As to N.A. and A.M if you ask most mathematician they will tell you those fields are not really math.
The Curry-Howard link is neither here nor there. Math is applied routinely in many sciences, and is often inspired by reality (more so in the past that recently) yet this has never been central to what math is.
Eh, most computer scientists are not going to be able to develop a system that meets specifications by a deadline unless they also have software engineering skills. ...which in practice are taught in nearly all computer science undergraduate programs. So anyone currently claiming some superiority of SEers over CSers is likely just trying to prop their own degree.
I've developed shipping code for companies as well as research projects at university. Research code is write-only since it is not worth architecting properly something that is meant for one time use, not because of some supposed lack of software engineering skills.
Heck! a good software engineer is equally likely to program a write only perl script to do a one time migration of their system.
False. Mathematics does not care about grounding or motivation in reality. Computer science without grounding in reality is math, computer science with grounding in reality is how should I put this, computer science.
It's called taxes which is actually a form of an insurance scheme. If you cannot criticize it without making false names for it, you must have no cogent reasons to attack it.
Attacks like that rich on epithets and short on reasons is why the GOP keeps loosing the moderate middle. Sure, it drives up the ratings of Rush Limbaugh and Ann Coulter, but not the ratings of the people that would actually matter (Romney/Ryan) as shown last Tuesday.
Assuming there are reduced supplies. This seems to be the case here but in others it is not always the case, like in the Irish potato famine, which took place while the granaries of England we full.
Libertarianism is borne out of stunted development, when people do not understand why they need to share their toy with Jimmy.
It's borne out of unsophisticated positions that cannot see far enough to realize that a modicum amount of an active threat of power by a democratically elected state is the only thing keeping us away from a Lord-of-the-Flies Life-of-Pi barbaric reality. Or if you want a real life example, Somalia, Sealand or Europe in the Middle Ages.
That is exactly the point. People expect politicians to lie, yet Romney told such whoppers that he will forever have the distinction of being the first presidential candidate where the other side could actually run a successful campaign on the basis of highlighting his lies.
The media are in the business of selling advertisements, not informing the public. The better venues will start with a sensationalist headline and admit to the truth somewhere near the end of the article, the average ones will stick to the half truths and never clarify that they are hyping up the story to keep the eyeball count up.
One can find such sensationalist pieces in pretty much all subjects, ranging from politics to sports to science to business.
if everyone respect the spirit of the law instead of finding holes in the letter of it,
Actually it is perfectly possible to give legal standing to the "spirit of the law" over the "letter of the law".
This is called a purposive aproach, and other countries will rule that a certain loophole, while technically allowed by the letter of the law, is so obviously against the spirit of the law that any normal person ought to have known that it was illegal.
Pixar did gain a great deal of creative control of Disney Studios,
Make that complete creative control. It was a condition of the Pixar purchase, and it worked. Disney is much better today financially and artistically that it ever was.
You are confused. The permissions are an AND, you need the word processor AND you have to be you to open the document.
you're back to not allowing a user to hand edit his own documents.
Not really. What this says is that by default only the right application should open the document, but a regular user can override this through UAC (as opposed to you reading someone else's documents which requires superuser/root privileges).
That is a violation of one of the key philosophies of unix where a chain of small specialist programs can be combined to do work.
Again this is a philosophical explanation of how the security weakness came to be, but it doesn't make it any more secure to explain why it has no ACLs.
thank you for explaining why the security hole came to be, and why it might be hard to fix, or alternative, why ACLs feel like a kludge. The fact remains however, that file security in Unix is unsophisticated and as such one of its weak points.
It's the "Apple way" of forbidding anything but the Anointed Holy Programs from operating on my files, that is broken
I said so myself. The solution is to have the safety device enabled by default and raise an exception when breaking it, which, depending how you do it, takes you to the world of sudo or windows style UACs.
Would you care to explain what is kludgey in using the uid namespace to also provide per-application ownership?
Gladly. The main problem is that user space and app space are orthogonal. Good security requires the ability to say "this file shouldn't be touched by anyone other than joe blow using acrobat reader". Each of the two parameters, namely userid and appid are independent and need to be treated differently.
So just because joe blow is a superuser this doesn't mean that all of his programs should run in that mode. In fact this deficiency is what eventually lead to the deprecation of su in favor of the sudo command, itself an 80s addition to Unix and not really popular until the mid-to-late 90s. It is an attempt to try to prevent unwanted inheritance of the su privileges to one and all applications.
This way for example, the java sandbox would be created by the OS rather than by the JVM sandbox kludge. The OS knows that the browser is not allowed to write to disk except to ~/.cache and ~/,downloads and you don't have to worry about what is the payload. You also want to have a per app+directory quota, to avoid denial-of-service attacks via disk/user account overflow.
All of these things were already available in 70s mainframe operating systems and greatly increase security. They were echoed in the Mac design which completely forbade the wrong app from opening a file (itself a bit of an overkill, as it made it impossible, for example, to hand edit a postscript file or to print a manually generated postscript file)
In fact most commercial flavors of unix are aware of this, and hence support an extended form of Access Control Lists (ACLs). However these have never taken on as all implementations feel awkwardly grafted into the file system.
was specifically designed not to have any sort of security, versus what was seen as the draconian measures taken by "mainframe mentality" operating systems like UNIX (from Bell Labs, 1969).
pffffft (spits coffee out) Unix security what?
Unix was designed as an experimental operating system for a lab setting and hence had the weakest security of all OSes at the time. In fact, old timers will remember the common quip from the 80's and early 90's: Unix security is an oxymoron.
Here's a sample quote from 1986:
"UNIX Security" is an oxymoron. It's an easy system to brute- force hack (most UNIX systems don't hang up after x number of login tries, and there are a number of default logins, such as root, bin, sys and uucp). Once you're in the system, you can easily bring it to its knees (see my previous Phrack article, "UNIX Nasty Tricks") or, if you know a little 'C', you can make the system work for you and totally eliminate the security barriers to creating your own logins, reading anybody's files, etcetera. This file will outline such ways by presenting 'C' code that you can implement yourself.
For example: 1) the original Unix did not even have disk quotas. 2) as late as the early 1990s any regular user could bring the entire system down with a simple stty command, 3) wall used to be enabled to all users by default which included the ability of writing control characters in someone else's TTY 4) the password file containing the encrypted passwords used to be publicly readable which opens the system to offline attacks 5) to this date, *nix does not support well the concept of application ownership of a file which leads to programs requiring their own user account, which is another kludge.
Unix security today is a hard won battle by many people who patched up the original Unix system. Even so it is still subpar compared to big iron mainframe security.
A hearing aid is basically just a microphone and amplifier in your ear so
This is like saying that a Ferrari is basically a VW bug on a race track so why is it so expensive? [yay car analogy!].
A good hearing aid has a microphone, speaker, battery and amplifier which are 1/50th the size of the one in your cellphone yet deliver much higher quality of sound all while filtering undesirable sounds.
Yes, in my opinion they are overpriced, but arguing that they are just a microphone and an amplifier is just ignorant.
Oh, I'm sure they vetted it to be sure that nothing could come back on them...
Correct, which is why the movie goes to great pains to emphasize that the story is as told in depositions. They are not claiming that's what happened, they are claiming that is what was said in the depositions, which is entirely factual.
but I suspect there's a lot of rainbows and kittens in there they let slide by which don't quite match up to reality.
To the contrary, given that they are dealing with people with ample access to funds, I'm sure dramatic license is comparatively minor.
Further to that, since/. doesn't have an edit button:
From IMDB:
Much of the film is based on testimony given at a number of depositions related to the lawsuits brought by Eduardo Saverin, the Winklevoss twins, and Divya Narendra. To this extent, the film might be considered very accurate. However, as the character Mark points out in the film, people do lie in depositions. [However if those lies are proven you could be charged with perjury]
Both Eduardo Saverin and the Winklevoss twins claim the film is very accurate while Zuckerberg and Parker maintain that it is a work of fiction.
The only reason this isn't happening is that there are no terrorists.
This. There was essentially no security flying from Mexico to the USA between 9/11 and somewhere around. 2009. Minimal perfunctory checking, no "take your shoes off" or "let me see you naked" crap. And guess what? not a single terrorist attack took place.
Americans complained about this around 2007 so the Mexican authorities created a special "security theater" line for Americans only, which seemed to make the 'tards happy.
Eventually the 'merkins clued into this, and forced a real pat down for everyone. There was no gain in security, but it makes them feel good, so we all have to go through it, even though it's useless security theater as already admitted to by the former head of the TSA.
tell us that (a) we represent 1e-308% of the users and therefore should basically go to hell
Wayland has an X11 compatibility mode. So in what sense is that a "go to hell message"?
make up weird stuff about how X11 is deficient that is basically not true.
The two modern versions of *nix, namely OSX and Android ditched X. That alone should tell you a lot about it.
But if you go back and look at the design specifications of X around which the architecture was developed you'll see why it is the wrong tool for the job. It was designed for remote terminal window manager with thin client aspirations. These are not the main uses of X today, so it is not surprising that it is found to be fundamentally deficient by people who peek under the hood.
No, you are wrong X has to be perfect because it is part of *nix and any self-respecting fanboi knows that Unix cannot possibly have gotten anything wrong.
You see, the code was dictated directly by a divine power to each of the unix creators, all of which were born from virgin mothers, including the last of the prophets, St. Linus.
Sounds unrealistic? Read the thread on Wayland to see the fanbois rushing to the defense of X simply because it's part of *nix. For every one comment that could say something actually good about X there were dozens who didn't say any more substantive than "X rulz!!" .
Slashdot Mirror
As to N.A. and A.M if you ask most mathematician they will tell you those fields are not really math.
The Curry-Howard link is neither here nor there. Math is applied routinely in many sciences, and is often inspired by reality (more so in the past that recently) yet this has never been central to what math is.
Eh, most computer scientists are not going to be able to develop a system that meets specifications by a deadline unless they also have software engineering skills. ...which in practice are taught in nearly all computer science undergraduate programs. So anyone currently claiming some superiority of SEers over CSers is likely just trying to prop their own degree.
I've developed shipping code for companies as well as research projects at university. Research code is write-only since it is not worth architecting properly something that is meant for one time use, not because of some supposed lack of software engineering skills.
Heck! a good software engineer is equally likely to program a write only perl script to do a one time migration of their system.
Computer science is a branch of mathematics;
False. Mathematics does not care about grounding or motivation in reality. Computer science without grounding in reality is math, computer science with grounding in reality is how should I put this, computer science.
one is called slavery
It's called taxes which is actually a form of an insurance scheme. If you cannot criticize it without making false names for it, you must have no cogent reasons to attack it.
Attacks like that rich on epithets and short on reasons is why the GOP keeps loosing the moderate middle. Sure, it drives up the ratings of Rush Limbaugh and Ann Coulter, but not the ratings of the people that would actually matter (Romney/Ryan) as shown last Tuesday.
Assuming there are reduced supplies. This seems to be the case here but in others it is not always the case, like in the Irish potato famine, which took place while the granaries of England we full.
Libertarianism is borne out of stunted development, when people do not understand why they need to share their toy with Jimmy.
It's borne out of unsophisticated positions that cannot see far enough to realize that a modicum amount of an active threat of power by a democratically elected state is the only thing keeping us away from a Lord-of-the-Flies Life-of-Pi barbaric reality. Or if you want a real life example, Somalia, Sealand or Europe in the Middle Ages.
as thy are banned weapons since ages.
They are most definitely not banned. Current models in use in the USA rmed forces are the M9 Bayonet and the OKC-3S bayonet.
That is exactly the point. People expect politicians to lie, yet Romney told such whoppers that he will forever have the distinction of being the first presidential candidate where the other side could actually run a successful campaign on the basis of highlighting his lies.
The media are in the business of selling advertisements, not informing the public. The better venues will start with a sensationalist headline and admit to the truth somewhere near the end of the article, the average ones will stick to the half truths and never clarify that they are hyping up the story to keep the eyeball count up.
One can find such sensationalist pieces in pretty much all subjects, ranging from politics to sports to science to business.
if everyone respect the spirit of the law instead of finding holes in the letter of it,
Actually it is perfectly possible to give legal standing to the "spirit of the law" over the "letter of the law".
This is called a purposive aproach, and other countries will rule that a certain loophole, while technically allowed by the letter of the law, is so obviously against the spirit of the law that any normal person ought to have known that it was illegal.
Pixar did gain a great deal of creative control of Disney Studios,
Make that complete creative control. It was a condition of the Pixar purchase, and it worked. Disney is much better today financially and artistically that it ever was.
defaulting on debt makes them a minor third rate country.
which sadly, is what they have been all along. they do not belong in Europe until they make major strides towards development.
Their debts are enumerated in euros so they have to pay them back in euros.
Nope, they can simply default on the debt and pay it back in Drachmas, like many other countries have done in the past.
You are confused. The permissions are an AND, you need the word processor AND you have to be you to open the document.
you're back to not allowing a user to hand edit his own documents.
Not really. What this says is that by default only the right application should open the document, but a regular user can override this through UAC (as opposed to you reading someone else's documents which requires superuser/root privileges).
That is a violation of one of the key philosophies of unix where a chain of small specialist programs can be combined to do work.
Again this is a philosophical explanation of how the security weakness came to be, but it doesn't make it any more secure to explain why it has no ACLs.
thank you for explaining why the security hole came to be, and why it might be hard to fix, or alternative, why ACLs feel like a kludge. The fact remains however, that file security in Unix is unsophisticated and as such one of its weak points.
It's the "Apple way" of forbidding anything but the Anointed Holy Programs from operating on my files, that is broken
I said so myself. The solution is to have the safety device enabled by default and raise an exception when breaking it, which, depending how you do it, takes you to the world of sudo or windows style UACs.
Would you care to explain what is kludgey in using the uid namespace to also provide per-application ownership?
Gladly. The main problem is that user space and app space are orthogonal. Good security requires the ability to say "this file shouldn't be touched by anyone other than joe blow using acrobat reader". Each of the two parameters, namely userid and appid are independent and need to be treated differently.
So just because joe blow is a superuser this doesn't mean that all of his programs should run in that mode. In fact this deficiency is what eventually lead to the deprecation of su in favor of the sudo command, itself an 80s addition to Unix and not really popular until the mid-to-late 90s. It is an attempt to try to prevent unwanted inheritance of the su privileges to one and all applications.
This way for example, the java sandbox would be created by the OS rather than by the JVM sandbox kludge. The OS knows that the browser is not allowed to write to disk except to ~/.cache and ~/,downloads and you don't have to worry about what is the payload. You also want to have a per app+directory quota, to avoid denial-of-service attacks via disk/user account overflow.
All of these things were already available in 70s mainframe operating systems and greatly increase security. They were echoed in the Mac design which completely forbade the wrong app from opening a file (itself a bit of an overkill, as it made it impossible, for example, to hand edit a postscript file or to print a manually generated postscript file)
In fact most commercial flavors of unix are aware of this, and hence support an extended form of Access Control Lists (ACLs). However these have never taken on as all implementations feel awkwardly grafted into the file system.
was specifically designed not to have any sort of security, versus what was seen as the draconian measures taken by "mainframe mentality" operating systems like UNIX (from Bell Labs, 1969).
pffffft (spits coffee out) Unix security what?
Unix was designed as an experimental operating system for a lab setting and hence had the weakest security of all OSes at the time. In fact, old timers will remember the common quip from the 80's and early 90's: Unix security is an oxymoron.
Here's a sample quote from 1986:
"UNIX Security" is an oxymoron. It's an easy system to brute-
force hack (most UNIX systems don't hang up after x number of login
tries, and there are a number of default logins, such as root, bin,
sys and uucp). Once you're in the system, you can easily bring
it to its knees (see my previous Phrack article, "UNIX Nasty Tricks")
or, if you know a little 'C', you can make the system work for you
and totally eliminate the security barriers to creating your own
logins, reading anybody's files, etcetera. This file will outline
such ways by presenting 'C' code that you can implement yourself.
For example: 1) the original Unix did not even have disk quotas. 2) as late as the early 1990s any regular user could bring the entire system down with a simple stty command, 3) wall used to be enabled to all users by default which included the ability of writing control characters in someone else's TTY 4) the password file containing the encrypted passwords used to be publicly readable which opens the system to offline attacks 5) to this date, *nix does not support well the concept of application ownership of a file which leads to programs requiring their own user account, which is another kludge.
Unix security today is a hard won battle by many people who patched up the original Unix system. Even so it is still subpar compared to big iron mainframe security.
A hearing aid is basically just a microphone and amplifier in your ear so
This is like saying that a Ferrari is basically a VW bug on a race track so why is it so expensive? [yay car analogy!].
A good hearing aid has a microphone, speaker, battery and amplifier which are 1/50th the size of the one in your cellphone yet deliver much higher quality of sound all while filtering undesirable sounds.
Yes, in my opinion they are overpriced, but arguing that they are just a microphone and an amplifier is just ignorant.
Oh, I'm sure they vetted it to be sure that nothing could come back on them ...
Correct, which is why the movie goes to great pains to emphasize that the story is as told in depositions. They are not claiming that's what happened, they are claiming that is what was said in the depositions, which is entirely factual.
but I suspect there's a lot of rainbows and kittens in there they let slide by which don't quite match up to reality .
To the contrary, given that they are dealing with people with ample access to funds, I'm sure dramatic license is comparatively minor.
Further to that, since /. doesn't have an edit button:
From IMDB:
Much of the film is based on testimony given at a number of depositions related to the lawsuits brought by Eduardo Saverin, the Winklevoss twins, and Divya Narendra. To this extent, the film might be considered very accurate. However, as the character Mark points out in the film, people do lie in depositions. [However if those lies are proven you could be charged with perjury]
Both Eduardo Saverin and the Winklevoss twins claim the film is very accurate while Zuckerberg and Parker maintain that it is a work of fiction.
"The Social Network" perspective which has been thoroughly refuted.
[citation needed]
In fact, the movie was thoroughly vetted by lawyers from Columbia Pictures, so I seriously doubt this would ever be the case in any substantive way.
The only reason this isn't happening is that there are no terrorists.
This. There was essentially no security flying from Mexico to the USA between 9/11 and somewhere around. 2009. Minimal perfunctory checking, no "take your shoes off" or "let me see you naked" crap. And guess what? not a single terrorist attack took place.
Americans complained about this around 2007 so the Mexican authorities created a special "security theater" line for Americans only, which seemed to make the 'tards happy.
Eventually the 'merkins clued into this, and forced a real pat down for everyone. There was no gain in security, but it makes them feel good, so we all have to go through it, even though it's useless security theater as already admitted to by the former head of the TSA.
tell us that (a) we represent 1e-308% of the users and therefore should basically go to hell
Wayland has an X11 compatibility mode. So in what sense is that a "go to hell message"?
make up weird stuff about how X11 is deficient that is basically not true.
The two modern versions of *nix, namely OSX and Android ditched X. That alone should tell you a lot about it.
But if you go back and look at the design specifications of X around which the architecture was developed you'll see why it is the wrong tool for the job. It was designed for remote terminal window manager with thin client aspirations. These are not the main uses of X today, so it is not surprising that it is found to be fundamentally deficient by people who peek under the hood.
Android. Look at the N9 with an award winning UI. It uses X and is really cool (on outdated hardware).
From wikipedia:
Android does not have a native X Window System by default nor does it support the full set of standard GNU libraries
No, you are wrong X has to be perfect because it is part of *nix and any self-respecting fanboi knows that Unix cannot possibly have gotten anything wrong.
You see, the code was dictated directly by a divine power to each of the unix creators, all of which were born from virgin mothers, including the last of the prophets, St. Linus.
Sounds unrealistic? Read the thread on Wayland to see the fanbois rushing to the defense of X simply because it's part of *nix. For every one comment that could say something actually good about X there were dozens who didn't say any more substantive than "X rulz!!" .
Mod me down, I have karma to burn.