AV systems already do that. They have software that monitors for suspicious behavior and pops up a message box if it does. Like if it tries modifying an executable, it will warn out. Firewall software (sometimes bundled with AV software) will also question you if you want to allow certain outgoing/incoming connections.
This is nothing new. And your proposal is worse than the existing ones, because it will test them for a fixed period of time. The virus/worm can just wait until that period of time is over until it does something naughty. Existing sandboxes, however, work non-stop, they don't just shut off after they've made an aribtrary determination that it's not a virus.
That's a horrible idea. There are tens of thousands of software packages and basically you're suggesting that some mystery company personally audit every single relese of each piece of software. Who exactly is going to pay the hundreds of millions of dollars to do that auditing? What's the criteria used for auditing in the first place?
Everyone who released new software/utilities is going to have wait weeks or months to get their software approved, because the auditors are inevitably going to be backlogged.
Oh and getting uploaded to a reputable FTP site doesn't mean much of anything. Even ignoring that it will include tons of software that those sites don't want to include, those sites don't actually do any auditing other than virus scanning the files themselves.
I can't believe this was modded up as +5 Insightful. This anonymous coward literally just suggested a system that was either 99% or 100% secure. That's a complete joke, no such thing exists, especially when it's the stupid end user that's the weakest link.
I know that Slashdot is bad, but this is appalling. "Why not make a system that is 100% secure?" +5 Insightful. WTF?
Those updates are for potential exploits in programs that the user may have installed (but, in the case of a typical desktop user, probably won't.)
You're joking, right? A lot of software for Linux is de facto standard and is effectively equivalent to the software installed by defaulted by windows. A good example is fetchmail, which is very commonly used for fetching pop3 email, which can and has has had exploits. It wouldn't even matter if you were using mutt or whatever other software, as the weak link (fetchmail) would allow them to compromise your account anyway.
And spare me the rhetoric. Many windows exploits are theoretical too and they don't know if they can be practically be exploited either. *nix software is no specical exception.
rather than from executables downloaded from random web sites, as Windows programs are?
1. E-mail, users can and will run programs from e-mail. 2. From random websites. If *nix were as popular as windows, there would inevitably be many websites offering software not available from a central repository.
If the reposistory is too strict, then software authors will be forced to offer it from their own websites and to some extent they already do this. If it's too leanient, then anyone can get a trojan added to the repository, it's not like they audit every single binary added to it. hell, they don't even audit 99% of those added.
And how many regular users will have MySQL installed on their systems, particularily in a configuration that allows it to be accessed remotely?
You do realize that this statement can be reversed and applied in the same exact way to MS SQL, right? Most users don't run MS SQL and most aren't stupid enought oh ave it on an open port, but for those that did, it caused a lot of problems. You're ridiculously naive to assume that there aren't tons of MySQL servers whose ports are open to the public.
Those programs are not remotely-accessable in their default configurations
You're focusing on a few bad examples and missing the point completely. There are plenty of widely used *nix internet apps that are most definitely remotely accessible.
Except that nearly every Linux distribution strongly encourages or even outright forces the creation of a regular user account during installation, and many programs will pop up warnings when run as root.
And we all know how effective warnings are for end users who have tendency to just mindlessly click 'ok.' You're completely ignoring the fact that we're talking about the segment of the population that doesn't follow even the most basic security practices.
The distro MUST allow the user to install their own software and this would just entail some boxes that the user would just click through without thinking about it. Not just that, but you don't even need root access to spread a worm/virus. You just need direct or indirect access to an internet connected program, such as e-mail. IT can spread entirely within a regular user's account.
Just an example, in Ubuntu the root account is disabled by default. Switching to root is not the easy way anymore...
It doesn't matter, people still need elevated privileges to install software and they can and will 'click through' any 'security dialogs' (including ones requiring passwords) without thinking about it.
No, LDAP is completely different. LDAP is just a lightweight hierarchal database. It's indepdent from the file system. It's used for things l ike storing address books, employee information, etc... ACLs/unix permissions are about the file system itself.
First off, Linux FSs have ACL available and they are the same as Windows (but as in chairman gate's word, "we want to be equal, just more equal", eh comrade?).
Yes, only with the advent of SELinux though. MS has had the functionality for a very long time.
Most Linux rarely use ACL
Yeah, unless you count hacks like sudo which are meant to emulate ACLs.
MS is adding the same style unix permission
MS isn't "adding" anything. ACLs, by their very nature, *automatically* support unix style permissions. ACLs support everything unix style permissions do and MORE. There's no need to add anything.
And yes, MS's longhorn willfinally gain the simplicity such as sudo.
What are you talking about? MS has supported that kind of functionality for MANY years now. It may not be well know, but there are free, third party apps that do exactly that.
Yes they are. Google licenses out their google search appliance to businesses, that's teh whole point. I even stated in my comment that was the case, but two people missed that. They physically hand over a little 1U server to a business to search their own stuff.
They have licensed out their servers for other businesses now, doesn't that mean they're required to disclose their changes to the Linux kernel and other relevent software? Or do they get around this somehow by licensing their servers under a lease of some kind, where it's still google's property to avoid GPL requirements?
I also know that some kinds of proprietary drivers can be made to work with Linux due to more lax licensing requirements, so perhaps their changes are all in driver forms. It could also be purely userland stuff, but I doubt it.
Other companies had to disclose their modifications too (e.g. Linksys, TiVo), so if Google could get around it, why couldn't they using the same methods?
Uh, did I ever say that violating a law wasn't illegal? I was not aware that the UCC addressed contracts, but if you read the cornell site you linked to you'll note that contracts are actually interpreted under a framework of judicial tradition (common law - which isn't "law" in the code of law sense at all), and state statutes (which are clearly law).
Uhm, common law is still law. Hate to tell you. There are also newer laws regarding trade secrets and contracts. I'm sorry if you don't think that contract law is actually law.
See Reductio ad absurdum (a perfectly valid form of argument).
That's not reductio ad absurdum. RAD means taking the person's argument to an extreme to disprove it by contradiction. However, I never asserted that it was legal to command someone to do something unethical with an NDA, so it doesn't apply.
I don't speculate that Cisco has created a crime at all. I never said that the researcher's actions were justfied. I only said that they could be under certain circumstances, and that things are not "cut and dried" or "black and white" (my words).
But unless you have reason to believe that's the case, it's totally irrelevent. This case clearly doesn't involve something criminal on Cisco's part, so your point is moot. Your point is that it's not as black and white as I'm making it out to be? THat's ridiculous, since I never said an NDA would be valid if involved something criminal.
You might want to read what I actually wrote. Your arguments would be good ones if you actually were attacking a position that I actually hold...
Yeah, this coming from someone who doesn't think the law is the law.
Given how big Cisco is, I can only assume that, by default, they make their employees sign NDAs. While ISS isn't as big, given the nature of their work (which requires that employees keep hush-hush about vulnerabilities until a certain time to make money), I'd be shocked if they didn't make them sign NDAs.
Uhm, have you ever heard of contract *law*? The only reason that contracts can be enforced is because law exists to enforce them. I would have thought that contract law being law would have been self-evident, but I guess that's not safe to assume on slashdot. See: http://straylight.law.cornell.edu/topics/contracts .html
There is also specific state laws concerning NDAs and trade secrets, see:
But hey, if want to believe that violating things that exist in the law books isn't illegal, go ahead.
In any case, I'd question the validity of an NDA which required somebody to keep secret a piece of information contrary to a large public good.
It's a good thing that you're not a judge nor lawyer then, because you can't violate an NDA just because you think it's not doing the public good. "Hey, I believe that keeping this technique for making super cheap LCD screens is against the public good, I'll just reveal it!"
For example, if I found out under an NDA that my employer was putting out a product that was killing people, and keeping it quiet, I'd be ethically bound to blow the whistle.
So Cisco is killing people? What's your point?
Certainly an NDA that forces you to break the law (such as by concealing knowledge of a crime) would be void.
What law is the NDA in question forcing the person to violate?
However, I would feel justified in doing so if I had clear evidence that an employer was committing a crime, or harming people and not doing something about it.
So do you actually have any reason to believe that Cisco/ISS are comitting a crime, or is that just 100% wild, rampant speculation?
And you're working on the flawed assumption that the fix will be instantly created, tested and deployed. THere's a certain time frame that leaves all those institutions wide open to exploitation after the method that you're proposing is employed.
I'm seriously getting sick of idiots like you on Slashdot. First you get your original premise obliterated (the assumption that two different people will discover an exploited VERY close together and that the single other black hat discovering it will use it on just as many institutions as would numerous black hats if it were publically released), now you your second premise (that fixes are instant) has been completely oblitered.
Please, dear god, just admit that you're wrong already, so people don't keep wasting mod points on you only because they don't know any better.
I am appalled that this got modded up and I agree with the sentiment of the others criticizing you. It's surprising to see so many people overlook one key fact: this guy obtained his research information from a corporation he signed an NDA with. By revealing that information without permission, he is violating that NDA, which is *illegal*. My guess is that the people criticizing this haven't had a real job (as in one with a big company) in their life.
Implementing kernel features in C++ requires ABI changes and extern"C" de-mangling and all kinds of hackish crap which would make the code and build processs messier, not cleaner.
"Extra work? We'd rather think in the short term!"
BSDs are known for their cleanliness.
No, they are most definitely not. Have you taken a look at the kernel code? It's already ugly as hell with all kinds of macros and ugly hacks. That's not to mention absolutely horrible single-letter variable naming conventions. So many basic style rules are violated it's not funny.
While a fully C++ kernel could conceivably be good and clean, it adds little real value since the interface between kernel and userland can not be object oriented
Making a kernel more easy to read and maintain adds little real value?! There's a lot more to the kernel than interfacing with userland, in case you didn't know.
while inheritance might be just great for writing cleaner drivers or something, there hasn't been a significant need.
Ok, this phrase here just set off alarm bells. The fact that you just described C++ exclusively in terms of inheritance means you don't even know C++.
First of all, C++ is not just an OO language and to dscribe it in terms of inheritance is extroadinarily ignorant. If you take a look at the features that K implements, for example, you'd note that they would be implemented with completely different features like templates and operator overloads.
Second of all, the kernel is already heavily OO and uses C based hacks for "inheritance" as you call it. Kludge, kludge, kludge.
And writing a brand new kernel from the ground up in this day and age would be way too much work - most projects these days are forks.
There comes a time when you need to start doing major rewrites. You can't just use the same old code forever. The idea of using old ass design and style methods for decades to come is appalling.
Is it just me or does this look like it's trying to implement a bunch of features on top of C for which standard C++ would be sufficient? They want an ingrained list type? Then, uh, use "list" in C++. I didn't look at it in detail, but from what I saw they could just use C++.
Unfortunately there seems to be some fun anti-C++ sentiment among many OSS developers, especially core developers who would probably say "ZOMG BLOAT WTFLOLOLZ." Of course, any remotely legitimate complaints could be addressed just by making your own kernel libs, which is already done with their C language counter-parts anyawy.
That's actually a very bad outlook, because it is exactly what has caused them to reject the aid of modern medicine in spite of their obvious genetic problems. The Amish have no education in the sciences and thus don't understand the concept of genetics at all and why their "extended inbreeding" is so bad. The Amish are now going to die off if they don't allow outsiders in (e.g. adoption).
Not just that, but guess what happens if kids with certain genetic illnesses are born that require special needs that need constant medical intervention? That's right, you get shunned for a parent trying to treat their kids with medical science.
Being cautious is one thing, being irrationally paranoid and causing mucho damage to your own kind is another. Being cautious also doesn't mean willful ignorance.
I really don't think people have any idea about the genetic problems with the Amish. They have a much, much higher incidence of genetic disease for certain diseases than the general population and even have certain diseases that are almost exclusive just to the Amish.
Actually, the Amish (at least some sects) do use gasoline to power motors for certain things. I know second hand that there are some that use gas engines to power milking machines for goats.
And where is Apple's innovation? What have they done that's not just an incremental improvement of an existing idea?
Spotlight, Automator, Rendevous, (and yes, even Widgets) IMO all work to make the user more productive.
Wow, amazing, all functionality which has been available on windows and other operating systems long since before then. Nothing about those is innovative at all.
Microsoft is simply hung up on locking people into their technology and making it too expensive/difficult to transition away. Proof? How 'bout.Net, just for starters..NET makes things LESS restrictive. It makes a huge OPTIONAL architecture available that works on multiple platforms.
Apple, OTOH, locks you into specific interface design and even language requirements. That's right, Apple tries to fuck over its developers by forcing them to use Objective C, talk about vendor lock-in.
When it comes to making transition hard, Apple is and always had been king.
And practically no one has heard of and no one cares about Wikinews. Please, by all means, show me a single media outlet that sees Wikinews as any kind of threat. That's *laughable*. I hope you also realize that Wikinews uses major news outlets as their primary sources, so to suggest that they pose competition to the very ones that they steal from is absurd.
This also disregards the fact that 99% of Wikimedia traffic goes to Wikipedia, which the news meda would have no vested interest in.
Now to address your insane conspiracy claim: They may start by purchasing hosting companies that host Wikimedia servers. Then using their financial clout, they may persuade the backbones and ISPs to limit access to Wikimedia sites.
When has this EVER happened? Why hasn't microsoft done this with linux publications if its possible?
Assuming they did purchase CogentCo, what are they going to do exactly? It would be impossible to keep a purchase like that secret and since Wikipedia hasn't violated the ToS of CogentCo, they couldn't kick them off.
And since when do you think having money means that they can influence the backbones to start filtering Wikimeda? Examples of where this has happened, please. Are you suggesting they would bribe those in control of the backbones? Give me a break. This would take a rather large scale conspiracy to silence a rather benign site that isn't actually seen as a threat.
Plus, much, much bigger companies have had bigger enemies and they haven't done jack shit along the lines that you've suggested.
Take your tinfoil hat elsewhere, I can't even believe that post got moderated up.
5. UNICEF spends more than $800 million a year, primarily on immunization, health care, nutrition and basic education in 138 countries.
And where do you think the money fo unicef comes from? Hefty donations from countries like the U.S. UNICEF is essentially its own, independent, charitable organization. It could split off from the UN now and it wouldn't make a difference.
9. Over 300 international treaties, on topics as varied as human rights conventions to agreements on the use of outer space and seabed.
And we're supposed to take their word that these are valuable?
11. The UN was a major factor in bringing about the downfall of the apartheid system.
Again, are we supposed to take their word for it?
12. More than 30 million refugees fleeing war, famine or persecution have received aid from the UN High Commissioner for Refugees.
And how much of the money for that came from the U.S.?
41. Improving global communications Regulated international mail delivery, coordinated use of the radio spectrum, promoted cooperation in assigning positions for stationary satellites, and established international standards for communications, thereby ensuring the unfettered flow of information around the globe.
wow, that's a pretty bold claim and I don't believe it for an instant. Satellite use and radio spectrum use are regulated by other agencies. International communications standards are developed by special organizations (e.g. ISO) whos sole purpose is international standards, the UN doesn't have anything to do with it.
I'm guessing they're sticking to vague claims because they don't have any particularly impressive specific claims.
45. Improving education in developing countries 60% of adults in developing countries can now read and write, and 80 percent of children in these countries attend school.
They act like it was all their own doing. Again, this is something that comes about through hefty donations from many individuals and countries, which is organized by a variety of institutions, not just the UN.
The problem is that you're assuming that people will be willing to spend all this time learning to do morse code at a decent speed. Sure, comparing the best of each will result in morse code being faster, but we're dealing with your average person, not the fastest.
Plus if you really want to design a more effecient communication method, since the issue here is just the input method, not the receiving method. The advantage morse has isn't just the input method, but the method of receiving--it's easy to distinguish just two tones. However, the receiving method is not of concern here, since it's already very effective (it's just reading text on a screen).
Thus, it makes sense to design a sort of "next generation" morse for cell phones. It would include multiple keys for which a cell phone user could keep their hand on at all time. For example, the side of the cell phone could have four keys for four fingers and perhaps a fifth on the other side for the thumb. 5 keys can represent 32 combinations, which gives you the entire alphabet and 6 keys. So perhaps another key would be added for the other hand, making enough key combinations for every single punctuation mark, number and letter.
Wow, you just made a whole bunch of highly speculative claims. First of all, Microsoft never claimed.NET had anything to do with search engines, so that's a ridiculous thing to say..NET is just a general purpose programming framework and is not restricted to anything specific.
Second of all, SQL server is still in very active development. You even quote Ballmer saying something about integrating a new feature into it, so it makes no sense to say that the development has been ground to a halt.
SQL server is still considered a fairly good DB server, even among anti-MS zealots. It's not as good as Oracle, but then again no DB servers are. Following that logic, we'd have to throw all other DB servers out the window, including OSS ones. Of course, when one realizes that SQL server is a lot cheaper than Oracle's, you realize that that argument fades.
Also, Microsoft is far,far too big to suddenly become irrelevent. What you're saying doesn't make sense since your own example shows that it's still possible for them to catch up. Microsft was years behind Netscape, but then later managed to completely clobber them. Microsoft has such a large amount of money and resources that it is *insane* to suggest thatt hey can't keep up. It's all an issue of how the higher-ups decide to spend the money.
Plus this "catching up" stuff is nonsense, it implies that everything has to be reinvented from scratch. That'd be like suggesting that if you aren't already great at super string theory, you have to start over and reinvent classical physics, relativity and quantum physics from scratch.
Of course, we do have this thing called knowledge now which we build on top of. People already know how to do these things now, it's just a matter of having people do the necessary self-education and then building on top of that.
Really, Google's search algorithms are grossly overrated in terms of how secret and complex they are. People seem to forget that Google's algorithm was publically published as part of a PhD thesis, so all the basic concepts are out there. There are also sites outlining a very good guess at what the *exact* current PageRank algorithm used by Google is, minus some tweaking which can be done by anyone through trial and error.
That algorithm can be described in terms of a one line equation giving the rank for a given page. This is not to say that it's bad, it's to say that the information about it is publically known and now can be easily duplicated.
And similar algorithms HAVE been duplicated, they just haven't received press since google is now this giant behemoth and people only really care about the first to do it. AllTheWeb.com, for example, has a comparable algorithm, their indices just aren't as large. There are also third generation search engines out there which aren't quite as popular since they focus more on categorical searching and less on ranking algorithms (see teoma/askjeeves and clusty).
Slashdot Mirror
AV systems already do that. They have software that monitors for suspicious behavior and pops up a message box if it does. Like if it tries modifying an executable, it will warn out. Firewall software (sometimes bundled with AV software) will also question you if you want to allow certain outgoing/incoming connections.
This is nothing new. And your proposal is worse than the existing ones, because it will test them for a fixed period of time. The virus/worm can just wait until that period of time is over until it does something naughty. Existing sandboxes, however, work non-stop, they don't just shut off after they've made an aribtrary determination that it's not a virus.
That's a horrible idea. There are tens of thousands of software packages and basically you're suggesting that some mystery company personally audit every single relese of each piece of software. Who exactly is going to pay the hundreds of millions of dollars to do that auditing? What's the criteria used for auditing in the first place?
Everyone who released new software/utilities is going to have wait weeks or months to get their software approved, because the auditors are inevitably going to be backlogged.
Oh and getting uploaded to a reputable FTP site doesn't mean much of anything. Even ignoring that it will include tons of software that those sites don't want to include, those sites don't actually do any auditing other than virus scanning the files themselves.
I can't believe this was modded up as +5 Insightful. This anonymous coward literally just suggested a system that was either 99% or 100% secure. That's a complete joke, no such thing exists, especially when it's the stupid end user that's the weakest link.
I know that Slashdot is bad, but this is appalling. "Why not make a system that is 100% secure?" +5 Insightful. WTF?
Those updates are for potential exploits in programs that the user may have installed (but, in the case of a typical desktop user, probably won't.)
You're joking, right? A lot of software for Linux is de facto standard and is effectively equivalent to the software installed by defaulted by windows. A good example is fetchmail, which is very commonly used for fetching pop3 email, which can and has has had exploits. It wouldn't even matter if you were using mutt or whatever other software, as the weak link (fetchmail) would allow them to compromise your account anyway.
And spare me the rhetoric. Many windows exploits are theoretical too and they don't know if they can be practically be exploited either. *nix software is no specical exception.
rather than from executables downloaded from random web sites, as Windows programs are?
1. E-mail, users can and will run programs from e-mail.
2. From random websites. If *nix were as popular as windows, there would inevitably be many websites offering software not available from a central repository.
If the reposistory is too strict, then software authors will be forced to offer it from their own websites and to some extent they already do this. If it's too leanient, then anyone can get a trojan added to the repository, it's not like they audit every single binary added to it. hell, they don't even audit 99% of those added.
And how many regular users will have MySQL installed on their systems, particularily in a configuration that allows it to be accessed remotely?
You do realize that this statement can be reversed and applied in the same exact way to MS SQL, right? Most users don't run MS SQL and most aren't stupid enought oh ave it on an open port, but for those that did, it caused a lot of problems. You're ridiculously naive to assume that there aren't tons of MySQL servers whose ports are open to the public.
Those programs are not remotely-accessable in their default configurations
You're focusing on a few bad examples and missing the point completely. There are plenty of widely used *nix internet apps that are most definitely remotely accessible.
Except that nearly every Linux distribution strongly encourages or even outright forces the creation of a regular user account during installation, and many programs will pop up warnings when run as root.
And we all know how effective warnings are for end users who have tendency to just mindlessly click 'ok.' You're completely ignoring the fact that we're talking about the segment of the population that doesn't follow even the most basic security practices.
The distro MUST allow the user to install their own software and this would just entail some boxes that the user would just click through without thinking about it. Not just that, but you don't even need root access to spread a worm/virus. You just need direct or indirect access to an internet connected program, such as e-mail. IT can spread entirely within a regular user's account.
Just an example, in Ubuntu the root account is disabled by default. Switching to root is not the easy way anymore...
It doesn't matter, people still need elevated privileges to install software and they can and will 'click through' any 'security dialogs' (including ones requiring passwords) without thinking about it.
No, LDAP is completely different. LDAP is just a lightweight hierarchal database. It's indepdent from the file system. It's used for things l ike storing address books, employee information, etc... ACLs/unix permissions are about the file system itself.
First off, Linux FSs have ACL available and they are the same as Windows (but as in chairman gate's word, "we want to be equal, just more equal", eh comrade?).
Yes, only with the advent of SELinux though. MS has had the functionality for a very long time.
Most Linux rarely use ACL
Yeah, unless you count hacks like sudo which are meant to emulate ACLs.
MS is adding the same style unix permission
MS isn't "adding" anything. ACLs, by their very nature, *automatically* support unix style permissions. ACLs support everything unix style permissions do and MORE. There's no need to add anything.
And yes, MS's longhorn willfinally gain the simplicity such as sudo.
What are you talking about? MS has supported that kind of functionality for MANY years now. It may not be well know, but there are free, third party apps that do exactly that.
Yes they are. Google licenses out their google search appliance to businesses, that's teh whole point. I even stated in my comment that was the case, but two people missed that. They physically hand over a little 1U server to a business to search their own stuff.
They have licensed out their servers for other businesses now, doesn't that mean they're required to disclose their changes to the Linux kernel and other relevent software? Or do they get around this somehow by licensing their servers under a lease of some kind, where it's still google's property to avoid GPL requirements?
I also know that some kinds of proprietary drivers can be made to work with Linux due to more lax licensing requirements, so perhaps their changes are all in driver forms. It could also be purely userland stuff, but I doubt it.
Other companies had to disclose their modifications too (e.g. Linksys, TiVo), so if Google could get around it, why couldn't they using the same methods?
Uh, did I ever say that violating a law wasn't illegal? I was not aware that the UCC addressed contracts, but if you read the cornell site you linked to you'll note that contracts are actually interpreted under a framework of judicial tradition (common law - which isn't "law" in the code of law sense at all), and state statutes (which are clearly law).
Uhm, common law is still law. Hate to tell you. There are also newer laws regarding trade secrets and contracts. I'm sorry if you don't think that contract law is actually law.
See Reductio ad absurdum (a perfectly valid form of argument).
That's not reductio ad absurdum. RAD means taking the person's argument to an extreme to disprove it by contradiction. However, I never asserted that it was legal to command someone to do something unethical with an NDA, so it doesn't apply.
I don't speculate that Cisco has created a crime at all. I never said that the researcher's actions were justfied. I only said that they could be under certain circumstances, and that things are not "cut and dried" or "black and white" (my words).
But unless you have reason to believe that's the case, it's totally irrelevent. This case clearly doesn't involve something criminal on Cisco's part, so your point is moot. Your point is that it's not as black and white as I'm making it out to be? THat's ridiculous, since I never said an NDA would be valid if involved something criminal.
You might want to read what I actually wrote. Your arguments would be good ones if you actually were attacking a position that I actually hold...
Yeah, this coming from someone who doesn't think the law is the law.
Given how big Cisco is, I can only assume that, by default, they make their employees sign NDAs. While ISS isn't as big, given the nature of their work (which requires that employees keep hush-hush about vulnerabilities until a certain time to make money), I'd be shocked if they didn't make them sign NDAs.
Uhm, have you ever heard of contract *law*? The only reason that contracts can be enforced is because law exists to enforce them. I would have thought that contract law being law would have been self-evident, but I guess that's not safe to assume on slashdot. See: http://straylight.law.cornell.edu/topics/contracts .html
a n02.html- B334-4E83-9A94FA20A3FAFD38/catID/1FBE2D95-203C-4D3 8-90A2A9A60C6FD618/310/119/ART/
There is also specific state laws concerning NDAs and trade secrets, see:
http://www.michbar.org/e-journal/bar_journal/bppj
http://www.nolo.com/article.cfm/ObjectID/2ECF62E6
But hey, if want to believe that violating things that exist in the law books isn't illegal, go ahead.
In any case, I'd question the validity of an NDA which required somebody to keep secret a piece of information contrary to a large public good.
It's a good thing that you're not a judge nor lawyer then, because you can't violate an NDA just because you think it's not doing the public good. "Hey, I believe that keeping this technique for making super cheap LCD screens is against the public good, I'll just reveal it!"
For example, if I found out under an NDA that my employer was putting out a product that was killing people, and keeping it quiet, I'd be ethically bound to blow the whistle.
So Cisco is killing people? What's your point?
Certainly an NDA that forces you to break the law (such as by concealing knowledge of a crime) would be void.
What law is the NDA in question forcing the person to violate?
However, I would feel justified in doing so if I had clear evidence that an employer was committing a crime, or harming people and not doing something about it.
So do you actually have any reason to believe that Cisco/ISS are comitting a crime, or is that just 100% wild, rampant speculation?
And you're working on the flawed assumption that the fix will be instantly created, tested and deployed. THere's a certain time frame that leaves all those institutions wide open to exploitation after the method that you're proposing is employed.
I'm seriously getting sick of idiots like you on Slashdot. First you get your original premise obliterated (the assumption that two different people will discover an exploited VERY close together and that the single other black hat discovering it will use it on just as many institutions as would numerous black hats if it were publically released), now you your second premise (that fixes are instant) has been completely oblitered.
Please, dear god, just admit that you're wrong already, so people don't keep wasting mod points on you only because they don't know any better.
I am appalled that this got modded up and I agree with the sentiment of the others criticizing you. It's surprising to see so many people overlook one key fact: this guy obtained his research information from a corporation he signed an NDA with. By revealing that information without permission, he is violating that NDA, which is *illegal*. My guess is that the people criticizing this haven't had a real job (as in one with a big company) in their life.
Implementing kernel features in C++ requires ABI changes and extern"C" de-mangling and all kinds of hackish crap which would make the code and build processs messier, not cleaner.
"Extra work? We'd rather think in the short term!"
BSDs are known for their cleanliness.
No, they are most definitely not. Have you taken a look at the kernel code? It's already ugly as hell with all kinds of macros and ugly hacks. That's not to mention absolutely horrible single-letter variable naming conventions. So many basic style rules are violated it's not funny.
While a fully C++ kernel could conceivably be good and clean, it adds little real value since the interface between kernel and userland can not be object oriented
Making a kernel more easy to read and maintain adds little real value?! There's a lot more to the kernel than interfacing with userland, in case you didn't know.
while inheritance might be just great for writing cleaner drivers or something, there hasn't been a significant need.
Ok, this phrase here just set off alarm bells. The fact that you just described C++ exclusively in terms of inheritance means you don't even know C++.
First of all, C++ is not just an OO language and to dscribe it in terms of inheritance is extroadinarily ignorant. If you take a look at the features that K implements, for example, you'd note that they would be implemented with completely different features like templates and operator overloads.
Second of all, the kernel is already heavily OO and uses C based hacks for "inheritance" as you call it. Kludge, kludge, kludge.
And writing a brand new kernel from the ground up in this day and age would be way too much work - most projects these days are forks.
There comes a time when you need to start doing major rewrites. You can't just use the same old code forever. The idea of using old ass design and style methods for decades to come is appalling.
Is it just me or does this look like it's trying to implement a bunch of features on top of C for which standard C++ would be sufficient? They want an ingrained list type? Then, uh, use "list" in C++. I didn't look at it in detail, but from what I saw they could just use C++.
Unfortunately there seems to be some fun anti-C++ sentiment among many OSS developers, especially core developers who would probably say "ZOMG BLOAT WTFLOLOLZ." Of course, any remotely legitimate complaints could be addressed just by making your own kernel libs, which is already done with their C language counter-parts anyawy.
That's actually a very bad outlook, because it is exactly what has caused them to reject the aid of modern medicine in spite of their obvious genetic problems. The Amish have no education in the sciences and thus don't understand the concept of genetics at all and why their "extended inbreeding" is so bad. The Amish are now going to die off if they don't allow outsiders in (e.g. adoption).
Not just that, but guess what happens if kids with certain genetic illnesses are born that require special needs that need constant medical intervention? That's right, you get shunned for a parent trying to treat their kids with medical science.
Being cautious is one thing, being irrationally paranoid and causing mucho damage to your own kind is another. Being cautious also doesn't mean willful ignorance.
I really don't think people have any idea about the genetic problems with the Amish. They have a much, much higher incidence of genetic disease for certain diseases than the general population and even have certain diseases that are almost exclusive just to the Amish.
Actually, the Amish (at least some sects) do use gasoline to power motors for certain things. I know second hand that there are some that use gas engines to power milking machines for goats.
You seem to be under the mistaken impression that because people sign a piece of paper, that it must have value.
And where is Apple's innovation? What have they done that's not just an incremental improvement of an existing idea?
.Net, just for starters. .NET makes things LESS restrictive. It makes a huge OPTIONAL architecture available that works on multiple platforms.
Spotlight, Automator, Rendevous, (and yes, even Widgets) IMO all work to make the user more productive.
Wow, amazing, all functionality which has been available on windows and other operating systems long since before then. Nothing about those is innovative at all.
Microsoft is simply hung up on locking people into their technology and making it too expensive/difficult to transition away. Proof? How 'bout
Apple, OTOH, locks you into specific interface design and even language requirements. That's right, Apple tries to fuck over its developers by forcing them to use Objective C, talk about vendor lock-in.
When it comes to making transition hard, Apple is and always had been king.
And practically no one has heard of and no one cares about Wikinews. Please, by all means, show me a single media outlet that sees Wikinews as any kind of threat. That's *laughable*. I hope you also realize that Wikinews uses major news outlets as their primary sources, so to suggest that they pose competition to the very ones that they steal from is absurd.
This also disregards the fact that 99% of Wikimedia traffic goes to Wikipedia, which the news meda would have no vested interest in.
Now to address your insane conspiracy claim: They may start by purchasing hosting companies that host Wikimedia servers. Then using their financial clout, they may persuade the backbones and ISPs to limit access to Wikimedia sites.
When has this EVER happened? Why hasn't microsoft done this with linux publications if its possible?
Assuming they did purchase CogentCo, what are they going to do exactly? It would be impossible to keep a purchase like that secret and since Wikipedia hasn't violated the ToS of CogentCo, they couldn't kick them off.
And since when do you think having money means that they can influence the backbones to start filtering Wikimeda? Examples of where this has happened, please. Are you suggesting they would bribe those in control of the backbones? Give me a break. This would take a rather large scale conspiracy to silence a rather benign site that isn't actually seen as a threat.
Plus, much, much bigger companies have had bigger enemies and they haven't done jack shit along the lines that you've suggested.
Take your tinfoil hat elsewhere, I can't even believe that post got moderated up.
2k/XP have had user editable meta-deta for quite a while now, longer than Apple's OSes have. The issue is that no one uses the meta-deta.
5. UNICEF spends more than $800 million a year, primarily on immunization, health care, nutrition and basic education in 138 countries.
And where do you think the money fo unicef comes from? Hefty donations from countries like the U.S. UNICEF is essentially its own, independent, charitable organization. It could split off from the UN now and it wouldn't make a difference.
9. Over 300 international treaties, on topics as varied as human rights conventions to agreements on the use of outer space and seabed.
And we're supposed to take their word that these are valuable?
11. The UN was a major factor in bringing about the downfall of the apartheid system.
Again, are we supposed to take their word for it?
12. More than 30 million refugees fleeing war, famine or persecution have received aid from the UN High Commissioner for Refugees.
And how much of the money for that came from the U.S.?
41. Improving global communications Regulated international mail delivery, coordinated use of the radio spectrum, promoted cooperation in assigning positions for stationary satellites, and established international standards for communications, thereby ensuring the unfettered flow of information around the globe.
wow, that's a pretty bold claim and I don't believe it for an instant. Satellite use and radio spectrum use are regulated by other agencies. International communications standards are developed by special organizations (e.g. ISO) whos sole purpose is international standards, the UN doesn't have anything to do with it.
I'm guessing they're sticking to vague claims because they don't have any particularly impressive specific claims.
45. Improving education in developing countries 60% of adults in developing countries can now read and write, and 80 percent of children in these countries attend school.
They act like it was all their own doing. Again, this is something that comes about through hefty donations from many individuals and countries, which is organized by a variety of institutions, not just the UN.
The problem is that you're assuming that people will be willing to spend all this time learning to do morse code at a decent speed. Sure, comparing the best of each will result in morse code being faster, but we're dealing with your average person, not the fastest.
Plus if you really want to design a more effecient communication method, since the issue here is just the input method, not the receiving method. The advantage morse has isn't just the input method, but the method of receiving--it's easy to distinguish just two tones. However, the receiving method is not of concern here, since it's already very effective (it's just reading text on a screen).
Thus, it makes sense to design a sort of "next generation" morse for cell phones. It would include multiple keys for which a cell phone user could keep their hand on at all time. For example, the side of the cell phone could have four keys for four fingers and perhaps a fifth on the other side for the thumb. 5 keys can represent 32 combinations, which gives you the entire alphabet and 6 keys. So perhaps another key would be added for the other hand, making enough key combinations for every single punctuation mark, number and letter.
Wow, you just made a whole bunch of highly speculative claims. First of all, Microsoft never claimed .NET had anything to do with search engines, so that's a ridiculous thing to say. .NET is just a general purpose programming framework and is not restricted to anything specific.
Second of all, SQL server is still in very active development. You even quote Ballmer saying something about integrating a new feature into it, so it makes no sense to say that the development has been ground to a halt.
SQL server is still considered a fairly good DB server, even among anti-MS zealots. It's not as good as Oracle, but then again no DB servers are. Following that logic, we'd have to throw all other DB servers out the window, including OSS ones. Of course, when one realizes that SQL server is a lot cheaper than Oracle's, you realize that that argument fades.
Also, Microsoft is far,far too big to suddenly become irrelevent. What you're saying doesn't make sense since your own example shows that it's still possible for them to catch up. Microsft was years behind Netscape, but then later managed to completely clobber them. Microsoft has such a large amount of money and resources that it is *insane* to suggest thatt hey can't keep up. It's all an issue of how the higher-ups decide to spend the money.
Plus this "catching up" stuff is nonsense, it implies that everything has to be reinvented from scratch. That'd be like suggesting that if you aren't already great at super string theory, you have to start over and reinvent classical physics, relativity and quantum physics from scratch.
Of course, we do have this thing called knowledge now which we build on top of. People already know how to do these things now, it's just a matter of having people do the necessary self-education and then building on top of that.
Really, Google's search algorithms are grossly overrated in terms of how secret and complex they are. People seem to forget that Google's algorithm was publically published as part of a PhD thesis, so all the basic concepts are out there. There are also sites outlining a very good guess at what the *exact* current PageRank algorithm used by Google is, minus some tweaking which can be done by anyone through trial and error.
That algorithm can be described in terms of a one line equation giving the rank for a given page. This is not to say that it's bad, it's to say that the information about it is publically known and now can be easily duplicated.
And similar algorithms HAVE been duplicated, they just haven't received press since google is now this giant behemoth and people only really care about the first to do it. AllTheWeb.com, for example, has a comparable algorithm, their indices just aren't as large. There are also third generation search engines out there which aren't quite as popular since they focus more on categorical searching and less on ranking algorithms (see teoma/askjeeves and clusty).