ASLR in Linux is a novelty and usually not the default. Just like selinux is a joke.
Yes, and there's a reason for that: the Linux community apparently doesn't want them and doesn't find them useful. If enough people wanted them, they'd be on by default in the major distributions.
To bad MS has figured out how to implement it consistently.
Yes, and that pretty much tells you what's wrong with Microsoft: it's a bunch of managers deciding top down what security mechanisms Windows should use, and then they direct their masses of programmers to implement that "consistently", and finally it gets shipped with the next major release, whether users want it or not.
The trouble with the Microsoft approach is that nobody in the world is smart enough to design security correctly in such a top-down way. Based on a bunch of papers half a dozen years ago, Microsoft may have jumped onto the ASLR bandwagon, but that doesn't make it a good security solution.
And this top-down, planned approach is the reason Microsoft keeps screwing up and why they need to spend so much money developing software that other people develop with a fraction of the investment. It sounds good on paper, and control-freaks love it, but it simply isn't a good way of creating a complex software system.
Well, that's the reason many people don't buy Blackberry phones. Nokia used to be different. But apparently Nokia phones are off the table as well now for anybody who cares about security.
And why does it matter? Because once the password is sent in plain text anywhere, you have no control over it. It likely gets stored in Nokias server logs and on their backup tapes. Nokia employees can access it. Police can subpoena it. Intruders can sniff it. Etc.
Call them what you will, but industrial design and attention to detail is often grossly overlooked.
It's not "overlooked" at all, but it costs money. Apple can afford to have hordes of designers worry about where to place every pixel, others can't. It's the mass produced equivalent of hand detailing or bling on your car.
And it's this profligate spending that makes Apple's designs what they are: a more expensive product for people willing to spend a little more; unfortunately, functionality takes a back seat.
The reason Ubuntu doesn't include the MS Core Fonts is because Microsoft has placed ridiculous redistribution restrictions on their "standard" fonts. It's typical Microsoft evil and Microsoft stupidity; welcome to the Microsoft "standard" web.
Ubuntu has made installing the fonts as easy as can be: "apt-get install msttcorefonts". There are also some free look/work-alikes.
Even Microsoft hasn't sunk to that level of incompetence and blatant violation of user privacy. Transmitting the user's password to a third party server in plain text over an unencrypted link is inexcusable.
I have several Nokia phones; obviously, I need to get rid of them. If they make such a fundamental mistake, Nokia obviously cannot be trusted with anything.
Fortunately, with Android, we now have a reasonable alternative.
C# and Perl happen to be also strongly typed and losely typed, respectively, but that isn't essential to your example. The distinction you're looking for isn't "strongly typed" vs "loosely typed", but "statically typed" vs "dynamically typed".
It's fine to say "oops I made a typo" when you're a nerd living in your mother's basement.
Microsoft, however, is one of the biggest corporation in the world, and a convicted monopolist under watch by the EU and US governments. "Oops I made a typo" doesn't cut it; they can't afford to make typos.
Two experimental tasks in psychology, the two-stage gambling game and the Prisoner's Dilemma game, show that people violate the sure thing principle of decision theory.
The authors are wrong on what the optimal decision is for the Prisoner's Dilemma, so the deviation they think they need to explain doesn't exist.
If you try to defraud open source developers, you'll get nailed to the wall by courts. If you make an honest mistake, the courts take that into account and are lenient.
You're at far greater risk of enforcement action from Microsoft and their goons; unlike open source, where you're only at risk if you deliberately try to violate the license, organizations like the BSA regularly impose high costs on businesses.
Yeah, penicillin required looking at a petri dish, but I'm not sure that counts as "visualization".
Einstein apparently was a visual thinker, but the emphasis there is on "thinking", not plotting, graphing, or other artifacts; visual thinking in mathematics is very different from 2D or 3D data visualizations.
The US has lots of deserts, with power lines running through them even. Both the land and moving the electricity are cheap.
but there's simply more to crunching the numbers than you think there is.
Funny, that's what I would say to you. Show me that launching huge amounts of electronics into space, maintaining it there, maintaining a base station, and clearing all the regulatory hurdles is cheaper than buying desert land, putting cheap solar cells on there, and hooking up to existing power lines.
The reason that we have solar frequencies converted to this frequency, is because it interacts close to nothing with the atmosphere, or just about any organic particle/interference.
That's incorrect. It doesn't ionize, it may or may not get absorbed, but both microwaves and RF certainly "interact" with lots of matter.
A lot of matter interacts with very specific frequencies, which is why this frequency will only give power to the designated material.
That's not true in general for either RF or much of the microwave spectrum.
But, hey, why don't you tell us what specific frequencies, materials, and receivers you think they are going to use.
The efficiency here is the 30% extra incoming solar power that is otherwise lost in the atmosphere (minus some small lost amount they're tuning the beam to minimize), times the 24/7 uptime instead of about 25% terrestrial due to night/weather/seasons.
So, you say a factor of 5, I say a factor of 2-4; big deal (I think your numbers are overly pessimistic).
But the other advantage is the much larger area that thin collector sheets can cover in space. Launching costs money per mass, but the collectors can unfurl across kilometers. And the maintenance costs in microgravity/femtopressure are much lower over years, despite the remoteness. After the large initial costs, the ongoing costs per watt are extremely low.
Sorry, I don't believe it. I'd like to see a reasonable cost analysis for that.
If you're lucky, you gain a factor of 2-4 in efficiency by going into space, but the costs per photocell are astronomically higher compared to installation in a desert.
That's, of course, assuming you can actually get other nations to agree to let you place a massive power plant and emitter in orbit, something that could easily be weaponized.
I could easily say that Linux packaging is fundamentally broken because it's predicated on a development model that fails to maintain consistent ABI compatibility across release, resulting in a massive dependency chain that *REQUIRES* complex tools to adequately manage.
Linux packaging isn't "predicated" on any development model. It's just that because Linux packaging and dependency management works so well, people don't think much about ABI compatibility. Nevertheless, ABI compatibility actually seems to be pretty good, given that there are some packages that work across many different Linux releases and distributions without changes.
In any case the "massive dependency chain" is a result of the software itself and has little to do with ABIs. Take something like SciPy: it depends on many dozens of libraries, and many of those libraries depend on each other. The Macintosh approach is to package up all that stuff with SciPy and dump it a single package. But when I install that version of SciPy, no other third party numerical software will work with that, because all that software will be packaged with its own versions of all of those libraries. When I try to put SciPy together with those other libraries, I end up with multiple instances and versions of the same library in the same process and that simply doesn't work in general.
Consider yourself lucky if you don't run into these problems, but OS X has massive deficiencies in the area of software updating. The iPhone is just as bad; just about every time I turn mine on, it wants me to update something or other again. It's a bloody nuisance.
The thing to note here is how easy the process is for the user. I drag to install, drag to delete, and don't worry about anything else
Except that:
drag to delete doesn't actually get rid of many applications
applications constantly bug users with pop-up windows about whether they want to upgrade
I can always run the latest software, because I'm not waiting for it to be packaged.
Except that you're constantly waiting for Apple to package and update their system. Some of their software is way, way behind.
I don't need dependency management, because the base system guarantees stable binary interfaces, and applications can include any additional dependencies directly in their bundle
Every application including copies of its non-system dependencies is not a solution because you end up with different applications using inconsistent versions of dependencies.
The only reason the Mac's simplistic approach works at all is because most people don't use the Mac for anything other than running a handful of applications. Even then, users are frequently baffled by the various "a new version is available" messages.
Linux needs to borrow Apple's "package and dependency management system"
Mac-like packaging is available for Linux; it hasn't caught on because Mac-like packaging is fundamentally broken.
But no worry: Apple used to rail against multitasking and UNIX, until they adopted it. No doubt, Apple will sooner or later adopt Linux package management, and then people like you will go around telling everybody how Apple invented and/or perfected it.
Adobe seems to have got it right with its latest version of Adobe Updater - only launch when an Adobe product is launched
No, that's not right either. What Windows and OS X really need is a decent package and dependency management system like, oh, Linux has had for more than a decade.
I think the cable and phone companies are doing the right thing by instituting volume-based pricing; bandwidth isn't unlimited or free, and it needs to be accounted for like electricity, gas, water, or heat.
At the same time, the actual prices are way too high, and that's why these companies need to be regulated and public utility commissions need to get active. I'd guess that 100G/month should probably be somewhere around $30.
Laws have bugs just like software. We don't stop writing useful software just because it may fail, we use bug tracking, debuggers, and bug fix releases. So, it's neither surprising nor avoidable that laws like this have unintended consequences. Lawmakers should simply have better turnaround times for fixing bugs in laws.
That has little to do with the infrastructure and more to do with the site design. Please don't blame the sys engineers/admins for the poor interface design.
Well, the fact that they gave a talk about their LAMP stack tells you that they consider engineering more important than site design. Furthermore, a poor choice of infrastructure makes doing good site design hard.
And that's my point: Facebook is evidently driven by system stuff and programmers, while it should be driven by site design.
Slashdot Mirror
ASLR in Linux is a novelty and usually not the default. Just like selinux is a joke.
Yes, and there's a reason for that: the Linux community apparently doesn't want them and doesn't find them useful. If enough people wanted them, they'd be on by default in the major distributions.
To bad MS has figured out how to implement it consistently.
Yes, and that pretty much tells you what's wrong with Microsoft: it's a bunch of managers deciding top down what security mechanisms Windows should use, and then they direct their masses of programmers to implement that "consistently", and finally it gets shipped with the next major release, whether users want it or not.
The trouble with the Microsoft approach is that nobody in the world is smart enough to design security correctly in such a top-down way. Based on a bunch of papers half a dozen years ago, Microsoft may have jumped onto the ASLR bandwagon, but that doesn't make it a good security solution.
And this top-down, planned approach is the reason Microsoft keeps screwing up and why they need to spend so much money developing software that other people develop with a fraction of the investment. It sounds good on paper, and control-freaks love it, but it simply isn't a good way of creating a complex software system.
Well, that's the reason many people don't buy Blackberry phones. Nokia used to be different. But apparently Nokia phones are off the table as well now for anybody who cares about security.
And why does it matter? Because once the password is sent in plain text anywhere, you have no control over it. It likely gets stored in Nokias server logs and on their backup tapes. Nokia employees can access it. Police can subpoena it. Intruders can sniff it. Etc.
Call them what you will, but industrial design and attention to detail is often grossly overlooked.
It's not "overlooked" at all, but it costs money. Apple can afford to have hordes of designers worry about where to place every pixel, others can't. It's the mass produced equivalent of hand detailing or bling on your car.
And it's this profligate spending that makes Apple's designs what they are: a more expensive product for people willing to spend a little more; unfortunately, functionality takes a back seat.
The reason Ubuntu doesn't include the MS Core Fonts is because Microsoft has placed ridiculous redistribution restrictions on their "standard" fonts. It's typical Microsoft evil and Microsoft stupidity; welcome to the Microsoft "standard" web.
Ubuntu has made installing the fonts as easy as can be: "apt-get install msttcorefonts". There are also some free look/work-alikes.
Even Microsoft hasn't sunk to that level of incompetence and blatant violation of user privacy. Transmitting the user's password to a third party server in plain text over an unencrypted link is inexcusable.
I have several Nokia phones; obviously, I need to get rid of them. If they make such a fundamental mistake, Nokia obviously cannot be trusted with anything.
Fortunately, with Android, we now have a reasonable alternative.
C# and Perl happen to be also strongly typed and losely typed, respectively, but that isn't essential to your example. The distinction you're looking for isn't "strongly typed" vs "loosely typed", but "statically typed" vs "dynamically typed".
It's fine to say "oops I made a typo" when you're a nerd living in your mother's basement.
Microsoft, however, is one of the biggest corporation in the world, and a convicted monopolist under watch by the EU and US governments. "Oops I made a typo" doesn't cut it; they can't afford to make typos.
I hope this will get investigated and punished.
9.04 doesn't even boot on my laptop (an HP DV2, some kind of SATA driver problem).
Furthermore, I can't figure out where to report this. What's the point of having a beta or an RC if it's difficult for users to give feedback?
Two experimental tasks in psychology, the two-stage gambling game and the Prisoner's Dilemma game, show that people violate the sure thing principle of decision theory.
The authors are wrong on what the optimal decision is for the Prisoner's Dilemma, so the deviation they think they need to explain doesn't exist.
If you try to defraud open source developers, you'll get nailed to the wall by courts. If you make an honest mistake, the courts take that into account and are lenient.
You're at far greater risk of enforcement action from Microsoft and their goons; unlike open source, where you're only at risk if you deliberately try to violate the license, organizations like the BSA regularly impose high costs on businesses.
Yeah, penicillin required looking at a petri dish, but I'm not sure that counts as "visualization".
Einstein apparently was a visual thinker, but the emphasis there is on "thinking", not plotting, graphing, or other artifacts; visual thinking in mathematics is very different from 2D or 3D data visualizations.
The US has lots of deserts, with power lines running through them even. Both the land and moving the electricity are cheap.
but there's simply more to crunching the numbers than you think there is.
Funny, that's what I would say to you. Show me that launching huge amounts of electronics into space, maintaining it there, maintaining a base station, and clearing all the regulatory hurdles is cheaper than buying desert land, putting cheap solar cells on there, and hooking up to existing power lines.
The reason that we have solar frequencies converted to this frequency, is because it interacts close to nothing with the atmosphere, or just about any organic particle/interference.
That's incorrect. It doesn't ionize, it may or may not get absorbed, but both microwaves and RF certainly "interact" with lots of matter.
A lot of matter interacts with very specific frequencies, which is why this frequency will only give power to the designated material.
That's not true in general for either RF or much of the microwave spectrum.
But, hey, why don't you tell us what specific frequencies, materials, and receivers you think they are going to use.
The efficiency here is the 30% extra incoming solar power that is otherwise lost in the atmosphere (minus some small lost amount they're tuning the beam to minimize), times the 24/7 uptime instead of about 25% terrestrial due to night/weather/seasons.
So, you say a factor of 5, I say a factor of 2-4; big deal (I think your numbers are overly pessimistic).
But the other advantage is the much larger area that thin collector sheets can cover in space. Launching costs money per mass, but the collectors can unfurl across kilometers. And the maintenance costs in microgravity/femtopressure are much lower over years, despite the remoteness. After the large initial costs, the ongoing costs per watt are extremely low.
Sorry, I don't believe it. I'd like to see a reasonable cost analysis for that.
The average visitor to YouTube is costing Google between one and two dollars
No problem, they'll make it up in volume :-)
If you're lucky, you gain a factor of 2-4 in efficiency by going into space, but the costs per photocell are astronomically higher compared to installation in a desert.
That's, of course, assuming you can actually get other nations to agree to let you place a massive power plant and emitter in orbit, something that could easily be weaponized.
I could easily say that Linux packaging is fundamentally broken because it's predicated on a development model that fails to maintain consistent ABI compatibility across release, resulting in a massive dependency chain that *REQUIRES* complex tools to adequately manage.
Linux packaging isn't "predicated" on any development model. It's just that because Linux packaging and dependency management works so well, people don't think much about ABI compatibility. Nevertheless, ABI compatibility actually seems to be pretty good, given that there are some packages that work across many different Linux releases and distributions without changes.
In any case the "massive dependency chain" is a result of the software itself and has little to do with ABIs. Take something like SciPy: it depends on many dozens of libraries, and many of those libraries depend on each other. The Macintosh approach is to package up all that stuff with SciPy and dump it a single package. But when I install that version of SciPy, no other third party numerical software will work with that, because all that software will be packaged with its own versions of all of those libraries. When I try to put SciPy together with those other libraries, I end up with multiple instances and versions of the same library in the same process and that simply doesn't work in general.
Consider yourself lucky if you don't run into these problems, but OS X has massive deficiencies in the area of software updating. The iPhone is just as bad; just about every time I turn mine on, it wants me to update something or other again. It's a bloody nuisance.
Sun Java is enormously bloated; it's time that a company with muscle cuts Java down to a reasonable size.
The thing to note here is how easy the process is for the user. I drag to install, drag to delete, and don't worry about anything else
Except that:
I can always run the latest software, because I'm not waiting for it to be packaged.
Except that you're constantly waiting for Apple to package and update their system. Some of their software is way, way behind.
I don't need dependency management, because the base system guarantees stable binary interfaces, and applications can include any additional dependencies directly in their bundle
Every application including copies of its non-system dependencies is not a solution because you end up with different applications using inconsistent versions of dependencies.
The only reason the Mac's simplistic approach works at all is because most people don't use the Mac for anything other than running a handful of applications. Even then, users are frequently baffled by the various "a new version is available" messages.
Linux needs to borrow Apple's "package and dependency management system"
Mac-like packaging is available for Linux; it hasn't caught on because Mac-like packaging is fundamentally broken.
But no worry: Apple used to rail against multitasking and UNIX, until they adopted it. No doubt, Apple will sooner or later adopt Linux package management, and then people like you will go around telling everybody how Apple invented and/or perfected it.
What two viable positions is that supposed to be a "viable compromise" between?
Adobe seems to have got it right with its latest version of Adobe Updater - only launch when an Adobe product is launched
No, that's not right either. What Windows and OS X really need is a decent package and dependency management system like, oh, Linux has had for more than a decade.
I think the cable and phone companies are doing the right thing by instituting volume-based pricing; bandwidth isn't unlimited or free, and it needs to be accounted for like electricity, gas, water, or heat.
At the same time, the actual prices are way too high, and that's why these companies need to be regulated and public utility commissions need to get active. I'd guess that 100G/month should probably be somewhere around $30.
Laws have bugs just like software. We don't stop writing useful software just because it may fail, we use bug tracking, debuggers, and bug fix releases. So, it's neither surprising nor avoidable that laws like this have unintended consequences. Lawmakers should simply have better turnaround times for fixing bugs in laws.
If your site infrastructure is influencing how you design, you've made some sort of monolithic error along the way
I haven't, but Facebook evidently has.
All things considered, I'd actually say that Facebook's design is pretty decent
I find it confusing as hell, and so do most people I know.
I think it's great that they're sharing knowledge about how they've managed to use and customize an infrastructure to support 200,000,000 users,
Come on, scalability is off-the-shelf stuff these days.
That has little to do with the infrastructure and more to do with the site design. Please don't blame the sys engineers/admins for the poor interface design.
Well, the fact that they gave a talk about their LAMP stack tells you that they consider engineering more important than site design. Furthermore, a poor choice of infrastructure makes doing good site design hard.
And that's my point: Facebook is evidently driven by system stuff and programmers, while it should be driven by site design.