Copyright --which, just so we're all on the same page, is the legal recognition of natural property rights --does not prohibit quotation.
BZZZT. You're wrong. Copyrights and patents are not natural rights -- they are a temporary and artificial legal monopoly granted by the state in order to provide an economic incentive for peopel to enrich the public domain:
To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries;
A toaster is property, the ideas which make it work are not.
A book is property, the specific combination of words it contains is not.
A DVD is property, the sounds and images it contains are not.
The fact that you hold a legal monopoly to use a specific toaster mechanism, or to publish a specific book, or to sell a specific DVD for a period of time does not make those ideas or words or images your property.
That seems to be a point on which ever so many people have been misled.
You assert that the people of the US want cultural change, specifically in sexual matters, meaning more liberalization of sexual matierial, and a normalization of sexual attitudes and activities previously considered vulgar and obscene, and thus repressed or even banned outright by law.
News flash: those cultural changes have already happened. Sexual freedom is a fait accompli. It's called progress. The problem is that there are a large number of reactionaries who want to roll back the clock.
At one point in time, the majority of people thought there was nothing wrong with being able to buy and sell other human beings. Society's attitude progressed on this issue, but "Joe and Jane Middle America" (as you put it) were horrified by this change and fought it tooth & nail.
People used to think women shouldn't have the right to vote. That attitude eventually changed, but not without a lot of resistance from "Joe and Jane Middle America".
It's interesting to note that the regions which fought against emancipation, integration, and universal sufferage are, for the most part, the same ones that are now fighting against sexual freedom and the seperation of church and state.
Freedom has an inexorable tendency to expand over time. When the lesser nobility ganged up on King John and forced him to sign the Magna Carta, they were thinking about THEIR freedom, not the public's freedom. However, they set the ball rolling and the freedoms set forth in the Magna Carta kept expanding and were applied to more and more people as time went on. Once people get a taste of freedom they want and expect more; and once they have it it's nearly impossible to take it away from them.
is there any combination of pronouns that a person can use and be politically correct?
I'm probably showing my age, but back in the day it was a convention in some Usenet groups to use the gender-neutral pronouns Sie (replacing She/He) and Hir (replacing Him/Her), especially when referring to people in general (vs a specific person).
Thanks for the link. Fantastic essay. An extremely relevant quote from the essay:
I suspect the biggest source of moral taboos will turn out to be power struggles in which one side only barely has the upper hand. That's where you'll find a group powerful enough to enforce taboos, but weak enough to need them.
Sounds like a perfect description of the whole "religious right" agenda, coverying everything from the whoe gay marriage bruhaha to legislating their interpetation of the Bible on everyone else.
If you don't think you'll like it, DON'T DO IT! Just because it's too extreme for your tastes doesn't make it "wrong".
If you like to jog a mile or two, does that make it "wrong" for some people to run marathons? It's the same activity, the only thing different is a matter of degree. Some people enjoy pushing their limits.
It's good to see that they're aware of SQL injection, but the fact that they have to give special instructions on how to code defensively in order to avoid SQL injection attacks merely underscores the my assertion that the archicture is fundimentally flawed from a security perspective.
To make an analogy, it's like buffer overflows in C/C++. Sure, it's possible to write C/C++ code which doesn't have explotable buffer overflows -- the techniques to avoid them are widely known and well documented. However, even extremely talented, security minded programmers STILL wind up making classic mistakes.
If you're worried about buffer overflows in your system, you could take two approches: you could implement it in C/C++ and adopt a very rigorous set of development procedures with extensive code reviews and testing, or you could use a language which is not vulnerable to buffer overlows. Which method do YOU think is going to require less effort and have a greater chance of succeding? Likewise, if you're worried about SQL injections, which is a better approach: one which requires you to not make any mistakes, or one which which won't let you make the mistake in the first place?
If even the hacker gods can't use the tool securely 100% of the time, what chance do we mere mortals have of doing so? The answer is, none at all. Therefore, sound engineering practice dictates that we take our human limitations into account and use tools and techniques which will mitigate the damage caused by those mistakes which we will inevitably make.
Here's another thing to consider: even if we can guarantee that our code is 100% free of exploitable holes, we still have to deal with the possibility that some other vulnerability (say in the operating system or the web server) will allow an attacker to compromise the public server. If all the security is on the web server, we've created single point of failure which will cause the entire system to be subverted.
An attacker who rooted the web server would be able to find out the database connection information, and would then therefore be able to connect to the database with the same permissions as the web application uses. If the web application has permission to read, update, and delete all tables, so does the attacker. If, however, we follow the principle of least privilidge, the public account only has permission to execute a limited set of well-designed stored procedures. This way, having direct access to the database doesn't allow the attacker to do anything that he wouldn't be able to do via the application.
Furthermore, we should practice defense in depth, which means putting in in redundant security features, compartmentalizing the application logic between the web server and the database server, and putting the components on seperate physical machines. This limits the damage which can be done if any single component fails. The fact that this architecture gives us better scalability is a free bonus.
A good engineer always asks himself "If THIS component fails, how will the entire system react?" Using an monolithic security model in a mission-critical system is bad engineering. A software engineer who designs an application which can be compromised by a single line of bad code is just as negligent as a civil engineer who designs a suspension bridge which will collapse if a single cable breaks.
I also find it pretty funny that the bible-thumping types that are always so vocal about porn had a conference in some hotel a while back, and that hotel reported a 600% increase of their in-room porn rentals over that weekend... pot, meet kettle.
While this does play into my personal stereotype of fundies being sexually repressed hypocrites, I'd need to see some documentation before I accept it as being true. Any sources for this fact?
Your web app can be depolyed, and you can modify the tables. Need to add a new field? Just do it. You can also (on-the-fly) make new test actions to play with these parts of the database.
You call that a feature. I call that a symptom of an inherent design flaw.
The whole Ruby-on-Rails framework seems predicated on the idea that the application (and hence everyone on the internet) has unfettered access to the database. There's no way in HELL I'm granting an untrusted user (someone on the internet) permission to directly update or delete my tables. Hell, I don't even want them to be able to SELECT at will -- they get ONLY do what I explicitly tell them they can do. This is done via stored procedures.
If you care about your data AT ALL, you filter all user access through stored procedures. If the untrusted user account has no permissions to touch the tables directly, and only has execute permission on a limited set stored procedures, it's impossible for them to mount a successful SQL injection attack. Defense in depth is a Good Thing. Furthermore, stored procedures allow you to implement very fine-grained row- and column- level access constraints, and they allow you to do robust data integrety checks at the database layer, where they belong.
The phrase "stored procedure" doesn't even seem to be in the R-o-R developers' vocabulary. This causes me to immediately discard it as a tool for serious work. It may be OK as a rapid prototyping tool, and it might be acceptable for a non-critical system which will only be exposed on an intranet, but I can't see it using it for any public-facing mission-critical system.
It looks like a nice toy, and perhaps even a useful one, but it's still a toy.
NickelBack is classic rock? I have pants older than they are!
Swing pretty much died out at the end of the 40's as a popular form of music. Does that make the Cherry Poppin' Daddies any less of a swing band? Bach died in 1750, yet people are still composing new classical music.
It's not the age of the band, but the style of the music which determines the genre. I've never herad NickelBack, but if they play music which sounds like Classic Rock, then they belong on a classic rock station, regardless of their age.
Quick economics lesson: Demand is a function of price.
That doesn't sound like anything _I_ learned in any economics class. Try more like: price is a function of supply & demand.
When the supply is infinite, it's totally accurate to say demand is a function of price.
The realities of the digital world turns traditional economics on it's ear. Physical economics are subject to, and result from, finite supply.
Supply of a digital commodity is totally elastic and effectively infinite -- additional copies are created on demand at near-zero incremental cost. Demand automagically CREATES the supply to satisfy the demand in the digital world: the very act of asking for a file (EG wget http://some-media-provider.com/some-movie.mpg) creates a new copy of that file on my hard drive, which wouldn't have existed if I hadn't asked for it.
Are people against Microsoft beacause of their business practices, their product, or just because they are a large company who did extremely well
All of the above to a certian extent.
Sysadmin Geeks who have to clean up the messes left by shoddy Microsoft products, day after day, hate their products because they make extra work for us. We hate Outlook, IE, and IIS because their penchant for spreading worms and viruses. We hate service packs which break more than they fix. We hate Frontpage because of the non-standard, blecherous, broken HTML it spews forth. We hate the general lackadasical attitude Microsoft has about security and quality in general.
Libertarian-minded geeks hate Microsoft for their flagrant disregard for the law and the courts. We hate them for the way they blatantly infringe on other company's patents and lawyer their way out of it. We hate the way they bankrupt or buy out anyone making a product which actually competes with them. We hate the way they use puppet companies (SCO, BSA) as hired thugs to bully other companies on their behalf.
Anti-corporate geeks hate Microsoft because it's a prime example of corporate greed run amok and of the dangers of unfettered capitalism.
The thing which made ST successful in the past was Roddenberry. The problem with the current incarnation is Brannon and Braga. Get rid of those two hacks and hire someone who occasionaly has an original thought and who actually UNDERSTANDS what sci-fi fans want (Joss Whedon [Buffy, Firefly] and J.M. Strazinski [Babylon 5] come to mind)
someone would turn my cell phone, pda, and iPod into 1 good product
The problem with that is that the form factors for a cell phone and a PDA are mutually incompatable.
If you make a PDA/palmtop any smaller, you sacrifice essential functionality and usability. If you make a cell phone much bigger, it's unwieldy. Look at the devices you have now: you have good PDAs which make crappy cell phones, and cell phones with crappy PDA functionality. Fortunately, an MP3 player doesn't require much in the way of a user interface, so it's pretty trivial to add it to either one.
Personally, I *like* having seperate devices. That way, I don't use up all my cell phone call time listening to MP3s on my morning commute. I can leave one or more of them at home when I don't need them -- I don't need my PDA or MP3 player if I'm going out to dinner or to the movies. And if one of them breaks, gets lost or left at home, I'm not totally screwed.
Yes, I'm sure. The truth has never been a defense against libel or slander in Great Britian. In the Colonial period, a governer sued a newspaper publisher for libel, heard the case himself and rejected the defense plea that the article was true
Keep doing shit like that long enough, and people get so pissed off that they take matters (and arms) into their own hands.
That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.
So you have no problem with a police officer, without a warrant or probable cause, tracking you everywhere you go?
If he's following me, there's a good chance I'll see him. I can then make an appropriate response (drive 5mph under the speed limit, stop somewhere for a bite to eat, take the senic route home, etc).
Also, and this is the key thing, while he's tailing me HE CAN'T BE TAILING SOMEONE ELSE. There's a limit on how many people the police can physically tail at one time. If it's automated, they can easily monitor everyone who goes to a nightclub where they suspect drugs are being sold, or everyone who attends an anti-war rally.
Eanabiling remote administration is not, in itself a bad idea, particularly if you are away from your lan/wlan on a regular basis
Yes, it is. When you use it, you're doing everyting in the clear -- I've yet to see a consumer-grade router with SSL-protected access to the admin functions. If you need to remotely administer your router, set up port forwarding on your router so you can access your SSH server remotely. [Windows users can run cygwin sshd, so there's no requirement to run a Linux box]. Then you can ssh into your network and open a secure tunnel to the router's internal interface:
ssh -L 8888:router:80 me@myhost.dyndns.org
Now just browse to http://localhost:8888 and you can administer your router securely, just as if you were sitting at home.
You see no difference between standing up for your right to exercise your freedom of speech, and standing up for your right to be treated like a human being? I feel sorry for you.
Would the public reaction be different if they were telling racially insensitive jokes repeatedly in front of a black person?
Lenny Bruce did. It's called making a point. Unpleasant and unpopular speach is protected by the First Amendment; things which are pleasant and popular don't need protecting.
Slashdot Mirror
A toaster is property, the ideas which make it work are not.
A book is property, the specific combination of words it contains is not.
A DVD is property, the sounds and images it contains are not.
The fact that you hold a legal monopoly to use a specific toaster mechanism, or to publish a specific book, or to sell a specific DVD for a period of time does not make those ideas or words or images your property.
Yourself included.At one point in time, the majority of people thought there was nothing wrong with being able to buy and sell other human beings. Society's attitude progressed on this issue, but "Joe and Jane Middle America" (as you put it) were horrified by this change and fought it tooth & nail.
People used to think women shouldn't have the right to vote. That attitude eventually changed, but not without a lot of resistance from "Joe and Jane Middle America".
It's interesting to note that the regions which fought against emancipation, integration, and universal sufferage are, for the most part, the same ones that are now fighting against sexual freedom and the seperation of church and state.
Freedom has an inexorable tendency to expand over time. When the lesser nobility ganged up on King John and forced him to sign the Magna Carta, they were thinking about THEIR freedom, not the public's freedom. However, they set the ball rolling and the freedoms set forth in the Magna Carta kept expanding and were applied to more and more people as time went on. Once people get a taste of freedom they want and expect more; and once they have it it's nearly impossible to take it away from them.
If you like to jog a mile or two, does that make it "wrong" for some people to run marathons? It's the same activity, the only thing different is a matter of degree. Some people enjoy pushing their limits.
To make an analogy, it's like buffer overflows in C/C++. Sure, it's possible to write C/C++ code which doesn't have explotable buffer overflows -- the techniques to avoid them are widely known and well documented. However, even extremely talented, security minded programmers STILL wind up making classic mistakes.
If you're worried about buffer overflows in your system, you could take two approches: you could implement it in C/C++ and adopt a very rigorous set of development procedures with extensive code reviews and testing, or you could use a language which is not vulnerable to buffer overlows. Which method do YOU think is going to require less effort and have a greater chance of succeding? Likewise, if you're worried about SQL injections, which is a better approach: one which requires you to not make any mistakes, or one which which won't let you make the mistake in the first place?
If even the hacker gods can't use the tool securely 100% of the time, what chance do we mere mortals have of doing so? The answer is, none at all. Therefore, sound engineering practice dictates that we take our human limitations into account and use tools and techniques which will mitigate the damage caused by those mistakes which we will inevitably make.
Here's another thing to consider: even if we can guarantee that our code is 100% free of exploitable holes, we still have to deal with the possibility that some other vulnerability (say in the operating system or the web server) will allow an attacker to compromise the public server. If all the security is on the web server, we've created single point of failure which will cause the entire system to be subverted.
An attacker who rooted the web server would be able to find out the database connection information, and would then therefore be able to connect to the database with the same permissions as the web application uses. If the web application has permission to read, update, and delete all tables, so does the attacker. If, however, we follow the principle of least privilidge, the public account only has permission to execute a limited set of well-designed stored procedures. This way, having direct access to the database doesn't allow the attacker to do anything that he wouldn't be able to do via the application.
Furthermore, we should practice defense in depth, which means putting in in redundant security features, compartmentalizing the application logic between the web server and the database server, and putting the components on seperate physical machines. This limits the damage which can be done if any single component fails. The fact that this architecture gives us better scalability is a free bonus.
A good engineer always asks himself "If THIS component fails, how will the entire system react?" Using an monolithic security model in a mission-critical system is bad engineering. A software engineer who designs an application which can be compromised by a single line of bad code is just as negligent as a civil engineer who designs a suspension bridge which will collapse if a single cable breaks.
The whole Ruby-on-Rails framework seems predicated on the idea that the application (and hence everyone on the internet) has unfettered access to the database. There's no way in HELL I'm granting an untrusted user (someone on the internet) permission to directly update or delete my tables. Hell, I don't even want them to be able to SELECT at will -- they get ONLY do what I explicitly tell them they can do. This is done via stored procedures.
If you care about your data AT ALL, you filter all user access through stored procedures. If the untrusted user account has no permissions to touch the tables directly, and only has execute permission on a limited set stored procedures, it's impossible for them to mount a successful SQL injection attack. Defense in depth is a Good Thing. Furthermore, stored procedures allow you to implement very fine-grained row- and column- level access constraints, and they allow you to do robust data integrety checks at the database layer, where they belong.
The phrase "stored procedure" doesn't even seem to be in the R-o-R developers' vocabulary. This causes me to immediately discard it as a tool for serious work. It may be OK as a rapid prototyping tool, and it might be acceptable for a non-critical system which will only be exposed on an intranet, but I can't see it using it for any public-facing mission-critical system.
It looks like a nice toy, and perhaps even a useful one, but it's still a toy.
It's not the age of the band, but the style of the music which determines the genre. I've never herad NickelBack, but if they play music which sounds like Classic Rock, then they belong on a classic rock station, regardless of their age.
The realities of the digital world turns traditional economics on it's ear. Physical economics are subject to, and result from, finite supply.
Supply of a digital commodity is totally elastic and effectively infinite -- additional copies are created on demand at near-zero incremental cost. Demand automagically CREATES the supply to satisfy the demand in the digital world: the very act of asking for a file (EG wget http://some-media-provider.com/some-movie.mpg) creates a new copy of that file on my hard drive, which wouldn't have existed if I hadn't asked for it.
Sysadmin Geeks who have to clean up the messes left by shoddy Microsoft products, day after day, hate their products because they make extra work for us. We hate Outlook, IE, and IIS because their penchant for spreading worms and viruses. We hate service packs which break more than they fix. We hate Frontpage because of the non-standard, blecherous, broken HTML it spews forth. We hate the general lackadasical attitude Microsoft has about security and quality in general.
Libertarian-minded geeks hate Microsoft for their flagrant disregard for the law and the courts. We hate them for the way they blatantly infringe on other company's patents and lawyer their way out of it. We hate the way they bankrupt or buy out anyone making a product which actually competes with them. We hate the way they use puppet companies (SCO, BSA) as hired thugs to bully other companies on their behalf.
Anti-corporate geeks hate Microsoft because it's a prime example of corporate greed run amok and of the dangers of unfettered capitalism.
Any links to older episodes? The btefnet link only starts at episode 8. I need to snag 3-7 before I watch those.
I'll see your vodka and raise you a bourbon.
If you make a PDA/palmtop any smaller, you sacrifice essential functionality and usability. If you make a cell phone much bigger, it's unwieldy. Look at the devices you have now: you have good PDAs which make crappy cell phones, and cell phones with crappy PDA functionality. Fortunately, an MP3 player doesn't require much in the way of a user interface, so it's pretty trivial to add it to either one.
Personally, I *like* having seperate devices. That way, I don't use up all my cell phone call time listening to MP3s on my morning commute. I can leave one or more of them at home when I don't need them -- I don't need my PDA or MP3 player if I'm going out to dinner or to the movies. And if one of them breaks, gets lost or left at home, I'm not totally screwed.
Ask, and ye shall receive.
Also, and this is the key thing, while he's tailing me HE CAN'T BE TAILING SOMEONE ELSE. There's a limit on how many people the police can physically tail at one time. If it's automated, they can easily monitor everyone who goes to a nightclub where they suspect drugs are being sold, or everyone who attends an anti-war rally.
Mod parent up. That is one of the most insightful comments I've read on /. in a while.