Large chunks of new code typically have lots of interactions that most people don't suspect. Some easter-eggs have remained hidden for over a decade. There's nothing unlikely about something unexpected hiding in systemd. What would be surprising was if there weren't. Now assuming that it was put there intentionally is a bit of a stretch, but not a huge stretch, because that, also, has happened before.
If I understand what I'm seeing correctly, Firefox doesn't mark them as trusted, but it's not clear to me why they are grouped together with AddTrust, which is trusted. And a simple search says it is "powered by Comodo". Does this mean that they should also be untrusted?
While true, importers from China also do a lot of essentially "bait and switch", where the first order of a product will be excellent, and then you place a real order and end up will things that only technically meet their advertised specifications...if that. It's hard to know who is doing the deceptive work here, as there are several middlemen, but it happens. And it tends to give all Chinese merchandise a bad name. And perhaps deservedly so. Melamine added to pet food? Where did it come from?
This doesn't mean that all Chinese merchandise is garbage, but it means that if you don't run Q/A acceptance tests on each batch you can't trust it. Perhaps within China this is different, though there have been some stories that indicate otherwise.
I've seen projections that indicate that China will dominate the next couple of decades and then India will move in front. Do I believe them? Not really, but I also don't dismiss them. China has a lot of things going for it, but it's also got a lot of problems. Ditto for India, though it's currently behind China.
The problem with that is...Qt isn't an OS. It isn't even a desktop. It's a set of libraries, mainly, but not entirely, graphics.
So while it may well use Qt for Android, that couldn't be the OS, or even the GUI...just a component. (Still sounds like a good idea, at first glance, but don't overclaim for it.)
I rarely buy a laptop, but thanks for telling me a couple of more things to check. I'll probably just try to avoid getting one with a camera, as I wouldn't want that for anything anyway. (I have a usb camera I can plug in when I choose...but I rarely do so.)
The thing to notice is that the evil stuff they did didn't really start until after their management was swallowed by Hollywood. Prior to that Sony was an excellent company producing superb technical goods.
So, to me, this is another example of why you should never trust anyone associated withe either the MPAA or the RIAA. And that explicitly includes SONY.
To say they chose poorly is to make an assumption about what their goals were. When I look at the legislation introduced based on this attack I have to suspect that allowing the attack to go forwards was the action that they evaluated as having maximal positive effect.
Good luck updating all your vulnerable software, whatever your OS. It is quite legal for this code to be embedded within other code, so there's no guarantee that FOSS programs haven't done so...or done so for portions of the code, which would make an update problematical.
Indeed, but shared libraries have their own problems, which have the general name "central point of failure" and include things like the interface being updated in a way incompatible with your application, but also the central repository being hacked, and many other cases. I would hesitate to say that either approach is, in general, better than the other, but each approach avoids many of the problems inherent in the other.
D is a truly terrible name to search for on the web. I understand the rationale behind it, but search engines needed more consideration. Asking everyone referring to it to use the phrase "the D programming language" isn't an optimal solution. Even dlang (analogous to golang) would have been better.
While there's a certain amount of justice in that position, I'd be more open to it if C++ was less of a cluster-fuck. It works, sort of, but UGLY!!
That said D is putting a lot of effort into developing template level stuff which is NOT where my interest is. I understand that it helps make efficient code that you can specify at compile time, but I'm more interested in efficient code that you can adapt at run time. Objective-C would be reasonable, I think, if development hadn't stopped on anything except Apple. And Apple has a history of dropping languages and leaving them to die. I spent many years with ObjectPascal for the Apple.
So I agree that D needs to have an Open Standards organization set up...but it should probably be controlled by Walter Bright. It already is rather open, with two forks (LDC and GDC: LLVM and gcc based implementations), but there does need to be some sort of standards process. As the Python community put it "What happens if Guido is hit by a bus?". Possibly the same approach would be effective.
There are classes of bugs that would not show up in Rust programs. But most languages can make the same claim (for different classes of bugs). The only exception I can think of is (non-macro) assembler.
Probably the safest reasonable language is SparkAda, which is a subset of Ada. But it's not really convenient to use it.
And, honestly, a complete language is going to have entire classes of bugs that cannot be detected. This is sort of a corollary to the halting problem.
That said, Rust claims to be immune to classes of bugs that make concurrent execution difficult. I prefer message passing, though.
That was the quote, and that was the hypothesis. It's been shown to be *largely* true, but not guaranteed. The actual statement should have been a lot more modest, something along the lines of: given enough eyes, most bugs are shallow, but some aren't
Open Source tends to have its bugs corrected more rapidly, but this is only a tendency, and it seems to depend more on the number of people trying to join the project than on the number of people using the project. E.g., I've never looked at the source code of most of the tools I use, but I have looked at various compiler libraries.
Look up the history of the word "lobbyist". It refers to petitioning the congressman in the lobby of the Capitol building. This was a great advantage to those who could afford to hire someone to do that. The word now has a more general meaning than it did originally, but I was referring to (what I understand) to be the original meaning. And this change in the rules happened within a decade of 1860.
Look at the power figures. This is already a highly modified system. I think the term "inspired by" is closer than copied. (There seem to be claims that there was a copy made about 20 years ago, but that's a lot of development time ago.)
I think there term you're looking for is "inspired by".
It's not clear to me that a similarity of instructions is sufficient to require a license. Now if you were claiming that the implementation of the instructions were similar, that might be a valid point.
Even so, I'd be dubious. DEC hasn't been around for over a decade, so a new high-end processor isn't likely to have used it's techniques. The Alpha 21164 was released around 1995, that's about 20 years ago. I doubt that there are valid patents or copyrights, and you clearly aren't asserting trademark violation. Even if there were copyrights, they would need to be considered "abandonware", though I'm not sure that is actually a legal term.
Outside of being a snark, that's really an almost sensible take in a hugely concurrent computer. It does set a limit on the size of chunk each processor can handle. (At a wild guess, 32 or 16KB, since it's got to be doing something besides holding the data.) But most tasks can be broken into chunks that large (that small?) without causing undue contortions. The real problem is limiting the necessary interprocessor communication, and a large chunk size is one way to do that...but by 16KB you may have gotten most of the benefits.
I don't find that usage of "obsolete" to be useful to anyone outside of marketing. It is true that there are definite costs to using software for an environment that is no longer maintained, but I do so every day for some software written for Linux 2.2. I don't consider it obsolete, because I have found no acceptable replacement. Occasionally I look for a better way to virtualize it.
There is other software that I WOULD handle in the same way, except that it's illegal...and I can't afford a lawyer and a court case. But I certainly understand the need or desire to continue running the version of the software that hasn't been updated into unusability. And based on my past experience I wouldn't be surprised to find that some vitally needed features of the older version have been trimmed from the more recent ones.
That they essentially couldn't use OSS software I can "sort-of" accept. At the time custom written software wasn't at all uncommon, and being in a niche wouldn't have been a problem for a bespoke solution. (At that time I was earning my living as an in-house developer of bespoke solutions.)
All that said, they made a stupid "purchasing decision". But that doesn't mean that they should be required to put people's lives at risk.
You've got a lot of trust in "supported". I've more than once run into problems that were marked "won't fix". Working software in a stable environment is more likely to break if it receives "support changes" then if it doesn't. You do need to guard it against intrusions, but this is MSDOS software, so presumably it doesn't permit networked access. And presumably it's being run in a virtual environment that also doesn't permit networked access to its internals.
Businesses, by your definition, should not be supported by society.
Businesses by a more reasonable definition deserve support. If the business is good for society, then the business deserves support. If not, not. The laws should be so written, and used to be before bribing the legislators became so popular. Originally a corporation to be allowed a charter had to convince the government issuing the charter that it would be socially beneficial. Some charters were only for a limited amount of time anyway. I believe that Louisiana still has on its books a provision allowing a corporate charter to be revoked for being damaging to society. I've never heard of it being used, but it's still there as far as I know.
In the US the turning point was around the time of the Civil War (the 1860's) when it became legal to lobby Congressional representatives. I'm not sure of the exact date, but plus or minus a decade, and that was just a point of inflection, the trend had been increasing probably since the 1780's. And before then the Constitution didn't exist...but it started before the Constitution, though probably not before independence, as prior to that the power was in London.
This is just an example of the general principle that those who are powerful will look for ways to make themselves more powerful. And the operation of this principle is not always nefarious...it just tends to be so.
Slashdot Mirror
No.
Large chunks of new code typically have lots of interactions that most people don't suspect. Some easter-eggs have remained hidden for over a decade. There's nothing unlikely about something unexpected hiding in systemd. What would be surprising was if there weren't. Now assuming that it was put there intentionally is a bit of a stretch, but not a huge stretch, because that, also, has happened before.
This is a bad sub-decision that we hope will get steamrolled on appeal.
If I understand what I'm seeing correctly, Firefox doesn't mark them as trusted, but it's not clear to me why they are grouped together with AddTrust, which is trusted. And a simple search says it is "powered by Comodo". Does this mean that they should also be untrusted?
While true, importers from China also do a lot of essentially "bait and switch", where the first order of a product will be excellent, and then you place a real order and end up will things that only technically meet their advertised specifications...if that. It's hard to know who is doing the deceptive work here, as there are several middlemen, but it happens. And it tends to give all Chinese merchandise a bad name. And perhaps deservedly so. Melamine added to pet food? Where did it come from?
This doesn't mean that all Chinese merchandise is garbage, but it means that if you don't run Q/A acceptance tests on each batch you can't trust it. Perhaps within China this is different, though there have been some stories that indicate otherwise.
I've seen projections that indicate that China will dominate the next couple of decades and then India will move in front. Do I believe them? Not really, but I also don't dismiss them. China has a lot of things going for it, but it's also got a lot of problems. Ditto for India, though it's currently behind China.
The problem with that is...Qt isn't an OS. It isn't even a desktop. It's a set of libraries, mainly, but not entirely, graphics.
So while it may well use Qt for Android, that couldn't be the OS, or even the GUI...just a component. (Still sounds like a good idea, at first glance, but don't overclaim for it.)
I rarely buy a laptop, but thanks for telling me a couple of more things to check. I'll probably just try to avoid getting one with a camera, as I wouldn't want that for anything anyway. (I have a usb camera I can plug in when I choose...but I rarely do so.)
And if they only use a part of it? That's where the real update problem comes in if it's open source.
There are other reason to never buy anything from Sony, but this is a good one. Never buy anything from Sony.
Since then I won't even buy blank CDs with their logo, because I'd be ashamed to be associated with them.
The thing to notice is that the evil stuff they did didn't really start until after their management was swallowed by Hollywood. Prior to that Sony was an excellent company producing superb technical goods.
So, to me, this is another example of why you should never trust anyone associated withe either the MPAA or the RIAA. And that explicitly includes SONY.
To say they chose poorly is to make an assumption about what their goals were. When I look at the legislation introduced based on this attack I have to suspect that allowing the attack to go forwards was the action that they evaluated as having maximal positive effect.
Good luck updating all your vulnerable software, whatever your OS. It is quite legal for this code to be embedded within other code, so there's no guarantee that FOSS programs haven't done so...or done so for portions of the code, which would make an update problematical.
Indeed, but shared libraries have their own problems, which have the general name "central point of failure" and include things like the interface being updated in a way incompatible with your application, but also the central repository being hacked, and many other cases. I would hesitate to say that either approach is, in general, better than the other, but each approach avoids many of the problems inherent in the other.
D is a truly terrible name to search for on the web. I understand the rationale behind it, but search engines needed more consideration. Asking everyone referring to it to use the phrase "the D programming language" isn't an optimal solution. Even dlang (analogous to golang) would have been better.
While there's a certain amount of justice in that position, I'd be more open to it if C++ was less of a cluster-fuck. It works, sort of, but UGLY!!
That said D is putting a lot of effort into developing template level stuff which is NOT where my interest is. I understand that it helps make efficient code that you can specify at compile time, but I'm more interested in efficient code that you can adapt at run time. Objective-C would be reasonable, I think, if development hadn't stopped on anything except Apple. And Apple has a history of dropping languages and leaving them to die. I spent many years with ObjectPascal for the Apple.
So I agree that D needs to have an Open Standards organization set up...but it should probably be controlled by Walter Bright. It already is rather open, with two forks (LDC and GDC: LLVM and gcc based implementations), but there does need to be some sort of standards process. As the Python community put it "What happens if Guido is hit by a bus?". Possibly the same approach would be effective.
There are classes of bugs that would not show up in Rust programs. But most languages can make the same claim (for different classes of bugs). The only exception I can think of is (non-macro) assembler.
Probably the safest reasonable language is SparkAda, which is a subset of Ada. But it's not really convenient to use it.
And, honestly, a complete language is going to have entire classes of bugs that cannot be detected. This is sort of a corollary to the halting problem.
That said, Rust claims to be immune to classes of bugs that make concurrent execution difficult. I prefer message passing, though.
That was the quote, and that was the hypothesis. It's been shown to be *largely* true, but not guaranteed. The actual statement should have been a lot more modest, something along the lines of:
given enough eyes, most bugs are shallow, but some aren't
Open Source tends to have its bugs corrected more rapidly, but this is only a tendency, and it seems to depend more on the number of people trying to join the project than on the number of people using the project. E.g., I've never looked at the source code of most of the tools I use, but I have looked at various compiler libraries.
Look up the history of the word "lobbyist". It refers to petitioning the congressman in the lobby of the Capitol building. This was a great advantage to those who could afford to hire someone to do that. The word now has a more general meaning than it did originally, but I was referring to (what I understand) to be the original meaning. And this change in the rules happened within a decade of 1860.
Look at the power figures. This is already a highly modified system. I think the term "inspired by" is closer than copied. (There seem to be claims that there was a copy made about 20 years ago, but that's a lot of development time ago.)
I think there term you're looking for is "inspired by".
It's not clear to me that a similarity of instructions is sufficient to require a license. Now if you were claiming that the implementation of the instructions were similar, that might be a valid point.
Even so, I'd be dubious. DEC hasn't been around for over a decade, so a new high-end processor isn't likely to have used it's techniques. The Alpha 21164 was released around 1995, that's about 20 years ago. I doubt that there are valid patents or copyrights, and you clearly aren't asserting trademark violation. Even if there were copyrights, they would need to be considered "abandonware", though I'm not sure that is actually a legal term.
That can't be! Just the other day we were authoritatively told the secure foreign cryptography was only theoretical.
64KB should be enough for anyone.
Outside of being a snark, that's really an almost sensible take in a hugely concurrent computer. It does set a limit on the size of chunk each processor can handle. (At a wild guess, 32 or 16KB, since it's got to be doing something besides holding the data.) But most tasks can be broken into chunks that large (that small?) without causing undue contortions. The real problem is limiting the necessary interprocessor communication, and a large chunk size is one way to do that...but by 16KB you may have gotten most of the benefits.
I don't find that usage of "obsolete" to be useful to anyone outside of marketing. It is true that there are definite costs to using software for an environment that is no longer maintained, but I do so every day for some software written for Linux 2.2. I don't consider it obsolete, because I have found no acceptable replacement. Occasionally I look for a better way to virtualize it.
There is other software that I WOULD handle in the same way, except that it's illegal...and I can't afford a lawyer and a court case. But I certainly understand the need or desire to continue running the version of the software that hasn't been updated into unusability. And based on my past experience I wouldn't be surprised to find that some vitally needed features of the older version have been trimmed from the more recent ones.
That they essentially couldn't use OSS software I can "sort-of" accept. At the time custom written software wasn't at all uncommon, and being in a niche wouldn't have been a problem for a bespoke solution. (At that time I was earning my living as an in-house developer of bespoke solutions.)
All that said, they made a stupid "purchasing decision". But that doesn't mean that they should be required to put people's lives at risk.
You've got a lot of trust in "supported". I've more than once run into problems that were marked "won't fix". Working software in a stable environment is more likely to break if it receives "support changes" then if it doesn't. You do need to guard it against intrusions, but this is MSDOS software, so presumably it doesn't permit networked access. And presumably it's being run in a virtual environment that also doesn't permit networked access to its internals.
Businesses, by your definition, should not be supported by society.
Businesses by a more reasonable definition deserve support. If the business is good for society, then the business deserves support. If not, not. The laws should be so written, and used to be before bribing the legislators became so popular. Originally a corporation to be allowed a charter had to convince the government issuing the charter that it would be socially beneficial. Some charters were only for a limited amount of time anyway. I believe that Louisiana still has on its books a provision allowing a corporate charter to be revoked for being damaging to society. I've never heard of it being used, but it's still there as far as I know.
In the US the turning point was around the time of the Civil War (the 1860's) when it became legal to lobby Congressional representatives. I'm not sure of the exact date, but plus or minus a decade, and that was just a point of inflection, the trend had been increasing probably since the 1780's. And before then the Constitution didn't exist...but it started before the Constitution, though probably not before independence, as prior to that the power was in London.
This is just an example of the general principle that those who are powerful will look for ways to make themselves more powerful. And the operation of this principle is not always nefarious...it just tends to be so.