All reputable scientific journals have a peer review system wherin the research to be published must first be scrutinized by other experts in the field. I don't see why free access to research publications would change this.
The review system requires some work to administer (even when the reviewing itself is on a volunteer basis). People may worry that without exclusive distribution rights, publishers may not be able to raise the money to support such systems.
I don't know enough about the expenses here to say whether that's a real problem. The benefits of freer licensing are potentially so enormous I'd hope there's some way to do it without compromising the review process. (The full literature available anywhere on the internet, with full-text searching? Less hassle to teachers assembling compilations for courses? Etc., etc....)
The service entered commercial use earlier this year and provides a 5 megabits per second shared downstream and 1 mbps shared upstream connection to suitably equipped aircraft. You'll be able to view up to four channels of live TV over your laptop.
5 megabits downstream and 1mbps upstream, and we get.... TV?
So you look at every line of code for each client application you run to verfiy that you are safe and dont need to be paranoid?
And with each update you go through each line and verfiy that its safe?
I haven't read the proof of Fermat's last theorem. Nevertheless, I think it's probably true, because:
I know that all the details are available for anyone to examine.
I know that very smart people have given the proof careful critical readings.
Every time I've personally read the proof of a mathematical result that has stood such tests, I've found it to be sound.
For similar reasons, I also believe that the structure of DNA is what my chemistry teachers told me it is, even though I haven't personally performed the necessary experiments.
*Most* of the things I'm asked to believe on a daily basis are things I've never personally verified. I decide how much faith I should have in them partly by thinking about the processes by which they were arrived at.
Not that I have *that* much faith in the process that produces bittorrent. But still, it's important to realize that there are ways you can get assurances from the open source process without personally verifying every line.
I wonder now, if after hearing "The meaning of life is 42." a million times I'll think it's still funny when reading the books.
It's not a lot more than a long series of one-liners, but I still think it's very funny. (Though the "42" thing is one of the few that never struck me as that funny, and I'm mystified as to why it gets repeated so much.)
So even when an author says "I didn't mean to represent X as Y", it doesn't make it any less true that X is represented as Y
I disagree. Witness:
The author of parent represents writing, in particular that of Ursula K. LeGuin, as a russian space opera in which elephants control an interstellar parliament whose primary concern is the equitable distribution of custard.
The original poster didn't say that all readings of a work are created equal. Some obviously make no sense.
Nevertheless, it is sometimes the case that a reader interprets a work in a way that the original author didn't intend (and might not even agree with), but that is nevertheless insightful.
You do have some alternate paths to getting a job besides the classic recruiter campus inteview, I won't deny that. But as the job market gets tighter, even with those alternatives, you'll *still* have to explain away a low GPA + a major-field F, and your alternative connection will have to get that past the personnel department.
In fact, everything I've been told is that the "alternate paths" are by far the most common route, and that the personnel department are among the last people in the company that many succesful candidates meet. Certainly that's been my experience and the experience of most people I know.
I won't say it makes things impossible, just harder. Of course after a while, flunking DJB's class will become "legend" and then a F there will be a plus for getting a job, let alone a passing grade.
Yeah, well, a good slashdot headline can't hurt there. I wonder if we'll get a followup on what happened to them?
Well, here's another data point. I have been asked for related coursework and grades in job interviews.
So, did you get those particular jobs? I ask just because the conventional wisdom is that most jobs are gotten through contacts, and that any formalities (interviews, resumes, etc.) don't happen till after qualifications have been determined by more informal means. That's not to say all jobs get filled that way, but a lot seem to.
When you're young and poor, knowledge is gold; this changes when you have to pay for the roof over your head.
I actually don't understand that sentence; could you explain? The roof over my head is owed to my skills. If anything, I'd have thought that those old school transcripts matter less the further along you get....
Yes, Mr. Recruiter. I got an F in a course in my chosen major, but it was in an *impossible* course. Actually, between the presence of that F in the major field, and what it did to his GPA, he probably won't even get to see the recruiters he most wanted to see. He would have been weeded out before then.
Someone who's only talking to recruiters is narrowing their job options a lot anyway. Lots of places don't have recruiters. For those that do that's unlikely to be the only way in. A job seeker is better off finding someone who actually works in the field they're interested in and either has the power to hire them or knows who does. To such a person, someone who has actually publicly demonstrated their abilities may appear in many ways to be a safer bet than someone with a high GPA. Of course, the ideal is to make sure such people already know who you are, and finding a few high profile security holes might be one way to accomplish that.
After years of school people can get so focused on grades on degrees and qualifications that they forget that the whole point of the exercise is to learn how to do stuff. Some people can just figure out what they need as they go, and they don't even really need school. The rest of us need a few years of studying, and the grades help monitor our progress and can be a part of helping potential employers decide whether we're worth their investment. But it's easy to forget that all that is just a means to an end--all that matters in the end is whether you can do the work.
Perhaps if you didn't idolize him as much, you might realize the practical consequences of a failing grade for your GPA, and potential employment future.
No employer has ever asked me for my GPA. If you're applying for graduate school, or you're right out of college and papering the world with resumes then your GPA may matter. Otherwise, who's going to care?
OK, maybe DJB is being a jerk here (or maybe he actually isn't failing the whole class, we don't know that yet). Despite that, I personally would happily take an F for the chance to take a more interesting class and pick up some useful skills.... Nailing a couple really good security holes like that could be a nice plus on the resume--if I were an employer looking for a security person I'd certainly weigh it heavily. More importantly, if you follow up on those couple bugs then other programmers will get to know your work, and those are potentially great contacts. And in any case, having the skills to really perform at your job will in the long term matter a lot more than your GPA.
There were 44 bugs total. There were 25 people in the class. I'd go so far as to say with a fair amount of certainty that no more than 4 people found the required 10 bugs.
Right. And I'm arguing that more likely what happened was that a few hundred bugs were found, and only 44 were good enough (and came with bug reports good enough) to actually report.
I've turned in lots of homework that was good enough to get an A or a B, but that wasn't good enough to actually, say, publish. Probably the same happened here.
Now that's a tough assignment. 44 holes found is an average of less than two a person -- it's possible the *entire* class failed, not just most. At best, probably one person completed the assignment.
No, more likely it was something like this: not everybody finished, and a few people (there's often one or two) just flaked completely. So say the average number of security holes found was 8. Now you have to determine whether they're good enough to actually pass on to the developers. Some of them will turn out, on closer examination, to be wrong, even though they may represent some good thinking on the students' part. Some will be dupes. Some will be real exploits, but very poorly written, and as a busy professor faced with 200 of these things, you can't afford to spend a month doing nothing but rewriting bug reports.
I wouldn't be at all suprised if on average, of those 8 exploits, only a couple are ready to pass on to developers. That doesn't mean a failing grade.
Someone that did a decent job would get their work actually commented on and used by a bunch of other people. I think that'd be quite rewarding. Sounds like a fun class to me....
There are so many differences between pkgsrc and RPM is isn't even funny. They're in completely different domains. I realize you have a very low userid, but that doesn't stop you from sounding like a "me too" drone when you bring up RPM. It's like those schmucks claiming a minimalist window manager as the equivalent of a complete desktop.
OK, I've read the pkgsrc web page now and admit I was confused. I'd assumed it was yet another rpm or dpkg. But it looks like the better analogy would be to something like a ports collection or an apt archive?
US is currently preparing for a completely different thing - a more or less massive roll-out of red-light cameras (the thing where you get you car's photograph in the mail and a red-light ticket). As a preparation for this measure, stop lights are adjusted (most of the time the duration of yellow is simply reduced) in order to increase you chances of running red light, thus increasing the profit generated by red-light tickets.
Do you have any evidence for that statement? There are accepted rules for setting the duration of the yellow light. I can't see any traffic engineer I've ever met agreeing to such a hairbrained scheme....
I ride a supersport Yamaha YZF-R6. Weighs about 410 wet and I have problems triggering many stop lights, so much so that I have areas I don't ride when traffic is light because they never turn green for me.
As noted further up in the comments, there are generally ways you can position yourself so that you'll trip the signal, even with just a bicycle. There are usually visible cuts in the pavement where the sensor lives which you can use to figure out the right position. Google around and you should be able to find some discussion of the various sensor shapes.
Not much use when you're travelling, but when you're around home, at least, you should also complain to your local traffic engineers, who may be able to help; and by complaining you'll help out other motor- and bi- cyclists.
There's one redlight back at my alma mater that doesn't turn unless you trip the sensor; it was either run it, or wait half an hour for a car to show up.
A light along my regular commute had the same problem. I emailed the city's signs & signals department. After a few exchanges, they actually sent some people out to check the adjustment and mark with spraypaint the place where I should place my bike to trip the sensor.
As it turns out, they got it wrong--I eventually figured out I needed to be in a different position.
But the point is that it's worth being persistent--people may be willing to help, and there is probably some reasonable solution.
Berkeley has a fine school and all, but don't you think that it's liberal reputation (deserved or not) might provide the argument that the research is partisan?
The liberal reputation may well be deserved. So what? If the only people allowed to do research on questions of political import are people with no political opinions whatsoever, well, that's not going to leave us with many qualified researchers.
The linked-to paper tells exactly where they got all their data and how they analyzed it; I don't see any reason you couldn't reproduce every step if you wanted to. They've done their homework; now if you're skeptical (as I think you should be--I am too!) you need to do yours. If the liberal reputation is what motivates you to take a closer look, fine, but now you need to dig into the research and figure out what's actually wrong with it. I'm sure you understand this, but just to make it completely clear--"they're probably liberals" isn't in itself a meaningful argument.
Sure, but what about a Point-of-Sale system in a store or resturant. Things like that. Now every job is a "knowledge worker" job.
Do Point-of-Sale systems never have internet connections? I'd think there'd be a lot of advantages (simple connection to backend databases, etc.). And most of them already run something like a real OS these days, don't they? At which point I suspect you've reached a level of complexity that, alas, probably requires the occasional security patch.
>... then you don't need any security updates. > Really. Lots of business desktops don't need > full Internet access.
They want to print, at least. Maybe the want to share files with someone down the hall. At that point the easiest thing to do is put them on a real IP network, but behind a firewall. Now they're vulnerable to any compromised machine on the same network, possibly including a laptop that someone also uses on other networks when they travel.... Oh, and if they also want to run a browser or a mail client then they're obviously vulnerable to all sorts of attacks. It's not just services that are vulnerable!
Isn't it sad that a post that is so totally wrong as the grandparent, can get modded +2 on slashdot? lol
When an incorrect post gets modded up, that's a sign that the misconception held by the poster is a commonly held one. Modding it up has the effect of bringing it to people's attention and making it more likely that a correction will be posted and modded up.
So, while I sometimes do wish there was an "incorrect" mod (or sometimes maybe "insufficient supporting evidence provided..."), I'm not sure that in practice it would work any better than the current situation.
Also, you might want to take a look at alien.
A Debian box can deal with suitable RPM's. And isn't one of the participating distributions listed in the submission debian-based? (Progeny?)
That most of science does not agree with the church is entirely because the church's claims are supported by little to no evidence.
In fairness, this depends on what you mean by "the church". These days any reasonable church recognizes that it is their job to inspire, to seek justice and compassion, etc., not, for example, to attempt to determine the exact age of the earth by calculations from biblical family trees.
One of the sources of our current problem is that discussions of religion in the United States are so dominated by the fundamentalist fringe.
While not a Christian myself, I recognize that Christianity has a lot to value in it, and it distresses me to see kids being brought up to believe that the only way to stay true to their principles is to swallow this sort of pseudo-science.
i think this is true for cable already. and if you have dsl, you are by necessity paying the telephone line tax anyway.
I assume this only applies in the case of DSL that shares an existing phone line, right? I'm just going on my vague memory that when I had DSL going over a separate line, I don't think the usual phone taxes being were on the DSL bill. Could be they just didn't bother to break them out, but I doubt it.
Naturally, a centralized government has many times more potential for abuse than decentralized government. That's not to say that local and state governments can't be abused, just that there is an upper limit on abuse.
Eh, I don't know. The central government is also subject to more oversight.... There are more congresspeople, journalists, and random concerned citicizens watching the FCC than there are watching the local school board.
It's the many eyeballs make all bugs shallow theory. And may also explain why you hear more about federal government corruption than you do about corruption in your city government. It's probably *not* because your city government is any better. And city governments (taken as a whole) *do* have a comparable ability to screw things up....
Slashdot Mirror
The review system requires some work to administer (even when the reviewing itself is on a volunteer basis). People may worry that without exclusive distribution rights, publishers may not be able to raise the money to support such systems.
I don't know enough about the expenses here to say whether that's a real problem. The benefits of freer licensing are potentially so enormous I'd hope there's some way to do it without compromising the review process. (The full literature available anywhere on the internet, with full-text searching? Less hassle to teachers assembling compilations for courses? Etc., etc....)
--b.
5 megabits downstream and 1mbps upstream, and we get.... TV?
Great.
--Bruce Fields
I haven't read the proof of Fermat's last theorem. Nevertheless, I think it's probably true, because:
For similar reasons, I also believe that the structure of DNA is what my chemistry teachers told me it is, even though I haven't personally performed the necessary experiments.
*Most* of the things I'm asked to believe on a daily basis are things I've never personally verified. I decide how much faith I should have in them partly by thinking about the processes by which they were arrived at.
Not that I have *that* much faith in the process that produces bittorrent. But still, it's important to realize that there are ways you can get assurances from the open source process without personally verifying every line.
--Bruce Fields
It's not a lot more than a long series of one-liners, but I still think it's very funny. (Though the "42" thing is one of the few that never struck me as that funny, and I'm mystified as to why it gets repeated so much.)
--Bruce Fields
The original poster didn't say that all readings of a work are created equal. Some obviously make no sense.
Nevertheless, it is sometimes the case that a reader interprets a work in a way that the original author didn't intend (and might not even agree with), but that is nevertheless insightful.
--Bruce Fields
In fact, everything I've been told is that the "alternate paths" are by far the most common route, and that the personnel department are among the last people in the company that many succesful candidates meet. Certainly that's been my experience and the experience of most people I know.
Yeah, well, a good slashdot headline can't hurt there. I wonder if we'll get a followup on what happened to them?
--Bruce Fields
So, did you get those particular jobs? I ask just because the conventional wisdom is that most jobs are gotten through contacts, and that any formalities (interviews, resumes, etc.) don't happen till after qualifications have been determined by more informal means. That's not to say all jobs get filled that way, but a lot seem to.
I actually don't understand that sentence; could you explain? The roof over my head is owed to my skills. If anything, I'd have thought that those old school transcripts matter less the further along you get....
--Bruce Fields
Someone who's only talking to recruiters is narrowing their job options a lot anyway. Lots of places don't have recruiters. For those that do that's unlikely to be the only way in. A job seeker is better off finding someone who actually works in the field they're interested in and either has the power to hire them or knows who does. To such a person, someone who has actually publicly demonstrated their abilities may appear in many ways to be a safer bet than someone with a high GPA. Of course, the ideal is to make sure such people already know who you are, and finding a few high profile security holes might be one way to accomplish that.
After years of school people can get so focused on grades on degrees and qualifications that they forget that the whole point of the exercise is to learn how to do stuff. Some people can just figure out what they need as they go, and they don't even really need school. The rest of us need a few years of studying, and the grades help monitor our progress and can be a part of helping potential employers decide whether we're worth their investment. But it's easy to forget that all that is just a means to an end--all that matters in the end is whether you can do the work.
--Bruce Fields
No employer has ever asked me for my GPA. If you're applying for graduate school, or you're right out of college and papering the world with resumes then your GPA may matter. Otherwise, who's going to care?
OK, maybe DJB is being a jerk here (or maybe he actually isn't failing the whole class, we don't know that yet). Despite that, I personally would happily take an F for the chance to take a more interesting class and pick up some useful skills.... Nailing a couple really good security holes like that could be a nice plus on the resume--if I were an employer looking for a security person I'd certainly weigh it heavily. More importantly, if you follow up on those couple bugs then other programmers will get to know your work, and those are potentially great contacts. And in any case, having the skills to really perform at your job will in the long term matter a lot more than your GPA.
--Bruce Fields
Right. And I'm arguing that more likely what happened was that a few hundred bugs were found, and only 44 were good enough (and came with bug reports good enough) to actually report.
I've turned in lots of homework that was good enough to get an A or a B, but that wasn't good enough to actually, say, publish. Probably the same happened here.
--Bruce Fields
No, more likely it was something like this: not everybody finished, and a few people (there's often one or two) just flaked completely. So say the average number of security holes found was 8. Now you have to determine whether they're good enough to actually pass on to the developers. Some of them will turn out, on closer examination, to be wrong, even though they may represent some good thinking on the students' part. Some will be dupes. Some will be real exploits, but very poorly written, and as a busy professor faced with 200 of these things, you can't afford to spend a month doing nothing but rewriting bug reports.
I wouldn't be at all suprised if on average, of those 8 exploits, only a couple are ready to pass on to developers. That doesn't mean a failing grade.
Someone that did a decent job would get their work actually commented on and used by a bunch of other people. I think that'd be quite rewarding. Sounds like a fun class to me....
--Bruce Fields
OK, I've read the pkgsrc web page now and admit I was confused. I'd assumed it was yet another rpm or dpkg. But it looks like the better analogy would be to something like a ports collection or an apt archive?
--Bruce Fields
(PS: 5-digit uid's are "very low" now? Weird.)
Really?
You might want to take a look at http://www.rpm.org/platforms/.
--Bruce Fields
Do you have any evidence for that statement? There are accepted rules for setting the duration of the yellow light. I can't see any traffic engineer I've ever met agreeing to such a hairbrained scheme....
As noted further up in the comments, there are generally ways you can position yourself so that you'll trip the signal, even with just a bicycle. There are usually visible cuts in the pavement where the sensor lives which you can use to figure out the right position. Google around and you should be able to find some discussion of the various sensor shapes.
Not much use when you're travelling, but when you're around home, at least, you should also complain to your local traffic engineers, who may be able to help; and by complaining you'll help out other motor- and bi- cyclists.
--Bruce Fields
A light along my regular commute had the same problem. I emailed the city's signs & signals department. After a few exchanges, they actually sent some people out to check the adjustment and mark with spraypaint the place where I should place my bike to trip the sensor.
As it turns out, they got it wrong--I eventually figured out I needed to be in a different position.
But the point is that it's worth being persistent--people may be willing to help, and there is probably some reasonable solution.
--Bruce Fields
Demand paging?
The liberal reputation may well be deserved. So what? If the only people allowed to do research on questions of political import are people with no political opinions whatsoever, well, that's not going to leave us with many qualified researchers.
The linked-to paper tells exactly where they got all their data and how they analyzed it; I don't see any reason you couldn't reproduce every step if you wanted to. They've done their homework; now if you're skeptical (as I think you should be--I am too!) you need to do yours. If the liberal reputation is what motivates you to take a closer look, fine, but now you need to dig into the research and figure out what's actually wrong with it. I'm sure you understand this, but just to make it completely clear--"they're probably liberals" isn't in itself a meaningful argument.
--Bruce Fields
Do Point-of-Sale systems never have internet connections? I'd think there'd be a lot of advantages (simple connection to backend databases, etc.). And most of them already run something like a real OS these days, don't they? At which point I suspect you've reached a level of complexity that, alas, probably requires the occasional security patch.
> Really. Lots of business desktops don't need
> full Internet access.
They want to print, at least. Maybe the want to share files with someone down the hall. At that point the easiest thing to do is put them on a real IP network, but behind a firewall. Now they're vulnerable to any compromised machine on the same network, possibly including a laptop that someone also uses on other networks when they travel.... Oh, and if they also want to run a browser or a mail client then they're obviously vulnerable to all sorts of attacks. It's not just services that are vulnerable!
--Bruce Fields
When an incorrect post gets modded up, that's a sign that the misconception held by the poster is a commonly held one. Modding it up has the effect of bringing it to people's attention and making it more likely that a correction will be posted and modded up.
So, while I sometimes do wish there was an "incorrect" mod (or sometimes maybe "insufficient supporting evidence provided..."), I'm not sure that in practice it would work any better than the current situation.
--Bruce Fields
Try apt-get install rpm sometime....
Also, you might want to take a look at alien. A Debian box can deal with suitable RPM's. And isn't one of the participating distributions listed in the submission debian-based? (Progeny?)
--Bruce Fields
In fairness, this depends on what you mean by "the church". These days any reasonable church recognizes that it is their job to inspire, to seek justice and compassion, etc., not, for example, to attempt to determine the exact age of the earth by calculations from biblical family trees.
One of the sources of our current problem is that discussions of religion in the United States are so dominated by the fundamentalist fringe.
While not a Christian myself, I recognize that Christianity has a lot to value in it, and it distresses me to see kids being brought up to believe that the only way to stay true to their principles is to swallow this sort of pseudo-science.
--Bruce Fields
I assume this only applies in the case of DSL that shares an existing phone line, right? I'm just going on my vague memory that when I had DSL going over a separate line, I don't think the usual phone taxes being were on the DSL bill. Could be they just didn't bother to break them out, but I doubt it.
--Bruce Fields
Eh, I don't know. The central government is also subject to more oversight.... There are more congresspeople, journalists, and random concerned citicizens watching the FCC than there are watching the local school board.
It's the many eyeballs make all bugs shallow theory. And may also explain why you hear more about federal government corruption than you do about corruption in your city government. It's probably *not* because your city government is any better. And city governments (taken as a whole) *do* have a comparable ability to screw things up....
--Bruce Fields