It's very funny watching what happens when someone puts a comment on Slashdot that is in any way critical of Apple. Usually, the moderation score goes up in the first few minutes, and then, as Apple's dittoheads are mobilized, more "Troll" points are added until the comment drops to -1, about an hour after the original posting.
Now here we have an article that's critical of Apple. That doesn't happen often. Let's see what the dittoheads do.
Those are built-in C arrays. That mechanism is a C special case, and applies only to built-in arrays. It doesn't generalize well to C++ objects. Try to use <vector> to handle multidimensional arrays and you'll see what I mean. You can declare
vector<vector<float> >
but you'll get an array of arrays, not a 2D array.
Sueing Zone Labs was a really dumb move for 180 Solutions. Now Zone Labs can start discovery.
First, of course, they'll want to see all of 180 Solutions' source code, so the objective validity of the "trade libel" claim can be tested. (Truth is an absolute defense to libel under US law.) Then, they'll want to depose key programmers under oath. 180 Solutions has some unpleasant disclosures coming up.
Zone Labs is owned by Check Point Software, which had income of $280 millon on revenues of $500 million last year. They can afford litigation.
C++, for historical reasons dating back to C, has wierd semantics for commas in brackets. The operator precedence for commas is different inside of "()" and "[]".
So
tab(i,j)
is a function call with two arguments. But
tab[i,j]
is an invocation of the "comma operator", then a function call with one argument. The default "comma operator" ignores the first argument and returns the second. It once had some uses in C macros.
I've argued with the C++ committee about this. If "operator[]" had the same syntax as "operator()", we could have support for multidimensional arrays in C++. But there's a concern that somewhere, someone might have code that depends on the current semantics of the comma operator inside square brackets.
This new archive offers the opportunity to eliminate that possibility. So, do this search:
Find, in non-comment standard C++ code, any occurences of a comma operator within square brackets. Eliminate any where there are parentheses within the square brackets enclosing the comma.
Can you find any? In any production code? In any open-source project? Anywhere?
What a bunch of dummies. If you mix processors with and without SSE, some programs will randomly discover, at startup, that SSE is present and enable their SSE code. Then when that program happens to execute on a processor without SSE, it will get an illegal instruction exception. The OS even tried to tell them they had an inconsistent configuration, but they bypassed that.
Look what failed. Video compression programs, the type of code almost certain to use streaming SIMD operations.
Try this with two identical dual processors and you should get a nice 4-CPU machine.
The biggest problem with Tribe is that you can't merge old tribes, and it's easy to create new tribes. So you end up with near-duplicate tribes and heavy cross-posting. You keep seeing the same postings over and over in different tribes.
I just ate at the Palo Alto Cafe on Middlefield. 18 people and 10 laptops. At the next table was a cute young couple, both dressed in black. Between them, they had two laptops, a Blackberry, a graphing calculator, at least one iPod, and cell phones. All in use.
A big question is whether this "David Hagen" is actually associated with "GTX Global". Stocklemon says yes, and GTX Global is sueing them.
GTX Global has issued this denial.
Nature is terrible at selecting computer science papers. They have a good reputation in the life sciences, but quite a number of very weak CS papers have made it into Nature.
From what I hear from some Internet Archive people, the Deadheads have become a headache. The Grateful Dead stuff is a tiny percentage of the Internet Archive, which has petabytes of data, including multiple copies of the whole World Wide Web. But the Deadheads are hogging the bandwidth, and because they hit the same stuff over and over, the Archive bogs down. The Archive was designed as a library, without a big cacheing front end to handle high traffic to a few files. So concentrated traffic in one area slows it down.
The Archive now offers files for streaming, which is a bandwidth hog for music files. People keep playing them again and again. (Especially Deadheads, who are notorous for listening to the same content repeatedly. Possibly due to drug-induced memory degradation.)
This is interfering with other queries.
Incidentally, ".aero" works, sort of. If you type
".aero", you get the web site for that airport. Sometimes. But that's just because the domain registrar set up dummy redirects. But they botched the job. Try, for example, dfw.aero.
We have too many TLDs now. Remember all those stupid TLDs from the last round, like ".museum"? Nobody uses them. The big-name museums are under.org or a country domain. (Here's the complete list of domains registered under.museum. Most of them don't even work, and for the ones that do, they're usually an alternate name.) Have you ever seen a domain in ".aero" or ".pro"? ".biz" gets used, but mostly by sleazy operators. There are so few legitimate businesses in ".biz" that it has the reputation of a strip mall in South Central LA.
ICANN should stop considering new TLDs. In fact, it might be worthwhile to start phasing out some of the newer TLDs due to lack of interest.
The problem with the "limited user" concept is that the browser space can still be corrupted. Cross-site scripting is still possible. Installing spyware is still possible, although it may only be able to affect browser sessions.
Browsers need at least two privilege levels and multiple compartments to be safe.
If that's happening, it's a bug on the LEA side. That's not the way it works via the CALEA interface. Read the ANSI J-STD-025-A wiretapping interface standard. The wiretapping equipment should start recording upon receiving a CCOpen message and stop recording after receiving a CCClose message, as defined in the
Lawfully Authorized Electronic Surveillance
Protocol.
These messages go over a data channel associated with a bank of "voice" channels, so they are out of band, and they're generated from the SS7 messages, so they reflect what call setup is really doing. If the logging based on the LAESP traffic doesn't match the length and timestamps on the recorded data, that's an indication that something has gone wrong on the LEA side.
This is rev A of the standard. Rev B is out, and has some new features for VoIP, mobile location, and such.
All this describes the delivery side of wiretapping.
The control side, via which wiretap requests are made, is web-based in some Lucent switches. That side isn't as standarized as the delivery side. Early thinking was that there would be about as many wiretaps in the CALEA era as there were before, so control events would be rare. But volume is up and the control side is getting to be a problem, especially since the Patriot Act's "roving wiretap" provisions.
It's not well known, but most wiretapping in the US is actually done by Verisign. It's a commercial service they sell. Verisign runs most of the SS7 signalling network used to control the phone system. So they put in a back door that lets them route calls to or from specific phones to their wiretapping center in Northern Virginia. From there, the wiretapping is fed out to law enforcement, the intelligence community, and other interception customers, using T1 lines.
Since this works through SS7, and full call-control information is available, it's immune to any in-band tones.
The problem is well understood. Browsers are running with the full privileges of the user. This is true of IE, and it's true of Firefox.
It's too bad that the Firefox people don't accept that this is a problem.
The straightforward solution is to run most of the browser in a jail. When a page is launched, a copy of the renderer should be launched with
a connection to the window, a connection to the network, and no ability to open local files. The page can be displayed, and the page can run whatever JavaScript it wants, but it can't affect anything outside of that page-rendering environment. When the page closes, all state associated with that page is lost.
Of course, this breaks lots of stuff. Cookies. Cacheing. Links. Popups.
Third-party toolbars. Plugins. Program launching. Some of those are handled by a messaging interface between the browser and its parent, the launcher, which has to be trusted but doesn't do much, so it can be small.
For security, we probably have to give up toolbars and plugins. People will whine, but that's probably a good move for 90% of business installations.
Program launching from the browser has to be limited to launching within the jail. A rendering process could launch, say, Quicktime, Flash, or a PDF viewer, but those would still be jailed. All they could do is talk to the network and the window.
That's how to fix it right. It's quite possible. The right way to do it is to build the secure browser first, even if it doesn't let some users do things they want to do.
We're going to be forced to this, as patch-based security breaks down,
because the attackers are now finding their own exploits, rather than simply looking for unpatched systems.
Here's what the business actually looks like. This is from the web site of someone who has been photographing the storefronts of mail order photo dealers in Brooklyn. The results are very funny. Some are mail drops. Some are bogus addresses. Some are homes. Some are tiny stores selling something else.
Only one is a huge warehouse with loading docks.
// The contact force component is aligned with the vector between // the two closest points. The frictional force is in a plane // perpendicular to that vector and through the midpoint of pnt0-pnt1, // The frictional force vector is opposite the velocity vector // component in the friction plane.
// Witness point checks. // All witness points must be on their polyhedron's side of the // separating plane.
Here the purpose of the comments is to explain the math.
From the control code for a DARPA Grand Challenge vehicle. Here's some code I wasn't happy with, so that's clearly noted.
// constructPath2 -- reactive obstacle avoidance and path planning // - the hard cases // // Called when we have to do some obstacle avoidance // // Path is an output only. // // First pass tries to find some path that will work within the turning limits. // If that fails, we try "brake then steer" mode - look for the longest path // in any direction, regardless of dynamics limits, and slam on the brakes // while turning. The actual steering command will be limited later. // ***MAKE SURE THAT CHECK IS MADE*** // // ***NEEDS WORK*** // ***SEARCHING OUTSIDE LIMITS WILL ALWAYS FAIL*** //
Finally, here's some Perl code, part of the code that runs Downside.
# # extractsecurityclass -- extract class of a NASDAQ security # # Foreign and bank securities aren't filed with the SEC, so # we need to note this. There are also test and statistics items that # aren't real securities. # # Note that the test for "bank" is rather poor. NASDAQ used to # identify banks using a column in the table, but they no longer do so. # sub extractsecurityclass($) { my $vals = shift; ## Check for symbols that don't file with the SEC if (${$vals}{'test_issue'} ne 'N') { return('test'); } ## is test
(We have to stop there; Slashdot's "lameness filter" rejects Perl code.)
All code should have well-written comments.
As Wirth pointed out years ago, people who can't express themselves well in their native language are generally poor programmers.
The National Emergency Number Association rejected that approach. Here's their analysis (.doc format). The major problems are 1) calls forwarded in this way don't appear at the Public Safety Answering Point with useful location or caller ID information, 2) congestion is badly handled, 3) aiming multiple providers at the same group of numbers means that a routing error at one provider impacts 911 calls via other providers, 4) denial of service attacks become easy, and 5) components with lower reliability requirements are now in the 911 chain, but not identified as such.
Most of the city still doesn't have phone service. Getting enough WiFi up that people can use VoIP and get some basic web services will be a big help.
Re:Reminds me of a story of a writing assignment
on
Pictures by Hive Mind
·
· Score: 2, Interesting
There are writers who can bring that off.
There's a famous story about this. Larry Niven and Jerry Pournelle once accepted an advance for a new book, but hadn't made much progress as the deadline approached. So they moved into a cabin for the duration to finish the job. They took turns writing for 12 hours a day, with story discussions during their overlapping wake periods. The resulting novel was successful, and it's not obvious who wrote which parts.
America's leader, Karl Rove, is quite introverted. In fact, he's a major nerd. He's memorized most of the electoral statistics for the US for the last few decades, and he uses them in conversation. He very seldom speaks in public. He actually wore a pocket protector in high school.
He has a front man to do the public relations part of the job, of course. But Rove is the one who makes the decisions.
Now here we have an article that's critical of Apple. That doesn't happen often. Let's see what the dittoheads do.
vector<vector<float> >
but you'll get an array of arrays, not a 2D array.
First, of course, they'll want to see all of 180 Solutions' source code, so the objective validity of the "trade libel" claim can be tested. (Truth is an absolute defense to libel under US law.) Then, they'll want to depose key programmers under oath. 180 Solutions has some unpleasant disclosures coming up.
Zone Labs is owned by Check Point Software, which had income of $280 millon on revenues of $500 million last year. They can afford litigation.
No, it's an array of pointers to an array of elements, which is not quite the same thing.
Arrays with multiple subscripts have many uses. Sparse array implementations, for example. People implement this now with code that looks like
tab(i,j) = 1;
This is valid C++, and with the right overloads, it compiles and runs, but it looks wierd.
So tab(i,j) is a function call with two arguments. But tab[i,j] is an invocation of the "comma operator", then a function call with one argument. The default "comma operator" ignores the first argument and returns the second. It once had some uses in C macros.
I've argued with the C++ committee about this. If "operator[]" had the same syntax as "operator()", we could have support for multidimensional arrays in C++. But there's a concern that somewhere, someone might have code that depends on the current semantics of the comma operator inside square brackets.
This new archive offers the opportunity to eliminate that possibility. So, do this search: Find, in non-comment standard C++ code, any occurences of a comma operator within square brackets. Eliminate any where there are parentheses within the square brackets enclosing the comma. Can you find any? In any production code? In any open-source project? Anywhere?
Look what failed. Video compression programs, the type of code almost certain to use streaming SIMD operations.
Try this with two identical dual processors and you should get a nice 4-CPU machine.
Switzerland also has some road sections that can serve as emergency military airstrips. The Swiss like to be prepared.
The biggest problem with Tribe is that you can't merge old tribes, and it's easy to create new tribes. So you end up with near-duplicate tribes and heavy cross-posting. You keep seeing the same postings over and over in different tribes.
I just ate at the Palo Alto Cafe on Middlefield. 18 people and 10 laptops. At the next table was a cute young couple, both dressed in black. Between them, they had two laptops, a Blackberry, a graphing calculator, at least one iPod, and cell phones. All in use.
However, there's other bad stuff. "GTX Global" is traded in the Pink Sheets. And they claim to have made these SEC filings. But those filings aren't showing up in the SEC database.
Looking at what they claim is their balance sheet, all the activity seems to center around Dish TV type operations.
What next, "Roller Disco for Beginners"?
Nature is terrible at selecting computer science papers. They have a good reputation in the life sciences, but quite a number of very weak CS papers have made it into Nature.
The Archive now offers files for streaming, which is a bandwidth hog for music files. People keep playing them again and again. (Especially Deadheads, who are notorous for listening to the same content repeatedly. Possibly due to drug-induced memory degradation.) This is interfering with other queries.
lax.aero does work, if anybody cares. But it's just a redirect to the main site for all Los Angeles County airports. It doesn't even go direct to the LAX site.
Totally unnecessary.
ICANN should stop considering new TLDs. In fact, it might be worthwhile to start phasing out some of the newer TLDs due to lack of interest.
Browsers need at least two privilege levels and multiple compartments to be safe.
This is rev A of the standard. Rev B is out, and has some new features for VoIP, mobile location, and such.
All this describes the delivery side of wiretapping. The control side, via which wiretap requests are made, is web-based in some Lucent switches. That side isn't as standarized as the delivery side. Early thinking was that there would be about as many wiretaps in the CALEA era as there were before, so control events would be rare. But volume is up and the control side is getting to be a problem, especially since the Patriot Act's "roving wiretap" provisions.
And that's a bit more of how Big Brother works.
Since this works through SS7, and full call-control information is available, it's immune to any in-band tones.
See this old Slashdot article with more links.
It's too bad that the Firefox people don't accept that this is a problem.
The straightforward solution is to run most of the browser in a jail. When a page is launched, a copy of the renderer should be launched with a connection to the window, a connection to the network, and no ability to open local files. The page can be displayed, and the page can run whatever JavaScript it wants, but it can't affect anything outside of that page-rendering environment. When the page closes, all state associated with that page is lost.
Of course, this breaks lots of stuff. Cookies. Cacheing. Links. Popups. Third-party toolbars. Plugins. Program launching. Some of those are handled by a messaging interface between the browser and its parent, the launcher, which has to be trusted but doesn't do much, so it can be small.
For security, we probably have to give up toolbars and plugins. People will whine, but that's probably a good move for 90% of business installations.
Program launching from the browser has to be limited to launching within the jail. A rendering process could launch, say, Quicktime, Flash, or a PDF viewer, but those would still be jailed. All they could do is talk to the network and the window.
That's how to fix it right. It's quite possible. The right way to do it is to build the secure browser first, even if it doesn't let some users do things they want to do.
We're going to be forced to this, as patch-based security breaks down, because the attackers are now finding their own exploits, rather than simply looking for unpatched systems.
Here's what the business actually looks like. This is from the web site of someone who has been photographing the storefronts of mail order photo dealers in Brooklyn. The results are very funny. Some are mail drops. Some are bogus addresses. Some are homes. Some are tiny stores selling something else. Only one is a huge warehouse with loading docks.
Some comments I've written:
Here the purpose of the comments is to explain the math.
All code should have well-written comments. As Wirth pointed out years ago, people who can't express themselves well in their native language are generally poor programmers.
Most of the city still doesn't have phone service. Getting enough WiFi up that people can use VoIP and get some basic web services will be a big help.
There's a famous story about this. Larry Niven and Jerry Pournelle once accepted an advance for a new book, but hadn't made much progress as the deadline approached. So they moved into a cabin for the duration to finish the job. They took turns writing for 12 hours a day, with story discussions during their overlapping wake periods. The resulting novel was successful, and it's not obvious who wrote which parts.
He has a front man to do the public relations part of the job, of course. But Rove is the one who makes the decisions.