Not on slowdowns he isn't. The data is memory usage, but the system slowdowns claim is supposition from the first number. He says the memory usage number implies slowdowns, but that conclusion is false on win 7.
Reads like guess work to me. This is statistical data collected by an automated tool. If this tool were ACTUALLY measuring and reporting increased swapping, then they would report that, but they don't.
No, it's because very few linux users are computer illiterate, while a great many windows users are. Targeting windows users (and with attacks like this, it is the users that make the attack possible, not the platform) is going for the low hanging fruit.
You list tcl, in there, and I happen to know a bit about tcl maintenance, because the guy who sits on the other side of the table from me is one of the guys who makes sure tcl works on windows, and extremely active in the tcl community.
They absolutely do not rely on "many eyeballs". In fact, he tells me that they almost never have patches submitted to them from anyone outside the core group. This is a fairly major, well know and widely used piece of software, and yet these "infinite developers" on which the shallowness of bugs quote is premised, simply do not exist. In fact their procedures and development process is not that dissimilar to the ones employed on the closed source projects I work on, and nor are their testing methods.
You say that Mr. Hernan and I are sneering at FOSS projects, and proceed to list several, HOWEVER, I read his criticisms as being aimed at a naive understanding of Linus' law. This clearly exists within the Linux fanboi community (rather than the developer community, at least of major projects), who believe that OSS is more secure simply by virtue of being open source. Clearly that's not good enough for said major projects because they spend a great deal of time and effort hunting security bugs in more or less the same way that Microsoft's SDL requires, including code reviews, static analysis and fuzzing. That being said, if the FOSS model was watertight then how did the Debian ssl fiasco happen? Undeniably they are a major (and one would hope reputable) distro, and should be maintaining best practice in their processes.
Not true. I reported a bug in AVG when Vista was first RTM'd. Over a couple of dev cycles and several emails to their tech support the bug was ironed out. Closed source on a closed OS, and the bug reporting/fix cycle worked just fine.
Well OK, but that doesn't change the fact that his mis-stating is in fact the common conception of what Linus' law is all about. Whenever the relative merits of OSS and closed source are discussed the claim is made that OSS has fewer bugs because the code is open for all to see. It may not actually be Linus' law, but it is commonly believed and argued.
That being the case I'm not sure Linus' law is really all that meaningful, or even accurate. I mean, in principle, opening up a problem to more people means you have a greater chance of finding the one smart person who can see the obvious solution, but the reality is that only a tiny tiny fraction of bugs would fall into the category of having non-obvious solutions once identified. In my career I've see a handful of bugs that have taken more than a few days to pin down and fix, and those have been horribly complex re-entrancy problems and race conditions. I just don't see that the many eyeballs approach to bug fixing is either very common or efficient, and I'm not convinced that there is this mythical pool of people who invest time in fixing difficult problems in someone else's code. A friend of mine is a maintainer of the Tcl\Tk project, and he always tells me that no-one ever submits patches to their project from outside the core people.
Can you not read either? He admits that and concedes it. It's a tautology equivalent to the infinity monkeys thing. The question is "are there really enough people looking at the bug", and the evidence suggests that's not actually happening.
I’ll also note that the SDL requires Microsoft software to be “PreFast clean” and “FxCop clean” meaning that all static analysis defects are fixed or confirmed as false positives.
Given that a few projects use Coverity I assume that also means that those projects must be Coverity clean. What this means is that no MS product is released in which the relevant static analysis tool is reporting problems, which is a very good thing.
It is absolutely true to say the "Hope is not a security strategy". That much is undeniable, and any project that is relying on Linus' Law is doing just that. The examples you give are clearly NOT relying solely on "many eyeballs", which is why they are secure. If anything it strengthens his point because those projects, while they are FOSS, also have major corporate backing and professional core developers and testers. You say KDE has 90 static test failures. Well thanks to the SDL all of Windows (with whatever unimaginable number of lines of code that has) should have none (although, obviously we can't be certain of that, but that's what their process requires)
He was an Egyptian author who studied in the US in the 1950s. He was shocked and appalled at the licentiousness of US culture, its focus on materialism and immorality. When he returned to Egypt he wrote extensively on the subject and gained a good many followers, including many who would go on to form the current crop of islamist groups. The early motivation seemed to be to prevent the creeping westernisation, and consequential moral decline of muslim nations. Coincidentally, the same root cause (1950s rock-and-roll) was the crucible in which Leo Strauss saw "permissive egalitarianism", and consequently birthed "Neo-conservatism", and this also was related to his political zionist views.
The goals of the Islamists is islamisation of the world, but short term their goals are to overturn the state of Israel, and turn back the westernisation of muslim states. Unfortunately American cultural imperialism and influence is spread largely through consumer goods, media, the internet and commercial interests. This is at least part of the reason why China has created their "Great Firewall". Also Christian Zionism has taken root in a great deal of US churches, and is now a powerful force behind Republicanism.
INTERPOL must also act within the law, or they'll have their status revoked, and it's also less than clear (not least in that there's a great deal of argument about it) whether this order actually confers immunity on INTERPOL employees who actually did violate someones rights.
Until there is actually an allegation that INTERPOL employees have broken the law (other than parking offences, etc), or done something they shouldn't be doing this is all hypothetical and a complete waste of your time. As far as I'm aware no such allegations have ever been made.
However, no part of the legal system used for convictions should be outside the law.
Interesting. I wonder how you balance this with the fact that US courts don't care whether or not the people standing in front of them have been illegally abducted off foreign streets by intelligence agents, or whether the evidence against them was obtained by illegal means such as torture.
Indeed. Except we didn't allow the Soviet Union to be part of our law enforcement efforts. That's what the issue is here.
Nobody cares that the International Trout Commission has diplomatic immunity, because they're not going to be part of anything that really matters.
And INTERPOL isn't part of your law enforcement efforts either, except insomuch as they cooperate with national agencies that ARE law enforcement bodies and who must act within the law, and that is what they've been doing ever since 1923 when they were first formed. You really need to wipe the foam from around your mouth and engage your brain here.
Can I just point out that the "Full diplomatic immunity" you're so upset about (if it's true, which I'm not sure it really is), would be the same full diplomatic immunity given to Soviet officials at the height of the cold war, and to Iranian and Syrian officials today. If you can give it to your enemy, then you can give it to your friend.
This all comes out from the view that "Gender is a social construct", which is implying (without actually stating, and could thus be construed as weasel words) that social constructs can be changed as we see fit. This dangerous, as the law of unintended consequences comes into play with anything remotely complex. It also ignores the fact that "Equality" is just as much a social construct as gender roles.
Anyway, the unintended consequence of the success of the feminist movement has been the neglect inflicted upon the children of our generation, and the devaluation of motherhood.
The battle of the sexes has been fought and won, but the losers were not men, but children.
Agreed, and in part I think the increase in cost of raising a a child is related to the number of two (or more) income homes.
In our society we have to pay for stuff, and the price charged for stuff is related to the amount of money we have. Because two income homes (a consequence of increased gender equality in the workplace) have increased, those with two incomes are advantaged in the marketplace for housing, goods etc against those with only a single income. In other words, prices of goods are normalised to the spending power of two-income households. This means that single people, or couples with children of whom one chooses to stay and raise them cannot compete for the good quality resources, unless they are exceptionally fortunate.
The upshot of this is that the unintended consequence of enabling equality in the workplace was to compel women (primarily) into work instead of raising children.
The battle of the sexes has been fought and won, but the losers were not men, but children.
My solution would be to heavily tax second (and subsequent) incomes to a home, and use the money to enable couples to have one partner to stay at home a raise their children (or perhaps care for elderly relatives, the sick etc) if they so chose.
I hate the kill cam because it gives away your sniper spot. In CoD4 I had some great spots where I could sit and take out enemies with a silenced weapon and they have little or no idea where I was. Kill cam defeats that and on the other side takes away the skill of locating and taking out a well concealed enemy sniper. As long as you're playing on a server where you have good admins and can trust that there are no hackers it's not a problem.
Yahweh exists because Jesus rose from the dead, which can be reasoned without assuming the Bible to be true, but by testing its claims about the resurrection against history (although obviously not proved in a scientific sense, but then since when was history science).
The circular reasoning is actually yours. The reason you believe Yahweh does not exist is that you believe Bible is only a collection of myths, and the reason that you believe the Bible is just a collection of myths is that you don't believe Yahweh exists.
Arguing that inconsistencies in the Bible render make it wrong is rather like arguing for irreducible complexity rendering evolution wrong. Both arguments come from an oversimplified understanding of the subjects, and a lack of imagination.
When we encountered the ultraviolet catastrophe it didn't trigger the conclusion that reality is inconsistent or wrong. It lead to quantum theory and a deeper, more nuanced understanding of reality. So it is with the Bible. Where there are difficulties with the plain interpretation of the text we reason with them to resolve the contradiction with a deeper, more nuanced understanding of God
We're only taking about Genesis 1 + 2. But as a whole, the Bible is the work of God, and it's contents therefore reflect what He wants us to know about Him and about ourselves. I've described it as a user guide for life when I've spoken about it, and like a user guide, it tells us what we need to know as users, rather than what we might like to know about how it works. In that sense it is a single work.
The Bible contains many many books that were intended primarily for a specific time and people. That's not to say they don't also have something useful to us, but the only way we can access it is through a fully contextual reading, which means understanding what those who originally were the intended readership for the book would have taken from it, and that means reading poetry as poetry, history as history, allegory as allegory.
I do find it odd though that those who most strongly argue in favour of a literal interpretation of Genesis are actually atheists.
Slashdot Mirror
Not on slowdowns he isn't. The data is memory usage, but the system slowdowns claim is supposition from the first number. He says the memory usage number implies slowdowns, but that conclusion is false on win 7.
Reads like guess work to me. This is statistical data collected by an automated tool. If this tool were ACTUALLY measuring and reporting increased swapping, then they would report that, but they don't.
I call fail on Craig Barth.
No, it's because very few linux users are computer illiterate, while a great many windows users are. Targeting windows users (and with attacks like this, it is the users that make the attack possible, not the platform) is going for the low hanging fruit.
You list tcl, in there, and I happen to know a bit about tcl maintenance, because the guy who sits on the other side of the table from me is one of the guys who makes sure tcl works on windows, and extremely active in the tcl community.
They absolutely do not rely on "many eyeballs". In fact, he tells me that they almost never have patches submitted to them from anyone outside the core group. This is a fairly major, well know and widely used piece of software, and yet these "infinite developers" on which the shallowness of bugs quote is premised, simply do not exist. In fact their procedures and development process is not that dissimilar to the ones employed on the closed source projects I work on, and nor are their testing methods.
You say that Mr. Hernan and I are sneering at FOSS projects, and proceed to list several, HOWEVER, I read his criticisms as being aimed at a naive understanding of Linus' law. This clearly exists within the Linux fanboi community (rather than the developer community, at least of major projects), who believe that OSS is more secure simply by virtue of being open source. Clearly that's not good enough for said major projects because they spend a great deal of time and effort hunting security bugs in more or less the same way that Microsoft's SDL requires, including code reviews, static analysis and fuzzing. That being said, if the FOSS model was watertight then how did the Debian ssl fiasco happen? Undeniably they are a major (and one would hope reputable) distro, and should be maintaining best practice in their processes.
Not true. I reported a bug in AVG when Vista was first RTM'd. Over a couple of dev cycles and several emails to their tech support the bug was ironed out. Closed source on a closed OS, and the bug reporting/fix cycle worked just fine.
Well OK, but that doesn't change the fact that his mis-stating is in fact the common conception of what Linus' law is all about. Whenever the relative merits of OSS and closed source are discussed the claim is made that OSS has fewer bugs because the code is open for all to see. It may not actually be Linus' law, but it is commonly believed and argued.
That being the case I'm not sure Linus' law is really all that meaningful, or even accurate. I mean, in principle, opening up a problem to more people means you have a greater chance of finding the one smart person who can see the obvious solution, but the reality is that only a tiny tiny fraction of bugs would fall into the category of having non-obvious solutions once identified. In my career I've see a handful of bugs that have taken more than a few days to pin down and fix, and those have been horribly complex re-entrancy problems and race conditions. I just don't see that the many eyeballs approach to bug fixing is either very common or efficient, and I'm not convinced that there is this mythical pool of people who invest time in fixing difficult problems in someone else's code. A friend of mine is a maintainer of the Tcl\Tk project, and he always tells me that no-one ever submits patches to their project from outside the core people.
Can you not read either?
He admits that and concedes it. It's a tautology equivalent to the infinity monkeys thing. The question is "are there really enough people looking at the bug", and the evidence suggests that's not actually happening.
Given that a few projects use Coverity I assume that also means that those projects must be Coverity clean.
What this means is that no MS product is released in which the relevant static analysis tool is reporting problems, which is a very good thing.
It is absolutely true to say the "Hope is not a security strategy". That much is undeniable, and any project that is relying on Linus' Law is doing just that. The examples you give are clearly NOT relying solely on "many eyeballs", which is why they are secure. If anything it strengthens his point because those projects, while they are FOSS, also have major corporate backing and professional core developers and testers.
You say KDE has 90 static test failures. Well thanks to the SDL all of Windows (with whatever unimaginable number of lines of code that has) should have none (although, obviously we can't be certain of that, but that's what their process requires)
Can I just say I love this!
Atheist state China names a mountain "Praise Yahweh" mountain!
Is it just me, or does that guy bear more than a passing resemblance to Comic Book Guy?
Also, talking about Simpsons porn, will Australia make the London 2012 Olympic logo illegal?
I'm not dead!
I send that. An excellent series
You should read up on Sayyid Qutb
He was an Egyptian author who studied in the US in the 1950s. He was shocked and appalled at the licentiousness of US culture, its focus on materialism and immorality. When he returned to Egypt he wrote extensively on the subject and gained a good many followers, including many who would go on to form the current crop of islamist groups. The early motivation seemed to be to prevent the creeping westernisation, and consequential moral decline of muslim nations. Coincidentally, the same root cause (1950s rock-and-roll) was the crucible in which Leo Strauss saw "permissive egalitarianism", and consequently birthed "Neo-conservatism", and this also was related to his political zionist views.
The goals of the Islamists is islamisation of the world, but short term their goals are to overturn the state of Israel, and turn back the westernisation of muslim states. Unfortunately American cultural imperialism and influence is spread largely through consumer goods, media, the internet and commercial interests. This is at least part of the reason why China has created their "Great Firewall". Also Christian Zionism has taken root in a great deal of US churches, and is now a powerful force behind Republicanism.
INTERPOL must also act within the law, or they'll have their status revoked, and it's also less than clear (not least in that there's a great deal of argument about it) whether this order actually confers immunity on INTERPOL employees who actually did violate someones rights.
Until there is actually an allegation that INTERPOL employees have broken the law (other than parking offences, etc), or done something they shouldn't be doing this is all hypothetical and a complete waste of your time. As far as I'm aware no such allegations have ever been made.
However, no part of the legal system used for convictions should be outside the law.
Interesting. I wonder how you balance this with the fact that US courts don't care whether or not the people standing in front of them have been illegally abducted off foreign streets by intelligence agents, or whether the evidence against them was obtained by illegal means such as torture.
Indeed. Except we didn't allow the Soviet Union to be part of our law enforcement efforts. That's what the issue is here.
Nobody cares that the International Trout Commission has diplomatic immunity, because they're not going to be part of anything that really matters.
And INTERPOL isn't part of your law enforcement efforts either, except insomuch as they cooperate with national agencies that ARE law enforcement bodies and who must act within the law, and that is what they've been doing ever since 1923 when they were first formed. You really need to wipe the foam from around your mouth and engage your brain here.
Can I just point out that the "Full diplomatic immunity" you're so upset about (if it's true, which I'm not sure it really is), would be the same full diplomatic immunity given to Soviet officials at the height of the cold war, and to Iranian and Syrian officials today. If you can give it to your enemy, then you can give it to your friend.
This all comes out from the view that "Gender is a social construct", which is implying (without actually stating, and could thus be construed as weasel words) that social constructs can be changed as we see fit. This dangerous, as the law of unintended consequences comes into play with anything remotely complex. It also ignores the fact that "Equality" is just as much a social construct as gender roles.
Anyway, the unintended consequence of the success of the feminist movement has been the neglect inflicted upon the children of our generation, and the devaluation of motherhood.
The battle of the sexes has been fought and won, but the losers were not men, but children.
Agreed, and in part I think the increase in cost of raising a a child is related to the number of two (or more) income homes.
In our society we have to pay for stuff, and the price charged for stuff is related to the amount of money we have. Because two income homes (a consequence of increased gender equality in the workplace) have increased, those with two incomes are advantaged in the marketplace for housing, goods etc against those with only a single income. In other words, prices of goods are normalised to the spending power of two-income households. This means that single people, or couples with children of whom one chooses to stay and raise them cannot compete for the good quality resources, unless they are exceptionally fortunate.
The upshot of this is that the unintended consequence of enabling equality in the workplace was to compel women (primarily) into work instead of raising children.
The battle of the sexes has been fought and won, but the losers were not men, but children.
My solution would be to heavily tax second (and subsequent) incomes to a home, and use the money to enable couples to have one partner to stay at home a raise their children (or perhaps care for elderly relatives, the sick etc) if they so chose.
If people only developed these cracks for their own use then Microsoft would bother trying to stop them.
If they did bother, I suppose they could stop them. Although of course I could care less.
[hint: in English, "not" doing something is the opposite of doing it, it's a useful word]
Quite so. Which is why the phrase (in english) is "I couldn't care less".
*pop*pop*bang*hiss*BANG*pop*BOOM*pop*pop*pop*bang*hiss*BANG*pop*BOOM*pop*pop*pop*bang*hiss*BANG*pop*BOOM*pop*pop*pop*bang*hiss*BANG*pop*
*BOOM*pop*pop*pop*bang*hiss*BANG*pop*BOOM*pop*pop*pop*bang*hiss*BANG*pop*BOOM*pop*pop*pop*bang*hiss*BANG*pop*BOOM*pop*pop*pop*bang*hiss*
*BANG*pop*BOOM*pop*pop*pop*bang*hiss*BANG*pop*BOOM*pop*pop*pop*bang*hiss*BANG*pop*BOOM*pop*pop*pop*bang*hiss*BANG*pop*BOOM*
*pop*pop*pop*bang*hiss*BANG*pop*BOOM*pop*
The sound of 10000 slashdotters heads exploding as they try to figure out who to cheer for.
I hate the kill cam because it gives away your sniper spot. In CoD4 I had some great spots where I could sit and take out enemies with a silenced weapon and they have little or no idea where I was. Kill cam defeats that and on the other side takes away the skill of locating and taking out a well concealed enemy sniper. As long as you're playing on a server where you have good admins and can trust that there are no hackers it's not a problem.
Yahweh exists because Jesus rose from the dead, which can be reasoned without assuming the Bible to be true, but by testing its claims about the resurrection against history (although obviously not proved in a scientific sense, but then since when was history science).
The circular reasoning is actually yours.
The reason you believe Yahweh does not exist is that you believe Bible is only a collection of myths, and the reason that you believe the Bible is just a collection of myths is that you don't believe Yahweh exists.
Arguing that inconsistencies in the Bible render make it wrong is rather like arguing for irreducible complexity rendering evolution wrong. Both arguments come from an oversimplified understanding of the subjects, and a lack of imagination.
When we encountered the ultraviolet catastrophe it didn't trigger the conclusion that reality is inconsistent or wrong. It lead to quantum theory and a deeper, more nuanced understanding of reality. So it is with the Bible. Where there are difficulties with the plain interpretation of the text we reason with them to resolve the contradiction with a deeper, more nuanced understanding of God
We're only taking about Genesis 1 + 2. But as a whole, the Bible is the work of God, and it's contents therefore reflect what He wants us to know about Him and about ourselves. I've described it as a user guide for life when I've spoken about it, and like a user guide, it tells us what we need to know as users, rather than what we might like to know about how it works. In that sense it is a single work.
The Bible contains many many books that were intended primarily for a specific time and people. That's not to say they don't also have something useful to us, but the only way we can access it is through a fully contextual reading, which means understanding what those who originally were the intended readership for the book would have taken from it, and that means reading poetry as poetry, history as history, allegory as allegory.
I do find it odd though that those who most strongly argue in favour of a literal interpretation of Genesis are actually atheists.