Thanks for posting that. You're absolutely right that when ESR wrote that Linus thought "with enough eyeballs, all bugs are shallow... the fix will be obvious to someone" , he did NOT mean "all bugs are non-existent". He said "the fix will be obvious to someone" because that's what he meant - with "a large enough co-developer base" looking at a bug, one of them will come up with an elegant fix.
Separately, another, different statement is also true. I maintain a database of all the CVEs ever issued, with their CVSS severity scored. We also catalog and examine some vulnerabilities that do not have CVEs issued. The fact is, proprietary software, especially Windows and Flash, have a) far more vulnerabilities and b) a higher average severity. The fact of the matter is that every month dozens of new vulnerabilities in Windows come out. We're now at Microsoft KBnumber 4052231, and a significant fraction of those four million KBs address security issues.
Someone says "but but but three years ago Heartbleed was in open source software", and I point to the 40 or so vulnerabilities published for Windows THIS MONTH, and EVERY MONTH.
Adobe Acrobat has over EIGHT HUNDRED CVEs, 800 vulnerabilities in Acrobat alone. (evince has 4, pdfedit has 1).
> Open source is not necessarily more secure than proprietary software. Because it is visible, good programmers can look
It's not *necessarily* so, in the sense that nothing *requires* that open-source code is automatically better. On the other hand, I curate a database of over 90,000 software vulnerabilities, and spend my work days examining security issues. Every CVE that is issued goes into our system. The fact is, Windows and Flash alone make up a very large percentage of the vulnerabilities, and have a much higher average risk score.
Some people here can name three or four vulnerabilities that have come up in open source software over the last five years and they use that to say "see, open source isn't more secure, because Heartbleed". Just Windows alone has dozens of new vulnerabilities EVERY MONTH. A couple of months ago I did a SUM (cvss) for Red Hat and for Windows. Windows is has something like 10 times as much risk (number of vulnerabilities * severity).
One major reason for that is not because a ton of people are randomly looking over code and finding issues, but because developers on significant open source projects know that a few people code review each commit, so they write code they can be proud of, or at least not embarrassed about. Anybody who has done proprietary development for a few years has seen plenty of code go to production that you wouldn't want a stranger to see because you know it's embarrassingly bad. When I make a pull request to Moodle or Apache or LVM I *know* that at least two or three other people are going to code review it, looking for things that can be done better, so I write it well to start with. I don't commit code I'd be embarrassed about, that doesn't represent my best work, because I KNOW people from other organizations, not my teammate I go to lunch with, will be examining my code.
> If these people have a ton of programs that only run in windows thaen they should use windows.
Certainly that's a consideration. Also, just because you currently use Notepad, MS Paint, and a dozen other Windows utilities doesn't mean you should permanently stick with Windows forever. It's easy to switch from Notepad to a much better simple editor. Paint is easily replaced. On the other hand, switching from Visual Studio Enterprise to Monodevelop or Jetbrains Rider would be more significant. People and companies who currently use Windows do of course use Windows programs, unless they live in their browser (which is also common). That doesn't mean they should stick with Windows until they die.
Rather, they should compare the short-term costs of switching with the long-term costs of vendor lock-in, Windows, and proprietary applications. Any software which requires Windows XP has to be replaced right away *regardless*, so that's not a cost of switching. If you're going to replace it anyway, you have the replacement costs whether you choose Windows, Mac, or Linux.
Almost all software will be replaced eventually, so there is an analysis not just of "do we switch everything now, or plan on sticking with Windows forever". It would be quite reasonable to say "in 2018, when we replace our SQL Server 2008, we'll replace it with MySQL". You'll already be replacing a ten-year-old database system, so it makes sense to consider choosing a replacement that will be better in the long run.
> Active Directory has all those bundled up in a single place with a reasonable UI.
Yes it does. Which is good and bad. Samba4 does the same.
> Sure, you can run LDAP/Kerberos/SMB(or whatever shared filesystem you prefer)/(whatever user management you prefer) on Linux, but you are stuck configuring and integrating those yourself.
You CAN mix and match and configure things how want. It's been done many, many times, so the recipes for doing so are certainly available. You can also just plug in Samba4. You have a lot of options. Some people like having options.
> As for the other 300 programs, what are they? Do they all have Linux alternatives?
Yes.:) I'm some instances the Linux software will be objectively better, in some instances the Windows software will be better, and in most instances there will be pros and cons to each. In 20 years I've yet to see any goal that can only be accomplished on Windows, though. Writing software FOR Windows is one major case when using Windows is definitely better, if you have an unlimited budget to spend $10,000 getting started with Visual Studio Enterprise and MSDN. I've certainly written Windows software on Linux and Mac, though.
Where some people don't like the alternatives as much is when they have their heart set on one particular game that is only released for Windows. In one sense, Steam is an alternative, but in a sense it isn't, if you want THAT game, not A game. For business software, though - yeah there's a good option on Linux.
a Ford alternator, water, headlights, etc in your Chevy truck
I meant:
a Ford alternator, water PUMP, headlights, etc in your Chevy truck
Or to put it another way, you wouldn't say "I'm switching from a truck to a motorcycle" and try to keep your truck engine. Trucks and motorcycles both work well, but if you're going to switch don't keep a few hundred pieces of your truck and try to install them on your bike. Rather you switch entirely to a bike, which even changes how to you dress - you start wearing leathers. You stop trying to eat breakfast during your commute. They are fundamentally different ways of reaching your destination and mixing and matching the two doesn't work well.
> their workers deserve a stable, robust work environment.
Agreed.
> half their applications won't run on Linux
A common, and fatal, mistake. They're trying to keep using Microsoft Exchange and 300 other Windows programs, on Linux. That's certainly the wrong way to do it. It works about as well as trying to run all software made on and for Linux, but run it on Windows.
If you're going to run on Windows, run software developed for and on Windows - IIS, Exchange, Microsoft SQL Server, Edge, etc. If you're going to run on Linux, run software developed for and on Linux - Apache httpd, Cyrus imapd, MySQL, Chrome or Firefox, etc.
You wouldn't say "I'm switching from Ford to Chevy" and then try to run a Ford alternator, water, headlights, etc in your Chevy truck. Yet that's what so many people try to do when they "switch" from Windows to Linux. They switch out the bare OS, not the whole thing.
My companies have been running purely on Linux since shortly after Windows 95 came out and it works beautifully, because we use Linux software in a Linux way, we don't try to run a Microsoft-centric network, doing things the Microsoft way, on a Linux kernel.
You've been so busy arguing something you want to argue about, and trying stupid ad hominem attacks against what you see as "religious people" that you've not yet bothered to read even the subject line of my post, it seems.
> if your initial statement was only a believe, then we do not need to talk about it, as clearly you believe it and i don't.
Yes, I believe physics currently exists. You don't?
Professor of theoretical physics Michio Kaku (best known for string theory) has a good introduction to the subject. Physics and astronomy professor Stephen Barr goes into more detail.
So what you're saying is that to understand how the latest advances in quantum physics might relate to things written in in John (and things in Exodus), one should obviously go back to much older writings based on ancient oral tradition, specifically Genesis. Interesting approach.
With all due respect, me thinks you're the one who hasn't read so much. Professor of theoretical physics Michio Kaku (best known for string theory) has a good introduction to the subject. Physics and astronomy professor Stephen Barr goes into more detail.
> First, one would have to define the term "god." Given that's the entire point of the exercise, that step isn't so much "first", as "only". Yet I gave you the definition. God: everything that has always been, and always will be. That's the Biblical definition.
> Then one would have to identify the physical phenomenon that meets the definition of the term "god."
To the best of our knowledge until now, all laws of physics meet the definition. That leaves a big question, though: if the laws of physics are timeless, and the pre-big bang universe stable, why didn't the big bang occur sooner? The current theory now being discussed due to advances in quantum physics is that before the big bang one of two things would have been true:
1. some laws of physics were almost like division by zero. While division (the law) was defined, it would have been inoperable until it had something to operate on.
2. Some laws of physics was NOT defined prior to the big bang. Declaring it would then have caused the big bang. That's a strange and fascinating idea. (Let there be light...)
Then one would have to examine this physical phenomenon to see if it matches what is in the bible.
> Finally, one would have to examine the bible account to see if any of its terms and explanations reveal any scientific insight into events that current models suggest may have happened.
The main thing the physicists say it explains is the big bang, the creation of the universe itself.
"The book"? Which of dozens of books on the subject did you read? Even just limiting it to books written by physics professors, there are several recent ones.
My experience is that on projects with few contributors, those contributors care about the project - they are using it in their business or their own larger project, so one will be willing to take over even if only for their own self-interest. I've taken over a few projects for that reason. I became the maintainer not because I'm altruistic, but because I needed the software to work.
Indeed there is a strong argument to be made that physics is (part of) God, that whatever existed at the time of the big bang and will continue to exist is God.
I don't have time to go into detail at the moment, but new discoveries in quantum physics align amazingly well with Biblical explanations of the creation of the universe, wording in the ancient explanations that didn't really make sense until we understood quantum physics.
Language issues make it difficult to express in English since "is" has many meanings, Spanish and other languages are more precise, but basically whenever "God" was asked "what are you?" or "who are you?" the answer was "I am what has always been". (Soy que es in Spanish) To the extent that physics is timeless, physics *is* God and God is physics, according to God's word.
non-copyright is automatically passed to a certain person (I maintain my rights as well)
That should say:
non-exclusive copyright is automatically passed to a certain person (I maintain my rights as well)
They got full rights to do whatever they wanted with the code, expressed as a non-exclusive license. I also maintained my own rights, so I can theoretically use library routines or any patentable new ideas in my own projects, or allow other people to do so.
Yes, the code is available, it's open source, after all. The question the article gets to is how do packagers such as Red Hat or CPAN decide which version to include by default - the old, established one that hasn't been updated, or the new one that has updates but not not the long history? That may be a case-by-case issue by it's very nature.
The other point raised is that programmers, up open source or proprietary, should make sure that two other people have commit access, or will get it.
In my most significant software I wrote by myself, I included a "dead man's switch" which I'm thinking about activating. In the license, I included a clause that said if my web page goes down, non-copyright is automatically passed to a certain person (I maintain my rights as well). If they choose not to maintain the software, two other people are named. If none of those three picks it up, it automatically goes GPL and anyone can do what they want with it, including providing updates and support as part of their business.
The person I passed it along to a few years may not be actively maintaining and supporting it, so I may post it relevant forums declaring that I'm now licensing it open source. I may also contact some of the people that make "competing" software and let them know they can freely use my old software, or parts of it, in compliance with an open-source license I'll select.
Sprintf and strcpy, really? Stuff that's been deprecated in all major compilers for over a decade? strNcpy was introduced in 1978 or 1979 - it predates even the standard IO library. So with strcpy you're talking about a function that was replaced almost 40 years ago. snprintf was officially standardized in 1997, after having been in use before that. So more than 20 years ago.
> I could go on and on.
Yeah why don't you go on to compare 10, 20, or 30 year old Rust and Go, since you're talking about how C was used in the 1970s and 1980s. Oh wait, the version of Go and Rust used 10 years ago couldn't even implement "hello world". I'd say a language that exists is a hell of a lot more useful than one that doesn't, so even if you insist on arguing about 1980s programming practices, C is still inarguably better, in absolute sense.
Would you like to compare modern C practice to modern practice in some other language? Because if you want to talk about 1980s C, the obvious comparison is 1980s Rust, and obviously C wins, by being used to write software such as Unix, while 1980s Rust or Python couldn't be used to write "hello world".
If you'd like to see some modern C, to get an idea on how it's used today vs in the eighties, you can look at the source code for Python or Ruby. These language author's, like most, we're smart enough to write their interpreters / compilers in C.
Assume for a moment that the creators of languages such as Python and Go indeed know something about programming languages. We can observe that python itself is written in C. "Use Python, not C", they say, but that's impossible because/use/bin/python IS a C program. Their "Python program" is nothing more or less than input for a C program that actually does the work. That actually is a good approach in many cases. One need not be a educated professional software engineer to write list.sort() ; one should, however, recognize that what that means is "ask the C program to sort it for me, using whatever algorithm the C programmer chose for me, because I don't know".
Rust was originally written in C, then a Rust compiler was written in C++. If the creators of Rust know about what makes a good programming language, and they chose to write Rust in C...
Now most recently they have the front half of a Rust compiler written in Rust.
You've got facts precisely backward again. EXISTING federal law is that if you have a criminal background, like the attacker did, you can't purchase or possess firearms. Unfortunately, when he was convicted in 2012, and purchased the guns a few years ago, the federal government was operating in a mode where the executive branch was ignoring the laws. The president at the time actually said he "had" to set a policy of breaking the law because chose not give him the law he wanted.
What the liberals want is the "may issue with good reason" law they passed in Washington DC and other places. It says the police "may issue" a firearm permit if the applicant shows that they have "good reason" to need to be able to exercise their Constitutional rights. Obviously, under that law anyone may be denied, simply because the cop doesn't feel like issuing a license at the moment because they'd rather go to lunch. The DC law has had been struck down as unconstitutional FOUR separate times. Each time it was struck down, the liberals kept passing it again because following the Constitution is less important to them than following Al Gore.
So the president is absolutely correct, under the laws that liberals want (and keep passing again after it's struck down), anyone may be denied their Constitutional rights for any reason or no reason. The police "may issue" the permit if they feel like it.
What "may issue" ends up being in practice is "issue if your dad is a sheriff, or your husband is a judge". When I was in a "may issue" state I once ran right through a red light and got pulled over. I couldn't find my driver's license (the bank had put it in the envelope with my cash). The cop said he was going to take me to jail until he could verify I had a valid DL. That's when I showed him my gun permit. He apologized for pulling me over and sent me on my way - no ticket for running right through a red light, or not having my DL with me, because obviously I was somebody important - the police chief had issued me a gun license, and not just anyone can get a license in a "may issue" state.
> He shouldm't have been unable to purchase guns on the basis that...and had a history of violent behavior.
> expand the data used in conducting these checks. Those on the right complain loudly that this somehow violates their second amendment rights
You're totally unaware that you're advocating for exactly the same things the NRA is saying. Under existing federal law, his attempts to purchase should have been blocked because he had plead guilty to intentionally attacking his toddler stepson so bad that he broke the baby's skull. But some people in government don't want to follow the law, they want to keep passing and ignoring more laws. Had the authorities followed existing federal laws, the purchases would not have been allowed.
Do you think the guy should have served serious prison time for intentionally breaking a kid's skull? How about for the numerous domestic assault cases? If you do, and if you actually believe what you said about actually DOING background checks, rather than passing and ignoring another pretend law, than you ARE "the right".
That's a clever idea. Certainly someone will find a way to bypass the lock if it ever gets popular, but it's an interesting idea.
For anyone else still reading thread, here's the gist:
With this lock, the cylinder is hidden away under a chunk of aluminium. The key isn't interested directly into the cylinder by the user. Instead, it's placed in a chamber, which is then rotated to bring the key to the inaccessible cylinder. Therefore the cylinder is not exposed to picks - you can't even see the "keyway".
I used to work as a locksmith. A long time ago, tools and techniques for tubular locks weren't common, so bike locks with a tubular cylinder WERE considered difficult. Tubular locks are the kind you see on soda machines, and have a circular key. Picks for tubular locks are now common, so they are no longer difficult. I've never seen any model of bike that would be considered difficult.
You might not BOTHER to pick a $12 lock since it's so easy to replace. It's not difficult, just not worth spending more than 3 minutes on if you happen to randomly get one with shallowing bitting at the key tip, and deep cuts near the bow. That's random to specific instances of the lock, though - in general they are slightly easier than home locks because they frequently have only four pins rather than five.
I mentioned bitting. If your key happens to have deep cuts near the "handle" and a very shallow cut near the top, that's more difficult. Especially if there is also a shallow cut right before the deep cut.
A decent locksmith can open any lock consumers use in a minute or two.* Yet the lock DOES generally work - if you lock up your bike with a decent lock, a thief probably isn't going to walk off with it.
So the physical lock serves it's protective purpose, yet when you lock yourself out Pop-A-Lock can get you in for $25, and with a warrant police can enter an apartment. That's really not a bad situation. Compare if you lose your encryption key - you're permanently fucked; you can't call a digital locksmith if you're encryption is "good".
I think it's perfectly reasonable for a non-technical person to say "I like the idea of a security system or lock that protects things from the bad guys, but with enough effort can be bypassed in an emergency or by an expert with a warrant". Again, it works well for physical locks, so CONCEPTUALLY it's reasonable.
However, in today's digital world everything is connected to the internet and computer accessible, so a bad guy 5,000 miles away can have his computer working around the clock to try to break everybody's encryption. He doesn't have to hire a locksmith to work each lock. As computers get faster, it gets easier and easier to break a given level encryption, too. Therefore as a PRACTICAL matter, encryption needs to be super strong to be very useful. That's a practical fact for internet-connected devices.
So I think the person is either a) unfamiliar with the practical realities of computer encryption or b) expressing a desire of what they'd want if they could have whatever they want, not proposing that it's actually available in a practical way today. Possibly both.
It's not unreasonable to desire that digital locks worked like physical locks, secure from ordinary bad guys but locksmiths can open them. We just don't have any practical implementation that works that way, and probably never will.
We actually DO have a technical implementation that *would* work if the government could be trusted to a) keep the keys secret and b) not abuse the keys, using them without a properly executed warrant.
* Medeco locks used by some businesses and $5,000 safes take a few minutes longer.
> why aren't they building a portal (created a hosted by a third-party that is not involved as a vendor of any of the products) that Amazon and other vendors can interoperate with?
They are, but click-bait headlines work. Google and Walmart, for example, gave positive input on the proposal. One lawmaker explained Amazon, Walmart, Staples and Grainger are likely to participate.
> without any branding about who the ultimate fulfiller would be. Need a box of pens? Go find the ones you want, pick the best combination of terms and price, and order. If it shows up the next day in an Amazon box, or a Wal-mart box, or a Google box, no one cares.
Normally I wouldn't care who fulfills the order. My experience with Walmart in particular is that they frequently take two weeks to fulfill an order. They don't have counterfeit products as often as Amazon does, though. I could see sometimes one vendor would be preferred over another, depending on the situation and the product. When I absolutely must have it the next day, I wouldn't order from Walmart.
Slashdot Mirror
Thanks for posting that. You're absolutely right that when ESR wrote that Linus thought "with enough eyeballs, all bugs are shallow ... the fix will be obvious to someone" , he did NOT mean "all bugs are non-existent". He said "the fix will be obvious to someone" because that's what he meant - with "a large enough co-developer base" looking at a bug, one of them will come up with an elegant fix.
Separately, another, different statement is also true.
I maintain a database of all the CVEs ever issued, with their CVSS severity scored. We also catalog and examine some vulnerabilities that do not have CVEs issued. The fact is, proprietary software, especially Windows and Flash, have a) far more vulnerabilities and b) a higher average severity. The fact of the matter is that every month dozens of new vulnerabilities in Windows come out. We're now at Microsoft KBnumber 4052231, and a significant fraction of those four million KBs address security issues.
Someone says "but but but three years ago Heartbleed was in open source software", and I point to the 40 or so vulnerabilities published for Windows THIS MONTH, and EVERY MONTH.
Adobe Acrobat has over EIGHT HUNDRED CVEs, 800 vulnerabilities in Acrobat alone. (evince has 4, pdfedit has 1).
For one reason why, see the bottom of this post:
https://yro.slashdot.org/comme...
> Open source is not necessarily more secure than proprietary software. Because it is visible, good programmers can look
It's not *necessarily* so, in the sense that nothing *requires* that open-source code is automatically better. On the other hand, I curate a database of over 90,000 software vulnerabilities, and spend my work days examining security issues. Every CVE that is issued goes into our system. The fact is, Windows and Flash alone make up a very large percentage of the vulnerabilities, and have a much higher average risk score.
Some people here can name three or four vulnerabilities that have come up in open source software over the last five years and they use that to say "see, open source isn't more secure, because Heartbleed". Just Windows alone has dozens of new vulnerabilities EVERY MONTH. A couple of months ago I did a SUM (cvss) for Red Hat and for Windows. Windows is has something like 10 times as much risk (number of vulnerabilities * severity).
One major reason for that is not because a ton of people are randomly looking over code and finding issues, but because developers on significant open source projects know that a few people code review each commit, so they write code they can be proud of, or at least not embarrassed about. Anybody who has done proprietary development for a few years has seen plenty of code go to production that you wouldn't want a stranger to see because you know it's embarrassingly bad. When I make a pull request to Moodle or Apache or LVM I *know* that at least two or three other people are going to code review it, looking for things that can be done better, so I write it well to start with. I don't commit code I'd be embarrassed about, that doesn't represent my best work, because I KNOW people from other organizations, not my teammate I go to lunch with, will be examining my code.
> If these people have a ton of programs that only run in windows thaen they should use windows.
Certainly that's a consideration. Also, just because you currently use Notepad, MS Paint, and a dozen other Windows utilities doesn't mean you should permanently stick with Windows forever. It's easy to switch from Notepad to a much better simple editor. Paint is easily replaced. On the other hand, switching from Visual Studio Enterprise to Monodevelop or Jetbrains Rider would be more significant. People and companies who currently use Windows do of course use Windows programs, unless they live in their browser (which is also common). That doesn't mean they should stick with Windows until they die.
Rather, they should compare the short-term costs of switching with the long-term costs of vendor lock-in, Windows, and proprietary applications. Any software which requires Windows XP has to be replaced right away *regardless*, so that's not a cost of switching. If you're going to replace it anyway, you have the replacement costs whether you choose Windows, Mac, or Linux.
Almost all software will be replaced eventually, so there is an analysis not just of "do we switch everything now, or plan on sticking with Windows forever". It would be quite reasonable to say "in 2018, when we replace our SQL Server 2008, we'll replace it with MySQL". You'll already be replacing a ten-year-old database system, so it makes sense to consider choosing a replacement that will be better in the long run.
> Active Directory has all those bundled up in a single place with a reasonable UI.
Yes it does. Which is good and bad. Samba4 does the same.
> Sure, you can run LDAP/Kerberos/SMB(or whatever shared filesystem you prefer)/(whatever user management you prefer) on Linux, but you are stuck configuring and integrating those yourself.
You CAN mix and match and configure things how want. It's been done many, many times, so the recipes for doing so are certainly available. You can also just plug in Samba4. You have a lot of options. Some people like having options.
> As for the other 300 programs, what are they? Do they all have Linux alternatives?
Yes. :)
I'm some instances the Linux software will be objectively better, in some instances the Windows software will be better, and in most instances there will be pros and cons to each. In 20 years I've yet to see any goal that can only be accomplished on Windows, though. Writing software FOR Windows is one major case when using Windows is definitely better, if you have an unlimited budget to spend $10,000 getting started with Visual Studio Enterprise and MSDN. I've certainly written Windows software on Linux and Mac, though.
Where some people don't like the alternatives as much is when they have their heart set on one particular game that is only released for Windows. In one sense, Steam is an alternative, but in a sense it isn't, if you want THAT game, not A game. For business software, though - yeah there's a good option on Linux.
I said:
a Ford alternator, water, headlights, etc in your Chevy truck
I meant:
a Ford alternator, water PUMP, headlights, etc in your Chevy truck
Or to put it another way, you wouldn't say "I'm switching from a truck to a motorcycle" and try to keep your truck engine. Trucks and motorcycles both work well, but if you're going to switch don't keep a few hundred pieces of your truck and try to install them on your bike. Rather you switch entirely to a bike, which even changes how to you dress - you start wearing leathers. You stop trying to eat breakfast during your commute. They are fundamentally different ways of reaching your destination and mixing and matching the two doesn't work well.
> their workers deserve a stable, robust work environment.
Agreed.
> half their applications won't run on Linux
A common, and fatal, mistake. They're trying to keep using Microsoft Exchange and 300 other Windows programs, on Linux. That's certainly the wrong way to do it. It works about as well as trying to run all software made on and for Linux, but run it on Windows.
If you're going to run on Windows, run software developed for and on Windows - IIS, Exchange, Microsoft SQL Server, Edge, etc.
If you're going to run on Linux, run software developed for and on Linux - Apache httpd, Cyrus imapd, MySQL, Chrome or Firefox, etc.
You wouldn't say "I'm switching from Ford to Chevy" and then try to run a Ford alternator, water, headlights, etc in your Chevy truck. Yet that's what so many people try to do when they "switch" from Windows to Linux. They switch out the bare OS, not the whole thing.
My companies have been running purely on Linux since shortly after Windows 95 came out and it works beautifully, because we use Linux software in a Linux way, we don't try to run a Microsoft-centric network, doing things the Microsoft way, on a Linux kernel.
You've been so busy arguing something you want to argue about, and trying stupid ad hominem attacks against what you see as "religious people" that you've not yet bothered to read even the subject line of my post, it seems.
> if your initial statement was only a believe, then we do not need to talk about it, as clearly you believe it and i don't.
Yes, I believe physics currently exists. You don't?
Professor of theoretical physics Michio Kaku (best known for string theory) has a good introduction to the subject. Physics and astronomy professor Stephen Barr goes into more detail.
Reply to This Parent Share
So what you're saying is that to understand how the latest advances in quantum physics might relate to things written in in John (and things in Exodus), one should obviously go back to much older writings based on ancient oral tradition, specifically Genesis. Interesting approach.
With all due respect, me thinks you're the one who hasn't read so much. Professor of theoretical physics Michio Kaku (best known for string theory) has a good introduction to the subject. Physics and astronomy professor Stephen Barr goes into more detail.
> First, one would have to define the term "god."
Given that's the entire point of the exercise, that step isn't so much "first", as "only". Yet I gave you the definition. God: everything that has always been, and always will be. That's the Biblical definition.
> Then one would have to identify the physical phenomenon that meets the definition of the term "god."
To the best of our knowledge until now, all laws of physics meet the definition. That leaves a big question, though: if the laws of physics are timeless, and the pre-big bang universe stable, why didn't the big bang occur sooner? The current theory now being discussed due to advances in quantum physics is that before the big bang one of two things would have been true:
1. some laws of physics were almost like division by zero. While division (the law) was defined, it would have been inoperable until it had something to operate on.
2. Some laws of physics was NOT defined prior to the big bang. Declaring it would then have caused the big bang. That's a strange and fascinating idea. (Let there be light ...)
Then one would have to examine this physical phenomenon to see if it matches what is in the bible.
> Finally, one would have to examine the bible account to see if any of its terms and explanations reveal any scientific insight into events that current models suggest may have happened.
The main thing the physicists say it explains is the big bang, the creation of the universe itself.
"The book"? Which of dozens of books on the subject did you read? Even just limiting it to books written by physics professors, there are several recent ones.
My experience is that on projects with few contributors, those contributors care about the project - they are using it in their business or their own larger project, so one will be willing to take over even if only for their own self-interest. I've taken over a few projects for that reason. I became the maintainer not because I'm altruistic, but because I needed the software to work.
http://www.dictionary.com/brow...
Indeed there is a strong argument to be made that physics is (part of) God, that whatever existed at the time of the big bang and will continue to exist is God.
I don't have time to go into detail at the moment, but new discoveries in quantum physics align amazingly well with Biblical explanations of the creation of the universe, wording in the ancient explanations that didn't really make sense until we understood quantum physics.
Language issues make it difficult to express in English since "is" has many meanings, Spanish and other languages are more precise, but basically whenever "God" was asked "what are you?" or "who are you?" the answer was "I am what has always been". (Soy que es in Spanish) To the extent that physics is timeless, physics *is* God and God is physics, according to God's word.
I accidentally typed
non-copyright is automatically passed to a certain person (I maintain my rights as well)
That should say:
non-exclusive copyright is automatically passed to a certain person (I maintain my rights as well)
They got full rights to do whatever they wanted with the code, expressed as a non-exclusive license. I also maintained my own rights, so I can theoretically use library routines or any patentable new ideas in my own projects, or allow other people to do so.
Yes, the code is available, it's open source, after all.
The question the article gets to is how do packagers such as Red Hat or CPAN decide which version to include by default - the old, established one that hasn't been updated, or the new one that has updates but not not the long history? That may be a case-by-case issue by it's very nature.
The other point raised is that programmers, up open source or proprietary, should make sure that two other people have commit access, or will get it.
In my most significant software I wrote by myself, I included a "dead man's switch" which I'm thinking about activating. In the license, I included a clause that said if my web page goes down, non-copyright is automatically passed to a certain person (I maintain my rights as well). If they choose not to maintain the software, two other people are named. If none of those three picks it up, it automatically goes GPL and anyone can do what they want with it, including providing updates and support as part of their business.
The person I passed it along to a few years may not be actively maintaining and supporting it, so I may post it relevant forums declaring that I'm now licensing it open source. I may also contact some of the people that make "competing" software and let them know they can freely use my old software, or parts of it, in compliance with an open-source license I'll select.
Sprintf and strcpy, really? Stuff that's been deprecated in all major compilers for over a decade? strNcpy was introduced in 1978 or 1979 - it predates even the standard IO library. So with strcpy you're talking about a function that was replaced almost 40 years ago. snprintf was officially standardized in 1997, after having been in use before that. So more than 20 years ago.
> I could go on and on.
Yeah why don't you go on to compare 10, 20, or 30 year old Rust and Go, since you're talking about how C was used in the 1970s and 1980s. Oh wait, the version of Go and Rust used 10 years ago couldn't even implement "hello world". I'd say a language that exists is a hell of a lot more useful than one that doesn't, so even if you insist on arguing about 1980s programming practices, C is still inarguably better, in absolute sense.
Would you like to compare modern C practice to modern practice in some other language? Because if you want to talk about 1980s C, the obvious comparison is 1980s Rust, and obviously C wins, by being used to write software such as Unix, while 1980s Rust or Python couldn't be used to write "hello world".
If you'd like to see some modern C, to get an idea on how it's used today vs in the eighties, you can look at the source code for Python or Ruby. These language author's, like most, we're smart enough to write their interpreters / compilers in C.
Assume for a moment that the creators of languages such as Python and Go indeed know something about programming languages. We can observe that python itself is written in C. "Use Python, not C", they say, but that's impossible because /use/bin/python IS a C program. Their "Python program" is nothing more or less than input for a C program that actually does the work. That actually is a good approach in many cases. One need not be a educated professional software engineer to write list.sort() ; one should, however, recognize that what that means is "ask the C program to sort it for me, using whatever algorithm the C programmer chose for me, because I don't know".
https://github.com/python/cpyt...
Rust was originally written in C, then a Rust compiler was written in C++. If the creators of Rust know about what makes a good programming language, and they chose to write Rust in C ...
Now most recently they have the front half of a Rust compiler written in Rust.
You've got facts precisely backward again. EXISTING federal law is that if you have a criminal background, like the attacker did, you can't purchase or possess firearms. Unfortunately, when he was convicted in 2012, and purchased the guns a few years ago, the federal government was operating in a mode where the executive branch was ignoring the laws. The president at the time actually said he "had" to set a policy of breaking the law because chose not give him the law he wanted.
What the liberals want is the "may issue with good reason" law they passed in Washington DC and other places. It says the police "may issue" a firearm permit if the applicant shows that they have "good reason" to need to be able to exercise their Constitutional rights. Obviously, under that law anyone may be denied, simply because the cop doesn't feel like issuing a license at the moment because they'd rather go to lunch. The DC law has had been struck down as unconstitutional FOUR separate times. Each time it was struck down, the liberals kept passing it again because following the Constitution is less important to them than following Al Gore.
So the president is absolutely correct, under the laws that liberals want (and keep passing again after it's struck down), anyone may be denied their Constitutional rights for any reason or no reason. The police "may issue" the permit if they feel like it.
What "may issue" ends up being in practice is "issue if your dad is a sheriff, or your husband is a judge". When I was in a "may issue" state I once ran right through a red light and got pulled over. I couldn't find my driver's license (the bank had put it in the envelope with my cash). The cop said he was going to take me to jail until he could verify I had a valid DL. That's when I showed him my gun permit. He apologized for pulling me over and sent me on my way - no ticket for running right through a red light, or not having my DL with me, because obviously I was somebody important - the police chief had issued me a gun license, and not just anyone can get a license in a "may issue" state.
> He shouldm't have been unable to purchase guns on the basis that ...and had a history of violent behavior.
> expand the data used in conducting these checks. Those on the right complain loudly that this somehow violates their second amendment rights
You're totally unaware that you're advocating for exactly the same things the NRA is saying. Under existing federal law, his attempts to purchase should have been blocked because he had plead guilty to intentionally attacking his toddler stepson so bad that he broke the baby's skull. But some people in government don't want to follow the law, they want to keep passing and ignoring more laws. Had the authorities followed existing federal laws, the purchases would not have been allowed.
Do you think the guy should have served serious prison time for intentionally breaking a kid's skull? How about for the numerous domestic assault cases? If you do, and if you actually believe what you said about actually DOING background checks, rather than passing and ignoring another pretend law, than you ARE "the right".
That's a clever idea. Certainly someone will find a way to bypass the lock if it ever gets popular, but it's an interesting idea.
For anyone else still reading thread, here's the gist:
With this lock, the cylinder is hidden away under a chunk of aluminium. The key isn't interested directly into the cylinder by the user. Instead, it's placed in a chamber, which is then rotated to bring the key to the inaccessible cylinder. Therefore the cylinder is not exposed to picks - you can't even see the "keyway".
I used to work as a locksmith. A long time ago, tools and techniques for tubular locks weren't common, so bike locks with a tubular cylinder WERE considered difficult. Tubular locks are the kind you see on soda machines, and have a circular key. Picks for tubular locks are now common, so they are no longer difficult. I've never seen any model of bike that would be considered difficult.
You might not BOTHER to pick a $12 lock since it's so easy to replace. It's not difficult, just not worth spending more than 3 minutes on if you happen to randomly get one with shallowing bitting at the key tip, and deep cuts near the bow. That's random to specific instances of the lock, though - in general they are slightly easier than home locks because they frequently have only four pins rather than five.
I mentioned bitting. If your key happens to have deep cuts near the "handle" and a very shallow cut near the top, that's more difficult. Especially if there is also a shallow cut right before the deep cut.
A decent locksmith can open any lock consumers use in a minute or two.* Yet the lock DOES generally work - if you lock up your bike with a decent lock, a thief probably isn't going to walk off with it.
So the physical lock serves it's protective purpose, yet when you lock yourself out Pop-A-Lock can get you in for $25, and with a warrant police can enter an apartment. That's really not a bad situation. Compare if you lose your encryption key - you're permanently fucked; you can't call a digital locksmith if you're encryption is "good".
I think it's perfectly reasonable for a non-technical person to say "I like the idea of a security system or lock that protects things from the bad guys, but with enough effort can be bypassed in an emergency or by an expert with a warrant". Again, it works well for physical locks, so CONCEPTUALLY it's reasonable.
However, in today's digital world everything is connected to the internet and computer accessible, so a bad guy 5,000 miles away can have his computer working around the clock to try to break everybody's encryption. He doesn't have to hire a locksmith to work each lock. As computers get faster, it gets easier and easier to break a given level encryption, too. Therefore as a PRACTICAL matter, encryption needs to be super strong to be very useful. That's a practical fact for internet-connected devices.
So I think the person is either a) unfamiliar with the practical realities of computer encryption or b) expressing a desire of what they'd want if they could have whatever they want, not proposing that it's actually available in a practical way today. Possibly both.
It's not unreasonable to desire that digital locks worked like physical locks, secure from ordinary bad guys but locksmiths can open them. We just don't have any practical implementation that works that way, and probably never will.
We actually DO have a technical implementation that *would* work if the government could be trusted to a) keep the keys secret and b) not abuse the keys, using them without a properly executed warrant.
* Medeco locks used by some businesses and $5,000 safes take a few minutes longer.
> why aren't they building a portal (created a hosted by a third-party that is not involved as a vendor of any of the products) that Amazon and other vendors can interoperate with?
They are, but click-bait headlines work. Google and Walmart, for example, gave positive input on the proposal. One lawmaker explained Amazon, Walmart, Staples and Grainger are likely to participate.
> without any branding about who the ultimate fulfiller would be. Need a box of pens? Go find the ones you want, pick the best combination of terms and price, and order. If it shows up the next day in an Amazon box, or a Wal-mart box, or a Google box, no one cares.
Normally I wouldn't care who fulfills the order. My experience with Walmart in particular is that they frequently take two weeks to fulfill an order. They don't have counterfeit products as often as Amazon does, though. I could see sometimes one vendor would be preferred over another, depending on the situation and the product. When I absolutely must have it the next day, I wouldn't order from Walmart.