Yeah I started to say "system interfaces, which can be provided by the kernel or libraries", but that paragraph was long enough already.
It would be rather difficult to make a Unix system using a kernel that wasn't designed to be at least Unix-like, though. You'd probably end up with either emulation or at least something like Wine, it would be non-native. The Linux kernel and the typical Unix system is designed to be like Unix, and therefore it's easy enough to make a Linux system comply.
The Mac OS *kernel* comes from AT&T via DEC and others. Anyway, thirty years ago, AT&T sold the Unix name, and 25 years ago it was transferred to the Open Group, so it's been 30 years since Unix and and AT&T parted ways, 25 years since the Unix name went open. The reason I say "the Unix name" is because when the name was originally sold and locked down, there were several different Unix operating systems. At least three, which were all Unix, all derived from the same code. One group kept the name, the Open Group via AT&T and Novell.
In other words, it's kinda like asking "is Sierra actually Mac? I didn't know know Wozniak wrote it." Yes, new programmers can work on some software and it's still real. There have been 30 years of programmers between AT&T and modern Unix. It's still Unix.
There is a 3,700 page set of detailed specifications called the Single Unix Specification. A Unix system is defined as an operating system which is certified to meet all of those specs. The spec includes things like a Bourne-shell derived/bin/sh called the POSIX shell, ncurses, and 1,123 kernel and library functions.
Note the Unix spec describes (in detail) what a Unix *operating system* is, how it behaves and what it provides. Less than half of the spec deals with the *kernel*. The specs say the operating system must provide all of these different functions, which must work exactly as described. It does not specify *who* must write the functions. That's been true for 25 years. The pedigree of the kernel does not matter at all in terms of whether it's Unix. If you and I wrote an exact copy of Solaris Unix, so we ended up with the same operating system, that would be a Unix, if we got it certified showing we made a faithful copy - we met all specs correctly.
As far as the pedigree of the *kernel* goes, back in the AT&T days, AT&T licensed DEC, Microsoft, and others to create Unix systems. There were three major Unix systems. OSF/1 was one of those, BSD was another. OSF/1 (Open Software Foundation 1) used a modified version of a kernel built, for Unix systems, based on BSD Unix code, called mach. Years later, more code from BSD, mach, and other sources in the NeXTSTEP operating system. When Apple bought Next, they replaced much of the kernel code from NextSTEP with code from a different, more direct, descendant of OSF, which had been renamed OSFMFK, then modified it extensively to create XNU.
So yes there is some mach code in XNU. Mach was largely a reworking of kernel code from the Berkeley UNIX tapes. All of these kernels were designed for, and used in, Unix systems.
A list of Unix (tm) operating systems can be found here:
Yes, Mac is Unix. Not Unix-like, but actual UNIX (tm).
BSD (Berkeley Standard Distribution) used to be called Berkeley UNIX. It *was* UNIX, and the Unix hasn't been entirely removed. Some of the original Unix code was oown source and FreeBSD was built with that open source portion of Unix at it's core. Since then, UNIX and the BSDs have evolved separately, of course.
Solaris is real UNIX.
So yeah, all those MacBooks are running UNIX. It's pretty handy to have a UNIX that is approved and supported by corporate IT departments.
Ad hominem: No way I'm going to vote for that bill, the traitor Trump proposed that. He's a crook and he smells bad.
Note it doesn't mention the pros or cons of the policy, rather it attempts distract attention away from the policy by attacking a person associated with it.
Not ad hominem: Total tax rates of over 50% cause significant damage to the economy and are essentially immoral because it is taking from someone, by force. Any proposals for major policy changes at the federal level should first be proven at the state level, to the extent possible. As the recent letter from the AFL-CIO points out, Alexandria Ocasio-Cortez proposed massive new taxes and huge new federal bureacracies. Those bureacracies would be tasked with implementing policies which have utterly failed when they have been tried at the federal level. I won't vote for AOC because voting for her would be supporting these mistakes.
Note the reasons given are why the POLICIES or ideas are bad. The only mention of the person is that they are pushing bad policy.
ad hominem 1. in a way that is directed against a person rather than the position they are maintaining. "these points come from some of our best information sources, who realize they'll be attacked ad hominem" 2. in a way that relates to or is associated with a particular person.
An ad hominem would be "don't listen to Rosenberg", Rosenberg is an idiot.
Linus listed off the technical reasons that C++ doesn't work for the kernel. That's the "against the position they are maintaining" part of the definition of ad hominem. Linus did not attack "a particular person", he gave reasons why a particular idea, which he had already tried, did not work.
He then summarized by saying that one would do that only if you're "looking for problems".
An ad hominem names a person and attacks them, ignoring the idea they are proposing. The opposite of an ad hominem is to address the proposal, without naming any person.
What does it matter, why make the distinction? Because if you want to fix a problem, you must first identify the problem. We might first day that the wording is too strong. We might further observe that it's hyperbole - the summary of the conclusion significantly overstates what the evidence supports. Those are specific things we can address.
If we identify the problem as "ad hominem", we could stop that with a simple policy of "don't name individuals in a debate - mention only ideas, not people's names". That would stop ad hominem; it would not stop what Linus did.
By defining "correct" or "expected" hardware behavior as allowing Rowhammer to occur, one can even prove that the software (kernel) will do the right thing despite Rowhammer. That would be very interesting.
Probably more practical would be proving that no code path allows neighboring memory rows to be accessed at a rate faster than X clock cycles, where X is the speed required to Rowhammer.
Did Linus say that, or was that Accujack, commenting on Linus's words (on Reddit in 2013)?
Accujack's "brain dead" comment was his reaction to Linus's 2007 response to a troll saying it's "bullshit" that Linux didn't write git in C++. Linus's actual response to the troll explained what the technical problems are with C++ for such an application, and did mention that C++, in it's brokenness, does attract less capable programmers.
I'll skip the technical details and quote the part where Linus wasn't being very nice:
-- C++ is a horrible language. It's made more horrible by the fact that a lot of substandard programmers use it, to the point where it's much much easier to generate total and utter crap with it. [Technical details of problems with C++]
So I'm sorry, but for something like git, where efficiency was a primary objective, the "advantages" of C++ is just a huge mistake. The fact that we also piss off people who cannot see that is just a big additional advantage.
If you want a VCS that is written in C++, go play with Monotone. Really. They use a "real database". They use "nice object-oriented libraries". They use "nice C++ abstractions". --
Linus wasn't super nice to the person who called his work bullshit, and he did NOT say all C++ programmers are braindead. That was Accujack who said that, six years later.
Auditing the hardware is important. It's not part of auditing the software. They are two separate processes, both important.
The eventual goal (dream) is to prove the entire system, we prove as much of it as budget allows. To prove a system, we must identify the components and prove each component. That is, we must prove the hardware, we must prove the microcode, etc.
Hardware can be vulnerable to Rowhammer. Hardware can be proven to be vulnerable to Rowhammer, or not vulnerable. The definition of proving the hardware is that you prove it won't Rowhammer NO MATTER WHAT SOFTWARE IS RUN. Once you know the hardware can't have Rowhammer, you don't have to think about Rowhammer for a particular software, the hardware simply can't Rowhammer, period.
There is no code that can be vulnerable to Rowhammer when running on hardware that isn't vulnerable to Rowhammer. That seems obvious enough. Rephrasing that obvious fact: There is no code that contains a Rowhammer vulnerability.
Only hardware can be vulnerable to Rowhammer. Therefore we know that if we can prove a particular piece of hardware is not vulnerable, the system is not vulnerable.
We think about Rowhammer when we prove the hardware, not when we prove the software.
We know the hardware doing wrong things will cause the system to do wrong things. That's a given. We prove the software without care about any particular hardware because we prove the hardware at a different time, in fact it's a different group of people proving hardware. When proving the software, we know / assume it's running on proven hardware. We don't have to worry about hardware vulnerabilities while we're proving software. It's not that hardware can't have issues. It's that the hardware audit is a separate process.
> It IS a personal insult if you put all your best effort into something and the immediate reaction from the receiver is that it is stupid.
There are a lot of smart people here on Slashdot. If you handed out cadavers to all of us and had us "put all our best effort" into a practice brain surgery, approximately 100% of us would make several major mistakes.
Not because we're stupid, because we haven't mastered the application of a specific skill in a particular context.
Stupid people can do things well. For example, a lot of idiots are good at getting elected. Stephen Hawking is brilliant, and his cake decorating really, really sucks. He's smart, he hasn't mastered the particular skills of cake decorating.
Smart is having the ability to learn. Stupid is not learning. Bottom line, here's the difference between smart people and stupid people.
When they become aware that they did something stupid: Smart people learn from it and then know next time. Stupid people get offended.
I'm not an expert at everything - and I KNOW that.
That's awesome because thinking "don't know" equals "stupid" PREVENTS learning.
I'm not under the delusion that I'm an expert at everything, or that I'm supposed to be. I'm grateful that nobody ever put into
my head the idea that if I have room to learn, I suck, or am stupid. I would hate to have that wrong idea because a need to insist that you know everything prevents learning.
I can't count the number of times there has been discussion here on Slashdot and somebody posts a mistaken idea of what the law is. That's fine, if they aren't an employment attorney, they aren't SUPPOSED to know everything about employment law. I'll post the actual text of the law and far too often the person who guessed wrong gets defensive and has to try to argue that the law doesn't say what it says. The actual text of the law is "employers may not..." and they feel the need to argue it means "employers must", just because that was their first guess. They completely miss the opportunity to learn anything.
They have this crazy idea that if they were wrong, that means they're stupid, so they will go to any length to avoid recognizing that their first try was wrong, and therefore learning something. Thinking they are supposed to already know prevents them from ever knowing. Being afraid of LOOKING stupid ensures they permanently ARE stupid.
A couple of hours ago I posted a messages in my company chat practically beggingmy new co-workers to tell me what's not very good about the work I just did at my new job. I did that because I want to improve it. I would my work to *actually* be good, so I want to know how to improve it, rather than me just pretending it's good. Why? Because of how and why I got hired here.
At my last job, two months ago, I was teaching classes, making presentations to educate co-workers about security and programming topics, with a side-dish of law. I really enjoyed doing that and wanted to do more of it, but I knew I wasn't great at it. I earnestly asked my co-workers / students for feedback after every presentation, telling them I needed their help to improve. Three weeks ago I landed what may be my dream job. I'll now spend my days mentoring my a thousand programmers on security and creating robust software systems - and getting paid quite well to do it. I got this job because I was able to talk about how I had taught programmers at my last job, the successes in mentoring. I never would have had success mentoring if I wasn't constantly asking co-workers to tell me how they think I could improve.
A distinction with Linus is that generally he calls some piece of CODE ugly or stupid, not a -person-. In the vast majority of cases, anyway. I've written a lot of stupid code, and I'll call my own stupid code stupid. I've written code that has a comment saying "this is ugly, but don't try to fix it because....".
I've written plenty of stupid and ugly code. I'm not stupid*. I think in Linus's mind that distinction is so obvious that he forgets it's not so obvious to some other people. He forgets that other people take "this code is still crap" as a -personal-insult; they hear him saying something about them, as opposed to saying something about the code. That's normal. It's just not how Linus thinks, and I personally have had to practice keeping in mind that people take things personally. -I- don't mind if you tell me my Makefile is goofy ASF. It probably is. That doesn't inply anything about me, other than that I'm not the King Guru of makefiles.
Yes you can prove that it is unaffected by known, enumerated side-channel attacks in the processor / chipset.
You can't prove it would be unaffected by unknown CPU side-channel.
ALSO you can prove that there are no side channels in the code itself - you can enumerate the state parameters which affect the functioning of the code, both internal and external state parameters.
The distinction becomes important when you start proving more than one component of the system. If you prove the library code - including against aide channels in the code, and you prove any kernel - including kernel side channels, and you prove the microcode - including microcode side channels, and you prove the hardware - including hardware side-channels, then you've proved the system to be free of side channels, and the application code, then you've proved the system.
In proving the system, you prove that the output state is identical *per the specification*. If you specify "identical state" as high and low CMOS output, you'll have no side channels re high vs low - but you could still have a high at 3.28 volts vs a high at 3.29 volts.
That's true. One can prove that a particular function is correct, that their code is correct. In this case, library code.
Proving the CPU hardware and microcode is a separate step. Proving the code that USES their library is yet another thing.
All of these can be done. It's just expensive, so you use the simplest thing that will get the job done - prove a little MCU used as a cryto co-processor, not a complex Intel CPU.
I think you're absolutely right. I'm a nerd and I was bored to tears in school.
Fortunately, here in Garland (a suburb of Dallas), we have a lot of choices in public schools. Several good magnet programs, flexible options which let the student learn at their own accelerated pace. At least, that's the sales pitch. The Academy for Excellence program LOOKS like it will be pretty good for her.
We'll see. The typical track with Academy for Excellence is that they graduate high school with a associate's degree, so they are two years ahead - after twelve yeara. We'll, she's already two years ahead, so if she continues to learn faster than average, she's going to need to something more accelerated than the "standard accelerated" track.
Fortunately, being in preschool she's had the opportunity to practice social skills, and she's tall, so she'd fit in okay if she akips a grade soon, then maybe a few years later another grade.
I'm curious to get the test results back because to me it seems like she is probably in the top 1%, but I'm a tad biased.:) Actually her cousin is something like 99.9 percentile and she just might be smarter than him, so this could be a challenge.
It was funny when she was two or three years old and we'd have a conversation like this:
3yo: Can we go to the playground? Dad: I'm sorry, I'm too tired to go to the park. 3yo: Okay, I'll be quiet so you can nap, then we can go to the park.
Hard to argue with that.:) If she keeps getting better, though, Mom is going to have a heck of a time.
You said "If Walmart, etc., was only speaking by saying how great something was". I think there is a word for that. "Speaking on television about how great the product is" is normally called "advertising".
There have been several cases pitting Sherman anti-trust vs the First Amendment, where established media players colluded to keep new companies out.
Justice Black wrote:
"It would be strange indeed, however, if the grave concern for freedom of the press which prompted adoption of the First Amendment should be read as a command that the government was without power to protect that freedom. The First Amendment, far from providing an argument against application of the Sherman Act, here provides powerful reasons to the contrary. That Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public, that a free press is a condition of a free society. Surely a command that the government itself shall not impede the free flow of ideas does not afford non-governmental combinations a refuge if they impose restraints upon that constitutionally guaranteed freedom. Freedom to publish means freedom for all and not for some. Freedom to publish is guaranteed by the Constitution, but freedom to combine to keep others from publishing is not.â
Imagine if Walmart, Target, Albertsons/Tom Thumb/Safeway, and Whole Foods / Amazon got together and came up with ways of making it harder for new companies to compete with them. It's ilegal for the established companies in a market, competitors, to collude to try to keep out new competitors.
The Motion Picture Academy is basically the major Hollywood studios; their decision to exclude Netflix and other new companies is about the major studios trying to disadvantage competition from the newer companies, according to the Justice Department.
ONE studio can do what it wants to try to cause problems for streaming services. It would be ilegal for them to collude in an anti-competitive conspiracy.
Factually, I don't know if the Academy is controlled by the major studios, but that's the law - if in fact the governors of the academy are trying to protect their employers by disadvantaging streaming services.
I guess some people like Lego because it's an easy way to build simple things. You can snap something together in a couple hours. They plan to add Python to the Lego set, because Python is also easy, suitable for kids.
People like to snap something together in a couple hours with Lego. Same reason they like Python and PHP.
Oddly, nobody makes the mistake of thinking Lego, being easy, are a good way to build mission critical systems that your company relies on.
Then they seem to think that it's impossible to prevent production systems crashing, occasional data corruption, etc. Yeah it's pretty tough to prevent problems if you build enterprise applications using the same tools and techniques that children use in their play.
I might get this new Lego set for my daughter. She really enjoys Lego and is good at it - building things well beyond what most people would call "age appropriate". Might should wait a year, though. She breezes through second grade (age 7) schoolwork - and she's four.
According to this study, Canada is warming much faster than the US. Canada has much much liberaliam than the US. Thesis: Liberalism causes climate change.
If they know ANYONE who will do it for $15/hour, I have a house that needs cleaned, a lawn that needs mowed, a pool needs painting, lots of stuff. Send them my way! I'll gladly pay $20/hour, assuming they aren't a crackhead.
If you save the extra money during good weeks, spending only what you make ON AVERAGE, you can quickly have three months of expenses saved and then you're not so scared about bad weeks.
Where I live and frok my perspective, I don't see any desperation or lack of full-time jobs. We probably live in different places, though. Anyway, you mentioned something that reminded me of something interesting.
> low-skill stuff like yard work, house cleaning, dog walking and so on.
Funny thing about that is the going rate for someone to cut your grass or clean your house is about $30/hour here in Dallas. (Roughly equivalent to $50/hour on the coast), yet the vast majority of people lacking marketable skills would rather make $12 / hour at a "regular job".
I've talked to a lot of people because I like to help young people get started and convicts get re-started and the number of people who choose $12/hour working for someone else rather than $30-$40/hour working for themselves is surprising to me.
It seems there are at least two reasons. A somewhat logical reason is that they want consistency. Doing gigs you don't know if you'll make $400 this week or $550. People like consistency so much they prefer to know they'll make $400 working at the mall.
A purely emotional reason is that people are so nervous about having their own business - despite the fact they know many twelve year old kids mow lawns. They might personally know a 12 year old who mows 10 lawns every week for $300, yet they work 30 hours for the same money because their nervous about whether they can do the same thing that kids all over America do.
In the US, it is a crime to negligently allow it to leave the proper secured systems. Negligent means "not being careful". One recent example of someone who was prosecuted is a Navy sailor who sent home a selfie - aboard ship. The interior of US Navy ships are classified.
A manager who carries papers around in a briefcase could be prosecuted for accidentally leaving a classified document in their briefcase and taking it home. With the security clearance comes a legal duty to be careful - to check that all of the classified documents are removed before taking a briefcase home.
The US inherited English law, then added the Bill for Rights, and that formula means in most areas of long-standing general law, law will be similar modulo Constitutional rights - meaning if it's unlawful in the US, it also probably unlawful in England and Wales.
That matters because by treaty a defendant can be extradited only if it's illegal in BOTH places. Hence, a US citizen can't be extradited to the UK for exercising their 1st amendment rights, a UK citizen who broke US law in this regard aomost certainly also broke UK law and can be extradited.
Of course it happened partly in Las Vegas.
Looking at the actual UK statutes, we see they follow the pattern. See section 21 of the Theft Act 1968 and sections 29 and 30 of the Larceny Act 1916. We find that what the US calls extortion is also illegal in the UK. The difference is switching the terms extortion and blackmail. The implied difference is that in the US, courts would have to balance first amendment rights - you're allowed to say mean things to people, so the threat has to be clear in the US.
Slashdot Mirror
Yeah I started to say "system interfaces, which can be provided by the kernel or libraries", but that paragraph was long enough already.
It would be rather difficult to make a Unix system using a kernel that wasn't designed to be at least Unix-like, though. You'd probably end up with either emulation or at least something like Wine, it would be non-native. The Linux kernel and the typical Unix system is designed to be like Unix, and therefore it's easy enough to make a Linux system comply.
The Mac OS *kernel* comes from AT&T via DEC and others. Anyway, thirty years ago, AT&T sold the Unix name, and 25 years ago it was transferred to the Open Group, so it's been 30 years since Unix and and AT&T parted ways, 25 years since the Unix name went open. The reason I say "the Unix name" is because when the name was originally sold and locked down, there were several different Unix operating systems. At least three, which were all Unix, all derived from the same code. One group kept the name, the Open Group via AT&T and Novell.
In other words, it's kinda like asking "is Sierra actually Mac? I didn't know know Wozniak wrote it." Yes, new programmers can work on some software and it's still real. There have been 30 years of programmers between AT&T and modern Unix. It's still Unix.
There is a 3,700 page set of detailed specifications called the Single Unix Specification. A Unix system is defined as an operating system which is certified to meet all of those specs. The spec includes things like a Bourne-shell derived /bin/sh called the POSIX shell, ncurses, and 1,123 kernel and library functions.
Note the Unix spec describes (in detail) what a Unix *operating system* is, how it behaves and what it provides. Less than half of the spec deals with the *kernel*. The specs say the operating system must provide all of these different functions, which must work exactly as described. It does not specify *who* must write the functions. That's been true for 25 years. The pedigree of the kernel does not matter at all in terms of whether it's Unix. If you and I wrote an exact copy of Solaris Unix, so we ended up with the same operating system, that would be a Unix, if we got it certified showing we made a faithful copy - we met all specs correctly.
As far as the pedigree of the *kernel* goes, back in the AT&T days, AT&T licensed DEC, Microsoft, and others to create Unix systems. There were three major Unix systems. OSF/1 was one of those, BSD was another. OSF/1 (Open Software Foundation 1) used a modified version of a kernel built, for Unix systems, based on BSD Unix code, called mach. Years later, more code from BSD, mach, and other sources in the NeXTSTEP operating system. When Apple bought Next, they replaced much of the kernel code from NextSTEP with code from a different, more direct, descendant of OSF, which had been renamed OSFMFK, then modified it extensively to create XNU.
So yes there is some mach code in XNU. Mach was largely a reworking of kernel code from the Berkeley UNIX tapes. All of these kernels were designed for, and used in, Unix systems.
A list of Unix (tm) operating systems can be found here:
https://www.opengroup.org/open...
> Does anyone run Unix these days?
Yes, Mac is Unix. Not Unix-like, but actual UNIX (tm).
BSD (Berkeley Standard Distribution) used to be called Berkeley UNIX. It *was* UNIX, and the Unix hasn't been entirely removed. Some of the original Unix code was oown source and FreeBSD was built with that open source portion of Unix at it's core. Since then, UNIX and the BSDs have evolved separately, of course.
Solaris is real UNIX.
So yeah, all those MacBooks are running UNIX. It's pretty handy to have a UNIX that is approved and supported by corporate IT departments.
>It's also difficult to decorate a cake from beyond the grave, even if you aren't mostly paralyzed.
I imagine you're probably right. :)
I don't know for sure, he *could* be in a cake decorating class with Saint Francis right now.
Perhaps I can summarize my point more succinctly:
Ad hominem:
No way I'm going to vote for that bill, the traitor Trump proposed that. He's a crook and he smells bad.
Note it doesn't mention the pros or cons of the policy, rather it attempts distract attention away from the policy by attacking a person associated with it.
Not ad hominem:
Total tax rates of over 50% cause significant damage to the economy and are essentially immoral because it is taking from someone, by force. Any proposals for major policy changes at the federal level should first be proven at the state level, to the extent possible. As the recent letter from the AFL-CIO points out, Alexandria Ocasio-Cortez proposed massive new taxes and huge new federal bureacracies. Those bureacracies would be tasked with implementing policies which have utterly failed when they have been tried at the federal level. I won't vote for AOC because voting for her would be supporting these mistakes.
Note the reasons given are why the POLICIES or ideas are bad. The only mention of the person is that they are pushing bad policy.
Linus can be a dick, no doubt about that.
https://www.google.com/search?...
ad hominem
1.
in a way that is directed against a person rather than the position they are maintaining.
"these points come from some of our best information sources, who realize they'll be attacked ad hominem"
2.
in a way that relates to or is associated with a particular person.
An ad hominem would be "don't listen to Rosenberg", Rosenberg is an idiot.
Linus listed off the technical reasons that C++ doesn't work for the kernel. That's the "against the position they are maintaining" part of the definition of ad hominem. Linus did not attack "a particular person", he gave reasons why a particular idea, which he had already tried, did not work.
He then summarized by saying that one would do that only if you're "looking for problems".
An ad hominem names a person and attacks them, ignoring the idea they are proposing. The opposite of an ad hominem is to address the proposal, without naming any person.
What does it matter, why make the distinction? Because if you want to fix a problem, you must first identify the problem. We might first day that the wording is too strong. We might further observe that it's hyperbole - the summary of the conclusion significantly overstates what the evidence supports. Those are specific things we can address.
If we identify the problem as "ad hominem", we could stop that with a simple policy of "don't name individuals in a debate - mention only ideas, not people's names". That would stop ad hominem; it would not stop what Linus did.
By defining "correct" or "expected" hardware behavior as allowing Rowhammer to occur, one can even prove that the software (kernel) will do the right thing despite Rowhammer. That would be very interesting.
Probably more practical would be proving that no code path allows neighboring memory rows to be accessed at a rate faster than X clock cycles, where X is the speed required to Rowhammer.
Did Linus say that, or was that Accujack, commenting on Linus's words (on Reddit in 2013)?
Accujack's "brain dead" comment was his reaction to Linus's 2007 response to a troll saying it's "bullshit" that Linux didn't write git in C++. Linus's actual response to the troll explained what the technical problems are with C++ for such an application, and did mention that C++, in it's brokenness, does attract less capable programmers.
I'll skip the technical details and quote the part where Linus wasn't being very nice:
--
C++ is a horrible language. It's made more horrible by the fact that a lot of substandard programmers use it, to the point where it's much much easier to generate total and utter crap with it.
[Technical details of problems with C++]
So I'm sorry, but for something like git, where efficiency was a primary objective, the "advantages" of C++ is just a huge mistake. The fact that we also piss off people who cannot see that is just a big additional advantage.
If you want a VCS that is written in C++, go play with Monotone. Really. They use a "real database". They use "nice object-oriented libraries". They use "nice C++ abstractions".
--
Linus wasn't super nice to the person who called his work bullshit, and he did NOT say all C++ programmers are braindead. That was Accujack who said that, six years later.
Auditing the hardware is important. It's not part of auditing the software. They are two separate processes, both important.
The eventual goal (dream) is to prove the entire system, we prove as much of it as budget allows. To prove a system, we must identify the components and prove each component. That is, we must prove the hardware, we must prove the microcode, etc.
Hardware can be vulnerable to Rowhammer.
Hardware can be proven to be vulnerable to Rowhammer, or not vulnerable. The definition of proving the hardware is that you prove it won't Rowhammer NO MATTER WHAT SOFTWARE IS RUN. Once you know the hardware can't have Rowhammer, you don't have to think about Rowhammer for a particular software, the hardware simply can't Rowhammer, period.
There is no code that can be vulnerable to Rowhammer when running on hardware that isn't vulnerable to Rowhammer. That seems obvious enough. Rephrasing that obvious fact:
There is no code that contains a Rowhammer vulnerability.
Only hardware can be vulnerable to Rowhammer. Therefore we know that if we can prove a particular piece of hardware is not vulnerable, the system is not vulnerable.
We think about Rowhammer when we prove the hardware, not when we prove the software.
We know the hardware doing wrong things will cause the system to do wrong things. That's a given. We prove the software without care about any particular hardware because we prove the hardware at a different time, in fact it's a different group of people proving hardware. When proving the software, we know / assume it's running on proven hardware. We don't have to worry about hardware vulnerabilities while we're proving software. It's not that hardware can't have issues. It's that the hardware audit is a separate process.
> It IS a personal insult if you put all your best effort into something and the immediate reaction from the receiver is that it is stupid.
There are a lot of smart people here on Slashdot.
If you handed out cadavers to all of us and had us "put all our best effort" into a practice brain surgery, approximately 100% of us would make several major mistakes.
Not because we're stupid, because we haven't mastered the application of a specific skill in a particular context.
Stupid people can do things well. For example, a lot of idiots are good at getting elected. Stephen Hawking is brilliant, and his cake decorating really, really sucks. He's smart, he hasn't mastered the particular skills of cake decorating.
Smart is having the ability to learn. Stupid is not learning.
Bottom line, here's the difference between smart people and stupid people.
When they become aware that they did something stupid:
Smart people learn from it and then know next time.
Stupid people get offended.
Here's the thing:
I'm not an expert at everything - and I KNOW that.
That's awesome because thinking "don't know" equals "stupid" PREVENTS learning.
I'm not under the delusion that I'm an expert at everything, or that I'm supposed to be. I'm grateful that nobody ever put into
my head the idea that if I have room to learn, I suck, or am stupid. I would hate to have that wrong idea because a need to insist that you know everything prevents learning.
I can't count the number of times there has been discussion here on Slashdot and somebody posts a mistaken idea of what the law is. That's fine, if they aren't an employment attorney, they aren't SUPPOSED to know everything about employment law. I'll post the actual text of the law and far too often the person who guessed wrong gets defensive and has to try to argue that the law doesn't say what it says. The actual text of the law is "employers may not ..." and they feel the need to argue it means "employers must", just because that was their first guess. They completely miss the opportunity to learn anything.
They have this crazy idea that if they were wrong, that means they're stupid, so they will go to any length to avoid recognizing that their first try was wrong, and therefore learning something. Thinking they are supposed to already know prevents them from ever knowing. Being afraid of LOOKING stupid ensures they permanently ARE stupid.
A couple of hours ago I posted a messages in my company chat practically beggingmy new co-workers to tell me what's not very good about the work I just did at my new job. I did that because I want to improve it. I would my work to *actually* be good, so I want to know how to improve it, rather than me just pretending it's good. Why? Because of how and why I got hired here.
At my last job, two months ago, I was teaching classes, making presentations to educate co-workers about security and programming topics, with a side-dish of law. I really enjoyed doing that and wanted to do more of it, but I knew I wasn't great at it. I earnestly asked my co-workers / students for feedback after every presentation, telling them I needed their help to improve. Three weeks ago I landed what may be my dream job. I'll now spend my days mentoring my a thousand programmers on security and creating robust software systems - and getting paid quite well to do it. I got this job because I was able to talk about how I had taught programmers at my last job, the successes in mentoring. I never would have had success mentoring if I wasn't constantly asking co-workers to tell me how they think I could improve.
A distinction with Linus is that generally he calls some piece of CODE ugly or stupid, not a -person-. In the vast majority of cases, anyway. I've written a lot of stupid code, and I'll call my own stupid code stupid. I've written code that has a comment saying "this is ugly, but don't try to fix it because ....".
I've written plenty of stupid and ugly code. I'm not stupid*. I think in Linus's mind that distinction is so obvious that he forgets it's not so obvious to some other people. He forgets that other people take "this code is still crap" as a -personal-insult; they hear him saying something about them, as opposed to saying something about the code. That's normal. It's just not how Linus thinks, and I personally have had to practice keeping in mind that people take things personally. -I- don't mind if you tell me my Makefile is goofy ASF. It probably is. That doesn't inply anything about me, other than that I'm not the King Guru of makefiles.
* I am ugly
Not disagreeing, just clarifying.
Yes you can prove that it is unaffected by known, enumerated side-channel attacks in the processor / chipset.
You can't prove it would be unaffected by unknown CPU side-channel.
ALSO you can prove that there are no side channels in the code itself - you can enumerate the state parameters which affect the functioning of the code, both internal and external state parameters.
The distinction becomes important when you start proving more than one component of the system. If you prove the library code - including against aide channels in the code, and you prove any kernel - including kernel side channels, and you prove the microcode - including microcode side channels, and you prove the hardware - including hardware side-channels, then you've proved the system to be free of side channels, and the application code, then you've proved the system.
In proving the system, you prove that the output state is identical *per the specification*. If you specify "identical state" as high and low CMOS output, you'll have no side channels re high vs low - but you could still have a high at 3.28 volts vs a high at 3.29 volts.
That's true. One can prove that a particular function is correct, that their code is correct. In this case, library code.
Proving the CPU hardware and microcode is a separate step. Proving the code that USES their library is yet another thing.
All of these can be done. It's just expensive, so you use the simplest thing that will get the job done - prove a little MCU used as a cryto co-processor, not a complex Intel CPU.
I think you're absolutely right. I'm a nerd and I was bored to tears in school.
Fortunately, here in Garland (a suburb of Dallas), we have a lot of choices in public schools. Several good magnet programs, flexible options which let the student learn at their own accelerated pace. At least, that's the sales pitch. The Academy for Excellence program LOOKS like it will be pretty good for her.
We'll see. The typical track with Academy for Excellence is that they graduate high school with a associate's degree, so they are two years ahead - after twelve yeara. We'll, she's already two years ahead, so if she continues to learn faster than average, she's going to need to something more accelerated than the "standard accelerated" track.
Fortunately, being in preschool she's had the opportunity to practice social skills, and she's tall, so she'd fit in okay if she akips a grade soon, then maybe a few years later another grade.
I'm curious to get the test results back because to me it seems like she is probably in the top 1%, but I'm a tad biased. :) Actually her cousin is something like 99.9 percentile and she just might be smarter than him, so this could be a challenge.
It was funny when she was two or three years old and we'd have a conversation like this:
3yo: Can we go to the playground?
Dad: I'm sorry, I'm too tired to go to the park.
3yo: Okay, I'll be quiet so you can nap, then we can go to the park.
Hard to argue with that. :)
If she keeps getting better, though, Mom is going to have a heck of a time.
Interesting point.
You said "If Walmart, etc., was only speaking by saying how great something was". I think there is a word for that. "Speaking on television about how great the product is" is normally called "advertising".
There have been several cases pitting Sherman anti-trust vs the First Amendment, where established media players colluded to keep new companies out.
Justice Black wrote:
"It would be strange indeed, however, if the grave concern for freedom of the press which prompted adoption of the First Amendment should be read as a command that the government was without power to protect that freedom. The First Amendment, far from providing an argument against application of the Sherman Act, here provides powerful reasons to the contrary. That Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public, that a free press is a condition of a free society. Surely a command that the government itself shall not impede the free flow of ideas does not afford non-governmental combinations a refuge if they impose restraints upon that constitutionally guaranteed freedom. Freedom to publish means freedom for all and not for some. Freedom to publish is guaranteed by the Constitution, but freedom to combine to keep others from publishing is not.â
https://www.law.cornell.edu/co...
Imagine if Walmart, Target, Albertsons/Tom Thumb/Safeway, and Whole Foods / Amazon got together and came up with ways of making it harder for new companies to compete with them. It's ilegal for the established companies in a market, competitors, to collude to try to keep out new competitors.
The Motion Picture Academy is basically the major Hollywood studios; their decision to exclude Netflix and other new companies is about the major studios trying to disadvantage competition from the newer companies, according to the Justice Department.
ONE studio can do what it wants to try to cause problems for streaming services. It would be ilegal for them to collude in an anti-competitive conspiracy.
Factually, I don't know if the Academy is controlled by the major studios, but that's the law - if in fact the governors of the academy are trying to protect their employers by disadvantaging streaming services.
I guess some people like Lego because it's an easy way to build simple things. You can snap something together in a couple hours. They plan to add Python to the Lego set, because Python is also easy, suitable for kids.
People like to snap something together in a couple hours with Lego. Same reason they like Python and PHP.
Oddly, nobody makes the mistake of thinking Lego, being easy, are a good way to build mission critical systems that your company relies on.
Then they seem to think that it's impossible to prevent production systems crashing, occasional data corruption, etc. Yeah it's pretty tough to prevent problems if you build enterprise applications using the same tools and techniques that children use in their play.
I might get this new Lego set for my daughter. She really enjoys Lego and is good at it - building things well beyond what most people would call "age appropriate". Might should wait a year, though. She breezes through second grade (age 7) schoolwork - and she's four.
Yes, I realize she's probably smarter than me.
According to this study, Canada is warming much faster than the US.
Canada has much much liberaliam than the US.
Thesis: Liberalism causes climate change.
If they know ANYONE who will do it for $15/hour, I have a house that needs cleaned, a lawn that needs mowed, a pool needs painting, lots of stuff. Send them my way! I'll gladly pay $20/hour, assuming they aren't a crackhead.
Well I have several joba that need done. I'll pay $25/hour. :)
If you save the extra money during good weeks, spending only what you make ON AVERAGE, you can quickly have three months of expenses saved and then you're not so scared about bad weeks.
This simple, but not easy.
Where I live and frok my perspective, I don't see any desperation or lack of full-time jobs. We probably live in different places, though. Anyway, you mentioned something that reminded me of something interesting.
> low-skill stuff like yard work, house cleaning, dog walking and so on.
Funny thing about that is the going rate for someone to cut your grass or clean your house is about $30/hour here in Dallas. (Roughly equivalent to $50/hour on the coast), yet the vast majority of people lacking marketable skills would rather make $12 / hour at a "regular job".
I've talked to a lot of people because I like to help young people get started and convicts get re-started and the number of people who choose $12/hour working for someone else rather than $30-$40/hour working for themselves is surprising to me.
It seems there are at least two reasons. A somewhat logical reason is that they want consistency. Doing gigs you don't know if you'll make $400 this week or $550. People like consistency so much they prefer to know they'll make $400 working at the mall.
A purely emotional reason is that people are so nervous about having their own business - despite the fact they know many twelve year old kids mow lawns. They might personally know a 12 year old who mows 10 lawns every week for $300, yet they work 30 hours for the same money because their nervous about whether they can do the same thing that kids all over America do.
In the US, it is a crime to negligently allow it to leave the proper secured systems. Negligent means "not being careful". One recent example of someone who was prosecuted is a Navy sailor who sent home a selfie - aboard ship. The interior of US Navy ships are classified.
A manager who carries papers around in a briefcase could be prosecuted for accidentally leaving a classified document in their briefcase and taking it home. With the security clearance comes a legal duty to be careful - to check that all of the classified documents are removed before taking a briefcase home.
The US inherited English law, then added the Bill for Rights, and that formula means in most areas of long-standing general law, law will be similar modulo Constitutional rights - meaning if it's unlawful in the US, it also probably unlawful in England and Wales.
That matters because by treaty a defendant can be extradited only if it's illegal in BOTH places. Hence, a US citizen can't be extradited to the UK for exercising their 1st amendment rights, a UK citizen who broke US law in this regard aomost certainly also broke UK law and can be extradited.
Of course it happened partly in Las Vegas.
Looking at the actual UK statutes, we see they follow the pattern. See section 21 of the Theft Act 1968 and sections 29 and 30 of the Larceny Act 1916. We find that what the US calls extortion is also illegal in the UK. The difference is switching the terms extortion and blackmail. The implied difference is that in the US, courts would have to balance first amendment rights - you're allowed to say mean things to people, so the threat has to be clear in the US.