...but I think otherwise. Technology is largely (but not 100%) to blame for the security problems. Here are the reasons:
1) the usual programming language used for most desktop/system software (C or C++) has a lot of faults: unchecked array access, pointer arithmetic, arrays interchangeable with pointers, lack of non-nullable pointers, etc. This type of programming does not scale well in complexity and time.
2) the hardware, and more specifically, CPUs, do not provide a way to isolate software components within the same process, leading to an share-all-or-nothing approach. The share-nothing approach affects performance negatively, and so many software developers prefer the share-all approach, and thus a security breach in one component compromises all the other components.
3) the internet is not encrypted through out. DNS queries are raw text. Most web sites are HTTP. Without full encryption, there is no way to avoid man-in-the-middle attacks and phishing.
4) Operating systems do not provide a security model where sandboxing is the default. Normally, applications that send and receive data over a network should be run sandboxed by default.
5) Operating systems do not provide a well defined way of communication between software components with less privileges to software components with higher privileges, leaving this task to applications. Each application defines its own mechanism, which might or might not be secure.
6) The security models of operating systems do not extend beyond LANs. Over WANs, there is no security model.
7) no operating system uses capability-based security, which is one of the best ways to provide security.
8) SQL being text encourages copy and paste of the input to the SQL string, creating the Little Bobby Tables problem. Text should be internal to the API; SQL APIs should not provide the ability to write SQL text.
There are other issues as well; the above are just an example.
In the end, if a user is willing to let his machine be compromised, it will be compromised, no matter what. But I do not accept the fact that software and hardware is not to blame at all and that the software and hardware we have cannot be improved beyond what we've got now. H/W and S/W still have many design issues which are responsible for most security problems.
...Windows had a decent security model. The automatically run software shouldn't have write access to anything, in the first place, unless the user explicitly says so.
Unless Google the company encourages downloading of copyrighted material, which I highly doubt, Google should not be held accountable for its employees' actions, for the simple reason that Google cannot lock the entire internet for its employees: at any time or place, someone will be able to download copyrighted material from any site.
No, it's stupid because they want to continue to make money on what they did ages ago.
So? what's wrong with that? if there is demand for their works, they should continue to make money.
so they're still benefiting from the work I did, and so they should still be paying me royalties, right?
Did you copyright the setup? if not, then you can't have royalties.
Your children's children's children will continue to pay for the work I've done, because for someone else to do all the work of copying and distributing it they must pay me simply because "it" exists, even though I am not putting in any effort to the distribution of the product anymore. Right?
Yes. Right. Indeed. And it's the right thing to do.
You are not qualified to have this discussion; and to fully carry it out would exceed the capabilities of this forum.
hahahaha. Go play with your console, kid.
The rest of your post is some nonsensical bullshit about what you believe or not, which is not backed up by any argument about why you believe that, so it's impossible for me to counter argue. Come back when you have real arguments.
Why is it stupid? according to you, it's stupid because you can't get it for free, right? well, it is not stupid at all. You don't have any rights to other people's works.
Disney's core business should be Disney Land
You don't have the right to dictate a business strategy to a business. The most you can do is not buy their products.
Tetris is quite old, and old things become part of our culture.
So? who says you don't have to pay for things in our culture?
We're allowed to perform Shakespeare and The Crucible and other old plays freely; we're not allowed to perform Beauty and the Beast (yes, this is a play, Disney owns it) without paying a lot of money. Pink Floyd's songs should be folk songs by now, covered by lots of cover bands
There is still demand for Beauty and the Beast, or Pink Floyd songs, isn't it? and these works are relatively young, compared to Shakespeare's works. So, I don't see any reason why they should be free. Pink Floyd are alive and kicking anyway.
Once something has become as common place as Tetris is, you have to step back and realize that it has become the possession of man-kind
You can't be serious, can you? under your reasoning, Microsoft Windows is now a possession of mankind, because it is commonplace. Namco's Pacman is a possession of mankind, despite the fact that Namco still puts out Pacman games, because it is commonplace. Mario Bros is a possession of mankind, because it is commonplace...Star Trek is not Paramount's, it's mankind's, because it's common place...
I am sorry, but your argument is totally illogical. It's the most pathetic excuse I have heard about copyright infringement.
It's very funny: Apple caught everyone by surprise when they released the iPhone, even if it was well known what the iPhone would be prior to its release.
Then Apple caught everyone by surprise again, despite the fact that it was well known what the iPad would be, and despite the fact that computing pads were regularly shown in sci-fi televised series (and the public knew what it was about).
Now that everyone else sees Apple eating their cake, they rush their products to the market...
These libraries are wrong on so many levels. It seems the E developers have not learned anything from the last 10 years of software development.
The programming language used is old and good for serious applications. Let's face the truth: C is good for kernels and device drivers, but it stinks as a general-purpose programming language. Macros, the void* type, manual memory management, C strings, init functions, OOP in C, etc are all things that hinter serious application development.
Not only that, but it's a very strong confirmation that the "real" reality and logic play very little role in actual decisions. Emotions play the most significant role.
Humanity will never progress until it goes beyond its primitive emotions.
Shouldn't we all strive for a better and fairer society? if we all stop caring about the improvement of society, and we only care about ourselves, then we will no longer have a society, but only a jungle, where the strongest survives, and all the others are doomed.
Shouldn't searches be illegal without a warrant? I thought that we are innocent until proven guilty. Is there a specific law that allows searches without a warrant?
Package management systems are kick ass, when you have lots of software inter dependencies, but why do you mention them in the same sentence as App Stores? an App Store will not download dependencies for you. App stores and package management systems are two different things.
There are some very easy improvements that have missed:
1) giving lambda types names. Without specific names for lambda types, functions cannot be statically overloaded for lambdas. They could have named the type '__anonymous_function' or '__lambda_function', where T is the function's signature.
2) giving a type to the literal {1, 2, 3...}. Standard literals have a type (for example, 3.14 is a double, 3.14f is a float, 5 is an integer, 5L is a long etc). This literal does not have a type, and uniform construction over the initialization list has to be a special case for the compiler.
3) giving a type to the literal {1, 3.14, "a"}. Since the new language would have tuples, the type of this literal could be the relevant tuple.
4) allowing functions to be invoked by passing them a tuple, instead of an arguments list. For example, a function foo(int a, double d) could have been called by foo({1, 3.14}) or foo(t) where t is std::tuple.
5) removing the restriction of having to have a template prototype in order to specialize it. Why not make classes like functions and allow classes to be parametrized with 0, 1 or more template arguments? for example, one could have a class Point, which is the original implementation (say, over integers) and then a new class Point, which contains a double implementation. The compiler would then choose the appropriate class, based on selection of type.
6) a way to enumerate the members of a struct, function stack record and translation unit variables at compile time. This would open the door for some easy to implement introspection library, as well as other possibilities (a tracing collector, for example).
7) a way to invoke functions with assignment syntax or without parentheses when they have no arguments. For example, a class could have the functions 'name()' and 'name(string s)', which could be used like 'name = foo.name' and 'foo.name = "bar"' respectively. This could open the door to having object properties via convention.
8) named arguments. A lot of code is of the form:
x = new X; x->setA(a); x->setB(b); x->setC(c);...
This could be avoided by having named arguments:
x = new X(A = a, B = b, C = c);
Plus it would make the code much more readable.
9) default parameters not only at the right side of a function header, but in any position. A function could be invoked by simply omitting the relevant argument. For example:
void foo(int x = 0, int y = 0, int a, int b); foo(,,1, 2);
It takes a lot of time to maintain header files. I assume that almost 40% of a project is spent on writing and maintaining header files.
It is a job that could be done perfectly by the computer, and it could be easily fixed with some simple changes:
1) When the preprocessor finds an #include directive (for example "foo.hpp"), it checks if the header exists.
2) If the header does not exist, then try to open the file 'foo.cpp' and extract the header automatically. Put the header in the same folder as the implementation file.
3) If the header exists, then compare its date and time with the date and time of the implementation file. If the header is older than the implementation file, extract a new header from the implementation file.
4) cache all headers of all projects into a compiler's directory... a sort of precompiled headers mechanism that is independent of projects and completely automatic.
These simple changes will boost c++, even much more than the changes in the language itself. I understand that these changes have little to do with the language(*), but, nevertheless, they are extremely significant.
(*)perhaps for this to work some new toplevel keywords may be required; for example, using 'public:' and 'private:' at translation unit level would help the compiler extract the header as needed.
KDE on Windows is almost useless. The user base is extremely small. No one will truly consider it in a business or home environment, especially since Windows 7 outshines it. On Windows, KDE sits on top of the current window manager, spending more resources of the system in useless things.
It could be so much better if this energy was spent on more useful tasks!
You are so right. I was going to write a very similar post to yours, but you have nailed it quite well.
Do you think that it will be worthwhile to open an online petition up for project Orion? perhaps if this petition is successful and many people sign it, NASA and the rest of the beaurocrats see the error in their thinking.
Slashdot Mirror
...but I think otherwise. Technology is largely (but not 100%) to blame for the security problems. Here are the reasons:
1) the usual programming language used for most desktop/system software (C or C++) has a lot of faults: unchecked array access, pointer arithmetic, arrays interchangeable with pointers, lack of non-nullable pointers, etc. This type of programming does not scale well in complexity and time.
2) the hardware, and more specifically, CPUs, do not provide a way to isolate software components within the same process, leading to an share-all-or-nothing approach. The share-nothing approach affects performance negatively, and so many software developers prefer the share-all approach, and thus a security breach in one component compromises all the other components.
3) the internet is not encrypted through out. DNS queries are raw text. Most web sites are HTTP. Without full encryption, there is no way to avoid man-in-the-middle attacks and phishing.
4) Operating systems do not provide a security model where sandboxing is the default. Normally, applications that send and receive data over a network should be run sandboxed by default.
5) Operating systems do not provide a well defined way of communication between software components with less privileges to software components with higher privileges, leaving this task to applications. Each application defines its own mechanism, which might or might not be secure.
6) The security models of operating systems do not extend beyond LANs. Over WANs, there is no security model.
7) no operating system uses capability-based security, which is one of the best ways to provide security.
8) SQL being text encourages copy and paste of the input to the SQL string, creating the Little Bobby Tables problem. Text should be internal to the API; SQL APIs should not provide the ability to write SQL text.
There are other issues as well; the above are just an example.
In the end, if a user is willing to let his machine be compromised, it will be compromised, no matter what. But I do not accept the fact that software and hardware is not to blame at all and that the software and hardware we have cannot be improved beyond what we've got now. H/W and S/W still have many design issues which are responsible for most security problems.
lack of usability = not 100% like Windows
poor interoperability = does not open .docx files
missing functionality = cannot run Windows applications
writing printer and scanner drivers = win printers don't run in Linux
the cost of adapting and extending it have proved greater than anticipated = there is no commission in open source software for the politicians
...Windows had a decent security model. The automatically run software shouldn't have write access to anything, in the first place, unless the user explicitly says so.
Unless Google the company encourages downloading of copyrighted material, which I highly doubt, Google should not be held accountable for its employees' actions, for the simple reason that Google cannot lock the entire internet for its employees: at any time or place, someone will be able to download copyrighted material from any site.
No, it's stupid because they want to continue to make money on what they did ages ago.
So? what's wrong with that? if there is demand for their works, they should continue to make money.
so they're still benefiting from the work I did, and so they should still be paying me royalties, right?
Did you copyright the setup? if not, then you can't have royalties.
Your children's children's children will continue to pay for the work I've done, because for someone else to do all the work of copying and distributing it they must pay me simply because "it" exists, even though I am not putting in any effort to the distribution of the product anymore. Right?
Yes. Right. Indeed. And it's the right thing to do.
You are not qualified to have this discussion; and to fully carry it out would exceed the capabilities of this forum.
hahahaha. Go play with your console, kid.
The rest of your post is some nonsensical bullshit about what you believe or not, which is not backed up by any argument about why you believe that, so it's impossible for me to counter argue. Come back when you have real arguments.
This is stupid
Why is it stupid? according to you, it's stupid because you can't get it for free, right? well, it is not stupid at all. You don't have any rights to other people's works.
Disney's core business should be Disney Land
You don't have the right to dictate a business strategy to a business. The most you can do is not buy their products.
Tetris is quite old, and old things become part of our culture.
So? who says you don't have to pay for things in our culture?
We're allowed to perform Shakespeare and The Crucible and other old plays freely; we're not allowed to perform Beauty and the Beast (yes, this is a play, Disney owns it) without paying a lot of money. Pink Floyd's songs should be folk songs by now, covered by lots of cover bands
There is still demand for Beauty and the Beast, or Pink Floyd songs, isn't it? and these works are relatively young, compared to Shakespeare's works. So, I don't see any reason why they should be free. Pink Floyd are alive and kicking anyway.
Once something has become as common place as Tetris is, you have to step back and realize that it has become the possession of man-kind
You can't be serious, can you? under your reasoning, Microsoft Windows is now a possession of mankind, because it is commonplace. Namco's Pacman is a possession of mankind, despite the fact that Namco still puts out Pacman games, because it is commonplace. Mario Bros is a possession of mankind, because it is commonplace...Star Trek is not Paramount's, it's mankind's, because it's common place...
I am sorry, but your argument is totally illogical. It's the most pathetic excuse I have heard about copyright infringement.
It's very funny: Apple caught everyone by surprise when they released the iPhone, even if it was well known what the iPhone would be prior to its release.
Then Apple caught everyone by surprise again, despite the fact that it was well known what the iPad would be, and despite the fact that computing pads were regularly shown in sci-fi televised series (and the public knew what it was about).
Now that everyone else sees Apple eating their cake, they rush their products to the market...
What about the space inside matter? there is huge empty space between particles. Doesn't that space expand?
These libraries are wrong on so many levels. It seems the E developers have not learned anything from the last 10 years of software development.
The programming language used is old and good for serious applications. Let's face the truth: C is good for kernels and device drivers, but it stinks as a general-purpose programming language. Macros, the void* type, manual memory management, C strings, init functions, OOP in C, etc are all things that hinter serious application development.
This is a direct result of HTML being instructions that their meaning is defined on paper, and not by executable code.
If HTML was executable code, it would be vastly easier to extend.
Bjarne Stroustrup, that is. After all, C++ has those ++ over C...
It's not about commercial uses, it's about showing off to your customers, which is an important business function.
While this design is better than V.2, it is worse than V.1. Can we please have an option for that?
Now that is human nature at it's worst
Not only that, but it's a very strong confirmation that the "real" reality and logic play very little role in actual decisions. Emotions play the most significant role.
Humanity will never progress until it goes beyond its primitive emotions.
Shouldn't we all strive for a better and fairer society? if we all stop caring about the improvement of society, and we only care about ourselves, then we will no longer have a society, but only a jungle, where the strongest survives, and all the others are doomed.
Shouldn't searches be illegal without a warrant? I thought that we are innocent until proven guilty. Is there a specific law that allows searches without a warrant?
I don't believe this man woke up this morning and decided that WL is the worst thing on the planet.
I am sure he was approached and got paid to do this.
Now there is a legal reason to prosecute Assange in the USA, as well as to request extradiction.
Package management systems are kick ass, when you have lots of software inter dependencies, but why do you mention them in the same sentence as App Stores? an App Store will not download dependencies for you. App stores and package management systems are two different things.
There are some very easy improvements that have missed:
1) giving lambda types names. Without specific names for lambda types, functions cannot be statically overloaded for lambdas. They could have named the type '__anonymous_function' or '__lambda_function', where T is the function's signature.
2) giving a type to the literal {1, 2, 3...}. Standard literals have a type (for example, 3.14 is a double, 3.14f is a float, 5 is an integer, 5L is a long etc). This literal does not have a type, and uniform construction over the initialization list has to be a special case for the compiler.
3) giving a type to the literal {1, 3.14, "a"}. Since the new language would have tuples, the type of this literal could be the relevant tuple.
4) allowing functions to be invoked by passing them a tuple, instead of an arguments list. For example, a function foo(int a, double d) could have been called by foo({1, 3.14}) or foo(t) where t is std::tuple.
5) removing the restriction of having to have a template prototype in order to specialize it. Why not make classes like functions and allow classes to be parametrized with 0, 1 or more template arguments? for example, one could have a class Point, which is the original implementation (say, over integers) and then a new class Point, which contains a double implementation. The compiler would then choose the appropriate class, based on selection of type.
6) a way to enumerate the members of a struct, function stack record and translation unit variables at compile time. This would open the door for some easy to implement introspection library, as well as other possibilities (a tracing collector, for example).
7) a way to invoke functions with assignment syntax or without parentheses when they have no arguments. For example, a class could have the functions 'name()' and 'name(string s)', which could be used like 'name = foo.name' and 'foo.name = "bar"' respectively. This could open the door to having object properties via convention.
8) named arguments. A lot of code is of the form:
x = new X; ...
x->setA(a);
x->setB(b);
x->setC(c);
This could be avoided by having named arguments:
x = new X(A = a, B = b, C = c);
Plus it would make the code much more readable.
9) default parameters not only at the right side of a function header, but in any position. A function could be invoked by simply omitting the relevant argument. For example:
void foo(int x = 0, int y = 0, int a, int b);
foo(,,1, 2);
It takes a lot of time to maintain header files. I assume that almost 40% of a project is spent on writing and maintaining header files.
It is a job that could be done perfectly by the computer, and it could be easily fixed with some simple changes:
1) When the preprocessor finds an #include directive (for example "foo.hpp"), it checks if the header exists.
2) If the header does not exist, then try to open the file 'foo.cpp' and extract the header automatically. Put the header in the same folder as the implementation file.
3) If the header exists, then compare its date and time with the date and time of the implementation file. If the header is older than the implementation file, extract a new header from the implementation file.
4) cache all headers of all projects into a compiler's directory... a sort of precompiled headers mechanism that is independent of projects and completely automatic.
These simple changes will boost c++, even much more than the changes in the language itself. I understand that these changes have little to do with the language(*), but, nevertheless, they are extremely significant.
(*)perhaps for this to work some new toplevel keywords may be required; for example, using 'public:' and 'private:' at translation unit level would help the compiler extract the header as needed.
KDE on Windows is almost useless. The user base is extremely small. No one will truly consider it in a business or home environment, especially since Windows 7 outshines it. On Windows, KDE sits on top of the current window manager, spending more resources of the system in useless things.
It could be so much better if this energy was spent on more useful tasks!
Is there a video on how this device is used? the manufacturer's site doesn't have any. We can't really say if it works without seeing it in action.
You are so right. I was going to write a very similar post to yours, but you have nailed it quite well.
Do you think that it will be worthwhile to open an online petition up for project Orion? perhaps if this petition is successful and many people sign it, NASA and the rest of the beaurocrats see the error in their thinking.
Most people don't want to be scientists. They want a good paying job so as that they can enjoy a comfortable and not-too-stressful life.
Personally, I think it's natural, and I also think it's good, because not everyone can be a scientist.