Kuhn is very very explicit about the normal state of science being the evolutionary expansion of the paradigm/work within the paradigm. It's only when the extremely rare paradigm shift occurs that there is an overturning of the established order. Even there Kuhn seems to think these shifts often occur because the strain on the previous paradigm grows too great to sustain, i.e., a wide variety of experiments taken together require such unsatisfying explanations that the paradigm is overthrown for a new one.
I think it would be more appropriate to say that Kuhn is mostly rejecting the idea of science proceding via revolutions. The sort of view that preceded Kuhn was that science proceeds by formulating hypothesises which in turn are overthrown should they be contradicted by experiment. Thus Kuhn is actually arguing against the idea that science primarily progresses via the disproof of the prevailing view.
In fact I think it's a fair interpretation to say that Kuhn does not even believe there is an objective fact of the matter of which paradigm is better. It's quite clear that Kuhn holds out evolutionary expansion of the paradigm to be the stereotypical example of progress in science.
That hardly implies that if I choose to use AOL I will run a greater risk of having my identity theft. It shows that AOL users are more likely to be computer naieve and stupidly type their info into random phishing sites. Determining what banks have the highest rates of identity theft is useless unless from a security standpoint unless you determine WHY they have it.
In particular did anyone else notice that the highest rates of identity theft seemed to occur at the largest banks who likely had the most customers? This suggests to me that it's not bad IT practices that account for these results but the make up of their customer bases. I suspect that while many financially and technologically savy people (such as me) have accounts at these banks their success at appealing to the largest possible market means they have a larger percent of non-savy customers. On the other hand another good hypothesis is just that more phising attacks attacks target the institution with the most customers. But if you are confident of your ability to avoid those then this shouldn't worry you much.
In either case this seems like a totally useless statistic and not a result of poor security as the write up suggests.
Yes, open source eliminates markets that might otherwise have existed. This is a good thing.
Every advancement in manufacturing or reduction in price reduces the profits of what were formerly large profitable industries. The printing press destroyed jobs for tons of scribes, the industrial revolution was derided as replacing men with machines. Ultimately though keeping people in make work jobs doesn't contribute to economic growth. It's productivity gains that make us all better off and the change from expensive to free is one of the largest possible productivity gains imaginable. Not only does it make things better for the consumer it frees the people who might have wasted their time reimplementing that same code in various closed source products and lets them be gainfully employed in writing something new (likely still closed source but less redundant)
Sure, I guess if you are just doing it because you find doing this court stuff really fun (maybe he should have gone to law school instead) but if the goal is to maximize expected money recovered I think the attorney would be a good bet.
Sure, the judge has a sense of who might be in the right and as a result this guy might have an advantage but even in death penalty cases people have appeals raising apparently serious flaws in their trials turned down for being a few days late under AEDPA (? something and effective death penalty). I agree that if he is a responsible sort of person who pays attention to his mail (unlike me) he is very unlikely to lose on any of the charges leveled against him. However, managing to meet the statutory requirements to get treble damages for willful infringement and so forth is something that one might screw up without a lawyer.
I think it's ironic that this is being described as a consequence of vast computer databases. While it's probably true that computers have increased the incidence of curiosity snooping by making it less trouble to look up records I suspect this sort of thing has been going on forever. The real contribution of computers is to record access and expose the snooping.
How seriously to take this and what can be done about it are both interesting questions. Fundamentally it's a difficult problem because there is no obvious moral barrier that people cross when they engage in this behavior. I mean suppose you work at the utility and regularly pull up client's records for valid purposes. It isn't going to seem like a harm to anyone to pull up one more record. I mean does it really make a difference that you pulled up the mayor's form out of curiosity rather than for a business reason? After all it was just luck that you weren't assigned to deal with that record anyway. Worse given the difficulty in preciscely definining what you want to prevent it makes it hard to prevent with mandatory access controls.
Now I share the immediate intuition that something is bad about these voyeristic breaches of privacy but I can't exactly put my finger on what if anything is wrong with it. True, someone might use the information to my detriment (share it etc..) but that's equally true about anyone viewing my information whether voyeuristicly or not. I mean consider two companies A and B. Company A's policies mean that in the normal course of buisness only one person will ever examine your data but someone at company A is curious so another person peeks at your information. On the other hand company B has a policy where each month they assign each of their customer service reps to review a random selection of accounts for errors so after the course of 20 years a fairly large number of people have thumbed through your file. To the extent that we want to conceal information or avoid identity theft the company that has more legitimate reasons to examine your data may very well be a higher risk than the one that lets the voyeur look at your recrods. So is it snooping that we want to eliminate or do we want to minimize access more generally?
This seems like a pretty boring and routine infringement case. I'm glad the photographer won his case but why is it on slashdot?
Also it strikes me as a mistake not to hire an attorney in a case like this. Almost certainly you could recover attorney's fees and it just seems silly to risk getting blindsided by some legal rule you didn't know about. The courts do give pro se litigants extra room but why take the risk?
First of all you are effectively spreading FUD about privacy loss by confusing totally different issues. There is the issue of security in terms of using firewalls, patching browsers and avoiding malware, there is the issue of true privacy in protecting details they share only with their spouse or close friends (bank account balances, credit scores), there is the issue of identity theft and finally there is the issue of obscurity in terms of sharing information about them on social networks.
Really the internet is no particular threat to true privacy since no one is releasing truly private details on the internet...well maybe in email but the truth is email is statistically fairly safe even if no particular safeguards are taken. Malware and identity theft are simple risk/reward calculations and for most people the risk simply isn't great enough to justify spending lots of effort on computer security. It's just like using a credit card at a restaurant. Sure the waiter could steal your card number and cost you $50 and some effort but the risk is worth the convenience. What you have to understand is that for non-techie types the cost to keeping their computer all patched up and worrying about security all the time is quite high so the risk they take is worth the cost.
As far as obscurity goes, that is the exposing of details that would be fairly easy for people who know you personally to find out, I don't see the big deal. Everyone gets all worked up about these being in databases or these being available on the internet but I really don't think it is that big of a threat. For thousands of years we lived in small communities where everyone knew each others secrets but it wasn't a problem because everyone knew each others secrets. Not only is our loss of obscurity inevitable but resistance will just make things worse by creating two classes of observers: big corporations and governments who have the resources to build private databases and hire investigators and the regular people. Once obscurity is eliminated I suspect we will have a much more tolerant society since it's hard to judge others harshly for their stupid shit when everyone knows the stupid shit you did back when you were a kid.
The real protection you enjoy is that suing you for patent infringement would do too much damage to MS's credibility. MS simply has too much to lose if people start being overly suspicious of relying on the developer information they provide. Ultimately their entire existence is predicated on people being able to take information about specifications they provide (windows APIs) and use them without fear of suit. They simply can't afford to take advantage of some legal loophole to sue you given the damage to their reputation it would cause.
There are some good reasons to believe it isn't normal matter that isn't making light. For starters one would still expect it to absorb light and thus be observable. Additionally our models of galaxy formation would suggest it should have a certain distribution which doesn't conform with what is necessery to explain the rotation behavior. In fact it may even need to be relatively free from interactions to be as spread out as needed. Most relevantly the observations that suggest that dark matter doesn't collide with itself or normal gas when galaxies collide suggests it isn't normal matter.
Of course your general sentiment is right. There are reasons to believe dark matter isn't made up of neutrinos but it isn't any more mysterious than they are. It is probably just some weakly interacting particle much like those we have already discovered.
The idea that this is the US government (or Israel or any western power) cutting the cables either as a precursor to war or to install splitters/spy stuff is just absurd. If any actor with sufficent resources was planning an invasion or any other type of action requiring an information black out they would have hit all the cables at the same time. As far as installing spy stuff this is too fucking obvious. I mean we do know how to bend fiber optics and siphon off some of the light without disrupting the connection and even if this was impossible here a real spy agency would have just waited until the cable was being taken off for maintenence or at least not hit 5 at once.
As far as plausible explanations we can list either terrorist groups or some other organization with drastically limited resources (or perhaps an intelligence agency trying to cast blame on such an organization). I think we also want to consider natural activity (rock slides, volcanism etc..) combined with a coincedence. After all most of the cut cables seem to be in the same area.
Commercial sabotage is also a plausible explanation and the equitment with power issues could be a move to squeeze money from a customer. Also it could be a combination of these explanations. I mean maybe Iran (or maybe the US) jumped on the bandwagon and cut an extra cable to make it look like they were victimized or to accomplish some other goal after the first couple got broken.
I object to charachterizing this in terms of type safety.
What you want is a kernel which only runs code that comes with a proof that it doesn't do anything bad (overwrite another process's memory). This could be in terms of type safety it could be some other form of analysis. This doesn't mean it even has to be interpreted (though I suspect most code would be)
I think your POV is a little desktop centric. I agree that there is limited argument for the sort of fault isolation in the desktop that Tanenbaum makes such a big deal about. Ultimately if it crashes the apps the system might as well go down.
On the other hand if you are writing an OS for ATMs, for flight avionics, for monitoring a nuclear reactor or a host of other purposes this sort of reliability makes great sense. The difference being (of course) that the applications you expect to run on these OS's will themselves be programed to deal with failures but no one is going to write all your productivity GUIs to recover if the disk subsytem goes down (taking buffers with it).
It's just a technique for achieving a certain kind of reliability. Arguing about which is better is like arguing whether linked lists are better than B-trees. They are both useful ideas but in different applications.
If you are interested in the desktop then the answer is probably going to be the same thing we have already seen happening. Kernels for desktop systems will adopt some of the abstractions from microkernels and seperate out some things into other processes but will also keep shared data structures and other monolithic features.
What's your problem. I mean saying something is a hybrid kernel communicates what it is. No one who has a clue thinks it means they are split into separate processes or anything.
In fact my big pet peeve is that the microkernel people don't distingush between source level abstractions and process seperation. I mean Tanenbaum's arguments here pretend like the better abstractions of message passing and no shared data structures are an argument for microkernels (in the sense of true process isolation) but they are only really an argument for certain abstractions in the source.
Anyway all kernels use some source abstractions but presumably the reason to call some kernels 'hybrid' is that their abstractions are more robust and more throughly resemble the abstractions you would use in a microkernel. If you don't like the word tell us how we should describe microkernel code that someone stripped the process isolation from?
This debate could use a lot more clarity about what is actually being debated. The truth is there are two separate design strategies that generally go under the term microkernel.
1) The conceptual/syntactic division of the OS code into separate 'servers' interacting through some message passing paradigm. Note that a clever build system could easily smoosh these servers together and optimize away the message passing into local function calls.
2) The division of the compiled code into seperate processes and the running of many integral parts of the OS as user processes.
Note that doing 1 and not 2 is a genuine option. If the analogy is really with object oriented programming then one can do what one does with oop: program in terms of the abstract but emit code that avoids inefficencies. While sysenter/sysexit optimizations for L4 based microkernels (and probably others) have made IPC much cheaper on current hardware there is still a cost for switching in and out of kernel mode. Thus it can make a good deal of sense to just shove all the logical modules into ring0.
--------
This brings us to the other point that needs clarification. What is it that we want to achieve? If we want to build an OS for an ATM, an embedded device or a electric power controller I think there is a much stronger case to be made for microkernels in sense #2. However, in a desktop system it really doesn't matter so much whether the OS can recover from a crash that will leave the applications in an unstable state. If the disk module crashes taking it's buffers with it you don't want your applications to simply continue blithely along so you may as well reboot.
But this is only a question of degree. There is no microkernels wrong macrokernel yes answer or vice versa. It's just that each OS has a different ranking of priorities and should implement isolation of kernel 'servers' to a different degree.
----
The exact same can be said when it comes to dealing with microkernel style development (i.e. #1). Both Linus and Tanenbaum do have a point. Just like OO programming insisting on the abstraction of message passing servers can sometimes serve to improve code quality but also like OOP sometimes sticking religiously to the paradigm can make things less efficent or even more confusing. Also if you have enough developers and testers (like linux does) you might want to sacrifice the prettiness of the abstraction for performance and count on people catching the errors.
However, what baffles me is why Tanenbaum seems to think you can't have the advantages of 1 without really having a microkernel. This is just a matter of code organization. If I want to insist that my disk system only talks to other components via a messaging API I can just do so in my code. I could even mostly do this and only break the abstraction when shared data makes a big difference.
Ultimately though it's like arguing about OOP vs. functional or dynamic vs. static. Yup, they both have some advantages and disadvantages.
Yes, in fact everyone must believe in some idea fully. Take any idea X (the earth is round) that you believe and now consider the idea 'X is likely true.' Also we all need to take the reliability of our basic reasoning ability for granted since we have no choice since any attempt to doubt it would use that very machinery.
However, this isn't really what you are arguing about. You are arguing about whether you accept some absolute moral principle. However, your example doesn't prove that you don't need to believe in moral absolutes (provided you believe in morality at all). In fact it suggests just the opposite: there is an absolute universal moral rule.
So sure sometimes equality of outcome is important, other times equality of opportunity is important. That just shows that neither "maximize equality of outcome" or "maximize equality of opportunity" is a correct moral rule. However, since there is a fact of the matter about which is important in each case then the the function mapping situations to the correct moral choice will be an absolute moral principle.
I mean do you somehow figure out what is important in each particular situation? If so then there is some rule (maybe really really complicated) by which you do so and assuming you get the correct answers then the maxim that tells you to do what the rule says is an absolute moral rule.
Yes, things often have many causes. But that means there is some list of those causes. Now if you take all those causes and stick 'and' in between them now you get the complete cause of the thing.
This is almost certainly too much work to bother but if you were really serious about this distributing the backend over several different jurisdictions would give you a certain amount of protection.
For instance one might be able to store the various posts and identifiable user info on one server and the decryption keys for each record in your database on a server in another country. Requests hit the first server which then handshakes with the second to request the decryption keys for those records it currently requires. The first server need never store these decryption keys on disk which could give you a pretty large margin of safety if you choose two countries without many law enforcement assistance agreements.
Of course the truly determined and expert attacker might try to seize your first system and then set up a decoy version that tries to download all encryption keys. However, unless you are setting up a terrorist website it's unlikely that this level of competence and effort will be applied. If you want to get really paranoid you could set both servers to encrypt all their data using your public key and delete all plaintext if their counterpart ever goes down for some period of time (24 hours). Thus close coordination between the jurisdictions (grab them the same day) would be required or a very sophisticated hack of one of your machines.
---------
Anyway this isn't really a serious answer to your question but no one can really give you that answer without more information about what type of content you are worried about.
The US isn't so good on drug laws either. This is why you find all the forums about illegal or quasi-legal drugs hosted from some non-US location. If you want to create a safe place for addicts to discuss their use and share information (which can avoid a great deal of harm) I would most certainly locate somewhere in europe rather than in the US.
It's that very competence that makes this suspicious.
They have regularly improved algorithms to see problems other people hadn't even anticipated and yet in this algorithm they miss the fact that anyone knowing the solution to a particular discrete log problem can predict the output of the RNG???
Using the backdoor requires solving a discrete log problem. The NSA may have an actual proof of hardness for these problems putting a minimum bound on the amount of computer power required. This in turn might give them a minimum bound of a decade or so (someone really needs to check just how hard this discrete log problem turns out to be) for anyone else to discover the secret keys and they can just announce finding a security flaw in the algorithm 2 years before anyone might have found the keys.
Supposing they have separate classified advice for top secret material and this RNG will only be used on low security documents the tradeoff between an enemy potentially having access to low security information from several years ago and giving them potential access to other people's communications might be favorable.
Still, the problem with this scenario is that it seems implausible that they were ever going to get widespread adoption of this RNG outside the government. Then again many things agencies do can't be explained by smart people behaving reasonably. Maybe some mucky mucky over at the Bush admin got a bug in their britches about us helping the terrorists when they found out that they were using strong encryption the NSA had helped strengthen (like DES) and ordered them to start putting in back doors ignoring arguments to the contrary.
I can certainly see the 9/11 changed everything attitude justifying this sort of crap to some self-righteous and idiotic official.
It sounds like your just saying you don't know how to do it.
As far as specifying constraints why not use type theory. We know how to use crazy shit like algebraic and recursive types to say that something is a linked list or other complex data structure. We can do the same thing with an object database if you want.
However, I think fundamentally this is an unfair comparison because the reason the constraints on object dbs are hard is simply that you are asking the constraint to do much more.
To be a fully OODBMS rather than a ORDBMS I would say that the database had to efficently support navigational access. That is if I want to store a linked list of objects into the database if should allow me to efficiently access them in some maner.
I'm not sure if any database can do this but what an OODBMS should really do is allow you to execute queries over an arbitrary navigational structure. For instance I should be able to ask questions like, "Can I get to an object O satisfying O.x+O.y=O.z by starting with object A and following A.next and A.prev as many times as needed."
Though to be fair some of the object inadequacies result from deficiencies of SQL.
I'm convinced that transactional memory (TM) is the right model for concurrent programming in most common situations but software transactional memory (STM) suffers from some performance problems. There has been a great deal of research on hardware support for transactional memory and recently Sun announced hardware support for hybrid transactional memory in Rock. Do you think hardware support for TM will catch on and migrate down to commodity hardware? If so would this translate into significant performance improvements for databases like MySQL? If not do you think specific hardware optimizations for DB applications will ever make sense in the mainstream market?
There seems to be a trend toward other areas of IT implementing concepts and ideas that used to be primarily to province of databases. For instance transactional memory has proved to be a powerful model for concurrency in software languages while journaling and copy on write filesystems have been implementing many ACID style guarantees using methods borrowed from databases. Also operating systems seem to be evolving more and more APIs to handle structured data storage (Core Data) as well as to efficently store and search metadata (spotlight, windows search). OS X even stores a great deal of it's configuration data in a centralized Netinfo database and even the windows registry is a sort of database (arguably it's flaws stem from the choice not to implement a full database).
Do you think these trends will continue and we will see even greater integration of DBMS technology into the operating system itself? Will (should?) we one day regard database like structured data storage as an indispensable OS level feature like a filesystem? If so do you worry that Apple, MS and Linux will make MySQL irrelevant by integrating this functionality into the OS? Do you think that something like SQL will remain the primary interface to this sort of structured storage or will programming languages implement an integrated native syntax for both transactional memory and database access?
While the origin of databases was in holding massive amounts of spreadsheet style buisness data that is only one way that DBMSs are used today. For instance their is an increasing use of DBMSs as data stores for web applications or even desktop applications (Core Data and sqlite). Also some people are advocating column oriented DBMSs for data warehousing applications while unstructed databases like couchDB. Do you think that the standard relational model will continue to dominate the database field or will we see a splintering as some people have suggested with specialized databases developed for different applications? If so what sort of role do you see MySQL evolving to occupy?
I'm particularly interested in whether you think we will see a return to Object Oriented Databases for use as a model store for applications possibly supplemented by some kind of language integration like microsofts LINQ.
Or it's just a company whose executives have better things to do than read the fine print on whatever generic legal documents their counsel gave them. Why not see if they care if he tells them he won't sign the 6 month part first.
Slashdot Mirror
Kuhn is very very explicit about the normal state of science being the evolutionary expansion of the paradigm/work within the paradigm. It's only when the extremely rare paradigm shift occurs that there is an overturning of the established order. Even there Kuhn seems to think these shifts often occur because the strain on the previous paradigm grows too great to sustain, i.e., a wide variety of experiments taken together require such unsatisfying explanations that the paradigm is overthrown for a new one.
I think it would be more appropriate to say that Kuhn is mostly rejecting the idea of science proceding via revolutions. The sort of view that preceded Kuhn was that science proceeds by formulating hypothesises which in turn are overthrown should they be contradicted by experiment. Thus Kuhn is actually arguing against the idea that science primarily progresses via the disproof of the prevailing view.
In fact I think it's a fair interpretation to say that Kuhn does not even believe there is an objective fact of the matter of which paradigm is better. It's quite clear that Kuhn holds out evolutionary expansion of the paradigm to be the stereotypical example of progress in science.
That hardly implies that if I choose to use AOL I will run a greater risk of having my identity theft. It shows that AOL users are more likely to be computer naieve and stupidly type their info into random phishing sites. Determining what banks have the highest rates of identity theft is useless unless from a security standpoint unless you determine WHY they have it.
In particular did anyone else notice that the highest rates of identity theft seemed to occur at the largest banks who likely had the most customers? This suggests to me that it's not bad IT practices that account for these results but the make up of their customer bases. I suspect that while many financially and technologically savy people (such as me) have accounts at these banks their success at appealing to the largest possible market means they have a larger percent of non-savy customers. On the other hand another good hypothesis is just that more phising attacks attacks target the institution with the most customers. But if you are confident of your ability to avoid those then this shouldn't worry you much.
In either case this seems like a totally useless statistic and not a result of poor security as the write up suggests.
Yes, open source eliminates markets that might otherwise have existed. This is a good thing.
Every advancement in manufacturing or reduction in price reduces the profits of what were formerly large profitable industries. The printing press destroyed jobs for tons of scribes, the industrial revolution was derided as replacing men with machines. Ultimately though keeping people in make work jobs doesn't contribute to economic growth. It's productivity gains that make us all better off and the change from expensive to free is one of the largest possible productivity gains imaginable. Not only does it make things better for the consumer it frees the people who might have wasted their time reimplementing that same code in various closed source products and lets them be gainfully employed in writing something new (likely still closed source but less redundant)
Sure, I guess if you are just doing it because you find doing this court stuff really fun (maybe he should have gone to law school instead) but if the goal is to maximize expected money recovered I think the attorney would be a good bet.
Sure, the judge has a sense of who might be in the right and as a result this guy might have an advantage but even in death penalty cases people have appeals raising apparently serious flaws in their trials turned down for being a few days late under AEDPA (? something and effective death penalty). I agree that if he is a responsible sort of person who pays attention to his mail (unlike me) he is very unlikely to lose on any of the charges leveled against him. However, managing to meet the statutory requirements to get treble damages for willful infringement and so forth is something that one might screw up without a lawyer.
I think it's ironic that this is being described as a consequence of vast computer databases. While it's probably true that computers have increased the incidence of curiosity snooping by making it less trouble to look up records I suspect this sort of thing has been going on forever. The real contribution of computers is to record access and expose the snooping.
How seriously to take this and what can be done about it are both interesting questions. Fundamentally it's a difficult problem because there is no obvious moral barrier that people cross when they engage in this behavior. I mean suppose you work at the utility and regularly pull up client's records for valid purposes. It isn't going to seem like a harm to anyone to pull up one more record. I mean does it really make a difference that you pulled up the mayor's form out of curiosity rather than for a business reason? After all it was just luck that you weren't assigned to deal with that record anyway. Worse given the difficulty in preciscely definining what you want to prevent it makes it hard to prevent with mandatory access controls.
Now I share the immediate intuition that something is bad about these voyeristic breaches of privacy but I can't exactly put my finger on what if anything is wrong with it. True, someone might use the information to my detriment (share it etc..) but that's equally true about anyone viewing my information whether voyeuristicly or not. I mean consider two companies A and B. Company A's policies mean that in the normal course of buisness only one person will ever examine your data but someone at company A is curious so another person peeks at your information. On the other hand company B has a policy where each month they assign each of their customer service reps to review a random selection of accounts for errors so after the course of 20 years a fairly large number of people have thumbed through your file. To the extent that we want to conceal information or avoid identity theft the company that has more legitimate reasons to examine your data may very well be a higher risk than the one that lets the voyeur look at your recrods. So is it snooping that we want to eliminate or do we want to minimize access more generally?
This seems like a pretty boring and routine infringement case. I'm glad the photographer won his case but why is it on slashdot?
Also it strikes me as a mistake not to hire an attorney in a case like this. Almost certainly you could recover attorney's fees and it just seems silly to risk getting blindsided by some legal rule you didn't know about. The courts do give pro se litigants extra room but why take the risk?
First of all you are effectively spreading FUD about privacy loss by confusing totally different issues. There is the issue of security in terms of using firewalls, patching browsers and avoiding malware, there is the issue of true privacy in protecting details they share only with their spouse or close friends (bank account balances, credit scores), there is the issue of identity theft and finally there is the issue of obscurity in terms of sharing information about them on social networks.
Really the internet is no particular threat to true privacy since no one is releasing truly private details on the internet...well maybe in email but the truth is email is statistically fairly safe even if no particular safeguards are taken. Malware and identity theft are simple risk/reward calculations and for most people the risk simply isn't great enough to justify spending lots of effort on computer security. It's just like using a credit card at a restaurant. Sure the waiter could steal your card number and cost you $50 and some effort but the risk is worth the convenience. What you have to understand is that for non-techie types the cost to keeping their computer all patched up and worrying about security all the time is quite high so the risk they take is worth the cost.
As far as obscurity goes, that is the exposing of details that would be fairly easy for people who know you personally to find out, I don't see the big deal. Everyone gets all worked up about these being in databases or these being available on the internet but I really don't think it is that big of a threat. For thousands of years we lived in small communities where everyone knew each others secrets but it wasn't a problem because everyone knew each others secrets. Not only is our loss of obscurity inevitable but resistance will just make things worse by creating two classes of observers: big corporations and governments who have the resources to build private databases and hire investigators and the regular people. Once obscurity is eliminated I suspect we will have a much more tolerant society since it's hard to judge others harshly for their stupid shit when everyone knows the stupid shit you did back when you were a kid.
The real protection you enjoy is that suing you for patent infringement would do too much damage to MS's credibility. MS simply has too much to lose if people start being overly suspicious of relying on the developer information they provide. Ultimately their entire existence is predicated on people being able to take information about specifications they provide (windows APIs) and use them without fear of suit. They simply can't afford to take advantage of some legal loophole to sue you given the damage to their reputation it would cause.
Umm, no.
There are some good reasons to believe it isn't normal matter that isn't making light. For starters one would still expect it to absorb light and thus be observable. Additionally our models of galaxy formation would suggest it should have a certain distribution which doesn't conform with what is necessery to explain the rotation behavior. In fact it may even need to be relatively free from interactions to be as spread out as needed. Most relevantly the observations that suggest that dark matter doesn't collide with itself or normal gas when galaxies collide suggests it isn't normal matter.
Of course your general sentiment is right. There are reasons to believe dark matter isn't made up of neutrinos but it isn't any more mysterious than they are. It is probably just some weakly interacting particle much like those we have already discovered.
The idea that this is the US government (or Israel or any western power) cutting the cables either as a precursor to war or to install splitters/spy stuff is just absurd. If any actor with sufficent resources was planning an invasion or any other type of action requiring an information black out they would have hit all the cables at the same time. As far as installing spy stuff this is too fucking obvious. I mean we do know how to bend fiber optics and siphon off some of the light without disrupting the connection and even if this was impossible here a real spy agency would have just waited until the cable was being taken off for maintenence or at least not hit 5 at once.
As far as plausible explanations we can list either terrorist groups or some other organization with drastically limited resources (or perhaps an intelligence agency trying to cast blame on such an organization). I think we also want to consider natural activity (rock slides, volcanism etc..) combined with a coincedence. After all most of the cut cables seem to be in the same area.
Commercial sabotage is also a plausible explanation and the equitment with power issues could be a move to squeeze money from a customer. Also it could be a combination of these explanations. I mean maybe Iran (or maybe the US) jumped on the bandwagon and cut an extra cable to make it look like they were victimized or to accomplish some other goal after the first couple got broken.
Or maybe it's just an unlikely coincedence.
I object to charachterizing this in terms of type safety.
What you want is a kernel which only runs code that comes with a proof that it doesn't do anything bad (overwrite another process's memory). This could be in terms of type safety it could be some other form of analysis. This doesn't mean it even has to be interpreted (though I suspect most code would be)
I think your POV is a little desktop centric. I agree that there is limited argument for the sort of fault isolation in the desktop that Tanenbaum makes such a big deal about. Ultimately if it crashes the apps the system might as well go down.
On the other hand if you are writing an OS for ATMs, for flight avionics, for monitoring a nuclear reactor or a host of other purposes this sort of reliability makes great sense. The difference being (of course) that the applications you expect to run on these OS's will themselves be programed to deal with failures but no one is going to write all your productivity GUIs to recover if the disk subsytem goes down (taking buffers with it).
It's just a technique for achieving a certain kind of reliability. Arguing about which is better is like arguing whether linked lists are better than B-trees. They are both useful ideas but in different applications.
If you are interested in the desktop then the answer is probably going to be the same thing we have already seen happening. Kernels for desktop systems will adopt some of the abstractions from microkernels and seperate out some things into other processes but will also keep shared data structures and other monolithic features.
What's your problem. I mean saying something is a hybrid kernel communicates what it is. No one who has a clue thinks it means they are split into separate processes or anything.
In fact my big pet peeve is that the microkernel people don't distingush between source level abstractions and process seperation. I mean Tanenbaum's arguments here pretend like the better abstractions of message passing and no shared data structures are an argument for microkernels (in the sense of true process isolation) but they are only really an argument for certain abstractions in the source.
Anyway all kernels use some source abstractions but presumably the reason to call some kernels 'hybrid' is that their abstractions are more robust and more throughly resemble the abstractions you would use in a microkernel. If you don't like the word tell us how we should describe microkernel code that someone stripped the process isolation from?
This debate could use a lot more clarity about what is actually being debated. The truth is there are two separate design strategies that generally go under the term microkernel.
1) The conceptual/syntactic division of the OS code into separate 'servers' interacting through some message passing paradigm. Note that a clever build system could easily smoosh these servers together and optimize away the message passing into local function calls.
2) The division of the compiled code into seperate processes and the running of many integral parts of the OS as user processes.
Note that doing 1 and not 2 is a genuine option. If the analogy is really with object oriented programming then one can do what one does with oop: program in terms of the abstract but emit code that avoids inefficencies. While sysenter/sysexit optimizations for L4 based microkernels (and probably others) have made IPC much cheaper on current hardware there is still a cost for switching in and out of kernel mode. Thus it can make a good deal of sense to just shove all the logical modules into ring0.
--------
This brings us to the other point that needs clarification. What is it that we want to achieve? If we want to build an OS for an ATM, an embedded device or a electric power controller I think there is a much stronger case to be made for microkernels in sense #2. However, in a desktop system it really doesn't matter so much whether the OS can recover from a crash that will leave the applications in an unstable state. If the disk module crashes taking it's buffers with it you don't want your applications to simply continue blithely along so you may as well reboot.
But this is only a question of degree. There is no microkernels wrong macrokernel yes answer or vice versa. It's just that each OS has a different ranking of priorities and should implement isolation of kernel 'servers' to a different degree.
----
The exact same can be said when it comes to dealing with microkernel style development (i.e. #1). Both Linus and Tanenbaum do have a point. Just like OO programming insisting on the abstraction of message passing servers can sometimes serve to improve code quality but also like OOP sometimes sticking religiously to the paradigm can make things less efficent or even more confusing. Also if you have enough developers and testers (like linux does) you might want to sacrifice the prettiness of the abstraction for performance and count on people catching the errors.
However, what baffles me is why Tanenbaum seems to think you can't have the advantages of 1 without really having a microkernel. This is just a matter of code organization. If I want to insist that my disk system only talks to other components via a messaging API I can just do so in my code. I could even mostly do this and only break the abstraction when shared data makes a big difference.
Ultimately though it's like arguing about OOP vs. functional or dynamic vs. static. Yup, they both have some advantages and disadvantages.
Yes, in fact everyone must believe in some idea fully. Take any idea X (the earth is round) that you believe and now consider the idea 'X is likely true.' Also we all need to take the reliability of our basic reasoning ability for granted since we have no choice since any attempt to doubt it would use that very machinery.
However, this isn't really what you are arguing about. You are arguing about whether you accept some absolute moral principle. However, your example doesn't prove that you don't need to believe in moral absolutes (provided you believe in morality at all). In fact it suggests just the opposite: there is an absolute universal moral rule.
So sure sometimes equality of outcome is important, other times equality of opportunity is important. That just shows that neither "maximize equality of outcome" or "maximize equality of opportunity" is a correct moral rule. However, since there is a fact of the matter about which is important in each case then the the function mapping situations to the correct moral choice will be an absolute moral principle.
I mean do you somehow figure out what is important in each particular situation? If so then there is some rule (maybe really really complicated) by which you do so and assuming you get the correct answers then the maxim that tells you to do what the rule says is an absolute moral rule.
Yes, things often have many causes. But that means there is some list of those causes. Now if you take all those causes and stick 'and' in between them now you get the complete cause of the thing.
This is almost certainly too much work to bother but if you were really serious about this distributing the backend over several different jurisdictions would give you a certain amount of protection.
For instance one might be able to store the various posts and identifiable user info on one server and the decryption keys for each record in your database on a server in another country. Requests hit the first server which then handshakes with the second to request the decryption keys for those records it currently requires. The first server need never store these decryption keys on disk which could give you a pretty large margin of safety if you choose two countries without many law enforcement assistance agreements.
Of course the truly determined and expert attacker might try to seize your first system and then set up a decoy version that tries to download all encryption keys. However, unless you are setting up a terrorist website it's unlikely that this level of competence and effort will be applied. If you want to get really paranoid you could set both servers to encrypt all their data using your public key and delete all plaintext if their counterpart ever goes down for some period of time (24 hours). Thus close coordination between the jurisdictions (grab them the same day) would be required or a very sophisticated hack of one of your machines.
---------
Anyway this isn't really a serious answer to your question but no one can really give you that answer without more information about what type of content you are worried about.
The US isn't so good on drug laws either. This is why you find all the forums about illegal or quasi-legal drugs hosted from some non-US location. If you want to create a safe place for addicts to discuss their use and share information (which can avoid a great deal of harm) I would most certainly locate somewhere in europe rather than in the US.
It's that very competence that makes this suspicious.
They have regularly improved algorithms to see problems other people hadn't even anticipated and yet in this algorithm they miss the fact that anyone knowing the solution to a particular discrete log problem can predict the output of the RNG???
Using the backdoor requires solving a discrete log problem. The NSA may have an actual proof of hardness for these problems putting a minimum bound on the amount of computer power required. This in turn might give them a minimum bound of a decade or so (someone really needs to check just how hard this discrete log problem turns out to be) for anyone else to discover the secret keys and they can just announce finding a security flaw in the algorithm 2 years before anyone might have found the keys.
Supposing they have separate classified advice for top secret material and this RNG will only be used on low security documents the tradeoff between an enemy potentially having access to low security information from several years ago and giving them potential access to other people's communications might be favorable.
Still, the problem with this scenario is that it seems implausible that they were ever going to get widespread adoption of this RNG outside the government. Then again many things agencies do can't be explained by smart people behaving reasonably. Maybe some mucky mucky over at the Bush admin got a bug in their britches about us helping the terrorists when they found out that they were using strong encryption the NSA had helped strengthen (like DES) and ordered them to start putting in back doors ignoring arguments to the contrary.
I can certainly see the 9/11 changed everything attitude justifying this sort of crap to some self-righteous and idiotic official.
It sounds like your just saying you don't know how to do it.
As far as specifying constraints why not use type theory. We know how to use crazy shit like algebraic and recursive types to say that something is a linked list or other complex data structure. We can do the same thing with an object database if you want.
However, I think fundamentally this is an unfair comparison because the reason the constraints on object dbs are hard is simply that you are asking the constraint to do much more.
To be a fully OODBMS rather than a ORDBMS I would say that the database had to efficently support navigational access. That is if I want to store a linked list of objects into the database if should allow me to efficiently access them in some maner.
I'm not sure if any database can do this but what an OODBMS should really do is allow you to execute queries over an arbitrary navigational structure. For instance I should be able to ask questions like, "Can I get to an object O satisfying O.x+O.y=O.z by starting with object A and following A.next and A.prev as many times as needed."
Though to be fair some of the object inadequacies result from deficiencies of SQL.
I'm convinced that transactional memory (TM) is the right model for concurrent programming in most common situations but software transactional memory (STM) suffers from some performance problems. There has been a great deal of research on hardware support for transactional memory and recently Sun announced hardware support for hybrid transactional memory in Rock. Do you think hardware support for TM will catch on and migrate down to commodity hardware? If so would this translate into significant performance improvements for databases like MySQL? If not do you think specific hardware optimizations for DB applications will ever make sense in the mainstream market?
There seems to be a trend toward other areas of IT implementing concepts and ideas that used to be primarily to province of databases. For instance transactional memory has proved to be a powerful model for concurrency in software languages while journaling and copy on write filesystems have been implementing many ACID style guarantees using methods borrowed from databases. Also operating systems seem to be evolving more and more APIs to handle structured data storage (Core Data) as well as to efficently store and search metadata (spotlight, windows search). OS X even stores a great deal of it's configuration data in a centralized Netinfo database and even the windows registry is a sort of database (arguably it's flaws stem from the choice not to implement a full database).
Do you think these trends will continue and we will see even greater integration of DBMS technology into the operating system itself? Will (should?) we one day regard database like structured data storage as an indispensable OS level feature like a filesystem? If so do you worry that Apple, MS and Linux will make MySQL irrelevant by integrating this functionality into the OS? Do you think that something like SQL will remain the primary interface to this sort of structured storage or will programming languages implement an integrated native syntax for both transactional memory and database access?
While the origin of databases was in holding massive amounts of spreadsheet style buisness data that is only one way that DBMSs are used today. For instance their is an increasing use of DBMSs as data stores for web applications or even desktop applications (Core Data and sqlite). Also some people are advocating column oriented DBMSs for data warehousing applications while unstructed databases like couchDB. Do you think that the standard relational model will continue to dominate the database field or will we see a splintering as some people have suggested with specialized databases developed for different applications? If so what sort of role do you see MySQL evolving to occupy?
I'm particularly interested in whether you think we will see a return to Object Oriented Databases for use as a model store for applications possibly supplemented by some kind of language integration like microsofts LINQ.
Or it's just a company whose executives have better things to do than read the fine print on whatever generic legal documents their counsel gave them. Why not see if they care if he tells them he won't sign the 6 month part first.