What's wrong with Java then, once you have a native optimizing compiler? It has very limited aliasing (one array can not point in the middle of another array) and garbage collection will not take much time for typical FORTRAN-style programs (a bunch of arrays without embedded pointers).
Well it is easy enough to find out. Take the Microsoft J# or C# compilers which have a highly optimized back end and compare with a good FORTRAN. My guess would be that C# and J# would give almost exactly the same results since the two languages have the same feature set. C# might have an edge since it is slightly newer and was designed by the people who wrote the back end of the Visual C++ compiler which is the base of CLR.
I would expect both to outperform FORTRAN.
The reason is that FORTRAN gives very little assistance to an optimizer. OK loops can be unrolled. Guess what? every optimizing C compiler does the exact same thing.
The only reason why FORTRAN might be faster is the static allocation model. This means that pointers can effectively be derefferenced at compile time. But that does not provide a huge advantage for today's processors.
We wrote a C++ shell sort (reasonably efficient) routine to sort the 30k names. It took several seconds...not bad. Our old FORTRAN code is a bubble sort routine (least efficient) and it does the same job in less than ONE SECOND
You are not comparing like with like. Depending on how you code bubble sort can be quite fast if the items are already mostly in order.
C++ is not the frienliest of languages to write an optimizing compiler for and if you buy the standard edition of Visual C++ you don't even get the optimizer. So comparing languages on the basis of unspecified compilers is idiotic.
I have used Fortran extensively and in particular for numerical applications. My experience was that the code people wrote in Fortran tended to have a much greater number of bugs. There were plenty of libraries arround but the quality was mostly very poor. Even very well known packages such as CERNLIB were riddled with bugs, even after 20 years of development.
A competent programmer working in any imperative language can write code that outperforms an incompetent programer in any other. Most of the physicists I worked with didn't even turn on the optimizer.
Thwate's site [thwate.com] is a different design than Thawte's site [thawte.com] but still uses the 'Thawte' name. This looks like a lawsuit waiting to happen.
I just went to their Web site and if you click through you will find that they do actually sell Thawte certificates, you are sent to the Thawte site.
This is probably just an innocent thing where people were going to Thwate and trying to get certificates and someone decided to take advantage of the channel.
I will get onto legal tommorrow however just to make sure that nothing unfriendly gets said by mistake. There used to be a company in the UK with a vacum cleaner called VAX. They got a nastygram from a random DEC legal outfit every week.
Shadow passwords are a form of security through obscurity.
You've simply moved the password information to another slightly less readable file (by file permissions) but it still is readable off backup tapes and other tricks
I don't agree. File permissions are not a sufficient protection for a password file. Neither is one way encryption. The combination is an acceptable level of security fot some applications.
Security through obscurity is something else entirely. It is assuming that a process is so complex that the complexity provides security.
If you want to redefine the meaning of security through obscurity, that is fine. Just remember to change the assertion that security through obscurity is alway bad at the same time.
To take the argument to the extreme I would insist on using one way encryption even if the password file was to be stored in trusted hardware where the problems of inadvertent disclosure you cite could not occur.
know this because I tried to buy an Iridium phone. I spent months and months trying. I tell you they WOULD NOT SELL ME ONE. It was a joke!
You basically had to know someone in the company to get one. I had the same experience trying to buy CDPD service a few years back. I could not find the damn product on their Web site or through their customer service line - even though it had existed for several years.
In the end I called up one of their senior VPs, and not just an ordinary senior VP. I explained who I am, stuff I did, company I work for and why it would be in their interests to let me get the service (we were doing eight figures worth of business with them at the time). So he says he will get on it and then a couple of weeks later he sends me an email saying that he tried to get it for himself and they could not get it to happen. Also the business unit in question could not understand why it was failing to sell...
I know someone who did get one of the Iridium phones, he was a VP of technology at Visa (see the sort of place you have to be). The phone was the size and weight of a brick.
Basically what killed Iridium was the announcement of Iridium. The whole value proposition was to be able to talk anywhere. Great, only you can get cell service almost anywhere you are likely to be. Certainly in every major city. The problem was not the lack of connectivity it was the ability to connect and the ridiculous use fees. Once iridium appeared the providers had a huge incentive to fix those things fast. So I can know make cell calls from pretty much anywhere I am likely to go for $1 a minute or less.
According to reports something like 40% of the iridium phones that were actually used were sold to Taleban and then Opposition forces in Afghanistan.
I agree that scanning a network doesn't make it secure but rather it is the first step in identifying where it is insecure. It's an important step that should not be overlooked. As far as the book goes, anything to help people realize that security is important is a good thing.
Every categorical statement about computer security is wrong.
If you talk to anyone in the top rank of information security, whether someone with a public profile like Bruce Schneier or Ross Anderderson or people like Jeff Schiller, Butler Lampson, Steve Bellovin or myself who are well known in the industry but may not pop up in print as often you will get a fairly consistent reply on the value of various strategies but in every case you will be told that what is meant 'secure' depends on your particular needs.
What you will not get is computer security boiled down to a simple set of rules. You might get 'Security is risk control, not risk elimination' which has been arround for several decades before Bruce recently claimed it.
What security is not is the set of ideological slogans that tend to infest slashdot. For example 'security through obscurity' is regularly brought out to attack what are actually valid security strategies. It took several years to get the unix community to undersand that shadow passwords are not a form of security through obscurity. Many folk on slashdot think that unix has always had them.
Before looking at site policy or anything else suggested so far as the 'first step' ask yourself what assets do I have and what damage would be caused if they were disclosed, erased or otherwise damaged?. This is actually quite a hard question and many people will miss out their most important assets. For example the CIA and NSA failled to consider their reputation as an asset when they outsourced the running of their Web sites with embarassing results when they were hacked. The Whitehouse did not make that mistake. Before the site ever went online they realised that the Web site was potentially a reputation asset. The first target of a coup is always the television station since the coup plotters can often get people to comply with the revolution just by announcing that it has taken place. Also they had been bitten during the 1992 election campaign when an NRA supporter sent out a fake press release promissing an imminent gun grabbing. Ironically the response to the fake release suggested that gun grabbing was popular, so know you know who you have to blame.
As for the book, it sounds to me that this is a very 'down in the trenches' type of book. I don't worry about a lot of the attacks described because I would never go near certain technologies. Client side Java, Javascript and other 'winky-blinky' technology would have been much better if never invented. However when you come to build systems you can still have problems because even though you may not use javascript a weakness in javascript could compromise a mechanism you relly on such as session cookies.
I just gor Ross Anderson's book 'Security Engineering'. I have not read it yet but his monograph 'why security protocols fail' is the one that Bruce, Ron Rivest or myself all refer to if we want to quickly install some clues into someone designing a protocol with inadequate security...
Now the catch is after all that R&D investment drugs that pass clinicals only have a patent lasting 5 years before generics can be made
That is not the case. Drug patents are regulated under a special set of rules that tie the patent term to the date on which the FDA gives approval.
There is also a set of riders that allow the drug companies to delay introduction of generics evan after the patent has expired. If a patent holder makes any claim against a generic, no matter how frivolous the generic is automatically denied approval until court proceedings on that claim. If the court throws out the claim the drug company can throw in another one. So generics makers are subject to a series of 18 month delays over the enforcability of suprious patents filled over the dosage rates or minor parts of the invention not disclosed in the original.
The problem is that the congress and president were bought long ago by the drug companies.
META was never intended to be the primary key for search engines. The idea that search engines should believe a page with a billion Meta tags is pretty wierd.
The purpose of Meta was to allow people to add their own search terms to a document for their own convenience. That use is not invalidated just because Google and Co can't find a way to use that information any more than the existence of spam does not invalidate the idea of email.
But because third-party developers are tapping into non-public APIs, Apple has no obligation to maintain access. Every time Apple updates OS X, the software often ceases to function.
So OSX isn't done until Kaleidoscope won't run? I heard that somewhere before.
....Most Kaleidoscope interfaces were ugly as sin...
but they weren't all. I remember some, you-could-almost-say-beautiful, kaleidoscope themes.
I have some small sympathy with Apple wanting to encourage developers to develop applications that observe the look and feel of the machine. I have no sympathy with Apple trying to dictate look and feel.
I have always seen Apple as being like Singapore, a benevolent dictatorship but still a dictatorship (Singapore elections are like the Soviet union, opposition candidates can run in theory but in practice end up in jail on trumped up charges).
The problem with Apple is that while they often get it right, they have often got it wrong. Like the failure to support scroll bars that expanded to represent the amount of scroll for fifteen years after the idea was popularized and the obsession with the one button mouse (try adding a second button to one of yer powerbooks).
In the interests of flight safety, any lightning
observed will generate an immediate SP or (special)
observation to be automatically taken and
recorded as a thunderstorm.
The way I would see it, a volvano erruption could cause a thunderstorm...
Actually, one event that you do list might be the exception is a nuclear explosion. Lightning has certainly been observed in mushroom clouds, however you are not going to be hearing any thunder 'cos there is another noise thats a lot louder....
And almost all lighting comes from, you guessed it,
thunderstorms
Err, I think you will find that when there is lightning thunder will invariably follow, unless of course the two events coincide at a point you had chosen to occupy in space-time.
Ergo all occasions at which lightning is present will be definition be classified as thunder storms and no event in which lightning is not present can be so classified.
I have a question for Vint, do you think that the position of the IETF is under threat from the rise of W3C and OASIS?
Footnote: I am one of the people who originally took standards work to W3C rather than IETF and I was recently being accused of undermining W3C after I started submitting specs to OASIS.
The IETF is an amazingly transparent organization that has consistently "delivered the goods" with almost no back-room politics.
That is an almost but not quite complete crock. If you know how decisions are really made you will find that the IETF is every bit as unrepresentative as ICANN, the difference being that the IETF has not abused its mandate.
The fundamental problem that ICANN and IETF both face is the same problem that any organisation with a large and ill defined membership faces. How do you establish structures so that you ensure that there is accountability without allowing the crazies to take over? It is easy to solve either problem at the cost of the other.
ICANN simply chose to eliminate accountability. Then as they faced criticism as a self perpetuating ogligarchy they went off in search of a group to be accountable to who would cause them least inconvenience. Problem for them was that the only reason to form ICANN was that the US Congress did not want power over the root to be shared with any other country, otherwise the obvious choice would have been the ITU. So when ICANN went to foreign govts it was the worst possible move.
The purpose of the IETF control structures is to allow an old boys network to maintain control without the fact being too obvious. To do this they set up a system in which the IESG and IAB are not nominated by a bizare committee called NOMCOM whose internal discussions are entirely closed. The rules under which NOMCOM operates preserved the status quo for many years until last year when NOMCOM only re-elected one member of the IAB.
The problem the IETF faces now (and many members of the IESG agree) is that it has become an institution and as with any institution its primary purpose is to perpetuate itself. A lot of the working groups have become standing committees. PKIX has been going ten years, so has IPSEC and DNSSEC. Progress in the working groups is slow because the IETF rules of order allow working groups to be held hostage by any faction that is prepared to accept delay rather than have a feature go forward they dislike.
Quite often the old-timer faction behave more like old-farts. Someone will make a very sensible comment and then get told 'well if you understood the issues better you would know why that is a bad idea'. I try to stomp on that sort of behavior whenever I can because I have a reputation that allows me to call any of them, and I believe that even if the comment is boneheaded nobody has the right to use that put down. The only way I got to match the expertise of others was by asking boneheaded questions and never taking putdowns for an answer.
To take one example, Marshall Rose's BEEP protocol was pushed through at a great pace and received proposed standards status very quickly even though none of the companies that are building the Web Service platforms it is meant to serve has any intention of using it. As an SGML die-hard Marshall specified BEEP using DTDs which in XML terms are an obsolete mechanism supported only for legacy purposes. No serious XML developer is going to want to use a DTD based specification as the basis of a communications protocol - whether open source or closed. Despite being told about this from the outset the IESG have been trawling BEEP arround the IETF trying to bully working groups into using it. As a result almost all the Web Services standards groups have now fled IETF for OASIS, and nobody seems to care. It is assumed that the IETF somehow has a mystical aura that sets it apart from other standards fora.
Take a look at the RFC series. The specs are still printed using the technology of the teletype era. Printing them is a nightmare, the page length has to be set just right or else the page headings end up being printed in the middle of the pages, and this is done for 'compatibility'. People will with an entirely straight face claim that HTML is somehow a transitory document format subject to imminent obsolecence. While it is true that some browsers support proprietary extensions, tools to validate HTML against a DTD or Schema have been commonplace for years. But try to change anything and you will be given the run arround by the old fart network.
The Mona Lisa is as well known as the internet in modern society. But is it the person that commissioned the work that is remembered? No. It is the artist.
Wrong analogy, who knows the architect of the Ronald Reagan Federal Building, Ronald Reagan National Airport or Cape Kennedy launch site?
The person who commissions a project is far more likely to get recognition than anyone else, even if they use someone else's money.
Gore was asked what contribution he had made as a politician he gave a completely truthful answer. The Republican party deliberately distored that answer.
The same liars want to start a war and their argument is that we have to trust them. Unfortunately we simply cannot trust them because they have lied to us on the effect of their tax cut on the budget deficit, lied to us on nuclear wast storage in Nevada and lied to us about the case for war:
"I would remind you that when the inspectors first went into Iraq and were denied -- finally denied access [in 1998], a report came out of the Atomic -- the IAEA -- that they were six months away from developing a weapon. I don't know what more evidence we need." George W Bush
Unfortunately that is not what the report says, as you can see for yourself here.
If you are a pathological liar the very best strategy is to go out and brand your opponent a liar.
I really don't think Al Gore or anybody in the federal government was all that crucial in "producing" or "building" the Internet after 1993 (start of the Clinton/Gore administration). The Internet was alive and thriving and widespread (in the U.S. anyway) back in the late 80's -- I used it all the time for email via my CompuServe account in 1990, for example.
That would have been when Gore was Senator for Tennessee and lead the committee that gave funding to the NSFnet at that time. Gore was involved with the Internet when it was still the ARPAnet.
Heck, Gore was involved when we were still having problems with AT&T trying to stop us sending packet data over the telephone system because they saw packet data as competition to circuit switching.
In 1990 the email you sent to an 'Internet' would most likely have travelled over the NSF supported backbone. In addition NSF picked up the tab to run the DNS system, IANA and a lot of other infrastructure we needed.
Today of course those services are all supported on a commercial basis but anyone involved in the transition process knew that Gore was calling the shots. The civil service view at the time was that the administration should simply wait for OSI networking to take off. Tom Kalil and Jock Gill spent a lot of time knocking heads together on that one.
Although the Web grew quickly in academia we did not make much impact in the commercial world outside the computing industry until after whitehouse.gov went online. Afterwards it was like someone had turned on a lightswitch.
To be fair there were also Republicans who were very helpful. Newt Gingrich made a lot of enemies setting up the Congressional Web site. However the people who smeared Gore were the same folk who did Newt's political career in.
But this is the same Al Gore who said that Love Story was written about him. I would not dismiss his ego:->
Much as I hate to burst your bubble here, what Gore actually said was that a newspaper had reported that Gore and Tipper were the role models for Love Story. This was true, the newspaper did print the story.
The author later issued a correction, he did not base a character on Tipper. He did however base the male guy on Gore.
This is not very suprising since the author was a good friend of Gore and Gore's sister was dying of lung cancer caused by smoking when the book was being written.
Nor is the quote particularly boastful, from the original story:
POOLEY AND TUMULTY: Around midnight, after a three-city tour of Texas last month, the Vice President came wandering back to the press compartment of Air Force Two. Sliding in behind a table with the two reporters covering him that day, he picked slices of fruit from their plates and spent two hours swapping opinions about movies and telling stories about old chums like Erich Segal, who, Gore said, used Al and Tipper as models for the uptight preppy and his free-spirited girl friend in Love Story; and Gore's Harvard roommate Tommy Lee Jones, who played the roommate of the Gore-like character in the movie version of Segal's book...
Uptight Preppy?
Henneberger of the Sunday New York Times went off to interview Segal on the issue:
HENNEBERGER: The character of the preppy Harvard hockey player Oliver Barrett 4th was modeled on both Mr. Gore and his college roommate, the actor Tommy Lee Jones.
What has this got to do with Vint? Well Gore got the funding for an awful lot of Vint's work.
How else do you parse the words "I took the initative in creating the Internet."
How on earth could you parse it to come up with 'invent' - oh yes you take it to the Cato institute and ask for their intepretation. This is actually what happened as has been repeatedly documented, Declan wrote his mendatious piece in Wired, which somehow ended up with the headline 'Gore claims to invent Internet' - I do not know if Wired online has sub-editors to write headlines. Declan then took the piece to his then friend at Cato and got a response on it, then he re-reported his original piece by reporting on the Cato release and Gingrich's office but failed to mention he was the source of the original claim. He also failed to make any attempt to talk to the Gore campaign.
The Declan smear was a calculated and deliberate strategy on the part of the Bush campaign to deny Gore the chance to use one of his biggest achievements in the Senate and Whitehouse. It was repeated by the Republican media long after it had been disproved.
The way to parse the sentence by the way is to observe that 'to take the initiative' has a very specific meaning in Senate terms. It means to be a principal sponsor of a bill or ammendment. Gore was the principal sponsor of most Internet related bills and in particular the bill that funded the NSFNet backbone that created the first Internet.
The Internet was not an invention, it was a network that was initially funded by government money. Packet switching was an invention, the Internet is a specific instance of the invention.
Gore clearly did not intend to claim that he had any part in the technical development of the Internet.
As for how a 'normal' person might misinterpet the statement, I don't think anyone but a rabid libertarian would imagine that the government had no part in the creation of the Internet. Even if Gore did mis-speak on that occasion how many times has Bush misspoken? How many times has he been called on it. Bush described the senate as 'not interested in national security' eight times before he got called on it last week and the people who claimed that it is unpatriotic for senators to even defend themselves from Bush's partisan attack are the same ones who made such an issue of Gore's statement.
But if you submit the spec and you only go after people with proprietary software, you're ok. And, in order for the other company to stop you, they would have to release their code under an OSI-approved license with the patent MAD (mutally assured destruction) clause. Which shouldn't bother you anyway since you're making use of OSS somewhere.
That is not how the clause is written. The effect as written is incompatible with the current practice of royalty free reciprocal patent licenses which it attempts to copy. This is obviously not the intent, the author botched the job.
As for not being bothered about being unable to enforce any patent right in any circumstance, I think that the argument made is religious rather than pragmatic.
Just because a piece of software is purported to be 'open source' does not mean that it is released as open source in good faith. The effect of the clause is to allow a party to deprive another of rights they hold by releasing source code under a particular license - thus creating the motivation for bad faith releases.
Currently I read the clause as a kind of 'morality enforcer' that says "if you do something I don't like - even if it doesn't involve me or my software - you can't use my software" with the think you don't like being enforcing software patents against OSS software.
That is what the licenses say. So if you hold the patent on MP3 and attempt to enforce it against someone who writes an MP3 player released under the license that then prevents you from using any software whatsoever licensed with that clause.
I don't think that is justified because it implicitly assumes that all software patents are unjustified. It even prevents the defensive use of a software patent. For example if I write a spec X and submit it to a standards body I will quite likely file a bunch of patents to stop a patent troll doing the same. When the spec goes to the standards body there is a term that states that anyone can have a royalty free license to use the spec provided they do not make a claim against my company for using that particular spec under a patent that they hold. In doing so I have arguably exercised a patent right. Certainly if the patent troll takes the issue to court and we threaten or file a countersuit we have done so.
The idea is good but the implementation is broken. This is not a case where someone can say 'well the intention is clear' since a) the intention is not clear and b) a court is likely to say it does not care what the intention was they will look at the four corners of the document and that is all they are going to care about.
I don't think my legal dept would allow us to use code licensed under these terms
Give the lawyer no information, but contact him, and calmly discuss your case with him You can hire a lawyer if you have the money but it is in your best interest to entertain the lawyer's contentions seriously and to state your case clearly: that he won't collect, and that there is a long road to go before he can prove you were the authorof Klez.
NOT UNLESS YOU TELL THE LAWYER THE CONVERSATION IS WITHOUT Predjudice.
Otherwise anything you can and will be used against you.
However in a case of this type the lawyer is almost certain to be more resonable than his client. If you could provide the lawyer with a link to one of the Virus sites that describes this behavior of Klez the lawyer might even get the CEO to back off and appologise.
Incidentally what sort of CEO are we talking about? Like CEO of bogswater technology net revenue $300K per year can probably be blown off without as much worry as the CEO of an F500 company. The downside is that the CEO of bogswater Inc. is much more likely to be a complete and utter prick.
They couldn't find anyone willing to take the job already, someone within the company? Surely anyone would be oh so anxious to take a job like this, fighting for such a noble cause...
It is easy to find someone willing to do a job, harder to find someone capable. Warner is not a technology company, although it is part of AOL which allegedly is. Companies like Warner are most likely to hire senior technical management out of technology companies.
However looking through the AOL Web site it is clear that the job is hardly a top tier technology placement. Although it carries the title CTO there are many CTOs at AOLTimeWarner and this job is in the second tier.
I don't think it forms any coherent political ideology, but then again neither does libertarianism.
Insofar as slashdotism is about eliminating inequalities of wealth with respect to intelectual property it could be called 'socialism'. Although I don't think that Robert Owen would have seen it that way.
Insofar as slashdotism is the unfettered persuit of self interest it is libertarian.
The problem is that the essence of libertariaism is the rejection of all social obligations. As Margret Thatcher once said in one of her loonier moments 'there is no such thing as society'. Slashdotism is all about community and so I don't think that it is libertarian.
This is a very presumptuous comment. Believe it or not, there are technical people out there (programmers, engineers, etc.) who do not subscribe to the Slashdot libertarianism, who believe in patents, who support copyright protection, etc.
People don't seem to have any trouble working on building weapons of mass destruction. And for that matter, folk who really follow the Ayn Rand philosophy of 'serve your own self interest, bugger everyone else' should not have any trouble working for Saddam Hussein, let alone the RIAA.
I think I got headhunted for this position last week. I get a lot of headhunter calls, most are just trawlling for any engineer, this one had prepped. She had either got a copy of my resume somehow or someone had done a web search and put it together.
Now, I have consistently argued against Napster and its ilk. But I would not take a position of that type unless I had full control over the strategy and it is clear that they see combatting the P2P threat in technical terms and not psychological terms. Confrontation with your customers is a stupid tactic.
The point is that people will balk at $2000 for a TV then go and blow $1000 on a light fixture. When it gets to cars things get even whackier. My car has a sound system with a $2,500 list price, I got it at no extra cost because I bought the floor model. But some people will obviously pay that amount - and then probably gripe about paying the same for a TV.
I thought the outrage at the Tyco CEO's $6000 'shower curtain' was somewhat amusing since I was quoted $3,000 for one myself. Now I don't know what Kozlowski was buying but I somehow doubt it would have been one of those pvc drapes than hangs from a pole. If you want a glass door type affair they cost a lot.
Or look at it this way, Bush's war that he wants to start in Iraq will by most accounts cost at least $100 billion. If the occupation costs as much again we are looking at a $2,000 cost for every familly in the US. One would think that the 'liberal media' would be talking about this if $2,000 was a lot of money.
Who in their right mind spends $2000 on a television? I guess some people do, because I see them carting those huge boxes outside to their car.
Never bought a house then? Thought not.
Buy a house and you will suddenly find that you end up paying the most ridiculous prices for stuff. It is pretty easy to end up paying $2,000 just to hang wallpaper. And as for curtains. And don't think that you have a choice about it since in matters of this type you will be overulled by she who must be obeyed or you won't get sex for three months.
So when you get to this point you will find yourself buying a $2000 TV because doing so is much cheaper than redecorating. And at the end of the day you are going to look at the TV much more often tha anything else in your house.
Pain stimulators? i'm waiting for pleasure stimulators. Then my porn collection would be SO much more enjoyable.
Letsee for $20,000 you can do what? Make the couch vibrate gently. Methinks that the system you are after is gonna cost a whole lot more.
In comparison for roughly $200 you can go get the real thing in a legalized establishment in Nevada. So for the price of your automated bonk-o-matic you can have a bonk a week for over two years.
In Europe of course your capital investment will go a lot further. Invested in an interest bearing account you could engage the Euro 50 services of a window girl 32 times a year - about once every 10 days from the interest alone.
At least that is what a cursory search of the Internet implies.
Of course you may say that it is a real sad type who goes to visit prostitutes, but what does that make the folk using the bonk-o-matic???
Of course life being unfair it turns out that the female anatomy is considerably more compatible with artificial coitus. Examples may be found on the Web. Unfortunately it appears that these guys are rather more interested in the subject from the male point of view. For example one would think that from the pure engineering point of view, solenoids would provide a more effective basic technology for their purposes than rotory motors with sun and planet drives.
Also rather than have the device synchronized to a video track one would think that biometric feedback to determine what types of stimulation are being best received.
Sorry but I don't think I want to put any part of my anatomy into a device of that kind (or for that matter have it inserted into me).
But they are a little bit more interesting than yet another case mod hack.
Slashdot Mirror
Well it is easy enough to find out. Take the Microsoft J# or C# compilers which have a highly optimized back end and compare with a good FORTRAN. My guess would be that C# and J# would give almost exactly the same results since the two languages have the same feature set. C# might have an edge since it is slightly newer and was designed by the people who wrote the back end of the Visual C++ compiler which is the base of CLR.
I would expect both to outperform FORTRAN.
The reason is that FORTRAN gives very little assistance to an optimizer. OK loops can be unrolled. Guess what? every optimizing C compiler does the exact same thing.
The only reason why FORTRAN might be faster is the static allocation model. This means that pointers can effectively be derefferenced at compile time. But that does not provide a huge advantage for today's processors.
You are not comparing like with like. Depending on how you code bubble sort can be quite fast if the items are already mostly in order.
C++ is not the frienliest of languages to write an optimizing compiler for and if you buy the standard edition of Visual C++ you don't even get the optimizer. So comparing languages on the basis of unspecified compilers is idiotic.
I have used Fortran extensively and in particular for numerical applications. My experience was that the code people wrote in Fortran tended to have a much greater number of bugs. There were plenty of libraries arround but the quality was mostly very poor. Even very well known packages such as CERNLIB were riddled with bugs, even after 20 years of development.
A competent programmer working in any imperative language can write code that outperforms an incompetent programer in any other. Most of the physicists I worked with didn't even turn on the optimizer.
I just went to their Web site and if you click through you will find that they do actually sell Thawte certificates, you are sent to the Thawte site.
This is probably just an innocent thing where people were going to Thwate and trying to get certificates and someone decided to take advantage of the channel.
I will get onto legal tommorrow however just to make sure that nothing unfriendly gets said by mistake. There used to be a company in the UK with a vacum cleaner called VAX. They got a nastygram from a random DEC legal outfit every week.
You've simply moved the password information to another slightly less readable file (by file permissions) but it still is readable off backup tapes and other tricks
I don't agree. File permissions are not a sufficient protection for a password file. Neither is one way encryption. The combination is an acceptable level of security fot some applications.
Security through obscurity is something else entirely. It is assuming that a process is so complex that the complexity provides security.
If you want to redefine the meaning of security through obscurity, that is fine. Just remember to change the assertion that security through obscurity is alway bad at the same time.
To take the argument to the extreme I would insist on using one way encryption even if the password file was to be stored in trusted hardware where the problems of inadvertent disclosure you cite could not occur.
You basically had to know someone in the company to get one. I had the same experience trying to buy CDPD service a few years back. I could not find the damn product on their Web site or through their customer service line - even though it had existed for several years.
In the end I called up one of their senior VPs, and not just an ordinary senior VP. I explained who I am, stuff I did, company I work for and why it would be in their interests to let me get the service (we were doing eight figures worth of business with them at the time). So he says he will get on it and then a couple of weeks later he sends me an email saying that he tried to get it for himself and they could not get it to happen. Also the business unit in question could not understand why it was failing to sell...
I know someone who did get one of the Iridium phones, he was a VP of technology at Visa (see the sort of place you have to be). The phone was the size and weight of a brick.
Basically what killed Iridium was the announcement of Iridium. The whole value proposition was to be able to talk anywhere. Great, only you can get cell service almost anywhere you are likely to be. Certainly in every major city. The problem was not the lack of connectivity it was the ability to connect and the ridiculous use fees. Once iridium appeared the providers had a huge incentive to fix those things fast. So I can know make cell calls from pretty much anywhere I am likely to go for $1 a minute or less.
According to reports something like 40% of the iridium phones that were actually used were sold to Taleban and then Opposition forces in Afghanistan.
Every categorical statement about computer security is wrong.
If you talk to anyone in the top rank of information security, whether someone with a public profile like Bruce Schneier or Ross Anderderson or people like Jeff Schiller, Butler Lampson, Steve Bellovin or myself who are well known in the industry but may not pop up in print as often you will get a fairly consistent reply on the value of various strategies but in every case you will be told that what is meant 'secure' depends on your particular needs.
What you will not get is computer security boiled down to a simple set of rules. You might get 'Security is risk control, not risk elimination' which has been arround for several decades before Bruce recently claimed it.
What security is not is the set of ideological slogans that tend to infest slashdot. For example 'security through obscurity' is regularly brought out to attack what are actually valid security strategies. It took several years to get the unix community to undersand that shadow passwords are not a form of security through obscurity. Many folk on slashdot think that unix has always had them.
Before looking at site policy or anything else suggested so far as the 'first step' ask yourself what assets do I have and what damage would be caused if they were disclosed, erased or otherwise damaged?. This is actually quite a hard question and many people will miss out their most important assets. For example the CIA and NSA failled to consider their reputation as an asset when they outsourced the running of their Web sites with embarassing results when they were hacked. The Whitehouse did not make that mistake. Before the site ever went online they realised that the Web site was potentially a reputation asset. The first target of a coup is always the television station since the coup plotters can often get people to comply with the revolution just by announcing that it has taken place. Also they had been bitten during the 1992 election campaign when an NRA supporter sent out a fake press release promissing an imminent gun grabbing. Ironically the response to the fake release suggested that gun grabbing was popular, so know you know who you have to blame.
As for the book, it sounds to me that this is a very 'down in the trenches' type of book. I don't worry about a lot of the attacks described because I would never go near certain technologies. Client side Java, Javascript and other 'winky-blinky' technology would have been much better if never invented. However when you come to build systems you can still have problems because even though you may not use javascript a weakness in javascript could compromise a mechanism you relly on such as session cookies.
I just gor Ross Anderson's book 'Security Engineering'. I have not read it yet but his monograph 'why security protocols fail' is the one that Bruce, Ron Rivest or myself all refer to if we want to quickly install some clues into someone designing a protocol with inadequate security...
That is not the case. Drug patents are regulated under a special set of rules that tie the patent term to the date on which the FDA gives approval.
There is also a set of riders that allow the drug companies to delay introduction of generics evan after the patent has expired. If a patent holder makes any claim against a generic, no matter how frivolous the generic is automatically denied approval until court proceedings on that claim. If the court throws out the claim the drug company can throw in another one. So generics makers are subject to a series of 18 month delays over the enforcability of suprious patents filled over the dosage rates or minor parts of the invention not disclosed in the original.
The problem is that the congress and president were bought long ago by the drug companies.
Which is one of the things they are there for.
META was never intended to be the primary key for search engines. The idea that search engines should believe a page with a billion Meta tags is pretty wierd.
The purpose of Meta was to allow people to add their own search terms to a document for their own convenience. That use is not invalidated just because Google and Co can't find a way to use that information any more than the existence of spam does not invalidate the idea of email.
But because third-party developers are tapping into non-public APIs, Apple has no obligation to maintain access. Every time Apple updates OS X, the software often ceases to function.
So OSX isn't done until Kaleidoscope won't run? I heard that somewhere before.
but they weren't all. I remember some, you-could-almost-say-beautiful, kaleidoscope themes.
I have some small sympathy with Apple wanting to encourage developers to develop applications that observe the look and feel of the machine. I have no sympathy with Apple trying to dictate look and feel.
I have always seen Apple as being like Singapore, a benevolent dictatorship but still a dictatorship (Singapore elections are like the Soviet union, opposition candidates can run in theory but in practice end up in jail on trumped up charges).
The problem with Apple is that while they often get it right, they have often got it wrong. Like the failure to support scroll bars that expanded to represent the amount of scroll for fifteen years after the idea was popularized and the obsession with the one button mouse (try adding a second button to one of yer powerbooks).
The way I would see it, a volvano erruption could cause a thunderstorm...
Actually, one event that you do list might be the exception is a nuclear explosion. Lightning has certainly been observed in mushroom clouds, however you are not going to be hearing any thunder 'cos there is another noise thats a lot louder....
Err, I think you will find that when there is lightning thunder will invariably follow, unless of course the two events coincide at a point you had chosen to occupy in space-time.
Ergo all occasions at which lightning is present will be definition be classified as thunder storms and no event in which lightning is not present can be so classified.
Footnote: I am one of the people who originally took standards work to W3C rather than IETF and I was recently being accused of undermining W3C after I started submitting specs to OASIS.
The IETF is an amazingly transparent organization that has consistently "delivered the goods" with almost no back-room politics.
That is an almost but not quite complete crock. If you know how decisions are really made you will find that the IETF is every bit as unrepresentative as ICANN, the difference being that the IETF has not abused its mandate.
The fundamental problem that ICANN and IETF both face is the same problem that any organisation with a large and ill defined membership faces. How do you establish structures so that you ensure that there is accountability without allowing the crazies to take over? It is easy to solve either problem at the cost of the other.
ICANN simply chose to eliminate accountability. Then as they faced criticism as a self perpetuating ogligarchy they went off in search of a group to be accountable to who would cause them least inconvenience. Problem for them was that the only reason to form ICANN was that the US Congress did not want power over the root to be shared with any other country, otherwise the obvious choice would have been the ITU. So when ICANN went to foreign govts it was the worst possible move.
The purpose of the IETF control structures is to allow an old boys network to maintain control without the fact being too obvious. To do this they set up a system in which the IESG and IAB are not nominated by a bizare committee called NOMCOM whose internal discussions are entirely closed. The rules under which NOMCOM operates preserved the status quo for many years until last year when NOMCOM only re-elected one member of the IAB.
The problem the IETF faces now (and many members of the IESG agree) is that it has become an institution and as with any institution its primary purpose is to perpetuate itself. A lot of the working groups have become standing committees. PKIX has been going ten years, so has IPSEC and DNSSEC. Progress in the working groups is slow because the IETF rules of order allow working groups to be held hostage by any faction that is prepared to accept delay rather than have a feature go forward they dislike.
Quite often the old-timer faction behave more like old-farts. Someone will make a very sensible comment and then get told 'well if you understood the issues better you would know why that is a bad idea'. I try to stomp on that sort of behavior whenever I can because I have a reputation that allows me to call any of them, and I believe that even if the comment is boneheaded nobody has the right to use that put down. The only way I got to match the expertise of others was by asking boneheaded questions and never taking putdowns for an answer.
To take one example, Marshall Rose's BEEP protocol was pushed through at a great pace and received proposed standards status very quickly even though none of the companies that are building the Web Service platforms it is meant to serve has any intention of using it. As an SGML die-hard Marshall specified BEEP using DTDs which in XML terms are an obsolete mechanism supported only for legacy purposes. No serious XML developer is going to want to use a DTD based specification as the basis of a communications protocol - whether open source or closed. Despite being told about this from the outset the IESG have been trawling BEEP arround the IETF trying to bully working groups into using it. As a result almost all the Web Services standards groups have now fled IETF for OASIS, and nobody seems to care. It is assumed that the IETF somehow has a mystical aura that sets it apart from other standards fora.
Take a look at the RFC series. The specs are still printed using the technology of the teletype era. Printing them is a nightmare, the page length has to be set just right or else the page headings end up being printed in the middle of the pages, and this is done for 'compatibility'. People will with an entirely straight face claim that HTML is somehow a transitory document format subject to imminent obsolecence. While it is true that some browsers support proprietary extensions, tools to validate HTML against a DTD or Schema have been commonplace for years. But try to change anything and you will be given the run arround by the old fart network.
Wrong analogy, who knows the architect of the Ronald Reagan Federal Building, Ronald Reagan National Airport or Cape Kennedy launch site?
The person who commissions a project is far more likely to get recognition than anyone else, even if they use someone else's money.
Gore was asked what contribution he had made as a politician he gave a completely truthful answer. The Republican party deliberately distored that answer.
The same liars want to start a war and their argument is that we have to trust them. Unfortunately we simply cannot trust them because they have lied to us on the effect of their tax cut on the budget deficit, lied to us on nuclear wast storage in Nevada and lied to us about the case for war:
"I would remind you that when the inspectors first went into Iraq and were denied -- finally denied access [in 1998], a report came out of the Atomic -- the IAEA -- that they were six months away from developing a weapon. I don't know what more evidence we need." George W Bush
Unfortunately that is not what the report says, as you can see for yourself here.
If you are a pathological liar the very best strategy is to go out and brand your opponent a liar.
That would have been when Gore was Senator for Tennessee and lead the committee that gave funding to the NSFnet at that time. Gore was involved with the Internet when it was still the ARPAnet.
Heck, Gore was involved when we were still having problems with AT&T trying to stop us sending packet data over the telephone system because they saw packet data as competition to circuit switching.
In 1990 the email you sent to an 'Internet' would most likely have travelled over the NSF supported backbone. In addition NSF picked up the tab to run the DNS system, IANA and a lot of other infrastructure we needed.
Today of course those services are all supported on a commercial basis but anyone involved in the transition process knew that Gore was calling the shots. The civil service view at the time was that the administration should simply wait for OSI networking to take off. Tom Kalil and Jock Gill spent a lot of time knocking heads together on that one.
Although the Web grew quickly in academia we did not make much impact in the commercial world outside the computing industry until after whitehouse.gov went online. Afterwards it was like someone had turned on a lightswitch.
To be fair there were also Republicans who were very helpful. Newt Gingrich made a lot of enemies setting up the Congressional Web site. However the people who smeared Gore were the same folk who did Newt's political career in.
Much as I hate to burst your bubble here, what Gore actually said was that a newspaper had reported that Gore and Tipper were the role models for Love Story. This was true, the newspaper did print the story.
The author later issued a correction, he did not base a character on Tipper. He did however base the male guy on Gore.
This is not very suprising since the author was a good friend of Gore and Gore's sister was dying of lung cancer caused by smoking when the book was being written.
http://www.dailyhowler.com/h033099_1.shtml
Nor is the quote particularly boastful, from the original story:
POOLEY AND TUMULTY: Around midnight, after a three-city tour of Texas last month, the Vice President came wandering back to the press compartment of Air Force Two. Sliding in behind a table with the two reporters covering him that day, he picked slices of fruit from their plates and spent two hours swapping opinions about movies and telling stories about old chums like Erich Segal, who, Gore said, used Al and Tipper as models for the uptight preppy and his free-spirited girl friend in Love Story; and Gore's Harvard roommate Tommy Lee Jones, who played the roommate of the Gore-like character in the movie version of Segal's book...
Uptight Preppy?
Henneberger of the Sunday New York Times went off to interview Segal on the issue:
HENNEBERGER: The character of the preppy Harvard hockey player Oliver Barrett 4th was modeled on both Mr. Gore and his college roommate, the actor Tommy Lee Jones.
What has this got to do with Vint? Well Gore got the funding for an awful lot of Vint's work.
How on earth could you parse it to come up with 'invent' - oh yes you take it to the Cato institute and ask for their intepretation. This is actually what happened as has been repeatedly documented, Declan wrote his mendatious piece in Wired, which somehow ended up with the headline 'Gore claims to invent Internet' - I do not know if Wired online has sub-editors to write headlines. Declan then took the piece to his then friend at Cato and got a response on it, then he re-reported his original piece by reporting on the Cato release and Gingrich's office but failed to mention he was the source of the original claim. He also failed to make any attempt to talk to the Gore campaign.
The Declan smear was a calculated and deliberate strategy on the part of the Bush campaign to deny Gore the chance to use one of his biggest achievements in the Senate and Whitehouse. It was repeated by the Republican media long after it had been disproved.
The way to parse the sentence by the way is to observe that 'to take the initiative' has a very specific meaning in Senate terms. It means to be a principal sponsor of a bill or ammendment. Gore was the principal sponsor of most Internet related bills and in particular the bill that funded the NSFNet backbone that created the first Internet.
The Internet was not an invention, it was a network that was initially funded by government money. Packet switching was an invention, the Internet is a specific instance of the invention.
Gore clearly did not intend to claim that he had any part in the technical development of the Internet.
As for how a 'normal' person might misinterpet the statement, I don't think anyone but a rabid libertarian would imagine that the government had no part in the creation of the Internet. Even if Gore did mis-speak on that occasion how many times has Bush misspoken? How many times has he been called on it. Bush described the senate as 'not interested in national security' eight times before he got called on it last week and the people who claimed that it is unpatriotic for senators to even defend themselves from Bush's partisan attack are the same ones who made such an issue of Gore's statement.
That is not how the clause is written. The effect as written is incompatible with the current practice of royalty free reciprocal patent licenses which it attempts to copy. This is obviously not the intent, the author botched the job.
As for not being bothered about being unable to enforce any patent right in any circumstance, I think that the argument made is religious rather than pragmatic.
Just because a piece of software is purported to be 'open source' does not mean that it is released as open source in good faith. The effect of the clause is to allow a party to deprive another of rights they hold by releasing source code under a particular license - thus creating the motivation for bad faith releases.
That is what the licenses say. So if you hold the patent on MP3 and attempt to enforce it against someone who writes an MP3 player released under the license that then prevents you from using any software whatsoever licensed with that clause.
I don't think that is justified because it implicitly assumes that all software patents are unjustified. It even prevents the defensive use of a software patent. For example if I write a spec X and submit it to a standards body I will quite likely file a bunch of patents to stop a patent troll doing the same. When the spec goes to the standards body there is a term that states that anyone can have a royalty free license to use the spec provided they do not make a claim against my company for using that particular spec under a patent that they hold. In doing so I have arguably exercised a patent right. Certainly if the patent troll takes the issue to court and we threaten or file a countersuit we have done so.
The idea is good but the implementation is broken. This is not a case where someone can say 'well the intention is clear' since a) the intention is not clear and b) a court is likely to say it does not care what the intention was they will look at the four corners of the document and that is all they are going to care about.
I don't think my legal dept would allow us to use code licensed under these terms
NOT UNLESS YOU TELL THE LAWYER THE CONVERSATION IS WITHOUT Predjudice .
Otherwise anything you can and will be used against you.
However in a case of this type the lawyer is almost certain to be more resonable than his client. If you could provide the lawyer with a link to one of the Virus sites that describes this behavior of Klez the lawyer might even get the CEO to back off and appologise.
Incidentally what sort of CEO are we talking about? Like CEO of bogswater technology net revenue $300K per year can probably be blown off without as much worry as the CEO of an F500 company. The downside is that the CEO of bogswater Inc. is much more likely to be a complete and utter prick.
It is easy to find someone willing to do a job, harder to find someone capable. Warner is not a technology company, although it is part of AOL which allegedly is. Companies like Warner are most likely to hire senior technical management out of technology companies.
However looking through the AOL Web site it is clear that the job is hardly a top tier technology placement. Although it carries the title CTO there are many CTOs at AOLTimeWarner and this job is in the second tier.
I don't think it forms any coherent political ideology, but then again neither does libertarianism.
Insofar as slashdotism is about eliminating inequalities of wealth with respect to intelectual property it could be called 'socialism'. Although I don't think that Robert Owen would have seen it that way.
Insofar as slashdotism is the unfettered persuit of self interest it is libertarian.
The problem is that the essence of libertariaism is the rejection of all social obligations. As Margret Thatcher once said in one of her loonier moments 'there is no such thing as society'. Slashdotism is all about community and so I don't think that it is libertarian.
People don't seem to have any trouble working on building weapons of mass destruction. And for that matter, folk who really follow the Ayn Rand philosophy of 'serve your own self interest, bugger everyone else' should not have any trouble working for Saddam Hussein, let alone the RIAA.
I think I got headhunted for this position last week. I get a lot of headhunter calls, most are just trawlling for any engineer, this one had prepped. She had either got a copy of my resume somehow or someone had done a web search and put it together.
Now, I have consistently argued against Napster and its ilk. But I would not take a position of that type unless I had full control over the strategy and it is clear that they see combatting the P2P threat in technical terms and not psychological terms. Confrontation with your customers is a stupid tactic.
Actually three, but they are half panelled.
The point is that people will balk at $2000 for a TV then go and blow $1000 on a light fixture. When it gets to cars things get even whackier. My car has a sound system with a $2,500 list price, I got it at no extra cost because I bought the floor model. But some people will obviously pay that amount - and then probably gripe about paying the same for a TV.
I thought the outrage at the Tyco CEO's $6000 'shower curtain' was somewhat amusing since I was quoted $3,000 for one myself. Now I don't know what Kozlowski was buying but I somehow doubt it would have been one of those pvc drapes than hangs from a pole. If you want a glass door type affair they cost a lot.
Or look at it this way, Bush's war that he wants to start in Iraq will by most accounts cost at least $100 billion. If the occupation costs as much again we are looking at a $2,000 cost for every familly in the US. One would think that the 'liberal media' would be talking about this if $2,000 was a lot of money.
Never bought a house then? Thought not.
Buy a house and you will suddenly find that you end up paying the most ridiculous prices for stuff. It is pretty easy to end up paying $2,000 just to hang wallpaper. And as for curtains. And don't think that you have a choice about it since in matters of this type you will be overulled by she who must be obeyed or you won't get sex for three months.
So when you get to this point you will find yourself buying a $2000 TV because doing so is much cheaper than redecorating. And at the end of the day you are going to look at the TV much more often tha anything else in your house.
Letsee for $20,000 you can do what? Make the couch vibrate gently. Methinks that the system you are after is gonna cost a whole lot more.
In comparison for roughly $200 you can go get the real thing in a legalized establishment in Nevada. So for the price of your automated bonk-o-matic you can have a bonk a week for over two years.
In Europe of course your capital investment will go a lot further. Invested in an interest bearing account you could engage the Euro 50 services of a window girl 32 times a year - about once every 10 days from the interest alone.
At least that is what a cursory search of the Internet implies.
Of course you may say that it is a real sad type who goes to visit prostitutes, but what does that make the folk using the bonk-o-matic???
Of course life being unfair it turns out that the female anatomy is considerably more compatible with artificial coitus. Examples may be found on the Web. Unfortunately it appears that these guys are rather more interested in the subject from the male point of view. For example one would think that from the pure engineering point of view, solenoids would provide a more effective basic technology for their purposes than rotory motors with sun and planet drives.
Also rather than have the device synchronized to a video track one would think that biometric feedback to determine what types of stimulation are being best received.
Sorry but I don't think I want to put any part of my anatomy into a device of that kind (or for that matter have it inserted into me).
But they are a little bit more interesting than yet another case mod hack.