1) Other industries DO test. Tell that to my friends in other industries who tell stories about the grilling they got on their last job interview.
2) They are paying you for work. They are likely spending money on a recruiter for the right fit. They extend the offer. You may feel free to reject the offer, but they are the ones setting the ground rule. This is not a symmetric relationship of equals, and any belief you have otherwise is pure fantasy.
Anyone who was a potential hire of mine who said "Sorry I don't feel like doing your stupid test." would be immediately told to leave and stop wasting everyone's valuable time.
Actually, HD video of (say) sporting events can indeed fall into the industry concept of "large files" (that is, files requiring a size_t that is larger than 32 bits wide to represent its size.)
If is a critical to your business, then why are you relying on a general-purpose vendor to provide it to you?
Compiling your own textutils or findutils? That's ridiculous. Compiling your own X11 Server? Lunacy. But if you're building a perl application, it probably makes sense to have tight control of your perl interpreter, down to the compiler options, packages installed and binary builds.
An example from my real life: At some of my employers we've built our own Apache binaries, our own Ruby interpreters, etc. Why? Because we didn't want someone else making version choices for us -- we wanted verified, controlled versions of these key pieces of our software platform.
I know dev teams that build their own GCC because they want very specific feature sets and don't get what they need from their distributions, or because they want conformity across a wide range of platforms.
Control the things that are closest to your application. Let outside vendors cover the infrastructure that isn't. That's just good engineering practice.
From my read of his post, it sounds like the Independent may have over-stated its case and mis-represented the words of the experts they interviewed. Which isn't to say things aren't bad...
Sure, there'll be squatting. There'll be extortion. There'll be namespace grabbing. But, it's what should have been done from the very get-go. The idea that you could impose an arbitrary structure on the world (and face it, ".com", ".net", ".org", et. al. is almost completely arbitrary) was doomed to fail from the get-go.
The growing pains will be worth it in the end. Just think, no more TCWWW, no more DotCom. Just go to "CNN" or "Slashdot" or "Google" or "Wikipedia".
Yes, but because most of us have never seen them it probably means it's something most of us don't have to worry about.
As for Univac... I can't believe there are too many of those still in operation. (Though I'm somewhat afraid to find out what they're running if they are in operation...)
There are NO TOLLS in the Central Artery Tunnel. Let me repeat that, because I realize not all of you commute in and around the Boston area day in day out, THERE ARE NO TOLLS IN THE CENTRAL ARTERY TUNNEL.
There are tolls on numerous other bridges and routes, most of which either ALREADY HAD TOLLS or are replacing routes that were toll based to begin with. Tolls have GONE UP, but that's a different story.
(NOTE: IANAL, so go check with one if this actually matters to you.)
First, Peforce is saying they have the right that if you violate the terms of their OSSD agreement that they have the right to charge for commercial use of their software. How is that wrong in the least?
Secondly, the problem they have isn't people using your software to make money, or even someone taking your GPLed (or otherwise licensed code) and distributing it for money. There are plenty of people making money off of Perl, but Perl is covered under this agreement.
What I believe they are concerned about is someone (one of your named users, and not just some random shmoe using the anonymous account. Note they state Users as defined in attachment B of their agreement in sections 13A and 13B which are where any proscribed remedies are described.) who has a perforce license developing PURELY COMMERCIAL code in your repository and it not being available to the public under an OSI approved license.
In otherwords. Let's say you develop a BSD-licensed app called foobar and you use perforce. You have 10 users. Someone starts developing another app, call it foo bar bletch, which is an add-on to foo bar. But foo bar bletch is commercial software, and the protections on that code tree prevent global access. Then perforce has remedies.
If, however, someone uses the anonymous account and takes a bunch of your OSI licensed code, and then goes and does something commerical with it. Perforce has no remedies. Other than acquiring the source (which is an OSI-approved and non-commercial activity!) this rogue hasn't done anything commerical with perforce. You might have legal remedy against this rogue, but Perforce isn't a party to this litigation, and has no remedy in this instance as there are no damages.
Well, anyhow, that's MY read of the license. Perforce's CEO and lawyers might feel differently, and if you're seriously concerned, I'd go get a lawyer to read it. However, note that there is plenty of prior art of people doing the sorts of things you sound worried about with Perl. And Perforce isn't cracking the whip there.
(side note: I use perforce heavily at work. It's great software, and the people are great too. So I don't think you have too much to worry about if you deal in good faith.)
Actually, no. That's a case of the supreme court deciding not to hear a case. They can decide not to hear a case for any number of reasons. Generally, I don't believe that the Supremes not taking an appeal is sufficient grounds for nationwide precedent and CERTAINLY doesn't constitute a ruling on the case.
You've apparently never been anywhere NEAR MIT
on
MIT Robot Walks On Water
·
· Score: 2, Interesting
MIT students are FAMOUS for their excesses. Drugs, Alcohol, Sex, you name it. So don't kid yourself. Most MIT kids are getting way more than their RDA of beer and liquor.
I've met MIT frat boys (yes, MIT has real frats, and real frat parties.) whose frats had "drug budgets" and an officer of Drug Procurement. I've been asked to leave frat parties because they didn't want me competing for the girls I came with.
MIT kids are not dorky and innocent. Anyone who thinks so is in for a surprise.
And a number of people complained that it wasn't a great benchmark. Hans Reiser admitted it was just a quickie, and I forget who it was that said it, but ext3 has some performance enhancements that are on the cusp of merging into Linus' tree from the -mm kernels.
Wait until 2.6 is out folks. These numbers are still open for mass fluctuation.
The minority share holders can sue if they feel the interests of the majority do not benefit the company or the shareholders in general. (This is called a minority shareholder proxy fight, IIRC)
Basically, as a share holder and a company, the shit SCO is doing (brain-dead, evil and pathetic as it is) is GOOD for the company. It's getting them press, increasing the stock price, and potentially generating revenue.
If you come in and put kibosh on all that, you're not acting in the company's best interest. And a court might actually stop you from doing what is probably the right (moral) thing.
Yes, that's right. Money != Morality. Might makes right. Welcome to the adult world. Don't get me wrong, I think the SCO executive team should be put in the stockade for being a public nuisance. But the only way to stop them is going to be through fiscal, legislative, regulatory or legal means.
You don't constantly change it just for the sake of changing it. You improve it only when it is non-optimal. Assuming you have a well defined idea of what "optimal" is, your code will converge to the optimal point and then changes to it will cease.
Hah! You're assuming something that's mathematically false! Think of your code as an element s in some set S of all possible states for the code. (That's a big set, by the way.) You're assuming that by applying finitely many transformations on the code that you'll reach some element o in S that is optimal under some certain set of constraints.
But the problem is this assumption isn't valid in general. In fact very very few systems possess such a property. (and the criteria by which you define optimal are as important as the transformations you perform!) Chaos theory is essentially based on the idea that there isn't some stable state under iterative transformation. Not all sequences converge, and in fact, most don't.
It's not a question of x/0 maybe being undefined. It *IS* undefined. A common exercise in undergrad math course is to have 2 functions f(x) and g(x) where g(0)=0 and then show that depending on how you choose f and g the limit of f(x)/g(x) as x tends to 0 can take on ANY value you desire.
Division by zero is completely meaningless. Yes there are cases where division by zero creates a removable singularity, and for continuity's sake you can define a new curve/sequence/function/whatever with the convenient value. But that doesn't make the division meaningful...
Oh well. At least he isn't trying to state a value for log(0) -- there's an essential singularity at that point. (The riemann surface for log is very cool...)
Well, I'm not familiar enough with the technical nitty gritty, but I'm not sure latency samples will necessarily be sufficient. Again, if the probability distribution is sufficiently random, they don't really tell you anything about the latency in the packets you actually care about.
As for where it breaks down, I'd have to check the original paper again, but it'd be at about 50% of the necessary time resolution for the attack. In otherwords, if we need timing data accurate to 10 microseconds, and the latency data has a variance exceeding 5 microseconds, we probably can't get sufficient data out of the results. (This is just a guess.) It might actually be an interesting paper to determine exactly what sort of latencies hamper the attack, and extend/rebuff the attack based on this.
There may even be some prior art, already. I recommend further reading.
(I would assume that the unknown latency would render a timing attack useless, but couldn't use you use a traceroute to determine the latency and compinsate? Just a thought..)
You'd need to know something about how the latency varies. It's not constant. It's got a probability distribution over some range. (it's bounded below, and probably above too...)
Problem is, if that probability distribution is random, or "near" random, you're going to have a bitch of a time extracting enough info to perform an attack of this sort. This is why you need to be close; it's not because there's low latency (that helps) but because the latency has low variation, which means you can assume a value for it and subtract that out. With a random distribution, your "signal" will be lost in the noise.
It's another example of an attack being not quite as practical as advertised to the public. There's a real threat here, but it's not the "ultimate 'sploit".
1) Harvard thinks it's a bad thing to have pretentious, exclusionary alums. 2) That this attitude isn't inculcated in those who attend Harvard.
I've attended an Ivy (Brown, not Harvard) and the reality is they get off on the "we're better than everyone else" bit. It's about money and power -- something abundant in much of the student and alumni populace at Ivies.
This is not to say everyone at Harvard is like that (or any other top-notch school...) I've got friends from Harvard who aren't. But a lot of Harvard alums are. Same goes for any prestigious institution.
I'd watch a show based on Willow. She's far and away my favorite character (since way before she was a beautiful lesbian uber witch) In fact, if the show really is over she's the only reason I'll watch a new spin off.
If it doesn't have willow, it isn't worth watching. (And god damn it, they need Giles.)
Code breaking is hard by its very nature. You're trying to find an unknown message by inverting (or short-circuiting) an unknown process.
If you think of things mathematically, you're looking to find a plaintext p in the set of all possible plaintexts P and some function f from the set of all ciphertexts to the set of all plaintexts where f(c)=p. These means both f and p are unknown, and while multiple solutions may exist they are likely of "measure zero" in 2 very large spaces. (let's asssume we have a suitable measure for such things, and not worry about the real details.)
To a mathematician, finding a general solution to the above would be a Field's medal winning sort of thing. The reality is that you need more information. If you got a large message you should start checking letter/symbols counts, following by the counts of various character pairings, etc. The goal is often to come up with a statistical model to see if you can build a plausible f. Another thing is to try common functions (xor with various values, etc.) on the stream and see what happens. Sometimes that'll give you a clue. But most of time it involves a little luck, a little intuition and a lot of perseverance.
1) It doesn't matter what soource control system you use, you still own your own code. If the company making the source control product goes nuts, then you just have to abandon them.
2) The best tool for the job mentality comes from long experience with inadequate tools. All too often people come along saying "Here use the screwdriver. I know you need a hammer, but at least my screwdriver is ethically pure." Open Source tools are a good thing. They are not always the best fit.
3) Free software is NOT always the best option. Especially for large businesses which are concerned about the potential license taint and support issues. I love Free Software, but it's not always the right fit.
4) There are 2 free alternatives to bitkeeper: CVS and Subversion. Learn them, use them.
1) The litigious young american will call his lawyer and look into suing this company for fraud and slander/libel. Reap massive multi-million dollar judgment 5 years later. 2) The sane human being will get a new email address and tell all of his friends, family and other contacts that he's changed addresses.
Pick one. Do you maybe have legal recourse? IANAL, but yeah maybe. Think about what would happen if someone fraudulently used your home address or phone number. On the other hand, how much is that email address really worth to you?
(note that if the answer to that last question actually has a real substantial dollar value attached to it, then you shouldn't be talking to slashdot, but a real attorney.)
Actually, yes, I do. Many. Go read any graduate level Algebra text. There are a LARGE number of theorems which rely on the commutativity (or non-commutativity) of the ring in question. Some of them are even important.
Commutativity is (one of the things) that distinguishes R^(N^2) from GL(N). It's a fundamentally important property. Commutative rings are by their very nature smaller than non-commutative rings, given the same set of generators.
Slashdot Mirror
1) Other industries DO test. Tell that to my friends in other industries who tell stories about the grilling they got on their last job interview.
2) They are paying you for work. They are likely spending money on a recruiter for the right fit. They extend the offer. You may feel free to reject the offer, but they are the ones setting the ground rule. This is not a symmetric relationship of equals, and any belief you have otherwise is pure fantasy.
Anyone who was a potential hire of mine who said "Sorry I don't feel like doing your stupid test." would be immediately told to leave and stop wasting everyone's valuable time.
Actually, HD video of (say) sporting events can indeed fall into the industry concept of "large files" (that is, files requiring a size_t that is larger than 32 bits wide to represent its size.)
If is a critical to your business, then why are you relying on a general-purpose vendor to provide it to you?
Compiling your own textutils or findutils? That's ridiculous. Compiling your own X11 Server? Lunacy. But if you're building a perl application, it probably makes sense to have tight control of your perl interpreter, down to the compiler options, packages installed and binary builds.
An example from my real life: At some of my employers we've built our own Apache binaries, our own Ruby interpreters, etc. Why? Because we didn't want someone else making version choices for us -- we wanted verified, controlled versions of these key pieces of our software platform.
I know dev teams that build their own GCC because they want very specific feature sets and don't get what they need from their distributions, or because they want conformity across a wide range of platforms.
Control the things that are closest to your application. Let outside vendors cover the infrastructure that isn't. That's just good engineering practice.
The NY Times' environmental blogger has a bit of an analysis of this including a great animation of sea ice growth and melt from 1980 to 2007.
http://dotearth.blogs.nytimes.com/2008/06/27/whats-really-up-with-north-pole-sea-ice/index.html
From my read of his post, it sounds like the Independent may have over-stated its case and mis-represented the words of the experts they interviewed. Which isn't to say things aren't bad...
Sure, there'll be squatting. There'll be extortion. There'll be namespace grabbing. But, it's what should have been done from the very get-go. The idea that you could impose an arbitrary structure on the world (and face it, ".com", ".net", ".org", et. al. is almost completely arbitrary) was doomed to fail from the get-go.
The growing pains will be worth it in the end. Just think, no more TCWWW, no more DotCom. Just go to "CNN" or "Slashdot" or "Google" or "Wikipedia".
Doesn't that make more sense?
Yes, but because most of us have never seen them it probably means it's something most of us don't have to worry about.
As for Univac... I can't believe there are too many of those still in operation. (Though I'm somewhat afraid to find out what they're running if they are in operation...)
There are NO TOLLS in the Central Artery Tunnel. Let me repeat that, because I realize not all of you commute in and around the Boston area day in day out, THERE ARE NO TOLLS IN THE CENTRAL ARTERY TUNNEL.
There are tolls on numerous other bridges and routes, most of which either ALREADY HAD TOLLS or are replacing routes that were toll based to begin with. Tolls have GONE UP, but that's a different story.
(NOTE: IANAL, so go check with one if this actually matters to you.)
First, Peforce is saying they have the right that if you violate the terms of their OSSD agreement that they have the right to charge for commercial use of their software. How is that wrong in the least?
Secondly, the problem they have isn't people using your software to make money, or even someone taking your GPLed (or otherwise licensed code) and distributing it for money. There are plenty of people making money off of Perl, but Perl is covered under this agreement.
What I believe they are concerned about is someone (one of your named users, and not just some random shmoe using the anonymous account. Note they state Users as defined in attachment B of their agreement in sections 13A and 13B which are where any proscribed remedies are described.) who has a perforce license developing PURELY COMMERCIAL code in your repository and it not being available to the public under an OSI approved license.
In otherwords. Let's say you develop a BSD-licensed app called foobar and you use perforce. You have 10 users. Someone starts developing another app, call it foo bar bletch, which is an add-on to foo bar. But foo bar bletch is commercial software, and the protections on that code tree prevent global access. Then perforce has remedies.
If, however, someone uses the anonymous account and takes a bunch of your OSI licensed code, and then goes and does something commerical with it. Perforce has no remedies. Other than acquiring the source (which is an OSI-approved and non-commercial activity!) this rogue hasn't done anything commerical with perforce. You might have legal remedy against this rogue, but Perforce isn't a party to this litigation, and has no remedy in this instance as there are no damages.
Well, anyhow, that's MY read of the license. Perforce's CEO and lawyers might feel differently, and if you're seriously concerned, I'd go get a lawyer to read it. However, note that there is plenty of prior art of people doing the sorts of things you sound worried about with Perl. And Perforce isn't cracking the whip there.
(side note: I use perforce heavily at work. It's great software, and the people are great too. So I don't think you have too much to worry about if you deal in good faith.)
Actually, no. That's a case of the supreme court deciding not to hear a case. They can decide not to hear a case for any number of reasons. Generally, I don't believe that the Supremes not taking an appeal is sufficient grounds for nationwide precedent and CERTAINLY doesn't constitute a ruling on the case.
MIT students are FAMOUS for their excesses. Drugs, Alcohol, Sex, you name it. So don't kid yourself. Most MIT kids are getting way more than their RDA of beer and liquor.
I've met MIT frat boys (yes, MIT has real frats, and real frat parties.) whose frats had "drug budgets" and an officer of Drug Procurement. I've been asked to leave frat parties because they didn't want me competing for the girls I came with.
MIT kids are not dorky and innocent. Anyone who thinks so is in for a surprise.
And a number of people complained that it wasn't a great benchmark. Hans Reiser admitted it was just a quickie, and I forget who it was that said it, but ext3 has some performance enhancements that are on the cusp of merging into Linus' tree from the -mm kernels.
Wait until 2.6 is out folks. These numbers are still open for mass fluctuation.
The minority share holders can sue if they feel the interests of the majority do not benefit the company or the shareholders in general. (This is called a minority shareholder proxy fight, IIRC)
Basically, as a share holder and a company, the shit SCO is doing (brain-dead, evil and pathetic as it is) is GOOD for the company. It's getting them press, increasing the stock price, and potentially generating revenue.
If you come in and put kibosh on all that, you're not acting in the company's best interest. And a court might actually stop you from doing what is probably the right (moral) thing.
Yes, that's right. Money != Morality. Might makes right. Welcome to the adult world. Don't get me wrong, I think the SCO executive team should be put in the stockade for being a public nuisance. But the only way to stop them is going to be through fiscal, legislative, regulatory or legal means.
You do realize that, to some degree, what he described is precisely how TCP/IP's wire protocol was meant to work, right?
But of course, we all know how awful an idea TCP/IP was.
It's not a question of x/0 maybe being undefined. It *IS* undefined. A common exercise in undergrad math course is to have 2 functions f(x) and g(x) where g(0)=0 and then show that depending on how you choose f and g the limit of f(x)/g(x) as x tends to 0 can take on ANY value you desire.
Division by zero is completely meaningless. Yes there are cases where division by zero creates a removable singularity, and for continuity's sake you can define a new curve/sequence/function/whatever with the convenient value. But that doesn't make the division meaningful...
Oh well. At least he isn't trying to state a value for log(0) -- there's an essential singularity at that point. (The riemann surface for log is very cool...)
And you use rawhide on production boxes? Not in my shop, you don't.
Well, I'm not familiar enough with the technical nitty gritty, but I'm not sure latency samples will necessarily be sufficient. Again, if the probability distribution is sufficiently random, they don't really tell you anything about the latency in the packets you actually care about.
As for where it breaks down, I'd have to check the original paper again, but it'd be at about 50% of the necessary time resolution for the attack. In otherwords, if we need timing data accurate to 10 microseconds, and the latency data has a variance exceeding 5 microseconds, we probably can't get sufficient data out of the results. (This is just a guess.) It might actually be an interesting paper to determine exactly what sort of latencies hamper the attack, and extend/rebuff the attack based on this.
There may even be some prior art, already. I recommend further reading.
You'd need to know something about how the latency varies. It's not constant. It's got a probability distribution over some range. (it's bounded below, and probably above too...)
Problem is, if that probability distribution is random, or "near" random, you're going to have a bitch of a time extracting enough info to perform an attack of this sort. This is why you need to be close; it's not because there's low latency (that helps) but because the latency has low variation, which means you can assume a value for it and subtract that out. With a random distribution, your "signal" will be lost in the noise.
It's another example of an attack being not quite as practical as advertised to the public. There's a real threat here, but it's not the "ultimate 'sploit".
You assume that:
1) Harvard thinks it's a bad thing to have pretentious, exclusionary alums.
2) That this attitude isn't inculcated in those who attend Harvard.
I've attended an Ivy (Brown, not Harvard) and the reality is they get off on the "we're better than everyone else" bit. It's about money and power -- something abundant in much of the student and alumni populace at Ivies.
This is not to say everyone at Harvard is like that (or any other top-notch school...) I've got friends from Harvard who aren't. But a lot of Harvard alums are. Same goes for any prestigious institution.
Agreed. I was very curious until I saw the size and weight. I'll "suffer" with my 1280x854 display, 1" thick and 5.5lb carrying weight.
:-)
But, then again, I've become a brainwashed member of the apple cult, so I'm probably not the best judge of a laptop.
I'd watch a show based on Willow. She's far and away my favorite character (since way before she was a beautiful lesbian uber witch) In fact, if the show really is over she's the only reason I'll watch a new spin off.
If it doesn't have willow, it isn't worth watching. (And god damn it, they need Giles.)
Code breaking is hard by its very nature. You're trying to find an unknown message by inverting (or short-circuiting) an unknown process.
If you think of things mathematically, you're looking to find a plaintext p in the set of all possible plaintexts P and some function f from the set of all ciphertexts to the set of all plaintexts where f(c)=p. These means both f and p are unknown, and while multiple solutions may exist they are likely of "measure zero" in 2 very large spaces. (let's asssume we have a suitable measure for such things, and not worry about the real details.)
To a mathematician, finding a general solution to the above would be a Field's medal winning sort of thing. The reality is that you need more information. If you got a large message you should start checking letter/symbols counts, following by the counts of various character pairings, etc. The goal is often to come up with a statistical model to see if you can build a plausible f. Another thing is to try common functions (xor with various values, etc.) on the stream and see what happens. Sometimes that'll give you a clue. But most of time it involves a little luck, a little intuition and a lot of perseverance.
1) It doesn't matter what soource control system you use, you still own your own code. If the company making the source control product goes nuts, then you just have to abandon them.
2) The best tool for the job mentality comes from long experience with inadequate tools. All too often people come along saying "Here use the screwdriver. I know you need a hammer, but at least my screwdriver is ethically pure." Open Source tools are a good thing. They are not always the best fit.
3) Free software is NOT always the best option. Especially for large businesses which are concerned about the potential license taint and support issues. I love Free Software, but it's not always the right fit.
4) There are 2 free alternatives to bitkeeper: CVS and Subversion. Learn them, use them.
1) The litigious young american will call his lawyer and look into suing this company for fraud and slander/libel. Reap massive multi-million dollar judgment 5 years later.
2) The sane human being will get a new email address and tell all of his friends, family and other contacts that he's changed addresses.
Pick one. Do you maybe have legal recourse? IANAL, but yeah maybe. Think about what would happen if someone fraudulently used your home address or phone number.
On the other hand, how much is that email address really worth to you?
(note that if the answer to that last question actually has a real substantial dollar value attached to it, then you shouldn't be talking to slashdot, but a real attorney.)
Actually, yes, I do. Many. Go read any graduate level Algebra text. There are a LARGE number of theorems which rely on the commutativity (or non-commutativity) of the ring in question. Some of them are even important.
Commutativity is (one of the things) that distinguishes R^(N^2) from GL(N). It's a fundamentally important property. Commutative rings are by their very nature smaller than non-commutative rings, given the same set of generators.
I could go on, but...