> was she saying she's running a virtual machine > inside a virtual machine inside a virtual machine?
No. She was saying she runs three different virtual machines, for three different purposes, but all three of them are run inside the same host system. Presumably she doesn't usually run all three at once, so on recent high-end hardware the performance should be reasonable.
I wouldn't want to try it on my five-year-old single-core workstation, but she's a security researcher, so she can afford new hardware every couple of years.
> it would be nice to have a file system where all modifications were stored on > a second partition on the hard disk and the primary partition was read-only
It's called unionfs. The major LiveCD systems all use it with a ramdisk for the read-write portion by default, but it would work just as well with two partitions on a hard disk, or a DVD and a partition on a hard disk, or whatever.
> On ever boot, the data in the "writable" partition is destroyed
Well, a ramdisk pretty much has this property automatically, but I suppose it could be retrofitted onto another kind of setup.
> A specific command could copy changes over in order to update the writable > partition. This would be done during the shutdown process and a list of > all changes could be reviewed before flipping the switch to make your drive > writable.
Hmmm. Well, if your read-only partition is a DVD, you could master a new DVD whenever you want to update it. That keeps your "physically read-only" criterion and yet still allows periodic updating.
If your bank is hacked, your financial information is already compromised ipso facto, so the setup on your desktop computer is irrelevant at that point.
> How many websites have you seen that say "here's a PDF of a document - > you'll need to download Adobe Reader [insert link] if you want to view it"
If the webmaster had ever watched an end user try to use a computer, he'd Stop Doing That.
Almost universally, the end user does not understand the above paragraph. He gets as far as the link to Acrobat Reader, clicks it (even though of course his computer already has Acrobat Reader; but he doesn't know that, because he doesn't even know what it means), and expects to immediately see the content he's looking for (even though he hasn't clicked, or even noticed, the link to the actual document; generally he thinks the download link he just clicked *is* the document). If he's lucky, at this point, the web browser downloads Yet Another Copy of the Adobe installer and puts it in the default download folder (probably the desktop, unless the computer's been worked over by a competent computer geek at some point). At this point the user has absolutely no idea why the document isn't opening, so he tries again. And again. I've never EVER seen an end user's default download folder with fewer than three copies of the Adobe installer, and six or eight is more common. Eventually, depending on what kind of person the user is, he either gives up (this is the most common outcome) or seeks help from someone he thinks is a computer expert. If he's lucky, his "computer expert" actually understands enough about computers to help him, but at least half the time it's somebody just as clueless as he is (albeit more confident), and they tell him his computer has a virus, which confirms what he suspected anyhow.
> Say what you like about Firefox, it was the first Windows product I've used > which devoted a good deal of engineering thought to making updates easy.
And they got it wrong. Badly wrong.
Firefox updates don't happen, EVER, unless someone logs into the computer under a privileged administrative account. On a normal desktop computer, that shouldn't need to happen on a regular basis.
Assuming the administrator who does the install doesn't uncheck the auto-update checkbox, the updates should happen automatically, in the background, whether there's even a user logged in or not, *completely* irrespective of what privileges the logged-in user does or doesn't have.
Granted, Symantec and Microsoft are barely better at this. They theoretically have their updates set up to happen automatically in the background, but then about every third update or so there's one that won't, until an administrator logs in and does the update manually. In Microsoft's case, this is usually because the update wants to prompt the user to agree to yet another pointless EULA. I have no idea what Symantec's excuse is.
> Submitting a bad report and having your boss say "Maybe you should re-write that"
I've not been to Japan myself, but from what I've read on the internet, I'm guessing a Japanese boss wouldn't say it that bluntly unless it was so unbelievably bad that you *deserved* to have your career ruined. If it was just bad in an ordinary way, the boss would perhaps say something more like, "This is really good. Say, have you ever seen the reports your predecessor submitted? Some of those were pretty good, too." And from this you are supposed to infer that your report was unacceptably bad, and that you need to go study your predecessor's reports and figure out how to do a decent job of it.
But I also get the impression that losing face in Asia is seen as much worse than having your career ruined (although, career is very important in Japan, moreso than in the west). It also brings unbearable shame on your entire family, including your parents, and probably ruins your children's chances in life, and maybe your grandchildren as well, and your little dog too.
> China has their Yuan fixed to the dollar, rather than allowing it to float freely.
For China, having the Rinminbi pegged to a strong foreign currency is probably a good choice, for the time being. It's easier to maintain than a specie standard, especially in the modern world, and it effectively delegates the problem of monetary policy at a time when China has bigger issues to deal with, such as how to effectively allow the continued modernization of their economy and the urbanization of their populace in a systematic and controlled fashion, balancing the need to let market forces take the economy where it needs to go against the need to prevent excessive abruptness and, frankly, chaos. They're trying to transform themselves from a third-world agrarian dystopia into a major first-world post-industrial power in only a few decades, and that's a major undertaking. They don't really need the added complication of managing inflationary pressures at the same time. Hence, a pegged currency.
And as strong foreign currencies go, the dollar is one of their better options. They wouldn't peg to the Yen for political reasons, and there probably aren't enough Swiss Francs available in circulation to make that currency a practical peg for a nation as large as China. That leaves the Euro, the Pound Sterling, or the US Dollar as the most obvious options. The Dollar has been around longer than the Euro, so it probably seems safer (remember, Chinese culture is conservative on the whole and tends toward a relatively long view), and as for the Pound Sterling, the Chinese may not understand all the cultural reasons why the UK won't switch to the Euro (heck, most Americans probably don't fully understand this, and our culture looks practically identical to England's when you're comparing to China), so they wouldn't be confident that the currency would still be there in a few years. (It will be, but we're talking about a Chinese perspective here.) So, the US Dollar, then, by process of elimination. It kind of just makes sense.
Asians are pretty smart. Weird, but smart.
When the Russians figured out that communism wasn't going to work as an economic system, not knowing what to do about it, they tried to keep going on as they were for a while, and then when it became obvious that they couldn't do that much longer, they tried to switch over to capitalism suddenly; they ended up with oligopoly and are still trying to make capitalism actually work in Russia like it does in the western world. Trying, and having what polite people call "mixed success".
When the Chinese figured out that communism wasn't going to work as an economic system, they actively starting *changing* it. The system they have now still isn't nearly as good as western capitalism, but it's better than what Russia's still stuck with, and the Chinese system is improving visibly with each passing decade. Give it another thirty years, and it might just about *be* western-style capitalism, in everything but name. (Note that I'm only talking here about their economic system, not their government in general. They still don't have free speech, for instance. But you can have a thriving economy without that: Nazi Germany did, until they started losing the war.)
Okay, but Eastern Europeans commit suicide because they are clinically depressed and don't want to go on living, not because they are honor-bound to commit suicide in order to save face and avoid bringing shame on their families for seven generations.
The European scenario is certainly unfortunate, but the Asian way is weirder.
Russia's land is mostly in Asia, but a very disproportionate amount of the population lives west of the Urals, in the portion generally considered to be European.
> something about current Asian cultures seems to me to be broken
Every human culture of which I am aware is broken in one way or another.
Since we're talking about Chinese cultural weirdness today, the most bizarre example I'm aware of is the One China Policy. It's foolish, childish, stubborn, and clearly at odds with reality -- practically a textbook definition of "insane".
But it's not like Western culture doesn't have some pretty off-the-wall norms as well. Maybe you're used to them because you grew up with them, but that doesn't stop them from being stupid and wrong. My personal pet peeve is the way American parents are *expected* to outright lie to their children about certain things -- not just on occasion, but we're talking about pervasively deceiving the kids on certain issues throughout their whole childhood, deliberately and systematically working to prevent them from discovering the truth. (I'm talking about Santa Claus, arguably the most evil holiday-related tradition in any society, ever.) Children are *gullible*. Their parents should be teaching them discernment, helping them learn to distinguish truth from falsehood, not deliberately sabotaging their development. Is it any wonder Americans are cynical, if they can't even trust their own parents growing up?
Forget thermite. You should rig it with a mechanism that releases a couple kilograms of chlorine trifluoride under pressure into the drive assembly if you don't type the all-clear password within ninety seconds of bootup and every two hours while the system is running.
Actually, if you want a healthy dog, all else being equal, what you want is a mutt, a dog that resulted not from planned breeding but from an "encounter" between random parent dogs of entirely unrelated stock. Ideally, you want a multi-generation mutt, a dog of such mixed breeding that you can't identify which specific breeds any of its parents or grandparents may have been.
All else being equal, a clone should be about as healthy as its "parent", but a *population* of clones would not be as healthy as a population with a more diverse genome, because part of the healthiness and robustness of the population stems from the genetic diversity it contains. (And that's true even assuming the clones are perfect copies, so that there's no replicative fading.)
> You are not "born" with immunity to certain diseases. You ACQUIRE it.
You acquire immunity, but you can also be born with inherited resistance, and having an entire population be genetically identical *can* be dangerous. (See, for instance, what happened to the Gros Michel banana cultivar.)
> The problem is we really have no idea what drove that global warming > -- other than it was not the accumulation of greenhouse gases.
I'm not sure we even really know that. We only have reliable atmospheric composition data for the last few decades, not nearly long enough to prove or disprove a correlation with even short-term climatic trends, nevermind about long-term ones.
Or perhaps it's the beginning of the (re)formation of a heavy layer of water in the upper atmosphere that will gradually absorb almost half the world's water (causing an intense world-wide drought in the process) and eventually lead to a global greenhouse so effective that the whole world becomes a tropical jungle including the poles.
The long and short of it is, we don't have enough historical weather and climate data to reliably predict future weather beyond about three days.
Here's a fun experiment to try. First, go out and buy yourself a farmer's almanac. Then every day check the five-day weather forecast on the internet, and compare the fifth day out to what the almanac predicts for the same date. Then compare the actual weather to what was predicted five days ago and in the almanac. Keep track of how many times the five-day forecast calls the weather right, and the same for the almanac. My money's on there being no statistical difference in accuracy.
Scientists can predict the future when a phenomenon is consistent over time. Eclipses, for example, are generally predicted very reliably, because the orbits don't change much.
But weather and climate, on the other hand, change constantly. Trying to predict climate is like trying to predict fashion trends. Good luck with that. I'll be over here, not holding my breath waiting for the predictions to come true.
You shouldn't believe everything you read in Nature. They like to publish ground-breaking work (because, it drives subscriptions), so they print a lot of stuff that, to be blunt, hasn't had a lot of peer review yet, hasn't had its results properly checked and independently duplicated, and typically ends up being shown to be bunk just a few years later.
The article you quote makes the classic mistake of confusing correlation with causation, and, if that's not bad enough, it uses less than fifty years' worth of data, which when we're talking about such an inherently long-term and variable phenomenon as climate, is statistically just about the same as reasoning from anecdotes. Over the long term we don't even know that there's a real correlation, nevermind about causation.
Not only is all that anecdotal, but it's also incredibly short-term, to the point of almost certainly being completely irrelevant statistical noise. If we could chart climate against time on a graph, your experiences would not even show up as a blip on the graph, much less a trend. (Unfortunately it's a graph we can't draw, because we only have a few decades of halfway decent data. In another thousand years or so, we'll maybe have a better idea what's really going on. If we're still here by then.)
> With an earthquake, isn't the building less solid than than Earth?
Solidity isn't necessarily good protection against an earthquake. A hunk of granite bedrock a mile thick is a fairly solid thing, but a medium-grade earthquake will crack it without breaking a sweat. The atmosphere, on the other hand, is not generally considered to be solid, but it's difficult to imagine an earthquake powerful enough to damage it.
> it's not the compiler's job to compile for the maximum defensiveness of the > resulting machine code, otherwise we'd all be using bounds-checking compilers.
Have you ever noticed that C code has about a hundred times as many security patches as code written in languages where the compiler (or interpreter, as the case may be) does basic bounds checking and so forth?
The behavior of dereferencing a NULL pointer *should* be defined, by any well-constructed language standard. A reasonable definition would be "your code is terminated and an error message generated". If the C standard doesn't make it the compiler's job to check for such things, then the C standard is incomplete at best. I would even call it broken.
> Personally, I think you'd have to be a glutton for punishment, > to want to admin a site for people interested in rainbow tables.
If it were theoretical information about rainbow tables, how they're used, what implications they have for security, the effects of salt, which common systems use salt and which ones don't, and so on and so forth, the abuse the admin would take might not be so bad. I mean, you'd have some detractors, sure, but it would hopefully be manageable for the most part.
But yeah, a site that's basically just one great big rainbow table database, that's going to probably draw a lot of negative reactions. It's obvious to anyone who knows what a rainbow table is that the overwhelming majority use case is black-hat in nature. Even assuming the intentions of the administrator are pure, it's still undeniable that most of the users will be using the thing for illegitimate purposes. Sure, they could get the information elsewhere if the site didn't exist; the black-hat crowd always finds ways. Nonetheless, you'd clearly have to be the sort of person who doesn't mind getting hate mail.
Personally I have a hard time seeing how it could have enough legitimate uses, and sufficiently valuable ones, to be worth maintaining all those tables and the bandwidth costs, and everything, even setting aside the negative publicity. I don't blame the admin for wanting to throw in the towel.
I mean, really, how often is it that you lose a password, and changing it simply isn't good enough, you've really got to have that original lost password back unchanged? That happens, what, once in every eighty-seven trillion lost password cases? I'm not saying it couldn't ever come in handy, but I question whether such cases would be sufficiently common to justify the effort of maintaining the site. Honestly, I think the resources might be better spent in some other way.
Slashdot Mirror
> was she saying she's running a virtual machine
> inside a virtual machine inside a virtual machine?
No. She was saying she runs three different virtual machines, for three different purposes, but all three of them are run inside the same host system. Presumably she doesn't usually run all three at once, so on recent high-end hardware the performance should be reasonable.
I wouldn't want to try it on my five-year-old single-core workstation, but she's a security researcher, so she can afford new hardware every couple of years.
Actually, I'm pretty sure SteadyState stores everything on the one partition. What the other poster describes is closer to unionfs.
> it would be nice to have a file system where all modifications were stored on
> a second partition on the hard disk and the primary partition was read-only
It's called unionfs. The major LiveCD systems all use it with a ramdisk for the read-write portion by default, but it would work just as well with two partitions on a hard disk, or a DVD and a partition on a hard disk, or whatever.
> On ever boot, the data in the "writable" partition is destroyed
Well, a ramdisk pretty much has this property automatically, but I suppose it could be retrofitted onto another kind of setup.
> A specific command could copy changes over in order to update the writable
> partition. This would be done during the shutdown process and a list of
> all changes could be reviewed before flipping the switch to make your drive
> writable.
Hmmm. Well, if your read-only partition is a DVD, you could master a new DVD whenever you want to update it. That keeps your "physically read-only" criterion and yet still allows periodic updating.
> And as long as your bank is never hacked
If your bank is hacked, your financial information is already compromised ipso facto, so the setup on your desktop computer is irrelevant at that point.
You should have read the whole thing. You don't get a clear picture of exactly how delusional she really is until page 4 or 5.
> How many websites have you seen that say "here's a PDF of a document -
> you'll need to download Adobe Reader [insert link] if you want to view it"
If the webmaster had ever watched an end user try to use a computer, he'd Stop Doing That.
Almost universally, the end user does not understand the above paragraph. He gets as far as the link to Acrobat Reader, clicks it (even though of course his computer already has Acrobat Reader; but he doesn't know that, because he doesn't even know what it means), and expects to immediately see the content he's looking for (even though he hasn't clicked, or even noticed, the link to the actual document; generally he thinks the download link he just clicked *is* the document). If he's lucky, at this point, the web browser downloads Yet Another Copy of the Adobe installer and puts it in the default download folder (probably the desktop, unless the computer's been worked over by a competent computer geek at some point). At this point the user has absolutely no idea why the document isn't opening, so he tries again. And again. I've never EVER seen an end user's default download folder with fewer than three copies of the Adobe installer, and six or eight is more common. Eventually, depending on what kind of person the user is, he either gives up (this is the most common outcome) or seeks help from someone he thinks is a computer expert. If he's lucky, his "computer expert" actually understands enough about computers to help him, but at least half the time it's somebody just as clueless as he is (albeit more confident), and they tell him his computer has a virus, which confirms what he suspected anyhow.
> Say what you like about Firefox, it was the first Windows product I've used
> which devoted a good deal of engineering thought to making updates easy.
And they got it wrong. Badly wrong.
Firefox updates don't happen, EVER, unless someone logs into the computer under a privileged administrative account. On a normal desktop computer, that shouldn't need to happen on a regular basis.
Assuming the administrator who does the install doesn't uncheck the auto-update checkbox, the updates should happen automatically, in the background, whether there's even a user logged in or not, *completely* irrespective of what privileges the logged-in user does or doesn't have.
Granted, Symantec and Microsoft are barely better at this. They theoretically have their updates set up to happen automatically in the background, but then about every third update or so there's one that won't, until an administrator logs in and does the update manually. In Microsoft's case, this is usually because the update wants to prompt the user to agree to yet another pointless EULA. I have no idea what Symantec's excuse is.
> even back when it was called Acrobat Reader.
Clear back then, huh? What was that, a whole two years ago?
Kids. Sheesh.
> Submitting a bad report and having your boss say "Maybe you should re-write that"
I've not been to Japan myself, but from what I've read on the internet, I'm guessing a Japanese boss wouldn't say it that bluntly unless it was so unbelievably bad that you *deserved* to have your career ruined. If it was just bad in an ordinary way, the boss would perhaps say something more like, "This is really good. Say, have you ever seen the reports your predecessor submitted? Some of those were pretty good, too." And from this you are supposed to infer that your report was unacceptably bad, and that you need to go study your predecessor's reports and figure out how to do a decent job of it.
But I also get the impression that losing face in Asia is seen as much worse than having your career ruined (although, career is very important in Japan, moreso than in the west). It also brings unbearable shame on your entire family, including your parents, and probably ruins your children's chances in life, and maybe your grandchildren as well, and your little dog too.
> China has their Yuan fixed to the dollar, rather than allowing it to float freely.
For China, having the Rinminbi pegged to a strong foreign currency is probably a good choice, for the time being. It's easier to maintain than a specie standard, especially in the modern world, and it effectively delegates the problem of monetary policy at a time when China has bigger issues to deal with, such as how to effectively allow the continued modernization of their economy and the urbanization of their populace in a systematic and controlled fashion, balancing the need to let market forces take the economy where it needs to go against the need to prevent excessive abruptness and, frankly, chaos. They're trying to transform themselves from a third-world agrarian dystopia into a major first-world post-industrial power in only a few decades, and that's a major undertaking. They don't really need the added complication of managing inflationary pressures at the same time. Hence, a pegged currency.
And as strong foreign currencies go, the dollar is one of their better options. They wouldn't peg to the Yen for political reasons, and there probably aren't enough Swiss Francs available in circulation to make that currency a practical peg for a nation as large as China. That leaves the Euro, the Pound Sterling, or the US Dollar as the most obvious options. The Dollar has been around longer than the Euro, so it probably seems safer (remember, Chinese culture is conservative on the whole and tends toward a relatively long view), and as for the Pound Sterling, the Chinese may not understand all the cultural reasons why the UK won't switch to the Euro (heck, most Americans probably don't fully understand this, and our culture looks practically identical to England's when you're comparing to China), so they wouldn't be confident that the currency would still be there in a few years. (It will be, but we're talking about a Chinese perspective here.) So, the US Dollar, then, by process of elimination. It kind of just makes sense.
Asians are pretty smart. Weird, but smart.
When the Russians figured out that communism wasn't going to work as an economic system, not knowing what to do about it, they tried to keep going on as they were for a while, and then when it became obvious that they couldn't do that much longer, they tried to switch over to capitalism suddenly; they ended up with oligopoly and are still trying to make capitalism actually work in Russia like it does in the western world. Trying, and having what polite people call "mixed success".
When the Chinese figured out that communism wasn't going to work as an economic system, they actively starting *changing* it. The system they have now still isn't nearly as good as western capitalism, but it's better than what Russia's still stuck with, and the Chinese system is improving visibly with each passing decade. Give it another thirty years, and it might just about *be* western-style capitalism, in everything but name. (Note that I'm only talking here about their economic system, not their government in general. They still don't have free speech, for instance. But you can have a thriving economy without that: Nazi Germany did, until they started losing the war.)
On the other hand, if the dude had been an American, he'd probably be filing a lawsuit against his employer even as we speak.
Okay, but Eastern Europeans commit suicide because they are clinically depressed and don't want to go on living, not because they are honor-bound to commit suicide in order to save face and avoid bringing shame on their families for seven generations.
The European scenario is certainly unfortunate, but the Asian way is weirder.
Russia's land is mostly in Asia, but a very disproportionate amount of the population lives west of the Urals, in the portion generally considered to be European.
> something about current Asian cultures seems to me to be broken
Every human culture of which I am aware is broken in one way or another.
Since we're talking about Chinese cultural weirdness today, the most bizarre example I'm aware of is the One China Policy. It's foolish, childish, stubborn, and clearly at odds with reality -- practically a textbook definition of "insane".
But it's not like Western culture doesn't have some pretty off-the-wall norms as well. Maybe you're used to them because you grew up with them, but that doesn't stop them from being stupid and wrong. My personal pet peeve is the way American parents are *expected* to outright lie to their children about certain things -- not just on occasion, but we're talking about pervasively deceiving the kids on certain issues throughout their whole childhood, deliberately and systematically working to prevent them from discovering the truth. (I'm talking about Santa Claus, arguably the most evil holiday-related tradition in any society, ever.) Children are *gullible*. Their parents should be teaching them discernment, helping them learn to distinguish truth from falsehood, not deliberately sabotaging their development. Is it any wonder Americans are cynical, if they can't even trust their own parents growing up?
Forget thermite. You should rig it with a mechanism that releases a couple kilograms of chlorine trifluoride under pressure into the drive assembly if you don't type the all-clear password within ninety seconds of bootup and every two hours while the system is running.
That, or antimatter.
Actually, if you want a healthy dog, all else being equal, what you want is a mutt, a dog that resulted not from planned breeding but from an "encounter" between random parent dogs of entirely unrelated stock. Ideally, you want a multi-generation mutt, a dog of such mixed breeding that you can't identify which specific breeds any of its parents or grandparents may have been.
All else being equal, a clone should be about as healthy as its "parent", but a *population* of clones would not be as healthy as a population with a more diverse genome, because part of the healthiness and robustness of the population stems from the genetic diversity it contains. (And that's true even assuming the clones are perfect copies, so that there's no replicative fading.)
> You are not "born" with immunity to certain diseases. You ACQUIRE it.
You acquire immunity, but you can also be born with inherited resistance, and having an entire population be genetically identical *can* be dangerous. (See, for instance, what happened to the Gros Michel banana cultivar.)
> people see something new it's that "Wow, humans really stuffed up the planet"
People always interpret data based on their existing mindset. That may be the most important thing to understand about human knowledge.
> The problem is we really have no idea what drove that global warming
> -- other than it was not the accumulation of greenhouse gases.
I'm not sure we even really know that. We only have reliable atmospheric composition data for the last few decades, not nearly long enough to prove or disprove a correlation with even short-term climatic trends, nevermind about long-term ones.
> we're on our way to reglaciation.
Perhaps.
Or perhaps it's the beginning of the (re)formation of a heavy layer of water in the upper atmosphere that will gradually absorb almost half the world's water (causing an intense world-wide drought in the process) and eventually lead to a global greenhouse so effective that the whole world becomes a tropical jungle including the poles.
The long and short of it is, we don't have enough historical weather and climate data to reliably predict future weather beyond about three days.
Here's a fun experiment to try. First, go out and buy yourself a farmer's almanac. Then every day check the five-day weather forecast on the internet, and compare the fifth day out to what the almanac predicts for the same date. Then compare the actual weather to what was predicted five days ago and in the almanac. Keep track of how many times the five-day forecast calls the weather right, and the same for the almanac. My money's on there being no statistical difference in accuracy.
Scientists can predict the future when a phenomenon is consistent over time. Eclipses, for example, are generally predicted very reliably, because the orbits don't change much.
But weather and climate, on the other hand, change constantly. Trying to predict climate is like trying to predict fashion trends. Good luck with that. I'll be over here, not holding my breath waiting for the predictions to come true.
You shouldn't believe everything you read in Nature. They like to publish ground-breaking work (because, it drives subscriptions), so they print a lot of stuff that, to be blunt, hasn't had a lot of peer review yet, hasn't had its results properly checked and independently duplicated, and typically ends up being shown to be bunk just a few years later.
The article you quote makes the classic mistake of confusing correlation with causation, and, if that's not bad enough, it uses less than fifty years' worth of data, which when we're talking about such an inherently long-term and variable phenomenon as climate, is statistically just about the same as reasoning from anecdotes. Over the long term we don't even know that there's a real correlation, nevermind about causation.
Not only is all that anecdotal, but it's also incredibly short-term, to the point of almost certainly being completely irrelevant statistical noise. If we could chart climate against time on a graph, your experiences would not even show up as a blip on the graph, much less a trend. (Unfortunately it's a graph we can't draw, because we only have a few decades of halfway decent data. In another thousand years or so, we'll maybe have a better idea what's really going on. If we're still here by then.)
> With an earthquake, isn't the building less solid than than Earth?
Solidity isn't necessarily good protection against an earthquake. A hunk of granite bedrock a mile thick is a fairly solid thing, but a medium-grade earthquake will crack it without breaking a sweat. The atmosphere, on the other hand, is not generally considered to be solid, but it's difficult to imagine an earthquake powerful enough to damage it.
> it's not the compiler's job to compile for the maximum defensiveness of the
> resulting machine code, otherwise we'd all be using bounds-checking compilers.
Have you ever noticed that C code has about a hundred times as many security patches as code written in languages where the compiler (or interpreter, as the case may be) does basic bounds checking and so forth?
The behavior of dereferencing a NULL pointer *should* be defined, by any well-constructed language standard. A reasonable definition would be "your code is terminated and an error message generated". If the C standard doesn't make it the compiler's job to check for such things, then the C standard is incomplete at best. I would even call it broken.
> Personally, I think you'd have to be a glutton for punishment,
> to want to admin a site for people interested in rainbow tables.
If it were theoretical information about rainbow tables, how they're used, what implications they have for security, the effects of salt, which common systems use salt and which ones don't, and so on and so forth, the abuse the admin would take might not be so bad. I mean, you'd have some detractors, sure, but it would hopefully be manageable for the most part.
But yeah, a site that's basically just one great big rainbow table database, that's going to probably draw a lot of negative reactions. It's obvious to anyone who knows what a rainbow table is that the overwhelming majority use case is black-hat in nature. Even assuming the intentions of the administrator are pure, it's still undeniable that most of the users will be using the thing for illegitimate purposes. Sure, they could get the information elsewhere if the site didn't exist; the black-hat crowd always finds ways. Nonetheless, you'd clearly have to be the sort of person who doesn't mind getting hate mail.
Personally I have a hard time seeing how it could have enough legitimate uses, and sufficiently valuable ones, to be worth maintaining all those tables and the bandwidth costs, and everything, even setting aside the negative publicity. I don't blame the admin for wanting to throw in the towel.
I mean, really, how often is it that you lose a password, and changing it simply isn't good enough, you've really got to have that original lost password back unchanged? That happens, what, once in every eighty-seven trillion lost password cases? I'm not saying it couldn't ever come in handy, but I question whether such cases would be sufficiently common to justify the effort of maintaining the site. Honestly, I think the resources might be better spent in some other way.