Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
User Journal

Journal Journal: Who is Carol Foyler?

My girlfriend stumbled upon a news item on the web edition of a local newspaper here in Iceland ... a very strange item.

The piece says that an organization called The Media Watchdog Group has critized the American TV networks for not focusing enough attention on the death of Anna Nicole Smith. That instead of providing constant coverage of the story, they sometimes took a few seconds to report on Iraq. The whole piece has very satirical overtones, and it was immediately obvious on reading it that something was fishy about it. It reads like something out of The Onion, but there it is, presented as an actual, serious piece of news on a respectable news site.

A bit of research (i.e. googling) revealed some interesting facets. First off, there is apparently no organization in the US called The Media Watchdog Group. Various organization, most notably FAIR, have been called media watchdog groups, but no orginization offically carries this name. More interestingly, a lady named Carol Foyler was quoted as a spokesperson for this apparently fictional organization. On googling her name, a great number of 'news items', most of them obviously fake and satirical, are revealed, where someone called Carol Foyler is quoted as a 'spokesperson' for this and that group. With further probing, we found that the source of the story that started our quest has to be The Borowitz Report, a satirical news site run by a guy called Andy Borowitz. Apparently, a running gag of his is to quote 'Carol Foyler'.

Now the big question is: Haven't journalists heard of googling? The worst thing is that the Icelandic news item is obviously translated word for word from The Borowitz report, or, more likely, some other source that picked it up, one that's not so blatantly fake. No, that's the second worst thing. The real worst thing is that they don't even cite a source for this bit of 'news'.


User Journal

Journal Journal: Linux 2

I came to Linux relatively late. It is now only around 3 years ago that I decided to give it a try. There are a number of reasons why I didn't do it earlier. I was living with my parents and thus shared a machine with the rest of the family; I was into gaming and thus 'needed' Windows, etc. Well, better late than never I guess.

At this point in my life I had amassed a little bit of money to play with, so I bought a laptop specifically to install Linux on - and this was no easy task. Well, getting a laptop was easy; it was not getting Windows that was damned hard. Supplier after supplier that I talked to absolutely rejected the possibility of selling a 'clean' machine. To me, this is something that should be a simple matter. Why would the customer be denied the right of just buying a complete system without an OS pre-installed? This is one of the annoying little things that show the absolute iron grip that Microsoft has on the entire market. Not just software, but hardware too.

Anyway, this is something that has been discussed to death on Slashdot and is no news to anyone. I finally managed to find a friendly little store that not only sold 'clean' computers, but also allowed you to choose Linux preinstalled too. I decided to get a clean one, as I wanted to try the full experience of installing Linux from scratch. The distro I went for was Ubuntu, as a former co-worker who was heavily into Linux recommended it. The installation went rather smoothly, but there were some issues. The laptop used an Intel Centrino chipset, and getting things to work was a bit of, well, work. Drivers for the wireless card had to be obtained and installed, and I had to get and installed something called 915resolution to patch the BIOS so I could use 1280x800 resolution. It worked out in the end, but it took some time, and I heavily doubt that a person with average computer skills could have done it without assistance.

I liked Ubuntu and used it for a few months. It fulfilled all my needs - web browsing, hobbyist programming, word processing, etc. All that was lacking were high-end games, but luckily I was losing interest in gaming at this point, and when I moved into my own apartment I took only my Linux laptop and was happy with it. Then disaster struck, as tends to happen. The hard drive failed, and I had no backup. No great harm done - I had no really critical data on it. This time around, I had gained some knowledge and inside into the world of Linux, and decided to give Fedora Core a go. Since that distro offered the choice of Gnome or KDE, I chose KDE for comparison. I must say that I was soon absolutely blown away by how much better I liked KDE. This could be just a personal preference, but I consider KDE to be much better than Gnome. However, I'm no fanatic - and it's also good that there's a choice, and that the design of Linux allows you to use whatever windowing system you prefer.

After having used FC for quite a while, I began to run into troubles. I don't know if it was because I had been running it so long, and upgraded twice via yum, but there were ... instabilities. The worst thing was that I could never get any BitTorrent client working properly. Azureus would just stop transferring after a while and had to be restarted. KTorrent would mysteriously leech all bandwidth to itself - not even ping would work when KTorrent was running, but only sometimes. Quite annoying stuff. These quibbles, along with the emergence of Kubuntu, started to tempt me into switching again. The downside was that I (still) didn't have any backup facilities. I decided to change that. I bought an old Dell workstation cheaply, installed CentOS on it (without any problems whatsoever), connected it to my router, and voila, I had a local server. With this, I could backup my data and install Kubuntu. This time around things were at their smoothest yet; everything ran perfectly out of the box, except I still had to use 915resolution. Luckily, I didn't even have to hunt it down this time - it was right there in the package system.

Now I'm a happy pseudo-veteran of Linux using Kubuntu on my personal laptop and CentOS on a server (that still has a lot of unused potential, I guess).

I've come a long way.

GNU is Not Unix

Journal Journal: Stallman 2

I went to see Richard Stallman give talks here in Iceland yesterday and the day before. The first lecture was about the Free Software movement and the philosophy behind Free Software. The second one was about the issue of software patents.

I must say that I was greatly impressed, both by the man's ideas and his presentation of those ideas. He is obviously a man who thinks things thoroughly, spending a great deal of time on building his opinions on sound logical foundations. On top of that, he is a man of principles - he has basic philosophies of life, and does not compromise them for any reason.

I am fascinated by the community-minded aspects of the whole Free Software philosophy. No wonder Steve Ballmer and his lackeys have compared it with communism. Although that's surely a ridiculous and typically simian comparison, it does have a slight grain of truth to it - Free Sofware is about building communities and contributing to society as opposed to making a profit through divisionism and monopoly.

Also, Stallman's analysis of the software patent situation was, as far as I could tell, spot on. If I thought software patents were a bad idea before hearing Stallman lecture on them, I am totally won over now. Broad-ranging software patents on algorithms or some vague ideas are harmful to software development in general. It is the software itself as a whole that has a value, not the various ideas that it uses. Stallman likened the current situation to a 18. century Europe where composers could get patents on general musical ideas, thus stagnating the whole music scene.

Well, Stallman said it all better than I can. Maybe I should just finish with a link to the fine fellow's page.

User Journal

Journal Journal: The U.S. Should Retain Control of the Internet IP/Name Space

Numerous people outside the U.S. are demanding that control of the IP address space and name space on the Internet be turned over to some international body. The arguments are just being recycled ad-nauseum at this point and none of them stands up to scrutiny. Let's examine the most common ones with analogies for clarity:

1. 'The way that the U.S. doles out IP addresses and top-level-domains is unfair.'

It may be unfair, but that doesn't have anything to do with whether the U.S. has the legal and moral right to control TLDs and IP addresses.

Analogy: The Red Cross might feel that it's unfair that you give more money to Greenpeace than to them, but that doesn't mean that there should be some committee deciding how much of your money will go to each charity and how much you will get to keep. If the U.S. wants to reserve 10 IP addresses for each man, woman, and child in the U.S., that's their call.

2. 'Much of the modern Internet technology was developed in other countries, including HTTP (the World Wide Web).'

That's nice, but it doesn't mean that the country where it was developed automatically gets to assume shared control of the name space and IP addresses.

Analogy: If you were invited to stay at someone's home, the fact that you voluntarily planted a garden, furnished the living room, and hung paintings does not mean that you get to form a committee and decide who gets which bedroom.

3. 'This is like Britain trying to control the world's steel industry because Britain invented steel.'

Except that the U.S. is not trying to control your computer industry. The U.S. is just dictating the terms by which a computer can be attached to a network that was invented by Americans at American taxpayer expense. The U.S. is deciding how to apportion IP addresses and namespace.

4. 'It's vital to the infrastructure and financial security of many countries.'

Then it sounds like those countries made a mistake in relying on a U.S.-run network for something that important.

Analogy: That's like me demanding that I be given managerial powers at my cable modem provider because the service has become so important to me.

5. 'The Internet has grown massively through the addition of non-U.S. computers, networks, web sites, services, etc. Much of the growth has been through foreign investment.'

On the other hand, the Internet has fueled the growth of countless non-U.S. businesses. Does that mean that the U.S. should get a say in how those businesses are run? No? Then why should the countries in which those businesses are located get a say in how the Internet's IP addresses and TLDs are doled out?

Analogy: International airlines have been taking off and landing at London's Heathrow airport for decades, funding much of its operation, growth, and expansion. Given that, should the English support a U.N. takeover of Heathrow airport? Should the U.N., rather than England, decide whether a block of gates was assigned to Air France or British Airways? In time of war, would the English rather be able to deny their enemies access to Heathrow airport, or would they rather that the U.N. decided if the enemy planes could land there?

6. 'Then the U.S. should pay us for the invention of {insert one or more: steel, steam engines, the world wide web, computers, light bulbs, etc.).'

Why? The U.S. isn't charging you for the use of Internet protocols, hardware standards, or concepts. In fact, through our generousity, organizations all over the world have set up standalone networks based on U.S.-developed Internet standards. We're not even charging you royalties for the use of the Internet.

In conclusion, if it's important to you to have a U.N.-controlled version of the Internet, you are free to set one up. You can even base it on the same standards as the Internet without paying the U.S. any royalties or fees of any kind. That is a generous offer and more than fair.

User Journal

Journal Journal: Message to Fans

I'm maxed out on "relationships" here and have pruned all the "non-reciprocal" befriendings off my list. So I'm terribly sorry but I can't reciprocate anyone else befriending me. You're such a lovely audience, we'd like to take you home with us, we'd love to take you home...

If you want to see more of my snarky comments about geeky stuff, political stuff, and my progress returning to school, drop in and check out http://www.msgeek.org/.

User Journal

Journal Journal: Moderation as a Weapon

When I checked Slashdot today, I discovered that my five most recent postings had all been modded down by one point (overrated). These were postings in three separate threads on different subjects. Two of the postings had been modded up shortly after they were made.

It is pathetic when someone is so small-minded that they abuse the Slashdot moderation system just to "get even" with, or play a practical joke on, another user. If you're not bright enough to debate on Slashdot, then go back to your AOL chat rooms and leave Slashdot to the grown-ups.

User Journal

Journal Journal: On use/quoting of Slashdot content I've written. 3

I've had one particularly scrupulous person ask whether reprinting things that I've written on Slashdot is acceptable. I consider any content I've written freshly for Slashdot to be public domain -- it'd be nice (though not a requirement) for you to attribute me (as 0x0d0a on Slashdot). You can use what I've written here however you'd like.

There is one caveat that you should consider: If I'm quoting something that has previously been written elsewhere, by someone else (or me), I can't necessarily place that into the public domain. If I use a snippit of source code from the Linux kernel, obviously I can't simply put it in the public domain. Other than that, have fun with it!


Journal Journal: Arrgh 1

Due to excessive bad posting from this IP or Subnet, comment posting has temporarily been disabled. If it's you, consider this a chance to sit in the timeout corner . If it's someone else, this is a chance to hunt them down. If you think this is unfair, please email moderation@slashdot.org with your MD5'd IPID and SubnetID, which are "..." and "..." and (optionally, but preferably) your IP number "..." and your username "spellraiser".

It was bound to happen. I have been banned from AC posting a few times before, but this is the first time I have been banned from logged in posting.

Now, I have only one question. How, exactly, is 'excessive bad posting' defined? In my case, for instance, I never post 'badly' while logged in. This leaves the AC posts. These have been, in my opinion, few. I admit that I have sometimes posted AC attempts at first posts ... I mean, who hasn't? Then there is the odd sarcastic, mocking reply to a stupid comment which I'm too ashamed to leave in my user record.

I haven't been keeping an exact record of the number of these posts, but they are certainly not 'excessive'. Not by a long shot. Anyway, it's not like every single one of them has been modded down . Some of them have actually been modded up (This being the latest example thereof).

In short, I'm dumbfounded. These banning tactics are annoying and weird. What am I supposed to do ... stop posting anything that has even the remotest chance of being modded down?

UPDATE: Now that I think about it, it occurs to me that this ban might well be the result of me posting many comments that are moderated as Funny. Since this gives no Karma, and these comments are often moderated up and down before settling on their final score, perhaps the 'net value' of my moderations is negative, and this somehow triggers a ban. If this is true, then this is yet another reason for the Slashcoders to seriously reconsider the policy of not giving Karma for Funny moderations, which is in my view quite a ridiculous policy anyway. I know for a fact that it has led to a single post ruining the Karma of more than one user here.

Anyway, I'm just rambling here. I wish they would just come out and say what exactly triggered the ban ... I have sent a mail requesting this information. I can only hope I get a reply.

User Journal

Journal Journal: Gcc 3.3.3 optimization

I'm putting this in my journal instead of a Slashdot post because the lameness filter keeps eating my Slashdot post. If you have a response, please just respond to my Slashdot post.

I was empirically analyzing the gcc 3.3.3 optimizer a couple of days ago. Some interesting points:

* gcc does not appear to take advantage of the iso c99 "restrict" keyword, which can allow for significant performance improvements. The "restrict" keyword allows one to indicate to the compiler that a pointer is not an "alias" (pointer to the same location) as any other pointer available to the function, nor does it point to anything that points to anything and so forth that is aliased. Without this hinting, C compilers have a very difficult time dealing with optimizations across function calls.

* I can't seem to find any way to convince gcc to dump out its parse tree before doing any optimization. It'd be nice if I could convince it to do so -- I *know* that there's something less processed than -dr output.

* The following main() code optimizes rather entertainingly:
if (argc == 6) {
if ((argc % 6) == 0)
return c;

Compiles to (non-pertient sections removed):

                xorl %ecx, %ecx
                cmpl $6, %eax
                je .L4
                movl %ecx, %eax
                ret .p2align 2,,3
                idivl %eax
                testl %edx, %edx
                movl $1, %ecx
                jne .L2
                movl $2, %ecx
                jmp .L2

Now, gcc's optimizer is clearly clever enough to figure out that argc has the value 6. However, it takes advantage of that fact...by using argc to divide argc! These two conditionals should have compiled down to cmpl, je, mov, jmp, mov, ret.


Journal Journal: 'Article text' AC comments 4

Sheez, the AC 'Article Text' troll strikes yet again. And with good results (comment at +5, Informative at the moment). What is it with moderators? Why on Earth would anyone bother to mod something up that they haven't read?

I am still a newbie here on slashdot, so I don't have moderation rights (and getting a little tired of waiting for them :P). But if I did, I would certainly only mod up stuff that I have actually read. Especially AC stuff, which is quite often troll stuff like this.

Oh well, back to bashing my head against the wall then I suppose ...

User Journal

Journal Journal: Fixing the Workstation Color Model 8

Currently, the color model used on workstation computers is very lacking in dynamic range. It cannot reach levels that are nearly bright enough. The real world contains sun sparkling on the water, car headlights, and the outdoors. Currently, a normal computer environment can only reproduce the brightness of a sheet of paper. This is a blocking issue to producing realistic virtual worlds and images.

This is a legacy problem dating back to old monochrome monitors, where there were only two shades of color to work with. Naturally, text was represented as full white (or black) and the text's background as the opposite color. This meant that white's brightness could be turned far up, but it would be very uncomfortable for the user -- if the monitor had a white as bright as car headlamps, then anyone reading a sheet of text would have an entire page of incredibly strong brightness blasting at them.

This color model continued to be used in the era of 16 color and 256 color workstation environments. In each case, all existing software was written with the expectation that white was the expected color for paper backgrounds. As a result, anyone that produced a new software package that used a darker color for a paper color would appear dingy and unusable on any monitor calibrated for the masses of existing software. It was impossible for software vendors to move away from an old color model, since they would run into visual compatibility problems with old software.

The only way to fix this is to introduce a compatibility mode into graphic display systems (like Xorg and the console framebuffer) where a lower brightness is used for all software that does not flag itself as understanding that it is running on a "full dynamic range" display. Then the monitor brightness may be turned up by, say, 50% (perhaps aided by a software calibration utility displaying patterns on the screen). All old software would have the brightness of its images reduced by the display system by an amount chosen to bring the brightness of 100% white down to the level of a piece of paper. All new software would be allowed to use the "extended" range of colors, with more brightness available. Common interface images and the like would not be extremely bright, but games could have bright explosions.

Images are all currently calibrated for the traditional "white is paper" setting. Image formats would need to be extended to contain a "use extended colorspace" flag, much like PNG contains a gamma setting.

Since this takes some work to implement, and there are two other changes to the workstation color model that need to be made, I would suggest that all three changes should be made at once.

The first additional change is the move to calibrated color systems. Currently, desktops are almost never callibrated to a particular level, unless they are being used by graphic designers. This results in an inability of designers to produce images that may be viewed by end users (if they so desire) at a correct brightness/contrast level. I strongly suspect that this is because even basic color calibration is made difficult (and often expensive) rather than the normal operation that it could be. There is a need for operating system display configuration tools (like the Monitors control panel on Mac OS, the Display control panel on Windows, the Screen Resolution capplet on GNOME, and the KDE Control Center Display tab) to contain a set of callibration images like the ones here to help ensure that the majority of monitors are properly callibrated (again, if the user so desires).

The second additional change is the move to 64-bit color. 64-bit color has been talked about for some time (at least for framebuffer use inside video cards), but hasn't yet caught on. 64-bit color will probably the last color move ever made, as it should pretty much max out the human visual system's ability to distinguish colors. 32-bit color (at least with 8 bits used for each channel) produces banding faintly visible to most people even with a conventional "paper is white" calibration. If you want to see if this affects you, use an image editing program (such as the GIMP) to create a fullscreen gradient, black to white, upper left to lower right, and see if you can see bands of brightness appearing in the image, despite the use of every 256 levels of gray available on your monitor. I can easily see bands (especially in the dark part of the gradient) on my monitor. Moving to a larger dynamic color range will exacerbate this problem if the number bits used for each channel do not incrase, since each brightness level will be further apart. Since apps must be updated to use 64-bit color, the 32-bit to 64-bit transition is an excellent time to introduce a broader range of brightness levels -- one would simply map old 32 bit colors to a range running from, say, 0 to 2^63 (or half of the available brightness range).

By simultaneously adding calibration images to display control panels, increasing the dynamic range, and increasing the bit depth available, end users can be given truly realistic (rather than the equivalent of ink-on-paper) visual reproductions of the outdoors, visually-identical images across workstations, and freedom from banded, perceptibly-imperfect images. There is no reason that users should be able to say "that looks like it's on a computer monitor" -- a computer monitor, properly set up, can properly reproduce everything that is seen in the real world.

User Journal

Journal Journal: Fixing the Login Screen 7

As mentioned here, one security problem with passwords is accidently typing one's password into the username field when logging into a system. This can be a problem if the password is being entered in an environment where other people are watching the screen.

Generally, the password field is "masked" in password entry systems to prevent people from reading the entered password -- a character count may be shown with asterisks (as on the Windows login screen or in Red Hat's gdm), visual feedback may be provided as each character is entered (as on the Lotus Notes login screen), or no feedback at all (as on Red Hat's terminal login screen).

It seems that the "accidental password entry in username field" problem could be avoided by also masking the username field.

There would be some issues with such a scheme.

First, it increases the number of characters that must be blindly typed correctly to reach a login. I do not feel that this is likely to be a significant issue, as users type their usernames on a regular basis into the machine.

Second, it eliminates visual feedback that would tell a user that they have the caps-lock key down, a common problem when entering a password.

Third, it prevents people from troubleshooting issues with keyboard configuration (for example, the keyboard may not have the correct layout selected).

I feel that the caps lock problem may be solved in several ways. First, it is possible for many systems to put a visual warning indicator onscreen when the caps lock is on. This may be a good idea, as it is almost never desireable to have caps lock enabled when entering username and password. However, not all systems can detect the state of the caps lock (for instance, when telnetting into a remote machine, caps lock state is not sent to the machine -- breaking this approach when dealing with a remotely-generated password dialog).

Second, it might be possible to print a warning if a username is entered in all capitals.

Third, it might be possible to toggle the masked nature of the username field (possibly through an out-of-band mechanism such as a mouse), or possibly by simply entering a zero-length password and username, or hitting a key on the keyboard that is not reserved for password entry. This way, the vast majority of the time, the username field would be masked, and only unmasked if someone is troubleshooting login problems.

User Journal

Journal Journal: So much for EU dmocracy

These last two days were really a proof that democracy in the EU is still a remote goal. To have the Council trump the Parliament twice in 2 days, and going flat against the interests of EU's own citizens, is sad.

While the decision that made /. front page, about software patents is bad enough, it still has a slim enough chance to reach a forced arbitration if enough MEPs decide theis votes should have some value when it comes to EU laws. But I truly am amazed of the (sheer ineptitude of the) decision to ratify the handing over of EU citizen's private information to the US. Not only the Parliament's decision that such a move is against EU laws weighted nothing, the foreign ministers hurried up to ratify the Council's decision, so no further approval in the Parliament is needed.

So much for the EU governments looking for their people's interests. Do they really believe that the US will give a damn about the privacy of some foreigners??? when on enough recent occasions the US showed their own citizens' privacy is expendable. And sure they'll just go out of their ways to ensure that all this data is never, ever, ever misused. Not now, not in 20 years. Riiiiight!

So, as expected, money talks the loudest in politics. And if it's foreign money ... why should a politician care? their own skin comes first, apparently. This shows democracy for what it truly is in the long term - innocent people sometimes wander into politics, but they don't stay innocent for long. Yeah, I know, voting is supposed to take care of that; so if any fervent defender of democracy would care to explain to me how would he/she vote when faced with only evil choices, I'd be glad to learn about the benefits of voting[*]. Until then, I maintain that democracy is trumped by human nature.

[*] for the record - communist countries in Eastern Europe were supposed to be democratic, too - at least on paper. They did even have the all-prized hallmark of voting. Guess what - it made no difference whom one was voting for, since the results were known from the beginning. And, as the US constantly seems to remind the world, money do count in an election - money dictate how much of an audience a candidate reaches. How many people would vote for a candidate that never had enough funds to make his/her better platform known? Democracy is truly a joke when pushed too far.

User Journal

Journal Journal: Fixing the *IX filesystem 6

(reprinted from here).

I know of no distros that grant a user ownership of part of the hierarchy beneath their home directory. An example of this would make /home/ltorvalds be owned by Mr. Torvalds, but ltorvalds' $HOME be /home/ltorvalds/private.

Why is this important?

Currently, if a user wants to share files with others (or expose files to a webserver or something), it's required for them to make their home directory world-listable (and the lack of standard ACLs means that they cannot even allow "just the webserver" in, which would still be a breech of security). (They can then create ~/public_html). This is Very Bad from a security standpoint. Because *IX convention dictates that software shall store local config files under $HOME/.programname, this exposes to the entire world what programs a user runs. It also means that if the user stores any files or directories in their home directory, they are world-visible (I dunno if you like everyone with accounts on the machine being able to view your home directory, but I'm not a fan of the idea). Finally, if you're using a umask with any permission bits set for world (as is default on Red Hat and most Linux distros, presumably to facilitate sharing files that have been placed in public directories), it means that everyone can read your files. This is Very Bad. Some sysadmins work around this by scattering a user's files across the system -- creating /var/www/html/rtorvalds, say -- but then it's a pain to administer and add and remove users.

ACLs cannot fix this problem, only reduce the egregiousness of it by reducing the number of people that can be poking around in someone's private area.

A better solution (and obviously one that would cause friction for a bit) would be a reworking of the standard *IX directory layout. Here's my take on it: /home/<username> shall be chmod 751. It shall be owned by the the user and the user's private group, as shall all the directories I mention here unless otherwise noted. /home/<username>/private shall be chmod 750. $HOME shall point to this directory. /home/<username>/public shall be chmod 751. . Programs that wish to create world-readable directories owned by the user shall default to a directory created in this directory. If the user wishes to create world-readable directories, they shall be created in this directory. A good example of this is public_html. /home/<username>/dropbox shall be chmod 3777. This provides an easy mechanism to make files available to other users -- anyone can dump a file in your dropbox. Since this is sgid, not suid, it means that it will not count against uid-checking quotas, and hence cannot be used as a DoS against you.

Default umask shall be 0027, not the current (common on Linux and definitely on RH) of 0022. This makes it a harder to share files (users may hit permission problems by default when dumping things into public_html), and easier to not accidently expose masses of your own files. It's also necessary for the dropbox scheme to work without people accidently sharing masses of files that they didn't intend to.

There are a couple of disadvantages. Users have to chmod o+r files going into the /home/username/public area (at the cost of additional complexity, this can be worked around by creating an everyone group containing all users -- and naturally, having the admin tools add new users to said group -- and making the /home/username/public directory sgid and owned by that group.). There is a bit more typing (though most of what the user is working with is under ~, same as before, so it isn't a huge impact. The user gains (a) a standard way to give files away to other users, which is not currently present, (b) a standard way to make files publically available, and (c) the ability to make files publically available without revealing their private files.

Oh, yes, and (d) by changing umask to be less permissive, works around a long-standing nasty Linux security hole allowing an attacker to run amok where he shouldn't be in the filesystem. Currently, if an attacker moves into a directory when it's in a directory that he does have access to, and manages to convince a user to move that directory into an area that the attacker shouldn't have traverse access to (like that user's home directory), he is inside that area and can do what he wants until he kills the process in that directory. Since RH's umask is 0002, if an attacker can get into another user's home directory structure, he has access to read through all of their files.


* This relies on the Red Hat style private groups scheme, where each user's primary group is a group of the same name as the user.

* I personally think that the *IX convention of dumping config data to ~/.programname should be moved to ~/.config/programname, but that's just me. It'd be faster to access a home directory, and easier to pick out data. Even if the scheme I proposed isn't adopted, this would minimize the number of things in $HOME and reduce the number of things that might inadvertently be set to be world-readable.

User Journal

Journal Journal: /. log, entry 00000000000001

Yay! first flamebait mod! that should teach me to post anything but pro-Apple comments on Apple articles. Why bother, actually - it's bad for one's health to criticize Apple on /. Worse than criticizing Linux, really - apparently using Linux keeps one's sense of humor up (hope it does keep mine)

Slashdot Top Deals

When you make your mark in the world, watch out for guys with erasers. -- The Wall Street Journal