Forgot your password?
typodupeerror

Comment: Re:It doesn't. (Score 3, Interesting) 579

by ratboy666 (#46761723) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

This myth gets trotted out again. It is arguably easier to find exploits without source. The source distracts from the discovery of an exploit. The binary simply is. The black-hat is looking for a way to subvert a system. Typically she is not interested in the documented (by source or documentation) functionality. That simply distracts from the issue which is finding out what the software actually does, especially in edge circumstances.

This is what fuzzers do. Typically not aware of the utility of the program, they simply inject tons of junk until something breaks.

Source availability tends to benefit people auditing and repairing more than black-hats.

Yes, it took years for heartbleed to surface. If heartbleed (or a defect like it), was discovered due to a code audit, that speaks to the superiority of open source over closed source. If this defect is found by fuzzing or binary analysis, it is much harder to repair, as users are now at the mercy of the holder of the source. Build a matrix of Open/Closed Source vs. Bug found in Source, Bug by fuzzing/binary analysis.

Bug found in source vs Closed Source is not applicable, giving three element. Found in source vs. Open Source (where the bug will be repaired in the source by anyone). Bug found by fuzzing... where the bug will be repaired in the source by anyone (Open Source) or the Vendor (Closed Source).

The question then is (as I started the article): Is it easier to find bugs by source inspection? Assume big threats will HAVE the source anyway. If it was easy to find by inspection, it would be easy to fix (for examples: OpenBSD continously audits, and security has been a priority at Microsoft for the past decade). Fuzzing and binary analysis is still the preferred (quickest) method, giving the edge to Open Source. The reason is simple -- the black-hat cares about what is actually happening, and not what the source says is happening.

Comment: Re:Blame GNOME 3 (Score 2) 686

by ratboy666 (#46742253) Attached to: The GNOME Foundation Is Running Out of Money

I have been using Gnome 3.10 (Fedora 20) on an Acer Iconia W700. This has no keyboard when I use it as a tablet. It does have multi-touch, and gyro/magnetic/ambient light/etc sensor.

Tried XFCE (my usual desktop for the past decade) -- it doesn't do well with the 192dpi display. I then decided to try Gnome 3, because of all the complaints (it forces tablet view on users).

- No keyboard means typing to find an application doesn't work. Adding the "Applications Menu" and "Places" Gnome Shell extensions solves this.

- The default on-screen keyboard doesn't support function keys, esc key, control keys. Solution: add florence

- Without a keyboard, yumex is not usable. Can't enter password to activate stuff.

- Can't activate the bottom panel reliably. Using "Frippery bottom panel" helps out (gnome shell extension). Tapping the "!" at the bottom right then does the job. The "Hi, Jack" extension almost works, but isn't reliable enough.

- Rotation doesn't work. I had to put a script on the desktop to activate rotation.

- No multi-touch support in Gnome 3 (really strange, I have a python program that demonstrates multi-touch).

- And now for the cake - Focus is very strange. I can launch a new application but the old application still has some focus! Nasty bug that in interacting with user input.

I would prefer to stay with Fedora. Is there any DE that supports touch better on Fedora? Or do I go with Ubuntu and Unity? Are improvements coming in Gnome 3.12 or 3.14?

Given that your Gnome 3 experience has been much more positive, what is your advice?

Comment: Re:We Choose Framentation Over Consolidation. (Score 4, Interesting) 391

by ratboy666 (#46608013) Attached to: Toward Better Programming

I've been programming professionally for 35 years. And, I have come to the conclusion that the languages, libraries and MOST of the tools are utterly irrelevant.

Clear thought is important. And, to support this: Source control is important. On-line editing with macros are important. Literate programming is important (DE Knuth -- http://en.wikipedia.org/wiki/L...). Garbage collection is (reasonably) important. Illustrations are important. Documentation rendering is important.

Hell, most of my programs are 90% documentation. Bugs? Very rare.

The SINGLE most important tool that has advanced things for me in the past 20 years? Web Browsers (HTML). Makes reading programs as literary works accessible. My programs, anyway.

Past 30 years? Literate Programming (with TDD)

Past 35 years? Scheme.

I expect my programs to be read. As literary works. That's how I write them. Most is prose, with some magic formulas. Fully cross-referenced for your browsing pleasure. With side notes and illustrations. And even audio commentary and video snippets.

These days, I see a lot of code that CANNOT be read without using an "IDE". The brain (my brain, anyway) cannot keep the required number of methods and members. Discussing the program becomes... impossible. And that which cannot be discussed and reasoned about cannot be reliable. Illustrations and diagrams need to be generated, and references from the code to those are needed.

So, invert it and make the diagram and documentation primary, and the code itself secondary to that. In other words, Knuth's Literate Programming.

Comment: Re:A reaction? (Score 1) 107

Dump Windows for Linux. Pretty dumb reason. In fact, not a reason. And, it won't save you money. Back in 2008/9 a Linux netbook was 50ish dollars cheaper. Now, you can't get one (easily). If you have a need for Linux (I do, it runs the applications I want), you will typically get the machine with Windows, and then replace it with Linux. Microsoft gets money, and has one less customer to support.

Comment: Re:LOL .. 0.9.0? (Score 3, Interesting) 173

by ratboy666 (#46534965) Attached to: Bitcoin's Software Gets Security Fixes, New Features

But... I assume you are in the US or Canada. Didn't your currency just get a bug fix update for anti counterfeiting? An update to the US $100 bill was released October 2013. Obviously, you can't trust that yet -- give it a few years.

As to being "regulated" by government, -- what is that, exactly? BTC is one possible crypto-currency, so it is of interest what you think this "regulation" should look like.

Comment: An Interesting use of "Standard" (Score 1) 127

DX12. Microsoft is the sole definer. Implemented for only ONE Operating Environment, according to the defining body. May be implemented for two OSs at Microsofts leisure.

May or may not be upward or downward compatible with itself or anything else.

So PLEASE. STOP calling DX ANYTHING a standard. You may call it a library or an API.

PHIGS is the standard. OpenGL has pretty much supplanted PHIGS but is still not a standard. OpenGL is also an API but with broader support.

Comment: Re:Unregulated currency (Score 1) 704

by ratboy666 (#46398715) Attached to: Bitcoin Exchange Flexcoin Wiped Out By Theft

Crap.

We KNOW what happened to those bitcoins. We WILL know when they are spent. Indeed, it is possible to simply taint them (and this IS done).

Bitcoin is FULLY traceable, and is worthless unless the blockchain confirms. Which makes control very easy.

The fact that the exchange is not secure -- is the problem for the customers. Just like a bank. But, if money is tainted, the government will just print more...

With bitcoin the tainting would just end being pretty permanent. Yes, "fresh" bitcoin are worth more. I would pay more for a fresh clean btc. You want to sell me a btc that traces back to this theft (and yes, I would know in milliseconds, since I, like others) track all btc transactions, I wouldn't buy it -- I would report you to the police.

Tell me how I do that with cache?

I would need access to a registry of all currency serial numbers. Which I have with bitcoin.

It is STUPID to say that the government doesn't watch bitcoin. Hell *I* watch bitcoin. Sure people can steal bitcoin. They cannot lie about it. I know if a bitcoin is tainted. I may even participate, but I would certainly devalue those bitcoins (but would actually simply report the attempt to move stolen property to the police). The bitcoin in question transferred, and that transfer is public knowledge. The bitcoin, source and destination. After that, I can consider those btc tainted.

Of course, keeping track of all this bitcoin activity is the fundamental problem... It requires days to catch up now, and continuous on-line connection to keep up. But, I do it with an Atom based computer (not mining, just tracking transactions).

BTC is NOT "anonymous", BTC is NOT "untraceable". EVERY BTC is DEFINED by its entire history since it was mined. Using it simply adds to its history.

Bitcoin Problems:

- Ignorance
- There will come a time when the transaction records can no longer be managed by individuals (not yet a problem).
- Blind trust in the "internets" (why should someone have trust "Gox" anyway?)
- Lemming behaviour
- Deflation

Comment: Re:Parasitic Rentiers (Score 1) 258

by ratboy666 (#46388625) Attached to: Inventor Has Waited 43 Years For Patent Approval

Protection of law.... is what patents offer.

A completely laissez-faire system has no protection under law.

Trade secrets aren't that useful -- once out, there is no longer any protection under law. Only the protection of a Guild would work.

A Trade Secret or NDA under current law is a "one-time only" thing. Once the cat is out of the bag, there is not stuffing it back in. A Guild offers the ability to stuff that cat back in. Sure, it may take "mafia-style" tactics, but if the Guild is placed correctly, it WILL be allowed to get away with it.

Comment: Re:Parasitic Rentiers (Score 1) 258

by ratboy666 (#46386829) Attached to: Inventor Has Waited 43 Years For Patent Approval

Interesting... you used the word rentier! Wrong.

The point of granting patents was to OPEN the process up. Say we completely eliminate patent protection... Now, inventions will remain secret. Guilds will form and the technology will be held within the Guild (as history has shown us, even to death). Eliminate the Guild? The technology dies. Making the Guild more powerful than the Government.

Comment: Re:I'm sorry (Score 1) 164

by ratboy666 (#46358595) Attached to: ICANN Considers Using '127.0.53.53' To Tackle DNS Namespace Collisions

Um... this will happen all the time!

You access some resources on your corporate network from your laptop. To do this, you have configured an application to talk to the server. That server happens to have the name whizzy.corp.

So far, no biggy. IF you launch the application and you are not at work, whizzy.corp doesn't resolve. For example, at your local starbucks, BEFORE you open your VLAN.

What happens when .corp is assigned? Suddenly whizzy.corp is now a machine on he internet. Say the application is your corporate IM system.

(I would imagine that names like exchange.corp would be very hot items).

For this reason, the recommendation is that .corp, .home and .mail be reserved.

I would like all the RFC 6762 names to be reserved (.intranet, .private, .lan, .internal as well).

Of course, startup applications on laptops COULD be locked down, along with a strict no-byod policy, thereby eliminating these issues... maybe. If your company supports a VLAN, they may well arise anyway. This CAN be made to work, but I am (fairly sure) that most users wouldn't like it.

Comment: Re:Architecturally Insecure (Score 1) 116

by ratboy666 (#46331791) Attached to: Complete Microsoft EMET Bypass Developed

Why do you mention Linux? This sub-thread compared Windows against z/OS. The "market share" for z/OS as a general compute device is, of course, even less than Linux. However, z/OS is arguably much more secure than Windows.

Why is it that Windows criticism is taken as Linux support? Linux has its place (and I use it as my primary OS) but I certainly wouldn't claim it is secure. Windows should be secure, given that it is pre-installed on almost every consumer computing product.

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it.

Working...