Firstly, the author was not saying that open source is a form of terrorism. What he was saying is that the rapid and open communication model used by open source is much more efficient than the closed encrypted compartmented model used by the U.S. Military Industrial Complex: Terrorists communicate on open websites in near realtime while the military communicates through channels with huge delays. A single terrorist can read the terrorist literature from anywhere and change tactics appropriately. A single U.S. soldier neither has access to the up-to-the-second information on new tactics nor the authority to act upon it.
In terms of acquisition, a terrorist can cobble together any sort of armament with any materials available and if it doesn't work, they try again very rapidly. A single U.S. soldier must generally wait for new specially designed equipment to come from the U.S. to combat a given problem. This can take months when lucky and years when not lucky. While the new special equipment likely works very well, the need may have gone away by the time it is delivered. It's not the danger of consumer devices the author was pointing out; it the fact that the enemy has simple cheap and brutally effective weapons based on consumer devices where we have nothing that is either that cheap or nearly as cost effective for the battle at hand. The point about the PS3 was not that the bad guys have PS3 based missiles it's the fact that say a blackberry's processor is just as capable of running a cruise missile as a 1 million dollar circuit card on a cruise missile. That's not to say that the terrorists have the software, it only points up the fact that we ought to question why it takes the U.S. a million dollar control board to do the same thing you could do with a PS3.
What I think the author was trying to say is that we should have the Industrial portion of the Military Industrial Complex cranking out cheap equipment from off the shelf parts designed to meet the need at hand rather than designing multi-million, multi-billion, or multi-trillion dollar systems that take months, years, or decades to field. Why send in a $100,000 packbot to look for explosives if you can send in a $1000 wheeled vehicle made from R/C car parts. With the availablity of cheap explosives on the part of our adversaries, there is no way we can hope to solve the problem with money when there is a 1:100,000 disparity in the cost to us to take out insurgent weapons.
I work for a company that develops quick off the shelf systems for the U.S. military. One system I worked on along these lines ran linux and consisted of lightly modified PC's combined with other special gear. I think we spent 6 months just performing the environment tests to show that the equipment would survive multiple trips to 40 below zero, explosive decompression of an aircraft around it, salt spray etc. It took over a year to get this expedited product out the door.
While the testing was was justified in the case I worked on, I don't see a reason to worry about antarctic applications of tiny cheap and disposable robots for use in the desert. Even if the lifetimes of a lot of this special purpose equipment are short, I think it would be better to put out more cheap equipment faster. A crate of mostly working robots for examining IED's designed as the 90% solution,ON THE GROUND TODAY (with the soldiers), is worth a lot more that a perfectly tested triple checked crate of indestructible robots delivered after the squad they were supposed to protect has perished.
Uh,
I've tried shipping products with radioshack parts in an emergency. I wouldn't reccomend it to anyone as "RadioShack Bin" is the slang in chip testing for the lowest grade of parts that just barely work.
BMW is a leader in alternative fuels research, especially hydrogen. None of the American car companies pay much more than lipservice to this kind of R&D according to a friend of mine at a national laboratory.
When I was getting my degree at Harvey Mudd College, they managed to get us the opportunity to have lunch with distinguished Physicist Freeman Dyson. Someone asked Dyson a question about blowing up asteroids with nuclear weapons at the session. My recollection of the response was that he said he thought it was a bad idea that would make shrapnel and magnify the problem. Dyson told us that the best solution he could think of was to build a ship to go to the asteroid and then assemble a "mass driver". The mass driver would be a piece of equipment that broke off pieces of the asteroid and hurled them at right angles to the trajectory in an appropriate direction in order to divert the orbit. While Dyson is only one man, I suspect that his opinion on the matter might incorporate more finesse that a bunch of weapons engineers.
I have been doing materials science research on my own dime. One of the interesting phenomena is that virtually all American research and most western European research are tied up in journals that only a university could afford to subscribe to. I cannot pay 20 or a 100 dollars to see an article online which may or may not even be what I need. Some of these journals charge thousands of dollars a year for a subscription. None of the journals are carried by my local university library. It probably would be possible to get many of them via interlibrary loan but it would be very difficult due to the wide variety of articles I need.
The upshot is that eastern European, Indian, and some Chinese researchers publish in journals that are freely available online and in English. As a result, I frequently get information from these sources but almost never from Americans. At least for the specialized field of materials science I've been working on, copyright is the single largest impediment to doing research.
How is it that studies that were paid for by the government and should be property of the public can be locked up in journals that are too expensive to obtain. Perhaps we need to start a campaign of suing the funding agency for each article under the Freedom of Information Act to obtain the article!
Fuel Cells are not Carnot limited because they are not heat engines. Carnot limits apply to engines that compress and decompress a gas using heat. Fuel cells are based on electrochemistry and suffer no such restriction.
I went to Egypt and Kenya on vacation last year. I took a GSM blackberry with me. I had better data service in Kenya watching elephants walk by than I get here in alabama in the US. I was literally walking down the street in Mombasa googling for the e-bay price of various stuff I wanted to buy in the tourist shops: Specifically, Indian made replicas of sextants. It's a strange experience to be admiring the great pyramid in Egypt or a group of giraffes in Africa and then get e-mail from texas about the woes of your software architecture.
I had identical experiences to Mombasa in Nairobi also getting better GSM service than in Egypt. The kenyans have a long way to go but they have been so far behind for so long that they have skipped several generations of technology that we are cursing but can't get rid of because they haven't depreciated to zero yet. Incidentally, in the nicest part of Nairobi, the shopping mall is just like the ones anywhere else with the exception that the shelves seem very slightly less well stocked and the fact that it is guarded by kenyan army personnel with automatic weapons. They also have atm's from 5 different banks, newspapers, movie theaters, fast food, etc.
While I was there in Nairobi, I stopped by the local office of Fisher Scientific since they had their office across the street from my hotel. I saw invoices for a local brewery on the desk there as well as a nice display of lab glassware.
In short, while the Kenyans do not effectively maintain roads, or sidewalks, and they've had to effectively sell the train system to the South Africans (Rode on the train with two guys from Rift Valley Railroads, the SA company that had just taken over the railroads), they do grok technology. While the power grid in Nairobi and Mombasa is a bit flaky and the rural areas have nothing, the kenyans are working towards industrialization. I saw some interesting factories being built on the train ride between Mombasa and Nairobi. I suspect that one could get very rich over there buy starting a factory to do technology because there is a lot of labor available and most of the Kenyans I met seemed to work very hard. My friends from Rift Valley Railways said that the kenyans worked hard when they knew what to do but if there was a lapse of leadership, they'd just come to work every day and sit at their desks doing nothing even if the mission of their department had ceased to exist decades ago.
At any rate, I've gotta get back to signal analysis.
I just got done with an NSA accreditation exercise for a SUSE 10.0 box. SUSE's support for proper logging and auditing was severely lacking and we had to jump through hoops. Why would a sane person invent something like AppArmour when the NSA created SElinux and it does what's required to pass certifications? SuSE has gotten better in 10.1 and 10.2 but I still don't think they've managed to get logging and auditing to work right. Go Redhat. SuSE has a nice desktop and 10.0 had better hardware support for out exotic tabletPC stuff than did the fedora release at the time but we paid for that with pain on the accreditation.
What about the controversy on NPR today about patenting tax avoidance strategies as business methods patents?! This is a practice that strikes me as criminally insane yet there were business defending their "right" to do so. . .
This is old news. We were doing this in military devices since the early nineties. When I worked on some flight computers for a mystery product at a defense contractor, there were all sorts of places where an ASIC had a problem and that they had added a programmable logic device to clean up the problem. In fact, I think the designs left an extra programmable logic device for that purpose. Same as when I worked in semiconductor test equipment. At a vendor of automated chip testers, there were many functions on the system that had to handle unbelievable problems and occasionally a mistake was made in an ASIC. Frequently, a patch was tried to the software to make it work and if it didn't work, the functionality was offloaded to an FPGA where the new improved version of that function could be placed. Of course if the mistake was too bad then a very costly ASIC spin had to occur. . .
Other posters alluded to it but in my experience with my supper club's HDTV's tuned to ESPN HD, the MPEG4 artifacts are so annoying as to make me want to tear my eyeballs out. A basketball game where the lines on the floor don't pixelate every time the camera moves makes me want a plain old TV that may have been interlaced but didn't use god-awful compression. Does anybody else notice this?
If you can run your camera on NiMH batteries, a couple sets of them and a solar battery charger are a great way to have digital pictures even with little or no power grid access.
AFAIK, this comment is based in Moussilini in Italy during the second world war who was notorious for making the trains run on time unlike before the Fascists came to power.
Likely a problem crossing the international dateline. I once heard of a problem (perhaps urban legend) where a plane flipped upside down when it crossed the dateline due to the system making a mistake in computing the direction of up in the eastern hemisphere.
I can commiserate. I started deploying an application on Suse 10.0 rather than Fedora Core 5 because I couldn't get the kernel in Fedora to cooperate with the disk controller on the tabletPC hardware. It worked right out of the box in SuSE 10.0 and that was that last thought I ever had about Fedora.
Recursion is not allowed in safety critical code according to IEC 61508 and Nuclear Regulatory Commission NUREG CR6463. They are afraid of stack overflows and failure of the recursion to terminate.
I have been deploying a semi-embedded system for military use. I already have to maintain special versions of 40 packages from the SUSE 10.0 Distribution to meet various security requirements. Gnome's lack of configuration options for GDM, specifically ways of turning off many fallbacks and modal dialogs that are not appropriate for a kiosk like system are a pain. I finally just modified gdm and rebuilt it to ignore certain conditions like not being able to write the.dmrc config file because the home directory is read only. Also, don't even get me started about getting a GTK application to come up correctly with override redirect WM hints.
There are some parts of gnome that are nice but some of the fallbacks in gdm and the modal dialogs are security risks because they allow the user to get a different interface than the one designed into the product and there is no way to turn them off in the config files.
I can sympathize. A default SuSE linux 10.0 install uses umask 022. The number of places where the umask has to be changed to 027 to meet the NSA's requirements is annoying. Out of the box security is one thing but one would think a big hosting provider would know better.
I'd have to agree on the comments on Evolution. There are some really nice UI features and I'd love to use it but bugs in it make it unusable for me. The bug that killed it for me was a bug in proper handling of LDAP directories which would cause Evolution to deadlock usually after I had written an important e-mail and wanted to add an address. I spent hours poring over the source code and eventually found that one of the components in Evolution tries to message Evolution Server to get the LDAP data and the whole thing hangs. Near as I could tell, the bug related to not handling an error condition somewhere related to the LDAP request: Not that anybody can really tell since the call stack was 30 or 40 levels deep and even with the source, determining who threw the error and why was like looking for a specific molecule of water in the ocean. The devs were relatively responsive and I did get closure on all of the bug reports I submitted. I was never sure the bug was fixed as the devs who fixed related stuff weren't sure either. I had to switch to Thunderbird to be able to reliably send mail to my colleagues so I ultimately stopped caring.
Reading the source code, there are lots of comments suggesting uncertainty as to whether different sections of the code are correct. I can't say I found I liked the IMAP code in there as it's error handling seemed pretty weak. I'd say that Thunderbird is much more stable from the user's perspective and I've never had a problem in it with any of the features in Evolution that made me switch.
I like the evolution UI but I think the backend is broken and that they would be better off to take a working backend from elsewhere and put their front end on it than to continue developing the current code base. Other systems I've experienced with similar architectures are usually broken and a sign that the system needs a simpler architecture.
I remember hearing CNN one weekend day in high school where this happened on the air. The reporter said something to the effect of, "I can see the shells from a battleship raining down to the north. I can hear small arms fire to the west and tank fire to the northeast. .." Just as the words came out, I started telling my mother that the unit who the reporter was with should be taking fire just about now. Sure enough, right after my remark, The reporter said, "Our military Liaison has informed us the we have to get out of the area immediately." End of CNN report. While my quote was perhaps a touch inaccurate being from memory many years ago, it was clear to me, even as a highschool student, that the reporter had given enough information in the original quote to accurately triangulate their position. Moral to the story: Don't run around in a warzone giving precise bearing and range information to everything you can see on international TV. If you do, you will become friends with Mr. Artillery Shell.
I've said it before but we really ought to be looking at the Nevada Gaming comission Rules. These rules describe the level of security that we should demand from the process. They are almost as stringent as the standards for nuclear power plant safety and mining equipment. I'm not blowing smoke: I've got IEC 61508, NUREG CR-6463, and DO-178B on my shelf and I still say, "See Nevada Gaming Commission's Technical Standards For Gaming Devices and On-Line Slot Systems." http://www.gaming.nv.gov/documents/pdf/techstds_04 dec16_adopted.pdf
Gaming is oddly very similar to voting and unlike Cyber, these folks have done their homework.
In that voting is basically a statistical game of chance between two candidates, we ought to be studying gambling machine standards to see the level of security to which voting machines need to be raised. They may call Los Vegas Sin City, but those Nevadans may have written the document that saves our country. Since there is more money made in Vegas yearly (daily?) than is spent in a U.S. national political campaign, voting machines ought to be held to the same standards as the Nevada Gaming Commission's Technical Standards For Gaming Devices and On-Line Slot Systems http://www.gaming.nv.gov/documents/pdf/techstds_04 dec16_adopted.pdf
I sincerely doubt any of the voting systems I have heard about come even close! If there is a way to change the program in the machine in the field, a voting machine has already failed this test. They also require the system to detect and record the last 10 changes to its configuration, absorb an ungodly amount of static electricity without malfunctioning and require all unused ROM to be zeroed. . .
A run of the mill slot machine is likely infinitely more secure than a Diebold voting machine and probably a lot more secure than most voting machines.
First off, I'm not a programmer nor do I have a CS degree. I have a degree in general engineering. My classmates and I were taught that the difference between training and an education is training teaches you how to solve previously framed problems while education teaches you how to solve problems that aren't well defined.
Since you undoubtedly have received an education, there are two components to solving your problem:
Decide what you want to do
Figure out what you need to accomplish it.
A quote from my chemical engineering professor was: Let's convert that to Pound Mols per degree Rankine: that'll make it easier. Despite taking classes that taught me such useful lessons, I was able to reverse engineer an entire Concurrent (CCC) UNIX filesystem and write a program that could read it on an incompatible version of Solaris. It wasn't the fact that I know what a pound Mol or a degree Rankine is that made me educated, it was the fact that I was willing to pick up Lion's Commentary On UNIX 6th EDITION With Source Code (ISBN 1-57398-013-7) and figure out how the antique file system worked.
It is very seldom in your Career that you will know how to do what you want to do. The difference between success and failure is the willingness to figure out how to solve the problem in front of you regardless of whether it was in your knowledge area or not. One time for example, I found I needed a way to extract audio clips embedded in JPEG files from an old digital camera to make a web site of my cross country bicycling trip. I found the EXIF specification on the internet and wrote a lousy but functional program to extract the data.
In short, you were given a box of tools when you left college. Some of the tools in there are great, some are about as useful as an adz in modern construction. Your job isn't to take the tools in the box and go forth into the world: your job is to use the tools you have all the while filling the box with better tools at every opportunity. The box will never be full but as long as you keep filling it, you will always be on the road towards solving the problems you want to solve.
Slashdot Mirror
Somewhat thicker sapphire vehicle window armor (the same material) was shown to resist four 7.62mm rounds with no penetration two months ago. This was in the magazine Advanced Materials and Processes, a magazine of ASM, the Materials Information Society!!! see abstract at http://asmcommunity.asminternational.org/portal/site/ASM/AsmStore/ProductDetails/?vgnextoid=0271ad467ab86110VgnVCM100000621e010aRCRD
Firstly, the author was not saying that open source is a form of terrorism. What he was saying is that the rapid and open communication model used by open source is much more efficient than the closed encrypted compartmented model used by the U.S. Military Industrial Complex: Terrorists communicate on open websites in near realtime while the military communicates through channels with huge delays. A single terrorist can read the terrorist literature from anywhere and change tactics appropriately. A single U.S. soldier neither has access to the up-to-the-second information on new tactics nor the authority to act upon it.
In terms of acquisition, a terrorist can cobble together any sort of armament with any materials available and if it doesn't work, they try again very rapidly. A single U.S. soldier must generally wait for new specially designed equipment to come from the U.S. to combat a given problem. This can take months when lucky and years when not lucky. While the new special equipment likely works very well, the need may have gone away by the time it is delivered. It's not the danger of consumer devices the author was pointing out; it the fact that the enemy has simple cheap and brutally effective weapons based on consumer devices where we have nothing that is either that cheap or nearly as cost effective for the battle at hand. The point about the PS3 was not that the bad guys have PS3 based missiles it's the fact that say a blackberry's processor is just as capable of running a cruise missile as a 1 million dollar circuit card on a cruise missile. That's not to say that the terrorists have the software, it only points up the fact that we ought to question why it takes the U.S. a million dollar control board to do the same thing you could do with a PS3.
What I think the author was trying to say is that we should have the Industrial portion of the Military Industrial Complex cranking out cheap equipment from off the shelf parts designed to meet the need at hand rather than designing multi-million, multi-billion, or multi-trillion dollar systems that take months, years, or decades to field. Why send in a $100,000 packbot to look for explosives if you can send in a $1000 wheeled vehicle made from R/C car parts. With the availablity of cheap explosives on the part of our adversaries, there is no way we can hope to solve the problem with money when there is a 1:100,000 disparity in the cost to us to take out insurgent weapons.
I work for a company that develops quick off the shelf systems for the U.S. military. One system I worked on along these lines ran linux and consisted of lightly modified PC's combined with other special gear. I think we spent 6 months just performing the environment tests to show that the equipment would survive multiple trips to 40 below zero, explosive decompression of an aircraft around it, salt spray etc. It took over a year to get this expedited product out the door.
While the testing was was justified in the case I worked on, I don't see a reason to worry about antarctic applications of tiny cheap and disposable robots for use in the desert. Even if the lifetimes of a lot of this special purpose equipment are short, I think it would be better to put out more cheap equipment faster. A crate of mostly working robots for examining IED's designed as the 90% solution,ON THE GROUND TODAY (with the soldiers), is worth a lot more that a perfectly tested triple checked crate of indestructible robots delivered after the squad they were supposed to protect has perished.
Uh, I've tried shipping products with radioshack parts in an emergency. I wouldn't reccomend it to anyone as "RadioShack Bin" is the slang in chip testing for the lowest grade of parts that just barely work.
BMW is a leader in alternative fuels research, especially hydrogen. None of the American car companies pay much more than lipservice to this kind of R&D according to a friend of mine at a national laboratory.
When I was getting my degree at Harvey Mudd College, they managed to get us the opportunity to have lunch with distinguished Physicist Freeman Dyson. Someone asked Dyson a question about blowing up asteroids with nuclear weapons at the session. My recollection of the response was that he said he thought it was a bad idea that would make shrapnel and magnify the problem. Dyson told us that the best solution he could think of was to build a ship to go to the asteroid and then assemble a "mass driver". The mass driver would be a piece of equipment that broke off pieces of the asteroid and hurled them at right angles to the trajectory in an appropriate direction in order to divert the orbit. While Dyson is only one man, I suspect that his opinion on the matter might incorporate more finesse that a bunch of weapons engineers.
I have been doing materials science research on my own dime. One of the interesting phenomena is that virtually all American research and most western European research are tied up in journals that only a university could afford to subscribe to. I cannot pay 20 or a 100 dollars to see an article online which may or may not even be what I need. Some of these journals charge thousands of dollars a year for a subscription. None of the journals are carried by my local university library. It probably would be possible to get many of them via interlibrary loan but it would be very difficult due to the wide variety of articles I need. The upshot is that eastern European, Indian, and some Chinese researchers publish in journals that are freely available online and in English. As a result, I frequently get information from these sources but almost never from Americans. At least for the specialized field of materials science I've been working on, copyright is the single largest impediment to doing research. How is it that studies that were paid for by the government and should be property of the public can be locked up in journals that are too expensive to obtain. Perhaps we need to start a campaign of suing the funding agency for each article under the Freedom of Information Act to obtain the article!
Fuel Cells are not Carnot limited because they are not heat engines. Carnot limits apply to engines that compress and decompress a gas using heat. Fuel cells are based on electrochemistry and suffer no such restriction.
I went to Egypt and Kenya on vacation last year. I took a GSM blackberry with me. I had better data service in Kenya watching elephants walk by than I get here in alabama in the US. I was literally walking down the street in Mombasa googling for the e-bay price of various stuff I wanted to buy in the tourist shops: Specifically, Indian made replicas of sextants. It's a strange experience to be admiring the great pyramid in Egypt or a group of giraffes in Africa and then get e-mail from texas about the woes of your software architecture. I had identical experiences to Mombasa in Nairobi also getting better GSM service than in Egypt. The kenyans have a long way to go but they have been so far behind for so long that they have skipped several generations of technology that we are cursing but can't get rid of because they haven't depreciated to zero yet. Incidentally, in the nicest part of Nairobi, the shopping mall is just like the ones anywhere else with the exception that the shelves seem very slightly less well stocked and the fact that it is guarded by kenyan army personnel with automatic weapons. They also have atm's from 5 different banks, newspapers, movie theaters, fast food, etc. While I was there in Nairobi, I stopped by the local office of Fisher Scientific since they had their office across the street from my hotel. I saw invoices for a local brewery on the desk there as well as a nice display of lab glassware. In short, while the Kenyans do not effectively maintain roads, or sidewalks, and they've had to effectively sell the train system to the South Africans (Rode on the train with two guys from Rift Valley Railroads, the SA company that had just taken over the railroads), they do grok technology. While the power grid in Nairobi and Mombasa is a bit flaky and the rural areas have nothing, the kenyans are working towards industrialization. I saw some interesting factories being built on the train ride between Mombasa and Nairobi. I suspect that one could get very rich over there buy starting a factory to do technology because there is a lot of labor available and most of the Kenyans I met seemed to work very hard. My friends from Rift Valley Railways said that the kenyans worked hard when they knew what to do but if there was a lapse of leadership, they'd just come to work every day and sit at their desks doing nothing even if the mission of their department had ceased to exist decades ago. At any rate, I've gotta get back to signal analysis.
I just got done with an NSA accreditation exercise for a SUSE 10.0 box. SUSE's support for proper logging and auditing was severely lacking and we had to jump through hoops. Why would a sane person invent something like AppArmour when the NSA created SElinux and it does what's required to pass certifications? SuSE has gotten better in 10.1 and 10.2 but I still don't think they've managed to get logging and auditing to work right. Go Redhat. SuSE has a nice desktop and 10.0 had better hardware support for out exotic tabletPC stuff than did the fedora release at the time but we paid for that with pain on the accreditation.
What about the controversy on NPR today about patenting tax avoidance strategies as business methods patents?! This is a practice that strikes me as criminally insane yet there were business defending their "right" to do so. . .
This is old news. We were doing this in military devices since the early nineties. When I worked on some flight computers for a mystery product at a defense contractor, there were all sorts of places where an ASIC had a problem and that they had added a programmable logic device to clean up the problem. In fact, I think the designs left an extra programmable logic device for that purpose. Same as when I worked in semiconductor test equipment. At a vendor of automated chip testers, there were many functions on the system that had to handle unbelievable problems and occasionally a mistake was made in an ASIC. Frequently, a patch was tried to the software to make it work and if it didn't work, the functionality was offloaded to an FPGA where the new improved version of that function could be placed. Of course if the mistake was too bad then a very costly ASIC spin had to occur. . .
Other posters alluded to it but in my experience with my supper club's HDTV's tuned to ESPN HD, the MPEG4 artifacts are so annoying as to make me want to tear my eyeballs out. A basketball game where the lines on the floor don't pixelate every time the camera moves makes me want a plain old TV that may have been interlaced but didn't use god-awful compression. Does anybody else notice this?
If you can run your camera on NiMH batteries, a couple sets of them and a solar battery charger are a great way to have digital pictures even with little or no power grid access.
AFAIK, this comment is based in Moussilini in Italy during the second world war who was notorious for making the trains run on time unlike before the Fascists came to power.
Likely a problem crossing the international dateline. I once heard of a problem (perhaps urban legend) where a plane flipped upside down when it crossed the dateline due to the system making a mistake in computing the direction of up in the eastern hemisphere.
If only voting machines were designed to as strict a standard: http://gaming.nv.gov/documents/pdf/techstds_05nov1 7_adopted.pdf
I can commiserate. I started deploying an application on Suse 10.0 rather than Fedora Core 5 because I couldn't get the kernel in Fedora to cooperate with the disk controller on the tabletPC hardware. It worked right out of the box in SuSE 10.0 and that was that last thought I ever had about Fedora.
Recursion is not allowed in safety critical code according to IEC 61508 and Nuclear Regulatory Commission NUREG CR6463. They are afraid of stack overflows and failure of the recursion to terminate.
I have been deploying a semi-embedded system for military use. I already have to maintain special versions of 40 packages from the SUSE 10.0 Distribution to meet various security requirements. Gnome's lack of configuration options for GDM, specifically ways of turning off many fallbacks and modal dialogs that are not appropriate for a kiosk like system are a pain. I finally just modified gdm and rebuilt it to ignore certain conditions like not being able to write the .dmrc config file because the home directory is read only. Also, don't even get me started about getting a GTK application to come up correctly with override redirect WM hints.
There are some parts of gnome that are nice but some of the fallbacks in gdm and the modal dialogs are security risks because they allow the user to get a different interface than the one designed into the product and there is no way to turn them off in the config files.
I can sympathize. A default SuSE linux 10.0 install uses umask 022. The number of places where the umask has to be changed to 027 to meet the NSA's requirements is annoying. Out of the box security is one thing but one would think a big hosting provider would know better.
I'd have to agree on the comments on Evolution. There are some really nice UI features and I'd love to use it but bugs in it make it unusable for me. The bug that killed it for me was a bug in proper handling of LDAP directories which would cause Evolution to deadlock usually after I had written an important e-mail and wanted to add an address. I spent hours poring over the source code and eventually found that one of the components in Evolution tries to message Evolution Server to get the LDAP data and the whole thing hangs. Near as I could tell, the bug related to not handling an error condition somewhere related to the LDAP request: Not that anybody can really tell since the call stack was 30 or 40 levels deep and even with the source, determining who threw the error and why was like looking for a specific molecule of water in the ocean. The devs were relatively responsive and I did get closure on all of the bug reports I submitted. I was never sure the bug was fixed as the devs who fixed related stuff weren't sure either. I had to switch to Thunderbird to be able to reliably send mail to my colleagues so I ultimately stopped caring. Reading the source code, there are lots of comments suggesting uncertainty as to whether different sections of the code are correct. I can't say I found I liked the IMAP code in there as it's error handling seemed pretty weak. I'd say that Thunderbird is much more stable from the user's perspective and I've never had a problem in it with any of the features in Evolution that made me switch. I like the evolution UI but I think the backend is broken and that they would be better off to take a working backend from elsewhere and put their front end on it than to continue developing the current code base. Other systems I've experienced with similar architectures are usually broken and a sign that the system needs a simpler architecture.
I remember hearing CNN one weekend day in high school where this happened on the air. The reporter said something to the effect of, "I can see the shells from a battleship raining down to the north. I can hear small arms fire to the west and tank fire to the northeast. . ." Just as the words came out, I started telling my mother that the unit who the reporter was with should be taking fire just about now. Sure enough, right after my remark, The reporter said, "Our military Liaison has informed us the we have to get out of the area immediately." End of CNN report. While my quote was perhaps a touch inaccurate being from memory many years ago, it was clear to me, even as a highschool student, that the reporter had given enough information in the original quote to accurately triangulate their position. Moral to the story: Don't run around in a warzone giving precise bearing and range information to everything you can see on international TV. If you do, you will become friends with Mr. Artillery Shell.
I've said it before but we really ought to be looking at the Nevada Gaming comission Rules. These rules describe the level of security that we should demand from the process. They are almost as stringent as the standards for nuclear power plant safety and mining equipment. I'm not blowing smoke: I've got IEC 61508, NUREG CR-6463, and DO-178B on my shelf and I still say, "See Nevada Gaming Commission's Technical Standards For Gaming Devices and On-Line Slot Systems." http://www.gaming.nv.gov/documents/pdf/techstds_04 dec16_adopted.pdf
Gaming is oddly very similar to voting and unlike Cyber, these folks have done their homework.
In that voting is basically a statistical game of chance between two candidates, we ought to be studying gambling machine standards to see the level of security to which voting machines need to be raised. They may call Los Vegas Sin City, but those Nevadans may have written the document that saves our country. Since there is more money made in Vegas yearly (daily?) than is spent in a U.S. national political campaign, voting machines ought to be held to the same standards as the Nevada Gaming Commission's Technical Standards For Gaming Devices and On-Line Slot Systems http://www.gaming.nv.gov/documents/pdf/techstds_04 dec16_adopted.pdf
I sincerely doubt any of the voting systems I have heard about come even close! If there is a way to change the program in the machine in the field, a voting machine has already failed this test. They also require the system to detect and record the last 10 changes to its configuration, absorb an ungodly amount of static electricity without malfunctioning and require all unused ROM to be zeroed. . .
A run of the mill slot machine is likely infinitely more secure than a Diebold voting machine and probably a lot more secure than most voting machines.
First off, I'm not a programmer nor do I have a CS degree. I have a degree in general engineering. My classmates and I were taught that the difference between training and an education is training teaches you how to solve previously framed problems while education teaches you how to solve problems that aren't well defined.
Since you undoubtedly have received an education, there are two components to solving your problem:
A quote from my chemical engineering professor was: Let's convert that to Pound Mols per degree Rankine: that'll make it easier. Despite taking classes that taught me such useful lessons, I was able to reverse engineer an entire Concurrent (CCC) UNIX filesystem and write a program that could read it on an incompatible version of Solaris. It wasn't the fact that I know what a pound Mol or a degree Rankine is that made me educated, it was the fact that I was willing to pick up Lion's Commentary On UNIX 6th EDITION With Source Code (ISBN 1-57398-013-7) and figure out how the antique file system worked.
It is very seldom in your Career that you will know how to do what you want to do. The difference between success and failure is the willingness to figure out how to solve the problem in front of you regardless of whether it was in your knowledge area or not. One time for example, I found I needed a way to extract audio clips embedded in JPEG files from an old digital camera to make a web site of my cross country bicycling trip. I found the EXIF specification on the internet and wrote a lousy but functional program to extract the data.
In short, you were given a box of tools when you left college. Some of the tools in there are great, some are about as useful as an adz in modern construction. Your job isn't to take the tools in the box and go forth into the world: your job is to use the tools you have all the while filling the box with better tools at every opportunity. The box will never be full but as long as you keep filling it, you will always be on the road towards solving the problems you want to solve.