Also because Microsoft's take on security is that once malware is installed it's Game Over. They've got a point. Your computer is the wrong turf on which to fight intruders unless you have a mandatory access control system.
I have to agree with this point. I've never understood the obsession with outbound port blocking -- it just doesn't make sense. If you've got malware on your system it could just as easily subvert one of your existing trusted processes to make its outbound connection as it could make the connection itself.
I have alg.exe running and taking ~3.5Mb on my WinXP Pro SP1 machine. It isn't new with SP2.
I also have wuauclt.exe, although it isn't running. It seems to be related to automatic updates, which is a core feature that has existed since Windows 2000.
Arithmetic coding is, I believe, an entire family of methods. IBM will only have a patent on one of them. I believe there are other people with patents on others. The concept of encoding in this general way itself is quite old, so cannot be patented (I've found one site that references a paper dated 1979 -- I believe that the last possible patent expiration for methods described in that paper would have occurred in 2003 (?)).
The license for that software contains a rather - err - interesting clause, where the user grants back to all other users a license to any patents the user owns. This is a rather insidious and sneaky tactic, and I wouldn't be surprised if a fair number of people decided not to use the software on the basis that it might weaken their IP portfolio.
The point is, that's what they can do now. The software's written in C++, so is almost certainly not optimised for MMX or any other advanced processor capability, which is likely to get a 1.5-2x increase in speed. They reckon they've had a 10x speedup already during development, and they specifically state that they haven't finished optimising it yet. I would expect this requirement to drop to 1GHz or lower before they're done.
Moderators: the parent article was almost certainly intended to be a joke. If you don't know who Paxman is, or know anything about his (highly original and amusing) interview style, please do not attempt to moderate it. Thank you.
application. Now assuming that MPEG-2 is DVD quality then the bitrates tend to be quite high, around 8000kbps. Divx gives reasonable quality at only around 1500kbps.
The difference between MPEG2 and DivX (i.e. MPEG4) isn't that big. In fact, I regularly recompress ~1Mbps MPEG4 into ~1.5Mbps MPEG2 with no noticeable loss of quality. The 8000kbps (or whatever the figure is, I forget now) of DVDs also has to include all of the alternative angles and multiple soundtracks, I believe. I think most DVD video is at about 4-6000kbps.
While I agree with your problems, I don't think "drown them in yet more red tape" is a viable solution.
Honestly, the biggest one to crack is the "got to spend the entire budget" attitude. And there's a simple way of achieving it:
1. Budget allocation meetings are not allowed to take usage of last years budget into consideration. In fact, they won't even be told how much of the previous year's budget has been used.
2. Departments are allowed to keep the procedes of any underspend for 1 year. If they haven't spent it by that time, it goes back to central funds.
This will encourage departments to be frugal with their spending, as everyone knows it is useful to have a bit of money left over in case of emergencies.
According to the author, there's no way to succeed if you choose to build on NT.
That's not what he said.
It's exactly what he said. I'll quote the relevant portion:
But the next time I talked to him, he said they'd decided to build their software on Windows NT, and had just hired a very experienced NT developer to be their chief technical officer. When I heard this, I thought, these guys are doomed.
Based entirely on the fact that they've chosen to use NT, he's decided they have no chance of success. The reasoning process that leads him to this might have involved his definition of a first rate hacker, but that's not involved in this statement, which is what the OP was responding to.
I would be much happier with java if it had a few things--first off, a dynamic typing construct a la 'id' in objective C. 'object' just isn't powerful enough.
I'm afraid I don't know objective C. Could you elucidate on what this provides that Java lacks?
Secondly, callables a la python. This includes class methods and statics (not merely function pointers like C).
This can be achieved using the java.lang.reflect.Method class. It's ugly, but workable, and a number of my software projects have used it.
The fact that you have to jump through hoops to attach an event handler using a callback model (a la Swing) is inexcusable.
This is an API issue, rather than a language issue. Swing and AWT aren't the only GUI toolkits that are usable with Java, and you are free to write your own, as I have done. I don't have to jump through any hoops to handle events.
Are anonymous classes really a solution? How about in an application with hundreds of event handlers?
Anonymous classes work for me. They're managable because you put them in the code where you want them. I've never written an application with hundreds of them, though.
A programming language should enable the use of different techniques, not restrict them.
Agreed, and I for one would like to see a nicer syntax provided for reflected methods -- at the moment to get one you have to write 'object.getClass().getMethod("methodName",new Class[]{ ParameterType.class })' and handle the exceptions that can be thrown, where the compiler can easily determine that there are no possible exceptions and provide a much simpler way of doing the same thing. This would make the use of this kind of technique much easier.
Additionally, the overhead of object allocation in Java is awful. Simple objects whose only attributes are primitive types should be stack allocated under a certain size.
Stack allocated objects are hard to manage -- the compiler would have to perform checks to ensure that no reference to the object can exist outside of the scope of the function call before allocating it on the stack. An interesting point is that there is nothing stopping VM implementors from doing this anyway, it wouldn't violate the specification. The difficulty of making it work correctly is the only issue.
My experience with Java was quite the opposite - every Java book I read always had mysterious claims about threads, JVM, synchronization, garbage collection that seemed like some sort of "insider knowledge" and I was expected to just believe it
Its actually very simple. Another poster has given you a reference to the VM spec, which explais everything in detail, but this is the summary:
- Threads are objects that have a method called 'void run()'. When you call their 'start()' method, the run() method is executed in parallel.
- All Java objects have a monitor and an event object associated with them (they should be allocated on demand, but the details of how this happens is up to the individual virtual machine). There are virtual machine instructions, 'monitorenter' and 'monitorexit' which lock and unlock the monitor. Only one thread is allowed to lock it at a time. When you have a lock on the monitor, you are allowed to call the methods 'wait()' (which releases the monitor, waits for the event object to be signalled and then locks the monitor again), 'notify()' (which signals the event object) and 'notifyAll()' (which signals the event object once for each thread that is currently blocked in 'wait()'). Using these capabilities, most advanced synchronisation systems can be built up.
- Objects are allocated by a garbage collector. The precise mechanism it uses isn't defined, but most VMs use a traditional 'conservative' garbage collector, which scans each thread's registers, the stack and heap for anything that looks like a pointer and counts the references to each object. The collector may be invoked at virtually any time. In some implementations it may stop all threads while it is running -- this is why Java is unsuitable for real time applications. Objects have a method 'finalize()', which is executed in another thread after the collector has determined there are no more references to the object and before its memory is released.
On the other hand, hackers can VNC in and watch what you do without you knowing they're connected.
Last time I ran a VNC server on a windows desktop machine it used enough CPU time whenever anyone was connected for me to be aware it was happening. Unless this problem has been fixed, I wouldn't worry about not realizing it has happened.
I'm not sure I agree. While it might not be very _good_ steganography, it is still steganography -- it is an attempt to hide a message somewhere where it won't be discovered.
Re:original KaZaA had spyware, right?
on
P2P vs. The Clones
·
· Score: 1
Shareaza (linked in the article text) has a system that goes some way towards this. There are also various web sites that provide sha1 (for gnutella) / md4 (for edonkey network) hashes for files that have been verified by them. This can't be done for kazaa because kazaa doesn't have a useful hashing mechanism that can be used before you've finished downloading the file -- at which point you might as well just examine it to see what you've got!:)
Re:original KaZaA had spyware, right?
on
P2P vs. The Clones
·
· Score: 1
Although, good luck finding a legitimate download. 98% of the files on Kazaa are fakes, planted by the RIAA to dissuade you from downloading music.
I'd like to add a warning to this. DO NOT DOWNLOAD EXECUTABLE FILES FROM KAZAA. The Kazaa network does not perform a secure hash verification of the file you download, therefore it is impossible to trust that the file you end up with is the same as the one you started download. Somebody could have injected malware into it without you noticing.
4) get a load of old PC hardware (everything up from pentium goes, all you need is a non s3-grahic card and one spare pci-bus)
5) rid the PCs with all moving parts (leave the fans though...)
I've found you can run anything up to a pentium 200MMX without a fan, if you have a large enough heatsink. And as the CPU cooling fan is _always_ the first component to fail in every computer I've ever put together, this is an important consideration.
That's the first time I've ever seen a moderation request mod'd as funny.
Things have been going to hell in the 3 months since I last had any mod points, and I'm starting to wonder: why haven't I had any mod points for 3 months? My Karma's 'Excellent', and has been all along. I meta moderate regularly. When I moderate, I do so conscientiously. I used to get mod points about every 2-3 weeks. What is going on?
So you see, what you learned in school may actually be useful!
But only if you're programming in an obscure and very rarely used environment, such as using stack based assembly language (e.g. x86 floating point, although not integer) or forth.
Out of interest, exactly why do you program stack computers, when there are many well designed automated processes that can convert from a more natural and understandable infix notation to a stack based one with a very high degree of efficiency (I like to call them 'compilers')?
Also because Microsoft's take on security is that once malware is installed it's Game Over. They've got a point. Your computer is the wrong turf on which to fight intruders unless you have a mandatory access control system.
I have to agree with this point. I've never understood the obsession with outbound port blocking -- it just doesn't make sense. If you've got malware on your system it could just as easily subvert one of your existing trusted processes to make its outbound connection as it could make the connection itself.
I have alg.exe running and taking ~3.5Mb on my WinXP Pro SP1 machine. It isn't new with SP2.
I also have wuauclt.exe, although it isn't running. It seems to be related to automatic updates, which is a core feature that has existed since Windows 2000.
Look at the movie Gattica
I think you mean Gattaca. I wonder how many people think that's just a weird title that has nothing to do with the story...?
You didn't read the article did you.
No I'm not new here.
No. Both are MPEG4 implementations, and MPEG4 is a patent-encumbered format.
Arithmetic coding is, I believe, an entire family of methods. IBM will only have a patent on one of them. I believe there are other people with patents on others. The concept of encoding in this general way itself is quite old, so cannot be patented (I've found one site that references a paper dated 1979 -- I believe that the last possible patent expiration for methods described in that paper would have occurred in 2003 (?)).
The license for that software contains a rather - err - interesting clause, where the user grants back to all other users a license to any patents the user owns. This is a rather insidious and sneaky tactic, and I wouldn't be surprised if a fair number of people decided not to use the software on the basis that it might weaken their IP portfolio.
The point is, that's what they can do now. The software's written in C++, so is almost certainly not optimised for MMX or any other advanced processor capability, which is likely to get a 1.5-2x increase in speed. They reckon they've had a 10x speedup already during development, and they specifically state that they haven't finished optimising it yet. I would expect this requirement to drop to 1GHz or lower before they're done.
Moderators: the parent article was almost certainly intended to be a joke. If you don't know who Paxman is, or know anything about his (highly original and amusing) interview style, please do not attempt to moderate it. Thank you.
application. Now assuming that MPEG-2 is DVD quality then the bitrates tend to be quite high, around 8000kbps. Divx gives reasonable quality at only around 1500kbps.
The difference between MPEG2 and DivX (i.e. MPEG4) isn't that big. In fact, I regularly recompress ~1Mbps MPEG4 into ~1.5Mbps MPEG2 with no noticeable loss of quality. The 8000kbps (or whatever the figure is, I forget now) of DVDs also has to include all of the alternative angles and multiple soundtracks, I believe. I think most DVD video is at about 4-6000kbps.
While I agree with your problems, I don't think "drown them in yet more red tape" is a viable solution.
Honestly, the biggest one to crack is the "got to spend the entire budget" attitude. And there's a simple way of achieving it:
1. Budget allocation meetings are not allowed to take usage of last years budget into consideration. In fact, they won't even be told how much of the previous year's budget has been used.
2. Departments are allowed to keep the procedes of any underspend for 1 year. If they haven't spent it by that time, it goes back to central funds.
This will encourage departments to be frugal with their spending, as everyone knows it is useful to have a bit of money left over in case of emergencies.
According to the author, there's no way to succeed if you choose to build on NT.
That's not what he said.
It's exactly what he said. I'll quote the relevant portion:
But the next time I talked to him, he said they'd decided to build their software on Windows NT, and had just hired a very experienced NT developer to be their chief technical officer. When I heard this, I thought, these guys are doomed.
Based entirely on the fact that they've chosen to use NT, he's decided they have no chance of success. The reasoning process that leads him to this might have involved his definition of a first rate hacker, but that's not involved in this statement, which is what the OP was responding to.
I would be much happier with java if it had a few things--first off, a dynamic typing construct a la 'id' in objective C. 'object' just isn't powerful enough.
I'm afraid I don't know objective C. Could you elucidate on what this provides that Java lacks?
Secondly, callables a la python. This includes class methods and statics (not merely function pointers like C).
This can be achieved using the java.lang.reflect.Method class. It's ugly, but workable, and a number of my software projects have used it.
The fact that you have to jump through hoops to attach an event handler using a callback model (a la Swing) is inexcusable.
This is an API issue, rather than a language issue. Swing and AWT aren't the only GUI toolkits that are usable with Java, and you are free to write your own, as I have done. I don't have to jump through any hoops to handle events.
Are anonymous classes really a solution? How about in an application with hundreds of event handlers?
Anonymous classes work for me. They're managable because you put them in the code where you want them. I've never written an application with hundreds of them, though.
A programming language should enable the use of different techniques, not restrict them.
Agreed, and I for one would like to see a nicer syntax provided for reflected methods -- at the moment to get one you have to write 'object.getClass().getMethod("methodName",new Class[]{ ParameterType.class })' and handle the exceptions that can be thrown, where the compiler can easily determine that there are no possible exceptions and provide a much simpler way of doing the same thing. This would make the use of this kind of technique much easier.
Additionally, the overhead of object allocation in Java is awful. Simple objects whose only attributes are primitive types should be stack allocated under a certain size.
Stack allocated objects are hard to manage -- the compiler would have to perform checks to ensure that no reference to the object can exist outside of the scope of the function call before allocating it on the stack. An interesting point is that there is nothing stopping VM implementors from doing this anyway, it wouldn't violate the specification. The difficulty of making it work correctly is the only issue.
My experience with Java was quite the opposite - every Java book I read always had mysterious claims about threads, JVM, synchronization, garbage collection that seemed like some sort of "insider knowledge" and I was expected to just believe it
Its actually very simple. Another poster has given you a reference to the VM spec, which explais everything in detail, but this is the summary:
- Threads are objects that have a method called 'void run()'. When you call their 'start()' method, the run() method is executed in parallel.
- All Java objects have a monitor and an event object associated with them (they should be allocated on demand, but the details of how this happens is up to the individual virtual machine). There are virtual machine instructions, 'monitorenter' and 'monitorexit' which lock and unlock the monitor. Only one thread is allowed to lock it at a time. When you have a lock on the monitor, you are allowed to call the methods 'wait()' (which releases the monitor, waits for the event object to be signalled and then locks the monitor again), 'notify()' (which signals the event object) and 'notifyAll()' (which signals the event object once for each thread that is currently blocked in 'wait()'). Using these capabilities, most advanced synchronisation systems can be built up.
- Objects are allocated by a garbage collector. The precise mechanism it uses isn't defined, but most VMs use a traditional 'conservative' garbage collector, which scans each thread's registers, the stack and heap for anything that looks like a pointer and counts the references to each object. The collector may be invoked at virtually any time. In some implementations it may stop all threads while it is running -- this is why Java is unsuitable for real time applications. Objects have a method 'finalize()', which is executed in another thread after the collector has determined there are no more references to the object and before its memory is released.
On the other hand, hackers can VNC in and watch what you do without you knowing they're connected.
Last time I ran a VNC server on a windows desktop machine it used enough CPU time whenever anyone was connected for me to be aware it was happening. Unless this problem has been fixed, I wouldn't worry about not realizing it has happened.
I'm not sure I agree. While it might not be very _good_ steganography, it is still steganography -- it is an attempt to hide a message somewhere where it won't be discovered.
Shareaza (linked in the article text) has a system that goes some way towards this. There are also various web sites that provide sha1 (for gnutella) / md4 (for edonkey network) hashes for files that have been verified by them. This can't be done for kazaa because kazaa doesn't have a useful hashing mechanism that can be used before you've finished downloading the file -- at which point you might as well just examine it to see what you've got! :)
Although, good luck finding a legitimate download. 98% of the files on Kazaa are fakes, planted by the RIAA to dissuade you from downloading music.
I'd like to add a warning to this. DO NOT DOWNLOAD EXECUTABLE FILES FROM KAZAA . The Kazaa network does not perform a secure hash verification of the file you download, therefore it is impossible to trust that the file you end up with is the same as the one you started download. Somebody could have injected malware into it without you noticing.
Err, downloading the LimeWire source is trivially easy. From the front page of limewire.org:
# Use CVS, with:
cvs -d:pserver:guest@cvs.limewire.org:/cvs login
cvs -d:pserver:guest@cvs.limewire.org:/cvs checkout core gui lib tests.
DNS Domain 'www.outofmyass.com' is invalid: Host not found (authoritative).
Damnit!
4) get a load of old PC hardware (everything up from pentium goes, all you need is a non s3-grahic card and one spare pci-bus)
5) rid the PCs with all moving parts (leave the fans though...)
I've found you can run anything up to a pentium 200MMX without a fan, if you have a large enough heatsink. And as the CPU cooling fan is _always_ the first component to fail in every computer I've ever put together, this is an important consideration.
Convection/Conduction are certainly at issue when there isn't sun (say, Seattle [...])
Ah! So when I'm told to "stick it where the sun don't shine", they're talking about Seattle, right?
That's the first time I've ever seen a moderation request mod'd as funny.
Things have been going to hell in the 3 months since I last had any mod points, and I'm starting to wonder: why haven't I had any mod points for 3 months? My Karma's 'Excellent', and has been all along. I meta moderate regularly. When I moderate, I do so conscientiously. I used to get mod points about every 2-3 weeks. What is going on?
LOL. This was the last comment in the thread :)
So you see, what you learned in school may actually be useful!
But only if you're programming in an obscure and very rarely used environment, such as using stack based assembly language (e.g. x86 floating point, although not integer) or forth.
Out of interest, exactly why do you program stack computers, when there are many well designed automated processes that can convert from a more natural and understandable infix notation to a stack based one with a very high degree of efficiency (I like to call them 'compilers')?