Since when is raising the rates $7 per month classified as "price gouging?" Charging $14.95 for a CD that costs $0.03 to manufacture is surely price gouging. Raising broadband from $45 per month to $52 per month is not.
it's not even close to enough to buy the U.S. government. Industry can't come close to the revenue stream (read taxes) that the government has. The U.S. routinely collects trillions of dollars in taxes, well more than a 100 times the amount that MS has in the bank.
a much more interesting question is whether this is enough money to buy off some key people (such as congressmen or federal judges). And I suspect the answer is assuredly yes.
--sam
Re:Seems like a waste of noise...
on
Optical Cryptography
·
· Score: 2, Informative
You are completely off. They are just using different numbers to represent the data. The magnitude of the numbers is unchanged. Typically, they do the addition modulo some conveniant number to keep the signal in a preset range.
This is essentially a one-time pad cipher where the pad is the length of the message and then (in the digital world) they XOR the pad with the message and send them both. For fiber optics, they probably do a similar transform, but instead of XOR they probably just a straight add, modulo some appropriate number.
if you let x = 1 (as you claim to at the beginning of the proof), then when you divide both sides by (x - 1), you are actually dividing by zero. This operation is undefined in normal mathematics which means you don't actually get x+1=1.
I'm seeing a lot of comments like "This is only a local root exploit", or michael's "Important for anyone running a multi-user system."
That's crap. This is a big deal. Don't try and downplay this. If you leave this unpatched, it turns every remote login hole into a remote root hole. There's plenty of code running remotely: mail, cgi, etc. Good security isn't foolproof. Good security is defense in depth. That means that you are patched against remote holes, and patched against local holes, so that escalation of privileges is difficult.
The NSA is responsible for vetting all hardware and software that the US government uses for classified materials. This includes DoD computers (such as the USMC), as well as the State Dept. and others (such as NASA). So, in short, yes. I'm not sure if other parts of the government are required to follow NSA guidelines for non-classified computers, but for classified comptuters, they are required to adhere to the NSA guidelines.
--sam
Re:Who will win? Look at past years:
on
ICFP 2001 Task
·
· Score: 1
the corrolary to this is that O'Caml is only used by grad students who have tons of free time, while C/C++ is used by people who get paid.
Am I the only one that found it funny/ironic that Vidomi used GIFs for the scanned images of the letter from the FSF? Given Stallman's opinions scattered liberally around prep.ai.mit.org (next to every image), I cracked up.
What's up with the last snide comment about "the time it takes to load up the tear gas grenades". Have you ever heard of the bonus army (1920s era WWI vets)? Strikes? Unions? People protest getting laid off all the time here in the states.
don't make such B.S. claims about the freedom of assembly and such. just be glad you aren't living in China, Cuba, Iran, etc, etc.
but you should get married! Seriously, it's probably the easiest way to get US citizenship, and who knows what kind of fun you might find with a nice girl.:-)
actually german isn't latin based. The latin based tongues are the romance languages: French, Italian, Portugese (sp?), Spanish, etc. Modern german comes from an older germanic root, which also gave forth Danish, Norwegian, Swedish (but not Finnish), Dutch, and others.
Modern English is originally based on Saxon which is also a germanic tongue, but then the Danes conquered most of England in 800 or so, and again from France in 1066. Modern English is a largely an amalgamation of various germanic tongues (Saxon and Danish) and French (which was based on Latin).
For all small simple GUIs, I'm seriously sold on the SATAN/SAINT model. Basically, you just write a webserver (http 1.0 is trivial to implement) and a front end that fork()s and spawns a web browser and the server and connects the two. If your GUI is large and complex, than this approach starts to break down. But if you just need some simple user input (buttons, imagemaps, and text boxes), then don't hack up a GUI for that. They are a pain in the ass to code, and it's a lot easier to just use an existing browser. I've coded stuff up to 15k lines with the browser approach, but usually only about 2-3k are the front end, and most of the rest is the guts of the application.
They have a config file which specifies all manner of password combos (letters/numbers appended, syllables flipped, words reversed); it should provide a comprehensive list of possibilities if you want to roll your own library. If you are doing a dictiionary check, make sure that you use a password cracking dictionary not a spell checking one. Password cracking dicts (as opposed to/usr/dict/words) have profanity and easy nonsense like asdfghjkl and 1234abcd. You can probably use the data files from Crack or John the Ripper in a Java system.
The whole even/odd thing is even cooler for me, as my birthday was 11/19 and my mom's birthday is today. (I was 1976, she was 1950 though).
heh, --sam
a bit late but this made my day
on
Happy Odd Day!
·
· Score: 1
I'm reading this late saturday (too much Pharaoh), but friday was my birthday. I turned 23, on the only odd day in our generation. visions of illuminati dance through my head. --sam
With the recent non-compliance article fresh in my mind, I would urge everybody to write a polite but firm email indicating their disappointment in using shockwave for this site, as it's unviewable to linux users. I would indicate in this email your distaste for the proprietary provisions, and it's impact on your buying decision. I'm not going to buy anything online that doesn't have more information about it, and there is currently no way of getting that information for this item. --sam
I've written a bunch of CGI scripts for my job, and all of them have been in perl. I've written code for classes in other languages, but perl rules the roost in cgi for the following reasons:
Superior text handling capability. strings are a first class data structure, rather than a char*, or an Object, so you can directly split, concatenate and munge them. Perl's regexp support makes munging strings easier than in any other language. CGI more than other applications deals with a lot of text.
Security. It's pretty easy to write secure perl scripts, you just have to check your exec()'s and backticks. with the Taint switch on, it's pretty hard to write insecure perl scripts. As opposed to C/C++, where it's pretty easy to write insecure scripts (buffer overflows spring to mind). In theory, any "safe" language would be good at CGI from this point of view.
Existing base of code. O'Reilly's High Performance Computing book has a quote which reads something like "I don't know what language will be used in the future for high performance applications, but I know it will be called Fortran." Like the huge chunk of math and science code in Fortran, there's a huge chunk of CGI code written perl, which makes it easy to build a new app "from scratch". Take a look at LWP and CGI.pm on CPAN.
Speed. One customarily thinks of compiled code as fast and interpreted code as slow. While this is generally true, perl is first compiled into an AST, and then you basically have a bunch of function pointers in C for each of perl's opcodes. Which makes perl pretty fast once the code is parsed, which makes it pretty fast under mod_perl. Interestingly, in Kernighan and Pike's Practice of Programming they compare the performance of C, C++, Perl, awk, and Java. And Perl narrowly beats out C++, crushes awk and Java, and loses badly to C. The runtime overhead of C++'s runtime polymorphism makes it a good bit slower than straight C. I'd recommend pure C (or fortran) if you are really concerned about performance. However, for most cases in CGI, the limiting factor isn't the speed of the code but the speed of the network (especially on the Internet, where modems are still relatively common). If you are developing something in house for a LAN, then maybe look at the execution time, but for public web sites, I would guess that network latency dominates unless you have a really gnarly CGI script.
Development speed. As a higher level language, you can generally get more done with less code. This is a big win, especially since most CGI stuff is relatively small, and a complex Object structure isn't really needed.
Now an argument can be made that other interpreted languages have a lot of these advantages (python springs to mind), but I don't know of any that are as fast as perl, or have as large a base of existing code. It's interesting that in the original CGI demo by NCSA, they use C for their scripts, but everything else that I've seen is in perl. In short, I'd recommend C only after you written it in perl and determined that execution time is a significant chunk of the total latency. The rules of thumb in UI design are:
up to 0.1 seconds. the user regards this as instantaneous.
up to 1 second. the user sees a noticeable lag, but it doesn't significantly interrupt their work.
up to 10 seconds. the user is significantly irked, and may lose train of thought, switch windows, etc.
over 10 seconds. the user gets bored, fires up solitaire, goes and gets a cup of coffee, etc. This is the biggest hit to productivity, as a 15 second latency may result in a 5 minute coffee break.
I switched to dvorak a while back and now prefer it. Some notes:
My typing speed didn't noticably improve. I was pretty fast on qwerty, and I'm pretty fast on dvorak.
My hands don't bother me (RSI stuff) as much when I use dvorak, I think it's cause I'm not stretching all over the keyboard
if you are in an environment where you are using other peoples boxen (e.g. sysadmin stuff in Windows shop, or university comp labs), then it's a pain until you learn both (which surprisingly took me a good bit longer than just switching)
It's pretty easy to pop the keys off a normal keyboard and rearrange them in a dvorak arrangement. for an ergo keyboard, you'll need to use stickers or paint.
It's next to impossible to login (as you can't see your password) with the keyboard set to the wrong setting
it only took about 2 weeks to forget qwerty and be good on dvorak. it took about 4 months to be comfortable using both,:-( it's like speaking two languages, it just takes a mind shift when you sit down.
bottom line: if you use your own workstation exclusively, then switch. If you have to hop machines, then stick with Qwerty.
Slashdot Mirror
http://www.glacier.rice.edu/
actually Moore originally predicted a 12 month doubling and then extended it to 18 month, and then (recently) extended it to 24 months.
--sam
Since when is raising the rates $7 per month classified as "price gouging?" Charging $14.95 for a CD that costs $0.03 to manufacture is surely price gouging. Raising broadband from $45 per month to $52 per month is not.
It's a bunch of whiny geeks.
--sam
it's not even close to enough to buy the U.S. government. Industry can't come close to the revenue stream (read taxes) that the government has. The U.S. routinely collects trillions of dollars in taxes, well more than a 100 times the amount that MS has in the bank.
a much more interesting question is whether this is enough money to buy off some key people (such as congressmen or federal judges). And I suspect the answer is assuredly yes.
--sam
You are completely off. They are just using different numbers to represent the data. The magnitude of the numbers is unchanged. Typically, they do the addition modulo some conveniant number to keep the signal in a preset range.
--sam
This is essentially a one-time pad cipher where the pad is the length of the message and then (in the digital world) they XOR the pad with the message and send them both. For fiber optics, they probably do a similar transform, but instead of XOR they probably just a straight add, modulo some appropriate number.
--sam
From a Bugtraq post by Mark Canter :
Generic patch against globc.c for:
Subject: Wu-Ftpd File Globbing Heap Corruption Vulnerability
-- SNIP --
--- glob.c.orig Sat Jul 1 14:17:39 2000
+++ glob.c Wed Nov 28 00:43:38 2001
@@ -298,7 +298,7 @@
for (lm = restbuf; *p != '{'; *lm++ = *p++)
continue;
- for (pe = ++p; *pe; pe++)
+ for (pe = ++p; *pe; pe++) {
switch (*pe) {
case '{':
@@ -314,11 +314,19 @@
case '[':
for (pe++; *pe && *pe != ']'; pe++)
continue;
+ if (!*pe) {
+ globerr = "Missing ]";
+ return (0);
+ }
continue;
}
+ }
pend:
- brclev = 0;
- for (pl = pm = p; pm = pe; pm++)
+ if (brclev || !*pe) {
+ globerr = "Missing }";
+ return (0);
+ }
+ for (pl = pm = p; pm = pe; pm++) {
switch (*pm & (QUOTE | TRIM)) {
case '{':
@@ -352,19 +360,18 @@
return (1);
sort();
pl = pm + 1;
- if (brclev)
- return (0);
continue;
case '[':
for (pm++; *pm && *pm != ']'; pm++)
continue;
- if (!*pm)
- pm--;
+ if (!*pm) {
+ globerr = "Missing ]";
+ return (0);
+ }
continue;
}
- if (brclev)
- goto doit;
+ }
return (0);
}
@@ -416,11 +423,10 @@
else if (scc == (lc = cc))
ok++;
}
- if (cc == 0)
- if (ok)
- p--;
- else
- return 0;
+ if (cc == 0) {
+ globerr = "Missing ]";
+ return (0);
+ }
continue;
case '*':
if you let x = 1 (as you claim to at the beginning of the proof), then when you divide both sides by (x - 1), you are actually dividing by zero. This operation is undefined in normal mathematics which means you don't actually get x+1=1.
sorry,
--sam
I'm seeing a lot of comments like "This is only a local root exploit", or michael's "Important for anyone running a multi-user system."
That's crap. This is a big deal. Don't try and downplay this. If you leave this unpatched, it turns every remote login hole into a remote root hole. There's plenty of code running remotely: mail, cgi, etc. Good security isn't foolproof. Good security is defense in depth. That means that you are patched against remote holes, and patched against local holes, so that escalation of privileges is difficult.
--sam
Isn't novosibirsk the key to controlling Asia in Axis and Allies? sort of like Kamchatka is the gateway to Asia in Risk?
:-)
--sam
The NSA is responsible for vetting all hardware and software that the US government uses for classified materials. This includes DoD computers (such as the USMC), as well as the State Dept. and others (such as NASA). So, in short, yes. I'm not sure if other parts of the government are required to follow NSA guidelines for non-classified computers, but for classified comptuters, they are required to adhere to the NSA guidelines.
--sam
the corrolary to this is that O'Caml is only used by grad students who have tons of free time, while C/C++ is used by people who get paid.
--sam
--sam
Am I the only one that found it funny/ironic that Vidomi used GIFs for the scanned images of the letter from the FSF? Given Stallman's opinions scattered liberally around prep.ai.mit.org (next to every image), I cracked up.
cheers,
--sam
--sam
What's up with the last snide comment about "the time it takes to load up the tear gas grenades". Have you ever heard of the bonus army (1920s era WWI vets)? Strikes? Unions? People protest getting laid off all the time here in the states.
don't make such B.S. claims about the freedom of assembly and such. just be glad you aren't living in China, Cuba, Iran, etc, etc.
--sam
--sam
According to both the AP story and the Seattle Times one, the monolith is 9 feet tall, not 6 as slashdot reports.
Insert irritated comment about the factual quality of slashdot stories and the corresponding decline of western civilization.
--sam
but you should get married! Seriously, it's probably the easiest way to get US citizenship, and who knows what kind of fun you might find with a nice girl. :-)
--sam
actually german isn't latin based. The latin based tongues are the romance languages: French, Italian, Portugese (sp?), Spanish, etc. Modern german comes from an older germanic root, which also gave forth Danish, Norwegian, Swedish (but not Finnish), Dutch, and others.
Modern English is originally based on Saxon which is also a germanic tongue, but then the Danes conquered most of England in 800 or so, and again from France in 1066. Modern English is a largely an amalgamation of various germanic tongues (Saxon and Danish) and French (which was based on Latin).
--sam
For all small simple GUIs, I'm seriously sold on the SATAN/SAINT model. Basically, you just write a webserver (http 1.0 is trivial to implement) and a front end that fork()s and spawns a web browser and the server and connects the two. If your GUI is large and complex, than this approach starts to break down. But if you just need some simple user input (buttons, imagemaps, and text boxes), then don't hack up a GUI for that. They are a pain in the ass to code, and it's a lot easier to just use an existing browser. I've coded stuff up to 15k lines with the browser approach, but usually only about 2-3k are the front end, and most of the rest is the guts of the application.
--sam
They have a config file which specifies all manner of password combos (letters/numbers appended, syllables flipped, words reversed); it should provide a comprehensive list of possibilities if you want to roll your own library. If you are doing a dictiionary check, make sure that you use a password cracking dictionary not a spell checking one. Password cracking dicts (as opposed to /usr/dict/words) have profanity and easy nonsense like asdfghjkl and 1234abcd. You can probably use the data files from Crack or John the Ripper in a Java system.
--sam
The whole even/odd thing is even cooler for me, as my birthday was 11/19 and my mom's birthday is today. (I was 1976, she was 1950 though).
heh,
--sam
I'm reading this late saturday (too much Pharaoh), but friday was my birthday. I turned 23, on the only odd day in our generation. visions of illuminati dance through my head.
--sam
With the recent non-compliance article fresh in my mind, I would urge everybody to write a polite but firm email indicating their disappointment in using shockwave for this site, as it's unviewable to linux users. I would indicate in this email your distaste for the proprietary provisions, and it's impact on your buying decision. I'm not going to buy anything online that doesn't have more information about it, and there is currently no way of getting that information for this item.
--sam
I've written a bunch of CGI scripts for my job, and all of them have been in perl. I've written code for classes in other languages, but perl rules the roost in cgi for the following reasons:
Now an argument can be made that other interpreted languages have a lot of these advantages (python springs to mind), but I don't know of any that are as fast as perl, or have as large a base of existing code. It's interesting that in the original CGI demo by NCSA, they use C for their scripts, but everything else that I've seen is in perl. In short, I'd recommend C only after you written it in perl and determined that execution time is a significant chunk of the total latency. The rules of thumb in UI design are:
hope this is helpful,
--sam
- Recompile your kernel with ip firewalling support.
- add the following two lines to your boot scripts:
- ipchains -P input allow
- ipchains -A input deny -s doubleclick.com
this is sans manpage, see ipchains(8) for more details.--sam
- My typing speed didn't noticably improve. I was pretty fast on qwerty, and I'm pretty fast on dvorak.
- My hands don't bother me (RSI stuff) as much when I use dvorak, I think it's cause I'm not stretching all over the keyboard
- if you are in an environment where you are using other peoples boxen (e.g. sysadmin stuff in Windows shop, or university comp labs), then it's a pain until you learn both (which surprisingly took me a good bit longer than just switching)
- It's pretty easy to pop the keys off a normal keyboard and rearrange them in a dvorak arrangement. for an ergo keyboard, you'll need to use stickers or paint.
- It's next to impossible to login (as you can't see your password) with the keyboard set to the wrong setting
- it only took about 2 weeks to forget qwerty and be good on dvorak. it took about 4 months to be comfortable using both,
:-( it's like speaking two languages, it just takes a mind shift when you sit down.
bottom line: if you use your own workstation exclusively, then switch. If you have to hop machines, then stick with Qwerty.--sam