Re:'Flaws' Not that big of a deal
on
Latest SP2 News
·
· Score: 2, Insightful
Not bad policy, perhaps. Are voice mail boxes remotely accessible? Externally remotely accessible? Does anything enforce the temporary nature of the password?
Re:'Flaws' Not that big of a deal
on
Latest SP2 News
·
· Score: 2, Interesting
Yes. The system as a whole is vulnerable. I don't see how the individual tech support person can help though. How would they verify that they are talking to the right person? Asking them to remember some secret piece of information to prove their identity is exactly what they have just proved they cannot do. What are the other options?
Re:'Flaws' Not that big of a deal
on
Latest SP2 News
·
· Score: 4, Insightful
It depends. The 'flaw' here is that certain actions that *sound* OK are not. In a perfect system, all insecure actions would be *obviously* insecure (like "open a root shell and type the command '0wnme'").
It's like the social engineering attack: "Can I have your username?". People are told not to dish out their passwords, but usernames should be fine, right? Attacker then calls tech support (at the same company) saying: "Hi, I've forgotten my password. My username is . Please reset it for me."
The result of this (what you say) is that there is no big financial incentive to (initially) *write* Free software. True. But still Free software gets written! Therefore there are other influences.
As your other respondents point out, and you would probably admit, there are financial incentives to support and improve existing Free software (eg. IBM etc. - all service sellers and sellers of complementary goods, like hardware and end-user applications). So it's a boot-strapping problem.
However, once the *community* has boot-strapped itself (GNU, more or less) the barriers to entry are small (because of all the Free libraries, existing code to learn from and re-use), so it only takes a little skill and inclination to start a project, and to get a project to the point where the support&improve economics kick in. Really, the project only has to show potential and be noticed. Most however, get pretty useful first.
Gibson's characters are hackers etc. who use information networks and are not particularly interested in voice calls. In Gibson's world, ~Terabit links are the only ones that are useful (to his characters). The EM spectrum is simply not large enough for cellphones to have ~Terabit speeds. Cf. Snow Crash by Neal Stephenson, where being on cell access was like now - rubbish, rather than pointless. If all your applications run at fibre speed, wireless access is just no use. So maybe Gibson will be right... Reading Neuromancer in 1995 didn't make me feel like wireless voice comms were missing...
True, if you don't understand the problem domain, or the solution you will not be able to understand well-designed top-level code (particularly if it is designed in a botton-up way). That doesn't mean that bottom-up design is bad. It just means that new personnel on a project are restricted to lower level portions where domain knowledge is less important. Why exactly would you want people who have NO domain knowledge changing or adding to top-level code?
Perhaps your problems have been in cases where the language of the solution is a very poor match for the language of the domain (so that domain knowledge does not translate easily into top-level design understanding). That, I would claim, is not the fault of operator overloading, or of bottom-up design (using operator overloading), but of poor top-level design.
One important thing to note is that, like all information upon which returns are estimated, this model would have an effect on the actual market. I suspect there is some pretty deep mathematics involved in determining if the model is self-fulfilling or self-defeating. (I.e. whether the effect of people knowing the results of modelling encourages or acts to prevent those result occurring).
"Modus operandi" mean "means of operation", not motives. Understanding the means by which an attacker compromised a system is useful information but tells you next to nothing about why the attacker did it. Of course, a honeynet can tell you something about motives, perhaps.
Generally, I agree. Brass Eye did get a ridiculous reaction. The climate in the UK is very bad for reasonable discussion of child porn, paedophilia, child abuse etc. These connected subjects are conflated and trivialized by headline grabbers.
Like murder, you are far more likely to be abused by someone in your family than a stranger. Should therefore police work and public policy concentrate on monitoring internet chatrooms, or detecting systematic child abuse in families?
Is there evidence that child porn, per se, is harmful? Isn't suppressing child porn simply a means to the end of suppressing child abuse?
These sorts of questions are not discussed. That is the biggest thing standing in the way of child protection...
That statistic includes all 17 year olds whose girl/boy friends reach 18 before them (ie all those who do not share birthdays). This means anyone who has a sexual relationship with someone in the same year group (say at high school/ Further Education college) will be part of this 1/6, 1/4. Girls tend to go for older (more mature) boyfriends, which explains the disparity in the statistics.
Cut that age to 16 and the resulting numbers might be cause for concern, but worrying about any teenagers having sex with anyone over 18 is stupid.
FYI GTK+ has been ported to Windows, so many of those GTK+ apps will run on Windows (like GAIM and GIMP). So lots of apps that arn't truly platform specific (like ones that configure printers for example) will port pretty easily.
What is that formatting control character? It appears to be the equivalent of %s in C. Does it provide a compile-time check that the number of arguments is sufficient? If not, then it's regressed from C++ (where std::cout Excess parameters are ignored, in C++ at least.
The Ox Stu (as the paper is known) is the student tabloid. It has been sensationalist, self-agrandising and eager for attention grabbing headlines. Breifly, it is the nearest Oxford equivalent of the Sun. No-one in the UK puts much store by the journalistic ethics of the Sun's journalists, and I don't think we should take these guys seriously either: the writers of the article are publishing "in the public interest" - to promote themselves perhaps as "hard-hitting investigative journalists".
The underlying moral principle of "respect other people's property" still applies.
Do you think that even though a large percentage of the population do it, downloading music should be illegal? Do you think that all forms of backup of media should be illegal (as we are being persuaded they are and should be), dispite the fact that many people do this?
for me it doesnt just work under MS windows. I have 2 different versions of GKT+ installed, and they conflict - either GIMP works, or GAIM works, not both.
Linux (Unices in general I think) have a fix for these problems: versioned SONAMES. The.so file has a number, and that number changes whenever there is a binary incompatible change. So you have libbleg.so.1, libbleg.so.5 etc. installed at the same time, and the loader gets the right one for you (using the versioned symbols you request).
Look at Debian: there are currently threedifferentversions of the GNU TLS (SSL etc.) libraries, all installable at the same time.
Of course, this is hard work, and works best with a centralized build system and package repository, like Debian has. No chance on Windows, but possible for Fedora...
This all gets more complicated with AMD64, where you can have 32 and 64 bit versions of the same lib installed at once. See this (Debian) packaging document and this discussion of the impact of 64 bit (also Debian).
The article does not specify how it is made non-removable. Perhaps it reacts to air (but not blood etc!). Any ideas? Perhaps they just claim that to dissuade people chopping him up to get his security access...
Yes, basically. But it should be expected. We are in the long transition from an economy based around the export of manufactured goods, through an increasingly service-centred economy (in the UK manufacturing is shrinking very rapidly), towards a knowledge/information-based economy where the intellectual elements of production are separated from the physical (to a much larger degree than before).
Companies that produce successful products get used to having good margins on after-sales support (intellectually dominated part), so much so, that they cut margins on sales (physical part). But when they get very successful, it's worth the while of third parties to overcome the bump to replace original-supplier support (reverse-engineering etc.)
PS, did you see Brazil, with its own equivalent of Central Bureaucrasy, Central Services?
Yes, C++ has flaws, but writing OOP in C suggests that you are using an insufficiently expressive language. I don't want to implement multiple dispatch in C++, I'd use CLOS if I needed multiple dispatch. Language features like this belong in the language implementation.
If you don't like C++ but want to do OOP, why not use a better OOP language, rather than hacking it on C? I don't see how hacking pseudo-OOP onto C is better than using a problematic OOP language (C++).
Is there an alternative? Is the GTK+ port to Window production-ready? I use Gaim and Gimp on Windows, and have had no particular problems, but are they equal to supported Qt (when you pay)?
Depends how long term you plan. There are benefits as well as problem associated with using C++, you know(!). My concern would be that now that there are decent C++ implementations (G++ 3.3 is pretty adequate, 3.4 will be good when fully stable, GNU libstdc++ is fine too, then there is stlport....) that they junk the non-standard re-implementations (slowly) and migrate to using standard code (reducing bloat).
I seem to remember seeing notes from a KDE conference where there was a presentation about Qt4, and KDE plan was to make the next major release use it. I think I misunderstood or KDE plans have changed, since they released 3.3 beta1 with a very ambitious release schedule. Perhaps the plan is to get 3.3 out with some good features and fixes, before the massive turmoil of moving Qt3->Qt4 begins for KDE 4... But AINA KDE Developer
"software losses" should be "estimated lost sales". These companies are not losing 9 billion dollars a year, they reckon that they are losing out on 9 billion dollars of sales per year. Very different.
TFA shows no evidence. It's based on a survey. There is no evidence that any of the pirates would have purchased the software if they hadn't copied it.
Slashdot Mirror
Not bad policy, perhaps. Are voice mail boxes remotely accessible? Externally remotely accessible? Does anything enforce the temporary nature of the password?
Yes. The system as a whole is vulnerable. I don't see how the individual tech support person can help though. How would they verify that they are talking to the right person? Asking them to remember some secret piece of information to prove their identity is exactly what they have just proved they cannot do. What are the other options?
It depends. The 'flaw' here is that certain actions that *sound* OK are not. In a perfect system, all insecure actions would be *obviously* insecure (like "open a root shell and type the command '0wnme'").
It's like the social engineering attack: "Can I have your username?". People are told not to dish out their passwords, but usernames should be fine, right? Attacker then calls tech support (at the same company) saying: "Hi, I've forgotten my password. My username is . Please reset it for me."
... and that's before you take account of any possible padding :) (ie the plaintext can be any length 19, assuming no compression).
The result of this (what you say) is that there is no big financial incentive to (initially) *write* Free software. True. But still Free software gets written! Therefore there are other influences.
As your other respondents point out, and you would probably admit, there are financial incentives to support and improve existing Free software (eg. IBM etc. - all service sellers and sellers of complementary goods, like hardware and end-user applications). So it's a boot-strapping problem.
However, once the *community* has boot-strapped itself (GNU, more or less) the barriers to entry are small (because of all the Free libraries, existing code to learn from and re-use), so it only takes a little skill and inclination to start a project, and to get a project to the point where the support&improve economics kick in. Really, the project only has to show potential and be noticed. Most however, get pretty useful first.
Gibson's characters are hackers etc. who use information networks and are not particularly interested in voice calls. In Gibson's world, ~Terabit links are the only ones that are useful (to his characters). The EM spectrum is simply not large enough for cellphones to have ~Terabit speeds. Cf. Snow Crash by Neal Stephenson, where being on cell access was like now - rubbish, rather than pointless. If all your applications run at fibre speed, wireless access is just no use. So maybe Gibson will be right... Reading Neuromancer in 1995 didn't make me feel like wireless voice comms were missing...
True, if you don't understand the problem domain, or the solution you will not be able to understand well-designed top-level code (particularly if it is designed in a botton-up way). That doesn't mean that bottom-up design is bad. It just means that new personnel on a project are restricted to lower level portions where domain knowledge is less important. Why exactly would you want people who have NO domain knowledge changing or adding to top-level code?
Perhaps your problems have been in cases where the language of the solution is a very poor match for the language of the domain (so that domain knowledge does not translate easily into top-level design understanding). That, I would claim, is not the fault of operator overloading, or of bottom-up design (using operator overloading), but of poor top-level design.
If they have a good few million in the bank (as is plausible) then they could easily earn a couple of million in interest.
One important thing to note is that, like all information upon which returns are estimated, this model would have an effect on the actual market. I suspect there is some pretty deep mathematics involved in determining if the model is self-fulfilling or self-defeating. (I.e. whether the effect of people knowing the results of modelling encourages or acts to prevent those result occurring).
"Modus operandi" mean "means of operation", not motives. Understanding the means by which an attacker compromised a system is useful information but tells you next to nothing about why the attacker did it. Of course, a honeynet can tell you something about motives, perhaps.
Berkely DB AKA libdbX.
Generally, I agree. Brass Eye did get a ridiculous reaction. The climate in the UK is very bad for reasonable discussion of child porn, paedophilia, child abuse etc. These connected subjects are conflated and trivialized by headline grabbers.
Like murder, you are far more likely to be abused by someone in your family than a stranger. Should therefore police work and public policy concentrate on monitoring internet chatrooms, or detecting systematic child abuse in families?
Is there evidence that child porn, per se, is harmful? Isn't suppressing child porn simply a means to the end of suppressing child abuse?
These sorts of questions are not discussed. That is the biggest thing standing in the way of child protection...
That statistic includes all 17 year olds whose girl/boy friends reach 18 before them (ie all those who do not share birthdays). This means anyone who has a sexual relationship with someone in the same year group (say at high school/ Further Education college) will be part of this 1/6, 1/4. Girls tend to go for older (more mature) boyfriends, which explains the disparity in the statistics.
Cut that age to 16 and the resulting numbers might be cause for concern, but worrying about any teenagers having sex with anyone over 18 is stupid.
FYI GTK+ has been ported to Windows, so many of those GTK+ apps will run on Windows (like GAIM and GIMP). So lots of apps that arn't truly platform specific (like ones that configure printers for example) will port pretty easily.
What is that formatting control character? It appears to be the equivalent of %s in C. Does it provide a compile-time check that the number of arguments is sufficient? If not, then it's regressed from C++ (where std::cout Excess parameters are ignored, in C++ at least.
The Ox Stu (as the paper is known) is the student tabloid. It has been sensationalist, self-agrandising and eager for attention grabbing headlines. Breifly, it is the nearest Oxford equivalent of the Sun. No-one in the UK puts much store by the journalistic ethics of the Sun's journalists, and I don't think we should take these guys seriously either: the writers of the article are publishing "in the public interest" - to promote themselves perhaps as "hard-hitting investigative journalists".
The underlying moral principle of "respect other people's property" still applies.
Do you think that even though a large percentage of the population do it, downloading music should be illegal? Do you think that all forms of backup of media should be illegal (as we are being persuaded they are and should be), dispite the fact that many people do this?
for me it doesnt just work under MS windows. I have 2 different versions of GKT+ installed, and they conflict - either GIMP works, or GAIM works, not both. .so file has a number, and that number changes whenever there is a binary incompatible change. So you have libbleg.so.1, libbleg.so.5 etc. installed at the same time, and the loader gets the right one for you (using the versioned symbols you request).
Linux (Unices in general I think) have a fix for these problems: versioned SONAMES. The
Look at Debian: there are currently three different versions of the GNU TLS (SSL etc.) libraries, all installable at the same time.
Of course, this is hard work, and works best with a centralized build system and package repository, like Debian has. No chance on Windows, but possible for Fedora...
This all gets more complicated with AMD64, where you can have 32 and 64 bit versions of the same lib installed at once. See this (Debian) packaging document and this discussion of the impact of 64 bit (also Debian).
The article does not specify how it is made non-removable. Perhaps it reacts to air (but not blood etc!). Any ideas? Perhaps they just claim that to dissuade people chopping him up to get his security access...
Yes, basically. But it should be expected. We are in the long transition from an economy based around the export of manufactured goods, through an increasingly service-centred economy (in the UK manufacturing is shrinking very rapidly), towards a knowledge/information-based economy where the intellectual elements of production are separated from the physical (to a much larger degree than before).
Companies that produce successful products get used to having good margins on after-sales support (intellectually dominated part), so much so, that they cut margins on sales (physical part). But when they get very successful, it's worth the while of third parties to overcome the bump to replace original-supplier support (reverse-engineering etc.)
PS, did you see Brazil, with its own equivalent of Central Bureaucrasy, Central Services?
Yes, C++ has flaws, but writing OOP in C suggests that you are using an insufficiently expressive language. I don't want to implement multiple dispatch in C++, I'd use CLOS if I needed multiple dispatch. Language features like this belong in the language implementation.
If you don't like C++ but want to do OOP, why not use a better OOP language, rather than hacking it on C? I don't see how hacking pseudo-OOP onto C is better than using a problematic OOP language (C++).
Is there an alternative? Is the GTK+ port to Window production-ready? I use Gaim and Gimp on Windows, and have had no particular problems, but are they equal to supported Qt (when you pay)?
Depends how long term you plan. There are benefits as well as problem associated with using C++, you know(!). My concern would be that now that there are decent C++ implementations (G++ 3.3 is pretty adequate, 3.4 will be good when fully stable, GNU libstdc++ is fine too, then there is stlport....) that they junk the non-standard re-implementations (slowly) and migrate to using standard code (reducing bloat).
I seem to remember seeing notes from a KDE conference where there was a presentation about Qt4, and KDE plan was to make the next major release use it. I think I misunderstood or KDE plans have changed, since they released 3.3 beta1 with a very ambitious release schedule. Perhaps the plan is to get 3.3 out with some good features and fixes, before the massive turmoil of moving Qt3->Qt4 begins for KDE 4... But AINA KDE Developer
"software losses" should be "estimated lost sales". These companies are not losing 9 billion dollars a year, they reckon that they are losing out on 9 billion dollars of sales per year. Very different.
TFA shows no evidence. It's based on a survey. There is no evidence that any of the pirates would have purchased the software if they hadn't copied it.