In theory the "many eyes" that can see open source will detect security problems. In practise it doesn't happen that way. The reason that open source code is more secure than closed source is that the designers and authors care more about their code as they KNOW it will be made public and they value their public reputation -- it's the same as a John Grisham making sure there are no speling errers in his books. Additionally in the Linux world they don't have to make security compromises suggested by some marketting department droid.
When security is designed in from the beginning it's far harder for a trivial hack to open up a computer to the world.
While Real complains about the problems they have with a MS monopoly, they don't then take the obvious step and properly support alternative platforms.
But then, they don't really support Windows either. I have to run RealPlayer 7 on my old Win98 laptop because none of the subsequent releases work properly (they all need a minimum of 128M of memory.)
If Real, really want to succeed, open up the codecs and allow us to help them compete.
the judge specifically asked Kevin if there would be sufficient time to produce the required docs because there would be no difficulty in waiting till later in the month.
Now, when a judge is being nice and in return is treated without respect, the judge may just decide that it's time to crack a few heads.
when SCO, sorry CoS, were spamming ARS a couple of years ago it was possible to kill 99% of the spam just by computing the average word length in the spam. Ordinary humans generated messages with an average word length of 4.5 letters, CoS random word spam had an average word length of 5.5 letters.
I was surprised that such a simple test worked so well.
One day I must re-implement the test for email spam and see if it works as well.
anyone else noticed that the entire campaign to get new laws to aid their "war" against their customers will result in the STATE paying to investigate and prosecute copyright violations rather than the copyright owner?
While taking the fingerprint may only need 15s, checking the print against a database of 200, 500 million prints will take much longer and will produce many false positives that have to be investigated.
the questions in the business survey are very poor and often cannot be related to real-world linux installations.
One question asks about linux clusters and offers a selection of maximum "nodes" which stops at eight?!
The problem seems to be that the questions are designed to gather a "checklist" of features that when added to windows would make it a viable alternative to linux. As the Irishman would say when asked for directions to the next town, "If I were you, I wouldn't start from here."
x86 Solaris WILL live happily with Windows and Linux and a multi-boot system is trivially possible so long as you take some care. The most obvious gotya! is the Sun disk partition id is the same as the Linux swap partition id.
x86 does NOT insist on using an entire disk. It will happily install into a suitable partition pre-created with the Sun disk partition id. During the install pseudo-partitions will be created as needed within the actual partition.
I've had triple-boot systems with Win98, Redhat Linux and Solaris all installed on the same drive.
The reviewer also had network problems. With NICs on the HCL list and many work-a-likes there should be no problems at all.
You do need to understand what you are doing when installing Solaris, and it helps to understand the network configuration it will be plugged into before you start.
On the other hand, after answering a handful of questions at the beginning, the installation itself is trivial and automatic on supported hardware.
I've been using x86 Solaris as my main desktop system for a number of years now in preference to both Windows and Linux (though I'm writing this on a RH8 box) and it does everything that I need day to day.
Voting isn't supposed to be totally anonymous else where would be no need for electoral roles. There must always be a means to detect multiple votes or votes cast by people assuming other peoples identity.
In addition, it must be possible to match each vote to a voter should there be a legal challenge to the voting procedure.
Voting must be private and confidential but is rarely anonymous.
Even if you can get the technology to the point where false positives occur less than 1% of the time airports etc will be made unusable because there will be more candidates for a intensive search and id check than can be dealt with in a day.
But the real killer will be the problem of persistant false positives. How many times will someone who looks a bit like a known terrorist have to be taken out of queue and subjected to intensive questioning and searches before the lawyers and courts get involved?
You have to question exactly why it seems to be impossible to build a box that can accurately record keypresses - 'cus that's what we are taking about. It doesn't have to count or tabulate or generate reports; all it has to do is accurately record votes for a few thousand people.
And what is so difficult with printing a dated slip of paper containing the vote and a validation checksum proving the paper was printed at a given time on a particular machine and a specific vote or list of votes were recorded for that voter?
having actually just read the patent it would appear to be useless as it describes a means of avoiding a rather poor spam detection mechanism which I've never actually seen deployed.
Modern spam detection which uses statistical methods applied to the spam content would be unaffected by the techniques described in the patent.
In the UK one production company who's prime time soap has been cancelled are looking at the possibility of continuing production and selling the program on DVD directly to the public.
Most spam source is spoofed in some manner, but equally most spam has a real URL or email address for the gulible to contact the spammer.
If you are going to block anybody, block the ISPs that host the web sites and email reply addresses for the spammers - AND LET EVERYBODY KNOW in any error messages you issue. Blocking the real or apparent source of the spam itself is ineffective in the long run.
Bugs are important because they allow UNTESTED paths through the code. In themselves they are not a important source of insecurity; but the bug may allow a program path far away from the bug to be accessed which can be a security problem.
The real source of insecure software is DESIGN. Much software has insecurity designed in. Regretably Microsoft thinks that automatically running code provided from a stranger is a feature; the rest of us consider it a huge hole in the castle wall.
wouldn't it be a better idea to actually go out and _catch_ some terrorists instead of pissing away time and money chasing easy and irrelevant targets?
Slashdot Mirror
In theory the "many eyes" that can see open source will detect security problems. In practise it doesn't happen that way. The reason that open source code is more secure than closed source is that the designers and authors care more about their code as they KNOW it will be made public and they value their public reputation -- it's the same as a John Grisham making sure there are no speling errers in his books. Additionally in the Linux world they don't have to make security compromises suggested by some marketting department droid.
When security is designed in from the beginning it's far harder for a trivial hack to open up a computer to the world.
While Real complains about the problems they have with a MS monopoly, they don't then take the obvious step and properly support alternative platforms.
But then, they don't really support Windows either. I have to run RealPlayer 7 on my old Win98 laptop because none of the subsequent releases work properly (they all need a minimum of 128M of memory.)
If Real, really want to succeed, open up the codecs and allow us to help them compete.
Have Intel invented the WinWiFi?
Didn't anybody learn from the WinPrinter and WinModem farces?
what happens when the note design changes?
the judge specifically asked Kevin if there would be sufficient time to produce the required docs because there would be no difficulty in waiting till later in the month.
Now, when a judge is being nice and in return is treated without respect, the judge may just decide that it's time to crack a few heads.
when SCO, sorry CoS, were spamming ARS a couple of years ago it was possible to kill 99% of the spam just by computing the average word length in the spam. Ordinary humans generated messages with an average word length of 4.5 letters, CoS random word spam had an average word length of 5.5 letters.
I was surprised that such a simple test worked so well.
One day I must re-implement the test for email spam and see if it works as well.
SCO would be after about $7 million not $1000.
At that price Google would probably tell SCO to fsck off until they could show clear proof of ownership.
anyone else noticed that the entire campaign to get new laws to aid their "war" against their customers will result in the STATE paying to investigate and prosecute copyright violations rather than the copyright owner?
While taking the fingerprint may only need 15s, checking the print against a database of 200, 500 million prints will take much longer and will produce many false positives that have to be investigated.
You change the protocol.
This scheme is not a plugin replacement for existing [e]smtp.
the questions in the business survey are very poor and often cannot be related to real-world linux installations.
One question asks about linux clusters and offers a selection of maximum "nodes" which stops at eight?!
The problem seems to be that the questions are designed to gather a "checklist" of features that when added to windows would make it a viable alternative to linux. As the Irishman would say when asked for directions to the next town, "If I were you, I wouldn't start from here."
sadly the reviewer had boot problems.
x86 Solaris WILL live happily with Windows and Linux and a multi-boot system is trivially possible so long as you take some care. The most obvious gotya! is the Sun disk partition id is the same as the Linux swap partition id.
x86 does NOT insist on using an entire disk. It will happily install into a suitable partition pre-created with the Sun disk partition id. During the install pseudo-partitions will be created as needed within the actual partition.
I've had triple-boot systems with Win98, Redhat Linux and Solaris all installed on the same drive.
The reviewer also had network problems. With NICs on the HCL list and many work-a-likes there should be no problems at all.
You do need to understand what you are doing when installing Solaris, and it helps to understand the network configuration it will be plugged into before you start.
On the other hand, after answering a handful of questions at the beginning, the installation itself is trivial and automatic on supported hardware.
I've been using x86 Solaris as my main desktop system for a number of years now in preference to both Windows and Linux (though I'm writing this on a RH8 box) and it does everything that I need day to day.
the error rate is higher than the detection rate in these systems.
Just wait for someone to be falsely accused and take the matter to court.
Voting isn't supposed to be totally anonymous else where would be no need for electoral roles. There must always be a means to detect multiple votes or votes cast by people assuming other peoples identity.
In addition, it must be possible to match each vote to a voter should there be a legal challenge to the voting procedure.
Voting must be private and confidential but is rarely anonymous.
Even if you can get the technology to the point where false positives occur less than 1% of the time
airports etc will be made unusable because there will be more candidates for a intensive search and id check than can be dealt with in a day.
But the real killer will be the problem of persistant false positives. How many times will someone who looks a bit like a known terrorist have to be taken out of queue and subjected to intensive questioning and searches before the lawyers and courts get involved?
You have to question exactly why it seems to be impossible to build a box that can accurately record keypresses - 'cus that's what we are taking about. It doesn't have to count or tabulate or generate reports; all it has to do is accurately record votes for a few thousand people.
And what is so difficult with printing a dated slip of paper containing the vote and a validation checksum proving the paper was printed at a given time on a particular machine and a specific vote or list of votes were recorded for that voter?
Those with a support contract get the new release for free.
The x86 release is available for $20 or so.
having actually just read the patent it would appear to be useless as it describes a means of avoiding a rather poor spam detection mechanism which I've never actually seen deployed.
Modern spam detection which uses statistical methods applied to the spam content would be unaffected by the techniques described in the patent.
In the UK one production company who's prime time soap has been cancelled are looking at the possibility of continuing production and selling the program on DVD directly to the public.
Most spam source is spoofed in some manner, but equally most spam has a real URL or email address for the gulible to contact the spammer.
If you are going to block anybody, block the ISPs that host the web sites and email reply addresses for the spammers - AND LET EVERYBODY KNOW in any error messages you issue. Blocking the real or apparent source of the spam itself is ineffective in the long run.
Always knew that wysiwyg was a stupid people trap.
Bugs are important because they allow UNTESTED paths through the code. In themselves they are not a important source of insecurity; but the bug may allow a program path far away from the bug to be accessed which can be a security problem.
The real source of insecure software is DESIGN. Much software has insecurity designed in. Regretably Microsoft thinks that automatically running code provided from a stranger is a feature; the rest of us consider it a huge hole in the castle wall.
Insecure by design.
don't they come with xscreensaver?
SCO is suing over _contract_ matters.
The IP stuff is purely media FUD planted by SCO.
The trouble is, to win a trade secret case one must have a trade secret to lose and tell the court what the trade secret was...
wouldn't it be a better idea to actually go out and _catch_ some terrorists instead of pissing away time and money chasing easy and irrelevant targets?