Azul stopped chip development a few years ago. They found that the speed benefits in GC with their custom hardware were offset by the fact that everything else was slower than on a commodity x86 chip. They now primarily sell x86 systems, and do some insane stuff with the page tables to make the GC fast.
I suspect that's a lot true now than it used to be. A decade ago, I would typically type on 3-4 computers a day, and now always the same set. I tried switching to Dvorak, and found it was great on my home desktop and on one other machine where I'd changed the keymap (and the keycaps - it was an old model M that let you pop off the keycaps and rearrange them), but it was painful switching to the other computers that I had to use that day, so eventually I gave up. Now, most days the only keyboard (discounting on-screen keyboards, which suck for motor memory anyway) I type on is my laptop. Now is probably a much better time to try innovative keyboard designs, because most people won't have to switch between them.
You can't easily use it to isolate other unmodified programs. However, it is possible to use LD_PRELOAD to insert a shim libc that will trap any attempts to open files and will instead ask the parent process to pass it a file descriptor. That becomes a bit tricky because rtld also wants to open files (although it's now been modified to allow you to pass in some directory descriptors for search paths) and it must (obviously) run before any shared library code can run.
It's probably more interesting to integrate this kind of sandboxing directly with rtld, so that it can drop privileges and inject the shims itself.
The Chinese have just stopped doing this, because it is a terrible idea. It creates a set of incentives for the state to have as many people executed as possible, to guarantee a supply of replacement organs for the rulers.
seems we have the same rights not to ship them weapons,
And we're grateful when you do, it gives our local industry a boost. US arms export policy is a complex balancing act trying to ensure that other countries have enough US-made weapon systems that they won't invest too heavily in developing their own, while not allowing them the capacity to threaten the US. Something similar applies to other exports. There's nothing made in the USA that can't be made elsewhere, it's just sometimes cheaper or more convenient in the short term to buy from the US. Stop exports, and you'll just spur local industry.
If we want the death penalty to be a deterrent against crime
The technical name for this kind of argument is ex falso quodlibet. You start with a premise that is false, and from there you can infer anything, and it will be at least as true as your original axiom. It has been shown by numerous studies that the death penalty does not provide a deterrent, because few people who commit the kind of crime where it is applicable expect to be caught and rationally weighs the options (and the ones that do don't care what happens to them).
It doesn't work that way for maths either. For induction, you must find a case where it's okay to kill one person, and then an argument that if it's okay to kill n people then it's okay to kill n+1 people.
Right. I don't block ads, but I do block certain kinds of content, including Flash. This has a side effect of blocking a lot of ads, but I still see ads that are plain text or images.
Does Capsicum only work at the process level? I can't have a more privileged thread that is still uncontained (i.e. still able to perform a blocked syscall) while other threads are contained?
Yes. There's no point sandboxing a thread, because if you compromise one thread you can write over every other thread's memory, and trivially do ROP tricks to make another thread make the system calls on your behalf.
How do you envision codebases supporting Capsicum in a way that they leaves them still portable to platforms where Capsicum is not available? Is it going to be a case of #ifdefs all the way down?
The Capsicum APIs can mostly be #ifdef'd away. The things that restrict rights on a file descriptor and the cap_enter() syscall can just be turned into no-ops.
Would it be possible to make a sandbox program that uses Capsicum to in turn sandbox another (Capsicum-unaware) program that it goes on to run or is it likely going to be too restrictive for the second program?
Where do you live? I live in Texas (power is notoriously cheap due to coal power plants). It's about $0.10 (roughly) per kWh here. Each CFL is about $4 (versus $1 for an incandescent).
You paid about ten times as much for your CFLs as me, and your power cost about a third what mine costs, so your arithmetic seems to match mine.
Unrelated note, how do you line break on/.? Shift+Enter and Enter don't work
There effectively is. Last time I bought bulbs, the CFLs were about twice the price of incandescents and the energy savings were such that I saved that much in a month of use. Over their lifetime, there's a huge extra cost to use incandescents.
That still seems a bit expensive. I paid 30p for the last set of CFLs I bought, which at the exchange rate at the time was equivalent to about 50. The most expensive ones I bought were about a decade ago, and they were about £4, which was close to $8 then.
So why don't you move to the Democratic Republic of Congo or the People's Republic of China if you think names, rather than ideals, are that important?
Because we want to get the best people. If you look worldwide, the gender balance (to pick the one imbalance your post mentions) is a lot closer to 50:50 in some countries, in others it's even more skewed. This implies that there's nothing intrinsic about women that makes them genetically less likely to want to do engineering or scientific things, there's some other cultural or social pressure stopping most of them. If we're only recruiting from 10% of the female population that, absent these pressures, would have gone into these subjects, then we can hope that it's the best 10%, but that's not very likely.
Nah, that's not a real solution. Not when you've had gmail since it's inception.
And the longer you keep using it, the harder it is to switch. I don't personally know anyone who has lost their GMail account, but I do for other mail providers (and Facebook), either because the provider decided they had violated some nebulous terms of service, they decided to start charging and kept pushing the price up, or they went out of business. If you like the GMail interface, then get the Google Apps for your Domain thing, buy a domain and point the DNS at Google, and at least then you can always point it somewhere else if you and Google stop wanting to do business.
The other part of the shift to chip-and-pin was the liability. If a merchant accepts a transaction with the magnetic strip, and the customer disputes it, then the merchant is liable, not the bank.
Not necessarily. Most USB keyboards have firmware stored on a flash chip that has some spare capacity, and a lot have built-in USB hubs. There was at least one proof of concept for a keylogger that would record things to the on-board flash and then dump them to a specific USB device when it was inserted, then erase the on-board flash (rewriting the bit that contained some of the firmware) ready to start again.
The question that you should be asking is what happens if the browser is compromised. It doesn't matter if JavaScript is enabled, if some malware controlling your browser lets the attacker make arbitrary payments then your bank is doing it wrong. To pay anyone I've not paid before (and saved the credentials for) via Internet backing, my bank requires me to enter a code that they provide and the recipients account number and the amount in either a mobile phone app or a separate device, which then generates a code that I have to enter into the browser. If an attacker can compromise both my computer and my mobile device, then they can make arbitrary payments, but if they just compromise the browser they can't.
How often do you use fundamental quantum field theory stuff, like QED and QCD? They have some strong evidence cases too
I'm using the products of them right now to post on Slashdot, and I do whenever I use pretty much anything containing an IC.
And an API that makes the standard Java libraries seem clean, consistent, and concise.
Azul stopped chip development a few years ago. They found that the speed benefits in GC with their custom hardware were offset by the fact that everything else was slower than on a commodity x86 chip. They now primarily sell x86 systems, and do some insane stuff with the page tables to make the GC fast.
Yes, because once you've set up a set of incentives, it's very easy to find a set of people who will act contrary to those incentives...
I suspect that's a lot true now than it used to be. A decade ago, I would typically type on 3-4 computers a day, and now always the same set. I tried switching to Dvorak, and found it was great on my home desktop and on one other machine where I'd changed the keymap (and the keycaps - it was an old model M that let you pop off the keycaps and rearrange them), but it was painful switching to the other computers that I had to use that day, so eventually I gave up. Now, most days the only keyboard (discounting on-screen keyboards, which suck for motor memory anyway) I type on is my laptop. Now is probably a much better time to try innovative keyboard designs, because most people won't have to switch between them.
It's probably more interesting to integrate this kind of sandboxing directly with rtld, so that it can drop privileges and inject the shims itself.
If it's based on Linux, it already contains a huge amount of code contributed by the NSA.
The Chinese have just stopped doing this, because it is a terrible idea. It creates a set of incentives for the state to have as many people executed as possible, to guarantee a supply of replacement organs for the rulers.
seems we have the same rights not to ship them weapons,
And we're grateful when you do, it gives our local industry a boost. US arms export policy is a complex balancing act trying to ensure that other countries have enough US-made weapon systems that they won't invest too heavily in developing their own, while not allowing them the capacity to threaten the US. Something similar applies to other exports. There's nothing made in the USA that can't be made elsewhere, it's just sometimes cheaper or more convenient in the short term to buy from the US. Stop exports, and you'll just spur local industry.
If we want the death penalty to be a deterrent against crime
The technical name for this kind of argument is ex falso quodlibet. You start with a premise that is false, and from there you can infer anything, and it will be at least as true as your original axiom. It has been shown by numerous studies that the death penalty does not provide a deterrent, because few people who commit the kind of crime where it is applicable expect to be caught and rationally weighs the options (and the ones that do don't care what happens to them).
It doesn't work that way for maths either. For induction, you must find a case where it's okay to kill one person, and then an argument that if it's okay to kill n people then it's okay to kill n+1 people.
Right. I don't block ads, but I do block certain kinds of content, including Flash. This has a side effect of blocking a lot of ads, but I still see ads that are plain text or images.
Does Capsicum only work at the process level? I can't have a more privileged thread that is still uncontained (i.e. still able to perform a blocked syscall) while other threads are contained?
Yes. There's no point sandboxing a thread, because if you compromise one thread you can write over every other thread's memory, and trivially do ROP tricks to make another thread make the system calls on your behalf.
How do you envision codebases supporting Capsicum in a way that they leaves them still portable to platforms where Capsicum is not available? Is it going to be a case of #ifdefs all the way down?
The Capsicum APIs can mostly be #ifdef'd away. The things that restrict rights on a file descriptor and the cap_enter() syscall can just be turned into no-ops.
Would it be possible to make a sandbox program that uses Capsicum to in turn sandbox another (Capsicum-unaware) program that it goes on to run or is it likely going to be too restrictive for the second program?
I don't think I understand this question.
I paid 30p, which is actually closer to 50. I got them from the local supermarket.
Where do you live? I live in Texas (power is notoriously cheap due to coal power plants). It's about $0.10 (roughly) per kWh here. Each CFL is about $4 (versus $1 for an incandescent).
You paid about ten times as much for your CFLs as me, and your power cost about a third what mine costs, so your arithmetic seems to match mine.
Unrelated note, how do you line break on /.? Shift+Enter and Enter don't work
Paragraph tags (<p>).
There effectively is. Last time I bought bulbs, the CFLs were about twice the price of incandescents and the energy savings were such that I saved that much in a month of use. Over their lifetime, there's a huge extra cost to use incandescents.
That still seems a bit expensive. I paid 30p for the last set of CFLs I bought, which at the exchange rate at the time was equivalent to about 50. The most expensive ones I bought were about a decade ago, and they were about £4, which was close to $8 then.
So why don't you move to the Democratic Republic of Congo or the People's Republic of China if you think names, rather than ideals, are that important?
The decision not to make ISPs common carriers predates Obama, and even Bush...
Yes, no one ever talked about The Java Trap as a problem Free Software...
Because we want to get the best people. If you look worldwide, the gender balance (to pick the one imbalance your post mentions) is a lot closer to 50:50 in some countries, in others it's even more skewed. This implies that there's nothing intrinsic about women that makes them genetically less likely to want to do engineering or scientific things, there's some other cultural or social pressure stopping most of them. If we're only recruiting from 10% of the female population that, absent these pressures, would have gone into these subjects, then we can hope that it's the best 10%, but that's not very likely.
Nah, that's not a real solution. Not when you've had gmail since it's inception.
And the longer you keep using it, the harder it is to switch. I don't personally know anyone who has lost their GMail account, but I do for other mail providers (and Facebook), either because the provider decided they had violated some nebulous terms of service, they decided to start charging and kept pushing the price up, or they went out of business. If you like the GMail interface, then get the Google Apps for your Domain thing, buy a domain and point the DNS at Google, and at least then you can always point it somewhere else if you and Google stop wanting to do business.
The other part of the shift to chip-and-pin was the liability. If a merchant accepts a transaction with the magnetic strip, and the customer disputes it, then the merchant is liable, not the bank.
Not necessarily. Most USB keyboards have firmware stored on a flash chip that has some spare capacity, and a lot have built-in USB hubs. There was at least one proof of concept for a keylogger that would record things to the on-board flash and then dump them to a specific USB device when it was inserted, then erase the on-board flash (rewriting the bit that contained some of the firmware) ready to start again.
The question that you should be asking is what happens if the browser is compromised. It doesn't matter if JavaScript is enabled, if some malware controlling your browser lets the attacker make arbitrary payments then your bank is doing it wrong. To pay anyone I've not paid before (and saved the credentials for) via Internet backing, my bank requires me to enter a code that they provide and the recipients account number and the amount in either a mobile phone app or a separate device, which then generates a code that I have to enter into the browser. If an attacker can compromise both my computer and my mobile device, then they can make arbitrary payments, but if they just compromise the browser they can't.