I have an iPod touch, i was wondering if it was worth it to upgrade. I also wonder if these Safari bugs will be fixed in a 2.x update. Sucks to have to pay $10 to be secure.
Although if i don't, it's easier to pWn and run cydia on it I guess.
I rarely hear manufacturers say 'Yeah, we'll be lucky to push 100 units'. Wild speculation on the fact that based on price this will sell massively is, well, wild speculation. Getting a dominant platform is complex and requires a lot of work, as seen by the fact that many years later, we're still waiting on the Year Of The Linux Desktop.
The same way 'NetBurst' was to make your Internet surfing faster....
I still remember when Dilbert was 'Optimized for Intel', basically added a useless java app to slow the page for anyone on a slower CPU. I lost some respect for Adams on that one, though i'm not sure how much he was consulted.
One Time Pad has no technical flaws, but still has to be used correctly. I remember hearing that 's how the US broke a rusian nuclear spy ring - the russians got lazy with the one time pad, and the US spies had enough info to see what was happening.
My basic point - if you fix the human side of all these encryption issues, you'll be plugging up a lot of holes. Don't expect a 'perfect security' you can set and forget.
It seems to be a dick size war between him and Drepper. Not saying he's wrong to be pissed, but yanking your libc seems a bit much for a pissing match.
Didn't Sony install rootkits as part of CD insertion/autoRun? CD-ROMs are a vector for malware.
Also, I remember some website getting sued because they mentioned how to disable autorun, effectively disabling their anti-copy rubbish. So will Microsoft be sued for removing this?
true (somewhat) sorry for my lack of clarity. a NUL in source code isn't a character NUL, but however you chose to represent it, e.g \0, 0x00. This follows the normal translation to object code in compilation.
A NULL is special. A NULL is 0 in the source, but in translation to object code, the compiler sees it as a 0 in pointer context (either implicitly or a cast) and converts it to whatever's appropriate. This may be a pointer sized with all zeros, it may be not. The specialness is that the language doesn't define it, the ABI does.
NULL is a special pointer value, which is 0 in source code, but may or may not be 0 in object code. The compiler sets it to whatever the ABI defines the special flag pointer to be. The size would be whatever a pointer size is on your platform
NUL byte, a single byte of 0x00 in both source and object code. In C-style strings, it's a marker that terminates the string.
what's a good one for x86 and AMD64 chips? While spelunking flags for valgrind, i remembered the thought process for 68k chips. Use an A-Line trap, unimplemented so execution would stop. Also, make it odd, so a dereference would trigger a bus error.
You went through all that effort for a Bears Lions game? This spoken from a long suffering Bears fan. In Chicago, we don't have quarterback controversies; we have quarterback dilemmas.
I don't know enough about WINE to know, what's the heap manager in WINE? Would it fall through to glibc's malloc, which is known to be suboptimal or something else?
It removes another third party from having your data. If i use googlesync, my datastore comes from my dataprovider. If i use NemusSync, i have to hand another company my name and password.
At one place i worked, it started out as cartoon characters (McBain was our main server), then degenerated to random things (zippy, pinto. "Why pinto" "Why NOT!!")
The next place had 'a swear word in a foreign language'. Our internet server was 'haole'. My favorite there was 'sega' which is a swearword in Amharic, but also, well, Sega, which was a few blocks over.
1) "some of the BSDs do their own thing for the core" All of the BSDs have their own core. Well, except for the FSF KFreeBSD. KFreeBSD is a weird hybrid, made by some FSF folks to prove that the GNU userland can run on something other than Linux. It's a needless fork to prove some point that escapes me. I can run GNU userland on Windows (cygwin) why muddy up the BSDs with this.
2) the reason why people get bugged by is this is somewhat silly and hypocritical from the FSF. One of the reasons that the BSD license 'sucked' from the FSF point of view was the 'advertising clause', meaning the BSD folks dared ask for credit when someone used their work. The FSFs claim; having to add this was unwieldy. Yet they want to add this GNU/ to Linux all the time. The BSDs request for it to be somewhere, even in the docs. But FSF wants GNU in the name.
Part of many people's issue with the FSF is inconsistency like this. No 'advertising', well, unless it's us. People followed the rules for GPLv2 but didn't act the way we want, well, GPLv3 to stop those people from doing what we said we could. It's a mess some times.
remember that the netscape code base forked off where Apache did, from the long dead NCSA webserver. Apache has had a vibrant developer community for years. It's unlikely, though not impossible, that there is code here that is better than what's in apache now.
Of course it will have historical value, but remember this is from the same company and environment that made Netscape Communicator code so bad that, even though wthere was no alternative browser, they though junking the code was better than saving it for Mozilla.
But C/C++ is changing. Memory randomization makes many attacks impractical, for example. So you get something as safe as Java but faster.
1) to be pedantic, the randomization you mention is not in 'changes' to C/C++, or even C or C++ specific, but is part of the OS. It would make Fortran code more safe, for example.
2) Fortran doesn't need to be more safe. It doesn't have pointers, or a heap. Pointers are the good and evil in C and C++. You can never have a program with all the checks that a handle type memory allocator like Java or C# has in C or C++. Pointers also prevent some optimizations that both Java and the CLR can perform since they know what's pointing to what. With pointers around, you never know if this memory you have is being pointed to by something, so there are some assumptions you'd like to make but just can't. With managed handles (references, objects, whatever you want to call them) the VM (JVM, CLR) knows these things.
There are other classes of exploits that can occur. There was a telnetd bug years ago that was exploitable because of bad counting of character expansions that overran a buffer. this simply wouldn't exist in a managed environment like a JVM or the CLR.
C and C++ were simply not designed for the class of programs that are out there now - large apps with many dependent libraries of unknown quality constantly exposed to malicious users with huge profit motives. Neither was Java or C# (or any common OS, though security fixes were backported), but the design factors they did have eliminate a fair number of exploit classes.
heh. I saw that on someone's sig a long time ago. I knew it was a forkbomb, but for some twisted reason i wanted to see what it would do to my cygwin shell. I *almost* pasted into a prod window. Which probably would have gotten me fired.
Luckily enough i didn't, and am still employed. BTW: doing that on Cygwin will force you to reboot your windows box. No way to cleanup.
I remember those, when they first came out, they seemed stupid. It solved a problem for an advertiser, but never solved anything for the end user. Doomed to failure.
Plus, in the install instructions, it gave instructions on how to reset your BIOS settings if it wasn't recognized. You expect someone to reset BIOS settings to use something not really useful? Whatever.
we used one at my last place, a 'declawed' one was a useful cheap barcode scanner for books.
My niece asked me this, should she jump on someone elses WiFi, but this happened right after the big kerfuffle about the DNS hack.
You realize that you're giving all your data and control over to a machine that you don't control. You hope that it's open because the person is either an idiot or a good guy, but you have no evidence of either at that point. Even something as simple as checking your mail might give people access to your inbox, and all the 'password reset' notices you get.
I can see this as a niche product, one that fits perfectly.
Embedded controller. Low memory use. Weak (therefore cheap/easy on electricity) chip. Networkable, but no TCP/IP (no Internet can be good, i think our Canon copiers got the slammer worm a few years back).
Though i greatly respect stallman, the myth that he created open source is greatly exaggerated. This myth is partly based on his statements, where he guarantees himself owning all by categorically defines anything that he didn't do as non-free software.
If you allow that free software dares to exist outside of things stallman defines, you'll find a lot of good free code. The biggest example, BSD was already out, and free. It existed even previous to Linux. The spirit of Berkeley took what was UNIX at the time, adding lots of core features, and releasing the source. They of course, for their troubles, got hit with a lawsuit, which made people (such as Linus) wary about using their code.
Stallman has given a lot, but his zealotry has also prevented people from working from him. Remember that Stallmans style was the basis for the cathedral in The Cathedral and the Bazaar. Some high profile projects have forked based on the difficulty in working with him (gcc vs. egcs, which became mainline gcc because of no activity in FSF gcc line, emacs vs Lucid/Xemacs).
He is no lightweight, nor is the source of all that is good an holy. He's just a hacker dude.
Slashdot Mirror
I have an iPod touch, i was wondering if it was worth it to upgrade. I also wonder if these Safari bugs will be fixed in a 2.x update. Sucks to have to pay $10 to be secure.
Although if i don't, it's easier to pWn and run cydia on it I guess.
4th Dimension(al) Database has already been done. I used this back in 1993, 94 or so.
Honestly this is the first thing I thought of. The scary thing is, you can kind of tell this is trying to be a verb.
That and "can I be any more Chandler"
Can I be any more hopeless trying to catch google?
I rarely hear manufacturers say 'Yeah, we'll be lucky to push 100 units'. Wild speculation on the fact that based on price this will sell massively is, well, wild speculation. Getting a dominant platform is complex and requires a lot of work, as seen by the fact that many years later, we're still waiting on the Year Of The Linux Desktop.
The same way 'NetBurst' was to make your Internet surfing faster....
I still remember when Dilbert was 'Optimized for Intel', basically added a useless java app to slow the page for anyone on a slower CPU. I lost some respect for Adams on that one, though i'm not sure how much he was consulted.
One Time Pad has no technical flaws, but still has to be used correctly. I remember hearing that 's how the US broke a rusian nuclear spy ring - the russians got lazy with the one time pad, and the US spies had enough info to see what was happening.
My basic point - if you fix the human side of all these encryption issues, you'll be plugging up a lot of holes. Don't expect a 'perfect security' you can set and forget.
It seems to be a dick size war between him and Drepper. Not saying he's wrong to be pissed, but yanking your libc seems a bit much for a pissing match.
Can the montage have the girls from baywatch running? They had the best montages...
Didn't Sony install rootkits as part of CD insertion/autoRun? CD-ROMs are a vector for malware.
Also, I remember some website getting sued because they mentioned how to disable autorun, effectively disabling their anti-copy rubbish. So will Microsoft be sued for removing this?
true (somewhat)
sorry for my lack of clarity.
a NUL in source code isn't a character NUL, but however you chose to represent it, e.g \0, 0x00. This follows the normal translation to object code in compilation.
A NULL is special. A NULL is 0 in the source, but in translation to object code, the compiler sees it as a 0 in pointer context (either implicitly or a cast) and converts it to whatever's appropriate. This may be a pointer sized with all zeros, it may be not. The specialness is that the language doesn't define it, the ABI does.
PEDANT ALERT.
NULL is a special pointer value, which is 0 in source code, but may or may not be 0 in object code. The compiler sets it to whatever the ABI defines the special flag pointer to be. The size would be whatever a pointer size is on your platform
NUL byte, a single byte of 0x00 in both source and object code. In C-style strings, it's a marker that terminates the string.
Not the same thing.
RE: malloc pattern initializer
what's a good one for x86 and AMD64 chips? While spelunking flags for valgrind, i remembered the thought process for 68k chips. Use an A-Line trap, unimplemented so execution would stop. Also, make it odd, so a dereference would trigger a bus error.
What's the best values for x86 debugging?
You went through all that effort for a Bears Lions game? This spoken from a long suffering Bears fan. In Chicago, we don't have quarterback controversies; we have quarterback dilemmas.
I don't know enough about WINE to know, what's the heap manager in WINE? Would it fall through to glibc's malloc, which is known to be suboptimal or something else?
It removes another third party from having your data. If i use googlesync, my datastore comes from my dataprovider. If i use NemusSync, i have to hand another company my name and password.
At one place i worked, it started out as cartoon characters (McBain was our main server), then degenerated to random things (zippy, pinto. "Why pinto" "Why NOT!!")
The next place had 'a swear word in a foreign language'. Our internet server was 'haole'. My favorite there was 'sega' which is a swearword in Amharic, but also, well, Sega, which was a few blocks over.
1) "some of the BSDs do their own thing for the core"
All of the BSDs have their own core. Well, except for the FSF KFreeBSD. KFreeBSD is a weird hybrid, made by some FSF folks to prove that the GNU userland can run on something other than Linux. It's a needless fork to prove some point that escapes me. I can run GNU userland on Windows (cygwin) why muddy up the BSDs with this.
2) the reason why people get bugged by is this is somewhat silly and hypocritical from the FSF. One of the reasons that the BSD license 'sucked' from the FSF point of view was the 'advertising clause', meaning the BSD folks dared ask for credit when someone used their work. The FSFs claim; having to add this was unwieldy. Yet they want to add this GNU/ to Linux all the time. The BSDs request for it to be somewhere, even in the docs. But FSF wants GNU in the name.
Part of many people's issue with the FSF is inconsistency like this. No 'advertising', well, unless it's us. People followed the rules for GPLv2 but didn't act the way we want, well, GPLv3 to stop those people from doing what we said we could. It's a mess some times.
re:code
remember that the netscape code base forked off where Apache did, from the long dead NCSA webserver. Apache has had a vibrant developer community for years. It's unlikely, though not impossible, that there is code here that is better than what's in apache now.
Of course it will have historical value, but remember this is from the same company and environment that made Netscape Communicator code so bad that, even though wthere was no alternative browser, they though junking the code was better than saving it for Mozilla.
If it's Mac the Knife, what should we named the Spork? Wally the Spork? Mortimer the Spork?
1) to be pedantic, the randomization you mention is not in 'changes' to C/C++, or even C or C++ specific, but is part of the OS. It would make Fortran code more safe, for example.
2) Fortran doesn't need to be more safe. It doesn't have pointers, or a heap.
Pointers are the good and evil in C and C++. You can never have a program with all the checks that a handle type memory allocator like Java or C# has in C or C++. Pointers also prevent some optimizations that both Java and the CLR can perform since they know what's pointing to what. With pointers around, you never know if this memory you have is being pointed to by something, so there are some assumptions you'd like to make but just can't. With managed handles (references, objects, whatever you want to call them) the VM (JVM, CLR) knows these things.
There are other classes of exploits that can occur. There was a telnetd bug years ago that was exploitable because of bad counting of character expansions that overran a buffer. this simply wouldn't exist in a managed environment like a JVM or the CLR.
C and C++ were simply not designed for the class of programs that are out there now - large apps with many dependent libraries of unknown quality constantly exposed to malicious users with huge profit motives. Neither was Java or C# (or any common OS, though security fixes were backported), but the design factors they did have eliminate a fair number of exploit classes.
heh. I saw that on someone's sig a long time ago. I knew it was a forkbomb, but for some twisted reason i wanted to see what it would do to my cygwin shell. I *almost* pasted into a prod window. Which probably would have gotten me fired.
Luckily enough i didn't, and am still employed. BTW: doing that on Cygwin will force you to reboot your windows box. No way to cleanup.
I remember those, when they first came out, they seemed stupid. It solved a problem for an advertiser, but never solved anything for the end user. Doomed to failure.
Plus, in the install instructions, it gave instructions on how to reset your BIOS settings if it wasn't recognized. You expect someone to reset BIOS settings to use something not really useful? Whatever.
we used one at my last place, a 'declawed' one was a useful cheap barcode scanner for books.
My niece asked me this, should she jump on someone elses WiFi, but this happened right after the big kerfuffle about the DNS hack.
You realize that you're giving all your data and control over to a machine that you don't control. You hope that it's open because the person is either an idiot or a good guy, but you have no evidence of either at that point. Even something as simple as checking your mail might give people access to your inbox, and all the 'password reset' notices you get.
I can see this as a niche product, one that fits perfectly.
Embedded controller. Low memory use. Weak (therefore cheap/easy on electricity) chip. Networkable, but no TCP/IP (no Internet can be good, i think our Canon copiers got the slammer worm a few years back).
Though i greatly respect stallman, the myth that he created open source is greatly exaggerated. This myth is partly based on his statements, where he guarantees himself owning all by categorically defines anything that he didn't do as non-free software.
If you allow that free software dares to exist outside of things stallman defines, you'll find a lot of good free code. The biggest example, BSD was already out, and free. It existed even previous to Linux. The spirit of Berkeley took what was UNIX at the time, adding lots of core features, and releasing the source. They of course, for their troubles, got hit with a lawsuit, which made people (such as Linus) wary about using their code.
Stallman has given a lot, but his zealotry has also prevented people from working from him. Remember that Stallmans style was the basis for the cathedral in The Cathedral and the Bazaar. Some high profile projects have forked based on the difficulty in working with him (gcc vs. egcs, which became mainline gcc because of no activity in FSF gcc line, emacs vs Lucid/Xemacs).
He is no lightweight, nor is the source of all that is good an holy. He's just a hacker dude.