If it's enough information for a dev to troublshoot and fix it, it's enough information for a cracker to write an exploit for it. Exploit proof of concept code is a convenience for testing the correctness of fixes and it relieves some of the burden on developers. Not posting it would have no effect on script kiddies.
The idea that you have to be kept ignorant for your own protection is so intellectually and morally bankrupt that it boggles my mind that people keep using it. Of course it's reasonable to notify the vendor first, but if they do not respod promptly and correctly to security flaws (and practically no vendors I'm aware of do - maybe some small shops but none of the big ones), then by all means go public with it. Information like this is essential to the correctness of capitalism.
It's still unambiguous as long as those other languages don't name thier months after numbers. I'm not aware of any language where "June" and "6" are the same word.
Note that you fail to provide any support for your arguments - there are at least 2 types of groupthink on this issue and yours is just the opposite of the OP.
While you're quite correct that most script kiddies can't find holes on thier own, I don't think that most viruses come from bugtraq exploit code. There's enough crackers out there who're good enough to write exploit code once the fact of the vulnerability is revealed.
It's in the best interests of the public to have these things be in the open - it provides people with the opportunity to fix them. Without public disclosure, theres no way to know if things are really fixed. There's not even any way to know theres a problem. Application vendors are generally resistant to applying fixes (note how many of them threaten and sue people for public disclosure - even if they object to the disclosure on the grounds that it's dangerous, as you do, that doesn't mean that the discloser is a criminal).
It sounds to me like you're totally against any sort of responsibility or accountability for security flaws in software and thats so irresponsible it makes me cringe.
Just to be clear, any language that can do dynamic evaluation has had this always. Language extentions to make it seamless is innovative but not groundbreaking - it's a cool idea thats rarely used enough that other languages haven't made a big deal out of it. I've used database-as-filesystem type deals that work on this concept for dynamic web pages and it's largely a nightmare to maintain.
I've seen a tool that produces flowcharts from individual functions in a variety of languages. Now, as a modelling tool it's pretty useless, but as an aid to documentation and as a debugging tool it was great. Note that it doesn't REPLACE english language docs, but a quick graphical overview of a complicated function made it alot easier to get up to speed on someone elses code.
You're missing the point. The point is that if you want to apply different styling to a part of the document that the author didn't consider semantically seperate, you have to modify the document. Or, for a more likely example, say the author DID mark them up correctly, but you want to style some of them differently than others. Now you need to modify them so that they're part of the correct classes or have seperate IDs (or maybe you can play accessor games, but then if the content is reformatted you lose your styling...). It's possible to largely divorce the content and the presentation, but not (usually) to achieve a 100% seperation because presentation IS content in many cases. CSS Zen garden is an awesome site, but most of the CSS sheets available would break if you restructured the content in any real way. How "divorced" is that supposed to be? It's not tied to the content per se, but it's certainly tied to the structure of the content.
This is actually untrue, because the HTML requires markup to distinguish elements that you apply styles to. If you decide you want to emphasise a word in a run of text, for example, you need to put that word into a span or some other element. So while you can divorce presentation to a degree, presentation changes can require semantic changes to the content itself.
This was a goal of the mono project but my understanding is that they basically gave up. Window.Forms is tied very tightly to the Windows platform in terms of design, and due to it's limitations as a toolkit it's very common for.NET developers on windows to use p/invoke and the window handles exposed by Window.Forms controls. This is obviously not going to be portable although it's my uderstanding they're working on implementiong it via winelib.
As a side note, there are.NET bindings for the wxWindows toolkit, which will allow you to write.NET apps that can be backended by GTK or Win32 without a rewrite. No wxQt available, though.
I've heard this one tons of time, and in reality it seems to be much more about someone to blame than someone to sue - IE, someone you can talk about suing in a meeting. If you're powerless to fix something (like a bug in Windows), then the board can't hold you responsible if you go over deadline because of it. Being powerless like that can be incredibly usefull in office politics.
It's important to remember that the first two resound very strongly with the sort of bull dog "greed is good", "show me the money" kind of personality you stereotypically find in upper management.
The third one is kinda silly imo, since it's (obviously) true for anything, and if you're going to pay for a plug & play system then you're no longer really buy software, you're buying services and theres plenty of places you can go for that, and why should you care what the back end is?
Man, you sound bitter. It's too bad rich yuppie brats don't have to have coin jars to steal your money.
By the way, what you've also described is "no goverment". It's a scale, not an absolute classification. The UN is a good example of your type of government, and look how freely we (the US) dismisses them as "irrelevent". Your usage of the words communism and socialism is totally wrong, so I'm just going to ignore that sentence. Suffice it to say that the two things aren't related to each other and even less related to your previous sentence.
Note that a socialist government (which, like all governments, will take away your money to give to someone else) is not neccesarily invasive or facist. In fact, the most common reason for liberalism in government is to protect personal freedoms. It's also perfectly possible for conservatives to be incredibly invasive, for which proof I give you the American republican party.
As for the etymology of "republic", yes, it's from "publicus", of the people. It's the idea of government held in common, as public land might be.
This is a perfect example of what the reviewer was talking about, which is taking a good idea and turning it upo to 11. You're totally correct that it's unreasonable for the customer to not support the developlment, and they have to take responsibility. Everyone who's ever worked in that sort of development knows the kind of mental anguish that last second or conflicting requirements causes. However, totally pushing that reponsability to the customer isn't correct behaviour either. There's ground in the middle that needs to be met. That, by the way, is how other professional industries work - the people you're contracting with are supposed to bring expertise to the table that you don't have (thats why you hired them, after all).
Because it's not internally consistent with the other use of nanotech in the game, and it's an obvious "gameplay" measure, with the nanotech stuff being a tacked on afterthought.
That said, I enjoyed the game more than I thought I would. I disliked how they munged up stealth play, especially toward the end. However the story was good if not as great as the original (say 8/10 if deus ex 1 was 10/10), quests and plots were sufficiently non-linear to entertain me, even if they were inconsistent from time to time. All in all, it was a decent but not outstanding game.
The big downside was the absolutely pathetic performance, which is really unexcusable and I hope they manage to address in Thief 3 which I'm alot more interested in.
All of those will install with a single CD image, you just don't have acccess to the full spectrum of packages. It's apples and oranges, Linux distros traditionally ship with a great many packages because the baseline of whats considered a "working system" is much higher. On the other hand, just because the stock image for a distro is some ungodly number of CDs doesn't mean that you have to download them all.
In any case, I'm not sure what that has to do with the previous posters comment, which was it's own brand of troll.
You know, you probably could reduce your slashot referal traffic to almost nil just by taking it out of your sig, instead of blocking it. Besides, with a tagline like "Free Porn", I was rather assuming that you made your money off banners rather than subscriptions.
96,000 hits in 12 hours isn't that much of a slashdotting. In any case, theres 2 major causes of slashdotting - one is that your server simply falls down. This is most common when you're serving dynamic content, which escalates your cpu usage by orders of magnitude. Even then, the most common point of failure is connection limits in databases, which is a configuration issue. The other common form of slashdotting is bandwidth usage, and it doesn't matter what you're running your server on then. Geocities, for example, can make a slashdotting roll over and beg, but any individual geocities SITE will be dead before the first post.
I'll give you a handy example of the ambiguity. Take the Win32 API, which is probably the primary source of Hungarian notation. There's a whole slew of handle data types, most of which are imcompatable. For example, the HWND (handle to a window) and the HDC(handle to a device context). These are often used in the same places, but are created and released using different functions, and mixing them is Bad(tm). Nevertheless, they both (always!) have the same prefix(h), and exactly what handle you're using is referred to using the variable name (generally hWnd and hDC). The h is totally redundant and provides _no_ information here.
As for me personally, I've never seen the need for hungarian. I generally write short functions, its exceedingly rare that the declaration of a variable is not on the same page that I'm using it. It's also conceptually close, so I can easily keep all the variables in the current scope in my head. I've got automated tools that provide both mouse hovers and a dynamic list of symbols in scope, so I'm a click away (at most) from the correct type on the off chance that I become confused. In all honesty, I don't think this has ever happened to me, at least when working on my own code. Similiarly, even when working through other peoples code, having an accurate type definition handy instead of relying on the notation, which is subject to error just seems vastly more reliable.
I don't care if you use it or not, but I thought we were talking about the relative merits of it. I prefer descriptive and readable variable names, and I rely on automated tools and an IDE to show me the type if my memory fails. Note that I'm familiar with Hungarian notation and I still think it fails the readability test - it's messy and distracts from the variable name which is where the real meaning is.
There's not now, although there may be one in the future, and it's because the technologys aren't simiilar enough.
It's true that clock speed puts an upper bound on what you can do, but in the general case no chip today can max out it's clockspeed effectively, because of other factors. Imagine if nobody had bothered to make new transmissions in the last 50 years, but we still had badass engines. Then the saying would be "theres no replacement for a good tranny", and everyone would think hot rodders like transexual hookers.
Try actually reading what he's pissed off about - the ad he got required his interaction before he could continue.
You should also remember that this isn't a letter to his congressman or any other such thing, it's a pissed off rant on slashdot, and as such swearing is just as acceptable as it would be if he were blowing off steam in a pub.
It's usefull for what it does, but it does make code damn fugly (and near-unreadable, for me), and theres far better tools now for figuring out what a variable is.
Slashdot Mirror
The idea that you have to be kept ignorant for your own protection is so intellectually and morally bankrupt that it boggles my mind that people keep using it. Of course it's reasonable to notify the vendor first, but if they do not respod promptly and correctly to security flaws (and practically no vendors I'm aware of do - maybe some small shops but none of the big ones), then by all means go public with it. Information like this is essential to the correctness of capitalism.
It's still unambiguous as long as those other languages don't name thier months after numbers. I'm not aware of any language where "June" and "6" are the same word.
While you're quite correct that most script kiddies can't find holes on thier own, I don't think that most viruses come from bugtraq exploit code. There's enough crackers out there who're good enough to write exploit code once the fact of the vulnerability is revealed.
It's in the best interests of the public to have these things be in the open - it provides people with the opportunity to fix them. Without public disclosure, theres no way to know if things are really fixed. There's not even any way to know theres a problem. Application vendors are generally resistant to applying fixes (note how many of them threaten and sue people for public disclosure - even if they object to the disclosure on the grounds that it's dangerous, as you do, that doesn't mean that the discloser is a criminal).
It sounds to me like you're totally against any sort of responsibility or accountability for security flaws in software and thats so irresponsible it makes me cringe.
Just to be clear, any language that can do dynamic evaluation has had this always. Language extentions to make it seamless is innovative but not groundbreaking - it's a cool idea thats rarely used enough that other languages haven't made a big deal out of it. I've used database-as-filesystem type deals that work on this concept for dynamic web pages and it's largely a nightmare to maintain.
I've seen a tool that produces flowcharts from individual functions in a variety of languages. Now, as a modelling tool it's pretty useless, but as an aid to documentation and as a debugging tool it was great. Note that it doesn't REPLACE english language docs, but a quick graphical overview of a complicated function made it alot easier to get up to speed on someone elses code.
You're missing the point. The point is that if you want to apply different styling to a part of the document that the author didn't consider semantically seperate, you have to modify the document. Or, for a more likely example, say the author DID mark them up correctly, but you want to style some of them differently than others. Now you need to modify them so that they're part of the correct classes or have seperate IDs (or maybe you can play accessor games, but then if the content is reformatted you lose your styling...). It's possible to largely divorce the content and the presentation, but not (usually) to achieve a 100% seperation because presentation IS content in many cases. CSS Zen garden is an awesome site, but most of the CSS sheets available would break if you restructured the content in any real way. How "divorced" is that supposed to be? It's not tied to the content per se, but it's certainly tied to the structure of the content.
This is actually untrue, because the HTML requires markup to distinguish elements that you apply styles to. If you decide you want to emphasise a word in a run of text, for example, you need to put that word into a span or some other element. So while you can divorce presentation to a degree, presentation changes can require semantic changes to the content itself.
This was a goal of the mono project but my understanding is that they basically gave up. Window.Forms is tied very tightly to the Windows platform in terms of design, and due to it's limitations as a toolkit it's very common for .NET developers on windows to use p/invoke and the window handles exposed by Window.Forms controls. This is obviously not going to be portable although it's my uderstanding they're working on implementiong it via winelib.
As a side note, there are .NET bindings for the wxWindows toolkit, which will allow you to write .NET apps that can be backended by GTK or Win32 without a rewrite. No wxQt available, though.
You can find the whole series in a variety of formats on suprnova. The orignal downloads where Quicktime, though.
I've heard this one tons of time, and in reality it seems to be much more about someone to blame than someone to sue - IE, someone you can talk about suing in a meeting. If you're powerless to fix something (like a bug in Windows), then the board can't hold you responsible if you go over deadline because of it. Being powerless like that can be incredibly usefull in office politics.
The third one is kinda silly imo, since it's (obviously) true for anything, and if you're going to pay for a plug & play system then you're no longer really buy software, you're buying services and theres plenty of places you can go for that, and why should you care what the back end is?
By the way, what you've also described is "no goverment". It's a scale, not an absolute classification. The UN is a good example of your type of government, and look how freely we (the US) dismisses them as "irrelevent". Your usage of the words communism and socialism is totally wrong, so I'm just going to ignore that sentence. Suffice it to say that the two things aren't related to each other and even less related to your previous sentence.
Note that a socialist government (which, like all governments, will take away your money to give to someone else) is not neccesarily invasive or facist. In fact, the most common reason for liberalism in government is to protect personal freedoms. It's also perfectly possible for conservatives to be incredibly invasive, for which proof I give you the American republican party.
As for the etymology of "republic", yes, it's from "publicus", of the people. It's the idea of government held in common, as public land might be.
This is a perfect example of what the reviewer was talking about, which is taking a good idea and turning it upo to 11. You're totally correct that it's unreasonable for the customer to not support the developlment, and they have to take responsibility. Everyone who's ever worked in that sort of development knows the kind of mental anguish that last second or conflicting requirements causes. However, totally pushing that reponsability to the customer isn't correct behaviour either. There's ground in the middle that needs to be met. That, by the way, is how other professional industries work - the people you're contracting with are supposed to bring expertise to the table that you don't have (thats why you hired them, after all).
That said, I enjoyed the game more than I thought I would. I disliked how they munged up stealth play, especially toward the end. However the story was good if not as great as the original (say 8/10 if deus ex 1 was 10/10), quests and plots were sufficiently non-linear to entertain me, even if they were inconsistent from time to time. All in all, it was a decent but not outstanding game.
The big downside was the absolutely pathetic performance, which is really unexcusable and I hope they manage to address in Thief 3 which I'm alot more interested in.
Microsoft HAS been compromised, and these things have not happened. So there you go.
In any case, I'm not sure what that has to do with the previous posters comment, which was it's own brand of troll.
But why not take the link out of your sig, then? You're kind of encouraging the exact behavior you're complaining about.
You know, you probably could reduce your slashot referal traffic to almost nil just by taking it out of your sig, instead of blocking it. Besides, with a tagline like "Free Porn", I was rather assuming that you made your money off banners rather than subscriptions.
96,000 hits in 12 hours isn't that much of a slashdotting. In any case, theres 2 major causes of slashdotting - one is that your server simply falls down. This is most common when you're serving dynamic content, which escalates your cpu usage by orders of magnitude. Even then, the most common point of failure is connection limits in databases, which is a configuration issue. The other common form of slashdotting is bandwidth usage, and it doesn't matter what you're running your server on then. Geocities, for example, can make a slashdotting roll over and beg, but any individual geocities SITE will be dead before the first post.
As for me personally, I've never seen the need for hungarian. I generally write short functions, its exceedingly rare that the declaration of a variable is not on the same page that I'm using it. It's also conceptually close, so I can easily keep all the variables in the current scope in my head. I've got automated tools that provide both mouse hovers and a dynamic list of symbols in scope, so I'm a click away (at most) from the correct type on the off chance that I become confused. In all honesty, I don't think this has ever happened to me, at least when working on my own code. Similiarly, even when working through other peoples code, having an accurate type definition handy instead of relying on the notation, which is subject to error just seems vastly more reliable.
I don't care if you use it or not, but I thought we were talking about the relative merits of it. I prefer descriptive and readable variable names, and I rely on automated tools and an IDE to show me the type if my memory fails. Note that I'm familiar with Hungarian notation and I still think it fails the readability test - it's messy and distracts from the variable name which is where the real meaning is.
It's true that clock speed puts an upper bound on what you can do, but in the general case no chip today can max out it's clockspeed effectively, because of other factors. Imagine if nobody had bothered to make new transmissions in the last 50 years, but we still had badass engines. Then the saying would be "theres no replacement for a good tranny", and everyone would think hot rodders like transexual hookers.
You should also remember that this isn't a letter to his congressman or any other such thing, it's a pissed off rant on slashdot, and as such swearing is just as acceptable as it would be if he were blowing off steam in a pub.
It's usefull for what it does, but it does make code damn fugly (and near-unreadable, for me), and theres far better tools now for figuring out what a variable is.
This has been fixed recently, in case you cared. Someone at MS certainly reads slashdot ;)