There should be no analogies, as comparing software to the real world means you're profoundly ignorant to begin with.
Software is real. It's part of the world. Same as the internet - it isn't a "cyberspace", it's people sitting at keyboards, and servers in real places, with actual cables between. And laws apply to those people, servers, cables, and software. And analogies apply equally well and equally badly between software and the rest of the world as they do between other parts of the rest of the world. Some analogies are useful, some less so. Just because it's "software" doesn't make it, and the processes that produce it, magically immune to logical, ethical, and legal analysis.
I was probably over-optimistic when I said "finding bugs like this is easy to automate". What this would probably need is runtime access checking turned on, and a test case that has mismatched lengths. The latter would require the tester to implement what I call C4 tests, or "comprehensive corner case coverage".
Not true. Writing code is very hard to automate. Finding bugs like this is easy to automate. In fact, the OpenSSL team specifically turned off all the memory overrun checks on all platforms, because some platforms have performance problems with them. So, the automated checks should have spotted this problem (at run time, rather than compile time, but there are other tools for that), but they were turned off.
I watched that Penn and Teller piece with the glass wall, and although it's entertaining, it's statistically misleading, which is unforgiveable in that context.
They knocked over a single pin and said that that was representative of any potential link with autism. They then went on to throw balls to represent all the different diseases that vaccines protect against. But the "cost" of all vaccines was only counted once. The "benefit" of vaccine protection was counted dozens of times.
The implication is that that one pin being knocked over is the only thing that can happen for all of the vaccines against the diseases that they mentioned. Maybe that is statistically representative, I'd like to know. I am pro-vaccine, but I'm also pro-telling-it-straight, which they did not.
If taking faith out of the equation, namely the belief that "all deaths are bad", the picture becomes less clear.
Is culling of the herd necessarily a bad thing for humanity in the long perspective?
Faith is not necessary in order to hold all human life to be precious. As an agnositc-almost-atheist (in that you cannot prove a negative) I am actually rather offended at the suggestion.
If some software that is released has problems, people should point it out. If a development process is flawed, people should point it out. If you work in open source software, specifically in security software, you should be prepared for people to criticize both your code and your development and testing safeguards. Maybe billrp could do better. Maybe (unlikely) I could do better. Maybe a hundred people on Slashdot could do better. But do we really want a hundred different open source SSL implementations all written by unknown people? That would not help the situation at all. Maybe all we need is one competing implementation by a different team with different methods, and maybe enough people saying "OpenSSL is not up to the job" might just inspire someone to build that team.
Free and open criticism is vital in security software. Nobody should ever be told to shut up about this kind of thing.
If you never agreed to that license, you're violating their copyright.
You're only violating their copyright if you distribute it. If I legally acquire a copy of a piece of software, I can use it without agreeing to any other stipulations. Depending on jurisdiction, of course, different legal systems may rule in different ways on that point. And I'm not sure what the jurisdiction that this guy lives in has said about it.
The GPL has a specific clause pointing this out, and it's there because the authors of the GPL believe that they have no authority to prevent you from using their software. I agree with them. It always amuses me when GPL'd software contains a clickthrough insisting that you press an "Agree" button, when the licence specifically says that no such agreement is necessary.
Closed source applications that access web services have to ship with a key as well. The only difference is how easy it is to access the key. It's the same issue as DVD players. Eventually someone cracked a key, because the DVD player has to be able to read the key.
My mum watches a lot of real crime documentary programmes, and there was one where the detective (Joe Kenda), on seeing that the obvious culprit had killed himself, said "Well, good for you. You just saved the taxpayer a lot of money." I agree with him. I'm not in favour of capital punishment, but if someone who has committed a heinous crime wants to end their own life, that's fine by me.
"Moa had evolved itself into a corner and was going to go extinct anyway" wow, that a pretty ignorant statement.
I said, there was a credible theory that said that. Turns out it was probably wrong. However, it happens all the time. Pretty much every species that has ever gone extinct has done so because it couldn't adapt to changing circumstances. Some new predator arrives that you can't defend against, some big prey you rely on is out-competed by something that you can't hunt, some volcano goes off and kills off the vegetation that you eat. The longer your lifespan, and the more specialised you are in what you do, the more likely it is that you will go extinct. Evolution is blind and occasionally goes down dead ends. Why is it ignorant to say that? I'm not an evolutionary biologist, but I have a broad scientific education. I may be wrong on a few details but I'm pretty sure that the basic gist is valid.
Really a new study? The Thousands of Moa bones removed from Maori middens wasn't a clue?
RTFA. There was a credible theory that the Moa had evolved itself into a corner and was going to go extinct anyway. There's a similar theory about the giraffe now. If someone ate all the giraffes, people would say that it was that that killed them off, and in a literal fashion they'd be right, but the giraffe isn't going to last long anyway even without human assistance. It's way too specialised. For one thing, if anything threatens the acacia tree population, like a virus or a change in climate, they're screwed. And that's not the only problem they have. People say "oh, nature is balanced, humans are out of balance". Nature is not balanced. It gets messed up all on its own all the time. It's just that we mostly see the stuff that has survived, that currently is in a state of balance, and we assume that nature is this magical cohesive force that stays in tune with itself. Nonsense. We are part of nature, and we're just one example of how nature sometimes gets out of balance and creates a big mess for itself.
It wouldn't matter. A strike the size required to take out the US would doom human kind anyway. It would be more than enough to trigger a nuclear winter. When are talking thousands of warheads, a one or a two at the front if that number really won't make the end result all that different.
There's no way that Russia would pre-emptively enough warheads to destroy the planet for human habitation. They aren't just going to commit suicide like that. So the only realistic scenario to consider is if they send enough to knock the stuffing out of the US, enough that if the US retaliated in kind then that would tip the scales over to making the earth unfit for human habitation. THEN the question is: do you take the hit and allow human life continue in some form, or do you retaliate and end the game of life for all humanity for ever?
You genuinely think that guaranteeing the destruction of all sentient life on earth is what you would want in those circumstances? That a Russian nuclear strike on the US is so horrific that you would destroy the rest of the planet in retaliation?
What is needed is a president who gives the impression that retaliation would be inevitable, whilst not actually retailiating if it did happen, because retaliation would be worse than not retaliating in practice. That may be a reasonable objection to Obama - he has the appearance of weakness. A reluctance to sterilize the planet is not weakness.
Who says that humans have any more entitlement to live on this planet than bacteria? And at the end bacteria will win out, and is that a better outcome from our own perspectives? Why should we root for bacteria than for ourselves? You think that evolution will give humans a better chance, I think you don't what you are talking about, evolution could as well lead to our extermination and let jellyfish populate most of the planet. Maybe even ground crawling jellyfish, and from my perspective I prefer to be here rather than having some jellyfish supersede myself.
Evolution is more likely to beat us if we stop ourselves from evolving. Unless we wipe out all other life and prevent anything else from evolving to supplant us, of course. We've already made a start on that actually.
Slashdot Mirror
And what about the 4%? Is that an acceptable attrition rate?
If you don't have the ability to read, don't ask people to stop writing.
There should be no analogies, as comparing software to the real world means you're profoundly ignorant to begin with.
Software is real. It's part of the world. Same as the internet - it isn't a "cyberspace", it's people sitting at keyboards, and servers in real places, with actual cables between. And laws apply to those people, servers, cables, and software. And analogies apply equally well and equally badly between software and the rest of the world as they do between other parts of the rest of the world. Some analogies are useful, some less so. Just because it's "software" doesn't make it, and the processes that produce it, magically immune to logical, ethical, and legal analysis.
The torrent is the movie. It's just heavily compressed, using a compression algorithm that involves a look-up to a different location.
I love listening to the "whoosh" sound that accompanies each and every reply to this. Priceless!
I was probably over-optimistic when I said "finding bugs like this is easy to automate". What this would probably need is runtime access checking turned on, and a test case that has mismatched lengths. The latter would require the tester to implement what I call C4 tests, or "comprehensive corner case coverage".
Not true. Writing code is very hard to automate. Finding bugs like this is easy to automate. In fact, the OpenSSL team specifically turned off all the memory overrun checks on all platforms, because some platforms have performance problems with them. So, the automated checks should have spotted this problem (at run time, rather than compile time, but there are other tools for that), but they were turned off.
And, do it with your real login.
Priceless.
I watched that Penn and Teller piece with the glass wall, and although it's entertaining, it's statistically misleading, which is unforgiveable in that context.
They knocked over a single pin and said that that was representative of any potential link with autism. They then went on to throw balls to represent all the different diseases that vaccines protect against. But the "cost" of all vaccines was only counted once. The "benefit" of vaccine protection was counted dozens of times.
The implication is that that one pin being knocked over is the only thing that can happen for all of the vaccines against the diseases that they mentioned. Maybe that is statistically representative, I'd like to know. I am pro-vaccine, but I'm also pro-telling-it-straight, which they did not.
If taking faith out of the equation, namely the belief that "all deaths are bad", the picture becomes less clear.
Is culling of the herd necessarily a bad thing for humanity in the long perspective?
Faith is not necessary in order to hold all human life to be precious. As an agnositc-almost-atheist (in that you cannot prove a negative) I am actually rather offended at the suggestion.
Be as disgusted as you like, but it won't change.
That's what the Romans believed.
If some software that is released has problems, people should point it out. If a development process is flawed, people should point it out. If you work in open source software, specifically in security software, you should be prepared for people to criticize both your code and your development and testing safeguards. Maybe billrp could do better. Maybe (unlikely) I could do better. Maybe a hundred people on Slashdot could do better. But do we really want a hundred different open source SSL implementations all written by unknown people? That would not help the situation at all. Maybe all we need is one competing implementation by a different team with different methods, and maybe enough people saying "OpenSSL is not up to the job" might just inspire someone to build that team.
Free and open criticism is vital in security software. Nobody should ever be told to shut up about this kind of thing.
https://www.openssl.org/source...
If you never agreed to that license, you're violating their copyright.
You're only violating their copyright if you distribute it. If I legally acquire a copy of a piece of software, I can use it without agreeing to any other stipulations. Depending on jurisdiction, of course, different legal systems may rule in different ways on that point. And I'm not sure what the jurisdiction that this guy lives in has said about it.
The GPL has a specific clause pointing this out, and it's there because the authors of the GPL believe that they have no authority to prevent you from using their software. I agree with them. It always amuses me when GPL'd software contains a clickthrough insisting that you press an "Agree" button, when the licence specifically says that no such agreement is necessary.
Bennett-bashing seems to be popular round here, but I usually find his articles to be interesting. This one is excellent.
Are you implying that a 23% boost in CPU speed is irrelevant?
Minecraft runs pretty well.
Closed source applications that access web services have to ship with a key as well. The only difference is how easy it is to access the key. It's the same issue as DVD players. Eventually someone cracked a key, because the DVD player has to be able to read the key.
I could see that Crusade was going to suck right from the start. It had a Technomage in it.
My mum watches a lot of real crime documentary programmes, and there was one where the detective (Joe Kenda), on seeing that the obvious culprit had killed himself, said "Well, good for you. You just saved the taxpayer a lot of money." I agree with him. I'm not in favour of capital punishment, but if someone who has committed a heinous crime wants to end their own life, that's fine by me.
"Moa had evolved itself into a corner and was going to go extinct anyway"
wow, that a pretty ignorant statement.
I said, there was a credible theory that said that. Turns out it was probably wrong. However, it happens all the time. Pretty much every species that has ever gone extinct has done so because it couldn't adapt to changing circumstances. Some new predator arrives that you can't defend against, some big prey you rely on is out-competed by something that you can't hunt, some volcano goes off and kills off the vegetation that you eat. The longer your lifespan, and the more specialised you are in what you do, the more likely it is that you will go extinct. Evolution is blind and occasionally goes down dead ends. Why is it ignorant to say that? I'm not an evolutionary biologist, but I have a broad scientific education. I may be wrong on a few details but I'm pretty sure that the basic gist is valid.
Also, learn to grammar proper!
Really a new study? The Thousands of Moa bones removed from Maori middens wasn't a clue?
RTFA. There was a credible theory that the Moa had evolved itself into a corner and was going to go extinct anyway. There's a similar theory about the giraffe now. If someone ate all the giraffes, people would say that it was that that killed them off, and in a literal fashion they'd be right, but the giraffe isn't going to last long anyway even without human assistance. It's way too specialised. For one thing, if anything threatens the acacia tree population, like a virus or a change in climate, they're screwed. And that's not the only problem they have. People say "oh, nature is balanced, humans are out of balance". Nature is not balanced. It gets messed up all on its own all the time. It's just that we mostly see the stuff that has survived, that currently is in a state of balance, and we assume that nature is this magical cohesive force that stays in tune with itself. Nonsense. We are part of nature, and we're just one example of how nature sometimes gets out of balance and creates a big mess for itself.
It wouldn't matter. A strike the size required to take out the US would doom human kind anyway. It would be more than enough to trigger a nuclear winter. When are talking thousands of warheads, a one or a two at the front if that number really won't make the end result all that different.
There's no way that Russia would pre-emptively enough warheads to destroy the planet for human habitation. They aren't just going to commit suicide like that. So the only realistic scenario to consider is if they send enough to knock the stuffing out of the US, enough that if the US retaliated in kind then that would tip the scales over to making the earth unfit for human habitation. THEN the question is: do you take the hit and allow human life continue in some form, or do you retaliate and end the game of life for all humanity for ever?
You genuinely think that guaranteeing the destruction of all sentient life on earth is what you would want in those circumstances? That a Russian nuclear strike on the US is so horrific that you would destroy the rest of the planet in retaliation?
What is needed is a president who gives the impression that retaliation would be inevitable, whilst not actually retailiating if it did happen, because retaliation would be worse than not retaliating in practice. That may be a reasonable objection to Obama - he has the appearance of weakness. A reluctance to sterilize the planet is not weakness.
Killing is wrong; death is a part of life.
That's a huge self-contradiction.
Who says that humans have any more entitlement to live on this planet than bacteria? And at the end bacteria will win out, and is that a better outcome from our own perspectives? Why should we root for bacteria than for ourselves? You think that evolution will give humans a better chance, I think you don't what you are talking about, evolution could as well lead to our extermination and let jellyfish populate most of the planet. Maybe even ground crawling jellyfish, and from my perspective I prefer to be here rather than having some jellyfish supersede myself.
Evolution is more likely to beat us if we stop ourselves from evolving. Unless we wipe out all other life and prevent anything else from evolving to supplant us, of course. We've already made a start on that actually.