EDS's heart is in the right place, but their remark "The new Linux environment provides a level of security and stability unavailable elsewhere.", is incorrect.
{Free,Open,Net}BSD provide no less security and reliability than Linux. You certainly cannot forkbomb them to death, for instance, whereas that's true of some Linux distros.
It looks like a patent on the method of displaying that information, and the UI that allows someone to enter the data for trades simply. We're not talking "look and feel" here -- it is something like a can opener or drill bit, and they have a patent on it. Clean room reimplementation won't save you (nor will ignorance of their patent). They "own" that method of communicating with the market.
It is as if someone patented a special kind of interactive graph: copy that and you have copied the thing, no matter how it is implemented. They have patented the "device" that allows you to view and interact with the market easily.
[Didn't SGI and other "VR" companies patent that stuff already? I'm surprised it was novel.]
E.g. buy used books at Amazon: it somehow lines the books up, in a cool way that makes it easy to choose a book (single axis).
But imagine if it was multi-axis: condition/price/time-to-ship. So you display it in a "cube" -- and a click gets you a single tchotchke, and two clicks get you the whole plane of tchotchky that section it at that point. You patent that display and simple method of buying tchotchky.
Ebay does the same thing, you tell them, "That's my graph. Pay up. Don't even be lookin' ats ma graph 'less you pay up, biatch! I wants ma money...."
Can anywhere really have a worse meth problme than Spokane (aka Spo-can't)?
Let's see how this experiment works for Google. I'm betting they are simply not used to the cheap but crappy services that prevail outside of Silicon Valley! Incompetence is the norm.
E.g. ISP cuts you off for a whole weekend.
Maybe you get an "Oooops" or a "sorry" -- but it could easily happen again next weekend.
People are smarter in The Valley. Standards are higher. People out here won't even call you back. They don't want to make money. Hence, "Spo-can't".
If only The Valley wasn't so expensive, crowded, ugly, grimey and crimey, and if CA had a better tax/liability system.
If Windows CE has the same message queue (and no extra protections to prevent one app from sending an arbitrary message to another app), don't you still have the shatter exploit?
Also, the shatter exploit isn't a remote exploit, but you say that because of that it doesn't matter?!?
That doesn't make sense; if you have a remote vulnerability that allows someone to implement a shatter exploit, any sort of remote exploit becomes (via composition) a remote, rootable exploit. Also, your own users are the ones to really worry about -- the guy who does the shatter exploit may be working for you. He doesn't have to be remote.
I think the attitude that you have towards exploits explains why MS security is so bad.
And what does 64 bits have to do with it anyway? That isn't logical either. So 32 bits bad, but 33 bits good? 59 bits bad, but 60 bits good? Where does it become good? In the transition from 63 to 64 bits?
When MS users are still suffering from horrific exploits, are you going to argue that with 128 bits things will be really nice? Its just that 64 bits isn't enough to do real security -- you need 128 bits for that. Or maybe 69 bits. Whatever -- more bits.
Why doesn't Billy just fix his 32 bits, like the OpenBSD team does?
If the windowing system is part of the kernel (and I believe it is), Windows NT is insecure, as already demonstrated so decisively. And yes, the integration of ActiveX has resulted in a huge hole (e.g. the stuff MS Blaster exploits).
That's what I meant by insecure.
I use OpenBSD. I wouldn't use Linux, but I would use another BSD (or perhaps even the NT kernel, if they fixed the two aforementioned holes).
Windows CE doesn't sound like it is so awful now. But if you can still do the shatter exploit, that's shoddy, and I'd wait until they rewrite it again, with feeling.
I fear Americans would continue to build Big n' Crappy houses. The reduction in price would mean Bigger n' Crappier houses. Paul Graham mentions this American school of design in his essay.
Maybe some would use the technique to make hobbit-like houses and so on. But we'd see a lot of 5-car garages.
Have you ever tried to buy an airplane ticket? They do exactly the same thing, but more galling and arbitrary. E.g. stay the weekend (not a business traveler) -- it is cheaper.
In and out -- you pay a lot.
People somehow accept this as if it is OK, but for many people, I suspect they lose more money to air travel price discrimination than they do to HP's printers. (not that I'm trying to excuse this behavior!) People seem bothered by how it is done, not by the utility or disutility of it all.
When I read about Fiji computers having different power supplies (so that US computers blow up in Fiji if you plug them in) -- I'm not shocked, surprised and hurt. Could be an honest mistake, way to shave a few pennies, etc. I didn't take that personally.
But the fact that HP uses hardware/software to do more lock-in than existed previously is what really galls people. It is somehow more "in your face" and nasty. A totally willful decision on the part of HP.
For this reason, I didn't buy an inkjet -- I bought a laser printer. But I did buy an HP even though I knew they were doing this to inkjet buyers. I know this isn't consistent; I somehow fed the damn beast. I just took the easy way out. There is no GNU-printer or I probably would have got that.
If you say "tribe A is stupider than tribe B", that can get you fined/jailed/banned in Canada, Germany, France, UK, etc. Those are supposedly free countries. Defenses based on truth are not allowed.
The USA, in this regard, is free, as we both know.
They do this all the time. Not having a tradition of Common Law, they fall on the wrong side of this all the time.
Thank God for the First Amendment. For those of you not from the US of A, it guarantees freedom of expression in the most absolute terms. Short of something that incites violence (e.g. "let's kill him") or yelling "fire" in a crowded theater, it is OK. The Pentagon Papers case essentially destroyed "prior restraint" for national secrutiy reasons (as practiced in Britain).
Even countries that are supposedly as free as the USA are actually not. Politically incorrect things like "tribe A is stupider than tribe B" will get you put in jail.
I'm reminded of the theme song from "Team America: World Police". Too rude to print here, it would probably get you put in jail in some countries.
Only America could produce someone like "Ol' Dirty Bastard".
OpenBSD (and NetBSD and FreeBSD) have a better security track record than Linux or Windows.
When OpenBSD people find a bug, the audit the code and look for other instances of the same flaw. The perfectionist attitude is quite refreshing.
The OpenBSD team is like a bunch of border collies, compulsively working to keep the rest of us safe.
I wish more people prioritized security over rich features and convenience (there isn't any real reason to do so). Thank goodness that the OpenBSD people do what they do! What a thankless job.
Re:SSL, man-in-the-middle, and admin access
on
Given Up to Spyware?
·
· Score: 1
I checked and got this:
HTTP/1.1 200 OK Date: Tue, 07 Dec 2004 07:53:16 GMT Server: 4D_WebSTAR_S/5.3.0 (MacOS X) Connection: Close Accept-Ranges: bytes Last-Modified: Mon, 06 Dec 2004 22:29:05 GMT
So it looks like OS X is now their choice.
Re:SSL, man-in-the-middle, and admin access
on
Given Up to Spyware?
·
· Score: 1
The fact that they get you to willingly submit to a permanent man-in-the-middle attack is so incredibly heinous!
If you can compromise security at Marketscore, you get your hands on everything!
Horrifically, looks like they are using the least secure webserver at marketscore.com (got from netcraft.com):
Windows 2000 Microsoft-IIS/5.0 10-Sep-2004 66.119.41.71 Savvis Windows 2000 Microsoft-IIS/5.0 21-Jul-2004 66.119.41.71 Savvis Windows 2000 Microsoft-IIS/5.0 17-Jul-2003 66.119.41.71 Savvis Windows 2000 unknown 16-Jul-2003 66.119.41.71 Savvis Windows 2000 Microsoft-IIS/5.0 30-Oct-2002 66.119.41.71 Savvis Windows 2000 Microsoft-IIS/5.0 14-Feb-2002 216.182.194.3 Comscore
Re:Another scripting language
on
RAD with Ruby
·
· Score: 1
What in particular were you trying to do with scsh that was so slow? Depending on what you were doing, it might be spending time in scsh or scheme-48 code.
The speed of Scheme-48 is around that of the Java machine without JIT (because they are both byte-code compiled).
Although that is slower than something that compiles to efficient native instructions, it is fast enough for most cases. But scsh's speed should be faster than the purely interpreted languages you might replace it with (sh, ruby?, python?).
If I have a performance problem, it normally solvable via better Scheme programming.
Re:Another scripting language
on
RAD with Ruby
·
· Score: 1
Isn't this below valid Ruby? Looks like a first class function to me. this
210 # File is a subclass of IO. "foreach" is a class method 211 # that opens the file, executes the block of code once 212 # for each line, and closes the file. 213 IO.foreach(ARGV[0]) { | line | 214 line.chomp!() 215 puts "insert into table values (" 216 print "\t'" 217 print line.split(/,/).join("',\n\t'") 218 puts "'\n)" 219 }
Blocks look first class to me -- they are passed as arguments. This tells me Ruby is like Scheme, but with an object system. You may argue that blocks are not meant to be used by lambda, but that is an aspect of style and typical Ruby programs, not the meaning of the language. However, the fact that Ruby has no formal semantics prevents us from really talking about meanings of programs. This isn't meant to be a slight of Ruby, b.t.w. There is no formal semantics for C/C++ either, and those are pretty popular.
One advantage of Scheme is that you can take your pick of object systems, if you want one. They are all pretty tiny too. You are not stuck with the tradeoffs made by Ruby's system.
However, if Ruby is just scheme with an object system and different syntax, they are quite similar.
Calling Scheme primarily functional doesn't make sense. Typical scheme programs are functional, but the presence of set! means that the language is definitely not functional.
Another scripting language
on
RAD with Ruby
·
· Score: 3, Interesting
I'm quite partial to scsh.
I mention this because I understand Ruby's semantics are like Scheme (but the syntax is different, or we'd call it a Scheme).
The intro from the scsh paper (Olin Shivers) convinced me to try it out:
"Shell programming terrifies me. There is something about writing a simple shell script that is just much, much more unpleasant than writing a simple C program, or a simple COMMON LISP program, or a simple Mips assembler program..."
He's not talking about a simple shell program (like "rm -fr/") -- but something with variables, control flow, conditionals, etc.
Something that really bugs me: cars cause pollution. Fine -- tax all cars, to remedy those whose lives are ruined by pollution.
But phone service doesn't cause more 911 calls, nor directly create more poor people (who now need money, so that they can have a subsidised phone).
I'm referring my two peeves on the phone bill: 911 service and so-called "Universal Service Fund" phone service (taxes to pay for phone service for the poor).
If we want to be fair about 911 service, perhaps we should tax proportional to the benefit of 911 service -- e.g. tax the high-crime neighborhoods. Ask any cop where the 911 calls come from - he can tell you who needs to pay for the service. If you are going to call this "mean", how "nice" is it that I have to pay for calls generated by crime-ridden neighborhoods, and I have no way to mitigate things?
The Universal Service Fund (USF) -- the you have money, so you must pay for those that don't have money -- is the most un-American thing on the phone bill.
Imagine someone invents something new -- like a bicycle. "USF" bicycle service would say that if you ride a bike, you need to pay into a fund, to provide "affordable bicycle service" to those too poor to get a bike.
But it is arbitrary too -- you can duck the wealth-redistribution by getting a skateboard (where there is no USF, which applies to bikes only).
If you're too poor to afford a phone, just open your window and yell. Write a letter. Do whatever you did before the device existed. Keep your hand out of my pocket.
I worked for a company founded by some EA guys, and also for another electronic entertainment company (run by non-EA people); I know something about this industry.
When I got hired, they were always upfront about the killer hours. I agreed to them because I wanted the work. I didn't do it for money: I wanted to do the job.
I worked 2 weeks straight (didn't go home) at one place; this was OK with me. I worked 3 weeks straight at another place. All voluntary.
The company was amazing to me because of the tolerance of all kinds of oddities -- as long as we were on schedule. This was in contrast to other environments that were less productivity oriented, where dress and hours were regulated. This matters: in one environment, you don't have nerf fights and your pay and hours are constant, regardless of productivity. In another, you have fun, but you take the schedule risk.
If I was a manager and people started talking "comp time" and "exempt", I'd point out: no dress code, no fixed hours -- just deliver the results when you said you would -- or quit, please, so that the rest of us can get on with the project.
Really, if you want comp time and overtime, you'd better get a job at the Post Office or in a Detroit-area auto manufacturer. Working in games? Negotiate your pay as if you'll be working 12 hours, seven days a week when you are behind schedule.
Personally, if there is going to be a lawsuit, why not one over the mental suffering caused when the publisher kills your title, and you see that a year or more of your work is worthless? That's got to be one of the most devastating work experiences I've ever had -- not the long hours.
Slashdot Mirror
EDS's heart is in the right place, but their remark "The new Linux environment provides a level of security and stability unavailable elsewhere.", is incorrect.
{Free,Open,Net}BSD provide no less security and reliability than Linux. You certainly cannot forkbomb them to death, for instance, whereas that's true of some Linux distros.
It looks like a patent on the method of displaying that information, and the UI that allows someone to enter the data for trades simply. We're not talking "look and feel" here -- it is something like a can opener or drill bit, and they have a patent on it. Clean room reimplementation won't save you (nor will ignorance of their patent). They "own" that method of communicating with the market.
It is as if someone patented a special kind of interactive graph: copy that and you have copied the thing, no matter how it is implemented. They have patented the "device" that allows you to view and interact with the market easily. [Didn't SGI and other "VR" companies patent that stuff already? I'm surprised it was novel.]
E.g. buy used books at Amazon: it somehow lines the books up, in a cool way that makes it easy to choose a book (single axis).
But imagine if it was multi-axis: condition/price/time-to-ship. So you display it in a "cube" -- and a click gets you a single tchotchke, and two clicks get you the whole plane of tchotchky that section it at that point. You patent that display and simple method of buying tchotchky.
Ebay does the same thing, you tell them, "That's my graph. Pay up. Don't even be lookin' ats ma graph 'less you pay up, biatch! I wants ma money...."
Here is the first patent: a patent on some bar graphs to display market information.
I guess it is "functional" -- it does something. But that seems pretty shitty and obvious to me. And Click based trading with intuitive grid display of market depth"> is the other patent -- also for a UI.
Can anywhere really have a worse meth problme than Spokane (aka Spo-can't)?
Let's see how this experiment works for Google. I'm betting they are simply not used to the cheap but crappy services that prevail outside of Silicon Valley! Incompetence is the norm.
E.g. ISP cuts you off for a whole weekend.
Maybe you get an "Oooops" or a "sorry" -- but it could easily happen again next weekend.
People are smarter in The Valley. Standards are higher. People out here won't even call you back. They don't want to make money. Hence, "Spo-can't".
If only The Valley wasn't so expensive, crowded, ugly, grimey and crimey, and if CA had a better tax/liability system.
If Windows CE has the same message queue (and no extra protections to prevent one app from sending an arbitrary message to another app), don't you still have the shatter exploit?
Also, the shatter exploit isn't a remote exploit, but you say that because of that it doesn't matter?!?
That doesn't make sense; if you have a remote vulnerability that allows someone to implement a shatter exploit, any sort of remote exploit becomes (via composition) a remote, rootable exploit. Also, your own users are the ones to really worry about -- the guy who does the shatter exploit may be working for you. He doesn't have to be remote.
I think the attitude that you have towards exploits explains why MS security is so bad.
And what does 64 bits have to do with it anyway? That isn't logical either. So 32 bits bad, but 33 bits good? 59 bits bad, but 60 bits good? Where does it become good? In the transition from 63 to 64 bits?
When MS users are still suffering from horrific exploits, are you going to argue that with 128 bits things will be really nice? Its just that 64 bits isn't enough to do real security -- you need 128 bits for that. Or maybe 69 bits. Whatever -- more bits.
Why doesn't Billy just fix his 32 bits, like the OpenBSD team does?
If the windowing system is part of the kernel (and I believe it is), Windows NT is insecure, as already demonstrated so decisively. And yes, the integration of ActiveX has resulted in a huge hole (e.g. the stuff MS Blaster exploits).
That's what I meant by insecure.
I use OpenBSD. I wouldn't use Linux, but I would use another BSD (or perhaps even the NT kernel, if they fixed the two aforementioned holes).
Windows CE doesn't sound like it is so awful now. But if you can still do the shatter exploit, that's shoddy, and I'd wait until they rewrite it again, with feeling.
It is different from normal Windows -- but how different?
Is it really like programming for their desktop version? MFC and all that stupid stuff?
Does it have all the security flaws? Or is it a stripped down kernel that works well (and is secure, because it lacks complex features)?
Thanks.
I fear Americans would continue to build Big n' Crappy houses. The reduction in price would mean Bigger n' Crappier houses. Paul Graham mentions this American school of design in his essay.
Maybe some would use the technique to make hobbit-like houses and so on. But we'd see a lot of 5-car garages.
Horus and Ensemble allow for process groups. Doesn't that do a superset of this stuff? It is open source.
Horus is/was used to run the NYSE, and a prototype radar for the Aegis battlecruisers.
Why is it not good enough?
Have you ever tried to buy an airplane ticket? They do exactly the same thing, but more galling and arbitrary. E.g. stay the weekend (not a business traveler) -- it is cheaper.
In and out -- you pay a lot.
People somehow accept this as if it is OK, but for many people, I suspect they lose more money to air travel price discrimination than they do to HP's printers. (not that I'm trying to excuse this behavior!) People seem bothered by how it is done, not by the utility or disutility of it all.
When I read about Fiji computers having different power supplies (so that US computers blow up in Fiji if you plug them in) -- I'm not shocked, surprised and hurt. Could be an honest mistake, way to shave a few pennies, etc. I didn't take that personally.
But the fact that HP uses hardware/software to do more lock-in than existed previously is what really galls people. It is somehow more "in your face" and nasty. A totally willful decision on the part of HP.
For this reason, I didn't buy an inkjet -- I bought a laser printer. But I did buy an HP even though I knew they were doing this to inkjet buyers. I know this isn't consistent; I somehow fed the damn beast. I just took the easy way out. There is no GNU-printer or I probably would have got that.
From the article:
"No one is immune. Microsoft Corp. Chairman Bill Gates discovered spyware on his personal machine not long ago."
Hoisted by your own petard, biatch!
You misunderstood me.
If you say "tribe A is stupider than tribe B", that can get you fined/jailed/banned in Canada, Germany, France, UK, etc. Those are supposedly free countries. Defenses based on truth are not allowed.
The USA, in this regard, is free, as we both know.
Thanks a lot. I kinda figured this, but I'd heard such bad stuff about OpenBSD's performance relative to FreeBSD, I figured it might still be last.
But have you actually run them youself on similar hardware?
They do this all the time. Not having a tradition of Common Law, they fall on the wrong side of this all the time.
Thank God for the First Amendment. For those of you not from the US of A, it guarantees freedom of expression in the most absolute terms. Short of something that incites violence (e.g. "let's kill him") or yelling "fire" in a crowded theater, it is OK. The Pentagon Papers case essentially destroyed "prior restraint" for national secrutiy reasons (as practiced in Britain).
Even countries that are supposedly as free as the USA are actually not. Politically incorrect things like "tribe A is stupider than tribe B" will get you put in jail.
I'm reminded of the theme song from "Team America: World Police". Too rude to print here, it would probably get you put in jail in some countries.
Only America could produce someone like "Ol' Dirty Bastard".
How does a recent OpenBSD (3.5 or higher) on a typical non-SMP PC compare to a recent NetBSD or FreeBSD?
I hear it is slower but I'm wondering if anyone has any actual experience.
OpenBSD (and NetBSD and FreeBSD) have a better security track record than Linux or Windows.
When OpenBSD people find a bug, the audit the code and look for other instances of the same flaw. The perfectionist attitude is quite refreshing.
The OpenBSD team is like a bunch of border collies, compulsively working to keep the rest of us safe.
I wish more people prioritized security over rich features and convenience (there isn't any real reason to do so). Thank goodness that the OpenBSD people do what they do! What a thankless job.
Use "ECODE" instead of "PRE" or "CODE".
So it looks like OS X is now their choice.
If you can compromise security at Marketscore, you get your hands on everything!
Horrifically, looks like they are using the least secure webserver at marketscore.com (got from netcraft.com):
What in particular were you trying to do with scsh that was so slow? Depending on what you were doing, it might be spending time in scsh or scheme-48 code.
The speed of Scheme-48 is around that of the Java machine without JIT (because they are both byte-code compiled).
Although that is slower than something that compiles to efficient native instructions, it is fast enough for most cases. But scsh's speed should be faster than the purely interpreted languages you might replace it with (sh, ruby?, python?).
If I have a performance problem, it normally solvable via better Scheme programming.
Here's more code for you
Blocks look first class to me -- they are passed as arguments. This tells me Ruby is like Scheme, but with an object system. You may argue that blocks are not meant to be used by lambda, but that is an aspect of style and typical Ruby programs, not the meaning of the language. However, the fact that Ruby has no formal semantics prevents us from really talking about meanings of programs. This isn't meant to be a slight of Ruby, b.t.w. There is no formal semantics for C/C++ either, and those are pretty popular.
One advantage of Scheme is that you can take your pick of object systems, if you want one. They are all pretty tiny too. You are not stuck with the tradeoffs made by Ruby's system.
However, if Ruby is just scheme with an object system and different syntax, they are quite similar.
Calling Scheme primarily functional doesn't make sense. Typical scheme programs are functional, but the presence of set! means that the language is definitely not functional.
I'm quite partial to scsh.
..."
/") -- but something with variables, control flow, conditionals, etc.
I mention this because I understand Ruby's semantics are like Scheme (but the syntax is different, or we'd call it a Scheme).
The intro from the scsh paper (Olin Shivers) convinced me to try it out:
"Shell programming terrifies me. There is something about writing a simple shell script that is just much, much more unpleasant than writing a simple C program, or a simple COMMON LISP program, or a simple Mips assembler program
He's not talking about a simple shell program (like "rm -fr
Your logic is impeccable.
Something that really bugs me: cars cause pollution. Fine -- tax all cars, to remedy those whose lives are ruined by pollution. But phone service doesn't cause more 911 calls, nor directly create more poor people (who now need money, so that they can have a subsidised phone).
I'm referring my two peeves on the phone bill: 911 service and so-called "Universal Service Fund" phone service (taxes to pay for phone service for the poor).
If we want to be fair about 911 service, perhaps we should tax proportional to the benefit of 911 service -- e.g. tax the high-crime neighborhoods. Ask any cop where the 911 calls come from - he can tell you who needs to pay for the service. If you are going to call this "mean", how "nice" is it that I have to pay for calls generated by crime-ridden neighborhoods, and I have no way to mitigate things?
The Universal Service Fund (USF) -- the you have money, so you must pay for those that don't have money -- is the most un-American thing on the phone bill.
Imagine someone invents something new -- like a bicycle. "USF" bicycle service would say that if you ride a bike, you need to pay into a fund, to provide "affordable bicycle service" to those too poor to get a bike.
But it is arbitrary too -- you can duck the wealth-redistribution by getting a skateboard (where there is no USF, which applies to bikes only).
If you're too poor to afford a phone, just open your window and yell. Write a letter. Do whatever you did before the device existed. Keep your hand out of my pocket.
I worked for a company founded by some EA guys, and also for another electronic entertainment company (run by non-EA people); I know something about this industry.
When I got hired, they were always upfront about the killer hours. I agreed to them because I wanted the work. I didn't do it for money: I wanted to do the job.
I worked 2 weeks straight (didn't go home) at one place; this was OK with me. I worked 3 weeks straight at another place. All voluntary.
The company was amazing to me because of the tolerance of all kinds of oddities -- as long as we were on schedule. This was in contrast to other environments that were less productivity oriented, where dress and hours were regulated. This matters: in one environment, you don't have nerf fights and your pay and hours are constant, regardless of productivity. In another, you have fun, but you take the schedule risk.
If I was a manager and people started talking "comp time" and "exempt", I'd point out: no dress code, no fixed hours -- just deliver the results when you said you would -- or quit, please, so that the rest of us can get on with the project.
Really, if you want comp time and overtime, you'd better get a job at the Post Office or in a Detroit-area auto manufacturer. Working in games? Negotiate your pay as if you'll be working 12 hours, seven days a week when you are behind schedule.
Personally, if there is going to be a lawsuit, why not one over the mental suffering caused when the publisher kills your title, and you see that a year or more of your work is worthless? That's got to be one of the most devastating work experiences I've ever had -- not the long hours.