Macro and micro evolution are the same thing on different time scales, and if one works, the other has to.
Like the way that effects observed at quantum sizes have to manifest themselves at macroscopic sizes? And the way that objects behave at low speeds has to imply they behave the same at near-light speed? The trouble with your assertion is that there may be some greater, overriding principle or effect that only comes into play in larger timescales... inferring macroevolution based on observations of microevolution is certainly a plausible working hypothesis (and indeed I believe it myself) - but it's far from being the "has to" you claim...
The article that artor3 linked to and said "read this" about in the post you were replying to... didn't you RTFA? Oh, wait, this is slashdot I suppose:-)
I've never had someone convince me to sign my name to a lie. Did Countrywide use a gun, or did they just threaten to disappear his family unless he complied?
Presumably not, but the article claims there is evidence his broker may have forged his signature - which would make it different.
This is the only sentence that actually "addressed" the "issue" that Android developers face. And it is utterly unexplained. What does this have to do with Google messing with those header files?
That is a good question... as far as I understand it, the argument goes like this:
1. The Linux kernel header files in question are GPL
2. Those header files contain some macros and inline functions that (in the opinion of the lawyer) are non-trivial and therefore copyrightable
3. The Google header-cleaning process does not remove these inline functions and macros
4. Most/all Android native apps include these header files
5. Macros and inline functions get compiled in to an application - they're not like libraries or kernel interfaces where you can upgrade/replace the library/kernel and the application will work unmodified; they become a part of the application itself
6. Therefore most/all native Android apps are subject to the GPL
7. ???
8. Profit (for IP lawyers everywhere)
I'm not saying all of the above are actually true, or that the reasoning holds water (in particular, the functions/macros don't get included if the app doesn't use them!), but that is how the argument seems to run once you penetrate through all the waffle...
Actually, no speculation is needed. Over the years large monetary offers of cash have been tossed around for obtaining Pirate Bay. If Pirate Bay was not generating a profit, its extremely unlikely such offers would exist.
Yep - that's why Google waited for Youtube to turn a profit before buying them;-)
The other possibility, of course, is that someone thought they could make a profit from the organisation, even if it wasn't already...
No. You're neglecting the discrete log problem which underpins Differ Hellman. There are probably other esoteric algorithms that rest on other hard problems like the knapsack problem.
Discrete log is in NP. Knapsack is in NP. In general, if a solution to a problem can be checked in polynomial time (regardless of how difficult it is to actually find that solution in the first place, which might be much harder), then the problem is in NP. Since for practical purposes encryption/decryption needs to be fairly quick, it's likely that a lot of encryption algorithms will fall into this space...
You may not, and of course you're entitled to your opinion, and no doubt Sony have theirs too:-). One difficulty that Sony will have in arguing that these uses are insignificant, though, is that they previously included a feature with their consoles specifically for the purpose of running other OSs.
Also bear in mind that (as far as I'm aware), Geohot hasn't posted instructions on how to pirate games—far from it. What he has posted is one part of the jigsaw—and an important one—but is far from being a simple set of steps to copying games.
As for jury nullification, I don't think that's really relevant here...
True, but that would at least mean he didn't have to either spend a long time away from home, or keep travelling right across the country, to attend the trial.
It's their choice as to what they sell. It is also not censorship. They are a private company and are free to sell whatever legal products they wish, or not sell them as the case may be. The summary makes it sound like Amazon is the only place one can buy a book.
I'm not going to argue about whether it's censorship or not—but the main reason behind people's outrage here is not the fact that Amazon choose to carry or not to carry particular titles, but rather the fact that they sold some titles (and, arguably, the Kindles themselves based on the availability of these titles), then later removed them both from sale and from the Kindles of people who had already purchased them. That may or may not be censorship, but it's certainly creepy!
Then we should consider postfix as superior. Because for security, we don't want any input ever to be touched by privileged code. Postfix spawns a mail delivery that runs with the privileges of the recipient.
I'm sorry, but that doesn't follow.
Both Exim and Postfix Exim spawns a delivery processes that run with the privileges of the recipient. And the delivery process then dies in both cases.
The issue is that, in order to spawn a process as another user (i.e. the recipient), you must be running with root privileges first or else you can't switch users.
Therefore both Postfix and Exim have a stage where they effectively have root privileges, and that stage is the stage that got hacked in this instance.
It's not possible to remove that root stage, and that stage must have at least some contact with user data, because otherwise it can't know which user to switch to—though to a great extent you can mitigate the risk by spawning an unprivileged process to dig through the mail data to find the recipient, then report that data back to the parent. As far as I understand the issue here (though I haven't looked at it in detail) was that one of the stages leaked data to another stage, which happened to be vulnerable to a buffer overflow.
Possibly the design of Postfix may make that sort of leak more or less likely, but there's no reason in principle why it couldn't happen their either:-(
As it happens, you're right, noexec won't help here
The reason this works is that exim runs initially as root. Though it drops its privileges early on, it retains (at least in some circumstances) the ability to switch back to root—this allows it, for example, to switch to another user when delivering their mail.
When the attacker uses their exploit, it ends up spawning a process that has this same capability of switching back to root, and the C program basically just does exactly this, then runs a (now root) shell. (I'm assuming the program also needed to be compiled, but if the attacker can write arbitrary files and run shell commands as non-root, that won't pose too much trouble.)
The reason the noexec mount option doesn't help is that, as you've pointed out, script interpreters (such as "sh") don't respect executable permissions when invoked directly. This doesn't matter so much with "sh" specifically, as it doesn't give you any way to switch user ids, but the following perl script is a good enough translation of the above C program:
$> = 0; $) = 0; exec "/bin/sh";
The noexec mount option does help prevent some types of attack, by preventing execution of files the attacker manages to control, but in this case it's not enough because the attacker already has enough access to escalate privilege it in other ways...
I'm surprised that your institution's corporation counsel would let such a document get out. It's only possible use is to give students grounds to sue. What could possibly be the upside for the school in creating such a document?
The upside (apart from the fact that setting expectations on both sides of an arrangement almost always increases the chances of the arrangement working well) is that the document would also protect the institution in the event that it was sued. Without such a document, the litigious parents can still sue, and the result will instead be based on what the court determines to be the "implied contract". Which basically means that the lawyers get to spend a lot of time arguing, while both sides pay a lot of money for the privilege...
I didn't say it was part of the same transaction. You did.
Actually you said:
So the net tax rate on the plumber for that transaction is 57.75%.
...implying that there was a single tax rate of 57.75% on one transaction.
Poor choice of wording aside, the argument still falls down on a number of grounds:
Basic economics fail. If you pay a plumber $100, then you get back $100 worth of service in your estimation. Otherwise you either would have found a cheaper plumber or just not had the work done. That's what a market economy is all about. (Yes, the cost to the plumber may be less than $100in his estimation—that's why he agreed to do the work in the first place (and is true whatever the system of taxation). But the idea that there's a fixed amount of work worth $100 is a myth.)
Ignoring that for the moment, and assuming that there is such a thing as "an amount of work equivalent to $100", the existence of a sales tax affects how much work that corresponds to: presumably the electrician is working to feed, clothe and house himself and possibly his family. In your sales-tax scenario, the plumber might end up with $100 and the electrician with $65, but that $100 and that $65 buys proportionately less food-clothes-housing—so nobody's actually better off!
Does your sales tax apply to businesses producing goods? If so, it would put up the price of goods enormously, because when a "contraption" is made out of "widgets" made out of "doobries" made out of raw materials, each stage of production would be taxed at the full rate. And if not, then this just gives the rich a great opportunity to avoid tax, by setting themselves up as a business (of course, there are plenty of similar scams in existence today...)
You mention that there is a massive loophole if the system is state-wide and not federal. But even with a federal system, this assumes that nobody travels (or has any economic contact with) the world outside the US. In practice he rich can simply do their shopping in Canada (or whichever country is closest/cheapest—or indeed pay someone to do this for them; this will only work out cheaper for those with a lot to spend i.e. the rich again:-)
The biggest reason a sales tax system is more regressive than income tax is that there's less opportunity for having multiple tax rate bands. Yes, your initial handout is equivalent to a zero-rate tax band of $1000—but where I come from there are multiple income bands, and the more you earn the more you get taxed on it (up to a certain limit). You have to be earning quite a comfortable amount for the effective rate to approach or exceed 35%. Yes, you could mimic this in a sales-tax system by giving a handout that varies with one's income—and assuming you could close the international loophole it would be a workable system. But in the end it would work just the same as income tax, but me much more complicated to run and more prone to fraud:-)
Income tax is precisely how it works, son. Welcome to the real world.
If you genuinely think that's how it works, I suggest you ask an accountant what "tax-deductible" means... briefly, you're paying a plumber $100, and as part of the same transaction he has to pay an electrician $65, then he does not get taxed on that $65.
If I were a content provider whose HTML was being modified in-flight, I'd invoke a law that already exists for that sort of thing - it's called copyright. My customer requested information from me; I provided it, and as such it is automatically copyrighted. Any modification in transit without authorization is illegal already, IMHO.
The article is about a content distribution network. That means that the content provider is paying them to make sure that their content reaches the customers quickly.
If the content provider doesn't like the content being modified, they should just ask their CDN provider to stop doing it - and if they won't, then just use another one! No need for legal action here:-)
A browser should always be conservative on RAM usage, even if it seems to have plenty available.
Always? Are you sure about that? I'm pretty sure I could write a web browser that used a tiny fraction of what any of the browsers use today. Performance would suck though:-).
The point I'm trying to make is that it's very much a tradeoff - using less memory often means running slower in certain circumstances. Making the "right" tradeoff is very difficult, especially with the situation of a web browser, where hardware resources, workload (ie complexity/number of sites) and expectations vary enormously:-)
Slashdot Mirror
Macro and micro evolution are the same thing on different time scales, and if one works, the other has to.
Like the way that effects observed at quantum sizes have to manifest themselves at macroscopic sizes? And the way that objects behave at low speeds has to imply they behave the same at near-light speed? The trouble with your assertion is that there may be some greater, overriding principle or effect that only comes into play in larger timescales... inferring macroevolution based on observations of microevolution is certainly a plausible working hypothesis (and indeed I believe it myself) - but it's far from being the "has to" you claim...
The article that artor3 linked to and said "read this" about in the post you were replying to... didn't you RTFA? Oh, wait, this is slashdot I suppose :-)
I've never had someone convince me to sign my name to a lie. Did Countrywide use a gun, or did they just threaten to disappear his family unless he complied?
Presumably not, but the article claims there is evidence his broker may have forged his signature - which would make it different.
tl;dw?
This is the only sentence that actually "addressed" the "issue" that Android developers face. And it is utterly unexplained. What does this have to do with Google messing with those header files?
That is a good question... as far as I understand it, the argument goes like this:
1. The Linux kernel header files in question are GPL
2. Those header files contain some macros and inline functions that (in the opinion of the lawyer) are non-trivial and therefore copyrightable
3. The Google header-cleaning process does not remove these inline functions and macros
4. Most/all Android native apps include these header files
5. Macros and inline functions get compiled in to an application - they're not like libraries or kernel interfaces where you can upgrade/replace the library/kernel and the application will work unmodified; they become a part of the application itself
6. Therefore most/all native Android apps are subject to the GPL
7. ???
8. Profit (for IP lawyers everywhere)
I'm not saying all of the above are actually true, or that the reasoning holds water (in particular, the functions/macros don't get included if the app doesn't use them!), but that is how the argument seems to run once you penetrate through all the waffle...
That's not a run-on sentence. It's just way too long.
Actually, no speculation is needed. Over the years large monetary offers of cash have been tossed around for obtaining Pirate Bay. If Pirate Bay was not generating a profit, its extremely unlikely such offers would exist.
Yep - that's why Google waited for Youtube to turn a profit before buying them ;-)
The other possibility, of course, is that someone thought they could make a profit from the organisation, even if it wasn't already...
They designed a chip that was cheap, fast, and was very easy to write a C compiler for.
Yes - and their docs are really good too.
What'll they call it, though? iFusion? iPower? iWatt?
iSotope, clearly :-)
Linguam romanae scio.
You know a Roman woman's tongue? I'm not sure we wanted to know that ;-)
Perhaps you meant "linguam Romanam" (the Roman language)? Or "linguam Romanorum" (language of the Romans)? Or "linguam Romae" (language of Rome)?
RSA does not depend on P vs NP.
Unfortunately that's not true...
It is currently an open question what the complexity of factoring is.
That's true, but it is known that it's in NP—what's not known is exactly where in NP it fits...
No. You're neglecting the discrete log problem which underpins Differ Hellman. There are probably other esoteric algorithms that rest on other hard problems like the knapsack problem.
Discrete log is in NP. Knapsack is in NP. In general, if a solution to a problem can be checked in polynomial time (regardless of how difficult it is to actually find that solution in the first place, which might be much harder), then the problem is in NP. Since for practical purposes encryption/decryption needs to be fairly quick, it's likely that a lot of encryption algorithms will fall into this space...
Why is this incorrect? The factoring problem is in NP, so if P=NP then it is in P (which is presumably what the OP meant by "NP easy").
I don't consider either of those significant.
You may not, and of course you're entitled to your opinion, and no doubt Sony have theirs too :-). One difficulty that Sony will have in arguing that these uses are insignificant, though, is that they previously included a feature with their consoles specifically for the purpose of running other OSs.
Also bear in mind that (as far as I'm aware), Geohot hasn't posted instructions on how to pirate games—far from it. What he has posted is one part of the jigsaw—and an important one—but is far from being a simple set of steps to copying games.
As for jury nullification, I don't think that's really relevant here...
True, but that would at least mean he didn't have to either spend a long time away from home, or keep travelling right across the country, to attend the trial.
It's their choice as to what they sell. It is also not censorship. They are a private company and are free to sell whatever legal products they wish, or not sell them as the case may be. The summary makes it sound like Amazon is the only place one can buy a book.
I'm not going to argue about whether it's censorship or not—but the main reason behind people's outrage here is not the fact that Amazon choose to carry or not to carry particular titles, but rather the fact that they sold some titles (and, arguably, the Kindles themselves based on the availability of these titles), then later removed them both from sale and from the Kindles of people who had already purchased them. That may or may not be censorship, but it's certainly creepy!
Then we should consider postfix as superior. Because for security, we don't want any input ever to be touched by privileged code. Postfix spawns a mail delivery that runs with the privileges of the recipient.
I'm sorry, but that doesn't follow.
Both Exim and Postfix Exim spawns a delivery processes that run with the privileges of the recipient. And the delivery process then dies in both cases.
The issue is that, in order to spawn a process as another user (i.e. the recipient), you must be running with root privileges first or else you can't switch users. Therefore both Postfix and Exim have a stage where they effectively have root privileges, and that stage is the stage that got hacked in this instance.
It's not possible to remove that root stage, and that stage must have at least some contact with user data, because otherwise it can't know which user to switch to—though to a great extent you can mitigate the risk by spawning an unprivileged process to dig through the mail data to find the recipient, then report that data back to the parent. As far as I understand the issue here (though I haven't looked at it in detail) was that one of the stages leaked data to another stage, which happened to be vulnerable to a buffer overflow.
Possibly the design of Postfix may make that sort of leak more or less likely, but there's no reason in principle why it couldn't happen their either :-(
As it happens, you're right, noexec won't help here
The reason this works is that exim runs initially as root. Though it drops its privileges early on, it retains (at least in some circumstances) the ability to switch back to root—this allows it, for example, to switch to another user when delivering their mail.
When the attacker uses their exploit, it ends up spawning a process that has this same capability of switching back to root, and the C program basically just does exactly this, then runs a (now root) shell. (I'm assuming the program also needed to be compiled, but if the attacker can write arbitrary files and run shell commands as non-root, that won't pose too much trouble.)
The reason the noexec mount option doesn't help is that, as you've pointed out, script interpreters (such as "sh") don't respect executable permissions when invoked directly. This doesn't matter so much with "sh" specifically, as it doesn't give you any way to switch user ids, but the following perl script is a good enough translation of the above C program:
The noexec mount option does help prevent some types of attack, by preventing execution of files the attacker manages to control, but in this case it's not enough because the attacker already has enough access to escalate privilege it in other ways...
I'm surprised that your institution's corporation counsel would let such a document get out. It's only possible use is to give students grounds to sue. What could possibly be the upside for the school in creating such a document?
The upside (apart from the fact that setting expectations on both sides of an arrangement almost always increases the chances of the arrangement working well) is that the document would also protect the institution in the event that it was sued. Without such a document, the litigious parents can still sue, and the result will instead be based on what the court determines to be the "implied contract". Which basically means that the lawyers get to spend a lot of time arguing, while both sides pay a lot of money for the privilege...
I didn't say it was part of the same transaction. You did.
Actually you said:
So the net tax rate on the plumber for that transaction is 57.75%.
...implying that there was a single tax rate of 57.75% on one transaction.
Poor choice of wording aside, the argument still falls down on a number of grounds:
Income tax is precisely how it works, son. Welcome to the real world.
If you genuinely think that's how it works, I suggest you ask an accountant what "tax-deductible" means... briefly, you're paying a plumber $100, and as part of the same transaction he has to pay an electrician $65, then he does not get taxed on that $65.
The problem is that cheddar simply is a bland cheese.
You're doing it wrong :-)
Cheap cheddar, poor-quality cheddar, "mousetrap" cheddar is bland. Good, well-made, mature cheddar ranks up there with the best of them.
If I were a content provider whose HTML was being modified in-flight, I'd invoke a law that already exists for that sort of thing - it's called copyright. My customer requested information from me; I provided it, and as such it is automatically copyrighted. Any modification in transit without authorization is illegal already, IMHO.
The article is about a content distribution network. That means that the content provider is paying them to make sure that their content reaches the customers quickly.
If the content provider doesn't like the content being modified, they should just ask their CDN provider to stop doing it - and if they won't, then just use another one! No need for legal action here :-)
But in that case users will complain about memory use and hard disk activity, not a slowdown.
Can I swap some of your users for mine? ;-)
A browser should always be conservative on RAM usage, even if it seems to have plenty available.
Always? Are you sure about that? I'm pretty sure I could write a web browser that used a tiny fraction of what any of the browsers use today. Performance would suck though :-).
The point I'm trying to make is that it's very much a tradeoff - using less memory often means running slower in certain circumstances. Making the "right" tradeoff is very difficult, especially with the situation of a web browser, where hardware resources, workload (ie complexity/number of sites) and expectations vary enormously :-)