You might want to look into using Netcat (or socat) for this purpose; more flexible if you want to pipe the output through something like grep or tee, and it won't mistakenly try to interpret certain characters according to the Telnet protocol.
Except if you follow the reference given in that link, you find that this was a test facility; the article may have meant that this is the first molten-salt solar plant used in production, not just for testing purposes.
Dude, get over yourself. Yeah, C and C++ are not ideal in every way; but no language is. They are still quite useful. There is a lot of good software out there written in them (such as Firefox itself).
If you really want to contribute, and help fix said security issues, it would behoove you to learn them. Otherwise, I'd recommend finding a project written in the language of your choice, and contributing to that. It doesn't make that much sense to complain about a project not being in your favorite language and asking for an extension mechanism using another language just so you can contribute.
It doesn't exactly help that the county and city have the same name, and the article mentions both the city and the Orange County District Court.
In California, counties seem to be a lot more important than in most of the rest of the country (or, at least, the East coast, where I'm from). And many counties share the same name as the largest city within them. For instance, there's San Diego, the city, and San Diego county. The City of Orange, and Orange County. The City of Los Angeles, and Los Angeles County. Sacramento County, and Sacramento. San Francisco is both a county and a city. So, it's easy to confuse them.
It sounds like it's actually the city of Orange that is in a legal battle with them, but that battle is taking place in the Orange County courts. So, yes, the article is a bit sloppy, but the confusion is easy because the county is involved as well, and shares the same name.
Most users are too stupid to deal with that. The rest are smarter than the admins and are going to do whatever they want.
No, the users are not stupid. We programmers and other people in the computer and IT industry need to get over this worldview of stupid users. Users are not stupid; they just do not specialize in computer the way we do.
Do you do all of the work on your own car, or do you have a mechanic you go to? Do you practice all of your own medicine, or do you have a doctor? Do you do all of the plumbing, carpentry, and electrical work on your house, or do you go to a contractor who specializes in those areas? Do you do all of your own taxes, or do you ever have an accountant do it? Do you argue your own cases in court, or do you get a lawyer when you need to?
Because you don't do all of this stuff, does this mean that you are too stupid to do it? Not at all. It means that you have chosen your area of specialization, and they have chosen theirs. Sure, some people learn quite a lot about another area or two as a hobby or a second profession, but no one has the time and energy to learn all of this at the highest level. I've met people with PhDs in particle physics from prestigious universities who couldn't be arsed to figure out the difference between IE and Firefox, because they were just busy doing other things with their lives. Are you claiming that these users are "stupid"?
This is a problem that comes up in lots of professions; the professional acts condescending towards others because they don't have as much expertise in that field. I've seen doctors be condescending to patients, and mechanics condescending to customers. And whenever possible, I don't give those doctors or those mechanics any more business. Because someone's lack of knowledge about a field does not make them stupid, and does not even mean that they don't care about the issue, it may just mean that they have no time to deal with that sort of thing.
So, instead of treating users as "stupid" because they can't distinguish web browsers, or use some arcane feature, ask yourself if maybe whatever knowledge they lack is because it's really not relevant to them; ask if they really need to learn about this, or if we as an industry can make things easier for them by making sure that they never have to care. There will always be software for a given field that will require training and dedication to use by it's very nature; software like Photoshop for professional graphic artists, 3D modeling tools like Blender or Maya for professional modelers and animators, CAD programs, and so on. But then there's software that's completely incidental; that should do it's best to get out of the way and let the users do what they need to as quickly and easily as possible. And we should not call users "stupid" for failing to understand the arcane systems that we've set up because it makes our lives easier as programmers and IT, at their expense; we should instead strive to make our software as easy to use, as invisible, and as seamless as possible.
The fact that it's in the immediate interest of public safety. Watch the video from TFA; it looks like the event was far larger than anticipated, with completely inadequate crowd control. People were being shoved by the crowd through doors and down stairs. Mobs of people like this can easily knock someone down and trample them to death; it happens when there are fires in crowded space, or even when people are excited about being let into Wal-Mart on Black Friday. As the event had been announced through twitter, and the vast majority of the crowd was teenage girls with cell phones, so the hope was probably that getting a message from the official Twitter account itself would help disperse the crowd a lot better than the single cop getting up there with the megaphone, causing the crowd to just get angry.
When there's an immediate threat to life and health, compelling someone to make an announcement to disperse the crowd is an entirely reasonable thing to do. This is essentially the same case as that of calling "fire" in a crowded theater; inducing a panic in a confined space can cost lives, and likewise refusing to cooperate in trying to disperse a mob can cost lives as well.
Your name, address, social security number, bank account balance, credit card transactions, passwords, medical history, and so on are simple facts. Should those who have access to that information be allowed to state those simple facts? In public, on the internet, where anyone and everyone can see it?
This is an issue about freedom of speech versus the right to privacy. The murder is a simple fact, but it's something that happened almost 20 years ago. They have done their time, and are being released back into the world, where they need to try and put together a life again. Now, the question is, should anyone (such as potential employers) be able to Google their names and get a Wikipedia article naming them as murderers as the first hit?
This is a tough question. On the one hand, it is a plain and simple fact, that has been widely publicized, so it's fairly hard to put the cat back in the bag. On the other hand, someone who's been in prison for years, and is getting out and trying to re-integrate with society, doesn't need the added burden of everyone who interacts with them treating them with fear and suspicion because of something that happened long ago. Some judicial systems (such as that in the US), focus most on punishment and the deterrent value that supposedly has; others focus on rehabilitation and turning someone back into a productive member of society.
Now, I do favor protecting freedom of speech in this case; you can't suppress the information entirely, so any attempt to is just going to be more harmful than helpful. But I just wanted to point out that just because something is a simple fact, does not mean that it's OK to publish it on the public Internet.
Anyhow, having new designs for representing the periodic table is not a bad thing. Sometimes seeing the same information presented in different ways can help visualize it. I approve of people trying to improve the display of the elements and their periodic relationships, even if as a general purpose reference I'll probably stick with the tried and true table.
"Fork" is a term in software, particularly free software, that means creating and releasing your own version of something, without merging it back upstream with the original author. This is one of the fundamental freedoms that free software gives you; the freedom to fork it if you don't like how the original author is developing it.
In the UK, that question has not actually be judged yet, though it is presumed that you are right.
In the US, you cannot claim copyright on a faithful photographic reproduction of a work that has entered the public domain. Even if you spent time and effort on that work, it is considered a simple copy of a public domain work, and thus in the public domain.
Wikimedia is in the US, as is the uploader. It's going to be tough for the National Portait Gallery to sue this guy from overseas; unless he feels like visiting England in the future, or they can extradite him for copyright infringement (which I've never heard of), I'm not sure there's much they can do.
Hmm. You do realize that Safari reports itself as Mozilla/5.0, right?
Here's mine:
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/530.18 (KHTML, like Gecko) Version/4.0.1 Safari/530.18
They do this because various websites sniff for various browsers, and they want to show up as much like Mozilla/Gecko as possible. If your user agent parser isn't very smart, it might miss the Safari/530.18 part of that user agent string.
Of course, another possible explanation is that you work for a dental insurance company, for whom the most common users of the website are likely dental receptionists (for submitting claims), followed by people in HR (for signing up for services and looking up services on behalf of employees), both of which groups likely use only Windows machines.
It wouldn't have to be just developing countries. In South Korea, it's pretty much impossible to use anything but a PC with Internet Explorer, since they have some kind of national identity system that only works as an ActiveX plugin in IE.
If an attacker can run code as your user account, then they can insert alias sudo=evilpasswordstealingsudo (as well as alias su=evilpasswordstealingsu) into your.bashrc and wait for you to start a new shell and run one of those commands.
Basically, if an attacker gets local access to an account that is ever used to privilege escalate to root, then the attacker can get root. And even if not, there are frequently local root exploits (like a recent udev bug) that can escalate ordinary user privileges to root privileges. You should always assume that once an attacker has some access to a machine, that they can root it; treat any kind of remote-code execution exploit as if it were a remote root, and treat any kind of privilege escalation exploit as a remote root (since if one exists, there's a high probability that the other does too).
The second edition of AIMA has much more content about "soft" AI methods than the first edition did; it's almost like there's a whole other book added. The second edition really is a great survey of all of the various subfields of AI, from traditional logic systems to neural networks to Bayesian reasoning and decision theory. I'd say its definitely worthwhile.
Re:Non-Tech Percent of Web Traffic from Chrome
on
Google Chrome, Day 2
·
· Score: 1
I think it's up to Microsoft and Apple to take the steps to remove their cruft.
The problem here is that websites would break if they do that. And if websites start breaking, people usually blame the browser, rather than the site. Most of the work of developing a web browser goes into making it backwards compatible with lots of old broken sites.
The issue is, there are many peers who are considered to be the upstream, so if any one of then accepts bad routes, it gets propagated to all of the others. And they generally accept routes from the ISPs who are their customers, so if one of those ISPs itself sends them bad routes, it gets propagated to everything else. So really, as long as there is one weak link in the system, the whole thing goes down.
The problem is that this is a weakest link sort of attack. As long as there is one ISP that is being lazy and is not filtering routes, then they become a point from which the system can be attacked.
No, I don't think you're quite correct. The original patch in that thread is not what actually was applied. There are two functions, one for seeding the pseudo-random number generator, and one for getting random data out of it. The one for getting random data out was actually mixing in some uninitialized data into the entropy pool. This is not particularly harmful, but not particularly helpful either, and it caused Valgrind to complain. So, the maintainer removed that line, but also removed the line that mixes in the value provided to seed the random number in the first place (maybe it was being called with unitialized data at some point, too).
From the article: "I imagine Microsoft charges about the same and Brazilâ(TM)s brutal tax burden makes up the rest." The summary was pretty confusingly written, but the article actually covered that.
While you're certainly correct that most free software isn't written for charitable reasons, there certainly is plenty of free software that is. Look at the OLPC; that's not for profit, or for ego, it's a charity, unless you want to clame that every single charity out there, from ones that fight hunger to AIDS to teaching in developing nations, is just around to "have their ego stroked." Or, to give you a particularly striking example, here is an excerpt from the SQLite source code:
May you do good and not evil
May you find forgiveness for yourself and forgive others
May you share freely, never taking more than you give.
Crazy Taco:
The thing the Africans need to realize is that most programmers prefer to get money in exchange for their coding, and if you don't allow patents, and therefore don't allow programmers to get money in exchange for coding, you have cut off about 98% of your source of new code.
That's absolutely false. 99% of programmers don't make their money from software patents; in fact, most of them would have an easier time doing their jobs and making money if software patents didn't exist. Software copyrights certainly help protect their software and allow them to make money, but the vast majority of software patents are held by patent trolls who haven't written a line of useful software in their lives, or big companies that just patent everything they think they can to use defensively against other companies in case of patent lawsuits.
The problem with software patents is that pretty much every piece of software written is a novel invention, because if it wasn't, then you should have reused code that already existed since it already does what you need. If people patented every new idea they had while coding, they'd be in an out of the patent office 10 times a day, and wouldn't be able to get their work done (credit to Phil Greenspun for that argument). The only people who get patents are, as I mentioned, greedy patent trolls who just want to make an easy buck (it's pretty damn simple to come up with a new, patented idea in code, and then just sue anyone else who happens to think of that and implement it later), and companies that usually get big patent portfolios so when other big companies try to hit them up for money, they can just do a patent cross-licensing agreement and not have to actually fight it out in court.
As a professional, paid programmer, I must say that patent issues are second only to cryptographic regulation issues in terms of laws that have interfered with me actually getting my job done.
The SDK is free. It costs $99/year to sign up to be allowed to install the code on your phone for testing, however. For free, all you get access to is the iPhone simulator.
Then, don't buy a subnotebook. The whole point of a subnotebook is that you sacrifice a bit on features and price in order to get something that's really damn small. You want a replaceable battery, buy a MacBook or MacBook Pro. You want something small, light, and sexy, buy a MacBook Air. Yes, it sucks that you don't have a replaceable battery, and it sucks that you don't have a DVD drive, and it sucks that you don't have an ethernet port. That's what you live with to get something so small. Some people really like having a small, ultraportable computer; some like having all kinds of features. Pick what's best for you, and buy it.
Slashdot Mirror
You might want to look into using Netcat (or socat) for this purpose; more flexible if you want to pipe the output through something like grep or tee, and it won't mistakenly try to interpret certain characters according to the Telnet protocol.
gandi.net is a much better registrar, and DreamHost is a much better host (and registrar as well).
Dump GoDaddy, make the switch, you'll be happier.
Except if you follow the reference given in that link, you find that this was a test facility; the article may have meant that this is the first molten-salt solar plant used in production, not just for testing purposes.
Dude, get over yourself. Yeah, C and C++ are not ideal in every way; but no language is. They are still quite useful. There is a lot of good software out there written in them (such as Firefox itself).
If you really want to contribute, and help fix said security issues, it would behoove you to learn them. Otherwise, I'd recommend finding a project written in the language of your choice, and contributing to that. It doesn't make that much sense to complain about a project not being in your favorite language and asking for an extension mechanism using another language just so you can contribute.
It doesn't exactly help that the county and city have the same name, and the article mentions both the city and the Orange County District Court.
In California, counties seem to be a lot more important than in most of the rest of the country (or, at least, the East coast, where I'm from). And many counties share the same name as the largest city within them. For instance, there's San Diego, the city, and San Diego county. The City of Orange, and Orange County. The City of Los Angeles, and Los Angeles County. Sacramento County, and Sacramento. San Francisco is both a county and a city. So, it's easy to confuse them.
It sounds like it's actually the city of Orange that is in a legal battle with them, but that battle is taking place in the Orange County courts. So, yes, the article is a bit sloppy, but the confusion is easy because the county is involved as well, and shares the same name.
Many users are too stupid to deal with two.
...
Most users are too stupid to deal with that. The rest are smarter than the admins and are going to do whatever they want.
No, the users are not stupid. We programmers and other people in the computer and IT industry need to get over this worldview of stupid users. Users are not stupid; they just do not specialize in computer the way we do.
Do you do all of the work on your own car, or do you have a mechanic you go to? Do you practice all of your own medicine, or do you have a doctor? Do you do all of the plumbing, carpentry, and electrical work on your house, or do you go to a contractor who specializes in those areas? Do you do all of your own taxes, or do you ever have an accountant do it? Do you argue your own cases in court, or do you get a lawyer when you need to?
Because you don't do all of this stuff, does this mean that you are too stupid to do it? Not at all. It means that you have chosen your area of specialization, and they have chosen theirs. Sure, some people learn quite a lot about another area or two as a hobby or a second profession, but no one has the time and energy to learn all of this at the highest level. I've met people with PhDs in particle physics from prestigious universities who couldn't be arsed to figure out the difference between IE and Firefox, because they were just busy doing other things with their lives. Are you claiming that these users are "stupid"?
This is a problem that comes up in lots of professions; the professional acts condescending towards others because they don't have as much expertise in that field. I've seen doctors be condescending to patients, and mechanics condescending to customers. And whenever possible, I don't give those doctors or those mechanics any more business. Because someone's lack of knowledge about a field does not make them stupid, and does not even mean that they don't care about the issue, it may just mean that they have no time to deal with that sort of thing.
So, instead of treating users as "stupid" because they can't distinguish web browsers, or use some arcane feature, ask yourself if maybe whatever knowledge they lack is because it's really not relevant to them; ask if they really need to learn about this, or if we as an industry can make things easier for them by making sure that they never have to care. There will always be software for a given field that will require training and dedication to use by it's very nature; software like Photoshop for professional graphic artists, 3D modeling tools like Blender or Maya for professional modelers and animators, CAD programs, and so on. But then there's software that's completely incidental; that should do it's best to get out of the way and let the users do what they need to as quickly and easily as possible. And we should not call users "stupid" for failing to understand the arcane systems that we've set up because it makes our lives easier as programmers and IT, at their expense; we should instead strive to make our software as easy to use, as invisible, and as seamless as possible.
The fact that it's in the immediate interest of public safety. Watch the video from TFA; it looks like the event was far larger than anticipated, with completely inadequate crowd control. People were being shoved by the crowd through doors and down stairs. Mobs of people like this can easily knock someone down and trample them to death; it happens when there are fires in crowded space, or even when people are excited about being let into Wal-Mart on Black Friday. As the event had been announced through twitter, and the vast majority of the crowd was teenage girls with cell phones, so the hope was probably that getting a message from the official Twitter account itself would help disperse the crowd a lot better than the single cop getting up there with the megaphone, causing the crowd to just get angry.
When there's an immediate threat to life and health, compelling someone to make an announcement to disperse the crowd is an entirely reasonable thing to do. This is essentially the same case as that of calling "fire" in a crowded theater; inducing a panic in a confined space can cost lives, and likewise refusing to cooperate in trying to disperse a mob can cost lives as well.
Your name, address, social security number, bank account balance, credit card transactions, passwords, medical history, and so on are simple facts. Should those who have access to that information be allowed to state those simple facts? In public, on the internet, where anyone and everyone can see it?
This is an issue about freedom of speech versus the right to privacy. The murder is a simple fact, but it's something that happened almost 20 years ago. They have done their time, and are being released back into the world, where they need to try and put together a life again. Now, the question is, should anyone (such as potential employers) be able to Google their names and get a Wikipedia article naming them as murderers as the first hit?
This is a tough question. On the one hand, it is a plain and simple fact, that has been widely publicized, so it's fairly hard to put the cat back in the bag. On the other hand, someone who's been in prison for years, and is getting out and trying to re-integrate with society, doesn't need the added burden of everyone who interacts with them treating them with fear and suspicion because of something that happened long ago. Some judicial systems (such as that in the US), focus most on punishment and the deterrent value that supposedly has; others focus on rehabilitation and turning someone back into a productive member of society.
Now, I do favor protecting freedom of speech in this case; you can't suppress the information entirely, so any attempt to is just going to be more harmful than helpful. But I just wanted to point out that just because something is a simple fact, does not mean that it's OK to publish it on the public Internet.
I like this one a lot better.
Anyhow, having new designs for representing the periodic table is not a bad thing. Sometimes seeing the same information presented in different ways can help visualize it. I approve of people trying to improve the display of the elements and their periodic relationships, even if as a general purpose reference I'll probably stick with the tried and true table.
"Fork" is a term in software, particularly free software, that means creating and releasing your own version of something, without merging it back upstream with the original author. This is one of the fundamental freedoms that free software gives you; the freedom to fork it if you don't like how the original author is developing it.
In the UK, that question has not actually be judged yet, though it is presumed that you are right. In the US, you cannot claim copyright on a faithful photographic reproduction of a work that has entered the public domain. Even if you spent time and effort on that work, it is considered a simple copy of a public domain work, and thus in the public domain. Wikimedia is in the US, as is the uploader. It's going to be tough for the National Portait Gallery to sue this guy from overseas; unless he feels like visiting England in the future, or they can extradite him for copyright infringement (which I've never heard of), I'm not sure there's much they can do.
Hmm. You do realize that Safari reports itself as Mozilla/5.0, right?
Here's mine:
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_7; en-us) AppleWebKit/530.18 (KHTML, like Gecko) Version/4.0.1 Safari/530.18
They do this because various websites sniff for various browsers, and they want to show up as much like Mozilla/Gecko as possible. If your user agent parser isn't very smart, it might miss the Safari/530.18 part of that user agent string.
Of course, another possible explanation is that you work for a dental insurance company, for whom the most common users of the website are likely dental receptionists (for submitting claims), followed by people in HR (for signing up for services and looking up services on behalf of employees), both of which groups likely use only Windows machines.
It wouldn't have to be just developing countries. In South Korea, it's pretty much impossible to use anything but a PC with Internet Explorer, since they have some kind of national identity system that only works as an ActiveX plugin in IE.
If an attacker can run code as your user account, then they can insert alias sudo=evilpasswordstealingsudo (as well as alias su=evilpasswordstealingsu) into your .bashrc and wait for you to start a new shell and run one of those commands.
Basically, if an attacker gets local access to an account that is ever used to privilege escalate to root, then the attacker can get root. And even if not, there are frequently local root exploits (like a recent udev bug) that can escalate ordinary user privileges to root privileges. You should always assume that once an attacker has some access to a machine, that they can root it; treat any kind of remote-code execution exploit as if it were a remote root, and treat any kind of privilege escalation exploit as a remote root (since if one exists, there's a high probability that the other does too).
http://www.snopes.com/military/lighthouse.asp
The second edition of AIMA has much more content about "soft" AI methods than the first edition did; it's almost like there's a whole other book added. The second edition really is a great survey of all of the various subfields of AI, from traditional logic systems to neural networks to Bayesian reasoning and decision theory. I'd say its definitely worthwhile.
The problem here is that websites would break if they do that. And if websites start breaking, people usually blame the browser, rather than the site. Most of the work of developing a web browser goes into making it backwards compatible with lots of old broken sites.
The issue is, there are many peers who are considered to be the upstream, so if any one of then accepts bad routes, it gets propagated to all of the others. And they generally accept routes from the ISPs who are their customers, so if one of those ISPs itself sends them bad routes, it gets propagated to everything else. So really, as long as there is one weak link in the system, the whole thing goes down.
The problem is that this is a weakest link sort of attack. As long as there is one ISP that is being lazy and is not filtering routes, then they become a point from which the system can be attacked.
That's the analysis I came up with as well. Thanks for posting this; it's good to confirm that I wasn't crazy.
No, I don't think you're quite correct. The original patch in that thread is not what actually was applied. There are two functions, one for seeding the pseudo-random number generator, and one for getting random data out of it. The one for getting random data out was actually mixing in some uninitialized data into the entropy pool. This is not particularly harmful, but not particularly helpful either, and it caused Valgrind to complain. So, the maintainer removed that line, but also removed the line that mixes in the value provided to seed the random number in the first place (maybe it was being called with unitialized data at some point, too).
See my comment here for more details: http://reddit.com/info/6j7a9/comments/c03zxko
From the article: "I imagine Microsoft charges about the same and Brazilâ(TM)s brutal tax burden makes up the rest." The summary was pretty confusingly written, but the article actually covered that.
While you're certainly correct that most free software isn't written for charitable reasons, there certainly is plenty of free software that is. Look at the OLPC; that's not for profit, or for ego, it's a charity, unless you want to clame that every single charity out there, from ones that fight hunger to AIDS to teaching in developing nations, is just around to "have their ego stroked." Or, to give you a particularly striking example, here is an excerpt from the SQLite source code:
Crazy Taco:
The thing the Africans need to realize is that most programmers prefer to get money in exchange for their coding, and if you don't allow patents, and therefore don't allow programmers to get money in exchange for coding, you have cut off about 98% of your source of new code.
That's absolutely false. 99% of programmers don't make their money from software patents; in fact, most of them would have an easier time doing their jobs and making money if software patents didn't exist. Software copyrights certainly help protect their software and allow them to make money, but the vast majority of software patents are held by patent trolls who haven't written a line of useful software in their lives, or big companies that just patent everything they think they can to use defensively against other companies in case of patent lawsuits.
The problem with software patents is that pretty much every piece of software written is a novel invention, because if it wasn't, then you should have reused code that already existed since it already does what you need. If people patented every new idea they had while coding, they'd be in an out of the patent office 10 times a day, and wouldn't be able to get their work done (credit to Phil Greenspun for that argument). The only people who get patents are, as I mentioned, greedy patent trolls who just want to make an easy buck (it's pretty damn simple to come up with a new, patented idea in code, and then just sue anyone else who happens to think of that and implement it later), and companies that usually get big patent portfolios so when other big companies try to hit them up for money, they can just do a patent cross-licensing agreement and not have to actually fight it out in court.
As a professional, paid programmer, I must say that patent issues are second only to cryptographic regulation issues in terms of laws that have interfered with me actually getting my job done.
The SDK is free. It costs $99/year to sign up to be allowed to install the code on your phone for testing, however. For free, all you get access to is the iPhone simulator.
Then, don't buy a subnotebook. The whole point of a subnotebook is that you sacrifice a bit on features and price in order to get something that's really damn small. You want a replaceable battery, buy a MacBook or MacBook Pro. You want something small, light, and sexy, buy a MacBook Air. Yes, it sucks that you don't have a replaceable battery, and it sucks that you don't have a DVD drive, and it sucks that you don't have an ethernet port. That's what you live with to get something so small. Some people really like having a small, ultraportable computer; some like having all kinds of features. Pick what's best for you, and buy it.