Try telling that to the appellate judge in Oracle v. Google
Not just the appellate court, also the supreme court.
Which isn't necessarily a bad thing: Google still is going to try to argue a fair-use defense, which means you can use it, even if it's copyrighted.
I don't need to look at the code, I just have to look at the different process ID running all these tools to immediately understand that they are not one monolithic thing.
No, you're wrong. An architecture can be tightly entwined and still be divided into different processes. In some cases it can be running on different machines and still be monolithic.
Basically you're clueless about software architecture, but you seem to like systemd. Maybe you like the systemd features or something. There's nothing wrong with that.
No. Because someone (or some group) would have the power to decide what gets censored and what doesn't. And that power would be abused horribly eventualy, there's no way to avoid it.
This wouldn't entirely preclude layering violations, but it would certainly make them more difficult. That would improve security, but whether it improved the techniques?
Here I was referring to the fact that dependency injection and callbacks and closures often make code hard to read. Java code with threads and closures with mutable variables can be inscrutable sometimes....increasing the amount of time it takes to add features (or find bugs) by an order of magnitude or two. (Of course you can use dependency injection and callbacks and still have readable code, but a lot of times that doesn't happen).
3) you wrote, "Most modern (predominantly research) security architectures" who is doing this research, and where can I find it?
Wow. Pretty much everyone in OS software who cares?
IBM and Microsoft are players, OpenBSD is, for some types of things. Apple is; Linux people (though I think it was a DARPA project run by IBM?) were the first to implement ASLR; I think Apple was the first to ASLR absolutely everything? And to do page level executable signature verification in the paging path? Though I think they mostly did it for DRM reasons, rather than to be helpful to users. I think compiler stack probes came from the LLVM folks?
I know about ASLR and page level executable signature verification lol (and I hate page level encryption in iOS but that's another story. Incidentally, on iOS you can still easily trojan an executable by adding a shared library with a c++ static initializer to the mach "load command" section. It will get run on startup. You will need to resign, but that's usually not a problem).
Here I was asking about who is aligning page boundaries with the end of their arrays? Or is that already in GCC now? Also, who is using container in a mailbox? Because I don't think Outlook has changed this still.....
The problem I really have with his work is that it's largely academically oriented, rather than practical.
Fair enough. I haven't really looked at DJBDNS much so I can't really disagree with you.
I'm not going to write an entire paper here on Slashdot.
You already kind of did lol. This is good stuff though. I have some follow-up questions if you don't mind:
1) How are you aware of (and able to control) lower-level things like the page size, or which functions go into which groups of pages?
2) Why is it called "container-in-a-mailbox?"
3) you wrote, "Most modern (predominantly research) security architectures" who is doing this research, and where can I find it?
As part of this, you define an interface contract: you are permitted to call down to the interfaces below yourself, and you are permitted to call across, within the same layer to auxiliary functions, but under no circumstances are you permitted to call upward.
That would ruin (or improve) a lot of modern OO techniques.
The reason I like DJB's work is because he seems to carefully think about what problems may arise every time he writes a line of code. He may not always succeed, but if you don't have that way of thinking, you will automatically fail at "identifying architectural layers for your libraries in order to abstract complexity of each layer from the layer below it," and will have bugs no matter what rules you follow.
No no, I read the poll, it's irrelevant. For any political tactic, it is likely that one party will use it more than the other. Whether Republicans complain more about it recently than Democrats or not......in 50 years, it could be flipped the other way. (Incidentally, I find it fascinating that the only media source trusted across the board was the WSJ. Not sure what to think about that.)
The biggest thing that annoys me about you is that you seem only able to see faults in the 'other' party, not in your own. That is a sign of immaturity. Wise people look hardest for faults in their own position.
btw, I'm pretty sure you have an interesting point here when you said this:
Functional decomposition is a really poor way of abstracting complexity, when it's being used in isolation, and does not include mandatory boundary layer order and direction of operations over said boundary.
but I'm not entirely sure what you meant. Could you clarify? What other option is there besides functional decomposition?
Meh, qmail could probably do better in its handling of.forward, but if you upgrade your bash then it's not a problem anymore. the worst you can say is that qmail relies too much on things in the unix environment when it shouldn't. Which is a problem, but only because other things are not secure.
We are no more going to replace coal with nuclear than we are going to replace it with solar.
Maybe not, but at least it's a position that is reasonable from a scientific perspective. Replacing coal with nuclear is a solution we can use right now, at relatively little cost. Solar and wind, on the other hand, are not viable solutions with current technology.
Of course, then we still have the problem of getting rid of gas cars. That's a tougher problem, but becomes more viable every day.
The chapter details many overlooked topics such as: acoustics, lighting, ergonomics, and more.
These topics are not overlooked when it comes to office space. They've been discussed forover a decadehere onSlashdot, and plenty of other places as well. I wish this review had been more informative.
The point of his system is to show that it really is possible to write secure software.
Do you really just run one qmail system and that's it? No client end, no other servers, no other services, no passwords, nothing?
The other systems should be made securely. DJB showed it's possible to write highly secure software. But fwiw it's not uncommon to only run one service on a server, especially now with VMs making it so cheap to do so. And passwords are archaic, we don't even use them with git anymore.
I'm quite tired of the hi-tech this-security-is-hackable discussion. Of course it's hackable. Everything is.
If you think so and can prove it, then you can earn $1000 and eternal fame by hacking DJB's qmail. Over 15 years and still hasn't been hacked.
That this product doesn't require ethan hunt just makes it worthless for bank vaults.
Even then, there are different levels of "hackable." Some things (like uefi) take six months of work to hack, but that's not what we're talking about here. Some of these IoT devices literally are running their own wifi server, with an open telnet port. When I say open, I mean it doesn't even have a password. This is how much these companies care about security.
We're talking about the kind of security that your neighbor kid could hack after taking a high-school networking class.
There are some cheap mini-itx/CPU boards that should be considered. They have a nice form factor, and running Linux shouldn't be a problem (at least, I haven't had problems, ymmv).
If you're an asshole, people know it and will remember it. So you make SURE you don't act like an asshole. Cities? You'll likely never see that person again, so who gives a shit?
I have had similar thoughts. If you live in the city and lose all your friends, no big deal, just go find other ones pretty quick. No reason to value them.
with a new language with a unified syntax (where as ObjC is like two unrelated languaged bolted together)
I feel the opposite, it Swift seems like a language with some cruft from ObjC bolted on.
Try telling that to the appellate judge in Oracle v. Google
Not just the appellate court, also the supreme court.
Which isn't necessarily a bad thing: Google still is going to try to argue a fair-use defense, which means you can use it, even if it's copyrighted.
I don't need to look at the code, I just have to look at the different process ID running all these tools to immediately understand that they are not one monolithic thing.
No, you're wrong. An architecture can be tightly entwined and still be divided into different processes. In some cases it can be running on different machines and still be monolithic.
Basically you're clueless about software architecture, but you seem to like systemd. Maybe you like the systemd features or something. There's nothing wrong with that.
He doesn't have to sell the stock, he can borrow against it, thus maintaining a controlling share while still spending tons of money.
We really need media control.
No. Because someone (or some group) would have the power to decide what gets censored and what doesn't. And that power would be abused horribly eventualy, there's no way to avoid it.
I don't think so, the OP is too confusing: I'm having trouble figuring out what I should be outraged about here. Someone help, please?
never mind Wayland exists because the damned kids maintaining Xorg got tired of the cruft.
Xorg maintainers were not known for quality software engineering, in fact, it was the opposite.
I haven't looked into Wayland enough to know if it is good or bad, but there is no reason to believe these guys just because they maintained Xorg.
This wouldn't entirely preclude layering violations, but it would certainly make them more difficult. That would improve security, but whether it improved the techniques?
Here I was referring to the fact that dependency injection and callbacks and closures often make code hard to read. Java code with threads and closures with mutable variables can be inscrutable sometimes....increasing the amount of time it takes to add features (or find bugs) by an order of magnitude or two. (Of course you can use dependency injection and callbacks and still have readable code, but a lot of times that doesn't happen).
3) you wrote, "Most modern (predominantly research) security architectures" who is doing this research, and where can I find it?
Wow. Pretty much everyone in OS software who cares?
IBM and Microsoft are players, OpenBSD is, for some types of things. Apple is; Linux people (though I think it was a DARPA project run by IBM?) were the first to implement ASLR; I think Apple was the first to ASLR absolutely everything? And to do page level executable signature verification in the paging path? Though I think they mostly did it for DRM reasons, rather than to be helpful to users. I think compiler stack probes came from the LLVM folks?
I know about ASLR and page level executable signature verification lol (and I hate page level encryption in iOS but that's another story. Incidentally, on iOS you can still easily trojan an executable by adding a shared library with a c++ static initializer to the mach "load command" section. It will get run on startup. You will need to resign, but that's usually not a problem).
Here I was asking about who is aligning page boundaries with the end of their arrays? Or is that already in GCC now? Also, who is using container in a mailbox? Because I don't think Outlook has changed this still.....
The problem I really have with his work is that it's largely academically oriented, rather than practical.
Fair enough. I haven't really looked at DJBDNS much so I can't really disagree with you.
I'm not going to write an entire paper here on Slashdot.
You already kind of did lol. This is good stuff though. I have some follow-up questions if you don't mind:
1) How are you aware of (and able to control) lower-level things like the page size, or which functions go into which groups of pages?
2) Why is it called "container-in-a-mailbox?"
3) you wrote, "Most modern (predominantly research) security architectures" who is doing this research, and where can I find it?
As part of this, you define an interface contract: you are permitted to call down to the interfaces below yourself, and you are permitted to call across, within the same layer to auxiliary functions, but under no circumstances are you permitted to call upward.
That would ruin (or improve) a lot of modern OO techniques.
The reason I like DJB's work is because he seems to carefully think about what problems may arise every time he writes a line of code. He may not always succeed, but if you don't have that way of thinking, you will automatically fail at "identifying architectural layers for your libraries in order to abstract complexity of each layer from the layer below it," and will have bugs no matter what rules you follow.
No no, I read the poll, it's irrelevant. For any political tactic, it is likely that one party will use it more than the other. Whether Republicans complain more about it recently than Democrats or not......in 50 years, it could be flipped the other way. (Incidentally, I find it fascinating that the only media source trusted across the board was the WSJ. Not sure what to think about that.)
The biggest thing that annoys me about you is that you seem only able to see faults in the 'other' party, not in your own. That is a sign of immaturity. Wise people look hardest for faults in their own position.
That's a cool one, but it's in djbdns, not in qmail, which is what I was asking about.
(Also, the world would be a better place if Microsoft and other large companies apologized every time they released software with a security flaw)
Functional decomposition is a really poor way of abstracting complexity, when it's being used in isolation, and does not include mandatory boundary layer order and direction of operations over said boundary.
but I'm not entirely sure what you meant. Could you clarify? What other option is there besides functional decomposition?
Meh, qmail could probably do better in its handling of .forward, but if you upgrade your bash then it's not a problem anymore. the worst you can say is that qmail relies too much on things in the unix environment when it shouldn't. Which is a problem, but only because other things are not secure.
We are no more going to replace coal with nuclear than we are going to replace it with solar.
Maybe not, but at least it's a position that is reasonable from a scientific perspective. Replacing coal with nuclear is a solution we can use right now, at relatively little cost. Solar and wind, on the other hand, are not viable solutions with current technology.
Of course, then we still have the problem of getting rid of gas cars. That's a tougher problem, but becomes more viable every day.
In this case, it's James Hansen. He is both scientific, and favors replacing all coal plants with nuclear.
is "Spot the Fed" still a thing?
I didn't see it there. Attendance has grown so dramatically that I think it would be easy for a fed to blend in now.
Actually, it has been hacked, and it's relatively easy to do.
[citation needed]
The chapter details many overlooked topics such as: acoustics, lighting, ergonomics, and more.
These topics are not overlooked when it comes to office space. They've been discussed for over a decade here on Slashdot, and plenty of other places as well. I wish this review had been more informative.
Do you really just run one qmail system and that's it? No client end, no other servers, no other services, no passwords, nothing?
The other systems should be made securely. DJB showed it's possible to write highly secure software. But fwiw it's not uncommon to only run one service on a server, especially now with VMs making it so cheap to do so. And passwords are archaic, we don't even use them with git anymore.
I'm quite tired of the hi-tech this-security-is-hackable discussion. Of course it's hackable. Everything is.
If you think so and can prove it, then you can earn $1000 and eternal fame by hacking DJB's qmail. Over 15 years and still hasn't been hacked.
That this product doesn't require ethan hunt just makes it worthless for bank vaults.
Even then, there are different levels of "hackable." Some things (like uefi) take six months of work to hack, but that's not what we're talking about here. Some of these IoT devices literally are running their own wifi server, with an open telnet port. When I say open, I mean it doesn't even have a password. This is how much these companies care about security.
We're talking about the kind of security that your neighbor kid could hack after taking a high-school networking class.
IoT is a party. It makes DEFCON so much more interesting. I love it.
You mean actually RTFA? BLASPHEMY!
Of course not! Just look at the pictures. :)
There are some cheap mini-itx/CPU boards that should be considered. They have a nice form factor, and running Linux shouldn't be a problem (at least, I haven't had problems, ymmv).
You can see a picture of a billboard here. It clearly shows that all people's identities are obscured in the billboard.
(Yes,, that link is to the op)
If you're an asshole, people know it and will remember it. So you make SURE you don't act like an asshole. Cities? You'll likely never see that person again, so who gives a shit?
I have had similar thoughts. If you live in the city and lose all your friends, no big deal, just go find other ones pretty quick. No reason to value them.