I agree with your statement regarding IR, but RF is used succesfully all the time on stage. Musicians regularly use RF mics which require a much stronger signal than a simple controller. I use logitect's bluetooth presenter for controlling slides remotely and it works great. If the signal gets a little weak (which it never has) all I have to do is walk closer to the reciever and hit the button again. I suppose someone could maliciously try and disrupt my bluetooth signal, or try to hack my bluetooth interface (it is protected with a passcode), but to me the benefits of "stage freedom" far outweigh the risks.
say I download a madonna song... It's worth the 3 seconds it will take me to click on the link, that I saw browsing for another song, to get it and listen to it once, but its not worth 99 cents on itunes... if I had to pay 99 cents, there is no way I would get it...
But on iTunes they have extremely high quality previews at a reasonable length that allow you to determine whether or not you'd want to spend 99cents. You're piracy is still wrong.
While I agree that we should always have a top level design as well as functional requirements that describe what it is we need to build, "desiging as we go" is what developers do. It's our job. Code is the design of the software. It is impossible to design software at anything but a very high level on paper. This is because most design issues do not come out until the code is written.
Code is the tool in which we use to design software.
The problem is that we have a lot of bad designers who write really messy and disorganized designs. This is the reason why we have design issues, not because we don't do enough designing on paper "up front".
Construction is building. Software is designing. Compilers build the design. Construction workers build the design. When a construction project is late, it is usually because the building process took longer than anticipated. When Software projects are late, it is because the design process (the code is part of the design) is late. While there are some correlations betweent the two industries, for the most part the differences are huge.
SP2 is not vulnerable to the ANI or LoadImage exploits that the article describes. It is however vulnerable to a variation of the hlp heap overflow exploit.
It is intellectually dishonest to link voters who claim to be born again Christians to those who believe that Bush is a messenger from God. The fundamentalists might. The weak minded may. The rest of us realize that it's hogwash.
And why are you feeling alienated from your own country? Our country was founded on the basis of religious freedom because we have such a diverse set of beliefs. And while 81% of americans identify themsleves with a specific religion, I'd bet that that number is even higher when you count "agnostics" and those who have certain religious beliefs, but don't identify themselves with a particular religion. The only things that's wrong with Bush and the Christian Coalition influenced Republican party is the legislation of morality based soley on religious principals. That, even as a Christian, I will fight and I hope that you'll join me. But you should not feel alienated just because people have religious beliefs.
ps. my viewpoint: I'm 2nd-generation Turkish American, committed atheist: after seeing what fundamentalists (muslim and christian) are doing to both of my otherwise lovely countries.
And I'm a 2nd-generation Armenian American with ancestors who barely escape the Turkish massacar of my people - partly because their Christian faith. You're absolutely right, it's a sad truth that fundamentalists are destroying potentially awesome cultures.
They are talking about the hashing algorithm MS uses on Windoze machines and networking
The hashing algorithm used since NT4SP3 and Win2K is NTLMv2, whereas "lanman" is NTLMv1. NTLMv2 is significantly more secure, however, for backward compatibility with older Windows 9x machines some companies still use NTLMv1.
Or are you saying it's worth that many lives (and counting) to get rid of one person.
Considering that person is responsible for genocide that totals in the millions, yes it is worth remove that one person, as well as his entire regime. We should have done it a decade ago.
And for the record, I'm voting Kerry, even though I'm afraid he'll be a bit too idealistic (like the UN) when it comes to foreign policy.
Exactly. The performance penalty is built in whether you plan on coding with exceptions or not.
This is correct. The point of my post was to address the issue that the use of exception handling does not incur a performance hit. A try...catch block has zero impact on performance in Java.
There's generally a 5-10% performance hit just from having code that might possibly throw an exception, depending on your compiler's implementation.
Just to be extra clear to avoid potential confusion: This is a true statement for C++, the language in which we are talking about. However, modern languages like Java and C# do not incur this performance penalty. There is still a small penalty for throwing an exception, which doesn't matter because that should only happen in rare (read: exceptional) circumstances.
Considering the fact that most software at MS gets audited internally by completely seperated teams, and a lot of software gets addition audits by a third partys (MS is one of @Stakes customers), I would conclude that it is at least as unlikely that a backdoor exist in MS software as it would most any OSS project.
Additionally, as already mentioned, many backdoors are carefully hidden, therefore limiting the potential benefit of having lots of people casually browsing for the source.
So what if the OS is 20% or more of the hardware cost? If the eMac's lower in price to $499 or $599, they'll still run the latest advancements of the $199 retail (obviously less packaged) OS X. I buy hardware to run _software_, so of course I'm going to spend more on software. Paying for any OS is not a tax, it's paying for the one component that makes your hardware and all other software worthwile. I have no problem paying the $20ish OEM cost of Windows with a Dell(it's not $50 - that's almost what you can get it for at NewEgg.com), or the equivilant for a Mac.
Sure they do. They make money off of OSX, and they deserve to. They don't have activation keys and other piracy prevention measures because Apple users are less likely to pirate their OS (most are too loyal too Apple, the rest have too much money for it to matter or they just didn't know it was even possible), and 3rd world countries can't even afford the hardware so they don't have to worry as much about nock offs being sold for $3.
First off thank you for taking the time to reply to my post. Awesome detail - not something I'm used to on these forums.
...if you're working in a group where each developer gets to choose their own editor...
Every project I work on mandates the use of a consistent toolset with consistent parameters (I've been repremanded for using tabs before). The purpose of this goes way beyond this particular subject. I believe strongly in the enforcement of this as I've seen it work very well. On the other hand, I appreciate that distributed projects without central management (eg. many OSS projects) do not have this luxury. I would maybe reconsider if I was in this position.
This is very easily mitigated through the mechanism I've already demonstrated: if(i<50) {
synchronized(this) {
try {...
} catch (Exception e) {...
}// end-catch
}// end-synchronized }// end-if
end-if? - Which "if" am I ending? I still need to scroll up to figure out which "if" statement I'm looking at. All this comment tells me is that this close brace _might_ be the close to _some_ if statement. The reason that I say "might" is because that comment can go out-of-date accidentally and confuse me even more (for example, the "if" is changed to a "for" but the ending brace comment is never changed).
It all comes down to my philosophy that tools should be helping us solve these problems. If the tools that are being used are inadequate (vi, pico, notepad, etc...), that does not mean that we should invent ways to clutter (IMHO) our code, it means that we need better tools. Again, VS.NET takes care of spacing braces properly even accross different tab or no tab settings (it reformats to the local settings). I can't believe that it's the only tool that does this. And even if I'm incorrect about VS.NET's "close brace info" feature, doesn't that sound like a better solution than a vague and potentially inaccurate comment? Maybe the OSS tools that we're using should consider this feature. I'd rather spend my time improving the tools in this regard, and especially with the OSS tools we have the opportunity to directly make these improvements. And again there are many reasons, this issue being one of many, why a consistent toolset for a development team should be required. If a developer on a non-commercial OSS project wants to read the code nicely, they can still choose to use the tools that make it easier.
Thanks again for conversation. This is a fairly subjective topic but I'm sure you agree that it's important to think about and discuss different opinions as it affects code quality and ease of maintainability.
Since modern code editors force tabs or spacing in these scenarios, I find comments like "// end if" to create more noise overall. The other problem that "// end if" is trying to fix is when the original statement is off the screen, in which case your code desperately needs to be refactored. Finally, I believe that the next version of VS.NET tells you the expression and line number when you hover over a closed brace. The bottom line is, I'd rather rely on tools to force style such as indenting, as well as clean code to avoid the need for comments that can add noise as well as become outdated and accidentally express the wrong meaning.
This still would affect users not running as root/admin. It's accessing your contact list which is accessible to the user no matter what. This same type of worm could be trivially written for gaim on linux with a locked down user.
Does no one here work in an organized company that has rigid procedures such as TESTING?!?!
Yes, and such organizations with rigid procedures wouldn't be securing files via the web.config for their applications in the first place, so they wouldn't even be affected by this exploit.
Today, yet another huge security hole was found in Microsoft software in which blows open all websites running ASP.NET. Microsoft's response?
This is just plain false. Hardly any websites running ASP.NET are even affected by this flaw as they don't use the web.config to secure files. Microsoft's current workaround, if you are one of the few that this actually affects, is very reasonable: a ~3 line code snippet that needs to be placed in one file for each affected application until the patch is released.
A lot of us believe that ASP.NET is superior. That's a whole discussion in and of itself. As far as security, ASP.NET is probably the most secure web application platform to date. This particular vulnurability is the first of its nature (severe external exploit) since ASP.NET was launched. While this exploit is severe, it only affects a small number of applications that use the web.config to define files in which certain users have access to. This is not a best practices approach, as normally your code defines access to features in which case this exploit is not applicable. So no, you can't just go to any ASP.NET web site and swap the seperator and bypass login screens.
This is _only_ if you protect at the file level via the web.config (something that is not a best practice in the first place). If you use ASP.NET Forms Authentication and put a security check on an aspx itself (or in your base page class), or if you use any other form of authentication and authorization, this exploit is useless.
This is a stupid exploit that should have been caught before 1.0 was released, but the affected install base is probably very small.
I don't see the problem here. It's fair. The word fair means that everyone plays by the same rules.
Right, and fair means at the same cost, or burden to everyone, not the same relative dollar value. Ten percent of a lower middle class income is a huge burden which directly affects their quality of life. Ten percent on an upper middle class income, while more dollars, is hardly any burden. Progressive tax systems allow for a fair burden on everyone, regardless of class.
I had no choice to get windows installed on it. I had no choice not to pay the fee.
You didn't have to buy a Dell. Dell gets significant discounts (much less than the typical $25-$30 per box that is usually quoted) for putting Windows on each box. This is a very common and legitimate business practice - it's called a volume discount. You could have easily bought a Mac but then you'd be "forced" to paying the "OS X fee". It's not your right to choose how a hardware company bundles its software, but if it's so important to you, you can always buy a generic laptop or "barbones" laptop with no OS.
No matter how you look at it, I'm not sure how you were forced, or why you deserve a refund. Next time don't buy a Windows machine if you don't want Windows, and don't buy an Apple machine if you don't want OS X.
Its clearly nothing more than a ploy to make them upgrade.
If you consider giving the users features (eg pop up blocker and enhanced firewall) in the latest version of their software a "ploy", then I'm okay with this so-called ploy. Newer versions of software get features that older versions don't get. News at 11.
Slashdot Mirror
I agree with your statement regarding IR, but RF is used succesfully all the time on stage. Musicians regularly use RF mics which require a much stronger signal than a simple controller. I use logitect's bluetooth presenter for controlling slides remotely and it works great. If the signal gets a little weak (which it never has) all I have to do is walk closer to the reciever and hit the button again. I suppose someone could maliciously try and disrupt my bluetooth signal, or try to hack my bluetooth interface (it is protected with a passcode), but to me the benefits of "stage freedom" far outweigh the risks.
say I download a madonna song... It's worth the 3 seconds it will take me to click on the link, that I saw browsing for another song, to get it and listen to it once, but its not worth 99 cents on itunes... if I had to pay 99 cents, there is no way I would get it...
But on iTunes they have extremely high quality previews at a reasonable length that allow you to determine whether or not you'd want to spend 99cents. You're piracy is still wrong.
Mike,
While I agree that we should always have a top level design as well as functional requirements that describe what it is we need to build, "desiging as we go" is what developers do. It's our job. Code is the design of the software. It is impossible to design software at anything but a very high level on paper. This is because most design issues do not come out until the code is written.
Code is the tool in which we use to design software.
The problem is that we have a lot of bad designers who write really messy and disorganized designs. This is the reason why we have design issues, not because we don't do enough designing on paper "up front".
Construction is building. Software is designing. Compilers build the design. Construction workers build the design. When a construction project is late, it is usually because the building process took longer than anticipated. When Software projects are late, it is because the design process (the code is part of the design) is late. While there are some correlations betweent the two industries, for the most part the differences are huge.
SP2 is not vulnerable to the ANI or LoadImage exploits that the article describes. It is however vulnerable to a variation of the hlp heap overflow exploit.
It is intellectually dishonest to link voters who claim to be born again Christians to those who believe that Bush is a messenger from God. The fundamentalists might. The weak minded may. The rest of us realize that it's hogwash.
And why are you feeling alienated from your own country? Our country was founded on the basis of religious freedom because we have such a diverse set of beliefs. And while 81% of americans identify themsleves with a specific religion, I'd bet that that number is even higher when you count "agnostics" and those who have certain religious beliefs, but don't identify themselves with a particular religion. The only things that's wrong with Bush and the Christian Coalition influenced Republican party is the legislation of morality based soley on religious principals. That, even as a Christian, I will fight and I hope that you'll join me. But you should not feel alienated just because people have religious beliefs.
ps. my viewpoint: I'm 2nd-generation Turkish American, committed atheist: after seeing what fundamentalists (muslim and christian) are doing to both of my otherwise lovely countries.
And I'm a 2nd-generation Armenian American with ancestors who barely escape the Turkish massacar of my people - partly because their Christian faith. You're absolutely right, it's a sad truth that fundamentalists are destroying potentially awesome cultures.
They are talking about the hashing algorithm MS uses on Windoze machines and networking
The hashing algorithm used since NT4SP3 and Win2K is NTLMv2, whereas "lanman" is NTLMv1. NTLMv2 is significantly more secure, however, for backward compatibility with older Windows 9x machines some companies still use NTLMv1.
Or are you saying it's worth that many lives (and counting) to get rid of one person.
Considering that person is responsible for genocide that totals in the millions, yes it is worth remove that one person, as well as his entire regime. We should have done it a decade ago.
And for the record, I'm voting Kerry, even though I'm afraid he'll be a bit too idealistic (like the UN) when it comes to foreign policy.
Exactly. The performance penalty is built in whether you plan on coding with exceptions or not.
This is correct. The point of my post was to address the issue that the use of exception handling does not incur a performance hit. A try...catch block has zero impact on performance in Java.
There's generally a 5-10% performance hit just from having code that might possibly throw an exception, depending on your compiler's implementation.
Just to be extra clear to avoid potential confusion: This is a true statement for C++, the language in which we are talking about. However, modern languages like Java and C# do not incur this performance penalty. There is still a small penalty for throwing an exception, which doesn't matter because that should only happen in rare (read: exceptional) circumstances.
And M$ software does not contain any backdoors?
Considering the fact that most software at MS gets audited internally by completely seperated teams, and a lot of software gets addition audits by a third partys (MS is one of @Stakes customers), I would conclude that it is at least as unlikely that a backdoor exist in MS software as it would most any OSS project.
Additionally, as already mentioned, many backdoors are carefully hidden, therefore limiting the potential benefit of having lots of people casually browsing for the source.
So what if the OS is 20% or more of the hardware cost? If the eMac's lower in price to $499 or $599, they'll still run the latest advancements of the $199 retail (obviously less packaged) OS X. I buy hardware to run _software_, so of course I'm going to spend more on software. Paying for any OS is not a tax, it's paying for the one component that makes your hardware and all other software worthwile. I have no problem paying the $20ish OEM cost of Windows with a Dell(it's not $50 - that's almost what you can get it for at NewEgg.com), or the equivilant for a Mac.
Apple doesn't care if you pirate it.
Sure they do. They make money off of OSX, and they deserve to. They don't have activation keys and other piracy prevention measures because Apple users are less likely to pirate their OS (most are too loyal too Apple, the rest have too much money for it to matter or they just didn't know it was even possible), and 3rd world countries can't even afford the hardware so they don't have to worry as much about nock offs being sold for $3.
First off thank you for taking the time to reply to my post. Awesome detail - not something I'm used to on these forums.
...if you're working in a group where each developer gets to choose their own editor...
... ... // end-catch // end-synchronized // end-if
Every project I work on mandates the use of a consistent toolset with consistent parameters (I've been repremanded for using tabs before). The purpose of this goes way beyond this particular subject. I believe strongly in the enforcement of this as I've seen it work very well. On the other hand, I appreciate that distributed projects without central management (eg. many OSS projects) do not have this luxury. I would maybe reconsider if I was in this position.
This is very easily mitigated through the mechanism I've already demonstrated:
if(i<50) {
synchronized(this) {
try {
} catch (Exception e) {
}
}
}
end-if? - Which "if" am I ending? I still need to scroll up to figure out which "if" statement I'm looking at. All this comment tells me is that this close brace _might_ be the close to _some_ if statement. The reason that I say "might" is because that comment can go out-of-date accidentally and confuse me even more (for example, the "if" is changed to a "for" but the ending brace comment is never changed).
It all comes down to my philosophy that tools should be helping us solve these problems. If the tools that are being used are inadequate (vi, pico, notepad, etc...), that does not mean that we should invent ways to clutter (IMHO) our code, it means that we need better tools. Again, VS.NET takes care of spacing braces properly even accross different tab or no tab settings (it reformats to the local settings). I can't believe that it's the only tool that does this. And even if I'm incorrect about VS.NET's "close brace info" feature, doesn't that sound like a better solution than a vague and potentially inaccurate comment? Maybe the OSS tools that we're using should consider this feature. I'd rather spend my time improving the tools in this regard, and especially with the OSS tools we have the opportunity to directly make these improvements. And again there are many reasons, this issue being one of many, why a consistent toolset for a development team should be required. If a developer on a non-commercial OSS project wants to read the code nicely, they can still choose to use the tools that make it easier.
Thanks again for conversation. This is a fairly subjective topic but I'm sure you agree that it's important to think about and discuss different opinions as it affects code quality and ease of maintainability.
Since modern code editors force tabs or spacing in these scenarios, I find comments like "// end if" to create more noise overall. The other problem that "// end if" is trying to fix is when the original statement is off the screen, in which case your code desperately needs to be refactored. Finally, I believe that the next version of VS.NET tells you the expression and line number when you hover over a closed brace. The bottom line is, I'd rather rely on tools to force style such as indenting, as well as clean code to avoid the need for comments that can add noise as well as become outdated and accidentally express the wrong meaning.
This still would affect users not running as root/admin. It's accessing your contact list which is accessible to the user no matter what. This same type of worm could be trivially written for gaim on linux with a locked down user.
Nope, the argument still holds, you just don't understand it (read some of my past posts for an explanation, I'm getting sick of repeating myself).
Does no one here work in an organized company that has rigid procedures such as TESTING?!?!
Yes, and such organizations with rigid procedures wouldn't be securing files via the web.config for their applications in the first place, so they wouldn't even be affected by this exploit.
Today, yet another huge security hole was found in Microsoft software in which blows open all websites running ASP.NET. Microsoft's response?
This is just plain false. Hardly any websites running ASP.NET are even affected by this flaw as they don't use the web.config to secure files. Microsoft's current workaround, if you are one of the few that this actually affects, is very reasonable: a ~3 line code snippet that needs to be placed in one file for each affected application until the patch is released.
A lot of us believe that ASP.NET is superior. That's a whole discussion in and of itself. As far as security, ASP.NET is probably the most secure web application platform to date. This particular vulnurability is the first of its nature (severe external exploit) since ASP.NET was launched. While this exploit is severe, it only affects a small number of applications that use the web.config to define files in which certain users have access to. This is not a best practices approach, as normally your code defines access to features in which case this exploit is not applicable. So no, you can't just go to any ASP.NET web site and swap the seperator and bypass login screens.
This is _only_ if you protect at the file level via the web.config (something that is not a best practice in the first place). If you use ASP.NET Forms Authentication and put a security check on an aspx itself (or in your base page class), or if you use any other form of authentication and authorization, this exploit is useless.
This is a stupid exploit that should have been caught before 1.0 was released, but the affected install base is probably very small.
I don't see the problem here. It's fair. The word fair means that everyone plays by the same rules.
Right, and fair means at the same cost, or burden to everyone, not the same relative dollar value. Ten percent of a lower middle class income is a huge burden which directly affects their quality of life. Ten percent on an upper middle class income, while more dollars, is hardly any burden. Progressive tax systems allow for a fair burden on everyone, regardless of class.
Not every Linux user knows how to build a computer.
Irrelevant. They can still buy a Linux computer or an OS free computer.
I had no choice to get windows installed on it. I had no choice not to pay the fee.
You didn't have to buy a Dell. Dell gets significant discounts (much less than the typical $25-$30 per box that is usually quoted) for putting Windows on each box. This is a very common and legitimate business practice - it's called a volume discount. You could have easily bought a Mac but then you'd be "forced" to paying the "OS X fee". It's not your right to choose how a hardware company bundles its software, but if it's so important to you, you can always buy a generic laptop or "barbones" laptop with no OS.
No matter how you look at it, I'm not sure how you were forced, or why you deserve a refund. Next time don't buy a Windows machine if you don't want Windows, and don't buy an Apple machine if you don't want OS X.
Its clearly nothing more than a ploy to make them upgrade.
If you consider giving the users features (eg pop up blocker and enhanced firewall) in the latest version of their software a "ploy", then I'm okay with this so-called ploy. Newer versions of software get features that older versions don't get. News at 11.