I wrote about the weaknesses of the AV-Comparatives tests here: http://robert.ocallahan.org/20... Testing against only already-identified malware is bogus. But FWIW, Defender has a 97% catch rate in AV-Comparatives' latest report.
Another poster points out above that inconspicuous third-part AV software would not "win hands down", because to the user it appears they've paid for software that doesn't do anything.
The problem is that, by design, AV software is ineffective at catching "new stuff", partly because malware authors can tweak new malware until it passes the classifiers of the major AV products.
So the reality is that every day new malware appears that will not be caught by even the best AV packages unless you're lucky. Real life detection rates will be significantly lower than seen in these tests. Even if the difference between Windows Defender and the others grows a bit, it may actually be less significant.
"A chance at catching them" isn't good enough. What you need are the systematic security measures deployed by modern OSes and browsers, more and better. And AV software gets in the way of that.
Windows 10 has some systematic security improvements that weren't backported to Windows 7. That sort of thing is often hard to retrofit without breaking stuff.
I spent fifteen years of my life working on Firefox, fighting Microsoft tooth and nail to stop them from taking over the Internet. Nowadays I' work on debugging software that only works on Linux. So no, I've never been Microsoft's shill or anyone else's. But people running up-to-date OSes is in everyone's interests.
My post says "Except Microsoft's", right in the title. I think that's important. I believe that Microsoft's Defender stuff is probably less bad than the other major players and worth having enabled for average users. Unfortunately that's been left out of the Slashdot summary.
The problem is that it's all additive. You can write simpler code with the new features than the old features, but the old features still exist and are still being used.
Some old uses of volatile should be replaced with atomics. You're right there are still some valid uses of volatile.
The problem is that the set of features offered by C++ is absolutely enormous. Many of them are features you probably shouldn't use (e.g. "volatile", or throws specifications, or wchar_t, or virtual base classes), but are there for legacy reasons. Most projects define a subset and try to stick to it, but the subset varies from project to project so you inevitable have to learn the old crappy stuff.
C++ exhausted its complexity budget long ago and is now deep into deficit spending.
Modern languages give you power without the cruft.
> The validity of the archetype class test is completely dependent on it being an exact match with the concept, which must be verified by careful (manual) inspection.
Concepts lets you check that the parameters of a template instantiation satisfy the template's requirements. However, it doesn't let you check that the *definition* of a template is valid whenever the parameters satisfy the template's requirements. So it's really only solving half of the problem.
The Vatican having some secrets doesn't negate the fact that every significant doctrine of Catholicism is public knowledge.
Likewise, the inaccessibility of some parts of some synagogues and holy sites doesn't negate the fact that every significant doctrine of Judaism and Islam is public knowledge.
Quite a big difference from Scientology and other cults where a lot of information about what the leaders believe is deliberately held back from potential converts.
I think we can at least require that the religion's tenets be sincerely held by members and leaders alike. (In general; if some individuals disbelieve that needn't deligitimize the entire religion.)
This implies that the members and leaders share the same tenets and generally means those tenets are publicly known, not secret.
That Wikipedia article completely contradicts what you said. It says:
> the cumulative products of 100 of these firestorms would unmistakably cool the global climate by approximately 1 ÂC (1.8 ÂF), largely eliminating the magnitude of anthropogenic global warming for two to three years
i.e. the climactic effect "100 bombs" would be no more than a brief reversal of the current warming trend. The much more severe impact you quoted requires a much larger number of bombs, and, as the article goes on to point out, is based on highly questionable assumptions.
Those bases in Russia's neighbours are welcomed by those countries, because they're afraid of Russia invading them again.
To argue that those countries should not be allowed to be part of NATO is to argue that they're not really independent nations at all. That's Putin's argument.
Rust allows programming "closer to the metal" than those languages. For example, Go, Nim, Scala and Haxe all require a garbage collector in practice for significantly complex programs. This makes it difficult (or at least heavyweight) to embed components in those languages into other languages and makes memory usage more difficult to reason about. This makes it easier to use Rust as a drop-in replacement for C or C++.
(Rust has other advantages over each of those other languages too.)
The reality is that programmers make lots of mistakes, no matter how smart they are, how educated they are, or how hard they try.
Another reality is that even if the really brilliant programmers never made mistakes, there aren't enough of them to create all the software that the world needs.
Fortunately, in the 44 years since C was created, we've learned how to design languages that are easier to use and prevent or detect many of the worst kinds of mistakes. Recently we've even learned how to do that without giving up the power C programmers need.
Owning my own car isn't all that convenient. I have to have it serviced. I have to refuel it. It's not always the ideal model for the task at hand. Every so often I have the hellish experience of buying another one. I have to juggle usage with other family members (or spend significantly more money for another vehicle that'll be less used).
Autonomous taxis would be more convenient than taxis driven by real people simply because you could afford to have a lot more of them on the road.
Even in rush hour, it would be common for an autonomous car to complete multiple trips so there's still a significant increase in utilization there. Also, sane road rules would give one-person micro-cars preferential treatment over space-wasting big cars.
Slashdot Mirror
The OpenBSD team hasn't written anything nearly as complex as a browser.
Mathematicians Agree That Mathematics Is The Best
I wrote about the weaknesses of the AV-Comparatives tests here: http://robert.ocallahan.org/20...
Testing against only already-identified malware is bogus. But FWIW, Defender has a 97% catch rate in AV-Comparatives' latest report.
Another poster points out above that inconspicuous third-part AV software would not "win hands down", because to the user it appears they've paid for software that doesn't do anything.
I wrote about this in a followup: http://robert.ocallahan.org/20...
The problem is that, by design, AV software is ineffective at catching "new stuff", partly because malware authors can tweak new malware until it passes the classifiers of the major AV products.
So the reality is that every day new malware appears that will not be caught by even the best AV packages unless you're lucky. Real life detection rates will be significantly lower than seen in these tests. Even if the difference between Windows Defender and the others grows a bit, it may actually be less significant.
"A chance at catching them" isn't good enough. What you need are the systematic security measures deployed by modern OSes and browsers, more and better. And AV software gets in the way of that.
> a browser whose development team ... took an ivory tower position of something along the lines of "you shouldn't have your browser open that long."
That never happened. You just made it up.
Windows 10 has some systematic security improvements that weren't backported to Windows 7. That sort of thing is often hard to retrofit without breaking stuff.
I spent fifteen years of my life working on Firefox, fighting Microsoft tooth and nail to stop them from taking over the Internet. Nowadays I' work on debugging software that only works on Linux. So no, I've never been Microsoft's shill or anyone else's. But people running up-to-date OSes is in everyone's interests.
Oh, and I also mentioned in the post that you'd be better be using a fully up-to-date OS and browser.
Original poster here.
My post says "Except Microsoft's", right in the title. I think that's important. I believe that Microsoft's Defender stuff is probably less bad than the other major players and worth having enabled for average users. Unfortunately that's been left out of the Slashdot summary.
The problem is that it's all additive. You can write simpler code with the new features than the old features, but the old features still exist and are still being used.
Some old uses of volatile should be replaced with atomics. You're right there are still some valid uses of volatile.
The problem is that the set of features offered by C++ is absolutely enormous. Many of them are features you probably shouldn't use (e.g. "volatile", or throws specifications, or wchar_t, or virtual base classes), but are there for legacy reasons. Most projects define a subset and try to stick to it, but the subset varies from project to project so you inevitable have to learn the old crappy stuff.
C++ exhausted its complexity budget long ago and is now deep into deficit spending.
Modern languages give you power without the cruft.
You mean the archetype stuff?
> The validity of the archetype class test is completely dependent on it being an exact match with the concept, which must be verified by careful (manual) inspection.
Sad.
Concepts lets you check that the parameters of a template instantiation satisfy the template's requirements. However, it doesn't let you check that the *definition* of a template is valid whenever the parameters satisfy the template's requirements. So it's really only solving half of the problem.
That is exactly what Firefox does today.
That's how it is in the USA but some other countries are different.
The Vatican having some secrets doesn't negate the fact that every significant doctrine of Catholicism is public knowledge.
Likewise, the inaccessibility of some parts of some synagogues and holy sites doesn't negate the fact that every significant doctrine of Judaism and Islam is public knowledge.
Quite a big difference from Scientology and other cults where a lot of information about what the leaders believe is deliberately held back from potential converts.
is not a legitimate religion, yes.
I think we can at least require that the religion's tenets be sincerely held by members and leaders alike. (In general; if some individuals disbelieve that needn't deligitimize the entire religion.)
This implies that the members and leaders share the same tenets and generally means those tenets are publicly known, not secret.
That Wikipedia article completely contradicts what you said. It says:
> the cumulative products of 100 of these firestorms would unmistakably cool the global climate by approximately 1 ÂC (1.8 ÂF), largely eliminating the magnitude of anthropogenic global warming for two to three years
i.e. the climactic effect "100 bombs" would be no more than a brief reversal of the current warming trend. The much more severe impact you quoted requires a much larger number of bombs, and, as the article goes on to point out, is based on highly questionable assumptions.
Those bases in Russia's neighbours are welcomed by those countries, because they're afraid of Russia invading them again.
To argue that those countries should not be allowed to be part of NATO is to argue that they're not really independent nations at all. That's Putin's argument.
I believe a significant number of server-side components at Google and Facebook, among others, use Java. That probably is significant to your life.
Rust allows programming "closer to the metal" than those languages. For example, Go, Nim, Scala and Haxe all require a garbage collector in practice for significantly complex programs. This makes it difficult (or at least heavyweight) to embed components in those languages into other languages and makes memory usage more difficult to reason about. This makes it easier to use Rust as a drop-in replacement for C or C++.
(Rust has other advantages over each of those other languages too.)
Java is the new COBOL. Given we need a language for that role, I actually think Java's pretty good.
The reality is that programmers make lots of mistakes, no matter how smart they are, how educated they are, or how hard they try.
Another reality is that even if the really brilliant programmers never made mistakes, there aren't enough of them to create all the software that the world needs.
Fortunately, in the 44 years since C was created, we've learned how to design languages that are easier to use and prevent or detect many of the worst kinds of mistakes. Recently we've even learned how to do that without giving up the power C programmers need.
Owning my own car isn't all that convenient. I have to have it serviced. I have to refuel it. It's not always the ideal model for the task at hand. Every so often I have the hellish experience of buying another one. I have to juggle usage with other family members (or spend significantly more money for another vehicle that'll be less used).
Autonomous taxis would be more convenient than taxis driven by real people simply because you could afford to have a lot more of them on the road.
Even in rush hour, it would be common for an autonomous car to complete multiple trips so there's still a significant increase in utilization there. Also, sane road rules would give one-person micro-cars preferential treatment over space-wasting big cars.