The outcome of Martin Luther was interesting. A lot of people were struck by war as a direct consequence of this shift of power. The Catholic church lost a lot of power until it corrected its behavior (people paying priests for an easier time in purgatory etc). And the concepts of "nation" and "king" were significantly strengthened in Northern Europe.
I wonder what unexpected side effects the internet will have.
You can't please God the way Enoch did without some faith, because those who come to God must (minimally) believe that:
A) God exists, and
B) God is good to people who really look for him.
That's it. The "good news" is so simple that a child can understand it, and so deep that a philosopher can't.
As much as I respect Larry, I have one thing to say : "The Devil is in the details". "God exists" sounds so simple. It's not. Ethics are fundamentally different in the presence or absence of a God. In the absence, ethics are based around pragmatism and as such adaptible. In the presence, ethics are given to us. Look at history. Which case has proven the better approach? I'd rather God not existed, but if he does, I hope he has foregivness for me since I do in fact live by many of his rules - only out of pragmatism. I expect to burn in hell if there is such a thing, though.
Can you run apache on your windows web server? If they keep attacking, it would be interesting to see if they are hitting IIS or something else (assuming they are shitty little script kiddies).
Another possibility is to set up a Linux box with no open ports on the same ethernet segment and sniff all traffic so that you might be able to tell how they hack you, and where they come from (at least the box they are coming from).
But - changing to Linux is also a really good alternative. Just keep in mind that Linux itself does not offer you security, only an improved possibility of security. You will need to stay rigorously patched up, with a good firewall and a good intrusion detection system. I used my IDS to tighten my firewall whenever I found monkey business in the network traffic - with good results. The box ran without external protection or upgrades for a long time, and it was port-scanned every day. Of course, they eventually hit jack-pot at first try. Then, an IDS will only alert you that something is wrong..
Also, whatever application you run on your web server will need to be secure.
I think Trustworthy Computing is a very good initiative. Generally, the entire industry needs to slow down and secure our products. It is extremely tempting to push for ever more functionality, at ever greater pace. Indeed, Microsoft is showing all the signs of having badly burnt itself badly in this respect. Bypassing security procedures and security people opinion can be lethally risky business, also when it comes to product development.
An important point is that Trusthworthy Computing should have been an ongoing process. By failing to do the obvious, they have been forced to launch a project that should not have been unnecessary.
That being said, I like the fact that they are performing widespread code/doc reviews and whatever other methods they are using. Even though I'd rather everyone used Linux, it's good to hear that we as a technology-driven society are slowly becoming less vulnerable. And, when they are done with the project, they will hopefully have figured out how to make more secure products.
After all, in an ideal world, every product would be so secure that we could concentrate on the other merits of the competition.
Microsoft: "Our products aren't engineered for security"
Friday 6 September 2002 Brian Valentine, senior vice-president in charge of Microsoft's Windows development, has made a grim admission to the Microsoft Windows Server.net developer conference in Seattle, USA.
"I'm not proud," he told delegates yesterday (5 September). "We really haven't done everything we could to protect our customers. Our products just aren't engineered for security," admitted Valentine, who since 1998 has headed Microsoft's Windows division.
In August the company put out eight security bulletins. This month it has released two, so far, with the latest urging users to patch a flaw in its digital certificate technology that could allow attackers to steal a user's credit card details.
Microsoft's regular stream of security bulletins has continued despite Bill Gates company-wide Trustworthy Computing Initiative, announced earlier this year.
The Initiative was launched with a memo from Bill Gates, Microsoft's chairman and chief software architect, and saw the company halt production on new code in all of its products while employees scanned every line of existing code in search of vulnerabilities.
"We realised that we couldn't continue with the way we were building software and expect to deliver secure products," Valentine said.
But the company is dealing with a problem that is not easily resolved. Valentine told developers at the conference that as the company works to shore up its products the security dilemma will evolve as hackers become more sophisticated.
"It's impossible to solve the problem completely," Valentine said. "As we solve these problems there are hackers who are going to come up with new ones. There's no end to this."
Microsoft has also been employing new tools developed by Microsoft Research that are designed to detect errors in code during the development process, Valentine said.
According to Chandra Mugunda, a software consultant with Dell who attended Valentine's presentation, buggy software is "an industry-wide problem, not just a Microsoft problem. But they're the leaders, and they should take the lead to solve them," he said.
I applaud all such efforts. If it doesn't work, fine, we won't use it. But if it works, it could easily become yet another technology that is excellent for its uses. Think about this technology a little more deeply. With a bit of work, it would change the name of the game in file servers. All operating systems that support iSCSI and the FS would be able to share the harddrive. I can see some savings down the line in terms of maintenance, and reduced downtime. I hope I'm right. Now, we just need to figure out exactly how to use this technology.
If everyone had fiber into their homes, I can at the very least see harddrive upgrades without ever opening the box. Wouldn't that be nice, folks?
If you are in the money-saving business, vmware is an alternative if your windows apps don't run under wine. Take note that you will need to pay a license for the the OS on your vmware workstation, but you will save hardware costs, electricity and desk space. The total cost is easily calculated : the license fee for the vmware software + RAM upgrade for your hardware + guest OS and software used on the guest OS. Savings are electricity and desk space.
If the two first factors are less than a new machine, vmware makes little sense for you.
Oh. They hate the old licensing scheme with a passion, too. Every time they think they are in compliance, Microsoft comes up with some demand or question.
One of our customers wanted us to port from Linux to AIX, due to the "unkown" factor - they were not certain about its stability and heavy load ability, plus they were concerned about their AIX-trained staff. Now, we're putting it on hold, since they are considering migrating as many as possible of their server. It seems that cheap server hardware and reduced license fees may be a bigger saving than retraining some of their AIX people would be an expense.
Let's face it. The economy is sluggish, and nobody has a really good plan to fix it.
What is a good way of fixing this problem? Cutting costs, and making sure that average Joe gets more money in his pocket. Yours is a largely customer-driven economy. We also need to understand well the current situation. How similar is it to past situations? How is it different from those? What happened then?
Frankly, I think we should sacrifice quite a few lawyers. Frivolous patents, competition by courtroom and software patents are all expensive practices. Since lawyers are resourceful, wealthy people, it is better to sacrifice some lawyers than a bunch of people down the chain who don't retrain as easily.
Remember that long-term high unemployment leads to a collapse in the housing market. If I was you, I would be working really hard to control the way in which it will occur. It is vital that we return to the basics now. We should study history and statistics intensly, figuring out what is likely to occur and how to control it in the best possible way. There really is no need to keep repeating the mistakes of the past, is there?
First thing to say on a automated phone service, should be
"please feel free to press 9 at any time to talk to one of our customer attendants"
or some such thing. Sometimes, those automated phone services are great since you can memorize the numbers you punch to get to where you need to go, other times, they suck since you only use them once a year. Give the people the option.
Being obese is not healthy. But you can be a little bit overweight, but still in a reasonably good physical shape if you work out on a regular basis.
Even if you don't lose weight, working out is good for your health. Now, I just gotta do something with the massive amount of cognitive dissonance I am experiencing right now...
Not at all. I am in fact considering coding something like that. I'm envisioning a separate p2p network where md5 checksums along with moderated content is kept as synchronized as possible. Users can submit new files/checksums, but those should be peer reviewed in some yet-undecided manner. It should be possible to blacklist md5s (VERY efficient in stopping virus propagation, bad mp3s etc).
Then, the different clients can interface to the content p2p network, so that users that are considering downloading a file can have a better guess at the authenticity and quality of the file - given that they build in support for passing hashes along with the general search results.
I would actually like to see a system where the content database is so well maintained that all systems can use it as a central QA tool, enhancing the file sharing experience.
And folks - just because the technology can be abused, does not mean that it is inherently evil. I just would like to have the quality raised in some way.
The downside is that it will probably become a way to censor information to some extent. We just need to minimize the risks, and maximize the benefits.
The best solution would be if the cd websites were allowed to and did publish medium-quality streams of the albums they sold. The RIAA could also do their part, by making an easy-to-use availablility/price comparison utility for selling CDs online. I listen to some stream, I click a link, and I get a list of the places I can order the CD and/or download the song for a small fee.
Then again, they seem more interested in keeping their current infrastructure. Oh well.
*nod* Movie copying is infact somewhat different. Still, if you look at it closely, if I want to assess if I really want to shell out 18 bucks for a DVD that may or may not suck, I will either have to rent it or go see it in the theater. It is a sweet business they have set up for themselves.
Then again, music is best live. If we want to spend money on music, going to a concert is what leaves the most money in the artist's pocket.
I somewhat cave in. I still think it is sad that I as a music lover (I am closing in on 200 CDs) have to spend too much money on CDs I will only listen to three-five times. I have a few of those, though not as many as could be since I practice what I preach.
I believe I didn't make the point clearly enough, though. I still think that we as customers need to gain more rights to make informed purchases. We should be able to find out what corporations sell sweat-shop products. We should have the option of buying ecologically sound foods. We should also have the option of trying before buying where this is feasible. We try clothes on in the stores (although knowing how the fabric will age is close to black magic), we test drive our cars (although we also need to look up technical stats). I think we should be given the option of listening to the album before you buy it. Try this example. All the songs are available for listening. The CD rocks, too, if you are into folksy, rootsy, well-written and beautifully delivered rocking stuff. When all CDs are sold like that, I will stop downloading MP3s. Those are my conditions for behaving well - I expect behavior to be reciprocal.
If I was to sneak into theatres and amusement parks, I would be taking someone elses place. If the ride was fun, I would ride again. Giving one free ride would in fact be an incentive to provide a more lasting ride experience. Then again, that would place additional burden upon the product developers. Poor babies. What if they actually had to work, rather than rehash old concepts?
File sharing has given us a possibility to check if the advertisements are truthful. No wonder the RIAA is thrashing around like a bull at a bullfight. I see no point of repeating mistakes, just because we have always kept on doing the same mistake. Do you?
The Internet is an information revolution. We as customers have the ability to make more informed choices than we have before.
BTW - Do you think test-driving a car at a dealership is stealing it? Do you think that borrowing your friend's car to check it out is stealing it?
50% decline in the price of hard drugs over the past five years. I think that is a good thing. That means that the addicts need to break into fewer homes to satisfy their addiction.
Of course, it would be better if fewer people became addicts. It would also be really nice if we figured out a way to treat and rehabilitate the addicts.
If you consider it borrowing, then? It is not something you physically take away, you just get a perfect replica. I prefer to be able to check out the goods before I buy, since I don't trust advertising (advertising is really about creating a science out of deceit, a lot of the time).
It is not noble protest. I am not sticking it to the man. I am simply trying to make sure I buy good movies and good records. If singles weren't so overpriced, maybe I would buy those for the songs on the radio. I refuse to pay 15 dollars to figure out that the record has two good songs on it.
Hrmph. The MP3 format has lived long enough. Like PNG is slowly replacing GIF, Ogg Vorbis should replace MP3. Do any of the big-name players support Ogg Vorbis out of the box yet?
We are already a bit of a society, although quite dysfunctional (hello goatse.cx-posting AC). Isn't it about time we had a section with announcements about major conventions and events like Linux Bierwanderung and Geek Cruises?
Granted, it could be percieved to be a bit like free promotion, but isn't Slashdot all about serving the Nerd community with what we need?
At least, someone could make a page, and have a slashbox created.
Another property of Neural Nets and Genetic Algorithms is that the end user don't fully understand "why" something happened. In credit card fraud detection, there is now a shift towards rule based technology. Sure, the Neural Net flags a lot of suspicious transactions, but you gotta be a veritable Sherlock Holmes to figure out why. Same probably applies or will apply to a lot of AI applications. Throwing technology at a problem is not enough - it should be the right technology.
Thanks. That was quite enlightening. My main gripe with tied variables is then reduced to poor implementation (I've seen examples where they obfuscate the code).
Re:Holy kiss-ass, batman!
on
Ask Larry Wall
·
· Score: 1
And why do you suppose difficult tasks require formal training? I program Perl. It's a forgiving language, but the syntax and implementation of most concepts is butt-ugly. I played with Ruby. It's possible to write much nicer code in Ruby. Its OO is much better. It has evals and regexps. And I believe it doesn't have tied variables.
Can anyone explain why tied variables are better than pure objects with proper accessor methods, btw?
Issues left in Perl6?
on
Ask Larry Wall
·
· Score: 4, Interesting
Mr. Wall
Are there any issues in Perl that will not be fixed in Perl6? By an "issue" I mean an aspect of the language that is being widely critized and is admittedly suboptimally implemented, like the current OO implementation.
Slashdot Mirror
The outcome of Martin Luther was interesting. A lot of people were struck by war as a direct consequence of this shift of power. The Catholic church lost a lot of power until it corrected its behavior (people paying priests for an easier time in purgatory etc). And the concepts of "nation" and "king" were significantly strengthened in Northern Europe.
I wonder what unexpected side effects the internet will have.
As much as I respect Larry, I have one thing to say : "The Devil is in the details". "God exists" sounds so simple. It's not. Ethics are fundamentally different in the presence or absence of a God. In the absence, ethics are based around pragmatism and as such adaptible. In the presence, ethics are given to us. Look at history. Which case has proven the better approach? I'd rather God not existed, but if he does, I hope he has foregivness for me since I do in fact live by many of his rules - only out of pragmatism. I expect to burn in hell if there is such a thing, though.
Can you run apache on your windows web server? If they keep attacking, it would be interesting to see if they are hitting IIS or something else (assuming they are shitty little script kiddies).
Another possibility is to set up a Linux box with no open ports on the same ethernet segment and sniff all traffic so that you might be able to tell how they hack you, and where they come from (at least the box they are coming from).
But - changing to Linux is also a really good alternative. Just keep in mind that Linux itself does not offer you security, only an improved possibility of security. You will need to stay rigorously patched up, with a good firewall and a good intrusion detection system. I used my IDS to tighten my firewall whenever I found monkey business in the network traffic - with good results. The box ran without external protection or upgrades for a long time, and it was port-scanned every day. Of course, they eventually hit jack-pot at first try. Then, an IDS will only alert you that something is wrong..
Also, whatever application you run on your web server will need to be secure.
Remember - one vulnerability is usually enough.
I think Trustworthy Computing is a very good initiative. Generally, the entire industry needs to slow down and secure our products. It is extremely tempting to push for ever more functionality, at ever greater pace. Indeed, Microsoft is showing all the signs of having badly burnt itself badly in this respect. Bypassing security procedures and security people opinion can be lethally risky business, also when it comes to product development.
An important point is that Trusthworthy Computing should have been an ongoing process. By failing to do the obvious, they have been forced to launch a project that should not have been unnecessary.
That being said, I like the fact that they are performing widespread code/doc reviews and whatever other methods they are using. Even though I'd rather everyone used Linux, it's good to hear that we as a technology-driven society are slowly becoming less vulnerable. And, when they are done with the project, they will hopefully have figured out how to make more secure products.
After all, in an ideal world, every product would be so secure that we could concentrate on the other merits of the competition.
Microsoft: "Our products aren't engineered for security"
.net developer conference in Seattle, USA.
Friday 6 September 2002
Brian Valentine, senior vice-president in charge of Microsoft's Windows development, has made a grim admission to the Microsoft Windows Server
"I'm not proud," he told delegates yesterday (5 September). "We really haven't done everything we could to protect our customers. Our products just aren't engineered for security," admitted Valentine, who since 1998 has headed Microsoft's Windows division.
In August the company put out eight security bulletins. This month it has released two, so far, with the latest urging users to patch a flaw in its digital certificate technology that could allow attackers to steal a user's credit card details.
Microsoft's regular stream of security bulletins has continued despite Bill Gates company-wide Trustworthy Computing Initiative, announced earlier this year.
The Initiative was launched with a memo from Bill Gates, Microsoft's chairman and chief software architect, and saw the company halt production on new code in all of its products while employees scanned every line of existing code in search of vulnerabilities.
"We realised that we couldn't continue with the way we were building software and expect to deliver secure products," Valentine said.
But the company is dealing with a problem that is not easily resolved. Valentine told developers at the conference that as the company works to shore up its products the security dilemma will evolve as hackers become more sophisticated.
"It's impossible to solve the problem completely," Valentine said. "As we solve these problems there are hackers who are going to come up with new ones. There's no end to this."
Microsoft has also been employing new tools developed by Microsoft Research that are designed to detect errors in code during the development process, Valentine said.
According to Chandra Mugunda, a software consultant with Dell who attended Valentine's presentation, buggy software is "an industry-wide problem, not just a Microsoft problem. But they're the leaders, and they should take the lead to solve them," he said.
I applaud all such efforts. If it doesn't work, fine, we won't use it. But if it works, it could easily become yet another technology that is excellent for its uses. Think about this technology a little more deeply. With a bit of work, it would change the name of the game in file servers. All operating systems that support iSCSI and the FS would be able to share the harddrive. I can see some savings down the line in terms of maintenance, and reduced downtime. I hope I'm right. Now, we just need to figure out exactly how to use this technology.
If everyone had fiber into their homes, I can at the very least see harddrive upgrades without ever opening the box. Wouldn't that be nice, folks?
If you are in the money-saving business, vmware is an alternative if your windows apps don't run under wine. Take note that you will need to pay a license for the the OS on your vmware workstation, but you will save hardware costs, electricity and desk space. The total cost is easily calculated : the license fee for the vmware software + RAM upgrade for your hardware + guest OS and software used on the guest OS. Savings are electricity and desk space.
If the two first factors are less than a new machine, vmware makes little sense for you.
Oh. They hate the old licensing scheme with a passion, too. Every time they think they are in compliance, Microsoft comes up with some demand or question.
One of our customers wanted us to port from Linux to AIX, due to the "unkown" factor - they were not certain about its stability and heavy load ability, plus they were concerned about their AIX-trained staff. Now, we're putting it on hold, since they are considering migrating as many as possible of their server. It seems that cheap server hardware and reduced license fees may be a bigger saving than retraining some of their AIX people would be an expense.
Let's face it. The economy is sluggish, and nobody has a really good plan to fix it.
What is a good way of fixing this problem? Cutting costs, and making sure that average Joe gets more money in his pocket. Yours is a largely customer-driven economy. We also need to understand well the current situation. How similar is it to past situations? How is it different from those? What happened then?
Frankly, I think we should sacrifice quite a few lawyers. Frivolous patents, competition by courtroom and software patents are all expensive practices. Since lawyers are resourceful, wealthy people, it is better to sacrifice some lawyers than a bunch of people down the chain who don't retrain as easily.
Remember that long-term high unemployment leads to a collapse in the housing market. If I was you, I would be working really hard to control the way in which it will occur. It is vital that we return to the basics now. We should study history and statistics intensly, figuring out what is likely to occur and how to control it in the best possible way. There really is no need to keep repeating the mistakes of the past, is there?
First thing to say on a automated phone service, should be
"please feel free to press 9 at any time to talk to one of our customer attendants"
or some such thing. Sometimes, those automated phone services are great since you can memorize the numbers you punch to get to where you need to go, other times, they suck since you only use them once a year. Give the people the option.
Being obese is not healthy. But you can be a little bit overweight, but still in a reasonably good physical shape if you work out on a regular basis.
Even if you don't lose weight, working out is good for your health. Now, I just gotta do something with the massive amount of cognitive dissonance I am experiencing right now...
Not at all. I am in fact considering coding something like that. I'm envisioning a separate p2p network where md5 checksums along with moderated content is kept as synchronized as possible. Users can submit new files/checksums, but those should be peer reviewed in some yet-undecided manner. It should be possible to blacklist md5s (VERY efficient in stopping virus propagation, bad mp3s etc).
Then, the different clients can interface to the content p2p network, so that users that are considering downloading a file can have a better guess at the authenticity and quality of the file - given that they build in support for passing hashes along with the general search results.
I would actually like to see a system where the content database is so well maintained that all systems can use it as a central QA tool, enhancing the file sharing experience.
And folks - just because the technology can be abused, does not mean that it is inherently evil. I just would like to have the quality raised in some way.
The downside is that it will probably become a way to censor information to some extent. We just need to minimize the risks, and maximize the benefits.
The best solution would be if the cd websites were allowed to and did publish medium-quality streams of the albums they sold. The RIAA could also do their part, by making an easy-to-use availablility/price comparison utility for selling CDs online. I listen to some stream, I click a link, and I get a list of the places I can order the CD and/or download the song for a small fee.
Then again, they seem more interested in keeping their current infrastructure. Oh well.
*nod* Movie copying is infact somewhat different. Still, if you look at it closely, if I want to assess if I really want to shell out 18 bucks for a DVD that may or may not suck, I will either have to rent it or go see it in the theater. It is a sweet business they have set up for themselves.
Then again, music is best live. If we want to spend money on music, going to a concert is what leaves the most money in the artist's pocket.
I somewhat cave in. I still think it is sad that I as a music lover (I am closing in on 200 CDs) have to spend too much money on CDs I will only listen to three-five times. I have a few of those, though not as many as could be since I practice what I preach.
I believe I didn't make the point clearly enough, though. I still think that we as customers need to gain more rights to make informed purchases. We should be able to find out what corporations sell sweat-shop products. We should have the option of buying ecologically sound foods. We should also have the option of trying before buying where this is feasible. We try clothes on in the stores (although knowing how the fabric will age is close to black magic), we test drive our cars (although we also need to look up technical stats). I think we should be given the option of listening to the album before you buy it. Try this example. All the songs are available for listening. The CD rocks, too, if you are into folksy, rootsy, well-written and beautifully delivered rocking stuff. When all CDs are sold like that, I will stop downloading MP3s. Those are my conditions for behaving well - I expect behavior to be reciprocal.
Now rage away, rageaholic.
If I was to sneak into theatres and amusement parks, I would be taking someone elses place. If the ride was fun, I would ride again. Giving one free ride would in fact be an incentive to provide a more lasting ride experience. Then again, that would place additional burden upon the product developers. Poor babies. What if they actually had to work, rather than rehash old concepts?
File sharing has given us a possibility to check if the advertisements are truthful. No wonder the RIAA is thrashing around like a bull at a bullfight. I see no point of repeating mistakes, just because we have always kept on doing the same mistake. Do you?
The Internet is an information revolution. We as customers have the ability to make more informed choices than we have before.
BTW - Do you think test-driving a car at a dealership is stealing it? Do you think that borrowing your friend's car to check it out is stealing it?
50% decline in the price of hard drugs over the past five years. I think that is a good thing. That means that the addicts need to break into fewer homes to satisfy their addiction.
Of course, it would be better if fewer people became addicts. It would also be really nice if we figured out a way to treat and rehabilitate the addicts.
If you consider it borrowing, then? It is not something you physically take away, you just get a perfect replica. I prefer to be able to check out the goods before I buy, since I don't trust advertising (advertising is really about creating a science out of deceit, a lot of the time).
It is not noble protest. I am not sticking it to the man. I am simply trying to make sure I buy good movies and good records. If singles weren't so overpriced, maybe I would buy those for the songs on the radio. I refuse to pay 15 dollars to figure out that the record has two good songs on it.
Hrmph. The MP3 format has lived long enough. Like PNG is slowly replacing GIF, Ogg Vorbis should replace MP3. Do any of the big-name players support Ogg Vorbis out of the box yet?
We are already a bit of a society, although quite dysfunctional (hello goatse.cx-posting AC). Isn't it about time we had a section with announcements about major conventions and events like Linux Bierwanderung and Geek Cruises?
Granted, it could be percieved to be a bit like free promotion, but isn't Slashdot all about serving the Nerd community with what we need?
At least, someone could make a page, and have a slashbox created.
Another property of Neural Nets and Genetic Algorithms is that the end user don't fully understand "why" something happened. In credit card fraud detection, there is now a shift towards rule based technology. Sure, the Neural Net flags a lot of suspicious transactions, but you gotta be a veritable Sherlock Holmes to figure out why. Same probably applies or will apply to a lot of AI applications. Throwing technology at a problem is not enough - it should be the right technology.
Thanks. That was quite enlightening. My main gripe with tied variables is then reduced to poor implementation (I've seen examples where they obfuscate the code).
And why do you suppose difficult tasks require formal training? I program Perl. It's a forgiving language, but the syntax and implementation of most concepts is butt-ugly. I played with Ruby. It's possible to write much nicer code in Ruby. Its OO is much better. It has evals and regexps. And I believe it doesn't have tied variables.
Can anyone explain why tied variables are better than pure objects with proper accessor methods, btw?
Mr. Wall
Are there any issues in Perl that will not be fixed in Perl6? By an "issue" I mean an aspect of the language that is being widely critized and is admittedly suboptimally implemented, like the current OO implementation.