In Norway channels are typially 80kbps, while some go even further down. Expect local stations to be among those when they make the switch, to save cost.
Source (in Norwegian): http://www.lydogbilde.no/nyhet...
Even if you manage to invoke file in a safe manner, you probably shouldn't. The file utility isn't isn't immune to security issues either. A quick google found at least 3 different CVSs from 2014 only. Don't expose stuff that wasn't designed with a hostile Internet in mind, to a hostile Internet. Anyway, if file says it's a png file, it doesn't mean it's a _safe_ png file.
A paranoid (or sensible, depending on how juicy a target you are) way to handle it is to isolate the thing that verifies the file in some kind of sandbox, either a container or full VM with no access to anything. Pass the file to it and accept nothing back except raw pixel data. On the outside you re-encode it as a.png and pass that along to you users. Afterwards, assume the sandbox is full of nasties. Nuke it from orbit.
$100 million can easily be more then $11.7 billion if it's from a different budget. In HP's case I guess they just had $100 million left on the screwup-budget that they just had to spend somehow.
Big companies are so fscked up.
-Meaningless boilerplate comments. Comments on property getters and setters is pure noise.
-Questionable OO design. Why are this class keeping references to serviceReferenceGraph and loggingFormatter which it doesn't use for anything?
-Needless vertical scrolling. Given the triviality of this class, there is no reason for it not to be a one-pager.
-It's in the DependencyInjection namespace, but... doesn't use dependency injection!
-php pretending to be java. WTF is up with that?
...which nicely demonstrates how hard it is to come up with good analogies. If I wrote a book, and you copied all my chapter titles for your book, be certain that I (or rather my publisher) would come after you. I put a lot of work into those titles after all.
APIs are different though. They are meant to be copied. You can't use them without copying them.
No, making the wrong choice makes you a murderer. At least 3 people are going to die no matter what you do. By not pulling that lever, you'll cause the death of another 297.
While MS wasn't hit too hard by this praticular bug, they have been hit by bugs in open source "core infrastructure" libraries before. Anyone remember this: http://www.geek.com/news/micro... ? Basically everything MS shipped had to be patched due to zlib being statically linked all over the place.
Anyway, lots of people run open source stuff on windows servers (well, some do at least...), and it's in the best interest of MS that those boxes are safe.
And last but not least, it's if not free so at least very cheap publicity.
I was watching a live stream of the match, which also showed the next moves suggested by Houdini. Interestingly both players were pretty consistent in selecting the highest ranked moves. The exceptions were the "blunders" which lead to Anand's defeat.
Nah, that was 2011 or so. Right now i count 6 linux installations in my living room: two android phones, one tablet, this laptop, the tv and the pvr. Only one of those installations exist because i personally am a geek.
My 2 cents worth of data confirms your experience. My 3 last employers all moved to git from cvs or svn while i worked there. The first one was developing multi million LOC enterprisy stuff and ended up being bougth by Microsoft, which was ironic, until MS actually started supporting git themselves in tfs'12. How is that for closed sorce adoption?:)
That's not what I meant, but you're still correct:) It's not possible because memory reclamation is never done on objects that are reachable by finalizers, until those finalizers have been run. Yeah, I had to look up the fine details...
I think, in theory your finalizer could throw a NPE. If the particular JVM you're using has a GC algorithm that runs finalizers and deletion of objects in separate threads, the reference to stack could become null between the comparison and the printStackTrace call. It's probably a far fetched example, but it illustrates some of the problems you will not have to worry about if you just avoid finalizers completely.
The the most inportant thing to know about finalizers it to never use them. The thing is that, when the finalizer is running, the state of the object is kind of undefined... Instance variables may or may not already have been finalized (and deleted from memory), etc. If you think you need a finalizer, you're likely much better off defining a dispose() method, and calling that in a controlled manner instead.
Slashdot Mirror
Oh, the old not-so-side-effect-free GET request story. Happens a lot, and makes me chuckle every time :-)
Nice summary. I might just print this out and stick it to my wall. That way I'll never have to come back here again.
In Norway channels are typially 80kbps, while some go even further down. Expect local stations to be among those when they make the switch, to save cost.
Source (in Norwegian): http://www.lydogbilde.no/nyhet...
So now you can listen to crappy bandwith radio while draining your battery at double speed. Nice.
Using your real name when submitting a PR is not "pointing out an unimportant distraction about yourself".
The same argument goes for static analysers. They are likely to be better, more thorough, for more common languages.
Even if you manage to invoke file in a safe manner, you probably shouldn't. The file utility isn't isn't immune to security issues either. A quick google found at least 3 different CVSs from 2014 only. Don't expose stuff that wasn't designed with a hostile Internet in mind, to a hostile Internet. Anyway, if file says it's a png file, it doesn't mean it's a _safe_ png file.
.png and pass that along to you users. Afterwards, assume the sandbox is full of nasties. Nuke it from orbit.
A paranoid (or sensible, depending on how juicy a target you are) way to handle it is to isolate the thing that verifies the file in some kind of sandbox, either a container or full VM with no access to anything. Pass the file to it and accept nothing back except raw pixel data. On the outside you re-encode it as a
True
$100 million can easily be more then $11.7 billion if it's from a different budget. In HP's case I guess they just had $100 million left on the screwup-budget that they just had to spend somehow. Big companies are so fscked up.
-Meaningless boilerplate comments. Comments on property getters and setters is pure noise.
-Questionable OO design. Why are this class keeping references to serviceReferenceGraph and loggingFormatter which it doesn't use for anything?
-Needless vertical scrolling. Given the triviality of this class, there is no reason for it not to be a one-pager.
-It's in the DependencyInjection namespace, but... doesn't use dependency injection!
-php pretending to be java. WTF is up with that?
...which nicely demonstrates how hard it is to come up with good analogies. If I wrote a book, and you copied all my chapter titles for your book, be certain that I (or rather my publisher) would come after you. I put a lot of work into those titles after all.
APIs are different though. They are meant to be copied. You can't use them without copying them.
No, making the wrong choice makes you a murderer. At least 3 people are going to die no matter what you do. By not pulling that lever, you'll cause the death of another 297.
While MS wasn't hit too hard by this praticular bug, they have been hit by bugs in open source "core infrastructure" libraries before. Anyone remember this: http://www.geek.com/news/micro... ? Basically everything MS shipped had to be patched due to zlib being statically linked all over the place.
Anyway, lots of people run open source stuff on windows servers (well, some do at least...), and it's in the best interest of MS that those boxes are safe.
And last but not least, it's if not free so at least very cheap publicity.
I was watching a live stream of the match, which also showed the next moves suggested by Houdini. Interestingly both players were pretty consistent in selecting the highest ranked moves. The exceptions were the "blunders" which lead to Anand's defeat.
Hey, that's my retirement plan!
To be fair, Java will generally yell at you if you try to assign a timestamp to an int.
Probably does. It's not in my living room tho :)
Nah, that was 2011 or so. Right now i count 6 linux installations in my living room: two android phones, one tablet, this laptop, the tv and the pvr. Only one of those installations exist because i personally am a geek.
My 2 cents worth of data confirms your experience. My 3 last employers all moved to git from cvs or svn while i worked there. The first one was developing multi million LOC enterprisy stuff and ended up being bougth by Microsoft, which was ironic, until MS actually started supporting git themselves in tfs'12. How is that for closed sorce adoption? :)
I'm the AC that wrote that. Drive over 0.08 all the time. I've never had a problem.
You're not statistically significant.
Oooh! GregorianCalendar, my favourite java class!
And let's be honest, any other way to do it is just wrong. Go Opera! :)
That's not what I meant, but you're still correct :) It's not possible because memory reclamation is never done on objects that are reachable by finalizers, until those finalizers have been run. Yeah, I had to look up the fine details...
I think, in theory your finalizer could throw a NPE. If the particular JVM you're using has a GC algorithm that runs finalizers and deletion of objects in separate threads, the reference to stack could become null between the comparison and the printStackTrace call. It's probably a far fetched example, but it illustrates some of the problems you will not have to worry about if you just avoid finalizers completely.
The the most inportant thing to know about finalizers it to never use them. The thing is that, when the finalizer is running, the state of the object is kind of undefined... Instance variables may or may not already have been finalized (and deleted from memory), etc. If you think you need a finalizer, you're likely much better off defining a dispose() method, and calling that in a controlled manner instead.
So go for it then. There's a severe lack of qualified IT workers in Norway these days. Only speaking English is seldom a problem either.