Except that the corrections aren't arbitrary, and you don't know what you're talking about.
Maybe not, but enough people who do have examined the code that if there were good reasons for the corrections, somebody would have pointed it out. If nothing else, the coders at the CRU would have defended their decisions if there were an innocent reason for them. Please note that none of the "scientists" who's emails were leaked has denied having written them, or claimed they were altered, and not one of the coders has defended the "corrections" or the way the code was manipulated.
I'd really like to see that poll. Do you have a link to the original question that was asked?
Alas, I don't. If you prefer to deny it exists, I shan't argue.
Re:Can we please stop with the "denialist" crap?
on
The Limits To Skepticism
·
· Score: 2, Informative
Both are holding positions in face of overwhelming consensus by people who are experts in the subject as well as in face of physical evidence.
You do realize, don't you, that current polls show that less than 90% of qualified climate scientists believe AGW has been proved? Doesn't sound like much of a consensus to me. And, unlike history, when it comes to science consensus means nothing, only the facts.
because their objections are based on ideology, not science.
From where I sit, it's the people putting arbitrary "corrections" into the programs to make them come out the way they want and refusing to accept any articles that don't toe the party line into their "peer reviewed journals" who look like religious zealots, and the soi-disant "deniers" are the ones who are trying to do things in a proper scientific manner. Remember, boys and girls, if the facts don't support your theory, a scientist changes the theory, while an activist conceals the inconvenient facts.
Just curios - how do Linux developers avoid these problems? For example, what 'safe' buffer and string magnment tools do you use? What are the static analysis tools used?
Alas, I haven't done any real coding in well over a decade, and the last time I did, it was for MS-DOS. However, the project I worked on used strncpy() at all times because we were using string manipulation and that avoided any problems with a malformed string. (We were working on ANSI transaction records submitted by doctors, so hacking wasn't an issue, but transmission errors were.)
I can tell you it is way, way more cost effective to do (as you say) "stomp on that kind of thing as you go".
Excellent! However, I don't work for Microsoft and I haven't worked as a programmer in well over a decade, finding tech support fits my temperament and interests better. (I like the idea that twenty to thirty people have a better day because they spoke to me, and I have the patience to work with computer illiterates.) From where I sit, I couldn't judge the cost effectiveness and wasn't going to express my opinion with no facts.
Thank you. I'm sure you're going to great lengths to avoid adding any new buffer overflows. However, there have been so many over the years that it made me suspect that you weren't using the safe copy functions, because it's hard to imagine how they were happening if you did. Glad to know you're using the safe forms, now. I don't use Windows myself, finding Linux more to my liking, but that doesn't mean that I don't want Windows to be as secure as possible.
In my entire time at MS, I never saw one instance of strcpy.
Thank you; I sit corrected. However, if they are, as you say, using functions that don't allow unbounded copying, how do you explain all the buffer overflows. Granted, my programming skills are way out of date, but from where I sit it looks as though using copy functions with built-in bound-checking should prevent them.
You think MSFT are the only people that occasionally have buffer overrun bugs?
Not at all. I was merely pointing out that if they required all their devs to use the right string copy function in the first place they'd make it almost impossible to introduce more. I'd also go so far as to suggest that if they made it a habit to change the code to use the right function any time they were updating it, they'd probably eliminate potential overflows that nobody's found yet. Of course, doing that takes time and, to a company like Microsoft, time is money, so there are trade-offs involved. Not working there, I can't judge if it's more cost effective to stomp on that kind of thing as you go, or wait until it turns out to be an issue.
Not the fault of MS's devs in a software engineering talent sense
Actually, it is. They're using C, and unless I'm more mistaken than usual, they're doing all these copies with strcpy() which copies as many bytes as you give it instead of strncpy() which copies up to n bytes, where n is one of the function's parameters. Simply changing from strcpy() to strncpy() with n fixed to the size of the buffer (with room for the terminator) would probably get rid of 90% of the overflows. If I can figure that out, they should be able to too, if they're really worth what MS is paying them.
The problem is no one asks them to do the right things.
If what you write is true, the reason there's still buffer overflows in Microsoft code is simply that nobody's asked the programmers to get rid of them. Frankly, I find htat hard to believe.
it wasn't going to be able to infect the system folder...
What "system folder?" This is Linux we're talking about not Windows. Are you talking about/bin,/sbin,/etc,/var or some other directory? Unlike Windows, Linux spreads things out across the file system so that it doesn't have all of its essential files in one place.
So your assumption is that audio production is becoming an increasingly *smaller* niche of computer use?
No, and I'd really like to know how you read that into what I wrote. Linux isn't for everybody and probably never will be. That's OK; if you prefer Windows or like the way Macs work, that's what's right for you. My point was, and still is that just because it can't do what you need it to doesn't mean it's no good for other people who don't work with whatever specialized programs you need.
He replied to you, because you were flaming an audio guy for saying that professional audio stuff doesn't work on Linux.
If so, he's even more of a twit than I thought he was. Not only was he replying to me with quotes from somebody else's post, he was misunderstanding what I'd written. (Either that, or you have a problem with reading for comprehension, as we'll see.) I was not flaming him for saying that the programs he needs don't work on Linux, nor was I flaming him because that's a reason he doesn't use Linux. After all, I can't expect him to use an OS that doesn't do what he needs. No, what I was flaming him for was his claim that because Linux doesn't have the program that he needs, it's no good in general. And, I might add, the person who should have read the GP before posting was the person I responded to, not me. What the GP posted had nothing to do with my post, because I wasn't discussing that, I was discussing the OP's foolish attitude.
I know it's generally a waste of time to try to discuss anything with AC, but this just might be an exception. I have one question for you: why did you make that a reply to me, instead of the same post I replied to? Clearly, it's that post you're referring to, so that's where it belongs.
Yes, that there are. However, all of them put together make up a very small percentage of people who might want to use Linux. I don't mind if you say "Linux doesn't have anything for my niche, so it's not right for me." I object to the common attitude of, "Linux doesn't have anything for my niche so it's no good."
No, the post I was replying to (and quoted) was wanking about the lack of an audio workstation that fit his needs. What you quoted is from the grandparent of my post, if not further upstream. Twit.
And you think that lack of a professional audio workstation proves that Linux isn't ready for the desktop? If so, I've got some late-breaking news for you: only a vanishingly small percentage of computer users need something like that. I'm sure that if enough people needed something like that there'd be a developer working on it.
I can't count how many times I've seen opposition to Linux from short-sighted, narrow-minded people like you who think that their tiny little niche is the be-all and end-all of computers and any OS that doesn't revolve around whatever specialist program they need is out and out trash.
Apparently, you're not especially familiar with virtual machines.
It's true that I've not needed to work with them as yet. However, your reply either doesn't answer my question or I don't understand you answer. Are you saying that by default one VM can't access files created by another and isn't even aware of them?
while still firewalling off work data from the "personal phone" environment.
Unless the two systems can't access files stored by the other one, how are you going to keep somebody from accessing work data from the home side of the phone? If nothing else, they can still email it home from the personal side without any record of it on the work side.
Slashdot Mirror
I have no objection to Bin Laden ending up with 72 virgins, as long as they're all nuns. With shotguns.
Maybe not, but enough people who do have examined the code that if there were good reasons for the corrections, somebody would have pointed it out. If nothing else, the coders at the CRU would have defended their decisions if there were an innocent reason for them. Please note that none of the "scientists" who's emails were leaked has denied having written them, or claimed they were altered, and not one of the coders has defended the "corrections" or the way the code was manipulated.
Alas, I don't. If you prefer to deny it exists, I shan't argue.
You do realize, don't you, that current polls show that less than 90% of qualified climate scientists believe AGW has been proved? Doesn't sound like much of a consensus to me. And, unlike history, when it comes to science consensus means nothing, only the facts.
-1 Censored
Happens to me all the time because I don't buy into the Slashtard groupthink. I'll often get about four plus mods and three minus on the same post.
It's also a blatant attempt to demonize and marginalize them by linking them implicitly to Holocaust deniers.
From where I sit, it's the people putting arbitrary "corrections" into the programs to make them come out the way they want and refusing to accept any articles that don't toe the party line into their "peer reviewed journals" who look like religious zealots, and the soi-disant "deniers" are the ones who are trying to do things in a proper scientific manner. Remember, boys and girls, if the facts don't support your theory, a scientist changes the theory, while an activist conceals the inconvenient facts.
Alas, I haven't done any real coding in well over a decade, and the last time I did, it was for MS-DOS. However, the project I worked on used strncpy() at all times because we were using string manipulation and that avoided any problems with a malformed string. (We were working on ANSI transaction records submitted by doctors, so hacking wasn't an issue, but transmission errors were.)
Excellent! However, I don't work for Microsoft and I haven't worked as a programmer in well over a decade, finding tech support fits my temperament and interests better. (I like the idea that twenty to thirty people have a better day because they spoke to me, and I have the patience to work with computer illiterates.) From where I sit, I couldn't judge the cost effectiveness and wasn't going to express my opinion with no facts.
Thank you. I'm sure you're going to great lengths to avoid adding any new buffer overflows. However, there have been so many over the years that it made me suspect that you weren't using the safe copy functions, because it's hard to imagine how they were happening if you did. Glad to know you're using the safe forms, now. I don't use Windows myself, finding Linux more to my liking, but that doesn't mean that I don't want Windows to be as secure as possible.
Thank you; I sit corrected. However, if they are, as you say, using functions that don't allow unbounded copying, how do you explain all the buffer overflows. Granted, my programming skills are way out of date, but from where I sit it looks as though using copy functions with built-in bound-checking should prevent them.
Not at all. I was merely pointing out that if they required all their devs to use the right string copy function in the first place they'd make it almost impossible to introduce more. I'd also go so far as to suggest that if they made it a habit to change the code to use the right function any time they were updating it, they'd probably eliminate potential overflows that nobody's found yet. Of course, doing that takes time and, to a company like Microsoft, time is money, so there are trade-offs involved. Not working there, I can't judge if it's more cost effective to stomp on that kind of thing as you go, or wait until it turns out to be an issue.
Actually, it is. They're using C, and unless I'm more mistaken than usual, they're doing all these copies with strcpy() which copies as many bytes as you give it instead of strncpy() which copies up to n bytes, where n is one of the function's parameters. Simply changing from strcpy() to strncpy() with n fixed to the size of the buffer (with room for the terminator) would probably get rid of 90% of the overflows. If I can figure that out, they should be able to too, if they're really worth what MS is paying them.
Nice suggestion, but it was really a failure to poorfraed.
If what you write is true, the reason there's still buffer overflows in Microsoft code is simply that nobody's asked the programmers to get rid of them. Frankly, I find htat hard to believe.
What "system folder?" This is Linux we're talking about not Windows. Are you talking about /bin, /sbin, /etc, /var or some other directory? Unlike Windows, Linux spreads things out across the file system so that it doesn't have all of its essential files in one place.
No, and I'd really like to know how you read that into what I wrote. Linux isn't for everybody and probably never will be. That's OK; if you prefer Windows or like the way Macs work, that's what's right for you. My point was, and still is that just because it can't do what you need it to doesn't mean it's no good for other people who don't work with whatever specialized programs you need.
If so, he's even more of a twit than I thought he was. Not only was he replying to me with quotes from somebody else's post, he was misunderstanding what I'd written. (Either that, or you have a problem with reading for comprehension, as we'll see.) I was not flaming him for saying that the programs he needs don't work on Linux, nor was I flaming him because that's a reason he doesn't use Linux. After all, I can't expect him to use an OS that doesn't do what he needs. No, what I was flaming him for was his claim that because Linux doesn't have the program that he needs, it's no good in general. And, I might add, the person who should have read the GP before posting was the person I responded to, not me. What the GP posted had nothing to do with my post, because I wasn't discussing that, I was discussing the OP's foolish attitude.
I know it's generally a waste of time to try to discuss anything with AC, but this just might be an exception. I have one question for you: why did you make that a reply to me, instead of the same post I replied to? Clearly, it's that post you're referring to, so that's where it belongs.
Yes, that there are. However, all of them put together make up a very small percentage of people who might want to use Linux. I don't mind if you say "Linux doesn't have anything for my niche, so it's not right for me." I object to the common attitude of, "Linux doesn't have anything for my niche so it's no good."
No, the post I was replying to (and quoted) was wanking about the lack of an audio workstation that fit his needs. What you quoted is from the grandparent of my post, if not further upstream. Twit.
I can't count how many times I've seen opposition to Linux from short-sighted, narrow-minded people like you who think that their tiny little niche is the be-all and end-all of computers and any OS that doesn't revolve around whatever specialist program they need is out and out trash.
I presume, then, that a VM has no access under any circumstances to any folder that isn't shared with it. If so, that answers my question. Thank you.
I may well install VirtualBox, but if so, I'll see if it's in the Fedora repositories first. (always the safest way to go.)
It's true that I've not needed to work with them as yet. However, your reply either doesn't answer my question or I don't understand you answer. Are you saying that by default one VM can't access files created by another and isn't even aware of them?
Unless the two systems can't access files stored by the other one, how are you going to keep somebody from accessing work data from the home side of the phone? If nothing else, they can still email it home from the personal side without any record of it on the work side.