Security is the result of multiple layers of security. This is one that's very weak, very unreliable, and hasn't really been the case for quite some time. I agree with all of this.
But, if I'm running www.ebay.com, and someone is able to log in as an unprivileged user and kill apache, I don't want them to be able to start their own web server on port 80. The restriction on ports forces them to break root if they want to do it.
It is valuable. It is not very valuable, but it has value as one additional requirement that is placed on an attacker.
Well, I'm explaining the historical context in which points under 1024 are privileged. That restriction makes a lot more sense still than a lot of other things which have persisted (like identd)
Remote hosts shouldn't be 'trusted' in the authentication sense, but my statement was the port restriction allows you to infer that services listening on ports 1024 were started by someone who has privilege on the machine --- that's very different from stating that they should gain any privilege on your hosts or network.
There is a very important distinction here. I am asserting that the port restriction allows you to know that services on remote hosts were created by someone with privilege on the system -- I am NOT asserting that it allows for any trust of the remote machine or of the administrators of the remote machine. To appreciate this, you need to think of the machines that have non-administrator users -- say, people who buy a shell account at shellserver.isp.com. You don't want them starting their own SMTP server on port 25 and accepting mail on behalf of that machine, do you?
The reason you don't let users bind to ports <1024 is that many of the privileged ports offer significant authentication mechanisms, and you want to indicate that their daemons are running with privilege.
For instance - let's say I had a shell account and used telnet to log into it. My host isn't running sshd. If the sshd port weren't privileged, I could start running sshd as my user, and happily capture all attempted passwords and then use them later to steal privileges of any user that 'tried' to log in via ssh.
Similarly, if I connect to http://host.university.edu/ I'm under the impression that I'm connecting to a service ran by host.university.edu - not some random user who happened to grab port 80.
But when there is misrepresentation, the buyer is not 'rewarded' for it - the sale becomes void.
If some guy I meet on the street sells me the Brooklyn Bridge, and I proceed to erect a toll booth, can I defend against those who say that I cannot put my toll booth there by saying that the seller misrepresented his ownership of the bridge to me?
The owners of the copyrighted material have a claim against anyone who is using their work in a means against the license. Wikia's belief that they are acting in good-faith is good at preventing punitive damages, but actual damages (the profit they make) could be awarded, and of course an injunction to stop violating the license would be awarded.
Wikia, in turn, can pursue civil action against the person who 'sold' them what they didn't own.
Jeff Bezos can afford to lose the amount of money lost in those few days personally, and not have to feel it. The hypothetical local ma and pop store cannot.
Why doesn't that matter to you? Corporations like Amazon have gotten very, very rich - and lots of local business have had to fold because of it.
Did you notice that you're now running a userspace regulatory daemon to ensure you don't do anything with your device that Intel and/or the FCC don't want you to do?
Do you know what that daemon does, exactly? Does it have any security holes? Are you sure? Can you port it to other operating systems?
The 3945 is a terrible example of support, it's unacceptable for many of us (I'm not running Linux, for instance) and Intel deserves criticism over it, not support. In this case, it's far, far more than simply the firmware being closed (open firmware? neat for hardware hacking, but otherwise useless to me. I care far more about the drivers being open, and in all too many cases, they aren't...)
I don't think it ever makes sense to use cat with one file - something I have seen far too many people do. To do so, logically, is to tell the commands to run through the file twice.
First you are telling cat to output the entire file, and then you are telling grep to go through the entire output of cat. If you're working with gigabytes of data here, that can quickly be a frustrating exercise! Folks who are in the mentality of using cut | grep and even a visual editor like vi instead of sed are up the creek when they find themselves needing to manipulate and get portions of very large data sets.
Warm bodies tend to emit some sort of electromagnetic radiation - infrared is a common one associated with heated things. But it's only a very small amount of work that happens this way - which should be obvious, if you've ever thought about why a Thermos works.
To get noticable power from hot things in general, you'd have to do more than capture the infrared. You'd have to take advantage of the motion of the molecules.
Funny, I was just thinking that one of the nice things about AJAX was the ability to keep the back button behaving as users expect.
An example (roughly inspired by a recent project I was working on):
Say a user has a bunch of search results, and for each result they can navigate to a page where they can modify fiddle with things and push a lot of buttons and submit a few forms to change the data. Most users, myself included, would still want 'back' to take them to the search results, not to an earlier form.
And of course, I should point out that it's also not an option to render a page where you've handled the POST data, because users tend to reload and hit back and most folks don't understand the 'this page contains POSTDATA...' warning that browsers (thankfully) give. So before, to keep the navigation and to a lesser extent specifically the back button working sanely on a form-heavy site, it required juggling redirects and response codes to bring the user back to where they wanted.
In my recent, javascript-heavy application, the form submissions were all handled by javascript, so the back button always took you back to the last full page you viewed. Broken back button? Not here...
Knowing the folks at the robotics institute it'll be about 2 years before we see the army testing out a prototype robot that balances on a ball.... and then uses the ball to crush infantry while launching missiles.
CMU has a lot of great projects like that. Gladiator, Crusher... I know that most individual robot builders mean well, and I have friends who are anti-war at the RI, but seriously, look at who is actually demanding this technology and where it's being used. It's not being used to house the poor.
Degrades performance? Is there a technical argument and/or cite for that?
It would seem the worst-case performance hit for an implementaton of the @ operator's behavior would be to push the value of the internal error_reporting variable to the stack, set the internal variable to 0, run the function, pop and restore. Granted, I'm thinking like an assembly programmer here (bad habit when dealing with high level languages like PHP, I'm sure) but I can't imagine it would take PHP's interpreter more than a couple dozen cycles to accomoplish the task. A performance hit, especially if you're doing it repeatedly? You bet. A performance hit that would cause me to say it "degrades performance drastically?" No way.
I would smack anyone I saw use the @ operator, because it is very bad programming style and it would make someone who was trying to turn on errors to debug code later go bonkers. I agree completely that '@' should not be used, but I have a hard time believing that performance is a real reason why.
(I am currently a professional PHP programmer, FWIW. Feel pity for me! And/or offer me a job programming in C or assembly!)
Big Brother might not be watching, but Google sure is.
And "Big Brother" -- say, the NSA, is most probably watching Google. I mean, assuming that anyone at NSA has any clue at all, don't you think they know as much as Google does?
You want to install a network tap that gets the most interesting data and is easily analyzed? Install taps on google's uplink providers--- assuming the lower tech solution s(getting someone at google to give you access to the data, getting an inside person at google, rooting google's machines, etc. etc.) don't work, you're still golden. Your google searches are plaintext...
Does google really need any MORE information about you and your website?
I'm sorry, but I'm creeped out by the amount of data google already has on everyone, I don't need to let them watch who is visiting what on my websites as well.
I know plenty of software engineering folks- that is, folks that are pushing hard for the acceptance of software development- as a full fledged branch of engineering- who would cringe at your definition of the word "prove" with regards to software engineering. Proving code is a relatively hot research topic in software engineering precisely because it's something that is rarely done and difficult to do. It's not typically done in industry.
Our math friend was right to say that arguments that your code works do not constitute a proof. What needs to be pointed out, however, is that it's not currently cost effective in the industry for most programs to actually be proved.
"The unlawful detention of "enemy combatants" ": We follow the requirements of treaties regulating POWs, etc. These enemy combatants didn't follow the rules of war - hence no protection. Even the UN isn't complaining!
If they are not POWs, then they are protected persons under the fourth geneva convention and if they're breaking the law (by murdering, etc.) then they are to be tried by the occupied country, and are given numerous protections from the occupied power: namely, the occupied power cannot transfer them out of the occupied country.
There is no legal backing or precedent for treating people as this mysterious "enemy combatant" category, a classification that affords people neither the protection of the 4th geneva convention nor the protections of POW status.
As a student at Carnegie Mellon who has discovered the extent of his school's ties to development (had I known prior... and no, CMU is not unique in this regard, the problem is everywhere) of military products and has since spoken out against them a few times, thank you for realizing that this DARPA stuff isn't all it's cracked up to be.
I'm perhaps one of four people (an exaggeration, I hope) on my campus that isn't gung-ho about helping the DOD build driverless vehicles, and it's lonely at times.
Whatever moderator marked this down as off-topic was clearly just trying to limit the scope of discussion in the same way that DARPA and military contractors are trying to limit the scope of their moral and ethical liability.
I've never heard that listed as a definition for Internet. The term was coined I believe by Vint Cerf, and he was using it to refer to a network of networks: internetworking.
It's inter-network as opposed to intra-network. The prefix "inter" has nothing to do with nations.
An acquittal -- honestly the most likely outcome -- would mean chaos, with officially-legal home taping;
I don't know what crazy legal world you live in, but sign me up. Last I checked a law didn't become invalid when someone was acquitted of charges brought against it.
In order to have legal precedent that the law itself is invalid or does not apply in a particular case, you need an appellate court to specifically rule just that (e.g. the court might actually say 'format shifting is fair use') and you'll never reach an apellate court if the defendant was acquitted.
But, hey, I like it your way better --- there hare been people who have been acquitted on all sorts of fun charges.
Slashdot Mirror
Security is the result of multiple layers of security. This is one that's very weak, very unreliable, and hasn't really been the case for quite some time. I agree with all of this.
But, if I'm running www.ebay.com, and someone is able to log in as an unprivileged user and kill apache, I don't want them to be able to start their own web server on port 80. The restriction on ports forces them to break root if they want to do it.
It is valuable. It is not very valuable, but it has value as one additional requirement that is placed on an attacker.
Well, I'm explaining the historical context in which points under 1024 are privileged. That restriction makes a lot more sense still than a lot of other things which have persisted (like identd)
Remote hosts shouldn't be 'trusted' in the authentication sense, but my statement was the port restriction allows you to infer that services listening on ports 1024 were started by someone who has privilege on the machine --- that's very different from stating that they should gain any privilege on your hosts or network.
There is a very important distinction here. I am asserting that the port restriction allows you to know that services on remote hosts were created by someone with privilege on the system -- I am NOT asserting that it allows for any trust of the remote machine or of the administrators of the remote machine. To appreciate this, you need to think of the machines that have non-administrator users -- say, people who buy a shell account at shellserver.isp.com. You don't want them starting their own SMTP server on port 25 and accepting mail on behalf of that machine, do you?
Actually, you don't need anything that fancy - the daemon can just drop root for each connection.
My apache threads run as user apache, not as user root.
Daniel
The reason you don't let users bind to ports <1024 is that many of the privileged ports offer significant authentication mechanisms, and you want to indicate that their daemons are running with privilege.
For instance - let's say I had a shell account and used telnet to log into it. My host isn't running sshd. If the sshd port weren't privileged, I could start running sshd as my user, and happily capture all attempted passwords and then use them later to steal privileges of any user that 'tried' to log in via ssh.
Similarly, if I connect to http://host.university.edu/ I'm under the impression that I'm connecting to a service ran by host.university.edu - not some random user who happened to grab port 80.
But when there is misrepresentation, the buyer is not 'rewarded' for it - the sale becomes void.
If some guy I meet on the street sells me the Brooklyn Bridge, and I proceed to erect a toll booth, can I defend against those who say that I cannot put my toll booth there by saying that the seller misrepresented his ownership of the bridge to me?
The owners of the copyrighted material have a claim against anyone who is using their work in a means against the license. Wikia's belief that they are acting in good-faith is good at preventing punitive damages, but actual damages (the profit they make) could be awarded, and of course an injunction to stop violating the license would be awarded.
Wikia, in turn, can pursue civil action against the person who 'sold' them what they didn't own.
I take it you've never set up printing with lpd?
I recently made the switch from lpr to cups, and man, a world of difference.
Jeff Bezos can afford to lose the amount of money lost in those few days personally, and not have to feel it. The hypothetical local ma and pop store cannot.
Why doesn't that matter to you? Corporations like Amazon have gotten very, very rich - and lots of local business have had to fold because of it.
If only ideas were evaluated on their merit, rather than based on the amount of money people can throw towards them.
"Market forces" don't guarantee smart outcomes, especially given that smart isn't correlated with wealthy.
Do you know what that daemon does, exactly? Does it have any security holes? Are you sure? Can you port it to other operating systems?
The 3945 is a terrible example of support, it's unacceptable for many of us (I'm not running Linux, for instance) and Intel deserves criticism over it, not support. In this case, it's far, far more than simply the firmware being closed (open firmware? neat for hardware hacking, but otherwise useless to me. I care far more about the drivers being open, and in all too many cases, they aren't...)
I don't think it ever makes sense to use cat with one file - something I have seen far too many people do. To do so, logically, is to tell the commands to run through the file twice.
First you are telling cat to output the entire file, and then you are telling grep to go through the entire output of cat. If you're working with gigabytes of data here, that can quickly be a frustrating exercise! Folks who are in the mentality of using cut | grep and even a visual editor like vi instead of sed are up the creek when they find themselves needing to manipulate and get portions of very large data sets.
Warm bodies tend to emit some sort of electromagnetic radiation - infrared is a common one associated with heated things. But it's only a very small amount of work that happens this way - which should be obvious, if you've ever thought about why a Thermos works.
To get noticable power from hot things in general, you'd have to do more than capture the infrared. You'd have to take advantage of the motion of the molecules.
Funny, I was just thinking that one of the nice things about AJAX was the ability to keep the back button behaving as users expect.
An example (roughly inspired by a recent project I was working on):
Say a user has a bunch of search results, and for each result they can navigate to a page where they can modify fiddle with things and push a lot of buttons and submit a few forms to change the data. Most users, myself included, would still want 'back' to take them to the search results, not to an earlier form.
And of course, I should point out that it's also not an option to render a page where you've handled the POST data, because users tend to reload and hit back and most folks don't understand the 'this page contains POSTDATA...' warning that browsers (thankfully) give. So before, to keep the navigation and to a lesser extent specifically the back button working sanely on a form-heavy site, it required juggling redirects and response codes to bring the user back to where they wanted.
In my recent, javascript-heavy application, the form submissions were all handled by javascript, so the back button always took you back to the last full page you viewed. Broken back button? Not here...
Knowing the folks at the robotics institute it'll be about 2 years before we see the army testing out a prototype robot that balances on a ball .... and then uses the ball to crush infantry while launching missiles.
CMU has a lot of great projects like that. Gladiator, Crusher... I know that most individual robot builders mean well, and I have friends who are anti-war at the RI, but seriously, look at who is actually demanding this technology and where it's being used. It's not being used to house the poor.
Degrades performance? Is there a technical argument and/or cite for that?
It would seem the worst-case performance hit for an implementaton of the @ operator's behavior would be to push the value of the internal error_reporting variable to the stack, set the internal variable to 0, run the function, pop and restore. Granted, I'm thinking like an assembly programmer here (bad habit when dealing with high level languages like PHP, I'm sure) but I can't imagine it would take PHP's interpreter more than a couple dozen cycles to accomoplish the task. A performance hit, especially if you're doing it repeatedly? You bet. A performance hit that would cause me to say it "degrades performance drastically?" No way.
I would smack anyone I saw use the @ operator, because it is very bad programming style and it would make someone who was trying to turn on errors to debug code later go bonkers. I agree completely that '@' should not be used, but I have a hard time believing that performance is a real reason why.
(I am currently a professional PHP programmer, FWIW. Feel pity for me! And/or offer me a job programming in C or assembly!)
And "Big Brother" -- say, the NSA, is most probably watching Google. I mean, assuming that anyone at NSA has any clue at all, don't you think they know as much as Google does?
You want to install a network tap that gets the most interesting data and is easily analyzed? Install taps on google's uplink providers--- assuming the lower tech solution s(getting someone at google to give you access to the data, getting an inside person at google, rooting google's machines, etc. etc.) don't work, you're still golden. Your google searches are plaintext...
Everyone who buys a computer and gets it bundled.
Or have you not figured out Microsoft's business model by now?
Does google really need any MORE information about you and your website?
I'm sorry, but I'm creeped out by the amount of data google already has on everyone, I don't need to let them watch who is visiting what on my websites as well.
The FIRST three books?
I surely hope by the time someone has become a Linux user, they've read way more than three books. I started with Dr. Seuss.
Yes, it sucks. And yes, it's better than par for the course.
Our math friend was right to say that arguments that your code works do not constitute a proof. What needs to be pointed out, however, is that it's not currently cost effective in the industry for most programs to actually be proved.
If they are not POWs, then they are protected persons under the fourth geneva convention and if they're breaking the law (by murdering, etc.) then they are to be tried by the occupied country, and are given numerous protections from the occupied power: namely, the occupied power cannot transfer them out of the occupied country.
There is no legal backing or precedent for treating people as this mysterious "enemy combatant" category, a classification that affords people neither the protection of the 4th geneva convention nor the protections of POW status.
They're not inner at all, they're outer: they're designed to be used with others. I do believe this is an important distinction...
As a student at Carnegie Mellon who has discovered the extent of his school's ties to development (had I known prior... and no, CMU is not unique in this regard, the problem is everywhere) of military products and has since spoken out against them a few times, thank you for realizing that this DARPA stuff isn't all it's cracked up to be.
I'm perhaps one of four people (an exaggeration, I hope) on my campus that isn't gung-ho about helping the DOD build driverless vehicles, and it's lonely at times.
Whatever moderator marked this down as off-topic was clearly just trying to limit the scope of discussion in the same way that DARPA and military contractors are trying to limit the scope of their moral and ethical liability.
I've never heard that listed as a definition for Internet. The term was coined I believe by Vint Cerf, and he was using it to refer to a network of networks: internetworking.
It's inter-network as opposed to intra-network. The prefix "inter" has nothing to do with nations.
I don't know what crazy legal world you live in, but sign me up. Last I checked a law didn't become invalid when someone was acquitted of charges brought against it.
In order to have legal precedent that the law itself is invalid or does not apply in a particular case, you need an appellate court to specifically rule just that (e.g. the court might actually say 'format shifting is fair use') and you'll never reach an apellate court if the defendant was acquitted.
But, hey, I like it your way better --- there hare been people who have been acquitted on all sorts of fun charges.