Recent exploits in wu_ftpd, sshd, telnetd, and bind did not force me to "upgrade" my linux server to Windows 2000 (it did force me to upgrade these packages...!). I know you're just joking, but security holes are not endemic to the Windows world. Sloppy coders are everywhere.
Oh, gimme a break...
Are we not communicating in public now?
Spam is NOT killing open source. If you like, develop a spam-proof email system (digital signatures). That will be much less dangerous to open source than government regulation of the internet.
It's all well and good to make fun, but this kind of attitude is really dangerous! I am very wary of any sentiment like "We should make laws against X kinds of people..."
(X = KKK members? Communists? Muslims?)
I think it'd be a big step backwards if we went to court and somehow got laws against this stuff. It's fun to mess with these guys, who are obviously assholes, but I don't think it's a good idea to encourage legislative regulation of the internet. Think: CDA I, II, DMCA,....
Spam is just not that bad! If you set up your e-mail client properly and don't publish your e-mail address, it's hardly noticeable. Still, I'd rather press 'd' six times per day than have my email regulated by the government.
Security through Obscurity is not automatically bad. In fact, security through obscurity is pretty damn good, especially in the real world where reconaissance is much more difficult. (In the digital world, intercepting data or playing with a digital black box in your basement is much easier.)
A well-designed system AND obscurity is a harder target than a well-designed system alone. The warning about security through obscurity is to those amateur cryptographers who think that cooking up a secret algorithm will get them mathematically sound security. The rule just doesn't apply in the same way to physical security. (Would you post a sign on your door saying, "I have tens of thousands of dollars in my safe, but my vault is secure!"?)
That said, I'm still against hiding this information simply because it's ineffectual. They'd probably be better off tracking people who looked it up; that'd be just as bad a civil rights infraction, but might actually make a difference...
I am talking about the language spec for Cyclone. If you don't know what a language feature is, you ought to read about it before claiming that another language has that feature!
In this case, the pattern matching they are talking about is the Programming Languages community's "pattern matching", which is different from the perl community's "pattern matching" which just means "regular expressions".
This is totally wrong!!
The feature they are talking about has nothing to do with matching strings, but matching data structures. It is NOT REGULAR EXPRESSION PATTERN MATCHING. That is something different.
haha... oh.
Regular Expression matching is not the kind of pattern matching they mean here. Check out the language docs or a language like ML that has datatypes and pattern matching to see what they mean.
Microsoft is working on a programming language called Vault that is very similar. They'll probably be using it in a future operating system to ensure that key parts of the OS, as well as first and third party drivers, behave well. If they do this, I sure hope that linux jumps on some automated technology too, because then I think they will have quite a leg up on us as far as security and stability go.
I think your second paragraph is totally bullshit. If it's not hard, why do some of the most well known linux network daemons have multiple remote buffer overflows in them? Do the people who wrote BIND, wu_ftpd, xinetd, apache, telnetd, Quake 3, Half-Life, etc. not know what they're doing? No, they know what they're doing, it's just very hard to manually secure large C programs.
The simple fact is that C encourages a style of programming that leads to these kinds of bugs. This has been a solved problem in many other languages for dozens of years now. Using a safe language, for instance, makes you totally immune to buffer overflows and format string attacks, the two most common sources of security holes in unix.
I think you must have had bad experiences with safe languages (Java?). Static checking doesn't result in slowness (in fact, it can make compiled code faster in many cases, for instance by enabling alias analysis).
Static typing and safety also allow for *more* power than a "do anything you like" language. One kind of power I get when I write in a language like this is the ability to enforce invariants without runtime checks. So if I am writing a program with several other people (or by myself across several evenings, except I am drunk some of those evenings), I can arrange my code such that bugs in one part of the program can NEVER affect other parts of the program. Thus, it is easier to figure out who to blame and where the bug is. This is impossible in a language like C, where any code can write over another module's memory, free its data structures more than once, or cast, etc.
Speeding up routines with hacks is pretty overrated; there are very few places where this is necessary, and even fewer where it is desirable. In those cases, we can always fall back to C or assembly.
Sure.
Lots of us have been programming in statically-typed, safe languages for a long time. We do it not because we're poor, weak-minded programmers but because we don't have time to spend tracking down aliasing bugs and memory leaks. Though the compilers are not as "smart" (in a very strong sense) as people, they are much much more patient, and are actually very good at finding or preventing exactly these kinds of boring bugs.
Most of these languages are very abstract. (ie, SML). Cyclone is actually a project to bring some of these ideals to the systems world, where concern over data layout and memory usage are more pronounced. They've added a few useful features to C, too (polymorphism! datatypes! pattern matching!)... so I think this is a good thing, even for hardcore C cowboys.
If you draw a pentagon on the surface of the chip with a pencil, then your processor becomes invincible, and runs at 666 GHz. This is also known as the "pentagram of protection" trick.
Re:why so negative towards xbox?
on
XBox Released
·
· Score: 1
What are the REAL facts? Stupid, gullible kids like the Xbox?
Yeah.
I've got to say that I'm disappointed in how popular distributed.net RC-5 cracking is. What the hell is the point? The only reason we don't have the key is because they destroyed the hard drive from the computer that generated it. It's easy to calculate how long it would take to find a solution by brute force (which is what they're doing) without actually wasting all of those cycles.
SETI@home seems rather like pseudoscience to me (And without source, I wouldn't be surprised if it's a secret plot from the NSA;)), though I suppose this is a kind of fun one. At least we don't already know the answer.
I like GIMPS (we are at least learning something new and the results are easily verifiable), though the bio ones you mention are also very neat. Let's hope that more useful projects come out of this idea...
This is something I've been waiting for, for a long time.
I've been thinking about ways to reduce the footprint of a laptop while retaining efficient input. One idea I had was similar to this -- when your hands approached the screen, an on-screen keyboard would appear that you could type on. You wouldn't have any touch feedback (electric shocks?;)), but maybe noise or visual feedback would be enough...
Those laser displays that project directly onto your retina would be cool too. Imagine this combined with a device that actually projected the keyboard (with live feedback) onto whatever surface you were using to type on...
If they had a nice durable webpad with either of these kinds of input, I'd be very happy!
This sentiment is true for industry (except in the rare cases where you can make a real strong economic argument in favor of one language and are lucky enough to have a manager who "gets" it).
But there's no reason this kind of marketplace idea should apply to the "open source" or "free software" world. Personally, I feel free to hack my software in whatever language I like (typically SML, my favorite underdog). I hope that other hobbyists do take the time to build up an environment where their favorite (whatever that may be) can flourish, too. It is in our spirit to embrace things because of their technical merits, rather than their popularity!
I think it is just you. Graphic and violent games are for my little brother -- I've outgrown that now and I want to play games that are fun, thoughtful, and beautifully designed. Hell, I don't even care about polygon count if the games are fun. I'm currently having a blast with my GBA and I can't wait for the GameCube...
> The mode changes are possibly redundant, but
> they allow users a bit more flexibility. I don't
> see that as a particular problem.
Well, it is annoying in a setting where friends are auto-opping each other, resulting in half a dozen +o messages when someone joins the channel. What is the added benefit?
Thanks for fixing the chanserv bug.
I realize ident is not required -- my point is that the service is extremely outdated and should be deprecated. What is the point of identd support, other than additional network traffic and forcing users to change their lists of hostmasks (to include ~) for access control, etc? Everyone uses fake identd servers these days anyway.
Slashdot Mirror
Somehow this whole discussion would be a lot funnier if it was Al Gore saying that he wanted his own private internet.
Hey now,
Recent exploits in wu_ftpd, sshd, telnetd, and bind did not force me to "upgrade" my linux server to Windows 2000 (it did force me to upgrade these packages...!). I know you're just joking, but security holes are not endemic to the Windows world. Sloppy coders are everywhere.
Oh, gimme a break...
Are we not communicating in public now?
Spam is NOT killing open source. If you like, develop a spam-proof email system (digital signatures). That will be much less dangerous to open source than government regulation of the internet.
It's all well and good to make fun, but this kind of attitude is really dangerous! I am very wary of any sentiment like "We should make laws against X kinds of people..."
(X = KKK members? Communists? Muslims?)
I think it'd be a big step backwards if we went to court and somehow got laws against this stuff. It's fun to mess with these guys, who are obviously assholes, but I don't think it's a good idea to encourage legislative regulation of the internet. Think: CDA I, II, DMCA,
Spam is just not that bad! If you set up your e-mail client properly and don't publish your e-mail address, it's hardly noticeable. Still, I'd rather press 'd' six times per day than have my email regulated by the government.
Security through Obscurity is not automatically bad. In fact, security through obscurity is pretty damn good, especially in the real world where reconaissance is much more difficult. (In the digital world, intercepting data or playing with a digital black box in your basement is much easier.)
A well-designed system AND obscurity is a harder target than a well-designed system alone. The warning about security through obscurity is to those amateur cryptographers who think that cooking up a secret algorithm will get them mathematically sound security. The rule just doesn't apply in the same way to physical security. (Would you post a sign on your door saying, "I have tens of thousands of dollars in my safe, but my vault is secure!"?)
That said, I'm still against hiding this information simply because it's ineffectual. They'd probably be better off tracking people who looked it up; that'd be just as bad a civil rights infraction, but might actually make a difference...
I am talking about the language spec for Cyclone. If you don't know what a language feature is, you ought to read about it before claiming that another language has that feature!
In this case, the pattern matching they are talking about is the Programming Languages community's "pattern matching", which is different from the perl community's "pattern matching" which just means "regular expressions".
This is totally wrong!!
The feature they are talking about has nothing to do with matching strings, but matching data structures. It is NOT REGULAR EXPRESSION PATTERN MATCHING. That is something different.
haha... oh.
Regular Expression matching is not the kind of pattern matching they mean here. Check out the language docs or a language like ML that has datatypes and pattern matching to see what they mean.
Sounds good -- do you have any links to docs on Java pattern matching? I can't find anything on sun's site.
I dunno man, when I write java code I really do miss pattern matching and generics. Casts and "instanceof" are a real pain.
Microsoft is working on a programming language called Vault that is very similar. They'll probably be using it in a future operating system to ensure that key parts of the OS, as well as first and third party drivers, behave well. If they do this, I sure hope that linux jumps on some automated technology too, because then I think they will have quite a leg up on us as far as security and stability go.
I think your second paragraph is totally bullshit. If it's not hard, why do some of the most well known linux network daemons have multiple remote buffer overflows in them? Do the people who wrote BIND, wu_ftpd, xinetd, apache, telnetd, Quake 3, Half-Life, etc. not know what they're doing? No, they know what they're doing, it's just very hard to manually secure large C programs.
The simple fact is that C encourages a style of programming that leads to these kinds of bugs. This has been a solved problem in many other languages for dozens of years now. Using a safe language, for instance, makes you totally immune to buffer overflows and format string attacks, the two most common sources of security holes in unix.
I think you must have had bad experiences with safe languages (Java?). Static checking doesn't result in slowness (in fact, it can make compiled code faster in many cases, for instance by enabling alias analysis).
Static typing and safety also allow for *more* power than a "do anything you like" language. One kind of power I get when I write in a language like this is the ability to enforce invariants without runtime checks. So if I am writing a program with several other people (or by myself across several evenings, except I am drunk some of those evenings), I can arrange my code such that bugs in one part of the program can NEVER affect other parts of the program. Thus, it is easier to figure out who to blame and where the bug is. This is impossible in a language like C, where any code can write over another module's memory, free its data structures more than once, or cast, etc.
Speeding up routines with hacks is pretty overrated; there are very few places where this is necessary, and even fewer where it is desirable. In those cases, we can always fall back to C or assembly.
Sure.
Lots of us have been programming in statically-typed, safe languages for a long time. We do it not because we're poor, weak-minded programmers but because we don't have time to spend tracking down aliasing bugs and memory leaks. Though the compilers are not as "smart" (in a very strong sense) as people, they are much much more patient, and are actually very good at finding or preventing exactly these kinds of boring bugs.
Most of these languages are very abstract. (ie, SML). Cyclone is actually a project to bring some of these ideals to the systems world, where concern over data layout and memory usage are more pronounced. They've added a few useful features to C, too (polymorphism! datatypes! pattern matching!)... so I think this is a good thing, even for hardcore C cowboys.
If you draw a pentagon on the surface of the chip with a pencil, then your processor becomes invincible, and runs at 666 GHz. This is also known as the "pentagram of protection" trick.
What are the REAL facts? Stupid, gullible kids like the Xbox?
If the number is off by one, it will trivially not be prime as it will be divisible by 2.
Also, transmitting this number in binary is rather simple, since it is just a series of 1s!
Yeah.
;)), though I suppose this is a kind of fun one. At least we don't already know the answer.
I've got to say that I'm disappointed in how popular distributed.net RC-5 cracking is. What the hell is the point? The only reason we don't have the key is because they destroyed the hard drive from the computer that generated it. It's easy to calculate how long it would take to find a solution by brute force (which is what they're doing) without actually wasting all of those cycles.
SETI@home seems rather like pseudoscience to me (And without source, I wouldn't be surprised if it's a secret plot from the NSA
I like GIMPS (we are at least learning something new and the results are easily verifiable), though the bio ones you mention are also very neat. Let's hope that more useful projects come out of this idea...
Well, I don't really understand your post, but the RC announced today that it would be donating all of the money to the victims.
This is something I've been waiting for, for a long time.
;)), but maybe noise or visual feedback would be enough...
I've been thinking about ways to reduce the footprint of a laptop while retaining efficient input. One idea I had was similar to this -- when your hands approached the screen, an on-screen keyboard would appear that you could type on. You wouldn't have any touch feedback (electric shocks?
Those laser displays that project directly onto your retina would be cool too. Imagine this combined with a device that actually projected the keyboard (with live feedback) onto whatever surface you were using to type on...
If they had a nice durable webpad with either of these kinds of input, I'd be very happy!
This sentiment is true for industry (except in the rare cases where you can make a real strong economic argument in favor of one language and are lucky enough to have a manager who "gets" it).
But there's no reason this kind of marketplace idea should apply to the "open source" or "free software" world. Personally, I feel free to hack my software in whatever language I like (typically SML, my favorite underdog). I hope that other hobbyists do take the time to build up an environment where their favorite (whatever that may be) can flourish, too. It is in our spirit to embrace things because of their technical merits, rather than their popularity!
I think it is just you. Graphic and violent games are for my little brother -- I've outgrown that now and I want to play games that are fun, thoughtful, and beautifully designed. Hell, I don't even care about polygon count if the games are fun. I'm currently having a blast with my GBA and I can't wait for the GameCube...
Super Kamiokande sounds like one sweet Nintendo game! Hook me up!
> The mode changes are possibly redundant, but
> they allow users a bit more flexibility. I don't
> see that as a particular problem.
Well, it is annoying in a setting where friends are auto-opping each other, resulting in half a dozen +o messages when someone joins the channel. What is the added benefit?
Thanks for fixing the chanserv bug.
I realize ident is not required -- my point is that the service is extremely outdated and should be deprecated. What is the point of identd support, other than additional network traffic and forcing users to change their lists of hostmasks (to include ~) for access control, etc? Everyone uses fake identd servers these days anyway.
> I don't feel like sitting around watching a bunch
> of Linux/Open Source zealout weenies, so I don't
> hang out on slashnet. That easy.
But, you do read slashdot. =)
- Server sends redundant MODE changes, ie,
*** User1 sets mode: +o Friend
*** User2 sets mode: +o Friend
- Chanserv periodically de-ops everyone in the channel.
- Reliance on identd (shouldn't new ircds be working to deprecate this?)
But otherwise, it seems the same as before.