Unless there is a threat to national security there is really no excuse for briefing the president and not releasing the information.
So what is the deal here ? are the martians ready to invade or does someone deserve to be fired ?
President Bush is the CEO of a large corporation called the Executive Branch. Failing to tell the CEO before a major announcement is bound to get you in trouble. I'm more worried about Mr. Bush quashing or modifying the announcement for religious compliance.
And we all know that someone does deserve to be fired; unfortunately, we have to wait until January for that.
How non-compete agreements ought to work is that they can prevent you from getting a competing job, but they have to pay your salary during this period. This would prevent damage to a worker's livelihood when a company invokes these, and provide a monetary disincentive to invoking a privilege that is damaging to the industry.
Is there a way to suppress specific valgrind uninitialized memory warnings without having to clear the buffer (and potentially mess up other code)? Some of my code has the same problem - valgrind whines when I encrypt a block of uninitialized memory, even though the numbers are intended to be random.
The build manager can't merge the changes without those changes taking on his identity, that is, all identifying information about the originator of the changes is lost.
Since I'm sure you're not talking about what svn blame gives you, what do you mean exactly?
I think the parent is referring to the problem that when you merge, "svn blame" reports the merge itself as the origin of the changed lines rather than where they came from originally. It makes it difficult to know who really made those changes.
This would give a lot of power to script kiddies. If you piss off the wrong person online, they will jack up your Internet bill by a thousand dollars and there's nothing you can do about it but cancel your ISP contract. And they will do it using compromised machines, charging those computer owners as well.
CPU benchmarks: [...] So, basically, your machine will be imperceptibly slower if you want all the whiz-bang 3D and transparency of Vista's UI. Go figure.
Sure, if your entire computing experience is high-CPU usage calculations like prime number searching or transcoding movies.
Much more important in real computer use will be disk I/O and hard page faults. When your computer feels sluggish it's probably because it's swapping in from disk. Vista definitely loses a lot of performance simply by taking much more RAM for itself. This causes more page faults and more disk I/O due to the disk cache being smaller (unused RAM = disk cache).
Graphics performance suffers in Vista because graphics is virtualized. Drawing doesn't go directly to the framebuffer so that effects like Windows-Tab are possible. (Mac OS does the same thing for similar reasons.)
Note that I'm not criticizing the reasons Microsoft did these things.
2. 64 bit support. Microsoft has willfully hamstrung Vista 64 by not providing compatibility with 32 bit drivers, and by making the Vista 64 driver model more restrictive than the Vista 32 bit. If you look at Apple's systems, they have a much better model where 32 bit drivers work *fine* on a 64 bit system. There's no reason your video card driver needs to be 64 bit anyway...
Windows NT makes the fundamental assumption that kernel mode programs have direct access to user-mode memory. The kernel is in the same address space as user-mode programs. Kernel drivers can directly read user-mode parameters from the same address that was passed in from user mode. This offloads parameter checking from software to the CPU's page table, a nice performance increase.
This prevents 32-bit drivers from ever being possible in NT. A 64-bit user program would pass in a 64-bit pointer in an ioctl and a 32-bit driver would have no way of accessing that address. The kernel can't translate because it does not know what ioctls mean, and they can contain pointers.
In contrast, Darwin's kernel has a separate address space for user mode and kernel mode. Switching between user mode and kernel mode is a full page table reload, and access to user memory from the kernel is done through special accessor functions. This is a additional cost to kernel calls in Darwin compared to NT.
As for video card drivers not needing to be 64-bit... The extra 8 general and 8 SSE registers do help in the inner loops written in assembly language for some operations that the cards don't support directly.
By the way, have you heard of Windows XP x64 Edition?
Another problem that's probably sure to bite Adobe is that you cannot unload DLLs that contain Objective-C code. Once a DLL/dylib/bundle with Objective-C code is loaded, it is stuck until process termination. If a Carbon application has GUI code within DLLs that are dynamically loaded and unloaded, it will take a *lot* of re-engineering to fix it. 64-bit programs can't use the GUI without Objective-C.
hmm, or maybe do it sooner, and then toss Cheney out for lying as well, preferably on the same day.
How do you remove someone who would preside over their own impeachment trial?
In the United States Constitution, the president of the Senate presides over impeachment trials of anyone but the President. The Vice President both is not the President and is the president of the Senate. If he were present at his own trial, he would preside over it.
Even if the courts would interpret this bug out of the Constitution, by deciding that the "president pro tempore" should preside, the fight would last longer than January 20, 2009.
Microsoft actually remade a critical system call, NtCreateProcess(), explicitly because of DRM. Translated to the UNIX world, this would be like redesigning fork() from scratch just to protect VLC from being debugged.
Prior to Vista, NT had a "create process" mechanism differing in design from most other operating systems. NtCreateProcess() creates an empty process with nothing in it other than the new.exe file and ntdll.dll. No initial stack, no main thread. The parent process actually uses the debugging API to inject them into the new process. Even the the environment and current directory are injected this way.
This worked well until Vista. In Vista, their DRM system had a problem: they didn't want anyone to be able to debug audiodg.exe, but the parent process had to be able to debug it in order to start it. The solution? Redesign the entire process creation system such that the kernel does all the initial process creation procedures so that the parent does not have control over the child if it is a "protected process". Hence, NtCreateUserProcess() was born.
For those that don't believe that this change was for DRM, I offer proof in the form of a Microsoft kernel developer on video explaining it.
This one is quite simple - it's digital signature checking. Before UAC shows that dialog box, it does a digital signature check of the installer.exe file. Well, that file is 400 megabytes. This digital signature lets it warn you if you're trying to invoke an unsigned program with high privilege.
The reason it takes so long is that it maps the entire file linearly into memory to hash it. Such a large mapping gets demand-loaded, which for a linear scan is very slow.
The workaround is actually quite simple. Run Command Prompt as Administrator, then run the installer from there. The signature check will be on cmd.exe instead of a 400 meg file.
Win32 does not have a way to fork a process, but NT does. Passing a NULL image handle to NtCreateProcess() is similar to calling fork(), cloning the memory space as a new process. The NT kernel supports a lot of system calls that are not exposed through Win32, and it's a shame. The NT API is much more elegant and self-consistent than the Win32 wrapper, yet it's the officially undocumented one.
NT is almost a superset of the features of Linux. There are only a few concepts that don't exist in NT, like signals.
Is there something in SP3 that will magically fix the stupidity of users or will it patch the Windows kernel with a Linux kernel?
No, but at least it will be harder for attackers to exploit them. There is a finite number of exploitable bugs in Windows XP and Internet Explorer, and since few new features are being added, few new bugs are being added.
Microsoft needs to get their new service pack out the door. No, I don't mean Vista SP1. Microsoft needs to get XP SP3 out. So many people think Windows Update is some silly annoyance that Microsoft threw in there for who knows what. They never heed the requests to install updates and reboot, since that takes so long. Then when their machine slows to a crawl with adware, they ask us to fix them. And in other cases, their computers join a botnet and spam us all.
XP SP3, on the other hand, can have marketing support behind it. Articles can talk about it and how to install it, and people won't get so annoyed at a one-time installation. XP SP3 includes fixes for the still-quite-popular ADODB.Stream and animated cursor exploits, and at this point, finding browser exploits is getting into diminishing returns. Now that Microsoft cares, Windows is having its code audited much more thoroughly than when XP SP2 was made.
Service packs also give Microsoft an opportunity to release fixes for security holes found internally, since service packs are so different from the previous version. If they patched holes quickly like Firefox does with incremental patches, they'd be revealing those holes to attackers armed with machine code diff programs.
The court order doesn't seem to say why exactly the order was given. It's not even clear whether the order is because the statements are libelous, or because they are in breach of trade secrecy. Maybe the statements are simply false?
The farther out you make a projection, the less likely it is to be true.
I predict that the Sun will become a white dwarf within 10,000,000,000 years. Predicting 10 billion years instead of 5 billion years actually makes it more likely to be true.
It seems that the fundamental problem with DNS poisoning is that the token field of DNS packets is too short to prevent a brute-force or birthday attack. The long term solution is definitely a solution involving certificates, but I think that there might be a short-term solution.
Can a DNS request ask for two domains at once? If so, I think that this sort of attack could be blocked without having to upgrade all servers at once.
In addition to your normal request, you could ask for the IP address of "jl39dl9z.bogus.dns". When the reply comes back, it will naturally say that "jl39dl9z.bogus.dns" does not exist. The garbage name would be used as an additional token - that the server replied with it at all shows that the correct DNS server received the packet and replied. An attacker wouldn't be able to guess it.
Am I totally wrong about this? I don't know the actual DNS protocol.
It is insanely difficult to drive a car. There is so much information to process in real time. Computer drivers aren't even close to true driving ability. But for us, driving is easy: it doesn't take too many hours behind the wheel before the average human gets the hang of it.
I think the reason is its user interface. When driving a car, the brain is using its innate knowledge of physics and object recognition in much the same way as natural transportation (walking). The user interface of a car does a great job in mapping something humans are good at to accomplishing the task at hand. Few other technological devices get this right.
This sort of study shows how much instinct plays into learning. When trying to do a task where the rules are very different from natural history, like driving a submarine or writing a C program, learning is difficult and the final result is clumsy at best.
Slashdot Mirror
President Bush is the CEO of a large corporation called the Executive Branch. Failing to tell the CEO before a major announcement is bound to get you in trouble. I'm more worried about Mr. Bush quashing or modifying the announcement for religious compliance.
And we all know that someone does deserve to be fired; unfortunately, we have to wait until January for that.
Because I've got a date with the Xbox public key.
How non-compete agreements ought to work is that they can prevent you from getting a competing job, but they have to pay your salary during this period. This would prevent damage to a worker's livelihood when a company invokes these, and provide a monetary disincentive to invoking a privilege that is damaging to the industry.
Not that I expect this to happen...
That statement is quite correct. The plugs have arrows pointing in both directions.
Is there a way to suppress specific valgrind uninitialized memory warnings without having to clear the buffer (and potentially mess up other code)? Some of my code has the same problem - valgrind whines when I encrypt a block of uninitialized memory, even though the numbers are intended to be random.
Since I'm sure you're not talking about what svn blame gives you, what do you mean exactly?
I think the parent is referring to the problem that when you merge, "svn blame" reports the merge itself as the origin of the changed lines rather than where they came from originally. It makes it difficult to know who really made those changes.
This would give a lot of power to script kiddies. If you piss off the wrong person online, they will jack up your Internet bill by a thousand dollars and there's nothing you can do about it but cancel your ISP contract. And they will do it using compromised machines, charging those computer owners as well.
Sure, if your entire computing experience is high-CPU usage calculations like prime number searching or transcoding movies.
Much more important in real computer use will be disk I/O and hard page faults. When your computer feels sluggish it's probably because it's swapping in from disk. Vista definitely loses a lot of performance simply by taking much more RAM for itself. This causes more page faults and more disk I/O due to the disk cache being smaller (unused RAM = disk cache).
Graphics performance suffers in Vista because graphics is virtualized. Drawing doesn't go directly to the framebuffer so that effects like Windows-Tab are possible. (Mac OS does the same thing for similar reasons.)
Note that I'm not criticizing the reasons Microsoft did these things.
Windows NT makes the fundamental assumption that kernel mode programs have direct access to user-mode memory. The kernel is in the same address space as user-mode programs. Kernel drivers can directly read user-mode parameters from the same address that was passed in from user mode. This offloads parameter checking from software to the CPU's page table, a nice performance increase.
This prevents 32-bit drivers from ever being possible in NT. A 64-bit user program would pass in a 64-bit pointer in an ioctl and a 32-bit driver would have no way of accessing that address. The kernel can't translate because it does not know what ioctls mean, and they can contain pointers.
In contrast, Darwin's kernel has a separate address space for user mode and kernel mode. Switching between user mode and kernel mode is a full page table reload, and access to user memory from the kernel is done through special accessor functions. This is a additional cost to kernel calls in Darwin compared to NT.
As for video card drivers not needing to be 64-bit... The extra 8 general and 8 SSE registers do help in the inner loops written in assembly language for some operations that the cards don't support directly.
By the way, have you heard of Windows XP x64 Edition?
Another problem that's probably sure to bite Adobe is that you cannot unload DLLs that contain Objective-C code. Once a DLL/dylib/bundle with Objective-C code is loaded, it is stuck until process termination. If a Carbon application has GUI code within DLLs that are dynamically loaded and unloaded, it will take a *lot* of re-engineering to fix it. 64-bit programs can't use the GUI without Objective-C.
How do you remove someone who would preside over their own impeachment trial?
In the United States Constitution, the president of the Senate presides over impeachment trials of anyone but the President. The Vice President both is not the President and is the president of the Senate. If he were present at his own trial, he would preside over it.
Even if the courts would interpret this bug out of the Constitution, by deciding that the "president pro tempore" should preside, the fight would last longer than January 20, 2009.
If you treat kids like criminals, don't be surprised when they start acting like criminals.
If they get to change one letter of Obama's last name in order to make a comparison, I get to change one letter of Huckabee's.
Microsoft actually remade a critical system call, NtCreateProcess(), explicitly because of DRM. Translated to the UNIX world, this would be like redesigning fork() from scratch just to protect VLC from being debugged.
.exe file and ntdll.dll. No initial stack, no main thread. The parent process actually uses the debugging API to inject them into the new process. Even the the environment and current directory are injected this way.
Prior to Vista, NT had a "create process" mechanism differing in design from most other operating systems. NtCreateProcess() creates an empty process with nothing in it other than the new
This worked well until Vista. In Vista, their DRM system had a problem: they didn't want anyone to be able to debug audiodg.exe, but the parent process had to be able to debug it in order to start it. The solution? Redesign the entire process creation system such that the kernel does all the initial process creation procedures so that the parent does not have control over the child if it is a "protected process". Hence, NtCreateUserProcess() was born.
For those that don't believe that this change was for DRM, I offer proof in the form of a Microsoft kernel developer on video explaining it.
This one is quite simple - it's digital signature checking. Before UAC shows that dialog box, it does a digital signature check of the installer .exe file. Well, that file is 400 megabytes. This digital signature lets it warn you if you're trying to invoke an unsigned program with high privilege.
The reason it takes so long is that it maps the entire file linearly into memory to hash it. Such a large mapping gets demand-loaded, which for a linear scan is very slow.
The workaround is actually quite simple. Run Command Prompt as Administrator, then run the installer from there. The signature check will be on cmd.exe instead of a 400 meg file.
What about RSA, LZW, LZS and MP3?
Win32 does not have a way to fork a process, but NT does. Passing a NULL image handle to NtCreateProcess() is similar to calling fork(), cloning the memory space as a new process. The NT kernel supports a lot of system calls that are not exposed through Win32, and it's a shame. The NT API is much more elegant and self-consistent than the Win32 wrapper, yet it's the officially undocumented one.
NT is almost a superset of the features of Linux. There are only a few concepts that don't exist in NT, like signals.
As for Linux, are things really much different?
Microsoft needs to get their new service pack out the door. No, I don't mean Vista SP1. Microsoft needs to get XP SP3 out. So many people think Windows Update is some silly annoyance that Microsoft threw in there for who knows what. They never heed the requests to install updates and reboot, since that takes so long. Then when their machine slows to a crawl with adware, they ask us to fix them. And in other cases, their computers join a botnet and spam us all.
XP SP3, on the other hand, can have marketing support behind it. Articles can talk about it and how to install it, and people won't get so annoyed at a one-time installation. XP SP3 includes fixes for the still-quite-popular ADODB.Stream and animated cursor exploits, and at this point, finding browser exploits is getting into diminishing returns. Now that Microsoft cares, Windows is having its code audited much more thoroughly than when XP SP2 was made.
Service packs also give Microsoft an opportunity to release fixes for security holes found internally, since service packs are so different from the previous version. If they patched holes quickly like Firefox does with incremental patches, they'd be revealing those holes to attackers armed with machine code diff programs.
The court order doesn't seem to say why exactly the order was given. It's not even clear whether the order is because the statements are libelous, or because they are in breach of trade secrecy. Maybe the statements are simply false?
I predict that the Sun will become a white dwarf within 10,000,000,000 years. Predicting 10 billion years instead of 5 billion years actually makes it more likely to be true.
It seems that the fundamental problem with DNS poisoning is that the token field of DNS packets is too short to prevent a brute-force or birthday attack. The long term solution is definitely a solution involving certificates, but I think that there might be a short-term solution.
Can a DNS request ask for two domains at once? If so, I think that this sort of attack could be blocked without having to upgrade all servers at once.
In addition to your normal request, you could ask for the IP address of "jl39dl9z.bogus.dns". When the reply comes back, it will naturally say that "jl39dl9z.bogus.dns" does not exist. The garbage name would be used as an additional token - that the server replied with it at all shows that the correct DNS server received the packet and replied. An attacker wouldn't be able to guess it.
Am I totally wrong about this? I don't know the actual DNS protocol.
Cox is still overriding irc.mzima.net on my cable modem to point to some weird script. I still have to use its IP to get on it.
It is insanely difficult to drive a car. There is so much information to process in real time. Computer drivers aren't even close to true driving ability. But for us, driving is easy: it doesn't take too many hours behind the wheel before the average human gets the hang of it.
I think the reason is its user interface. When driving a car, the brain is using its innate knowledge of physics and object recognition in much the same way as natural transportation (walking). The user interface of a car does a great job in mapping something humans are good at to accomplishing the task at hand. Few other technological devices get this right.
This sort of study shows how much instinct plays into learning. When trying to do a task where the rules are very different from natural history, like driving a submarine or writing a C program, learning is difficult and the final result is clumsy at best.
More like less than a second on 3 GHz P4 (although this only has minute granularity):
(22:10) gp > p=nextprime(random(2^64))
%1 = 6011673201679823947
(22:11) gp > q=nextprime(random(2^64))
%2 = 6987193563793194751
(22:11) gp > factorint(p*q)
%4 =
[6011673201679823947 1]
[6987193563793194751 1]