This study comes from the UK; given recent electoral history, I'm far more inclined to trust that they can count than I am to trust any study which comes out of the US.
If you look at the animation, it shows the one possible earth hit position, but to me, it looks like 2 or 3 of those very near earth positions have the potential to hit the moon
The moon is far smaller than the earth; as a result, it is far less likely to get hit.
Personally, I'm far more concerned about a 1 in 200 chance of the earth being hit than I am about a 1 in 2000 chance of the moon being hit.
the page is written in english. only germanic language speakers would have an extra chance of knowing the meaning of the word "zeitgeist."
First, "zeitgeist" is as much part of the English language as "schadenfreude" -- the first has been used since 1848, and the second since 1852. (According to the OED, that is -- I wasn't around at the time.)
Second, English is a germanic language, so anyone who speaks English is a "germanic language speaker" anyway.
With almost ten thousand people having used FreeBSD Update to download and install binary security patches, I certainly wouldn't mind getting $1 from each user. Right now I'm averaging around $0.1 per user -- most of which came from slashdot.jp readers who don't even use FreeBSD Update, and all of which went directly into buying new hardware for building the security updates.
Then of course there's my binary diff tool, which is being used by somewhere upwards of a million people, thanks to Apple's decision to use it for reducing the size of their security updates. (Ok, technically bsdiff isn't being used by all those people; bspatch is, however.) My total income from this? $0. I haven't earned a cent.
Am I bitter about not earning any money from all this? Of course not -- if I wanted to make money, I wouldn't have been giving this work away for free in the first place. On the other hand, I certainly wouldn't mind getting some monetary return for all my work.
And that's the important point to remember here: Almost all open source developers would love to get something for their work; but if they get anything, it won't be anywhere near $1 per user.
The "biblical" flood is actually just a retelling of a story from the epic of Gilgamesh; as such, it likely refers to the flooding of the Persian gulf.
Are the makers of software liable for what their users do with the software? So far they're not and hopefully it's going to stay that way.
Nobody is going to rule that software authors are liable for any actions performed by other using their software; but the courts might rule that software authors are liable if the intended use of the software is criminal.
Personally, I hope this happens -- not because I'm concerned about P2P copyright infringement, but because I'm concerned about other software. Such a judgement would criminalize the people who write software for spammers, as well as those who write some of the more obnoxious spyware and worms.
Is it your fault if someone uses your code to commit a crime? Probably not. Is it your fault if you write code with the express intention of aiding in the commission of a crime? Absolutely.
Actually I would argue that a good program, regardless of what school is offering it, would teach you software engineering, not computer science.
Well, that depends upon how the program advertises itself... a good Computer Science program will teach Computer Science, while a good Software Engineering program will teach Software Engineering. A bad program of either variety will tend to teach little beyond computer programming.:-)
While there is a lot more to computer science then just coding how dare you say to him that he is not intrested in computer science just because he likes to code.
I didn't -- I said that he wasn't interested in computer science when he was 11 years old.
I've been interested in computer science since my mother taught me how to program in QBASIC when I was eleven
No you haven't. You may have been interested in computer programming since age 11, but you didn't even know what computer science was, let alone have any interest in it.
Not that there's anything wrong with this; the world needs plumbers and electricians (and computer programmers) as much as it needs writers, mathematicians, and computer scientists. But this is one way the well-recognized undergraduate computer science distinguish themselves from the programs at the College of Upper Podunk. A good university will teach computer science, and expect you to work out how to write code on your own; a bad university will teach you how to program, and not even admit that there is anything more to learn.
Decide what you want from your years at university, and pick your university accordingly.
This is why operating systems should use delta compression for distributing security patches. You're never going to have a perfectly secure operating system; you can, however, make sure that you can fix the security flaws before they are exploited. Put another way: Size matters!
For the record, using FreeBSD Update and my binary diff tool, downloading all existing security patches for FreeBSD 4.8 (released April 2003) only requires 568kB of files to be downloaded -- which takes under 3 minutes even with a 28.8kbps modem.
There is clearly a means to resolve these inconsistencies in that particular article! Edit it!!
Yes, but edit it in which direction? By "... that the reader has no means to resolve", he means that the reader has no way to determine which number is correct -- the article is internally inconsistent, and it doesn't even have the necessary references for a reader to probe further.
Sure, you can make the article self-consistent easily enough; but most readers would have a 50% chance of making the article consistently wrong, which doesn't help anyone.
The announcement should be up there by now, but it was delayed slightly because nobody knew how to start a rebuild (outside of the usual fixed schedule) of the web site.
In addition, I set up a BitTorrent tracker for 5.3-RELEASE-i386-disc1.iso temporarily
The 5.3-RELEASE announcement will include the location of official BitTorrent trackers for the iso images, so this isn't necessary.
To everyone trying to get an early copy of the iso: Slow down, wait for the signed announcement, and check the MD5 hashes. I have no reason to think that Vividdream is doing anything evil, but this wouldn't be the first time that trojans were circulated in advance of an official release...
Funny you should mention that. The first code I ever wrote in C was PiHex (a distributed project computing project, back in the days before those became cool, which computed the 5 trillionth, 40 trillionth, and quadrillionth bits of Pi. All of them were zero.)
My preference for source based upgrades is based partly on my desire for quick response time re: security.
Entirely off-topic, but if you're concerned about security, binary updates are a better option than source patches -- both because FreeBSD Update is more secure than the cvsup mirror system, and because I normally have patches available via FreeBSD Update within a few minutes of the code being committed to CVS and the security advisory going out. (I have the advantage of seeing the source patches in advance, thanks to being on the FreeBSD security team.)
Of course, this only applies to tracking the security branches, but if you're concerned about security that's what you should be doing anyway -- we don't issue security advisories for issues which only affect -current.
Patents are supposed to give sufficient detail to allow someone "skilled in the art" to reproduce the invention. Almost all "software patents" miserably fail at this task.
Requiring that working source code be provided would avoid the current situation where patenters obtain legal patent protection while still retaining effective secrecy.
...Internet Explorer with 15 flaws and Mozilla with only 7
Err... at this point, does it really matter? It's useful to compare BIND against djbdns (many security flaws vs. none), or Linux against OpenBSD (many security flaws vs. one remote hole in 8 years), but 15 flaws vs. 7 flaws? To me, that just says that both browsers are horribly insecure, and slightly more effort has been put into finding flaws in MSIE.
look around at a few billboard signs posted in various areas... Nice new job recruiting strategy
I'm not sure that I believe that. It really looks more to me like a publicity stunt.
Any time they throw one of these billboards up, people jump all over the problems and the answers get posted all over the web. The people who end up responding to these are predominantly not smart people who solved them independently; rather, they are lucky people who happen to be traversing the right forums when the solution is posted.
If they were really looking for smart people, they'd use harder problems, and post them somewhere on their website rather than hoping that the right people happen to be driving down the right highway.
It's funny that everyone points to Google as the place to go if you want to put a newly-acquired PhD to use. Looking through their pages, I don't see a very large number of jobs which need a PhD, and none of those are research-related.
At the same time, I know that Google has a large number of PhDs doing research; where does it acquire them? Is there a secret jobs-for-really-smart-people page somewhere on their web site?
...a grueling hunt for all the.exe's, reg entries and sources for a bot infection...
Wrong answer. If you have a compromised system, trying to clean it is (a) likely to be really difficult, and (b) not secure.
Wipe the system, reinstall, and recover from backups. (You do keep good backups, right?) It sounds pessimistic, but in most cases an attempt to "clean" a system is going to end up with you pulling out the OS reinstall disks anyway.
No FPU meeting this standard [IEEE 754] will produce different results than any other FPU.
Correct as far as arithmetic operations go, but not for other functions. Trigonometric functions are quite a different story, and the results will vary between processors -- older Intel (co-)processors were accurate to 4.5 ulp, whereas recent ones are accurate to 1.5 or 1.0 ulp, for example.
For that matter, as far as I'm aware IEEE 754 doesn't make *any* requirements of the trigonometric functions; they might behave as random number generators for all the standard says.
that this 40 year old code has fewer buffer overrun vulnerabilities than XP, even with SuperPatch2?
This shouldn't be surprising at all. The larger the codebase, the larger the likely number of bugs: Not only are there more opportunities for error, but there will be more code paths which don't get regularly exercised.
It has been said that perfection is when there is nothing left to remove; I'd rather say that security is when there's nothing left to remove.
Slashdot Mirror
All depends who's counting, I guess.
This study comes from the UK; given recent electoral history, I'm far more inclined to trust that they can count than I am to trust any study which comes out of the US.
If you look at the animation, it shows the one possible earth hit position, but to me, it looks like 2 or 3 of those very near earth positions have the potential to hit the moon
The moon is far smaller than the earth; as a result, it is far less likely to get hit.
Personally, I'm far more concerned about a 1 in 200 chance of the earth being hit than I am about a 1 in 2000 chance of the moon being hit.
"zeitgeist" means "the defining spirit or mood of a particular period of history".
Yes, there is a nuance which cannot be conveyed by the word "summary".
the page is written in english. only germanic language speakers would have an extra chance of knowing the meaning of the word "zeitgeist."
First, "zeitgeist" is as much part of the English language as "schadenfreude" -- the first has been used since 1848, and the second since 1852. (According to the OED, that is -- I wasn't around at the time.)
Second, English is a germanic language, so anyone who speaks English is a "germanic language speaker" anyway.
With almost ten thousand people having used FreeBSD Update to download and install binary security patches, I certainly wouldn't mind getting $1 from each user. Right now I'm averaging around $0.1 per user -- most of which came from slashdot.jp readers who don't even use FreeBSD Update, and all of which went directly into buying new hardware for building the security updates.
Then of course there's my binary diff tool, which is being used by somewhere upwards of a million people, thanks to Apple's decision to use it for reducing the size of their security updates. (Ok, technically bsdiff isn't being used by all those people; bspatch is, however.) My total income from this? $0. I haven't earned a cent.
Am I bitter about not earning any money from all this? Of course not -- if I wanted to make money, I wouldn't have been giving this work away for free in the first place. On the other hand, I certainly wouldn't mind getting some monetary return for all my work.
And that's the important point to remember here: Almost all open source developers would love to get something for their work; but if they get anything, it won't be anywhere near $1 per user.
But I do hate PayPal.
So write a cheque instead. As long as it's postmarked before the end of the year, it counts.
Isn't this when the biblical flood occured.
The "biblical" flood is actually just a retelling of a story from the epic of Gilgamesh; as such, it likely refers to the flooding of the Persian gulf.
This story is a dupe from 3196 B.C.
You mean 3197 BC -- there wasn't any year 0.
Are the makers of software liable for what their users do with the software? So far they're not and hopefully it's going to stay that way.
Nobody is going to rule that software authors are liable for any actions performed by other using their software; but the courts might rule that software authors are liable if the intended use of the software is criminal.
Personally, I hope this happens -- not because I'm concerned about P2P copyright infringement, but because I'm concerned about other software. Such a judgement would criminalize the people who write software for spammers, as well as those who write some of the more obnoxious spyware and worms.
Is it your fault if someone uses your code to commit a crime? Probably not. Is it your fault if you write code with the express intention of aiding in the commission of a crime? Absolutely.
Actually I would argue that a good program, regardless of what school is offering it, would teach you software engineering, not computer science.
:-)
Well, that depends upon how the program advertises itself... a good Computer Science program will teach Computer Science, while a good Software Engineering program will teach Software Engineering. A bad program of either variety will tend to teach little beyond computer programming.
While there is a lot more to computer science then just coding how dare you say to him that he is not intrested in computer science just because he likes to code.
I didn't -- I said that he wasn't interested in computer science when he was 11 years old.
I've been interested in computer science since my mother taught me how to program in QBASIC when I was eleven
No you haven't. You may have been interested in computer programming since age 11, but you didn't even know what computer science was, let alone have any interest in it.
Not that there's anything wrong with this; the world needs plumbers and electricians (and computer programmers) as much as it needs writers, mathematicians, and computer scientists. But this is one way the well-recognized undergraduate computer science distinguish themselves from the programs at the College of Upper Podunk. A good university will teach computer science, and expect you to work out how to write code on your own; a bad university will teach you how to program, and not even admit that there is anything more to learn.
Decide what you want from your years at university, and pick your university accordingly.
This is why operating systems should use delta compression for distributing security patches. You're never going to have a perfectly secure operating system; you can, however, make sure that you can fix the security flaws before they are exploited. Put another way: Size matters!
For the record, using FreeBSD Update and my binary diff tool, downloading all existing security patches for FreeBSD 4.8 (released April 2003) only requires 568kB of files to be downloaded -- which takes under 3 minutes even with a 28.8kbps modem.
There is clearly a means to resolve these inconsistencies in that particular article! Edit it!!
Yes, but edit it in which direction? By "... that the reader has no means to resolve", he means that the reader has no way to determine which number is correct -- the article is internally inconsistent, and it doesn't even have the necessary references for a reader to probe further.
Sure, you can make the article self-consistent easily enough; but most readers would have a 50% chance of making the article consistently wrong, which doesn't help anyone.
The announcement should be up there by now, but it was delayed slightly because nobody knew how to start a rebuild (outside of the usual fixed schedule) of the web site.
In addition, I set up a BitTorrent tracker for 5.3-RELEASE-i386-disc1.iso temporarily
The 5.3-RELEASE announcement will include the location of official BitTorrent trackers for the iso images, so this isn't necessary.
To everyone trying to get an early copy of the iso: Slow down, wait for the signed announcement, and check the MD5 hashes. I have no reason to think that Vividdream is doing anything evil, but this wouldn't be the first time that trojans were circulated in advance of an official release...
...or a program to calculate pi.
Funny you should mention that. The first code I ever wrote in C was PiHex (a distributed project computing project, back in the days before those became cool, which computed the 5 trillionth, 40 trillionth, and quadrillionth bits of Pi. All of them were zero.)
My preference for source based upgrades is based partly on my desire for quick response time re: security.
Entirely off-topic, but if you're concerned about security, binary updates are a better option than source patches -- both because FreeBSD Update is more secure than the cvsup mirror system, and because I normally have patches available via FreeBSD Update within a few minutes of the code being committed to CVS and the security advisory going out. (I have the advantage of seeing the source patches in advance, thanks to being on the FreeBSD security team.)
Of course, this only applies to tracking the security branches, but if you're concerned about security that's what you should be doing anyway -- we don't issue security advisories for issues which only affect -current.
Or did I mis something here?
Aside from the second 's' in "miss", yes.
Patents are supposed to give sufficient detail to allow someone "skilled in the art" to reproduce the invention. Almost all "software patents" miserably fail at this task.
Requiring that working source code be provided would avoid the current situation where patenters obtain legal patent protection while still retaining effective secrecy.
...Internet Explorer with 15 flaws and Mozilla with only 7
Err... at this point, does it really matter? It's useful to compare BIND against djbdns (many security flaws vs. none), or Linux against OpenBSD (many security flaws vs. one remote hole in 8 years), but 15 flaws vs. 7 flaws? To me, that just says that both browsers are horribly insecure, and slightly more effort has been put into finding flaws in MSIE.
look around at a few billboard signs posted in various areas ... Nice new job recruiting strategy
I'm not sure that I believe that. It really looks more to me like a publicity stunt.
Any time they throw one of these billboards up, people jump all over the problems and the answers get posted all over the web. The people who end up responding to these are predominantly not smart people who solved them independently; rather, they are lucky people who happen to be traversing the right forums when the solution is posted.
If they were really looking for smart people, they'd use harder problems, and post them somewhere on their website rather than hoping that the right people happen to be driving down the right highway.
It's funny that everyone points to Google as the place to go if you want to put a newly-acquired PhD to use. Looking through their pages, I don't see a very large number of jobs which need a PhD, and none of those are research-related.
At the same time, I know that Google has a large number of PhDs doing research; where does it acquire them? Is there a secret jobs-for-really-smart-people page somewhere on their web site?
...a grueling hunt for all the .exe's, reg entries and sources for a bot infection...
Wrong answer. If you have a compromised system, trying to clean it is (a) likely to be really difficult, and (b) not secure.
Wipe the system, reinstall, and recover from backups. (You do keep good backups, right?) It sounds pessimistic, but in most cases an attempt to "clean" a system is going to end up with you pulling out the OS reinstall disks anyway.
No FPU meeting this standard [IEEE 754] will produce different results than any other FPU.
Correct as far as arithmetic operations go, but not for other functions. Trigonometric functions are quite a different story, and the results will vary between processors -- older Intel (co-)processors were accurate to 4.5 ulp, whereas recent ones are accurate to 1.5 or 1.0 ulp, for example.
For that matter, as far as I'm aware IEEE 754 doesn't make *any* requirements of the trigonometric functions; they might behave as random number generators for all the standard says.
that this 40 year old code has fewer buffer overrun vulnerabilities than XP, even with SuperPatch2?
This shouldn't be surprising at all. The larger the codebase, the larger the likely number of bugs: Not only are there more opportunities for error, but there will be more code paths which don't get regularly exercised.
It has been said that perfection is when there is nothing left to remove; I'd rather say that security is when there's nothing left to remove.