This entire discussion chronicles just *why* I demand standard protocols from businesses on the web.
Believe it or not, there are still clueless executive types that pay good money to webmasters who have the audacity to use proprietary formats, then expect people like me to download their proprietary player to view or hear the content.
When enough people get burned with hostile code, businesses using nonstandard protocols will be viewed with as much suspicion as a man wearing a ski mask entering a bank.
Today's prolific denials of responsibility via EULA's sickens me and highly discourages my participation in modern business methods of conducting transactions via the net.
I have better sense than wear a ski mask in a bank.
I look forward to the day when businesses have the skills to be able to use standard public protocols.
Re: "California's too broke to force that from Microsoft."
Remember "Kelo vs. New London", the eminent domain legislation approved by the Supreme Court saying it was OK to take private property for public usage.
I will not say we need to actually penalize companies for breaking their agreement.
<sarcasm>
Just as "Digital Rights Management" laws protect business from unauthorized distribution, a simple mending of those laws to eminent domain abandoned ( unsupported ) intellectual property to the public domain would protect the business right to abandon their responsibility to their paying customer without being held accountable for refunding each and every transaction fraudently made.
This should please the State Legislature as it Protects Business!!!
The guy noted a motor spun faster when he held a magnet near it. He's curious as to why.
I fell for something similar it in a community college physics class.
My waterloo came when I could not explain why - in a string-and-weight resonance experiment - why the string on one side of the resonance envelope appeared blueish, but on the other side of the envelope appeared yellowish.
At that point, I had the resonance part down pat, but my interest laid on why the string appeared to change color.
My physics professor could not explain it either.
I thought it was something to do with the speed of the string, going toward me or away from me, but it didn't make sense.
It was the next year in Chemistry before I got my answer.
While watching the white magnetic stirrer pellet in a beaker, I noticed at certain speeds (which just happened to be near multiples/integral divisors of 3600RPM - big hint), the pellet would appear to change back and forth between those same two shades of blue and yellow in a rotating pattern.
It finally dawned on me I was seeing a stroboscopic effect formed by the fluorescent lights in the lab.
They were bluish when the 60 Hz. AC arc was exciting the bulb, then yellowish as the phosphor held the light output while the AC excitation changed polarity.
I excitedly ran over to the physics lab to nab my physics professor to show him what I discovered.
There has always been for me a completely plausible answer for unexplained phenomena, once I see the whole picture.
According to our Supreme Court, in hearing Kelo vs. New London, they found nothing wrong with a group of people flat evicting Kelo from her own house so they could build a hotel there.
Apparently, the argument was that more people would be served by the hotel than her house did.
So, if I read this right, if more people would be served, its OK. Or, at least our Supreme Court said so.
So, how many people want to share the song? And the no one even deprives the original owner of it.
Somehow, it is really hard for me to consider "piracy" as "theft" when our own Supreme Court Justices rule that Kelo must abandon her house because some businessmen wanted it.
Don't blame me for "lack of morals". Its endemic to the American Way.
The main one I am concerned about is finance.yahoo.com.
It still works.
I am afraid after M$ gets through with it, it won't.
I fear it will require registrations and use some copyrighted protocol - guaranteed non-interoperable by copyright and patent law. Only the latest MS product will talk to it.
I will always wonder if my financial queries are being tracked and stored in their database. I have no idea what kind of information may be exchanging behind my back.
It will be yet another goad to force one to upgrade when M$ decides they want to sell another round of OS.
When your students graduate, they will know how to do sustainable business work without fear of someone else's decision upsetting their apple cart.
Its the same as owing the business land, as opposed to renting, where the landlord can change terms or evict at will.
Or driving one's own car instead of begging use of it from dad.
When business sees supplies of people who are unshackled by restrictive licensing schemes, business is sure to follow.
Right now, business is still terrorized by the fear of "excommunication", much like the priests of old kept the people in line by threatening their relationship with God.
We should have advanced enough by now to get rid of that kind of fear.
We need and appreciate people like you who see through this for what it is, and teach the fundamentals and the truth.
Being CPU designs don't have a history of vulnerability to hostile attacks ( other than what happens when one executes unspecified opcodes ), I did not feel I needed to micromanage their work. Just as I would not micromanage one who produces bolts for us. But if those bolts start failing - then I make it my business to find out why.
Frankly, I found proprietary software solutions sorely lacking in having a history of secure function OR long term support. I was willing to go the Microsoft API and MFC as long as they would let me verify the source code. I have no problem with them owning the copyright to it or my paying royalties to replicate it - what I had a huge problem with is not knowing how it worked. I felt more like a veterinarian trying to diagnose a sick cat than an engineer trying to diagnose a malfunctioning industrial controller.
And yes, I do "C", although for larger stuff I prefer C++, especially if I am working with others.
I agree with you about the assembler - I either use it for tiny stuff or optimizing some tight control loop. Like you say - very time consuming and prone to errors, and I hate to do precision math in assembler!
I do not like trying to run fullbore OS realtime, although I can usually figure out some way of interrupting it to process a realtime thread, providing I do not interrupt too often ( maybe once a second or so - and not be critical to latency or dropped interrupts ). If lucky, I can use techniques similar to audio processing, but again, having a dropout in music may be a minor annoyance, having a dropout in an industrial controller usually results in a batch of unusable product.
I usually delegate the persnikety stuff to a microcontroller, then have the microcontroller accept commands and report status to the main OS machine.
So far, I mostly use a multidrop RS-485 network for this, and have been pretty successful. Thats how I would use a plain terminal to bring up my "system" by feeding it the commands to start it up, then once running - they run on their own, taking commands from "unit000" and each unit reporting status as commanded. The protocol I use is limited to 256 "units", with unit000 being the master control, with each incremental unit getting a lower priority on the bus. It was all for industrial control, as I wanted to make damn sure some critical temperature and motion controllers kept going no matter what happened to the main control computer. Bad things would happen if things shut down improperly. It was all an exercise in no central point of failure. The big OS ran all the big pretty status displays, logged everything, prepared management reports, and commanded the network as management directed.
I am looking to use the CAN bus, used a lot by cars to replace this in my next incarnation. It has the robustness and simplicity I need.
Oh yes, the tripwire. Stiller had an integrity checker which I based my scanner from. From what I understand, its essentially tripwire. It lets me know if any of its "watched" files have been tampered with.
I guess we each have our way of doing things - and I guess its good, as it gives the bad guys not only the problem of outsmarting the code, but trying to figure out how we are going to find out he's been romping around;).
I cannot quibble your points, as all are quite valid.
My problem is likely that systems have become more complex than I have the capacity to understand, and my own ignorance scares the hell out of me.
Having all this obfuscation egged on by proprietary IP protection technologies doesn't help one iota.
My whole love of computing was the elegance of code and good hardware design. Done right, its a work of art. Done poorly, its a nightmare.
I will be researching your "AIDE" suggestion.
You hit my nail square on the head noting I like to know things.
Faith is great for religions, but when it comes to keeping a petrochemical plant running, I am insecure as hell until I know everything about how it works.
Making the correct decision within seconds may mean the difference between a minor correction and rebuilding a lot of blown up hardware.
You are right observing I do not know exactly what the attack was. It didn't happen to me personally. I read about it here - then went out and got Hogland and Butler's book on "Rootkits-Subverting the Windows Kernel".
I was quite pissed as I read that thing.
I am used to writing industrial embedded system code. This kind of stuff where system files are overwritten with files that inaccurately report which files, threads, and processes exist is frightening to me. To me, its like finding my tax preparer is dishonest and is giving my personal info away to his snooper friends.
Most of my stuff is industrial control systems, robotics, and thermodynamics of heat transfer. Most of the time, I write my own stuff in C, C++, and assembler. I know what a sneaky programmer can do. Most of the time, I won't even use an OS - I'll just get a PIC or AVR microcontroller to do it - as I usually need specialized interfaces anyway. I'll get them all going then link them all on a RS-485 network. If the proverbial shit hits the fan, the system can be run up with a dumb terminal on the RS-485 loop. The supervisory machines mostly fine tune, log performance, and prepare reports for management.
I read all the time of the rumors where proprietary vendors are "cooperating" with marketers or authorities, and I have little-if any- means of verifying the authenticity or implementation of such rumors. Its as frustrating as trying to find God through religion. Code doesn't lie. People sometimes do.
I have noted people who want to keep secrets often have something to hide. The secrets I respect are mostly personal secrets.
I want to know exactly how something works, so if it does not work in the way I intended, I can fix it to where it does. There is no way I can build a reliable control system based on a bunch of crap I don't know. Faith is for religion - not for my designs.
My designs HAVE to work. Hope is not good enough. Its OK for the record-store kiosk to be out of whack, but its NOT OK for a critical controller in a petrochemical plant to go haywire. I have to write it - everything out in the open - so any other programmer can see what I did - and if something isn't quite right - make it right.
Programming for the masses and programming for industry are different philosophies. I hate underhanded dealmaking with code with the same purple passion I hate sneaky legal agreements.
As far as my comments about using the vendor CDROM go, its up to the vendor to see to it he does not have buffer overflows in his verification code. Personally, I would verify all the system executables for match on file length, checksum, and MD5, against the released version - with descrepancies reported to the user. Once I know at least the system core files are not tampered with, I could trust them to accurately tell me what my system is doing. From there, I am on my own, as there is no way the system vendor - whether it be Microsoft or Linux - can be held liable for what the app does. The OS should be able to report what any app does, though. The OS should accurately report all app usage of any system resources. If I had any say, all OS would have the equivalent of SoftIce built in.
I lost respect for Microsoft when they started doing all this "hidden file" stuff. In my way of thinking, a hidden file is very bad news. Its like writing legal contracts with certain clauses written in ink I can't see, yet my signing the agreement binds me to them. The more legal crap they expected me to abide to, the less comfortable I felt messing with them. I felt their whole business model mimicked selling way overpriced fashiony bluejeans to kids, while I was a plain old LEVI's fan, and ranked resilience and economy over fashion.
You hit the nail on the head when you stated if Windows were locked down that tight, I could not intall Linux.
I have no problem with that - I actually expect it. My take is that
This is NOT supposed to happen - I would allow them a foulup of this magnitude only on the virgin release of WIN95.
Let's face it, neither people nor businesses are unconditionally honest. I believe the proper lawyerspeak for "dishonesty" is "realistic".
People will violate copyright and patent if they feel they can get away with it.
Business will write loans that nobody can pay, will insert phrases like "we reserve the right to make any change at any time to this contract" in their written contracts, and sucker customers will sign it anyway.
Both pranker/hackers and businessmen *will* write hostile code.
I am not nearly so mad at Sony for doing this as I am at Microsoft for having code that lacks resilence against such attacks. Even as much as simple integrity checking of core files would isolate tampering of those files.
This could be as easy as when the customer boots from his purchased legit installation CD and asks it directly to verify his OS. There is no way any hacker could compromise the code on a stamped CD. At least the computer owner would know his computer is telling him the truth over which processes and threads are running, and know the registry keys are being honestly reported.
How a business claims "trustworthy computing" and such a thing happens makes me think of the banking industry repackaging all those toxic loans, then having some ratings agency stamp them with a high rating, then sell it all off to corporate pension managers - with every party in the whole sorry chain shielded by "hold harmless" law from the repercussions of their negligence.
All this "plays for sure" businesstalk rings of Circuit City Divx. Its marketing headhock which the technically illiterate ( even if they are business savvy; ) falls for over and over again. I realize a business appears to have much lower needs of system security than I feel is prudent - hence their acceptance of stuff that requires other companies products to crutch it up before it works. It seems to me that despite all the hoopla, we still have basically lousy stuff that hasn't seen any improvement since WIN98.
Linux seems to be the answer, as I know had this exploit been used on Linux, there would have immediately been free and open discussion of what happened and how to make damn sure it doesn't happen again. I can not count on that kind of support on proprietary systems, whose support is whatever the vendor sees fit to support - with any other help facing legal liability for even trying to help.
Being the power main is AC, one could use capacitive coupling to the power main to get a milliwatt or two.
I could readily see a "charge pump" type circuit using a small coupling capacitor, a larger storage capacitor, and a couple of diodes configured like a half-wave voltage doubler. The small coupling capacitor will transfer a minute amount of energy on each incoming power cycle. Being its all capacitive reactance, power dissipation would be minimal.
One of my favorite tricks is to use the energy I would have wasted in the snubber resistor on the collector/drain circuit of SMPS switchers. I use a small circuit as described above to store enough energy to start the switcher, then if the switcher starts up normally, I can then use the spike energy which would be harmful to my output transistor to power the SMPS logic by routing the output of the snubber capacitor to a small "voltage doubler" type circuit instead of the traditional series resistor. I then shunt off the excess energy to ground via a shunt regulator.
If the switcher fails to start normally, it quickly exhausts the power stored for its startup, then is forced by lack of power to go back to sleep. When the voltage again gets up high enough on the startup capacitor, it will wake up the power supply for another restart attempt. Doing this lets me do stupid things like shorting out the power supply - and have it simply shut down and wait for me to stop doing stupid stuff before it will power the load it was designed for.
I have always had more than ample energy available to run my SMPS ( Switch Mode Power Supply ) logic using nothing more than the energy that I see many other designs simply squander away in the snubber circuit.
I remember the frustration I got when I bought the CDROM version of IC Master catalog. That was ten years ago.
I was expecting a nicely done HTML version. I figured it was a helluva lot easier to click on hypertext links than to reference page after page. Besides I could easily print off interesting pages for my project binder instead of getting up and running to the copier.
What I got was some weird DRM scheme which worked a couple of times, then when I used another machine, it never worked again.
So much for giving me stuff electronically. I wish I could subscribe to technical magazines electronically, but the lure of DRM to business types renders their product unusable. Its much like going to some restaurant, only having the Maitre'D lording over me to see I dine in strict accordance to their rules.
And the suprising thing is - it was a damm catalog! A sales tool! Why would any businessman in his right mind encrypt a friggen catalog? It seems as stupid to me as mass mailing expired coupons - all of the expense of printing and distribution, with none of the benefits of the sale.
I ended up throwing that sorry disc away. Never bought another. Neither will I install any software that some ad-head comes up with which is prerequisite to viewing a vendor catalog.
If its beyond their capability to make a simple HTML catalog, viewable on ANY browser, then its useless - and I won't have anything to do with it. Anyone passing a community college HTML course should be able to lay out such a disc.
I continue using the paper version, because I know it will sit on the shelf - for years if need be - then work when I need it. I can't even begin to come close to this compatibility with electronic media.
There are businessmen executive types out there who don't really care if they create junk, and there are developers out there who are really good and finding out who these executives are. That's why we have such a mess out there. All sorts of incompatible crap, viruses, and stuff that flat doesn't work. There is always someone who will pay to have it made.
Warning, if you are at work, please do NOT follow this link, but if you are at a safe place where you can see a bit of porn, this is a link to a lifelike silicone doll: www.realdoll.com.
Not that I am trying to post porn on Slashdot, but a link to what kind of technology is available to make a lifelike human form suitable for prostheses.
I can imagine the silicone covering fluidic muscles which would look very lifelike, even warm to the touch, and feel just like real muscles. The fluid bladder comprising the muscle belly could be made in any shape so that the aesthetics of how the muscle appears as it is flexed could be tailored to match the natural muscle.
One could have the appearance of a bodybuilder, or a fashion model, or whatever.
I can not see a fluidic muscle being very strong, but in the absence of natural muscle, anything is more useful than nothing. It will get your hand up to your mouth to feed yourself, comb your hair, or do your buttons, although I doubt it would be useful for heavier work.
The bicep-tricep pair would operate as opposing muscle/fluid reservoir so that in order to bend the arm, fluid is pumped from one bladder to the other. The forearm could be full of small opposing bladders to control the fingers, all run from a small microcontroller and power source. From the outside, it would appear just as muscle appears, even bulging when flexed just like real muscle.
It sounds like a great fun thing to work on, knowing that I would be creating something someone actually needs.
I have a really bad feeling on our oil/energy situation.
Another blog site, similar to Slashdot exists for those interested in the world energy infrastructure much like Slashdot exists for those interested in our computational infrastructure.
Its run by several extremely qualified TECHNICAL engineers, and they spare no quarter in detailed numerical and graphical analyses of the global energy situation.
It is not a "gloom and doom" site, however they will link you to a few if that's what you wish to see.
True, I don't think its in Microsoft's business interest to annoy their business customers with a stream of unwanted ads when they could just avoid the whole fiasco and run Linux.
Microsofts paradigm will probably stay the same, encouraging business users to adopt Microsoft technology which requires visitors to also use Microsoft technology in order to communicate with them - as part of their approach to goading home users to stay loyal to Microsoft, irregardless of viruses, enforced obsolescence, and DRM issues.
Forward looking businesses will adopt technology which will talk to everyone using standard public protocols - as how often do you see these businesses insisting on a Firefox browser before they will talk to their Customer?
Other businesses with a customer base to burn may be quite accepting of a loss in customer connectivity in order to land the handshake with their proprietary technology partner.
Personally, I like Open Source not for its Price, but for its Reliability. When I know what my system is doing, its a helluva lot easier to maintain it. When it does something unexpected, I want to know where to look for the problem.
When it comes to my stuff, Ignorance is *NOT* bliss!!! Actually, its downright terrifying.
ALL of my professors considered readability a MAJOR part of the assignment.
This was true in Assembler, VB, C, C++, MFC, API, Pascal, File Structures, Data Structures.
ALL of 'em would ding me hard if I presented hard-to-read poorly commented code.
By the fourth or fifth class, I finally had the art of making clean self-documenting programs down pat pretty well.
I can assure you that in five year's time, you will forget how you coded even your own program, much less try to make sense of someone else's work.
I had a quite a few programs I coded where I was trying to optimize stability of phase locked loops over a very wide range using nonlinear varactors. I even had to get the math whizzes to help me with the nonlinear differential equations governing their operation. If I had not coded well, there would be no way I could go back today to use those programs.
I thank all of my professors highly for that lesson.
I only wish everyone's professor would do as mine did, and the students take the lesson to heart.
Back to the "ask Slasdot" poll, I cast my vote for the 80 column pure ASCII text, because there is no telling what you may try to print the source code to.
Anything not universally supported will be risky.
Besides, long lines are hard as hell to read.
I think its far better to use judiciously placed CRLF than have a humble-jumble of ridiculously long lines interspersed amongst a sea of short ones.
Having long lines on my display forces me to use way wider windows, which means I can't view as many documents side-by-side on the newer screens. Worse yet, it might force me to only be able to see one document at a time on my screen.
That would put me right back on the VT-100 days when I was enjoying the luxury of seeing two or more documents simultaneously on the same screen.
Same thing happened at the aerospace contractor I worked for.
The big corporation who bought us subsequently "executized" us, and "re-engineered" the company, basically re-staffing it, then quickly sold the whole shebang to yet another major aircraft manufacturer before the shit hit the fan.
The guys who had actually "done it" hit the streets, replaced by freshly minted students who had a piece of paper.
Now, I realize a lot of us, me included, were rather "set in our ways". We get that way when we have seen failure, and failure leaves an extremely bad taste in one's mouth.
They needed people who had not failed yet and were more obedient to management.
After tasting failure personally way too many times, I know all too well the real economics of sunk costs with the only return being the knowledge that it didn't work.
I began resisting things that looked fishy to me. I would demand more convincing that this was a prudent expenditure of resources before jumping on the bandwagon.
If some suit-and-tie handshaking technology salesman sold my management on Steorn's "Orbo Technology", should I resist it if I am of the strong belief that this will be nothing but sunk costs?
What do I do if I have to pit my knowledge of thermodynamics and physics against the political office skills of the MBA?
Who will the six-million-dollar per year Executive listen to?... a two hundred thousand dollar a year manager, or the "whining" of a lousy fifty thousand dollar a year engineer over physics arcana not even in the Management curricula?
Its the same reason they like young soldiers. An older fart like myself sees how our system treats our fallen, and will probably come to the conclusion its best to try one's damndest not to get hurt, not be a hero.
At least I know some of our really good GPS guys went to Magellan and Garmin, the RF genius I worked with went to
Nokia.
I threw in the towel and live the "hippie life". So much for 30 years working with power, control systems, microcontrollers, and refrigeration. Who needs people like me, perfectionists trying to squeeze every last milliwatt of power out of something, when for only a few tens of thousands of dollars a year more, one could hire a MBA to tell me I can't use the OS I need to use?
So I spend my days tinkering on absorption refrigeration, living on oil investments, and visiting blog sites.
You are probably referring to the "Sensormatic EAS" (Electronic Article Surveillance ) tag.
Google "Sensormatic EAS tag" for more info if you wanna. Lots of hits.
Its cheap, and quite reliable. Works on magnetic resonance, which doubles in frequency if the tag is in the magnetized ( armed ) state. The coils by the door try to "ring" the tag, and from the response, determine if it is an armed or unarmed tag.
These are quite small, and are quite easily put inside product packaging by the manufacturer.
Hacker's Note:
I've been making compasses out of these tags, as the magnetic material is quits "snappy", and its quite easy to build an oscillator which uses the tag as a core for the inductor. External magnetic bias supplied by the Earth will influence the duty cycle of the oscillator.
They are also handy to put on my cat's collar, and build my own detector coil ( simple swept spectrum analyzer/AVR microcontroller) to detect when its MY cat at the hatch. This will work as long as I keep this to myself and my neighbors don't tag their cat too, but its not my neighbor's cat I am at odds with, its that dammm rat, possum, snake, and coon I wanna keep out of my house.
That was a funny read... I would have modded you funny too.
But all in all, I do feel for the shopkeeper who has to go all over town retriving his carts.
I live in Southern California, and I see it every day. People visit every store in town and walk the carts home, then abandon them. The carts are then used by children as toys on the neighborhood streets, and are often relieved of their wheels as the children construct other playthings from them.
What's a shopkeeper to do?
If he does not have carts, people will avoid his business.
If he does have carts, people take them, and he loses a $200 cart for a ten dollar sale.
To me, this whole article should be taken in the light of "this is how the technology works".
Yes, any one of us can foul it up.
Any one of us can put superglue in locks too.
But what does that prove?
Its nice to know how technologies work.
But that does not justify us making an ass of ourselves.
If we get caught, I expect the same treatment as I would expect them to give anyone who gets csught sugaring my car's gas tank. Simply, I want the book thrown at them.
I expect nothing less, and I hold fast a shopkeeper's right to expect nothing less either.
Just seeing the summary was enough to get my goat.
Why, oh why, do we embrace such finicky technology which enforces us to a single source vendor?
I have known since I was a little kid the economics of having to deal with a monopoly. ( Dad owned the car and could exact whatever he deemed fit in exchange for an evening's use of it.).
Why do people, with business degrees - no less - embrace enslaving themselves this way?
This kind of proprietary control crap is the number one reason I fail to embrace a new technology.
Mind you, I had to have one of the first adopters of home computers (IMSAI 8080), LED flashlights, all-flourescent lit house, all LCD displays, ground source heat pump, but still run alternate OS only because of this issue.
Although newer technology is often better, it is not always so if it comes with a hook in the bait.
I feel the guys who adopt this shit have not the sense of a game fish.
Slashdot Mirror
Believe it or not, there are still clueless executive types that pay good money to webmasters who have the audacity to use proprietary formats, then expect people like me to download their proprietary player to view or hear the content.
When enough people get burned with hostile code, businesses using nonstandard protocols will be viewed with as much suspicion as a man wearing a ski mask entering a bank.
Today's prolific denials of responsibility via EULA's sickens me and highly discourages my participation in modern business methods of conducting transactions via the net.
I have better sense than wear a ski mask in a bank.
I look forward to the day when businesses have the skills to be able to use standard public protocols.
Remember "Kelo vs. New London", the eminent domain legislation approved by the Supreme Court saying it was OK to take private property for public usage.
I will not say we need to actually penalize companies for breaking their agreement.
<sarcasm>
Just as "Digital Rights Management" laws protect business from unauthorized distribution, a simple mending of those laws to eminent domain abandoned ( unsupported ) intellectual property to the public domain would protect the business right to abandon their responsibility to their paying customer without being held accountable for refunding each and every transaction fraudently made.
This should please the State Legislature as it Protects Business!!!
</sarcasm>
We should be also able to sue RIAA the same damages for each song paid for but unplayable. And collect!
After all, our "Pledge of Allegiance" starts off with "I Pledge Allegiance" and ends with "Justice For ALL".
Any judge failing to comprehend this contract should have their employment reviewed.
I fell for something similar it in a community college physics class.
My waterloo came when I could not explain why - in a string-and-weight resonance experiment - why the string on one side of the resonance envelope appeared blueish, but on the other side of the envelope appeared yellowish.
At that point, I had the resonance part down pat, but my interest laid on why the string appeared to change color.
My physics professor could not explain it either.
I thought it was something to do with the speed of the string, going toward me or away from me, but it didn't make sense.
It was the next year in Chemistry before I got my answer.
While watching the white magnetic stirrer pellet in a beaker, I noticed at certain speeds (which just happened to be near multiples/integral divisors of 3600RPM - big hint), the pellet would appear to change back and forth between those same two shades of blue and yellow in a rotating pattern.
It finally dawned on me I was seeing a stroboscopic effect formed by the fluorescent lights in the lab.
They were bluish when the 60 Hz. AC arc was exciting the bulb, then yellowish as the phosphor held the light output while the AC excitation changed polarity.
I excitedly ran over to the physics lab to nab my physics professor to show him what I discovered.
There has always been for me a completely plausible answer for unexplained phenomena, once I see the whole picture.
Apparently, the argument was that more people would be served by the hotel than her house did.
So, if I read this right, if more people would be served, its OK. Or, at least our Supreme Court said so.
So, how many people want to share the song? And the no one even deprives the original owner of it.
Somehow, it is really hard for me to consider "piracy" as "theft" when our own Supreme Court Justices rule that Kelo must abandon her house because some businessmen wanted it.
Don't blame me for "lack of morals". Its endemic to the American Way.
It still works.
I am afraid after M$ gets through with it, it won't.
I fear it will require registrations and use some copyrighted protocol - guaranteed non-interoperable by copyright and patent law. Only the latest MS product will talk to it.
I will always wonder if my financial queries are being tracked and stored in their database. I have no idea what kind of information may be exchanging behind my back.
It will be yet another goad to force one to upgrade when M$ decides they want to sell another round of OS.
Hopefully, Google will pick up the pieces.
Hell, I have Asperger's syndrome - getting me started on techie stuff is more fun than anything for me.
But whatever you do, please oh please don't invite me to formal dining. That has always been my Waterloo.
When your students graduate, they will know how to do sustainable business work without fear of someone else's decision upsetting their apple cart.
Its the same as owing the business land, as opposed to renting, where the landlord can change terms or evict at will.
Or driving one's own car instead of begging use of it from dad.
When business sees supplies of people who are unshackled by restrictive licensing schemes, business is sure to follow.
Right now, business is still terrorized by the fear of "excommunication", much like the priests of old kept the people in line by threatening their relationship with God.
We should have advanced enough by now to get rid of that kind of fear.
We need and appreciate people like you who see through this for what it is, and teach the fundamentals and the truth.
Being CPU designs don't have a history of vulnerability to hostile attacks ( other than what happens when one executes unspecified opcodes ), I did not feel I needed to micromanage their work. Just as I would not micromanage one who produces bolts for us. But if those bolts start failing - then I make it my business to find out why.
Frankly, I found proprietary software solutions sorely lacking in having a history of secure function OR long term support. I was willing to go the Microsoft API and MFC as long as they would let me verify the source code. I have no problem with them owning the copyright to it or my paying royalties to replicate it - what I had a huge problem with is not knowing how it worked. I felt more like a veterinarian trying to diagnose a sick cat than an engineer trying to diagnose a malfunctioning industrial controller.
And yes, I do "C", although for larger stuff I prefer C++, especially if I am working with others.
I agree with you about the assembler - I either use it for tiny stuff or optimizing some tight control loop. Like you say - very time consuming and prone to errors, and I hate to do precision math in assembler!
I do not like trying to run fullbore OS realtime, although I can usually figure out some way of interrupting it to process a realtime thread, providing I do not interrupt too often ( maybe once a second or so - and not be critical to latency or dropped interrupts ). If lucky, I can use techniques similar to audio processing, but again, having a dropout in music may be a minor annoyance, having a dropout in an industrial controller usually results in a batch of unusable product.
I usually delegate the persnikety stuff to a microcontroller, then have the microcontroller accept commands and report status to the main OS machine.
So far, I mostly use a multidrop RS-485 network for this, and have been pretty successful. Thats how I would use a plain terminal to bring up my "system" by feeding it the commands to start it up, then once running - they run on their own, taking commands from "unit000" and each unit reporting status as commanded. The protocol I use is limited to 256 "units", with unit000 being the master control, with each incremental unit getting a lower priority on the bus. It was all for industrial control, as I wanted to make damn sure some critical temperature and motion controllers kept going no matter what happened to the main control computer. Bad things would happen if things shut down improperly. It was all an exercise in no central point of failure. The big OS ran all the big pretty status displays, logged everything, prepared management reports, and commanded the network as management directed.
I am looking to use the CAN bus, used a lot by cars to replace this in my next incarnation. It has the robustness and simplicity I need.
Oh yes, the tripwire. Stiller had an integrity checker which I based my scanner from. From what I understand, its essentially tripwire. It lets me know if any of its "watched" files have been tampered with.
I guess we each have our way of doing things - and I guess its good, as it gives the bad guys not only the problem of outsmarting the code, but trying to figure out how we are going to find out he's been romping around ;).
I cannot quibble your points, as all are quite valid.
My problem is likely that systems have become more complex than I have the capacity to understand, and my own ignorance scares the hell out of me.
Having all this obfuscation egged on by proprietary IP protection technologies doesn't help one iota.
My whole love of computing was the elegance of code and good hardware design. Done right, its a work of art. Done poorly, its a nightmare.
I will be researching your "AIDE" suggestion.
You hit my nail square on the head noting I like to know things.
Faith is great for religions, but when it comes to keeping a petrochemical plant running, I am insecure as hell until I know everything about how it works.
Making the correct decision within seconds may mean the difference between a minor correction and rebuilding a lot of blown up hardware.
You are right observing I do not know exactly what the attack was. It didn't happen to me personally. I read about it here - then went out and got Hogland and Butler's book on "Rootkits-Subverting the Windows Kernel".
I was quite pissed as I read that thing.
I am used to writing industrial embedded system code. This kind of stuff where system files are overwritten with files that inaccurately report which files, threads, and processes exist is frightening to me. To me, its like finding my tax preparer is dishonest and is giving my personal info away to his snooper friends.
Most of my stuff is industrial control systems, robotics, and thermodynamics of heat transfer. Most of the time, I write my own stuff in C, C++, and assembler. I know what a sneaky programmer can do. Most of the time, I won't even use an OS - I'll just get a PIC or AVR microcontroller to do it - as I usually need specialized interfaces anyway. I'll get them all going then link them all on a RS-485 network. If the proverbial shit hits the fan, the system can be run up with a dumb terminal on the RS-485 loop. The supervisory machines mostly fine tune, log performance, and prepare reports for management.
I read all the time of the rumors where proprietary vendors are "cooperating" with marketers or authorities, and I have little-if any- means of verifying the authenticity or implementation of such rumors. Its as frustrating as trying to find God through religion. Code doesn't lie. People sometimes do.
I have noted people who want to keep secrets often have something to hide. The secrets I respect are mostly personal secrets.
I want to know exactly how something works, so if it does not work in the way I intended, I can fix it to where it does. There is no way I can build a reliable control system based on a bunch of crap I don't know. Faith is for religion - not for my designs.
My designs HAVE to work. Hope is not good enough. Its OK for the record-store kiosk to be out of whack, but its NOT OK for a critical controller in a petrochemical plant to go haywire. I have to write it - everything out in the open - so any other programmer can see what I did - and if something isn't quite right - make it right.
Programming for the masses and programming for industry are different philosophies. I hate underhanded dealmaking with code with the same purple passion I hate sneaky legal agreements.
As far as my comments about using the vendor CDROM go, its up to the vendor to see to it he does not have buffer overflows in his verification code. Personally, I would verify all the system executables for match on file length, checksum, and MD5, against the released version - with descrepancies reported to the user. Once I know at least the system core files are not tampered with, I could trust them to accurately tell me what my system is doing. From there, I am on my own, as there is no way the system vendor - whether it be Microsoft or Linux - can be held liable for what the app does. The OS should be able to report what any app does, though. The OS should accurately report all app usage of any system resources. If I had any say, all OS would have the equivalent of SoftIce built in.
I lost respect for Microsoft when they started doing all this "hidden file" stuff. In my way of thinking, a hidden file is very bad news. Its like writing legal contracts with certain clauses written in ink I can't see, yet my signing the agreement binds me to them. The more legal crap they expected me to abide to, the less comfortable I felt messing with them. I felt their whole business model mimicked selling way overpriced fashiony bluejeans to kids, while I was a plain old LEVI's fan, and ranked resilience and economy over fashion.
You hit the nail on the head when you stated if Windows were locked down that tight, I could not intall Linux.
I have no problem with that - I actually expect it. My take is that
Once its public knowledge what to look for and how to remove it, cleaning up the mess should be trivial.
Like the dog that pees in the kitchen, we won't let it in there again.
But I am more pissed at Microsoft.
This is NOT supposed to happen - I would allow them a foulup of this magnitude only on the virgin release of WIN95.
Let's face it, neither people nor businesses are unconditionally honest. I believe the proper lawyerspeak for "dishonesty" is "realistic".
People will violate copyright and patent if they feel they can get away with it.
Business will write loans that nobody can pay, will insert phrases like "we reserve the right to make any change at any time to this contract" in their written contracts, and sucker customers will sign it anyway.
Both pranker/hackers and businessmen *will* write hostile code.
I am not nearly so mad at Sony for doing this as I am at Microsoft for having code that lacks resilence against such attacks. Even as much as simple integrity checking of core files would isolate tampering of those files.
This could be as easy as when the customer boots from his purchased legit installation CD and asks it directly to verify his OS. There is no way any hacker could compromise the code on a stamped CD. At least the computer owner would know his computer is telling him the truth over which processes and threads are running, and know the registry keys are being honestly reported.
How a business claims "trustworthy computing" and such a thing happens makes me think of the banking industry repackaging all those toxic loans, then having some ratings agency stamp them with a high rating, then sell it all off to corporate pension managers - with every party in the whole sorry chain shielded by "hold harmless" law from the repercussions of their negligence.
All this "plays for sure" businesstalk rings of Circuit City Divx. Its marketing headhock which the technically illiterate ( even if they are business savvy; ) falls for over and over again. I realize a business appears to have much lower needs of system security than I feel is prudent - hence their acceptance of stuff that requires other companies products to crutch it up before it works. It seems to me that despite all the hoopla, we still have basically lousy stuff that hasn't seen any improvement since WIN98.
Linux seems to be the answer, as I know had this exploit been used on Linux, there would have immediately been free and open discussion of what happened and how to make damn sure it doesn't happen again. I can not count on that kind of support on proprietary systems, whose support is whatever the vendor sees fit to support - with any other help facing legal liability for even trying to help.
I could readily see a "charge pump" type circuit using a small coupling capacitor, a larger storage capacitor, and a couple of diodes configured like a half-wave voltage doubler. The small coupling capacitor will transfer a minute amount of energy on each incoming power cycle. Being its all capacitive reactance, power dissipation would be minimal.
One of my favorite tricks is to use the energy I would have wasted in the snubber resistor on the collector/drain circuit of SMPS switchers. I use a small circuit as described above to store enough energy to start the switcher, then if the switcher starts up normally, I can then use the spike energy which would be harmful to my output transistor to power the SMPS logic by routing the output of the snubber capacitor to a small "voltage doubler" type circuit instead of the traditional series resistor. I then shunt off the excess energy to ground via a shunt regulator.
If the switcher fails to start normally, it quickly exhausts the power stored for its startup, then is forced by lack of power to go back to sleep. When the voltage again gets up high enough on the startup capacitor, it will wake up the power supply for another restart attempt. Doing this lets me do stupid things like shorting out the power supply - and have it simply shut down and wait for me to stop doing stupid stuff before it will power the load it was designed for.
I have always had more than ample energy available to run my SMPS ( Switch Mode Power Supply ) logic using nothing more than the energy that I see many other designs simply squander away in the snubber circuit.
I was expecting a nicely done HTML version. I figured it was a helluva lot easier to click on hypertext links than to reference page after page. Besides I could easily print off interesting pages for my project binder instead of getting up and running to the copier.
What I got was some weird DRM scheme which worked a couple of times, then when I used another machine, it never worked again.
So much for giving me stuff electronically. I wish I could subscribe to technical magazines electronically, but the lure of DRM to business types renders their product unusable. Its much like going to some restaurant, only having the Maitre'D lording over me to see I dine in strict accordance to their rules.
And the suprising thing is - it was a damm catalog! A sales tool! Why would any businessman in his right mind encrypt a friggen catalog? It seems as stupid to me as mass mailing expired coupons - all of the expense of printing and distribution, with none of the benefits of the sale.
I ended up throwing that sorry disc away. Never bought another. Neither will I install any software that some ad-head comes up with which is prerequisite to viewing a vendor catalog.
If its beyond their capability to make a simple HTML catalog, viewable on ANY browser, then its useless - and I won't have anything to do with it. Anyone passing a community college HTML course should be able to lay out such a disc.
I continue using the paper version, because I know it will sit on the shelf - for years if need be - then work when I need it. I can't even begin to come close to this compatibility with electronic media. There are businessmen executive types out there who don't really care if they create junk, and there are developers out there who are really good and finding out who these executives are. That's why we have such a mess out there. All sorts of incompatible crap, viruses, and stuff that flat doesn't work. There is always someone who will pay to have it made.
Warning, if you are at work, please do NOT follow this link, but if you are at a safe place where you can see a bit of porn, this is a link to a lifelike silicone doll: www.realdoll.com .
Not that I am trying to post porn on Slashdot, but a link to what kind of technology is available to make a lifelike human form suitable for prostheses.
I can imagine the silicone covering fluidic muscles which would look very lifelike, even warm to the touch, and feel just like real muscles. The fluid bladder comprising the muscle belly could be made in any shape so that the aesthetics of how the muscle appears as it is flexed could be tailored to match the natural muscle.
One could have the appearance of a bodybuilder, or a fashion model, or whatever.
I can not see a fluidic muscle being very strong, but in the absence of natural muscle, anything is more useful than nothing. It will get your hand up to your mouth to feed yourself, comb your hair, or do your buttons, although I doubt it would be useful for heavier work.
The bicep-tricep pair would operate as opposing muscle/fluid reservoir so that in order to bend the arm, fluid is pumped from one bladder to the other. The forearm could be full of small opposing bladders to control the fingers, all run from a small microcontroller and power source. From the outside, it would appear just as muscle appears, even bulging when flexed just like real muscle.
It sounds like a great fun thing to work on, knowing that I would be creating something someone actually needs.
Another blog site, similar to Slashdot exists for those interested in the world energy infrastructure much like Slashdot exists for those interested in our computational infrastructure.
Here's the link: The Oil Drum.
Its run by several extremely qualified TECHNICAL engineers, and they spare no quarter in detailed numerical and graphical analyses of the global energy situation.
It is not a "gloom and doom" site, however they will link you to a few if that's what you wish to see.
I wish I had a mod point for you.
Microsofts paradigm will probably stay the same, encouraging business users to adopt Microsoft technology which requires visitors to also use Microsoft technology in order to communicate with them - as part of their approach to goading home users to stay loyal to Microsoft, irregardless of viruses, enforced obsolescence, and DRM issues.
Forward looking businesses will adopt technology which will talk to everyone using standard public protocols - as how often do you see these businesses insisting on a Firefox browser before they will talk to their Customer?
Other businesses with a customer base to burn may be quite accepting of a loss in customer connectivity in order to land the handshake with their proprietary technology partner.
Personally, I like Open Source not for its Price, but for its Reliability. When I know what my system is doing, its a helluva lot easier to maintain it. When it does something unexpected, I want to know where to look for the problem.
When it comes to my stuff, Ignorance is *NOT* bliss!!! Actually, its downright terrifying.
This was true in Assembler, VB, C, C++, MFC, API, Pascal, File Structures, Data Structures.
ALL of 'em would ding me hard if I presented hard-to-read poorly commented code.
By the fourth or fifth class, I finally had the art of making clean self-documenting programs down pat pretty well.
I can assure you that in five year's time, you will forget how you coded even your own program, much less try to make sense of someone else's work.
I had a quite a few programs I coded where I was trying to optimize stability of phase locked loops over a very wide range using nonlinear varactors. I even had to get the math whizzes to help me with the nonlinear differential equations governing their operation. If I had not coded well, there would be no way I could go back today to use those programs.
I thank all of my professors highly for that lesson.
I only wish everyone's professor would do as mine did, and the students take the lesson to heart.
Back to the "ask Slasdot" poll, I cast my vote for the 80 column pure ASCII text, because there is no telling what you may try to print the source code to.
Anything not universally supported will be risky.
Besides, long lines are hard as hell to read.
I think its far better to use judiciously placed CRLF than have a humble-jumble of ridiculously long lines interspersed amongst a sea of short ones.
Having long lines on my display forces me to use way wider windows, which means I can't view as many documents side-by-side on the newer screens. Worse yet, it might force me to only be able to see one document at a time on my screen.
That would put me right back on the VT-100 days when I was enjoying the luxury of seeing two or more documents simultaneously on the same screen.
Same thing happened at the aerospace contractor I worked for.
The big corporation who bought us subsequently "executized" us, and "re-engineered" the company, basically re-staffing it, then quickly sold the whole shebang to yet another major aircraft manufacturer before the shit hit the fan.
The guys who had actually "done it" hit the streets, replaced by freshly minted students who had a piece of paper.
Now, I realize a lot of us, me included, were rather "set in our ways". We get that way when we have seen failure, and failure leaves an extremely bad taste in one's mouth.
They needed people who had not failed yet and were more obedient to management.
After tasting failure personally way too many times, I know all too well the real economics of sunk costs with the only return being the knowledge that it didn't work.
I began resisting things that looked fishy to me. I would demand more convincing that this was a prudent expenditure of resources before jumping on the bandwagon.
If some suit-and-tie handshaking technology salesman sold my management on Steorn's "Orbo Technology", should I resist it if I am of the strong belief that this will be nothing but sunk costs?
What do I do if I have to pit my knowledge of thermodynamics and physics against the political office skills of the MBA?
Who will the six-million-dollar per year Executive listen to?... a two hundred thousand dollar a year manager, or the "whining" of a lousy fifty thousand dollar a year engineer over physics arcana not even in the Management curricula?
Its the same reason they like young soldiers. An older fart like myself sees how our system treats our fallen, and will probably come to the conclusion its best to try one's damndest not to get hurt, not be a hero.
At least I know some of our really good GPS guys went to Magellan and Garmin, the RF genius I worked with went to Nokia.
I threw in the towel and live the "hippie life". So much for 30 years working with power, control systems, microcontrollers, and refrigeration. Who needs people like me, perfectionists trying to squeeze every last milliwatt of power out of something, when for only a few tens of thousands of dollars a year more, one could hire a MBA to tell me I can't use the OS I need to use?
So I spend my days tinkering on absorption refrigeration, living on oil investments, and visiting blog sites.
Here's hopes Freeman produces this film.
Google "Sensormatic EAS tag" for more info if you wanna. Lots of hits.
Its cheap, and quite reliable. Works on magnetic resonance, which doubles in frequency if the tag is in the magnetized ( armed ) state. The coils by the door try to "ring" the tag, and from the response, determine if it is an armed or unarmed tag.
These are quite small, and are quite easily put inside product packaging by the manufacturer.
Hacker's Note:
I've been making compasses out of these tags, as the magnetic material is quits "snappy", and its quite easy to build an oscillator which uses the tag as a core for the inductor. External magnetic bias supplied by the Earth will influence the duty cycle of the oscillator.
They are also handy to put on my cat's collar, and build my own detector coil ( simple swept spectrum analyzer/AVR microcontroller) to detect when its MY cat at the hatch. This will work as long as I keep this to myself and my neighbors don't tag their cat too, but its not my neighbor's cat I am at odds with, its that dammm rat, possum, snake, and coon I wanna keep out of my house.
57 Khz/114 Khz.
But all in all, I do feel for the shopkeeper who has to go all over town retriving his carts.
I live in Southern California, and I see it every day. People visit every store in town and walk the carts home, then abandon them. The carts are then used by children as toys on the neighborhood streets, and are often relieved of their wheels as the children construct other playthings from them.
What's a shopkeeper to do?
If he does not have carts, people will avoid his business.
If he does have carts, people take them, and he loses a $200 cart for a ten dollar sale.
To me, this whole article should be taken in the light of "this is how the technology works".
Yes, any one of us can foul it up.
Any one of us can put superglue in locks too.
But what does that prove?
Its nice to know how technologies work.
But that does not justify us making an ass of ourselves.
If we get caught, I expect the same treatment as I would expect them to give anyone who gets csught sugaring my car's gas tank. Simply, I want the book thrown at them.
I expect nothing less, and I hold fast a shopkeeper's right to expect nothing less either.
Just seeing the summary was enough to get my goat.
Why, oh why, do we embrace such finicky technology which enforces us to a single source vendor?
I have known since I was a little kid the economics of having to deal with a monopoly. ( Dad owned the car and could exact whatever he deemed fit in exchange for an evening's use of it.).
Why do people, with business degrees - no less - embrace enslaving themselves this way?
This kind of proprietary control crap is the number one reason I fail to embrace a new technology.
Mind you, I had to have one of the first adopters of home computers (IMSAI 8080), LED flashlights, all-flourescent lit house, all LCD displays, ground source heat pump, but still run alternate OS only because of this issue.
Although newer technology is often better, it is not always so if it comes with a hook in the bait.
I feel the guys who adopt this shit have not the sense of a game fish.