These are not new issues, they're fundamental findings from the ancient past. And yet, each generation of programmers somehow manages to lose this knowledge. This ought to be shocking. We specialise in the institutional storage and recall of information and knowledge - so why can't we remember stuff?
This isn't the first time I've heard this kind of sentiment expressed. A while back here on slashdot, I read a conversation a while back that went along the lines of
A: I'm so awesome because I work with vmware. This is going to change everything. It is a paradigm shift in our field. The cloud is the future. B: The 'cloud' is the past. All of this stuff was done decades ago on IBM mainframes.
From my own experience, I was recently reading a book on design patterns
book: Let me introduce you to the decorator pattern. It's time for you to get hip to all the new shit! me: Wait a second. Isn't that the same thing as functional programming? How is that new?
We seem to have a problem with mass amnesia within our discipline that causes us to reinvent the wheel again and again. I wonder if the inclusion of a 'history of computers and programming' class in the standard CS curriculum could do something to prevent this phenomena.
I proposed 2 new names: Phlegethon and Cocytus These would round out the choices to include all 5 rivers of the mythological underworld
However, all of the other planets and moons I can think of are named after beings rather than places (mythological or otherwise). So I cast my vote for Erebus.
Sure, there would be some content without ads, but it'd be limited to corporate-sponsored subconscious marketing endeavors, personal philanthropy, and whatever society can produce in its spare time after paying the bills.
History disagrees with you. The WWW in 1994, prior to serious commercialization, was not full of corporate-sponsored marketing endeavors. Perhaps you could describe the content of the web circa 1994 as 'whatever society can produce in its spare time after paying the bills', but I don't really think that's what you were getting at.
I've never updated the microcode on my hard drives though, so I guess you have a point.
On a side note, there was a hard drive that I lost due to problems with the power-saving routines in the hard drive controller. If I had known in advance the nature of the problem, the ability to reprogram the IO controller would have been nice.
Nobody is saying secure boot is an inherently bad idea that I see.
Secure boot is an inherently bad idea.
It flies in the face of the concept of the machine as a general-purpose reprogrammable computer. General purpose means user control of all software right down to the firmware.
The line that secure boot is intended to protect against bad guys on the internet is a lie. The way to do that is to harden network connectivity & all applications that access the network.
The line that secure boot is there to protect against other attack vectors such as the insertion of a USB drive with a virus or a virus on a DVD is also a lie. Physical access is total access. The way to protect against these attack vectors is to physically secure the machine.
Debian stable (current codename squeeze) might fit the bill for you. I'm using it now.
To be fair, it can be kind of a bitch to set up. You need to do more work to configure proprietary drivers. But once it's up, it's stable as hell. It uses gnome2 by default & since Debian has a long release cycle, it will be around for a while.
So, seven lowercase letters. And this guy thinks it's "not that weak".
First off, you're right, that password could be better. But brute forcing a password (even with access to the hash) is harder than most people on slashdot think (I think).
7 lowercase letters is 26^7 = 8,031,810,176 possible password combinations
A few years back, we wrote a brute force password cracker as an exercise in programming on a cluster. It was nothing fancy - no rainbow tables or anything. Just generate all the passwords, generate all the hashes, compare the hashes and look for a match. We cracked a 5 character password using a 94 character alphabet. That's 94^5 = 7,339,040,224 possible password combinations, so in the same order of difficulty but just a touch easier than the 7 character password.
Brute forcing that 5 character password (again, with access to the hash) took around 11 hours with the parallel program running on 95 cores. Brute forcing that 5 character password with John the Ripper (much more specialized than our program) on a single core machine took 11 days.
So all of this is possible (assuming you have access to the hash), but it is not trivial & it is not the case that a 7 character password affords no protection. [OK, OK, I should also mention that cracking time varies wildly depending upon the hashing algorithm that is employed]
I'm inclined to agree with the editor, that hotmail is just more hackable than gmail. Especially considering the fact that the hotmail account was used as a SSO tool for skydrive, xbox & the metro store, I'm guessing that somewhere along the web of interconnected services there was a weak link in the chain & Microsoft dropped their pants.
I don't know why this is modded funny. How about informative instead? The parent's experiences in lodging bugs in launchpad against Ubuntu pretty much correspond with my own.
I don't want to rag on Ubuntu too much because I think they have done great things hardware auto-detection, proprietary driver install & generally advancing public acceptance of Linux on the desktop.
But the way they handle bugs can use improvement. The standard reply of 'does the problem still reproduce if you try it in version x+1?' is not good enough. Because Ubuntu is aggressive about building new features into new versions there is a ton of code churn. Even if the original problem disappears in version x+1, the code churn practically guarantees that a bunch of new bugs are introduced. It turns into a game of whack-a-mole where the overall quality of the Ubuntu OS tends to maintain a steady state or even decline as new versions are progressively introduced.
Fix your bugs in the version in which they are reported. If you don't like backporting that much code than reduce the scope of what you attempt in each release, reduce the code churn, spend more time testing & reduce the number of bugs that you introduce with each new version.
Every comment I have seen has been on the social aspects of this incident. Let's talk about the software aspect of it
(from TFA) "I used Stellar Phoenix recovery software for the first recovery, which has proven to be unable to recover large files in its entirety. I used PhotoRec for the second recovery, which did the job. PhotoRec has a steeper learning curve than Stellar Phoenix, but it’s free, unlike the former."
Score one for open source software. Better than the proprietary alternative in this case.
I was going to mention Planescape Torment, but he beat me to it.
I do think that Jaffe has a point; a totally linear storyline can be detrimental to a game, as can unskippable cutscenes. But I think Jaffe goes too far & Torment is the perfect counter-argument to his claim. The entire game is driven by plot and storytelling, to such a degree that the storytelling IS the gameplay.
The other games mentioned by the parent provide alternative counter-arguments. Take System Shock 2; it is certainly not the most advanced FPS around, even at the time of its release. You don't play it for the mechanics, you play it for the atmosphere. Few games do such a good job of creeping you out, making chills run down your spine. The graphics, music and sound effects are part of this, of course; but on the whole they contribute about half to the chilling atmosphere of the game. The plot contributes the rest & the graphics and sound couldn't carry the game without it.
A couple of my old favorite games (Elder Scrolls IV: Oblivion & Warhammer 40,000 - Dawn of War: Dark Crusade) were sold without any DRM whatsoever and both were commercially successful. I guess Dark Crusade was more of a niche game, but Oblivion was a big hit, no 2 ways about it.
Interestingly, another sequel to Dark Crusade - Soulstorm was later published; Soulstorm included DRM and sold more poorly than its predecessor. There were other factors in play; personally, I think that Dark Crusade was a more well balanced game. But I do believe that there is not a direct correlation between DRM and increased sales.
Why did this post get modded down? Yes, poster is AC, but it also sounds like poster is possibly from Extremadura and probably from Spain. Local input is informative.
Sounds like it would be useful to store OS & programs for a kiosk based computer. Plenty of space. (presumably) cheaper than a magnetic drive. And (presumably) read-only media could actually be a plus.
Hmm. I had never heard of PUIAS. I had to go look it up. It's not listed in distrowatch (that's weird; the only other distro I know that is not listed there is the Ubuntu Satanic Edition; distrowatch didn't want to list them for fear of pissing off the Christians).
A google search found their webpage pretty quick http://puias.math.ias.edu/ Princeton University Institute for Advanced Study Linux. Custom Red Hat distribution pre-dating CentOS.
The computational repositories look promising. Thanks for mentioning them.
How does this affect open source companies that are based in NZ, but distribute globally?
What if the Mozilla corporation moved its operations to New Zealand? Could it then incorporate the h264 codec into Firefox & release Firefox to whoever wished to use it? Would Mozilla be beyond the reach of MPEG-LA who hold the software patents on h264? Would MPEG-LA be able to sue users of Firefox outside of of NZ (note: I don't think they would do this).
Thanks for the linux bug reference. I noticed a couple of things.
Both the linux kernel null pointer dereference bug & the malformed character escape bug we're discussing today were reported by the same guy: Tavis Ormandy. I think that this refutes the claim that a few people are making that today's incident is just an attempt by google to sabotage microsoft. It seems to me like this guy is disclosing vulnerabilities wherever he finds them and letting the chips fall where they may.
Also, the linux bug is one that can allow local privilege escallation. It's bad & needed to be fixed, but an attacker would have to have access to the system first. The windows bug is one that will allow remote code execution; that's why we have botnets. I'm just sayin'
I'm not conversant with the nuts & bolts of video encoding. Could you illuminate me as to what exactly PSNR is and why it is important?
Re:This bill has nothing to do with health care.
on
Health Care Reform
·
· Score: 1
Or as the old fable goes 'He who tries to please everybody ends up pleasing nobody at all'. This bill is trying to be all things to all people, and in the end, I predict, it will be nothing to no one.
The major problem as I see it is right at the center: insurance. We're using the same system to pay for your house burning down as we are for getting your teeth cleaned. It makes no sense at all.
There is an administrative overhead of $500 per person per year for medical insurance. With some back of the envelope calculations based on the population of the US & the number of uninsured people here, I get $125,000,000,000 per annum as the cost of paying for medicine through an insurance system. 125 billion: now that is a big number. That would be a good place to eliminate inefficiencies and drive down the cost of medicine. But are we doing that?
No, not at all. Essentially, we're taking one of the worst systems anyone has devised, one through which we pay more and get less, and we're doubling down on it. "Insurance didn't work when we had 262 million people in the system. Maybe it will work when we have 307 million in the system instead". No, it won't. It's madness. It makes as much sense as a compulsive gambler getting money from a loan shark to double down on a bad hand of poker.
Slashdot Mirror
These are not new issues, they're fundamental findings from the ancient past. And yet, each generation of programmers somehow manages to lose this knowledge. This ought to be shocking. We specialise in the institutional storage and recall of information and knowledge - so why can't we remember stuff?
This isn't the first time I've heard this kind of sentiment expressed. A while back here on slashdot, I read a conversation a while back that went along the lines of
A: I'm so awesome because I work with vmware. This is going to change everything. It is a paradigm shift in our field. The cloud is the future.
B: The 'cloud' is the past. All of this stuff was done decades ago on IBM mainframes.
From my own experience, I was recently reading a book on design patterns
book: Let me introduce you to the decorator pattern. It's time for you to get hip to all the new shit!
me: Wait a second. Isn't that the same thing as functional programming? How is that new?
We seem to have a problem with mass amnesia within our discipline that causes us to reinvent the wheel again and again. I wonder if the inclusion of a 'history of computers and programming' class in the standard CS curriculum could do something to prevent this phenomena.
Nice summary.
Unfortunately, for the moment it looks like you get the reliability/stability in theory only. From TFA
the OS can run for quite a while before needing any reboots (there are some memory leaks remaining)
I proposed 2 new names: Phlegethon and Cocytus
These would round out the choices to include all 5 rivers of the mythological underworld
However, all of the other planets and moons I can think of are named after beings rather than places (mythological or otherwise).
So I cast my vote for Erebus.
I don't know. I heard some pretty good things about UnRAID & from what I understand it's based on reiserfs
http://en.wikipedia.org/wiki/Non-standard_RAID_levels#UnRAID
I can't say I understand how it works. UnRAID is a product of lime technologies & closed source as far as I can tell. Still sounds interesting though.
Sure, there would be some content without ads, but it'd be limited to corporate-sponsored subconscious marketing endeavors, personal philanthropy, and whatever society can produce in its spare time after paying the bills.
History disagrees with you. The WWW in 1994, prior to serious commercialization, was not full of corporate-sponsored marketing endeavors. Perhaps you could describe the content of the web circa 1994 as 'whatever society can produce in its spare time after paying the bills', but I don't really think that's what you were getting at.
The last time I re-flashed my BIOS.
I've never updated the microcode on my hard drives though, so I guess you have a point.
On a side note, there was a hard drive that I lost due to problems with the power-saving routines in the hard drive controller. If I had known in advance the nature of the problem, the ability to reprogram the IO controller would have been nice.
Somebody mod this up please. This is the first constructive comment I've see on what to do about UEFI secure boot on ARM.
Nobody is saying secure boot is an inherently bad idea that I see.
Secure boot is an inherently bad idea.
It flies in the face of the concept of the machine as a general-purpose reprogrammable computer.
General purpose means user control of all software right down to the firmware.
The line that secure boot is intended to protect against bad guys on the internet is a lie. The way to do that is to harden network connectivity & all applications that access the network.
The line that secure boot is there to protect against other attack vectors such as the insertion of a USB drive with a virus or a virus on a DVD is also a lie. Physical access is total access. The way to protect against these attack vectors is to physically secure the machine.
The intended target of secure boot is the user.
What a coincidence. I was just about to throw on some Finntroll and write some code. Nice to know I'm not the only one.
Debian stable (current codename squeeze) might fit the bill for you. I'm using it now.
To be fair, it can be kind of a bitch to set up. You need to do more work to configure proprietary drivers.
But once it's up, it's stable as hell. It uses gnome2 by default & since Debian has a long release cycle, it will be around for a while.
Hope this helps.
So, seven lowercase letters. And this guy thinks it's "not that weak".
First off, you're right, that password could be better. But brute forcing a password (even with access to the hash) is harder than most people on slashdot think (I think).
7 lowercase letters is
26^7 = 8,031,810,176 possible password combinations
A few years back, we wrote a brute force password cracker as an exercise in programming on a cluster. It was nothing fancy - no rainbow tables or anything. Just generate all the passwords, generate all the hashes, compare the hashes and look for a match.
We cracked a 5 character password using a 94 character alphabet. That's
94^5 = 7,339,040,224 possible password combinations, so in the same order of difficulty but just a touch easier than the 7 character password.
Brute forcing that 5 character password (again, with access to the hash) took around 11 hours with the parallel program running on 95 cores.
Brute forcing that 5 character password with John the Ripper (much more specialized than our program) on a single core machine took 11 days.
So all of this is possible (assuming you have access to the hash), but it is not trivial & it is not the case that a 7 character password affords no protection. [OK, OK, I should also mention that cracking time varies wildly depending upon the hashing algorithm that is employed]
I'm inclined to agree with the editor, that hotmail is just more hackable than gmail. Especially considering the fact that the hotmail account was used as a SSO tool for skydrive, xbox & the metro store, I'm guessing that somewhere along the web of interconnected services there was a weak link in the chain & Microsoft dropped their pants.
I don't know why this is modded funny. How about informative instead? The parent's experiences in lodging bugs in launchpad against Ubuntu pretty much correspond with my own.
I don't want to rag on Ubuntu too much because I think they have done great things hardware auto-detection, proprietary driver install & generally advancing public acceptance of Linux on the desktop.
But the way they handle bugs can use improvement. The standard reply of 'does the problem still reproduce if you try it in version x+1?' is not good enough. Because Ubuntu is aggressive about building new features into new versions there is a ton of code churn. Even if the original problem disappears in version x+1, the code churn practically guarantees that a bunch of new bugs are introduced. It turns into a game of whack-a-mole where the overall quality of the Ubuntu OS tends to maintain a steady state or even decline as new versions are progressively introduced.
Fix your bugs in the version in which they are reported. If you don't like backporting that much code than reduce the scope of what you attempt in each release, reduce the code churn, spend more time testing & reduce the number of bugs that you introduce with each new version.
Just my 2 cents.
Somebody mod parent up please. I'd never seen those graphs before and they're pretty interesting.
Every comment I have seen has been on the social aspects of this incident. Let's talk about the software aspect of it
(from TFA)
"I used Stellar Phoenix recovery software for the first recovery, which has proven to be unable to recover large files in its entirety. I used PhotoRec for the second recovery, which did the job. PhotoRec has a steeper learning curve than Stellar Phoenix, but it’s free, unlike the former."
Score one for open source software. Better than the proprietary alternative in this case.
Someone please mod parent up.
I was going to mention Planescape Torment, but he beat me to it.
I do think that Jaffe has a point; a totally linear storyline can be detrimental to a game, as can unskippable cutscenes. But I think Jaffe goes too far & Torment is the perfect counter-argument to his claim. The entire game is driven by plot and storytelling, to such a degree that the storytelling IS the gameplay.
The other games mentioned by the parent provide alternative counter-arguments. Take System Shock 2; it is certainly not the most advanced FPS around, even at the time of its release. You don't play it for the mechanics, you play it for the atmosphere. Few games do such a good job of creeping you out, making chills run down your spine. The graphics, music and sound effects are part of this, of course; but on the whole they contribute about half to the chilling atmosphere of the game. The plot contributes the rest & the graphics and sound couldn't carry the game without it.
I'm not sure if I agree with you.
A couple of my old favorite games (Elder Scrolls IV: Oblivion & Warhammer 40,000 - Dawn of War: Dark Crusade) were sold without any DRM whatsoever and both were commercially successful. I guess Dark Crusade was more of a niche game, but Oblivion was a big hit, no 2 ways about it.
Interestingly, another sequel to Dark Crusade - Soulstorm was later published; Soulstorm included DRM and sold more poorly than its predecessor. There were other factors in play; personally, I think that Dark Crusade was a more well balanced game. But I do believe that there is not a direct correlation between DRM and increased sales.
Why did this post get modded down? Yes, poster is AC, but it also sounds like poster is possibly from Extremadura and probably from Spain. Local input is informative.
Sounds like it would be useful to store OS & programs for a kiosk based computer. Plenty of space. (presumably) cheaper than a magnetic drive. And (presumably) read-only media could actually be a plus.
2.5) Optional 2 hour wait if Ubuntu decides to fsck all partitions again
I've had good results with XFS for a data partition. No FSCK on boot up. Online defragging. I stuck this in the crontab & it seems to do the trick
1 1 * * 1 root xfs_fsr /dev/sda3
Hmm. I had never heard of PUIAS. I had to go look it up.
It's not listed in distrowatch (that's weird; the only other distro I know that is not listed there is the Ubuntu Satanic Edition; distrowatch didn't want to list them for fear of pissing off the Christians).
A google search found their webpage pretty quick
http://puias.math.ias.edu/
Princeton University Institute for Advanced Study Linux.
Custom Red Hat distribution pre-dating CentOS.
The computational repositories look promising.
Thanks for mentioning them.
This is what I was curious about.
How does this affect open source companies that are based in NZ, but distribute globally?
What if the Mozilla corporation moved its operations to New Zealand? Could it then incorporate the h264 codec into Firefox & release Firefox to whoever wished to use it? Would Mozilla be beyond the reach of MPEG-LA who hold the software patents on h264? Would MPEG-LA be able to sue users of Firefox outside of of NZ (note: I don't think they would do this).
This is some of the most level-headed commentary on this subject so far. Unfortunately, I don't have mod points.
Someone mod up the parent please.
Thanks for the linux bug reference. I noticed a couple of things.
Both the linux kernel null pointer dereference bug & the malformed character escape bug we're discussing today were reported by the same guy: Tavis Ormandy. I think that this refutes the claim that a few people are making that today's incident is just an attempt by google to sabotage microsoft. It seems to me like this guy is disclosing vulnerabilities wherever he finds them and letting the chips fall where they may.
Also, the linux bug is one that can allow local privilege escallation. It's bad & needed to be fixed, but an attacker would have to have access to the system first. The windows bug is one that will allow remote code execution; that's why we have botnets. I'm just sayin'
I'm not conversant with the nuts & bolts of video encoding. Could you illuminate me as to what exactly PSNR is and why it is important?
Or as the old fable goes 'He who tries to please everybody ends up pleasing nobody at all'. This bill is trying to be all things to all people, and in the end, I predict, it will be nothing to no one.
The major problem as I see it is right at the center: insurance. We're using the same system to pay for your house burning down as we are for getting your teeth cleaned. It makes no sense at all.
There is an administrative overhead of $500 per person per year for medical insurance. With some back of the envelope calculations based on the population of the US & the number of uninsured people here, I get $125,000,000,000 per annum as the cost of paying for medicine through an insurance system. 125 billion: now that is a big number. That would be a good place to eliminate inefficiencies and drive down the cost of medicine. But are we doing that?
No, not at all. Essentially, we're taking one of the worst systems anyone has devised, one through which we pay more and get less, and we're doubling down on it. "Insurance didn't work when we had 262 million people in the system. Maybe it will work when we have 307 million in the system instead". No, it won't. It's madness. It makes as much sense as a compulsive gambler getting money from a loan shark to double down on a bad hand of poker.