Is it that hard to understand that this was probably intended as a catchall for the "Flat Earth Society" and "Lunar Landings were Faked!" crowds out for some "dirt?" Somebody who could be reasonably expected to be a major disruption... and possibly a safety threat if they think that the "vacuum" outside of the ISS is also fake.
The bureaucratically vague wording is troubling, but the alternative (allowing them to arbitrarily reject candidates for unstated reasons) are worse.
MS core fonts are free for noncommercial use
on
Scalable-Font Tools?
·
· Score: 3, Informative
I hate to throw the harsh light of reality on your beliefs, but if you go to the FontPack web page and click on the FAQ link, you'll see that Microsoft explicitly states
Anyone can download and install these fonts for their own use
Designers can specify the fonts within their Web pages
That's black letter contract. NOBODY is ripping off Microsoft when they download the fonts from the Microsoft site for personal use. Copying them from a Windows box is a little grey, but as long as it's for personal use it doesn't violate the spirit of the license.
Unfortunately, the license does not include the right to redistribute the fonts. So a Linux distro that included the fonts would probably be in violation of this license, while a distro that provided an installer script would be fine.
It's any line that starts with 'begin,' not just the entire message. This can easily happen by random chance since its 'begin' is one of those common words. E.g., "we will
begin the new project when Bob returns from vacation."
Getting two spaces between words is a bit more problematic, but again it's hardly a rare occurance.
But all of this is irrelevant since it's an trivial exploit for anyone who wants to cause trouble.
In related news, future versions of all Microsoft products will autocorrect any occurance of the word "begin" with a suitable replacement.
No word on when the riots by visual basic programmers furious that the new version of that language requires start/end blocks instead of begin/end blocks will end.
The latest MSIE supports XSLT, so if you provide an XSL doc with the XML they wouldn't have any problems accessing the data.
There may even be scripts that will convert XML into Excel format, although the conversion the other way is much more problematic given the lack of standards.
There's no comparison between these two bugs. The "From" bug (which can actually be introduced by any intermediate system handling SMTP or NNTP) causes a minor inconvenience or at most crypto signatures to break. (In extremely rare cases, it could corrupt UUENCODED data, but MIME encoded data should be unaffected unless there's also capitalization.)
In contast, with this Outlook bug once you hit a O!@3412kt611kjS*Q!*lk$(&)(C$k1$nkc3)_($ce31knjER91 $KNc3419u7L4;l$%*1
This "attack" is nothing more than starting a line with the word
begin. Nothing more.
As the guy pointed out in his comments, they discovered it because someone on a mailing list happened to
begin a line with the magic word and *bam* every Outlook user who wasn't connected to an Exchange server (which sounds like a typical MS bug "fix") found the message to be garbled.
When MTAs and NNTP server had a from bug (where any line starting with
From was capitalized by the transport software, everyone agreed it was a bug. A nasty one, since it there were reasons it couldn't easily be fixed, but the message was still readable.
But suddenly we're "elitists" for saying that it's a bug - a critical bug - when MS Outlook interprets *any* line beginning with "begin" as the start of a UUENCODED block? Even though this produces unreadable garbage? And the latest versions of Outlook apparently don't even have an option that will allow the user to view the original message?
I agree there are some bloody annoying elitist attitudes on full parade here, but it seems to me that the elitists are the people who think every person on the planet should check their messages for any text that triggers Outlook bugs (e.g., lines beginning with "begin", any HTML keyword which will trigger the mandatory interpretation of the message as HTML, etc.) instead of MS admitting that they screwed the pooch on this one and issuing a quick patch.
They don't even have to use the same standards I demand of my own code - simply checking for a pattern where the "begin" is followed by an octal number would eliminate most of these false hits.
If the guy were doing some fizzlebuzz that nobody would ever stumble upon, you would have a point.
But he's highlighting the fact that the Outlook programmers were so eager to be "helpful" that they didn't write decent filters to pick up the start of a UUENCODED block. Where I have used the pattern
"^begin ([:digit:]+) ([^ ]+)$"
(or a looser pattern that allows spaces in the filename), they check for "^begin " alone. Or maybe "^begin", which would also trigger on words like "beginning." My filter still catches the start of all valid UUENCODED block but doesn't wrongly trigger whenever the message just happens to start with the magic sequence "begin". (I also usually check for an "^end$" line and properly formatted interior lines, but I digress....)
This is just one symptom of a HUGE problem with MS products. A lot of people have reported problems where a message has something like <html> deep within the body of a message and Outlook INSISTED that the document was HTML... with the resulting garbage output. I'm sure others have had similar problems, but not been able to attribute it to some magic sequence causing the body of the message to be run through an inappropriate filter.
So I wouldn't use this casually to annoy people, but it's a good technique to have in hand when people claim that a problem is due to the sender, not the receiver's mail agent.
Cutting out scenes where there was a lot of "dialog"... sounds like most porn. The logical extreme isn't just compilation tapes, it's the "cumshot" compilation tape.
Is this what we have to look forward to in mainstream TV in a few years? The average half hour comedy will be reduced to a few punchlines - "Grace, is that a garbage sack?" "It was the FISH!", and the average hour drama will be a "bang!" "You're under arrest." "But my brother was in Brooklyn!" "Guilty".
One of the few benefits of hitting 41...
on
Uncommon Birthdays?
·
· Score: 2
One of the few benefits of hitting 41 (?! - can't be!) is that day 15k is less than a month later, and within a year my mom will be boasting to her neighbors about latest antics of her 500-month-old.
Two (or more) parties can agree to any terms in their contract, but it's useless unless a court will enforce it. Courts will not enforce contracts that "shock the sensibilities."
An EULA is under even tighter scrutiny since it's an attempt to get the benefits of a contract without the hassles of actually giving the other party any opportunity to negotiate. (Since most stores will not accept opened software for refund, you're forced to pay for the software whether you use it or not.) Courts have generally refused to enforce most terms in EULAs for a number of such reasons - that's why it literally takes a law changing the ground rules (UCITA) to make them enforceable.
This is slightly off-topic, but it's already a good practice to use two (or more) lprng queues.
All of the "public" queues are located on a central server, where the jobs are "cooked" by ghostscript, troff, whatever (you can easily create very specialized queues!) and the results 'bounced' into a 'raw' queue for each printer. The raw queues may be held on the print server, but they ultimately feed queues on the systems that host the individual printers.
The point of mentioning this? It's not practical to count the number of pages of the original queue, but it shouldn't be hard to run the 'raw' queue through a filter that parses the PCL being sent to the printer and counts the number of "page eject" (or whatever PCL uses) in each job. At worst this would require an additional bounce queue for each printer, but it wouldn't require additional disk space since the jobs shouldn't remain in this queue for long.
We're all gonna die anyway, so there's no point in trying to put off the inevitable!
Let's smoke and drink and eat nothing but onion blossoms and have unprotected sex with gutter-crawlers. We're all gonna die anyway!
And we can't forget about Joe - ate well, exercised, etc., and he still got cancer and died at 24. Why bother?....
What will it take to kill this damn "all software has bugs" crap? Of course it's possible to write bug-free software - look up "formal methods" or "correctness proofs" on goggle. It's just very expensive and isn't used unless a bug will result in death.
But more practically, I've been at few shops (maybe one in almost 20 years) that couldn't eliminate the vast majority of their bugs with some simple changes. Things like TURNING ON COMPILER WARNINGS - you would be shocked how many times I've come into a site (as a troubleshooting consultant) with a flaky code base, turned on compiler warnings (which are inevitably disabled), made sure every variable was initialized and functions were called with the right types of arguments and the code was immediately described as "more reliable," "less fragile," etc. Yet this rarely takes more than a week to complete.
If I were security czar at Microsoft (and pigs could fly....) my first order would be that every developer drop everything else to turn on compiler warnings and eliminate these warnings. (Some warnings are acceptable, but not uninitialized variables, wrong number of arguments or wrong types of arguments.) Shouldn't take more than a week, even if function prototypes have to be defined from scratch, and the code will be a lot more solid.
Then there's the buffer overflow issue - "grep" is wonderful at locating sprintf(), strcpy(), strcat(), scanf(), and other problematic code. It's normally easy to convert them to the safer functions. "grep" can also find snprintf(), strncpy(), memcmp(), strncmp() etc with hardcoded array sizes - too easy for the size of a buffer and the function calls to get out of sync if you don't use a manifest constant or sizeof().
Overall, there's about a dozen simple steps you can do that will eliminate essentially all of your serious bugs. Some of these steps can be done quickly, others can be painful if a shop has been sloppy (e.g., 'programming by contract' and adding assertion checking to existing libraries.)
To be sure a nontrivial application will still have bugs, but they're much less likely to be ones that an attacker can exploit and there's no justification for a site not following these practices. Yet we keep hearing the fatalistic "all code has bugs, we're all gonna die anyway!" chants and nobody takes the simple first steps to fix bugs or eliminate the worst of their personal habits.
If he's trying to solve continuous problems, he needs to get a copy of Numerical Recipes and start working through it. Ideally solving real problems that can be checked analytically or by running simulations - it's important to learn deep in your gut just how easy it is to write code that looks good but produces garbage.
But if he's interested in discrete math problems, something that the original question hinted, then he needs to get an arbitrary math package and learn an entirely different type of programming. In this case a numeric methods class is irrelevant.
If it's to help you understand the problem, you can use any language... and ML or applications like MathLab and Maple are probably best since they allow you to focus on the math, not the programming.
If it's because you are interested in working as a scientific programmer then you need to focus on the primary languages used in the field: Fortran, C and possibly Ada.
Fortran, as others have pointed out, isn't *that* bad. Unfortunately most Fortran programmers *are*. Too many people with a scientific background thought "it can't be that hard to write code" and they're right -- it's not hard to write code. It's hard to write good code.
C is the probably the standard language now, and has the benefit that the skills are portable.
Ada is now pretty much a niche language, but you may see it at defense companies and it has a cleaner OO implementation than C++. For the same reason, you might see java compiled into native code (e.g., with gjc).
If the Enron or Arthur Andersen execs walk, I wouldn't be surprised to see a legal presumption of guilt when documents are shredded prematurely or despite an explicit and lawful order to retain them.
The theory is simple and precedence is well-established - if a cop sees you see him then bolt, that's grounds for a reasonable presumption that you're guilty of *something* and the cops can stop and question you. It's not enough to throw you in jail, but you can be stopped and questioned while the guy who didn't flinch walks.
Same thing here - if you're deleting records that the state says you need to keep for N months, the burden in civil court (which only requires a "preponderance" of evidence anyway - 51%) is on you to prove that those documents weren't "smoking gun" evidence in support of the plantiff's case, not on them to prove they were.
If you're deleting records despite a lawful order, you have to prove that the documents were not incrimidating and that it didn't constitute obstruction of justice or contempt of court.
Of course this is something that would have to be handled on a case-by-case basis already... but the courts already do this when deciding admissibility of evidence discrediting a witness. If somebody has been convicted of perjury, the jury should know it because it's reasonable to ask whether they're lying again. If somebody has been shredding documents when they shouldn't have been, that again directly challenges their credibility elsewhere.
Editing glitch. My earlier draft had referred to the fact that you need to measure both voltage and amperage to determine the power coming out of the batteries... and even that meant nothing since warmer batteries can produce more power than cold batteries with no change in the energy in them, but I ended up removing that context.
Electrical tests are notoriously difficult since the usual meters can be yield bogus results on nonsinusoidal waveforms.
The best test I've heard of is to pump water from a low tank to a high tank, with the tank refilled by either overflow from the upper tank or an external source. You then just use a mechanical meter to determine who much water was moved.
You can't argue much about the energy produced when you measure it in liters of waters and meters of height displacement. (= gmh). And even when the test fails, maybe you found a more efficient water pump!
*snicker* According to the CNN report, part of the "evidence" that the 4 12V car batteries were recharged while powering 3 100W light bulbs was the fact that the voltage actually increased from 48.9V to 51.2V.
Could there be any other reason for the voltage (and voltage alone, not power) to increase?
Surely it couldn't be something as trivial as the batteries warming up.... or would that only occur to someone who knows of the (really dangerous) way to deal with a dead battery in cold weather - hook up the jumper cables then short them. If you don't succeed in blowing up the battery, you may have warmed it up enough that it will have enough juice to turn the starter.
He was tried once by two separate sovereign powers. No single power tried him twice.
This is a key difference between the American model and most other countries. In those countries there's one sovereign power that was originally tied to a monarch, and all of the subdivisions are mere administrative conveniences. All of the major laws (e.g., criminalizing murder or assault) are national.
In the US, each state is a sovereign power. Not only does each state implement it's "police powers" differently, the Federal government generally does *not* use police power with two exceptions. The first is serious crimes involving multiple states, the second is law enforcement on federal lands where local enforcement is undesirable (e.g., military bases, or to a smaller extent national parks).
This is why the modern crop of "conservatives" seem so... insane... to anyone with a sense of history. True conservatives would never support the federal government getting involved in small local crimes like possession of small amounts of drugs. They aren't even comfortable with the FBI being the lead agency in bank robberies, even if it's nominally because the banks are FDIC insured. (In truth, it's because the bank robbers of the 1930s fled across state borders and the feds were legitimately brought due to the interstate flight, but they decided to "streamline" the process and ended up creating a precedence.)
It's interesting to contrast this case (where the cops were charged with violating Rodney King's civil rights after acquittal in state court of other criminal charges) with Oklahoma trying to try Terry Nichols for murder because they don't think the federal life sentence is enough. They want a separate state trial solely so they can execute him.
Despite some of the recent noise out of Washington, a drivers license is tied to residency, not citizenship.
If you're here as a tourist, you can use your home license and an "international license." But most (all?) states want you to obtain a local license if you're here for any length of time. Even if you don't drive, I think you can still get a "state ID" if you prove you're a legal resident.
Still prefer to use your passport? That's fine... until you run into someone who needs proof that you live locally (e.g., before they'll accept your check). In those cases a drivers license from another state is as worthless as a passport (domestic or foreign).
There's a huge difference once you introduce smart cards.
A desktop computer is often left unattended, and it's not unreasonable to believe that somebody could gain illicit access to the data and software.
In contrast, a smart card is designed to be carried on the subject's person, in wallet or purse. With better cards, you can't pull the private key off the card - all crypto is done on the card itself. And even if you steal the card and attempt to disassemble it, they're designed to make such attacks futile.
If you want to make it even stronger, since there will always be idiots who write their PIN number on the card itself, you can try the experimental systems that mix biometrics and smart cards. The smart card contains the shrouded private key, the biometrics are used to unlock it.
Get a grip. A cornerstone of our criminal justice system is that "criminal" acts require an overt act known to be criminal, or at least reasonably expected to be so.
What this means, in practice, is that every door into an airport is clearly marked. It's not a crime to walk through an unmarked door. Walking past a door clearly marked "authorized personnel only" is a different matter.
Now look at this "problem." Computers with wireless LAN cards will automatically try to establish a connection... and these airports are offering these connections complete with DHCP and DNS services. They know that this will happen automatically whenever the owner turns on the computer, yet they've taken no action to restrict access to their system or warn travellers to avoid using their computers.
Yet you want to send the police to arrest these travelers for felonies - attempts to interfere with airport operations - for doing nothing that isn't routine in countless other places.
Worse, as some other posters have pointed out these networks can often be accessed from outside of the main terminal. A business traveler may innocently turn on his laptop in his hotel room and inadvertently connect to the airport network - and it's *his* fault for failing to anticipate this problem?
If somebody is there and clearly trying to compromise the system, throw the book at them. But if an airport just has lax security, direct your anger at the airport/airlines, not the innocent travelers.
Clerks who moonlight as constitutional law scholars has been a problem for a long time. Today it's the clerks at Kinkos, a decade ago it was clerks at 7-11 who had absolute knowledge of what constituted obscenity.
"Sorry, can't sell you that issue of Playboy. My boss makes us carry it, but I refuse to sell obscene material."
"But I want it for the interview."
"Sure you do.... She's 5'2, likes kittens and rain. Get out of here!"
"Really. There's an interview with President Carter that I want to read!"
"Look buddy, get out of here or I'm calling the police."
I didn't actually have this conversation, but others did and I definitely saw many "letters to the editor" and talk show callers who didn't understand that _Playboy_ had more hard journalistic content than most other magazines out there. It just also happened to have nude women. So did Time and Newsweek... but they always put the nudes on the cover as part of a story on art so the clerks grumbled but couldn't deny that they were legitimate news magazines.
It doesn't surprise me that Kinko's (or whoever) is following in this fine tradition. But what worries me even more than this story are the people who have reported having problems making copies of their own material!
By this reasoning, movies should have killed live theater since "nobody" would choose to get dressed up to look at distant figures instead of watching nice clean closeups in the comfort of jeans (or less, if watching at home.)
Records and CDs should have killed concerts.
All this technological change will do is eliminate the blood-suckers who act as middlemen between performers and audiences. It means that the market for a recorded performance may dry up, but the artists will be able to sell live performances to fans who are unable to attend in person.
The result will be a blooming of creativity. If you have _a_ performance of the Nutcracker Ballet, you're going to play it straight. If you have a live high-quality video feed to people willing to pay a reasonable fee (say 1/10th the price of a ticket to the actual performance), you'll be able to see a straight performance. You'll be able to see the 'cracked' performance that's often done at the close of the season, when all of the performers (and the audience) blow off some steam. You'll be able to see some experimental productions, where up-and-coming directors get a change to try out ideas.
Same thing with concerns. Performers can't stray too far from what they did on their albums because a lot of the people in the audience will be pissed if they pay $50+ and don't hear what they expected to hear. But if you can pay $5 for a feed from the current live performance on a concert tour, the artists will have more flexibility - especially if they announce that some of the dates will be more experimental than others. Listen to a night of jazz with Garth Brooks, or the down home back street boys.
If you care about the art, there's no question that hardware protection will be a disaster. Not only would you have the current pressures to do more of the same damn thing, you couldn't even let "black market" experimental stuff out to see how well it would fly. "Art" would be reduced to what middle-aged accountants like. *shudder*
Slashdot Mirror
Is it that hard to understand that this was probably intended as a catchall for the "Flat Earth Society" and "Lunar Landings were Faked!" crowds out for some "dirt?" Somebody who could be reasonably expected to be a major disruption... and possibly a safety threat if they think that the "vacuum" outside of the ISS is also fake.
The bureaucratically vague wording is troubling, but the alternative (allowing them to arbitrarily reject candidates for unstated reasons) are worse.
That's black letter contract. NOBODY is ripping off Microsoft when they download the fonts from the Microsoft site for personal use. Copying them from a Windows box is a little grey, but as long as it's for personal use it doesn't violate the spirit of the license.
Unfortunately, the license does not include the right to redistribute the fonts. So a Linux distro that included the fonts would probably be in violation of this license, while a distro that provided an installer script would be fine.
It's any line that starts with 'begin,' not just the entire message. This can easily happen by random chance since its 'begin' is one of those common words. E.g., "we will
begin the new project when Bob returns from vacation."
Getting two spaces between words is a bit more problematic, but again it's hardly a rare occurance.
But all of this is irrelevant since it's an trivial exploit for anyone who wants to cause trouble.
In related news, future versions of all Microsoft products will autocorrect any occurance of the word "begin" with a suitable replacement.
No word on when the riots by visual basic programmers furious that the new version of that language requires start/end blocks instead of begin/end blocks will end.
The latest MSIE supports XSLT, so if you provide an XSL doc with the XML they wouldn't have any problems accessing the data.
There may even be scripts that will convert XML into Excel format, although the conversion the other way is much more problematic given the lack of standards.
There's no comparison between these two bugs. The "From" bug (which can actually be introduced by any intermediate system handling SMTP or NNTP) causes a minor inconvenience or at most crypto signatures to break. (In extremely rare cases, it could corrupt UUENCODED data, but MIME encoded data should be unaffected unless there's also capitalization.)
1 $KNc3419u7L4;l$%*1
In contast, with this Outlook bug once you hit a O!@3412kt611kjS*Q!*lk$(&)(C$k1$nkc3)_($ce31knjER9
This "attack" is nothing more than starting a line with the word
begin. Nothing more.
As the guy pointed out in his comments, they discovered it because someone on a mailing list happened to
begin a line with the magic word and *bam* every Outlook user who wasn't connected to an Exchange server (which sounds like a typical MS bug "fix") found the message to be garbled.
When MTAs and NNTP server had a from bug (where any line starting with
From was capitalized by the transport software, everyone agreed it was a bug. A nasty one, since it there were reasons it couldn't easily be fixed, but the message was still readable.
But suddenly we're "elitists" for saying that it's a bug - a critical bug - when MS Outlook interprets *any* line beginning with "begin" as the start of a UUENCODED block? Even though this produces unreadable garbage? And the latest versions of Outlook apparently don't even have an option that will allow the user to view the original message?
I agree there are some bloody annoying elitist attitudes on full parade here, but it seems to me that the elitists are the people who think every person on the planet should check their messages for any text that triggers Outlook bugs (e.g., lines beginning with "begin", any HTML keyword which will trigger the mandatory interpretation of the message as HTML, etc.) instead of MS admitting that they screwed the pooch on this one and issuing a quick patch.
They don't even have to use the same standards I demand of my own code - simply checking for a pattern where the "begin" is followed by an octal number would eliminate most of these false hits.
begin important message
If the guy were doing some fizzlebuzz that nobody would ever stumble upon, you would have a point.
But he's highlighting the fact that the Outlook programmers were so eager to be "helpful" that they didn't write decent filters to pick up the start of a UUENCODED block. Where I have used the pattern
"^begin ([:digit:]+) ([^ ]+)$"
(or a looser pattern that allows spaces in the filename), they check for "^begin " alone. Or maybe "^begin", which would also trigger on words like "beginning." My filter still catches the start of all valid UUENCODED block but doesn't wrongly trigger whenever the message just happens to start with the magic sequence "begin". (I also usually check for an "^end$" line and properly formatted interior lines, but I digress....)
This is just one symptom of a HUGE problem with MS products. A lot of people have reported problems where a message has something like <html> deep within the body of a message and Outlook INSISTED that the document was HTML... with the resulting garbage output. I'm sure others have had similar problems, but not been able to attribute it to some magic sequence causing the body of the message to be run through an inappropriate filter.
So I wouldn't use this casually to annoy people, but it's a good technique to have in hand when people claim that a problem is due to the sender, not the receiver's mail agent.
end important message
Cutting out scenes where there was a lot of "dialog"... sounds like most porn. The logical extreme isn't just compilation tapes, it's the "cumshot" compilation tape.
Is this what we have to look forward to in mainstream TV in a few years? The average half hour comedy will be reduced to a few punchlines - "Grace, is that a garbage sack?" "It was the FISH!", and the average hour drama will be a "bang!" "You're under arrest." "But my brother was in Brooklyn!" "Guilty".
One of the few benefits of hitting 41 (?! - can't be!) is that day 15k is less than a month later, and within a year my mom will be boasting to her neighbors about latest antics of her 500-month-old.
Two (or more) parties can agree to any terms in their contract, but it's useless unless a court will enforce it. Courts will not enforce contracts that "shock the sensibilities."
An EULA is under even tighter scrutiny since it's an attempt to get the benefits of a contract without the hassles of actually giving the other party any opportunity to negotiate. (Since most stores will not accept opened software for refund, you're forced to pay for the software whether you use it or not.) Courts have generally refused to enforce most terms in EULAs for a number of such reasons - that's why it literally takes a law changing the ground rules (UCITA) to make them enforceable.
Of course, if you want to be a test case....
This is slightly off-topic, but it's already a good practice to use two (or more) lprng queues.
All of the "public" queues are located on a central server, where the jobs are "cooked" by ghostscript, troff, whatever (you can easily create very specialized queues!) and the results 'bounced' into a 'raw' queue for each printer. The raw queues may be held on the print server, but they ultimately feed queues on the systems that host the individual printers.
The point of mentioning this? It's not practical to count the number of pages of the original queue, but it shouldn't be hard to run the 'raw' queue through a filter that parses the PCL being sent to the printer and counts the number of "page eject" (or whatever PCL uses) in each job. At worst this would require an additional bounce queue for each printer, but it wouldn't require additional disk space since the jobs shouldn't remain in this queue for long.
We're all gonna die anyway, so there's no point in trying to put off the inevitable!
Let's smoke and drink and eat nothing but onion blossoms and have unprotected sex with gutter-crawlers. We're all gonna die anyway!
And we can't forget about Joe - ate well, exercised, etc., and he still got cancer and died at 24. Why bother?....
What will it take to kill this damn "all software has bugs" crap? Of course it's possible to write bug-free software - look up "formal methods" or "correctness proofs" on goggle. It's just very expensive and isn't used unless a bug will result in death.
But more practically, I've been at few shops (maybe one in almost 20 years) that couldn't eliminate the vast majority of their bugs with some simple changes. Things like TURNING ON COMPILER WARNINGS - you would be shocked how many times I've come into a site (as a troubleshooting consultant) with a flaky code base, turned on compiler warnings (which are inevitably disabled), made sure every variable was initialized and functions were called with the right types of arguments and the code was immediately described as "more reliable," "less fragile," etc. Yet this rarely takes more than a week to complete.
If I were security czar at Microsoft (and pigs could fly....) my first order would be that every developer drop everything else to turn on compiler warnings and eliminate these warnings. (Some warnings are acceptable, but not uninitialized variables, wrong number of arguments or wrong types of arguments.) Shouldn't take more than a week, even if function prototypes have to be defined from scratch, and the code will be a lot more solid.
Then there's the buffer overflow issue - "grep" is wonderful at locating sprintf(), strcpy(), strcat(), scanf(), and other problematic code. It's normally easy to convert them to the safer functions. "grep" can also find snprintf(), strncpy(), memcmp(), strncmp() etc with hardcoded array sizes - too easy for the size of a buffer and the function calls to get out of sync if you don't use a manifest constant or sizeof().
Overall, there's about a dozen simple steps you can do that will eliminate essentially all of your serious bugs. Some of these steps can be done quickly, others can be painful if a shop has been sloppy (e.g., 'programming by contract' and adding assertion checking to existing libraries.)
To be sure a nontrivial application will still have bugs, but they're much less likely to be ones that an attacker can exploit and there's no justification for a site not following these practices. Yet we keep hearing the fatalistic "all code has bugs, we're all gonna die anyway!" chants and nobody takes the simple first steps to fix bugs or eliminate the worst of their personal habits.
That depends on the problems he's interested in.
If he's trying to solve continuous problems, he needs to get a copy of Numerical Recipes and start working through it. Ideally solving real problems that can be checked analytically or by running simulations - it's important to learn deep in your gut just how easy it is to write code that looks good but produces garbage.
But if he's interested in discrete math problems, something that the original question hinted, then he needs to get an arbitrary math package and learn an entirely different type of programming. In this case a numeric methods class is irrelevant.
Why are you writing these programs?
If it's to help you understand the problem, you can use any language... and ML or applications like MathLab and Maple are probably best since they allow you to focus on the math, not the programming.
If it's because you are interested in working as a scientific programmer then you need to focus on the primary languages used in the field: Fortran, C and possibly Ada.
Fortran, as others have pointed out, isn't *that* bad. Unfortunately most Fortran programmers *are*. Too many people with a scientific background thought "it can't be that hard to write code" and they're right -- it's not hard to write code. It's hard to write good code.
C is the probably the standard language now, and has the benefit that the skills are portable.
Ada is now pretty much a niche language, but you may see it at defense companies and it has a cleaner OO implementation than C++. For the same reason, you might see java compiled into native code (e.g., with gjc).
If the Enron or Arthur Andersen execs walk, I wouldn't be surprised to see a legal presumption of guilt when documents are shredded prematurely or despite an explicit and lawful order to retain them.
The theory is simple and precedence is well-established - if a cop sees you see him then bolt, that's grounds for a reasonable presumption that you're guilty of *something* and the cops can stop and question you. It's not enough to throw you in jail, but you can be stopped and questioned while the guy who didn't flinch walks.
Same thing here - if you're deleting records that the state says you need to keep for N months, the burden in civil court (which only requires a "preponderance" of evidence anyway - 51%) is on you to prove that those documents weren't "smoking gun" evidence in support of the plantiff's case, not on them to prove they were.
If you're deleting records despite a lawful order, you have to prove that the documents were not incrimidating and that it didn't constitute obstruction of justice or contempt of court.
Of course this is something that would have to be handled on a case-by-case basis already... but the courts already do this when deciding admissibility of evidence discrediting a witness. If somebody has been convicted of perjury, the jury should know it because it's reasonable to ask whether they're lying again. If somebody has been shredding documents when they shouldn't have been, that again directly challenges their credibility elsewhere.
Editing glitch. My earlier draft had referred to the fact that you need to measure both voltage and amperage to determine the power coming out of the batteries... and even that meant nothing since warmer batteries can produce more power than cold batteries with no change in the energy in them, but I ended up removing that context.
Electrical tests are notoriously difficult since the usual meters can be yield bogus results on nonsinusoidal waveforms.
The best test I've heard of is to pump water from a low tank to a high tank, with the tank refilled by either overflow from the upper tank or an external source. You then just use a mechanical meter to determine who much water was moved.
You can't argue much about the energy produced when you measure it in liters of waters and meters of height displacement. (= gmh). And even when the test fails, maybe you found a more efficient water pump!
*snicker* According to the CNN report, part of the "evidence" that the 4 12V car batteries were recharged while powering 3 100W light bulbs was the fact that the voltage actually increased from 48.9V to 51.2V.
Could there be any other reason for the voltage (and voltage alone, not power) to increase?
Surely it couldn't be something as trivial as the batteries warming up.... or would that only occur to someone who knows of the (really dangerous) way to deal with a dead battery in cold weather - hook up the jumper cables then short them. If you don't succeed in blowing up the battery, you may have warmed it up enough that it will have enough juice to turn the starter.
He was tried once by two separate sovereign powers. No single power tried him twice.
This is a key difference between the American model and most other countries. In those countries there's one sovereign power that was originally tied to a monarch, and all of the subdivisions are mere administrative conveniences. All of the major laws (e.g., criminalizing murder or assault) are national.
In the US, each state is a sovereign power. Not only does each state implement it's "police powers" differently, the Federal government generally does *not* use police power with two exceptions. The first is serious crimes involving multiple states, the second is law enforcement on federal lands where local enforcement is undesirable (e.g., military bases, or to a smaller extent national parks).
This is why the modern crop of "conservatives" seem so... insane... to anyone with a sense of history. True conservatives would never support the federal government getting involved in small local crimes like possession of small amounts of drugs. They aren't even comfortable with the FBI being the lead agency in bank robberies, even if it's nominally because the banks are FDIC insured. (In truth, it's because the bank robbers of the 1930s fled across state borders and the feds were legitimately brought due to the interstate flight, but they decided to "streamline" the process and ended up creating a precedence.)
It's interesting to contrast this case (where the cops were charged with violating Rodney King's civil rights after acquittal in state court of other criminal charges) with Oklahoma trying to try Terry Nichols for murder because they don't think the federal life sentence is enough. They want a separate state trial solely so they can execute him.
Despite some of the recent noise out of Washington, a drivers license is tied to residency, not citizenship.
If you're here as a tourist, you can use your home license and an "international license." But most (all?) states want you to obtain a local license if you're here for any length of time. Even if you don't drive, I think you can still get a "state ID" if you prove you're a legal resident.
Still prefer to use your passport? That's fine... until you run into someone who needs proof that you live locally (e.g., before they'll accept your check). In those cases a drivers license from another state is as worthless as a passport (domestic or foreign).
There's a huge difference once you introduce smart cards.
A desktop computer is often left unattended, and it's not unreasonable to believe that somebody could gain illicit access to the data and software.
In contrast, a smart card is designed to be carried on the subject's person, in wallet or purse. With better cards, you can't pull the private key off the card - all crypto is done on the card itself. And even if you steal the card and attempt to disassemble it, they're designed to make such attacks futile.
If you want to make it even stronger, since there will always be idiots who write their PIN number on the card itself, you can try the experimental systems that mix biometrics and smart cards. The smart card contains the shrouded private key, the biometrics are used to unlock it.
Get a grip. A cornerstone of our criminal justice system is that "criminal" acts require an overt act known to be criminal, or at least reasonably expected to be so.
What this means, in practice, is that every door into an airport is clearly marked. It's not a crime to walk through an unmarked door. Walking past a door clearly marked "authorized personnel only" is a different matter.
Now look at this "problem." Computers with wireless LAN cards will automatically try to establish a connection... and these airports are offering these connections complete with DHCP and DNS services. They know that this will happen automatically whenever the owner turns on the computer, yet they've taken no action to restrict access to their system or warn travellers to avoid using their computers.
Yet you want to send the police to arrest these travelers for felonies - attempts to interfere with airport operations - for doing nothing that isn't routine in countless other places.
Worse, as some other posters have pointed out these networks can often be accessed from outside of the main terminal. A business traveler may innocently turn on his laptop in his hotel room and inadvertently connect to the airport network - and it's *his* fault for failing to anticipate this problem?
If somebody is there and clearly trying to compromise the system, throw the book at them. But if an airport just has lax security, direct your anger at the airport/airlines, not the innocent travelers.
Clerks who moonlight as constitutional law scholars has been a problem for a long time. Today it's the clerks at Kinkos, a decade ago it was clerks at 7-11 who had absolute knowledge of what constituted obscenity.
"Sorry, can't sell you that issue of Playboy. My boss makes us carry it, but I refuse to sell obscene material."
"But I want it for the interview."
"Sure you do.... She's 5'2, likes kittens and rain. Get out of here!"
"Really. There's an interview with President Carter that I want to read!"
"Look buddy, get out of here or I'm calling the police."
I didn't actually have this conversation, but others did and I definitely saw many "letters to the editor" and talk show callers who didn't understand that _Playboy_ had more hard journalistic content than most other magazines out there. It just also happened to have nude women. So did Time and Newsweek... but they always put the nudes on the cover as part of a story on art so the clerks grumbled but couldn't deny that they were legitimate news magazines.
It doesn't surprise me that Kinko's (or whoever) is following in this fine tradition. But what worries me even more than this story are the people who have reported having problems making copies of their own material!
By this reasoning, movies should have killed live theater since "nobody" would choose to get dressed up to look at distant figures instead of watching nice clean closeups in the comfort of jeans (or less, if watching at home.)
Records and CDs should have killed concerts.
All this technological change will do is eliminate the blood-suckers who act as middlemen between performers and audiences. It means that the market for a recorded performance may dry up, but the artists will be able to sell live performances to fans who are unable to attend in person.
The result will be a blooming of creativity. If you have _a_ performance of the Nutcracker Ballet, you're going to play it straight. If you have a live high-quality video feed to people willing to pay a reasonable fee (say 1/10th the price of a ticket to the actual performance), you'll be able to see a straight performance. You'll be able to see the 'cracked' performance that's often done at the close of the season, when all of the performers (and the audience) blow off some steam. You'll be able to see some experimental productions, where up-and-coming directors get a change to try out ideas.
Same thing with concerns. Performers can't stray too far from what they did on their albums because a lot of the people in the audience will be pissed if they pay $50+ and don't hear what they expected to hear. But if you can pay $5 for a feed from the current live performance on a concert tour, the artists will have more flexibility - especially if they announce that some of the dates will be more experimental than others. Listen to a night of jazz with Garth Brooks, or the down home back street boys.
If you care about the art, there's no question that hardware protection will be a disaster. Not only would you have the current pressures to do more of the same damn thing, you couldn't even let "black market" experimental stuff out to see how well it would fly. "Art" would be reduced to what middle-aged accountants like. *shudder*