They are only in violation of PCI requirements if the unpatched servers in question processed/handled credit card numbers. I could not glean from TFA if this is the case. It's bad practice to leave unpatched servers that don't process sensitive data, but it's not uncommon, unfortunately.
Servlets don't restrict network connections, and people do it all the time to talk to their database. I know you're not supposed to spawn threads with EJB (because transaction information is kept in thread local storage), but I don't recall anything about not spawning threads being in the servlet spec. I know of a lot of code that does it in various containers without problems.
While this is disconcerting, it's not like step 2 (being a man in the middle) is easy for an attacker. If they can play that game, you have many things to worry about, which I think is a pretty simple explanation for why people aren't totally panicking over this.
Interesting...if you go to http://216.34.181.45/ you get a 301 redirect to slashdot.org, so using the IP directly doesn't help you, unless you make sure to send the Host header.
Yes, and that's why we shouldn't subsidize the risky loans. There's no way the financial institution would actually offer a loan that they know could not be repaid if the institution had to take the hit when the borrower walked away from the deal.
But instead of taking that hit, the lender lets the government bail them out of their stupid lending decisions so at the end, society is responsible for protecting people from themselves. We're protecting irresponsible lenders. The irresponsible borrowers take a bad credit hit which can have fairly nasty consequences, even to the point of making it difficult to get a job. The lender doesn't have to deal with those kind of consequences.
That bailout needs to go away. When Fannie Mae and Freddie Mac got into trouble, it almost did, but then the government bailed them out, so we're right where we always have been.
Perhaps you don't feel sorry for irresponsible borrowers, but they actually have an effect on the market that hurts everyone. If I want to get a 15 year mortgage at a decent interest rate, I have to remember that I will be placing competing bids with others who probably have 30 year loans, perhaps even interest-only loans with much lower payments. Those people will be easily able to outbid me, driving the price of the homes I am interested in beyond my means. In the end, I may be forced to take a different type of loan so that I don't end up in a dangerous neighborhood. The lenders love this, and will do everything they can to encourage it. The best way to discourage it is to make them pay for their own mistakes!
Talk about overkill...the PS3 doesn't use a P2P system, does it? It probably just downloads from a single TCP connection, so a simple hash or even a signed hash is all that would be needed. They probably already use one anyway, so the flaky download/disk drive argument is likely a red herring.
I chuckled when I saw that, too. That's one of my personal pet peeves, but I would never write a diatribe on it. Of course, the poster of the comment didn't write his diatribe, either. This was written by George Carlin, which I guess anyone familiar with Carlin might have guessed (except that it isn't funny) but I still wish the poster had made a note of it.
There were two in Denver, but the one nearest my house closed in the last year. Bummer! I loved that place. There's nothing quite like having a big slide in the middle of a restaurant!
Ditto. I've never been in an accident even though I've been driving for 14 years now, but every single time I've come close or missed an exit or run a red light, it's been because I was talking to whoever was riding with me. Cell phones or anything else that cause you to only have one hand to drive with make you less likely to be able to recover well when you do get yourself into a sticky situation because you are distracted by the conversation. I do note that my sister is much better able to multitask while driving than I am, but it still freaks me out whenever she starts using her Blackberry.
If you'd read the article, you'd know that Comcast forges the three way handshake and then sends an RST. The real destination doesn't see any traffic at all. Dropping the RST would accomplish nothing.
Someone has probably already noted this, but I haven't seen it yet. The $75 package includes all the songs in multi-track format! This means that you can create your own remixes of the album. That's the part that excites me the most about this. I would love to have all of my music in multi-track format. It opens up so many possibilities to move beyond being a passive consumer into a creator. I hope everyone else follows Reznor's lead!
Ruby isn't going to just disappear any time soon. It started in 1995, so given that it's already been around for over ten years, I don't think it will disappear in the next ten. I can't guarantee that usage will continue to climb, but it seems likely. It's the most pleasant language I've ever coded in!
Re:"How will you use XML in years to come?"
on
The Future of XML
·
· Score: 1
Given that XPath is a query language for the DOM, I'm not really sure how it would replace it. Given that SAX is a way that a DOM can be built, I'm not sure it would replace that, either. I suppose you're just talking about all the tedious code to traverse a DOM to find the elements and attributes you're looking for, or the stacks and other data structures necessary to figure out where you are in a document when using SAX? Yeah, XPath is way better than that stuff, but it's never going to replace them. They're complementary.
Yes, and I know where you got that from. That will pass all unit tests, but since no formal description of the block behavior was given, I think it's only by coincidence. I could write a unit test that it would fail on by any reasonable definition of how these blocks should work, but the test cases don't happen to include one like that. For example,
[ [ true, true, true ],
[ false, false, false ] ]
yields
[ [ false, false, false ],
[ true, true, true ] ]
seems like the natural thing that should happen. The sticky blocks should all fall together if nothing is below them. The simpler code would fail this test because the last two checks in the conditional would be false. It only checks for the presence of blocks next to the block in question, not whether they are supported by anything or not.
This highlights the problem with assuming that passing unit tests mean that your code is correct. Your code may only be as correct and complete as your test suite. Or it may be totally correct. It's hard to tell without a formal proof, and those are usually impractical.
Of course, given that the only "use" of this function is to get the word "coLLAborATE" to spell correctly, the unit tests covered all cases needed to get that done correctly. That means the simplest code that correctly fits those needs is best, and I give kudos to the author of that code. They finished their code before I finished mine, and the extra work I did was totally unnecessary. But it was fun!
I haven't figured that out yet. I think you need to transform it into a sequence of numbers x0, x1,..., xN that you type into the line at the bottom, then hit the "Execute f" button and it will draw a message with blue squares above the line. I presume the contents of that message is the next clue (or even the answer, perhaps).
When fiddling around with the text entry, I know I initially found a way to get boxes at different heights, but now I can only seem to get them on the bottom row. Has anyone else figured that out?
Am I the only one who enjoyed the challenge of solving the problem the way it was intended? Someone correctly guessed that this is like Tetris, where true is a block and false is empty space. However, it's unlike Tetris in some key ways. If you try to solve it, you'll see how as you hit test cases that your code fails on. Here's my function, which passes all tests. I had to try three different algorithms because new information about the behavior of the blocks necessitated starting from scratch with more complexity twice.
f = function(d) {
var height = d.length;
var width = d[0].length;
var find_base = function(t, i) {
for (j = 0; j < width; j++) {
if (d[i][j]) {
if (d[i+1][j]) {
t[j] = true;
}
if (j > 0 && j < (width - 1)) {
if (d[i+1][j-1] && d[i+1][j+1]) {
t[j] = true;
}
}
}
}
};
var add_sticky = function(t, i) {
while (true) {
var stop = true;
for (j = 0; j < width; j++) {
if (d[i][j] && !t[j]) {
if (j > 0 && t[j-1]) {
t[j] = true;
stop = false;
}
if (j < (width - 1) && t[j+1]) {
t[j] = true;
stop = false;
}
}
}
if (stop) {
break;
}
}
};
var i, j;
var t = new Array(width);
for (i = height - 2; i >= 0; i--) {
for (j = 0; j < width; j++) {
t[j] = false;
}
find_base(t, i);
add_sticky(t, i);
for (j = 0; j < width; j++) {
if (d[i][j] && !t[j]) {
d[i][j] = false;
d[i+1][j] = true;
}
}
} };
I see a lot of comments indicating that all a programmer needs to do to scale to more cores is just multithread your algorithms. If only that were true! Unfortunately, memory access patterns become extremely important for getting good performance, and that requires some pretty sophisticated knowledge about the hardware and proper tuning is almost a black art. Once large numbers of cores are in use, scaling your software optimally is going to be very difficult. Don't delude yourself. Talented programmers are going to be very much in demand, and I suggest starting to learn everything you can about it now. For starters, Ulrich Drepper has written an incredibly detailed and helpful article available at http://people.redhat.com/drepper/cpumemory.pdf which should really help dispel any notions that this change to computing is going to be easy!
Google returns zero hits on the quote, "Charging for software is a crime against humanity." I'd like to see the actual quote if that was just a mistaken transcription from memory but RMS really did say something along those lines. I have always understood that RMS was OK with people charging for their software, although the requirements of the GPL do ultimately make it possible to obtain the software free of charge, because anyone who receives the software (through purchase or otherwise) can redistribute it to a third party free of charge.
While I fully agree that the rules of English are screwed up, you need to put your trailing comma before the closing quote, not after. Line 2 should have read:
2. "nazi," as a proper noun, should be capitalized;
Of course, this rule makes sending grammatically correct emails containing instructions intended to be pasted into a UNIX shell prompt impossible. Should we change the language? Hell yes! Will that happen? I don't know, but it hasn't happened yet.
I'm guessing you haven't sat in a "comfortable church pew" of a "crackpot religion" in a long time. You do realize that an awful lot of religious people donate 10% of their incomes to their church. Many churches have special donation opportunities set aside for helping children in other countries as well as missionary opportunities for those who are able to donate their time in addition to (or instead of) their money. No, not everyone participates, but a significant number do. So my question is, do *you* volunteer your time and money to the struggling people you mentioned? Please stop shining a flashlight at the perceived shortcomings of others. Just do your part and maybe you can attract others who are willing to do the same. Criticizing others will accomplish nothing.
In what sense is Monad's pipeline communication format "application-specific"? It can deal with any.NET object. If you had an object with a field called "Title" that had a value "Foozle", you could access that any way you like. It's not application-specific. You want a human-readable form? "Title : Foozle" pretty much does it.:)
Using objects is a very bad idea because the object itself is application specific. I don't know why everyone is acting like this Powershell interacting with objects is so new. I am dealing with the WebLogic Scripting Tool (WLST) these days which is a Jython interface to a bunch of Java APIs. I'm interacting with objects from a scripting language, and it totally sucks because my scripts don't work from one version to the next. This problem can still occur with UNIX: if you can the format of your text, your scripts are going to break. However, the very act of having to convert data to text makes you *think* about how that should be represented. It's a barrier between the internals of your application and the external world. If you expose your internal objects directly to scripts, then any internal changes you make are going to break scripts. Believe me, those internals change a heck of a lot more often than you would like them to. If you don't allow them to, then you unnecessarily burden your code with backward-compatibility problems, which is exactly what got MS' code into such a horrible state.
I was actually very surprised to learn that zsh doesn't need the " character. I know it took me a while to learn to quote variable expansions, and now I do it religiously, but zsh works the way I would have expected when I was first learning.
The downside to the zsh approach is that it's difficult to get a single variable to expand into multiple arguments, for example the options to pass to a JVM. It's common to do something like:
Slashdot Mirror
They are only in violation of PCI requirements if the unpatched servers in question processed/handled credit card numbers. I could not glean from TFA if this is the case. It's bad practice to leave unpatched servers that don't process sensitive data, but it's not uncommon, unfortunately.
Servlets don't restrict network connections, and people do it all the time to talk to their database. I know you're not supposed to spawn threads with EJB (because transaction information is kept in thread local storage), but I don't recall anything about not spawning threads being in the servlet spec. I know of a lot of code that does it in various containers without problems.
While this is disconcerting, it's not like step 2 (being a man in the middle) is easy for an attacker. If they can play that game, you have many things to worry about, which I think is a pretty simple explanation for why people aren't totally panicking over this.
Interesting...if you go to http://216.34.181.45/ you get a 301 redirect to slashdot.org, so using the IP directly doesn't help you, unless you make sure to send the Host header.
Yes, and that's why we shouldn't subsidize the risky loans. There's no way the financial institution would actually offer a loan that they know could not be repaid if the institution had to take the hit when the borrower walked away from the deal.
But instead of taking that hit, the lender lets the government bail them out of their stupid lending decisions so at the end, society is responsible for protecting people from themselves. We're protecting irresponsible lenders. The irresponsible borrowers take a bad credit hit which can have fairly nasty consequences, even to the point of making it difficult to get a job. The lender doesn't have to deal with those kind of consequences.
That bailout needs to go away. When Fannie Mae and Freddie Mac got into trouble, it almost did, but then the government bailed them out, so we're right where we always have been.
Perhaps you don't feel sorry for irresponsible borrowers, but they actually have an effect on the market that hurts everyone. If I want to get a 15 year mortgage at a decent interest rate, I have to remember that I will be placing competing bids with others who probably have 30 year loans, perhaps even interest-only loans with much lower payments. Those people will be easily able to outbid me, driving the price of the homes I am interested in beyond my means. In the end, I may be forced to take a different type of loan so that I don't end up in a dangerous neighborhood. The lenders love this, and will do everything they can to encourage it. The best way to discourage it is to make them pay for their own mistakes!
Talk about overkill...the PS3 doesn't use a P2P system, does it? It probably just downloads from a single TCP connection, so a simple hash or even a signed hash is all that would be needed. They probably already use one anyway, so the flaky download/disk drive argument is likely a red herring.
I chuckled when I saw that, too. That's one of my personal pet peeves, but I would never write a diatribe on it. Of course, the poster of the comment didn't write his diatribe, either. This was written by George Carlin, which I guess anyone familiar with Carlin might have guessed (except that it isn't funny) but I still wish the poster had made a note of it.
There were two in Denver, but the one nearest my house closed in the last year. Bummer! I loved that place. There's nothing quite like having a big slide in the middle of a restaurant!
Ditto. I've never been in an accident even though I've been driving for 14 years now, but every single time I've come close or missed an exit or run a red light, it's been because I was talking to whoever was riding with me. Cell phones or anything else that cause you to only have one hand to drive with make you less likely to be able to recover well when you do get yourself into a sticky situation because you are distracted by the conversation. I do note that my sister is much better able to multitask while driving than I am, but it still freaks me out whenever she starts using her Blackberry.
If you'd read the article, you'd know that Comcast forges the three way handshake and then sends an RST. The real destination doesn't see any traffic at all. Dropping the RST would accomplish nothing.
Here's a video of the interview: http://www.austin360.com/news/mplayer/sxsw/73367
Someone has probably already noted this, but I haven't seen it yet. The $75 package includes all the songs in multi-track format! This means that you can create your own remixes of the album. That's the part that excites me the most about this. I would love to have all of my music in multi-track format. It opens up so many possibilities to move beyond being a passive consumer into a creator. I hope everyone else follows Reznor's lead!
Ruby isn't going to just disappear any time soon. It started in 1995, so given that it's already been around for over ten years, I don't think it will disappear in the next ten. I can't guarantee that usage will continue to climb, but it seems likely. It's the most pleasant language I've ever coded in!
Given that XPath is a query language for the DOM, I'm not really sure how it would replace it. Given that SAX is a way that a DOM can be built, I'm not sure it would replace that, either. I suppose you're just talking about all the tedious code to traverse a DOM to find the elements and attributes you're looking for, or the stacks and other data structures necessary to figure out where you are in a document when using SAX? Yeah, XPath is way better than that stuff, but it's never going to replace them. They're complementary.
This highlights the problem with assuming that passing unit tests mean that your code is correct. Your code may only be as correct and complete as your test suite. Or it may be totally correct. It's hard to tell without a formal proof, and those are usually impractical.
Of course, given that the only "use" of this function is to get the word "coLLAborATE" to spell correctly, the unit tests covered all cases needed to get that done correctly. That means the simplest code that correctly fits those needs is best, and I give kudos to the author of that code. They finished their code before I finished mine, and the extra work I did was totally unnecessary. But it was fun!
I haven't figured that out yet. I think you need to transform it into a sequence of numbers x0, x1, ..., xN that you type into the line at the bottom, then hit the "Execute f" button and it will draw a message with blue squares above the line. I presume the contents of that message is the next clue (or even the answer, perhaps).
When fiddling around with the text entry, I know I initially found a way to get boxes at different heights, but now I can only seem to get them on the bottom row. Has anyone else figured that out?
I see a lot of comments indicating that all a programmer needs to do to scale to more cores is just multithread your algorithms. If only that were true! Unfortunately, memory access patterns become extremely important for getting good performance, and that requires some pretty sophisticated knowledge about the hardware and proper tuning is almost a black art. Once large numbers of cores are in use, scaling your software optimally is going to be very difficult. Don't delude yourself. Talented programmers are going to be very much in demand, and I suggest starting to learn everything you can about it now. For starters, Ulrich Drepper has written an incredibly detailed and helpful article available at http://people.redhat.com/drepper/cpumemory.pdf which should really help dispel any notions that this change to computing is going to be easy!
It took me a while to get that TLA. I thought SFU was shorthand for STFU!
Google returns zero hits on the quote, "Charging for software is a crime against humanity." I'd like to see the actual quote if that was just a mistaken transcription from memory but RMS really did say something along those lines. I have always understood that RMS was OK with people charging for their software, although the requirements of the GPL do ultimately make it possible to obtain the software free of charge, because anyone who receives the software (through purchase or otherwise) can redistribute it to a third party free of charge.
While I fully agree that the rules of English are screwed up, you need to put your trailing comma before the closing quote, not after. Line 2 should have read:
2. "nazi," as a proper noun, should be capitalized;
Of course, this rule makes sending grammatically correct emails containing instructions intended to be pasted into a UNIX shell prompt impossible. Should we change the language? Hell yes! Will that happen? I don't know, but it hasn't happened yet.
Standard error for this test? That would be file descriptor 2.
I'm guessing you haven't sat in a "comfortable church pew" of a "crackpot religion" in a long time. You do realize that an awful lot of religious people donate 10% of their incomes to their church. Many churches have special donation opportunities set aside for helping children in other countries as well as missionary opportunities for those who are able to donate their time in addition to (or instead of) their money. No, not everyone participates, but a significant number do. So my question is, do *you* volunteer your time and money to the struggling people you mentioned? Please stop shining a flashlight at the perceived shortcomings of others. Just do your part and maybe you can attract others who are willing to do the same. Criticizing others will accomplish nothing.
Using objects is a very bad idea because the object itself is application specific. I don't know why everyone is acting like this Powershell interacting with objects is so new. I am dealing with the WebLogic Scripting Tool (WLST) these days which is a Jython interface to a bunch of Java APIs. I'm interacting with objects from a scripting language, and it totally sucks because my scripts don't work from one version to the next. This problem can still occur with UNIX: if you can the format of your text, your scripts are going to break. However, the very act of having to convert data to text makes you *think* about how that should be represented. It's a barrier between the internals of your application and the external world. If you expose your internal objects directly to scripts, then any internal changes you make are going to break scripts. Believe me, those internals change a heck of a lot more often than you would like them to. If you don't allow them to, then you unnecessarily burden your code with backward-compatibility problems, which is exactly what got MS' code into such a horrible state.
I was actually very surprised to learn that zsh doesn't need the " character. I know it took me a while to learn to quote variable expansions, and now I do it religiously, but zsh works the way I would have expected when I was first learning.
The downside to the zsh approach is that it's difficult to get a single variable to expand into multiple arguments, for example the options to pass to a JVM. It's common to do something like:
JAVA_OPTS="-server -Xms16M -Xmx128M -verbose:gc -verbose:gc"
java $JAVA_OPTS -jar orion.jar
With zsh, you have to use eval to split the variable back into individual options:
java $(eval print -- $JAVA_OPTS) -jar orion.jar
I haven't used zsh enough yet to determine which style I really like better.