A few choice quotations from Lord Kelvin, President of the Royal Society:
Radio has no future.
Heavier-than-air flying machines are impossible.
X-rays will prove to be a hoax.
Apparently these were in 1899. They're all over the net and in print (eg the book Return of Heroic Failures) but I can't find a definitive source in context.
The mere existence of the preprocessor isn't such a problem. After all, no matter how horrible it is, adding an bad feature to a language only harms people stupid enough to use it. So while I don't advocate stuffing new features into a language, I don't think you can argue 'language X sucks because it includes feature Y'. Only, 'language X is ugly' or perhaps 'feature Y creeps up on you and stabs you in the back when you don't realize you are using it, and therefore language X is dangerous for beginners'.
The problem is that you are forced to use textual inclusion to build pretty much any project bigger than a single source file. There isn't a real module system as in many more 'academic' languages like Modula-2. What I mean is: suppose you would like to use libpng in your program. So you #include the libpng headers. Purely as an internal implementation detail, libpng happens to use zlib. Its header files #include some of the zlib things, which means that zlib is now dragged in at the top level even though you did not ask for it. Ideally, the zlib functions should be available only in the libpng source files that asked for them, and if you separately wanted to use zlib (perhaps a different version) in the main project you should be able to do so without needing to know or care about whether libpng also uses it.
Also as the UNIX-HATERS Handbook notes:
The worst problem with the C preprocessor is that it locks the Unix world into the text-file prison and throws away the key. It is virtually impossible to usefully store C source code in any form other than linear text files. Why? Because it is all but impossible to parse unpreprocessed C code.
In other words it is very hard to write automated code browsing tools or refactoring tools for C and C++ because you can't parse a given source file without textually expanding it (and thus dragging in megabytes of headers). Things like etags are only approximations. I guess I'm contradicting what I said earlier: the mere existence of the preprocessor is bad, because it makes life difficult for IDEs and code browser tools. There are some good points to the preprocessor, but in this day and age when any compiler can do inlining, not many.
There is protection in the hardware; every Intel processor since the 80386 has rather sophisticated address space partitioning so one bit of code can be completely prevented from trampling on anything else. The problem is in getting the software to use it. At the moment if you want separate address spaces you must create separate processes. It's good that processes cannot fight each other, but it would be nice to have a more lightweight mechanism whereby library code runs in the same process somehow but with control over what address space it can write. I don't know enough about the Intel memory protection architecture to say whether this is feasible.
What we have in the Linux and BSD world at least are very good Mandatory Access Control systems that help mitigate some of this risk.
These things won't really help until they are set up by default and don't get in the way of normal functionality. The Fedora guys are doing excellent work trying to push SELinux into the default installation, and perhaps in five years' time we will laugh at the days when a web browser needed to run with write access to all the user's files. But it's not there yet; still the vast majority of Linux systems run with only the crude root/ordinary user distinction. And when your personal data (that is, important data) are owned by your ordinary non-root account, that's not much consolation.
The other comment mentioning PLASH was spot on, please mod it up! If PLASH's GUI extension for loading and saving files were integrated with a desktop environment like GNOME or ROX, it would deal with 80% of the problem of running apps with lower privilege.
Those of us who use free operating systems shouldn't be too complacent. This exploit is serious because the WMF rendering library has full access to the user's data, and (at least on a 'home' setup where it's a single-user machine) access to the whole PC.
But it was really just bad luck that the bug happened to be found in the Windows WMF library and not, say, its Unix/X11 equivalent. Or libpng, or zlib, or whatever. Anyone who thinks otherwise is deluded. All software has bugs, and even if the quality of the free libraries is ten times higher (unlikely) there will still be plenty of memory tramplings and buffer overruns.
So, when the next vulnerability is found in a commonly used Unix library, will we be in any better position? Not really. Still the library is linked into the application and runs in the application's address space. It has access to all the files the app does, and traditionally on Unix that means everything the user has access too. Your email application may only need to read ~/.mail_settings and connect via IMAP to some host, but it runs with permission to overwrite any file owned by you and connect on any TCP/IP port it wants.
Why does the WMF rendering code need to run with any more permissions than: read a block of memory with the WMF file, and write a block with the rendered bitmap? (Or perhaps make display / GDI calls, if performance is a concern.)
What support is there in Unix operating systems for running common library code with only the privileges it needs? As far as I know Linux has no simple way to run a dynamically-linked library (.so file) in its own address space or without permitting it to make system calls. So when the next exploit is found in a common Linux library - and it will be found - the situation will be just as embarassing.
But the media companies are moving towards new business models. That is exactly the problem.
Old business model: you go to the shop and buy a vinyl record, or a printed book, or a cassette tape. It is now yours. Copyright law prevents you from making copies or at least from distributing them to others, which is a civil wrong, but apart from that you can do as you wish with the goods you bought. (Widescale piracy is a crime, but what you do in your own home with the CD you bought is not criminalized.) It is not illegal to posess a photocopier or a tape recorder. If you have a CD, of course you can sell it on.
New business model: in exchange for your payment you don't really own anything, but are granted a limited set of rights to 'use' the content in particular ways determined by the publisher. The devices you must use to watch or listen, such as a DVD player, are programmed to act against you and to prevent things which have nothing to do with copyright law but serve to prevent fair competition in the market, for example stopping DVDs from America being played in Europe. The laws restricting what you can and cannot do are wide-ranging, overlapping, include criminal as well as civil penalties, and you'd really need a lawyer (and perhaps a court battle) to determine what's legal and what isn't.
If companies would go back to the traditional business model, and the original scope of copyright law, we wouldn't have too many problems. It's the same with those who argue that copyright law needs to be modernized and updated for the digital age. No, not really. Far better to return to the simple and balanced copyright laws that were first implemented, with a term of 14 years extendible for another 14 during the author's lifetime.
The eye-tracking result is interesting, but it says little about the properties of video on the Web compared to television. Nielsen always likes to tell us how different the Web is, how users are more active, get bored and so on; but where is the comparative eye-tracking study of watching the same clip on television? Surely looking behind the speaker to read a sign or a trash can would happen just as much on TV. And might a TV viewer not glance out of the window or stare at the remote control just as much as the Web viewer looks at other bits of the display?
Many decades of experience have gone into making video for broadcast and I'd be surprised if Nielsen, from this single experiment, has come up with anything not known to television professionals. OK, having a road sign behind the speaker distracts people's attention; useful to know, but hardly a new insight and still less some pearl of Web wisdom that ignorant television people should be glad to receive from Jakob Nielsen.
File transfer can still be carried out by most instant messaging clients, and that can pose serious security risks.
I'm not convinced of this. It's not as if the instant messaging client magically runs with higher privilege and gives someone access to files they couldn't otherwise view. If they transfer a file to a friend, it must be a file they already had permission to read. If they receive a file by instant messenger, the risk is no greater than if they'd simply downloaded it in their web browser or loaded it from a CD.
I'm deliberately taking a one-sided position here, but it seems there is a lot more heat than light generated over file-sharing 'dangers'. I am reminded of Catbert's banning of camera phones as a security risk - notwithstanding the fact that the only documents people could take photographs of would be those they're allowed to read and photocopy anyway - and without even banning ordinary cameras.
I remember the description from the (rather 1990s but still readable) Cluetrain book:
Take the standard computer-industry press release. With few exceptions, it describes an "announcement" that was not made, for a product that was not available, quoting people who never said anything, for distribution to a list of people who mostly consider it trash.
Dishonesty in PR is pro forma. A press release is written as a plainly fake news story, with headline, dateline, quotes, and all the dramatic tension of a phone number. The idea, of course, is to make the story easy for editors to "insert" in their publications.
But an editor would rather insert a crab in his butt than a press release in their publication.
(Intel's web site is out of date: their list of press releases stops on the 14th of December)
From TFA, it appears that he's just patched QEMU to run as a screensaver. It doesn't have much to do with Linux at all since you could equally well run DOS, FreeBSD or whatever under QEMU.
80-20 rule: not all of those 146 different values you could send are used that often. A good keyboard design would be based on an analysis of what letters and keys are pressed most often (assuming we want to keep the principle of one key per letter, one key for Enter and so on) and have a kind of Huffman coding so that the most commonly used characters are quickest to type.
Programmers type characters like { } $ ( ) = + more often than the general population. It would be an awesome geek-toy to have a keyboard which promoted these characters to their own keys and relegated those useless squiggles like vowels to Shift-Ctrl combinations;-).
Why on earth don't Ebay GPG sign their messages? Even if most users wouldn't check the signature, at least their own fraud team could tell what was genuine Ebay correspondence and what wasn't...
Unfortunately perl has a great deal of semantic nastiness too. A lot of it relates to the magic builtin variables like $! or $1, $2, $3. My favourite is http://rt.perl.org/rt3/Ticket/Display.html?id=2314 0>.
Doesn't Microsoft Office have all sorts of hooks into Internet Explorer? At least on Windows, you need the latest IE for the latest Office, or it installs at the same time, or something like that. What does this say about the future of Office for Mac?
when you're running a computer that your whole extended family has accounts on...
Um, file permissions mean that they can't read the configuration file from your home directory, unless you deliberately allow them to by making it world-readable.
Perhaps you are worried that other family members would find a local exploit, get root on the box and then be able to peek at your files? Anyone with the ability to do that could easily undo any password obfuscation that GAIM might do. Obfuscating the password doesn't give you any security beyond normal file permissions.
If you encrypt it with your ssh public key, then yes you have to enter the passphrase for that at login. But you might well be doing that anyway, if you often use ssh. If not, at least it's only one password to enter rather than several, since many different applications (not just GAIM) can all use the ssh keypair to encrypt sensitive things. There is also a PAM module to authenticate you on login with your ssh passphrase, so you'd only type one password in total from turning the machine on to using your applications.
The sane way to do it would be to encrypt the GAIM password with the user's GPG public key or their SSH public key. Then the user only has to remember the passphrase for their keypair, which they know anyway.
(FWIW, I'm with GAIM on this; storing 'encrypted' passwords which are really just obfuscated is an attempt at security through obscurity, and just as doomed as all other attempts like that. Better to make it obvious what is going on than attempt to hide behind a veil of supposed security that really offers no protection.)
Surely the choice of font ought to be something individuals can set up in their web browser. A website doesn't really have much business selecting particular named fonts, content versus presentation and all that. If you use CSS then you can quite reasonably limit yourself to normal, sans-serif and monospaced - and trust that any sane web browser will choose something readable on the user's screen.
No, really, the review doesn't make any mention of how easy it is to install say Fedora on the thing, or how much of the hardware is supported. I find this very surprising for Slashdot of all sites.
Lewis's stepson Douglas Gresham was closely involved with the film and (despite being a Christian himself) denies that it has a particularly Christian meaning. I read an interview where he said he had to resist the temptation to impose his own Christianity on the film. That said, he acknowledges that it can be read in a Christian context if you so choose - for example in this interview:
You have to bear in mind that Hinduism has a dying god who dies for his people, then comes back. Norse mythology has the dying god. Greek mythology has the dying god. This myth is not new and it's not unique to Christianity. Yes, Christians who watch the movie or read the book will look for Christian symbolism. But I think that's the wrong way to approach it. I think it's far better to read the book or see the movie and try to find out where you fit into Narnia. Analyze yourself and how you would react under these circumstances. Who are you? Are you an Edmund? Are you a Peter? Or a Lucy or a Susan or a Tumnus? Where do you fit?
Hmm... on the other hand, Excel cannot handle spreadsheets of more than 65535 rows, no matter how much memory your machine has. This limitation has been there for over a decade and as far as I know hasn't been addressed. I guess we should all switch to Gnumeric or something.
As an OEM, you can only modify Windows with Microsoft's permission and add things they approve of. If they don't like what you're bundling they can cut off your supply of licences (see Microsoft's threat to IBM that they could 'buy it retail') or raise the price they charge you for a copy of Windows by $40, putting a big hole in your profit margin or even wiping it out.
There would only be real competition if the price of Windows were fixed for all market participants, instead of being set by arm-twisting deals between Microsoft and individual OEMs.
Slashdot Mirror
Duh, you can buy a Raptor X and mod it to replace the boring transparent window with a shiny metallic-finish case.
The problem is that you are forced to use textual inclusion to build pretty much any project bigger than a single source file. There isn't a real module system as in many more 'academic' languages like Modula-2. What I mean is: suppose you would like to use libpng in your program. So you #include the libpng headers. Purely as an internal implementation detail, libpng happens to use zlib. Its header files #include some of the zlib things, which means that zlib is now dragged in at the top level even though you did not ask for it. Ideally, the zlib functions should be available only in the libpng source files that asked for them, and if you separately wanted to use zlib (perhaps a different version) in the main project you should be able to do so without needing to know or care about whether libpng also uses it.
Also as the UNIX-HATERS Handbook notes:
In other words it is very hard to write automated code browsing tools or refactoring tools for C and C++ because you can't parse a given source file without textually expanding it (and thus dragging in megabytes of headers). Things like etags are only approximations. I guess I'm contradicting what I said earlier: the mere existence of the preprocessor is bad, because it makes life difficult for IDEs and code browser tools. There are some good points to the preprocessor, but in this day and age when any compiler can do inlining, not many.
There is protection in the hardware; every Intel processor since the 80386 has rather sophisticated address space partitioning so one bit of code can be completely prevented from trampling on anything else. The problem is in getting the software to use it. At the moment if you want separate address spaces you must create separate processes. It's good that processes cannot fight each other, but it would be nice to have a more lightweight mechanism whereby library code runs in the same process somehow but with control over what address space it can write. I don't know enough about the Intel memory protection architecture to say whether this is feasible.
These things won't really help until they are set up by default and don't get in the way of normal functionality. The Fedora guys are doing excellent work trying to push SELinux into the default installation, and perhaps in five years' time we will laugh at the days when a web browser needed to run with write access to all the user's files. But it's not there yet; still the vast majority of Linux systems run with only the crude root/ordinary user distinction. And when your personal data (that is, important data) are owned by your ordinary non-root account, that's not much consolation.
The other comment mentioning PLASH was spot on, please mod it up! If PLASH's GUI extension for loading and saving files were integrated with a desktop environment like GNOME or ROX, it would deal with 80% of the problem of running apps with lower privilege.
Those of us who use free operating systems shouldn't be too complacent. This exploit is serious because the WMF rendering library has full access to the user's data, and (at least on a 'home' setup where it's a single-user machine) access to the whole PC.
But it was really just bad luck that the bug happened to be found in the Windows WMF library and not, say, its Unix/X11 equivalent. Or libpng, or zlib, or whatever. Anyone who thinks otherwise is deluded. All software has bugs, and even if the quality of the free libraries is ten times higher (unlikely) there will still be plenty of memory tramplings and buffer overruns.
So, when the next vulnerability is found in a commonly used Unix library, will we be in any better position? Not really. Still the library is linked into the application and runs in the application's address space. It has access to all the files the app does, and traditionally on Unix that means everything the user has access too. Your email application may only need to read ~/.mail_settings and connect via IMAP to some host, but it runs with permission to overwrite any file owned by you and connect on any TCP/IP port it wants.
Why does the WMF rendering code need to run with any more permissions than: read a block of memory with the WMF file, and write a block with the rendered bitmap? (Or perhaps make display / GDI calls, if performance is a concern.)
What support is there in Unix operating systems for running common library code with only the privileges it needs? As far as I know Linux has no simple way to run a dynamically-linked library (.so file) in its own address space or without permitting it to make system calls. So when the next exploit is found in a common Linux library - and it will be found - the situation will be just as embarassing.
But the media companies are moving towards new business models. That is exactly the problem.
Old business model: you go to the shop and buy a vinyl record, or a printed book, or a cassette tape. It is now yours. Copyright law prevents you from making copies or at least from distributing them to others, which is a civil wrong, but apart from that you can do as you wish with the goods you bought. (Widescale piracy is a crime, but what you do in your own home with the CD you bought is not criminalized.) It is not illegal to posess a photocopier or a tape recorder. If you have a CD, of course you can sell it on.
New business model: in exchange for your payment you don't really own anything, but are granted a limited set of rights to 'use' the content in particular ways determined by the publisher. The devices you must use to watch or listen, such as a DVD player, are programmed to act against you and to prevent things which have nothing to do with copyright law but serve to prevent fair competition in the market, for example stopping DVDs from America being played in Europe. The laws restricting what you can and cannot do are wide-ranging, overlapping, include criminal as well as civil penalties, and you'd really need a lawyer (and perhaps a court battle) to determine what's legal and what isn't.
If companies would go back to the traditional business model, and the original scope of copyright law, we wouldn't have too many problems. It's the same with those who argue that copyright law needs to be modernized and updated for the digital age. No, not really. Far better to return to the simple and balanced copyright laws that were first implemented, with a term of 14 years extendible for another 14 during the author's lifetime.
The eye-tracking result is interesting, but it says little about the properties of video on the Web compared to television. Nielsen always likes to tell us how different the Web is, how users are more active, get bored and so on; but where is the comparative eye-tracking study of watching the same clip on television? Surely looking behind the speaker to read a sign or a trash can would happen just as much on TV. And might a TV viewer not glance out of the window or stare at the remote control just as much as the Web viewer looks at other bits of the display?
Many decades of experience have gone into making video for broadcast and I'd be surprised if Nielsen, from this single experiment, has come up with anything not known to television professionals. OK, having a road sign behind the speaker distracts people's attention; useful to know, but hardly a new insight and still less some pearl of Web wisdom that ignorant television people should be glad to receive from Jakob Nielsen.
I'm deliberately taking a one-sided position here, but it seems there is a lot more heat than light generated over file-sharing 'dangers'. I am reminded of Catbert's banning of camera phones as a security risk - notwithstanding the fact that the only documents people could take photographs of would be those they're allowed to read and photocopy anyway - and without even banning ordinary cameras.
(Intel's web site is out of date: their list of press releases stops on the 14th of December)
Yeah, that's just what we need, a hundred and one different auto-update systems, one for each application. Two words: yum update.
From TFA, it appears that he's just patched QEMU to run as a screensaver. It doesn't have much to do with Linux at all since you could equally well run DOS, FreeBSD or whatever under QEMU.
n0 3s d1f1c1l 3xpr3s4rs3 s1n v0c4l3s...
80-20 rule: not all of those 146 different values you could send are used that often. A good keyboard design would be based on an analysis of what letters and keys are pressed most often (assuming we want to keep the principle of one key per letter, one key for Enter and so on) and have a kind of Huffman coding so that the most commonly used characters are quickest to type.
;-).
Programmers type characters like { } $ ( ) = + more often than the general population. It would be an awesome geek-toy to have a keyboard which promoted these characters to their own keys and relegated those useless squiggles like vowels to Shift-Ctrl combinations
Why on earth don't Ebay GPG sign their messages? Even if most users wouldn't check the signature, at least their own fraud team could tell what was genuine Ebay correspondence and what wasn't...
Unfortunately perl has a great deal of semantic nastiness too. A lot of it relates to the magic builtin variables like $! or $1, $2, $3. My favourite is http://rt.perl.org/rt3/Ticket/Display.html?id=2314 0>.
Doesn't Microsoft Office have all sorts of hooks into Internet Explorer? At least on Windows, you need the latest IE for the latest Office, or it installs at the same time, or something like that. What does this say about the future of Office for Mac?
Perhaps you are worried that other family members would find a local exploit, get root on the box and then be able to peek at your files? Anyone with the ability to do that could easily undo any password obfuscation that GAIM might do. Obfuscating the password doesn't give you any security beyond normal file permissions.
If you encrypt it with your ssh public key, then yes you have to enter the passphrase for that at login. But you might well be doing that anyway, if you often use ssh. If not, at least it's only one password to enter rather than several, since many different applications (not just GAIM) can all use the ssh keypair to encrypt sensitive things. There is also a PAM module to authenticate you on login with your ssh passphrase, so you'd only type one password in total from turning the machine on to using your applications.
The sane way to do it would be to encrypt the GAIM password with the user's GPG public key or their SSH public key. Then the user only has to remember the passphrase for their keypair, which they know anyway.
(FWIW, I'm with GAIM on this; storing 'encrypted' passwords which are really just obfuscated is an attempt at security through obscurity, and just as doomed as all other attempts like that. Better to make it obvious what is going on than attempt to hide behind a veil of supposed security that really offers no protection.)
Surely the choice of font ought to be something individuals can set up in their web browser. A website doesn't really have much business selecting particular named fonts, content versus presentation and all that. If you use CSS then you can quite reasonably limit yourself to normal, sans-serif and monospaced - and trust that any sane web browser will choose something readable on the user's screen.
Does it run Linux?
No, really, the review doesn't make any mention of how easy it is to install say Fedora on the thing, or how much of the hardware is supported. I find this very surprising for Slashdot of all sites.
Hmm... on the other hand, Excel cannot handle spreadsheets of more than 65535 rows, no matter how much memory your machine has. This limitation has been there for over a decade and as far as I know hasn't been addressed. I guess we should all switch to Gnumeric or something.
As an OEM, you can only modify Windows with Microsoft's permission and add things they approve of. If they don't like what you're bundling they can cut off your supply of licences (see Microsoft's threat to IBM that they could 'buy it retail') or raise the price they charge you for a copy of Windows by $40, putting a big hole in your profit margin or even wiping it out.
There would only be real competition if the price of Windows were fixed for all market participants, instead of being set by arm-twisting deals between Microsoft and individual OEMs.