3000 ads per day, eh? There's 86400 seconds in a day, so that means an advert every ever 28.8 seconds, assuming they're watching 24 hours per day. Since you're saying that kids watch 28 hours per week (ie 4 hours per day), and we can assume they are at least average, the rate you're claiming is actually 3000 adverts in four hours per day, which is an advert every 4.8 seconds. So I think you're talking nonsense.
Cold Fusion. Mormons. The SCO court case. This CP80 nonsense. The Barney Clark artificial heart circus. Has anything worthwhile ever come out of Utah? It appears these days that you won't go far wrong if you simply regard `Utah' as proof that an idea is wrong.
Porn can't be defined. What's porn in Iran isn't porn in Sweden, and more to the point what's porn in De Smet Indiana probably isn't going to excite people in a San Francisco bathhouse. Community Standards, yes?
And secondly, if people want to protect their children from porn, they have plenty of choices. The market provides ISPs that do the filtering (yes, Daddy can't then have fun at night: tough). You can put a machine running squidguard in circuit as a transparent proxy. You can make sure you don't use a computer as an electronic baby sitter, and locate it in the room where other people are around. Or, if you feel that strongly, you can simply not have a computer or not permit your children to use the web.
Why is that so many Americans can't take responsibility for their own lives? They're quick to mouth off about socialist Europe, but then want solutions imposed by the government to problems that you're perfectly capable of solving yourselves. If you want to protect your children from X, protect your children from X.
And before someone comes along with `` you'd understand if you were a parent'', I am a parent. Of two children.
Why spend $4.5billion of something which will either confirm what the bible says, and therefore be superfluous, or contradict what the bible says, and therefore be heretical?
Yes, there are lots of problems with the laws on Corporate Manslaughter, and I don't believe many prosecutions have succeeded. The standard of responsibility in the Health and Safety at Work act is high (I think you have to show reckless disregard or similar, which is very hard), and there's a lot of discussion about changing it. I can't remember the outcome of the most obvious case, which was the Herald of Free Enterprise disaster. But I suspect that the poster I'm replying to thinks ``history of the world'' means ``history of the USA''. I don't know enough about US law to comment on that.
In the UK, there's a slim possibly that under certain circumstances retailers are liable for what's in the package. During Goldsmith vs. Pressdram (younger readers see footnote) Goldsmith's lawyers argued that Private Eye was so obviously a pit of vipers that retailers should be on notice that they sold it at their own risk. They brought suit against retailers and distributors. All along, WH Smith had declined to sell the Eye, fearing precisely this scenario (not merely are they a major presence in the high street, but they're one of the UK's largest wholesalers of newspapers and magazines).
The case was eventually settled out of court, and I don't think this avenue was ever closed down. It's possible, therefore, that if a particular producer became notorious for producing stuff that had copyright or libel issues, retailers might need to run a test case through to see if they escape vicarious liability. I doubt this applies in this case (although if Sony did this a few times it might), and I'd be happy for a lawyer to tell me there's a governing case since the mid-seventies.
On the other hand, the government has made it clear to people involved in RoHS (Reducation of Hazardous Substances --- for example lead) that just waving a certificate from your supplier saying they're lead free doesn't absolve you of responsibility. You're supposed to do a risk assessment of how likely it is that they're lying, and proceed accordingly. So if you're buying components from two blokes in a lockup in Walthamstowe, you're expected to apply more care, and do more testing, than if you're getting them from a major distributor. So in that case, it could be argued that if Sony buy stuff from a small company, they should perform more due diligence than if they were buying it from Microsoft.
Tricky, isn't it?
Footnote. James Goldsmith (whom younger readers will remember from the Referendum Party debacle, when he ran against David Mellor in 1997) sued Private Eye, published by Pressdram Ltd, in the mid-70s. The issue was a series of stories that alleged, in essence, that he had been involved in the hounding to death of a young man (Dominic Elwes, from memory) and in a conspiracy to conceal Lord Lucan (alive or dead, I can't remember). It escalated to criminal libel charges, but eventually --- when the toxic publicity got in the way of his political and publishing ambitions --- it was settled out of court.
Broadly Goldsmith was reduced to a figure of fun, and certainly the allegations reached a wider audience than had he shut up about it. In those days newspapers were far more reluctant to print allegations about the rich and famous than they are today, so the Eye's stories only really made it out to its (then far smaller) readership. But the case nearly broke Richard Ingrams, the then editor of the Eye. His successor, Ian Hislop, fought some monumental libel battles, particularly that with Sonia Sutcliffe, but none had the focussed venom of Goldsmith.
At a tangent from a tangent, Goldsmith's knighthood, in the infamous Wilson resignation (dis)honours list (aka The Lavender List, from the paper Wilson's secretary / advisor / alleged lover Marcia Falkender is supposed to have written it on) was for services to ecology and export. But his brother is/was the ecologist and his companies at the time weren't really exporters from the UK.
The suggestion has been made that it was a private joke with Wilson, or more particularly with Falkender, who had some connections with Goldsmith's set. In this interpretation, ecology was ``cleaning up'' Private Eye (which had gunned for Wislon and Falkender, particularly over The Slagheap Affair, the details of which escape me at this distance) and export was the export of Lord Lucan.
It would be nice, now that all the parties are dead, for the truth to emerge. But now all the parties are dead, no one really cares enough.
People driving at 71mph on a motorway are highly likely to be driving their own car, with real number plates, to the house held in their name to which the speeding notice can be sent.
Criminals will have a far higher chance of driving cars that are on false plates, or aren't theirs, or which are registered to fictitious addresses, or are stolen. It's like the congestion charge: it's a tax on the middle classes, because the methods and consequences of evasion have the wrong risk/reward profile for them.
UTC != GMT. GMT is either UT0 or UT1. Neither have leap seconds because their second really is an 86400th of the average day. UT1 is corrected for the difference between the geographical pole and the rotational pole.
TAI is the ticking of the atomic clocks.
UTC is TAI plus an integer offset to keep it within a second of UT1.
Leap seconds are when that integer offset is changed. They can in principle be double, or negative, or double negative. There has never been a negative leap second, but that doesn't mean they're not possible.
There was a bill in front of the UK Parliament when the Major government fell, which hasn't been re-introduced by the Blair government, to change UK `legal' time from GMT to UTC. In practice, UK legal time _is_ UTC simply because getting hold of UT1 is almost impossible. MSF and DCF77 (the UK and German equivalents of WWV)transmit UTC, and almost everyone uses either those or GPS. If, say, BT wanted to switch between peak and low rate charging at 1800 GMT, I have no idea where they'd obtain a reference from. So they use UTC (I know, because I've helped sort out NTP from MSF and GPS references for kit in the BT network).
I take it you object to, and try to avoid, adverts in newspapers and magazines? The same argument applies: you've paid for the publication, so why should you look at adverts?
The dangling pointer is the key issue, spotting that gets() is unsafe gets bonus points.
So why not frame your question in terms which only admit the answer you're looking for? The same question but using fgets highlights the dangling pointer issue. I spotted both, obviously, but I'd regard the dangling pointer as a bug that would get caught in development while I'd regard the use of gets as far more insidious. After all, with the dangling pointer, the code simply won't work on most architectures. gets `works', and the reasons why it's crap won't be shown by anything this side of very agressive testing.
I've been writing C on and off for twenty years, and I'm worried by the phrase ``the answer''. It'll crash and burn because the uninitialised pointed s is going to point into unallocated memory. But no-one should be using gets in the first place, even if they have initalised the space, because it doesn't make any checks on the memory it has available to it.
But if the point is to show how exploits are written, it's not a terribly good example. My understanding is that the menance for stack smashing is not this mistake:
char *s = malloc (100);
gets (s);
but this
char s[100];
gets (s);
The critical difference is that in the latter case, the buffer exists on the stack, so a later user of it can overrun it and mangle the frame pointer. I'm not an elite hacker dude, so I may be wrong here.
For many years, the US has held a lead in technology, science and business. A lot of that was down to a high-quality educational system, one which many of us outside the USA admired. Now you're fucking it up, but government fiat. Sad for you. Good for my children.
``Patent Concerns'' were at the root of the F&P debacle. Because they wanted to patent things (or at least the University
wanted to patent things) they didn't get adequate peer review. The careers of two (I believe) distinguished electrochemists wouldn't have ended in humiliation had they simply got a few physicists to cast their eyes over the data.
Triple DES is only 113 (not 112) bits if you have sufficient resources to perform a meet-in-the-middle attack. And that's assuming you have a known block of plaintext, or can spot a correct decryption from one block, which is quite a leap. To perform a meet-in-the-middle attack on DES you need to be able to store 2^56 eight-byte blocks, or 2^59 bytes. A petabyte is 2^50, so you'd need of the order of 500PBytes of storage (and the time to actually fill it) in order to do a M-i-t-M attack. That's plausible for very special requirements, but I can't see it being used on any sort of regular basis.
But fire supression isn't as easy as you make out. In the machine hall I manage I have the usual underfloor, main space and ceiling void vesda early detection, plus automated dumping of extinguishant. However, as Halon has been illegal for new construction in the EU since the early 90s, it's CO2. So there's a motion sensor system to avoid killing people inside.
But the whole idea of machine rooms as dangerous fire sources dates back to valves, three-phase and lots of paper dust. Mine is in the middle of a mixed office/manufacturing complex, and it's far mkore likely that a fire would start outside the room and burn in than vice versa. Once the pressure boundary of the machine room is breached gaseous extinguishant is useless.
I've kept the CO2 system, but our safety people are close to arguing that our chances of killing people by accident are greater than the chances of improved fire safety. Far better to spend money and resource on fire prevention.
The Ardman example (and a few years ago the fire than hit that art warehouse) are also hard, because large, open storage areas are impossible to pressurise and water would be almost as destructive as fire.
In practice, IT operations are less likely to burn and more likely to be backed up than other parts of businesses. Look instead at paper financial records, at test fixtures in factories, at lab areas in development operations, at patch frames (you know where every patch in your 1000-employee building goes, right?)
The "Harmonic Protector" (ref) did not register any activity using an "orgone meter" (ref). However, a reading taken using a sophisticated software package known as "Life Assessment" technology (ref), which is designed to analyze the balance of energies in the meridians, indicated a modest beneficial effect from this HP when it is interacting with a human body. (Ref)
Since when did Slashdot become home to new age nutcases? Orgone Accumulators make great songs for Hawkwind and Kate Bush, but as physics it's not a basis for anything other than providing something to laugh at.
It's one of the most impressive pieces of WW2 technology, along with all the other pieces of impressive WW2 technology. Oboe caused a re-assessment of the distance between England and France, and delivered precision that was only really available again with GPS. http://www.radarpages.co.uk/mob/navaids/oboe/oboe1 .htm has more details, but the accuracy compares well with SA'd GPS, and isn't that much worse than using just one of the GPS frequencies.
So far, it's killed of the order of 100 people with a target population of two billion (yep, billion). So two things occur to me. Firstly, if a tenth of the effort that appears to have gone into avian flu had gone into TB, Cholera, Typhoid and Malaria over the past few months, a lot more than a hundred people would have been saved. I won't even start on the numbers who died from AIDS because US Christians have a thing about condoms (which handily kills a lot of blacks: two bigotries for the price of one).
However, given there's almost no evidence, and numbers like 50 thousand to 1 million in the UK alone are being bandied around, I wonder what Ladbrokes would take on spread bets? My prediction: based on the BSE ``scientists talk nonsense to secure research funding'' debacle, the actual deaths will be about 1% of the lowest estimate.
I confess I've not thought this through in detail:-)
However, certification of medics excludes random hobbyists from doing cancer treatment from their back yard. That has both a social cost and a social benefit. It's perhaps possible to define classes of software which would require and not require high degrees of certification, but today the stuff that causes the pain is often running on consumer machines.
Consider professions that are taken seriously, and are in no danger of being off-shored anytime soon. Solicitors. Accountants. Doctors. All of them take personal responsibility for their actions (and before anyone shouts `Enron', note the senior people heading for jail) and those sanctions are routinely enforced. Even without criminal action, practicing certificates (or your local equivalent) are routinely removed. You can point out that they aren't always removed when they should be, but only a fool would claim there is no risk of sanction against professionals who misbehave.
Note also that it's illegal to practice as a doctor, solicitor, accountant and so on without appropriate documentation (your local examples may vary, but I can't think of many countries where you can set up as a doctor without a recognised qualification).
If the law simply said that software products much be tracable to a company with more than X% (for X>80) software developers who are certified, and that the certification must be in a territory where the sanctions are credible, you'll see off-shoring end. Grandfather in existing developers and you're all sorted.
It's outrageous that we, as practitioners, believe that software cannot be written properly.
One of the several reasons I stopped buying `Wired', which I'd had since the first issue (quite cool for a UK resident, eh?) was that I couldn't
spot the difference between the content and the adverts, and I didn't care enough about the content to try. Sure, the latter is the real problem, but absent the adverts I might have held on a little longer. By contrast, the adverts in `The New Yorker' are mostly at the front,
in the listings section which (as a UK resident) I don't usually read, while the stuff on the editoral pages is interesting, cute and part of
the look of the whole thing.
Web pages the same: I block adverts mostly because they're hideous. On sites where they aren't, I leave them,
and sometimes even use them (Google, for example).
There are tales on/. once in a while of US junk phone callers who, even though they know they're not doing much other than annoy
people who will now never become customers, keep calling because they can. It seems the same is true of dim web advertisers: seeing
a flashy (ho ho) campaign fail, they assume that being flashier is the only way to go. It's also like shops with intimidating loud music that
repels people who have money while attracting losers who don't: their response to falling sales is to turn the music up.
Rubbish. The difference is that the barcode on one can of coke is precisely the same as that on another can of coke. RFID
tags will identify individual cans of coke, and do so from a distance, rather than simply saying ``this is a can of coke'' from
very close range. I'm fairly sanguine about the risks, but I'm not naive enough to believe that it isn't a new risk.
Slashdot Mirror
Well, looky-here: http://news.bbc.co.uk/2/hi/health/3072021.stm
ian
ian
ian
Why is that so many Americans can't take responsibility for their own lives? They're quick to mouth off about socialist Europe, but then want solutions imposed by the government to problems that you're perfectly capable of solving yourselves. If you want to protect your children from X, protect your children from X.
And before someone comes along with `` you'd understand if you were a parent'', I am a parent. Of two children.
ian
ian
-
Balfour Beatty were charged with Corporate Manslaughter over Hatfield. http://news.bbc.co.uk/1/hi/uk/4225877.stm
-
Barrow Council was charged with Corporate Manslaughter after a legionaires disease incident http://news.bbc.co.uk/1/hi/england/cumbria/447357
3 .stm
-
And I presume the law is on the statute books just for decoration. http://www.cps.gov.uk/legal/section5/chapter_b.ht
m l
Yes, there are lots of problems with the laws on Corporate Manslaughter, and I don't believe many prosecutions have succeeded. The standard of responsibility in the Health and Safety at Work act is high (I think you have to show reckless disregard or similar, which is very hard), and there's a lot of discussion about changing it. I can't remember the outcome of the most obvious case, which was the Herald of Free Enterprise disaster. But I suspect that the poster I'm replying to thinks ``history of the world'' means ``history of the USA''. I don't know enough about US law to comment on that.ian
The case was eventually settled out of court, and I don't think this avenue was ever closed down. It's possible, therefore, that if a particular producer became notorious for producing stuff that had copyright or libel issues, retailers might need to run a test case through to see if they escape vicarious liability. I doubt this applies in this case (although if Sony did this a few times it might), and I'd be happy for a lawyer to tell me there's a governing case since the mid-seventies.
On the other hand, the government has made it clear to people involved in RoHS (Reducation of Hazardous Substances --- for example lead) that just waving a certificate from your supplier saying they're lead free doesn't absolve you of responsibility. You're supposed to do a risk assessment of how likely it is that they're lying, and proceed accordingly. So if you're buying components from two blokes in a lockup in Walthamstowe, you're expected to apply more care, and do more testing, than if you're getting them from a major distributor. So in that case, it could be argued that if Sony buy stuff from a small company, they should perform more due diligence than if they were buying it from Microsoft.
Tricky, isn't it?
Footnote. James Goldsmith (whom younger readers will remember from the Referendum Party debacle, when he ran against David Mellor in 1997) sued Private Eye, published by Pressdram Ltd, in the mid-70s. The issue was a series of stories that alleged, in essence, that he had been involved in the hounding to death of a young man (Dominic Elwes, from memory) and in a conspiracy to conceal Lord Lucan (alive or dead, I can't remember). It escalated to criminal libel charges, but eventually --- when the toxic publicity got in the way of his political and publishing ambitions --- it was settled out of court.
Broadly Goldsmith was reduced to a figure of fun, and certainly the allegations reached a wider audience than had he shut up about it. In those days newspapers were far more reluctant to print allegations about the rich and famous than they are today, so the Eye's stories only really made it out to its (then far smaller) readership. But the case nearly broke Richard Ingrams, the then editor of the Eye. His successor, Ian Hislop, fought some monumental libel battles, particularly that with Sonia Sutcliffe, but none had the focussed venom of Goldsmith.
At a tangent from a tangent, Goldsmith's knighthood, in the infamous Wilson resignation (dis)honours list (aka The Lavender List, from the paper Wilson's secretary / advisor / alleged lover Marcia Falkender is supposed to have written it on) was for services to ecology and export. But his brother is/was the ecologist and his companies at the time weren't really exporters from the UK.
The suggestion has been made that it was a private joke with Wilson, or more particularly with Falkender, who had some connections with Goldsmith's set. In this interpretation, ecology was ``cleaning up'' Private Eye (which had gunned for Wislon and Falkender, particularly over The Slagheap Affair, the details of which escape me at this distance) and export was the export of Lord Lucan.
It would be nice, now that all the parties are dead, for the truth to emerge. But now all the parties are dead, no one really cares enough.
That's a long ramble, isn't it?
ian
Criminals will have a far higher chance of driving cars that are on false plates, or aren't theirs, or which are registered to fictitious addresses, or are stolen. It's like the congestion charge: it's a tax on the middle classes, because the methods and consequences of evasion have the wrong risk/reward profile for them.
ian
TAI is the ticking of the atomic clocks.
UTC is TAI plus an integer offset to keep it within a second of UT1.
Leap seconds are when that integer offset is changed. They can in principle be double, or negative, or double negative. There has never been a negative leap second, but that doesn't mean they're not possible.
You can get the full details from http://en.wikipedia.org/wiki/Universal_Time or http://www.cv.nrao.edu/~rfisher/Ephemerides/times. html
There was a bill in front of the UK Parliament when the Major government fell, which hasn't been re-introduced by the Blair government, to change UK `legal' time from GMT to UTC. In practice, UK legal time _is_ UTC simply because getting hold of UT1 is almost impossible. MSF and DCF77 (the UK and German equivalents of WWV)transmit UTC, and almost everyone uses either those or GPS. If, say, BT wanted to switch between peak and low rate charging at 1800 GMT, I have no idea where they'd obtain a reference from. So they use UTC (I know, because I've helped sort out NTP from MSF and GPS references for kit in the BT network).
ian
I take it you object to, and try to avoid, adverts in newspapers and magazines? The same argument applies: you've paid for the publication, so why should you look at adverts?
ian
ian
I've been writing C on and off for twenty years, and I'm worried by the phrase ``the answer''. It'll crash and burn because the uninitialised pointed s is going to point into unallocated memory. But no-one should be using gets in the first place, even if they have initalised the space, because it doesn't make any checks on the memory it has available to it.
But if the point is to show how exploits are written, it's not a terribly good example. My understanding is that the menance for stack smashing is not this mistake:
char *s = malloc (100);
gets (s);
but this
char s[100];
gets (s);
The critical difference is that in the latter case, the buffer exists on the stack, so a later user of it can overrun it and mangle the frame pointer. I'm not an elite hacker dude, so I may be wrong here.
ian
For many years, the US has held a lead in technology, science and business. A lot of that was down to a high-quality educational system, one which many of us outside the USA admired. Now you're fucking it up, but government fiat. Sad for you. Good for my children.
ian
ian
Triple DES is only 113 (not 112) bits if you have sufficient resources to perform a meet-in-the-middle attack. And that's assuming you have a known block of plaintext, or can spot a correct decryption from one block, which is quite a leap. To perform a meet-in-the-middle attack on DES you need to be able to store 2^56 eight-byte blocks, or 2^59 bytes. A petabyte is 2^50, so you'd need of the order of 500PBytes of storage (and the time to actually fill it) in order to do a M-i-t-M attack.
That's plausible for very special requirements, but I can't see it being used on any sort of regular basis.
ian
But the whole idea of machine rooms as dangerous fire sources dates back to valves, three-phase and lots of paper dust. Mine is in the middle of a mixed office/manufacturing complex, and it's far mkore likely that a fire would start outside the room and burn in than vice versa. Once the pressure boundary of the machine room is breached gaseous extinguishant is useless.
I've kept the CO2 system, but our safety people are close to arguing that our chances of killing people by accident are greater than the chances of improved fire safety. Far better to spend money and resource on fire prevention.
The Ardman example (and a few years ago the fire than hit that art warehouse) are also hard, because large, open storage areas are impossible to pressurise and water would be almost as destructive as fire.
In practice, IT operations are less likely to burn and more likely to be backed up than other parts of businesses. Look instead at paper financial records, at test fixtures in factories, at lab areas in development operations, at patch frames (you know where every patch in your 1000-employee building goes, right?)
ian
Since when did Slashdot become home to new age nutcases? Orgone Accumulators make great songs for Hawkwind and Kate Bush, but as physics it's not a basis for anything other than providing something to laugh at.
ian
ian
However, given there's almost no evidence, and numbers like 50 thousand to 1 million in the UK alone are being bandied around, I wonder what Ladbrokes would take on spread bets? My prediction: based on the BSE ``scientists talk nonsense to secure research funding'' debacle, the actual deaths will be about 1% of the lowest estimate.
ian
However, certification of medics excludes random hobbyists from doing cancer treatment from their back yard. That has both a social cost and a social benefit. It's perhaps possible to define classes of software which would require and not require high degrees of certification, but today the stuff that causes the pain is often running on consumer machines.
ian
Note also that it's illegal to practice as a doctor, solicitor, accountant and so on without appropriate documentation (your local examples may vary, but I can't think of many countries where you can set up as a doctor without a recognised qualification).
If the law simply said that software products much be tracable to a company with more than X% (for X>80) software developers who are certified, and that the certification must be in a territory where the sanctions are credible, you'll see off-shoring end. Grandfather in existing developers and you're all sorted.
It's outrageous that we, as practitioners, believe that software cannot be written properly.
ian
I'm struggling to understand the demographic that would seek relationship advice from slashdot.
ian
Web pages the same: I block adverts mostly because they're hideous. On sites where they aren't, I leave them, and sometimes even use them (Google, for example).
There are tales on /. once in a while of US junk phone callers who, even though they know they're not doing much other than annoy
people who will now never become customers, keep calling because they can. It seems the same is true of dim web advertisers: seeing
a flashy (ho ho) campaign fail, they assume that being flashier is the only way to go. It's also like shops with intimidating loud music that
repels people who have money while attracting losers who don't: their response to falling sales is to turn the music up.
ian
ian