I get 1.2 or so msec ping time, over a wireless connection, to my router (that's after going through a switch). Probably about 1 msec of that is actual response time of the router and the latency going through the switch. It goes up to about 3 msec when I ping my cable modem.
It is simply not possible for a NIC, any NIC, to decrease latency by more than 1.2 msec in my system, and probably not by more than about.2-.4 msec. Given that even a fairly close server gives me around 30msec ping times, with a standard deviation of, say, 6 msec, 1 msec is going to be lost in the noise. For the more typical 75 msec ping times, it's even less significant.
Re:This is why small claims court exists....
on
Verizon Can't Do Math
·
· Score: 4, Informative
I think I might have approached it like this: "Ok, so 1 kilobyte costs.002 cents, right? So how much is 2 kilobytes?.004 cents, ok? How much would 5 kilobytes be?.01 cents? Still wtih me? Ok, how about 50 kilobytes?.1 cents, right? And 500 kilobytes would be 1 cent, you still with me? If 500 kilobytes is 1 cent, how much is 1000 kilobytes? 2 cents? Ok, 1000 kilobytes costs 2 cents, how many of those did I use? About 36, right? So if each one is 2 cents, then that should be about 72 cents, right? So how come you're charging me almost 72 DOLLARS?" The point is to NEVER let them multiply anything by.002, always keep it in scale, always keep it in cents, scale it up until you're talking whole cents, then go from there.
Reminds me of talking to a person at the cable company regarding my Internet bill. I had a two-month introductory offer; the end of the offer was in the middle of a billing cycle, so it was pro-rated going in and out. They charged me full rate for the last portion, so I asked them to refund me the proper pro-rated amount.
The person I was talking to kept insisting on rounding after dividing the two rates by 30 days, then multiplying by the number of days, then finally subtracting to find the difference. When I complained that her figures were off, she insisted on then adding the rounded value 16 times or whatever (instead of multiplying). When I complained that the rate per day was off, she said "Sir, I am not going to argue with you over a half a cent". Complicating the whole issue was that they were charging the wrong taxes on parts of the bill. I complained to the cable commission, and boom, the next day I got a call from someone who actually knew something and the problem was resolved. I suggested they teach their reps how to properly pro-rate.
With 10,000 customers, at half a cent a day, that could be an extra $1500/month. I bet she'd think it was significant if that was coming out of her paycheck. It's like the person at the check-out complaining because you caught a 10 cent error - if it is so insignificant, then just pay it out of your own pocket, ok? And yes, when the error is in my favor, I still point it out.
I don't know what typical cell-phone batteries are rated for, but for example for two typical NiMH AA cells (2800 mAh each), the LEDs are probably using no more than about 3-6% of the total battery capacity per hour (depending on how many and what kind and how bright the LEDs are; 3% would be about 10 typical red LEDs, 15 mA @ 1.7V).
I have a feeling Sony isn't terribly concerned with how much people are making per hour standing in line to buy a PS3. I don't think that comparing "double retail" for a PS3 to "double retail" for XBox 360 is very useful. Look at the actual price it is going for, since people buying them also don't care how much the people trying to flip them are making! In other words, you say XBox 360 stayed above $800 (double retail) "well into January"; a valid comparison is to see how long PS3 stays above $800, as well.
XBox 360 took through February to sell 1 million units; now, you say that Sony only sold 200,000, based on (from the article you linked to):
public speculation from three respected sources, along with anecdotal evidence from numerous retail employees
but that's hardly definitive. It will be interesting to see what the actual shipping numbers of a unit priced 25-50% higher. Even if the 200,000 is correct, Sony would still have to fall short by another 200,000 off their plan to ship 600,000 more in order to fail to outsell XBox 360 at it's release (i.e. through Christmas). If Sony does actually ship 1 million units by Christmas, they'll have significantly outsold XBox 360, and that's with the higher price.
Something else to consider: EBay demand may be dropping faster than some expected simply because they actually did ship 400,000 and are shipping more. Note that 400,000 is more than XBox 360 sold at launch (through end of November). You're assuming both that Sony only shipped 200,000 AND they won't ship 200,000 more by the end of the month. All that because some stores got only 6 boxes instead of 8.
Re:Even in China they can't get cheap lasers?
on
Blu-ray Laser Gadget
·
· Score: 2, Interesting
If the best way to get a blue laser diode is from a player, why not pull it from an HD-DVD player instead, as they're selling for a lot cheaper and have the same blue laser in it, right?
24" iMac ($1,999) is 1920x1200; so is the 23" Apple display ($999) (and, of course, the 30" Apple display ($1,999) can do 2560x1600, where a 1920x1080 image is only taking up 50% of the screen). You're right, though, that most "widescreen" computer monitors go up to only 1680x1050. Then again, most "HD" TVs don't do a full 1920x1080, either, only the higher-end ones.
If "some" JPEG viewer ignores the clues that led to a program launcher to choose it as the viewer of a JPEG file and instead chooses to interpret it as a Java program, that's a bug in the JPEG viewer. Don't use that JPEG viewer. If a JPEG viewer doesn't validate a file format, gets a buffer overflow or has some other exploitable bug, that's a bug in the JPEG viewer. Don't use that JPEG viewer. You seem to think that this should all be done automatically. It can't. Simply looking at what a program is SUPPOSED to do is sufficient to eliminate a whole class of spoofing issues. Of COURSE there's always the possibility of exploitable bugs, regardless of how locked-down a system you have. Adobe Acrobat runs arbitrary code when you open a PDF? Either write a filter to detect when that can take place, be able to tell Acrobat to "be safe", or treat all PDFs as executables.
Given a specific release of a version of Mac OS X, looking at all the possible interpreters defined for different file types, and looking at the intended behaviors of those interpreters, yes, you can be clear if a file is an "executable" or not. It doesn't mean you're safe, but it does mean you won't accidentally run a shell script when you meant to open an image.
Word files, if you have Microsoft Word installed and macros enabled, are executables. Word should have the capability of having a flag passed to it saying "be safe". DMG files already have checking done on them, but it is insufficient. It does have the intent of providing a safe executable environment, however. HTML files SHOULD be safe; browsers certainly have the capability of blocking malicious behavior. There should be a way for the operating system to indicate to a browser if a file should or should not be trusted (or the browser should not grant any additional privileges to a script or java code or whatever simply because it came from the local machine).
A compressed file expander that runs an arbitrary general-purpose script when you open a file does make any such file an "executable". Such a file expander is a misfeature.
If I rename my.tcl file to.jpg and "run" it, it depends on how I run it. If I run it by saying "tclsh file.jpg", it runs just fine. That's because the program I'm running is "tclsh". If I run it by saying "./file.jpg", I get "Permission denied" because it isn't an executable. If I make it an executable, it runs if I included the magic #! lines. It is now either an sh or tclsh script, as far as the operating system is concerned, so it can treat it as being safe or unsafe on that basis (hint: unsafe). If I use "open file.jpg", Preview runs and says "Couldn't open the file. It may be corrupt or a file format that Preview doesn't recognize." If Preview had, instead, crashed or executed arbitrary code, that would be an exploitable bug in Preview.
When I say "text" file, I mean one that doesn't have any special handling done by the shell, and one that is handed to a generic text display program by a program launcher ("open" or double-click or whatever). Surely you don't think that opening a text file in "less" is dangerous, or that "Text Edit" can run Word macros...? Is there some hidden executable capability in.rtf files? A.tcl script is only a text file when I open it in vi or less or Text Edit; it is only a Tcl script when I open it with tclsh (however I got there). Absent some mechanism to send me to tclsh (or some other Tcl interpreter that will execute it) when I try to "view" it, a Tcl script is not an executable, is not dangerous, can not be a virus. Any mechanism that DOES run the file using tclsh DOES make it an executable, and such a mechanism needs a way to determine if the action is "safe" or not. At the shell level, it is assumed that I know what I'm doing, so if I say "./file.jpg" instead of "open file.jpg", that's my fault if it contains a script that wipes out my home directory.
You said 'Yup, that would be the definition of "computer virus".' in response to "So, this is a "virus" that is nothing more than something that programmatically attaches/appends itself to other files". That's what I was responding to. My little script does exactly that (well, once you remove the "echo" disabler).
Yes, Apple has left a lot of stuff open wide to group Admin, and that's a problem. However, they've locked it down a lot more than it was in earlier versions. As for getting root access as an Admin without entering a password, I don't know of any ways to do it, but I'm sure there are some bugs that exist. Certainly it isn't the intent that you be able to do that, other than sudo allowing you to run it for a while without re-authenticating. I certainly don't have my primary login set to be admin, there's no need for it.
"an executable" - something that, when you double-click it, runs the content in the file as a suitably general-purpose program. A "non-executable" - something that, when you double-click it, runs a program that, barring bugs, will NOT execute general-purpose program code.
OS X has various rules for determining what happens when you double-click on a file, or click on an attachment in e-mail. Given those rules, and given a list of "safe" and "not safe" interpreters, you can determine which are a problem and which are not. No halting problem. Not trying to analyze a JPEG viewer and determine if it has a bug in it that lets you execute arbitrary code. Simply a declaration that a JPEG viewing program does not intend to implement a general-purpose programming environment with sufficient capability to modify or otherwise affect the system or other processes, thus a JPEG file is not to be considered an "executable".
I store my Tcl scripts in a file called ".tcl", or one having the executable bit set and the first line of the file containing "#!/bin/sh" or "#!/usr/bin/tclsh"; either of which is sufficient to mark it as definitely unsafe, as would any other interpreter sufficiently general to launch tclsh to run the Tcl script. Something with an extension of.jpg, or with an HFS creator and type set appropriately, will execute Preview by default, and that is sufficient to mark it as "safe". Again, barring program bugs.
Tcl has a "safe" mode, as does Java; along with marking an interpreter program as being safe, unsafe, or unknown, a method of invoking an unsafe interpreter in safe-mode would also be desirable.
That was the point, that simply copying yourself to any and all files does not a virus make.
In earlier versions there were a LOT of files and directories that were writable by admin, including some scripts that were run by root processes. There are many fewer now. That the default Applications directory is still writable is indeed one of the security problems, however it isn't as bad as it used to be.
You don't need to invoke the halting problem to determine what is and isn't an executable. I'm talking intended capabilities, not exploitable bugs, for example a Perl or Python or Tcl script is, by intent, capable of self-replicating and spreading itself. You don't need to examine it to determine if it will, all you need to know is that it can. A text or JPEG file is not, barring bugs in the program displaying it.
#!/bin/sh for file in *; do echo "cat $0 >> $file" done
exit
Ooooh noooo, a virus! Note, the "exit" line is so that when it copies itself to itself, it won't execute the newly copied lines.
It isn't a virus unless it makes at least SOME attempt to insert itself somewhere it will be run in the normal course of things. For instance, in earlier versions of OS X, there were a lot of directories and files that were writable by group "admin", which anyone who is marked as an administrator is in (without any need for further authentication), including the application directory, and some of the files run as root at system startup. That could be used as an attack vector.
I suppose you could argue that an operating system should block ANY "generally executable" code from being written to any file without explicit user notification/validation. That would make my using chmod to turn the above code into an "executable" require validation, for example, and once it was executable I'd have authenticate every time I use vi to write the file.
OS X already does a pretty good job of detecting executable file types when you download something using Mail or Safari. What it's missing is a way for a general interpreter (e.g. Java, Python, Tcl, PERL) from marking that the files it interprets are powerful enough to be dangerous. Preferably, they should also offer a "safe" mode, to run a file/script in a sandbox, such as Tcl's "safe" mode. For instance, I think that right now, I can send a file with a.tcl extension to someone running OS X, and if they open it in Mail.app, they won't get a warning, but will execute the Tcl script right away. There should be a general method of marking a file extension/interpreter as being as unsafe as an executable binary.
Audiovox is the brand name. I bought two at Best Buy, open package discount, for $70 total. GPS is capability is fairly poor, takes a long time to lock in sometimes, no external GPS antenna capability, limited track memory, no way to upload or download tracks or waypoints. It does have a code that it sends when you transmit, but that is only used as a filter; there's no actual security on it. There are only about 15 codes (code 0 means don't filter, I think, just use normal squelch, don't transmit a code). Works pretty well in cutting out random chatter from other people, but you can't tell if you're stepping on someone on the same channel.
I have a couple two-way radios with a similar feature. It doesn't have any navigation facilities, so you have to figure out how to actually get there, but you press a button and it sends your current location to the other person, and it shows up on their map tagged with your name. It doesn't update the location, it only gets sent when you request it to be sent.
Didn't seem automated to me. You had to type in your name, flight, times, destination, etc, submit it, then print it. So you have to take a few extra steps with Photoshop, so what? At what point is it "automated"?
IF this was to be used by someone to actually subvert the supposed security of the TSA screening line, they already have access to a real boarding pass, and probably had the opportunity to print it out at home, in which case the number of steps to modify it (say, take off the SSSS at the bottom, or change the name from the fake one you purchased the ticket with that wouldn't trigger a security alert to one that matches an ID you have so it matches to get through TSA security) is about the same: print it out to a PDF, import it into Photoshop, obliterate the SSSS, overwrite the name, print it. Alternatively, save the HTML source, modify it, load it into the browser, and print it.
One thing that would somewhat improve the security of the printing a legitimate boarding pass at home would be to transmit it as an image, using a distinctive font and a patterned background, which would prevent casual modification. Even better would be to use one of those blobby dot-codes that UPS uses, signed by the airline to prevent alteration. Then it could be scanned in the line to verify a valid signature, verify name matches, and verify the date/time/flight.
Is there any reason to think that adult stem cells, or even fully differentiated cells, can't be made to become fully multipotent, without doing the whole donor-egg cloning thing? I mean, eventually, of course, not now. It seems to me that in the longer term, such capability will be more useful than being restricted to cloning an embryo to produce ES cells for use in therapy. Mind you, I have no objection to using ES cells, but they seem like sort of a kludge that we have to start with in order to develop the ability to manipulate any type of cell.
The Clinton administration several times tried to get funding going, both in 1995 (before Human Embryonic Stem Cells were developed) and later, just before the Bush administration took over and blocked it. The Clinton administration did decide that funding for research in which embryos were created solely for research purposes shouldn't receive federal funding, but that using left-over embryos from fertility treatments would be OK. One could argue that Bush allowing federal funding for the "established" cell lines was a pragmatic necessity, that if he had done any less he would have lost on the issue entirely.
Certainly, regardless of how it was done, it is difficult to justify a statement that research that has received significant federal funding is inherently more promising than research that has been blocked from receiving federal funding, simply on the basis that there has been more research done on the one being federally funded. Of COURSE there's been more research done if it has more funding!
I think, in the long term, "adult stem cells" will be more useful, simply because it will be possible to use the patient's own cells, eliminating any problems with tissue compatibility. I also think that using embryonic tissue is critical to understanding the development process so that differentiated cells, or adult stem cells, can be manipulated.
I have to wonder why they were using human stem cells in rats, instead of rat stem cells.
Not difficult at all. Look at the patent and decide if it is one that should have been granted or not. One might think it poetic justice to have Amazon be at the receiving end, but that doesn't change whether the patents in question are good ones. I'm no fan of Microsoft, but I didn't support the Eolas patent being used against them.
Why would they need to only use the GPLv2 version? Seems to me that anyone who has that much of a problem with GPLv3 is every bit as much of a "fanatic" as some claim RMS might be. If you don't like the goals of the GPL, then use BSD or something else. Claims that GPLv3 are going to split the software world are no different from the same claims regarding GPL and BSD or any other license.
I'm reminded of the joke: "Would you sleep with me for $100,000,000?" "Well, sure, I suppose so" "How about for $50?" "What do you take me for?" "We've already established that, now we're just haggling over the price"
It is, of course, possible to consider a situation where RMS would include a poison-pill clause that would sabotage the overall success of Linux for ideological purposes. It's also possible to consider a situation where RMS decides that Microsoft is the savior and insists that GNU software only be used on a Windows platform ("Ignore for the sake of argument that GNU hasn't suggested this clause for V3"). Doesn't mean either one is likely. What a strawman!
Y is not "now GPLv3", unless the license is changed to say "GPLv3 (or later)". Including a contribution that is offered with GPLv3 as the license may be a violation if the license terms aren't changed, but that's not your problem. If someone wants to maintain the library as "GPLv2 or later", then they have to simply make sure not to include anything with contrary licensing provisions.
So let's say they do decide to release the next version under GPLv3 instead. So just don't use that. Continue to use the previous release. Remember, if they own the copyright on everything in the library, they can change it to use any license at any time. If the new license is not compatible with your code, and you are unwilling or unable to change to be compatible, you're going to have to stop using new versions anyway.
There's nothing to prevent you, the end user, from installing the binaries you got from the secondary company. That in itself isn't a violation of the GPL.
Your other points are right on the money, though. There's no incentive for either A or B to operate in that manner, unless they are really the same entity, hiding behind corporate names (in which case you probably could successfully argue that they are violating the GPLv3). If A (the signer/software distributor) really is independent, then just go to A, ask them to release a generic loader program that is signed, and you've just "cracked" B's hardware. If A is writing software that is specifically designed to run on hardware B, which doesn't allow unsigned software to load, then A is probably violating the license; if not, if the software they are distributing just happens to run on B's hardware, but also runs unmodified on other hardware that doesn't have such restrictions, then no big deal.
Note that even B can't load their own software onto the machine; they have to get A to do any changes. There's no reason for them to do that.
I have no idea if they actually do detect it, but it isn't very difficult to pick up a signal from a CRT to detect the horizontal/vertical scan and the picture signal; you can correlate that with what is currently being broadcast to be able to show that someone is watching broadcast TV. Doesn't work if you're watching something you recorded off-the-air, though.
I remember an article a year or two ago about being able to reconstruct a TV image simply from the incidental light being reflected off the walls, similar technique. I can't locate the article, though.
No one had a "lifetime of using floppies", though. Floppies were an upgrade from using cassette tapes. Before that there was really only paper tape (card punch machines were too big, heavy and expensive).
My first computer had a 10MB hard drive, second had 20MB, third had 40MB, then 80MB at work. I got an external 170MB SCSI drive, then a 320MB SCSI drive (both cost about the same amount, 1 year apart). My next computer at work had a whopping 2GB, then another with 4GB. Next upgrade was an added 100GB drive. Current machine at home has 250GB plus 300GB. I think somewhere on that machine I have images of all the other machines as each was retired (each one nested within the next one up). I'm guessing I won't be upgrading again until 1TB drives are around $200-300.
Slashdot Mirror
Ummm, any excess oxygen released from cracking water gets used up when you use the hydrogen fuel to produce the original water you started with.
Where I think hydrogen will work, and will work well, will be with a process that directly cracks water using solar energy.
I get 1.2 or so msec ping time, over a wireless connection, to my router (that's after going through a switch). Probably about 1 msec of that is actual response time of the router and the latency going through the switch. It goes up to about 3 msec when I ping my cable modem.
It is simply not possible for a NIC, any NIC, to decrease latency by more than 1.2 msec in my system, and probably not by more than about .2-.4 msec. Given that even a fairly close server gives me around 30msec ping times, with a standard deviation of, say, 6 msec, 1 msec is going to be lost in the noise. For the more typical 75 msec ping times, it's even less significant.
I think I might have approached it like this: "Ok, so 1 kilobyte costs .002 cents, right? So how much is 2 kilobytes? .004 cents, ok? How much would 5 kilobytes be? .01 cents? Still wtih me? Ok, how about 50 kilobytes? .1 cents, right? And 500 kilobytes would be 1 cent, you still with me? If 500 kilobytes is 1 cent, how much is 1000 kilobytes? 2 cents? Ok, 1000 kilobytes costs 2 cents, how many of those did I use? About 36, right? So if each one is 2 cents, then that should be about 72 cents, right? So how come you're charging me almost 72 DOLLARS?" The point is to NEVER let them multiply anything by .002, always keep it in scale, always keep it in cents, scale it up until you're talking whole cents, then go from there.
Reminds me of talking to a person at the cable company regarding my Internet bill. I had a two-month introductory offer; the end of the offer was in the middle of a billing cycle, so it was pro-rated going in and out. They charged me full rate for the last portion, so I asked them to refund me the proper pro-rated amount.
The person I was talking to kept insisting on rounding after dividing the two rates by 30 days, then multiplying by the number of days, then finally subtracting to find the difference. When I complained that her figures were off, she insisted on then adding the rounded value 16 times or whatever (instead of multiplying). When I complained that the rate per day was off, she said "Sir, I am not going to argue with you over a half a cent". Complicating the whole issue was that they were charging the wrong taxes on parts of the bill. I complained to the cable commission, and boom, the next day I got a call from someone who actually knew something and the problem was resolved. I suggested they teach their reps how to properly pro-rate.
With 10,000 customers, at half a cent a day, that could be an extra $1500/month. I bet she'd think it was significant if that was coming out of her paycheck. It's like the person at the check-out complaining because you caught a 10 cent error - if it is so insignificant, then just pay it out of your own pocket, ok? And yes, when the error is in my favor, I still point it out.
I don't know what typical cell-phone batteries are rated for, but for example for two typical NiMH AA cells (2800 mAh each), the LEDs are probably using no more than about 3-6% of the total battery capacity per hour (depending on how many and what kind and how bright the LEDs are; 3% would be about 10 typical red LEDs, 15 mA @ 1.7V).
I have a feeling Sony isn't terribly concerned with how much people are making per hour standing in line to buy a PS3. I don't think that comparing "double retail" for a PS3 to "double retail" for XBox 360 is very useful. Look at the actual price it is going for, since people buying them also don't care how much the people trying to flip them are making! In other words, you say XBox 360 stayed above $800 (double retail) "well into January"; a valid comparison is to see how long PS3 stays above $800, as well.
XBox 360 took through February to sell 1 million units; now, you say that Sony only sold 200,000, based on (from the article you linked to):
but that's hardly definitive. It will be interesting to see what the actual shipping numbers of a unit priced 25-50% higher. Even if the 200,000 is correct, Sony would still have to fall short by another 200,000 off their plan to ship 600,000 more in order to fail to outsell XBox 360 at it's release (i.e. through Christmas). If Sony does actually ship 1 million units by Christmas, they'll have significantly outsold XBox 360, and that's with the higher price.Something else to consider: EBay demand may be dropping faster than some expected simply because they actually did ship 400,000 and are shipping more. Note that 400,000 is more than XBox 360 sold at launch (through end of November). You're assuming both that Sony only shipped 200,000 AND they won't ship 200,000 more by the end of the month. All that because some stores got only 6 boxes instead of 8.
If the best way to get a blue laser diode is from a player, why not pull it from an HD-DVD player instead, as they're selling for a lot cheaper and have the same blue laser in it, right?
24" iMac ($1,999) is 1920x1200; so is the 23" Apple display ($999) (and, of course, the 30" Apple display ($1,999) can do 2560x1600, where a 1920x1080 image is only taking up 50% of the screen). You're right, though, that most "widescreen" computer monitors go up to only 1680x1050. Then again, most "HD" TVs don't do a full 1920x1080, either, only the higher-end ones.
If "some" JPEG viewer ignores the clues that led to a program launcher to choose it as the viewer of a JPEG file and instead chooses to interpret it as a Java program, that's a bug in the JPEG viewer. Don't use that JPEG viewer. If a JPEG viewer doesn't validate a file format, gets a buffer overflow or has some other exploitable bug, that's a bug in the JPEG viewer. Don't use that JPEG viewer. You seem to think that this should all be done automatically. It can't. Simply looking at what a program is SUPPOSED to do is sufficient to eliminate a whole class of spoofing issues. Of COURSE there's always the possibility of exploitable bugs, regardless of how locked-down a system you have. Adobe Acrobat runs arbitrary code when you open a PDF? Either write a filter to detect when that can take place, be able to tell Acrobat to "be safe", or treat all PDFs as executables.
Given a specific release of a version of Mac OS X, looking at all the possible interpreters defined for different file types, and looking at the intended behaviors of those interpreters, yes, you can be clear if a file is an "executable" or not. It doesn't mean you're safe, but it does mean you won't accidentally run a shell script when you meant to open an image.
Word files, if you have Microsoft Word installed and macros enabled, are executables. Word should have the capability of having a flag passed to it saying "be safe". DMG files already have checking done on them, but it is insufficient. It does have the intent of providing a safe executable environment, however. HTML files SHOULD be safe; browsers certainly have the capability of blocking malicious behavior. There should be a way for the operating system to indicate to a browser if a file should or should not be trusted (or the browser should not grant any additional privileges to a script or java code or whatever simply because it came from the local machine).
A compressed file expander that runs an arbitrary general-purpose script when you open a file does make any such file an "executable". Such a file expander is a misfeature.
If I rename my .tcl file to .jpg and "run" it, it depends on how I run it. If I run it by saying "tclsh file.jpg", it runs just fine. That's because the program I'm running is "tclsh". If I run it by saying "./file.jpg", I get "Permission denied" because it isn't an executable. If I make it an executable, it runs if I included the magic #! lines. It is now either an sh or tclsh script, as far as the operating system is concerned, so it can treat it as being safe or unsafe on that basis (hint: unsafe). If I use "open file.jpg", Preview runs and says "Couldn't open the file. It may be corrupt or a file format that Preview doesn't recognize." If Preview had, instead, crashed or executed arbitrary code, that would be an exploitable bug in Preview.
When I say "text" file, I mean one that doesn't have any special handling done by the shell, and one that is handed to a generic text display program by a program launcher ("open" or double-click or whatever). Surely you don't think that opening a text file in "less" is dangerous, or that "Text Edit" can run Word macros...? Is there some hidden executable capability in .rtf files? A .tcl script is only a text file when I open it in vi or less or Text Edit; it is only a Tcl script when I open it with tclsh (however I got there). Absent some mechanism to send me to tclsh (or some other Tcl interpreter that will execute it) when I try to "view" it, a Tcl script is not an executable, is not dangerous, can not be a virus. Any mechanism that DOES run the file using tclsh DOES make it an executable, and such a mechanism needs a way to determine if the action is "safe" or not. At the shell level, it is assumed that I know what I'm doing, so if I say "./file.jpg" instead of "open file.jpg", that's my fault if it contains a script that wipes out my home directory.
The Installer mechanism you referenced
You said 'Yup, that would be the definition of "computer virus".' in response to "So, this is a "virus" that is nothing more than something that programmatically attaches/appends itself to other files". That's what I was responding to. My little script does exactly that (well, once you remove the "echo" disabler).
Yes, Apple has left a lot of stuff open wide to group Admin, and that's a problem. However, they've locked it down a lot more than it was in earlier versions. As for getting root access as an Admin without entering a password, I don't know of any ways to do it, but I'm sure there are some bugs that exist. Certainly it isn't the intent that you be able to do that, other than sudo allowing you to run it for a while without re-authenticating. I certainly don't have my primary login set to be admin, there's no need for it.
"an executable" - something that, when you double-click it, runs the content in the file as a suitably general-purpose program. A "non-executable" - something that, when you double-click it, runs a program that, barring bugs, will NOT execute general-purpose program code.
OS X has various rules for determining what happens when you double-click on a file, or click on an attachment in e-mail. Given those rules, and given a list of "safe" and "not safe" interpreters, you can determine which are a problem and which are not. No halting problem. Not trying to analyze a JPEG viewer and determine if it has a bug in it that lets you execute arbitrary code. Simply a declaration that a JPEG viewing program does not intend to implement a general-purpose programming environment with sufficient capability to modify or otherwise affect the system or other processes, thus a JPEG file is not to be considered an "executable".
I store my Tcl scripts in a file called ".tcl", or one having the executable bit set and the first line of the file containing "#!/bin/sh" or "#!/usr/bin/tclsh"; either of which is sufficient to mark it as definitely unsafe, as would any other interpreter sufficiently general to launch tclsh to run the Tcl script. Something with an extension of .jpg, or with an HFS creator and type set appropriately, will execute Preview by default, and that is sufficient to mark it as "safe". Again, barring program bugs.
Tcl has a "safe" mode, as does Java; along with marking an interpreter program as being safe, unsafe, or unknown, a method of invoking an unsafe interpreter in safe-mode would also be desirable.
That was the point, that simply copying yourself to any and all files does not a virus make.
In earlier versions there were a LOT of files and directories that were writable by admin, including some scripts that were run by root processes. There are many fewer now. That the default Applications directory is still writable is indeed one of the security problems, however it isn't as bad as it used to be.
You don't need to invoke the halting problem to determine what is and isn't an executable. I'm talking intended capabilities, not exploitable bugs, for example a Perl or Python or Tcl script is, by intent, capable of self-replicating and spreading itself. You don't need to examine it to determine if it will, all you need to know is that it can. A text or JPEG file is not, barring bugs in the program displaying it.
Ooooh noooo, a virus! Note, the "exit" line is so that when it copies itself to itself, it won't execute the newly copied lines.
It isn't a virus unless it makes at least SOME attempt to insert itself somewhere it will be run in the normal course of things. For instance, in earlier versions of OS X, there were a lot of directories and files that were writable by group "admin", which anyone who is marked as an administrator is in (without any need for further authentication), including the application directory, and some of the files run as root at system startup. That could be used as an attack vector.
I suppose you could argue that an operating system should block ANY "generally executable" code from being written to any file without explicit user notification/validation. That would make my using chmod to turn the above code into an "executable" require validation, for example, and once it was executable I'd have authenticate every time I use vi to write the file.
OS X already does a pretty good job of detecting executable file types when you download something using Mail or Safari. What it's missing is a way for a general interpreter (e.g. Java, Python, Tcl, PERL) from marking that the files it interprets are powerful enough to be dangerous. Preferably, they should also offer a "safe" mode, to run a file/script in a sandbox, such as Tcl's "safe" mode. For instance, I think that right now, I can send a file with a .tcl extension to someone running OS X, and if they open it in Mail.app, they won't get a warning, but will execute the Tcl script right away. There should be a general method of marking a file extension/interpreter as being as unsafe as an executable binary.
Audiovox is the brand name. I bought two at Best Buy, open package discount, for $70 total. GPS is capability is fairly poor, takes a long time to lock in sometimes, no external GPS antenna capability, limited track memory, no way to upload or download tracks or waypoints. It does have a code that it sends when you transmit, but that is only used as a filter; there's no actual security on it. There are only about 15 codes (code 0 means don't filter, I think, just use normal squelch, don't transmit a code). Works pretty well in cutting out random chatter from other people, but you can't tell if you're stepping on someone on the same channel.
I have a couple two-way radios with a similar feature. It doesn't have any navigation facilities, so you have to figure out how to actually get there, but you press a button and it sends your current location to the other person, and it shows up on their map tagged with your name. It doesn't update the location, it only gets sent when you request it to be sent.
Don't forget Johnny Mnemonic (well, unless you really want to), which came out in 1995.
Didn't seem automated to me. You had to type in your name, flight, times, destination, etc, submit it, then print it. So you have to take a few extra steps with Photoshop, so what? At what point is it "automated"?
IF this was to be used by someone to actually subvert the supposed security of the TSA screening line, they already have access to a real boarding pass, and probably had the opportunity to print it out at home, in which case the number of steps to modify it (say, take off the SSSS at the bottom, or change the name from the fake one you purchased the ticket with that wouldn't trigger a security alert to one that matches an ID you have so it matches to get through TSA security) is about the same: print it out to a PDF, import it into Photoshop, obliterate the SSSS, overwrite the name, print it. Alternatively, save the HTML source, modify it, load it into the browser, and print it.
One thing that would somewhat improve the security of the printing a legitimate boarding pass at home would be to transmit it as an image, using a distinctive font and a patterned background, which would prevent casual modification. Even better would be to use one of those blobby dot-codes that UPS uses, signed by the airline to prevent alteration. Then it could be scanned in the line to verify a valid signature, verify name matches, and verify the date/time/flight.
Is there any reason to think that adult stem cells, or even fully differentiated cells, can't be made to become fully multipotent, without doing the whole donor-egg cloning thing? I mean, eventually, of course, not now. It seems to me that in the longer term, such capability will be more useful than being restricted to cloning an embryo to produce ES cells for use in therapy. Mind you, I have no objection to using ES cells, but they seem like sort of a kludge that we have to start with in order to develop the ability to manipulate any type of cell.
You mean the ? I'd hesitate to blame that on Clinton, even though he did sign it into law (attached as a rider, in the usual ridiculous manner of the legislative process). Blame it on the Gingrich Congress.
The Clinton administration several times tried to get funding going, both in 1995 (before Human Embryonic Stem Cells were developed) and later, just before the Bush administration took over and blocked it. The Clinton administration did decide that funding for research in which embryos were created solely for research purposes shouldn't receive federal funding, but that using left-over embryos from fertility treatments would be OK. One could argue that Bush allowing federal funding for the "established" cell lines was a pragmatic necessity, that if he had done any less he would have lost on the issue entirely.
Certainly, regardless of how it was done, it is difficult to justify a statement that research that has received significant federal funding is inherently more promising than research that has been blocked from receiving federal funding, simply on the basis that there has been more research done on the one being federally funded. Of COURSE there's been more research done if it has more funding!
I think, in the long term, "adult stem cells" will be more useful, simply because it will be possible to use the patient's own cells, eliminating any problems with tissue compatibility. I also think that using embryonic tissue is critical to understanding the development process so that differentiated cells, or adult stem cells, can be manipulated.
I have to wonder why they were using human stem cells in rats, instead of rat stem cells.
Not difficult at all. Look at the patent and decide if it is one that should have been granted or not. One might think it poetic justice to have Amazon be at the receiving end, but that doesn't change whether the patents in question are good ones. I'm no fan of Microsoft, but I didn't support the Eolas patent being used against them.
Why would they need to only use the GPLv2 version? Seems to me that anyone who has that much of a problem with GPLv3 is every bit as much of a "fanatic" as some claim RMS might be. If you don't like the goals of the GPL, then use BSD or something else. Claims that GPLv3 are going to split the software world are no different from the same claims regarding GPL and BSD or any other license.
I'm reminded of the joke:
"Would you sleep with me for $100,000,000?"
"Well, sure, I suppose so"
"How about for $50?"
"What do you take me for?"
"We've already established that, now we're just haggling over the price"
It is, of course, possible to consider a situation where RMS would include a poison-pill clause that would sabotage the overall success of Linux for ideological purposes. It's also possible to consider a situation where RMS decides that Microsoft is the savior and insists that GNU software only be used on a Windows platform ("Ignore for the sake of argument that GNU hasn't suggested this clause for V3"). Doesn't mean either one is likely. What a strawman!
Y is not "now GPLv3", unless the license is changed to say "GPLv3 (or later)". Including a contribution that is offered with GPLv3 as the license may be a violation if the license terms aren't changed, but that's not your problem. If someone wants to maintain the library as "GPLv2 or later", then they have to simply make sure not to include anything with contrary licensing provisions.
So let's say they do decide to release the next version under GPLv3 instead. So just don't use that. Continue to use the previous release. Remember, if they own the copyright on everything in the library, they can change it to use any license at any time. If the new license is not compatible with your code, and you are unwilling or unable to change to be compatible, you're going to have to stop using new versions anyway.
There's nothing to prevent you, the end user, from installing the binaries you got from the secondary company. That in itself isn't a violation of the GPL.
Your other points are right on the money, though. There's no incentive for either A or B to operate in that manner, unless they are really the same entity, hiding behind corporate names (in which case you probably could successfully argue that they are violating the GPLv3). If A (the signer/software distributor) really is independent, then just go to A, ask them to release a generic loader program that is signed, and you've just "cracked" B's hardware. If A is writing software that is specifically designed to run on hardware B, which doesn't allow unsigned software to load, then A is probably violating the license; if not, if the software they are distributing just happens to run on B's hardware, but also runs unmodified on other hardware that doesn't have such restrictions, then no big deal.
Note that even B can't load their own software onto the machine; they have to get A to do any changes. There's no reason for them to do that.
I have no idea if they actually do detect it, but it isn't very difficult to pick up a signal from a CRT to detect the horizontal/vertical scan and the picture signal; you can correlate that with what is currently being broadcast to be able to show that someone is watching broadcast TV. Doesn't work if you're watching something you recorded off-the-air, though.
I remember an article a year or two ago about being able to reconstruct a TV image simply from the incidental light being reflected off the walls, similar technique. I can't locate the article, though.
No one had a "lifetime of using floppies", though. Floppies were an upgrade from using cassette tapes. Before that there was really only paper tape (card punch machines were too big, heavy and expensive).
My first computer had a 10MB hard drive, second had 20MB, third had 40MB, then 80MB at work. I got an external 170MB SCSI drive, then a 320MB SCSI drive (both cost about the same amount, 1 year apart). My next computer at work had a whopping 2GB, then another with 4GB. Next upgrade was an added 100GB drive. Current machine at home has 250GB plus 300GB. I think somewhere on that machine I have images of all the other machines as each was retired (each one nested within the next one up). I'm guessing I won't be upgrading again until 1TB drives are around $200-300.