Some of his points are valid, I think. They aren't sufficient reasons to stay away from FF and keep using IE, but I think he's doing the open source community a favor by writing a critique of Mozilla's potential security problems. Don't say "your problems are worse so we won't fix ours", try to address his concerns so he can't say "I told you so" when somebody does actually exploit a flaw FF has that IE doesn't.
Until now I would have said there could never be an obfusticated Python contest, but now I've been proven wrong... That's like a spicy hot banana cream pie bakeoff...
Let's see... Painfully clean-cut, Mormon, works for Microsoft... Thinks "watching me on Jeopardy! has made reading and learning seem just a little cooler"..
Actually my theory is that Bill Gates got tired of being the nerdiest guy around Redmond...
I wouldn't suggest shutting down the CPU fan no matter what. It can be very cold a few inches from the CPU and the heat sink too hot to touch... Without a fan your system will turn itself off within a minute or two (if you are lucky)
"I have the leisure to study without the distractions of having to support myself. I view prison as a sort of utopia with constraints." - Theodore Streleski
Streleski was a math student convicted in the early 80's of killing his PhD advisor with an axe, after spending some unreasonable number of years as a grad student.
I guess no more playing "Riemann Space 2001 : Invasion of the Monoids" for him.
If AIX's source code is anything like the user-visible parts of the OS, it shouldn't be released because viewing it would cause widespread insanity and tearing out of hair.
The funnest D&D games I have played were with no books, no dice, no nothing except sitting in a car on a long road trip... The DM just has to try and make the adventure fun and the players have to give up on all the stats...
I wonder if the authors have read Kim Stanley Robinson's "Red Mars" (and Green and Blue...) He obviously thought a lot about the science involved in colonization, and saving areas of Mars "in their pristine state" won't be easy, if he got much of his analysis right. Especially if any of these areas are on the equator (the falling space elevator episode)
I remember when the RTM worm first appeared (was that '86?) and several Berkeley students stayed up all night decompiling it (this was VAX code so it was a bit more manageable). They posted the source code the next morning with bug fixes, including the critical one that turned the worm from a slow-moving annoyance to a rampaging network-killer...
A way to manage licensed software, using nodelocked or floating licenses.
Products like FlexLM cost a lot of money. But you release a version of your product and then the next day somebody in Bulgaria is selling cracked copies for $50. I'm not saying that an OSS product could do better, because a clever hacker can work around any type of protections... But if you're getting a leaky boat at least you'd rather get it for free...
It may seem strange to produce a OSS license manager, designed only to help others make money off non-OSS products. That's probably why nobody's done it... Also once enough products use something like FlexLM, the customers' IT people get used to it and consolidate all their licenses on a single server, and if you give them something new and strange they don't like it.
With format strings you are still writing into executable memory (data and stack). I guess there are still vulnerabilities that don't require you to execute the overwritten data (modify a flag saying whether the user is allowed to do certain privileged operations?) but I bet these are much harder.
Anyway, the subject of this thread is software monoculture - isn't our current hardware monoculture (which makes buffer overrun attacks possible) equally dangerous?
Buffer overruns are a problem because you can put executable code on the stack or the heap. Most other CPU architectures have an execute bit for pages that let you make the text area read-only and executable and everything else read-write and non-executable. The I86 archetecture does not have this - if it did then this type of attacks would be impossible.
I guess the election commissions are bound to deliver this data if they can. But how long will it take? What good will it be to know that Bush actually lost if we don't find out until 2007? I guess it would help ensure 2008 is fairer (if Bush hasn't been proclaimed President for Life by then:-(
Go to www.halfbakery.com and post your ideas. If it's a bad idea the people there will tell you really soon. If it's good it will get positive votes and maybe somebody will notice and go implement it. But at least you will know that was *your* idea somebody else got rich off of:-)
Re:An Infinite selection of statistical data
on
Don't Read My Lips
·
· Score: 1
Let's see, we have 11 outcomes (elections) and a potentially unlimited set of random observations (e.g. who used more future tenses in debates). How many do we have to look at (on average) before we find one that matches, just by chance? 2^11 == 2048. Wanna bet they just kept looking until they found the one that matched?
That's what I thought when I bought an Atari 2600 a while ago. I played Combat, gunfight, that D&D game, and a few others a bit and realized that while they were great at the time, they are way too primitive to enjoy 25 years later...
Sure, not echoing * in the password prompt is more secure. But an attacker knowing that your password is N letters and not N-1 or N+1 is not an especially big advantage. Also you may not be sure that you actually typed a key so if you don't see the feedback then tyou (see! there I typed an extra character and if there is no echoing I would have had no clue) will find if unfriendly.
I don't see why it's so hard to have a switch that says, for the entire KDE desktop, apps, etc, "enable expert options" maybe with a few levels. A developer might want to cover both the typical case and the exceptional case, and if the specialized options are there if you need them and not there when you first start, that should solve the problem.
If you check out the "order" form they don't ask for credit cards, etc. So it's not that kind of scam. Probably not a spam-email-collecting list either because if you actually are motivated to fill out the form, you get spam anyway, right? So it's not a scam, just a joke.
I wish they included more details about how their "technology" works, though.
The real way to avoid these sorts of problems is to have a memory architecture that prevents writable pages from being executable, and vice versa. I read somewhere that the IA32 architecture makes this very hard - anybody know the details? Back in the old days we used to use separate instruction and data spaces (i.e. on the PDP-11)...
Slashdot Mirror
explorer.exe is windows explorer - that's the desktop
iexplore.exe is internet explorer. It's a completely different process. Killing it doesn't affect your desktop.
Some of his points are valid, I think. They aren't sufficient reasons to stay away from FF and keep using IE, but I think he's doing the open source community a favor by writing a critique of Mozilla's potential security problems. Don't say "your problems are worse so we won't fix ours", try to address his concerns so he can't say "I told you so" when somebody does actually exploit a flaw FF has that IE doesn't.
Until now I would have said there could never be an obfusticated Python contest, but now I've been proven wrong... That's like a spicy hot banana cream pie bakeoff...
And then the woman who beat him lost the next evening... I guess it's not impossible he just got tired of making $40K for an hour's work...
Let's see... Painfully clean-cut, Mormon, works for Microsoft... Thinks "watching me on Jeopardy! has made reading and learning seem just a little cooler"..
Actually my theory is that Bill Gates got tired of being the nerdiest guy around Redmond...
> What if they ported AIX to the PowerMac?
That's like buying a new Ferrari and replacing the seats with milk cartons and repainting it with spray paint.
I wouldn't suggest shutting down the CPU fan no matter what. It can be very cold a few inches from the CPU and the heat sink too hot to touch... Without a fan your system will turn itself off within a minute or two (if you are lucky)
That's the defense he gave ... We used to joke about the Theodore Streleski Foundation for the Humane Treatment of Grad Students ...
"I have the leisure to study without the distractions of having to support myself. I view prison as a sort of utopia with constraints." - Theodore Streleski
Streleski was a math student convicted in the early 80's of killing his PhD advisor with an axe, after spending some unreasonable number of years as a grad student.
I guess no more playing "Riemann Space 2001 : Invasion of the Monoids" for him.
If AIX's source code is anything like the user-visible parts of the OS, it shouldn't be released because viewing it would cause widespread insanity and tearing out of hair.
[naive suggestion that there must be more than meets the eye because even patent office employees have got to have at least one working brain cell]
The funnest D&D games I have played were with no books, no dice, no nothing except sitting in a car on a long road trip... The DM just has to try and make the adventure fun and the players have to give up on all the stats...
I wonder if the authors have read Kim Stanley Robinson's "Red Mars" (and Green and Blue...) He obviously thought a lot about the science involved in colonization, and saving areas of Mars "in their pristine state" won't be easy, if he got much of his analysis right. Especially if any of these areas are on the equator (the falling space elevator episode)
I remember when the RTM worm first appeared (was that '86?) and several Berkeley students stayed up all night decompiling it (this was VAX code so it was a bit more manageable). They posted the source code the next morning with bug fixes, including the critical one that turned the worm from a slow-moving annoyance to a rampaging network-killer...
A way to manage licensed software, using nodelocked or floating licenses.
... Also once enough products use something like FlexLM, the customers' IT people get used to it and consolidate all their licenses on a single server, and if you give them something new and strange they don't like it.
Products like FlexLM cost a lot of money. But you release a version of your product and then the next day somebody in Bulgaria is selling cracked copies for $50. I'm not saying that an OSS product could do better, because a clever hacker can work around any type of protections... But if you're getting a leaky boat at least you'd rather get it for free...
It may seem strange to produce a OSS license manager, designed only to help others make money off non-OSS products. That's probably why nobody's done it
With format strings you are still writing into executable memory (data and stack). I guess there are still vulnerabilities that don't require you to execute the overwritten data (modify a flag saying whether the user is allowed to do certain privileged operations?) but I bet these are much harder.
Anyway, the subject of this thread is software monoculture - isn't our current hardware monoculture (which makes buffer overrun attacks possible) equally dangerous?
Buffer overruns are a problem because you can put executable code on the stack or the heap. Most other CPU architectures have an execute bit for pages that let you make the text area read-only and executable and everything else read-write and non-executable. The I86 archetecture does not have this - if it did then this type of attacks would be impossible.
I guess the election commissions are bound to deliver this data if they can. But how long will it take? What good will it be to know that Bush actually lost if we don't find out until 2007? I guess it would help ensure 2008 is fairer (if Bush hasn't been proclaimed President for Life by then :-(
Go to www.halfbakery.com and post your ideas. If it's a bad idea the people there will tell you really soon. If it's good it will get positive votes and maybe somebody will notice and go implement it. But at least you will know that was *your* idea somebody else got rich off of :-)
Let's see, we have 11 outcomes (elections) and a potentially unlimited set of random observations (e.g. who used more future tenses in debates). How many do we have to look at (on average) before we find one that matches, just by chance? 2^11 == 2048. Wanna bet they just kept looking until they found the one that matched?
This is more like "Linux and Windows have a lot in common - wouldn't you like to hear about the Lisp Machine's OS"?
That's what I thought when I bought an Atari 2600 a while ago. I played Combat, gunfight, that D&D game, and a few others a bit and realized that while they were great at the time, they are way too primitive to enjoy 25 years later ...
Sure, not echoing * in the password prompt is more secure. But an attacker knowing that your password is N letters and not N-1 or N+1 is not an especially big advantage. Also you may not be sure that you actually typed a key so if you don't see the feedback then tyou (see! there I typed an extra character and if there is no echoing I would have had no clue) will find if unfriendly.
I don't see why it's so hard to have a switch that says, for the entire KDE desktop, apps, etc, "enable expert options" maybe with a few levels. A developer might want to cover both the typical case and the exceptional case, and if the specialized options are there if you need them and not there when you first start, that should solve the problem.
If you check out the "order" form they don't ask for credit cards, etc. So it's not that kind of scam. Probably not a spam-email-collecting list either because if you actually are motivated to fill out the form, you get spam anyway, right? So it's not a scam, just a joke.
I wish they included more details about how their "technology" works, though.
The real way to avoid these sorts of problems is to have a memory architecture that prevents writable pages from being executable, and vice versa. I read somewhere that the IA32 architecture makes this very hard - anybody know the details? Back in the old days we used to use separate instruction and data spaces (i.e. on the PDP-11) ...