Well these sinister evil hackers at the FSF will probably release a Boxee app that lets you actually DVR straight to an external server, hard drive, or other storage and fuck you and your $14.99. The icon will be the TPB logo.
businesses throw out the old and make new just for the sake of being more up-to-date than the competition.
Not so much for SCADA systems and the like.
Your entire argument becomes irrelevant because such systems aren't going to upgrade the underlying OS into a "secure OS" anyway. The OS is going to rot away with the underlying program because the WHOLE PACKAGE works, and if management wants it upgraded they're going to want the WHOLE PACKAGE upgraded--why the hell would you move a program from the 90s off an NT4 box onto an XP box? You get a NEW program and install it on shiny new Server 2008r2.
You want a secure architecture without bolt-on bullshit, go microkernels. Thing about microkernels is you can actually bolt-on bullshit without it BEING bolt-on bullshit. The pieces are largely like Legos, instead of like buildings in which you're trying to reenforce doors and add surveillance and alarms. In the very worst case, they're fairly easy to completely rework fundamentally--you can change pieces and wedge the interface in, then move through and correct everything piece-by-piece without getting lost.
Narrow class? 86% of the first 60 security exploits published as advisories by Ubuntu were covered by ASLR and W^X supplied by PaX.
Also, as I"ve stated repeatedly, the development changes under ASLR policy are: DON'T MAKE BROKEN CODE (really, the only break here is to assume an address for a dynamically allocated resource is always the same and hard-code it; or subtle corruption that semi-works because generally things don't move around). For the W^X protections supplied by PaX, W^X, ExecShield, and a host of other things, the most common problem encountered by non-broken software is that somebody wrote self-modifying hand-optimized assembly code or, ridiculously, thought they were clever by accomplishing a task with a small strip of assembly they put on the stack. That's actually harder to do than it is to NOT do.
These specific changes have minimal, predictable effects. W^X protections have to be disabled for i.e. Java and.NET, due to runtime code generation; otherwise triggering W^X is either a result of something being very broken--and it will tell you where--or someone being clever writing hand-optimized assembly that self-modifies or loads into a program variable on the stack or heap (neither of which is very clever). In either case, failures are both more predictable (i.e. easier to reproduce) and earlier in the failure sequence (i.e. easier to trace to root cause), meaning easier to debug.
If your argument consists of "well, sometimes, in development, there are trade-offs, and the changes can do some things, but it makes other things happen that have to be figured out, and that can be hard..." then you obviously don't understand computers as much more than a nebulous box that runs programs and sometimes gets a virus. Don't comment on program execution flow restrictions unless you actually understand program execution flow.
No, that's stupid. As I said, the stricter guarantees that you must follow under PaX-alikes tend to make programs easier to debug. ASLR and W^X policies cause hard failures to happen more often and earlier in the failure process, rather than letting the program off-by-one and get away with it or just hobble along half-dead until it sputters out and dies miles away from where the error actually occurred. Debugger intervention and proper core dumps (with library layouts and other memory mappings) can be used to reconstruct the program state at the time of the error.
That means security makes the system easier to develop correct programs for, in this case. Correct programs are easier to use because they don't fuck up so much. Incorrect programs that run until you do something you really normally wouldn't do will of course get exploited...resulting in a crash because the security system doesn't allow for the basic required functionality that allows those kinds of exploits. There's a log, and the programmer scratches his head and issues a patch ten minutes later, correcting some poor bounds checking.
This is actually not as much of a problem as you think. Programs don't last forever, and they get rewritten a lot. Upgrades. New features. Refactoring, replacement. Remember the shiny new thing is more attractive, so businesses throw out the old and make new just for the sake of being more up-to-date than the competition.
As such, a feature that says "Requires you to disable the security features of your OS for this particular program" and a big scary warning box that says "Program is requesting policy to disable anti-hacker security protections for itself, may be susceptible to viruses and hackers [X]Allow [ ]Deny" will become a blight next to the competitor's app that "Takes advantage of advanced security protections." Eventually everyone fixes the minor bugs that cause this shit, and then everything just 'works' and we simply expect it to.
Your vendor doesn't want people looking at him funny. Fixing the problem is usually easy--with dynamic compilation (Java,.NET, etc) it's fundamentally impossible, but otherwise it's a matter of not doing a certain thing like self-modifying hand-optimized assembly.
It's just that to my senses the apps are all good for 7 inch screens, and 10 inch screens are for... watching movies. In which case, uh. I mean you'll notice Amazon has ONE 9 inch Kindle and all new Kindle lines (Paperwhite etc) are 7 inchers (in my pants--really, damn thing fits in my pocket). That's because holding a big, bulky thing like that is more strain and fatigue, and the size requires more eye movement which is strain and fatigue ON THE EYES.
The Asus Transform is begging to be a laptop, full keyboard and everything. It needs a full Ubuntu Linux install that works, with a virtualized Android install with OpenGL 3D pass-through. Or, ideally, a reversible design--both share a data drive through the VM as a file share (samba, NFS, whatever), and you can reboot and pick your "bare-metal" OS and the other you can quick-access as a guest OS. Bare-metal has better performance, of course; beyond that it won't matter. Both OSes would come up with the same files available everywhere, with slightly different hardware depending on if they're guest or host, and operate flawlessly. It's doable on today's software, just takes some setting up and maybe some new logic to leverage all the basic tools (i.e. to be aware of if you're a host or guest OS, and mount a partition on/data or mount a network FS on/data).
That's where we are: people want their phone to be a tablet, they want their tablet to be a laptop.
Yes, and I haven't driven a normal sized car yet. Just my Mazda 3 was cheaper than a Hummer 3 or xB so I've got this little miniature compact car with 17 inch wheels instead of something with 28 inch wheels and hydraulics.
Minix. It's easier to do a major modification--the fact that it's only basically functional is not an issue, since it's a functional Unix OS without bells and whistles and you're going to be designing and implementing most of the bells and whistles.
I think a Linux system that used PaX would be easy. Actually I used to maintain the list of incompatible apps--mostly Java itself, a handful of other things that turned out to be broken (and occasionally have critical security holes, none of which I personally found)--for Gentoo Linux. Thing about PaX is when something is killed, it's logged, and you get a wealth of debug data--when your program misbehaves, it usually dies from it early and it's easier to find the problem. This means developers have an easier time getting their software more correct, and the system doesn't do odd unexpected things (by bad software or by being hacked and worm-infested), and so the more secure system becomes the more usable system and the more maintainable system.
Similarly, for Unix environments, you could work on building out Minix and bolt on services that supply security guarantees as PaX does, and that interface between the user space utilities and the OS (because the OS Syscall handler is itself a service, you run the program under a DIFFERENT SERVICE) to implement namespaces and act as functional jails--virtualization, semi-virtualization. Services supplied under full microkernels like GNU HURD, L4, or Minix are small and thus easily audited for correctness--and thus improve security.
It all requires policy, of course. The PaX stuff is policy: no write/execute and no !execute to execute. If that crashes the program, you need to fix the program or remove that policy restriction. Semi-virtualization is mainly a file access policy--hide (can't see it), read-through (can see it, writes are redirected a la UnionFS), read-write (can see and change it, object is shared)--and a resource policy--PIDs, network devices/addresses, etc are hidden or shared. It's on the developer to do that, although forced policy on deployment is possible (you can externally generate a policy). grsecurity has always supplied a learning mode that logs and then develops policy automatically, which you can then audit for monkey business.
This tells me the software is poorly designed and problematic, and is not a good product, and that the company is abusive to its customers and is tithe-extracting. Next product.
Everyone is telling me that the Nexus 7 just doesn't have the screen size and they NEED an iPad. When the iPad 7 comes out they'll flock to it and go, "Uh. Siri?" Then apple will discontinue Siri for being worthless.
The worst you'll do with brakes is lock them up so your car drags its ass. And even then, not likely. It's held on with 2 screws and the pads literally have a clip on them that snaps into place. If you fuck up the lube on the back, the brakes squeal loudly. If you lubricate the pad side, you're an idiot (that's the side that uses FRICTION to stop the car, don't lubricate it).
Honestly? Got 4 wheel disc brakes? Do the back 2 first. If they fail... most of your braking force is up front anyway.
Keynesian economics center around the idea that the bust is the economic flaw. In other words, that when the market spins out of control and goes into manic buying and prices skyrocket, the market is "good"; when the market is gorged and finally dies and prices crash, that's "bad," and thus the government should tweak economic knobs a lot to keep the market inflated.
Real economic theorists, market players, and people who generally have a clue call the boom and the bubble "overvalued." That is: houses were "overvalued" because people thought they'd buy a $500k house and sell it for $2M and make a mint, since the last guy bought the $500k house for $200k and made a mint. What actually happened is the market busted, and now the $500k house isn't worth shit--it never was; it was $500k because a bunch of delusional idiots were overvaluing the house. Keynesians are delusional idiots that go, "Wait, the house should run up to $2M, and $5M, and $10M, and $100Bn!" and then try to tweak the knobs.
One thing I don't like to pull out, but I will: Keynes actually claimed his entire economic theory was wrong. In other words, he actually claimed everything he said was the kind of thing a deluded moron would believe.
No it's just entitlement. It's like this: Jimmy kicked dirt in your face so you go bitching that Jimmy is bad. Jimmy's mum punishes Jimmy. Jimmy can't come out to play now. And you're like, wait, what the fuck? HEY! HEY!!!! WHAT THE FUCK JIMMY'S MOM! YOU BITCH WHERE'S MY ICE CREAM!!!
Who cares really? I mean it's a point to ask of curiosity but let's face it, if she's got nice tits then daaaaaaaaaaamn, get a squeeze or twelve in and suck those sweet pink nubs...
Brakes, for chrissake. I pay for engine work, but brakes? They charge $160/wheel but the part is $50 for HIGH END pads for 2 wheels and $30 for a rotor, or $20 for OEM pads (Friction Master or Morse street-performance ceramic with 18% copper impregnation WILL STOP YOU, I like good brakes and good tires). Impact wrench ($20 at Harbor Freight) pulls tire off in 30 seconds flat. Screwdriver behind the caliper, two bolts. Pop it off, pull off the pads, apply red anti-squeal, put new pads in, put caliper back. The rotor is held on by the wheel and you pull it toward you and it comes off, put new rotor on. It's a 10 minute job per wheel, if that. 40 minutes including jack time (use a drill to raise the jack lol...).
Total cost: $160, $220 with high-end brakes. Cost at shop: $650!? 40 minutes! Faster because they have a fucking lift!
I mean I'm not doing my own clutch (I have FWD, I hate it, and I hate working on the transaxle, what a pain), I'll pay $500 for that, yes I know it's $150 and drain the tranny and dismantle the drives (driveshaft, from tranny to wheels) and unbolt the transmission mount and then unbolt the transmission, drop it with a jack, pull it out, open it up and swap, then put it all back... yeah, uh, it's a lot of fucking work. Nothing hard but let's face it: taking a wheel off is slightly more involved than pumping your own gas; dropping your transmission is slightly less involved than a full engine compartment rebuild. Everything's in the way, everything needs to be drained, while you're in there you may as well do the struts (don't have to take them out, but they're in the way and annoying to work around) and clean the oil pan (it's in the way) etc etc etc...
Yeah what a mess. But brakes? Tire rotation? Changing your radiator fluid? Come on. Jack the car, turn the cock, close the cock, put the bin at the gas station. Make sure you fill halfway up with proplyne glycol and halfway up with water before you drive the car off again. No major dismantling required, why pay $100?
The first time I had a panic brake in a Cavalier, I slammed the brake and the car shut down the braking system for 1 full second, then applied braking force again. 1 full second is a really fucking long time, in case you didn't know.
Parable of the Broken Window. Destruction is not profit; if the "car economy" needs you to waste money dumping perfectly usable cars to "keep going," then you need to execute the Union leaders and close half the factories and fire half the workers. Folks have more money to buy other crap, so other business endeavors grow, those folks you fired will find jobs eventually, there's turn-over, and we get a growing economy overall. Better than sucking the life out of it to keep the big hulking slow behemoth fed.
Well these sinister evil hackers at the FSF will probably release a Boxee app that lets you actually DVR straight to an external server, hard drive, or other storage and fuck you and your $14.99. The icon will be the TPB logo.
businesses throw out the old and make new just for the sake of being more up-to-date than the competition. Not so much for SCADA systems and the like.
Your entire argument becomes irrelevant because such systems aren't going to upgrade the underlying OS into a "secure OS" anyway. The OS is going to rot away with the underlying program because the WHOLE PACKAGE works, and if management wants it upgraded they're going to want the WHOLE PACKAGE upgraded--why the hell would you move a program from the 90s off an NT4 box onto an XP box? You get a NEW program and install it on shiny new Server 2008r2.
You want a secure architecture without bolt-on bullshit, go microkernels. Thing about microkernels is you can actually bolt-on bullshit without it BEING bolt-on bullshit. The pieces are largely like Legos, instead of like buildings in which you're trying to reenforce doors and add surveillance and alarms. In the very worst case, they're fairly easy to completely rework fundamentally--you can change pieces and wedge the interface in, then move through and correct everything piece-by-piece without getting lost.
Narrow class? 86% of the first 60 security exploits published as advisories by Ubuntu were covered by ASLR and W^X supplied by PaX.
Also, as I"ve stated repeatedly, the development changes under ASLR policy are: DON'T MAKE BROKEN CODE (really, the only break here is to assume an address for a dynamically allocated resource is always the same and hard-code it; or subtle corruption that semi-works because generally things don't move around). For the W^X protections supplied by PaX, W^X, ExecShield, and a host of other things, the most common problem encountered by non-broken software is that somebody wrote self-modifying hand-optimized assembly code or, ridiculously, thought they were clever by accomplishing a task with a small strip of assembly they put on the stack. That's actually harder to do than it is to NOT do.
These specific changes have minimal, predictable effects. W^X protections have to be disabled for i.e. Java and .NET, due to runtime code generation; otherwise triggering W^X is either a result of something being very broken--and it will tell you where--or someone being clever writing hand-optimized assembly that self-modifies or loads into a program variable on the stack or heap (neither of which is very clever). In either case, failures are both more predictable (i.e. easier to reproduce) and earlier in the failure sequence (i.e. easier to trace to root cause), meaning easier to debug.
If your argument consists of "well, sometimes, in development, there are trade-offs, and the changes can do some things, but it makes other things happen that have to be figured out, and that can be hard..." then you obviously don't understand computers as much more than a nebulous box that runs programs and sometimes gets a virus. Don't comment on program execution flow restrictions unless you actually understand program execution flow.
No, that's stupid. As I said, the stricter guarantees that you must follow under PaX-alikes tend to make programs easier to debug. ASLR and W^X policies cause hard failures to happen more often and earlier in the failure process, rather than letting the program off-by-one and get away with it or just hobble along half-dead until it sputters out and dies miles away from where the error actually occurred. Debugger intervention and proper core dumps (with library layouts and other memory mappings) can be used to reconstruct the program state at the time of the error.
That means security makes the system easier to develop correct programs for, in this case. Correct programs are easier to use because they don't fuck up so much. Incorrect programs that run until you do something you really normally wouldn't do will of course get exploited...resulting in a crash because the security system doesn't allow for the basic required functionality that allows those kinds of exploits. There's a log, and the programmer scratches his head and issues a patch ten minutes later, correcting some poor bounds checking.
This is actually not as much of a problem as you think. Programs don't last forever, and they get rewritten a lot. Upgrades. New features. Refactoring, replacement. Remember the shiny new thing is more attractive, so businesses throw out the old and make new just for the sake of being more up-to-date than the competition.
As such, a feature that says "Requires you to disable the security features of your OS for this particular program" and a big scary warning box that says "Program is requesting policy to disable anti-hacker security protections for itself, may be susceptible to viruses and hackers [X]Allow [ ]Deny" will become a blight next to the competitor's app that "Takes advantage of advanced security protections." Eventually everyone fixes the minor bugs that cause this shit, and then everything just 'works' and we simply expect it to.
Your vendor doesn't want people looking at him funny. Fixing the problem is usually easy--with dynamic compilation (Java, .NET, etc) it's fundamentally impossible, but otherwise it's a matter of not doing a certain thing like self-modifying hand-optimized assembly.
It's just that to my senses the apps are all good for 7 inch screens, and 10 inch screens are for ... watching movies. In which case, uh. I mean you'll notice Amazon has ONE 9 inch Kindle and all new Kindle lines (Paperwhite etc) are 7 inchers (in my pants--really, damn thing fits in my pocket). That's because holding a big, bulky thing like that is more strain and fatigue, and the size requires more eye movement which is strain and fatigue ON THE EYES.
The Asus Transform is begging to be a laptop, full keyboard and everything. It needs a full Ubuntu Linux install that works, with a virtualized Android install with OpenGL 3D pass-through. Or, ideally, a reversible design--both share a data drive through the VM as a file share (samba, NFS, whatever), and you can reboot and pick your "bare-metal" OS and the other you can quick-access as a guest OS. Bare-metal has better performance, of course; beyond that it won't matter. Both OSes would come up with the same files available everywhere, with slightly different hardware depending on if they're guest or host, and operate flawlessly. It's doable on today's software, just takes some setting up and maybe some new logic to leverage all the basic tools (i.e. to be aware of if you're a host or guest OS, and mount a partition on /data or mount a network FS on /data).
That's where we are: people want their phone to be a tablet, they want their tablet to be a laptop.
Yes, and I haven't driven a normal sized car yet. Just my Mazda 3 was cheaper than a Hummer 3 or xB so I've got this little miniature compact car with 17 inch wheels instead of something with 28 inch wheels and hydraulics.
By accident apparently, and without realizing it. They fixed that.
Minix. It's easier to do a major modification--the fact that it's only basically functional is not an issue, since it's a functional Unix OS without bells and whistles and you're going to be designing and implementing most of the bells and whistles.
I think a Linux system that used PaX would be easy. Actually I used to maintain the list of incompatible apps--mostly Java itself, a handful of other things that turned out to be broken (and occasionally have critical security holes, none of which I personally found)--for Gentoo Linux. Thing about PaX is when something is killed, it's logged, and you get a wealth of debug data--when your program misbehaves, it usually dies from it early and it's easier to find the problem. This means developers have an easier time getting their software more correct, and the system doesn't do odd unexpected things (by bad software or by being hacked and worm-infested), and so the more secure system becomes the more usable system and the more maintainable system.
Similarly, for Unix environments, you could work on building out Minix and bolt on services that supply security guarantees as PaX does, and that interface between the user space utilities and the OS (because the OS Syscall handler is itself a service, you run the program under a DIFFERENT SERVICE) to implement namespaces and act as functional jails--virtualization, semi-virtualization. Services supplied under full microkernels like GNU HURD, L4, or Minix are small and thus easily audited for correctness--and thus improve security.
It all requires policy, of course. The PaX stuff is policy: no write/execute and no !execute to execute. If that crashes the program, you need to fix the program or remove that policy restriction. Semi-virtualization is mainly a file access policy--hide (can't see it), read-through (can see it, writes are redirected a la UnionFS), read-write (can see and change it, object is shared)--and a resource policy--PIDs, network devices/addresses, etc are hidden or shared. It's on the developer to do that, although forced policy on deployment is possible (you can externally generate a policy). grsecurity has always supplied a learning mode that logs and then develops policy automatically, which you can then audit for monkey business.
This tells me the software is poorly designed and problematic, and is not a good product, and that the company is abusive to its customers and is tithe-extracting. Next product.
By your logic, CDs aren't copyrightable because you buy them but someone else makes them.
The Zune's project name was Microsoft MeToo, and the Surface's project name was Microsoft MeToo2
Everyone is telling me that the Nexus 7 just doesn't have the screen size and they NEED an iPad. When the iPad 7 comes out they'll flock to it and go, "Uh. Siri?" Then apple will discontinue Siri for being worthless.
I have. They're on the XO-1. They're crap but they work. Durable, but not ergonomic.
Google Galaxy Nexus $250 16GB.
The worst you'll do with brakes is lock them up so your car drags its ass. And even then, not likely. It's held on with 2 screws and the pads literally have a clip on them that snaps into place. If you fuck up the lube on the back, the brakes squeal loudly. If you lubricate the pad side, you're an idiot (that's the side that uses FRICTION to stop the car, don't lubricate it).
Honestly? Got 4 wheel disc brakes? Do the back 2 first. If they fail... most of your braking force is up front anyway.
Keynesian economics center around the idea that the bust is the economic flaw. In other words, that when the market spins out of control and goes into manic buying and prices skyrocket, the market is "good"; when the market is gorged and finally dies and prices crash, that's "bad," and thus the government should tweak economic knobs a lot to keep the market inflated.
Real economic theorists, market players, and people who generally have a clue call the boom and the bubble "overvalued." That is: houses were "overvalued" because people thought they'd buy a $500k house and sell it for $2M and make a mint, since the last guy bought the $500k house for $200k and made a mint. What actually happened is the market busted, and now the $500k house isn't worth shit--it never was; it was $500k because a bunch of delusional idiots were overvaluing the house. Keynesians are delusional idiots that go, "Wait, the house should run up to $2M, and $5M, and $10M, and $100Bn!" and then try to tweak the knobs.
One thing I don't like to pull out, but I will: Keynes actually claimed his entire economic theory was wrong. In other words, he actually claimed everything he said was the kind of thing a deluded moron would believe.
No it's just entitlement. It's like this: Jimmy kicked dirt in your face so you go bitching that Jimmy is bad. Jimmy's mum punishes Jimmy. Jimmy can't come out to play now. And you're like, wait, what the fuck? HEY! HEY!!!! WHAT THE FUCK JIMMY'S MOM! YOU BITCH WHERE'S MY ICE CREAM!!!
Who cares really? I mean it's a point to ask of curiosity but let's face it, if she's got nice tits then daaaaaaaaaaamn, get a squeeze or twelve in and suck those sweet pink nubs...
I pulled the ABS fuse in the cavalier after that. I tend to pull it in anything that won't fail catastrophically without the ABS.
Brakes, for chrissake. I pay for engine work, but brakes? They charge $160/wheel but the part is $50 for HIGH END pads for 2 wheels and $30 for a rotor, or $20 for OEM pads (Friction Master or Morse street-performance ceramic with 18% copper impregnation WILL STOP YOU, I like good brakes and good tires). Impact wrench ($20 at Harbor Freight) pulls tire off in 30 seconds flat. Screwdriver behind the caliper, two bolts. Pop it off, pull off the pads, apply red anti-squeal, put new pads in, put caliper back. The rotor is held on by the wheel and you pull it toward you and it comes off, put new rotor on. It's a 10 minute job per wheel, if that. 40 minutes including jack time (use a drill to raise the jack lol...).
Total cost: $160, $220 with high-end brakes. Cost at shop: $650!? 40 minutes! Faster because they have a fucking lift!
I mean I'm not doing my own clutch (I have FWD, I hate it, and I hate working on the transaxle, what a pain), I'll pay $500 for that, yes I know it's $150 and drain the tranny and dismantle the drives (driveshaft, from tranny to wheels) and unbolt the transmission mount and then unbolt the transmission, drop it with a jack, pull it out, open it up and swap, then put it all back... yeah, uh, it's a lot of fucking work. Nothing hard but let's face it: taking a wheel off is slightly more involved than pumping your own gas; dropping your transmission is slightly less involved than a full engine compartment rebuild. Everything's in the way, everything needs to be drained, while you're in there you may as well do the struts (don't have to take them out, but they're in the way and annoying to work around) and clean the oil pan (it's in the way) etc etc etc...
Yeah what a mess. But brakes? Tire rotation? Changing your radiator fluid? Come on. Jack the car, turn the cock, close the cock, put the bin at the gas station. Make sure you fill halfway up with proplyne glycol and halfway up with water before you drive the car off again. No major dismantling required, why pay $100?
The first time I had a panic brake in a Cavalier, I slammed the brake and the car shut down the braking system for 1 full second, then applied braking force again. 1 full second is a really fucking long time, in case you didn't know.
Parable of the Broken Window. Destruction is not profit; if the "car economy" needs you to waste money dumping perfectly usable cars to "keep going," then you need to execute the Union leaders and close half the factories and fire half the workers. Folks have more money to buy other crap, so other business endeavors grow, those folks you fired will find jobs eventually, there's turn-over, and we get a growing economy overall. Better than sucking the life out of it to keep the big hulking slow behemoth fed.
Bicycle you twatwaffle.Pedal faster!