...that you can't hose the system, but can hose your own files? I'll admit that users are dumb and capabilities could help, but they're not a panacea.
Users do dumb things. A user doing something stupid can invalidate any security model. With capabilities, the problem is that
there's a trade-off between security and functionality. If you give executables the read capability, you can still have something like SirCam. If you give it TCP caps, your machine can be used as
a node in a DDoS or attempt to trojan other computers. If you give them write caps, you're back to where you were before: all of your data is insecure. If you give it execute caps, it can run another program that does something bad, anyway.
So your default caps for securely running executables are no read, no write, no execute, and no Internet connectivity. So in order to do pretty much _anything_ with the program you
downloaded, you need to change its caps.
At this point, what's the difference between simply not downloading and running something you don't trust?
You mean, except for step #1, which states, in no uncertain the terms, the prerequisite for the rest of the steps to work: you're already logged in as administrator. It shouldn't be any surprise that the administrator can gain complete access to the system.
Not just the manner in which they spread, but the base from which they spread. Since exploitable Microsoft boxen far outnumber exploitable, say, Linux boxen by a
significant number (for many reasons, not the least of which is the installed user base's size), the scale of the attack and thus the
observed effects on global routing are directly related to the fact that these are Microsoft worms.
The manner in which they probe, alone, is insignificant. (Other things are comparable in approach.) The magnitude makes all the difference.
The Soviet experience in Afghanistan isn't entirely relevant. Their presence there was for a different purpose with different requirements. They needed to hold ground and fortify within Afghanistan, which is difficult to do in any classical military fashion there. Some of what they learned there may be useful if we're going to try charging in there guns ablaze. I doubt there will be any deterrents to taking military action against Afghanistan and maybe other states that we "discover" are in league with the terrorists responsible for the WTC tragedy. The parable of the well-oiled army machine against the warrior-tribes of the People is fascinating. But let's not get too ahead of ourselves: the Soviets were trying to hold Afghanistan, not blast it to smithereens. While a sustained ground war is likely, I doubt that it will be the primary mode of attack.
This is the ultimate in no-win situations for ISPs. If they refused to cooperate, you can sure as hell bet that it'd draw not only the ire of the US Government, but of the People--including some of their customers--who are blinded by rage and indignation at this time. Hardly a few hours went by before black-hearted politicans and "law-enforcement" agencies were vying to see who could blaspheme the dead the most by co-opting a tragedy for their political gain. Not a day later, you had Republican Congressmen coming out and saying, "This is why we need a missile defense system." (Fuck you! Show me a missile defense system that would stop a suicidal hijacker.) But the People, as a whole, aren't outraged by these reprehensible actions because we're all seeing red, and little else. Rights and respect are in the peripherial vision. Anything that sounds like an upbraid to the terrorists is now okay. So what is an ISP to do when the Feds come knocking and say, "Let us look at your traffic?" Saying no would make for the biggest PR massacre in the history of Capitalism. The only option is to abandon protection of user rights, which is not something most ISPs look forward to doing.
On the prostitution of the missile defense system by Republican Congressmen on the same day as this tragedy: this is shameful. It doesn't matter whether you believe missile defense will work/should be bought/whatever. That's not the point. Using the occasion of mass murder to politick should be absolutely unacceptable. It's no different than if someone had come out and said, "This is why we should not be involved in the Middle East." I was hoping that for at least 24 hours, we could leave politics by the wayside. If anything was to be done that day concerning policy, it should have been precisely what was done: review what went wrong and how to fix it.
I'm not saying it's right or wrong, only that it is: America is stuck in a reactionary rut. We're relegated to reacting rather than forging our own path for the time being. For AOL and Earthlink and many others, the obvious problem arises: when can you make a stand on the principles of this country when they directly oppose the republic's bloodlust? I can't blame AOL or Earthlink for this move. They're stuck in a no-win situation. Someone, somewhere, will hopefully make the very public stand on issues when the climate is more appropriate and drag our enraged People out of their rut and back into secular (meaning: worldly) thinking. But for now, the heat is too stifling.
This is the benchmark you're going to use for speed? Whether people have written an Operating System in it or not? I suppose, then, that C++ is moderately slow, C is very fast, and assembly has been getting really slow as of late?
Except that they attacked both the WTC and the Pentagon, the latter of which Virgil was near enough to, to see the ash. He was also in a Federal building, which was evacuated as the fear of the scope's attacks spread. That seems to make it a valid first-person account to me.
No, no, no. That's a complete and utter apocryphal tale. The real story goes like this: Italian astronomer Giovanni Schiaparelli observed canali (that's Italian) on Mars. The word "canali" means either "channels" or "canals." There's an obvious difference: a canal is man-made, a channel need not be. There were no dark blotches. They were lines across Mars. An American astronomer named Percival Lowell went well overboard with the canali, stating that they were, in fact canals and inventing an entire Martian ecology. He wasn't some rich guy with a telescope. Lowell predicted the existence of Pluto and founded the observatory where it was later discovered. What Giovanni and, to a lesser extent, Lowell observed on Mars is real. They were seeing huge surface features (like Valles Marineris) and the planet's covering of natural channels.
Lowell popularized the observations by turning them into, basically, science fiction of the worst sort. That's a bad deal, indeed, but some of the canali were there. The important lesson in this story--which is highly relevant given this story--is that Occam's Razor exists for a good reason. Go with the simpler explanation (that these are naturally carved channels) until something comes along that says something wierder is true (that aliens are out farming on Mars). Simpler: seasonal changes over more complex: alien plant-life.
January 10, 1983, actually. The patent wasn't granted until July 9, 1985. Remember, though, that it's not merely point-of-sale systems. It has to meet the specified claims, including the method of authentication. This is not to say that such systems did not exist prior to the filing. I'm reasonably sure that they did.
Anyway, there's good reason to fight the patent as being so broad that it'll apply to all downloads and to treat it as such: the language of the patent doesn't unambigously dismiss this possibility. Therefore, regardless of the stated or actual intent of the patent holder(s), the possibility for enforcement exists. That is what should be dealt with; not the probability of enforcement.
I always have to smile when I hear US citizens speak of "frivolous" lawsuits,...
Uh, I'm guessing these US citizens speaking of frivolous lawsuits are speaking about the USA, not about the rest of the world (which Americans couldn't really care less about; sorry, it's true--I don't condone it, I just observe it).
So there you are, grinning like an idiot, thinking you know a little more than the Western Fools, and you're completely missing the point. US citizens aren't quite the morons you think them to be. In fact, the tendency to sue to solve any minor, trivial, inane dispute is so well-observed that even a bloody Hulk Hogan movie made fun of it. A movie starring a frickin' wrestler! (General Rule of Thumb: When a pro wrestler has enough insight and causticism to lambaste a practice, it's safe to assume that said practice is both well-known and universally despised.)
depending upon where you draw the line on "material object" (can it already belong to the purchaser, or must it be included in the sale?)
The quoted portion of the patent is, "reproduction in a material object at the point of sale." This means that the reproduction must be occuring at the point-of-sale (or, as an alternate reading, in a material object that is at the point-of-sale). The two readings are subtly different, but both invalidate the claim that this covers copying to a disk which is then distributed or the implication that this might not implicate pay-for-download sites.
Uh, how's it a "MS only technolog" if Konqueror can use it? The point of doing so would be to help people who use ActiveX controls (some people legitimately do so, surprisingly) to migrate to a non-MS platform. You lower the entry barrier by permitting them to do business-as-usual on a different platform. You embrace your enemy to get his friends. Et cetera.
But, uh, back to the less intelligent stuff: How can it be MS-only if someone else is supporting it?
Oh, dear God, you're evil. Now I have that bloody song going through my head... Doo-doo-doooo, da-da-doo-da-doo, do-do do-do do-do da-do-da-doo...Make it stop. Argghhh.
Most of this isn't true. Quake wasn't the first multiplayer game to really be popular on the Internet, it wasn't a technical revolution for a game to include a scripting language or allow customizations, etc. Quake featured little technical innovation. That said, it did have have true 3D, customization abilities, and networking in a package that you or I could run. It was delivering these things together for the masses and the commercial success of the game that made the biggest impact.
...is to beat them. Mercilessly. You'd be surprised how attentive granny gets when you chain her down to the ergonomic chair, unscrew the lumbar support, and give her a thrashing with it. CLICK THE GOD-BE-F#*@ING-DAMNED MINIMIZE WINDOW, GRANDMA.
Or, anyway, that's what worked for my grandma, God rest her soul.
Hey, that's a Texan accent. The common "American accent" (e.g., the one you hear on most television shows, in movies, etc.) is Widwestern. There are tons of different American accents, though. Consider Bostonians who pronounce "Worchester" something like Elmer Fudd saying "rooster." Anyway, Canadians only have a slightly different accent than Midwesterners. Well, at least, until we get to the word "about" -- I swear if I hear someone say "ah-boot" again...
Bleh, I didn't submit that in that form -- I previewed, edited it to fix the mental mistake (I typed instead of to end the link), then submitted and somehow that came out. Sucks to be me.
Well, I have little doubt that there are implementation-dependent mechanisms for tweaking the garbage collection schemes of both Java and Python. But, you're right, the statement was a rather curious demonstration of unfamiliarity with Java. On the other hand, he may have a point in saying that Python is simpler to learn than Java, even if his reasoning was on faulty grounds. Java is a much more strict language with far more baggage than Python. It's of little consequence once you're familiar with the red-tape (access modifiers, placing everything in classes, etc.)--and, actually, after you get used to it, you realize it's in many ways better than the alternatives--but for the beginner who may not be familiar with all the concepts, it can be confusing and off-putting.
Most introductory Java books or classes (note that the following is true of C and C++, too) begin by giving you a skeletal framework and telling users to fill in the blanks and ignore the trappings of the program which will be discussed in detail later. A lot of people don't like the idea of being told, "We're going to start now, by throwing together a whole bunch of stuff you don't understand and I won't explain until much later, and then writing a single line or two." There's some innate skepticism and curiousity that makes many people very dissatisfied with the idea that there should be a bunch of stuff in their beginning programs that they aren't expected to understand and that won't be explained to them. With Python, it's possible to just sit down and write some stuff, and build up to more complex trappings.
This is no different than the deprecation of particular language features. Actually, it's better. The old manner of non-nesting scopes is considered deprecated, but remains the default for compatability. You can write forward compatable programs, now. At a later date, the default will switch, effectively removing the old behavior. The __future__ pseudo-module allows forward compatability without breaking backwards compatability during a transitional phase. The language is changed for the better, as nested scopes are ultimately very desirable, and there's a reasonable transitional phase with an appropriate mechanism to write programs now that take advantage of future features. In this particular case, this model of transition/deprecation is more than reasonable since the potential incompatabilities involved in introducing nested scopes are unlikely and bizarre (specifically, if the same name is used at the module level and as a local variable within a function that has nested functions which reference the variable). The other side-effect of the change is the enforcement of a long-standing rule of the language (which was, previously, un[der]enforced).
Therefore, the __future__ model seems to me to be wholly appropriate and a reason to take the language seriously. It's advancement of the language without dismissing backwards compatability--even when the code that is now incompatable has always been dubious in style and/or substance. By introducing __future__, programs that abused the language in manners that aren't permissable with nested scopes do not require a change to continue to operate under 2.1 and you have ample time and warning to change anything that confusingly re-uses variable names.
When I'm just playing around with a little code to see if something will work, I'd rather not have to go back to the top and insert a declaration every time I find I need a variable for a for loop or something.
C++ and, as of C99, C permit the declaration of variables with scope local to the loop within the initializer part of the for construct, not to mention the declaration of variables anywhere within a block rather than strictly at the top. The top is still better for most things. But if the variable has no significance to the over-all function, it might be better to move the declaration towards the area its used, just to keep the top-most declarations wholly relevant to the function.
...as best I can remember FORTRAN didn't even _allow_ variable declarations except for arrays, and I think that worked out fairly well...
I believe you can require explicit type declarations of variables in later versions of FORTRAN (F90, I think) by beginning the program unit with IMPLICIT NONE and, what's more, that you are generally recommended to do so.
The old unstructured BASIC was even better IMHO,...
Ack! Not to be too pedantic, but these sorts of unstructured BASICs that you refer to are not "old" but new. Well, sort of. We've seen, recently, a push towards BASICs that are more structured. However, the microprocessor BASICs were vastly stripped down versions of the original by Kemeny and Kurtz. The two combined efforts to produce TrueBASIC some time after the original had come and past. TrueBASIC, as its name implies, was intended to be the true-form of BASIC, and it is a structured language with variable declaration, etc. Kemeny, BTW, is a fascinating person with amazing historical significance both in and out of the field of computer science. I don't think most people are aware of, nor would immediately believe if told, the fact that one of the co-inventors of BASIC (Kemeny) also was a mathematical assistant to Einstein, helped invent the first time-sharing computer system, reviewed the Three Mile Island disaster (and condemned some aspects of nuclear energy) under authority of President Jimmy Carter, etc. Amazing how so much history intertwines, yes?
Slashdot Mirror
...is that the article calls Yahoo Serious an actor. Bwahahah.
...you could read the article which states, unambiguously, that it executes any resulting executable from the decoding...
...that you can't hose the system, but can hose your own files? I'll admit that users are dumb and capabilities could help, but they're not a panacea. Users do dumb things. A user doing something stupid can invalidate any security model. With capabilities, the problem is that there's a trade-off between security and functionality. If you give executables the read capability, you can still have something like SirCam. If you give it TCP caps, your machine can be used as a node in a DDoS or attempt to trojan other computers. If you give them write caps, you're back to where you were before: all of your data is insecure. If you give it execute caps, it can run another program that does something bad, anyway. So your default caps for securely running executables are no read, no write, no execute, and no Internet connectivity. So in order to do pretty much _anything_ with the program you downloaded, you need to change its caps.
At this point, what's the difference between simply not downloading and running something you don't trust?
You mean, except for step #1, which states, in no uncertain the terms, the prerequisite for the rest of the steps to work: you're already logged in as administrator. It shouldn't be any surprise that the administrator can gain complete access to the system.
Not just the manner in which they spread, but the base from which they spread. Since exploitable Microsoft boxen far outnumber exploitable, say, Linux boxen by a significant number (for many reasons, not the least of which is the installed user base's size), the scale of the attack and thus the observed effects on global routing are directly related to the fact that these are Microsoft worms. The manner in which they probe, alone, is insignificant. (Other things are comparable in approach.) The magnitude makes all the difference.
The Soviet experience in Afghanistan isn't entirely relevant. Their presence there was for a different purpose with different requirements. They needed to hold ground and fortify within Afghanistan, which is difficult to do in any classical military fashion there.
Some of what they learned there may be useful if we're going to try charging in there guns ablaze. I doubt there will be any deterrents to taking military action against Afghanistan and maybe other states that we "discover" are in league with the terrorists responsible for the WTC tragedy.
The parable of the well-oiled army machine against the warrior-tribes of the People is fascinating. But let's not get too ahead of ourselves: the Soviets were trying to hold Afghanistan, not blast it to smithereens. While a sustained ground war is likely, I doubt that it will be the primary mode of attack.
This is the ultimate in no-win situations for ISPs. If they refused to cooperate, you can sure as hell bet that it'd draw not only the ire of the US Government, but of the People--including some of their customers--who are blinded by
rage and indignation at this time. Hardly a few hours went by before black-hearted politicans and "law-enforcement" agencies were vying to see who could blaspheme the dead the most by
co-opting a tragedy for their political gain. Not a day later, you had Republican Congressmen coming out and saying, "This is why we need a missile defense system." (Fuck you! Show me a missile defense system that would stop a suicidal hijacker.) But the People, as a whole, aren't outraged by these reprehensible actions because we're all seeing red, and little else.
Rights and respect are in the peripherial vision. Anything that sounds like an upbraid to the terrorists is now okay. So what is an ISP to do when the Feds come knocking and say, "Let us look at your traffic?" Saying no would make for the biggest PR massacre in the history of Capitalism. The only option is to abandon protection of user rights, which is not something most ISPs look forward to doing.
On the prostitution of the missile defense system by Republican Congressmen on the same day as this tragedy: this is shameful. It doesn't matter whether you believe missile defense will work/should be bought/whatever. That's not the point. Using the occasion of mass murder to politick should be absolutely unacceptable.
It's no different than if someone had come out and said, "This is why we should not be involved in the Middle East." I was hoping that for at least 24 hours, we could leave politics by the wayside. If anything was to be done that day concerning policy, it should have been precisely what was done: review what went wrong and
how to fix it.
I'm not saying it's right or wrong, only that it is: America is stuck in a reactionary rut. We're relegated to reacting rather than forging our own path for the time being. For AOL and Earthlink and many others, the obvious problem arises: when can you make a stand on the principles of this country when they directly oppose the republic's bloodlust? I can't blame AOL or Earthlink for this move. They're stuck in a no-win situation. Someone, somewhere, will hopefully make the
very public stand on issues when the climate is more appropriate and drag our enraged People out of their rut and back into secular (meaning: worldly) thinking. But for now, the heat is too stifling.
This is the benchmark you're going to use for speed? Whether people have written an Operating System in it or not?
I suppose, then, that C++ is moderately slow, C is very fast, and assembly has been getting really slow as of late?
Except that they attacked both the WTC and the Pentagon, the latter of which Virgil was near enough to, to see the ash.
He was also in a Federal building, which was evacuated as the fear of the scope's attacks spread. That seems to make it a valid first-person account to me.
observed canali (that's Italian) on Mars. The word "canali" means either "channels" or "canals." There's an obvious difference: a canal is man-made, a channel need not be. There were no dark blotches. They were lines across Mars.
An American astronomer named Percival Lowell went well overboard with the canali, stating that they were, in fact canals and inventing an entire Martian ecology. He wasn't some rich guy with a telescope. Lowell predicted the existence of Pluto and founded the observatory where it was later discovered.
What Giovanni and, to a lesser extent, Lowell observed on Mars is real. They were seeing huge surface features (like Valles Marineris) and the planet's covering of natural channels.
Lowell popularized the observations by turning them into, basically, science fiction of the worst sort. That's a bad deal, indeed, but some of the canali were there.
The important lesson in this story--which is highly relevant given this story--is that Occam's Razor exists for a good reason. Go with the simpler explanation (that these are naturally carved channels) until something comes along that says something wierder is true (that aliens are out farming on Mars).
Simpler: seasonal changes over more complex: alien plant-life.
That was a lame joke. Oh well.
January 10, 1983, actually. The patent wasn't granted until July 9, 1985. Remember, though, that it's not merely point-of-sale systems. It has to meet the specified claims, including the method of authentication. This is not to say that such systems did not exist prior to the filing. I'm reasonably sure that they did.
Anyway, there's good reason to fight the patent as being so broad that it'll apply to all downloads and to treat it as such: the language of the patent doesn't unambigously dismiss this possibility. Therefore, regardless of the stated or actual intent of the patent holder(s), the possibility for enforcement exists. That is what should be dealt with; not the probability of enforcement.
Uh, I'm guessing these US citizens speaking of frivolous lawsuits are speaking about the USA, not about the rest of the world (which Americans couldn't really care less about; sorry, it's true--I don't condone it, I just observe it).
So there you are, grinning like an idiot, thinking you know a little more than the Western Fools, and you're completely missing the point. US citizens aren't quite the morons you think them to be. In fact, the tendency to sue to solve any minor, trivial, inane dispute is so well-observed that even a bloody Hulk Hogan movie made fun of it. A movie starring a frickin' wrestler! (General Rule of Thumb: When a pro wrestler has enough insight and causticism to lambaste a practice, it's safe to assume that said practice is both well-known and universally despised.)
The quoted portion of the patent is, "reproduction in a material object at the point of sale." This means that the reproduction must be occuring at the point-of-sale (or, as an alternate reading, in a material object that is at the point-of-sale). The two readings are subtly different, but both invalidate the claim that this covers copying to a disk which is then distributed or the implication that this might not implicate pay-for-download sites.
But, uh, back to the less intelligent stuff: How can it be MS-only if someone else is supporting it?
Oh, dear God, you're evil. Now I have that bloody song going through my head... Doo-doo-doooo, da-da-doo-da-doo, do-do do-do do-do da-do-da-doo...Make it stop. Argghhh.
Most of this isn't true. Quake wasn't the first multiplayer game to really be popular on the Internet, it wasn't a technical revolution for a game to include a scripting language or allow customizations, etc. Quake featured little technical innovation. That said, it did have have true 3D, customization abilities, and networking in a package that you or I could run. It was delivering these things together for the masses and the commercial success of the game that made the biggest impact.
You're on the perfect drug...
Or, anyway, that's what worked for my grandma, God rest her soul.
Hey, that's a Texan accent. The common "American accent" (e.g., the one you hear on most television shows, in movies, etc.) is Widwestern. There are tons of different American accents, though. Consider Bostonians who pronounce "Worchester" something like Elmer Fudd saying "rooster." Anyway, Canadians only have a slightly different accent than Midwesterners. Well, at least, until we get to the word "about" -- I swear if I hear someone say "ah-boot" again...
Illogically, it is more standards compliant. And faster. And smaller. How do the Mac and Windows versions of IE differ? has a good explanation of not only how they differ, but why they differ (directly, yes, they're completely different). IE5/Mac is definitely better than IE5 and, in terms of speed and size at least, Netscape 6. Mozilla might be going more smoothly now, though -- I haven't seen any comparisons of Mozilla 0.9.x to IE5/Mac.
Most introductory Java books or classes (note that the following is true of C and C++, too) begin by giving you a skeletal framework and telling users to fill in the blanks and ignore the trappings of the program which will be discussed in detail later. A lot of people don't like the idea of being told, "We're going to start now, by throwing together a whole bunch of stuff you don't understand and I won't explain until much later, and then writing a single line or two." There's some innate skepticism and curiousity that makes many people very dissatisfied with the idea that there should be a bunch of stuff in their beginning programs that they aren't expected to understand and that won't be explained to them. With Python, it's possible to just sit down and write some stuff, and build up to more complex trappings.
Therefore, the __future__ model seems to me to be wholly appropriate and a reason to take the language seriously. It's advancement of the language without dismissing backwards compatability--even when the code that is now incompatable has always been dubious in style and/or substance. By introducing __future__, programs that abused the language in manners that aren't permissable with nested scopes do not require a change to continue to operate under 2.1 and you have ample time and warning to change anything that confusingly re-uses variable names.
C++ and, as of C99, C permit the declaration of variables with scope local to the loop within the initializer part of the for construct, not to mention the declaration of variables anywhere within a block rather than strictly at the top. The top is still better for most things. But if the variable has no significance to the over-all function, it might be better to move the declaration towards the area its used, just to keep the top-most declarations wholly relevant to the function.
I believe you can require explicit type declarations of variables in later versions of FORTRAN (F90, I think) by beginning the program unit with IMPLICIT NONE and, what's more, that you are generally recommended to do so.
Ack! Not to be too pedantic, but these sorts of unstructured BASICs that you refer to are not "old" but new. Well, sort of. We've seen, recently, a push towards BASICs that are more structured. However, the microprocessor BASICs were vastly stripped down versions of the original by Kemeny and Kurtz. The two combined efforts to produce TrueBASIC some time after the original had come and past. TrueBASIC, as its name implies, was intended to be the true-form of BASIC, and it is a structured language with variable declaration, etc. Kemeny, BTW, is a fascinating person with amazing historical significance both in and out of the field of computer science. I don't think most people are aware of, nor would immediately believe if told, the fact that one of the co-inventors of BASIC (Kemeny) also was a mathematical assistant to Einstein, helped invent the first time-sharing computer system, reviewed the Three Mile Island disaster (and condemned some aspects of nuclear energy) under authority of President Jimmy Carter, etc. Amazing how so much history intertwines, yes?