Open source is better than closed source for security code but it is not a silver bullet. The idea is that you want to have as many objective and capable coders able to examine the security code. That way, weaknesses in the code or shady things like back-doors are likely to be spotted and publicized. Closed source creates a significant obstacle against that examination. Open source does not create the obstacle but even without obstacle to examination you have no guarantee that objective and capable coders will actually examine the code.
Use that trick carefully. I'd hate do play that trick on someone and have them find out later that they just got something they could have easily downloaded themselves and that was free to begin with. I know if I were the person being tricked and I found out, the trickster would quickly find himself labeled a liar. I can't stand liars even if they think they are acting in my interest.
No, Average's steps are quite correct. I've seen some OEM installs that require activation and some that don't. You just can't assume.
As for having "all the drivers slipstreamed". Maybe that works for you because you buy the entirety of your hardware as a package. Most people do not. I have 6 pieces of hardware that I did not buy with my laptop. If I want the manufacturer's drivers and software for all of those, I need to install software from a different CD for each. I'm talking about a printer, a scanner, a wireless mouse, a keyboard (with more functionality than run-of-the-mill keyboards), an external monitor (with integrated webcam) and an mp3 player. Without the manufacturer's software all of these would be usable in a minimal fashion but I can't take full advantage of their functionality without additionally installing all of those drivers.
If you're really installing windows a lot you'd also have a rollup CD, so just 1 reboot.
And if I had wings, I could fly. Most people at home don't have a rollup CD. Since apparently we all should have a rollup CD, can you tell us how we can make one... because I presume that's something you have to make for your own setup.
MyDixieWrecked, you present a reasonable picture of what Gentoo is good at. Thank you for that. The problem is that too many Gentoo advocates out there are asses about the choice they made. Here's an all too frequent scenario. You're discussing a problem in Ubuntu or Fedora, trying to help someone get the system running correctly. Then, a Gentoo advocate comes by, screams "Ubuntu (or Fedora) is teh suxx0rs! Gentoo, FTW" and then tries to convince every one and their pets with juvenile arguments that Gentoo is the best distribution out there, irrespective of what the end user's needs may be. (Yeah, I'll put my mother on Gentoo.)
Most likely, such Gentoo advocates form a minority of Gentoo users but they form a vocal minority. The problem with such vocal minorities is that they often are so vocal that people start thinking that these minorities represent the view of the majority. I think a fair amount of the "hate people have for gentoo" comes from interaction with those jackasses.
Someone might ask what about Fedora users acting like jackasses or Ubuntu users, or Slackware users. Well, those exist too but somehow Gentoo jackasses seem more frequent to me.
Yath is right. This looks like a fox hunting prey. Foxes hunting in snow-covered areas listen to the sound of rodents foraging under the snow cover. When they locate a prey, they pounce through the snow cover to get their meal. I don't see how the fox is doing anything wrong.
Maybe the poster parody is meant to be self-referential: the poster maker is "still doing it wrong" (he selected a picture that does not illustrate his message) but gets "10 points for effort"?
I have not visited a public library for several years but I've gone to my university's library several times during the past year. The reason is that I have to refer to highly specialized books, some of then in Sanskrit and Classical Chinese. They are either totally unavailable to buy or are quite expensive ($250 for a book!) so I have to go to the library to get them.
Whenever I'll be able to look back on the past year and realize that I did not have to go to the library to get my research done, that will be a time to celebrate. Physically bringing myself to the library's stacks to get a book gives me nothing over electronic distribution.
Hmm... oh wait! Paper books have no DRM. So let me amend: physically bringing myself to the library's stacks to get a book gives me nothing over DRM-free electronic distribution.
And it's completely unnecessary because there are very good encryption utilities in existence and it's very trivial to set up a system that is a thousand times more secure than Hushmail. How about Debian + KMail + GnuPG? You don't trust Debian enough, because it's a binary distro and who knows what they secretly put in there? Use Gentoo.
Are you going to walk through the source code of your Gentoo applications? Oh, and you can't just limit yourself to walking through KMail and GnuPG because a keylogger could be sitting in the kernel, a kernel module, X or somewhere else. The fact of the matter is that there must be trust as some point and no matter what you do, you can get bitten. Even with Gentoo. The way I see it, the reasonable level of security is attained when a distribution requires all of its packages to be signed by using a private key system that has been deemed secure by the security community *and* uses this information to produce a set of binary packages that can be traced to their source (not only who built those binaries but the actual source code used). If that is done, then it does not matter whether the distribution is binary or source. In either case, you have traceability in the system.
The problem is not source vs binary but whether or not the distribution you use has implemented secure channels of production. And even with that, there's still no guarantee. If someone compromises the servers hosting the distribution or if private keys are stolen, all bets are off.
Games these days are multimillion dollar affairs. And that's even before the movie is released. There is so much money at stake that no sane person would ever risk making a game without a market study and focus groups. Large projects demand it.
And that's the problem - innovation gets lost in that process. Put another way, innovation isn't safe.
Innovation is not a panacea. Some innovative moves can be disastrous. Isn't Lair supposed to be innovative but ended up being an unplayable game?
Back In The Day(tm), it was just a couple of guys sitting around thinking up wacky ideas. Sometimes they stuck, and sometimes they didn't. If it failed, who cares? It's just a half a dozen guys that are already on the payroll. But if it worked, you could get innovation - and that made the difference. That's why guys my age sit around playing MAME and not giving a crap about Madden 07. How different could is possibly be from Madden 06?
Nolan is a product of the Golden Age. That's why he's disappointed with today's games. Innovation was the thing back then. A half a dozen mad mavericks could easily turn the world upside down with a really great idea.
I don't play MAME and I don't give a crap about Madden. I also don't think great games are more from this or that period of gaming history. In other words, at all points of gaming history new great games are being produced. The "golden age" is a fiction. It is a fabrication of our selective memory. What we forget when we talk of "golden ages" is all the crap that was produced at the same time the great games were produced.
Darn right that college bookstores are overpricing their books.
Now they want to prevent people from doing comparison shopping?? Here is how I think it will go down.
All students know that college bookstores overprice their books. Because of this, the majority of students consider the college bookstore to be a last recourse if they can't get their books elsewhere for cheaper. Therefore, a student who is in the college bookstore noting down prices is someone who most likely has pretty much already written off the college bookstore as a source of cheap books *but* is thinking that it is *possible* that a book in the bookstore could be as cheap or cheaper than online. (Yes, I've been able to buy *some* books from my college bookstore for cheaper or at least same price as I would have if I had gone online.) So that person is a potential customer.
Ok, so now they want to prevent this potential customer from comparing prices, right? They are going to accuse him of stealing the food right out of their babies' mouth, right? What is the likely outcome of this? I think this potential customer just won't bother even checking the prices at the college bookstore. He knows he's going to be harassed if he tries to do comparison shopping. He also knows the chances to get a better deal from the college bookstore is slim. So why bother? He'll just go into other stores or most likely order online and skip the effort of checking the prices at the college bookstore. In effect, the only thing the bookstore will have achieved is to piss off potential customers.
Good point. A solution that the city might be interested in would be if Apple designed their own line of "iPark" parking meters to look better than the current ones but preserve the function that parking meters provide.
The city might still refuse if the conditions set by Apple are not right or if they determine that opening up the door to that kind of deal will result in something unmanageable. For one thing, there should be a real premium for any company who would want to customize urban elements that are the responsibility of the city. That kind of customization should not only cover the *entire* costs involved in customizing the site but also result in *additional* profit for the city since it is a form of advertisement for the company. (It matters little that the advertisement is just in front of the store.)
What Apple offered the city of Montreal as compensation is (as several people pointed out in this forum) not even covering the cost of removing the meters so obviously that was unacceptable to the city. At any rate, what I suggest above would certainly be better than Apple's current crappy offer.
run programs, equipment, or servers from the Premises that provide network content or any other services to anyone outside of your Premises LAN (Local Area Network), also commonly referred to as public services or servers. Examples of prohibited services and servers include, but are not limited to, e-mail, Web hosting, file sharing, and proxy services and servers;
Again an undefined term: "network content". Before you accuse me of asking that Comcast provide a dictionary, that's not what I'm looking for but in any contract key terms must be defined. The problem is that terms like "service" and "server" and "network content" are vague in the extreme and require more precision than what Comcast provides. That line quoted above does not do that job. What Comcast provides is not a definition, it is a pseudo-definition. It looks like a definition but when applied it does not allow to clearly distinguish between valid usages of the service and abuses.
Going by that pseudo-definition, if I send an email I'm providing "network content" (they don't define this term so I'm guessing that emails are network content because of the second sentence above) to someone "outside of my Premises LAN". If that does not convince you then maybe the next example will. If I run an instant messaging software that allows my customers to reach me for support, then I'm running a server too because I'm providing a "service" to someone "outside of my Premise LAN". Same thing if it is my wife who just wants to chat with me. But it seems to me that that's an entirely different matter than someone hosting a TB of movies for download. The problem is that this pseudo-definition does not distinguish those cases. Comcast is purposely keeping things vague because that allows them to badger their customers into submission more easily.
Switching to a metered system would allow them to have a precise notion of what overusing the service means.
Your argument depends on how you define "server". I do not consider the mere fact of sharing a torrent to make my machine a "server". AFAIK, neither Comcast nor anyone else has said that whey mean by "server". Until they define what they mean, all arguments that rely on the notion of "server" are specious.
So, pants down, how mand licenses of what level have been sold?
"Pants down" indeed! Isn't it always "pants down" with Microsoft? Can you imagine an MS-branded nurse with latex gloves going "Now, pants down, sir! Time to insert the license!"
Re:How about a more rational debate, Linus?
on
Linus on GIT and SCM
·
· Score: 1
Amen to that!
There is no one-size-fit-all solution to SCM. There are two methods I use for my own needs: RCS and svn. Yes, RCS does make sense sometimes. For instance, I use it for all the LaTeX source of the papers I write. I can't imagine using CVS, svn or anything more fancy-schmancy for that task. I use svn for more my source code for my software projects and for keeping system configuration files (stuff in/etc) under some sort of control. For the latter case especially, a DSCM would make no sense.
One thing that people need to consider is that more freedom in an SCM system means more complexity and more ways to shoot yourself in the foot. That is to say, there's a point at which adding capabilities and facilities to do things that sound great in theory end up in practice being hurtful. Even in relatively feature-poor systems like CVS, I've seen situations in which changes had been made in such a way that caused serious problems months down the road. And I'm not talking about people being stupid or not knowing what they heck they're doing.
Please please please vote with your dollars (it's the only vote you have that counts in this country). Even if that means not buying another video card. You're only supporting crap buy purchasing ATI.
I'm about to buy a new laptop. I'm going to make quite sure it does not have an ATI graphic subsystem. My current Dell laptop does and it's been nothing but trouble trying to get 3D working (works but is unstable), or the TV out (have to go through hoops) and other stuff....
The one section of TFA that seems to state what the actual problem is goes:
Retail theft of entertainment products, including video games, accounts for as much as $400 million in annual losses, according to the Entertainment Merchants Association.
We get no details about how they arrive at this figure but I'm willing to bet that it is inflated because it serves their purposes. A quick look at their web site and especially this page shows that they are quite adept at pulling numbers out of their asses.
Now I'm not saying there is no retail theft but I'm thinking this is not the biggest problem they have to face. They should be concentrating on providing their materials, unencumbered by DRM and at decent prices on the darn Internet instead of trying to protect a dying model. The only thing they will accomplish with that newfangled device is introduce yet another possibility of failure in the delivery chain. The new system will fail, people will get home with DVDs that won't play and will be pissed. This, in turn will drive down the sales of DVDs. So in the end, they will just alienate their customers.
And there's a price to implement this high-tech watchdog which undoubtedly they'll try to pass on to the customer. Again, the customer loses.
Hmm... wait! Maybe we should encourage them to implement this shoddy idea. They'll completely destroy the brick-and-mortar retail business and then will be forced to finally look beyond the old model of moving shiny discs from the manufacturing plant to the home of the customer.
At a recent Seattle Ruby Brigade hack night someone asked how many people used the DVORAK keyboard layout. Out of 9 people, 7 used DVORAK and only 2 were using QWERTY. I personally made the switch last Christmas, after 25 years of typing with QWERTY. What do you use? Have you switched to DVORAK? Have you been wanting to make the switch? Has anyone else noticed an increase in adoption of DVORAK lately?
How is this any different than this?
At a recent Seattle Ruby Brigade hack night someone asked how many people switched to the furry lifestyle. Out of 9 people, 7 had made the switch and only 2 were not into that kind of stuff. I personally made the switch last Christmas, after 25 years of boring normalcy. What alternative lifestyle are you into? Have you switched to the furry lifestyle? Have you been wanting to make the switch? Has anyone else noticed an increase in furries lately?
Replace "furry" with any kind of marginal lifestyle choice. Still sounds the same, some guy in an environment of Dvorak fanboys made the switch to Dvorak and now thinks that he's at the forefront of a revolution.
Dvorak being better than Qwerty is a myth. Wake up and smell the coffee!
If a candidate spends any significant effort on campaigning in SL, that candidate is basically saying "I have no sense of priorities but please vote for me!!!"
John Edwards is no such candidate so far.
My comment about John Edwards targeting furries was jab at SL.
Judging by what I understand Second Life to be, I have to conclude that John Edwards is targeting furries.
But seriously... it seems to me that any candidate spending any significant effort on campaigning in SL is basically saying "I have no sense of priorities but please vote for me!!!"
So you could write scripts that allowed entirely different applications to communicate with each other for any imaginable purpose.
Taken literally that statement is true. You can certainly write a script to use a word processing software and a calculator application to levitate your house (this goal is one instance of the set "any imaginable purpose"), for instance. Most likely, that won't work.
But if we bring the scope down to "for solving emergent problems that the applications cannot solve in isolation", then how is this any different than writing a script to control gimp and oowriter on Linux?
Slashdot Mirror
Open source is better than closed source for security code but it is not a silver bullet. The idea is that you want to have as many objective and capable coders able to examine the security code. That way, weaknesses in the code or shady things like back-doors are likely to be spotted and publicized. Closed source creates a significant obstacle against that examination. Open source does not create the obstacle but even without obstacle to examination you have no guarantee that objective and capable coders will actually examine the code.
Hmm... after that you are inducing bit rot.
Use that trick carefully. I'd hate do play that trick on someone and have them find out later that they just got something they could have easily downloaded themselves and that was free to begin with. I know if I were the person being tricked and I found out, the trickster would quickly find himself labeled a liar. I can't stand liars even if they think they are acting in my interest.
MyDixieWrecked, you present a reasonable picture of what Gentoo is good at. Thank you for that. The problem is that too many Gentoo advocates out there are asses about the choice they made. Here's an all too frequent scenario. You're discussing a problem in Ubuntu or Fedora, trying to help someone get the system running correctly. Then, a Gentoo advocate comes by, screams "Ubuntu (or Fedora) is teh suxx0rs! Gentoo, FTW" and then tries to convince every one and their pets with juvenile arguments that Gentoo is the best distribution out there, irrespective of what the end user's needs may be. (Yeah, I'll put my mother on Gentoo.)
Most likely, such Gentoo advocates form a minority of Gentoo users but they form a vocal minority. The problem with such vocal minorities is that they often are so vocal that people start thinking that these minorities represent the view of the majority. I think a fair amount of the "hate people have for gentoo" comes from interaction with those jackasses.
Someone might ask what about Fedora users acting like jackasses or Ubuntu users, or Slackware users. Well, those exist too but somehow Gentoo jackasses seem more frequent to me.
Yath is right. This looks like a fox hunting prey. Foxes hunting in snow-covered areas listen to the sound of rodents foraging under the snow cover. When they locate a prey, they pounce through the snow cover to get their meal. I don't see how the fox is doing anything wrong.
Maybe the poster parody is meant to be self-referential: the poster maker is "still doing it wrong" (he selected a picture that does not illustrate his message) but gets "10 points for effort"?
I have not visited a public library for several years but I've gone to my university's library several times during the past year. The reason is that I have to refer to highly specialized books, some of then in Sanskrit and Classical Chinese. They are either totally unavailable to buy or are quite expensive ($250 for a book!) so I have to go to the library to get them.
Whenever I'll be able to look back on the past year and realize that I did not have to go to the library to get my research done, that will be a time to celebrate. Physically bringing myself to the library's stacks to get a book gives me nothing over electronic distribution.
Hmm... oh wait! Paper books have no DRM. So let me amend: physically bringing myself to the library's stacks to get a book gives me nothing over DRM-free electronic distribution.
That's precisely why I'm buying a Cowon.
Are you going to walk through the source code of your Gentoo applications? Oh, and you can't just limit yourself to walking through KMail and GnuPG because a keylogger could be sitting in the kernel, a kernel module, X or somewhere else. The fact of the matter is that there must be trust as some point and no matter what you do, you can get bitten. Even with Gentoo. The way I see it, the reasonable level of security is attained when a distribution requires all of its packages to be signed by using a private key system that has been deemed secure by the security community *and* uses this information to produce a set of binary packages that can be traced to their source (not only who built those binaries but the actual source code used). If that is done, then it does not matter whether the distribution is binary or source. In either case, you have traceability in the system.
The problem is not source vs binary but whether or not the distribution you use has implemented secure channels of production. And even with that, there's still no guarantee. If someone compromises the servers hosting the distribution or if private keys are stolen, all bets are off.
Thanks, I was going to point this out. Slashdot editors need to keep their terminology straight.
Darn right that college bookstores are overpricing their books.
Now they want to prevent people from doing comparison shopping?? Here is how I think it will go down.
All students know that college bookstores overprice their books. Because of this, the majority of students consider the college bookstore to be a last recourse if they can't get their books elsewhere for cheaper. Therefore, a student who is in the college bookstore noting down prices is someone who most likely has pretty much already written off the college bookstore as a source of cheap books *but* is thinking that it is *possible* that a book in the bookstore could be as cheap or cheaper than online. (Yes, I've been able to buy *some* books from my college bookstore for cheaper or at least same price as I would have if I had gone online.) So that person is a potential customer.
Ok, so now they want to prevent this potential customer from comparing prices, right? They are going to accuse him of stealing the food right out of their babies' mouth, right? What is the likely outcome of this? I think this potential customer just won't bother even checking the prices at the college bookstore. He knows he's going to be harassed if he tries to do comparison shopping. He also knows the chances to get a better deal from the college bookstore is slim. So why bother? He'll just go into other stores or most likely order online and skip the effort of checking the prices at the college bookstore. In effect, the only thing the bookstore will have achieved is to piss off potential customers.
One more step towards irrelevance.
Good point. A solution that the city might be interested in would be if Apple designed their own line of "iPark" parking meters to look better than the current ones but preserve the function that parking meters provide.
The city might still refuse if the conditions set by Apple are not right or if they determine that opening up the door to that kind of deal will result in something unmanageable. For one thing, there should be a real premium for any company who would want to customize urban elements that are the responsibility of the city. That kind of customization should not only cover the *entire* costs involved in customizing the site but also result in *additional* profit for the city since it is a form of advertisement for the company. (It matters little that the advertisement is just in front of the store.)
What Apple offered the city of Montreal as compensation is (as several people pointed out in this forum) not even covering the cost of removing the meters so obviously that was unacceptable to the city. At any rate, what I suggest above would certainly be better than Apple's current crappy offer.
Again an undefined term: "network content". Before you accuse me of asking that Comcast provide a dictionary, that's not what I'm looking for but in any contract key terms must be defined. The problem is that terms like "service" and "server" and "network content" are vague in the extreme and require more precision than what Comcast provides. That line quoted above does not do that job. What Comcast provides is not a definition, it is a pseudo-definition. It looks like a definition but when applied it does not allow to clearly distinguish between valid usages of the service and abuses.
Going by that pseudo-definition, if I send an email I'm providing "network content" (they don't define this term so I'm guessing that emails are network content because of the second sentence above) to someone "outside of my Premises LAN". If that does not convince you then maybe the next example will. If I run an instant messaging software that allows my customers to reach me for support, then I'm running a server too because I'm providing a "service" to someone "outside of my Premise LAN". Same thing if it is my wife who just wants to chat with me. But it seems to me that that's an entirely different matter than someone hosting a TB of movies for download. The problem is that this pseudo-definition does not distinguish those cases. Comcast is purposely keeping things vague because that allows them to badger their customers into submission more easily.
Switching to a metered system would allow them to have a precise notion of what overusing the service means.
Your argument depends on how you define "server". I do not consider the mere fact of sharing a torrent to make my machine a "server". AFAIK, neither Comcast nor anyone else has said that whey mean by "server". Until they define what they mean, all arguments that rely on the notion of "server" are specious.
Amen to that! There is no one-size-fit-all solution to SCM. There are two methods I use for my own needs: RCS and svn. Yes, RCS does make sense sometimes. For instance, I use it for all the LaTeX source of the papers I write. I can't imagine using CVS, svn or anything more fancy-schmancy for that task. I use svn for more my source code for my software projects and for keeping system configuration files (stuff in /etc) under some sort of control. For the latter case especially, a DSCM would make no sense.
One thing that people need to consider is that more freedom in an SCM system means more complexity and more ways to shoot yourself in the foot. That is to say, there's a point at which adding capabilities and facilities to do things that sound great in theory end up in practice being hurtful. Even in relatively feature-poor systems like CVS, I've seen situations in which changes had been made in such a way that caused serious problems months down the road. And I'm not talking about people being stupid or not knowing what they heck they're doing.
Wow, the way you wrote your title proves your point.
I'm about to buy a new laptop. I'm going to make quite sure it does not have an ATI graphic subsystem. My current Dell laptop does and it's been nothing but trouble trying to get 3D working (works but is unstable), or the TV out (have to go through hoops) and other stuff....
The one section of TFA that seems to state what the actual problem is goes:
We get no details about how they arrive at this figure but I'm willing to bet that it is inflated because it serves their purposes. A quick look at their web site and especially this page shows that they are quite adept at pulling numbers out of their asses.
Now I'm not saying there is no retail theft but I'm thinking this is not the biggest problem they have to face. They should be concentrating on providing their materials, unencumbered by DRM and at decent prices on the darn Internet instead of trying to protect a dying model. The only thing they will accomplish with that newfangled device is introduce yet another possibility of failure in the delivery chain. The new system will fail, people will get home with DVDs that won't play and will be pissed. This, in turn will drive down the sales of DVDs. So in the end, they will just alienate their customers.
And there's a price to implement this high-tech watchdog which undoubtedly they'll try to pass on to the customer. Again, the customer loses.
Hmm... wait! Maybe we should encourage them to implement this shoddy idea. They'll completely destroy the brick-and-mortar retail business and then will be forced to finally look beyond the old model of moving shiny discs from the manufacturing plant to the home of the customer.
Right. Let me rephrase this.
If a candidate spends any significant effort on campaigning in SL, that candidate is basically saying "I have no sense of priorities but please vote for me!!!"
John Edwards is no such candidate so far.
My comment about John Edwards targeting furries was jab at SL.
Judging by what I understand Second Life to be, I have to conclude that John Edwards is targeting furries. But seriously... it seems to me that any candidate spending any significant effort on campaigning in SL is basically saying "I have no sense of priorities but please vote for me!!!"
Taken literally that statement is true. You can certainly write a script to use a word processing software and a calculator application to levitate your house (this goal is one instance of the set "any imaginable purpose"), for instance. Most likely, that won't work.
But if we bring the scope down to "for solving emergent problems that the applications cannot solve in isolation", then how is this any different than writing a script to control gimp and oowriter on Linux?