I think it's you that's watched too many movies--booze does not burn all that well. While splashing alcohol in 1 person's face and lighting it might, possibly, incapacitate that person, it is not any way to incapacitate the entire flight crew and all the other passengers. The end result would be an attacker struggling to not suffocate, because it is actually very hard to breathe when hog-tied, and especially with one or more knees in your back.
You can not "incapacitate the entire flight crew and all the other passengers" with knives either. But planes have been hijacked with knives before.
A) The Dalvik JIT is stone-age technology compared to modern JITs. We are not even talking about profile-guided optimization like the HotSpot VM does. No, it does not even inline getters or setters,
B) The GPU acceleration layer sucks even worse than you think. For example it requires the app to emit display lists for all graphical objects without allowing you to clip those objects first. That means if you have a huge number of objects (say an editor with thousands of lines of text) all have to be created and passed to the rendering layer.
Pumping out the fuel will be quite hard since it consists of 200 tonnes of diesel and 2400 tonnes of heavy fuel oil. Heavy fuel oil has to be heated in order to be able to pump it.
Well but they sure are trying to get flag desecration forbidden.
The last vote in the senate missed required 2/3 supermajority by one vote. The House has already passed the amendment several times.
-- kryps
"That said, I'm well aware and approving of some limits on speech. Yet these are exceptions we accept, not inherent exceptions in the 1st Ammendment, as there are none. The cliche yelling fire in a theatre, or slander, for example. However these both have real negative impacts on people."
It's even easier than that. Approving some limits on speech is not some kind of unformal exception. Instead different constitutional rights have to be weighed against one another where they conflict. That's why e.g. publicly calling for the murder of someone is not covered by free speech.
How stupid can one be... Do you really think that people don't matter? That the software will be improved just because the code is out there? If the main developers of any important piece of software choose to no longer work on it you loose years until someone can do architectural work on a big piece of software like OpenSSH.
I disagree that OpenBSD should "start operating a bit more like a business." All the activities you suggest take away time from what the OpenBSD developers excel at, namely writing high-quality "security first" code and inventing new technologies to eradicate security-related bug classes. And they are not only good at it, they *like* doing that as well. You know how much more productive someone is who is doing something he likes to do compared with doing something he is bored with?
Everybody who uses OpenSSH/Openntpd/OpenBSD/... because it is great, secure software should donate so that they can keep improving it!
That is not a problem. However that arrays in Java are limited to 2^31 elements will probably be a real problem at some point. I don't know how they are going to address this.
Open Source Solaris lost it's chance at "cool" when Sun chose the license they did.
Huh? They chose/created an OSI-approved license and already released dtrace sourcecode under it.
You are the usual informed Slashdot reader so I am sure you know that many Apache projects (especially Java projects) originated from Sun-donated sourcecode and that many major contributors of the ASF are employed by Sun. You know that there would not be such a thing as OpenOffice if Sun had not bought StarOffice and released the source code?
I do think that Sun probably made some bad business decisions that will force them out of business earlier or later. But the constant uninformed Sun bashing is really getting on my nerves.
... and open-source Solaris is "vaporware" even though there is no/nada/nil code available for the Apache J2SE 5.0 implementation. Some people need to have their heads screwed on right.
Second, even if you had the source that does not mean that you could distribute a fixed version. Open source != Free Software.
What are you talking about? If you capitalize Open source like that you are refereing to the trademark by OSI and redistribution of derived works must be allowed to fit OSI's definition of Open source.
"So there's no workaround..." No, there are patches.
"... and no symptoms of it having been used." As a previous poster pointed out, traces left by any root exploit can be removed once the attacker is root (unless you redirect syslog to a printer or another "secure" machine) and it is not really rare for a root exploit to leave not trace (I don't know if the recet Linux kernel mremap exploits left any).
"So, what are the chances of it happening on Linux ? Well, probably less (the many-eyes scenario), but certainly possible. This isn't a time to be smug about not running Solaris..." What the f**k are you talking about? Most recently there was the mremap local root exploit which affected 2.4 and 2.6 Linux kernels. What is so different about that?
And most important: Once SPF is widely adopted mail administrators can disallow mails from domains with no reverse-MX. If e.g. Yahoo, Hotmail and AOL chose to do this the remaining unwilling sysadmins will be forced to upgrade.
Java generics are broken because they don't guarantee type safety across compilation units. That requires VM changes, changes that Microsoft was willing to make but Sun wasn't.
You don't know what you are talking about. The JSR 14 generics proposal offers compile-time type-safety while retaining compatibility with old (i.e. not generified) libraries. That means as long as you do not use "raw" types (e.g. Vector instead of Vector<String>) type safety is guaranteed and the compiler will emit a warning (and probably even an error in future versions) if it encounters usage of a raw type.
So right now everybody is going ahead with full speed and installs a software seemingly written by one person and not reviewed by anyone else. And the download page tells everybody to poke holes in the firewall as well.
Hmmm. I hope all of you have considered the involved security risks carefully.
You are the one who talks bullshit. Of course the British Tories are pro-war. Without them Blair could not go on with this pro-war course. He gets A LOT of flak from his own party for his course:
Reiser4 is currently in 2.5, which should drift over to 2.6 assuming it doesn't screw up big time mid-transition.
What have you been smoking? Reiser4 has *not* been integrated into 2.5. Judging from discussion on their mailing list and the available documents on their site it is currently in a very early alpha state (i.e. data loss is to be expected). Since adding a new filesystem is not a very intrusive change it might still get added now after the features freeze maybe even in the (early) 2.6 series but not before it becomes quite a bit more mature.
Adding alpha-quality filesystem to a mainline kernel does not really help anyone.
Slashdot Mirror
... since it is web scale. ;-)
https://www.youtube.com/watch?v=b2F-DItXtZs
I think it's you that's watched too many movies--booze does not burn all that well. While splashing alcohol in 1 person's face and lighting it might, possibly, incapacitate that person, it is not any way to incapacitate the entire flight crew and all the other passengers. The end result would be an attacker struggling to not suffocate, because it is actually very hard to breathe when hog-tied, and especially with one or more knees in your back.
You can not "incapacitate the entire flight crew and all the other passengers" with knives either. But planes have been hijacked with knives before.
Microsoft has been doing this for some time. Anyone remember Microsofts infamous "Gmail Man" spot?
There are lots of other issues. Two examples:
A) The Dalvik JIT is stone-age technology compared to modern JITs. We are not even talking about profile-guided optimization like the HotSpot VM does. No, it does not even inline getters or setters,
B) The GPU acceleration layer sucks even worse than you think. For example it requires the app to emit display lists for all graphical objects without allowing you to clip those objects first. That means if you have a huge number of objects (say an editor with thousands of lines of text) all have to be created and passed to the rendering layer.
Pumping out the fuel will be quite hard since it consists of 200 tonnes of diesel and 2400 tonnes of heavy fuel oil. Heavy fuel oil has to be heated in order to be able to pump it.
Well but they sure are trying to get flag desecration forbidden. The last vote in the senate missed required 2/3 supermajority by one vote. The House has already passed the amendment several times. -- kryps
"That said, I'm well aware and approving of some limits on speech. Yet these are exceptions we accept, not inherent exceptions in the 1st Ammendment, as there are none. The cliche yelling fire in a theatre, or slander, for example. However these both have real negative impacts on people."
It's even easier than that. Approving some limits on speech is not some kind of unformal exception. Instead different constitutional rights have to be weighed against one another where they conflict. That's why e.g. publicly calling for the murder of someone is not covered by free speech.
-- kryps
How stupid can one be... Do you really think that people don't matter? That the software will be improved just because the code is out there? If the main developers of any important piece of software choose to no longer work on it you loose years until someone can do architectural work on a big piece of software like OpenSSH.
-- kryps
I disagree that OpenBSD should "start operating a bit more like a business." All the activities you suggest take away time from what the OpenBSD developers excel at, namely writing high-quality "security first" code and inventing new technologies to eradicate security-related bug classes. And they are not only good at it, they *like* doing that as well. You know how much more productive someone is who is doing something he likes to do compared with doing something he is bored with?
Everybody who uses OpenSSH/Openntpd/OpenBSD/... because it is great, secure software should donate so that they can keep improving it!
> the int is still 32 bits
That is not a problem. However that arrays in Java are limited to 2^31 elements will probably be a real problem at some point. I don't know how they are going to address this.
-- kryps
You are the usual informed Slashdot reader so I am sure you know that many Apache projects (especially Java projects) originated from Sun-donated sourcecode and that many major contributors of the ASF are employed by Sun. You know that there would not be such a thing as OpenOffice if Sun had not bought StarOffice and released the source code?
I do think that Sun probably made some bad business decisions that will force them out of business earlier or later. But the constant uninformed Sun bashing is really getting on my nerves.
-- kryps
... and open-source Solaris is "vaporware" even though there is no/nada/nil code available for the Apache J2SE 5.0 implementation. Some people need to have their heads screwed on right.
-- kryps
-- kryps
BTW: XFS has a online defragmentation tool which iteratively deframents the most fragmented file.
See man xfs_fsr for details.
-- kryps
-- kryps
"So there's no workaround..."
No, there are patches.
"... and no symptoms of it having been used."
As a previous poster pointed out, traces left by any root exploit can be removed once the attacker is root (unless you redirect syslog to a printer or another "secure" machine) and it is not really rare for a root exploit to leave not trace (I don't know if the recet Linux kernel mremap exploits left any).
"So, what are the chances of it happening on Linux ? Well, probably less (the many-eyes scenario), but certainly possible. This isn't a time to be smug about not running Solaris..."
What the f**k are you talking about? Most recently there was the mremap local root exploit which affected 2.4 and 2.6 Linux kernels. What is so different about that?
-- kryps
And most important: Once SPF is widely adopted mail administrators can disallow mails from domains with no reverse-MX. If e.g. Yahoo, Hotmail and AOL chose to do this the remaining unwilling sysadmins will be forced to upgrade.
-- kryps
No, you don't know what you are talking about. But people can just dig through the specs and papers themselves to find out.
Yeah, right. Why don't you go and present some facts instead of spreading FUD?
-- kryps
-- kryps
So right now everybody is going ahead with full speed and installs a software seemingly written by one person and not reviewed by anyone else. And the download page tells everybody to poke holes in the firewall as well.
Hmmm. I hope all of you have considered the involved security risks carefully.
-- kryps
And DARPA is also funding Reiserfs v4 development.
-- kryps
You are the one who talks bullshit. Of course the British Tories are pro-war. Without them Blair could not go on with this pro-war course. He gets A LOT of flak from his own party for his course:
8 14 3-2003Feb26.html
http://www.washingtonpost.com/wp-dyn/articles/A
-- kryps
"the International Network for the Improvement of Banana and Plantain.".
;-)
Observe the birth of a new acronym!
Reiser4 is currently in 2.5, which should drift over to 2.6 assuming it doesn't screw up big time mid-transition.
What have you been smoking? Reiser4 has *not* been integrated into 2.5. Judging from discussion on their mailing list and the available documents on their site it is currently in a very early alpha state (i.e. data loss is to be expected). Since adding a new filesystem is not a very intrusive change it might still get added now after the features freeze maybe even in the (early) 2.6 series but not before it becomes quite a bit more mature.
Adding alpha-quality filesystem to a mainline kernel does not really help anyone.
-- kryps