It took a long time before Linux had GLX. Arguably that was already when SGI workstations were overtaken by PCs (on value, if not outright performance for high-end SGI workstation v high-end PC, e.g. Octane). Before then, as the comment you're replying to says, you needed a commercial X server for Linux to get GLX.
"IP" is a bogus, meaningless term. What do you actually mean? Copyright? There are fair use exceptions to copyright in the USA, and fair dealing allowed uses in other parts. Note that in the USA, reproducing copyrighted material for the purpose of "criticism" may be considered fair use.
Asking subordinates for sex is wrong. That there was no explicit threat made against her if she rejected does not make it acceptable.
If you think otherwise, well most of the rest of society disagrees with you in many parts of the western world: a manager who does the above _must_ be disciplined (in some meaningful way), or else the company has opened itself up to legal liabilities. A company that ignores multiple such complaints against a manager is going to find itself paying out a lot money when it loses the inevitable employment law court case.
A manager propositioning subordinates is essentially always wrong.
Even in some unlikely situation where the subordinate had unambiguously and clearly been signalling sexual interest in the manager, over a sustained period of time, the manager would be _very_ ill-advised to enter into non-professional relations while the employee was a subordinate or the employee's career could in any way be perceived to be influenceable by the manager. The manager should just not go there, full stop.
In this specific case, she'd been there one day, so we can rule out that highly unlikely scenario, and conclude that if such a proposition was made it was clear misconduct.
Mature, large companies (least, that I'm familiar with) have fairly strict rules banning relations between managers and subordinates for very good reason. Precisely because such relations are very likely to be unhealthy and improper: For the manager, for the subordinate, for other subordinates of the manager, and for the company.
Publishing an algorithm doesn't imply publishing all possibline input to the algorithm. You can publish an algorithm that, say, contains functionality to scan an exclusion list, without ever needing to publish any exclusion list that might exist.
For some sustained period of your life, your calorifie intake exceeded your energy expenditure and you put on weight. You may have reduced your calorie intake since then and stabilised your weight gain, however you have not reduced your calorie intake and/or increased your energy expenditure sufficiently to/reduce/ your weight.
At core, it is that simple.
There are details that matter though. E.g., different foods are digested and metabolised in different ways, and can produce different hormonal and neurological responses. E.g., sugar is processed quickly, alters insulin levels quickly, and your brain tends to crave it - so it doesn't fill you up. Higher fibre, less processed, and lower glycaemic index foods tend to be better for weight control. They make you feel full for longer, take more energy to digest, and your body responds more slowly. E.g., fresh fruit is great in that respect. Indeed, even *fats* aren't a bad thing per se - probably better to get your energy from fats than sugary things. Particularly, unprocessed (esp, never significantly heated) plant fats and oils from nuts, legumes, avocados, etc., seem to be good for us.
Also, not all exercise is equal either. You see people in gyms doing weights trying to lose weight - completely wrong. Sustained, aerobic exercise using the biggest muscles in your body: your legs and your stomach muscles (for breathing - not sit-ups). Doesn't have to be super-hard either, you actually burn more fat at *lower* intensity aerobic exercise. At higher intensities of aerobic exercise (i.e. the kind you can only sustain for ten or twenty minutes), your body uses sugars as they're easier to convert to energy. If you reduce the intensity a bit, down to a level you could sustain for an hour+, you should get to a zone where your body can meet the energy demands by burning fat stores - and your body usually will prefer to burn fat stores when it can (carbohydrate stores being more limited and precious).
The biggest issue is finding time for exercise. I hate the gym myself. To get exercise, I need to build it into my life so it's simply unavoidable. For me, that means relying on a bicycle to get to/from work. Cycling has worked for others. E.g., see: https://theamazing39stonecycli... - he lost 170 kilogrammes (~376 lbs) in a couple of years, by cycling.
If you review your life, make changes to how and what you eat, and exercise, it is possible to get to a healthy weight. Not easy, but you can make it happen.
Multivitamins are pretty useless. You need a far more diverse range of proteins and other elements, than you can get from McMuffins, McBurgers, McSalads and pizza.
Oh, and also, it sounds like you eat at McDonalds for breakfast and dinner. I wonder if even the salad is McDonalds? (McDonalds amazingly can make a salad be as calorific as a burger btw!). That doesn't sound good at all.
There was an excellent programme in the UK called "Secret eaters". They would have obese people - often a set from same household - who couldn't understand why they weren't losing weight, despite eating all healthy, compile a food diary. These food diaries would nearly always show the person was eating well, and should be losing weight.
The good bit was they'd then put the person under surveillance, with cameras in the house and (unbeknownst to the people) detectives following them around. Then they would compile a list of what the people were _actually_ eating. Pretty much universally, the obese people in their programmes were self-delusional about their eating. E.g., they'd tell themselves "But I only eat a salad for lunch" while ignoring all the sugary and/or fatty snacks they were eating at their desk or on breaks before other, and/or ignoring various calorie-rich sauces or other sides they were having with the salad - that type of thing.
Look at what you're citing "light to moderate alcohol drinking had no direct protective effect on mortality" - not "no effect" but "no direct _protective_ effect". I.e. it is saying there is no evidence for the hypothesis that drinking _helps_ your health.
The system is subverted, e.g. command.com has been modified, so that when Borland Turbo is loaded into memory it too is subverted. Alternatively, DOS 22h is replaced with a version that checks every disk write to see if it is the beginning of a DOS executable, and if so, subverts it. Alternatively,... etc.
There are surely many ways. Otherwise, you are arguing that DOS is not vulnerable to a broad range of all-powerful subversions, which is patently untrue.
Not sure what car manifolds have to do with it - argumentum ad vehiculum.
Again, you're assuming that an old toolchain can only have old attacks. That's a flawed assumption. A modern attacker can subvert your system so that old toolchains are subverted to apply further subversions.
Are there practical steps we can take to raise the bar and make such attacks much harder to execute. Sure. Can we guarantee our system is free of such subversions, without either trusting others to some degree or building the system entirely ourselves: no we can't. Which was Thompson's point.
I'm not familiar with DOS exe format. However, there must be some well-defined entry point.
Thompson's attack doesn't mean that any subversion of the Borland 1.0 compiler is limited to when the Borland 1.0 compiler was created. Thompson was making an extremely general point about security in programmable systems: You either build pretty much all of it yourself, or else you must invest trust in others.
Good thing there are no well-known, stable hooks in programmes to allow code to be run in a generic fashion, as part of, say, binary file formats. Oh wait...
The CDROM might be read-only, but the software has to be copied into memory by something in order to run. As per Thompson's original point, it isn't sufficient to protect one piece of the system. As he stated, his attack implies that *every* programme that is involved in the handling of software must either be validated to the same level as having written it yourself OR you must invest trust:
In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program..
(emphasis mine).
Indeed, his point on trust extends beyond just programme-handling programmes to all logic (soft or hard) involved in the handling and the running of software. Thompson mentions microcode almost after the text above:
As the level of program gets lower, these bugs will be harder and harder to detect. A well-installed microcode bug will be almost impossible to detect.
Since Thompson, we've had "Blue pill" rootkits that use x86 virtualisation features to effectively run themselves as microcode under the victim system (and unbeknownst to).
Why do you think a new trojan can not infect old binaries?
The Thompson attack is what we would recognise today as a class of virus. Indeed, as Thompson's point was a general one about the unavoidable need to trust others, if one did not build every component capable of basic logical manipulation oneself, to fully counter Thompson's attack you would have to be able to counter every possible kind of virus and rootkit - and not just of the software, but also of any other firmware and microcode that might handle or be involved in running your code. (Read his paper, he is clear he envisions his attack could be implemented in lots of ways and places in the abstract).
And the end of that comment still sounds more dismissive than I wanted... Take 2:
I'm not being dismissive of DDC. Distros regularly attempting to get reproducible builds with diverse compilers will raise the bar and make attacks harder if it can be done, and additionally it will help catch bugs. However, DDC does not fully counter Thompson's attack, and it is good to remain aware of the assumptions it operates under.
I.e. could be a very nice step forward, though it is important to note the "fully countering" isn't quite "fully" and there are limitations.
No he didn't prove it is infeasible. For one, that would require a method to prove that the compilers are indeed wholly independent, which hasn't been provided. Also, note that people in some sub-field of technology tend to move around. An engineer who has worked on one compiler is *more* likely to also work on another compiler at some stage than any random engineer. The DDC technique *assumes* that diverse compilers are independent - it takes it on trust. Wheeler's work if anything re-inforces the essence of Thompson's philosophical point, that we must either completely build and control every aspect of our system OR we must trust to at least some degree in someone else. Note also that someone can frustrate this technique by deliberately making their software not build reproducibly, for apparently innocent reasons (e.g. D Wheeler had such issues with using tcc for DDC). A fuller version of my critique of "Diverse Double-Compiling".
That sounds like I'm being very dismissive of DDC, but I'm not. It could be really useful, *if* it is feasible to actually regularly reproduce builds. Debian is working on this, and hopefully they'll get there - but it's not a trivial task either. However, DDC does not fully counter Thompson's attack - not in the normal absolute sense of the word "fully" at least.
Plus, you're forgetting another big one. The SR first flew in 1964, the Concorde in 1969. The SR was faster, and built 5 years earlier. The Concorde very likely built on lessons learned from the SR.
Actually, you've got it the wrong way around.
The Concorde built on lessons learned from the *British* aircraft and (especially) jet-engine industry, which was world-leading at the end of the war and towards the 1950s. E.g. Concorde draws heavily from experience building the TSR-2. Concorde's engines were *directly* based on the TSR-2's Bristol Olympus engines, which draw heavily on mid-40s Bristol engine technology.
The US had to licence designs from the British to learn how to build jet engines. A number of different British engine designs, from the original Whittle engine, to later Bristol, Armstrong-Siddely and Rolls-Royce designs, were licensed to a number of US makers, including Curtiss-Wright, General Electric and Pratt & Whittney.
It would be far more fair to say the SR-71 drew from British aircraft industry R&D.
NB: I'm not British, and I don't have any great reason to talk up Britain over the USA.
Yet, no one in the west has ever been prosecuted for double-tap strikes. Not even in the infamous "Collateral Damage" video leaked by Bradley Manning, where children are clearly visible through the window of the van of a random Good Samaritan who happened to stumble on the scene of a previous attack and stopped to help.
Oh, for the avoidance of all doubt: The last paragraph is highlighting the consequences of saying that it is OK to kill rescuers, or OK to kill people by association. I personally do *not* believe any of these things are ever generally justified, either by western powers in the Islamic crescent or by militants elsewhere.
Double-tap strikes targeting rescuers are very clearly heinous war-crimes.
Slashdot Mirror
It took a long time before Linux had GLX. Arguably that was already when SGI workstations were overtaken by PCs (on value, if not outright performance for high-end SGI workstation v high-end PC, e.g. Octane). Before then, as the comment you're replying to says, you needed a commercial X server for Linux to get GLX.
It would not be illegal to breach an employment. That would be merely a breach of contract.
"IP" is a bogus, meaningless term. What do you actually mean? Copyright? There are fair use exceptions to copyright in the USA, and fair dealing allowed uses in other parts. Note that in the USA, reproducing copyrighted material for the purpose of "criticism" may be considered fair use.
Asking subordinates for sex is wrong. That there was no explicit threat made against her if she rejected does not make it acceptable.
If you think otherwise, well most of the rest of society disagrees with you in many parts of the western world: a manager who does the above _must_ be disciplined (in some meaningful way), or else the company has opened itself up to legal liabilities. A company that ignores multiple such complaints against a manager is going to find itself paying out a lot money when it loses the inevitable employment law court case.
A manager propositioning subordinates is essentially always wrong.
Even in some unlikely situation where the subordinate had unambiguously and clearly been signalling sexual interest in the manager, over a sustained period of time, the manager would be _very_ ill-advised to enter into non-professional relations while the employee was a subordinate or the employee's career could in any way be perceived to be influenceable by the manager. The manager should just not go there, full stop.
In this specific case, she'd been there one day, so we can rule out that highly unlikely scenario, and conclude that if such a proposition was made it was clear misconduct.
Mature, large companies (least, that I'm familiar with) have fairly strict rules banning relations between managers and subordinates for very good reason. Precisely because such relations are very likely to be unhealthy and improper: For the manager, for the subordinate, for other subordinates of the manager, and for the company.
Are you aware of the origin of the word "pilot"? It refers to steering an oar or a rudder - not ailerons or flaps. It is of nautical origin.
Publishing an algorithm doesn't imply publishing all possibline input to the algorithm. You can publish an algorithm that, say, contains functionality to scan an exclusion list, without ever needing to publish any exclusion list that might exist.
For some sustained period of your life, your calorifie intake exceeded your energy expenditure and you put on weight. You may have reduced your calorie intake since then and stabilised your weight gain, however you have not reduced your calorie intake and/or increased your energy expenditure sufficiently to /reduce/ your weight.
At core, it is that simple.
There are details that matter though. E.g., different foods are digested and metabolised in different ways, and can produce different hormonal and neurological responses. E.g., sugar is processed quickly, alters insulin levels quickly, and your brain tends to crave it - so it doesn't fill you up. Higher fibre, less processed, and lower glycaemic index foods tend to be better for weight control. They make you feel full for longer, take more energy to digest, and your body responds more slowly. E.g., fresh fruit is great in that respect. Indeed, even *fats* aren't a bad thing per se - probably better to get your energy from fats than sugary things. Particularly, unprocessed (esp, never significantly heated) plant fats and oils from nuts, legumes, avocados, etc., seem to be good for us.
Also, not all exercise is equal either. You see people in gyms doing weights trying to lose weight - completely wrong. Sustained, aerobic exercise using the biggest muscles in your body: your legs and your stomach muscles (for breathing - not sit-ups). Doesn't have to be super-hard either, you actually burn more fat at *lower* intensity aerobic exercise. At higher intensities of aerobic exercise (i.e. the kind you can only sustain for ten or twenty minutes), your body uses sugars as they're easier to convert to energy. If you reduce the intensity a bit, down to a level you could sustain for an hour+, you should get to a zone where your body can meet the energy demands by burning fat stores - and your body usually will prefer to burn fat stores when it can (carbohydrate stores being more limited and precious).
The biggest issue is finding time for exercise. I hate the gym myself. To get exercise, I need to build it into my life so it's simply unavoidable. For me, that means relying on a bicycle to get to/from work. Cycling has worked for others. E.g., see: https://theamazing39stonecycli... - he lost 170 kilogrammes (~376 lbs) in a couple of years, by cycling.
If you review your life, make changes to how and what you eat, and exercise, it is possible to get to a healthy weight. Not easy, but you can make it happen.
Multivitamins are pretty useless. You need a far more diverse range of proteins and other elements, than you can get from McMuffins, McBurgers, McSalads and pizza.
Oh, and also, it sounds like you eat at McDonalds for breakfast and dinner. I wonder if even the salad is McDonalds? (McDonalds amazingly can make a salad be as calorific as a burger btw!). That doesn't sound good at all.
There was an excellent programme in the UK called "Secret eaters". They would have obese people - often a set from same household - who couldn't understand why they weren't losing weight, despite eating all healthy, compile a food diary. These food diaries would nearly always show the person was eating well, and should be losing weight.
The good bit was they'd then put the person under surveillance, with cameras in the house and (unbeknownst to the people) detectives following them around. Then they would compile a list of what the people were _actually_ eating. Pretty much universally, the obese people in their programmes were self-delusional about their eating. E.g., they'd tell themselves "But I only eat a salad for lunch" while ignoring all the sugary and/or fatty snacks they were eating at their desk or on breaks before other, and/or ignoring various calorie-rich sauces or other sides they were having with the salad - that type of thing.
So, I don't believe you.
Cycle more slowly. Bring wet wipes, and wipe yourself down in the toilet.
Look at what you're citing "light to moderate alcohol drinking had no direct protective effect on mortality" - not "no effect" but "no direct _protective_ effect". I.e. it is saying there is no evidence for the hypothesis that drinking _helps_ your health.
The system is subverted, e.g. command.com has been modified, so that when Borland Turbo is loaded into memory it too is subverted. Alternatively, DOS 22h is replaced with a version that checks every disk write to see if it is the beginning of a DOS executable, and if so, subverts it. Alternatively, ... etc.
There are surely many ways. Otherwise, you are arguing that DOS is not vulnerable to a broad range of all-powerful subversions, which is patently untrue.
Not sure what car manifolds have to do with it - argumentum ad vehiculum.
Again, you're assuming that an old toolchain can only have old attacks. That's a flawed assumption. A modern attacker can subvert your system so that old toolchains are subverted to apply further subversions.
Are there practical steps we can take to raise the bar and make such attacks much harder to execute. Sure. Can we guarantee our system is free of such subversions, without either trusting others to some degree or building the system entirely ourselves: no we can't. Which was Thompson's point.
I'm not familiar with DOS exe format. However, there must be some well-defined entry point.
Thompson's attack doesn't mean that any subversion of the Borland 1.0 compiler is limited to when the Borland 1.0 compiler was created. Thompson was making an extremely general point about security in programmable systems: You either build pretty much all of it yourself, or else you must invest trust in others.
Good thing there are no well-known, stable hooks in programmes to allow code to be run in a generic fashion, as part of, say, binary file formats. Oh wait...
Perhaps I wasn't being explicit enough.
The CDROM might be read-only, but the software has to be copied into memory by something in order to run. As per Thompson's original point, it isn't sufficient to protect one piece of the system. As he stated, his attack implies that *every* programme that is involved in the handling of software must either be validated to the same level as having written it yourself OR you must invest trust:
(emphasis mine).
Indeed, his point on trust extends beyond just programme-handling programmes to all logic (soft or hard) involved in the handling and the running of software. Thompson mentions microcode almost after the text above:
Since Thompson, we've had "Blue pill" rootkits that use x86 virtualisation features to effectively run themselves as microcode under the victim system (and unbeknownst to).
You can't run a compiler from read-only media though.
Why do you think a new trojan can not infect old binaries?
The Thompson attack is what we would recognise today as a class of virus. Indeed, as Thompson's point was a general one about the unavoidable need to trust others, if one did not build every component capable of basic logical manipulation oneself, to fully counter Thompson's attack you would have to be able to counter every possible kind of virus and rootkit - and not just of the software, but also of any other firmware and microcode that might handle or be involved in running your code. (Read his paper, he is clear he envisions his attack could be implemented in lots of ways and places in the abstract).
And the end of that comment still sounds more dismissive than I wanted... Take 2:
I'm not being dismissive of DDC. Distros regularly attempting to get reproducible builds with diverse compilers will raise the bar and make attacks harder if it can be done, and additionally it will help catch bugs. However, DDC does not fully counter Thompson's attack, and it is good to remain aware of the assumptions it operates under.
I.e. could be a very nice step forward, though it is important to note the "fully countering" isn't quite "fully" and there are limitations.
No he didn't prove it is infeasible. For one, that would require a method to prove that the compilers are indeed wholly independent, which hasn't been provided. Also, note that people in some sub-field of technology tend to move around. An engineer who has worked on one compiler is *more* likely to also work on another compiler at some stage than any random engineer. The DDC technique *assumes* that diverse compilers are independent - it takes it on trust. Wheeler's work if anything re-inforces the essence of Thompson's philosophical point, that we must either completely build and control every aspect of our system OR we must trust to at least some degree in someone else. Note also that someone can frustrate this technique by deliberately making their software not build reproducibly, for apparently innocent reasons (e.g. D Wheeler had such issues with using tcc for DDC). A fuller version of my critique of "Diverse Double-Compiling".
That sounds like I'm being very dismissive of DDC, but I'm not. It could be really useful, *if* it is feasible to actually regularly reproduce builds. Debian is working on this, and hopefully they'll get there - but it's not a trivial task either. However, DDC does not fully counter Thompson's attack - not in the normal absolute sense of the word "fully" at least.
Plus, you're forgetting another big one. The SR first flew in 1964, the Concorde in 1969. The SR was faster, and built 5 years earlier. The Concorde very likely built on lessons learned from the SR.
Actually, you've got it the wrong way around.
The Concorde built on lessons learned from the *British* aircraft and (especially) jet-engine industry, which was world-leading at the end of the war and towards the 1950s. E.g. Concorde draws heavily from experience building the TSR-2. Concorde's engines were *directly* based on the TSR-2's Bristol Olympus engines, which draw heavily on mid-40s Bristol engine technology.
The US had to licence designs from the British to learn how to build jet engines. A number of different British engine designs, from the original Whittle engine, to later Bristol, Armstrong-Siddely and Rolls-Royce designs, were licensed to a number of US makers, including Curtiss-Wright, General Electric and Pratt & Whittney.
It would be far more fair to say the SR-71 drew from British aircraft industry R&D.
NB: I'm not British, and I don't have any great reason to talk up Britain over the USA.
Good to agree on that.
Yet, no one in the west has ever been prosecuted for double-tap strikes. Not even in the infamous "Collateral Damage" video leaked by Bradley Manning, where children are clearly visible through the window of the van of a random Good Samaritan who happened to stumble on the scene of a previous attack and stopped to help.
Oh, for the avoidance of all doubt: The last paragraph is highlighting the consequences of saying that it is OK to kill rescuers, or OK to kill people by association. I personally do *not* believe any of these things are ever generally justified, either by western powers in the Islamic crescent or by militants elsewhere.
Double-tap strikes targeting rescuers are very clearly heinous war-crimes.