Maybe there is no deliberate intent to discredit Zero Knowledge, but why should Windows/Intel users have to buy another piece of software to protect themselves from a potential security problem in the processor?
As a side note -- how long until someone comes up with a similar piece of code that IS malicious and is NOT publicly announced?
I see this as an unfortunate example of corporate cost/benefit analysis. It's too expensive to go back and fix the security problem or remove the ID altogether. Just declare the code which exploits it as potentially mailicous, then partner with a software company to develop protection against it. It's a win-win for everyone except the customer, who ends up gouged.
Everyone (including Intel, I'm sure) knows that the Right Thing is to fix the problem and release PIIIv2, but that's expensive and it's bad PR to admit a problem (everyone will want a free replacement).
Maybe my expectations are too high, but stuff like this makes the "Ralph Nader" in me a little angry.
It is disturbing how some companies react to people who find flaws in their product.
Remember the Internet Exploder control? It was an ActiveX component which, when loaded with a web page, would count down ten seconds and shut down a Windows computer. The creator did it for the sole purpose of demonstrating potential security dangers with ActiveX.
Microsoft and Verisign threatened the guy with court action for obtaining a Verisign certificate under false pretenses. Never mind that part of his demonstration was just how easy it is to obtain such a certificate.
Now Intel has declared Zero-Knowledge's little demo to be a virus or trojan. Apparently, the goal is to discredit them. The worst part is that I think just about everyone saw it coming before they even got to "Intel's response" part of the article.
Here's the obvious part of my comment -- this tactic is pretty foreign to the Free Software community. It seems that most security problems with Free operating systems are received with, "thank you," and then they are FIXED. If you actually write a program which demonstrates the problem, you're a hero. No one attacks your credibility or motives. In fact, you are likely to GAIN credibility.
Of course, by posting this here I'm pretty much preaching to the choir.:)
Yours is painted beige? In my day we just had unpainted sheet metal and we were darn happy to have THAT.
And I could tell you some stories of my days as a young programmer when we would hand-carve keycaps out of hickory from trees we had chopped down ourselves. Back in those days, keyboards weren't disposable chunks of plastic you could buy for $20. You made your keyboard yourself and it lasted you for LIFE. And if the keys gave you splinters, you GOT USED TO IT.
Um, I think the new Macs are cool and everything but --
Have you ever tried to set a CD jewel case or a cup of coffee on top of a computer with, "smooth, flowing curves"? I HATE smooth, flowing curves. I want "flat, usable space".
I get very excited when I think about Linux having the ability to do the sort of distributed application tasks that Java 2 promises.
Currently, NT, COM/COM+/DCOM, and MTS are ruling the roost in this field, but I think it can be done better and businesses love to have alternatives anyway.
I know Sun is providing limited assistance to Blackdown in order to make Java work on Linux. IMHO, they have very little to lose in getting as much Java stuff running on Linux as possible. Solaris and Linux don't exactly target the same market (SCO is a different matter, hee hee). My personal experience has been that Linux makes a great platform for Java development.
Companies talk a lot about "mindshare". Tier-1 support for Java on Linux would be a great way to win some.
Grab yer keyboards and run for the hills, boys and girls, it's the start of YET ANOTHER SLASHDOT GUN CONTROL THREAD (YA/.GCT)(TM)!
What to expect: -Arguments about the meaning and validity of the 2nd Amendment -"NRA sucks" / "Handgun Control Inc. sucks" / "Charleton Heston sucks" / "Rosie O'Donnell sucks" -Statistics about countries other than the U.S. which have different laws and cultures -Smart-ass replies like this one
I have one thing to say, and I can't say it loudly enough:
The talents and values which are rewarded in high school have NOTHING to do with the real world.
HIGH SCHOOL IS NOT THE REAL WORLD!
I get up every morning to go to my over-paying job GLAD that I made it through without killing myself. Eveyone I know who is happy as an adult HATED high school.
HIGH SCHOOL IS NOT THE REAL WORLD!
If you're an outcast in high school, it's probably because you have values more meaningful than sneaking beer and attending pep rallies. I'm sorry it sucks, we "adults" aren't doing a very good job making it better.
People used to tell me it gets better after you get out. They were wrong. It gets fscking GREAT after you get out.
I can't imagine why adults are fascinated with high school. Every day I put between that place and myself is an improvement.
HIGH SCHOOL IS NOT THE REAL WORLD! DON'T TAKE IT TOO SERIOUSLY!
Hope this helps.
Couldn't get past first page
on
ZD on Red Hat
·
· Score: 1
You know, I'm getting sick of articles on tech companies that start by describing how rebellious and noncomformist those companies are. How many more articles can you read about companies run by "twentysomethings" who roller-blade or mountain-bike into work around noon and spend the whole day playing video games and drinking jolt?
Nothing against Red Hat, just wish some of these clowns would write an article minus the "hip software culture" cliches.
I know you're trolling and I should probably ignore your post, but I'm just LOOKING for an excuse right now to talk about the poor design of IIS.
Let's talk what a bad idea it is to allow user programs (ISAPI extensions and COM objects) to run in the same process space as the webserver. When the object chokes, it takes inetinfo.exe down with it -- nice. Good luck getting IIS to restart successfully without rebooting. Let's talk about the limitations of trying to run multiple (200+) threads in a single process in the first place.
"So forget ISAPI and that stuff. Just write CGIs." Wrong again. Let's talk about the overhead of loading a new process in NT. Let's talk about how SLOW it makes your server. Let's talk about the fact that Microsoft's own tech notes say not to do this. They suggest using ISAPI and COM objects which brings you right back around to the first problem.
I think ISAPI, ASP, and COM are very cool, but their implementation in IIS is practically begging for an excuse to crash the webserver.
"No, dammit, you DON'T HAVE TO REBOOT. Take your hand off the power switch. I know it's hard to accept, but it's true. Just trust me. Seriously, leave it up. Don't reboot it. It's fine. No, you won't have to reboot it tomorrow. It'll stay up. I promise. Don't worry about the blue screen. Eveything's going to be all right...."
I live in a fairly well-to-do part of town and it seems like so many parents here are more interested in having that client dinner, working over to finish that project so they can get the bonus, etc. than in spending some time with their kids.
I am so tired of the "raising children is hard today" lines. It has always been hard. It will probably always be hard. If you are going to choose to be a parent, realize that weakness is NOT AN OPTION. You have no choice but to suck it up and do it right. The alternative can be what we're seeing in Littleton.
Your comments raised my opinion of today's parents by several points. Thank you.
I think that's the first time I've ever seen a "503 -- Server Too Busy" page that specifically mentions the slashdot effect.
"...this server is experiencing a peak load, probably due to the/. effect...."
Can we get that shipped as a default 503 page in Apache? It'd make Rob a legend!:)
"503 -- Server slashdotted. Please contact the site administrator and advise him to take this site off the quad-Xeon and put it on something more suitable -- like a 486."
I don't have a whole lot of experience with Suns and I have zero experience paying for them, but....
When I read the report, the first thing question that popped into my head was, "If I had the money to by a quad-Xeon Intel, why would I? Wouldn't it be smarter to put the money into a Sun?"
It seems to me that quad-Xeons are getting into the upper range of Intel-based machines. Why not go for a mid-range (low-end?) Sparc-based system. I'm sure Solaris would spank NT in uptime (and probably speed), and I would have the ability to scale up even further if necessary.
SMB would be a non-issue to me. I would just use an NFS client on the NT workstations (I've done this before).
I'm thinking more in terms of a real-world "Here is your budget. Get the best you can afford" situation. I'm a missing something here?
"JavaScript, which is unrelated to Sun Microsystems' Java programming language...."
Kudos to news.com for including that. I run into way too many people who confuse Javascript with Java.
The name "Javascript" was coined as a marketing tool to allow a scripting language (originally "liveconnect"?) to ride on the coattails of the Java programming language. Unfortunately, IMHO, the association has harmed the Java programming language.
I don't mean to suggest that I know more than the justices of the Supreme Court but, in my opinion, their interpretations have become part of the problem.
The Constitution is actually a pretty easy read and I happen to believe it means exactly what it says. This business of "interpreting" and "finding the intent" has turned into a tool for politicians, justices, and citizens with political agendas.
Too many people read the Constitution the way they read the Bible -- as a collection of parables that they interpret individually. The Constitution is a very literal document. Why is it so hard to take its words at face value?
We can and should amend the Constitution if something doesn't work anymore. That's too much work, though, so we simply "interpret" it differently. In the long run, this only devalues it and, by association, our rights as citizens.
BTW -- Thanks for your response. You can tell I LOVE talking about this stuff.
Sorry, I respectfully disagree. The Second Amendment uses the words, "...the right of the people to keep and bear arms...".
The Constitution is not shy about referring to, "the States," when it needs to. The Bill of Rights was designed to protect the rights of citizens.
When the Bill of Rights was itself being debated, the argument against it was that it would be impossible to enumerate all of the rights of people and that doing so would lead to rights being denied because they were not explicitly listed in the Constitution.
The Tenth Amendment was supposed to prevent that, but we pretty much ignore it. The Tenth also illustrates my point -- it treats "the people" and "the states" as two seperate entities.
BTW -- I know I'm participating too much here. I don't think slashdot was intended to be a constitutional debate forum.:)
"If the amending parties could see the damage done..."
I've heard this basic argument many times. It is always a tool by which someone projects their own beliefs onto the writers of the Constitution.
The simple fact is, if they came back today to do it all over, we don't know WHAT they would do. Did they really intend the First Amendment to protect pornography? Would the Second Amendment have been worded the same way? Would the Third Amendment (quartering soldiers in private homes in peacetime) even exist?
Would an explicit Constitutional guarantee of privacy be added? Would protection against abuses by tax collectors be added?
The last two hundred years have been an interesting experiment in INTERPRETING the Constitution, not necessarily following it. If you actually study the history and people behind the Constitution, you'll find that we've already thrown out or choose to ignore a lot of it.
Everyone seems to have their impression of what the framers intended. It's funny how these impressions usually match their opinions of how government should work.
Sorry -- I have my tongue in my cheek when I say, "world domination." Of course I agree that choice is what's really good (and "choice" doesn't mean "choice of Linux distributions").
Slashdot Mirror
Maybe there is no deliberate intent to discredit Zero Knowledge, but why should Windows/Intel users have to buy another piece of software to protect themselves from a potential security problem in the processor?
As a side note -- how long until someone comes up with a similar piece of code that IS malicious and is NOT publicly announced?
I see this as an unfortunate example of corporate cost/benefit analysis. It's too expensive to go back and fix the security problem or remove the ID altogether. Just declare the code which exploits it as potentially mailicous, then partner with a software company to develop protection against it. It's a win-win for everyone except the customer, who ends up gouged.
Everyone (including Intel, I'm sure) knows that the Right Thing is to fix the problem and release PIIIv2, but that's expensive and it's bad PR to admit a problem (everyone will want a free replacement).
Maybe my expectations are too high, but stuff like this makes the "Ralph Nader" in me a little angry.
It is disturbing how some companies react to people who find flaws in their product.
:)
Remember the Internet Exploder control? It was an ActiveX component which, when loaded with a web page, would count down ten seconds and shut down a Windows computer. The creator did it for the sole purpose of demonstrating potential security dangers with ActiveX.
Microsoft and Verisign threatened the guy with court action for obtaining a Verisign certificate under false pretenses. Never mind that part of his demonstration was just how easy it is to obtain such a certificate.
Now Intel has declared Zero-Knowledge's little demo to be a virus or trojan. Apparently, the goal is to discredit them. The worst part is that I think just about everyone saw it coming before they even got to "Intel's response" part of the article.
Here's the obvious part of my comment -- this tactic is pretty foreign to the Free Software community. It seems that most security problems with Free operating systems are received with, "thank you," and then they are FIXED. If you actually write a program which demonstrates the problem, you're a hero. No one attacks your credibility or motives. In fact, you are likely to GAIN credibility.
Of course, by posting this here I'm pretty much preaching to the choir.
Legend has it that an ISP in my area had a networked HP printer and really weak security.
:)
They came in one morning to find ~600 pages of 36-point boldface "Your ISP Sucks"
...just wanted to share that with the class.
Yours is painted beige? In my day we just had unpainted sheet metal and we were darn happy to have THAT.
And I could tell you some stories of my days as a young programmer when we would hand-carve keycaps out of hickory from trees we had chopped down ourselves. Back in those days, keyboards weren't disposable chunks of plastic you could buy for $20. You made your keyboard yourself and it lasted you for LIFE. And if the keys gave you splinters, you GOT USED TO IT.
Whoops, time for my medication.
Sorry. I couldn't help it. :P
Um, I think the new Macs are cool and everything but --
:)
Have you ever tried to set a CD jewel case or a cup of coffee on top of a computer with, "smooth, flowing curves"? I HATE smooth, flowing curves. I want "flat, usable space".
BTW -- don't take this too seriously.
...but it's all "cc" to me :)
There's a (bad) country/western song in there somewhere.
Can you hear me, Major Tom?
:) */
/* Come on, admit it, you were thinking the same thing.
CEO of satellite company -- "See? THAT'S why we can't have nice things!"
I get very excited when I think about Linux having the ability to do the sort of distributed application tasks that Java 2 promises.
Currently, NT, COM/COM+/DCOM, and MTS are ruling the roost in this field, but I think it can be done better and businesses love to have alternatives anyway.
I know Sun is providing limited assistance to Blackdown in order to make Java work on Linux. IMHO, they have very little to lose in getting as much Java stuff running on Linux as possible. Solaris and Linux don't exactly target the same market (SCO is a different matter, hee hee). My personal experience has been that Linux makes a great platform for Java development.
Companies talk a lot about "mindshare". Tier-1 support for Java on Linux would be a great way to win some.
"...gun control laws."
Grab yer keyboards and run for the hills, boys and girls, it's the start of YET ANOTHER SLASHDOT GUN CONTROL THREAD (YA/.GCT)(TM)!
What to expect:
-Arguments about the meaning and validity of the 2nd Amendment
-"NRA sucks" / "Handgun Control Inc. sucks" / "Charleton Heston sucks" / "Rosie O'Donnell sucks"
-Statistics about countries other than the U.S. which have different laws and cultures
-Smart-ass replies like this one
Release the hounds!
I have one thing to say, and I can't say it loudly enough:
The talents and values which are rewarded in high school have NOTHING to do with the real world.
HIGH SCHOOL IS NOT THE REAL WORLD!
I get up every morning to go to my over-paying job GLAD that I made it through without killing myself. Eveyone I know who is happy as an adult HATED high school.
HIGH SCHOOL IS NOT THE REAL WORLD!
If you're an outcast in high school, it's probably because you have values more meaningful than sneaking beer and attending pep rallies. I'm sorry it sucks, we "adults" aren't doing a very good job making it better.
People used to tell me it gets better after you get out. They were wrong. It gets fscking GREAT after you get out.
I can't imagine why adults are fascinated with high school. Every day I put between that place and myself is an improvement.
HIGH SCHOOL IS NOT THE REAL WORLD! DON'T TAKE IT TOO SERIOUSLY!
Hope this helps.
You know, I'm getting sick of articles on tech companies that start by describing how rebellious and noncomformist those companies are. How many more articles can you read about companies run by "twentysomethings" who roller-blade or mountain-bike into work around noon and spend the whole day playing video games and drinking jolt?
Nothing against Red Hat, just wish some of these clowns would write an article minus the "hip software culture" cliches.
*bang* Whoops, I guess not anymore. :P
/* I know, I know. That was real dark. Sorry. */
provided you don't ask it to do too much.
I know you're trolling and I should probably ignore your post, but I'm just LOOKING for an excuse right now to talk about the poor design of IIS.
Let's talk what a bad idea it is to allow user programs (ISAPI extensions and COM objects) to run in the same process space as the webserver. When the object chokes, it takes inetinfo.exe down with it -- nice. Good luck getting IIS to restart successfully without rebooting. Let's talk about the limitations of trying to run multiple (200+) threads in a single process in the first place.
"So forget ISAPI and that stuff. Just write CGIs." Wrong again. Let's talk about the overhead of loading a new process in NT. Let's talk about how SLOW it makes your server. Let's talk about the fact that Microsoft's own tech notes say not to do this. They suggest using ISAPI and COM objects which brings you right back around to the first problem.
I think ISAPI, ASP, and COM are very cool, but their implementation in IIS is practically begging for an excuse to crash the webserver.
"No, dammit, you DON'T HAVE TO REBOOT. Take your hand off the power switch. I know it's hard to accept, but it's true. Just trust me. Seriously, leave it up. Don't reboot it. It's fine. No, you won't have to reboot it tomorrow. It'll stay up. I promise. Don't worry about the blue screen. Eveything's going to be all right...."
:)
Gonna be a tough one to teach, IMHO.
I live in a fairly well-to-do part of town and it seems like so many parents here are more interested in having that client dinner, working over to finish that project so they can get the bonus, etc. than in spending some time with their kids.
I am so tired of the "raising children is hard today" lines. It has always been hard. It will probably always be hard. If you are going to choose to be a parent, realize that weakness is NOT AN OPTION. You have no choice but to suck it up and do it right. The alternative can be what we're seeing in Littleton.
Your comments raised my opinion of today's parents by several points. Thank you.
I think that's the first time I've ever seen a "503 -- Server Too Busy" page that specifically mentions the slashdot effect.
/. effect...."
:)
"...this server is experiencing a peak load, probably due to the
Can we get that shipped as a default 503 page in Apache? It'd make Rob a legend!
"503 -- Server slashdotted. Please contact the site administrator and advise him to take this site off the quad-Xeon and put it on something more suitable -- like a 486."
I don't have a whole lot of experience with Suns and I have zero experience paying for them, but....
When I read the report, the first thing question that popped into my head was, "If I had the money to by a quad-Xeon Intel, why would I? Wouldn't it be smarter to put the money into a Sun?"
It seems to me that quad-Xeons are getting into the upper range of Intel-based machines. Why not go for a mid-range (low-end?) Sparc-based system. I'm sure Solaris would spank NT in uptime (and probably speed), and I would have the ability to scale up even further if necessary.
SMB would be a non-issue to me. I would just use an NFS client on the NT workstations (I've done this before).
I'm thinking more in terms of a real-world "Here is your budget. Get the best you can afford" situation. I'm a missing something here?
"JavaScript, which is unrelated to Sun Microsystems' Java programming language...."
Kudos to news.com for including that. I run into way too many people who confuse Javascript with Java.
The name "Javascript" was coined as a marketing tool to allow a scripting language (originally "liveconnect"?) to ride on the coattails of the Java programming language. Unfortunately, IMHO, the association has harmed the Java programming language.
I don't mean to suggest that I know more than the justices of the Supreme Court but, in my opinion, their interpretations have become part of the problem.
The Constitution is actually a pretty easy read and I happen to believe it means exactly what it says. This business of "interpreting" and "finding the intent" has turned into a tool for politicians, justices, and citizens with political agendas.
Too many people read the Constitution the way they read the Bible -- as a collection of parables that they interpret individually. The Constitution is a very literal document. Why is it so hard to take its words at face value?
We can and should amend the Constitution if something doesn't work anymore. That's too much work, though, so we simply "interpret" it differently. In the long run, this only devalues it and, by association, our rights as citizens.
BTW -- Thanks for your response. You can tell I LOVE talking about this stuff.
Sorry, I respectfully disagree. The Second Amendment uses the words, "...the right of the people to keep and bear arms...".
:)
The Constitution is not shy about referring to, "the States," when it needs to. The Bill of Rights was designed to protect the rights of citizens.
When the Bill of Rights was itself being debated, the argument against it was that it would be impossible to enumerate all of the rights of people and that doing so would lead to rights being denied because they were not explicitly listed in the Constitution.
The Tenth Amendment was supposed to prevent that, but we pretty much ignore it. The Tenth also illustrates my point -- it treats "the people" and "the states" as two seperate entities.
BTW -- I know I'm participating too much here. I don't think slashdot was intended to be a constitutional debate forum.
What's going to happen when the idiot drivers out there can watch Jerry Springer on their glasses in traffic?
:)
Actually, I like the idea of being able to debug while appearing to pay attention in some stupid departmental meeting.
So what's the URL?
(kidding!)
"If the amending parties could see the damage done..."
:) */
I've heard this basic argument many times. It is always a tool by which someone projects their own beliefs onto the writers of the Constitution.
The simple fact is, if they came back today to do it all over, we don't know WHAT they would do. Did they really intend the First Amendment to protect pornography? Would the Second Amendment have been worded the same way? Would the Third Amendment (quartering soldiers in private homes in peacetime) even exist?
Would an explicit Constitutional guarantee of privacy be added? Would protection against abuses by tax collectors be added?
The last two hundred years have been an interesting experiment in INTERPRETING the Constitution, not necessarily following it. If you actually study the history and people behind the Constitution, you'll find that we've already thrown out or choose to ignore a lot of it.
Everyone seems to have their impression of what the framers intended. It's funny how these impressions usually match their opinions of how government should work.
/* Yeah, I was pre-law. Does it show?
Sorry -- I have my tongue in my cheek when I say, "world domination." Of course I agree that choice is what's really good (and "choice" doesn't mean "choice of Linux distributions").