C isn't the problem, people that use C without knowing what they are doing is. No programming language can prevent stupid programmers for making mistakes that can potentially be exploited. But C has the advantage is that those stupid programmers very often don't manage to get a compiling / working program at all, sparing us the security risk
I disagree. Making a program that exploits security holes to perform actions on a computer without permission is bad, but if the actions actually benefit the victim they are "less bad" (tm) than eg a worm performing a DDOS attack.
But since there is a risk that even a "well intentioned worm" will cause problems (bugs, increased network traffic) they are a bad thing too.
In a perfect world there would be no worms because noone cares to write them (and there are no holes to exploit). In our less than perfect world I'd prefer worm writers to be well intentioned but misguided (white hat) over malicious (black hat)
The people that would want to write white hat worms should instead redirect their efforts into making free (as in beer and/or freedom) virus/worm scanners software firewalls and other security tools. That'd be a much better way to show how "1337" they are
I see a new arms race coming up. "White hat" virus/worm writer vs "Black Hat" virus/worm vriters.
Or perhaps it was just that one of them finally realized that to make headlines (and get the attention that these guys seem to crave for) it had to be different from the rest. Since worms usually cause damage, what better way to be different than by fixing damage
Or perhaps it's simply microsofts latest patch distribution strategy. "We use our holes to patch our holes". (So they're not bugs, just an update distribution feature)
What would be great was if every linux user out there gave $699 to the legal protection for Open Source fund (that RedHat started )instead. Or maybe not $699 but whatever they think the continued freedom of linux is worth, and indicate in their donation that it's a direct result of SCOs demands. I'm pretty sure that if the sums were added up the fund would get more money than SCO would
The day SCO can legally get my money if I use linux is the day I investigate other options, like BSD or the Hurd or OS X or something. Unless I give up computers and go to hell to be a figure skater.
Will the choice of the user be remembered using a cookie?
It can be done, the first time you visit the site you can get three alternatives:
Allow all cookies
Allow the one specific cookie that tells the system you don't want the others
Allow no cookies
If you choose the last alternative you'll have to answer the question again everytime you visit the site. Unless using a bookmarked url will give the information to the server (eg you are redirected to nocookies.example.com when using the third link)
They expose API's so that hardware manufacturers can develop their own drivers.
Then it's an error in requirements or design. The requirement should have been something like "There shall be an API so that third parties can create hardware drivers, but the api shall be made so that these drivers cannot crash the system". And it should have been designed around that. I don't know if anything like that is even possible with the hardware architecture so this is probably just me dreaming
If there are X number of known released bugs, it's likely to be Y less expensive.
That depends. If there is competition it's likely to be correct, if there isn't you may get away with charging whatever you like.
But if it's a requirement that the software should be bug free the price tends to skyrocket. (Think hospital systems, space, planes, telecoms, pretty much anything where lives or lots of money are at stake)
So you believe the fact that there was no bug that could be exploited to compromize security means that there are no bigs at all?
There are bugs and there are bugs. There is/was a problem in mozilla mail that meant I couldn't use ? as a character in the name of a mail folder, but it let me create a folder with ? in the name. I can't imagine how that could be used to compromize security so if mozilla had a guarantee similar to the one you linked to it wouldn't count. This bug probably wouldn't be high priority to fix (all I had to do was to avoid the ? character in folder names) since it didn't prevent the program from working
What I'm trying to say is that there are bugs that will never be found because they don't cause problems (e.g if your browser displays a line that's supposed to be 50pt font in 51pt, would you ever notice? does it really matter?) , but it's still a bug.
and the RIAA need look further than the European Commission for THEIR lessons
Well a few of these are already taken care of, champagne and cognac are already trademarked by the bubbly producers organization in the french region champagne and the distilleries in cognac. But ut makes sense from a consumer point of view, if I buy parma ham I expect not only to get ham, but to get ham from pigs that have been fed in a very specific way (which gives it the special flavor), if the canadian ham is the same it's ok by me, but denying the ham producers in parma use of the name is stupid. It would be the same as if someone trademarked the terms "brazilian coffee" or "french roast"
While the name itself provides no value it lets me know (whithout having to do a lot of checking) what I'm getting, and for the sake of consumers it should be resticted who can use it. If I buy "brazilian coffee" I expect it to come from brazil, in if they say it's "french roast" I expect it to have been treated in a certain way
If you're referring to the same thing as swatch "internet time" (by another name) it failed because noone wants to learn a new time system. But if they had divided the day into 1024 ticks instead of 1000 it would atleast have had some geek appeal, and might have been used in a niche culture atleast.
I understand what the parent's command does, but what does exec true added to the profile do?
It execs (replaces the shell with) true (a program that does nothing besides returning 0 indicating success)
The effect would be that the shell that runs/etc/profile for you will be gone. I believe the effect will be that noone can login and you'll have to boot to runlevel 1 to fix it, but I'm not about to try it and see.
The post is essentially true, not having any users logged on will improve performance:)
it must be converted into an editable format first
That's wrong. What we're talking about here is a system that recognizes a DVD and looks at its (the systems not the dvds) data (probably downloads it from somewhere) and then automatically fastforwards past the bad parts. How does noting that minute 25-27 contains sex require access to the data on the dvd? All you need is a player and a notepad
if the official kernel leaves a local root exploit open for months
You either fix it yourself, wait for someone else to fix it or pay them to fix it. Most likely the exploit becomes known simultaneously with the fix for it, since the one that finds the problam is likely to provide a patch
If you patch it yourself, you are not using the official kernel anymore
If you patch a root exploit and it really fixes the problem without introducing new ones you will be using the official kernel, because it will become part of the official kernel faster than you can say "recompile"
remember he wasn't arrested until he came to the US
Which he did thinking that he had done nothing criminal (since what he did was legal where he was).
I'm not agreeing with the law
Me neither, so we have some common ground:)
he came under the US jurisdiction when he entered the country
This I disagree with. Not that he came under US jurisdiction, since if he did anything criminal in the US they'd have every right to arrest him. But that his previous actions outside the US should fall under its jursidiction once he entered the country is ridiculous.
the president is protected by diplomatic immunity
And would it be fair if he was arrested in a country that doesn't recognize his diplomatic immunity, because he has done something that's legal in the US but not in that country?
The problem seems to be that US politicians think that they can extend their laws beyond their borders, so their laws apply to everyone, while international law and treaties can be ignored by the US government at will. Sadly they have the military and economic power to get away with it (most of the time). This arrogance (as it's percieved as outside the US) is IMHO one of the biggest threats to {world peace,the environment,fair trade} and it would be better if the american civil war had left us with 3-4 smaller countries that would have to cooperate more with the outside world
skylarov was screwed in the U.S., so it still doesn't apply.
The problem is jurisdiction, and that the US wants to believe they have it everywhere
He was arrested for breaking US laws while in Russia. Does that mean that anyone (e.g. american presidents) should be accountable for breaking foreign laws (e.g. muslim laws against unmarried sex e.g. performed with a cigar) even when in the US?
So if Swedish law says it's illegal for the RIAA to destroy a computer it's still OK because US law "overrides" swedish law. Or should the RIAA be held accountable for destroying swedish computers (even if the action is performed from within US jurisdiction while the result happens within swedish jurisdiction) because swedish law overrides US law?
And who would they expect to buy such a computer anyway? And if there were no other computers for sale how would they prevent people from keeping a "pre-self-destruct-mechanism" computer around for file swapping?
I think we're looking at even more proof that politics doesn't require brains
Now, an intelligent company will try to give you all the information you need to write your own driver
There are really only two possible reasons to keep the specification secret:
The specification would reveal how the hardware is made, and enable people to steal the design. (but if the disign is so unique they could patent it so why bother)
The specification would reveal that the hardware is a piece of shit and the supplied drivers use dirty trics to code around it.
[Hardware Manufacturers] seem to get very upset when somebody asks them what the register-level interface to their card is.
What exactly did they say when you asked? Have you made sure that they understand what you want to do? (Create a driver that makes the card work on linux, that anyone can get, potentially increasing the sales for the card). The key is to present the request not as "we need this" but as "you will get this if we can get that". They may still not be willing to help and then you explain that whenever you do the purchasing decisions you will prefer a company that provides specifications (or linux drivers). They still might not listen so you may have to wtick with windows, just make sure you remember who foreced you to it whenever you get a budget to buy new equipment.
Well given the human race's ingenuity, if in the next 800 hundred years or so we haven't worked out a way to prevent this, we probably deserve extinction for being idle.
quoth the article: It takes 8 hours for the waves to reach Europe, where they come ashore at heights of about 30 to 50 feet.
Doesn't realy sound like extinction to me, hardly enough to get our feet wet. For the us east cost they're talking 400 feet, how much ingenuity does it take to head for the hills?
They will, an when the news hits they will complain it's a dupe: "So what the asteroid will hit tomorrow, this is old news it was posted like 800 years ago, fscking slashdot dupes"
would you allow the United States to sink into the ocean 500 years after your death in exchange for an ATM card that can remove money from any ATM without taking money from your account.
Hell yeah, if I had the choice I might even give up the card to have it happen tomorrow
Seriously though the disapperance of the United States would probably be a good thing for the world in general, a small non nuclear civil war that breaks it up into the individual states would be a good thing. Then just maybe americans would have to learn to cooperate with the rest of the world
Slashdot Mirror
Ditch C.
Understand C
C isn't the problem, people that use C without knowing what they are doing is. No programming language can prevent stupid programmers for making mistakes that can potentially be exploited. But C has the advantage is that those stupid programmers very often don't manage to get a compiling / working program at all, sparing us the security risk
There is no black hat worm / white hat worm.
I disagree. Making a program that exploits security holes to perform actions on a computer without permission is bad, but if the actions actually benefit the victim they are "less bad" (tm) than eg a worm performing a DDOS attack.
But since there is a risk that even a "well intentioned worm" will cause problems (bugs, increased network traffic) they are a bad thing too.
In a perfect world there would be no worms because noone cares to write them (and there are no holes to exploit). In our less than perfect world I'd prefer worm writers to be well intentioned but misguided (white hat) over malicious (black hat)
The people that would want to write white hat worms should instead redirect their efforts into making free (as in beer and/or freedom) virus/worm scanners software firewalls and other security tools. That'd be a much better way to show how "1337" they are
I see a new arms race coming up. "White hat" virus/worm writer vs "Black Hat" virus/worm vriters.
Or perhaps it was just that one of them finally realized that to make headlines (and get the attention that these guys seem to crave for) it had to be different from the rest. Since worms usually cause damage, what better way to be different than by fixing damage
Or perhaps it's simply microsofts latest patch distribution strategy. "We use our holes to patch our holes". (So they're not bugs, just an update distribution feature)
What would be great was if every linux user out there gave $699 to the legal protection for Open Source fund (that RedHat started )instead. Or maybe not $699 but whatever they think the continued freedom of linux is worth, and indicate in their donation that it's a direct result of SCOs demands. I'm pretty sure that if the sums were added up the fund would get more money than SCO would
The day SCO can legally get my money if I use linux is the day I investigate other options, like BSD or the Hurd or OS X or something. Unless I give up computers and go to hell to be a figure skater.
It's gonna say "Enter the Dragon" isn't it!!!
Yep, and on smp boxes it's gonna show the edge of an old map and in the white unexplored areas it's gonna say "Here be dragons"
Will the choice of the user be remembered using a cookie?
It can be done, the first time you visit the site you can get three alternatives:
- Allow all cookies
- Allow the one specific cookie that tells the system you don't want the others
- Allow no cookies
If you choose the last alternative you'll have to answer the question again everytime you visit the site. Unless using a bookmarked url will give the information to the server (eg you are redirected to nocookies.example.com when using the third link)They expose API's so that hardware manufacturers can develop their own drivers.
Then it's an error in requirements or design. The requirement should have been something like "There shall be an API so that third parties can create hardware drivers, but the api shall be made so that these drivers cannot crash the system". And it should have been designed around that. I don't know if anything like that is even possible with the hardware architecture so this is probably just me dreaming
If there are X number of known released bugs, it's likely to be Y less expensive.
That depends. If there is competition it's likely to be correct, if there isn't you may get away with charging whatever you like.
But if it's a requirement that the software should be bug free the price tends to skyrocket. (Think hospital systems, space, planes, telecoms, pretty much anything where lives or lots of money are at stake)
So you believe the fact that there was no bug that could be exploited to compromize security means that there are no bigs at all?
There are bugs and there are bugs. There is/was a problem in mozilla mail that meant I couldn't use ? as a character in the name of a mail folder, but it let me create a folder with ? in the name. I can't imagine how that could be used to compromize security so if mozilla had a guarantee similar to the one you linked to it wouldn't count. This bug probably wouldn't be high priority to fix (all I had to do was to avoid the ? character in folder names) since it didn't prevent the program from working
What I'm trying to say is that there are bugs that will never be found because they don't cause problems (e.g if your browser displays a line that's supposed to be 50pt font in 51pt, would you ever notice? does it really matter?) , but it's still a bug.
and the RIAA need look further than the European Commission for THEIR lessons
Well a few of these are already taken care of, champagne and cognac are already trademarked by the bubbly producers organization in the french region champagne and the distilleries in cognac. But ut makes sense from a consumer point of view, if I buy parma ham I expect not only to get ham, but to get ham from pigs that have been fed in a very specific way (which gives it the special flavor), if the canadian ham is the same it's ok by me, but denying the ham producers in parma use of the name is stupid. It would be the same as if someone trademarked the terms "brazilian coffee" or "french roast"
While the name itself provides no value it lets me know (whithout having to do a lot of checking) what I'm getting, and for the sake of consumers it should be resticted who can use it. If I buy "brazilian coffee" I expect it to come from brazil, in if they say it's "french roast" I expect it to have been treated in a certain way
The only purpose for the existence of a new system was... hmmm.... remind me what it was again?
That Swatch needed a new gimmic to sell more watches.
Whatever happened to swatch world time?
If you're referring to the same thing as swatch "internet time" (by another name) it failed because noone wants to learn a new time system. But if they had divided the day into 1024 ticks instead of 1000 it would atleast have had some geek appeal, and might have been used in a niche culture atleast.
Imagine getting ahold of a tatoo gun that could imprint images permanently on someones face and finding your friend passed out drunk..
I imagine you'll be running out of friends pretty fast..
I understand what the parent's command does, but what does exec true added to the profile do?
It execs (replaces the shell with) true (a program that does nothing besides returning 0 indicating success)
The effect would be that the shell that runs /etc/profile for you will be gone. I believe the effect will be that noone can login and you'll have to boot to runlevel 1 to fix it, but I'm not about to try it and see.
The post is essentially true, not having any users logged on will improve performance :)
it must be converted into an editable format first
That's wrong. What we're talking about here is a system that recognizes a DVD and looks at its (the systems not the dvds) data (probably downloads it from somewhere) and then automatically fastforwards past the bad parts. How does noting that minute 25-27 contains sex require access to the data on the dvd? All you need is a player and a notepad
if the official kernel leaves a local root exploit open for months
You either fix it yourself, wait for someone else to fix it or pay them to fix it. Most likely the exploit becomes known simultaneously with the fix for it, since the one that finds the problam is likely to provide a patch
If you patch it yourself, you are not using the official kernel anymore
If you patch a root exploit and it really fixes the problem without introducing new ones you will be using the official kernel, because it will become part of the official kernel faster than you can say "recompile"
If you're ready for some practical industrial strength functional programing check out Erlang.
Ericsson employee or ex Ericsson employee?
Erlang was really different from anything I had seen before. Certainly boosted my understanding of how to use recursion.
remember he wasn't arrested until he came to the US
Which he did thinking that he had done nothing criminal (since what he did was legal where he was).
I'm not agreeing with the law
Me neither, so we have some common ground :)
he came under the US jurisdiction when he entered the country
This I disagree with. Not that he came under US jurisdiction, since if he did anything criminal in the US they'd have every right to arrest him. But that his previous actions outside the US should fall under its jursidiction once he entered the country is ridiculous.
the president is protected by diplomatic immunity
And would it be fair if he was arrested in a country that doesn't recognize his diplomatic immunity, because he has done something that's legal in the US but not in that country?
The problem seems to be that US politicians think that they can extend their laws beyond their borders, so their laws apply to everyone, while international law and treaties can be ignored by the US government at will. Sadly they have the military and economic power to get away with it (most of the time). This arrogance (as it's percieved as outside the US) is IMHO one of the biggest threats to {world peace,the environment,fair trade} and it would be better if the american civil war had left us with 3-4 smaller countries that would have to cooperate more with the outside world
skylarov was screwed in the U.S., so it still doesn't apply.
The problem is jurisdiction, and that the US wants to believe they have it everywhere
He was arrested for breaking US laws while in Russia. Does that mean that anyone (e.g. american presidents) should be accountable for breaking foreign laws (e.g. muslim laws against unmarried sex e.g. performed with a cigar) even when in the US?
So if Swedish law says it's illegal for the RIAA to destroy a computer it's still OK because US law "overrides" swedish law. Or should the RIAA be held accountable for destroying swedish computers (even if the action is performed from within US jurisdiction while the result happens within swedish jurisdiction) because swedish law overrides US law?
And who would they expect to buy such a computer anyway? And if there were no other computers for sale how would they prevent people from keeping a "pre-self-destruct-mechanism" computer around for file swapping?
I think we're looking at even more proof that politics doesn't require brains
sooner or later a programmer gets good enough to stop shooting himself in the foot.
Either that or they eventually die from bloodloss or infection
Now, an intelligent company will try to give you all the information you need to write your own driver
There are really only two possible reasons to keep the specification secret:
The specification would reveal how the hardware is made, and enable people to steal the design. (but if the disign is so unique they could patent it so why bother)
The specification would reveal that the hardware is a piece of shit and the supplied drivers use dirty trics to code around it.
[Hardware Manufacturers] seem to get very upset when somebody asks them what the register-level interface to their card is.
What exactly did they say when you asked? Have you made sure that they understand what you want to do? (Create a driver that makes the card work on linux, that anyone can get, potentially increasing the sales for the card). The key is to present the request not as "we need this" but as "you will get this if we can get that". They may still not be willing to help and then you explain that whenever you do the purchasing decisions you will prefer a company that provides specifications (or linux drivers). They still might not listen so you may have to wtick with windows, just make sure you remember who foreced you to it whenever you get a budget to buy new equipment.
Well given the human race's ingenuity, if in the next 800 hundred years or so we haven't worked out a way to prevent this, we probably deserve extinction for being idle.
quoth the article:
It takes 8 hours for the waves to reach Europe, where they come ashore at heights of about 30 to 50 feet.
Doesn't realy sound like extinction to me, hardly enough to get our feet wet. For the us east cost they're talking 400 feet, how much ingenuity does it take to head for the hills?
But they'd be reading Slashdot even then?
They will, an when the news hits they will complain it's a dupe: "So what the asteroid will hit tomorrow, this is old news it was posted like 800 years ago, fscking slashdot dupes"
would you allow the United States to sink into the ocean 500 years after your death in exchange for an ATM card that can remove money from any ATM without taking money from your account.
Hell yeah, if I had the choice I might even give up the card to have it happen tomorrow
Seriously though the disapperance of the United States would probably be a good thing for the world in general, a small non nuclear civil war that breaks it up into the individual states would be a good thing. Then just maybe americans would have to learn to cooperate with the rest of the world
And btw I'm not canadian :)