The key to understanding how these groups believe in two seemingly contrary views is to understand how these views are not actually contrary at all. In doing so, you remove the hobbles from your own mind and can better comprehend another's perspective.
The key to understanding how someone can favor the death penalty and be against abortion is to understand that there's a fundamental difference between unborn children and convicted murderers. Once you understand that concept, you can move on to the fact that certain groups see this difference as significant when forming views about how to treat another person.
If you don't understand how someone can favor privacy while fighting for openness is to understand how information can be used. And once you have that added enlightenment, you can begin to understand how the potential use of knowledge can affect the people's opinion of whether that knowledge should be made public.
These forced parallels, this forced grouping of dissimilar ideas based on a single commonality at the exclusion of all other attributes, is not the product of analytical thinking. Rather, it's the result of the manipulation and selection of data to fit a hypothesis.
The key, of course, to understanding others is to actually try to understand them, rather than trying to contradict them.
There is some truth behind this. In order for a source to be truly anonymous, it has to be unknown even to the news media. But in removing the source from the content, you remove the credibility as well. There is no good solution because by solving one problem, you would necessarily create another.
I realise that with enough indirection, you can create solutions that half-solve both problems, but there is no perfect answer. Either the source is known, or the information is "based on an anonymous tip."
The trouble begins when you want to add things to it...(due to) the brittle nature of the platform, when you do that, other things break.
The real irony there is the word choice: a few years back, some Microsoft top brass used a similar word: "fragile," to describe the project he oversaw: Windows XP. This was in a private interview with a contractor who was investigating its use for DOD work.
To explain what he meant, he recounted an incident with a release candidate version of XP where they found that changing the order of a few entries in the default path would cause the system to fail to even boot. Now, don't get me wrong, he wasn't saying "our product is crap," he was saying that this contractor had to be extremely careful if he changed anything, because even minor modifications to the code or configuration can have unforeseen destructive consequences.
It's interesting to see how a company so confidently projects its own faults on others--even in the absence of any solid evidence. The brittleness of the Windows operating system is an unfortunate byproduct of their own unique development process and the details that get overlooked because of it. It's an indication of the arrogance of the management that they simply assume that processes managed by others can't possibly produce better results than their own.
In all seriousness, that is the single most insightful comment I've seen on Slashdot in at over a year's time. A brilliant metaphor that so completely encompasses the paradigm shift between using the provided tools in Windows versus Unix programming.
For over a year now I've been attempting to explain this very concept to my associates (whom I am supposed to teach Unix programming adn administration basics). So far, the best I could come up with is, "simple tools combined in clever ways." I hope you don't mind if I quote you verbatim in my own presentations.
IIRC, many games and other software written for the original IBM PC used software timing loops for delays (assuming the watch to be at 4.77 MHz). As faster 286 and 386 machines started showing up, the software that depended on those loops became unusable.
Yes, one of my favorite DOS games "flightmare" was an exciting challenge on my 4MHz 286. But when we bought our 16MHz 386, that all changed. It was impossible at best.
Luckily, the computer had a switch in the front that you could toggle your clock between 16, 8, and 4 MHz. What a brilliant addition.
Actually, it's a wonderful first line of defense. In fact, it's a wonderful procedure to follow for all remote access (if possible) because of two main reasons:
First, you're safe from worms. That's not an insignificant thing. The vast majority of all attacks (especially against Windows boxes) are perpetrated through some automated process--worms or other malware. These programs generally don't waste time doing in-depth scans of computers. If you're configured differently than the rest of the flock, you're not worth the time.
Second, you're safe from casual portscans. My own servers are scanned at least 20 times a day, and often over a hundred. To save time, these scans only hit the "interesting" ports. If you don't look immediately interesting, you'll just be passed by.
That whole bit about keeping the default setup to avoid extra attention is a bunch of BS. There's nothing terribly suspicious about running a service on a non-standard port. Furthermore, it doesn't matter how interesting or uninteresting a host appears. If you're configuration is exploitable, you'll be exploited when discovered. And if you look just like everyone else, well then everyone else will be exploited too.
There is no strength in numbers, and there is no real strength in solitude. But if you can avoid detection, then you've avoided an attack. That's like hiding your valuables to avoid theft: It's not a reliable defense, but it's simple and works often enough to make for a reasonable precaution.
I've been a Palm person myself: I owned the Pilot 5000 Professional (back when it was USRobotics--still works), the Palm III (from 3Com), the Palm Vx, the Palm m505, a Toshiba PocketPC (kept it only 2 months), the Palm Tungsten T, the Palm Tungsten W, and now own an HP rx3715 iPAQ.
Interestingly enough, I like the HP a lot more than the equivalently price Palm. The hardware speed has finally caught up to the software, and all those "cool features" like handwriting recognition finally actually work well enough to be useful. Palms have gotten larger, and PocketPCs have gotten smaller, so size is no longer an issue for me. For the first time, I've found that I can be as productive with my iPAQ as I can with a similar Palm device.
I picked the iPAQ because the competitors in the Palm arena have gotten just too expensive for the features when compared to PocketPCs. And until the situation improves for Palm, I'm sticking with what I've got.
So how does Apache by itself have this problem, and how can apache by itself SOLVE the problem?
Any software that can act as an HTTP proxy can solve the problem by refusing to pass on any content-length-related headers (or other cues) that it does not use.
2.1.6 has been released to fix this. This was responded to quickly, so now its just up to the web masters to update their servers.
Webmasters don't need to update anything, because there is no vulnerability from their perspective.
Request smuggling doesn't apply to a single web server, but rather to a combination proxy and web server that use a different method to determine how long a request is. In such an arrangement, an attacker could use smuggling to poison the proxy's cache or what have you, but the only customers who would be affected are others behind the same proxy.
Because this sort of attack is so limited in scope, the chances of any of us ever even hearing about an actual exploit are very slim. The only people who really need to worry are those who run proxy servers.
Hasn't this tech been show to be damaging to Ham radios? Something that is usually very helpful in times of emergency, when phones and sometimes power is even out?
Ham radio? Hell, I'm worried about aircraft radio. You lose that and you've created an emergency.
Slow-speed operation has always been an achilles heel for fixed-wing aircraft, while high-speed flight is difficult for rotorcraft. The CarterCopter is an attempt at taking the best of both worlds.
Much of what you see in the Carter Copter has been done before. What's innovative about their design is where they're going with it. High-speed flight with a very slow-turning rotor is an entirely unexplored area of flight, but Carter Aviation's take is that with their hybrid design, you can get very efficient operation at all stages of flight--and that's a very innovative outlook.
Don't knock the CarterCopter because it can't hover. The craft is just a technology demonstrator and was built without a tail rotor just for simplicity's sake. The rest of the craft design does not preclude the option to adding hover capability. Carter is pioneering an area of flight with an aircraft that was designed specifically for that purpose. Once the world understands what is possible, you can expect to start seeing true helicopters (capable of normal heli ops) sporting a CarterCopter-like design that would enable them to travel with the speed of a jet, but maneuver like a helicopter at low speed--all without mucking about with complicated (and heavy) systems like vectored thrust.
This achievement is significant in that it shows that with the right design you can remove the mu-1 limitation, even with that pesky rotor whirling on top of the craft.
Ok, but swap a hacker's desire for fun with a software companies desire to make money without properly taking responsiblity for securing their product and one could also write:
Perhaps you should RTFA--no, really. The article was very reasonable and well-written. The synopsis was not. Here's the context from which the quote you refer to came--
If we consider the Internet as a big local network, we will see that some of our neighbours keep getting exploited by spyware, virus, and so on. Who should we blame? OS producers? Or our neighbours that chose that particular software and then run it without an appropriate secure setup?
There's enough blame for everyone.
Blame the users who don't secure their systems and applications.
Blame the vendors who write and distribute insecure shovel-ware.
Blame the sleazebags who make their living infecting innocent people with spyware, or sending spam.
Blame Microsoft for producing an operating system that is bloated and has an ineffective permissions model and poor default configurations.
Blame the IT managers who overrule their security practitioners' advice and put their systems at risk in the interest of convenience. Etc.
Truly, the only people who deserve a complete helping of blame are the hackers. Let's not forget that they're the ones doing this to us. They're the ones who are annoying an entire planet. They're the ones who are costing us billions of dollars a year to secure our systems against them. They're the ones who place their desire for fun ahead of everyone on earth's desire for peace and [the] right to privacy.
I recently installed both Linux (FC3) and Windows (XPsp2) on the same laptop. The linux installation was substantially faster and easier.
Installing and fully customizing FC3 took me 2.5 hours with 2 reboots.
Installing Windows and bringing it to the same degree of usability as my linux setup on the same hardware took 14 hours and 17 reboots (And if I had "rebooted now" every time it asked me, it would have been in the 50s).
While I could have reasonably had my wife handle the Linux installation ("Just follow the instructions and use the following password..."), no one I know but me could have handled the windows installation in under 36 hours of work.
The only reason why I can do it so fast is because I've gone through this process 8 times now, and I know which pieces to install, where to get them, and what order to install them in. The first time I attempted it, it was a week before I had a usable system. The first two times I attempted the installation, I had to reformat more than once to get it right. It's not a simple process by any means.
To their credit, Microsoft doesn't put much development into the installation process because they don't have to. If you have Windows on your computer, it's because the computer came with it--exceptions to that rule are so rare that they're almost not worth mentioning. The converse is true with Linux--if you use it, you most likely installed it yourself.
very city in the US has hundreds of them
were you thinking they are rare ?
Officially endangered. Yes. Found generally on farms where they grow the things and at universities. Not the kind of tree you'd plant in your own yard.
BYU has a Gingo tree. It's in a Phylum (or Division if you're a biologist) of its own, and was originally believed extinct. The tree was a goodwill gift from some tibetan monks or something, so they couldn't just stuff it away in a greenhouse. And it's endangered so they can't get rid of it.
The tree is unfortunately a female one (yes, there are males too), so it produces fruit. The fruit smells like vomit, and in fact has the same "simpathy puking" effect on people as any normal pool of vomit would. The smell ginko fruit has made a number of students sick, and quite a few people actually avoid that area of campus when there's fruit on the ground--classes be damned.
If you spent as much money for a software product as you do on a house, you'd be able to expect as high a standard of engineering.
The sort of thinking that even leads to such a comparison is simply inexcusable: it fails to factor in the scarsity of resources. If you bought a house and a piece of software for the same price, you could always expect a higher standard of quality (and utility) from the software.
It would be far more reasonable to compare the quality of, say, software versus kitchen appliances.
TFA says that MS's rival in this area is shaping up to be a product called Xen. I will humbly admit I've never heard of Xen, and TFA says it has a lot of support. But isn't this VMware's market too?
If you've been following the developer lists of projects like Fedora and such, you'll see that Xen has been getting quite a bit of attention for the past few months. It's not that kind of story that would make the front page in a marketing-driven tech journal. But it's been progressing fast and shows a lot of exciting potential for those who are interested in that kind of thing.
VMware and Xen are similar products, but in different niches. VMware creates a virtual machine sandbox that you can use like a separate computer.
Xen, on the other hand, "supervises" the execution of a subordinate kernel. The virtual machine paradigm is thrown out almost entirely, and the sandbox paradigm is kept around only to the extent necessary. The overhead imposed by Xen is therefore very low -- it can run hosted kernels at nearly full-speed. Xen is something like the next logical step after user-mode Linux.
Xen is designed to run multiple logical OSes on the same machine in a real production environment. This could be particularly useful for situations like web hosting. An owner of a server could sell space to the general public--and each account would come with complete root access to a "hypervised" OS image. He could sell 10 to 20 such accounts on one machine and still expect reasonable performance from each.
It's interesting how the current president always gets put on the face of any government operation, as if it were all his idea.
The president doesn't want the names of ISP customers. The Lawyers want those names. The police want those names. The people who want additional power are the people who can actually use it. The president supports it because the idea sounded reasonable when it was presented to him. The only thing he's been personally campaigning about is social security. The rest is just side notes.
Fifty to one says he's got no idea what this whole argument is about. Do you really thing George W. Bush understands this debate?
The only barrier now is to prove that it is economically viable.
Any technology that reduces a previously unaddressed type pollution can be made economically viable--you just have to apply such heavy fees to actually releasing the pollution that the technology in question becomes the cheaper alternative.
So let me get this straight; humans are controlling a cockroach that is controlling a robot?
Hmm. Perhaps you missed something. There is no human input anywhere in the system. The lights are wired directly to proximity sensors, so the light will come on if the roach drives close to a wall or something. That tends to keep it out in the open where it can roam around on its own will.
It's a lot more like a insect driving a car than controlling a robot.
... as soon as the first proof of concept evolves into a worm...
Point taken, but let's bear in mind that this POC can't evolve into a worm. It can't even evolve into an exploit now that the only site on the default whitelist no longer exists.
That's why they didn't put out a stop-gap fix release at the beginning of the week--the threat had passed completely.
Firefox developers got lucky this time--they could remove the threat with a simple server-side modification. With most vulnerabilities of this severity, that's not an option.
I can barely see any difference between subversion and CVS.
That's the point.
SVN is designed to be a direct replacement of CVS, keeping as many details the same as possible, and only fixing what's broken. Everthing SVN does differently, they do because CVS did it wrong. Only when they've reached their stated goals will they start will they start supporting things that were beyond the scope of CVS.
Please, show me the section of the constitution that says...
If you try to trace many of even the most basic governmental principles directly to some paragraph in the constitution, you'll be sorely disapointed. As useful as a written document is in stabilizing a government, this particular country allows certain appropriately appointed individuals to rewrite the country's rules of operation with really no more approval or ratification than their own.
Of course, the principle of judicial review isn't in the constitution anywhere, but the courts protect it as if it was--and no one questions the courts.
Slashdot Mirror
The key to understanding how someone can favor the death penalty and be against abortion is to understand that there's a fundamental difference between unborn children and convicted murderers. Once you understand that concept, you can move on to the fact that certain groups see this difference as significant when forming views about how to treat another person.
If you don't understand how someone can favor privacy while fighting for openness is to understand how information can be used. And once you have that added enlightenment, you can begin to understand how the potential use of knowledge can affect the people's opinion of whether that knowledge should be made public.
These forced parallels, this forced grouping of dissimilar ideas based on a single commonality at the exclusion of all other attributes, is not the product of analytical thinking. Rather, it's the result of the manipulation and selection of data to fit a hypothesis.
The key, of course, to understanding others is to actually try to understand them, rather than trying to contradict them.
There is some truth behind this. In order for a source to be truly anonymous, it has to be unknown even to the news media. But in removing the source from the content, you remove the credibility as well. There is no good solution because by solving one problem, you would necessarily create another.
I realise that with enough indirection, you can create solutions that half-solve both problems, but there is no perfect answer. Either the source is known, or the information is "based on an anonymous tip."
The real irony there is the word choice: a few years back, some Microsoft top brass used a similar word: "fragile," to describe the project he oversaw: Windows XP. This was in a private interview with a contractor who was investigating its use for DOD work.
To explain what he meant, he recounted an incident with a release candidate version of XP where they found that changing the order of a few entries in the default path would cause the system to fail to even boot. Now, don't get me wrong, he wasn't saying "our product is crap," he was saying that this contractor had to be extremely careful if he changed anything, because even minor modifications to the code or configuration can have unforeseen destructive consequences.
It's interesting to see how a company so confidently projects its own faults on others--even in the absence of any solid evidence. The brittleness of the Windows operating system is an unfortunate byproduct of their own unique development process and the details that get overlooked because of it. It's an indication of the arrogance of the management that they simply assume that processes managed by others can't possibly produce better results than their own.
In all seriousness, that is the single most insightful comment I've seen on Slashdot in at over a year's time. A brilliant metaphor that so completely encompasses the paradigm shift between using the provided tools in Windows versus Unix programming.
For over a year now I've been attempting to explain this very concept to my associates (whom I am supposed to teach Unix programming adn administration basics). So far, the best I could come up with is, "simple tools combined in clever ways." I hope you don't mind if I quote you verbatim in my own presentations.
Yes, one of my favorite DOS games "flightmare" was an exciting challenge on my 4MHz 286. But when we bought our 16MHz 386, that all changed. It was impossible at best.
Luckily, the computer had a switch in the front that you could toggle your clock between 16, 8, and 4 MHz. What a brilliant addition.
Actually, it's a wonderful first line of defense. In fact, it's a wonderful procedure to follow for all remote access (if possible) because of two main reasons:
First, you're safe from worms. That's not an insignificant thing. The vast majority of all attacks (especially against Windows boxes) are perpetrated through some automated process--worms or other malware. These programs generally don't waste time doing in-depth scans of computers. If you're configured differently than the rest of the flock, you're not worth the time.
Second, you're safe from casual portscans. My own servers are scanned at least 20 times a day, and often over a hundred. To save time, these scans only hit the "interesting" ports. If you don't look immediately interesting, you'll just be passed by.
That whole bit about keeping the default setup to avoid extra attention is a bunch of BS. There's nothing terribly suspicious about running a service on a non-standard port. Furthermore, it doesn't matter how interesting or uninteresting a host appears. If you're configuration is exploitable, you'll be exploited when discovered. And if you look just like everyone else, well then everyone else will be exploited too.
There is no strength in numbers, and there is no real strength in solitude. But if you can avoid detection, then you've avoided an attack. That's like hiding your valuables to avoid theft: It's not a reliable defense, but it's simple and works often enough to make for a reasonable precaution.
Interestingly enough, I like the HP a lot more than the equivalently price Palm. The hardware speed has finally caught up to the software, and all those "cool features" like handwriting recognition finally actually work well enough to be useful. Palms have gotten larger, and PocketPCs have gotten smaller, so size is no longer an issue for me. For the first time, I've found that I can be as productive with my iPAQ as I can with a similar Palm device.
I picked the iPAQ because the competitors in the Palm arena have gotten just too expensive for the features when compared to PocketPCs. And until the situation improves for Palm, I'm sticking with what I've got.
Any software that can act as an HTTP proxy can solve the problem by refusing to pass on any content-length-related headers (or other cues) that it does not use.
Webmasters don't need to update anything, because there is no vulnerability from their perspective.
Request smuggling doesn't apply to a single web server, but rather to a combination proxy and web server that use a different method to determine how long a request is. In such an arrangement, an attacker could use smuggling to poison the proxy's cache or what have you, but the only customers who would be affected are others behind the same proxy.
Because this sort of attack is so limited in scope, the chances of any of us ever even hearing about an actual exploit are very slim. The only people who really need to worry are those who run proxy servers.
Ham radio? Hell, I'm worried about aircraft radio. You lose that and you've created an emergency.
Much of what you see in the Carter Copter has been done before. What's innovative about their design is where they're going with it. High-speed flight with a very slow-turning rotor is an entirely unexplored area of flight, but Carter Aviation's take is that with their hybrid design, you can get very efficient operation at all stages of flight--and that's a very innovative outlook.
Don't knock the CarterCopter because it can't hover. The craft is just a technology demonstrator and was built without a tail rotor just for simplicity's sake. The rest of the craft design does not preclude the option to adding hover capability. Carter is pioneering an area of flight with an aircraft that was designed specifically for that purpose. Once the world understands what is possible, you can expect to start seeing true helicopters (capable of normal heli ops) sporting a CarterCopter-like design that would enable them to travel with the speed of a jet, but maneuver like a helicopter at low speed--all without mucking about with complicated (and heavy) systems like vectored thrust.
This achievement is significant in that it shows that with the right design you can remove the mu-1 limitation, even with that pesky rotor whirling on top of the craft.
Perhaps you should RTFA--no, really. The article was very reasonable and well-written. The synopsis was not. Here's the context from which the quote you refer to came--
Installing and fully customizing FC3 took me 2.5 hours with 2 reboots.
Installing Windows and bringing it to the same degree of usability as my linux setup on the same hardware took 14 hours and 17 reboots (And if I had "rebooted now" every time it asked me, it would have been in the 50s).
While I could have reasonably had my wife handle the Linux installation ("Just follow the instructions and use the following password..."), no one I know but me could have handled the windows installation in under 36 hours of work.
The only reason why I can do it so fast is because I've gone through this process 8 times now, and I know which pieces to install, where to get them, and what order to install them in. The first time I attempted it, it was a week before I had a usable system. The first two times I attempted the installation, I had to reformat more than once to get it right. It's not a simple process by any means.
To their credit, Microsoft doesn't put much development into the installation process because they don't have to. If you have Windows on your computer, it's because the computer came with it--exceptions to that rule are so rare that they're almost not worth mentioning. The converse is true with Linux--if you use it, you most likely installed it yourself.
Officially endangered. Yes. Found generally on farms where they grow the things and at universities. Not the kind of tree you'd plant in your own yard.
The tree is unfortunately a female one (yes, there are males too), so it produces fruit. The fruit smells like vomit, and in fact has the same "simpathy puking" effect on people as any normal pool of vomit would. The smell ginko fruit has made a number of students sick, and quite a few people actually avoid that area of campus when there's fruit on the ground--classes be damned.
The sort of thinking that even leads to such a comparison is simply inexcusable: it fails to factor in the scarsity of resources. If you bought a house and a piece of software for the same price, you could always expect a higher standard of quality (and utility) from the software.
It would be far more reasonable to compare the quality of, say, software versus kitchen appliances.
If you've been following the developer lists of projects like Fedora and such, you'll see that Xen has been getting quite a bit of attention for the past few months. It's not that kind of story that would make the front page in a marketing-driven tech journal. But it's been progressing fast and shows a lot of exciting potential for those who are interested in that kind of thing.
VMware and Xen are similar products, but in different niches. VMware creates a virtual machine sandbox that you can use like a separate computer.
Xen, on the other hand, "supervises" the execution of a subordinate kernel. The virtual machine paradigm is thrown out almost entirely, and the sandbox paradigm is kept around only to the extent necessary. The overhead imposed by Xen is therefore very low -- it can run hosted kernels at nearly full-speed. Xen is something like the next logical step after user-mode Linux.
Xen is designed to run multiple logical OSes on the same machine in a real production environment. This could be particularly useful for situations like web hosting. An owner of a server could sell space to the general public--and each account would come with complete root access to a "hypervised" OS image. He could sell 10 to 20 such accounts on one machine and still expect reasonable performance from each.
That's simply not an option with VMware.
It's interesting how the current president always gets put on the face of any government operation, as if it were all his idea.
The president doesn't want the names of ISP customers. The Lawyers want those names. The police want those names. The people who want additional power are the people who can actually use it. The president supports it because the idea sounded reasonable when it was presented to him. The only thing he's been personally campaigning about is social security. The rest is just side notes.
Fifty to one says he's got no idea what this whole argument is about. Do you really thing George W. Bush understands this debate?
Any technology that reduces a previously unaddressed type pollution can be made economically viable--you just have to apply such heavy fees to actually releasing the pollution that the technology in question becomes the cheaper alternative.
In fact, that's the way it often happens.
In the future, databases will be more "good."
While we can't yet go into detail as to how this will all work, suffice it to say that we have a pretty solid idea what the future holds.
The page with the pretty pictures.
Hmm. Perhaps you missed something. There is no human input anywhere in the system. The lights are wired directly to proximity sensors, so the light will come on if the roach drives close to a wall or something. That tends to keep it out in the open where it can roam around on its own will.
It's a lot more like a insect driving a car than controlling a robot.
Point taken, but let's bear in mind that this POC can't evolve into a worm. It can't even evolve into an exploit now that the only site on the default whitelist no longer exists.
That's why they didn't put out a stop-gap fix release at the beginning of the week--the threat had passed completely.
Firefox developers got lucky this time--they could remove the threat with a simple server-side modification. With most vulnerabilities of this severity, that's not an option.
That's the point.
SVN is designed to be a direct replacement of CVS, keeping as many details the same as possible, and only fixing what's broken. Everthing SVN does differently, they do because CVS did it wrong. Only when they've reached their stated goals will they start will they start supporting things that were beyond the scope of CVS.
If you try to trace many of even the most basic governmental principles directly to some paragraph in the constitution, you'll be sorely disapointed. As useful as a written document is in stabilizing a government, this particular country allows certain appropriately appointed individuals to rewrite the country's rules of operation with really no more approval or ratification than their own.
Of course, the principle of judicial review isn't in the constitution anywhere, but the courts protect it as if it was--and no one questions the courts.