Point taken. And none of the shells that I'm familiar with do anything silly like that either -- if the file isn't marked executable, they won't execute it or attempt to figure out how to.
Office documents can have executable macros. Microsoft makes this mistake this a lot.
Yes, but they're generally sandboxed to some degree or another. Well, at least they are nowadays. And there are very legitimate reasons for macros in office documents (although not so much for ones that auto-execute on open). This isn't sandboxed, and it's absurdly dangerous because of it. Defenders could claim that WMF was invented before the widespread use of networking (which is questionable), but even back then trojans and virii were common place. I'm utterly amazed that it took someone so long to find out this vulnerability.
As I said in my first post, it's utterly unacceptable that MS hasn't released a patch that simply disables the functionality in question. Even if it breaks some things. Equally unacceptable is their decision to make this part of the monthly patch cycle instead of releasing it immediately upon final approval from QA. I suspect their decision to do that was an attempt to downplay the significance of the vulnerability. It hasn't worked.
UNIX only looks up magic headers with using the execve() system call, and not with open()- and only if the file is marked +x - and only if it's on a filesystem marked exec.
Completely correct (and yes, I did know this), but you're still missing the point. Windows does not execute the WMF file directly. It calls a graphics handler which determines that it's a WMF (from the header) and then passes it off to the DLL that handles WMFs. How is this different from a user in Konqueror or Nautilus or any other file manager double clicking on a data file and the file manager attempting to figure out what it is?
One of the problems here is that Windows' rape victims cannot disable WMF support and continue using Windows: It's part of GDI- a critical system component.
And yet unregistering the DLL is one of the widely recommended steps that's completely successful as long as you don't have some other vulnerability that re-enables it. It's not as integral as you seem to think.
Another problem is that Microsoft is inconsistant with regards to what opens what
Now here I completely and totally agree with you. And I indicated as much in my prior post. It's bloody difficult to diagnose problems, secure your system, or change how things work when there are a dozen different ways to get things done, they're poorly documented, and in many cases nearly impossible to alter anway. Unix is considerably better in this regard (at least once you find the right documentation), but MS just keeps adding APIs and interface layers.
The real issue here was that MS, in it's infinite stupidity, designed a data file format that inherently contained executable code! That's fucking insane. You load a graphics file and in it it sets a callback function in case of error? How was that not screaming "exploit me now!", even back in the Win 3.x days?
Of course, for some reason I doubt that MS was the only one to ever do something this inane. I wonder if any widely spread file formats have something similar -- the search will certainly be on now.
It has to do with the MS Windows community expecting extensions to be used to link files to programs exclusively
And Linux users don't? Double click on a GIF/JPG/MP3/HTML/etc file in Konqueror or Nautilus (or the file manager of your choice) and what happens? Exactly the same as in Windows -- it launches the executable that's associated with the file.
There is no execute bit in their filesystems.
Yes there is. Admittedly, it's not used very much, and I don't expect that to change anytime soon. Not that it would've mattered in this case.
Linux users also expect data to NOT be given execute priviledges.
That's nice. And if a previously unknown vulnerability is found in libjpeg, then how is it going to matter? Sure, the JPEG isn't marked executable, but when the program that actually loads the executable links to libjpeg.so, and the JPEG contains a buffer overrun exploit then the resultant code may end up executing bytes out of the "non-executable" JPEG. The only way to avoid this is to use the new NX mode/instructions in modern CPUs -- something that you can do in Windows Server 2003 as well as in Linux.
Frankly, I know a lot of Unix users who will happily run a shell script without looking at it, or assume that a.pl file is a Perl script, or a.py a Python script, etc. -- there's certainly no obligation for them to be. And I know just as many expert users in both Windows and Unix who don't do stupid things like execute unknown files, trust scripts without reviewing them, etc.
I'm suprised virus writers waited until this millenium to finally exploit such a stupid flaw.
They didn't. Kinda. The idiocy of MS hiding "known" extensions was exploited years ago (happyfun.txt.exe -- guess what it shows up as in Outlook Express or Explorer?), along with similar exploits.
Its not just the extension that dictates that it's a WMF... Windows in its infinate wisdom also looks at the header bytes of the file and says "ohh! thats a WMF!"
So, in other words, it does exactly the same thing Unix does for every single executable file.
Do a man magic if you don't know what I'm talking about, and/or look into why scripts have that #! as the very first two bytes in order to work automatically.
Windows has gotten bashed for years for relying on file extensions. Here they don't and they get bashed more! Ok, yeah, it's yet another example of deviation from expected behavior, but complain about that, not that they're finally trying to be smarter about files. Hell, most programs will now ignore file extensions and look at the file header -- it's hardly a MS only behavior.
That said, MS's slackness on this issue is ridiculous. Yes, I know that they have to test a patch in a very large test environment to make sure nothing goes "boom", but in this case they would better serve their customers by simply disabling WMF support entirely until they can properly patch things. WMF is not a widely used format -- in the very few cases where it's actually being used you could simply not patch the computer and take appropriate actions to isolate that system. It would be a hell of a lot better than the current situation, especially given how nasty and widespread this exploit is.
Why do they want so many years to decide on so simple things
Because they have to.
It's an ISO standard language -- by ISO standards, you cannot put out a new standard more than once a decade. The last standard was C++98 (which brought about the STL, amongst other things), so the absolute earliest they could create a new standard is 2008. Go look at the history of FORTRAN ISO standards, or even C ISO standards, to see a long list of once-a-decade revisions.
The reasons for this are quite sane -- it takes time for the new standard to be understood, implemented, and put into wide use. It took nearly 5 years for most of the major C++ compilers to properly implement C++98 (MS being the longest hold out). Most C compilers are still working on C99 compliance. It also takes time for it to become clear what language in the standard needs clarification, which parts are difficult (or outright stupid), and what needs to be fixed.
the using declaration for making type aliases. First of all, template typedefs are there for the exact same reason
And they're poorly implemented in most compilers, 7 years after the standard was ratified, because they're a fucking nightmare to deal with for the compiler and linker. Having a separate keyword makes it easier for the lexical analyzer to figure out exactly WTF you're doing.
No garbage collection.
It's a major issue when you're talking about embedded programming -- the overhead of GC may mean you cannot use a particular microcontroller for your design, either due to lack of CPU or memory. The embedded camp has a lot of strength in design decisions when it comes to C and C++. People who don't ever even think about embedded programming forget (or don't know) this and wonder why certain decisions are made.
That said, the new smart pointers (auto_ptr is such a worthless piece of crap) go a long, long ways toward solving this issue. If you use them. In some code I've written recently we couldn't use the boost::smart_ptr class because the performance overhead was too steep (this was in code that was desperate for every improvement I could throw at it).
no static virtual methods. It is dead easy to do, and sometimes it is badly needed. For example, the pattern factory heavily depends on it.
And Factory can be written in C++ without any issues. I've done it several times. I fail to see your point.
no one really cares about C++ being used in a few embedded controllers anyway
Except for the bazillions of embedded controllers that run C++ code. There's a reason they have a strong voice on the standards committee -- because it is used heavily and there is no real alternative available. Yes, embedded microcontrollers are becoming bigger and beefier everyday, but there's always a group that's pushing them to the limits, and C++ is the only vaguely modern language that lets them do what they need with little overhead.
A lot of your other points are good questions. I suspect that they're answered in the working group's mailing list, but I'm not up to dealing with the volume (or the technical details) produced by that list.
In many ways the Grand Challenge was a toy problem, but this is not usually emphasized because they want to make it seem more dramatic.
This year's GC course certainly seemed much easier than the previous course -- as you note, there was a lack of obstacles, except for cattle gates lying on the road and some relatively large obstacles like telephone poles and tunnels. Contrary to what some posters claim, there were a large number of sharp turns (and note that the Grand Challenge site doesn't show every single bend; point of interest D notes sharp turns when there doesn't appear to be any; meanwhile point K shows a series of sharp turns).
And no, there were no dynamic elements on the course -- that was part of the design though. You should know better than the rest of us what the design goal was -- to acheive an autonomous supply train through rough terrain. It's not supposed to deal with dynamic elements -- the odds of running into anything out in the middle of the desert is pretty low after all -- but it has to be able to handle unknown terrain.
Dynamic elements and weather conditions are certainly something that will need to be handled in the future though, and from the sounds of it the Stanford team is well ahead of the CMU team on this front.
The Wired piece is over-reaching, but the counterpoint is that we are now vastly closer to autonomous driving than we previously were. And the techniques that Stanford applied are far more likely to scale than those that CMU apparantly used. That's tremendously important.
Look at my posting history. Yeah, I'm a dupe hound.
The only reason I bothered was because it didn't seem like anyone else had yet, and the idea was stupid the first time around. A year hasn't improved it any.
Some of us may have not been reading Slashdot a year ago... you're going to point out year-old dupes?
So, by that logic, we should expect major news services to also repeat major stories in case you missed them when they actually happened?
Soon to be on a news service near you: George W. Bush wins election over John Kerry Tsunami strikes SE Asia, Death Toll Expected to be Massive
It's silly there, it's silly here, and it's a mark of exceptional laziness on the part of the editors.
You're going to need a much more expensive video card than that if you want to compare to the XBox360.
More expensive than which? Than the GF6600GT? Yeah. Than the GF6800GS? Maybe. Than the GF7800GT? Nope.
Even at the highest resolution HD (1080i), the Xbox360 merely has to do 1920x1080 at 30 fps. At 720p that's 1280x720 at 60 fps. Most of the first generation games, like COD2, aren't even acheiving that -- they cheat by running at lower res (like 1280x600; not to mention not keeping up 60fps) and having the 360's internal scalar make it look like it's managing true 720p. The GF7800GT is easily just as capable.
Aaaaaand those components wouldn't produce anything close to PS2 performance
To PS2? Are you on crack? A PS2 has to maintain all of 640x480 @30fps, with incredibly low polygon count and texture fills, not to mention a complete lack of bump mapping, anti aliasing, or ansiotropic filtering. There are a few games that support higher resolutions, but they're few and far between.
You really didn't deserve a response, but I'm so sick of clueless fools thinking that the last generation consoles had anything even vaguely approaching decent graphics capabilities.
When I spec'd this out a few weeks back on another site I believe I excluded a few components (case, HD, DVD drive) because it was about upgrades. But you can build a full, gaming capable PC for under $700 (and by gaming, I include current titles such as FEAR, COD2, and BF2 -- depending on the video card you choose you may have to run at lower rez, but they'll run at reasonable frame rates with all or nearly all graphics options on).
Here's the parts list from NewEgg. If you live outside of the US I certainly cannot vouch for your prices.
Note that no rebates are calculated into the costs... you could easily get a far bigger/better HD with rebates, and several of the items above have other rebates as well. And no, the above isn't quite what I'd buy -- but I did make sure it had a decent MB, GPU, etc. If I didn't care about that I could've sliced another $50-100 off the price.
Why do people spend $3k on a computer to play the Sims ?
Because they're idiots.
Can't you get a $500 PC for random computer work and then a $100 playstation (or random game system) for games ?
Yeah, and I can also build a $600 PC that will blow the PS2 out of the water when it comes to graphics and seriously compete against (and sometimes surpass) the Xbox360.
The real question is what games do you want to play, and that's what should influence your decision. If you like RTSs, MMORPGs, or FPSs then the PC is the only real option. For platformers, "RPGs" (e.g. -- Final Fantasy), and "party games" then consoles are where it's at. If you want to game online, then the PC is better, while gaming with a bunch of people in the same room is clearly the consoles' forte. There will always be platform-specific games (ala Civ4 for the PC, or Katamari Damarcy for the PS2), so that's also a consideration.
BTW, the Sims on consoles is nowhere even close to the PC version. It's simply too stripped down, both in UI and graphics.
The next generation consoles (Xbox360 and PS3) are going to really shrink the gap graphics-wise between the consoles and the PC, but they're still quite a bit less powerful. And unless they get serious about allowing keyboard/mouse input (as an option, obviously) then they'll still be deficient for a lot of game genres (MMO being the biggest).
The 9800 line was released in early 2003, so it's closing in on being 3 years old at this point. There have been two full graphics line refreshes since then. And if you want to consider that the 9800 line was a minor refresh of the 9700 line, then it's closer to 3 1/2 years old already.
So yeah, it's "older", and has been for quite some time. If you bought yours last week then I'm sorry you haven't been paying any attention to the market for the past two years.
What's new here? Everything that the betanews report states has long been known in the medical community -- particularly the bit about pregnancy. My wife is currently in her second pregnancy, and she never had any carpal tunnel problems before. But she does now -- if she's at a keyboard too long or crochets too much then her wrist starts to hurt. Her doctor says it's fairly common for pregnant women to suffer carpal tunnel due to increased swelling and the loosening of joints during pregnancy. And all she can do is wear a wrist brace and take tylenol -- there are no anti-inflamatories approved for use while pregnant.
The rest of the info is also well known. A poor hand posture can exacerbate the problem, but it's unlikely to cause it outright.
Is Linus being "self-centered" when he said that "I prefer KDE over GNOME"?
Except that's not what he said. In fact, the word "prefer" doesn't appear in the email.
What he did say was that GNOME encourages people to be idiots. It wouldn't be a stretch to say that he implied "only idiots use GNOME". And he finished off his missive with a plain statement saying that people should just use KDE.
That's considerably different from merely stating an opinion. The last sentence of the second paragraph is certainly an opinion, and an entirely valid one, but it's also in stark contrast to the rest of the email.
I've seen plenty of "graphic sexual content" in R-rated movies.
I doubt it. Graphic sexual content generally refers to the explicit showing of a sexual act (oral, vaginal, or anal) on screen, plainly. Despite all your complaints, this is a generally accepted definition.
Like the Oscars being sued when the most popular documentary in history wasn't nominated for a single thing
And your point is? Michael Moore was the one who fucked that up -- he did not submit the movie for Best Documentary (which it almost certainly would've won), but only for Best Picture. He could've submitted it for both, but didn't. Go ahead, check into it.
the courts said all that movie stuff is a private industry
What are you babbling about now? There was no lawsuit against the Academy over this. There were a number of other lawsuits regarding Farenheit 9/11, but they were not even vaguely related to this (mostly/all related to questioning the factualness of the movie; AFAIK they were all thrown out).
will this make next gen DVD to expensive for most things for years to come
If they just started a new process and the first few batches are at 80% yield that's actually pretty damn good. It wasn't long ago (as in, a month or so) that dual-layer BD-ROMs were still in the lab, so this is a very new process.
That said, let's say it costs $1/disk/batch. If you have to throw away 20% of that batch how much do you have to sell each remaining disk for to break even? $1.25. It's an appreciable difference, sure, but hardly format killing. And yields will improve as they get the process down, much as they did for CDs and DVDs.
If next gen disks are much worse than DVD's they won't be worth using.
BD-ROM and HD-DVD are actually supposed to be less susceptible to damage than either CD or DVD -- they have tougher polycarbonate coverings and a slightly different overall design (BD more so than HD-DVD). That's the theory at least. Whether or not it holds up to be true in the real world is yet to be determined.
Neither has Dvorak, Jobs, Gates, or Balmer, but that doesn't stop them.
Dvorak (John C. Dvorak) has never done any work in computers -- he's been a journalist his entire life. Frankly, I've never really understood why people paid attention to him. He's been around a long time, but his batting average on predictions is pretty miserable.
Jobs, Gates, and Balmer are all involved in the industry still -- sure, they're in management at this point, but being the top managers of two of the biggest and most influential computer companies in the world means you have relevance.
Woz, while he's done a lot of worthy things since leaving Apple, has not been involved in the industry to any significant extent since. I'd be forced to argue that Dvorak is more relevant than he is, and that's a sad statement. He did some great stuff nearly 30 years ago, but that doesn't mean that he's "with it" now.
The pharmaceutical industry has incredibly high costs because of government regulations
Yes, and I alluded to that. You didn't answer the question.
We have 6.5 billion people in the world. If reducing government intrusion would save half, we're talking about 2.5 cents per person to make a new drug.
That's nice. What about the vast majority of drugs that don't target every human being on the planet? Not everyone is HIV positive. Not everyone has diabetes. Not everyone will get esophageal cancer. That doesn't mean we shouldn't be doing research on them.
I'm narcoleptic, and I'm very happy that the research that led to modafinil was done -- it's far better than the alternatives, such as ritalin or other addictive stiumlents. Of course, in its case I will question whether or not it should still be covered by patent -- it was originally found in the 1970s during other research, but only recently re-visited for usage in narcolepsy treatment. If it couldn't have been patented, however, I'm unsure that it ever would have been revisited -- there aren't a huge number of people suffering from narcolepsy after all -- instead the stimulents would continue to be the only treatment course, or someone might have eventually stumbled upon a new treatment. Maybe.
As long as there is a demand for something that has zero supply, people will always find ways to create a supply. That is how the market operates.
You're missing the bits that involve making profit. In the case of pharmaceuticals there is a huge research cost -- even if you remove all regulation. You have completely failed to explain how the R&D costs will be recovered if a company has no exclusivity time period.
Nor do you explain how removing governmental regulation will magically make it happen. What you'll end up with then is a huge cycle of lawsuits as companies come out with blatantly unsafe medications (because they didn't bother doing the now unrequired testing), people take them and suffer significant problems (problems which may not surface for a long period of time (c.f. -- the tobacco industry for an imperfect example), or problems which may cause lasting, long term effects) and sue the company. Odds are the company goes out of business and the consumers are left holding the bag. That or companies have to do the testing cycles anyway, which creates even more R&D expense, which they then can't recover because Drugs'R'Us waits for them to put out the product and then does some pretty simplistic chemistry to determine what the makeup and production methods are. These aren't things you can keep as trade secrets after all.
n my experience, the IP debate ends when someone brings up pharmaceuticals
Maybe because it's a serious issue that your "abolish IP laws" doesn't address? And it's hardly a fringe issue. There are numerous industries in which this is true (high R&D costs, low barriers to entry for production); the pharmaceutical industry is merely the most prominant one.
So, exactly how are we supposed to create new pharmaceuticals in your brave new IP-less world? Do we eliminate the massive costs associated with testing and just let people fend for themselves (and companies too, since presumably you'd support suing any company that still puts out a risky product)? How can a company spend millions or billions of dollars on new research if the only saleable end product is a pill that can be copied in under a day by production houses that do no research at all? Should all future medical and pharmaceutical funding come purely from the government?
Your other responses thus far are not particularly illuminating either. Getting paid a salary (as you suggest) would stifle many writers, not free them. Corporations expect product on a timely scale, so you'll have the next Steinbeck or Joyce writing filler crap instead of their next masterpiece.
Is IP law horribly fouled up? Most certainly. Are the primary beneficiaries the distributors, middle-men, and corporations instead of the authors and inventors? Yup. Is that wrong? Definitely. But your suggestions amount to no more than throwing out the baby with the bathwater. We need a major reformation of IP law across the board, with more reasonable limits (esp. for copyright) and fair use rights. Patents need less obfusication and more requirements on actively defending the patent (submarine patents are bad!). Trademarks aren't too bad off, although there's certainly some absurdity going on there (not nearly as much though).
Really? Your Unix installations save the current environment when they need a reboot (for, oh say, a kernel update) and restore it completely when finished?
What this appears to do is considerably more than just try to avoid reboots (which, while improved under XP, still happen way too damn much -- for both OS and "application" patches), it actually tries to make a reboot a non-event as far as the user is concerned.
It won't work though. There's too many potential issues -- most of them security related. If you're logged in on a network it would have to remember your login info to restore that. What if you're logged into remote connections, like ssh sessions? Or ftp? Or your web banking? While these might be solvable, my guess is that solving some of them (like retaining the SSL session for the web banking) would involve some pretty massive potential security holes beyond just remembering passwords that it shouldn't.
Fixing the real issues would require a massive rewrite of the file systems, the memory manager (esp. virtual memory), and other key OS components. Unix has done it right for a long time in this regard -- delete a file in use? Sure, no problem. But it's not actually de-allocated from the FS until the current process releases it. This has its own set of issues, but they're much more managable than the ones that exist with Windows' current methods. Better yet would be inherent versioning, ala VMS's FS. Certainly disk space is cheap now compared to back then -- it's surprising that nobody's revisited this.
non-power users are probably more likely to trust Google or Yahoo with their email data anyway.
I have no issues with "trusting" Gmail with my personal email. Frankly, I've stopped using a local client since getting a gmail account. It's considerably more convienent and powerful for me.
For business use, however, I would never even consider using a 3rd party web host. Not even for a small company. And while some mail server web interfaces are excellent (Exchange), others make me weep (Oracle's). I would rather poke a stick in my eye than use Oracle's Web email interface. It's less painful and doesn't do as much long term damage. Plus you can plant a seedling, wait for the tree to grow, and harvest some high quality poking sticks in the time it takes for OCS to load the first dozen (literally -- 12; pray you don't need more than that) emails.
Yes, I am exagerating.
Slightly.
For anyone who needs offline access to their email (pretty much anyone on a laptop or that travels) then non-webmail access will remain a necessity. These aren't necessarily "power" users; just people who won't always have Internet access (like on a plane, or at a client's site).
Slashdot Mirror
How about that's not UNIX?
Point taken. And none of the shells that I'm familiar with do anything silly like that either -- if the file isn't marked executable, they won't execute it or attempt to figure out how to.
Office documents can have executable macros. Microsoft makes this mistake this a lot.
Yes, but they're generally sandboxed to some degree or another. Well, at least they are nowadays. And there are very legitimate reasons for macros in office documents (although not so much for ones that auto-execute on open). This isn't sandboxed, and it's absurdly dangerous because of it. Defenders could claim that WMF was invented before the widespread use of networking (which is questionable), but even back then trojans and virii were common place. I'm utterly amazed that it took someone so long to find out this vulnerability.
As I said in my first post, it's utterly unacceptable that MS hasn't released a patch that simply disables the functionality in question. Even if it breaks some things. Equally unacceptable is their decision to make this part of the monthly patch cycle instead of releasing it immediately upon final approval from QA. I suspect their decision to do that was an attempt to downplay the significance of the vulnerability. It hasn't worked.
UNIX only looks up magic headers with using the execve() system call, and not with open()- and only if the file is marked +x - and only if it's on a filesystem marked exec.
Completely correct (and yes, I did know this), but you're still missing the point. Windows does not execute the WMF file directly. It calls a graphics handler which determines that it's a WMF (from the header) and then passes it off to the DLL that handles WMFs. How is this different from a user in Konqueror or Nautilus or any other file manager double clicking on a data file and the file manager attempting to figure out what it is?
One of the problems here is that Windows' rape victims cannot disable WMF support and continue using Windows: It's part of GDI- a critical system component.
And yet unregistering the DLL is one of the widely recommended steps that's completely successful as long as you don't have some other vulnerability that re-enables it. It's not as integral as you seem to think.
Another problem is that Microsoft is inconsistant with regards to what opens what
Now here I completely and totally agree with you. And I indicated as much in my prior post. It's bloody difficult to diagnose problems, secure your system, or change how things work when there are a dozen different ways to get things done, they're poorly documented, and in many cases nearly impossible to alter anway. Unix is considerably better in this regard (at least once you find the right documentation), but MS just keeps adding APIs and interface layers.
The real issue here was that MS, in it's infinite stupidity, designed a data file format that inherently contained executable code! That's fucking insane. You load a graphics file and in it it sets a callback function in case of error? How was that not screaming "exploit me now!", even back in the Win 3.x days?
Of course, for some reason I doubt that MS was the only one to ever do something this inane. I wonder if any widely spread file formats have something similar -- the search will certainly be on now.
I can think of at least half a dozen cases where overreading can be just as dangerous as overwriting
As can I, but again -- we're talking about const data here! If you're going past the end of the array/vector then your code is really, amazingly bad.
Besides which, the "safe" methods for vector access are also slow -- at() is considerably slower than [], and iterators are slower than either.
Again, there are still valid uses, but they are exceptionally rare.
It has to do with the MS Windows community expecting extensions to be used to link files to programs exclusively
.pl file is a Perl script, or a .py a Python script, etc. -- there's certainly no obligation for them to be. And I know just as many expert users in both Windows and Unix who don't do stupid things like execute unknown files, trust scripts without reviewing them, etc.
And Linux users don't? Double click on a GIF/JPG/MP3/HTML/etc file in Konqueror or Nautilus (or the file manager of your choice) and what happens? Exactly the same as in Windows -- it launches the executable that's associated with the file.
There is no execute bit in their filesystems.
Yes there is. Admittedly, it's not used very much, and I don't expect that to change anytime soon. Not that it would've mattered in this case.
Linux users also expect data to NOT be given execute priviledges.
That's nice. And if a previously unknown vulnerability is found in libjpeg, then how is it going to matter? Sure, the JPEG isn't marked executable, but when the program that actually loads the executable links to libjpeg.so, and the JPEG contains a buffer overrun exploit then the resultant code may end up executing bytes out of the "non-executable" JPEG. The only way to avoid this is to use the new NX mode/instructions in modern CPUs -- something that you can do in Windows Server 2003 as well as in Linux.
Frankly, I know a lot of Unix users who will happily run a shell script without looking at it, or assume that a
I'm suprised virus writers waited until this millenium to finally exploit such a stupid flaw.
They didn't. Kinda. The idiocy of MS hiding "known" extensions was exploited years ago (happyfun.txt.exe -- guess what it shows up as in Outlook Express or Explorer?), along with similar exploits.
Its not just the extension that dictates that it's a WMF... Windows in its infinate wisdom also looks at the header bytes of the file and says "ohh! thats a WMF!"
So, in other words, it does exactly the same thing Unix does for every single executable file.
Do a man magic if you don't know what I'm talking about, and/or look into why scripts have that #! as the very first two bytes in order to work automatically.
Windows has gotten bashed for years for relying on file extensions. Here they don't and they get bashed more! Ok, yeah, it's yet another example of deviation from expected behavior, but complain about that, not that they're finally trying to be smarter about files. Hell, most programs will now ignore file extensions and look at the file header -- it's hardly a MS only behavior.
That said, MS's slackness on this issue is ridiculous. Yes, I know that they have to test a patch in a very large test environment to make sure nothing goes "boom", but in this case they would better serve their customers by simply disabling WMF support entirely until they can properly patch things. WMF is not a widely used format -- in the very few cases where it's actually being used you could simply not patch the computer and take appropriate actions to isolate that system. It would be a hell of a lot better than the current situation, especially given how nasty and widespread this exploit is.
Why do they want so many years to decide on so simple things
Because they have to.
It's an ISO standard language -- by ISO standards, you cannot put out a new standard more than once a decade. The last standard was C++98 (which brought about the STL, amongst other things), so the absolute earliest they could create a new standard is 2008. Go look at the history of FORTRAN ISO standards, or even C ISO standards, to see a long list of once-a-decade revisions.
The reasons for this are quite sane -- it takes time for the new standard to be understood, implemented, and put into wide use. It took nearly 5 years for most of the major C++ compilers to properly implement C++98 (MS being the longest hold out). Most C compilers are still working on C99 compliance. It also takes time for it to become clear what language in the standard needs clarification, which parts are difficult (or outright stupid), and what needs to be fixed.
the using declaration for making type aliases. First of all, template typedefs are there for the exact same reason
And they're poorly implemented in most compilers, 7 years after the standard was ratified, because they're a fucking nightmare to deal with for the compiler and linker. Having a separate keyword makes it easier for the lexical analyzer to figure out exactly WTF you're doing.
No garbage collection.
It's a major issue when you're talking about embedded programming -- the overhead of GC may mean you cannot use a particular microcontroller for your design, either due to lack of CPU or memory. The embedded camp has a lot of strength in design decisions when it comes to C and C++. People who don't ever even think about embedded programming forget (or don't know) this and wonder why certain decisions are made.
That said, the new smart pointers (auto_ptr is such a worthless piece of crap) go a long, long ways toward solving this issue. If you use them. In some code I've written recently we couldn't use the boost::smart_ptr class because the performance overhead was too steep (this was in code that was desperate for every improvement I could throw at it).
no static virtual methods. It is dead easy to do, and sometimes it is badly needed. For example, the pattern factory heavily depends on it.
And Factory can be written in C++ without any issues. I've done it several times. I fail to see your point.
no one really cares about C++ being used in a few embedded controllers anyway
Except for the bazillions of embedded controllers that run C++ code. There's a reason they have a strong voice on the standards committee -- because it is used heavily and there is no real alternative available. Yes, embedded microcontrollers are becoming bigger and beefier everyday, but there's always a group that's pushing them to the limits, and C++ is the only vaguely modern language that lets them do what they need with little overhead.
A lot of your other points are good questions. I suspect that they're answered in the working group's mailing list, but I'm not up to dealing with the volume (or the technical details) produced by that list.
I guess Slashdot could fix this and accept whitespace as a paragraph break, but I guess that would violate some deep principle
Or you could change your posting default to "Plain Old Text". But then that would completely and utterly invalidate your entire whine.
Hell, you can't event put known non-uniform data in C++ vector without doing it one-by-one.
What are you doing such that you need to put constant data into a vector like that? Is there a reason you're not just using an array?
There are use cases for doing this, but they're pretty rare. We could use it in our codebase for our unit tests, but not in the "real" code.
And, if you'd bothered to read the article, you'd see that this will be supported in C++0x.
In many ways the Grand Challenge was a toy problem, but this is not usually emphasized because they want to make it seem more dramatic.
This year's GC course certainly seemed much easier than the previous course -- as you note, there was a lack of obstacles, except for cattle gates lying on the road and some relatively large obstacles like telephone poles and tunnels. Contrary to what some posters claim, there were a large number of sharp turns (and note that the Grand Challenge site doesn't show every single bend; point of interest D notes sharp turns when there doesn't appear to be any; meanwhile point K shows a series of sharp turns).
And no, there were no dynamic elements on the course -- that was part of the design though. You should know better than the rest of us what the design goal was -- to acheive an autonomous supply train through rough terrain. It's not supposed to deal with dynamic elements -- the odds of running into anything out in the middle of the desert is pretty low after all -- but it has to be able to handle unknown terrain.
Dynamic elements and weather conditions are certainly something that will need to be handled in the future though, and from the sounds of it the Stanford team is well ahead of the CMU team on this front.
The Wired piece is over-reaching, but the counterpoint is that we are now vastly closer to autonomous driving than we previously were. And the techniques that Stanford applied are far more likely to scale than those that CMU apparantly used. That's tremendously important.
Damn.. you dupe hounds are pathetic.
Look at my posting history. Yeah, I'm a dupe hound.
The only reason I bothered was because it didn't seem like anyone else had yet, and the idea was stupid the first time around. A year hasn't improved it any.
Some of us may have not been reading Slashdot a year ago... you're going to point out year-old dupes?
So, by that logic, we should expect major news services to also repeat major stories in case you missed them when they actually happened?
Soon to be on a news service near you:
George W. Bush wins election over John Kerry
Tsunami strikes SE Asia, Death Toll Expected to be Massive
It's silly there, it's silly here, and it's a mark of exceptional laziness on the part of the editors.
It's good to know that Tech Zone is on the leading edge of reviewing year old news.
And that Slashdot editors continue to not bother checking for dupes.
Nothing new to see here. Move along.
You're going to need a much more expensive video card than that if you want to compare to the XBox360.
More expensive than which? Than the GF6600GT? Yeah. Than the GF6800GS? Maybe. Than the GF7800GT? Nope.
Even at the highest resolution HD (1080i), the Xbox360 merely has to do 1920x1080 at 30 fps. At 720p that's 1280x720 at 60 fps. Most of the first generation games, like COD2, aren't even acheiving that -- they cheat by running at lower res (like 1280x600; not to mention not keeping up 60fps) and having the 360's internal scalar make it look like it's managing true 720p. The GF7800GT is easily just as capable.
Aaaaaand those components wouldn't produce anything close to PS2 performance
To PS2? Are you on crack? A PS2 has to maintain all of 640x480 @30fps, with incredibly low polygon count and texture fills, not to mention a complete lack of bump mapping, anti aliasing, or ansiotropic filtering. There are a few games that support higher resolutions, but they're few and far between.
You really didn't deserve a response, but I'm so sick of clueless fools thinking that the last generation consoles had anything even vaguely approaching decent graphics capabilities.
When I spec'd this out a few weeks back on another site I believe I excluded a few components (case, HD, DVD drive) because it was about upgrades. But you can build a full, gaming capable PC for under $700 (and by gaming, I include current titles such as FEAR, COD2, and BF2 -- depending on the video card you choose you may have to run at lower rez, but they'll run at reasonable frame rates with all or nearly all graphics options on).
Here's the parts list from NewEgg. If you live outside of the US I certainly cannot vouch for your prices.
ABIT KN8 Socket 939 NVIDIA nForce4 ATX AMD Motherboard - Retail - $82
Linkworld 3230-02C2222U Black Steel ATX Mid Tower Computer Case 430W Power Supply - Retail - $24
NEC Black IDE/ATAPI DVD Burner Model ND-3550A - OEM - $40
Western Digital Caviar SE WD800JB 80GB 7200 RPM IDE Ultra ATA100 Hard Drive - OEM - $53
LITE-ON SK-1688U Beige USB Wired Keyboard - Retail - $6
OCZ Value Series 1GB (2 x 512MB) 184-Pin DDR SDRAM DDR 400 (PC 3200) Unbuffered Dual Channel Kit System Memory Model OCZ4001024V25DC-K - Retail - $82.50
Rosewill RM800U Black 3 Buttons 1x Wheel USB Optical Mouse - OEM - $4.50
Microsoft Windows XP Home With SP2 - OEM - $93
AMD Athlon 64 3200+ Venice 1GHz FSB Socket 939 Processor Model ADA3200BPBOX - Retail - $174
Rosewill RFA120L-W 120mm Sleeve 4 White LEDs LED Light Case Cooling Fan - Retail - $4
XFX PVT43GNDF3 Geforce 6600GT 128MB GDDR3 PCI Express x16 Video Card - Retail
That's quite capable. Add a monitor and speakers -- those weren't included in the price of the "$100" console, so I'm not including them either.
And if you're willing to spend more, for more graphics power:
GIGABYTE GV-NX68G256D-B Geforce 6800GS 256MB GDDR3 PCI Express x16 Video Card - Retail - $199
eVGA 256-P2-N515-AX Geforce 7800GT 256MB GDDR3 PCI Express x16 Desktop PC - Retail - $304
Note that no rebates are calculated into the costs... you could easily get a far bigger/better HD with rebates, and several of the items above have other rebates as well. And no, the above isn't quite what I'd buy -- but I did make sure it had a decent MB, GPU, etc. If I didn't care about that I could've sliced another $50-100 off the price.
Why do people spend $3k on a computer to play the Sims ?
Because they're idiots.
Can't you get a $500 PC for random computer work and then a $100 playstation (or random game system) for games ?
Yeah, and I can also build a $600 PC that will blow the PS2 out of the water when it comes to graphics and seriously compete against (and sometimes surpass) the Xbox360.
The real question is what games do you want to play, and that's what should influence your decision. If you like RTSs, MMORPGs, or FPSs then the PC is the only real option. For platformers, "RPGs" (e.g. -- Final Fantasy), and "party games" then consoles are where it's at. If you want to game online, then the PC is better, while gaming with a bunch of people in the same room is clearly the consoles' forte. There will always be platform-specific games (ala Civ4 for the PC, or Katamari Damarcy for the PS2), so that's also a consideration.
BTW, the Sims on consoles is nowhere even close to the PC version. It's simply too stripped down, both in UI and graphics.
The next generation consoles (Xbox360 and PS3) are going to really shrink the gap graphics-wise between the consoles and the PC, but they're still quite a bit less powerful. And unless they get serious about allowing keyboard/mouse input (as an option, obviously) then they'll still be deficient for a lot of game genres (MMO being the biggest).
q[When did the 9800 become "older"?]q
About two years now.
The 9800 line was released in early 2003, so it's closing in on being 3 years old at this point. There have been two full graphics line refreshes since then. And if you want to consider that the 9800 line was a minor refresh of the 9700 line, then it's closer to 3 1/2 years old already.
So yeah, it's "older", and has been for quite some time. If you bought yours last week then I'm sorry you haven't been paying any attention to the market for the past two years.
What's new here? Everything that the betanews report states has long been known in the medical community -- particularly the bit about pregnancy. My wife is currently in her second pregnancy, and she never had any carpal tunnel problems before. But she does now -- if she's at a keyboard too long or crochets too much then her wrist starts to hurt. Her doctor says it's fairly common for pregnant women to suffer carpal tunnel due to increased swelling and the loosening of joints during pregnancy. And all she can do is wear a wrist brace and take tylenol -- there are no anti-inflamatories approved for use while pregnant.
The rest of the info is also well known. A poor hand posture can exacerbate the problem, but it's unlikely to cause it outright.
Is Linus being "self-centered" when he said that "I prefer KDE over GNOME"?
Except that's not what he said. In fact, the word "prefer" doesn't appear in the email.
What he did say was that GNOME encourages people to be idiots. It wouldn't be a stretch to say that he implied "only idiots use GNOME". And he finished off his missive with a plain statement saying that people should just use KDE.
That's considerably different from merely stating an opinion. The last sentence of the second paragraph is certainly an opinion, and an entirely valid one, but it's also in stark contrast to the rest of the email.
I've seen plenty of "graphic sexual content" in R-rated movies.
I doubt it. Graphic sexual content generally refers to the explicit showing of a sexual act (oral, vaginal, or anal) on screen, plainly. Despite all your complaints, this is a generally accepted definition.
Like the Oscars being sued when the most popular documentary in history wasn't nominated for a single thing
And your point is? Michael Moore was the one who fucked that up -- he did not submit the movie for Best Documentary (which it almost certainly would've won), but only for Best Picture. He could've submitted it for both, but didn't. Go ahead, check into it.
the courts said all that movie stuff is a private industry
What are you babbling about now? There was no lawsuit against the Academy over this. There were a number of other lawsuits regarding Farenheit 9/11, but they were not even vaguely related to this (mostly/all related to questioning the factualness of the movie; AFAIK they were all thrown out).
will this make next gen DVD to expensive for most things for years to come
If they just started a new process and the first few batches are at 80% yield that's actually pretty damn good. It wasn't long ago (as in, a month or so) that dual-layer BD-ROMs were still in the lab, so this is a very new process.
That said, let's say it costs $1/disk/batch. If you have to throw away 20% of that batch how much do you have to sell each remaining disk for to break even? $1.25. It's an appreciable difference, sure, but hardly format killing. And yields will improve as they get the process down, much as they did for CDs and DVDs.
If next gen disks are much worse than DVD's they won't be worth using.
BD-ROM and HD-DVD are actually supposed to be less susceptible to damage than either CD or DVD -- they have tougher polycarbonate coverings and a slightly different overall design (BD more so than HD-DVD). That's the theory at least. Whether or not it holds up to be true in the real world is yet to be determined.
Neither has Dvorak, Jobs, Gates, or Balmer, but that doesn't stop them.
Dvorak (John C. Dvorak) has never done any work in computers -- he's been a journalist his entire life. Frankly, I've never really understood why people paid attention to him. He's been around a long time, but his batting average on predictions is pretty miserable.
Jobs, Gates, and Balmer are all involved in the industry still -- sure, they're in management at this point, but being the top managers of two of the biggest and most influential computer companies in the world means you have relevance.
Woz, while he's done a lot of worthy things since leaving Apple, has not been involved in the industry to any significant extent since. I'd be forced to argue that Dvorak is more relevant than he is, and that's a sad statement. He did some great stuff nearly 30 years ago, but that doesn't mean that he's "with it" now.
The pharmaceutical industry has incredibly high costs because of government regulations
Yes, and I alluded to that. You didn't answer the question.
We have 6.5 billion people in the world. If reducing government intrusion would save half, we're talking about 2.5 cents per person to make a new drug.
That's nice. What about the vast majority of drugs that don't target every human being on the planet? Not everyone is HIV positive. Not everyone has diabetes. Not everyone will get esophageal cancer. That doesn't mean we shouldn't be doing research on them.
I'm narcoleptic, and I'm very happy that the research that led to modafinil was done -- it's far better than the alternatives, such as ritalin or other addictive stiumlents. Of course, in its case I will question whether or not it should still be covered by patent -- it was originally found in the 1970s during other research, but only recently re-visited for usage in narcolepsy treatment. If it couldn't have been patented, however, I'm unsure that it ever would have been revisited -- there aren't a huge number of people suffering from narcolepsy after all -- instead the stimulents would continue to be the only treatment course, or someone might have eventually stumbled upon a new treatment. Maybe.
As long as there is a demand for something that has zero supply, people will always find ways to create a supply. That is how the market operates.
You're missing the bits that involve making profit. In the case of pharmaceuticals there is a huge research cost -- even if you remove all regulation. You have completely failed to explain how the R&D costs will be recovered if a company has no exclusivity time period.
Nor do you explain how removing governmental regulation will magically make it happen. What you'll end up with then is a huge cycle of lawsuits as companies come out with blatantly unsafe medications (because they didn't bother doing the now unrequired testing), people take them and suffer significant problems (problems which may not surface for a long period of time (c.f. -- the tobacco industry for an imperfect example), or problems which may cause lasting, long term effects) and sue the company. Odds are the company goes out of business and the consumers are left holding the bag. That or companies have to do the testing cycles anyway, which creates even more R&D expense, which they then can't recover because Drugs'R'Us waits for them to put out the product and then does some pretty simplistic chemistry to determine what the makeup and production methods are. These aren't things you can keep as trade secrets after all.
n my experience, the IP debate ends when someone brings up pharmaceuticals
Maybe because it's a serious issue that your "abolish IP laws" doesn't address? And it's hardly a fringe issue. There are numerous industries in which this is true (high R&D costs, low barriers to entry for production); the pharmaceutical industry is merely the most prominant one.
So, exactly how are we supposed to create new pharmaceuticals in your brave new IP-less world? Do we eliminate the massive costs associated with testing and just let people fend for themselves (and companies too, since presumably you'd support suing any company that still puts out a risky product)? How can a company spend millions or billions of dollars on new research if the only saleable end product is a pill that can be copied in under a day by production houses that do no research at all? Should all future medical and pharmaceutical funding come purely from the government?
Your other responses thus far are not particularly illuminating either. Getting paid a salary (as you suggest) would stifle many writers, not free them. Corporations expect product on a timely scale, so you'll have the next Steinbeck or Joyce writing filler crap instead of their next masterpiece.
Is IP law horribly fouled up? Most certainly. Are the primary beneficiaries the distributors, middle-men, and corporations instead of the authors and inventors? Yup. Is that wrong? Definitely. But your suggestions amount to no more than throwing out the baby with the bathwater. We need a major reformation of IP law across the board, with more reasonable limits (esp. for copyright) and fair use rights. Patents need less obfusication and more requirements on actively defending the patent (submarine patents are bad!). Trademarks aren't too bad off, although there's certainly some absurdity going on there (not nearly as much though).
q[More like welcome to unix of yesteryear.]q
Really? Your Unix installations save the current environment when they need a reboot (for, oh say, a kernel update) and restore it completely when finished?
What this appears to do is considerably more than just try to avoid reboots (which, while improved under XP, still happen way too damn much -- for both OS and "application" patches), it actually tries to make a reboot a non-event as far as the user is concerned.
It won't work though. There's too many potential issues -- most of them security related. If you're logged in on a network it would have to remember your login info to restore that. What if you're logged into remote connections, like ssh sessions? Or ftp? Or your web banking? While these might be solvable, my guess is that solving some of them (like retaining the SSL session for the web banking) would involve some pretty massive potential security holes beyond just remembering passwords that it shouldn't.
Fixing the real issues would require a massive rewrite of the file systems, the memory manager (esp. virtual memory), and other key OS components. Unix has done it right for a long time in this regard -- delete a file in use? Sure, no problem. But it's not actually de-allocated from the FS until the current process releases it. This has its own set of issues, but they're much more managable than the ones that exist with Windows' current methods. Better yet would be inherent versioning, ala VMS's FS. Certainly disk space is cheap now compared to back then -- it's surprising that nobody's revisited this.
non-power users are probably more likely to trust Google or Yahoo with their email data anyway.
I have no issues with "trusting" Gmail with my personal email. Frankly, I've stopped using a local client since getting a gmail account. It's considerably more convienent and powerful for me.
For business use, however, I would never even consider using a 3rd party web host. Not even for a small company. And while some mail server web interfaces are excellent (Exchange), others make me weep (Oracle's). I would rather poke a stick in my eye than use Oracle's Web email interface. It's less painful and doesn't do as much long term damage. Plus you can plant a seedling, wait for the tree to grow, and harvest some high quality poking sticks in the time it takes for OCS to load the first dozen (literally -- 12; pray you don't need more than that) emails.
Yes, I am exagerating.
Slightly.
For anyone who needs offline access to their email (pretty much anyone on a laptop or that travels) then non-webmail access will remain a necessity. These aren't necessarily "power" users; just people who won't always have Internet access (like on a plane, or at a client's site).