Why is security such a complex problem? It seems like as long as one designs everything with the intention of specifically allowing certain activities (as opposed to specifically disallowing certain activities), then the only risks are human (i.e. having a password stolen, and so on).
Is it basically because not enough people design software to be secure? Or because people tend to add new features without considering the security ramifications?
Still, I don't see why being hacked is inevitable; at some point, software can be designed so that circumvention involves breaking underlying assumptions which must be true in order for your system to run at all. i.e. any crack would instantly disable your system, leaving it secure.
As a sysadmin, you can't know every single line of every program that's on your system, but isn't this the point of OpenSource: that some people will be intelligent enough to design secure software, and that others can fix what little glitches they miss?
It makes me really angry when I hear people say things like this. The ONLY advantage XML has when it comes to being used as a protocol is that there are a lot of parsers written for it. What if I define a "markup language" with, say, one byte-value for chunk-start, the following byte representing some data type, and all subsequent bytes before some close-chunk byte value representing the data. It would be just as easy to parse, you just have to standardize the byte-values.
XML as a format is being used in ways it was not at all designed to be. Take MathML (there's a joke; XML wrapped around a whole OTHER format -- as if to prove how inadequate XML is). Or XSL. Why do we need to write a parsing language in markup when there are a dozen more intuitive, easier to use programming languages that do the same thing better, faster, and more "extensibly."
Think about what that means. Every chunk of information represented by its own process? Riiight. How the hell do you organize that? I think you need to distinguish between operational paradignms (like processes), and data structure paradigms (like files).
You: It will probably take me two months to finish this project working nine to five.
Manager: Hmmm.
You: BUT, if I work 16 hour days, I can get it done in just one month and have time to --
Manager: Great! You have three weeks. And I've got another project with your name on it when you get done.
(Manager walks off congratulating himself)
You:(trailing off) -- take a month off?
He's thinking, what a hard worker you are! If you can put in a month of 16 hour days, why not two? Why not a whole bunch? (That's why this will never fly -- nothing to do with whether he knows you're BSing)
Maybe the complainers have to work with shitty programmers. It does you a lot of good to write good code if everyone you work with writes crap. Some languages make it easer to write crap than others.
Re:Python to perl interpreter
on
Perl 6 Showcase
·
· Score: 2
It bears mentioning that the syntax of the language takes you all of a day to learn if you've ever done any programming at all. What takes you time to learn are the libraries, conventions, ideologies, and so on. I think this meta-parser will be nice if you like to write your if/then statements a certain way, but it won't take any of the work out of learning Perl, and it certainly won't make code instantly portable between languages. We're talking SYNTAX, people.
Re:Python to perl interpreter
on
Perl 6 Showcase
·
· Score: 1
That's ridiculous; no "translator" is going to produce nice, clean, readable code that other people want to work with. And what about round-trip? You think it can then convert that Perl back into Python for you to edit?
Personally I don't think it's intended to be used as a language translator, but rather let you add a few macros/stylistic conventions so you can continue writing code which nobody else can read.
I'd be really interested in seeing the speakers used for rendering that high-quality format. I mean, damn, these things would have to be grafted to your eardrums. Think of the possibilities!
And the way he coddles corporations. He wants to give them practically free liscense to do anything they want (even ignore Clean air/water acts if they so choose)
Whoa, cool, for a minute there I thought you were talking about Harry Browne.
You'd think, wouldn't you. Pity that most Americans hardly even know these candidates exist, much less what they stand for. As nice as it would be to think that you get votes by interviewing on local radio stations, the evidence makes it obvious that's NOT TRUE.
I don't completely agree, I think it's a matter of training, and as someone else said, this can be much-reduced by computer automation of most flight tasks.
It's a well-known fact that far more people die in automobile accidents than plane crashes. In part, this is because at any reasonable speed, being close to the ground just means you're closer to obstacles you could run into. Another (bigger) reason is that any idiot can drive a car, but flying planes generally requires rigorous training and testing, especially doing so commercially.
Personally, I think driving cars should be similarly restrictive; there's no reason someone who doesn't know how to use their turn signal, not drink before driving, obey traffic signals, and think on their feet should be behind the wheel of a chunk of metal traveling 80+ mph. But the popular demand just won't allow that, and as roads become more congested similar pressure will be exerted towards making personal flight easier/safer.
No, he's saying that some people "support open source over free software because they're fooled into thinking I support open source." Which I don't doubt is true.
You imply that by spending more money on corporate-produced goods, he'd have more of a positive effect on the lower class. As if the corporations are going to say, "Business is good, let's raise wages." Does the name RIAA ring a bell?
Not that I disagree with the general point, that investment in the market economy generally raises standards of living, but I think it's ridiculous to imply that charity is unjustly hurting the working class.
Well, he spouts a lot of nonsense about how corporations don't cause any environmental pollution, for one thing. He's also against the Microsoft breakup, which I think is justified.
Personally I think Nader's a bit over-enthusiastic; I'd like to see a balance where we have some government regulation to keep this from becoming Time-Warner-AOL-Microsoft-Pepsi-world, but not the Greens' gung-ho death-to-capitalism.
One thing I wonder is why all the third parties have to be so extremist. Is it because they wouldn't get any press otherwise? Because they can only get support from people who would rather die than vote Republican or Democrat?
TANSTAAFL. There Ain't No Such Thing As A Free Lunch. Government-run health insurance isn't by itself such a horrible thing. What's horrible is that people support it without thinking about the ramifications. They whine when poor people can't get health insurance, they whine when they have to pay higher taxes. Well guess what, you can't have one without the other.
That's the problem with Nader; he's a wonderful idealist, but what he wants is impossible.
On another note, the reason most rich people are Republican has to do with the darwinistic origins of reciprocal altruism. In tribal societies, where droughts can reduce the richest man to nothing, socialism can thrive because everyone knows that they may be on the benefitting end of it someday.
In modern society, lots of people really are rich enough that they can say "fuck off" to poor people who they know are going to be freeloading their whole lives. There's no chance that they will benefit from socialism, and every chance that they will be hurt by it.
I won't comment on whether it's their moral/ethical duty to suck it in and put themselves at a disadvantage. Good question, though; what's special about poor people that rich people should inconvenience themselves for them? Did the poor every inconvenience themselves (willingly) for the rich? Is it ones ethical duty to inconvenience oneself willingly? If so, shouldn't the "good" poor people be sucking it in to support the rich? By intimating that the rich should be the ones to be ethical, are we judging poor people incapable of it?
There is such a thing as a healthy amount of skepticism. Any power which could be used for nefarious purposes should be viewed skeptically no matter how much faith you have in its impartiality. For example, it's fine to be an idealist and believe that the FBI won't read your mail with Carnivore, but it would be naive to not use strong encryption nonetheless.
This guy seems to display a lack of healthy skepticism, i.e. balance. He answered most of the questions in the most perfunctory manner, refusing to play with or even entertain the idea that there might be some problems with the reviewers, process, concept, or execution. I'm not saying he should enter the review with those ideas firmly in hand, like most/.ers, but that he should be willing to play around more with the possibility.
Hell yeah, dude! Once I had this vision of my alarm clock as a Java object, and I had to call the correct method to get it to shut off, but I didn't have any interface documentation... Don't ask me to explain how I "saw" my clock as an object, because I knew it was still the alarm clock; in dreams, you tend to think more in concepts, and in getting shoved into the perceptive layer they get mangled in illogical ways (i.e. "seeing" the concept of an object).
Very often I have dreams where I have a sensation of having "solved" something or thought of something important. I compose wonderful songs in my sleep sometimes, for example. The problem is that when I wake up, I realize whatever I was thinking of was actually stupid, impossible, or irrelevant. This seems to indicate your brain's "salency indicator" gets a little unhinged while you're dreaming. I wonder why?
Identity is equally meaningless unless it's tied to accountability. So you're Joe Schmoe. Or SmallCorpX. Does that mean you won't commit credit card fraud?
I'm curious why SSL can't work similarly to SSH; you negotiate a key with that particular server. Why does the server have to pay to be identified by a CA? If you're not sure of the identity of those running the server, why are you sending them your credit card information anyways?
This is a serious question, can someone explain this to me?
Slashdot Mirror
Is it basically because not enough people design software to be secure? Or because people tend to add new features without considering the security ramifications?
Still, I don't see why being hacked is inevitable; at some point, software can be designed so that circumvention involves breaking underlying assumptions which must be true in order for your system to run at all. i.e. any crack would instantly disable your system, leaving it secure.
As a sysadmin, you can't know every single line of every program that's on your system, but isn't this the point of OpenSource: that some people will be intelligent enough to design secure software, and that others can fix what little glitches they miss?
You seem too pessimistic.
XML as a format is being used in ways it was not at all designed to be. Take MathML (there's a joke; XML wrapped around a whole OTHER format -- as if to prove how inadequate XML is). Or XSL. Why do we need to write a parsing language in markup when there are a dozen more intuitive, easier to use programming languages that do the same thing better, faster, and more "extensibly."
Think about what that means. Every chunk of information represented by its own process? Riiight. How the hell do you organize that? I think you need to distinguish between operational paradignms (like processes), and data structure paradigms (like files).
So my question is when do we get a Minesweeper-based encryption algorithm?
The fact is that competition should never have priority over unity (in my philosophical opinion).
So I guess you'd rather we were all developing Win32 apps, right?
Let's have a hypothetical dialogue:
He's thinking, what a hard worker you are! If you can put in a month of 16 hour days, why not two? Why not a whole bunch? (That's why this will never fly -- nothing to do with whether he knows you're BSing)
Maybe the complainers have to work with shitty programmers. It does you a lot of good to write good code if everyone you work with writes crap. Some languages make it easer to write crap than others.
It bears mentioning that the syntax of the language takes you all of a day to learn if you've ever done any programming at all. What takes you time to learn are the libraries, conventions, ideologies, and so on. I think this meta-parser will be nice if you like to write your if/then statements a certain way, but it won't take any of the work out of learning Perl, and it certainly won't make code instantly portable between languages. We're talking SYNTAX, people.
Personally I don't think it's intended to be used as a language translator, but rather let you add a few macros/stylistic conventions so you can continue writing code which nobody else can read.
I'd be really interested in seeing the speakers used for rendering that high-quality format. I mean, damn, these things would have to be grafted to your eardrums. Think of the possibilities!
Whoa, cool, for a minute there I thought you were talking about Harry Browne.
You'd think, wouldn't you. Pity that most Americans hardly even know these candidates exist, much less what they stand for. As nice as it would be to think that you get votes by interviewing on local radio stations, the evidence makes it obvious that's NOT TRUE.
He has very little technical knowledge and hasn't contributed anything significant himself, only his annoying comments.
Maybe you've heard of Fetchmail? Emacs? Python? Do some research before talking out of your ass.
You mean speciation? I don't know, it looks like the *cough* important parts of the penguins aren't changing. *grin*
It's a well-known fact that far more people die in automobile accidents than plane crashes. In part, this is because at any reasonable speed, being close to the ground just means you're closer to obstacles you could run into. Another (bigger) reason is that any idiot can drive a car, but flying planes generally requires rigorous training and testing, especially doing so commercially.
Personally, I think driving cars should be similarly restrictive; there's no reason someone who doesn't know how to use their turn signal, not drink before driving, obey traffic signals, and think on their feet should be behind the wheel of a chunk of metal traveling 80+ mph. But the popular demand just won't allow that, and as roads become more congested similar pressure will be exerted towards making personal flight easier/safer.
No, he's saying that some people "support open source over free software because they're fooled into thinking I support open source." Which I don't doubt is true.
He's not contesting that, he's obviously just saying that he'd rather he used his power as a citizen to prevent you from spending his money.
Not that I disagree with the general point, that investment in the market economy generally raises standards of living, but I think it's ridiculous to imply that charity is unjustly hurting the working class.
You don't like it, move to Antartica.
Personally I think Nader's a bit over-enthusiastic; I'd like to see a balance where we have some government regulation to keep this from becoming Time-Warner-AOL-Microsoft-Pepsi-world, but not the Greens' gung-ho death-to-capitalism.
One thing I wonder is why all the third parties have to be so extremist. Is it because they wouldn't get any press otherwise? Because they can only get support from people who would rather die than vote Republican or Democrat?
That's the problem with Nader; he's a wonderful idealist, but what he wants is impossible.
On another note, the reason most rich people are Republican has to do with the darwinistic origins of reciprocal altruism. In tribal societies, where droughts can reduce the richest man to nothing, socialism can thrive because everyone knows that they may be on the benefitting end of it someday.
In modern society, lots of people really are rich enough that they can say "fuck off" to poor people who they know are going to be freeloading their whole lives. There's no chance that they will benefit from socialism, and every chance that they will be hurt by it.
I won't comment on whether it's their moral/ethical duty to suck it in and put themselves at a disadvantage. Good question, though; what's special about poor people that rich people should inconvenience themselves for them? Did the poor every inconvenience themselves (willingly) for the rich? Is it ones ethical duty to inconvenience oneself willingly? If so, shouldn't the "good" poor people be sucking it in to support the rich? By intimating that the rich should be the ones to be ethical, are we judging poor people incapable of it?
This guy seems to display a lack of healthy skepticism, i.e. balance. He answered most of the questions in the most perfunctory manner, refusing to play with or even entertain the idea that there might be some problems with the reviewers, process, concept, or execution. I'm not saying he should enter the review with those ideas firmly in hand, like most /.ers, but that he should be willing to play around more with the possibility.
Hell yeah, dude! Once I had this vision of my alarm clock as a Java object, and I had to call the correct method to get it to shut off, but I didn't have any interface documentation... Don't ask me to explain how I "saw" my clock as an object, because I knew it was still the alarm clock; in dreams, you tend to think more in concepts, and in getting shoved into the perceptive layer they get mangled in illogical ways (i.e. "seeing" the concept of an object).
Very often I have dreams where I have a sensation of having "solved" something or thought of something important. I compose wonderful songs in my sleep sometimes, for example. The problem is that when I wake up, I realize whatever I was thinking of was actually stupid, impossible, or irrelevant. This seems to indicate your brain's "salency indicator" gets a little unhinged while you're dreaming. I wonder why?
I'm curious why SSL can't work similarly to SSH; you negotiate a key with that particular server. Why does the server have to pay to be identified by a CA? If you're not sure of the identity of those running the server, why are you sending them your credit card information anyways?
This is a serious question, can someone explain this to me?