First of all, it works great with Windows and MacOS X. When you install Windows or MacOS, one of the first things you do is get an X server. (for evil reasons, the OS is supplied without decent compatibility with open protocols and open file formats) Of course you also install an ssh client, a POSIX shell for Windows, etc.
Second of all, maybe that is where your CPU cycles are going. Last I checked, which was indeed some time ago, Matlab was fully capable of running without the GUI. You can make your graphical output go to PostScript files.
If you wish to print these files through a terminal emulator, use the vtprint program. (or write your own) It's just a shell script that sends the VT100 escape sequences for printing, your file, and the escape sequence to stop printing. It worked great for me. You can also print to image files, maybe in a directory that shows up on a web server somewhere.
Python is about equally bad as far as syntax goes. Python behavior also presents difficult obstacles to optimization; the Matlab system apparantly does not (one can convert to C).
The LISP guy has a point, though that syntax is even uglier. (like being in a sensory deprivation tank)
If you really do want to crunch numbers, you don't screw around with any of the above. You use FORTRAN. Maybe that isn't cool, trendy, hot, exciting, whatever... but it works damn well. Assuming your idea of the C language doesn't include heavy use of the "restrict" keyword, FORTRAN optimizes even better than C. FORTRAN has a genuine international standard; it won't suddenly change because Guido gets a random urge. For number crunching, the world is full of FORTRAN code. Really, you can't do better.
Example: slashdot.org is a web server that creates HTML whenever you post a comment and/or read a comment. (pages may be cached until a new comment is added)
You can put HTML into your comment. Slashdot.org runs a giant perl script which embeds your code into a web page, along with other stuff (ads, logout link, etc.) from many other sources. After you see the result, you can't go modify your comment. You can add a new comment, but then the old web page is destroyed (deleted from the slashdot.org server) and a new web page is generated.
Slashdot tries to filter this. Suppose that the filter is broken, but that browsers support this new tag and slashdot uses it.
You put evil JavaScript code into your comment. Slashdot nests that into the new tag when the new page is generated. You view the page, discovering the secret. You post a new comment, intending to abuse your knowledge of the secret. Slashdot generates a fresh new page to contain your new comment, with fresh new secrets. Now you can learn the new secrets by viewing the page, but again it does you no good. Every time you try to embed evil JavaScript, the old secrets (which you now know) will be replaced by the giant perl script that generates web pages.
Maybe the source of confusion has to do with where the potentially hostile content is coming from.
It's supplied once. The server writes out a foo.html file containing it. This file is never generated prior to the potentially hostile content.
The server is NOT making the page with an INSERT-CONTENT-HERE thing and dynamically slurping in fresh new hostile content each time the page is served. The server is NOT causing the client to slurp in fresh new hostile content from an untrusted web site whenever the page is rendered.
Right, one can view the source. That's too late for the attacker though, because the attacker needs to get a successful guess embedded into that very page. He needed to make his guess before the page was generated.
Client-side scripting is blocked of course; that was the whole point of the new tag.
Remember how the proposed tag works: it disables everything not explicitly allowed. Just prior to the potentially hostile data, the web site places the opening tag. The closing tag is only accepted if it contains the secret. The secret may become public knowledge after the page is generated and served for the first time. At that point the potentially hostile data is cast in stone. The attacker can't go back and fix his error. ("Oh, now I know the answer, let me go back and fix my error..." is not possible)
I'm not sure how it is that you're misunderstanding me, but I damn well do know how this stuff works. I've even written a web server (like everybody and their dog, right?) and plenty of code to parse HTML.
Now, to an extent, there is something dynamic: pages are being automatically generated. It doesn't matter when. The pages can be cached, or not. They can be generated and kept forever, served out identically to every visitor. It just doesn't matter, except for web server performance.
To attack, one supplies data that will wind up inside the page. (a forum post, an email, etc.) It is at this moment that the attacker has his one and only chance to guess the random secret. The page is generated either right then, or repeatedly in the future. The attacker can now see it, but so what? He lost, and can not fix his error. His next attempt will be on a fresh new page with a fresh new secret. Knowledge of previously generated pages is completely useless to him.
The average person is easy to sway with a great big ad campaign. If the latest pop star says to vote YES on #42 for the children, well, people sure will. This may be the least-bad problem though!
Where would the laws come from? Imagine them all filled with vague non-lawyer language that will be difficult to interpret and full of holes.
As it is already, laws have both a bad part and some bait. It's purposely complicated.
Most people are clueless about basic economics. A lot of people would try to set price limits, just print more money, or massively screw with interest rates. We'd be totally sunk in no time.
It's likely that everybody would give themselves welfare without taxes. At best, jealosy would result in something crazy that wipes out all the business owners.
He seems to like the Thought Crime concept. Rather than merely punishing people for bad actions, he supports the idea that we should try to guess if a criminal might hate his victim. Extra years in prison for Thought Crime makes sense to him.
He's OK with the government taking people's legally owned firearms during an emergency or major disaster. (as in Katrina... where the cops were followed by thugs preying on the now-unarmed residents) Got a disaster? Time to steal from the people!
He somehow thinks that firearm suppliers should be held liable for the actions of firearm users. If this seems sane to you, consider applying it to computers or vehicles. (on the plus side, that kind of liability would put Microsoft out of business and solve all our traffic problems)
He likes the PATRIOT act. Oh dear...
He's a CAN SPAM kind of guy.
He's OK with shovelling money to sugarcane growers.
Factoring in the 50% credit for ethanol, mileage drops from 27.5 to 23.333333...
Nice. Everybody wins: the corn lobby, the corrosion-resistant fittings manufacturers, the American auto industry, big oil, and the people who want to buy SUVs like the Canyonero.
Remember what CAFE does. It requires that the average vehicle have a certain mileage.
No technical changes are required to do this, since cars which beat the new standard already exist.
Instead, we only need to change the mix of cars being sold. We do that with price. People want the SUVs, but will buy econoboxes when the SUVs are too expensive.
It appears that increasing SUV cost by $6700 is exactly what is required to change the purchasing behavior to meet an AVERAGE mileage of 35 MPH. It's possible that the really efficient vehicles will be sold below production cost, subsidized by the SUV sales.
You create the random string when you create the page. That is the only chance the attacker has.
It is presumed that the page is created from a chunk of untrusted data embedded within trusted data. For example, a web mail or forum. The attacker is not given the chance to go back and edit his evil code. If forum comments can be edited, well, the web page will get generated again and that gives a new key value.
Typically one does indeed have fancy stuff on the server. Slashdot certainly does. Slashdot is a giant perl script.
Really this is no different from the other method, except less error-prone and it reduces server load. Rather that having the server try to parse some potentially hostile tag soup, the server just wraps the mess in the new tags.
I often wish for an Open Source browser brave enough to say "screw the W3C, we're going to be IE compatible". I suppose it's OK to leave out the exploitable buffer overflows. I want the rest though.
Recognize the popular ActiveX controls, providing Open Source substitutes when possible. Feed any remaining ActiveX crap into Wine, with appropriate sandboxing.
Do the VBscript stuff.
Do the DirectAnimation stuff.
Ignore MIME types; they get lost anyway when you save the files....and so on, etc.,...
Being "right" just isn't worth the trouble. This isn't a fight worth fighting.
The W3C was well on the way toward being fully useless, pointless, and ignored. They'd build themselves a lovely ivory tower, locked themselved inside it, covered their eyes and ears, and started to enjoy LSD. It was heaven for people who liked politics and design-by-committee more than engineering and practicality.
We love our tag soup. It mostly works, unlike xhtml which only works in Gecko. (nope, not IE, unless you use the text/html MIME type and your "xhtml" just happens to be tolerated when parsed as html) Tag soup gets stuff done.
XML is nothing to be proud of. Though I'm no fan of LISP, even LISP-style notation would be better than XML. XML is gross inefficiency while not even being particularly readable. In any case it's not a significant improvement over the bastardized SGML that is the foundation of HTML.
fonts are platform-specific and copyrighted
on
HTML V5 and XHTML V2
·
· Score: 0, Troll
You may love the latest stuff shipping with Vista, but it's not on my computer and I'm not going to swipe a copy.
I don't even have Comic Sans, Ariel, Verdana, Times New Roman, etc.
I do have fonts. Some of them look kind of nice. You probably don't have them.
Eh, now I know we kind of claim to run EVERYTHING, and of course the Mexicans are taking over the USA right this very minute, but I don't believe there has really been a merger yet. Latin America was "international" last I checked.
The rate of mutations per genome would likely go up with the use of fire. (smoking obviously, plus general exposure via smoked food and candles)
Diet changes will affect this. Over the centuries of interest there has been a general decline in the consumption of fresh vegetables. We replace that with baked goods and meat.
Grrr... and I was refusing to touch KDE because way back when they linked other people's GPL code against pre-GPL Qt. I'm not happy now. Fuck you Novell, for being Microsoft's bitch.
This is caused partly by Microsoft not wanting to play with others, and partly by the W3C itself being very impractical ("Structure only! No presentation!", "XHTML replaced HTML", etc.) and fairly academic.
This works way better. Consider what happens if the client saves the file to disk. There is no file extension. By saving, you lose the MIME type. Next time you view that file, the client-side/etc/magic is all you have to go on.
I hope you don't seriously think that a file should be interpreted one way if viewed directly from the web server (using MIME type info) and some completely different way (using local/etc/magic) if viewed after being saved to disk. That's just nuts.
Slashdot Mirror
First of all, it works great with Windows and MacOS X. When you install Windows or MacOS, one of the first things you do is get an X server. (for evil reasons, the OS is supplied without decent compatibility with open protocols and open file formats) Of course you also install an ssh client, a POSIX shell for Windows, etc.
Second of all, maybe that is where your CPU cycles are going. Last I checked, which was indeed some time ago, Matlab was fully capable of running without the GUI. You can make your graphical output go to PostScript files.
If you wish to print these files through a terminal emulator, use the vtprint program. (or write your own) It's just a shell script that sends the VT100 escape sequences for printing, your file, and the escape sequence to stop printing. It worked great for me. You can also print to image files, maybe in a directory that shows up on a web server somewhere.
Python is about equally bad as far as syntax goes. Python behavior also presents difficult obstacles to optimization; the Matlab system apparantly does not (one can convert to C).
The LISP guy has a point, though that syntax is even uglier. (like being in a sensory deprivation tank)
If you really do want to crunch numbers, you don't screw around with any of the above. You use FORTRAN. Maybe that isn't cool, trendy, hot, exciting, whatever... but it works damn well. Assuming your idea of the C language doesn't include heavy use of the "restrict" keyword, FORTRAN optimizes even better than C. FORTRAN has a genuine international standard; it won't suddenly change because Guido gets a random urge. For number crunching, the world is full of FORTRAN code. Really, you can't do better.
It's not "your body". It's "your child's body".
Example: slashdot.org is a web server that creates HTML whenever you post a comment and/or read a comment. (pages may be cached until a new comment is added)
You can put HTML into your comment. Slashdot.org runs a giant perl script which embeds your code into a web page, along with other stuff (ads, logout link, etc.) from many other sources. After you see the result, you can't go modify your comment. You can add a new comment, but then the old web page is destroyed (deleted from the slashdot.org server) and a new web page is generated.
Slashdot tries to filter this. Suppose that the filter is broken, but that browsers support this new tag and slashdot uses it.
You put evil JavaScript code into your comment. Slashdot nests that into the new tag when the new page is generated. You view the page, discovering the secret. You post a new comment, intending to abuse your knowledge of the secret. Slashdot generates a fresh new page to contain your new comment, with fresh new secrets. Now you can learn the new secrets by viewing the page, but again it does you no good. Every time you try to embed evil JavaScript, the old secrets (which you now know) will be replaced by the giant perl script that generates web pages.
...people with a certain personality-related gene
Maybe the source of confusion has to do with where the potentially hostile content is coming from.
It's supplied once. The server writes out a foo.html file containing it. This file is never generated prior to the potentially hostile content.
The server is NOT making the page with an INSERT-CONTENT-HERE thing and dynamically slurping in fresh new hostile content each time the page is served. The server is NOT causing the client to slurp in fresh new hostile content from an untrusted web site whenever the page is rendered.
Right, one can view the source. That's too late for the attacker though, because the attacker needs to get a successful guess embedded into that very page. He needed to make his guess before the page was generated.
Client-side scripting is blocked of course; that was the whole point of the new tag.
Remember how the proposed tag works: it disables everything not explicitly allowed. Just prior to the potentially hostile data, the web site places the opening tag. The closing tag is only accepted if it contains the secret. The secret may become public knowledge after the page is generated and served for the first time. At that point the potentially hostile data is cast in stone. The attacker can't go back and fix his error. ("Oh, now I know the answer, let me go back and fix my error..." is not possible)
I'm not sure how it is that you're misunderstanding me, but I damn well do know how this stuff works. I've even written a web server (like everybody and their dog, right?) and plenty of code to parse HTML.
Now, to an extent, there is something dynamic: pages are being automatically generated. It doesn't matter when. The pages can be cached, or not. They can be generated and kept forever, served out identically to every visitor. It just doesn't matter, except for web server performance.
To attack, one supplies data that will wind up inside the page. (a forum post, an email, etc.) It is at this moment that the attacker has his one and only chance to guess the random secret. The page is generated either right then, or repeatedly in the future. The attacker can now see it, but so what? He lost, and can not fix his error. His next attempt will be on a fresh new page with a fresh new secret. Knowledge of previously generated pages is completely useless to him.
The average person is easy to sway with a great big ad campaign. If the latest pop star says to vote YES on #42 for the children, well, people sure will. This may be the least-bad problem though!
Where would the laws come from? Imagine them all filled with vague non-lawyer language that will be difficult to interpret and full of holes.
As it is already, laws have both a bad part and some bait. It's purposely complicated.
Most people are clueless about basic economics. A lot of people would try to set price limits, just print more money, or massively screw with interest rates. We'd be totally sunk in no time.
It's likely that everybody would give themselves welfare without taxes. At best, jealosy would result in something crazy that wipes out all the business owners.
Let's see...
He seems to like the Thought Crime concept. Rather than merely punishing people for bad actions, he supports the idea that we should try to guess if a criminal might hate his victim. Extra years in prison for Thought Crime makes sense to him.
He's OK with the government taking people's legally owned firearms during an emergency or major disaster. (as in Katrina... where the cops were followed by thugs preying on the now-unarmed residents) Got a disaster? Time to steal from the people!
He somehow thinks that firearm suppliers should be held liable for the actions of firearm users. If this seems sane to you, consider applying it to computers or vehicles. (on the plus side, that kind of liability would put Microsoft out of business and solve all our traffic problems)
He likes the PATRIOT act. Oh dear...
He's a CAN SPAM kind of guy.
He's OK with shovelling money to sugarcane growers.
Factoring in the 50% credit for ethanol, mileage drops from 27.5 to 23.333333...
Nice. Everybody wins: the corn lobby, the corrosion-resistant fittings manufacturers, the American auto industry, big oil, and the people who want to buy SUVs like the Canyonero.
Remember what CAFE does. It requires that the average vehicle have a certain mileage.
No technical changes are required to do this, since cars which beat the new standard already exist.
Instead, we only need to change the mix of cars being sold. We do that with price. People want the SUVs, but will buy econoboxes when the SUVs are too expensive.
It appears that increasing SUV cost by $6700 is exactly what is required to change the purchasing behavior to meet an AVERAGE mileage of 35 MPH. It's possible that the really efficient vehicles will be sold below production cost, subsidized by the SUV sales.
Since you didn't mention cost...
Audi A8 and Audi R8
For something a bit cheaper and smaller, try the Audi A4.
You create the random string when you create the page. That is the only chance the attacker has.
It is presumed that the page is created from a chunk of untrusted data embedded within trusted data. For example, a web mail or forum. The attacker is not given the chance to go back and edit his evil code. If forum comments can be edited, well, the web page will get generated again and that gives a new key value.
Typically one does indeed have fancy stuff on the server. Slashdot certainly does. Slashdot is a giant perl script.
Really this is no different from the other method, except less error-prone and it reduces server load. Rather that having the server try to parse some potentially hostile tag soup, the server just wraps the mess in the new tags.
I often wish for an Open Source browser brave enough to say "screw the W3C, we're going to be IE compatible". I suppose it's OK to leave out the exploitable buffer overflows. I want the rest though.
...and so on, etc., ...
Recognize the popular ActiveX controls, providing Open Source substitutes when possible. Feed any remaining ActiveX crap into Wine, with appropriate sandboxing.
Do the VBscript stuff.
Do the DirectAnimation stuff.
Ignore MIME types; they get lost anyway when you save the files.
Being "right" just isn't worth the trouble. This isn't a fight worth fighting.
The W3C was well on the way toward being fully useless, pointless, and ignored. They'd build themselves a lovely ivory tower, locked themselved inside it, covered their eyes and ears, and started to enjoy LSD. It was heaven for people who liked politics and design-by-committee more than engineering and practicality.
We love our tag soup. It mostly works, unlike xhtml which only works in Gecko. (nope, not IE, unless you use the text/html MIME type and your "xhtml" just happens to be tolerated when parsed as html) Tag soup gets stuff done.
XML is nothing to be proud of. Though I'm no fan of LISP, even LISP-style notation would be better than XML. XML is gross inefficiency while not even being particularly readable. In any case it's not a significant improvement over the bastardized SGML that is the foundation of HTML.
You may love the latest stuff shipping with Vista, but it's not on my computer and I'm not going to swipe a copy.
I don't even have Comic Sans, Ariel, Verdana, Times New Roman, etc.
I do have fonts. Some of them look kind of nice. You probably don't have them.
Um, Google is one of the parties. Everybody better grab a copy.
Eh, now I know we kind of claim to run EVERYTHING, and of course the Mexicans are taking over the USA right this very minute, but I don't believe there has really been a merger yet. Latin America was "international" last I checked.
You'll have more trucks going over the corner of the road, hitting pedestrians on the sidewalk.
(yes, they do that -- I see it often enough!)
The rate of mutations per genome would likely go up with the use of fire. (smoking obviously, plus general exposure via smoked food and candles)
Diet changes will affect this. Over the centuries of interest there has been a general decline in the consumption of fresh vegetables. We replace that with baked goods and meat.
You have to admit that this would be really cool.
Transplanting some DNA from an appropriate critter ought to do the job.
Grrr... and I was refusing to touch KDE because way back when they linked other people's GPL code against pre-GPL Qt. I'm not happy now. Fuck you Novell, for being Microsoft's bitch.
The bulk of the world ignores W3C.
This is caused partly by Microsoft not wanting to play with others, and partly by the W3C itself being very impractical ("Structure only! No presentation!", "XHTML replaced HTML", etc.) and fairly academic.
The client can as well.
/etc/magic is all you have to go on.
/etc/magic) if viewed after being saved to disk. That's just nuts.
This works way better. Consider what happens if the client saves the file to disk. There is no file extension. By saving, you lose the MIME type. Next time you view that file, the client-side
I hope you don't seriously think that a file should be interpreted one way if viewed directly from the web server (using MIME type info) and some completely different way (using local