When Intel contributes a patch, they go through the required process necessary to make the patch meet the maintainers' standards. I actually did this a couple times when I worked at Intel.
If MS isn't going to do the work necessary to make their patches meet the standards, then it shouldn't be merged. I'm actually a little disappointed that they merged it in at all before going through this process fully.
It hasn't been merged to drivers/ proper, only drivers/staging/. This is the normal procedure these days for subpar driver code: it gets merged to staging/ in the hopes it will be cleaned up and can be merged to mainline proper.
Thank them for what? MS's contributed drivers are useless to anyone who isn't running MS's own hypervisor and Linux underneath (i.e., MS's customers). They didn't donate this code out of any altruism, only pure self-interest.
Um, so what? Are you forgetting that at least 80% of kernel development is done by people paid by corporations? Red Hat and Novell aren't bankrolling Linux development out of altruism any more than Microsoft is. Since when should altruism be expected of any for-profit corporation?
I don't think that's the situation. The drivers currently only exist in the -staging tree. That is far different than Linus' official tree. The -staging tree is home to driver code that does not meet the standards of Linus' tree, and it's purpose is to assist the maintainers of the code to increase its quality such that it can be included in Linus' tree. MS is not being asked to "commit resources in perpetuity," but merely to get the code up to the state where it can be included in Linus' kernel tree.
staging/ is part of mainline at this point, and has been for a while. Entirely correct aside from that, though. When they're cleaned up they'll be moved from drivers/staging/ to drivers/.
So what? They haven't contributed anything useful anyway. This "contribution" was only so their own customers, running MS's hypervisor, could better run Linux underneath. For Linux users not running MS's hypervisor (99.999% of them), it's completely useless.
The same applies to essentially all drivers. If you aren't using piece of hardware X, it's useless. So what? So it makes Linux more useful for the ones who do want to use this product. Interoperability and compatibility are only good things.
They put little effort into the task and delivered crap (as usual). So Good on you MS, now can you please clean up the pile of $%# you left in the corner, thank you.
There's no reason to think that the code is of particularly poor quality, given the circumstances. It just doesn't meet Linux kernel coding standards. Obviously full-time Linux kernel hackers are going to find a lot of ways things can be done better in a Linux driver written by outsiders. Few people at Microsoft are likely to be nearly as familiar with how the Linux kernel APIs as lkml denizens.
Moreover, there are all sorts of problems that Linux hackers might have with the code that aren't issues of code quality for a standalone driver (which is what this was originally designed as). A driver that duplicates functionality, or even does something in a different and better way that similar drivers could benefit from, might not be accepted into the kernel until all the good stuff is factored out so that it benefits all drivers. But if you're writing a standalone driver, you can't do that: you don't want to ask your customers to patch the kernel, so you have to hack around it.
Microsoft didn't donate anything. They were violating the GPL and preemptively released this source before they were caught. The code also is only of benefit to microsoft customers.
When Random Hardware Company X GPLs drivers for their hardware, it's also only of benefit to their customers, and possibly also because their lawyers have told them they have to. So what?
The City College of New York, in my recent experience, doesn't use Linux at all. All the public computers I ever saw there were Windows or Mac. Intro C++ course required Visual Studio, and the assembly course required MASM. (I'm sure there were some Linux-related courses in CS, but those are the only two CS courses I took, so I can't say first-hand.) I once tried to connect to the wireless network using a Linux machine and gave up -- Windows worked fine.
On the bright side, I wasn't ever expected to have Windows on my own computer. When Windows-only software was required (like MASM), I could use the campus computers. (It's possible I could have asked the professor to let me use Linux instead, too -- this was before I got into Linux.) Web services seemed to support Linux okay -- I had to change my User-Agent for a while, but I think they fixed that. I knew a few professors who used Linux on their office workstations.
I spent four weeks working on math at the CUNY Graduate Center this past summer, and while I didn't see much of their computer systems, the public computers in the math lounge (?) were mostly Windows, but several (~1/3, maybe) ran Ubuntu 9.04, with one lone Mac huddled off in the corner. I didn't run into many problems using the Linux machines. (Although they should have set up pam_mount, and there was one that didn't boot for a day or two because the filesystem needed fixing and it refused to run fsck -y without a root password. And Flash wasn't installed, but maybe that's a good thing.:) )
Now I'm a grad student at NYU, and when I walked into my new office for the first time I found my computer was RHEL 5. I was given a login that I can use to access various university servers remotely -- seemingly a mix of Solaris and Linux. I can use a web app to check my mail and set up forwarding -- or I can use GNU mail and create a.forward file. When I was in the office of an administrator talking about my program, I saw her typing out e-mail on a Unix command line of some kind (although it might have been PuTTY). NYU seems very Linux-friendly -- or at least Courant (the math/CS institute).
Anyway, Windows has had 2 schedulers for ages - you can select desktop or server style processing (and cache strategy) since NT4.
That's not two schedulers, it's just some tunables. See pages 391 to 444 of Windows Internals, 5th Edition (or comparable pages in earlier editions). For instance, on Vista the default quantum is two clock intervals (a "clock interval" is usually about 10 to 15 ms), while on Windows Server it's twelve clock intervals. Similarly, on desktops an extra boost is given to the currently focused application. You can adjust this at runtime in the GUI on Vista under Advanced System Settings -> Advanced -> Performance -> Settings -> Advanced (yes, apparently scheduler adjustments are very advanced in Microsoft's view). It can be controlled with slightly more granularity with the registry key HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl\Win32PrioritySeparation (a six-bit bitfield).
Linux currently offers scheduler tunables both at compile-time and runtime. Try ls/proc/sys/kernel/sched_*. It has more than Windows, apparently. I expect there are some compile-time options too, but I'm not an expert in anything related to kernels or systems programming.
Uh, you mean like firewalls? Sandboxing? Library Randomization? Protected memory and Execute Disable? Encrypted virtual memory? System heap library checksums? The ability to actually run user accounts as non-admins? FileVault? Disabling root by default? Download screening? Antiphishing technology? Browser page isolation? Minimal outward facing ports and services? Parental Controls?
Those anti-exploitation technologies?
If you read the interview, you would see that he specifically refers to ASLR and the NX bit, at least. OS X apparently only has a very limited version of those, at least compared to Vista (and some Linux builds). Quote:
For the record, Leopard has neither of these features, at least implemented effectively. In the exploit I won Pwn2Own with, I knew right where my shellcode was located and I knew it would execute on the heap for me.
But hey, if you want to believe lists of features rather than the opinion of a professional security expert who was demonstrably able to hack an OS X machine in two minutes and win a high-profile hacking contest, then go ahead.
"...he works for a security consulting firm and uses a Mac himself."
And not Windows and not Linux. Guess that says it all.
Yes, it does, because he said Mac was safer. Less secure — much easier to hack — but safer, because nobody bothers to hack it. Which is exactly my point. I was responding to the great-grandparent, who claimed Windows is easier to hack than Mac, and that obscurity isn't the major reason Macs are safer. The security expert I cited believes exactly the opposite to be the case, that Macs are easier to hack and obscurity is the major reason they're safer. No one disputes that they're safer.
2. Linux exploits (Linux market share is to Macs as Mac market share is to Windows)
What are some examples of widely-exploited Linux bugs? (Of course there are isolated exploits, but the same is true for Mac. And of course there are very severe security vulnerabilities all the time, but that doesn't mean they're exploited in practice. And of course Linux machines are compromised on a regular basis, but that might be due to weak passwords and such.)
3. Mac apps. People still write apps for the Mac, why not viruses?
Apps have to compete with each other. If a particular niche is filled on Windows but not Mac, then a new Windows-only app will have to compete with the existing apps. A new Mac app won't, so it will get a much larger slice of a smaller pie. On the other hand, twenty different viruses can recruit your computer into twenty different botnets with no problem, as any Windows user should be able to attest. (How often does a virus scan on an infested computer turn up only one virus?)
Besides, the number of apps for Mac is tiny compared to Windows.
4. There are plenty of viruses for the classic Mac OS.
Such as? I'm not doubting you, but I've never heard that claimed before.
5. There are tens of millions of Mac users. Even though Windows has hundreds of millions, tens of millions is still a large and lucrative group to attack.
It's a matter of cost and benefit. If it's three times the effort to write Windows exploits and you get twenty times the victims, there's just no reason to write viruses for Macs. Hackers are usually motivated by money, pure and simple.
Anyway, I don't have any credentials in hacking. So I'll rely on Charlie Miller, who's a professional hacker (security expert). He demonstrated that he knows something about Mac exploits by cracking a Mac in two minutes flat a while back and winning pwn2own. In an interview, he said (emphasis added):
Between Mac and PC, I'd say that Macs are less secure for the reasons we've discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn't much malware out there. For now, I'd still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them.
He's far from a Microsoft shill; he works for a security consulting firm and uses a Mac himself.
Last numbers I saw said there were 78 people actively working on the Linux kernel, and not all of these full-time
Where did you get that? LWN's development statistics for 2.6.31 (subscriber-only for the next few days) say that there were 1,146 distinct developers whose patches got accepted into this particular minor release (i.e., over the last three months or so). The stats for 2.6.30 (publicly viewable) show 1,125. Granted, most of these are probably touching only a tiny portion of the code and might only get a few changesets accepted, but they could still fairly be described as "actively working on the Linux kernel" (even if far from full-time). Also, there are an untold number of people who "actively work on the Linux kernel" but don't submit their patches, or submit them but don't get them accepted.
So maybe there are 78 people working on the Linux kernel according to some very specific, narrow definition, but you should really provide the definition if you're going to throw around such small numbers.
For what it's worth, I doubt that either Apple of Microsoft devotes anywhere near the man-hours to their kernels as get devoted to the Linux kernel. But a lot of the extra man-hours that Linux get contribute to extreme specialization, like dozens of supported CPU architectures (Windows: 3, Mac: 1), dozens of supported filesystems (Windows, Mac: But I'm not a kernel hacker or anything close to one, so take this post with a grain of salt.
DNRTFA but there's no misconduct in sending what amounts to a cease & desist to someone. Anyone can do this, lawyer or not. A C&D is not a court action, it's just a scary looking letter on expensive paper.
IANAL.
IANAL either, but even though it's not necessarily illegal to send a false C&D order, you don't have to break the law to get disbarred. It's enough to behave unethically, and deliberately misrepresenting the law to someone is generally unethical. The American Bar Association's Model Rules of Professional Conduct say, in rule 3.1, that:
A lawyer shall not bring or defend a proceeding, or assert or controvert an issue therein, unless there is a basis in law and fact for doing so that is not frivolous, which includes a good faith argument for an extension, modification or reversal of existing law. A lawyer for the defendant in a criminal proceeding, or the respondent in a proceeding that could result in incarceration, may nevertheless so defend the proceeding as to require that every element of the case be established.
If a lawyer is licensed to practice law in a state that's adopted the Model Rules, you can file a complaint with the bar association of that state if a lawyer violates them. States that don't use the Model Rules typically have their own code of ethics, which probably contains a similar provision. The bar will theoretically consider your complaint and, if it finds the lawyer did act unethically, may penalize him. Repeated or severe offenses can lead to disbarment.
Of course, this is all on paper. The ones who decide on whether to impose penalties are, of course, lawyers. And most unethical conduct probably isn't reported. But in theory, you could get disbarred for filing cease-and-desist letters that you knew were groundless.
Pi is an irrational number. This means it goes on forever. Thus it's safe to assume the set of numbers after 3.14.. are infinite. Is it right to say that it contains ALL possible combination of ALL numbers imaginable? For example. I could search for 1234567890 and it would be found in the numbers trailing Pi because they are infinite and at SOME point they will be present. Is my line of thinking correct?
No. Something can be infinite without having any variety to it. The string 0.000000... is infinite as well, but clearly doesn't contain every possible digit combination. Nor does 0.333333.... If you want an irrational example, try the Liouville constant: 0.110001000000000000000001000..., the sum of 10^(-n!) over all n > 0. (So 10^-1 + 10^-2 + 10^-6 + 10^-24 + 10^-120 +...) This number is transcendental, but obviously doesn't contain all possible strings of digits.
A number whose decimal expansion has all possible sequences of digits of each length uniformly distributed is called normal. It's widely suspected that pi is normal, but it hasn't been proven. So probably it does contain all possible sequences of digits; but nobody is sure yet.
Also extend this line of thought one step farther. The universe is infinite.
That's not known to be true. It's generally thought to be finite right now, as far as I know.
There are an infinite amount of galaxies and within these infinite amount of galaxies are infinite number of planets. Of these infinite amounts of planets there are bound to be an infinite amount similar to earth. Since it's infinite and contains ALL possible combination of molecules/atoms is it safe to assume that SOMEWHERE in the universe there is a parallel earth with people exactly like me doing the exact same thing right now except one thing is different. Like a molecule or something.
No, it depends on how things are distributed. You can have infinite sets where things don't repeat. There are some scenarios people have concocted with more rigorous hypotheses that give the result you desire, though. For instance, if you suppose that the universe has existed forever, is deterministic, and can only assume finitely many states, then it's pretty easy to see that the current state of the universe must have repeated infinitely many times before. But infinite spatial extent doesn't necessitate anything like that. You need more hypotheses.
Further, if you share data with an outside company, you don't have a reasonable expectation of privacy in that data anymore, and the government can subpoena that company for what it knows about you. Just like a lawyer engaging in communications with his client with a third party present, those communications are no longer privileged.
IANAL, I just watch fake ones on TV.
I'm also not a lawyer, but this sounds totally wrong to me. If you give some info to a third party, the government can subpoena that third party no more or less than they can subpoena you. Even if I don't have a reasonable expectation of privacy if I give my mail to Google (which seems unlikely to me), Google certainly still has a reasonable expectation of privacy with respect to the mail it hosts. The government isn't allowed to just read Google's mail without following due process, same as if you hosted it yourself.
Anyway, in medicine, the worry isn't really about the government snooping on your data. It's about private parties.
Now that is exciting! But then you need a service just to manage all those snapshots and discard things before you run out of space.
If I understand correctly, it takes "checkpoints" automatically, and discards the oldest checkpoints automatically as needed unless they're transformed into snapshots by the appropriate command. If something is explicitly transformed into a snapshot, it will take up space until explicitly discarded. Something like that. It's still a ways off, even if you have solid-state drives handy.
I undelete stuff all the time on Linux. you just open the trash and pull the stuff out. Once you empty the trash it is gone though. If you're using a command-line and 'rm' stuff though, that's entirely your fault for using such a low-level power-user interface for file management.
There are serious performance consequences and fragmentation consequences of supporting undelete at the filesystem level. But supporting snapshots is something high performance filesystems do, and snapshots are way more useful than undelete. Especially if snapshots are cheap enough to make them automated. Imagine having 24 revisions of your filesystem of the last 24 hours.
Filesystems like NILFS plan to do even better: potentially a snapshot on every write, with better performance than existing filesystems. Of course, they only work on solid-state drives.
I'd rephrase that. It eliminates the common cases where you'd need fsck on a conventional filesystem.
ZFS' design makes consistency failure extremely unlikely. I understand why they claim it doesn't need fsck ("always consistent on disk").
That's assuming that when you have a power outage, either you were using battery-backed RAID, or the disk was kind enough to commit the writes to the physical medium in the order the OS gave them. If you don't have battery-backed RAID, the only way you can have the faintest clue what's on the disk in the event of a power outage is to configure the OS or applications to flush data to the actual physical medium constantly, skipping the write buffers on the device. Which is incredibly slow. So nobody tends to do it very aggressively. If you don't take that step, you can't guarantee anything; a fsck is still required after a power outage. (Not to mention other types of hardware failure.) The only time you won't need fsck is after a mere OS crash; but you usually don't need a fsck then anyway, on journaled filesystems.
Really? It seems to me that with a centralized system, you have one entity controlling trust. If you want to subvert that, you have to convince that entity that you are trust worthy. If you have a decentralized system, you could have 1000 entities controlling trust. That's 9999 more chances you have to trick someone.
Well, one thing I certainly can't trust is Slashdot users' ability to do arithmetic.
I take your point about Wikipedia's past use (though didn't the GFDL get modified explicitly to allow Wikipedia to transition to CC-BY-SA?).
Yes, but CC-BY-SA-incompatible copyleft licenses are still accepted for images, as long as they meet the usual FSF-style free licensing guidelines. I have no idea if Wikimedia lawyers have ever commented on this policy, or if it was made up by a bunch of IANALs like us.:) I'd *hope* there would have been an official recommendation from Wikimedia counsel by now, but I really don't know.
In any event, Wikipedia is often lax about the details when it comes to licensing — like all the custom JavaScript is licensed as just CC-BY-SA/GFDL like everything else, even though it calls functions from GPL-licensed MediaWiki JavaScript. It keeps to the spirit of the licenses very strongly, the letter not always so much.
However, the one time I attempted to do this, the process was so incomprhensible that it took me thirty minutes to figure out how where to submit the photo, how to submit the photo, and which one of twleve different copyrights was appropriate. Then it took the same amount of time to figure out how to go about replacing a photo in an article with the one I submitted.
And I am a computer programmer. I can't imagine someone who does photography for a living would have an easier time.
Yes, the upload interface is even worse than the rest of the MediaWiki interface. However, literally a week ago a totally revamped upload system was committed. If all goes well, Wikipedia should be using it within, say, a month. It's supposed to be much better, although I haven't tried it myself.
(The commit might still be reverted, as a giant branch merge that broke a bunch of things. But since it's had a few dozen follow-up commits that would also all have to be untangled, it would probably be less effort to fix whatever brokenness is left at this point.:D It will probably delay the next sync of Wikipedia's code, though.)
The standard license on Wikipedia is CC-BY-SA. It's my understanding (as a non-lawyer) that if you upload an image to Wikipedia also as ShareAlike, then anyone who uses your image is bound by the creative commons license (or a compatible alternative) for any derivative works (similar in spirit to the GPL).
Yes, but is a document that you embed the photo into a derivative work? Wikipedia itself has always assumed not. It's embedded, for instance, CC-BY-SA images in GFDL content, even though the licenses are incompatible. Thus you could embed a CC-BY-SA photo in a proprietary work just fine, as long as you make available any changes to the photo itself. CC-BY-SA is much weaker copyleft than the GPL, AFAICT: more like the LGPL.
This is a browser out of memory crash. There is no evidence that this is exploitable while all evidence points to it not being exploitable. Pretty much all browsers crash from this but that doesn't mean that it's a security issue.
Chrome doesn't crash on the exploit. Not even a sad tab.
Slashdot Mirror
Don't be stupid.
When Intel contributes a patch, they go through the required process necessary to make the patch meet the maintainers' standards. I actually did this a couple times when I worked at Intel.
If MS isn't going to do the work necessary to make their patches meet the standards, then it shouldn't be merged. I'm actually a little disappointed that they merged it in at all before going through this process fully.
It hasn't been merged to drivers/ proper, only drivers/staging/. This is the normal procedure these days for subpar driver code: it gets merged to staging/ in the hopes it will be cleaned up and can be merged to mainline proper.
Thank them for what? MS's contributed drivers are useless to anyone who isn't running MS's own hypervisor and Linux underneath (i.e., MS's customers). They didn't donate this code out of any altruism, only pure self-interest.
Um, so what? Are you forgetting that at least 80% of kernel development is done by people paid by corporations? Red Hat and Novell aren't bankrolling Linux development out of altruism any more than Microsoft is. Since when should altruism be expected of any for-profit corporation?
I don't think that's the situation. The drivers currently only exist in the -staging tree. That is far different than Linus' official tree. The -staging tree is home to driver code that does not meet the standards of Linus' tree, and it's purpose is to assist the maintainers of the code to increase its quality such that it can be included in Linus' tree. MS is not being asked to "commit resources in perpetuity," but merely to get the code up to the state where it can be included in Linus' kernel tree.
staging/ is part of mainline at this point, and has been for a while. Entirely correct aside from that, though. When they're cleaned up they'll be moved from drivers/staging/ to drivers/.
So what? They haven't contributed anything useful anyway. This "contribution" was only so their own customers, running MS's hypervisor, could better run Linux underneath. For Linux users not running MS's hypervisor (99.999% of them), it's completely useless.
The same applies to essentially all drivers. If you aren't using piece of hardware X, it's useless. So what? So it makes Linux more useful for the ones who do want to use this product. Interoperability and compatibility are only good things.
They put little effort into the task and delivered crap (as usual). So Good on you MS, now can you please clean up the pile of $%# you left in the corner, thank you.
There's no reason to think that the code is of particularly poor quality, given the circumstances. It just doesn't meet Linux kernel coding standards. Obviously full-time Linux kernel hackers are going to find a lot of ways things can be done better in a Linux driver written by outsiders. Few people at Microsoft are likely to be nearly as familiar with how the Linux kernel APIs as lkml denizens.
Moreover, there are all sorts of problems that Linux hackers might have with the code that aren't issues of code quality for a standalone driver (which is what this was originally designed as). A driver that duplicates functionality, or even does something in a different and better way that similar drivers could benefit from, might not be accepted into the kernel until all the good stuff is factored out so that it benefits all drivers. But if you're writing a standalone driver, you can't do that: you don't want to ask your customers to patch the kernel, so you have to hack around it.
Microsoft didn't donate anything. They were violating the GPL and preemptively released this source before they were caught. The code also is only of benefit to microsoft customers.
When Random Hardware Company X GPLs drivers for their hardware, it's also only of benefit to their customers, and possibly also because their lawyers have told them they have to. So what?
The City College of New York, in my recent experience, doesn't use Linux at all. All the public computers I ever saw there were Windows or Mac. Intro C++ course required Visual Studio, and the assembly course required MASM. (I'm sure there were some Linux-related courses in CS, but those are the only two CS courses I took, so I can't say first-hand.) I once tried to connect to the wireless network using a Linux machine and gave up -- Windows worked fine.
On the bright side, I wasn't ever expected to have Windows on my own computer. When Windows-only software was required (like MASM), I could use the campus computers. (It's possible I could have asked the professor to let me use Linux instead, too -- this was before I got into Linux.) Web services seemed to support Linux okay -- I had to change my User-Agent for a while, but I think they fixed that. I knew a few professors who used Linux on their office workstations.
I spent four weeks working on math at the CUNY Graduate Center this past summer, and while I didn't see much of their computer systems, the public computers in the math lounge (?) were mostly Windows, but several (~1/3, maybe) ran Ubuntu 9.04, with one lone Mac huddled off in the corner. I didn't run into many problems using the Linux machines. (Although they should have set up pam_mount, and there was one that didn't boot for a day or two because the filesystem needed fixing and it refused to run fsck -y without a root password. And Flash wasn't installed, but maybe that's a good thing. :) )
Now I'm a grad student at NYU, and when I walked into my new office for the first time I found my computer was RHEL 5. I was given a login that I can use to access various university servers remotely -- seemingly a mix of Solaris and Linux. I can use a web app to check my mail and set up forwarding -- or I can use GNU mail and create a .forward file. When I was in the office of an administrator talking about my program, I saw her typing out e-mail on a Unix command line of some kind (although it might have been PuTTY). NYU seems very Linux-friendly -- or at least Courant (the math/CS institute).
Anyway, Windows has had 2 schedulers for ages - you can select desktop or server style processing (and cache strategy) since NT4.
That's not two schedulers, it's just some tunables. See pages 391 to 444 of Windows Internals, 5th Edition (or comparable pages in earlier editions). For instance, on Vista the default quantum is two clock intervals (a "clock interval" is usually about 10 to 15 ms), while on Windows Server it's twelve clock intervals. Similarly, on desktops an extra boost is given to the currently focused application. You can adjust this at runtime in the GUI on Vista under Advanced System Settings -> Advanced -> Performance -> Settings -> Advanced (yes, apparently scheduler adjustments are very advanced in Microsoft's view). It can be controlled with slightly more granularity with the registry key HKLM\SYSTEM\CurrentControlSet\Control\PriorityControl\Win32PrioritySeparation (a six-bit bitfield).
Linux currently offers scheduler tunables both at compile-time and runtime. Try ls /proc/sys/kernel/sched_*. It has more than Windows, apparently. I expect there are some compile-time options too, but I'm not an expert in anything related to kernels or systems programming.
"... lack of anti-exploitation technologies..."
Uh, you mean like firewalls? Sandboxing? Library Randomization? Protected memory and Execute Disable? Encrypted virtual memory? System heap library checksums? The ability to actually run user accounts as non-admins? FileVault? Disabling root by default? Download screening? Antiphishing technology? Browser page isolation? Minimal outward facing ports and services? Parental Controls?
Those anti-exploitation technologies?
If you read the interview, you would see that he specifically refers to ASLR and the NX bit, at least. OS X apparently only has a very limited version of those, at least compared to Vista (and some Linux builds). Quote:
But hey, if you want to believe lists of features rather than the opinion of a professional security expert who was demonstrably able to hack an OS X machine in two minutes and win a high-profile hacking contest, then go ahead.
"...he works for a security consulting firm and uses a Mac himself."
And not Windows and not Linux. Guess that says it all.
Yes, it does, because he said Mac was safer. Less secure — much easier to hack — but safer, because nobody bothers to hack it. Which is exactly my point. I was responding to the great-grandparent, who claimed Windows is easier to hack than Mac, and that obscurity isn't the major reason Macs are safer. The security expert I cited believes exactly the opposite to be the case, that Macs are easier to hack and obscurity is the major reason they're safer. No one disputes that they're safer.
No they won't. Network speeds use the same terminology that RF engineers use: base-10 prefixes.
That doesn't mean browser UIs do.
Well of course not; why the fuck would you want to? That's like wondering how many hours there are in a week
168.
. . . is it bad that I knew that off the top of my head?
2. Linux exploits (Linux market share is to Macs as Mac market share is to Windows)
What are some examples of widely-exploited Linux bugs? (Of course there are isolated exploits, but the same is true for Mac. And of course there are very severe security vulnerabilities all the time, but that doesn't mean they're exploited in practice. And of course Linux machines are compromised on a regular basis, but that might be due to weak passwords and such.)
3. Mac apps. People still write apps for the Mac, why not viruses?
Apps have to compete with each other. If a particular niche is filled on Windows but not Mac, then a new Windows-only app will have to compete with the existing apps. A new Mac app won't, so it will get a much larger slice of a smaller pie. On the other hand, twenty different viruses can recruit your computer into twenty different botnets with no problem, as any Windows user should be able to attest. (How often does a virus scan on an infested computer turn up only one virus?)
Besides, the number of apps for Mac is tiny compared to Windows.
4. There are plenty of viruses for the classic Mac OS.
Such as? I'm not doubting you, but I've never heard that claimed before.
5. There are tens of millions of Mac users. Even though Windows has hundreds of millions, tens of millions is still a large and lucrative group to attack.
It's a matter of cost and benefit. If it's three times the effort to write Windows exploits and you get twenty times the victims, there's just no reason to write viruses for Macs. Hackers are usually motivated by money, pure and simple.
Anyway, I don't have any credentials in hacking. So I'll rely on Charlie Miller, who's a professional hacker (security expert). He demonstrated that he knows something about Mac exploits by cracking a Mac in two minutes flat a while back and winning pwn2own. In an interview, he said (emphasis added):
He's far from a Microsoft shill; he works for a security consulting firm and uses a Mac himself.
Last numbers I saw said there were 78 people actively working on the Linux kernel, and not all of these full-time
Where did you get that? LWN's development statistics for 2.6.31 (subscriber-only for the next few days) say that there were 1,146 distinct developers whose patches got accepted into this particular minor release (i.e., over the last three months or so). The stats for 2.6.30 (publicly viewable) show 1,125. Granted, most of these are probably touching only a tiny portion of the code and might only get a few changesets accepted, but they could still fairly be described as "actively working on the Linux kernel" (even if far from full-time). Also, there are an untold number of people who "actively work on the Linux kernel" but don't submit their patches, or submit them but don't get them accepted.
So maybe there are 78 people working on the Linux kernel according to some very specific, narrow definition, but you should really provide the definition if you're going to throw around such small numbers.
For what it's worth, I doubt that either Apple of Microsoft devotes anywhere near the man-hours to their kernels as get devoted to the Linux kernel. But a lot of the extra man-hours that Linux get contribute to extreme specialization, like dozens of supported CPU architectures (Windows: 3, Mac: 1), dozens of supported filesystems (Windows, Mac: But I'm not a kernel hacker or anything close to one, so take this post with a grain of salt.
DNRTFA but there's no misconduct in sending what amounts to a cease & desist to someone. Anyone can do this, lawyer or not. A C&D is not a court action, it's just a scary looking letter on expensive paper.
IANAL.
IANAL either, but even though it's not necessarily illegal to send a false C&D order, you don't have to break the law to get disbarred. It's enough to behave unethically, and deliberately misrepresenting the law to someone is generally unethical. The American Bar Association's Model Rules of Professional Conduct say, in rule 3.1, that:
If a lawyer is licensed to practice law in a state that's adopted the Model Rules, you can file a complaint with the bar association of that state if a lawyer violates them. States that don't use the Model Rules typically have their own code of ethics, which probably contains a similar provision. The bar will theoretically consider your complaint and, if it finds the lawyer did act unethically, may penalize him. Repeated or severe offenses can lead to disbarment.
Of course, this is all on paper. The ones who decide on whether to impose penalties are, of course, lawyers. And most unethical conduct probably isn't reported. But in theory, you could get disbarred for filing cease-and-desist letters that you knew were groundless.
(sent here from #math on freenode)
Pi is an irrational number. This means it goes on forever. Thus it's safe to assume the set of numbers after 3.14.. are infinite. Is it right to say that it contains ALL possible combination of ALL numbers imaginable? For example. I could search for 1234567890 and it would be found in the numbers trailing Pi because they are infinite and at SOME point they will be present. Is my line of thinking correct?
No. Something can be infinite without having any variety to it. The string 0.000000... is infinite as well, but clearly doesn't contain every possible digit combination. Nor does 0.333333.... If you want an irrational example, try the Liouville constant: 0.110001000000000000000001000..., the sum of 10^(-n!) over all n > 0. (So 10^-1 + 10^-2 + 10^-6 + 10^-24 + 10^-120 + ...) This number is transcendental, but obviously doesn't contain all possible strings of digits.
A number whose decimal expansion has all possible sequences of digits of each length uniformly distributed is called normal. It's widely suspected that pi is normal, but it hasn't been proven. So probably it does contain all possible sequences of digits; but nobody is sure yet.
Also extend this line of thought one step farther. The universe is infinite.
That's not known to be true. It's generally thought to be finite right now, as far as I know.
There are an infinite amount of galaxies and within these infinite amount of galaxies are infinite number of planets. Of these infinite amounts of planets there are bound to be an infinite amount similar to earth. Since it's infinite and contains ALL possible combination of molecules/atoms is it safe to assume that SOMEWHERE in the universe there is a parallel earth with people exactly like me doing the exact same thing right now except one thing is different. Like a molecule or something .
No, it depends on how things are distributed. You can have infinite sets where things don't repeat. There are some scenarios people have concocted with more rigorous hypotheses that give the result you desire, though. For instance, if you suppose that the universe has existed forever, is deterministic, and can only assume finitely many states, then it's pretty easy to see that the current state of the universe must have repeated infinitely many times before. But infinite spatial extent doesn't necessitate anything like that. You need more hypotheses.
Further, if you share data with an outside company, you don't have a reasonable expectation of privacy in that data anymore, and the government can subpoena that company for what it knows about you. Just like a lawyer engaging in communications with his client with a third party present, those communications are no longer privileged.
IANAL, I just watch fake ones on TV.
I'm also not a lawyer, but this sounds totally wrong to me. If you give some info to a third party, the government can subpoena that third party no more or less than they can subpoena you. Even if I don't have a reasonable expectation of privacy if I give my mail to Google (which seems unlikely to me), Google certainly still has a reasonable expectation of privacy with respect to the mail it hosts. The government isn't allowed to just read Google's mail without following due process, same as if you hosted it yourself.
Anyway, in medicine, the worry isn't really about the government snooping on your data. It's about private parties.
Now that is exciting! But then you need a service just to manage all those snapshots and discard things before you run out of space.
If I understand correctly, it takes "checkpoints" automatically, and discards the oldest checkpoints automatically as needed unless they're transformed into snapshots by the appropriate command. If something is explicitly transformed into a snapshot, it will take up space until explicitly discarded. Something like that. It's still a ways off, even if you have solid-state drives handy.
I undelete stuff all the time on Linux. you just open the trash and pull the stuff out. Once you empty the trash it is gone though. If you're using a command-line and 'rm' stuff though, that's entirely your fault for using such a low-level power-user interface for file management.
There are serious performance consequences and fragmentation consequences of supporting undelete at the filesystem level. But supporting snapshots is something high performance filesystems do, and snapshots are way more useful than undelete. Especially if snapshots are cheap enough to make them automated. Imagine having 24 revisions of your filesystem of the last 24 hours.
Filesystems like NILFS plan to do even better: potentially a snapshot on every write, with better performance than existing filesystems. Of course, they only work on solid-state drives.
I'd rephrase that. It eliminates the common cases where you'd need fsck on a conventional filesystem.
ZFS' design makes consistency failure extremely unlikely. I understand why they claim it doesn't need fsck ("always consistent on disk").
That's assuming that when you have a power outage, either you were using battery-backed RAID, or the disk was kind enough to commit the writes to the physical medium in the order the OS gave them. If you don't have battery-backed RAID, the only way you can have the faintest clue what's on the disk in the event of a power outage is to configure the OS or applications to flush data to the actual physical medium constantly, skipping the write buffers on the device. Which is incredibly slow. So nobody tends to do it very aggressively. If you don't take that step, you can't guarantee anything; a fsck is still required after a power outage. (Not to mention other types of hardware failure.) The only time you won't need fsck is after a mere OS crash; but you usually don't need a fsck then anyway, on journaled filesystems.
Really? It seems to me that with a centralized system, you have one entity controlling trust. If you want to subvert that, you have to convince that entity that you are trust worthy. If you have a decentralized system, you could have 1000 entities controlling trust. That's 9999 more chances you have to trick someone.
Well, one thing I certainly can't trust is Slashdot users' ability to do arithmetic.
Version numbers are especially important - users will use the one with the highest version, i.e. IE 8.
You mean Opera 9.6, right?
I take your point about Wikipedia's past use (though didn't the GFDL get modified explicitly to allow Wikipedia to transition to CC-BY-SA?).
Yes, but CC-BY-SA-incompatible copyleft licenses are still accepted for images, as long as they meet the usual FSF-style free licensing guidelines. I have no idea if Wikimedia lawyers have ever commented on this policy, or if it was made up by a bunch of IANALs like us. :) I'd *hope* there would have been an official recommendation from Wikimedia counsel by now, but I really don't know.
In any event, Wikipedia is often lax about the details when it comes to licensing — like all the custom JavaScript is licensed as just CC-BY-SA/GFDL like everything else, even though it calls functions from GPL-licensed MediaWiki JavaScript. It keeps to the spirit of the licenses very strongly, the letter not always so much.
However, the one time I attempted to do this, the process was so incomprhensible that it took me thirty minutes to figure out how where to submit the photo, how to submit the photo, and which one of twleve different copyrights was appropriate. Then it took the same amount of time to figure out how to go about replacing a photo in an article with the one I submitted.
And I am a computer programmer. I can't imagine someone who does photography for a living would have an easier time.
Yes, the upload interface is even worse than the rest of the MediaWiki interface. However, literally a week ago a totally revamped upload system was committed. If all goes well, Wikipedia should be using it within, say, a month. It's supposed to be much better, although I haven't tried it myself.
(The commit might still be reverted, as a giant branch merge that broke a bunch of things. But since it's had a few dozen follow-up commits that would also all have to be untangled, it would probably be less effort to fix whatever brokenness is left at this point. :D It will probably delay the next sync of Wikipedia's code, though.)
The standard license on Wikipedia is CC-BY-SA. It's my understanding (as a non-lawyer) that if you upload an image to Wikipedia also as ShareAlike, then anyone who uses your image is bound by the creative commons license (or a compatible alternative) for any derivative works (similar in spirit to the GPL).
Yes, but is a document that you embed the photo into a derivative work? Wikipedia itself has always assumed not. It's embedded, for instance, CC-BY-SA images in GFDL content, even though the licenses are incompatible. Thus you could embed a CC-BY-SA photo in a proprietary work just fine, as long as you make available any changes to the photo itself. CC-BY-SA is much weaker copyleft than the GPL, AFAICT: more like the LGPL.
But, as usual, IANAL.
This is a browser out of memory crash. There is no evidence that this is exploitable while all evidence points to it not being exploitable. Pretty much all browsers crash from this but that doesn't mean that it's a security issue.
Chrome doesn't crash on the exploit. Not even a sad tab.