You've put very little substance into your claim. How is he "bigoted"? It's not like he's always saying "Microsoft rulez, *nix users suck". His experiences at Microsoft undoubtedly taught him a lot, and why shouldn't he leverage that experience?
He writes huge amount of umm... text, about things that either don't matter, or he has very little idea about, what is an example of the same kind of arrogance that his former friends at Microsoft exhibit. His opinions are mostly based on some vague idea of "how things should be done" or on some random interpretation of the decisions, made by Microsoft. He puts no effort into analysis, and doesn't look at anything but Microsoft -- if Joel mentions anyone/anything else, it's only if Microsoft wages some kind of ideological war with it, and only then Joel notices, and writes something about it, entirely from the angle of how does it affect Microsoft. Joel may not always defend Microsoft, but he always speaks from the Microsoftie position, and based on Microsoft ideology.
You seem like a smart person who would otherwise be worth listening to. Why not go inform yourself about Joel before spouting stuff like this? If you're going to oppose his position on various issues, then at least do it intelligently. This may be/. but you don't HAVE to become part of the rabble.
I have "informed myself about Joel" by reading his writings, and all I could find there was tiresome regurgitation of Microsoft ideology. Admitting the fact that Microsoft software design is shitty from Microsoft's own position does not make him smart.
First of all, paper makes an assumption that a vulnerability found by black hats will soon become known to white hats because white hats have "connections" and because of the intrusion analysis. However if "connections" played any significant role in it, white hats would only become aware of the vulnerabilities after a large percentage of black hats will -- at this point the vulnerability exploitation rate (as a percentage of vulnerable targets exploited per time) may be just as bad as if it was disclosed to the general public, however the percentage of potential targets being vulnerable would remain at 100%, so overall exploitation rate of _potential_ targets can be higher than at any time after the disclosure.
I doubt that this is what happens often, or we would have much higher intrusion rate than what is observed, and many detected intrusions would have unexplained cause until the moment of disclosure. What is observed now, overwhelming majority of intrusions are immediately attributed to a known vulnerability.
Another cause mentioned is the intrusion analysis. This kinda makes sense -- an intrusion taking place in a conditions of a monitored system is likely to be discovered and analyzed. The problem is, the information that can be taken from this, may require more effort to analyze than the proactive analysis of the target software itself, and the probability of security researcher being at the right place at right time is low. One exception is worms and viruses -- after the release they quickly multiply, and likely reach all white hats almost at once, giving plenty of information for analysis, and many opportunities for repeated observations. However viruses and worms do not behave in a manner that is described in the article, they often create a huge outbreak that lasts a very short time when most of the damage is made, and the rate of exploitation only declines some time after the disclosure. In some cases, such as the Witty worm, all exploitation lasts a short amount of time because exploitation destroys the targets. Then when the white hat gets enough information to determine the vulnerability being exploited, likely the epidemy is nearing its peak. Another interesting thing about worms is that most of them are made against _disclosed_ and _patched_ vulnerabilities, and they still cause large amounts of damage. If there will be a large number of undisclosed vulnerabilities, it's likely that worms would take even longer time from the moment of release to the patching of the large percentage of the boxes, thus multiplying the amount of damage done over that time.
So even though post-intrusion analysis does give white hats and the vendor the opportunity to release disclosure and fix, relying on this model would give black hats, and especially worms and viruses, huge opportunities to exploit larger numbers of targets.
What usually happens, is a combination of post-intrusion analysis and proactive search for vulnerabilities. If it is known (or rumored) that a particular incident involved some software, but the information for analysis is limited, it may make sense to leave the incident alone, and focus on studying a particular piece of software (or multiple candidates for the exploited piece of software), and look for vulnerabilities there. Of course, the article lists "pieces of software" as giant lumps such as "Red Hat Vx.x" or "NT 4.0" mixed with small things like BIND, completely ignoring the fact that Red Hat consists of hundreds of identifiable pieces, each with separate sets of bugs, their severity, and those pieces are identifiable in the post-intrusion analysis, and BIND is merely a widely used notoriously bug-ridden program.
Abandoning the proactive search for vulnerabilities would also reduce the possibilities of this kind of analysis, both involve the same techniques, and require the same skills.
Second, the paper assumes that the cost of patching is high, and cost of producing patch is ignored. While cost of patching may be high in some configurations an
Sun management had lost any kind of vision or strategy.
For the whole history of Sun its success hinged on three things:
1. Make decent hardware and sell it at realistic price.
2. Write software that works best on your hardware, makes it useful and justifies its use for the customer, however don't try to sell it at the price that will make the whole hardware+software package unaffordable.
3. No matter how shitty the first release of software is, continue the development until it's either the best thing in its class, or clearly a failure.
The exact opposite of those things (except for "make decent hardware") was the strategy of Digital, and we know how they ended up.
Sun makes inconsistent moves -- bought Cobalt, then messed up with its product line at the extent that there was nothing left that they would need Cobalt for in the first place, and dropped products that could be continued with minor improvements. Bought Star Division, and released OpenOffice, yet still continues anti-open source crusade that seems to accomplish nothing but insulting Sun's best customers' engineers. Wrote Java to be portable, yet got into a worthless cross-licensing agreement with Microsoft that can produce nothing but non-portable software. And so on, and on and on, conflicting moves, defeating each other.
Did anyone hire Rick "Companies Assassin" Belluzzo there, by any chance?
You also care that your legal documents are passed without being modified by some assh^H^H^H^H third parties, and that you won't claim something as unreliable as this "confirmation".
Alienware just found out that PCI-Express can be used by gamers, so it is going to carry re-branded PCI-Express boards, and an analog monitor splitter.
If a programmer needs a debugger (as opposed to debugging output) to find his own mistakes while he is writing the code, he practices an unsafe programming technique. Debugger can only show a huge amount of information about what happened in a particular test scenario, so there is no hope that it will cover even a noticeably large percentage of problems, leave alone make sure that program is working as intended, or is robust. Also each and every timing-dependent problem and race condition will be missed or distorted, and the programmer will never be able to see it. Security bugs (that usually depend on the input that can not be thought of by a developer for the test cases) will be all missed. too.
Debugging output allows a programmer to see the program's work dynsmically, cover a huge amount of cases, and allows semi-automated analysis (even if it's just regexp search in vi/emacs), profilers may help with efficiency issues (though not all of them because, again, they rely on a small amount of test cases), however jumping between little boxes with values, or endlessly stepping through the lines and functions at most can produce a program coerced into giving the right answer by applying a completely wrong (and usually dangerous) algorithm.
I agree with this. The problem is (other than somehow forcing this on the rich, who will probably defend overvalued dollar with their lives), US will have to rebuild its industry, so when the dollar is devalued, products will still come from somewhere. What also means that education system should be capable of producing competent engineers and workers, not worthless middle managers, whose only purpose in this society is to inflate the middle class numbers, and provide mouths to feed.
The laws differ between the countries, however being based on the same English common law they aren't likely to contradict each other in the very basic matters (unless the difference is in some bogus law that was bought by someone).
President can't have his "privacy" protected in the matters related to his work, that is not his private matter. His responsibility as a government employee trumps his rights as an individual even in matters that would be private otherwise, but since they affect the rest of the country, they are limited by his responsibilities. For example, business relationships and investments are in this category (and blowjobs are not, if anyone still can't shut up about that).
This applies to people in all kinds of situations -- say, a bus driver has to follow his route and report to the bus company that may keep all kinds of logs, tracking, etc, yet when driving home in his car he can't be forced to follow the same rules.
"So far, no one has broached the bigger implication: Bounce provides conclusive evidence not only of Martian meteorites on Earth, but also of the possibility of cross-seeding."
How is that supposed to be read -- "...provides conclusive evidence... of the possibility of cross-seeding"? How can anything provide a conclusive evidence of a possibility of such a thing? It demonstrates one of _prerequisites_ for cross-seeding, but the _possibility_ of cross-seeding does not depend only on the fact that the matter of Martian origin could reach Earth.
This is not the same as making the hypothesis of cross-seeding more plausible (or "possible" as in "possible to consider") -- ceratinly the discovery of matching materials on two planets does that, but "conclusive evidence" of the possibility of cross-seeding will only appear when organic matter similar to Earth organism will be found on Mars or meteorites -- it's beyond silly to call cross-seeding "possible" if there is nothing to cross-seed with.
In fact, this rock isn't even a proof that the origin of the meteorite is Martian -- it doesn't look like other rocks on Mars, so it may be produced by volcanic activity on Mars, or it may be from somewhere else. If anything, it's a good reason to research the Martian "geology", and maybe check the chemical composition of its moons.
1. The box is bought with a car by a person who owns a car. Was the person given a choice to disable the box, or configure the recording function? If the person did not have a choice, it may amount to being forced to testify against himself by keeping records in a box available to the law enforcement and judges (remember, the box is his property, and the record produced by it is also his, even though it becomes available when the car is examined as evidence). A person may choose to not keep records that may incriminate him later, so taking away this choice amounts to forcing him to incriminating himself.
2. Was the existence and purpose of the box even announced to the buyer when the car was sold? If the box was recording the speed secretly, it may amount to an unauthorized search -- same as if, say, a phone was tapped, or a sound/video recorder was installed in someone's car without a warrant. If police demanded that car dealers sell cars with built in sound tape recorders, constantly on and recording loops, and then used those tapes to convict criminals that were talking in those cars, police would never need a warrant for installing such a device, so that would be illegal under any sane (or moderately insane) legal system. The data recorder isn't that much different, it performs the same function, and serves no other purpose but provide information that is likely to be used against the car's (and in this case, a device itself) owner.
You know how windows has done the above? Not because it considered the operating system as 'a controller of input and output of the computer and basic services to programs'. It split its kernel design into two parts, ther kernel as above, and the Windows executive that handles all the optimization hacks. And guess what, it works. And its even stable after 10 years.
Windows has the whole religion of "how the stuff has to be done". Too bad, it is incorrect, and they have to compensate its inadequacy with various "make-the-test-case-run-faster" hacks. No effort was applied to actually fix the source of the problem, it's better to just repeat old tired dogmas that no one but Windows-oriented developers believe in.
Your OS design school is based (like most academics) on the 1960s operating systems. Not every operating system has to be implemented in a strict monolithic kernel, or a strict microkernel method to be called an operating system.
Monolithic vs. microkernel vs. everything else argument seems to be older than the operating systems themselves, however currently it's firmly in the realm of purely academic discussions. Windows adds nothing new to it, unless you count "it's common that developers start with microkernel, and over the time shift toward using the system as if it was monolithic because they forgot why did they start with microkernel in the first place" as new.
The operating system should make it easy for an application programmer (not a system programmer) to make an effective program. This includes all the hacks such as integrating the messaging system and video subsystems. An application programmer will thank you for it (and a system programmer will curse you for it, but thats the way it has to be).
This is false. Application programmer doesn't give a shit about a hack designed to speed up a particular kind of application or design as long as it doesn't happen a kind of application, or design philosophy that he is working on at the moment. Developers want a system that behaves predictably, consistently and provides an environment that is friendly to whatever they are working on. Messing up the system with application-dependent hacks and stuffing it with every idiosyncrasy that happened to be present in the 65537th attempt to marry descendants of DDE and OLE is not a way to provide any of the above.
The code exploiters use the same tactics against the software vendors that the software vendors and antivirus companies use on them. They wait until the patch for the vulnerability is released, then they reverse-engineer the patch. This is orders of magnitude easier than finding the vulnerability directly.
This is wrong, and therefore the whole article based on this premise is nonsense.
Most of the security flaws are found ransomly or through testing and observation of running software, by various people outside the companies that produce the patches. So the possibilities are:
A black hat hacker/cracker found the vulnerability. Then the exploit is soon to follow, and only after the exploit is found, the fix can be issued. Without any doubt, this has to happen as soon as possible because it will reduce the harm caused by exploit.
A security researcher or regular user found a vulnerability. Then he will follow an established procedure of notifying the vendor and waiting for some reasonable time for the fix to be issued, and after that he may publish a detailed explanation of the nature of vulnerability. This is by far the most common kind of situation -- just look at Bugtraq. Then unless the vulnerability is discovered independently, black hats won't start the work on exploits until at least the patch is ready (and then they will just have to look at what is patched -- no real need for any complex reverse-engineering), but most likely until the explanation of the vulnerability is published (and then only very lazy users are supposed to keep running the unpatched versions). The timing of the patch release is absolutely irrelevant for this case, the clock starts ticking at the moment when the evidence of vulnerability reached black hats, and stops when all the users get the patch. Will it happen sooner or later is irrelevant, but delaying the patch increases the probability of independent discovery, and then back to the case 1, so the sooner is the patch released, the safer the users are.
Same as above but the company managed to delay the release of the patch beyond any reasonable time. Then the person who discovered it may publish the vulnerability description, in hope that then it will be fixed. Will it be out of concern for the users (why are likely to be hit by an exploit if this vulnerability is found independently), or for himself (a user may rely on the software, and afraid that he will be attacked in case of independent discovery by black hats), or as an attempt to shame the company into fixing things faster in the future, or out of plain frustration of dealing with uncoperative vendor, it does not really matter -- vendor should react as soon as possible in either case.
Same as above but the description is published immediately by an uncooperative user/researcher. Needless to say, delays are even more dangerous then.
So the conclusion is: there is no possible scenario that justifies the delays of the patches release. Only a lazy software vendor may think of such a lame excuse for delays.
You are a moron. Or at least an extremely ignorant and opinionated person.
To explain why you are wrong I would have to assume that your knowledge of the OS design is so miniscule, I would have to teach you a course on it, from the introduction and to the level where it becomes practical, and I am certainly not going to do that on Slashdot.
You can do whatever you want with credit card numbers that you know. As long as you don't use it for fraud, or for assisting others' fraud -- that would be a crime, regardless of the details such as if you use a credit card number or not.
On the other hand, listening to music and moving it around between devices is not a crime.
For one thing, it would seem we ignorant Americans don't wire everything in our houses in one friggin series circuit. It would seem standards vary place to place.
Whoever uses 110-120V, has to deal with twice the total current of one who uses 220-240V, and has to bring two phases instead of one (not that it helps much).
WTF is "one frigging series circuit", I don't know, no one ever connected differnt kinds load in series with each other, and this kind of wiring never was used in buildings for a pretty obvious reason.
Lexmark x85 is a combo device, and a quick glance at linuzprinting.org shows that it is not supported, and all Lexmark combos are poorly supported because of Lexmark's own refusal to open its protocols.
If you put any thought into choosing a printer, you would see that equally cheap (but superior in quality) Epson printers and scanners are well supported. However if you wanted to say "I am a loyal Windows user, I have bought all hardware to run Windows, chosing the cheapest models possible, and now I just wanted to have a subject to bitch about, so I have taken a Knoppix CD, booted it and discovered that my printer happened to be a piece of shit with no Linux driver, so I want to let everyone know how my attempt to save few bucks and two square feet on my desk left me without a printer usable on Linux" just say so. If you ever INTENDED to run Linux, sure as hell you would check, which printers are supported, and bought another model.
The problem is, just like Windows is technically inferior to pretty much every other modern OS, modern "conservative" politicians are intellectually and ethically inferior to pretty much all other sane people.
It's not that someone conspires against those people and their ideas, it's just that no sane and honest person can bring himself to teaching that Microsoft invented computer, and that feeding taxes collected from poor to the rich is a sacred ritual that must be followed for society to survive. Of course, it's always possible to have schools with insane or dishonest teachers, but I don't think, the quality of education will be acceptable.
What reminds me how the immortal words of Ruri are appropriate to be applied to that "discussion" when the people talk about things they know nothing about, and are trying to make a decision if they are going to do something that is far beyond the capabilities of available technology.
You've put very little substance into your claim. How is he "bigoted"? It's not like he's always saying "Microsoft rulez, *nix users suck". His experiences at Microsoft undoubtedly taught him a lot, and why shouldn't he leverage that experience?
He writes huge amount of umm... text, about things that either don't matter, or he has very little idea about, what is an example of the same kind of arrogance that his former friends at Microsoft exhibit. His opinions are mostly based on some vague idea of "how things should be done" or on some random interpretation of the decisions, made by Microsoft. He puts no effort into analysis, and doesn't look at anything but Microsoft -- if Joel mentions anyone/anything else, it's only if Microsoft wages some kind of ideological war with it, and only then Joel notices, and writes something about it, entirely from the angle of how does it affect Microsoft. Joel may not always defend Microsoft, but he always speaks from the Microsoftie position, and based on Microsoft ideology.
You seem like a smart person who would otherwise be worth listening to. Why not go inform yourself about Joel before spouting stuff like this? If you're going to oppose his position on various issues, then at least do it intelligently. This may be /. but you don't HAVE to become part of the rabble.
I have "informed myself about Joel" by reading his writings, and all I could find there was tiresome regurgitation of Microsoft ideology. Admitting the fact that Microsoft software design is shitty from Microsoft's own position does not make him smart.
Joel Spolsky is a bigoted windbag.
Smoking. It's not what they were thinking, it's what they were smoking there.
First of all, paper makes an assumption that a vulnerability found by black hats will soon become known to white hats because white hats have "connections" and because of the intrusion analysis. However if "connections" played any significant role in it, white hats would only become aware of the vulnerabilities after a large percentage of black hats will -- at this point the vulnerability exploitation rate (as a percentage of vulnerable targets exploited per time) may be just as bad as if it was disclosed to the general public, however the percentage of potential targets being vulnerable would remain at 100%, so overall exploitation rate of _potential_ targets can be higher than at any time after the disclosure.
I doubt that this is what happens often, or we would have much higher intrusion rate than what is observed, and many detected intrusions would have unexplained cause until the moment of disclosure. What is observed now, overwhelming majority of intrusions are immediately attributed to a known vulnerability.
Another cause mentioned is the intrusion analysis. This kinda makes sense -- an intrusion taking place in a conditions of a monitored system is likely to be discovered and analyzed. The problem is, the information that can be taken from this, may require more effort to analyze than the proactive analysis of the target software itself, and the probability of security researcher being at the right place at right time is low. One exception is worms and viruses -- after the release they quickly multiply, and likely reach all white hats almost at once, giving plenty of information for analysis, and many opportunities for repeated observations. However viruses and worms do not behave in a manner that is described in the article, they often create a huge outbreak that lasts a very short time when most of the damage is made, and the rate of exploitation only declines some time after the disclosure. In some cases, such as the Witty worm, all exploitation lasts a short amount of time because exploitation destroys the targets. Then when the white hat gets enough information to determine the vulnerability being exploited, likely the epidemy is nearing its peak. Another interesting thing about worms is that most of them are made against _disclosed_ and _patched_ vulnerabilities, and they still cause large amounts of damage. If there will be a large number of undisclosed vulnerabilities, it's likely that worms would take even longer time from the moment of release to the patching of the large percentage of the boxes, thus multiplying the amount of damage done over that time.
So even though post-intrusion analysis does give white hats and the vendor the opportunity to release disclosure and fix, relying on this model would give black hats, and especially worms and viruses, huge opportunities to exploit larger numbers of targets.
What usually happens, is a combination of post-intrusion analysis and proactive search for vulnerabilities. If it is known (or rumored) that a particular incident involved some software, but the information for analysis is limited, it may make sense to leave the incident alone, and focus on studying a particular piece of software (or multiple candidates for the exploited piece of software), and look for vulnerabilities there. Of course, the article lists "pieces of software" as giant lumps such as "Red Hat Vx.x" or "NT 4.0" mixed with small things like BIND, completely ignoring the fact that Red Hat consists of hundreds of identifiable pieces, each with separate sets of bugs, their severity, and those pieces are identifiable in the post-intrusion analysis, and BIND is merely a widely used notoriously bug-ridden program.
Abandoning the proactive search for vulnerabilities would also reduce the possibilities of this kind of analysis, both involve the same techniques, and require the same skills.
Second, the paper assumes that the cost of patching is high, and cost of producing patch is ignored. While cost of patching may be high in some configurations an
Wireless technology uses capacitors, the modern descendants of the device known as a Leiden jar, invented two and a half centuries ago.
Sun management had lost any kind of vision or strategy.
For the whole history of Sun its success hinged on three things:
1. Make decent hardware and sell it at realistic price.
2. Write software that works best on your hardware, makes it useful and justifies its use for the customer, however don't try to sell it at the price that will make the whole hardware+software package unaffordable.
3. No matter how shitty the first release of software is, continue the development until it's either the best thing in its class, or clearly a failure.
The exact opposite of those things (except for "make decent hardware") was the strategy of Digital, and we know how they ended up.
Sun makes inconsistent moves -- bought Cobalt, then messed up with its product line at the extent that there was nothing left that they would need Cobalt for in the first place, and dropped products that could be continued with minor improvements. Bought Star Division, and released OpenOffice, yet still continues anti-open source crusade that seems to accomplish nothing but insulting Sun's best customers' engineers. Wrote Java to be portable, yet got into a worthless cross-licensing agreement with Microsoft that can produce nothing but non-portable software. And so on, and on and on, conflicting moves, defeating each other.
Did anyone hire Rick "Companies Assassin" Belluzzo there, by any chance?
You also care that your legal documents are passed without being modified by some assh^H^H^H^H third parties, and that you won't claim something as unreliable as this "confirmation".
Alienware just found out that PCI-Express can be used by gamers, so it is going to carry re-branded PCI-Express boards, and an analog monitor splitter.
A dog.
Debuggers should be used for three purposes:
1. Reverse engineering.
2. Crash analysis.
3. Teaching aid.
If a programmer needs a debugger (as opposed to debugging output) to find his own mistakes while he is writing the code, he practices an unsafe programming technique. Debugger can only show a huge amount of information about what happened in a particular test scenario, so there is no hope that it will cover even a noticeably large percentage of problems, leave alone make sure that program is working as intended, or is robust. Also each and every timing-dependent problem and race condition will be missed or distorted, and the programmer will never be able to see it. Security bugs (that usually depend on the input that can not be thought of by a developer for the test cases) will be all missed. too.
Debugging output allows a programmer to see the program's work dynsmically, cover a huge amount of cases, and allows semi-automated analysis (even if it's just regexp search in vi/emacs), profilers may help with efficiency issues (though not all of them because, again, they rely on a small amount of test cases), however jumping between little boxes with values, or endlessly stepping through the lines and functions at most can produce a program coerced into giving the right answer by applying a completely wrong (and usually dangerous) algorithm.
If so, why not just say it, and have a valid point clearly stated?
Foggy language and foggy thinking are like chicken and egg -- it doesn't matter which one was first, but certainly one comes from the other.
I agree with this. The problem is (other than somehow forcing this on the rich, who will probably defend overvalued dollar with their lives), US will have to rebuild its industry, so when the dollar is devalued, products will still come from somewhere. What also means that education system should be capable of producing competent engineers and workers, not worthless middle managers, whose only purpose in this society is to inflate the middle class numbers, and provide mouths to feed.
The laws differ between the countries, however being based on the same English common law they aren't likely to contradict each other in the very basic matters (unless the difference is in some bogus law that was bought by someone).
President can't have his "privacy" protected in the matters related to his work, that is not his private matter. His responsibility as a government employee trumps his rights as an individual even in matters that would be private otherwise, but since they affect the rest of the country, they are limited by his responsibilities. For example, business relationships and investments are in this category (and blowjobs are not, if anyone still can't shut up about that).
This applies to people in all kinds of situations -- say, a bus driver has to follow his route and report to the bus company that may keep all kinds of logs, tracking, etc, yet when driving home in his car he can't be forced to follow the same rules.
"So far, no one has broached the bigger implication: Bounce provides conclusive evidence not only of Martian meteorites on Earth, but also of the possibility of cross-seeding."
How is that supposed to be read -- "...provides conclusive evidence ... of the possibility of cross-seeding"? How can anything provide a conclusive evidence of a possibility of such a thing? It demonstrates one of _prerequisites_ for cross-seeding, but the _possibility_ of cross-seeding does not depend only on the fact that the matter of Martian origin could reach Earth.
This is not the same as making the hypothesis of cross-seeding more plausible (or "possible" as in "possible to consider") -- ceratinly the discovery of matching materials on two planets does that, but "conclusive evidence" of the possibility of cross-seeding will only appear when organic matter similar to Earth organism will be found on Mars or meteorites -- it's beyond silly to call cross-seeding "possible" if there is nothing to cross-seed with.
In fact, this rock isn't even a proof that the origin of the meteorite is Martian -- it doesn't look like other rocks on Mars, so it may be produced by volcanic activity on Mars, or it may be from somewhere else. If anything, it's a good reason to research the Martian "geology", and maybe check the chemical composition of its moons.
1. The box is bought with a car by a person who owns a car. Was the person given a choice to disable the box, or configure the recording function? If the person did not have a choice, it may amount to being forced to testify against himself by keeping records in a box available to the law enforcement and judges (remember, the box is his property, and the record produced by it is also his, even though it becomes available when the car is examined as evidence). A person may choose to not keep records that may incriminate him later, so taking away this choice amounts to forcing him to incriminating himself.
2. Was the existence and purpose of the box even announced to the buyer when the car was sold? If the box was recording the speed secretly, it may amount to an unauthorized search -- same as if, say, a phone was tapped, or a sound/video recorder was installed in someone's car without a warrant. If police demanded that car dealers sell cars with built in sound tape recorders, constantly on and recording loops, and then used those tapes to convict criminals that were talking in those cars, police would never need a warrant for installing such a device, so that would be illegal under any sane (or moderately insane) legal system. The data recorder isn't that much different, it performs the same function, and serves no other purpose but provide information that is likely to be used against the car's (and in this case, a device itself) owner.
You know how windows has done the above? Not because it considered the operating system as 'a controller of input and output of the computer and basic services to programs'. It split its kernel design into two parts, ther kernel as above, and the Windows executive that handles all the optimization hacks. And guess what, it works. And its even stable after 10 years.
Windows has the whole religion of "how the stuff has to be done". Too bad, it is incorrect, and they have to compensate its inadequacy with various "make-the-test-case-run-faster" hacks. No effort was applied to actually fix the source of the problem, it's better to just repeat old tired dogmas that no one but Windows-oriented developers believe in.
Your OS design school is based (like most academics) on the 1960s operating systems. Not every operating system has to be implemented in a strict monolithic kernel, or a strict microkernel method to be called an operating system.
Monolithic vs. microkernel vs. everything else argument seems to be older than the operating systems themselves, however currently it's firmly in the realm of purely academic discussions. Windows adds nothing new to it, unless you count "it's common that developers start with microkernel, and over the time shift toward using the system as if it was monolithic because they forgot why did they start with microkernel in the first place" as new.
The operating system should make it easy for an application programmer (not a system programmer) to make an effective program. This includes all the hacks such as integrating the messaging system and video subsystems. An application programmer will thank you for it (and a system programmer will curse you for it, but thats the way it has to be).
This is false. Application programmer doesn't give a shit about a hack designed to speed up a particular kind of application or design as long as it doesn't happen a kind of application, or design philosophy that he is working on at the moment. Developers want a system that behaves predictably, consistently and provides an environment that is friendly to whatever they are working on. Messing up the system with application-dependent hacks and stuffing it with every idiosyncrasy that happened to be present in the 65537th attempt to marry descendants of DDE and OLE is not a way to provide any of the above.
The code exploiters use the same tactics against the software vendors that the software vendors and antivirus companies use on them. They wait until the patch for the vulnerability is released, then they reverse-engineer the patch. This is orders of magnitude easier than finding the vulnerability directly.
This is wrong, and therefore the whole article based on this premise is nonsense.
Most of the security flaws are found ransomly or through testing and observation of running software, by various people outside the companies that produce the patches. So the possibilities are:
So the conclusion is: there is no possible scenario that justifies the delays of the patches release. Only a lazy software vendor may think of such a lame excuse for delays.
You are a moron. Or at least an extremely ignorant and opinionated person.
To explain why you are wrong I would have to assume that your knowledge of the OS design is so miniscule, I would have to teach you a course on it, from the introduction and to the level where it becomes practical, and I am certainly not going to do that on Slashdot.
You can do whatever you want with credit card numbers that you know. As long as you don't use it for fraud, or for assisting others' fraud -- that would be a crime, regardless of the details such as if you use a credit card number or not.
On the other hand, listening to music and moving it around between devices is not a crime.
Bosses that buy printers _that_ cheap for their work, don't remain being bosses for long enough to matter.
For one thing, it would seem we ignorant Americans don't wire everything in our houses in one friggin series circuit. It would seem standards vary place to place.
Whoever uses 110-120V, has to deal with twice the total current of one who uses 220-240V, and has to bring two phases instead of one (not that it helps much).
WTF is "one frigging series circuit", I don't know, no one ever connected differnt kinds load in series with each other, and this kind of wiring never was used in buildings for a pretty obvious reason.
Lexmark x85 is a combo device, and a quick glance at linuzprinting.org shows that it is not supported, and all Lexmark combos are poorly supported because of Lexmark's own refusal to open its protocols.
If you put any thought into choosing a printer, you would see that equally cheap (but superior in quality) Epson printers and scanners are well supported. However if you wanted to say "I am a loyal Windows user, I have bought all hardware to run Windows, chosing the cheapest models possible, and now I just wanted to have a subject to bitch about, so I have taken a Knoppix CD, booted it and discovered that my printer happened to be a piece of shit with no Linux driver, so I want to let everyone know how my attempt to save few bucks and two square feet on my desk left me without a printer usable on Linux" just say so. If you ever INTENDED to run Linux, sure as hell you would check, which printers are supported, and bought another model.
The problem is, just like Windows is technically inferior to pretty much every other modern OS, modern "conservative" politicians are intellectually and ethically inferior to pretty much all other sane people.
It's not that someone conspires against those people and their ideas, it's just that no sane and honest person can bring himself to teaching that Microsoft invented computer, and that feeding taxes collected from poor to the rich is a sacred ritual that must be followed for society to survive. Of course, it's always possible to have schools with insane or dishonest teachers, but I don't think, the quality of education will be acceptable.
It's all nice, and said with passion, but what a political rant of some ignorant American has to do with American power grid quality?
What reminds me how the immortal words of Ruri are appropriate to be applied to that "discussion" when the people talk about things they know nothing about, and are trying to make a decision if they are going to do something that is far beyond the capabilities of available technology.