Perhaps a link to Paul Graham's
Mind the Gap
essay would be worth reading as well.
There's at least four fundamental errors that are made or implied by the Inequality Matters argument:
Money is not zero-sum, just because some CEO gets a lot of money doesn't mean I get less.
If there were perfect equality then there would be no incentive for anybody to make any progress at all.
Correlations don't prove cause-effect relations.
The results are highly selective and not an indicator of good/bad on a whole. Even if more crime does result, many other good things may also result as well.
DRM-free maybe, but still not patent-free. When they distribute them in a truely free format then I'll definitely be interested and will be willing to pay for that freedom. If it's not free then why should I pay for it? But even though it is still not free enough for me, it is a very good sign that perhaps some lone sole in the industry is having an ah-ha moment.
What do you want to read? h You begin reading the book called h0vv 2 h0xxr. You become confused. Your intelligence drains away. Continue reading? y You feel like a pompous ninny.
I had a Commodore calculator, the kind you plugged into the wall. It had a single-line orange flourescent display that had an annoying hum (the more digits that were lit the louder it was). It did though have a single register memory key, which was somewhat novel. Otherwise it was limited mostly to just +, -,/, and x.
I first played on PETs. I still remember the joy of discovering all the different variants of it that people had. Some had green screens, others amber, and I think I remember seeing one that had purple pixels. But the membrane-style keyboard was the most futuristic looking (and hardest to use).
Then I did all my "serious" programming on the C64 and wore out many 1541 disk drives. In fact my c64 still works, but unfortunately not the drive. Once you learned all those magic PEEK and POKE numbers you could play God, or so it seemed.
Then it was on to the Amiga 1000 and 2000. I had three floppy drives on the thing (thank goodness for the included schematics) before I could finally afford a newfangled hard drive. Eventually I upgraded it all the way to a Toaster Flyer system before the company folded up and I had to move on. Which was horrible, until Linux came along.
I remember seeing a C64 in the Smithsonian a few years back. That sure made me feel old.
No. US Patent Law does not make any such distinction or exception for private home use. You can be infringing if you mass produce 100 billion copies to sell, or if you just "practice" the art in the privacy of you own home. Granted, the likelihood of any bad consequences for infringing (or even anyone finding out you're infringing) are not at all equal.
But I think this commonly held misconception might be one reason why the general public sees nothing wrong with patents...they think it only applies if you're trying to make money off the idea or running a company, e.g., it doesn't apply to them so why care. But a patent is an absolute abridgment of freedom, and really has nothing to do with money or intent at all, nor does it have anything to do with stealing (like copyright or trade secrets) as you can unknowingly infringe even if you thought up the idea all by yourself. Of course any legal remidies, actions, rewards, etc may be based on money and scale, but not the determination if you're guilty of infringement or not.
IANAL applies, but I have read through the US Law as best as I could understand it. If somebody more knowing than me knows something else, please be kind and point out exactly where in the law such distrinction is made because I can't find it.
The file formats haven't changed so no software needs recompiled. You just need new data files. If you can't get an RPM, you can just compile the zone files yourself. Do a man on the zic command.
Not only are there tons of spoilers online, you also get the source code; and source code diving is nethack "sport" in its own right. Not to mention the in-game spoilers that are free (or only a few zorkmids): the fortune cookies, the oracle, the grafitti all over the place, those uneasy feelings you get.
After 17 years of playing its still fun, still unpredictable, and I am still occasionally surprised when something unexpected happens. The replay value of this game is on par with that of chess; although you get to kill and be killed. Even so, nethack is enjoyable and quite playable even if you don't use the spoilers/source with about the same percentage of success (0%).
"If I were in a theater watching a movie, and kept seeing little flashes of white light comming from the direction of the screen, it would be a pretty big distraction"
More distracting than the unimaginative hollywood plot, hyperbolic acting, and unrealistic exploding cars/buildings/animated cats?
Come to think of it, that's the best anti-piracy technology to come out of Hollywood--the movies themselves.
You pick up a tattered cape (K unpaid). Only $250 for you. You put on the tattered cape. Suddenly, you can see through yourself. The nurse hits. You can not remove the cloak, it seems to be cursed. The nurse hits. The floor is too hard to dig here. Really attack Wengretik the shopkeeper? Wengretik strikes at thin air. The nurse hits. Wengretik hits. Wengretik hits. You die.
20% - rootkit licensing and bundling 10% - spoilage from Sharpie pirates 15% - DMA key registration of Sony electronics division so their products can play said music 12% - legal fees for eventually suing customers who download music 5% - payoff fees to Wesbter and Oxford to redefine English words
(Oh wait, but Sony didn't license the rootkit code, they PIRATED IT!)
* Ethernet packets found to collide sometimes, resulting in worldwide communications silence.
* Some traffic lights found to periodically turn red almost 50% of the time; transportation system grinds to a halt.
* Study finds that if you call someone every 15 seconds and ask "can you hear me now?", unexplicably none of your calls will be answered, in addition to getting strange looks.
* Fast food restaurant closes one of its eight queues at the shift change; six people starve to death as a result.
I know you're joking, but you touch on a potentially parallel example.
The science strongly favors evolution. But because some in the religious crowd raise such a stink over it (thinking it is incompatible with ID), it has caused a lot of the non-religeous to go to the other extreme and therefore claim evolution is absolutely correct and unflawed, mainly just to spite the ID people. [I know I'm generalizing/stereotyping here.]
But what that does is to essentially eliminate any possibility for any actual scientific debate. What if there is another theory that could explain the evidence scientifically and in no way relies on ID or any non-scientific philosophy. In the current environment, that kind of science can't occur because the field has been posioned by the anti-ID protesters, such that any non-evolution theories won't be tolerated, even if they are firmly based in science too.
Its the same here. Global warming may have a lot of scientific evidence, but other theories can not be raised because it's being used politically to counter viewpoints considered non-scientific (or by anti-industrial extremists as an excuse for their agendas); and thus the acceptance of other scientifically-based views is also prohibited.
The worst thing a "scientist" can do is think he is right, just because others exist that are definitely wrong. You both can be wrong.
Or more likely, prevent you from fast-forwarding through the commercials as well as not letting you mute the audio while a commercial is playing. After all, you don't want to be a "thief" do you?
Don't confuse dynamic with weak typing
on
Beyond Java
·
· Score: 4, Informative
You, like many people, seem to be confusing two independent concepts: static v. dynamic, and strong v. weak typing. Read up here: http://en.wikipedia.org/wiki/Datatype
Dynamically typed language like Python or Ruby are also strongly typed. This means that the language absolutely *prevents* you from accessing an object incorrectly (breaking type safety).
C on the other hand is statically typed, but also weakly typed....the exact opposite!
C++ and Java are also in the same camp--static and weak; although both are much much closer to being strongly typed than C ever was. Although you can argue that Java is static/strong except for some low-level exceptions; or that C++ is partly dynamic (with template meta-programming)
Just for completeness, assembly is most always dynamically/weak; and Haskell is static/strong.
BTW it is the weakly-typed behavior of C (casts, void pointers, array bound checking, etc) that causes probably 95% of all type-error bugs. In fact this falacy that dynamically typed means the same as weakly typed is probably the primary reason that so many people seem opposed to dynamic typing. Dynamic != Weak.
Re:Dynamic typing
on
Beyond Java
·
· Score: 5, Informative
If the topic of this book interests you, it is also quite worth reading some of Paul Graham's essays.
I've done both styles quite a lot, and I can say that static typing really is overrated. It sacrifices too much language power for what is really too little benifit (the benifit is often perceived to be much greater than emperical studies of real-world coding errors seem to confirm). The main problem that many static-typing fans seem to have is a lack of exposure to the other way of doing things--and enough experience to allow themselves the freedom to break old habits/patterns to actually see the power of dynamic typing.
The canonical DNS name problem
on
Cross Site Cooking
·
· Score: 5, Interesting
As a DNS administrator, the trailing dot is something I was very aware of (although I didn't know about the cookie implementation errors). I've always wondered why you never saw URLs such as http://www.example.com./, instead of http://www.example.com/ ? The later (without the dot) is subject to local DNS spoofing.
However, aside from the browser problems, it seems that web servers also mess up the trailing dot problem. Most servers won't recognize their own hostnames when the Host header has a trailing dot. Proxies are also clueless and confused.
In fact, I was always surprised that the HTTP and URL standards (not to even mention the horrid X.509 certificate standards) seem so careless about the canonical domain name representation. There's no requirement, nor even a warning, about any use of the trailing dot in domain names, nor that any software (server, proxy, or agent) should do any sort of canonical name equivalence checking.
Unless of course you encrypt, or at least digitally sign all cookies you legitimately send.
The fact that none of the cookie meta-data is ever sent to the server along with the cookie body is one of the biggest pains. Aside from the domain restriction that the article talks about, another big one is the expiration date. This is important if the server *wants* cookies to expire, such as if used for authentication.
Thus a safe server will encode the cookie expiration date directly into the cookie value (as well as the cookie metadata), and then sign (or HMAC) the cookie value. And there's also the previously mentioned Ajax cookie stealing attacks to guard against, which usually means disabling the TRACE command or setting the secure cookie property.
Why is this even news? Military propoganda is as old as military history. It is, or should be, a very important component of any successful military strategy. And if the US military wasn't doing that, then they weren't doing their jobs (for which we taxpayers are paying them to do).
Really, the only thing which is interesting is that the US national media seem to be picking up military propoganda more and more as it's distributed abroad, and then repackaging and redistributing it to the US market. So that's a sign that either the propoganda is very successful, or that the US media is rather poor on fact checking. Of course the media rebroadcast military propoganda quite a bit back in the World Wars, but I think it was common knowledge that it was being done. Today, the media does a very poor job of informing the public where or how it obtains its information.
That they are "targeting" the net should not be surprising either. It is their jobs to plan how to counter-attack any possible attack of the enemy. And frankly this should include what to do if the enemy manages to infiltrate the Internet as we know it. This planning should not be misinterpreted as thinking the US military wants to take down the Internet. Instead they want to be prepared if the enemy takes it down, or takes it over.
What a lame analogy. Trying to compare those two is practially meaningless, unless of course you have a particular extremist political agenda and are looking for any reason at all to try to convince yourself that you must be right.
Since you brought it up though, lets analyze the analogy. And only in terms of "security", which is what this/. thread is all about.
Intercepting communications from foreign people believed to be terrorists or connected to them:
* This activity's purpose is to prevent future "security breaches" (e.g., learning of a terrorist plot).
* Without this activity, citizens are certainly less safe (meaning this activity has a positive security benifit)
* The activity itself is not unsafe nor pose a "security hole" (regardless of your opinions on other non-security effects like liberty)
* It's effectiveness is in large part subject to it remaining covert
* Publically reveiling the activity makes it non-covert, and therefore reduces its effectiveness.
* Result: the "risk" to our safety was increased (again ignoring any other effects for this analogy). There is no obvious way to "undo" this increase in risk (e.g., no forthcoming "patch" which will make it covert once again)
* If the public exposure had not happened: risk would have remained unchanged (which already was lower than if this activity was not even occuring)
Exposing Oracle bug publically:
* The "activity" in this case was a security flaw in deployed software.
* Thus the "activity" was unsafe.
* The risk it poses is was dependent upon it remaining undiscovered and without an implemented exploit, or until fixed.
* Publically reveiling it makes it undiscovered.
* Result: the risk is temporarily increased--its a race to whether an exploit or a patch is developed first. The risk will actually be decreased when a patch is available and installed.
* If bug was not publically reveiled: flaw remains in software (proven for at least 3 months); probability of being discovered by "black hats" increases with time, thereby gradually increasing risk.
Oh, and one other big difference: in the former there were other ways to attempt change without full public disclosure (congressional oversight, etc.) that were not used. In the later other non-public methods of affecting change were attempted first.
So yes, both acts of publicity result in at least temporary increased risk. But the analogy is otherwise completely broken.
Sorry, but please save your political arguments to a political topic.
Python Cookbook, Edition 2 also covers version 2.4. And it is also a very useful book, even for those who know Python quite well...you can always learn a few new tricks.
This is so true. The only thing that will ever correct the patent nonsense will be when there is great and obvious harm done by them. There needs to be a big company that is taken out and which affects millions of people. Something like patenting an airplane and forcing all airlines to remain grounded. Sooner or later it will happen; but the settlements so far have been cloaking this threat.
Another problem is that patents are kind of like ICBMs. The only thing that keeps the whole economy from instantly being destroyed by patents is the fear of mutually assured destruction. As long as everybody has lots of missles pointed at everybody else's homeland things stay relatively calm--same with patents.
But there are two things that are making this MAD stability more fragile:
1. the number of patents (missles) is seemingly growing exponentially,
2. the new patent-holding companies don't need to fear counterattacks
since they have no "homeland" (they don't produce anything, so they
are not themselves infringing other's patents). In this respect
companies like this are sort of like terrorists(*) carrying nuclear
bombs in briefcases...ICBMs are not much use against them since you
can't point them at any meaningful targets.
* This is a weak analogy. The people who run these patent extortion companies are scumbag humans with very bad ethics. I don't consider terrorists on the other hand to even be human.
It's almost platform independent. The main problem which primarily afflicts Microsoft's use of AJAX, such as in Outlook Web, is the way that the "A" in AJAX is "started".
Basically to initiate an HTTP asynchronous request, the Javascript code must create a special object which encapsulates the request and communication. Althought the interface and use of this object is for the most part standard, the way in which it is initially created is not.
Standard (everybody but IE): req = new XMLHttpRequest();
MS-IE (new): req = new ActiveXObject("Msxml2.XMLHTTP");
MS-IE (old): req = new ActiveXObject("Microsoft.XMLHTTP");
So if you want a platform independent AJAX app, you pretty much need a bit of code which does things the Microsoft way when the standard ways don't work. Like:
try { req = new XMLHttpRequest();/* The pseudo-standard way */ } catch(e) { try { req = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { req = new ActiveXObject("Microsoft.XMLHTTP"); } catch (E) { req = false; } } }
Now, Microsoft-written applications which use AJAX only try the MS ActiveX methods, and not the standard XMLHttpRequest() function. Thus, although most of the application could have worked in any browser, this simple omission by Microsoft insures it only works under IE (and locks you into their technology).
It should also be noted that AJAX is a methodology and not a strictly defined API. For instance most AJAX apps rely heavily on the DOM API, which Microsoft mostly but not entirely adheres to. So there's lots of things that can cause platform independence problems if not coded carefully.
Slashdot Mirror
Perhaps a link to Paul Graham's Mind the Gap essay would be worth reading as well.
There's at least four fundamental errors that are made or implied by the Inequality Matters argument:
DRM-free maybe, but still not patent-free. When they distribute them in a truely free format then I'll definitely be interested and will be willing to pay for that freedom. If it's not free then why should I pay for it? But even though it is still not free enough for me, it is a very good sign that perhaps some lone sole in the industry is having an ah-ha moment.
What do you want to read? h
You begin reading the book called h0vv 2 h0xxr.
You become confused.
Your intelligence drains away.
Continue reading? y
You feel like a pompous ninny.
Ah, the nostalgia.
/, and x.
I had a Commodore calculator, the kind you plugged into the wall. It had a single-line orange flourescent display that had an annoying hum (the more digits that were lit the louder it was). It did though have a single register memory key, which was somewhat novel. Otherwise it was limited mostly to just +, -,
I first played on PETs. I still remember the joy of discovering all the different variants of it that people had. Some had green screens, others amber, and I think I remember seeing one that had purple pixels. But the membrane-style keyboard was the most futuristic looking (and hardest to use).
Then I did all my "serious" programming on the C64 and wore out many 1541 disk drives. In fact my c64 still works, but unfortunately not the drive. Once you learned all those magic PEEK and POKE numbers you could play God, or so it seemed.
Then it was on to the Amiga 1000 and 2000. I had three floppy drives on the thing (thank goodness for the included schematics) before I could finally afford a newfangled hard drive. Eventually I upgraded it all the way to a Toaster Flyer system before the company folded up and I had to move on. Which was horrible, until Linux came along.
I remember seeing a C64 in the Smithsonian a few years back. That sure made me feel old.
No. US Patent Law does not make any such distinction or exception for private home use. You can be infringing if you mass produce 100 billion copies to sell, or if you just "practice" the art in the privacy of you own home. Granted, the likelihood of any bad consequences for infringing (or even anyone finding out you're infringing) are not at all equal.
But I think this commonly held misconception might be one reason why the general public sees nothing wrong with patents...they think it only applies if you're trying to make money off the idea or running a company, e.g., it doesn't apply to them so why care. But a patent is an absolute abridgment of freedom, and really has nothing to do with money or intent at all, nor does it have anything to do with stealing (like copyright or trade secrets) as you can unknowingly infringe even if you thought up the idea all by yourself. Of course any legal remidies, actions, rewards, etc may be based on money and scale, but not the determination if you're guilty of infringement or not.
IANAL applies, but I have read through the US Law as best as I could understand it. If somebody more knowing than me knows something else, please be kind and point out exactly where in the law such distrinction is made because I can't find it.
More general info on Wikipedia: http://en.wikipedia.org/wiki/Zoneinfo
zoneinfo homepage: http://www.twinsun.com/tz/tz-link.htm
The file formats haven't changed so no software needs recompiled.
You just need new data files. If you can't get an RPM, you can just
compile the zone files yourself. Do a man on the zic command.
Not only are there tons of spoilers online, you also get the source code; and source code diving is nethack "sport" in its own right. Not to mention the in-game spoilers that are free (or only a few zorkmids): the fortune cookies, the oracle, the grafitti all over the place, those uneasy feelings you get.
After 17 years of playing its still fun, still unpredictable, and I am still occasionally surprised when something unexpected happens. The replay value of this game is on par with that of chess; although you get to kill and be killed. Even so, nethack is enjoyable and quite playable even if you don't use the spoilers/source with about the same percentage of success (0%).
More distracting than the unimaginative hollywood plot, hyperbolic acting, and unrealistic exploding cars/buildings/animated cats?
Come to think of it, that's the best anti-piracy technology to come out of Hollywood--the movies themselves.
You just need to buy one of these and use it against itself to neutralize the digital cameras dectector.
You pick up a tattered cape (K unpaid). Only $250 for you.
You put on the tattered cape.
Suddenly, you can see through yourself.
The nurse hits.
You can not remove the cloak, it seems to be cursed.
The nurse hits.
The floor is too hard to dig here.
Really attack Wengretik the shopkeeper?
Wengretik strikes at thin air.
The nurse hits.
Wengretik hits. Wengretik hits.
You die.
Yep, here's what Sony should be charging:
20% - rootkit licensing and bundling
10% - spoilage from Sharpie pirates
15% - DMA key registration of Sony electronics division so their products can play said music
12% - legal fees for eventually suing customers who download music
5% - payoff fees to Wesbter and Oxford to redefine English words
(Oh wait, but Sony didn't license the rootkit code, they PIRATED IT!)
"the market will decide the winner"
Just another way of saying, "We're okay if 49.9% of the consumers
get screwed. We'll screw the surviving 50.1% later."
And in other brilliant studies:
* Ethernet packets found to collide sometimes, resulting in worldwide communications silence.
* Some traffic lights found to periodically turn red almost 50% of the time; transportation system grinds to a halt.
* Study finds that if you call someone every 15 seconds and ask "can you hear me now?", unexplicably none of your calls will be answered, in addition to getting strange looks.
* Fast food restaurant closes one of its eight queues at the shift change; six people starve to death as a result.
I know you're joking, but you touch on a potentially parallel example.
The science strongly favors evolution. But because some in the religious crowd raise such a stink over it (thinking it is incompatible with ID), it has caused a lot of the non-religeous to go to the other extreme and therefore claim evolution is absolutely correct and unflawed, mainly just to spite the ID people. [I know I'm generalizing/stereotyping here.]
But what that does is to essentially eliminate any possibility for any actual scientific debate. What if there is another theory that could explain the evidence scientifically and in no way relies on ID or any non-scientific philosophy. In the current environment, that kind of science can't occur because the field has been posioned by the anti-ID protesters, such that any non-evolution theories won't be tolerated, even if they are firmly based in science too.
Its the same here. Global warming may have a lot of scientific evidence, but other theories can not be raised because it's being used politically to counter viewpoints considered non-scientific (or by anti-industrial extremists as an excuse for their agendas); and thus the acceptance of other scientifically-based views is also prohibited.
The worst thing a "scientist" can do is think he is right, just because others exist that are definitely wrong. You both can be wrong.
Or more likely, prevent you from fast-forwarding through the commercials
as well as not letting you mute the audio while a commercial is playing.
After all, you don't want to be a "thief" do you?
You, like many people, seem to be confusing two independent concepts: static v. dynamic, and strong v. weak typing. Read up here: http://en.wikipedia.org/wiki/Datatype
Dynamically typed language like Python or Ruby are also strongly typed. This means that the language absolutely *prevents* you from accessing an object incorrectly (breaking type safety).
C on the other hand is statically typed, but also weakly typed....the exact opposite!
C++ and Java are also in the same camp--static and weak; although both are much much closer to being strongly typed than C ever was. Although you can argue that Java is static/strong except for some low-level exceptions; or that C++ is partly dynamic (with template meta-programming)
Just for completeness, assembly is most always dynamically/weak; and Haskell is static/strong.
BTW it is the weakly-typed behavior of C (casts, void pointers, array bound checking, etc) that causes probably 95% of all type-error bugs. In fact this falacy that dynamically typed means the same as weakly typed is probably the primary reason that so many people seem opposed to dynamic typing. Dynamic != Weak.
If the topic of this book interests you, it is also quite worth reading some of Paul Graham's essays.
For the dynamic versus static typing debate, in particular read http://paulgraham.com/hundred.html
I've done both styles quite a lot, and I can say that static typing really is overrated. It sacrifices too much language power for what is really too little benifit (the benifit is often perceived to be much greater than emperical studies of real-world coding errors seem to confirm). The main problem that many static-typing fans seem to have is a lack of exposure to the other way of doing things--and enough experience to allow themselves the freedom to break old habits/patterns to actually see the power of dynamic typing.
As a DNS administrator, the trailing dot is something I was very aware of (although I didn't know about the cookie implementation errors). I've always wondered why you never saw URLs such as http://www.example.com./, instead of http://www.example.com/ ? The later (without the dot) is subject to local DNS spoofing.
However, aside from the browser problems, it seems that web servers also mess up the trailing dot problem. Most servers won't recognize their own hostnames when the Host header has a trailing dot. Proxies are also clueless and confused.
In fact, I was always surprised that the HTTP and URL standards (not to even mention the horrid X.509 certificate standards) seem so careless about the canonical domain name representation. There's no requirement, nor even a warning, about any use of the trailing dot in domain names, nor that any software (server, proxy, or agent) should do any sort of canonical name equivalence checking.
Unless of course you encrypt, or at least digitally sign all cookies you legitimately send.
The fact that none of the cookie meta-data is ever sent to the server along with the cookie body is one of the biggest pains. Aside from the domain restriction that the article talks about, another big one is the expiration date. This is important if the server *wants* cookies to expire, such as if used for authentication.
Thus a safe server will encode the cookie expiration date directly into the cookie value (as well as the cookie metadata), and then sign (or HMAC) the cookie value. And there's also the previously mentioned Ajax cookie stealing attacks to guard against, which usually means disabling the TRACE command or setting the secure cookie property.
Why is this even news? Military propoganda is as old as military history. It is, or should be, a very important component of any successful military strategy. And if the US military wasn't doing that, then they weren't doing their jobs (for which we taxpayers are paying them to do).
Really, the only thing which is interesting is that the US national media seem to be picking up military propoganda more and more as it's distributed abroad, and then repackaging and redistributing it to the US market. So that's a sign that either the propoganda is very successful, or that the US media is rather poor on fact checking. Of course the media rebroadcast military propoganda quite a bit back in the World Wars, but I think it was common knowledge that it was being done. Today, the media does a very poor job of informing the public where or how it obtains its information.
That they are "targeting" the net should not be surprising either. It is their jobs to plan how to counter-attack any possible attack of the enemy. And frankly this should include what to do if the enemy manages to infiltrate the Internet as we know it. This planning should not be misinterpreted as thinking the US military wants to take down the Internet. Instead they want to be prepared if the enemy takes it down, or takes it over.
What a lame analogy. Trying to compare those two is practially meaningless, unless of course you have a particular extremist political agenda and are looking for any reason at all to try to convince yourself that you must be right.
/. thread is all about.
Since you brought it up though, lets analyze the analogy. And only in terms of "security", which is what this
Intercepting communications from foreign people believed to be terrorists or connected to them:
* This activity's purpose is to prevent future "security breaches" (e.g., learning of a terrorist plot).
* Without this activity, citizens are certainly less safe (meaning this activity has a positive security benifit)
* The activity itself is not unsafe nor pose a "security hole" (regardless of your opinions on other non-security effects like liberty)
* It's effectiveness is in large part subject to it remaining covert
* Publically reveiling the activity makes it non-covert, and therefore reduces its effectiveness.
* Result: the "risk" to our safety was increased (again ignoring any other effects for this analogy). There is no obvious way to "undo" this increase in risk (e.g., no forthcoming "patch" which will make it covert once again)
* If the public exposure had not happened: risk would have remained unchanged (which already was lower than if this activity was not even occuring)
Exposing Oracle bug publically:
* The "activity" in this case was a security flaw in deployed software.
* Thus the "activity" was unsafe.
* The risk it poses is was dependent upon it remaining undiscovered and without an implemented exploit, or until fixed.
* Publically reveiling it makes it undiscovered.
* Result: the risk is temporarily increased--its a race to whether an exploit or a patch is developed first. The risk will actually be decreased when a patch is available and installed.
* If bug was not publically reveiled: flaw remains in software (proven for at least 3 months); probability of being discovered by "black hats" increases with time, thereby gradually increasing risk.
Oh, and one other big difference: in the former there were other ways to attempt change without full public disclosure (congressional oversight, etc.) that were not used. In the later other non-public methods of affecting change were attempted first.
So yes, both acts of publicity result in at least temporary increased risk. But the analogy is otherwise completely broken.
Sorry, but please save your political arguments to a political topic.
Python Cookbook, Edition 2 also covers version 2.4. And it is also a very useful book, even for those who know Python quite well...you can always learn a few new tricks.
http://www.oreilly.com/catalog/pythoncook2/
This is so true. The only thing that will ever correct the patent nonsense
will be when there is great and obvious harm done by them. There needs to
be a big company that is taken out and which affects millions of people.
Something like patenting an airplane and forcing all airlines to remain
grounded. Sooner or later it will happen; but the settlements so far have
been cloaking this threat.
Another problem is that patents are kind of like ICBMs. The only thing
that keeps the whole economy from instantly being destroyed by patents
is the fear of mutually assured destruction. As long as everybody has
lots of missles pointed at everybody else's homeland things stay relatively
calm--same with patents.
But there are two things that are making this MAD stability more fragile:
1. the number of patents (missles) is seemingly growing exponentially,
2. the new patent-holding companies don't need to fear counterattacks
since they have no "homeland" (they don't produce anything, so they
are not themselves infringing other's patents). In this respect
companies like this are sort of like terrorists(*) carrying nuclear
bombs in briefcases...ICBMs are not much use against them since you
can't point them at any meaningful targets.
* This is a weak analogy. The people who run these patent extortion
companies are scumbag humans with very bad ethics. I don't consider
terrorists on the other hand to even be human.
It's almost platform independent. The main problem which primarily afflicts Microsoft's use of AJAX, such as in Outlook Web, is the way that the "A" in AJAX is "started".
Basically to initiate an HTTP asynchronous request, the Javascript code must create a special object which encapsulates the request and communication. Althought the interface and use of this object is for the most part standard, the way in which it is initially created is not.
So if you want a platform independent AJAX app, you pretty much need a bit of code which does things the Microsoft way when the standard ways don't work. Like:
Now, Microsoft-written applications which use AJAX only try the MS ActiveX methods, and not the standard XMLHttpRequest() function. Thus, although most of the application could have worked in any browser, this simple omission by Microsoft insures it only works under IE (and locks you into their technology).
It should also be noted that AJAX is a methodology and not a strictly defined API. For instance most AJAX apps rely heavily on the DOM API, which Microsoft mostly but not entirely adheres to. So there's lots of things that can cause platform independence problems if not coded carefully.
Just use solar cells and put your devices under a table lamp.
/. readers seem to use electric toothbrushes?
Also, why is it that so many