialog). Further, a text editor doesn't need to access the network. The user can access the network, but his or her programs can only do so if explicitly allowed to (various such rights are set at install time, configurable later). Certain combinations of program rights are disallowed at install time (such as both network access and webcam access) but can be enabled later. Plus a lot more.
Sudo/UAC sound nice and all until you realize that programs and users are separate entities.
Yes, there's a lot to learn from the OLPC project. It's designed to be used (safely) by computer-illiterate children who can't (or can scarcely) read. If you think that sounds like a good description of computer users in general, then you're absolutely right. Security as seen in *nix and Windows makes perfect sense for protecting users from each other. That was the goal back in the day. The people with access to a server were supposed to have a general idea of what they were doing (entirely on them if they didn't), and in that case *nix security works well. But computers have gotten more personal, and that assumption is now blatantly false. Anyone thinkng that Windows security problems stop at buffer overflows, or that Linux on the desktop will change anything, is a fool.
Gamma-ray Space Telescope for Recon In Nearby Galaxies
I'm sure that the "feeling lucky" purists would just close their eyes. Let's hope they can touch type...
I'm a king among women. You may just have to take my word for it, but it's wildly entertaining, I assure you.
In a world without government incompetence and corruption, that would be an excellent idea.
I can only imagine how painful a government computer-safety course would be for us geeks. Think of the blatant ads for security products in exchange for 'donations' or 'contributions', and an entire unit of thinkofthechildren nonsense. Think of a course which says that the only way to properly use the internet is with Windows 7 and Internet Explorer.
I'm surprised it hasn't come up yet.
BitFrost (see http://wiki.laptop.org/go/OLPC_Bitfrost) is the set of security mechanisms present in the OLPC.
Though I certainly wouldn't care to summarize the entire thing, here's what it comes down to.
User programs don't automatically get the running user's full rights. A calculator has no reason to delete your documents, so why should it be able to? And without your knowledge to boot. On the OLPCs, documents are kept in a special storage area. It isn't a matter of owner read access. In general, for a program to get a user's file poofed in to its chroot sandbox, it has to ask the document service (which presents a consistent dialog). Further, a text editor doesn't need to access the network. The user can access the network, but his or her programs can only do so if explicitly allowed to (various such rights are set at install time, configurable later). Certain combinations of program rights are disallowed at install time (such as both network access and webcam access) but can be enabled later. Plus a lot more.
Sudo/UAC sound nice and all until you realize that programs and users are separate entities.
Yes, there's a lot to learn from the OLPC project. It's designed to be used (safely) by computer-illiterate children who can't (or can scarcely) read. If you think that sounds like a good description of computer users in general, then you're absolutely right. Security as seen in *nix and Windows makes perfect sense for protecting users from each other. That was the goal back in the day. The people with access to a server were supposed to have a general idea of what they were doing (entirely on them if they didn't), and in that case *nix security works well. But computers have gotten more personal, and that assumption is now blatantly false. Anyone thinkng that Windows security problems stop at buffer overflows, or that Linux on the desktop will change anything, is a fool.
Really now.
Kernel developers don't have children...everyone knows that.
For the less gifted mods out there today, the parent is making a joke. "Analog Hole" in reference to DRM silliness.
...will people have to live in fear of contracting DNA. It is alarming how widespread it is among people today -- it can be a fatal mistake to assume that you do not already have DNA. Seek medical care immediately for treatment of symptoms. I really can't stress this enough: virtually every living thing with DNA will *DIE* within a matter of decades! Please, make sure your children get this vaccine before it's too late for us all.
ESX reminds me of Xen. I'm sure someone will gladly step up to correct me, but this is my take on it.
According to the last paper I read on the subject, in one operating mode of Xen (perhaps the one that requires processor support?) it does in fact run 'under' all of the domains, but doesn't know everything about the hardware. The 'Dom0' domain has special status and is the only one that has to be patched (with processor support that is. You need processor support to run Windows for example). Dom0 can communicate with the hypervisor (start domains and such), but more importantly the hypervisor intercepts certain ops by the guest domains, and passes them along to Dom0 for actual processing.
This makes sense for VMWare.
-VMWare doesn't want to write drivers for every hadware device that vmkernel needs to use.
-VMWare doesn't want to open source their hypervisor. It very likely shares a good chunk of code with their other products. It's their bread and butter.
So this is their solution.
-FROM WHAT I CAN TELL, as with Xen, hardware support is decided by the 'service console', Dom0 in Xen speak. Correct me if I'm wrong. I haven't found a specific mention of hardware stuff being passed to the service console by vmkernel, but this seems likely.
-They patch Red Hat to provide support for the above. IANAL, but it seems certain that they will have to provide their patches. I really can't say if the hypervisor can be called a 'derived work'. This is an interesting case. I'd personally say that vmkernel is not much unlike the nVidia module TFA mentioned. vmkernel could just as well run with a Windows host if either of the two was modified to communicate with the other. The kernel patches serve that purpose in the current setup -- it's more like 'Linux is patched to interface with something proprietary' than 'Something proprietary is based on Linux'.
I'm not familiar with the Xen startup process, but it appears that vmkernel is only loaded partway through the boot process. Host kernel loads, everything comes to a grinding halt, vmkernel sticks its fingers where they don't belong, and is from then on controls the hardware. It's a strange design decision that raises questions. I thought that the Xen hypervisor loaded earlier in the boot process, but I haven't verified that.
If we play our cards right, we may have majority IPv6 deployment by then, so at least we'll have enough addresses for the new planet.