It is worth discussing OS security in terms of exploitable holes found. And before the detractors start coming out in droves saying "the real question is how many days a vulnerability remains unpatched," that's not the real question. That's a question, and it's certainly an important one. But it's not the only important criteria in determining the quality of an OS.
Even if a vulnerability is reported and then fixed quickly, the fact remains that it could've been used for dozens or hundreds (or more) exploits *before* it was reported.
It's not just a matter of "see, look how quickly we can bail water out of the boat." There's also the question of how many holes were in the hull to begin with.
I'm not saying that any particular platform is put together better than any other, just that it is a topic worth discussing.
I had read The C++ Standard Library, by Josuttis, and remembered that in section 6.2.6 he said the following:
"For Boolean elements of a vector, the C++ standard library provides a specialization of vector. The goal is to have a version that is optimized to use less size than a usual implementation of vector for type bool."
I had forgotten that in the next paragraph, the book said: "However, how vector<bool> is implemented is implementation specific."
Mybad. However, the implementations I have used have all treated a vector of booleans as a resizable bit field. At any rate, resizable bit arrays still don't (imho) deserve special status in a language. They should be possible, but not necessarily part of the language proper.
Use std::bitset (for known size at compile time). Or, use std::vector<bool> if you need to resize. (std::vector<bool> is defined to be a special case of std::vector to only take one bit per entry).
Neither are particularly complicated, and bit arrays (imho) do not deserve a special place in the language core.
In general, the language should be as simple as it can possibly be to achieve all it's stated goals. The libraries around the language should be as comprehensive as they can be, however.
Why would a community collaborative project such as Wikipedia even need sponsorship, other than bandwidth fees? (And they don't go through $750K a year in bandwidth fees). There should be little or no administrative overhead, and I've never seen an advertisement for Wikipedia (and don't know a reason why I should expect to).
While freedom of information is a great goal, it's on of the few that I feel doesn't require large monetary contributions, but rather large intellectual contributions.
How much cheaper is cable because of advertisements?
Umm, on the order of 99.9% cheaper. Seriously, the overwhelming majority of costs are paid for by advertising. Consider the difference in production quality (ie, film quality, color quality, etc) of your average PBS show (ie, Painting with Bob Ross, Antique Roadshow) versus the average show on cable (ie, Drawn Together, Chapelle Show, The Daily Show), not to mention the costs of a show on one of the major networks.
Consider what happened with Friends. When the cast of Friends banded together and decided they wanted a million per episode each (~$6M total), NBC said "Sure, no problem." That's because they made $420K per 30-second spot. There are generally 18 of those per 30 minutes, which meant that they made ~$7.56M per episode.
Frankly, I'm willing to tolerate ads and product placement as long as I don't have to pay the actual staggering cost for my entertainment.
If your friends are into 3D programming or game development, I recommend some books about OpenGL.
If your friends are serious about 3D programming, I recommend books about D3D instead. D3D is used in 99% of PC game development studios. An OGL-like API is used on the Gamecube, and the PS2 doesn't have a formal API for graphics, although lots of studios choose to emulate OGL with their own API. Finally, the XBox (obviously) uses a D3D API. That being said, it is much easier for a first-timer into the industry to get a gig with a PC development studio then a console development studio, so *if* you do graphics in the game industry, it's much more likely you will be working with D3D (to start) than with OGL.
Stay away from anything by LaMothe, whether he edited it, wrote it or just wrote the forward. His books are absolutely terrible. I recommend the book Advanced 3D Game Programming with Directx 9.0 by Peter Walsh. Although "Advanced" this is a good treatment on quite a few game programming topics, and is really a good introduction to graphics programming.
If your friend is an advanced graphics programmer, then GPU Gems or GPU Gems II might be more their speed.
Finally, if your friend is interested in game development but not particularly in graphics per se, then the Game Programming Gems series is a must have, at least books 1-3. I cannot vouch for GPG 4 or 5 as I have not read them myself yet.. However, books 1-3 are phenomenal, and are widely used within the game industry.
Actually, ROI is expressed as a percentage above and beyond recoupment. So 100% ROI would be doubling your money (significantly better than sticking that money in a savings account).
On topic, I've no interest in seeing a movie that got 10% at Rotten Tomatoes. That's embarassingly bad and puts the movie in with some truly fine company. (Catwoman, anyone?)
Code is not executed from the heap (data segment), unless you explicitly point the instruction pointer there. This is actually pretty difficult to do. To do it in a standard program run, you would have to write self modifying code. To force a program that otherwise *wouldn't* execute code from the heap, you would first need to corrupt the stack and adjust the return pointer to the pointer at your instruction buffer. But if you can't corrupt the stack, you're still just wasting your time.
To say that self modifying code is a rarity is an understatement in the extreme. There are very, very few applications that do it--you do it only when the cost of a single branch insruction would significantly affect your performance. (Which is to say, virtually never, with the exception of software rendering pipelines).
The first press release you linked (the MS one) mentions that the vulnerability is low, because the heap is dynamic and you would have to overflow on another structure for which you knew the behavior, and then where able to bend some stack corruption out of. Alternatively you could overflow onto another structure that held an arbitrary execution buffer. An analogy here would be that if you're a grain of sand on the beach on the northshore that's about to be overflowed, the neighboring grain of sand is a grain of sand from the beaches of France. Seriously. Scripting could simultaneously be used to help imrpove the odds of a successful exploit, but it absolutely does NOT ensure success. In the wild, I would bet that the chances of a successful infection as a result of looking at a webpage with this problem are approximately 1 in 10,000, if not lower. Even with the heap preparation through scripting.
The second press release is simply being paranoid. They found an overflow exploit, but there's no information to suggest that it could actually be used to execute arbitrary code.
A little knowledge is very dangerous. Knowing how C++ compiles programs to fit into the assembly model would be very beneficial knowledge for anyone conisdering how buffer overflows can be used to seize control of a computer.
Buffer overflows by themselves are NOT the problem. They are only (consistently) problematic when they occur in the stack. In the heap, they are little more than nuisances (in the 99.99% case).
True! A perfect example are the BITV5HEADER structures, which are not true C structures at all, but instead use dangling stuff.
However, I always explicitly initialize those to the type I'm using... Any code that uses them will do the same. I'm not going to accept a COM/Corba or RPC object of a Bitmap object with the header already filled out.
Insightful? Clearly moderated by people who don't code for a living.
Okay, first off, your code (as mentioned by the other poster) isn't legal C or C++. But let's fix it and discuss it how I'm sure you *meant*.
So here's the correct code: struct foo {
int length;
char* buffer; };
Now then, you argue that this is problematic because it's allocated dynamically, based on what someone else told me the size was.
Actually, this struct doesn't appear in the Win32 or the MFC API anywhere (nor does anything that looks significantly like it), but more importantly, this kind of struct will *never* be a problem. Let's consider all of the cases:
1) length is too large to allocate a buffer for. The code throws a bad_alloc exception when buffer = new char[length] is called. 2) length is negative. new takes unsigned integers for allocation, so the value is actually very large and positive. The bad_alloc will be thrown in this case too. 3) length is zero. I get a pointer to memory that is 0 bytes long. 4) length is valid. We allocate a proper amount of space and away we go.
Let's assume for a second though that someone gives me the buffer pointer *and* the length. 1) length is the correct size (no issue). 2) length is too small for the buffer (no issue, but I am wasting memory). 1) length is larger than buffer actually is long. I write out of bounds, but in the heap. This will likely result in a crash, but NOT in an exploit. This struct could be anywhere in memory, but it will not overwrite the stack, which would be necessary to execute arbitrary code.
Buffer overflows are only a problem when the buffer exists on the stack. In the heap, buffer overflows will result in a crash, or possibly undefined behavior. But on the modern PC, it would be impossible to use a buffer overflow in the heap to reliably execute arbitrary code.. Unless the coder in question was doing something really, really stupid (like executing code from an arbitrary instruction buffer in their structure, which you conveniently just overwrote). Fortunately for us, MS does not do anything of that nature.
For reference, buffer overflows occur when someone does something like this:
void GetAddress(char *& streetName, char* fullAddress) {
char buffer[25];// No one will ever give us input longer than this!
sprintf(buffer, fullAddress);// Possible overflow
streetName = new char[strlen(buffer) + 1];
strcpy(streetName, buffer);
I absolutely agree with you--if the choice I'd made was "execute this arbitrary executable that I've downloaded off the internet." I didn't. I said to launch a program with a file as a command line argument. I trust the author of the program I'm launching with to deal with files wrong file type.
As others have pointed out, the website could *still* lie. If the website said it was a torrent, and I told my browser to automatically launch torrents and the file was in fact a trojan disguised as a torrent, I'd *still* be boned.
Plus, as I indicated, I have no intention of verifying that a file that claims to be a torrent file is actually a torrent. Thus, the extra click that I have to go through is not benefitting anyone, least of all me. It's irritating but doesn't provide any additional security because the burden of security in this case is too high to be useful.
If FF is really concerned about this, then they should provide a framework that would let me verify the type is actually what it says it is, and then still launch the appropriate action automatically under the covers. (In other words, allow plugins that *only* verify that a file of a particular extension is in fact a type of the expected type, or determine what the expected type is).
That worked... So can you explain a bit further why FF doesn't always open torrents that way? Why does it matter that the file is binary?
Does it think if the file is binary that I may look at it with my hex editor to ensure that yes, that really is a well formed torrent file?
I'd understand if there was some confusion about the file, but in this case there doesn't seem to be any. (It's not like FF pops up a dialog and says "Hey, this could be any of the 5 following types, but I'm not sure which so please choose the correct one and I'll go along with it).
Or maybe I just haven't figured out how to get it to work properly (please correct me if I'm wrong).
When I click "Automatically do this for files of this type", stop showing me the prompt box for what to do with this file everytime the file comes up!
This happens a lot, especially with Torrent files. I tell firefox to launch Azureus whenever it sees a torrent. I tell it to always do this automatically for me. What does it do? It prompts me for every godamn torrent file as to whether is should save it or launch it into Azureus.
I torrent a lot of stuff, so this is really, really annoying.
Engineers don't need more clout than salespeople, anymore than salespeople shouldn't get more clout than engineers. To have a company that really, really shines, you need the best of both.
The funny thing about mediocre sales people is that they see mediocre engineers, and don't understand what the big deal is. Meanwhile, the mediocre engineer sees the mediocre sales guy, and *also* doesn't understand the big deal.
Meanwhile, the talented engineers and sales people look at the other side and know that they couldn't do that job nearly as well as the person they are looking at.
The companies that are currently ridiculously succesful are the ones that recognize that employees are their greatest asset.
Re:Houston, we have a busted/confirmed myth
on
Ask The Mythbusters
·
· Score: 1
I'm totally with you on the first two...
But I've actually *been* cowtipping. Me. And friends of mine. My mom has a farm, there are cows in the pasture, they doze while standing and with 2-3 guys, you can tip them over. I've seen the article that 'disproves' cowtipping, but frankly, it doesn't agree with my experience.
Nor does it agree with my girlfriend's experience, who has also been on successful cow-tipping excursions.
As has been mentioned time and time again, the state AG is suing Sony on behalf of the state of Texas. The salaried state AG. The one who doesn't work on commission. The one who isn't ever going to be a rich lawyer as long as he continues to work for the state of Texas.
His cut of the proceeds of the case will be zero dollars, just like every other case he prosecutes. The moeny will go directly to the state of Texas. It will not be divied up among complainants, so there will be no 33% to the lawyers and 67% to the millions of people across the state. It'll be 100% to the state, to go into the public coffers to be used on public works projects. Last time I checked, public works benefit the public, so I think we'll be pleased as pie down here in Texas if the settlement goes our way.
This information is all publicly available on the state AG's website, as well as through literature available directly from their office, from the Texas constitution, and from the office of the governor.
His post didn't get marked down because we didn't like what he had to say. His post got marked down because he had nothing of value to add to the conversation having not read the article and not understanding the fundamentals of this paritcular action. Just as you have demonstrated.
I realize--in your rush to post first--that "facts" are irrelevant to you..
But the State of Texas (you know, the State Attorney General, in representation of the State of Texas and its citizens) is suing Sony. If the lawsuit is won, than the money goes into the coffers of the state of Texas, which will result in an increase in public works, which *does* benefit us.
Sometimes/. makes me wish there was an 'idiot' moderation, or at least a 'first post' moderation. In this case, a mere glance at the first sentence of the article would've made it clear that this was an action taken by the state to protect its citizens.
If you're going to attempt to flame, at least use your handle. AC flaming is just pathetic.
First off, I filter all comments below 1. Second, I browse highest point value first. Third, I can use bold too!
You win the internet. 0/10 on the troll-o-meter.
There's much better comparisons out there...
on
Blog Software Smackdown
·
· Score: 5, Informative
I used the comparison over at asymptotic.net when looking for the blog software for my site. It compares pretty much everything under the sun, in a neat, well defined table with an excellent legend.
I think the breakdown there is a lot better than the one listed in the article. YMMV.
Slashdot Mirror
Thank you.
Last I checked, 35mm was approximately 3500-4000 DPI. That's significantly more than even the latest digital cameras.
It is worth discussing OS security in terms of exploitable holes found. And before the detractors start coming out in droves saying "the real question is how many days a vulnerability remains unpatched," that's not the real question. That's a question, and it's certainly an important one. But it's not the only important criteria in determining the quality of an OS.
Even if a vulnerability is reported and then fixed quickly, the fact remains that it could've been used for dozens or hundreds (or more) exploits *before* it was reported.
It's not just a matter of "see, look how quickly we can bail water out of the boat." There's also the question of how many holes were in the hull to begin with.
I'm not saying that any particular platform is put together better than any other, just that it is a topic worth discussing.
Whoops!
I had read The C++ Standard Library, by Josuttis, and remembered that in section 6.2.6 he said the following:
"For Boolean elements of a vector, the C++ standard library provides a specialization of vector. The goal is to have a version that is optimized to use less size than a usual implementation of vector for type bool."
I had forgotten that in the next paragraph, the book said: "However, how vector<bool> is implemented is implementation specific."
Mybad. However, the implementations I have used have all treated a vector of booleans as a resizable bit field. At any rate, resizable bit arrays still don't (imho) deserve special status in a language. They should be possible, but not necessarily part of the language proper.
Bit-arrays
Use std::bitset (for known size at compile time). Or, use std::vector<bool> if you need to resize. (std::vector<bool> is defined to be a special case of std::vector to only take one bit per entry).
Neither are particularly complicated, and bit arrays (imho) do not deserve a special place in the language core.
In general, the language should be as simple as it can possibly be to achieve all it's stated goals. The libraries around the language should be as comprehensive as they can be, however.
Why would a community collaborative project such as Wikipedia even need sponsorship, other than bandwidth fees? (And they don't go through $750K a year in bandwidth fees). There should be little or no administrative overhead, and I've never seen an advertisement for Wikipedia (and don't know a reason why I should expect to).
While freedom of information is a great goal, it's on of the few that I feel doesn't require large monetary contributions, but rather large intellectual contributions.
I'll keep giving my money to Child's Play, The Red Cross, and Doctors without Borders.
"You're an idiot"
My favorite:
;-)
"Why in the world would you think your (cell) phone would work in your house?"
(Ivan Seidenberg, CEO of Verizon)
What an idiot. For that reason alone, I'll never sign up with Verizon while he's in charge. Hey Ivan, can you hear me now?
(Link to the originating article)
PS: If this pops up on the Wired page, it's cause I posted there. I ain't no plagiarist.
You know, if you're going to steal an article, verbatim, from wikipedia.org, the least you could do is cite a reference to it.
But in the future, maybe you should just post a link to the article instead.
-1, Plagiarised for you.
That also explains their immense popularity outside the 'toy problem' arena.
...is that a hardware vendor is releasing drivers for free?
Welcome to 2005, I realize things must be strange for you considering you've been frozen since 1930...
How much cheaper is cable because of advertisements?
Umm, on the order of 99.9% cheaper. Seriously, the overwhelming majority of costs are paid for by advertising. Consider the difference in production quality (ie, film quality, color quality, etc) of your average PBS show (ie, Painting with Bob Ross, Antique Roadshow) versus the average show on cable (ie, Drawn Together, Chapelle Show, The Daily Show), not to mention the costs of a show on one of the major networks.
Consider what happened with Friends. When the cast of Friends banded together and decided they wanted a million per episode each (~$6M total), NBC said "Sure, no problem." That's because they made $420K per 30-second spot. There are generally 18 of those per 30 minutes, which meant that they made ~$7.56M per episode.
Frankly, I'm willing to tolerate ads and product placement as long as I don't have to pay the actual staggering cost for my entertainment.
If your friends are into 3D programming or game development, I recommend some books about OpenGL.
If your friends are serious about 3D programming, I recommend books about D3D instead. D3D is used in 99% of PC game development studios. An OGL-like API is used on the Gamecube, and the PS2 doesn't have a formal API for graphics, although lots of studios choose to emulate OGL with their own API. Finally, the XBox (obviously) uses a D3D API. That being said, it is much easier for a first-timer into the industry to get a gig with a PC development studio then a console development studio, so *if* you do graphics in the game industry, it's much more likely you will be working with D3D (to start) than with OGL.
Stay away from anything by LaMothe, whether he edited it, wrote it or just wrote the forward. His books are absolutely terrible. I recommend the book Advanced 3D Game Programming with Directx 9.0 by Peter Walsh. Although "Advanced" this is a good treatment on quite a few game programming topics, and is really a good introduction to graphics programming.
If your friend is an advanced graphics programmer, then GPU Gems or GPU Gems II might be more their speed.
Finally, if your friend is interested in game development but not particularly in graphics per se, then the Game Programming Gems series is a must have, at least books 1-3. I cannot vouch for GPG 4 or 5 as I have not read them myself yet.. However, books 1-3 are phenomenal, and are widely used within the game industry.
Actually, ROI is expressed as a percentage above and beyond recoupment. So 100% ROI would be doubling your money (significantly better than sticking that money in a savings account).
r eturnoninv.htmt ml
Reference:
http://management.about.com/cs/adminaccounting/g/
http://en.wikipedia.org/wiki/Return_on_investment
http://www.valuebasedmanagement.net/methods_roi.h
On topic, I've no interest in seeing a movie that got 10% at Rotten Tomatoes. That's embarassingly bad and puts the movie in with some truly fine company. (Catwoman, anyone?)
The problem (in more detail) is as follows:
Code is not executed from the heap (data segment), unless you explicitly point the instruction pointer there. This is actually pretty difficult to do. To do it in a standard program run, you would have to write self modifying code. To force a program that otherwise *wouldn't* execute code from the heap, you would first need to corrupt the stack and adjust the return pointer to the pointer at your instruction buffer. But if you can't corrupt the stack, you're still just wasting your time.
To say that self modifying code is a rarity is an understatement in the extreme. There are very, very few applications that do it--you do it only when the cost of a single branch insruction would significantly affect your performance. (Which is to say, virtually never, with the exception of software rendering pipelines).
The first press release you linked (the MS one) mentions that the vulnerability is low, because the heap is dynamic and you would have to overflow on another structure for which you knew the behavior, and then where able to bend some stack corruption out of. Alternatively you could overflow onto another structure that held an arbitrary execution buffer. An analogy here would be that if you're a grain of sand on the beach on the northshore that's about to be overflowed, the neighboring grain of sand is a grain of sand from the beaches of France. Seriously. Scripting could simultaneously be used to help imrpove the odds of a successful exploit, but it absolutely does NOT ensure success. In the wild, I would bet that the chances of a successful infection as a result of looking at a webpage with this problem are approximately 1 in 10,000, if not lower. Even with the heap preparation through scripting.
The second press release is simply being paranoid. They found an overflow exploit, but there's no information to suggest that it could actually be used to execute arbitrary code.
A little knowledge is very dangerous. Knowing how C++ compiles programs to fit into the assembly model would be very beneficial knowledge for anyone conisdering how buffer overflows can be used to seize control of a computer.
Buffer overflows by themselves are NOT the problem. They are only (consistently) problematic when they occur in the stack. In the heap, they are little more than nuisances (in the 99.99% case).
True! A perfect example are the BITV5HEADER structures, which are not true C structures at all, but instead use dangling stuff.
However, I always explicitly initialize those to the type I'm using... Any code that uses them will do the same. I'm not going to accept a COM/Corba or RPC object of a Bitmap object with the header already filled out.
Insightful? Clearly moderated by people who don't code for a living.
// No one will ever give us input longer than this! // Possible overflow
// Improved : sprintf(buffer, "%s", fullAddress); // More Improved : snprintf(buffer, 25, "%s", fullAddress);
Okay, first off, your code (as mentioned by the other poster) isn't legal C or C++. But let's fix it and discuss it how I'm sure you *meant*.
So here's the correct code:
struct foo {
int length;
char* buffer;
};
Now then, you argue that this is problematic because it's allocated dynamically, based on what someone else told me the size was.
Actually, this struct doesn't appear in the Win32 or the MFC API anywhere (nor does anything that looks significantly like it), but more importantly, this kind of struct will *never* be a problem. Let's consider all of the cases:
1) length is too large to allocate a buffer for. The code throws a bad_alloc exception when buffer = new char[length] is called.
2) length is negative. new takes unsigned integers for allocation, so the value is actually very large and positive. The bad_alloc will be thrown in this case too.
3) length is zero. I get a pointer to memory that is 0 bytes long.
4) length is valid. We allocate a proper amount of space and away we go.
Let's assume for a second though that someone gives me the buffer pointer *and* the length.
1) length is the correct size (no issue).
2) length is too small for the buffer (no issue, but I am wasting memory).
1) length is larger than buffer actually is long. I write out of bounds, but in the heap. This will likely result in a crash, but NOT in an exploit. This struct could be anywhere in memory, but it will not overwrite the stack, which would be necessary to execute arbitrary code.
Buffer overflows are only a problem when the buffer exists on the stack. In the heap, buffer overflows will result in a crash, or possibly undefined behavior. But on the modern PC, it would be impossible to use a buffer overflow in the heap to reliably execute arbitrary code.. Unless the coder in question was doing something really, really stupid (like executing code from an arbitrary instruction buffer in their structure, which you conveniently just overwrote). Fortunately for us, MS does not do anything of that nature.
For reference, buffer overflows occur when someone does something like this:
void GetAddress(char *& streetName, char* fullAddress)
{
char buffer[25];
sprintf(buffer, fullAddress);
streetName = new char[strlen(buffer) + 1];
strcpy(streetName, buffer);
0;
0;
}
But the best would've been to do it like this:
void GetAddress(char *& streetName, char* fullAddress)
{
int requiredBufferSize = snprintf(0, 0, "%s", fullAddress) + 1;
streetName = new char[requiredBufferSize];
snprintf(streetName, requiredBufferSize, "%s", fullAddress);
}
Or to not use C style reading at all.
I absolutely agree with you--if the choice I'd made was "execute this arbitrary executable that I've downloaded off the internet." I didn't. I said to launch a program with a file as a command line argument. I trust the author of the program I'm launching with to deal with files wrong file type.
As others have pointed out, the website could *still* lie. If the website said it was a torrent, and I told my browser to automatically launch torrents and the file was in fact a trojan disguised as a torrent, I'd *still* be boned.
Plus, as I indicated, I have no intention of verifying that a file that claims to be a torrent file is actually a torrent. Thus, the extra click that I have to go through is not benefitting anyone, least of all me. It's irritating but doesn't provide any additional security because the burden of security in this case is too high to be useful.
If FF is really concerned about this, then they should provide a framework that would let me verify the type is actually what it says it is, and then still launch the appropriate action automatically under the covers. (In other words, allow plugins that *only* verify that a file of a particular extension is in fact a type of the expected type, or determine what the expected type is).
That worked... So can you explain a bit further why FF doesn't always open torrents that way? Why does it matter that the file is binary?
Does it think if the file is binary that I may look at it with my hex editor to ensure that yes, that really is a well formed torrent file?
I'd understand if there was some confusion about the file, but in this case there doesn't seem to be any. (It's not like FF pops up a dialog and says "Hey, this could be any of the 5 following types, but I'm not sure which so please choose the correct one and I'll go along with it).
Or maybe I just haven't figured out how to get it to work properly (please correct me if I'm wrong).
When I click "Automatically do this for files of this type", stop showing me the prompt box for what to do with this file everytime the file comes up!
This happens a lot, especially with Torrent files. I tell firefox to launch Azureus whenever it sees a torrent. I tell it to always do this automatically for me. What does it do? It prompts me for every godamn torrent file as to whether is should save it or launch it into Azureus.
I torrent a lot of stuff, so this is really, really annoying.
Engineers don't need more clout than salespeople, anymore than salespeople shouldn't get more clout than engineers. To have a company that really, really shines, you need the best of both.
The funny thing about mediocre sales people is that they see mediocre engineers, and don't understand what the big deal is. Meanwhile, the mediocre engineer sees the mediocre sales guy, and *also* doesn't understand the big deal.
Meanwhile, the talented engineers and sales people look at the other side and know that they couldn't do that job nearly as well as the person they are looking at.
The companies that are currently ridiculously succesful are the ones that recognize that employees are their greatest asset.
I'm totally with you on the first two...
But I've actually *been* cowtipping. Me. And friends of mine. My mom has a farm, there are cows in the pasture, they doze while standing and with 2-3 guys, you can tip them over. I've seen the article that 'disproves' cowtipping, but frankly, it doesn't agree with my experience.
Nor does it agree with my girlfriend's experience, who has also been on successful cow-tipping excursions.
Your post also deserves the '-1, Idiot' rating.
As has been mentioned time and time again, the state AG is suing Sony on behalf of the state of Texas. The salaried state AG. The one who doesn't work on commission. The one who isn't ever going to be a rich lawyer as long as he continues to work for the state of Texas.
His cut of the proceeds of the case will be zero dollars, just like every other case he prosecutes. The moeny will go directly to the state of Texas. It will not be divied up among complainants, so there will be no 33% to the lawyers and 67% to the millions of people across the state. It'll be 100% to the state, to go into the public coffers to be used on public works projects. Last time I checked, public works benefit the public, so I think we'll be pleased as pie down here in Texas if the settlement goes our way.
This information is all publicly available on the state AG's website, as well as through literature available directly from their office, from the Texas constitution, and from the office of the governor.
His post didn't get marked down because we didn't like what he had to say. His post got marked down because he had nothing of value to add to the conversation having not read the article and not understanding the fundamentals of this paritcular action. Just as you have demonstrated.
I realize--in your rush to post first--that "facts" are irrelevant to you..
/. makes me wish there was an 'idiot' moderation, or at least a 'first post' moderation. In this case, a mere glance at the first sentence of the article would've made it clear that this was an action taken by the state to protect its citizens.
But the State of Texas (you know, the State Attorney General, in representation of the State of Texas and its citizens) is suing Sony. If the lawsuit is won, than the money goes into the coffers of the state of Texas, which will result in an increase in public works, which *does* benefit us.
Sometimes
If you're going to attempt to flame, at least use your handle. AC flaming is just pathetic.
First off, I filter all comments below 1. Second, I browse highest point value first. Third, I can use bold too!
You win the internet. 0/10 on the troll-o-meter.
I used the comparison over at asymptotic.net when looking for the blog software for my site. It compares pretty much everything under the sun, in a neat, well defined table with an excellent legend.
I think the breakdown there is a lot better than the one listed in the article. YMMV.