Have a look at every comment on this story now.. anyone would think Slashdot is the home of the pro-copyright extremists. There's no talk of fair use. There's no talk of the creativity requirements of copyright. There's none of the usual bemoaning of the extremity of copyright law, as there is when "one of us" is being sued for copyright infringement. No, it's "hang 'em from the tallest tree!!" I honestly wouldn't be surprised if I noted down the nicks of everyone who has had some pro-copyright thing to say here and next week found them defending some soccer mom who is being sued for blatantly ignoring copyright law.
Oh I completely agree. The problem is that people want to hold me to the same rules that they wish to apply to Fox or some other money grubbing bastard.
thinks that a happy snap of their pet has any value other than sentimental. If you make pictures of your pet available, I should be free to use them as I see fit.
As an aggregate they know enough that they produce the vast majority of security bug reports. Umm, again, no offense, but do you have anything to back that up?
I submit that people who are only looking for security flaws don't have a motivation to develop a deep understanding of the software. People who are out to modify the software do. And thus there are not just more eyes, but better eyes with Free Software. No offense, but that's completely the opposite of the facts. The vast majority of software engineers have no idea what they're doing when it comes to detecting, fixing and avoiding security issues. That's why tools like Coverity exist - and most the time the programmers can't even use them correctly. There are "security consultants" you can hire who basically just explain the results from Coverity, and they're not short on work.
But hey, don't take my word for it.. go have a chat with your friend Theo de Raadt.. he'll give you the skinny on how terrible the majority of C programmers are when it comes to security issues. And don't get him started on the so called "safe" languages.
so? He did something (some) people consider cool.. why shouldn't he stand to gain from telling people about it?
Slashvertisment used to mean that you were claiming Slashdot was taking money to advertise something as a story. You seem to be using it to refer to anyone who submits their own website to Slashdot. Attention whore? Yes. Slashvertisment? No.
Although I understand what you're trying to say, it does seem a little irrelevant.
I'm a software security engineer. I can look at source code and tell you if it has some bugs in it that I would consider relevant to security. If I can't find any, I might tell you that it is more secure than if I could... but that's doesn't mean it is secure. I'll never tell you it is secure, because testing simply can't give you that. I can do this on proprietary software or I can do this on Open Source software.. the only difference is that, with the Open Source software, I don't need permission from someone to do the testing and other people don't need permission to check my work.
Does this mean that more people will check the Open Source software for security flaws? Not necessarily. It completely depends on whether or not someone has an interest in the security of that particular bit of software. Even assuming a similar level of interest in the security of comparable proprietary and Open Source software, there's no guarantee that those who have an interest in testing the Open Source software for security flaws will report back the findings. They may simply decide that the Open Source software is too insecure for their use and go with the proprietary solution - assuming they can have it similarly tested by a trusted third party.
All in all, the assumption that Open Source software is more secure than proprietary software is most likely true, but there's no hard data.. because the stats on the insecurity of proprietary software are guarded secrets - and that's probably the best reason to assume that proprietary software is less secure.
Have you heard of the Scale Invariant Feature Transform? Well you have now. There are libraries written in C# (no less) which are publicly available to do this stuff. You can recognize a large collection of objects.
Indeed. There was some guys who were doing a port of Syndicate Wars (sequel to Syndicate) from a disassembly. All they were "rewriting" was the video and sound systems to use SDL. They seem to have disappeared though and taken their code with them. It's an interesting hybrid. A number of these old DOS games use DOS4GW and other extenders so the executable of interest is actually a COFF file with 32 bit instructions in it.. so running the bits as they are in the exe as-is can be done on modern 32 bit operating systems. You just run into problems when the program tries to do an interrupt to call extended DOS apis like the DPMI set. Or, worse yet, when it tries to access hardware registers. So if you can trap those few, you can wrap an emulator around it. You get native code execution and compatible hardware emulation. This is basically what DosBox does in a less direct way. Unfortunately, all this does not help with the problem of understanding the program so you can extend it. For that you need a full rewrite. Of course, reverse engineering is still a must.
heh, there are perfectly legal ways to make a clone. They probably are not doing these things, but it seems that whenever the notion of cloning comes up people seem to think there's a law against it.
US airlines. That's kind of freakin' obvious from the context isn't it? Equipping US airlines with anti-missile technology is hardly going to help non-US airlines.
Number of passenger planes shot down by heat seeking missiles: 0 Number of passenger planes used as missiles: 3
So, err, don't you want the ability to shoot down passenger planes? Or is the next step to install "special" missiles on buildings that might have passenger planes flown into them in the future which can bypass the anti-missile system? And if that's the plan, what's to stop them bad guys (who are under every bed) from using those missiles to shoot down the planes?
And if the industry is forced to get their act together and actually do it right, Do DRM right. Do something that is information theory impossible, but do it right. Yes. I'll just get my magic pixie dust now. This time we'll sprinkle it *right*.
I do believe I mentioned the fact that there are power saving things you can do.. but regardless, there are still a shitload of cycles wasted by having the idle thread run nops. It's just unavoidable, so why not run something useful in the idle thread?
Yeah, I don't know what universe you're living it, but the one I live in, we don't have cool running processors. There are no desktop (or even laptop) processors today that are incrementally clockable. There's a few that can halve the clock speed.. there's a few that can even quarter it.. but that's about it. That means for every second that you only need to execute 1000 instructions because you are idle, your 2GHZ processor is actually executing 1999999000 "nop" instructions (if you prefer, insert powers of 2, but normal people understand decimal). These instructions *are* wasted. Yes, an add instruction does take more than 1 cycle, and yes, it does use more power than nop instruction (as it uses more silicon) but these are minor details. All the massive number of control gates are still active even when you are doing nothing. Nops are still pulled from cache, etc.
Now, of course, if you were to actually turn your computer off that would save you a hell of a lot of power.. as would the next best thing, suspend or hibernate.. but for those billions and billions of cycles between every keystroke or when you've otherwise got the computer on and you're just not using all the cpu, you are indeed wasting cycles.
Have a look at every comment on this story now.. anyone would think Slashdot is the home of the pro-copyright extremists. There's no talk of fair use. There's no talk of the creativity requirements of copyright. There's none of the usual bemoaning of the extremity of copyright law, as there is when "one of us" is being sued for copyright infringement. No, it's "hang 'em from the tallest tree!!" I honestly wouldn't be surprised if I noted down the nicks of everyone who has had some pro-copyright thing to say here and next week found them defending some soccer mom who is being sued for blatantly ignoring copyright law.
I said reasonable. Since when is copyright reasonable?
Oh I completely agree. The problem is that people want to hold me to the same rules that they wish to apply to Fox or some other money grubbing bastard.
thinks that a happy snap of their pet has any value other than sentimental. If you make pictures of your pet available, I should be free to use them as I see fit.
But hey, don't take my word for it.. go have a chat with your friend Theo de Raadt.. he'll give you the skinny on how terrible the majority of C programmers are when it comes to security issues. And don't get him started on the so called "safe" languages.
so? He did something (some) people consider cool.. why shouldn't he stand to gain from telling people about it?
Slashvertisment used to mean that you were claiming Slashdot was taking money to advertise something as a story. You seem to be using it to refer to anyone who submits their own website to Slashdot. Attention whore? Yes. Slashvertisment? No.
No-one was debating Bruce's last point about Coverity returning many false positives.
As for the use of terminology, excuse me for using an accurate term like "defect" instead of a more popular colloquialism like "hole".
Didn't you watch Die Hard 4? DHS obviously did.
Although I understand what you're trying to say, it does seem a little irrelevant.
I'm a software security engineer. I can look at source code and tell you if it has some bugs in it that I would consider relevant to security. If I can't find any, I might tell you that it is more secure than if I could... but that's doesn't mean it is secure. I'll never tell you it is secure, because testing simply can't give you that. I can do this on proprietary software or I can do this on Open Source software.. the only difference is that, with the Open Source software, I don't need permission from someone to do the testing and other people don't need permission to check my work.
Does this mean that more people will check the Open Source software for security flaws? Not necessarily. It completely depends on whether or not someone has an interest in the security of that particular bit of software. Even assuming a similar level of interest in the security of comparable proprietary and Open Source software, there's no guarantee that those who have an interest in testing the Open Source software for security flaws will report back the findings. They may simply decide that the Open Source software is too insecure for their use and go with the proprietary solution - assuming they can have it similarly tested by a trusted third party.
All in all, the assumption that Open Source software is more secure than proprietary software is most likely true, but there's no hard data.. because the stats on the insecurity of proprietary software are guarded secrets - and that's probably the best reason to assume that proprietary software is less secure.
Have you heard of the Scale Invariant Feature Transform? Well you have now. There are libraries written in C# (no less) which are publicly available to do this stuff. You can recognize a large collection of objects.
Indeed. There was some guys who were doing a port of Syndicate Wars (sequel to Syndicate) from a disassembly. All they were "rewriting" was the video and sound systems to use SDL. They seem to have disappeared though and taken their code with them. It's an interesting hybrid. A number of these old DOS games use DOS4GW and other extenders so the executable of interest is actually a COFF file with 32 bit instructions in it.. so running the bits as they are in the exe as-is can be done on modern 32 bit operating systems. You just run into problems when the program tries to do an interrupt to call extended DOS apis like the DPMI set. Or, worse yet, when it tries to access hardware registers. So if you can trap those few, you can wrap an emulator around it. You get native code execution and compatible hardware emulation. This is basically what DosBox does in a less direct way. Unfortunately, all this does not help with the problem of understanding the program so you can extend it. For that you need a full rewrite. Of course, reverse engineering is still a must.
heh, there are perfectly legal ways to make a clone. They probably are not doing these things, but it seems that whenever the notion of cloning comes up people seem to think there's a law against it.
And again, no they are not violating copyright. And when it comes to copyright infringement allegations, being in France is a good thing.
Which is so blindly obvious that MobileTatsu-NJG is clearly a troll.
Huh? How so? What part of copyright law, exactly, do you think stops them from writing a program to use Blizzard's graphics files?
Wanna bet?
1. they're not in the US
2. they're not actually doing anything illegal
"Blizzard won't like it" != "that's illegal!!!!"
At least, not in countries that still respect the rule of law.
You actually believe that don't you?
Real hackers don't care.
US airlines. That's kind of freakin' obvious from the context isn't it? Equipping US airlines with anti-missile technology is hardly going to help non-US airlines.
Number of passenger planes shot down by heat seeking missiles: 0
Number of passenger planes used as missiles: 3
So, err, don't you want the ability to shoot down passenger planes? Or is the next step to install "special" missiles on buildings that might have passenger planes flown into them in the future which can bypass the anti-missile system? And if that's the plan, what's to stop them bad guys (who are under every bed) from using those missiles to shoot down the planes?
Yes, you're a nazi, we get it.
I do believe I mentioned the fact that there are power saving things you can do.. but regardless, there are still a shitload of cycles wasted by having the idle thread run nops. It's just unavoidable, so why not run something useful in the idle thread?
Yeah, I don't know what universe you're living it, but the one I live in, we don't have cool running processors. There are no desktop (or even laptop) processors today that are incrementally clockable. There's a few that can halve the clock speed.. there's a few that can even quarter it.. but that's about it. That means for every second that you only need to execute 1000 instructions because you are idle, your 2GHZ processor is actually executing 1999999000 "nop" instructions (if you prefer, insert powers of 2, but normal people understand decimal). These instructions *are* wasted. Yes, an add instruction does take more than 1 cycle, and yes, it does use more power than nop instruction (as it uses more silicon) but these are minor details. All the massive number of control gates are still active even when you are doing nothing. Nops are still pulled from cache, etc.
Now, of course, if you were to actually turn your computer off that would save you a hell of a lot of power.. as would the next best thing, suspend or hibernate.. but for those billions and billions of cycles between every keystroke or when you've otherwise got the computer on and you're just not using all the cpu, you are indeed wasting cycles.
There's no good talking to some people dude, just let it go.