I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question.
These people have just seen something absolutely incredible, and they're trying to determine the scope of its powers. Computers aren't reality, and so anyone accustomed to reality can't readily assimilate it.
Or, to look at it from a different angle, people asking if it does "garbage in gospel out" are seeking further knowledge about this amazing thing they've just seen. The manual doesn't cover astonishment, so they have to ask.
Until the day that I can do './configure --enable-multibyte --enable-perl-interp' on a binary RPM, I will hate it with a passion. Figuring out how to do it on a source RPM is pointless, since nobody distributes those anyway because the "provide the source" clause is fulfilled by the tarball...
Another question is of course, if you're CS majors, how come you're using C++ for your first project?
Technically, it's the first project of the course, which is in the 200-level. However, the 100-levels are taught in Java, so this is the first C++ project for everyone who didn't transfer. (I only ended up this low on the pile because I had never even heard of OOP before college.)
If it were up to me to define the course description, I'd use Python. Delimiting blocks by indentation forces people to make more readable code, which is easier to grade:)
Security sucks IRL. Handing people insecure code that they assume is correct is not the way to fix it. If it is not the responsibility of the person writing the code to make it secure (at least against coding errors like string formatting and buffer overflows), whose is it?
I'm a CS major, and we just got some sample code from the professor to help us on our first project. The very first thing it does in main is have a buffer overflow.
This is C++! We have the string datatype for this! There's absolutely no excuse for this--especially in code that will be referenced as "good" code by everyone else in the class.
So anyway, the point of this rant is that security will remain horrible until we start teaching people to write securely in the first place.
Make sure your program knows what's going on. Case in point, I have a mouse which works without a hitch under Linux (X and gpm), but which does random stuff (clicks and pointer warping) under Windows sometimes when I move it. The most recent episode created a toolbar on the left side of the screen containing the contents of C:. How it did this is a complete mystery, since no toolbars may be added because of poledit settings...
MRUD (most recently used directory) lists are more useful on systems designed to be single-user but are being used as multi-user. When I stick something in C:\LXT\GFX, I can quickly reach that directory next time even if someone else has saved in C:\WINDOWS\DESKTOP\Important\Docs in the meantime.
Something had happened. I inadvertantly hit enter (since I was already typing) and as a result, still don't know what the message said... Well, that and I lost what I was typing. The irritation factor was a 9.6.
What do you call a 10.0 then? Having Javascript steal focus from a password box so you unwittingly end up as user "loonxtallssword" with pass "pa"?
AIM's annoying like that, too. And UNIXen aren't necessarily better--Slowlaris likes to put things on your current workspace when they raise themselves. Stay where I put you! I guess my main gripe in UI design is that they aren't designed to respect the user's wishes.
I might need to take my car in to have it fixed occasionally, but I have yet to call an electrician or plumber. My parents called a plumber only once, because it was a nigh impossible job in DIY mode.
"With rsh as their shell, they can't even execute a command if they know the full path to it."
My community college set rksh to run with a path of/rbin, which gave access to random things like hostname, passwd, write, ls, and pine, but they didn't alter.login, so the final path ended up being/rbin:/home/$USER/bin, with the latter being user-writable. They used Win95 PCs to mimic the real world, so I used vim and the Explorer to write a shell script and set proper permissions on it; thanks to the magic #!, it ran the script unrestricted.
That exploit is still open. Too bad their policy wouldn't let people report holes without getting in trouble.
How about all the ones at the themes.org error page when you try and look for more? How about the two that come with it?
I want Mozilla to use the standard GTK/GNOME widgets as much as possible, because I prefer not to wait.2 seconds all the time while it prints a standard GNOME window background and then paints over it with a standard Windows dialog background. (The Modern theme is even uglier.) And yes, I am too lazy to do it myself.
"Functions such as memcpy, strcmp, and strlen can be significantly sped up with a 64 bit boost."
Wouldn't memcpy (or memmove, if you want to handle overlaps on my system) be bound by memory bandwidth? If your DIMMs are capable of shuffling N bits around per cycle, a 64Kbit processor won't help. Memory is already far slower than a CPU, which is why we have caching. If you push a significant amount of data around, your cache won't help.
Kind of as an extension to this thought, you can write email in Word and then copy/paste it to the email program or send it as an attachment. Plus you have Alt+Tab to skip back to the class notes instantly.
Furthermore, if one takes notes in gvim, mapping a key (F8 looks good) to ":w\r:b 1\r" would be really handy. Even if they catch you and remote-kill gvim, you still have.email.swp to go back to.
"Server-centric, but why not block access to the e-mail server for the student accounts during class hours?"
Here's an abbreviated list of mail servers that probably won't cooperate with such a policy: mail.yahoo.com, mail.some-isp.net, sapphire.student.school.edu (if someone sets up a mail server on her laptop. in this case, you could could refuse to route SYNs to *.student.)
Now imagine setting up cron scripts to reconfigure your iptables at the beginning/end of "school hours" in such a manner that they will contain no race conditions... not impossible, but not fun, especially if the network changes.
"I guess the tradeoff is that file data in memory is likely to be plaintext, though."
Obviously. If the ciphertext didn't need to be decrypted at some point, it wouldn't be ciphertext.... I think decrypted data in RAM is acceptable, because I don't want to pay the cost of a CPU with a 4Kb block decrypt register and dedicated Rijndael hardware.
"His framerates are always over 60 (as in, smooth), whereas mine drop down to about 45 sometimes. [snip] YOU NEED a fast cpu to come even close to smoothness."
News flash: PAL framerate is 25 fps. Even the blazingly fast NTSC framerate is only 30 fps. You're claiming 45 isn't smooth, yet I've never heard anyone complain about the smoothness of television....
Re:Fast CPUs might be bad.
on
CPU Wars
·
· Score: 1
No way! Faster CPUs give you a higher BogoMIPS rating! And besides... the working set of some programs is small enough to fit in cache (both L1 and TLB), and gain a proportional performance advantage from increased CPU speed (after being optimized for the core.)
"Every distribution can provide a supported and working fix for this within seconds: _turn off ftp and wait for a patch_."
So much for the fast response time of Open Source. "Look, we fixed Teardrop at insane speeds!! But if you want anything else fixed, you have to wait for your vendor, just like Microsoft."
As it was explained in countless things I read before getting Linux, even-numbered minors (e.g. 1.0 or 2.4) are the stable releases of the kernel. These should work. They don't. 2.4.4 broke xscreensaver. 2.4.[378] wouldn't compile. 2.4.12 had a bug in the IEEE 1284 parallel port code that prevented compilation. 2.4.{11,15} had more severe bugs. So out of 16 releases, 12.5% are so buggy they hit Slashdot. 40% of the ones I've tried wouldn't compile without error. Only half of them seem to work without problems. That is a pitiful rate for stable kernels.
"if you're rolling your own, you're in the development stages."
So I have to wait for my vendor to release an upgrade before I can take advantage of the security fixes, huh? (Like the deep-symlink DoS.) I left Windows because of Microsoft's stupidity in handling security, and now I'm stuck with the same thing?
How can a firewall stop an HTTP request? It would still get through, even if there was a proxy, since it's indistinguishable from a request for any other page. If you know how to (and do) make your proxy filter requests for sekrit files, then you are probably also smart enough to know that those files shouldn't be in publicly accessible directories.
Slashdot Mirror
Or, to look at it from a different angle, people asking if it does "garbage in gospel out" are seeking further knowledge about this amazing thing they've just seen. The manual doesn't cover astonishment, so they have to ask.
Does that "everyone" cover the entire world, or only those using GPL code that incorporates the patented stuff?
Amen!!
Until the day that I can do './configure --enable-multibyte --enable-perl-interp' on a binary RPM, I will hate it with a passion. Figuring out how to do it on a source RPM is pointless, since nobody distributes those anyway because the "provide the source" clause is fulfilled by the tarball...
Four minutes later, you could have a spreadsheet embedded in the nearest zombie. How convenient!
Software expands to fill the hardware market. Microsoft is good at that game...
Does this even work with a hand holding the plastic case?
Technically, it's the first project of the course, which is in the 200-level. However, the 100-levels are taught in Java, so this is the first C++ project for everyone who didn't transfer. (I only ended up this low on the pile because I had never even heard of OOP before college.)
If it were up to me to define the course description, I'd use Python. Delimiting blocks by indentation forces people to make more readable code, which is easier to grade
I'd like to see you say that to Bruce Schneier.
Security sucks IRL. Handing people insecure code that they assume is correct is not the way to fix it. If it is not the responsibility of the person writing the code to make it secure (at least against coding errors like string formatting and buffer overflows), whose is it?
I'm a CS major, and we just got some sample code from the professor to help us on our first project. The very first thing it does in main is have a buffer overflow.
// BAM!!
#define SZ 100;
char buf[SZ];
cout << "Enter courses filename: ";
cin >> buf;
This is C++! We have the string datatype for this! There's absolutely no excuse for this--especially in code that will be referenced as "good" code by everyone else in the class.
So anyway, the point of this rant is that security will remain horrible until we start teaching people to write securely in the first place.
Make sure your program knows what's going on. Case in point, I have a mouse which works without a hitch under Linux (X and gpm), but which does random stuff (clicks and pointer warping) under Windows sometimes when I move it. The most recent episode created a toolbar on the left side of the screen containing the contents of C:. How it did this is a complete mystery, since no toolbars may be added because of poledit settings...
MRUD (most recently used directory) lists are more useful on systems designed to be single-user but are being used as multi-user. When I stick something in C:\LXT\GFX, I can quickly reach that directory next time even if someone else has saved in C:\WINDOWS\DESKTOP\Important\Docs in the meantime.
If you put in features, document them! The only thing that shouldn't be documented are the easter eggs.
What do you call a 10.0 then? Having Javascript steal focus from a password box so you unwittingly end up as user "loonxtallssword" with pass "pa"?
AIM's annoying like that, too. And UNIXen aren't necessarily better--Slowlaris likes to put things on your current workspace when they raise themselves. Stay where I put you! I guess my main gripe in UI design is that they aren't designed to respect the user's wishes.
About $500 million is the official figure.
I might need to take my car in to have it fixed occasionally, but I have yet to call an electrician or plumber. My parents called a plumber only once, because it was a nigh impossible job in DIY mode.
"With rsh as their shell, they can't even execute a command if they know the full path to it."
My community college set rksh to run with a path of /rbin, which gave access to random things like hostname, passwd, write, ls, and pine, but they didn't alter .login, so the final path ended up being /rbin:/home/$USER/bin, with the latter being user-writable. They used Win95 PCs to mimic the real world, so I used vim and the Explorer to write a shell script and set proper permissions on it; thanks to the magic #!, it ran the script unrestricted.
That exploit is still open. Too bad their policy wouldn't let people report holes without getting in trouble.
"Now.. which chrome is ugly?"
How about all the ones at the themes.org error page when you try and look for more? How about the two that come with it?
I want Mozilla to use the standard GTK/GNOME widgets as much as possible, because I prefer not to wait .2 seconds all the time while it prints a standard GNOME window background and then paints over it with a standard Windows dialog background. (The Modern theme is even uglier.) And yes, I am too lazy to do it myself.
"Functions such as memcpy, strcmp, and strlen can be significantly sped up with a 64 bit boost."
Wouldn't memcpy (or memmove, if you want to handle overlaps on my system) be bound by memory bandwidth? If your DIMMs are capable of shuffling N bits around per cycle, a 64Kbit processor won't help. Memory is already far slower than a CPU, which is why we have caching. If you push a significant amount of data around, your cache won't help.
Kind of as an extension to this thought, you can write email in Word and then copy/paste it to the email program or send it as an attachment. Plus you have Alt+Tab to skip back to the class notes instantly.
Furthermore, if one takes notes in gvim, mapping a key (F8 looks good) to ":w\r:b 1\r" would be really handy. Even if they catch you and remote-kill gvim, you still have .email.swp to go back to.
"Server-centric, but why not block access to the e-mail server for the student accounts during class hours?"
Here's an abbreviated list of mail servers that probably won't cooperate with such a policy: mail.yahoo.com, mail.some-isp.net, sapphire.student.school.edu (if someone sets up a mail server on her laptop. in this case, you could could refuse to route SYNs to *.student.)
Now imagine setting up cron scripts to reconfigure your iptables at the beginning/end of "school hours" in such a manner that they will contain no race conditions... not impossible, but not fun, especially if the network changes.
"I guess the tradeoff is that file data in memory is likely to be plaintext, though."
Obviously. If the ciphertext didn't need to be decrypted at some point, it wouldn't be ciphertext.... I think decrypted data in RAM is acceptable, because I don't want to pay the cost of a CPU with a 4Kb block decrypt register and dedicated Rijndael hardware.
"His framerates are always over 60 (as in, smooth), whereas mine drop down to about 45 sometimes. [snip] YOU NEED a fast cpu to come even close to smoothness."
News flash: PAL framerate is 25 fps. Even the blazingly fast NTSC framerate is only 30 fps. You're claiming 45 isn't smooth, yet I've never heard anyone complain about the smoothness of television....
No way! Faster CPUs give you a higher BogoMIPS rating! And besides... the working set of some programs is small enough to fit in cache (both L1 and TLB), and gain a proportional performance advantage from increased CPU speed (after being optimized for the core.)
"Every distribution can provide a supported and working fix for this within seconds: _turn off ftp and wait for a patch_."
So much for the fast response time of Open Source. "Look, we fixed Teardrop at insane speeds!! But if you want anything else fixed, you have to wait for your vendor, just like Microsoft."
As it was explained in countless things I read before getting Linux, even-numbered minors (e.g. 1.0 or 2.4) are the stable releases of the kernel. These should work. They don't. 2.4.4 broke xscreensaver. 2.4.[378] wouldn't compile. 2.4.12 had a bug in the IEEE 1284 parallel port code that prevented compilation. 2.4.{11,15} had more severe bugs. So out of 16 releases, 12.5% are so buggy they hit Slashdot. 40% of the ones I've tried wouldn't compile without error. Only half of them seem to work without problems. That is a pitiful rate for stable kernels.
"if you're rolling your own, you're in the development stages."
So I have to wait for my vendor to release an upgrade before I can take advantage of the security fixes, huh? (Like the deep-symlink DoS.) I left Windows because of Microsoft's stupidity in handling security, and now I'm stuck with the same thing?
How can a firewall stop an HTTP request? It would still get through, even if there was a proxy, since it's indistinguishable from a request for any other page. If you know how to (and do) make your proxy filter requests for sekrit files, then you are probably also smart enough to know that those files shouldn't be in publicly accessible directories.