I know what sudo does. I know about filesystem capabilities. I know about NFSv4 ACLs.
But look at e.g. passwd - it needs to be suid so it can update your password hash. It doesn't just get a token that gives it permission to update your password hash, it gets permission to do whatever the fuck it wants on your system. Then you have a whitelist of what it's supposed to be able to do in SELinux that should hopefully stop it from doing anything besides updating a password hash, but there's nothing to stop it updating the password hash for a user other than the one who ran it, or blowing away the password hashes entirely or something. Without SELinux, a bug in passwd has the potential to totally pwn your system, and with SELinux it a bug could still wreak havoc with the password hash database.
By comparison, on Windows when you want to change your password, the program can get a security token that just gives it permission to change your password. It doesn't need to escalate all the way to root privileges, you don't need a separately maintained whitelist for what this program can do. A bug in a password change utility on Windows can at worst change your password to something stupid.
That's not to say that Windows is perfect, or that applications will always only request the rights they need (plenty of "enterprise" tools grab all the rights they can all the time because it's easier for developers), but fundamentally security tokens are a better model than the *NIX approach of suid and hope it doesn't have an exploitable bug.
Role-based administration and privilege separation. Linux still sucks in this area. With windows you get a security token that gives you permission to do just what you need, on Linux you need to suid yourself to root to do just about anything, which allows you to do absolutely everything. The massive whitelist that is selinux is a backwards way of implementing security.
If you could take an ancient Athenian and bring them to the present, they wouldn't recognise our "democracy" as being the same thing as theirs at all. They restricted the vote to males over the age of 30 with military service (no concept of universal suffrage), they had direct democracy (not election of representatives), and they also had ostracism as a disincentive for abuse of power. It's also worth pointing out that ancient Athens was far more stable under tyranny than democracy.
Yeah, so instead of patching your system-wide copy of OpenSSL for the next heartbleed, you get to patch the copy embedded in every snap. Isn't that fantastic?
China doesn't have a uniform national business register like e.g. Australia has. The rules for registering a business don't just vary by state or city, but down to the locality within a city. The more prestigious locations often have stricter regulation and more stringent reporting requirements, but (partly as a side effect of this) make it easier to raise capital. Often the company doesn't really have an office there - a number of companies will pool together to rent a small office with one dude sitting at a desk doing very little and use it as their registered business address.
I didn't suggest legalising child prostitution, I suggested legalising and regulating prostitution. This makes it safer for the sex workers and their clients. One pretty universal regulation in places with legalised prostitution requires providers and clients to be no younger than 18. If you have safe, legal prostitution, there's less incentive for people to take their business to sex traffickers.
Remember when NetFront actually wrote a browser, rather than wrapping WebKit? I had the NEC e606 and e616 phones that had the actual NetFront mobile browser. It made a decent effort to render pages on a tiny screen and make them usable with just the eight-way controller.
I've had several Toyotas and they've been incredibly reliable. Took them in for a service twice a year, and nothing ever went wrong. Didn't even need to top up fluid levels in between.
And I'd respond: Really? I learned it as "Black bastards rape our young girls but virgins go without."
Another one of my favourites is, "A Pussy So Tight No Dick Penetrates" (OSI network stack - Application, Presentation, Session, Transport, Network, Datalink, Physical).
I had something similar although less exciting happen to me in early 2004. On claiming to be an electrical engineer, the immigration agent or whatever the US calls him scrawled a physics equation on a piece of paper and asked me what it meant to me. He was satisfied with whatever explanation I gave and let me through. I don't know if they've always done this, or if it's a post-9/11 thing, but it's been happening for more than a decade.
Before OSX, Macs did have one root per file filesystem, but users referred to them by name (roughly equivalent to volume labels), and internally the OS dynamically assigned them positive 16-bit IDs as they were mounted.
BPA (Bisphenol A) is not a PCB (Polychlorinated Biphenyl), in fact it isn't chlorinated at all. It isn't completely banned like PCBs. Also, PCBs were never knowingly used in food packaging.
You've missed my point. The people I have a problem with are people who will avoid a goto at all costs, even doing things like this so they can say they didn't use a goto:
do {...
if (exit_cond) break;... } while (0);
I really have seen that done in a popular piece of open source software. If a goto really is the cleanest way to achieve what you need to do, then just use a goto. Don't write code that does a goto while using some convoluted means to avoid the goto keyword.
That said, in C++ there are many situations where you can do better than use a goto. For example cleaning up on error is better done with destructors as it will be exception-safe, and exceptions provide a structured goto that only lets you jump out, but lets you do so across multiple frames.
People seem happy to hate on goto while using other things that are goto in all but name (break, continue, return, throw). Throw/catch is particularly useful as a non-local goto in places where you want to catch some kind of condition (usually an error) that can be detected in lots of places. C++ RAII eliminates most of the need for local gotos though - you can make local classes with destructors for cleanup, with the added benefit that it's exception-safe.
Bushnell was also a very good salesman, and that's very important when starting a business, particularly a business pioneering a new field. That said, he became a liability after Atari grew past that phase, and I agree that he loves taking credit for others' work, and should fuck off and die.
You pretty much only get prosecuted if something bad happens and they find that unlicensed work was done. I've done various stuff to electrical supply and fixed phone line installations without the appropriate licenses and never been in trouble.
Slashdot Mirror
I know what sudo does. I know about filesystem capabilities. I know about NFSv4 ACLs.
But look at e.g. passwd - it needs to be suid so it can update your password hash. It doesn't just get a token that gives it permission to update your password hash, it gets permission to do whatever the fuck it wants on your system. Then you have a whitelist of what it's supposed to be able to do in SELinux that should hopefully stop it from doing anything besides updating a password hash, but there's nothing to stop it updating the password hash for a user other than the one who ran it, or blowing away the password hashes entirely or something. Without SELinux, a bug in passwd has the potential to totally pwn your system, and with SELinux it a bug could still wreak havoc with the password hash database.
By comparison, on Windows when you want to change your password, the program can get a security token that just gives it permission to change your password. It doesn't need to escalate all the way to root privileges, you don't need a separately maintained whitelist for what this program can do. A bug in a password change utility on Windows can at worst change your password to something stupid.
That's not to say that Windows is perfect, or that applications will always only request the rights they need (plenty of "enterprise" tools grab all the rights they can all the time because it's easier for developers), but fundamentally security tokens are a better model than the *NIX approach of suid and hope it doesn't have an exploitable bug.
Role-based administration and privilege separation. Linux still sucks in this area. With windows you get a security token that gives you permission to do just what you need, on Linux you need to suid yourself to root to do just about anything, which allows you to do absolutely everything. The massive whitelist that is selinux is a backwards way of implementing security.
If you could take an ancient Athenian and bring them to the present, they wouldn't recognise our "democracy" as being the same thing as theirs at all. They restricted the vote to males over the age of 30 with military service (no concept of universal suffrage), they had direct democracy (not election of representatives), and they also had ostracism as a disincentive for abuse of power. It's also worth pointing out that ancient Athens was far more stable under tyranny than democracy.
What? It's been 999 like since forever.
Yeah, so instead of patching your system-wide copy of OpenSSL for the next heartbleed, you get to patch the copy embedded in every snap. Isn't that fantastic?
China doesn't have a uniform national business register like e.g. Australia has. The rules for registering a business don't just vary by state or city, but down to the locality within a city. The more prestigious locations often have stricter regulation and more stringent reporting requirements, but (partly as a side effect of this) make it easier to raise capital. Often the company doesn't really have an office there - a number of companies will pool together to rent a small office with one dude sitting at a desk doing very little and use it as their registered business address.
I didn't suggest legalising child prostitution, I suggested legalising and regulating prostitution. This makes it safer for the sex workers and their clients. One pretty universal regulation in places with legalised prostitution requires providers and clients to be no younger than 18. If you have safe, legal prostitution, there's less incentive for people to take their business to sex traffickers.
Your hypothetical ebook vendor is a bad example. They depend on contract law enforcement, IP law enforcement, and of course stable fiat currency.
How about legalising/regulating prostitution so there's less incentive?
The Austin Powers sequels are both better than the original.
Remember when NetFront actually wrote a browser, rather than wrapping WebKit? I had the NEC e606 and e616 phones that had the actual NetFront mobile browser. It made a decent effort to render pages on a tiny screen and make them usable with just the eight-way controller.
I've had several Toyotas and they've been incredibly reliable. Took them in for a service twice a year, and nothing ever went wrong. Didn't even need to top up fluid levels in between.
Have you actually used the built-in ESXi web client lately? It's pretty good these days.
And I'd respond: Really? I learned it as "Black bastards rape our young girls but virgins go without."
Another one of my favourites is, "A Pussy So Tight No Dick Penetrates" (OSI network stack - Application, Presentation, Session, Transport, Network, Datalink, Physical).
I had something similar although less exciting happen to me in early 2004. On claiming to be an electrical engineer, the immigration agent or whatever the US calls him scrawled a physics equation on a piece of paper and asked me what it meant to me. He was satisfied with whatever explanation I gave and let me through. I don't know if they've always done this, or if it's a post-9/11 thing, but it's been happening for more than a decade.
And how can you forget him as a respectable polygamist in HBO drama Big Love?
Before OSX, Macs did have one root per file filesystem, but users referred to them by name (roughly equivalent to volume labels), and internally the OS dynamically assigned them positive 16-bit IDs as they were mounted.
Hey there are people who resort to packing in order to get a bigger bulge.
BPA (Bisphenol A) is not a PCB (Polychlorinated Biphenyl), in fact it isn't chlorinated at all. It isn't completely banned like PCBs. Also, PCBs were never knowingly used in food packaging.
Yeah, but all of that would be far more efficient with a purpose-built ship that wasn't also carrying an entire airbase.
Anyone can be "anonymous" - that's the thing. It's a label different people use at different times.
You've missed my point. The people I have a problem with are people who will avoid a goto at all costs, even doing things like this so they can say they didn't use a goto:
do { ... ...
if (exit_cond) break;
} while (0);
I really have seen that done in a popular piece of open source software. If a goto really is the cleanest way to achieve what you need to do, then just use a goto. Don't write code that does a goto while using some convoluted means to avoid the goto keyword.
That said, in C++ there are many situations where you can do better than use a goto. For example cleaning up on error is better done with destructors as it will be exception-safe, and exceptions provide a structured goto that only lets you jump out, but lets you do so across multiple frames.
People seem happy to hate on goto while using other things that are goto in all but name (break, continue, return, throw). Throw/catch is particularly useful as a non-local goto in places where you want to catch some kind of condition (usually an error) that can be detected in lots of places. C++ RAII eliminates most of the need for local gotos though - you can make local classes with destructors for cleanup, with the added benefit that it's exception-safe.
Bushnell was also a very good salesman, and that's very important when starting a business, particularly a business pioneering a new field. That said, he became a liability after Atari grew past that phase, and I agree that he loves taking credit for others' work, and should fuck off and die.
You pretty much only get prosecuted if something bad happens and they find that unlicensed work was done. I've done various stuff to electrical supply and fixed phone line installations without the appropriate licenses and never been in trouble.