No, what we need to combat with software bugs is make bugs more expensive - so it is economical to to write properly working software in the first place. How about this: once a bug is discovered, for every affected computer, Microsoft gets to pay a $100 fine.
Also, how come Linux has less of the "OMG super critical" bugs, like Heartbleed?
I updated OpensSSL and only restarted the services that use SSL - apache, exim etc.
As for others, it depends on the vulnerability in question and whether I am affected. 1. Does it require an open incoming port to the outside? No problem, my router also works as a firewall and I have disabled the IPv6 tunnels from Windows. 2. Does it allow a local user to gain admin rights? No problem my single local user is an admin, I am not going to hack my own PC.
Windows 7 can reload graphics drivers if they crash, so I guess it should be able to just reload them for updates. SSL support - wouldn't that only need restarting the programs that use SSL - browsers, email etc leaving my notepad, MS Word etc open? Login service - probably the vulnerability falls in one of the two categories I listed.
Then make the updates not an annoyance to install. Pretty much every Windows update requires a reboot. Usually, after installing fresh Windows on a PC I have to reboot multiple times installing updates. Compare that to Linux - reboot only necessary for kernel updates (and it seems that the latest versions no longer need it), otherwise you just restart the affected service. And even without that, Linux services are quite secure (compare the major Linux bugs like Heartbleed with the number of major Windows bugs).
Also, not all security bugs affect me. For example, let's say there is a bug that would allow someone to hack my PC over WiFi. If my PC does not have WiFi card, I do not need the update.
security update broke my very old Adobe photo shop
Photoshop is expensive. If I buy it I will use the version as long as I can do what I need with it. Just like everything else. I am not buying a new TV if my current one is good enough for me. I also bought a new PC (and installed Windows 7 - I hate the Flat UI of Windows 8) because I wanted to play games that did not run on my old Windows XP PC. This happened before the end of support, not that I was installing lots of updates before - I really dislike rebooting my PC, so much so, that I have enough UPSs that can provide power for an hour in total and am considering buying a generator.
What if I do not want to restart my computer? Windows updates seem to require that for every update (compared to Linux, where only kernel updates require a reboot, normally you just restart the affected service(s)).
However, there is probably going to be a way around it - disabling the update service for example.
Will the baby survive if you kill the mother? A born baby can survive provided someone else takes care of it. An unborn baby (especially if the pregnancy is early enough for "legal" abortion) will die with the mother. An unborn baby that's almost ready to be born can survive if someone cuts it out of the dead mother fast enough.
What do you propose then? For both (not necessarily the same solution for both): 1. Unwanted babies, for example if a rape victim got pregnant from the rape and she does not want part of the rapist inside her for 9 months. While I am not a woman and cannot say for certain, I imagine pregnancy is quite inconvenient. It's a compromise if the baby is wanted, but what if not? OK, if the baby is a result of consensual sex then I guess she is at fault for not using protection or having sex at all. But what if it's trough non of her fault (rape)? 2. China's population problem. Their population still grows despite the policy (though not as fast as before) and they actually need it to shrink to be able to properly feed everyone. Would the USA (or the EU) accept, say, 400 million Chinese immigrants? No? Thought so.
Yet the Chinese government puts enormous pressure to abort the second child in the family and literally millions of healthy children are aborted.
Abortion happens when the fetus is still not an independent lifeform. Also, abortion is legal in many Western countries, which means that quite a lot of people (me included) think that a fetus is less of a human than a child that's outside of the mother (and that the choice of the mother matters more during pregnancy - otherwise we would have to, what, chain the woman until she gives birth? because there are more ways to get an abortion than one)..
However, once the child is born, it is considered valuable (especially since time and effort was put into raising her - also this is why if I was forced to choose between a 3 year old and a baby (say to carry out of a burning building or whatever, both children being not family to me), I would save the 3 year old.
And China is severely overpopulated - it's either the One Child Policy, random executions by lottery or starving.
So, Microsoft changed the UI of Office because otherwise people would have stopped using it and started using OpenOffice or something else?
Most software is just a tool, nothing more. Other tools change less - a hammer does not change (it may be made with different materials etc, but how you use it does not change), even the basic UI of a car does not change (clutch, brakes, gas, steering wheel, gear stick).
So, why does the creator of webmail feel the need to move the send button around? I understand adding new features (and the UI changes the follow them), but why change the "basic UI"?
Touchpads are great, but only after I disable the tap-to-click function. Trackpoints suck for me because they are either slow or imprecise (for me). A trackball would be nice, but nobody makes laptops with them anymore.
Give up land to repay debt. Oh, Putin would love this. Finally, a rationalization of what he's doing to Ukraine ("they owe us for gas Ãnd their land is really cheap because it's bombed to shit so we'll take quarter of the country, since they refused to give it up voluntarily, we are now sending our debt collectors, and due to the costs incurred by the need for debt collectors, we'll now take half the country").
Building a car is not very difficult and since cars have been around for a very long time, you can build a car that's quite nice without infringing patents that are still valid.
Patents last for 20 years, right? So, you can legally duplicate a 20 year old car provided that you change it a little bit to remove trademarks and copyright protected software, but then a 20 year old car won't have that much software (or you can copy a 30 year old car that does not have software).
However, the foreign creditors most likely will not come with tanks to cut a part of the territory or whatever of a sovereign country. Well, Russia might do that, but the EU is not Russia.
Speaking of Russia - maybe it will help Greece pay off the debt in exchange, the Greece would allow some Russian tanks and rockets to be placed on its territory. That would annoy the EU a lot.
I agree, there is no way to undo the technology, the "right to be forgotten" cannot be enforced without really clamping down on the internet, and we don't want that.
Technology changes society, however, society always lags behind usually by decades (until the people who had the technology as children grow old). At some point in the future, the boss will disregard a 20 year old page about what the candidate did when he was 15, because there probably is a similar page about the boss himself. However, currently, there is no such page about the boss if the boss is old enough.
In the past, you had to do something really unusual to appear in a newspaper etc, which means that if a newspaper did write about you, you most likely did similar things that were left unmentioned by the newspaper. Now, especially with Facebook, there probably is an account for every stupid thing you did, but an old fashioned person reading this will think that a lot more was unmentioned.
so i think we have the basis for an actually effective, moral law: prosecution of piece of shit bosses for moronic shallow employment decisions
It does not work normally. The boss can usually choose from tens if not hundreds of candidates, so he can think of a "politically correct" reason to not hire a particular candidate, even though the actual reason was his sexuality or a stupid past. If the boss asks whether you are gay, and you say yes and then he does not hire you, you may have some basis for a complaint, but if the boss does not ask (because Google told him) you do not have the basis for complaint. Also, it's not like the court can force the boss to hire you, and even if it can, do you really expect to have a good working environment and the boss not trying to find a reason to fire you?
I personally do not use Facebook, and never put my real name anywhere that can be indexed by Google. Luckily, some people who have the same name as me can be found on Google, which means I have good noise-to-signal ratio:)
Because the original content may be on a server that is outside the jurisdiction of the court. The same reason is why MPAA wants Google to remove links to torrents.
It's nice that there are a lot of job offers where you live. In other places unemployment is high so you have a choice of either working for that company or starving. And if the company won't hire you because of what you did 15 years ago...
Before search engines, there was a natural decay of public information. While there are archives of newspapers and such, it takes a lot of effort to go through it to find whether somebody was mentioned there, unless the event in question was recent and people still remembered it.
If privacy is a dead concept, why so much hate on the NSA and similar agencies? At least their database isn't public (unless somebody leaks it).
Even an improperly tuned carburetor can still do a good enough job. A few percent CO in the exhaust and the engine still runs fine. At least at the legal speeds, I am sure that the carburetor would need to be tuned for the current air temperature, engine temperature, altitude if I wanted to race and get the most power from the engine, but since the top speed of my car exceeds the speed limit even if the carburetor adjustment is less than optimal, the requirements are a bit less strict.
For some reason some aircraft engines still use carburetors.
Split the/64 into smaller networks -- SLAAC no longer works -- Android devices have to be manually configured with static IPs since they do not support DHCPv6.
But don't private ASs and Provider Independent addresses conflict with the "neat routing tables" goal when I take my AS to another ISP which may be in another country?
Software, compared to mechanical parts, does not rust or wear out. Write it properly once and it will work properly forever.
Pass a law that requires all car software to be in a mask ROM and you will see the decline in bugs as the cost of updates increase. The software will be written more carefully and there will be less of it.
Just like my old tape deck or CD player or TV does not need updates (because that would be done by replacing a chip) but a new TV or Bluray player does.
The turn signal cancelling in my car is mechanical. I dislike heat so I will put in AC in my 1982 car (the most important and difficult to obtain part already ordered with $400 shipping from the US). Heater is also useful to defrost the windshield or when it's -30C outside.
However, I do not need my car to be controlled by software. A carburetor does a good enough job of supplying air/fuel mixture to the engine and does not need software.
My daily commuter is a 1982 MB W123 modified to run on LPG (LPG costs 38% of what gasoline costs here). No software at all.
Rust is a problem but so far I have no problems keeping the car patched. The engine still works, it did not need an overhaul yet.
In case this car is no longer in serviceable condition I am going to buy a different car of a similar year of manufacture. In case the law prevents me I am going to buy a car that has the least amount of electronics in it and then try to increase security by separating hackable components. I do not need WiFi or Bluetooth, so that would be disabled quite quickly.
There is always a reason to everything. Why did a car run over a pedestrian? Because the driver was drunk. Why the driver was driving drunk? He was not drunk enough and wanted to buy some more.
And cars have no security because security costs money. Unless the penalty for having a buggy code is higher than the cost of security, cars will have buggy code.
However, the problem is that by connecting the engine to the same bus as the radio you allow the radio to have control over the engine, or at least this is how it is now.
The radio is built to lower security standards (it's a radio, even if someone hacks it they won't do any real damage), which is OK, but then it needs to be separated from the engine or brakes or steering (where a hacker could do real damage). Have a firewall or something. Just like you don't allow your web server root access to the backups or some other critical server.
I have a 1982 car - while it has electronics (it even has electronic ignition), it does not have software. The radio is a completely separate unit and only connected to the power of the rest of the car.
The car is modified to run on LPG and since LPG is 37.5% the price of gasoline, the car gets "money efficiency" (euros/100km) comparable to much newer gasoline cars.
I manage the networks of several ISPs (the usually have several/22 allocations) and the company I work for (a single/23) and can remember quite a few IPs, even though the ends are not the same (say, a cacti server IP is x.y.z.5 for one ISP and a.b.c.192 for another). That's usually because I use the IPs to connect instead of DNS names, since I can type 93.184.216.34 faster than www.example.com and the IP works even if the DNS server has failed.
I remember some time ago in/. somebody arguing with me that IPv6 does not and should not have NAT because NAT is evil and the sole purpose of IPv6 is to get rid of it.
4) There is no rule that say you can not split a/64. You can split it down to/128 if you want. The only thing that breaks is SLAAC but you can still use DHCPv6 or static/manual configuration.
DHCPv6 works, unless you have Android devices (the point of TFA).
Slashdot Mirror
No, what we need to combat with software bugs is make bugs more expensive - so it is economical to to write properly working software in the first place. How about this: once a bug is discovered, for every affected computer, Microsoft gets to pay a $100 fine.
Also, how come Linux has less of the "OMG super critical" bugs, like Heartbleed?
I updated OpensSSL and only restarted the services that use SSL - apache, exim etc.
As for others, it depends on the vulnerability in question and whether I am affected.
1. Does it require an open incoming port to the outside? No problem, my router also works as a firewall and I have disabled the IPv6 tunnels from Windows.
2. Does it allow a local user to gain admin rights? No problem my single local user is an admin, I am not going to hack my own PC.
Windows 7 can reload graphics drivers if they crash, so I guess it should be able to just reload them for updates.
SSL support - wouldn't that only need restarting the programs that use SSL - browsers, email etc leaving my notepad, MS Word etc open?
Login service - probably the vulnerability falls in one of the two categories I listed.
Then make the updates not an annoyance to install. Pretty much every Windows update requires a reboot. Usually, after installing fresh Windows on a PC I have to reboot multiple times installing updates.
Compare that to Linux - reboot only necessary for kernel updates (and it seems that the latest versions no longer need it), otherwise you just restart the affected service. And even without that, Linux services are quite secure (compare the major Linux bugs like Heartbleed with the number of major Windows bugs).
Also, not all security bugs affect me. For example, let's say there is a bug that would allow someone to hack my PC over WiFi. If my PC does not have WiFi card, I do not need the update.
security update broke my very old Adobe photo shop
Photoshop is expensive. If I buy it I will use the version as long as I can do what I need with it. Just like everything else. I am not buying a new TV if my current one is good enough for me. I also bought a new PC (and installed Windows 7 - I hate the Flat UI of Windows 8) because I wanted to play games that did not run on my old Windows XP PC. This happened before the end of support, not that I was installing lots of updates before - I really dislike rebooting my PC, so much so, that I have enough UPSs that can provide power for an hour in total and am considering buying a generator.
What if I do not want to restart my computer? Windows updates seem to require that for every update (compared to Linux, where only kernel updates require a reboot, normally you just restart the affected service(s)).
However, there is probably going to be a way around it - disabling the update service for example.
How about this for a test of independence:
Will the baby survive if you kill the mother? A born baby can survive provided someone else takes care of it. An unborn baby (especially if the pregnancy is early enough for "legal" abortion) will die with the mother. An unborn baby that's almost ready to be born can survive if someone cuts it out of the dead mother fast enough.
What do you propose then? For both (not necessarily the same solution for both):
1. Unwanted babies, for example if a rape victim got pregnant from the rape and she does not want part of the rapist inside her for 9 months. While I am not a woman and cannot say for certain, I imagine pregnancy is quite inconvenient. It's a compromise if the baby is wanted, but what if not? OK, if the baby is a result of consensual sex then I guess she is at fault for not using protection or having sex at all. But what if it's trough non of her fault (rape)?
2. China's population problem. Their population still grows despite the policy (though not as fast as before) and they actually need it to shrink to be able to properly feed everyone. Would the USA (or the EU) accept, say, 400 million Chinese immigrants? No? Thought so.
Yet the Chinese government puts enormous pressure to abort the second child in the family and literally millions of healthy children are aborted.
Abortion happens when the fetus is still not an independent lifeform. Also, abortion is legal in many Western countries, which means that quite a lot of people (me included) think that a fetus is less of a human than a child that's outside of the mother (and that the choice of the mother matters more during pregnancy - otherwise we would have to, what, chain the woman until she gives birth? because there are more ways to get an abortion than one)..
However, once the child is born, it is considered valuable (especially since time and effort was put into raising her - also this is why if I was forced to choose between a 3 year old and a baby (say to carry out of a burning building or whatever, both children being not family to me), I would save the 3 year old.
And China is severely overpopulated - it's either the One Child Policy, random executions by lottery or starving.
So, Microsoft changed the UI of Office because otherwise people would have stopped using it and started using OpenOffice or something else?
Most software is just a tool, nothing more. Other tools change less - a hammer does not change (it may be made with different materials etc, but how you use it does not change), even the basic UI of a car does not change (clutch, brakes, gas, steering wheel, gear stick).
So, why does the creator of webmail feel the need to move the send button around? I understand adding new features (and the UI changes the follow them), but why change the "basic UI"?
Touchpads are great, but only after I disable the tap-to-click function. Trackpoints suck for me because they are either slow or imprecise (for me). A trackball would be nice, but nobody makes laptops with them anymore.
Give up land to repay debt. Oh, Putin would love this. Finally, a rationalization of what he's doing to Ukraine ("they owe us for gas Ãnd their land is really cheap because it's bombed to shit so we'll take quarter of the country, since they refused to give it up voluntarily, we are now sending our debt collectors, and due to the costs incurred by the need for debt collectors, we'll now take half the country").
Building a car is not very difficult and since cars have been around for a very long time, you can build a car that's quite nice without infringing patents that are still valid.
Patents last for 20 years, right? So, you can legally duplicate a 20 year old car provided that you change it a little bit to remove trademarks and copyright protected software, but then a 20 year old car won't have that much software (or you can copy a 30 year old car that does not have software).
However, the foreign creditors most likely will not come with tanks to cut a part of the territory or whatever of a sovereign country. Well, Russia might do that, but the EU is not Russia.
Speaking of Russia - maybe it will help Greece pay off the debt in exchange, the Greece would allow some Russian tanks and rockets to be placed on its territory. That would annoy the EU a lot.
I agree, there is no way to undo the technology, the "right to be forgotten" cannot be enforced without really clamping down on the internet, and we don't want that.
Technology changes society, however, society always lags behind usually by decades (until the people who had the technology as children grow old). At some point in the future, the boss will disregard a 20 year old page about what the candidate did when he was 15, because there probably is a similar page about the boss himself. However, currently, there is no such page about the boss if the boss is old enough.
In the past, you had to do something really unusual to appear in a newspaper etc, which means that if a newspaper did write about you, you most likely did similar things that were left unmentioned by the newspaper. Now, especially with Facebook, there probably is an account for every stupid thing you did, but an old fashioned person reading this will think that a lot more was unmentioned.
so i think we have the basis for an actually effective, moral law: prosecution of piece of shit bosses for moronic shallow employment decisions
It does not work normally. The boss can usually choose from tens if not hundreds of candidates, so he can think of a "politically correct" reason to not hire a particular candidate, even though the actual reason was his sexuality or a stupid past. If the boss asks whether you are gay, and you say yes and then he does not hire you, you may have some basis for a complaint, but if the boss does not ask (because Google told him) you do not have the basis for complaint. Also, it's not like the court can force the boss to hire you, and even if it can, do you really expect to have a good working environment and the boss not trying to find a reason to fire you?
I personally do not use Facebook, and never put my real name anywhere that can be indexed by Google. Luckily, some people who have the same name as me can be found on Google, which means I have good noise-to-signal ratio :)
Because the original content may be on a server that is outside the jurisdiction of the court. The same reason is why MPAA wants Google to remove links to torrents.
It's nice that there are a lot of job offers where you live. In other places unemployment is high so you have a choice of either working for that company or starving. And if the company won't hire you because of what you did 15 years ago...
Before search engines, there was a natural decay of public information. While there are archives of newspapers and such, it takes a lot of effort to go through it to find whether somebody was mentioned there, unless the event in question was recent and people still remembered it.
If privacy is a dead concept, why so much hate on the NSA and similar agencies? At least their database isn't public (unless somebody leaks it).
Even an improperly tuned carburetor can still do a good enough job. A few percent CO in the exhaust and the engine still runs fine. At least at the legal speeds, I am sure that the carburetor would need to be tuned for the current air temperature, engine temperature, altitude if I wanted to race and get the most power from the engine, but since the top speed of my car exceeds the speed limit even if the carburetor adjustment is less than optimal, the requirements are a bit less strict.
For some reason some aircraft engines still use carburetors.
Split the /64 into smaller networks -- SLAAC no longer works -- Android devices have to be manually configured with static IPs since they do not support DHCPv6.
But don't private ASs and Provider Independent addresses conflict with the "neat routing tables" goal when I take my AS to another ISP which may be in another country?
Software, compared to mechanical parts, does not rust or wear out. Write it properly once and it will work properly forever.
Pass a law that requires all car software to be in a mask ROM and you will see the decline in bugs as the cost of updates increase. The software will be written more carefully and there will be less of it.
Just like my old tape deck or CD player or TV does not need updates (because that would be done by replacing a chip) but a new TV or Bluray player does.
The turn signal cancelling in my car is mechanical. I dislike heat so I will put in AC in my 1982 car (the most important and difficult to obtain part already ordered with $400 shipping from the US). Heater is also useful to defrost the windshield or when it's -30C outside.
However, I do not need my car to be controlled by software. A carburetor does a good enough job of supplying air/fuel mixture to the engine and does not need software.
My daily commuter is a 1982 MB W123 modified to run on LPG (LPG costs 38% of what gasoline costs here). No software at all.
Rust is a problem but so far I have no problems keeping the car patched. The engine still works, it did not need an overhaul yet.
In case this car is no longer in serviceable condition I am going to buy a different car of a similar year of manufacture. In case the law prevents me I am going to buy a car that has the least amount of electronics in it and then try to increase security by separating hackable components. I do not need WiFi or Bluetooth, so that would be disabled quite quickly.
There is always a reason to everything. Why did a car run over a pedestrian? Because the driver was drunk. Why the driver was driving drunk? He was not drunk enough and wanted to buy some more.
And cars have no security because security costs money. Unless the penalty for having a buggy code is higher than the cost of security, cars will have buggy code.
However, the problem is that by connecting the engine to the same bus as the radio you allow the radio to have control over the engine, or at least this is how it is now.
The radio is built to lower security standards (it's a radio, even if someone hacks it they won't do any real damage), which is OK, but then it needs to be separated from the engine or brakes or steering (where a hacker could do real damage). Have a firewall or something. Just like you don't allow your web server root access to the backups or some other critical server.
telnet car-ip
login: root
password: admin
root@car ~# service collision-avoidance stop
root@car ~# service braking stop
root@car ~# throttle_set 100%
root@car ~#
Connection lost.
I have a 1982 car - while it has electronics (it even has electronic ignition), it does not have software. The radio is a completely separate unit and only connected to the power of the rest of the car.
The car is modified to run on LPG and since LPG is 37.5% the price of gasoline, the car gets "money efficiency" (euros/100km) comparable to much newer gasoline cars.
I manage the networks of several ISPs (the usually have several /22 allocations) and the company I work for (a single /23) and can remember quite a few IPs, even though the ends are not the same (say, a cacti server IP is x.y.z.5 for one ISP and a.b.c.192 for another). That's usually because I use the IPs to connect instead of DNS names, since I can type 93.184.216.34 faster than www.example.com and the IP works even if the DNS server has failed.
2) IPv6 has NAT
I remember some time ago in /. somebody arguing with me that IPv6 does not and should not have NAT because NAT is evil and the sole purpose of IPv6 is to get rid of it.
4) There is no rule that say you can not split a /64. You can split it down to /128 if you want. The only thing that breaks is SLAAC but you can still use DHCPv6 or static/manual configuration.
DHCPv6 works, unless you have Android devices (the point of TFA).