Slashdot Mirror

we shouldn't put something as fragile as our democracy in the hands of open source, either.

We shouldn't be putting our democracy into the hands of software, period. Electronic voting systems are a bad idea. Check out the past few isues of the RISKS digest for discussion.

http://catless.ncl.ac.uk/Risks/22.25.html#subj1

You've got a great memory - that was 6 years ago. :-)

Here's the story from "The Risks Digest" ("Forum on Risks to the Public in Computers and Related Systems").

Basicly, they caught the guy, and then released him and even gave him the money back with interest.

The "source" of the problem? A missing clock that was supposed to seed the random number generator. Thus, upon rebooting (every morning I suppose), the same number sequence would be generated as the seed would be the same...

Greg

The RISKS mailing list (aka comp.risks on usenet) deals with this topic quite thoroughly. Go forth and read this fine forum on risks to the public through computers and related systems. Learn about the problems faced by planes, trains, automobiles, banks, websites, electronic voting machines and more.

The Forum On Risks To The Public In Computers And Related Systems has an excellent background on all kinds of risks. I've been following it for years (since '91). It's the equivalent of slashdot for risks but the moderators are much more sophisticated. It's required reading for anyone serious about quality software in life critical situations.

Speaking of aviation: This SAAB Gripen crash was attributed to the coding of the control laws in the flight control computer. So was this one. And this F-22. And lets all remember the Apollo 11 incident.

Read the RISKS digest, as comp.risks or at http://catless.ncl.ac.uk/Risks. Everyone who works with computers should read this regularly, it is much less painful to learn from other people's mistakes.

PGN put a bunch of the classic items together in a book a few years ago, called Computer-Related Risks.

Many may think this topic has been done to death, but the examples grow exponentially. Someone recommended the RISKS Digest above, which I agree is terrific.

Rarely is the answer that "the programmer was an idiot." Software bugs are projections and magnifications of human frailties. There is the class of errors where the computer does what it should but interacts with the user poorly, and it's glib to dismiss the user as the idiot.

I have followed military snafus with interest. It is still not clear how much of the Vincennes catastrophe was human versus computer error. The Yorktown was an example of an old-fashioned divide-by-zero error crashing Windows and paralyzing a frigate. The Navy plans to automate aircraft carriers and also hand over fire control to Windows systems, which makes me uncomfortable to say the least. Bill has the bomb.

Voting systems are another area where our understanding of the errors must be completely up-to-date. As it is, most (all?) manufacturers of voting and tallying software consider their code proprietary and won't allow outside audits. If you think chads were bad, just wait for an electronic voting disaster than lacks an old-fashioned paper trail.

Risks and comp.risks may however be the better forums for this topic; but it's not a bad thing for the afficiondoes to bring it to the general interest /.ers' attention from time to time.

P.S. I recall a satellite that was lost in the early 80's for lack of a comma in the code. Which satellite?

1.) Patriot missile failure
2.) Intel f*cking up floating-point calculations in one of their chips
3.) High-tech toilet glitch (no, really!)
4.) Windows ME

has anyone got any examples of this anywhere?

Hit up Google for whatever operating system and program interest you. The key phrase is "Easter Egg".

Incidentally, it's probably not the easter eggs he should be worried about, but the data integrity. I'd be interested to know if they ever fixed the 1.40737488355328 bug in Excel (See the Risks Digest for more info.)

Apparently, the latest Service Packs for the popular Microsoft Windows 2000
and XP operating systems contains new licence language that allows Microsoft
to install new updates on your machine at will and without notifying you.

...

The article quotes a systems manager at a teaching hospital:

"Our procedures sometimes involve surgery to place over 100 recording
electrodes in the patient, sometimes on the surface of the brain. These
PC-based systems use Microsoft Windows..."

Having a Windows application controlling the voltage to 100 pins surgically
embedded in your brain is scary enough, but what happens if it updates to
the latest Service Pack and that causes the systems to fail? While the pins
are in your brain...

Apparently, the latest Service Packs for the popular Microsoft Windows 2000
and XP operating systems contains new licence language that allows Microsoft
to install new updates on your machine at will and without notifying you.

...

The article quotes a systems manager at a teaching hospital:

"Our procedures sometimes involve surgery to place over 100 recording
electrodes in the patient, sometimes on the surface of the brain. These
PC-based systems use Microsoft Windows..."

Having a Windows application controlling the voltage to 100 pins surgically
embedded in your brain is scary enough, but what happens if it updates to
the latest Service Pack and that causes the systems to fail? While the pins
are in your brain...

PBS broadcast a very funny documentary on the Florida voting scandal on the 17th.

It provided more details about Jeb and company buying lists of felons. (Felons can't vote in Florida, even when they have served their full sentence.) One of the returning officers described what it was like to be banned from voting because this list was wildly inaccurate.

The designer [of the butterfly ballot] was a Democrat, but had worked many years as an election official, so it wasn't really that she was incompetent. She just screwed up once. The point is, there was no intent to "defraud" voters.

Peter Neumann, the moderator of the long-running RISKS digest, said that a previous Florida election had been ruined by the use of these voting machines.

The really sad thing is that many of the same punch-card machines were apparently also implicated in the 1988 Florida Senate race. Buddy Mackay lost a close election to Connie Mack, in which there was a drop-off of 210,000 votes relative to the Presidential race in the same four counties. A lot of people must have been asleep at the wheel.

That sounds like two screw-ups to me. And if she had working as an election official since 1971 it is hard to imagine how she couldn't have known of the previous scandal.

I bet he has scopophobia (the fear of being seen) :)

Pairing of the chromosomes being the most important part of genetic structure.

Is it? Can you explain this to me?

First, let me restate this, so I am sure we mean the same thing. You are saying that paired chromosomes are necessary for an animal to breed true with its peers, is this correct? You are not saying that having paired chromosomes are necessary for an offspring to be born, because mules obviously don't fulfill this condition.

So, how did the proto-equid, that was the ancestor of both Asses and the Horse split into two species with different numbers of chromosomes?

So, what about Down's syndrome individuals, who have an extra copy of chromosome 21? They don't fulfill your requirement for an even number of chromosomes. Yet I don't believe they are sterile.

Like MS-Windows programs, our chromosomes contain a lot of code bloat.

I heard a lecture about this, when I was in high school. So this info may be incorrect, and I would welcome correction. That lecture included slides of individuals born with chromosome abnormalities. Our chromosomes vary in size. And they are numbered in order of size. The lecturer showed some individuals with an abnormality on a larger chromosome. She said that these individuals were more profoundly affected and had more health problems and more profound cognitive challenges than Down's Syndrome individuals. She said that abnormalities on the larger chromosomes result in problemso profound that the children are spontaneously aborted before they come to term.

Then there are chromosome abnormality of the X and Y. Turner's syndrome women lack a sex chromosome. They have a single X and no Y. They are of normal intelligence. But they never go through puberty, so they can't have children. There are people who have XXY and XYY. I don't believe they are sterile either. Another slashdotter said something about XXX women - women with three X chromosomes.

Since that lecture I have heard that some Down's symdrome individuals have only a fraction of the extra 21, and that there are less profoundly affected than individuals with a full extra chromosome 21.

Genes slip around. They slip from chromosome to chromosome. I saw a science documentary about how genes were slipping from the Y to the X. I am not a molecular biologist, but I imagine that 61 of the 62 chromomosomes of Horses and Asses correspond, and that sometime after they split into different species one of the chromosomes split in two. If this was the case, there would be genes for the same traits in the chromosomes from both parents, even though they had them on different chromosomes.

There was an article in Scientific American, on mule fertility about 45 years ago. It advanced a theory about Mule fertility, that Mules produce gametes, eggs and sperm, but that almost all of them contain a mixture of Ass and Horse chromosomes. And those would be no good. But occasionally a gamete is produced that has all the gametes from a single parent. IIRC the theory was that that gamete could be fertilized and brought to term. That offspring would be pure Horse or pure Ass. "One in million" is the estimate of how often a mule brings an offspring to term. Check my math. If this theory is correct

Here is something I don't understand. That documentary said that some of the genes on the Y are duplicated dozens of times. So, why does the mere single extra copy of genes in chromosome 21 cause the profound manifestations of Down's? Does each gene contain the molecular equivalent of an instruction pointer, or a map of bad sectors?

Just coincidentally, I studied nuclear physics in grad schools, and now my former employers are getting barrages of clueless questions from FBI and NSA type people about the security risk I pose. Most of them are along the lines of So, are you the guy with the bomb?!

Just coincidentally, I studied nuclear physics in grad schools, and now my former employers are getting barrages of clueless questions from FBI and NSA type people about the security risk I pose. Most of them are along the lines of So, are you the guy with the bomb?!

Peter Junger, a professor of law, who taught a course, "computers and the law", has an account of the steps he took to make sure he could demonstrate an encryption program to his students -- when he couldn't guarantee that none of them were foreign students. This first article is quite interesting. And there are a number of interesting followups. Go to RISKS search page and search for "Junger".

And here is another RISKS article entitled My life as an international arms courier . It is quite long -- but it is hilarious. Matt Blaze, the author, worked for AT&T, and wanted to take a new phone scrambler, to show some colleagues on a business trip to Europe. He decided he would try to go through the proper channels to take this device with him. Here are some of his final comments...

My conclusion from all this is that it just isn't possible for an individual ... Even having gone through the process now, I still have no idea how to obtain, let alone file, the proper forms ... Technically speaking, everyone with a laptop disk encryption program who travels abroad is in violation of the law ... Had I just put my telephone in my suitcase without telling anyone instead of calling attention to myself by trying to follow the rules, chances are no one would have noticed or cared.

Unfortunately, however, these absurd rules carry the full force of law, and one ignores them only at the risk of being prosecuted for international arms trafficking ... At the same time, anyone who is aware of and who tries to follow the regulations is made to jump through pointless hoops that are so obscure that even the people charged with enforcing them don't know quite what to make of them.

My memory is playing tricks on me. My memory is that he was quietly lead to cool his heels in a locked holding room, that he described hearing the footfalls of a guy who looked like Joe Friday, whose first words to him were, "So, are you the guy with the bomb?"

Mind you, these articles are from 1993 and 1995. Will you write up your experiences for us?

Peter Junger, a professor of law, who taught a course, "computers and the law", has an account of the steps he took to make sure he could demonstrate an encryption program to his students -- when he couldn't guarantee that none of them were foreign students. This first article is quite interesting. And there are a number of interesting followups. Go to RISKS search page and search for "Junger".

And here is another RISKS article entitled My life as an international arms courier . It is quite long -- but it is hilarious. Matt Blaze, the author, worked for AT&T, and wanted to take a new phone scrambler, to show some colleagues on a business trip to Europe. He decided he would try to go through the proper channels to take this device with him. Here are some of his final comments...

My conclusion from all this is that it just isn't possible for an individual ... Even having gone through the process now, I still have no idea how to obtain, let alone file, the proper forms ... Technically speaking, everyone with a laptop disk encryption program who travels abroad is in violation of the law ... Had I just put my telephone in my suitcase without telling anyone instead of calling attention to myself by trying to follow the rules, chances are no one would have noticed or cared.

Unfortunately, however, these absurd rules carry the full force of law, and one ignores them only at the risk of being prosecuted for international arms trafficking ... At the same time, anyone who is aware of and who tries to follow the regulations is made to jump through pointless hoops that are so obscure that even the people charged with enforcing them don't know quite what to make of them.

My memory is playing tricks on me. My memory is that he was quietly lead to cool his heels in a locked holding room, that he described hearing the footfalls of a guy who looked like Joe Friday, whose first words to him were, "So, are you the guy with the bomb?"

Mind you, these articles are from 1993 and 1995. Will you write up your experiences for us?

Everybody knows that any ozone hole data means nothing. Including the data that termed it a hole in the first place.

I believe my math geek friends would characterize this as, "proof by assertion" ?

You aren't making this assertion from knowledge. Your assertion is coming from your intuition. Everybody doesn't know this. I don't know this. Neither do a lot of climate experts. Neither do you. You don't have knowledge. You have a belief about the ozone hole -- based on your intuition.

Well intuition failed us when it came to the ozone hole.

Here are some RISKS articles, from 1986, shortly after the ozone hole was first recognized, to back me up.
Ozone hole undetected for years due to programming error
Ozone references.

Recently, it was disclosed that a large hole in the ozone layer appears once a year over the South Pole. The researchers had first detected this hole approximately 8 years ago by tests done at the South Pole itself.

Why did they wait 8 years to disclose this disturbing fact? Because the satellite that normally gives ozone levels had not reported any such hole and the researchers could not believe that the satellite's figures could be incorrect. It took 8 years of testing before they felt confident enough to dispute the satellite's figures.

And why did the satellite fail to report this hole? Because it had been programmed to reject values that fell outside the "normal" range!

What happened here is that intuition failed. Intuition failed the physicists who specified the sanity filters. And, I would argue, that intuition failed you too.

Everybody knows that any ozone hole data means nothing. Including the data that termed it a hole in the first place.

I believe my math geek friends would characterize this as, "proof by assertion" ?

You aren't making this assertion from knowledge. Your assertion is coming from your intuition. Everybody doesn't know this. I don't know this. Neither do a lot of climate experts. Neither do you. You don't have knowledge. You have a belief about the ozone hole -- based on your intuition.

Well intuition failed us when it came to the ozone hole.

Here are some RISKS articles, from 1986, shortly after the ozone hole was first recognized, to back me up.
Ozone hole undetected for years due to programming error
Ozone references.

Recently, it was disclosed that a large hole in the ozone layer appears once a year over the South Pole. The researchers had first detected this hole approximately 8 years ago by tests done at the South Pole itself.

Why did they wait 8 years to disclose this disturbing fact? Because the satellite that normally gives ozone levels had not reported any such hole and the researchers could not believe that the satellite's figures could be incorrect. It took 8 years of testing before they felt confident enough to dispute the satellite's figures.

And why did the satellite fail to report this hole? Because it had been programmed to reject values that fell outside the "normal" range!

What happened here is that intuition failed. Intuition failed the physicists who specified the sanity filters. And, I would argue, that intuition failed you too.

No kidding. See the first article here.

This one sounded too far out, so I checked with the local Greek consulate. (My question to them was "is this a hoax?", quoting the Web page referenced in RISKS-22.23.) Here is their reply. I hope this clears the air a bit.

After we received your e-mail we have forwarded it to the Press Office of the Greek Embassy in Ottawa. They have informed us they are aware of these articles but they are not accurate. The New Greek Law has banned all games that can be used for gambling or modified for gambling purposes even if they exist in private spaces (Only Casinos are excluded from the banning). However neither foreign tourists neither Greek citizens will be prosecuted when they use cell phones with games , or lap tops in which games are installed or any portable game consoles for example :play stations, gameboys, x-box etc, since these games cannot be modified for gambling and furthermore the owner doesn't insert coins or credit cards in order to continue using them. We hope that this answers your question.

In a sort of "sanity test", the designers refused to believe the computer output. This was apparently standard naval architecture software and well trusted, given the reluctance shown to disbelieve the results. At any rate, after a long all-night session, they discovered that "a digital filter used previously for an oil platform test had inadvertly been left in the computer," thus causing the wrong results. With the filter removed, the measurements showed better than expected performance.

Many posters have argued that government intervention into private software markets is bad, and that Europeans are foolish not to see how bad this really is

We already have government intervention into US-produced software. Europeans know full well about this, and are wise to push open source solutions.

Having another country's government spy on your citizens IS a proper concern of one's own government.

The Risks archive liked above appears to be slashdotted, This alternative archive Should be better, and as it is on a UK university site, it should have suficent bandwith.

I hope this is usefull

The really sad thing is that many of the same punch-card machines were apparently also implicated in the 1988 Florida Senate race. Buddy Mackay lost a close election to Connie Mack, in which there was a drop-off of 210,000 votes relative to the Presidential race in the same four counties. A lot of people must have been asleep at the wheel.

In another comment in this thread I cite definitive proof that the hanging chad problem was due to a known, predictable artifact of the voting machines. So, was the problem merely "stupid people" as cscx suggests? Or were the inability of some Democratic political appointees exploited by the cunning of shrewder or better informed Republican political appointees?

When world-wide attention was focussed on the hanging chad problem the Republicans outcry rang false with me. Florida Republicans kept saying "But Democrats also sat on the committee that approved the ballots! Democrats also reviewed the voting machines! Democrats also signed off on the voting procedures!"

Well, eleven months ago Douglas Jones submitted an article to the RISKS digest pointing to an longer online article that explained in detail how all the spoiled Gore votes arose . It turns out the debacle was completely predictable. It was due to a known artifact of those particular voting machines. One which had caused a scandalous shortfall in those same counties, in a Senate election in 1988.

Briefly, Jones disassembled an example of the votomatic machines in question. He found that there was a structural bar behind the slots through which the chads were to be poked. Jones's investigation proved that candidates whose holes were to be punched over those bars were practically guaranteed to jam. Whoever designed the ballots laid them out so Gore's chads were directly over that bar.

Slashdot editor Michael's comment on voting reliability and trustworthiness strikes me as naive. Don't worship the technologoical fix! Michael addresses providing an audit trail for the vote casting and tabulation software. This is not as important as providing an audit trail of the actual votes cast.

http://catless.ncl.ac.uk/Risks/22.24.html#subj1

In my article I said the implications of embedding a macro language in data files guaranteed insecurity. Slowfight suggested I was being credulous conspiracy nut. So I went searching for proof. Here is something virus expert Rob Slade wrote in in 1995 .

As we saw just the other week, though, TCAS itself is generally ignored in favor of ground instructions, we lost two planes in a collision in Germany specifically because TCAS was ignored.

> Let me start by saying I'm all for Open Source software

That's it. You don't grok free software. It is not the same thing philosophically.

> Oh grow up!

I'm amazed my maturity interests you, but I am 30, have a job and a family, and have had some pretty good education, including some reading in Philosophy. Now on to the debate.

> Think for a moment about who you're freeing.

The users, and in the measure in which government has grown dependent on Informatics, the people.

> Most corporations are given the right to modify programs to fit their individual needs.

No, they aren't. I work at a big European telecom operator, and we have neither the Microsoft source code nor the Amdocs (our billing system vendor) one. Now, I think it is self-defeating proposition to run a business without the source code to one's core system, as is a billing system to a telecom operator. But the incredible thing is that MBAs think it is good. No need to tell you how much shareholders' money is wasted.

> The average consumer doesn't know source code from techno-bable. They couldn't change or modify their programs any way.

The main purpose of source code is not modifying it, but avoiding proprietary lock-in. Please educate yourself.

> now stop fighting the licence war

If we allow everyone to hoard software and claim it's free or open or standard, like Apple and the Unix vendors and Microsoft all have done, we loose our freedom again.

> make your products useable.

That needs efforts currently wasted on useless forking, semi-free code and proprietary systems interoperability.

> So then why are people complaining when Apple and other companies release the sorce to programs?

They didn't. Apple released under a quasi-free license mostly that was already available under a really free license.

> Just because it isn't GPL licensed?

No, because it is not free.

> You can't have consensus because different people want different things.

Yes, but most forking is not because of different, valid goals: it is because of bad technical decisions (for instance RPM as a dpkg fork), proprietary licensing (for instance the original TrollTech Qt licensing) or just the not-invented-here syndrome.

> Freedom and Security are on to ends of a scale. There has to be a balance. Complete freedom means no security, complete security means no freedom, but you have to provide a reason.

Go educate yourself about risks and security. Usually free software is more secure than equivalent proprietary software.

> Safety, if M$ Office breaks, theres technical assistance for them.

There isn't. There is no warranty, there is no security, there is no source code to fix things. There are thousands of people who know a little about MS Office, but no one has the source code. The end result is that people learn to live with brokenness in proprietary programs, while with free software it can always be fixed.

> Ease of use, most OSS software is nice sometime seven great once it's running, but getting it up and running is a pain.

This is being addressed by several distributions. Rome wasn't built in one day.

> Extra steps, as nice as the OSS office suite is, the users still have to select M$ Office format to save their documents so everyone else can read them.

This is because MS Office documents are proprietary. If they were open standards, there would be no need of converstion. But still, if things are saved in XHTML, PDF, RTF and the like, MS Office users can read them.

I don't know why I loose time trying to teach people who can't to their homework reading.

Some Open Source detractors say that peer code review is a myth and that no one has the time to do it anyway. The government has full time programmers who can and do audit internal software. They can audit OSS just as well. It is negligent to wait for your proprietary software manufacturer to release "HotFix #9182" when you can fix the bug yourself (especially if it exposes risks to national security).

So for vital government computer systems, using open source is a matter of national security. As for the bureacratic offices -- it's true they don't "need" OSS.

http://catless.ncl.ac.uk/Risks/21.35.html#subj5.1

Apparently this popular young singer named Britney Spears was interviewed online on AOL. One of her young fans asked her what plans she had for New Years Eve. Ms Spears replied she had to stay home, because her mom was worried about how Planes would crash from the sky, and how elevators would stop working...

Not that related but here is a funny April fools y2k spoof that I am afraid I fell for hook line and sinker when it was reprinted in Risks on April 15th.

In the original, our hero worked for some big outfit.

He was hearing of some big rumble on the executive floor.

He gets called in, there are slumping figures, and the big brains on the executive floor are stumped! They have tried everything! They have had all their staff scouring the files looking for missing account files, or mis-filed orders.

Finally, in the interests of completeness, someone decides to call in an IT guy to look at the program that produces the summary of expected income.

Well, he looks at it. It reaches its summary of projected income by adding up all the expected payments scheduled over the next 1000 working days, and dividing by 1000. In early 1996 1000 working days reached into the year 2000.

His solution? He changed the program so it summed the expected income over the next 500 working days, and divided by 500, on the theory that in 500 working days it would be someone else's problem.

I have to agree that a bit (a lot?) of what Spafford wrote was a bit over the top. My favorite could have been written by somebody on /.

"The next generation of Navy aircraft carriers is going to have all weapons systems, propulsion, and command and control run by the very same system that you use at home to browse the Internet and play computer games. This is the same one that keeps coming up with "blue screens of death," which take on new, grim meaning in a military environment."

If Spafford had been a bit more toned down, he could have still made the same points without introducing vulnerabilies in his arguments that would make one cringe

I have to agree that a bit (a lot?) of what Spafford wrote was a bit over the top. My favorite could have been written by somebody on /.

"The next generation of Navy aircraft carriers is going to have all weapons systems, propulsion, and command and control run by the very same system that you use at home to browse the Internet and play computer games. This is the same one that keeps coming up with "blue screens of death," which take on new, grim meaning in a military environment."

If Spafford had been a bit more toned down, he could have still made the same points without introducing vulnerabilies in his arguments that would make one cringe

The consequences of bad data being sent by such a network presumably are limited. I would be extremely surprised if the controller for an individual light could be changed to any old color at any moment.

And that's before you even start thinking about failure modes of the more recent 'intelligent' engine-management systems. There was a news report a couple of months ago in Switzerland - sorry, cannot find a URL for it now - of a number of incidents near Zurich where engines in several examples of a newly-introduced model had temporarily cut out for no apparent reason, fortunately without causing damage or injury despite being on busy motorways (and in one case in a tunnel). Suspicion was on interference with vehicle electronics, possibly related to radar emmissions from the nearby air traffic control.

<luddite>Makes me glad I'm still running an '88 VW with very little electronics. Perhaps I'll do best to replace it with a comparably simple second-hand car when the time comes to retire it.</luddite>

Funny you should mention a term Microsoft is credited with inventing.

Funny that the term wasn't invented by Microsoft.

Risks Digest, June 1993

What Apple's doing is not Astroturfing.
Astroturfing is when fake grassroots organizations
(get it? grassroots...fake grass...Astroturf...?)
start coming out in favor of a company. These
organizations are bankrolled by that company.

As has been noted here and several other places,
many of the people in these testimonials are NOT
on Apple's payroll. The DJ chick and the guy that
used to work for Wired are two prime examples.

Uhuh. I'll believe it when I see the small print.

Note: there isn't any claiming that they weren't paid for their opinions. Which is pretty much like the way that their benchmarks which claimed that the G4 was better than the P3 didn't mention that they were running an old version of the benchmark software compiled explicitly for the 486.

Simon

Total bull.

A truly good product design would have the act of pulling the cartridge out of the game machine turn it off before any damage could be done. They are not the only ones. My Cell Phone's 'On' switch is shared with the 'No' button. That's completely barmy and totally counter-intuitive! I cut several people off by pressing the 'On' button to hopefully talk to the caller, but it was programmed to be 'No', so I cut the buggers off. Poor sods, and very embarrassing for me. Ericsson, are you listening? No, I didn't think so. Somebody, please so kind and tell the silly half-wits.

Similarly the 'Submit' and 'Preview' buttons on this form are around the wrong way. ( Most people using computers work from left to right. ) This is presumably the reason why we are blessed, sic, with so many obviously "first cut" postings. See the risks digest for many more of these idiotic carryings on. They'd be funny if they weren't tragic. Don't get me started on road design and the traffic laws.

And in the when you learn about the xbox, its booting proces, its copy/developer-licence protection system(dmca protected monopoly enformcement!), the fake booting code and the filesystems/formats used on the game media. You could now rip a model of a game character, load it up in your favourite 3d editor and replace the clothed skins with..... nudity!, place it on blank media, hack you x-box to run unlicenced code (you run the linux kernel for testing this ofcourse) and watch the nvidia gpu take care of rendering those bumb maps and curved surfaces on an ugly old tv....

Oh, and while you used to dream of... well.. nude game characters, you now dream about that perfectly laid out pcb that allows you to capture a 200 MHZ 128 bit fsb.

Does anyone else think its really ironic that microsoft got rich becouse the rom bios of the ibm pc was reverse enginered, which lead to hundreds of cheap clones running microsoft dos, the cheap cpm clone bill licenced, microsoft did basic and edlin (We should really thank them for the inovation they bring). This same microsoft might now be ruined becouse the very same booting code of the very same (ugly and old) computer architecture (die x86 die!) gets cracked (no mather how paranoid they where about protecting it, I mean putting a flash rom with a fake code in every unit?) These will now be put into cheap linux/bsd/apacke webserver duty, they sponsor the platform that might ruin them the same way the ibm pc fiasco effected ibm ;-)

I guess at this moment I should remind all coders on /. that while microsoft might have problems learning from the recent digital history we should not make the same mistakes twice

This was discussed on RISKS some time back. They provide a link to a copy of the article.

Also, from draft-masinter-url-i18n-08:

6. Security Considerations

If IRI entry software normalizes the characters entered, but the resource names on the interpreting side are not normalized accordingly, and the interpreting software does not take this into account, there is a possibility of "spoofing". Similar possibilities turn up when interpreting software accepts URIs in various native encodings or allows accents and similar things to be ignored.

"Spoofing" means that somebody may add a resource name that looks the same or similar to the user while actually being different, or a resource name that contains the same characters, but in a different encoding. The added resource may pretend to be the real resource by looking very similar, but may contain all kinds of changes that may be difficult to spot but can cause all kinds of problems.

Conceptually, this is no different from the problems surrounding the use of case-insensitive web servers. For example, a popular web page with a mixed case name (http://big.site/PopularPage.html) might be "spoofed" by someone who obtains access to (http://big.site/popularpage.html).

However, the introduction of character normalization, of additional mappings for user convenience, and of mappings for various encodings may increase the number of spoofing possibilities. In some cases, in particular for Latin-based resource names, this is usually easy to detect because UTF-8-encoded names, when interpreted and viewed as legacy encodings, produce mostly garbage. In other cases, when concurrently used encodings have a similar structure, but there are no characters that have exactly the same encoding, detection is more difficult. A good example may be the concurrent use of Shift_JIS and EUC-JP on a Japanese server.

Administrators of large sites which allow independent users to create subareas may need to be careful that the aliasing rules do not create chances for spoofing.

Already happened:

USS Yorktown dead in water after divide by zero

No discussion of the topic could be complete without mentioning RISKS. The RISKS Digest has been discussing risk factors associated with technology and engineering (and to some extent generally) on the internet since 1986.

Every engineer should spend time reading there. Any _good_ engineer should subscribe.

-David

Looks like my next car is going to have to be a second-hand one.

Looks like my next car is going to have to be a second-hand one.

It's worse when it happens in, say, a news release.

Also, (under "UBS Warburg Makes Expensive Gaffe on Dentsu IPO") UBS once had a typo with an IPO, offering 610,000 shares of Dentsu at 16 yen each instead of 16 shares at 610,000 yen each. Ouch.

Do you want to be a professional programmer / software developer / software engineer? Or would you be satified being a hack (not a hacker) programmer that writes one-off (web) scripts?

If you want to be a white-collar professional type, expect to be like any other professional, and get the best education you can. Which is typically at least a four year bachelors degree.

You can get an entire BSc Computer Science via correspondance, online or via postal mail. Look at any university in US, you very well may qualify for financial aid, or low-interest student loans.

Then follow this method:

1) Get an education, (knowledge that will not become out of date)
a) understand computers (a la Structure and Interpretation of Computer Programs)
b) mathematics
c) history of computing
d) programming in the small
e) programming in the large
f) software engineering
g) networking
h) professional presentations and writing skills
i) algorithms and data structures
j) database systems (RDBMS, OO databases)
etc.

2) Training (skills of tools and techniques, that will have to be maintained)
a) programming language (e.g. C, Pascal, Java, C++, whatever)
b) database (Oracle, PostgreSQL, MySQL)
c) operating systems (VMS, Unix, Linux, W2K, Plan 9)
d) project mangement

Note: Training does not need to be formal, and tends to be more expensive. I did most of my either at university, or on the job.

3) Experience
I think you can figure this one out. I should point out that testing, QA is often an easier to get into than the programming department. Also debugging skills, and seeing what can go wrong (Risks Digest) will hopefully make you a safer programmer.