JVM's are written in C and C++, the CLR is the same. Which managed language do you suggest to use that was not built with C?
The point isn't to eliminate C code entirely, but to minimize the number of lines of C code that are executed.
If (statistically speaking) there will are likely to be N memory-error bugs per million lines of C code, then the number of memory-error bugs in a managed language will be proportional to the size of the interpreter, rather than proportional to the size of the program as a whole.
Add to that the fact that interpreters are generally written by expert programmers, and then they receive lots and lots of testing and debugging, and then (hopefully) become mature/stable shortly thereafter; whereas application code is often written by mediocre programmers and often receives only minimal testing and debugging.
Conclusion: Even if the underlying interpreter is written in C, using a managed language for security-critical applications is still a big win.
It was Robin Seggelmann that submitted this bit of buggy openssl code. He either works for the NSA or is grossly incompetent...
Or he made a dumb mistake, as 100% of programmers have done and will do again in the future. Anyone who expects programmers (even the best programmers) to never make mistakes is guaranteed to be disappointed.
The real issue here is that the development process did not detect the mistake and correct it in a timely manner. Code that is as security-critical as OpenSSL should really be code-reviewed and tested out the wahzoo before it is released to the public, so either that didn't happen, or it did happen and the process didn't detect this fault; either way a process-failure analysis and process improvements are called for.
However, how do you shoot down a hunk of metal traveling at mach 7 toward your ship?
I think I'd like to use a rail gun to shoot a hunk of metal at it at mach 7. Assuming I don't miss, the result should be a single projectile, twice as large, that drops straight down into the ocean. Right?;^)
Anyone know how much damage a Smart Car can be expected to suffer when tipped like this?
(I'd imagine some crush/scratch damage to whatever body panel(s) are now supporting the car's weight, plus my co-worker says that various fluids are likely to drip out into places they aren't supposed to be)
NOT zero outlay. you still pay just about what you'd have payed the utility anyway...
Not if your roof has good sun. My condo building's HOA (in Southern California) was previously paying the local power company about $1000/month for electricity. We had SolarCity install solar panels on the roof under a Power Purchase Agreement; now we pay about $750/month for electricity. So that's about $12,000 in savings since 2010, and the HOA never had to spend a dime.
And they get to build an indistrial plat in and about your property
Yes, they got to install their solar panels on our roof. That hasn't been a problem for anyone.
I had a friend who was adding memory to his Macbook to also add a SSD. Those two additions made "amazing" speed improvements. With the prices of SSD's it is a no brainer. No computer should be without it!
I'll add that if you get a Mac with the Fusion Drive setup (or reconfigure your Mac to use that feature), things are even nicer, as you no longer have to manually shuffle your "hot" data onto or off of the SSD drive. Instead, whatever data you access often will automatically migrate to the SSD, and "cold" data that you don't access often will automatically migrate to the spinning disk (if necessary). Works great!
(Note that this does mean that if either the SSD or the spinning disk die, you've probably lost your data on both drives -- but that's what backups are for. Pay another $60 for a basic external drive for Time Machine to use, and you're golden)
My spelling mistake was just a mistype on Samsung's stupid virtual keyboard. But if you confuse "there" with "their", it means that, for you, use of english is nothing more than parroting a bunch or sounds
ROFL.... "my mistake was the computer's fault, your mistake was a sign of your intellectual inadequacy".
Or perhaps the OP also has a virtual keyboard (or some other not-terribly-bright auto-correct mechanism) that auto-converted a slight misspelling of "their" (e.g. "ther") into "there" and wasn't noticed in time.
But don't let that stop you from telling the OP how superior your language skills are to his. You clearly are a prodigy, that's why you get to post to Slashdot.
"In an unprecedented total disruption of a fully operational GNSS constellation, all satellites in the Russian GLONASS broadcast corrupt information for 11 hours [...] This rendered the system completely unusable to all worldwide GLONASS receivers."
Ok! Ok! I must have, I must have put a decimal point in the wrong place or something. Shit. I always do that. I always mess up some mundane detail.
This is just another one of those "make this link in the chain even stronger because once someone broke through it" forgetting that there are dozens of other weaker links that simply have yet to be targeted.
If you can think of a way to strengthen all of the links simultaneously, by all means post it and/or start a company and get rich selling your perfect-security technique.
If, on the other hand, you can't, then strengthening the links one at a time may be the best we can do. Unless you think it's better to leave them unnecessarily weak?
Exactly because Japan sent old men into Fukushima's reactor, knowing the risk and offering hefty sums for their descendents.
Can you provide a reference for this? Because I can't find any evidence that it actually happened. (I know some old men volunteered to go, but I can't find any evidence that TEPCO took them up on their offer)
Volunteers living in BioSphere 2 found that their biological life support systems failed and they had to 'abandon ship' after 24 months.
Note that all three of the above represent "easy" scenarios, where help and/or an emergency return to Earth is always minutes, hours, or days away. On Mars (or en route to Mars), help from or escape to Earth would not be a likely option.
Because people don't trust software like Microsoft Windows or Epic Systems's EPIC or Autodesk...no sir, no one trusts commercial software.
An excellent refutation of a point that was never made. No one would trust closed-source *BitCoin* software. Hell, a lot of people don't trust open-source BitCoin software, which they can audit as thoroughly as they want.
Tell me, when you get done fapping to open source is the napkin you use for clean up GPL compatible?
Tell me, does being an obnoxious prick on the Internet improve your life in any tangible way?
Mac OS X recently added very aggressive disk caching (it will use any free memory for disk caching), and it dramatically improves performance, even on machines with super fast SSDs.
Recently? I was under the impression that this was how MacOS/X (and indeed most non-ancient flavors of *nix) had always worked. Was I mistaken about that?
Given that Tesla, Inc. knows the position of all its cars at all times, what is the benefit of stealing one? If you then drive it for any length of time, the police will track it to your location and arrest you. OTOH, you could try to sell it for parts, but I doubt the Tesla parts market is large enough to do that anonymously; most likely anyone interested in buying said parts would know they were stolen and would report you to the police.
Here's the main reason I don't use Vim (or Emacs, for that matter): it's a "stateful" editor. Insert mode? Command mode? Etc. etc. I can do without.
Stateful editing is a bit tricky to get used to, but once you've wrapped your mind around it there's a payoff: In command mode you have (at least) 26 commonly used commands available to you via a single keystroke.
In an editor without states, you either have to hold down the command key (or some other meta-key) to indicate that what you're about to type is a command and not a literal letter, or you have to (horrors!) use the mouse. Either way, it's slower than just being able to press a single key to activate each command.
It seems to me the the vim-vs-emacs wars ended in a stalemate decades ago, and everybody who participated is resigned to the fact that nobody will ever switch from one to the other. Meanwhile, all the young'ns are using IDEs anyway, and have only a vague idea what vim or emacs is, so they don't really care enough to argue about which is better.
Do people expect someone to take seriously a piece of software to manage financial transactions with a version like that?
Apparently people do take it seriously, so it looks like the answer is yes.
Staying in the 0.x range for a long time is typical for open-source software -- a lot of packages don't go to 1.0 until they have been in use for many years. It doesn't necessarily imply anything bad (or good) about the reliability of the software.
If BitCoin was commercial software, no doubt it would be up to Version 7 Professional Platinum Collector's Edition now... but then again, if it was commercial software, it would probably be closed source, and therefore nobody would trust it enough to use it, and we wouldn't be having this conversation.
There is no low end application here. A secretary is never going to use one of these things.
A secretary is never going to use an XBox either, and yet they manage to sell plenty of them.
The only likely users are techies and early-adopter types.
Maybe -- it will depend entirely on how compelling the experience is. If it's seen as boring, or nauseating, or socially isolating, then you'll be proven right. OTOH, if it's really fun, there's no reason the technology won't spread as the technology matures and prices decrease.
That's known as a data diode, and it's a great idea (and can be done at higher speeds than RS232, if necessary; e.g. you can do something similar with an Ethernet cable).
It does have one big limitation, though -- it won't let you control the system from off-site. If that's okay, then great, but often off-site control is something that you want to have, not just off-site monitoring.
>Or maybe you could isolate control systems from the Internet.
Yes, maybe is the keyword there. Set up everything to be nice and air-gapped, and maybe some joker won't bring in his malware-infected laptop the next day and temporarily hook it up to your "secure network" in order to transfer a file over.
Slashdot Mirror
Did he really have any other option here? Even if he did it on purpose, would he admit it?
Well, you have to admit that a response of "HAHAHA SUCKERS" would be a memorable one. I wonder if he considered doing that?
NSA, heartbleed, whatever. you'll tell your grandchildren about "back in the day" internet
What in particular do you think will be different about my grandchildrens' Internet?
JVM's are written in C and C++, the CLR is the same. Which managed language do you suggest to use that was not built with C?
The point isn't to eliminate C code entirely, but to minimize the number of lines of C code that are executed.
If (statistically speaking) there will are likely to be N memory-error bugs per million lines of C code, then the number of memory-error bugs in a managed language will be proportional to the size of the interpreter, rather than proportional to the size of the program as a whole.
Add to that the fact that interpreters are generally written by expert programmers, and then they receive lots and lots of testing and debugging, and then (hopefully) become mature/stable shortly thereafter; whereas application code is often written by mediocre programmers and often receives only minimal testing and debugging.
Conclusion: Even if the underlying interpreter is written in C, using a managed language for security-critical applications is still a big win.
It was Robin Seggelmann that submitted this bit of buggy openssl code. He either works for the NSA or is grossly incompetent...
Or he made a dumb mistake, as 100% of programmers have done and will do again in the future. Anyone who expects programmers (even the best programmers) to never make mistakes is guaranteed to be disappointed.
The real issue here is that the development process did not detect the mistake and correct it in a timely manner. Code that is as security-critical as OpenSSL should really be code-reviewed and tested out the wahzoo before it is released to the public, so either that didn't happen, or it did happen and the process didn't detect this fault; either way a process-failure analysis and process improvements are called for.
However, how do you shoot down a hunk of metal traveling at mach 7 toward your ship?
I think I'd like to use a rail gun to shoot a hunk of metal at it at mach 7. Assuming I don't miss, the result should be a single projectile, twice as large, that drops straight down into the ocean. Right? ;^)
Three cars tipped over is "crazy" and a reason to avoid a place?
No; but this certainly moves the crazy-needle over a bit.
3) Someones insurance rates are going up
Anyone know how much damage a Smart Car can be expected to suffer when tipped like this?
(I'd imagine some crush/scratch damage to whatever body panel(s) are now supporting the car's weight, plus my co-worker says that various fluids are likely to drip out into places they aren't supposed to be)
NOT zero outlay. you still pay just about what you'd have payed the utility anyway...
Not if your roof has good sun. My condo building's HOA (in Southern California) was previously paying the local power company about $1000/month for electricity. We had SolarCity install solar panels on the roof under a Power Purchase Agreement; now we pay about $750/month for electricity. So that's about $12,000 in savings since 2010, and the HOA never had to spend a dime.
And they get to build an indistrial plat in and about your property
Yes, they got to install their solar panels on our roof. That hasn't been a problem for anyone.
I had a friend who was adding memory to his Macbook to also add a SSD. Those two additions made "amazing" speed improvements. With the prices of SSD's it is a no brainer. No computer should be without it!
I'll add that if you get a Mac with the Fusion Drive setup (or reconfigure your Mac to use that feature), things are even nicer, as you no longer have to manually shuffle your "hot" data onto or off of the SSD drive. Instead, whatever data you access often will automatically migrate to the SSD, and "cold" data that you don't access often will automatically migrate to the spinning disk (if necessary). Works great!
(Note that this does mean that if either the SSD or the spinning disk die, you've probably lost your data on both drives -- but that's what backups are for. Pay another $60 for a basic external drive for Time Machine to use, and you're golden)
My spelling mistake was just a mistype on Samsung's stupid virtual keyboard. But if you confuse "there" with "their", it means that, for you, use of english is nothing more than parroting a bunch or sounds
ROFL.... "my mistake was the computer's fault, your mistake was a sign of your intellectual inadequacy".
Or perhaps the OP also has a virtual keyboard (or some other not-terribly-bright auto-correct mechanism) that auto-converted a slight misspelling of "their" (e.g. "ther") into "there" and wasn't noticed in time.
But don't let that stop you from telling the OP how superior your language skills are to his. You clearly are a prodigy, that's why you get to post to Slashdot.
"In an unprecedented total disruption of a fully operational GNSS constellation, all satellites in the Russian GLONASS broadcast corrupt information for 11 hours [...] This rendered the system completely unusable to all worldwide GLONASS receivers."
Ok! Ok! I must have, I must have put a decimal point in the wrong place or something. Shit. I always do that. I always mess up some mundane detail.
This is just another one of those "make this link in the chain even stronger because once someone broke through it" forgetting that there are dozens of other weaker links that simply have yet to be targeted.
If you can think of a way to strengthen all of the links simultaneously, by all means post it and/or start a company and get rich selling your perfect-security technique.
If, on the other hand, you can't, then strengthening the links one at a time may be the best we can do. Unless you think it's better to leave them unnecessarily weak?
Exactly because Japan sent old men into Fukushima's reactor, knowing the risk and offering hefty sums for their descendents.
Can you provide a reference for this? Because I can't find any evidence that it actually happened. (I know some old men volunteered to go, but I can't find any evidence that TEPCO took them up on their offer)
And you know this how? It's not like we've ever experimented with living on another planet or anything.
Sure we have (by approximation, anyway):
Note that all three of the above represent "easy" scenarios, where help and/or an emergency return to Earth is always minutes, hours, or days away. On Mars (or en route to Mars), help from or escape to Earth would not be a likely option.
Because people don't trust software like Microsoft Windows or Epic Systems's EPIC or Autodesk...no sir, no one trusts commercial software.
An excellent refutation of a point that was never made. No one would trust closed-source *BitCoin* software. Hell, a lot of people don't trust open-source BitCoin software, which they can audit as thoroughly as they want.
Tell me, when you get done fapping to open source is the napkin you use for clean up GPL compatible?
Tell me, does being an obnoxious prick on the Internet improve your life in any tangible way?
Mac OS X recently added very aggressive disk caching (it will use any free memory for disk caching), and it dramatically improves performance, even on machines with super fast SSDs.
Recently? I was under the impression that this was how MacOS/X (and indeed most non-ancient flavors of *nix) had always worked. Was I mistaken about that?
Given that Tesla, Inc. knows the position of all its cars at all times, what is the benefit of stealing one? If you then drive it for any length of time, the police will track it to your location and arrest you. OTOH, you could try to sell it for parts, but I doubt the Tesla parts market is large enough to do that anonymously; most likely anyone interested in buying said parts would know they were stolen and would report you to the police.
Here's the main reason I don't use Vim (or Emacs, for that matter): it's a "stateful" editor. Insert mode? Command mode? Etc. etc. I can do without.
Stateful editing is a bit tricky to get used to, but once you've wrapped your mind around it there's a payoff: In command mode you have (at least) 26 commonly used commands available to you via a single keystroke.
In an editor without states, you either have to hold down the command key (or some other meta-key) to indicate that what you're about to type is a command and not a literal letter, or you have to (horrors!) use the mouse. Either way, it's slower than just being able to press a single key to activate each command.
Do people in fact still argue about vim vs emacs?
It seems to me the the vim-vs-emacs wars ended in a stalemate decades ago, and everybody who participated is resigned to the fact that nobody will ever switch from one to the other. Meanwhile, all the young'ns are using IDEs anyway, and have only a vague idea what vim or emacs is, so they don't really care enough to argue about which is better.
So what you are saying is there isn't actually a missing plane, they just made it up?
You have to admit, that would be a pretty good explanation for why they can't find it.... ;)
Do people expect someone to take seriously a piece of software to manage financial transactions with a version like that?
Apparently people do take it seriously, so it looks like the answer is yes.
Staying in the 0.x range for a long time is typical for open-source software -- a lot of packages don't go to 1.0 until they have been in use for many years. It doesn't necessarily imply anything bad (or good) about the reliability of the software.
If BitCoin was commercial software, no doubt it would be up to Version 7 Professional Platinum Collector's Edition now... but then again, if it was commercial software, it would probably be closed source, and therefore nobody would trust it enough to use it, and we wouldn't be having this conversation.
There is no low end application here. A secretary is never going to use one of these things.
A secretary is never going to use an XBox either, and yet they manage to sell plenty of them.
The only likely users are techies and early-adopter types.
Maybe -- it will depend entirely on how compelling the experience is. If it's seen as boring, or nauseating, or socially isolating, then you'll be proven right. OTOH, if it's really fun, there's no reason the technology won't spread as the technology matures and prices decrease.
Usually the "remote analog" access is through an analog circuit provided by a telecommunications company between two locations called an ISDN circuit.
What does the "D" in ISDN stand for?
That's known as a data diode, and it's a great idea (and can be done at higher speeds than RS232, if necessary; e.g. you can do something similar with an Ethernet cable).
It does have one big limitation, though -- it won't let you control the system from off-site. If that's okay, then great, but often off-site control is something that you want to have, not just off-site monitoring.
>Or maybe you could isolate control systems from the Internet.
Yes, maybe is the keyword there. Set up everything to be nice and air-gapped, and maybe some joker won't bring in his malware-infected laptop the next day and temporarily hook it up to your "secure network" in order to transfer a file over.
Or then again, maybe he will. Who knows?