Slashdot Mirror


User: argent

argent's activity in the archive.

Stories
0
Comments
12,456
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,456

  1. Re:Surely you're Joking, Mr Feynman? on The Rush To Patent the Atomic Bomb · · Score: 1

    Yes, oh yes indeedy! I have gone through many many copies of it, most of which were loaned out (well, enthusiastically pushed on people) and never returned (and I can't blame the recipients).

    I need to get a charm bracelet saying "WWFD?". :)

  2. Re:Where's the editor? on The Rush To Patent the Atomic Bomb · · Score: 4, Funny

    The tenants of the patent system are the patent trolls.

  3. Re:From the dark corners of the storage world... on A Fond Look at Some Obsolete Ports · · Score: 1

    ESDI, like SCSI, supported 7 devices per cable. Unfortunately, on PCs, ESDI controllers (starting with the WD1007) abused the cabling by using the silly address-line twist (originated on the WD1003) to avoid having users jumper individual drive addresses... and the controllers and drivers baked this in.

    Technically you used a separate data cable for each drive, but splitting the data cables out was pretty cheap. On our Xenix timeshared boxes at Ferranti we typically ran four ESDI drives per controller using a homebrew PCB to split the cabling.

    If WD hadn't pulled this trick, IDE (which was originally a hack that basically put a virtual WD100x controller on the drive and extended the PC/AT bus to the drive) would probably have allowed 7 drives per cable too.

  4. Homebrew nanotechnology in SF on Materials Science Toys on Display · · Score: 1

    Rebecca Ore used old (well, it would have been old by the time of the novel) homebrew and cheap nanotech like this as a key part of the plot of her recent SF novel Time's Child. I helped her google up some references for it... this article would have been the motherlode. :)

  5. Surely you're Joking, Mr Feynman? on The Rush To Patent the Atomic Bomb · · Score: 5, Funny

    The scientist quoted in the article, Philip Morrison, was still alive. So Wellerstein called him up. "He told me yes there was a patent, and he had to sign over his rights to it," Wellerstein says. "He was supposed to be paid a dollar, and they never paid him." Morrison died a few weeks after that call.
    I guess this closes the story in Feynman's autobiography about the dollar!

    About three months later, Smith calls me in the office and says,
    "Feynman, the submarine has already been taken. But the other three are
    yours." So when the guys at the airplane company in California are planning
    their laboratory, and try to find out who's an expert in rocket-propelled
    whatnots, there's nothing to it: They look at who's got the patent on it!
    Anyway, Smith told me to sign some papers for the three ideas I was giving
    to the government to patent. Now, it's some dopey legal thing, but when you
    give the patent to the government, the document you sign is not a legal
    document unless there's some exchange, so the paper I signed said, "For the
    sum of one dollar, I, Richard P. Feynman, give this idea to the
    government..."
              I sign the paper.
              "Where's my dollar?"
              "That's just a formality," he says. "We haven't got any funds set up to
    give a dollar."
              "You've got it all set up that I'm signing for the dollar," I say. "I
    want my dollar!"
              "This is silly," Smith protests.
              "No, it's not," I say. "It's a legal document. You made me sign it, and
    I'm an honest man. There's no fooling around about it."
              "All right, all right!" he says, exasperated. "I'll give you a dollar,
    from my pocket!"
              "OK."
              I take the dollar, and I realize what I'm going to do. I go down to the
    grocery store, and I buy a dollar's worth -- which was pretty good, then --
    of cookies and goodies, those chocolate goodies with marshmallow inside, a
    whole lot of stuff.
              I come back to the theoretical laboratory, and I give them out: "I got
    a prize, everybody! Have a cookie! I got a prize! A dollar for my patent! I
    got a dollar for my patent!"
              Everybody who had one of those patents -- a lot of people had been
    sending them in -- everybody comes down to Captain Smith: they want their
    dollar!
              He starts shelling them out of his pocket, but soon realizes that it's
    going to be a hemorrhage! He went crazy trying to set up a fund where he
    could get the dollars these guys were insisting on. I don't know how he
    settled up.
  6. The value of trust. on VeriSign Jacks Up .com, .net Prices To the Max · · Score: 1

    If you google for Verisign's slogan (the value of trust), what do you get?

    http://www.lindacaroll.com/value-of-trust.html

    That one comes up higher than Verisign's own page for me.

    http://www.circleid.com/posts/the_value_of_trust_in_2007/
    http://www.infinitumdesign.com/verisign.html

    My own experience with Verisign's domain business comes way down the list:

    http://www.scarydevil.com/~peter/io/vs/

    The value of trust? That and $1.99 gets you a Doubleshot.

  7. Re:There are many paths to the same flaws... on Firefox 4 Will Push Edges of Browser Definition · · Score: 1

    I'm coming at this from the point of view of a security guy.

    I think what I'm saying is MS and Mozilla are pursuing different goals

    What I'm saying is that they are following the same path.

    I'm not sure what XPI has to do with changing the usability and UI one comes to expect from a web-browser.

    The fact that they implemented XPI in such a way that it is inherently unsafe and depends on the security of many many internal security and validation checks is one of the indications that they are following the same path as Microsoft in their browser extensions. Since they will need to grant untrusted content more control over the user interface to satisfy their goals, this will increase the complexity of the problem that they are attempting to solve and that Microsoft has been attempting to solve.

  8. Re:This worked SO well for Microsoft! on Firefox 4 Will Push Edges of Browser Definition · · Score: 1

    Why in the world isn't Microsoft crying "FOUL!"?

    Because that would mean admitting they fucked up?

  9. There are many paths to the same flaws... on Firefox 4 Will Push Edges of Browser Definition · · Score: 1

    To all the people panicking about IE like OS integration, I think you're all over-reacting and missunderstanding. There's more than one way to join two things together.

    Just because two people take different paths to a goal, if both paths cross the same unsafe bridge they will both fail.

    Firefox has already blazed a trail over one of these unsafe bridges with XPI. Instead of having an inherently secure Javascript that has to have extra methods and classes added when it's being used as part of the user interface, they have implemented a path from the unsafe browser environment to the trusted desktop environment - one the XPI installer uses, in fact - and there have already been multiple security vulnerabilities caused by insufficient checks in the browser.

    So I have no faith in their ability to solve the problem that Microsoft has been trying to solve for the past 10 years. Let them make Firefox inherently secure, so that the security model fails closed, and then see what kind of integration they can implement in that context.

  10. Re:wreck the elevator on Space Elevators Face Wobble Problem · · Score: 1

    They went to the top and severed the connection to the counterweight. The rest of the thing toppled like a flimsy tree, wrapping itself 1/2 way around the earth.

    It was even more spectacular when Kim Stanley Robinson did it to Mars.

  11. This worked SO well for Microsoft! on Firefox 4 Will Push Edges of Browser Definition · · Score: 1

    "Mozilla Lab's push is to blur the edges of the browser, to make it both more tightly integrated with the computer it's running on, and also more hooked into Web services."

    So Mozilla 2008 == Internet Explorer 1997?

    NO, no, no, a thousand times no! BAD Mozilla. No biscuit!

  12. Trinity Test on Large Hadron Collider Sparks 'Doomsday' Lawsuit · · Score: 1

    This reminds me of the bets the folks at the Manhattan Project made about the results of the Trinity test.

  13. Not to mention... on Adobe Puts Free Photoshop Online · · Score: 1

    Why would a professional be worried about whether the GIMP or Photoshop Express is a better tool?

  14. The absolute minimum requirements... on Is There Room For a Secure Web Browser? · · Score: 1

    Get rid of auto-run, auto-install auto-anything applets.

    Here's my idea of what a secure browser needs, at a minimum:

    * No XPI, ActiveX, auto-install mechanism. At all. All plugins or other non-sandboxed components must be explicitly installed from outside the browser window.

    * No application that does not explicitly declare itself to be a plugin or a handler for a URI method will be called by the browser. Ever. If there is a desktop bindings mechanism already existing in the OS, this must NOT ne used unless it provides this capability.

    * The mechanism for passing URIs to handlers or embedded objects to plugins must not require quoting by the browser. For example, passing them as a UNIX argv, that would be allowed. Passing them as a quoted string to system() or ShellExecute()? No. Saving them as a file with a name completely determined by the browser, and passing that name to an application? Yes. Saving them as the name they had on the remote system, and passing them? No!

    * The browser will not automatically open, unpack, play, view, or otherwise pass on any downloaded file to another application. It will save them to a downloads folder, and if desired provide a download manager that the user can (at their leisure) use to decide what to do with them. At the very least the download manager must allow displaying the file in the local file manager, deleting the file, and calling up details on the file.

    Other security features (like writing the browser in a fully managed language) are also desirable, but this list should be an absolute minimum. At this point in time, there are no graphical browsers that I know of that fulfill these requirements.

  15. FIPS-151 on Possible Manipulation of OOXML Process In Poland · · Score: 3, Interesting

    Microsoft has a history of satisfying standards on paper in ways that are completely useless for anyone to actually use. Remember FIPS-151? It was supposed to make an easily implemented open operating system API (POSIX) a requirement for US federal government computing systems. Microsoft's implementation of POSIX allowed them to pass that checkmark, but it wasn't actually useful because they restricted POSIX-using applications. Even IBM's mainframe operating systems had more useful POSIX implementations than Microsoft.

    Bad implementations of standards prevent the adoption of real standards.

    Ironically this bit them later on, so they ended up buying a company (Softway Systems) that had extended the POSIX subsystem and removed the restrictions because they actually found they needed a working POSIX environment themselves. This totally bailed them out after they had twice failed to convert Hotmail from FreeBSD to Windows NT.

  16. Oh noes! Scary background processes! on iPhone's Development Limitations Could Hurt It In the Long Run · · Score: 1

    This isn't a laptop with a big battery, multi-gigabytes of RAM, and a 3GHz dual-core CPU.

    No, it's a handheld with a bigger battery than most, hundreds of times the CPU and thousands of times the RAM of the computers that UNIX was first implemented on. If a PDP-11 with 128 kilobytes of RAM and a CPU that clocked in at 1/8th of a VAX MIPS can handle running background processes, then the iPhone bloody well can pull it off.

    Every Laptop Apple's shipped in the past decade has been able to prevent power wastage by background processes when it's in "sleep" mode. Why shouldn't the iPhone be able to manage that? Even if it's not sleeping or hibernating in quite the same way, this isn't rocket science (and besides, they have rocket scientists working for them). Run applications in separate process groups and call kill(-ppid, SIGTSTP) for each running app when the GUI shuts off and it goes into sleep mode, then switch to kill(-ppid, SIGSTOP) when the battery gets low.

  17. [errata] on MacBook Air First To Be Compromised In Hacking Contest · · Score: 1

    The source that is untrusted is "this is a web page" not "this is a document on the local machine".

    Should read: "The source that is untrusted is "this is a web page" not "this is a document on a remote machine"."

    When that didn't work they at least stopped making 'Open "safe" documents after downloading' off by default.

    Should read: "When that didn't work they at least stopped making 'Open "safe" documents after downloading' on by default."

    Apologies, I should have used preview.

  18. They've had a problem since May 2004 on MacBook Air First To Be Compromised In Hacking Contest · · Score: 1

    I don't know what the hole was, but Safari has had a problem since it was launched. In LaunchServices.

    Apple followed Microsoft's insane design of using the same set of bindings for local and remote contents. Apple needs to either split LaunchServices in two, or allow applications registered with LaunchServices to specify on a PER APPLICATION basis (not a PER BINDING basis) whether they are prepared to handle untrusted content or not. If an application is not registered as a handler for untrusted content then Safari, Mail, and any other web application would NEVER use it as a handler for content from an untrusted source.

    Oh, and no web page or email message is a trusted source, no matter how the content is signed or where it comes from. The source that is untrusted is "this is a web page" not "this is a document on the local machine".

    Oh, and sorry, they have already started using the "allow or deny" crap. That was their first response to the problem. When that didn't work they at least stopped making 'Open "safe" documents after downloading' off by default. Not they have to take the logical next step.

    My earlier comments on this.

  19. Lies, damned lies, statistics, and red herrings... on Microsoft or Apple - Who Is the Faster Patcher? · · Score: 1

    What they found is that, contrary to popular belief that Apple makes more secure products, Apple lags behind in patching.

    The two statements "X makes secure products" and "X is ahead in patching" are not equivalent. There are whole classes of security problems in Windows that do not even exist in any UNIX-based OS, and there are classes of security problems in Microsoft's HTML control that have never existed in any other browser engine.

    Correspondingly, there have been problems in UNIX that have never existed in Windows, like port number and IP-address based security in the rcp/rexec/... suite. But most of these systems have been set aside, but we're still having to deal with 'security zone' exploits in Windows.

  20. The gay '90s? on Researchers Play Tune Recorded Before Edison · · Score: 1

    Too much absinthe, I think.

  21. Re:kill -9 on SCO's "Least Supported Idea Yet" · · Score: 1

    Thank heaven that there are no Basilisk processes.

    You mean like img class="31337" src=langford_fractal_basilisk.png>?

  22. A buffer overflow? In 2007? Seriously? on Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks · · Score: 2, Insightful

    Seriously, people give MS a bad rap these days, but any exploit you're going to see in their software these days usually takes advantage of complex system interactions or odd exception throwing.

    That's because Microsoft's "Active Content" security model, introduced in 1997, pretty much created the 'complex system interactions' vulnerability ecosystem. Before then the whole idea that an application that displayed untrusted content would provide a path for that content to execute code with full local user privileges was inconceivable. It was a joke, literally, the basis for the joke "Good Times" virus hoax was the idea that there would EVER be a way for an embedded virus to be launched automatically by email software.

    Microsoft has its own problems with buffer overflows, for example this recent one, but if they only had buffer overflow issues there wouldn't be the kind of virus problem there is now. Because when you fix a buffer overflow you're fixing a bug. When you fix a 'complex system interaction' problem, you can't usually fix the underlying cause because there's other legitimate software that depends on that cause... so all you can do is add new checks. Which means that variants of the original exploit, possibly using a different avenue of approach to the underlying vulnerability, still remain.

    So Microsoft is between a rock and a hard place. Every check they add has the possibility of breaking legitimate content. So instead of preventing the dangerous interaction, they pop up a dialog and ask the user if they really meant to do whatever caused the dangerous interaction to happen. Which pisses users off, and trains them to answer "yes" to "I'm about to do something stupid and dangerous" dialogs.

    When web comics about fuzzy animals are making fun of this problem, you know things are getting bad.

    CATS wants to execute 'setupbomb42.dll'. As a result you may have no chance to survive make your time. Allow (yes) (no)?

    And the really annoying thing is that Firefox (with XPI install through the browser) and Safari (with 'open "safe" files after downloading') have started to follow Microsoft's path of setting users up the bomb and then popping up a dialog asking if they want to detonate. Luckily Apple finally turned 'open "safe" files' off by default, but they've kept the 'set us up the bomb?' dialogs anyway.

  23. Why is this bad? on Safari 3.1 For Windows Violates Its Own EULA, Vulnerable To Hacks · · Score: 1

    The latest version of Safari for Windows makes a mockery of end user licensing agreements

    I am trying to figure out why this is a bad thing, and I'm coming up dry. Help me here.

  24. MS Office's weird files are permeating everything. on ODF Editor Says ODF Loses If OOXML Does · · Score: 1

    Here's the basic structure of just about any modern text markup language: you have large objects containing smaller objects, in a hierarchy. That hierarchy will be different for each format, but it will look something like this: "Chapters or sections contain paragraphs and lists and footnotes and sidebars and quotations. Lists contain entries, which contain paragraphs and lists and footnotes and sidebars and quotations. footnotes contain paragraphs and lists and... so on and so on... Paragraphs contain text. Text contains markup. Markup contains text." So you can have a paragraph containing text that contains an emphasised section that contains an underlined word, inside a list, and this paragraph can be moved to a footnote and the markup doesn't change, even though in a footnote running text is italic and emphasized text is roman.

    Word documents don't have this. Instead they have "Paragraphs contain text, and following paragraphs. Text can have attributes." It's flat, not a hierarchy. The hierarchy is reconstructed by the program when it reads the file. If you do something that breaks the hierarchy, like putting a non-numbered paragraph in a numbered list, it fakes it by adding a new list paragraph after the non-numbered paragraph with a new list start. If you pull that paragraph out and put it in a footnote, you may or may not get your emphasized text fixed, the list may or may not get re-merged.

    Generally when I want to produce documents that you can read in Word, I write it in HTML and give it a suffix of ".doc". That works.

    I recently started using Pages. Lo and behold, Pages has the same broken document design as Word. It was excruciating trying to maintain the document... I ended up saving it as RTF, then using TextEdit to convert that to HTML, then spent a day and a half replacing all the markup it had generated... because if you had bold text containing italic text you didn't end up with [bold]Some text that contains one [italic]italic[/italic] word[/bold]. You didn't even get [span class=s12]Some text that contains one [span class=s13]italic[/span] word[/span]. You got [span class=s12]Some text that contains one [/span][span class=s13]italic[/span][span class=s12] word[/span]. No nesting at all. It didn't even produce nested lists, it had [div class=this] chunks of text for each indent level in each list.

    It's SO much easier to edit the document in HTML than in these programs.

    Does ODF do the same thing, like some modern descendent of NROFF (no, that's not fair, NROFF and TROFF had some hierarchy)? Or is it an actual structured document format?

  25. 5, 4, 3, 2, 1... on ODF Editor Says ODF Loses If OOXML Does · · Score: 1

    5) OOXML does not define Microsoft document formats. It describes a framework, but there's thousands of details that can only be determined by reverse-engineering.

    4) OOXML does not define legacy Microsoft documents without reverse engineering.

    3) What does compatibility between ODF and OOXML buy us?

    2) Good, that would give Microsoft an incentive to support ODF.

    1) "If OOXML loses, then OOXML loses"? Recursive, no?

    0) mind running over those again?