Readers interested in what Pascal and Date have to say may be interested in visiting
Database
Debunkings. It has lots of articles written by one or both of them.
Personally, I recommend the articles written by Date because they are clearly, concisely, accurately, and calmly written. Pascal's tend to turn into a rant, which I wouldn't mind but he always seems to refer to his books rather than give a detailed justification of his arguments.
SPARK Ada came from Praxis Critical Systems. (http://www.praxis-cs.co.uk/). Go take a look. You can read about how SPARK Ada is used in things like aircraft, and (increasingly) in the automotive industry.
"If people had understood how patents would be granted when most of today's ideas were invented and had taken out patents, the industry would be at a complete standstill today."
If the patent covers "mechanisms for embedding objects within distributed hypermedia documents, where at least some of the object's data is located external to the document, and there is a control path to the object's implementation to support user interaction with the object" then does OLE also infringe?
I don't understand how a small company can be this inconsistent.
Also, with regard to their recent announcement of a "binary run-time license": How can _anyone_ distribute linux? If it contains code that requires a license from SCO, then it can't be licensed under the GPL (see clause 7 of the GPL).
Therefore no-one can distribute it, not even SCO, since they don't own all the copyright. Is this what SCO intend? Just to get rid of ~12 years of work?
The title does, however, remind me of some of the stuff you see on
this page. It also reminds me of a person I did work experience with during school. Incidentally, I never want to work with said person again, because he was full of crap.
The following describes the common sections found by the Inquirer reader (although I have only looked at the linux source files).
amd7930.c - the matching lines are just a table of constants (a gain curve or something), pretty much straight from the chipset manual, although the comment above the table is also identical - but the BSD contribution is not noted at the top of the file (assuming they mean the audio amd7930.c and not the isdn one).
slhc.c - this is BSD ppp code, and is copyrighted as such at the top of the file.
balloc.c - dunno about this, which balloc.c?
bonding.c - hmmm, the lines seem to correspond to a random section of code in the middle. May be BSD code, but the comments at the top imply that this is all recent stuff.
Of course, this assumes that the line numbers the Inquirer published are for the linux files and not the BSD files (why did they only publish one set?!?)
QNX has been the only company so far to commercialize a microkernel OS.
Isn't the Windows NT kernel supposed to be a microkernel? Admittedly, it is a bit larger than people intended when they came up with the idea of a microkernel (especially since MS added GUI code to it in NT 4.0), but still...
And what about OS X? That has Mach at its heart doesn't it? That's a microkernel too.
The increased framerates possible using this technology, rather than CCD, probably help when doing fast motion detection as the robot in the article is doing.
Gates: This bickering is pointless. Lord Stallman will provide us with the IP of the rebels hidden server by time Palladium is operational. We will then crush the rebellion with one swift lawsuit.
The people who will show up best are those who will come up with novel solutions, because a new solution is inherently more interesting than a correct solution.
I disagree.
When a good puzzle solver hears an interesting problem it will start buzzing round their unconscious, and whether they are actively thinking about it or not it will be in the back of their mind bugging them. They won't be satisfied if they just get an answer, they'll keep going until the problem is demolished, until the answer is complete, elegant, and obviously correct.
Levy, in the book Hackers, describes this as The Right Thing, the straightest line between two points. Are you telling me that knowing the solution inside out like that won't result in clear concise code?
A solved problem is not a problem, and they won't waste time on it, so don't worry about them re-inventing the wheel.
OpenBSD, which does not develop as many products
as Microsoft, says only one vulnerability or hole
has been found in its software in the past seven
years.
Erm, shouldn't that be "only one remote
hole in the default install"?
Visse said the company was making some significant investments in developing a better search engine. But the company has not offered specific plans.
From past experience Microsoft's idea of better is more packed with features. I use Google because it is fast, efficient, and has unobtrusive advertising. Can you honestly see Microsoft competing on those terms?
McFact No. 8: A report in Liability Week, September 29, 1997, indicated that Kathleen Gilliam, 73, suffered first degree burns when a cup of coffee spilled onto her lap. Reports also indicate that McDonald's consistently keeps its coffee at 185 degrees, still approximately 20 degrees hotter than at other restaurants. Third degree burns occur at this temperature in just two to seven seconds, requiring skin grafting, debridement and whirlpool treatments that cost tens of thousands of dollars and result in permanent disfigurement, extreme pain and disability to the victims for many months, and in some cases, years.
Will someone please explain to me how water with something dissolved in it can be at 185 degrees and yet still spill? (liquids spill, steam rises)
To spur uptake of i-Nav, the company configured the DNS servers for.com and.net to reply to some erroneous domain lookups with the IP address of a VeriSign web site, as opposed to an error message.
...
The system guesses that the user is looking for an internationalized domain name (IDN) and presents them with a way to access it.
Doesn't that assume that users only look up the names of webservers?
What happens when a user mistypes a URL and the VeriSign system merrily sends them a verisign IP, but they are using "ssh", or an IMAP mail client, or any other service that the verisign server is unlikely to be running?
The user receives unhelpful "Connection refused" messages, instead of being prompted to correct their typo by a "Can't find..." message.
They mean that some software, designed to take a fully qualified domain name as input, *always* looks up the input by DNS, even if someone has typed in an IP rather than a hostname - making the lookup unnecessary.
If it was a reverse lookup it wouldn't just contain an ip (e.g. "1.2.3.4"), it would be "4.3.2.1.in-addr.arpa", that's how reverse lookup works.
A1
Unvalidated Parameters
Information from web requests is not validated before being used by a web application. Attackers can use these flaws to attack backside components through a web application.
Backside?
I've heard of back-end components.
Maybe the writer is hinting that code that makes these mistakes is a pile of......
in the case of robbery, it has to be proven that something was stolen. if your server is not secured, how does anyone know what was stolen? if it's anything more than simple defacement, the cracker is sure to cover his tracks.
this is at the heart of the stiff penalties for cracking a website. it can be very hard to tell what was actually done to the server.
Some sysadmins use intrusion detecting systems, and extensive logging to a write-only medium. They have backups, and checksums, and they can quickly ascertain what happened to their systems.
Then again, some don't.
Again, this is irrelevent to the sentence the perpetrator receives.
Another story:
There once was a robber who stole from two houses. The owner of one house had an inventory, and could tell the police exactly what had been stolen. The owner of the second house didn't have a clue.
Are you telling me that the robber should receive a stiffer sentence for robbing the clueless one?
Should the legal system compensate for clueless admins?
When someone breaks into a system -- regardless of their motivations -- the breakee does not know what the intruder has in mind...........huge costs in time and effort can and will be expended to purge the system of the problem which often involves what might very well be overkill
Think about what you're saying!
A shop gets broken into at night and robbed, the thieves used no weapons. The owner of the shop decides to take measures to stop it happening again. Now he could install a metal grill over the windows, or he could go over the top and install video surveillance and hire a three armed security guards in case a gang of thugs with guns try and break in.
Now, ask yourself the question, what does his choice of security precautions have to do with the punishment of those thieves?
Absolutely nothing.
Taking advantage of a security hole is like robbing a house no lock on the door - IT IS WRONG - but noone tries to sue the thief for the cost of buying a lock. Instead, the thief gets punished for stealing.
The typical defense is to program routers to throw away excessive ping packets, which is called rate limiting. While this protects the server, the attack streams can still create traffic jams up to the point where they are discarded.
Well then, isn't it logical to try and rate limit/filter as close to the source as possible then? Of course this shifts responsibility...
If all ISPs were proactive in dealing with customers machines being used as zombies to launch attacks, then internet users as a whole would have less problems trying to deal with being the target of an attack.
A few logical steps:
Filter out spoofed packets - the ISP has allocated the IPs to broadband users for goodness sake, it's much easier to filter packets when you know who's sent them than on the internet at large!
Rate limit - no, not everything, don't go annoying the hell out of legitimate users. Something that will cut in when 100 PING packets per second go to a single host would be quite sufficient.
Monitor for signs of trojan infection and REACT! I couldn't believe the amount of traffic I got in my web logs when Code Red was going around. How hard is it for the ISP to e-mail or ring up their customer and tell them that they're infected?
Some ISPs may do this, I don't know, but from the articles I read about DDoS attacks it appears that most don't.
Slashdot Mirror
Readers interested in what Pascal and Date have to say may be interested in visiting Database Debunkings. It has lots of articles written by one or both of them.
Personally, I recommend the articles written by Date because they are clearly, concisely, accurately, and calmly written. Pascal's tend to turn into a rant, which I wouldn't mind but he always seems to refer to his books rather than give a detailed justification of his arguments.
Yes, they do.
SPARK Ada came from Praxis Critical Systems. (http://www.praxis-cs.co.uk/). Go take a look. You can read about how SPARK Ada is used in things like aircraft, and (increasingly) in the automotive industry.
Better than a BSOD!
Come on! Even Bill Gates knows this one:
If the patent covers "mechanisms for embedding objects within distributed hypermedia documents, where at least some of the object's data is located external to the document, and there is a control path to the object's implementation to support user interaction with the object" then does OLE also infringe?
Is there really no prior art?
And the other half....
That's still an awful lot of crashes.
I don't understand how a small company can be this inconsistent.
Also, with regard to their recent announcement of a "binary run-time license":
How can _anyone_ distribute linux? If it contains code that requires a license from SCO, then it can't be licensed under the GPL (see clause 7 of the GPL).
Therefore no-one can distribute it, not even SCO, since they don't own all the copyright. Is this what SCO intend? Just to get rid of ~12 years of work?
Hmmmmm...
Ok, architects design.
"architect" is a noun not a verb.
There is no such word as "architecting".
The title does, however, remind me of some of the stuff you see on this page. It also reminds me of a person I did work experience with during school. Incidentally, I never want to work with said person again, because he was full of crap.
Newton wrote:
Linux' law states:
It's amazing what happens when you stop reinventing the wheel and share.
The following describes the common sections found by the Inquirer reader (although I have only looked at the linux source files).
Of course, this assumes that the line numbers the Inquirer published are for the linux files and not the BSD files (why did they only publish one set?!?)
Parent post contains:
Erm, no. If you had read the article carefully, you would know that the pieces overlap. The article says:
From the article:
Isn't the Windows NT kernel supposed to be a microkernel? Admittedly, it is a bit larger than people intended when they came up with the idea of a microkernel (especially since MS added GUI code to it in NT 4.0), but still...
And what about OS X? That has Mach at its heart doesn't it? That's a microkernel too.
Both of the above are commercially successful.
Erm VLSI just means putting lots of stuff on one chip (Very Large Scale Integration). Do you mean "CMOS instead of CCD"?
(more detailed explanation)
The increased framerates possible using this technology, rather than CCD, probably help when doing fast motion detection as the robot in the article is doing.
In a galaxy far, far, away?
I disagree.
When a good puzzle solver hears an interesting problem it will start buzzing round their unconscious, and whether they are actively thinking about it or not it will be in the back of their mind bugging them. They won't be satisfied if they just get an answer, they'll keep going until the problem is demolished, until the answer is complete, elegant, and obviously correct.
Levy, in the book Hackers, describes this as The Right Thing, the straightest line between two points. Are you telling me that knowing the solution inside out like that won't result in clear concise code?
A solved problem is not a problem, and they won't waste time on it, so don't worry about them re-inventing the wheel.
From the article:
Erm, shouldn't that be "only one remote hole in the default install"?
From past experience Microsoft's idea of better is more packed with features. I use Google because it is fast, efficient, and has unobtrusive advertising. Can you honestly see Microsoft competing on those terms?
Following the link in the parent post...
Will someone please explain to me how water with something dissolved in it can be at 185 degrees and yet still spill? (liquids spill, steam rises)
Doesn't that assume that users only look up the names of webservers?
What happens when a user mistypes a URL and the VeriSign system merrily sends them a verisign IP, but they are using "ssh", or an IMAP mail client, or any other service that the verisign server is unlikely to be running?
The user receives unhelpful "Connection refused" messages, instead of being prompted to correct their typo by a "Can't find..." message.
Hmmmm, I went to the website and looked at the screenshots. You're right - nice uncluttered simple interface that *matches* other programs.
Perfect!
Then I went back to the main page and the "What needs to be done" box caught my eye:
How ironic.
No, I assume the researchers are not that stupid.
They mean that some software, designed to take a fully qualified domain name as input, *always* looks up the input by DNS, even if someone has typed in an IP rather than a hostname - making the lookup unnecessary.
If it was a reverse lookup it wouldn't just contain an ip (e.g. "1.2.3.4"), it would be "4.3.2.1.in-addr.arpa", that's how reverse lookup works.
Backside?
I've heard of back-end components.
Maybe the writer is hinting that code that makes these mistakes is a pile of......
Some sysadmins use intrusion detecting systems, and extensive logging to a write-only medium. They have backups, and checksums, and they can quickly ascertain what happened to their systems.
Then again, some don't.
Again, this is irrelevent to the sentence the perpetrator receives.
Another story:
There once was a robber who stole from two houses. The owner of one house had an inventory, and could tell the police exactly what had been stolen. The owner of the second house didn't have a clue.
Are you telling me that the robber should receive a stiffer sentence for robbing the clueless one?
Should the legal system compensate for clueless admins?
Think about what you're saying!
A shop gets broken into at night and robbed, the thieves used no weapons. The owner of the shop decides to take measures to stop it happening again. Now he could install a metal grill over the windows, or he could go over the top and install video surveillance and hire a three armed security guards in case a gang of thugs with guns try and break in.
Now, ask yourself the question, what does his choice of security precautions have to do with the punishment of those thieves?
Absolutely nothing.
Taking advantage of a security hole is like robbing a house no lock on the door - IT IS WRONG - but noone tries to sue the thief for the cost of buying a lock. Instead, the thief gets punished for stealing.
Well then, isn't it logical to try and rate limit/filter as close to the source as possible then? Of course this shifts responsibility...
If all ISPs were proactive in dealing with customers machines being used as zombies to launch attacks, then internet users as a whole would have less problems trying to deal with being the target of an attack.
A few logical steps:
Some ISPs may do this, I don't know, but from the articles I read about DDoS attacks it appears that most don't.