as for reliability, most HD's are acceptable, but you can never fully rely on them to never fail, you must always have a backup system for important data.
You've obviously not been using Maxtors lately. I purchased 3 Maxtor 6E040L0 discs (DiamondMax +8 40Gb) last year, of which 2 failed within a week of each other last month and the third is showing signs of deterioration. They weren't even all from the same batch.
The discussion regarding posts of death was interesting, thanks for pointing me to that. Unfortunately I can't see anywhere better than here to leave a comment on it.
The person commenting seems to assume that everyone who is banned from moderating is also banned from metamoderating. This is clearly not the case, as I have a mod ban (for moderating an editor's offtopic post down) but not a metamod ban.
Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as gcc - would also have to its source code released. This was simply unacceptable.
Totally unacceptable. I see your point. You should fire your lawyers immediately and hire some that know what they're talking about.
"We don't need gun control. What we reallly need is bullet control. If a bullet costs $5,000, there'll be no innocent bystanders."... non-verbatim quote of a Chris Rock routine.
There's a flaw in the idea. I am relatively unskilled at metalworking and chemistry, however I'm pretty confident that I have the skill required with a little practice and inexpensive equipment to produce bullets that fire most of the time.
I'm pretty sure, however, that I couldn't produce a gun to fire them by myself.
If bullets cost $5000 there'd be a very big black market in home made bullets, that would just end up killing innocent people when they caused misfires, etc.
The majority of firearms on the streets are actually converted air-pistols and other weapons not originally sold to fire gunpowder propelled projectiles.
I've heard this reported in many places. Apparently, it is false. The majority of illegal firearms are actually genuine weapons that have had the firing pin removed and the barrel blocked so they can be used for ornamental purposes, which then have new firing pins attached to them (firing pins being perfectly legal to posess) and the block in the barrel drilled out.
Even if gun ownership was legal (and hell, it still is for shotguns and some other weapons)
Including repeating large calibre carbines, weapons much more dangerous than the.177 and.22 pistols that should have remained legal, IMO.
Consoles apps (not consoles themselves*) are not vulnerable
Note that console windows are _strange_. They don't seem to have been implemented using the standard Win32 APIs; if you try playing around with them they behave differently to other windows.
I can't remember the exact details, but I specifically think they do not react to SendMessage calls. They caused me a fair amount of hassle when I was writing a virtual desktop management program a while back.
I'm running an xterm. Definitely an X-based app. I happen to have a privileged shell running in it. Another malicious application is running on my DISPLAY (whether that is started by me, or over the network via X protocols). Can it send messages to the xterm to cause it to think that I typed "rm -rf/" in that window? Nevermind that finding it would be difficult - finding such a window on Windows would not necessarily be easy, either, IIRC.
No. X does provide a mechanism that allows you to send the events, but it also provides a mechanism that allows the receiving app to tell if the event was a real one or a synthetic one. xterm ignores all synthetic events. I've tried doing this myself, it just does nothing.
Finding the window is trivial, btw, on both Windows and X; you just need to know what its title is.
X on UNIX is like GDI on Windows. The issue is in Win32.USER, the window manager. Although X isn't vulerable, certain window managers could be; it depends on how messages are sent between windows.
X performs similar functions to both GDI32 and USER32. Specifically, it does perform the USER32 function of passing events to windows, and does include a mechanism that one client can use to generate events that will be sent to another client. This works regardless of the window manager in use.
However, when the destination client receives the event, it can easily distinguish between an event generated by the X server itself and one generated by another client. Many X programs, including xterm, ignore events generated by other clients, thus preventing similar holes from being exploitable.
I also believe that it isn't common practice to pass around pointers to code to be executed in event data structures in X, although my actual X programming experience is limited to a low level "hello world" program using Xlib and a solitaire implementation in QT, so I could easily be wrong.
All in all, I'd say any given X application is highly unlikely to be vulnerable to such a problem, but you may find one or two that are.
It's a problem with Win32 messaging if windows aren't secured properly. It's possible for a process to send windows messages (the ones inherited from Windows 1.0) to another process, regardless of what account the processes are running as. There are a few messages (WM_TIMER esp.) that, as a parameter, take an address for the owning thread to jump to.
I thought MS issued a hotfix for this a couple of years ago, around about the time XP SP1 was released, I thought.
You can also fill the contents of a text box with a message. Process A is a privilieged service running as SYSTEM. Process B is a malicious program running as a restricted user. A creates a window on the interactive desktop (a big no-no) with a textbox in it.
You're right that that _is_ a big no-no. MS's documentation has always told people not to do that. When installing services you have to specifically instruct the system to allow them to interact with the desktop; by default they do not have permission to do so. The API documentation states "Services running in an elevated security context, such as the LocalSystem account, should not create a window on the interactive desktop, because any other application that is running on the interactive desktop can interact with this window," and (IIRC) did so clearly even before this exploit was made public.
So why, when security flaws are caused by applications doing something that the Windows API documentation specifically instructs them not to do, is this considered a flaw in Windows?
Different benchmark, different results. As I said, "Of course, if you look at the different application domains, the figures vary wildly. The Sempron's better for some applications, the celeron for the other."
Obviously for the applications tested by the Toms Hardware benchmarks, the Sempron is better.
Also, results for comparing a 1.8GHz celeron to an 1800 sempron may vary from 1.6 to 1600, as there are many factors other than clock speed that affect performance. As far as I'm concerned, there are benchmarks going both ways which means the difference is too close to call and not worth arguing over.
This is all from memory. I spent quite a while researching this all about ten years ago in order to solve an argument about whether a solution to chess was possible or not.
The number is extremely high (I've lost my references to how high, but it was rather ridiculous) if you include the 'position repeated 3 times causes a draw' move, which means that positions where all the pieces are in the same place on the board can actually be one of many different positions, depending on how it was reached.
If you play without this rule, the history you need to keep is very limited (basically, whether each side has moved king or either rook, and which player is next to play), so the number of positions is substantially reduced.
As a good first estimate, there are about 65!/33! ways of placing the pieces on the board (including the option of not placing them on the board; the actual answer is slightly more complex than this, but this is close enough for a first estimate). Multiply by two to consider whose turn it is. This is about 10^67. The actual number of possible positions will be less than this.
I believe the number of positions of major pieces alone (discarding the pawn positions, which are harder to calculate the legality of) is in the order of 10^25. Some of these will be legal in one player's turn, but not the other, so including the turn in the information stored doesn't quite double the figure. There number of legal pawn positions is probably a few orders of magnitude smaller, but some of the piece positions are obviously not legal with some of the pawn positions, so we can't just multiply these figures together.
Given these restrictions, a top-of-the-head guess is about 10^40 different legal positions.
Having just googled for other sources, it seems I'm pretty close. Mathematical papers on the subject have given various values between 10^40 (Beeler et al) and 10^43 (Shannon), but with a few venturing as high as 10^120 (which probably includes relevant game history, not just position on board, by the sounds of it).
Not according to the benchmark I saw, which gave the sempron 2800+ a benchmark of 20.1, and the 2.66 GHz celeron 18.5. The 2600+ wasn't benchmarked, but we can estimate its performance at almost exactly the same, under the assumption that the numerical rating is proportional to benchmark speed (although note that this isn't true between the 3100 and the 2800).
Of course, if you look at the different application domains, the figures vary wildly. The Sempron's better for some applications, the celeron for the other. The article author was right to say Sempron's were better value if the prices he had indicated they would be cheaper, but they aren't, at least not in any of my local shops. For chips at comparable performance levels, the prices are almost identical or higher, except at the very bottom of the range where Sempron is a clear winner.
Sure, there are specialized companies that do this of course. Most are hosting providers and the like.
Actually, most of us advertise ourselves as IT consultants. Hosting providers tend only to sell packaged software, which isn't quite the right market.
But CNN doesn't make money by selling the code that runs CNN.com. The NY Times doesn't sell the code that runs their site. MSNBC.com doesn't sell their code either.
Actually, I'd say that CNN, NY Tmies and MSNBC are in the minority for owning the copyright of all the code that runs their sites. Probably something like 99% of corporate web sites are run using packaged software with perhaps a few customisations performed by the consultant that installed and configured them for the individual site.
The code behind these types of sites could be immensely useful to someone wanting to start their own fringe-hobby news site.
It would also be immensely useful to any of the above-mentioned company's competitors who happen to currently have a substandard web site and are looking to expand into the online sector, which is probably why they don't give it away for free.
Good christ man, some of us are trying to solve chess.
According to my calculations on this subject (which are admittedly a few years out of date) you're going to run out of memory quite quickly. I wouldn't worry about your CPU speed too much.
More recently, AMD released the Sempron, meant to replace the Duron as its budget-level processor. Consider Anandtech's conclusion from a Sempron vs. Celeron test they did last July:
"Sempron, at a glance, surpasses its goal to be a powerful budget processor. Cheaper than the current fastest Intel Celeron, both flavors of Sempron that we tested here outperform the competition in almost every test."
Maybe the prices they saw had the sempron cheaper, but at retail price I see just about no difference between a celeron 2.6 GHz and a sempron 2600+, which should be slightly slower. The Sempron 2800+ is substantially more expensive, and neither the Sempron 3100+ nor the Celeron 2.8GHz mentioned in the review is available yet.
Perhaps the situation has changed in the last 5 months?
Wires can be made really small, and still carry a current. Can we expect to fibre optic cables down to the same size?
I believe optical fibre is currently available with typical diameters of the order of 100 micrometers, which is a lot larger than the features on an IC, but is comparable to the size of tracks on a PCB.
All company websites' code should be Open Sourced under a free license IMO. After all, the company is not making revenue by selling that code, so what good is it to them?
My company makes plenty of money selling web sites driven by the same or similar code to multiple companies, thank you.
Note that the only libraries used by this program are general purpose networking libraries that weren't written with the intention of allowing P2P apps to be written using them. They provide standard functions similar to features available in most modern languages (e.g. Java's RMI, several competing implementations for Perl, etc.).
Your analogy would only be accurate if writing P2P apps was the primary intention behind these libraries, or at least one of the considerations that was born in mind when they were being designed, but all they are is simple, application-independent network abstraction layers.
For example, I don't like paying around $1 per blank dvd but that's about what I pay
You're paying a lot. I'm currently paying 24 pence per disc, which includes 17.5% tax. That's a bit less than half what you're paying.
Unfortunately, my supplier won't supply outside of Europe, so this isn't much help to you, but if you look around I'm sure you can find someone at a similar rate.
DVD-R is the preferred recordable DVD flavor for movies these days. It's cheaper than +R and more compatible with DVD players.
It is? My supplier gives the same price on both (24 pence per disc), and I've never noticed any difference in compatibility. Admittedly I've only tested on 3 standalone players.
as for reliability, most HD's are acceptable, but you can never fully rely on them to never fail, you must always have a backup system for important data.
You've obviously not been using Maxtors lately. I purchased 3 Maxtor 6E040L0 discs (DiamondMax +8 40Gb) last year, of which 2 failed within a week of each other last month and the third is showing signs of deterioration. They weren't even all from the same batch.
The discussion regarding posts of death was interesting, thanks for pointing me to that. Unfortunately I can't see anywhere better than here to leave a comment on it.
The person commenting seems to assume that everyone who is banned from moderating is also banned from metamoderating. This is clearly not the case, as I have a mod ban (for moderating an editor's offtopic post down) but not a metamod ban.
Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as gcc - would also have to its source code released. This was simply unacceptable.
Totally unacceptable. I see your point. You should fire your lawyers immediately and hire some that know what they're talking about.
"We don't need gun control. What we reallly need is bullet control. If a bullet costs $5,000, there'll be no innocent bystanders." ... non-verbatim quote of a Chris Rock routine.
There's a flaw in the idea. I am relatively unskilled at metalworking and chemistry, however I'm pretty confident that I have the skill required with a little practice and inexpensive equipment to produce bullets that fire most of the time.
I'm pretty sure, however, that I couldn't produce a gun to fire them by myself.
If bullets cost $5000 there'd be a very big black market in home made bullets, that would just end up killing innocent people when they caused misfires, etc.
The majority of firearms on the streets are actually converted air-pistols and other weapons not originally sold to fire gunpowder propelled projectiles.
.177 and .22 pistols that should have remained legal, IMO.
I've heard this reported in many places. Apparently, it is false. The majority of illegal firearms are actually genuine weapons that have had the firing pin removed and the barrel blocked so they can be used for ornamental purposes, which then have new firing pins attached to them (firing pins being perfectly legal to posess) and the block in the barrel drilled out.
Even if gun ownership was legal (and hell, it still is for shotguns and some other weapons)
Including repeating large calibre carbines, weapons much more dangerous than the
Download porn from kazaa lately?
.wmv files _years_ ago, because they frequently require a licence to play which is a PITA for offline viewing.
Many of us stopped downloading any
Consoles apps (not consoles themselves*) are not vulnerable
Note that console windows are _strange_. They don't seem to have been implemented using the standard Win32 APIs; if you try playing around with them they behave differently to other windows.
I can't remember the exact details, but I specifically think they do not react to SendMessage calls. They caused me a fair amount of hassle when I was writing a virtual desktop management program a while back.
I'm running an xterm. Definitely an X-based app. I happen to have a privileged shell running in it. Another malicious application is running on my DISPLAY (whether that is started by me, or over the network via X protocols). Can it send messages to the xterm to cause it to think that I typed "rm -rf /" in that window? Nevermind that finding it would be difficult - finding such a window on Windows would not necessarily be easy, either, IIRC.
No. X does provide a mechanism that allows you to send the events, but it also provides a mechanism that allows the receiving app to tell if the event was a real one or a synthetic one. xterm ignores all synthetic events. I've tried doing this myself, it just does nothing.
Finding the window is trivial, btw, on both Windows and X; you just need to know what its title is.
X on UNIX is like GDI on Windows. The issue is in Win32.USER, the window manager. Although X isn't vulerable, certain window managers could be; it depends on how messages are sent between windows.
X performs similar functions to both GDI32 and USER32. Specifically, it does perform the USER32 function of passing events to windows, and does include a mechanism that one client can use to generate events that will be sent to another client. This works regardless of the window manager in use.
However, when the destination client receives the event, it can easily distinguish between an event generated by the X server itself and one generated by another client. Many X programs, including xterm, ignore events generated by other clients, thus preventing similar holes from being exploitable.
I also believe that it isn't common practice to pass around pointers to code to be executed in event data structures in X, although my actual X programming experience is limited to a low level "hello world" program using Xlib and a solitaire implementation in QT, so I could easily be wrong.
All in all, I'd say any given X application is highly unlikely to be vulnerable to such a problem, but you may find one or two that are.
Shatter attack
It's a problem with Win32 messaging if windows aren't secured properly. It's possible for a process to send windows messages (the ones inherited from Windows 1.0) to another process, regardless of what account the processes are running as. There are a few messages (WM_TIMER esp.) that, as a parameter, take an address for the owning thread to jump to.
I thought MS issued a hotfix for this a couple of years ago, around about the time XP SP1 was released, I thought.
You can also fill the contents of a text box with a message.
Process A is a privilieged service running as SYSTEM. Process B is a malicious program running as a restricted user.
A creates a window on the interactive desktop (a big no-no) with a textbox in it.
You're right that that _is_ a big no-no. MS's documentation has always told people not to do that. When installing services you have to specifically instruct the system to allow them to interact with the desktop; by default they do not have permission to do so. The API documentation states "Services running in an elevated security context, such as the LocalSystem account, should not create a window on the interactive desktop, because any other application that is running on the interactive desktop can interact with this window," and (IIRC) did so clearly even before this exploit was made public.
So why, when security flaws are caused by applications doing something that the Windows API documentation specifically instructs them not to do, is this considered a flaw in Windows?
Different benchmark, different results. As I said, "Of course, if you look at the different application domains, the figures vary wildly. The Sempron's better for some applications, the celeron for the other."
Obviously for the applications tested by the Toms Hardware benchmarks, the Sempron is better.
Also, results for comparing a 1.8GHz celeron to an 1800 sempron may vary from 1.6 to 1600, as there are many factors other than clock speed that affect performance. As far as I'm concerned, there are benchmarks going both ways which means the difference is too close to call and not worth arguing over.
This is all from memory. I spent quite a while researching this all about ten years ago in order to solve an argument about whether a solution to chess was possible or not.
The number is extremely high (I've lost my references to how high, but it was rather ridiculous) if you include the 'position repeated 3 times causes a draw' move, which means that positions where all the pieces are in the same place on the board can actually be one of many different positions, depending on how it was reached.
If you play without this rule, the history you need to keep is very limited (basically, whether each side has moved king or either rook, and which player is next to play), so the number of positions is substantially reduced.
As a good first estimate, there are about 65!/33! ways of placing the pieces on the board (including the option of not placing them on the board; the actual answer is slightly more complex than this, but this is close enough for a first estimate). Multiply by two to consider whose turn it is. This is about 10^67. The actual number of possible positions will be less than this.
I believe the number of positions of major pieces alone (discarding the pawn positions, which are harder to calculate the legality of) is in the order of 10^25. Some of these will be legal in one player's turn, but not the other, so including the turn in the information stored doesn't quite double the figure. There number of legal pawn positions is probably a few orders of magnitude smaller, but some of the piece positions are obviously not legal with some of the pawn positions, so we can't just multiply these figures together.
Given these restrictions, a top-of-the-head guess is about 10^40 different legal positions.
Having just googled for other sources, it seems I'm pretty close. Mathematical papers on the subject have given various values between 10^40 (Beeler et al) and 10^43 (Shannon), but with a few venturing as high as 10^120 (which probably includes relevant game history, not just position on board, by the sounds of it).
Here's a reference.
Not according to the benchmark I saw, which gave the sempron 2800+ a benchmark of 20.1, and the 2.66 GHz celeron 18.5. The 2600+ wasn't benchmarked, but we can estimate its performance at almost exactly the same, under the assumption that the numerical rating is proportional to benchmark speed (although note that this isn't true between the 3100 and the 2800).
Of course, if you look at the different application domains, the figures vary wildly. The Sempron's better for some applications, the celeron for the other. The article author was right to say Sempron's were better value if the prices he had indicated they would be cheaper, but they aren't, at least not in any of my local shops. For chips at comparable performance levels, the prices are almost identical or higher, except at the very bottom of the range where Sempron is a clear winner.
Sure, there are specialized companies that do this of course. Most are hosting providers and the like.
Actually, most of us advertise ourselves as IT consultants. Hosting providers tend only to sell packaged software, which isn't quite the right market.
But CNN doesn't make money by selling the code that runs CNN.com. The NY Times doesn't sell the code that runs their site. MSNBC.com doesn't sell their code either.
Actually, I'd say that CNN, NY Tmies and MSNBC are in the minority for owning the copyright of all the code that runs their sites. Probably something like 99% of corporate web sites are run using packaged software with perhaps a few customisations performed by the consultant that installed and configured them for the individual site.
The code behind these types of sites could be immensely useful to someone wanting to start their own fringe-hobby news site.
It would also be immensely useful to any of the above-mentioned company's competitors who happen to currently have a substandard web site and are looking to expand into the online sector, which is probably why they don't give it away for free.
Seriously, why do people buy into Alvin's story? It's just a fantasized retelling of Joseph Smith's life.
Because most people don't even have the feintest clue who Joseph Smith was, let alone that the series is a fictionalised portrayal of his life.
Because, I've heard, it's well written and a good story.
Good christ man, some of us are trying to solve chess.
According to my calculations on this subject (which are admittedly a few years out of date) you're going to run out of memory quite quickly. I wouldn't worry about your CPU speed too much.
More recently, AMD released the Sempron, meant to replace the Duron as its budget-level processor. Consider Anandtech's conclusion from a Sempron vs. Celeron test they did last July:
"Sempron, at a glance, surpasses its goal to be a powerful budget processor. Cheaper than the current fastest Intel Celeron, both flavors of Sempron that we tested here outperform the competition in almost every test."
Maybe the prices they saw had the sempron cheaper, but at retail price I see just about no difference between a celeron 2.6 GHz and a sempron 2600+, which should be slightly slower. The Sempron 2800+ is substantially more expensive, and neither the Sempron 3100+ nor the Celeron 2.8GHz mentioned in the review is available yet.
Perhaps the situation has changed in the last 5 months?
Since the sharks will need chips inserted into their brains anyway (for remote control purposes) these chips could now utilize laser-on-chip tech.
But will they run Linux?
Wires can be made really small, and still carry a current. Can we expect to fibre optic cables down to the same size?
I believe optical fibre is currently available with typical diameters of the order of 100 micrometers, which is a lot larger than the features on an IC, but is comparable to the size of tracks on a PCB.
Since when did we get states in Canada? did I sleep through that meeting too?
No, no, you misunderstand. Canada doesn't have states, Canada is a state.
All company websites' code should be Open Sourced under a free license IMO. After all, the company is not making revenue by selling that code, so what good is it to them?
My company makes plenty of money selling web sites driven by the same or similar code to multiple companies, thank you.
Note that the only libraries used by this program are general purpose networking libraries that weren't written with the intention of allowing P2P apps to be written using them. They provide standard functions similar to features available in most modern languages (e.g. Java's RMI, several competing implementations for Perl, etc.).
Your analogy would only be accurate if writing P2P apps was the primary intention behind these libraries, or at least one of the considerations that was born in mind when they were being designed, but all they are is simple, application-independent network abstraction layers.
I'm aware of this. However, as most people want the popular files, this obviously means that for most people BitTorrent is a better solution.
For example, I don't like paying around $1 per blank dvd but that's about what I pay
You're paying a lot. I'm currently paying 24 pence per disc, which includes 17.5% tax. That's a bit less than half what you're paying.
Unfortunately, my supplier won't supply outside of Europe, so this isn't much help to you, but if you look around I'm sure you can find someone at a similar rate.
DVD-R is the preferred recordable DVD flavor for movies these days. It's cheaper than +R and more compatible with DVD players.
It is? My supplier gives the same price on both (24 pence per disc), and I've never noticed any difference in compatibility. Admittedly I've only tested on 3 standalone players.