I've used cannabis for recreational purposes, and while being high does give you interesting ideas, actually converting them to a piece of logic (i.e. a program) seems to be impossible. Nothing I've ever programmed while under the influence of marihuana has outlived a review while being sober.
And that's not the worst part.
While I was smart enough to only do this in my own time, I used to have a colleague with a somewhat... broader... view on the subject. Maintaining his code always felt like reading through a piece of Stream-of-consciousness literature.
It has enforced my own beliefs that recreational drug use does NOT deliver better code; quite the opposite.
Can the company really be trusted to not use the 'phone home' feature to collect customer browsing info?
The greatest strength of Opera is that is 'like yet unlike the other browsers'. They play on the weaknesses of Netscape and Explorer and provide a good alternative. In my opinion, this is the foremost reason people actually *buy* a browser.
As soon as Opera starts collecting my personal information, they loose a lot of their advantages over the other browsers. That causes me to believe they will not do this.
Of course, this depends on your point of view. Did the Egyptians want to align their pyramids to true north and did it just happen that these starts pointed there?
Or did they want to align their pyramids with those stars, and is it a mere coincidence that this happened to be true north around that time?
Personally, I find the latter explanation much more acceptable, especially if her point about the Pharao's prefernce for stars is true.
As for the argument that it would be too much of a coincidence: coincindences happen. Why not there?
Service packs are a great idea because you can
consolidate all of the fixes into a comprehensive
unit and thus you can tell people, my software
will work on Redhat 7.0 service pack 3
I have to agree with you on this one. The concept of a service pack or a patch bundle is
usefull at times.
I disagree. A service pack or patch bundle contains by definition a lot of patches. However, most probably program P needs only one or two of those patches. Even worse, there is a good chance that most of the patches are irrelevant to me. Example: I do not run sendmail, so what do I need sendmail patches for.
And that's where the package-depencies come in. If It is stated in the RPM (or Deb I guess) that it is dependend on version X, patch Y, by default the rpm will not be installed unless that version (or at least that version) is present. And this is clearly stated. So only that respective patch needs to be downloaded.
Needless to say, for those with low bandwidth connections pathchbundles or SPs are a mixed blessing.
If opera is the only browser that renders your code correctly, what good is designing for it?
That's exactly the wrong point of view. You're not designing for Opera, you're designing to the spec. And you can use Opera to check whether or not you've interpreted the specs correctly.
Designing for a browser is the biggest waste of time you can have. Recently, I was updating my website and decided to use CSS. It worked great, except that Netscape 4.72 does not handle textblocks correctly. For instance, the line-height (or whatever it's called, don't feel like looking it up right now) tag is only interpreted correctly if the moon aligns with Mars and the neighbour's cat is pregnant; in other words, its behaviour is quite unpredictable.
Instead of deciding to forego CSS I decided to leave it like that. After all, I followed the Spec and the text was readable anyhow.
And yes, lo and behold, I downloaded Netscape 4.75 and the pages render exactly as I wanted them now.
The moral of this story: do not design for browsers; they are a running target.
I'm trying to figure out what's wrong with Nazi memorabilia? [...] Allowing someone to own a relic of the Nazi past doesn't make them an instant Nazi. I really don't even see why there's a problem here.
The problem is, as usual, political. Let me try to explain how I see it.
Back in 1945, when WWII was over, people said to each other: 'We do not want this to happen ever again' -- like they said after WWI:-( -- The Germans and their collaborators were punished and the Good Guys tried to get on with their lifes. And all was good because the Good Guys won. And they tried to banish all traces of nazism.
Then a second generation stood up and asked their parents: 'but what did YOU do in the war?', to which a lot of parents replied: 'I had very strong thoughts against the situation' or 'I once directed an officer the wrong way' or 'I has this Jewish neighbour, I helped him and en passant nicked all his valuables, I didn't like Jews anyway'. And this second generation scorned their parents for it, felt guilty about their parents and wrote way too many books about it.
And now this second generation is in control, and people ask them: 'what did the previous governements do?' to which they have to reply 'we helped the oppressors every way we could -- that really taught them a lesson'. And they get a lot of bad press about it.
And then some gov-related guy(m/f) in France sees that you can buy nazi-thingies in France. And he sees the questions arising: 'What is the french government doing against the rise of neo-nazis'. And now they can answer: 'we did everything we could'.
Of course, this is only a reason for their actions, not a justification of it. But please note that it's not just France -- a lot of (north-west) european countries could have done this.
he feature or bug in M$ Outlook is there because it is supposed to be helpful (which it probably isn't), but it is not malicious, and would not causes any damage if somebody else had not tried to be malicious.
Firstly, the feature is merely the possibility to run scripts in the Windows Scripting Host. This can be extremely helpful, just like Word-macros can be extremely helpful.
Secondly, when you create an environment in which 'foreign' data can enter, you should always be aware of the possibility of dangerous, malicious code.
Why am I pointing this out? It's late, so I'm not very coherent:-( but let's have a look at Java. Java is an interpreted language (at least the bytecode is) which is run through a security manager -- all calls that might be dangerous go trough that security manager, enabling us to run java applets/applications inside a sandbox where they can do NO HARM.
Where am I heading? The keyword here is 'sandbox'. I do not understand why neither Office nor the WHS have something like a sandbox. AFAIK, VBA and VBS are interpreted languages. Isn't it possible to prevent programs written in those language from doing something dangerous without the user's knowledge? As in: "ILOVEYOU tries to format your hard disk. Do you really want this to happen? Yes/No". This would seriously make it harder for a virus to be written. (NOTE: I said harder, not impossible).
As an aside, if Gnome is going to support something that looks like VBA, I certainly hope it is sandboxed. Otherwise I'll never again be able to laugh at my friends: "you received what virus? sorry, but it doesn't run under linux".
Technicians/Engineers/Programmers are badly in need of codified ethics. Does anyone know anywhere on the Net where this is discussed? Or proposals for what a code of ethics would contain?
The ACM already created a Code of Professional Conduct in 1966 (no link, sorry), which has been revised a couple of times. The current version can be found on http://www.acm.org/constitution/code.html
It's during those 3 seconds that people are getting it through their heads that they need to throw something through the TV, finding something, and throwing it through the TV.
What the hell is wrong with people?
It is not as implausible as it sounds. Let's take the average tv-zapper as an example:
0:00.00 - Cockroach appears 0:00.02 - Eyes register creepy movement 0:01.00 - Brain registers creepy movement, inference engine is started 1:30.00 - Conclusion is reached: "A Cockroach!!" 1:30.05 - Automatical defense system is started: "Let's kill it!" 1:30.37 - Brains register object in right hand 1:30.40 - Arm slings remote control to screen 1:30.85 - TV explodes 1:30.90 - Eyes register exploding thingy 1:31.40 - Brains register explosion, inference engine is started 3:00.00 - Conclusion reached: "I just killed my TV! They made me do it!" 3:00.02 - Search for solution starts - depth first 3:00.05 - Conclustion reached: "Let's sue them!"
As you can see, they need less than two minutes to break their TV. Thanks to the high-availability of solution-data, they only need 0.03 seconds to decide to sue. Experimental data is still gathered to determine how long it takes them before they find out whom to sue.
I think we need more research and then come up with a new set of guidelines, or maybe a law, like the MAOCTVA (The "Maximum amount of creepy thingy visibility act"), to prevent thses kind of things from happening in the future. After all, it's the governments duty to protect US citizens as much as possible.
YDD
Re:These aren't the worst hoaxes
on
Hoax-a-go-go!
·
· Score: 1
I'm sure the next urgent virus warning that comes along will have them madly forwarding again. Oh well, what can you do?
I've found the perfect solution to this problem. On a highly SECURED partition of my harddisk resides a copy of the Good Time virus. Everytime someone sends me a `beware of the XXXX virus' message, I send them the GT. BUT, and this is the cunning part, I change the HEADER!!!
Unsuspecting, the hoaxspammer opens the email, convinced that it will make him earn a million dollar(!!), and his entire harddisk is ERASED!!!
After that, they usually keep from sending me such email. (I've got this advice from the vice president of AOL.)
YDD
-- multiple exclamation marks are a sure sign of a diseased mind --
For some reason, I'm not sure if this will help us very much. Right now I can see the patent office being flooded by flaming, threatening letters. Or letters stating only "That's not the way it should be done", or "Get rid of all patents forever." Yeah, that will convince them...
It would be nice if there was some kind of `standard' letter that could be copy/paste/emailed to the patent office. A lot of people stating the same always attracts attention and it will show that there is some consensus in this community.
Do not forget that you are not the only one who can let your voice being heard. The Big Companies(TM) have this opportunity too, and while some of them might be Very Evil(TM), they are often very good at stating clearly (and politely!) what they want.
So please don't shout at them, don't threaten them, but be constructive.
Here at the Free University of Amsterdam, we have the one and only Tanenbaum running around. This means that we use his books Computer Organization, Computer Networks and Operating Systems. IMHO, they are excellent books for learning a lot of basics. <P> I haven't done the Computer Networks assignment, but I understood it's about implementing FTP, together with some underlying structure. (like TCP/IP ??) <P> The Computer Organization course is accompanied by a mandatory assembly assignment, where we had to implement a memory pager on an 8086 emulator. <P> The CN and OS courses are also both accompanied by an assignment, of which one is optional. For the OS assignment, we had to modify the kernel to implement: <OL> <LI>A message log device - learn a lot about minix message passing and memory device drivers <LI>Access Control Lists - how does the filesystem and access control work? <LI>Memory defragmentation - how does memory management work? </OL> As you can see, the assignment covers a lot of the OS and it's not a bad course. You have to dig through lots of reasonably commented code, with a good book at your side. <P> Some comments below argue against kernel hacking on the grounds of slow debug cycles; minix doesn't do much, but it boots really fast, making this not much of an issue. <P> I really learned a lot of this assignment: how fast deadlines approach, how terrible it is to read someone else's code (esp. C), and that I never want do any kernel hacking anymore:-)
It is much more likely that a corrupt employee with access rights on the other end will read and or sell the number
If you use public/private key encryption, the person on the other side will only see your public key (which is already public, hence the name:-) and a document signed with your private key. Thus, in order for the malicious employee (MA) to sell your private key, the MA first has to find it, which is not easy.
As an aside, the MA does know the contents of the signed document, enabling him to find your private key using a known-plaintext attack. AFAIK this makes the search somewhat easier, but it still requires a lot of effort.
I'm sorry, but I just have to post the link again. A while ago there was an article on/. regarding such third parties; in this article Bruce Schneier argues that we currently can't trust any such third party.
Example: I don't remember if he mentions it, but a while ago some german hackers were able to get a false ID from Verisign.
I wonder if the government has read this article. IMHO if they want digital signatures to be legally acceptable, they should also be the third party (as with passports).
As for your signature-comparing: what I've got hold of another person's private key?
Of course, when dicussing e-commerce stealing a key won't help you much. I order fourty books from an online shop and pretend to be someone else. This 'someone else' refuses to pay, saying he never ordered the books. They look at the shipping address and hey, the books were sent to me! It might ring a bell...
The same goes for your mortgage example: "well, if it wasn't you, then who signed for the mortgage on someone else's house???!?!" "I don't know someone else, I've never seen the house, it's fourhunderd miles from here. Why would I pay someone else's mortgage?" "Hmm, you've got a point."
There are (of course) security risks, but not as you describe it.
Let's see what happens if X publishes my public key, without having my private key. If X encrypts a document with his own private key and someone else tries to decode it with my public key, the result will be garbage, thus proving that X is not related to me.
However, there still are some problems. If X gets hold of my private key, he can indeed identify himself as me.
Another related point: with some math and some tools I can create my own private/public keypair, and announce that it is the pp keypair of my neighbour. So, in order to verify that the pp keypair is really mine, a third party must guarantee that the keypair belongs to me. (Just like the government guarantees that I'm me by issuing passports.) However, a while ago there was an article on/. by Bruce Schneier, where he argues that we're not yet ready to have such third parties.
That's what I heard too. I understood that these pipes are also filled with gas, resulting in overpressure within the pipe. So, whenever someone opens up one of the pipes, gas escapes, the pressure gets lower and the line is automatically disabled.
Slashdot Mirror
And your expectations are correct.
I've used cannabis for recreational purposes, and while being high does give you interesting ideas, actually converting them to a piece of logic (i.e. a program) seems to be impossible. Nothing I've ever programmed while under the influence of marihuana has outlived a review while being sober.
And that's not the worst part.
While I was smart enough to only do this in my own time, I used to have a colleague with a somewhat... broader... view on the subject. Maintaining his code always felt like reading through a piece of Stream-of-consciousness literature.
It has enforced my own beliefs that recreational drug use does NOT deliver better code; quite the opposite.
As soon as Opera starts collecting my personal information, they loose a lot of their advantages over the other browsers. That causes me to believe they will not do this.
YDD
Personally, I find the latter explanation much more acceptable, especially if her point about the Pharao's prefernce for stars is true.
As for the argument that it would be too much of a coincidence: coincindences happen. Why not there?
YDD
Ah, but that wouldn't work, would it? Here on Slashdot our voices can be heard. And moderated up.
I disagree. A service pack or patch bundle contains by definition a lot of patches. However, most probably program P needs only one or two of those patches. Even worse, there is a good chance that most of the patches are irrelevant to me. Example: I do not run sendmail, so what do I need sendmail patches for.
And that's where the package-depencies come in. If It is stated in the RPM (or Deb I guess) that it is dependend on version X, patch Y, by default the rpm will not be installed unless that version (or at least that version) is present. And this is clearly stated. So only that respective patch needs to be downloaded.
Needless to say, for those with low bandwidth connections pathchbundles or SPs are a mixed blessing.
That's exactly the wrong point of view. You're not designing for Opera, you're designing to the spec. And you can use Opera to check whether or not you've interpreted the specs correctly.
Designing for a browser is the biggest waste of time you can have. Recently, I was updating my website and decided to use CSS. It worked great, except that Netscape 4.72 does not handle textblocks correctly. For instance, the line-height (or whatever it's called, don't feel like looking it up right now) tag is only interpreted correctly if the moon aligns with Mars and the neighbour's cat is pregnant; in other words, its behaviour is quite unpredictable.
Instead of deciding to forego CSS I decided to leave it like that. After all, I followed the Spec and the text was readable anyhow.
And yes, lo and behold, I downloaded Netscape 4.75 and the pages render exactly as I wanted them now.
The moral of this story: do not design for browsers; they are a running target.
YDD
The problem is, as usual, political. Let me try to explain how I see it.
Back in 1945, when WWII was over, people said to each other: 'We do not want this to happen ever again' -- like they said after WWI :-( -- The Germans and their collaborators were punished and the Good Guys tried to get on with their lifes. And all was good because the Good Guys won. And they tried to banish all traces of nazism.
Then a second generation stood up and asked their parents: 'but what did YOU do in the war?', to which a lot of parents replied: 'I had very strong thoughts against the situation' or 'I once directed an officer the wrong way' or 'I has this Jewish neighbour, I helped him and en passant nicked all his valuables, I didn't like Jews anyway'. And this second generation scorned their parents for it, felt guilty about their parents and wrote way too many books about it.
And now this second generation is in control, and people ask them: 'what did the previous governements do?' to which they have to reply 'we helped the oppressors every way we could -- that really taught them a lesson'. And they get a lot of bad press about it.
And then some gov-related guy(m/f) in France sees that you can buy nazi-thingies in France. And he sees the questions arising: 'What is the french government doing against the rise of neo-nazis'. And now they can answer: 'we did everything we could'.
Of course, this is only a reason for their actions, not a justification of it. But please note that it's not just France -- a lot of (north-west) european countries could have done this.
(No, I'm not French)
Secondly, when you create an environment in which 'foreign' data can enter, you should always be aware of the possibility of dangerous, malicious code.
Why am I pointing this out? It's late, so I'm not very coherent :-( but let's have a look at Java. Java is an interpreted language (at least the bytecode is) which is run through a security manager -- all calls that might be dangerous go trough that security manager, enabling us to run java applets/applications inside a sandbox where they can do NO HARM.
Where am I heading? The keyword here is 'sandbox'. I do not understand why neither Office nor the WHS have something like a sandbox. AFAIK, VBA and VBS are interpreted languages. Isn't it possible to prevent programs written in those language from doing something dangerous without the user's knowledge? As in: "ILOVEYOU tries to format your hard disk. Do you really want this to happen? Yes/No". This would seriously make it harder for a virus to be written. (NOTE: I said harder, not impossible).
As an aside, if Gnome is going to support something that looks like VBA, I certainly hope it is sandboxed. Otherwise I'll never again be able to laugh at my friends: "you received what virus? sorry, but it doesn't run under linux".
YDD
The ACM already created a Code of Professional Conduct in 1966 (no link, sorry), which has been revised a couple of times. The current version can be found on http://www.acm.org/constitution/code.html
YDD
YDD
YDD
0:00.00 - Cockroach appears
0:00.02 - Eyes register creepy movement
0:01.00 - Brain registers creepy movement, inference engine is started
1:30.00 - Conclusion is reached: "A Cockroach!!"
1:30.05 - Automatical defense system is started: "Let's kill it!"
1:30.37 - Brains register object in right hand
1:30.40 - Arm slings remote control to screen
1:30.85 - TV explodes
1:30.90 - Eyes register exploding thingy
1:31.40 - Brains register explosion, inference engine is started
3:00.00 - Conclusion reached: "I just killed my TV! They made me do it!"
3:00.02 - Search for solution starts - depth first
3:00.05 - Conclustion reached: "Let's sue them!"
As you can see, they need less than two minutes to break their TV. Thanks to the high-availability of solution-data, they only need 0.03 seconds to decide to sue. Experimental data is still gathered to determine how long it takes them before they find out whom to sue.
I think we need more research and then come up with a new set of guidelines, or maybe a law, like the MAOCTVA (The "Maximum amount of creepy thingy visibility act"), to prevent thses kind of things from happening in the future. After all, it's the governments duty to protect US citizens as much as possible.
YDD
I've found the perfect solution to this problem. On a highly SECURED partition of my harddisk resides a copy of the Good Time virus. Everytime someone sends me a `beware of the XXXX virus' message, I send them the GT. BUT, and this is the cunning part, I change the HEADER!!!
Unsuspecting, the hoaxspammer opens the email, convinced that it will make him earn a million dollar(!!), and his entire harddisk is ERASED!!!
After that, they usually keep from sending me such email. (I've got this advice from the vice president of AOL.)
YDD
-- multiple exclamation marks are a sure sign of a diseased mind --
It would be nice if there was some kind of `standard' letter that could be copy/paste/emailed to the patent office. A lot of people stating the same always attracts attention and it will show that there is some consensus in this community.
Do not forget that you are not the only one who can let your voice being heard. The Big Companies(TM) have this opportunity too, and while some of them might be Very Evil(TM), they are often very good at stating clearly (and politely!) what they want.
So please don't shout at them, don't threaten them, but be constructive.
Here at the Free University of Amsterdam, we have the one and only Tanenbaum running around. This means that we use his books Computer Organization, Computer Networks and Operating Systems. IMHO, they are excellent books for learning a lot of basics. :-)
<P>
I haven't done the Computer Networks assignment, but I understood it's about implementing FTP, together with some underlying structure. (like TCP/IP ??)
<P>
The Computer Organization course is accompanied by a mandatory assembly assignment, where we had to implement a memory pager on an 8086 emulator.
<P>
The CN and OS courses are also both accompanied by an assignment, of which one is optional. For the OS assignment, we had to modify the kernel to implement:
<OL>
<LI>A message log device - learn a lot about minix message passing and memory device drivers
<LI>Access Control Lists - how does the filesystem and access control work?
<LI>Memory defragmentation - how does memory management work?
</OL>
As you can see, the assignment covers a lot of the OS and it's not a bad course. You have to dig through lots of reasonably commented code, with a good book at your side.
<P>
Some comments below argue against kernel hacking on the grounds of slow debug cycles; minix doesn't do much, but it boots really fast, making this not much of an issue.
<P>
I really learned a lot of this assignment: how fast deadlines approach, how terrible it is to read someone else's code (esp. C), and that I never want do any kernel hacking anymore
It is much more likely that a corrupt employee with access rights on the other end will read and or sell the number
:-) and a document signed with your private key.
If you use public/private key encryption, the person on the other side will only see your public key (which is already public, hence the name
Thus, in order for the malicious employee (MA) to sell your private key, the MA first has to find it, which is not easy.
As an aside, the MA does know the contents of the signed document, enabling him to find your private key using a known-plaintext attack. AFAIK this makes the search somewhat easier, but it still requires a lot of effort.
I'm sorry, but I just have to post the link again. A while ago there was an article on /. regarding such third parties; in this article Bruce Schneier argues that we currently can't trust any such third party.
Example: I don't remember if he mentions it, but a while ago some german hackers were able to get a false ID from Verisign.
I wonder if the government has read this article. IMHO if they want digital signatures to be legally acceptable, they should also be the third party (as with passports).
As for your signature-comparing: what I've got hold of another person's private key?
Of course, when dicussing e-commerce stealing a key won't help you much. I order fourty books from an online shop and pretend to be someone else. This 'someone else' refuses to pay, saying he never ordered the books. They look at the shipping address and hey, the books were sent to me! It might ring a bell...
The same goes for your mortgage example: "well, if it wasn't you, then who signed for the mortgage on someone else's house???!?!"
"I don't know someone else, I've never seen the house, it's fourhunderd miles from here. Why would I pay someone else's mortgage?"
"Hmm, you've got a point."
There are (of course) security risks, but not as you describe it.
/. by Bruce Schneier, where he argues that we're not yet ready to have such third parties.
Let's see what happens if X publishes my public key, without having my private key. If X encrypts a document with his own private key and someone else tries to decode it with my public key, the result will be garbage, thus proving that X is not related to me.
However, there still are some problems. If X gets hold of my private key, he can indeed identify himself as me.
Another related point: with some math and some tools I can create my own private/public keypair, and announce that it is the pp keypair of my neighbour. So, in order to verify that the pp keypair is really mine, a third party must guarantee that the keypair belongs to me. (Just like the government guarantees that I'm me by issuing passports.) However, a while ago there was an article on
That's what I heard too. I understood that these pipes are also filled with gas, resulting in overpressure within the pipe. So, whenever someone opens up one of the pipes, gas escapes, the pressure gets lower and the line is automatically disabled.
Or so they told me.
You mean like www.mersenne.org?
AFAIK, that program also uses 'lost' cycles, and they've already got some results. (As opposed to SETI ;-)