Slashdot Mirror


User: tlambert

tlambert's activity in the archive.

Stories
0
Comments
5,097
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,097

  1. Re:ACL bug, root cause on How Mac OS X, 10 Today, Changed Apple's World · · Score: 1

    AC is correct in the explanation. I'd only add that application bundles generally include their own copies of all their components these days, including non-Apple-supplied libraries and frameworks. This cuts down the arguing between things considerably, since everyone is running off private copies these days. In general, the only place you will have problems is where someone tries to share code, as in macports or similar package distribution systems that don't take the bundle approach.

    -- Terry

  2. ACL bug, root cause on How Mac OS X, 10 Today, Changed Apple's World · · Score: 4, Informative

    I don't know whether to laugh or cry... I used to maintain the ACL code in the Mac OS X kernel. This is a user-space bug in the DesktopServices framework.

    Although this is not usually a problem, since only foolish/untrained administrators use Finder copies on systems being used as servers, I tried several times to get the Desktop Services folks to fix this. Mac OS X has multiple "copy engines", and the one in libc gets this right, while the one in the DesktopServices framework gets this wrong.

    The problem is that the finder "copy engine" code sets an ACL in the openx_np() system call, rather than using the chmodx_np() system call after the fact to set an explicit ACL. The ACL it passes to openx_np() is obtained from the source file system object via getattrlist() (but could as easily have come from statx_np()). So the ACL being set is the combination of the ACL set explicitly by the openx_np(), and the ACL being set as a result of the inheritance bit on the container directory in which the new file or directory is being created.

    This is in fact necessary, since the only way to make image backups of a subtree such that the copied subtree has exactly the same permissions in the target subtree as it had in the source subtree is to set *all* of the ACLs that were on the source object onto the target. Anything else loses permissions grants or denials on the copy of the object which were present on the original. This is either inconvenient, in the case of grants, or a critical security bug, in the case of denials.

    You can also see where this would be a necessary step for a backup/restore operation, where the date is serialized into an archive format on the backup, and deserialized back into the file system on a restore, which could be a partial archive restore.

    Things can get even more complicated when Time Machine and Spotlight are thrown into the mix, since Spotlight adds inherited ACEs to permit it to index directory contents that would otherwise be denied it by ACL, as does Time Machine (for some reason, they do not share a common group ID and utilize a single shared system functionality ACE, but I digress...). Likewise Time Machine sets an inherited ACE on its backup volume, for similar reasons.

    The correct fix is to do ACE deduplication in the case that the target directory container has inherited ACE entries which match the ACE entries on the source object, and remove duplicates from those explicitly listed in the openx_np() call. The alternative approach is to explicitly set exactly the desired ACL on the target after the target is created -- this has the drawback that you would need to explicitly know the container ACLs inherited ACE list in order to aggregate it yourself, but has the advantage that you won't be denied access to the object during creation if your openx_np() ACL contains explicit rights grants for the group or user that the creating entity runs under (this should be coupled with a subsequent "deny everyone" ACE to avoid a security race, which makes this the less desirable workable solution).

    Note that the above should make it obvious why a depth-first post-application of ACLs on copied objects wouldn't work; apart from the security problems in the order of operation window, network protocols such as AFP and NFSv$ and SMB all use connection credentials rather than request credentials (NFSv3 uses request credentials), and even privileged users do not have access to other users keychains or session passwords in effect for a given copy operation.

    -- Terry

  3. Phil Karn's KA9Q and MIT PC/IP both predated it on Trumpet Winsock Creator Made Little Money · · Score: 3, Insightful

    Phil Karn's KA9Q and MIT PC/IP both predated it. MIT PC/IP was commercialized into FTP Software, Inc., and supplied Microsoft in 1996.

    http://www.ka9q.net/
    http://en.wikipedia.org/wiki/FTP_Software

    I remember Bob Wallace, founder of Quicksoft, author of PC-Write, and pretty much the inventor of shareware marketing, despite Andrew Fluegelman releasing PC-Talk first. Bob was one of the few people who "got it", although the software industry has ironically not recovered from his usability choices.

    It was a conversation at a conference in the 1980's. Bob said "I don't sell software; software is all up here", motioning with his hands around his temples; "I sell manuals".

    Bob did this by putting enough functionality in his product that people felt it was worth paying for, and he made it obscure enough that it really was not that useful without a manual, and he sold manuals cheaply enough that it was easier to buy them (and get a disk at the same time) than it was to print them out on tractor feed fan-fold paper.

    Software still hasn't recovered its usability from the intentional/unnecessary complexity caused by shareware authors. The problem for Trumpet Winsock was it pretty much had nothing to sell beyond what was available already, and it didn't have anyone over a barrel for documentation. I made the same mistake with my own shareware once upon a time, and made pretty much nothing on it as well. Live and learn.

    -- Terry

  4. Hi, Mr. Dinosaur! on IT Graduates Not "Well-Trained, Ready-To-Go" · · Score: 1

    Hi, Mr. Dinosaur!

    The Mesozoic Era just called, and they want their technology back.

    As long as you are not too busy, tell COBOL the Palaeozoic Era is still waiting at the restaurant, and is pretty drunk on wine from being stood up for their date, and needs someone to come help her into a cab.

    --

    This so sounds like a bunch of companies complaining that they can't get people to maintain old code...

    -- Terry

  5. The original site aimgroup sells eBay classifieds on Study Calls Craigslist 'a Cesspool of Crime' · · Score: 1

    http://aimgroup.com/about-3/what-were-reading/

    Astroturfing by someone who can't compete any other way.

    -- Terry

  6. First Amendment issue? on 'No Refusal' DUI Checkpoints Coming To Florida? · · Score: 1

    http://www.ncbi.nlm.nih.gov/pubmed/1262518

    Title: "Jehovah's Witnesses and human tissue donation."

    Abstract: "Because of their religious beliefs members of the Jehovah's Witnesses sect do not permit human tissue donation, not even such a routine and life-saving procedure as blood transfusion. A group of 30 adult Jehovah's Witnesses was compared with groups of donors and nondonors on a variety of personality measures. Donor status is associated with a well-integrated body image and acceptance of mortality, while nondonor status correlates with a less-well-integrated body image, concern about body integrity, and anxiety about death. However, while Jehovah's Witnesses vigorously oppose human tissue donation they appear to do so on strong religious grounds rather than because of personal anxiety and thus are dissimilar to non-donors at large."

    Sure seems like another church could be slightly less strenuous on the same grounds, perhaps by adding the word "involuntary"... anyone else thinks the Pastafarians should add this doctrine to their cannon? Just Saying...

    -- Terry

  7. Can't the Mozilla dumbasses call the seatbelt API? on Apple, Microsoft, Google Attacked For Evil Plugins · · Score: 1

    Can't the Mozilla dumbasses call the seatbelt API?

    Sorry to be so blunt about this, and I'm not being an apologist, especially since I don't work at Apple anymore...

    I must be missing something; there's an API for this already; why isn't Mozilla using it?

    -- Terry

  8. Buy television sets on US Army Unveils 'Revolutionary' $35,000 Rifle · · Score: 1

    .$400 million is nothing. If it keeps US soldiers alive and healthy, it might even save costs in medical care over a lifetime. One of the biggest military expenses is people, active and retired.

    Of course buying big screen televisions for the barracks in Camp Lejeune and not sending them to Iraq or Afghanistan in the first place would probably keep them even safer.

    -- Terry

  9. Redaction of names by NY Times/Wikileaks on WikiLeaks Under Denial of Service Attack · · Score: 1

    How about this, wikileaks goes through every page of the report with the help of multiple well established news organizations redacting names of informants.

    This will not work.

    The economics of news papers these days is such that they can do very little fact checking/redacting/processing of the news information they are handed by wire services and other sources (such as Wikileaks) due to the reduction in budgets which has arisen as dead-tree subscribers have dwindled and their margins have shrunk to near-nothing.

    Online subscribers don't tend to work in that economy either, since, at a minimum, it's become a lowest-bid arena, and aggregators who accept advertising (e.g. google, yahoo, msnbc, etc.) will typically put wire services releases up for free.

    Wkileaks very much resembles "yet another wire service" to the industry these days.

    -- Terry

  10. Not bombing is not really an option on WikiLeaks Under Denial of Service Attack · · Score: 1

    Unpopular post time...

    To give an analogy, do you think the civilians on a US aircraft would permit a takeover after 911, given what happened when a takeover was allowed?

    I think bombing is far more likely to result in the civilians shunning the insurgents, rather than allowing themselves to be used as cover/hostages.

    I know if someone with a box cutter was on my aircraft attempting to take over, I'd rush him, even though I was unarmed, since even a 30% chance of living through it beats a 100% chance of dying from doing nothing as we all fly into the side of a building.

    So you send the message: "Places where there are insurgents will be bombed". It may not be a perfect solution, but it's the best one the US has been able to come up with so far.

    If you have better ideas, you should contact the Brookings Institute or another think tank whose games theorists are the ones setting US strategic policy via their advice.

    Remember, though, that those are the guys who got us through the cold war without everything going up in mushroom clouds, so you'd better be sure you are smarter than they are first.

    -- Terry

  11. The AC is correct in this case on Why Unlocked Phones Don't Work In the US · · Score: 1

    All you have to do is rewrite the baseband radio tables. There are radio tables available for use in the iPhone that allow use on T-Mobile networks.

    The iPhone antenna is not so optimized for the AT&T frequences that it can't work in the T-Mobile frequency ranges, despite what the article is claiming here.

    -- Terry

  12. Brilliant! Wait!!!! on A Decade of Agile Programming — Has It Delivered? · · Score: 1

    Then you aren't breaking the tasks down into small enough parts.

    How do you incrementally rewrite a VM system?

    -- Terry

  13. I have no idea what history you're reading... on China Now Halting Shipments of Rare Earth Minerals To US · · Score: 2, Informative

    I have no idea what history you're reading...

    On July 24, 1941, Japan occupied French Indo-China (Vietnam, Cambodia, Laos).

    On July 26, 1941, F.D.R. froze all Japanese assets in the U.S. and embargoed all trade with Japan, including sales of oil and scrap metal.

    On November 20, 1941, Japan gave a list of demands to Washington, including thawing the frozen assets, resuming full trade relations, and U.S. aid in obtaining supplies from the Dutch East Indies. U.S. Secretary of state Hull made a counter-proposal involving Japan withdrawing their occupation and signing a non-agression pact. Japan asked for two weeks to consider the proposal.

    On November 26, 1941, Japan dispatched the carrier fleet which would stage the attack on Perl Harbor.

    World War II on the Pacific Theatre was definitely about resources.

    -- Terry

  14. "genuinely based on real belief in the value" on Norwegian Day Traders Convicted For Manipulating Computer Trading System · · Score: 4, Insightful

    But here's the thing, their behavior wasn't honest or genuinely based on real belief in the value of the stocks.

    So... the traders didn't act genuinely based a real belief in the stocks. Unlike the computers that ran the automated trading at the firm, which obviously act geuinely on their real belief in the stocks they are trading, because, well, everyone knows computers are always scrupulously honest.

    -- Terry

  15. In Related News... on iPhone 4 Screens Break 82% More Than 3GS · · Score: -1, Redundant

    In Related News...

    That percentage increase approximates the relative ratio of iPhone 4's vs. iPhone 3GS's being sold.

    Nothing to see here, move along...

    -- Terry

  16. "Why allow them?" on Reuters Ends Anonymous Comments · · Score: 2, Interesting

    "Why allow them?"

    Seriously, why allow them? Just get a damn account. It takes seconds and you can use a pretend name if you're worried that people are going to sue you for leaking secrets or whatever.

    I believe the rationale is that registration requires verification with an email address, and email addresses are not quite as disposable, and leave a subpoena-able trail that can be used to pierce the veil.

    At the very least, there is an audit trail by IP address that leads to an audit trail that eventually leads to you.

    If you're posting from a repressive regime, such as China, Iraq, North Korea, or (some would claim) the United States, this might concern you.

    -- Terry

  17. what "made for iPhone" means: on Apple Reportedly Heading Off iPhone 'Glassgate' · · Score: 1

    what "made for iPhone" means:

    What the crap is "made for iPhone" supposed to mean if not "we've tested it and it works as advertised"?

    It applies only to electronic accessories:

    http://developer.apple.com/programs/mfi/

    It means that the accessory is sufficiently shielded to protect it from electronic noise when the device is in operation. Pretty much any cell phone will cause electronic interference when placed on top of an AM radio, and on an unshielded amplification circuit in, for example, an alarm clock, GSM devices will cause clicking and buzzing.

    For cases, it's pretty much meaningless, and it's not a licensed use (which is why there's no little picture with it on the packaging). The people who put the phrase without the trademarked logo are being disingenuous.

    There's a reason you don't see third party iPhone and iPad cases in Apple stores.

    -- Terry

  18. I don't know anyone who suggested 64 bit Carbon... on Against Apple, Ballmer Floats Microsoft Merger With Adobe · · Score: 1

    I don't know anyone who suggested 64 bit Carbon...

    It was pretty obvious to me that you couldn't jam a 64 bit inode and a 128 bit volume UUID into a file manager binary file format that could only store two 32 bit values.

    But then, I can do math.

    -- Terry

  19. Given that Adobe hasn't upgraded to Cocoa on Against Apple, Ballmer Floats Microsoft Merger With Adobe · · Score: 2, Insightful

    Given that Adobe hasn't upgraded to Cocoa precisely because they don't want to orphan people's libraries of existing photoshop plugins (which Adobe is terrified might cause them to switch to a different piece of software, if they're going to have to re-buy everything anyway), I doubt people will switch to a different OS and force that same re-buy on themselves voluntarily.

    Microsoft has crippled Office on the Mac by not providing MS Access and binary compatible automation piece to let people build their own groupware out of it, but it's unlikely they would do the same to Photoshop. They are far far more likely to introduce a "Flash II" product *cough* Sliverlight *cough*, which is basically the same thing they did when they introduced Microsoft Money.

    -- Terry

  20. The iPhone already supports 1900MHz on Verizon, 4G and iPhones · · Score: 1

    The iPhone already supports 1900MHz; if it didn't, it would not work in Brazil or large sections of Europe, which require dual-band phones.

    http://www.apple.com/iphone/specs.html

    So T-Mobile Edge support would be a carrier package load, which is a software-only change. The problem with 1900MHz is you need roughly twice as many towers to cover the same geographic area, which has been deployed in Europe, but less so in the U.S..

    I personally don't think T-Mobile is likely, but I think Verizon is even less likely. I think this is wishful thinking by two guys at the Wall Street Journal.

    -- Terry

  21. Me too, but not for the same reasons on Nokia Paying $10M For Symbian Software Devs · · Score: 3, Insightful

    Me too, but not for the same reasons

    The problem is that they are coming very late to the "applications game", and they are trying to fit those applications on legacy devices with vastly differing capabilities from one another.

    The reason Apple has been so successful here is that all of its devices have similar capabilities and screen resolution, so there is a common baseline for all of the applications to assume, and so from that you get applications capable of using the device capabilities better, rather than scaling back and having the "minimum" UI.

    Even the one where the screen resolution is a bit off in "twice as big" mode, the iPad, is "close enough" that the applications for the other devices don't have a problem running with it. Going the other direction, Apple is going to start having a few problems, as people write specifically to the iPad capabilities. The aspect ratio isn't similar enough for "twice as small" to fit those applications on an iPhone/iPod screen. I expect that what will happen is that Apple will normalize the aspect ratio between the devices by changing the next iPhone/iPod to have the same aspect ratio to make the conversions "work".

    Android faces similar issues to the legacy systems, which is lack of a standard minimum spanning set -- android doesn't dictate screen resolution, touch (or keyboard) capability, and so on. So Android isn't going to do any better in the applications market than Nokia, unless they address these issues so that the applications experience is actually good for the customer between devices.

    Without requiring this sort of standardization of the application operating environment, the customer is stuck trying to figure out how to pick applications that will run on their devices and/or the developer is stuck porting (and testing) on a zillion devices to certify their application compatible, or (more likely), both happen. If so, you only get applications markets that are device-specific, and the developers (those which are willing to be developers in such an environment) will tend to target only the most popular devices to maximize their market size while minimizing their development outlay.

    And this is exactly the same problem that a proliferation of APIs and kernel versions and so on have caused for the BSDs and Linux distributions which have largely kept the commercial software players away from trying to sell into those markets (hence things like "no iTunes for Linux", and Adobe specifically targetting one browser and one Linux distribution with their plugins).

    -- Terry

  22. My point is... on Big Brother In the School Cafeteria? · · Score: 1

    My point is... that a state or committee-dictated healthy diet is impossible to arrive at universally, even if you throw out Kosher/Halal and other cultural and religious considerations out the window. Dictating the foods kids do or don't eat because of some arbitrary opinion on what constitutes "healthy" is doomed to failure.

    -- Terry

  23. Wow, you just named a lot of allergens! on Big Brother In the School Cafeteria? · · Score: 2, Insightful

    Wow, you just named a lot of allergens!

    I know someone allergic to lettuce. I dated someone who was allergic to fish. A lot of people are allergic to legumes. Almonds are a common allergen, as are most tree nuts.

    Google can find you examples of famous people with allergies to every one of those things you mentioned.

    -- Terry

  24. It turns out manual labor is not a growth industry on US Spends $11M To Kick-Start Video Search · · Score: 1

    Plus we haven't got any WPA style programs going to help those out of work earn their keep

    It turns out manual labor is not a growth industry.

    Most of the WPA and similar projects built too well, and they are still around and in active use. FDR's "alphabet soup" of the depression era "New Deal" was predominantly manual labor, and did things (the CCC) like turning 84,400,000 of wetlands into farmland . Other major agencies were the PWA, CWA, and TVA. We're currently tearing down a number of PWA dams because of their threat to salmon breeding. The CWA cost $1B over the 5 months it existed (that's $1B 1933 dollars). The TVA is still around, as the largest public power company in the U.S, and are the single largest operator of dirty coal-fired power plants outside of China.

    -- Terry

  25. American Sign Language on Touchless Gesture User Interfaces · · Score: 1

    American Sign Language

    Apparently it is not high enough resolution that it would allow you to use ASL for input. It looks like cameras are still the best gesture input devices.

    -- Terry