If one adhere to the authors thinking (which for a very long time has been adcocated by Micosoft and other commercial software companyes) that it are impossible to create 100% correct programs and one only concern oneself with the time period that a securoty exploit is known than the author are mostly correct.
However if you want a truly secure system you want a system that is proven to be secure. If people shall trust Internet and it's services one need a truly proven secure Internet - in that regard the author is way off and the paper is really unimportant since it talks about a situation that should be purely academic.
The only way to prove that a system are secure is to release all specifications (ie. source code) and let everybody try and break the system. If noone has broken the system in a couple of years the system is very secure.
With closed source you can never prove that the system is secure by pounding at it... because it may exist a security hole that only is easy to find if you have the source code.
It only takes a disgrountled employee to release the source code (ot just the exploit) of the closed-source system and you have a nightmare.
If you want to have a truly secure system - use proven secure software.
This is why algorithms for crypto are released so that all crypto experts can try and break it. This is similar to when ESR says that given enough eyeballs any bug is shallow.
It is possible to write computer programs that are 100% correct. But the only way to ensure that, is to matemathically prove that the program is correct. It exist an academic programming language called Pro that was created for just that purpose - to prove that a computor language are 100% correct according to it's specifications.
So in theory it is possble to make 100% correct computor programs. The only way to make sure the proof is correct is to also make sure it's secure in practise by letting other try to find errors in the proof. Thus the only way one can get a 100% correct program is the release the source code.
In practice thare also exists programs that have been proven to be very secure - because the developers where concerned about security - one good example are qmail.
A different example is Microsoft who recently said that they can't release their source code because it will threathen the USA security. Deep down in Micosoft software exist at least one unexploited security hole. It only requires one person to find it or one former employee of the houndred or maybe shousends Micosoft employess who knows about the security hole to tell others about it.
If you are using Micosoft closed softeare you are now sitting on a ticking bomb. So anyone interested in a secure system should not use Micosoft software. Since it it well known that there exists a security hole in it that will compromise your security when it is becomes public knowledge. So anyonw concerned with security and uses Micosoft software are... well just say that thay maybe should change operating system ASAP.
With open source I know that if anyone has seen a problem it is fixed - for closed source I know that the company will probably not fix it until an exploit is widely known.
If one wants to be taken serious whan talking about secure software one need to show that the software is secure and not just talk about security and treat is as an PR problem.
You are right, had not MS shipped an invalid Java version Java would have been much better.
Sadly they are now shipping the crippled version again - probably just to confuse users who think they will get anything usefull and give Sun 's Java a lot of bad press. I wish Microsoft would honor the original contract with Sun and ship the latest Java VM instead.
I wonder how many times this FUD is being said on Slashdot and I wonder why there are so many clueless posters who moderate up Microsoft FUD.
Micosoft violated the contract regarding Java and made a non-standards Java version. (I think we all heard that before - they basically make that eith everything they get thier hands on to try and make the item propriatory to thier OS)
So Sun suid them to get them to comply with the contract and of cource they won. Mocrosoft then got sully when they could not bully Sun, like they do nearly everyone else, so Micosoft then refused to include further versions of Java in the OS making a lot of customers unhappy.
That is what really happend and has to be stated every time Java comes up since their still seams to exist many clueless Slashdot posters or people deliberatly spreading FUD.
Microsoft may have won the battle against Netscape. But they have been very unsuccessfull of winning the war.
MS did not make versions of MSIE for Linux and other UNIX variants. They also have been unable to stop the Linux tide so far - it means that there will always be room for at least one more browser.
Basically it means Micosoft can never win the war until everybody uses MS Windows. And since this looks like it never will be true since Linux and other unices survive - irregardless what MS tries to tell everbody.
Thus Micorosft can NEVER win the war as long as they do not provide MSIE on all platforms. They might win some battles but in the end they will lose the war.
Mozilla (together with all other browesers using the same engine) on the other hand are multi-playform and can thus has a chance of winning the war since it will run on any platform and is very standards compliant.
MS may have won the battle against Netscape but cannot win over Mozilla....
Quick, without looking: what are the arguments passed into "strtok()"
A good programmer never uses strtok(). Its use is very dangerous for the health of your program. Thus you don't need to know the arguments too it.
Or even better please forget you ever heard of strtok(), sprintf(), gets() and all other dangerous functions that never should be used by a good programmer.
Just the fact that some games are made into movies underlines the fact that games has become an integral part of the popular culture.
As for the trends for games I think you will find that as in books and movies that there will always be a large direvsion of titles appealing to different people.
Spaf is a follower of the security through obscurity fold.
For short term security that works. As a long term solution, it's no good.
Bruce Schneider has a lot to say about why open specifications are much better and encourage people to use open security to make REALLY secure systems.
Since I prefer to use a non-MIME complieant email reader I personally see how most of these MIME encoded messages looks like. So I can say that I know a lot about MIME since I basically read it fluently - well except for the HEX encoded parts.
Slashdot Mirror
Sorry, thats not a cover song - it's an remix.
Thata why it's a tad shorter. They upped the BPM 433 % so 4,33 takes only 1 minute.
Just like the Elvis song that is so popular now.
Well, you always automatically gets copyright to code ...
At least whre I live.
If one adhere to the authors thinking (which for a very long time has been adcocated by Micosoft and other commercial software companyes) that it are impossible to create 100% correct programs and one only concern oneself with the time period that a securoty exploit is known than the author are mostly correct.
... well just say that thay maybe should change operating system ASAP.
However if you want a truly secure system you want a system that is proven to be secure. If people shall trust Internet and it's services one need a truly proven secure Internet - in that regard the author is way off and the paper is really unimportant since it talks about a situation that should be purely academic.
The only way to prove that a system are secure is to release all specifications (ie. source code) and let everybody try and break the system. If noone has broken the system in a couple of years the system is very secure.
With closed source you can never prove that the system is secure by pounding at it... because it may exist a security hole that only is easy to find if you have the source code.
It only takes a disgrountled employee to release the source code (ot just the exploit) of the closed-source system and you have a nightmare.
If you want to have a truly secure system - use proven secure software.
This is why algorithms for crypto are released so that all crypto experts can try and break it. This is similar to when ESR says that given enough eyeballs any bug is shallow.
It is possible to write computer programs that are 100% correct. But the only way to ensure that, is to matemathically prove that the program is correct. It exist an academic programming language called Pro that was created for just that purpose - to prove that a computor language are 100% correct according to it's specifications.
So in theory it is possble to make 100% correct computor programs. The only way to make sure the proof is correct is to also make sure it's secure in practise by letting other try to find errors in the proof. Thus the only way one can get a 100% correct program is the release the source code.
In practice thare also exists programs that have been proven to be very secure - because the developers where concerned about security - one good example are qmail.
A different example is Microsoft who recently said that they can't release their source code because it will threathen the USA security. Deep down in Micosoft software exist at least one unexploited security hole. It only requires one person to find it or one former employee of the houndred or maybe shousends Micosoft employess who knows about the security hole to tell others about it.
If you are using Micosoft closed softeare you are now sitting on a ticking bomb. So anyone interested in a secure system should not use Micosoft software. Since it it well known that there exists a security hole in it that will compromise your security when it is becomes public knowledge. So anyonw concerned with security and uses Micosoft software are
With open source I know that if anyone has seen a problem it is fixed - for closed source I know that the company will probably not fix it until an exploit is widely known.
If one wants to be taken serious whan talking about secure software one need to show that the software is secure and not just talk about security and treat is as an PR problem.
Ask them to send it as a RTF document.
Sorry, MS FUD doctor it's not.
The open source way have never been to add propriotory extentions that noone else can use...
Actually Sun won the lawsuit and Micosoft lost. But as always MS spin-doctors have been busy.
Java is currently the fastes growing language and are replacing C/C++ in many places.
Sorry you are spreading MS FUD.
Microsoft can not use the Java name for MS own crappy JVM since it does not follow the Java standard.
If Microsoft made a JVM that follows the standard they can still use the Java trademark.
This is the same requirement that Sun has on all that uses thier code - it can only be named Java if it follows the standard.
Thats is the only way to make sure that develop once run everywhere works.
I guess M$ really does like illegal competition..
Given that Sun suid Micosoft and WON, I sould say that it looks like Micosoft doeas not like to have an legal competition.
Microsoft prefers to fight where they can use illeagel ways to win....
I see smaug is spreading MS FUD. Why is it that every time Java and Windows is meantined there are a lot of Slashdot users willing to spread MS FUD.
" Write once, run anywhere... NOT!"
You are right, had not MS shipped an invalid Java version Java would have been much better.
Sadly they are now shipping the crippled version again - probably just to confuse users who think they will get anything usefull and give Sun 's Java a lot of bad press.
I wish Microsoft would honor the original contract with Sun and ship the latest Java VM instead.
Are you being paid by Micrsoft to spread FUD or a fool.
Oh, sorry I repeat myself.
More MS FUD. They must spread it like menure.
I wonder how many times this FUD is being said on Slashdot and I wonder why there are so many clueless posters who moderate up Microsoft FUD.
Micosoft violated the contract regarding Java and made a non-standards Java version. (I think we all heard that before - they basically make that eith everything they get thier hands on to try and make the item propriatory to thier OS)
So Sun suid them to get them to comply with the contract and of cource they won. Mocrosoft then got sully when they could not bully Sun, like they do nearly everyone else, so Micosoft then refused to include further versions of Java in the OS making a lot of customers unhappy.
That is what really happend and has to be stated every time Java comes up since their still seams to exist many clueless Slashdot posters or people deliberatly spreading FUD.
Microsoft may have won the battle against Netscape.
But they have been very unsuccessfull of winning the war.
MS did not make versions of MSIE for Linux and other UNIX variants. They also have been unable to stop the Linux tide so far - it means that there will always be room for at least one more browser.
Basically it means Micosoft can never win the war until everybody uses MS Windows. And since this looks like it never will be true since Linux and other unices survive - irregardless what MS tries to tell everbody.
Thus Micorosft can NEVER win the war as long as they do not provide MSIE on all platforms. They might win some battles but in the end they will lose the war.
Mozilla (together with all other browesers using the same engine) on the other hand are multi-playform and can thus has a chance of winning the war since it will run on any platform and is very standards compliant.
MS may have won the battle against Netscape but cannot win over Mozilla....
Quick, without looking: what are the arguments passed into "strtok()"
A good programmer never uses strtok(). Its use is very dangerous for the health of your program.
Thus you don't need to know the arguments too it.
Or even better please forget you ever heard of strtok(), sprintf(), gets() and all other dangerous functions that never should be used by a good programmer.
Making a copy for your own use is not a crime...
Well, if Al Gore ever start a jass-band. He can call it Al-Gore-Rythm
I buy that record!
Just the fact that some games are made into movies underlines the fact that games has become an integral part of the popular culture.
As for the trends for games I think you will find that as in books and movies that there will always be a large direvsion of titles appealing to different people.
Spaf is a follower of the security through obscurity fold.
For short term security that works.
As a long term solution, it's no good.
Bruce Schneider has a lot to say about why open specifications are much better and encourage people to use open security to make REALLY secure systems.
Since the watermark is not something you noprmally hear; it's possible to remove the watermark without destroying the original data.
Thus then there no way to track the source.
Well, thats your problem.
Since I prefer to use a non-MIME complieant email reader I personally see how most of these MIME encoded messages looks like. So I can say that I know a lot about MIME since I basically read it fluently - well except for the HEX encoded parts.
Sorry, but MIME is an ugly monster that should be shot.
Pure text messages is the only portable message.
Its the way to transfer email.
You can even semd binary files by uuencoding them and inluding them in the message.
That is the only thing that always works fine.
I prefer elm from the command line.
I've never seen a email program that uses as few keystrokes to read maul as elm.
You cant get to fewer keystrokes.
All of this makes elm fast and easy to use since
there are so few commands to learn.
Even more simple solution - just send everyone a text message.
In it you can put a link to the html variant for those that want that - and put that variant on a webb server.
Email should be text. Webb pages should be HTML.
Tgat product is truly uselss for all of us that run a Linux only shop.