Not a single one of them has a personal box with more than one CPU.
I can think of a very "sneaky" reason why. Dual processors tend to make response time much less dependent on system load. For a server, consistent response can easily be more important than the average response. It's predictable. For a developer on his own machine, this benefit only serves to mask variations that are important to the developer.
Since this is Slashdot, the antecedent of "us" is Slashdot posters, some but not all of which are related to the F/OSS movement. Despite anyone's wishes, Slashdot is not "owned" by the F/OSS movement and any such attempt at tyranny by the minority will be resisted. Similarly it would be erroneous to assume that Slashdot postings are representative of any particular agenda. There's a large variety of opinions here, some of 'em even make sense.
Bombarding the user with incorrect, jargony warnings rarely improves security. It also leads to "dialog fatigue", which reduces security in the long run.
Right. Compilers should only give the unambiguous "Syntax Error" with no indication of what or where. Sheesh!
Dialog fatigue. Just click yes, particularly when there is no clue as to what you are agreeing with.
'Should $file.pdf be opened with the Adobe Acrobat plugin? [always] [always for this site] [just this once] [no] [never for this site] [never]' Jargon: "be opened with", "the Adobe Acrobat plugin", $file, depending on how temporaries are named. While the user is not expected to understand all the nuances, the fact that such things do have names and the user is allowed to see those names is totally opposite to the use of jargon to obfuscate meaning.
Some of us are old farts, and some of us still use Microsoft Windows, and some of us get so infuriated that we have to do something. Slashdot does have a pro-Linux/BSD bias, but for Linux/BSD users there are presumably better resources. For us old Windows users, Slashdot is an essential resource.
A false sense of security is probably the worst security failure. If it looks unsafe, you take appropriate measures. If it looks safe, you get blindsided.
So, truly the bug lies in Windows. Why this point isn't getting more press, I am not sure, but it really should.
Same old same old. If this were the only such or the last such in Windows, it would get a lot more attention. It's too much like identifying viruses and worms in email just by the subject line. Mozilla is much more likely to close off a class of bugs rather than just catch a few individuals.
Obviously a much-needed index was added during the migration...
Obviously. The migration is from where the obvious isn't to where the obvious is.
The obvious is obvious once you see it. It is not equivalent to easy.
"With enough eyes all bugs are shallow" If the right set of eyes looks at it just right, the bug is obvious. You will be able to immediately spot obvious bugs I make that I cannot see.
I'm sorry, but if it takes 24 days to get past the name calling when confronted with a security flaw deemed major, OSS doesn't stand a chance.
There will be differences of opinion. It can be even worse to rush into fixing the wrong problems prematurely than just ignoring them if they don't seem to be doing any harm.
That said, it seems that this, and its exploit potential, has been "known" for quite some time, with a fair chance that some black hats are a bit annoyed that some of their repetoire has been exposed. Apparently Microsoft was also displeased. "We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests, by helping to ensure that customers receive comprehensive, high-quality patches for security vulnerabilities with no exposure to malicious attackers while the update is being developed" [Emphasis added]
But at least don't be a hypocrite like half the people here and say that sp2 "doesn't count" until it reaches final release form, while firefox "counts" even though it's also in pre-release form
Well, when Microsoft can do the equivalent of: Run old version. Install new version. Run new version. Decide you don't like it and reinstall old version.
It's not a level playing field. Half-baked open source "counts" whereas Microsoft's "almost" doesn't. Works like the beta of alpha-beta statistical errors.
At full volume, everything should be linear. At reduced volume, as in a living room or for background music, the non-linearities come into play. Basically, the low and high frequencies are not cut as much so that the whole thing seems to keep the same balance.
As a bass singing a low B-flat, everything is marked ppp but you're giving it all you've got because otherwise you won't even be heard.
in retrospect, it's hard, you know, to make something that makes a stupid person feel smart
Hmmmm, methinks that explains a lot of things. I can set something up on Microsoft Windows, feel very comfortable about it, but it never seems to work quite right. I can set something up on Linux, start feeling very uncomfortable about what I don't know, but slap a few things around and somehow it seems to work out better than I know how to set it up. Linux taking more skill than Windows is a myth, perpetuated in part by those who have taken the trouble to actually learn something about it.
That's why MS doesn't ever want to fully comply with standards.
This works so long as the presumption is that Microsoft is correct. After that presumption wears thin and in a free market, those same gratuitous incompatibilities would better be described as sabatoge. For the long-suffering consumer, at some point the balance shifts, and the shift is from Everything Microsoft to Anything But Microsoft.
Now all we need is a concise cost/benefit analysis.
Life versus death?
What you want out of backups and backup systems isn't so much that they are as good as or better than the primary systems, but that they are as independent as possible. Backing up OpenBSD to Windows 95 is not as stupid as it looks.
A short time later, the shutdown command was re-fitted to ask for the password - which throughout the site was changed to contain the name of the server.
That's one of the best arguments I've seen against single signon.
"I still think being able to say 'So-and-so got *exactly* 8,192 votes' is much better than 'So-and-so got 8,200 votes with a 95% confidance interval with a radius of 10', even if the next runner up is obviously behind."
The election is not a poll or a simulation. Expecially when it is close, the election must give out an exact count which determines the winner. Society can manage to live with innacuracies or rigged or fraudulent elections. Society cannot live with elections that aren't elections. It's a lot like the umpire who answered Yogi Berra, "It isn't anything until I call it."
That said, any amount of razzle-dazzle can only serve to make the results suspect. The entire process needs to be public, open, and subject to scrutiny by anyone who happens to show an interest.
Oh for gods sake, what is it with coders and graphics?
Oh I like graphics, I even like Rococco, but I don't like stuff that comes off as the stereotype of the wardrobe of a used car salesman. It's nothing new. The French Revolution had Les Incroyables, bad enough for a complaint from a Havana newspaper in 1791 that "the dresses and ornaments meant to distinguish conditions now serve to confuse them."
I hope he never takes a "clue" from either of them.
They loaded fast for me, but I gotta agree with you. There might have been something worthwhile on one of them, but too much junk on them to wade through to make it worth the effort.
Slashdot Mirror
Just a little too rude
Extreme rudeness called for IMNSHO.
No personal insult should be perceived as given or received.
Countdown.
Melissa was #1.
This is #2.
Ever had code that worked under a debugger but failed when the debugging stuff was removed?
....
Now if you take advantage of code with that kind of characteristic,
Microsoft makes all its compilers available for free
That's a Microsoft "all".
Not a single one of them has a personal box with more than one CPU.
I can think of a very "sneaky" reason why. Dual processors tend to make response time much less dependent on system load. For a server, consistent response can easily be more important than the average response. It's predictable. For a developer on his own machine, this benefit only serves to mask variations that are important to the developer.
Phrased like that I agree completely.
Since this is Slashdot, the antecedent of "us" is Slashdot posters, some but not all of which are related to the F/OSS movement. Despite anyone's wishes, Slashdot is not "owned" by the F/OSS movement and any such attempt at tyranny by the minority will be resisted. Similarly it would be erroneous to assume that Slashdot postings are representative of any particular agenda. There's a large variety of opinions here, some of 'em even make sense.
Bombarding the user with incorrect, jargony warnings rarely improves security. It also leads to "dialog fatigue", which reduces security in the long run.
Right. Compilers should only give the unambiguous "Syntax Error" with no indication of what or where. Sheesh!
Dialog fatigue. Just click yes, particularly when there is no clue as to what you are agreeing with.
'Should $file.pdf be opened with the Adobe Acrobat plugin? [always] [always for this site] [just this once] [no] [never for this site] [never]'
Jargon: "be opened with", "the Adobe Acrobat plugin", $file, depending on how temporaries are named. While the user is not expected to understand all the nuances, the fact that such things do have names and the user is allowed to see those names is totally opposite to the use of jargon to obfuscate meaning.
MS could have listened to people and implemented a lot of these things years ago.
And didn't.
Who is this "us" you speak of?
Some of us are old farts, and some of us still use Microsoft Windows, and some of us get so infuriated that we have to do something. Slashdot does have a pro-Linux/BSD bias, but for Linux/BSD users there are presumably better resources. For us old Windows users, Slashdot is an essential resource.
Are you serious?
A false sense of security is probably the worst security failure.
If it looks unsafe, you take appropriate measures.
If it looks safe, you get blindsided.
So, truly the bug lies in Windows. Why this point isn't getting more press, I am not sure, but it really should.
Same old same old.
If this were the only such or the last such in Windows, it would get a lot more attention. It's too much like identifying viruses and worms in email just by the subject line. Mozilla is much more likely to close off a class of bugs rather than just catch a few individuals.
Obviously a much-needed index was added during the migration...
Obviously.
The migration is from where the obvious isn't to where the obvious is.
The obvious is obvious once you see it. It is not equivalent to easy.
"With enough eyes all bugs are shallow"
If the right set of eyes looks at it just right, the bug is obvious.
You will be able to immediately spot obvious bugs I make that I cannot see.
I'm sorry, but if it takes 24 days to get past the name calling when confronted with a security flaw deemed major, OSS doesn't stand a chance.
There will be differences of opinion. It can be even worse to rush into fixing the wrong problems prematurely than just ignoring them if they don't seem to be doing any harm.
That said, it seems that this, and its exploit potential, has been "known" for quite some time, with a fair chance that some black hats are a bit annoyed that some of their repetoire has been exposed. Apparently Microsoft was also displeased.
"We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests, by helping to ensure that customers receive comprehensive, high-quality patches for security vulnerabilities with no exposure to malicious attackers while the update is being developed" [Emphasis added]
No exposure?
But at least don't be a hypocrite like half the people here and say that sp2 "doesn't count" until it reaches final release form, while firefox "counts" even though it's also in pre-release form
Well, when Microsoft can do the equivalent of:
Run old version.
Install new version.
Run new version.
Decide you don't like it and reinstall old version.
It's not a level playing field. Half-baked open source "counts" whereas Microsoft's "almost" doesn't. Works like the beta of alpha-beta statistical errors.
but this loudness thing always puzzled me
At full volume, everything should be linear.
At reduced volume, as in a living room or for background music, the non-linearities come into play. Basically, the low and high frequencies are not cut as much so that the whole thing seems to keep the same balance.
As a bass singing a low B-flat, everything is marked ppp but you're giving it all you've got because otherwise you won't even be heard.
one open source developer has the potential to put hundreds of developers out of work.
They're good [open source developers], but I don't think the're that good.
in retrospect, it's hard, you know, to make something that makes a stupid person feel smart
Hmmmm, methinks that explains a lot of things.
I can set something up on Microsoft Windows, feel very comfortable about it, but it never seems to work quite right.
I can set something up on Linux, start feeling very uncomfortable about what I don't know, but slap a few things around and somehow it seems to work out better than I know how to set it up.
Linux taking more skill than Windows is a myth, perpetuated in part by those who have taken the trouble to actually learn something about it.
It simply isn't fair to blame Microsoft for the ignorance of their users.
Who else would you blame?
That's why MS doesn't ever want to fully comply with standards.
This works so long as the presumption is that Microsoft is correct. After that presumption wears thin and in a free market, those same gratuitous incompatibilities would better be described as sabatoge. For the long-suffering consumer, at some point the balance shifts, and the shift is from Everything Microsoft to Anything But Microsoft.
Now all we need is a concise cost/benefit analysis.
Life versus death?
What you want out of backups and backup systems isn't so much that they are as good as or better than the primary systems, but that they are as independent as possible. Backing up OpenBSD to Windows 95 is not as stupid as it looks.
A short time later, the shutdown command was re-fitted to ask for the password - which throughout the site was changed to contain the name of the server.
That's one of the best arguments I've seen against single signon.
"I still think being able to say 'So-and-so got *exactly* 8,192 votes' is much better than 'So-and-so got 8,200 votes with a 95% confidance interval with a radius of 10', even if the next runner up is obviously behind."
The election is not a poll or a simulation. Expecially when it is close, the election must give out an exact count which determines the winner. Society can manage to live with innacuracies or rigged or fraudulent elections. Society cannot live with elections that aren't elections. It's a lot like the umpire who answered Yogi Berra, "It isn't anything until I call it."
That said, any amount of razzle-dazzle can only serve to make the results suspect. The entire process needs to be public, open, and subject to scrutiny by anyone who happens to show an interest.
"But it is from someone I know, how could it be dangerous?"
If I'm going to send out something bad, I'm not going to put my name on it. I'm going to put your name on it.
Oh for gods sake, what is it with coders and graphics?
Oh I like graphics, I even like Rococco, but I don't like stuff that comes off as the stereotype of the wardrobe of a used car salesman. It's nothing new. The French Revolution had Les Incroyables, bad enough for a complaint from a Havana newspaper in 1791 that "the dresses and ornaments meant to distinguish conditions now serve to confuse them."
I hope he never takes a "clue" from either of them.
They loaded fast for me, but I gotta agree with you.
There might have been something worthwhile on one of them, but too much junk on them to wade through to make it worth the effort.