manus manum lavat(in english maybe "tit for tat"?)
In English, it's "one hand washes the other" (as mentioned on the site you link to), rather than "tit for tat", a contraction of "this for that", which is a translation of "quid pro quo".
(Sorry, I feel nitpicky tonight. Anyway, I always knew those Latin lessons would come in handy one day. Anyone know the Latin for "come in handy"?;-)
I certainly don't believe that we should stand up for "bloodthirsty dictators"; I believe we should stand up for what's morally right. Presenting falsified intelligence to justify a war that is fought on purely economic grounds is hardly an ethical act.
I would prefer it if the bloodthirsty, moneygrubbing tyrants of Washington and London just stated honestly that they were going to invade a country to get their hands on the oil. Lying about it doesn't make it better. Any liberation of the Iraqi people is a mere side-effect of the war, and you should not allow yourself to be hoodwinked into believing that it can provide moral justification. Read Immanuel Kant's Groundwork of the Metaphysic of Morals if you want to know more.
I am aware of the meaning of "begging the question", and jumping on misuse of the expression is one of my own hobbies:-) What I meant to imply was that the story appeared to be using a shoddy journalistic tactic whereby something is presented as a question, but is in fact a disguised assertion which begs the question that appears to have been asked. I then moderated the tone of my post considerably as I didn't want to be seen as an anti-American troll and get flamed to oblivion; but I agree, I should either have modified the title of my post, or made it clearer what I was driving at. My bad:-(
Good thing for commercialization of space, or bad thing for world peace?
I appreciate that this question is intended to provoke a debate, but it seems to me to narrow that debate through its phrasing.
The implication seems to be that the US are the Guardians of World Peace (TM), and that we pesky Europeans have no business sticking our noses in when it makes the Yanks feel a little less in control.
Given the assumption that any removal of absolute control of some useful technology from the US is potentially "a bad thing for world peace", can anybody possibly point us to the evidence for Iraq's possession of WsMD, given that the Guardians of World Peace (TM) used them as their sole justification for starting a war?
Or could it be that the US should have listened to what the European states (with the sorry exception of my own nation) were trying to tell them about making unjustified assumptions? Might it not be a good thing if more than one kid in the playground has control of the baseball bat?
Inexplicably, a group of Vikings join in the song.
IIRC, that aspect arose from an occasion when the Python team went into one of the BBC's canteens and found a large group of extras from another production in there, all wearing Viking costumes.
And for all those who think the spam comes in because of the old jokes about BBC canteen food: I contracted briefly at TV Centre in 1999, and the food is both excellent and cheap:-)
Dunno what it was like in the late 60s - early 70s.
I'm too young to remember, but was there this much philosophy applied to Star Wars when it debuted in '77?
Around that time, some religious fundamentalists who use to hang around Bedford (UK) gave me a pamphlet which claimed that the whole Star Wars story was ripped off from Christianity.
So no, there wasn't a whole lot of philosophy being applied;-)
If Descartes had taken his process of systematic doubt to its logical conclusion, he would have realised that the idea that there must be somebody doing the thinking might also be an illusion created by the malevolent demon. This would have led him to:
COGITATUS EST
or, "There is a thought" as the final undeniable truth.
If he'd gone that far, the whole subsequent history of Western thought would have been different. Ah well, next universe maybe...
its legal tender and they have to by law accept it
From the Bank of England website:
The concept of legal tender is often misunderstood. Contrary to popular opinion, legal tender is not a means of payment that
must be accepted by the parties to a transaction, but rather a legally defined means of payment that should not be refused by a creditor in satisfaction of a debt.
(their emphasis)
Also a Canuk.
Given the close ties between our nations, I would assume that would also apply in Canada. However, as IANAL, I have found it completely impossible to understand what it's saying:-)
thruppence aka thruppeny bit == 3d == £0.0125 decimal
tuppence (not a coin): the way common people like me say "two pence" even in decimal currency
ha'penny: half penny; decimal version abolished years ago
farthing: one quarter of a pre-decimal penny, abolished in the 1950s
angel: An ancient gold coin of England, bearing the figure of the archangel Michael. It varied in value from 6s. 8d. to 10s (from dictionary.com)
And you missed out groat: 4d, abolished before 20th century, doesn't convert directly into decimal without lots of decimal places (i.e £0.01666666...)
Oh, and shilling was aka bob: 1/- == £0.05. Thus a florin was more commonly called two bob.
Those were the days... the changeover was on 15 February 1971. I was old enough to be intrigued, but my suspicions were confirmed when I went to the sweet shop: conversions had all been rounded up, so I was worse off:-(
In his memoirs, the compulsorily-retired British counterfeiter Charles Black gives a neat method of imitating this.
He took a load of electric wire insulation (red and blue separately IIRC), cut it into several centimeter lengths, and scattered those on a sheet of white paper in about the right density. He then photographed the resulting random arrangement, and photographically reduced it so it looked just like the pattern characteristic of US Treaury bills. Make offset litho plates, and he could run his paper (which he sourced from Australia as having the right feel, composition, etc.) through his press.
Bingo! blank notes, virtually indistinguishable from the real thing, ready to have the rest of the design printed.
At his trial in 1979, a US Treaury official testified that his notes were so good that they rendeerd obsolete a new note-checking machine that had taken millions of dollars of development.
FWIW, out of millions of dollars he produced before his first prison sentence, only $8,200 was recovered worldwide. The second time, he was caught before more than a few thousand dollars had hit the streets.
And he never got rich, because wholesale prices for counterfeit cash are so low.
Your average bar tender works in a dimly lit smoke filled room. They just take the money and glance to see how much the bill is for, not if it's real.
I used to run a pub, and I made very sure that the staff knew how to tell a fake note - there were a lot of fake 20 GBP notes in circulation at that time, with occasional 10s.
Most, if not all, banknotes have certain embossed areas which are extremely difficult to imitate - apart from anything else, it's too expensive for it to be worthwhile. On a UK note, as you straighten the note out ready to go in the till, you run your thumb along the words "Bank of England" at the top. If you can't feel that the printing is raised from the surface, you start checking the other features.
Turning to the 1995 series 1 USD bill I have tucked into my wallet, I can immediately feel that the surface of Washington's picture is similarly textured - run your thumb over his right shoulder and it really stands out as a rough surface. (And this isn't a new bill, it's an old creased one somebody gave me in a bar in Amsterdam.) Time taken to check: 0ms, as you always have to straighten the note out flat anyway as you head for the till, wait for the drawer to open, whatever. Nobody ever found a fake note in my till:-)
FWIW: I once helped out in a pub on a busy Friday night where the landlord found a b&w photocopy of one side of a 20, unevenly cut to size, in the till at the end of the night. He went absolutely ballistic, ranting and raving at us about our utter stupidity and incompetence. After about 5 minutes of this, we all cracked up as one guy confessed that he'd slipped it into the middle of the 20s as a windup:-)
We stopped laughing when the boss pointed out that the till was still over 60 GBP down on the night, and it wasn't coming out of his pocket...
Yup, in the end I had to drop the processor down to 250, patch, and bump it up again.
It reminded me of the time someone posted to a Netscape newsgroup wanting a JavaScript snippet that could determine whether JavaScript was enabled or not. Even better, someone posted a reply. Of course, it only worked if JS was enabled:-)
I notice that they don't have the line about "This was not reported to us which is terribly irresponsible etc. etc." which they often put on these things. Nor do they acknowledg that they fail to provide any obvious way to report these problems.
Go to their security site and there is no obvious point of contact for making vuln reports.
A similar one bit me when I was upgrading my machine the other year.
I'd installed an AMD K2 running at 500MHz, and Windoze 95 crashed at the point of initialising the desktop. Booting into DOS worked fine, so the machine wasn't broken. A search of the Knowledge Base showed that this was a known bug on AMD procesors running over ~300MHz, and a patch was available.
Downloaded the patch to a floppy, put it in the machine, tried to run it from the command line, got the message:
This program can only be run under Windows
To labour the point: this patch fixed a bug which prevented Windows from starting.
Your carpentry analogy is a worthwhile one, relating programming more to the fields of craft rather than art.
OTOH, remember that the distinction between the crafts and the fine arts, as we presently understand it, is a construct that our culture has imposed after the fact to allow it to understand and interpret the achievements of Renaissance artists and those who came after. At the time, a man who painted a portrait was doing a job of work, in the same way as the man who made a piece of furniture. This was one of the guiding principles of people like Eric Gill, who argued for a return to the principles and ideals of the mediaeval craftsmen as the way to the salvation of art and society in an industrialised age.
This whole "hacker lifestyle genre" thingy is a bit too dramatizied by the geek wannabes. Go out and actually try to write software that must be supported and updated.
Shame you didn't RTFA, as your point is explicitly addressed:
Source code, too, should explain itself. If I could get people to remember just one quote about programming, it would be the one at the beginning of Structure and Interpretation of Computer Programs.
Programs should be written for people to read, and only incidentally for machines to execute.
You need to have empathy not just for your users, but for your readers. It's in your interest, because you'll be one of them. Many a hacker has written a program only to find on returning to it six months later that he has no idea how it works.
I felt it was important to the worth of the article that he actually covered important points like this. Overall, whether or not one agrees with the author's use of the word "hacker" in this context, I as a programmer recognised so many things in this article that I have come to understand and appreciate in the past 30 years of mucking about with these wondrous machines. I was able to think of specific examples from my own experience of every important point made.
* to U.S. readers: foreigners don't play real football, like us. What they call "football" is really soccer. Silly foreigners!
You are aware that "soccer" is short for "association football", right? After the Football Asociation, which first codified the rules of the game; after which several former British colonies tried to make up their own versions. (One of them even took up a game which is ususally played by children here in the home of football, although they called it "baseball" rather than "rounders".)
(Personally, I hate all sport. I don't see any reason for it to be mentioned on Slashdot. After all, if we were sporty folk, we'd have something less useful to do with our time. Altogether now: "No balls on Slashdot!")
browsers, office software, and other such common-as-dirt apps that use reasonably predictable data should be a lot easier to protect against bad input
Agreed. On the other hand, given that I can make a webserver pump out any file I want, with whatever MIME type I wish, it's damn hard to catch everything. As has been mentioned elsewhere on this topic, the file causing the crash isn't any kind of valid HTML, even though it starts out looking like it might be. It isn't even wrong; it's garbage. Does seem a shame that IE manages to crash rather than catch the exception, but it's not as easy to vet input as it sounds when it could be literally any sequence of bytes whatsoever. At least it should be easy enough for MS to patch; unoirtunately that will probably cause even more problems;-)
Just do something *predictable* when confronted with garbage data
The point surely is that you can't always know for certain whether input is dross or not. The poster was talking about a mathematical library; the process of establishing whether or not the input to a function is outside the set of valid inputs is in at least some cases identical to the process of doing the calculation, or so burdensome as to be unreasonable.
Consider the case where a function requires an input point to be a member of the Mandelbrot set. Do we really want it to test every point entered? But I can still make this function available if I specify in the contract for my function that points must be such.
If a client of my library function specifies a point outside the Mandelbrot set, and my function thus goes into an infinite recursive descent, that is the fault of the client, for breaching the contract. I could iterate over every input point to see if it is a member of the set, but consider the performance hit. Whereas a client application can happily restrict user input to a known range of the Mandelbrot set.
The point is that code shouldn't necessarily be proof against all invalid input; it should fulfill its side of the contract, and that is all. If people want to use it wrong, that's their fault. Let the caller beware!
It really comes down to GIGO.
The purpose of a library is to offer functionality; it is up to the client of the library to ensure it does not crash it with dross.
Just my 0.0124704 GB pence worth (~= 2 US cents at current exchange rate)
Slashdot Mirror
"Semeno", perhaps? ;-)
In English, it's "one hand washes the other" (as mentioned on the site you link to), rather than "tit for tat", a contraction of "this for that", which is a translation of "quid pro quo".
(Sorry, I feel nitpicky tonight. Anyway, I always knew those Latin lessons would come in handy one day. Anyone know the Latin for "come in handy"? ;-)
I certainly don't believe that we should stand up for "bloodthirsty dictators"; I believe we should stand up for what's morally right. Presenting falsified intelligence to justify a war that is fought on purely economic grounds is hardly an ethical act.
I would prefer it if the bloodthirsty, moneygrubbing tyrants of Washington and London just stated honestly that they were going to invade a country to get their hands on the oil. Lying about it doesn't make it better. Any liberation of the Iraqi people is a mere side-effect of the war, and you should not allow yourself to be hoodwinked into believing that it can provide moral justification. Read Immanuel Kant's Groundwork of the Metaphysic of Morals if you want to know more.
I am aware of the meaning of "begging the question", and jumping on misuse of the expression is one of my own hobbies :-) What I meant to imply was that the story appeared to be using a shoddy journalistic tactic whereby something is presented as a question, but is in fact a disguised assertion which begs the question that appears to have been asked. I then moderated the tone of my post considerably as I didn't want to be seen as an anti-American troll and get flamed to oblivion; but I agree, I should either have modified the title of my post, or made it clearer what I was driving at. My bad :-(
I appreciate that this question is intended to provoke a debate, but it seems to me to narrow that debate through its phrasing. The implication seems to be that the US are the Guardians of World Peace (TM), and that we pesky Europeans have no business sticking our noses in when it makes the Yanks feel a little less in control.
Given the assumption that any removal of absolute control of some useful technology from the US is potentially "a bad thing for world peace", can anybody possibly point us to the evidence for Iraq's possession of WsMD, given that the Guardians of World Peace (TM) used them as their sole justification for starting a war?
Or could it be that the US should have listened to what the European states (with the sorry exception of my own nation) were trying to tell them about making unjustified assumptions? Might it not be a good thing if more than one kid in the playground has control of the baseball bat?
It's spelt "cunt".
I can sell you a new keyboard for $12 if yours is playing up...
IIRC, that aspect arose from an occasion when the Python team went into one of the BBC's canteens and found a large group of extras from another production in there, all wearing Viking costumes.
And for all those who think the spam comes in because of the old jokes about BBC canteen food: I contracted briefly at TV Centre in 1999, and the food is both excellent and cheap :-)
Dunno what it was like in the late 60s - early 70s.
Around that time, some religious fundamentalists who use to hang around Bedford (UK) gave me a pamphlet which claimed that the whole Star Wars story was ripped off from Christianity.
So no, there wasn't a whole lot of philosophy being applied ;-)
If Descartes had taken his process of systematic doubt to its logical conclusion, he would have realised that the idea that there must be somebody doing the thinking might also be an illusion created by the malevolent demon. This would have led him to:
COGITATUS EST
or, "There is a thought" as the final undeniable truth.
If he'd gone that far, the whole subsequent history of Western thought would have been different. Ah well, next universe maybe...
From the Bank of England website:
(their emphasis)
Given the close ties between our nations, I would assume that would also apply in Canada. However, as IANAL, I have found it completely impossible to understand what it's saying :-)
Translation:
And you missed out groat: 4d, abolished before 20th century, doesn't convert directly into decimal without lots of decimal places (i.e £0.01666666...)
Oh, and shilling was aka bob: 1/- == £0.05. Thus a florin was more commonly called two bob.
Those were the days... the changeover was on 15 February 1971. I was old enough to be intrigued, but my suspicions were confirmed when I went to the sweet shop: conversions had all been rounded up, so I was worse off :-(
Did they decide, or did they just not think of it until it was too late?
And it isn't "a pain" to have different sizes; it just depends on what you're used to.
In his memoirs, the compulsorily-retired British counterfeiter Charles Black gives a neat method of imitating this.
He took a load of electric wire insulation (red and blue separately IIRC), cut it into several centimeter lengths, and scattered those on a sheet of white paper in about the right density. He then photographed the resulting random arrangement, and photographically reduced it so it looked just like the pattern characteristic of US Treaury bills. Make offset litho plates, and he could run his paper (which he sourced from Australia as having the right feel, composition, etc.) through his press.
Bingo! blank notes, virtually indistinguishable from the real thing, ready to have the rest of the design printed.
At his trial in 1979, a US Treaury official testified that his notes were so good that they rendeerd obsolete a new note-checking machine that had taken millions of dollars of development.
FWIW, out of millions of dollars he produced before his first prison sentence, only $8,200 was recovered worldwide. The second time, he was caught before more than a few thousand dollars had hit the streets.
And he never got rich, because wholesale prices for counterfeit cash are so low.
I used to run a pub, and I made very sure that the staff knew how to tell a fake note - there were a lot of fake 20 GBP notes in circulation at that time, with occasional 10s.
Most, if not all, banknotes have certain embossed areas which are extremely difficult to imitate - apart from anything else, it's too expensive for it to be worthwhile. On a UK note, as you straighten the note out ready to go in the till, you run your thumb along the words "Bank of England" at the top. If you can't feel that the printing is raised from the surface, you start checking the other features.
Turning to the 1995 series 1 USD bill I have tucked into my wallet, I can immediately feel that the surface of Washington's picture is similarly textured - run your thumb over his right shoulder and it really stands out as a rough surface. (And this isn't a new bill, it's an old creased one somebody gave me in a bar in Amsterdam.) Time taken to check: 0ms, as you always have to straighten the note out flat anyway as you head for the till, wait for the drawer to open, whatever. Nobody ever found a fake note in my till :-)
FWIW: I once helped out in a pub on a busy Friday night where the landlord found a b&w photocopy of one side of a 20, unevenly cut to size, in the till at the end of the night. He went absolutely ballistic, ranting and raving at us about our utter stupidity and incompetence. After about 5 minutes of this, we all cracked up as one guy confessed that he'd slipped it into the middle of the 20s as a windup :-)
We stopped laughing when the boss pointed out that the till was still over 60 GBP down on the night, and it wasn't coming out of his pocket...
IIRC, the rule is that more than 50% of the note must be present, and the serial number must be decipherable.
Yup, in the end I had to drop the processor down to 250, patch, and bump it up again.
It reminded me of the time someone posted to a Netscape newsgroup wanting a JavaScript snippet that could determine whether JavaScript was enabled or not. Even better, someone posted a reply. Of course, it only worked if JS was enabled :-)
This is Microsoft's response to his report.
I notice that they don't have the line about "This was not reported to us which is terribly irresponsible etc. etc." which they often put on these things. Nor do they acknowledg that they fail to provide any obvious way to report these problems.
Go to their security site and there is no obvious point of contact for making vuln reports.
A similar one bit me when I was upgrading my machine the other year.
I'd installed an AMD K2 running at 500MHz, and Windoze 95 crashed at the point of initialising the desktop. Booting into DOS worked fine, so the machine wasn't broken. A search of the Knowledge Base showed that this was a known bug on AMD procesors running over ~300MHz, and a patch was available.
Downloaded the patch to a floppy, put it in the machine, tried to run it from the command line, got the message:
To labour the point: this patch fixed a bug which prevented Windows from starting.
Your carpentry analogy is a worthwhile one, relating programming more to the fields of craft rather than art.
OTOH, remember that the distinction between the crafts and the fine arts, as we presently understand it, is a construct that our culture has imposed after the fact to allow it to understand and interpret the achievements of Renaissance artists and those who came after. At the time, a man who painted a portrait was doing a job of work, in the same way as the man who made a piece of furniture. This was one of the guiding principles of people like Eric Gill, who argued for a return to the principles and ideals of the mediaeval craftsmen as the way to the salvation of art and society in an industrialised age.
Shame you didn't RTFA, as your point is explicitly addressed:
I felt it was important to the worth of the article that he actually covered important points like this. Overall, whether or not one agrees with the author's use of the word "hacker" in this context, I as a programmer recognised so many things in this article that I have come to understand and appreciate in the past 30 years of mucking about with these wondrous machines. I was able to think of specific examples from my own experience of every important point made.
YMMV... :-)
Surely the most recent was that sodding paperclip?
You are aware that "soccer" is short for "association football", right? After the Football Asociation, which first codified the rules of the game; after which several former British colonies tried to make up their own versions. (One of them even took up a game which is ususally played by children here in the home of football, although they called it "baseball" rather than "rounders".)
(Personally, I hate all sport. I don't see any reason for it to be mentioned on Slashdot. After all, if we were sporty folk, we'd have something less useful to do with our time. Altogether now: "No balls on Slashdot!")
Agreed. On the other hand, given that I can make a webserver pump out any file I want, with whatever MIME type I wish, it's damn hard to catch everything. As has been mentioned elsewhere on this topic, the file causing the crash isn't any kind of valid HTML, even though it starts out looking like it might be. It isn't even wrong; it's garbage. Does seem a shame that IE manages to crash rather than catch the exception, but it's not as easy to vet input as it sounds when it could be literally any sequence of bytes whatsoever. At least it should be easy enough for MS to patch; unoirtunately that will probably cause even more problems ;-)
The point surely is that you can't always know for certain whether input is dross or not. The poster was talking about a mathematical library; the process of establishing whether or not the input to a function is outside the set of valid inputs is in at least some cases identical to the process of doing the calculation, or so burdensome as to be unreasonable.
Consider the case where a function requires an input point to be a member of the Mandelbrot set. Do we really want it to test every point entered? But I can still make this function available if I specify in the contract for my function that points must be such.
If a client of my library function specifies a point outside the Mandelbrot set, and my function thus goes into an infinite recursive descent, that is the fault of the client, for breaching the contract. I could iterate over every input point to see if it is a member of the set, but consider the performance hit. Whereas a client application can happily restrict user input to a known range of the Mandelbrot set.
The point is that code shouldn't necessarily be proof against all invalid input; it should fulfill its side of the contract, and that is all. If people want to use it wrong, that's their fault. Let the caller beware!
It really comes down to GIGO. The purpose of a library is to offer functionality; it is up to the client of the library to ensure it does not crash it with dross.
Just my 0.0124704 GB pence worth (~= 2 US cents at current exchange rate)
What, like a mediaeval monk? ;-)