Fine. Let's talk about AF1. Air force one has twice the wiring of the standard model; literally tons more furniture than the standard model; extra hydraulic lifts; heavy EMP shielding on all the wiring; ECM hardware; chaff hardware; flare hardware; an escape system; a communications suite that weighs more than some aircraft all by itself; a well stocked pharmacy, an operating table and medical suite; aerial refueling hardware; all this and armor, and it can still carry seventy people, 2000 meals (no, that's not a typo) and a full deck of luggage and supplies. Plus there is stuff that is classified; who knows what that does to the weight of the aircraft - the only thing we can be sure of is that it adds weight, rather than subtracts it.
Now, subtract all the "presidential" stuff, leave the armor, and you've got capacity for a whole lot more passengers. In other words, yes, it is perfectly practical to armor an aircraft. Thanks for pointing out a vehicle that proves my case.
I have no argument with your position. Same thing with the drug war; they solve nothing with the effort, but they do employ a ton of people at all levels of law enforcement pretending to protect us while they suck the public tit for money and (not very) gradually whittle away our freedoms.
The only answer for security in C is "write it yourself?" You've got to be kidding.
No, I'm not kidding in the least. If you can't do what I described, you're not a serious programmer anyway as far as I'm concerned. If you simply hadn't thought of it, I'd be forgiving, but remain insistent; if I had hired you to work for me and you said that you felt it was too much of an imposition to make sure your code was secure by your own efforts, you'd be back out on the street. If you could not write the above things in a reasonable amount of time... say a couple weeks total... you'd also be back on the street, and you'd never, ever get a chance to code for our flagship products. C is not a forgiving language. For the extra speed and efficiency, you have the freedom to completely screw up. You have to demonstrate to me that you won't. Our flagship app is a fraction of the size of its nearest competitor, does more, does it faster, and is considerably more reliable. That's because I don't accept excuses; I demand you meet the challenge or toddle off.
In your own life, you're free to do whatever you want; my original post was passing along what I think is important, and of course you can take it or leave it. But please don't make the mistake of thinking I wasn't serious. I certainly was, and am.
Unless everyone writing C is still writing insecure code by default, which sounds unlikely since most people at least pretend to have wised up,
Simple question: If everyone has wised up, why are there new exploits appearing just about every day?
If you can't find high-quality open-source libraries that are secure by design (and I'd be surprised if you couldn't), then "Don't use C!" is much better advice than "Write it yourself."
There is no language out there that offers the efficiency and performance of C. If you want to provide the smallest possible application with the highest efficiency to your customers in some vague resemblance to a reasonable amount of time and at least one level of abstraction above assembler, there is no other choice. If your application doesn't require efficiency (and many do not) then something like Python is a lot more appealing. I'd use Python for everything if I could. It's a beauty of a language, and it solves tons of problems before you ever get to see them as a programmer. But it is pig slow compared to C, and so for things like graphics apps, it's not even remotely practical.
Open source is also a minefield for many companies; again, you're better off to develop cleanly in house. The up front cost is a fraction of the cost of trying to navigate the myriad legal minefields represented by the mixture of OS/FOSS licenses out there. Of course, if you're not good enough to write your own reliable code in a reasonable amount of time, you'll have to compromise (or change jobs) because otherwise, you're not going to get anything useful done.
Finally, using other people's libraries is one sure way to let other people introduce problems into your shipping product without you knowing about it. Write your own; now you have control, and no one else does. Your customers will benefit, as will you. Yes, it takes time. All good things do.
If you want to give these people guns, you'd better make them take a sobriety test.
If someone is stupid (or drunk) enough to pull a weapon on a flight, they'd get shot about a hundred times in five seconds. Problem solved. They won't be doing that again. Society benefits all-round.
Personally, I don't drink or drug, because I consider it self-destructive; but I support your right to do so. If your choices lead you to do something dangerous - or suicidal - my only interest is in how quickly I can dispose of the problem you represent. As a drunk driver, I'd just as soon kill you as look at you; pull a gun on a plane, I think you should be shot first, and your blood alcohol level taken second. If, on the other hand, you indulge mildly and remain in control, then I have no beef with you (and you won't be pulling a gun on a plane, or weaving into the lane where my family is now at risk from you.)
Punish people for what they do; not for what they might do, or what you imagine they might do.
Every adult should be armed and trained to use those arms. Criminal behavior drops radically in every instance where the populace is known to be well armed, and rises dramatically in every venue where they are not. These are facts.
Adding all of the extra armor would add a significant amount of weight, requiring more fuel and shorter maximum distances
Fine. It's a lot less than you think - armor can weigh a fraction of what a person weighs, and of course you can issue frangible ammunition which kills people just fine but doesn't penetrate metal well, or at all - but I certainly agree that added armor adds weight. So will several hundred handguns, for that matter. Ticket price goes up a little. Maybe 10% (which I doubt, on an aircraft like a 747-400 which can take off at 845,000 pounds but lets just run with it - 84,000 pounds of armor and guns. Holy crap!) Now there is no chance of terrorists hijacking a plane. None at all. Now there are no lines and no security checks at the airport. Now you don't have to get cavity searched, stripped, delayed, or put on a no-fly list. Now your ability to travel is unimpeded. Now the aircraft is almost certain to reach either its destination or at least a nearby airport.
Me, I'd pay the 10%. Ignoring for the moment the INCREDIBLE amount of money the government has spent on completely USELESS "precautions" that DO NOT ADDRESS THE PROBLEM.
Let the air marshalls be armed, who are trained on how to deal with these sorts of situations, not everyone else. If everyone were allowed to carry guns, you would hear of a lot of shootings taking place on planes, or accidental shootings as morons are bored to death on the plane and start fiddling with their guns.
Come on. If everyone was armed, the odds of some loony standing up with a gun pulled are about zero. Because they'd get shot. About a hundred times. As they should be. To put a fine point on it, if they did draw a weapon, they'd only get to do it once, thus solving the entire problem right away.
The primary reason people feel free to act like idiots is because they know they won't be called on it. The more you depend on the government (in your example, air marshals) the more you give up. It's not worth it. I'm not willing to give up my right to be armed because you think it is the government's job to pad your cell. Since you and yours took away my right to carry a weapon, I found it useful to become one. Four martial arts and forty years later, I can kill or disable a threatening person with nothing but my limbs, and quickly, too. I regret the time having to have been spent, but at least I'm not subject to my babysitter-oriented government and the cowardly citizens that put it in place in order to ensure my personal safety and that of my family.
The government wasn't ever supposed to stand in for us being vigilant and protective of our families, land and possessions. Depending on them to do so is a terrible mistake that makes you more helpless and your family more likely to be victims. Police arrive after you've been assaulted 99.9% of the time, much like firemen. Just as it is your job not to set fire to your home in the first place, it is your job to prevent your family from being assaulted. Even on an aircraft. If you think it's OK to delegate that role to others, then you are a vastly different person than I am and we will never agree.
Nah. All you need to do is ensure that the outer pressure capsule isn't violated. You can do that with what amounts to a layer of cloth. There are all kinds of high-tech, very light armoring methods. It doesn't have to be a layer of steel or anything heavy. It can replace cosmetic internal plastic, too. Viewports can be replaced with lexan and similar goodness. Lighter than glass, not easily punctured by bullets.
Yes, it'd add weight; but not like you're thinking.
Write an input routine that cannot be overflowed; takes it's characters one at a time, counts them,
makes sure each byte is counted if they're multibyte, stops before filling the return buffer and positively
terminates said buffer, obeys length restrictions from the caller which are REQUIRED in order for the routine to work in the first place, and preferably enforces some kind of sanity on the data itself (I want an int... a float... a double... ASCII... Unicode... a complex number... a url... etc.)
Direct everything that takes data through this bottleneck. If you come up with a need for a new datatype, write it into the bottleneck. Don't write some new chunk that has to be maintained separately.
Your program should never be exposed to a string it doesn't like, can't handle, or contains anything that doesn't look like exactly what you asked for.
A similar approach is called for with regard to memory when using C. You should never let the OS manage memory using basic memory allocation controls. Provide, and mark boundaries on your memory. Track your use 100%. Check those boundaries for violations when the memory is being deallocated and at other times that seem prudent to you. At exit, call a general deallocator to clean up anything that is left over and scream bloody murder about if anything is found still allocated, and about any bounds that are written over. The time taken to write a fast memory allocator that watches for border excursions will be returned many times over in applications that don't leak, don't break and don't annoy your customers (or yourself.) You can, if you like, write this two ways: One for testing, where everything is turned on and will hair trigger, and one for release, where most of this stuff is off for speed... but frankly, you should keep everything on all the time, because your code should never screw up AND because a good reporting section will let you find a bug in about two seconds. And besides, it'll teach you to write fast memory allocation and testing code.
Write a powerful linked list system. Aside from the fact that it's a great exercise, it has tons of uses for memory management and again, will pay for the time taken many times over. These are typically very small in terms of the code required for all manner of sophisticated and cool list handling functions, as is a memory manager. Input validation isn't that simple, or at least, not as you add significant numbers of well checked datatypes, but it is so useful that even if it does take a hundred k of code (it won't, I'm exaggerating) it's still worth it.
One last thing: Don't use other people's code if they've buried input routines in it. Yes, that means that many objects are out of bounds. Tough. Man (or lady) up and write it yourself. If you don't know exactly what is in there, and you can't vouch that it is 100% safe, you have no business using it anyway.
If they actually wanted to solve this problem, they should have:
Armored and completely isolated - audio, video, access - the cockpits on commercial aircraft (requires new and separate external entry doors for the pilots)
Armored the skins and ports of commercial aircraft against small arms
Issued small arms to any adult passenger that didn't have same at boarding
No hijacking can succeed in such a situation. You can't get at the pilots, and the pilots have no way of knowing what is going on in the cabin behind them, so you can't directly control the aircraft; you can't threaten the entire set of passengers at once, and consequently, someone will pop you before you can say in'shallah.
This also has the additional benefit of demonstrating the inherent value of the 2nd amendment. Because this would actually work, it would relieve the feds of the apparent need they have created to screw with legitimate citizens going about their normal activities. No fly lists; searches; long lines and delays; etc.
This doesn't solve straight up bombings, or at least, probably not most of them, but neither does anything else. Any intelligent and technical person could get a bomb onto an aircraft; it's just that intelligent and technical people generally won't pursue such stupidities. Anyway, exploding a bomb on an aircraft isn't something you can leverage into causing the kind of damage you can by using the aircraft itself as an aimed kinetic energy weapon.
one thing I haven't heard of is the ex post facto thing. What is the deal with that one?
ex post facto is laid out in section 9 of the constitution:
No Bill of Attainder or ex post facto Law shall be passed.
ex post facto encompasses four types of things, legally speaking:
Every law that makes an action done before the passing of the law, and which was innocent when done, criminal; and punishes such action.
Every law that aggravates a crime, or makes it greater than it was, when committed.
Every law that changes the punishment, and inflicts a greater punishment, than the law annexed to the crime, when committed.
Every law that alters the legal rules of evidence, and receives less, or different, testimony, than the law required at the time of the commission of the offense, in order to convict the offender.
There are a couple of ways that ex post facto has been violated that I am aware of. One is the creation of gun laws that remove 2nd amendment rights from those convicted of a felony prior to the enactment of those laws. As the removal of those rights was not part of the applied punishment at the time, adding the removal of 2nd amendment rights post-conviction is clearly ex post facto as in (3) above. Another is forcing those convicted of sexual or violent offenses to submit to listing on "predator" lists where such listing was not part of the punishment, or the law, at the time of the person's conviction. This action has been deemed "not punishment" by the USSC, and therefore not ex post facto, however any thinking person will view such listing as considerably punitive and I reject the USSC's rationale as sophist in the extreme. This also falls under (3), above.
Problems have already arisen as a consequence of the reasoning behind these constitutionally invalid laws. One you will be familiar with is the no-fly list. The reason you can be listed without any control of your own and no court hearing, is the reasoning behind the sexual and violent offender laws. The USSC said that "listing is not punishment" and they also said in the same ruling that "the state can list you on any list it likes if it says it has an interest" and importantly "consequences of listing are not the responsibility of the state." So: They list you without notice, hearing or ability to contest (just like a sexual/violent offender), you can't fly, whatever the consequences of this are — loss of job or business, failure to see your mom before she dies in hospital, inability to be there when your kid is born — that's your problem, not the state's. Similarly, if a person on the sexual / violent offender list can't live somewhere, gets mugged or killed, can't get a job, has their house egged, etc., the state says that they are not responsible for this and so... listing, they claim, is not punishment.
Of course, this very kind of reasoning has been struck down in courtroom after courtroom; "Yes, I pointed the gun, yes, I pulled the trigger, but I didn't put the gunpowder in the bullet so I say I'm not guilty of murder." US law has always broadly and consistently held that if you knowingly participate in an action or series of actions that you know are certain to bring disastrous results, then you are responsible. No court would ever let a criminal get away with the very reasoning that the USSC has brought to bear on these issues; yet, they think it is OK for them. Clearly, the intent of the ex post facto clause was to prevent the system from going back and hammering someone after they'd already had their day in court. And just as clearly, that's exactly what these laws do.
You live in an unusual setting, then, and shouldn't be speaking for those of us
Where did you get the impression I was trying to speak for you? I'm unaware of any such agenda. I was speaking for me, as far as I know, with regard to what I like and can take advantage of. Please elaborate.
Recommend GNU/Linux please. You're going from bad to worse with Mac. We should be trying to open things up, not lock people into software AND hardware.
I have no objection at all to closed (or open) systems. Just poorly crafted ones. If I feel that linux ever gets to the level of quality and consistency that OSX has, I'll be happy to recommend it. I use it every day, so I'm sure I'd notice were it to ante up, as it were. Today, as far as I'm concerned, the only OS I am as comfortable recommending to a technical person as to my grandmother is OSX.
You shouldn't be allowed to sell software that you obviously know little about.
How I managed to write it while "knowing little about it" is just amazing to me. I guess that "million monkeys" thing really works for me. You're pretty funny, you know that?:)
But in today's internet its damn near impossible for parents to police the internet for their kids
No - it isn't. The easy way: buy a Mac. Set up accounts for your kid(s). Whitelist where you are willing to let them go. Sit with them as much as you can and expand the whitelist as appropriate. Whitelist their email contacts and their chat contacts. The result? There is no problem. They're as constrained as you want them to be, or not. Nothing horrifying can be accessed unless YOU say it can. This is easily done, and you should do it. As opposed to trying to get the entire world changed to reflect your sensibilities. I'll back you 100% as long as you're just adjusting your kids as you see fit. The very second you start to try to adjust mine, you're out of line. You can do this with your entire home network, regardless of what OS you use, by directing all HTTP and other access through squid on linux or something similar; we use squid at work to keep surfing to work-related sites. It is just as effective at making a whitelist for your kids, it just takes a little study. You wouldn't let your kids be root, would you?
There just has to be some compromise on both sides, is that really too much to ask?
Yes, sometimes it is. Freedom of speech is more important than victorian sensibilities (or lack thereof.) Every time we have "compromised" our rights, we have been screwed. No more.
So not wanting to have to explain to his 5 year old why that one woman was putting her fist in the ass of another woman is somehow wanting to bring them up in a padded world
No. Not at all. You missed the point entirely. Not being there to see that it doesn't happen, or arranging that specifically in your little world, it can't happen, is depending on someone else to do YOUR job, at the expense of everyone else's freedoms.
If, for whatever reason, you want your kid to be free to sit at the computer without encountering the real world, use a whitelist system to control browsing. No accidents will happen (unless YOU screw up the whitelist.) That's all you need to do. When your child is adult enough for you to accept the idea that they will not implode, become perverted, etc., upon encountering adult play, then you can open the whitelist. Or not; you are, after all, the responsible individual.
Take responsibility as a parent; you can have as much control as you like. Nothing is stopping you. However, if you decide that the government should control everything so that the world artificially looks the way you think it should for the benefit of your offspring, regardless of what anyone else thinks, then you've become the enemy of freedom. My kids don't need to have your ideals inflicted on them. If you try, I will oppose you.
I dont know whats more sad the notion that creating a red light district for the internet could somehow be seen repressing sexuality or just the idea that for many pornography=sexuality.
(a) The notion is that putting everything sexual into a slot where one simple action at law can force one simple action at the DNS that shuts it all down is the problem -- it has nothing to do with the name. What is depressing to me is that you can't see it coming.
(b) It doesn't matter in the least if some people's idea is that pornography == sexuality. The important idea is that you don't get to tell me, and I don't get to tell you, what is interesting, stimulating, erotic or otherwise. Sexuality is personal. You concentrate on yours, everyone else will concentrate on theirs, and there won't be any reason for you to be depressed. As soon as you being to think that your (romantic, idealistic, whatever) idea of sexuality is "the thing for everyone", you've become the enemy of the people and then you have a reason to be depressed.
Comprende?
Most would object to an adult bookstore moving in next door to their house so why should the internet be any different.
Because we're trying to use the new environment to move away from victorian (and worse) notions of self-appointed moral police proscribing everyone else's idea of what is OK, even if they're in the majority.
In real life we create zoning laws to...
Let me fix that for you:...create ghettos and put a lance right through the heart of equality.
I fail to see what is bad about it. If your internet provider is planning to block content at the ISP level and you dont want them to...switch providers.
And what do we do when the maniacs in congress legislate the ghetto out of existence? The political system is rigged; you know it and I know it; so if we let them back these people into this corner, what happens when they take that inevitable next step... "for the children"?
Frankly the idea of not having to worry that mispelling a url is going to end up with something on the screen that neither I nor my kids need to see is appealing. I would imagine many parents as well as those whose sexuality has expanded beyond jerking off to the playboy channel would agree.
Yes, I would imagine the whole bloody bunch of you who have delegated the upbringing of your children in a padded world will be very pleased indeed. owning up to the responsibility of having children is so... tedious. Isn't it much nicer when the government does it for you?
First they came for the pornographers. But I was not a pornographer, so I said nothing.
Then they came for the others. But I was not them, either. I remained silent.
Then they came for me. And there was no one left to speak for me.
With apologies to the WWII ear personage who penned the original.
It is UNENFORCEABLE. That is the problem. You cannot MAKE them move, so it is USELESS
My understanding is that domain names are controlled in the USA. If that is correct, then US law can (and almost certainly will) make them move to xxx. If your choice is move or disappear, you'll move.
Remember, as one slashdot signature accurately has it: The root passwords to the US constitution are "thinkofthechildren" and "terrorist."
And of course, once they move, they can be censored. And they will be censored.
They're working to flood us with issues: loss of habeas corpus, ex post facto law and punishment, censorship, government support of religion, watering down science education and the cultivating of a newly gullible populace, wars of aggression, loss of 2nd amendment, commerce clause absurdities, phone tapping and mail opening and lists of enemies of the state (no-fly lists, no live here lists, no get job lists), torture, politics as a completely rigged shell game, theft of land for tax revenue... and it's working just fine. We can't fix any of this the usual way. The xxx industry is just going to be the latest casualty. Just ask yourself: Will you stand up and save them when the time comes? How many others? Don't hold your breath.
Apparently resolving this isn't that simple. Otherwise, ad-aware (not to mention its innumerable brethren) wouldn't be one of the single-most downloaded applications for Windows, now would it? Norton and all the other "security vendors" wouldn't have anything to do either, would they? Do you see tons of users running for adware prevention or virus checkers or third party firewall software on the Mac/OSX the first day they get it? Or later? No - you don't. And why? Because it isn't needed. Those who have opted for the very few programs in those categories on the Mac have been scammed: because there is no such set of problems. Those problems are Windows problems.
And that is why that today, at least, OSX is better for the vast majority of end users. Not because it is better looking, though it certainly is. Not because it is easier to use, though it is that, too. Not because the hardware always works, though it does, and without any fussing around, too. But because it is easy, reliable, and doesn't continually force the user into a state of pissed-off fugue.
It used to be that because some applications were only developed for windows, that the Mac was accurately seen as a poor choice for some based on app availability. Today, with Parallels running exquisite sandboxed virtualizations on totally kick-ass hardware, you can run the serious windows apps you have to and then kill windows, tossing the OS state completely, keeping only user filesystem data and chopping off most Windows security problems at the neck while muttering, "Die, you #$%^er!" There's never been a better time to go OSX and say goodbye to the black hat hacker community.
Quite a sweeping statement, what is your evidence for this? You've read every line of the source code?
As a matter of fact, I've probably spent more time looking at Windows source than most people outside of Microsoft. I'm the developer of a major Windows application, easily in the top 1% in terms of complexity and sophistication and 100% compatible through considerable effort across the various large scale Windows platforms, not just the ones you're probably familiar with, but also including all three of the RISC Windows versions, PPC, MIPS and Alpha. Apple's source has been comparatively easily available, and of course, linux source is 100% in our faces all the time. I've spent tons of time in all of them. We've successfully ported to all three operating systems - OSX/intel, OSX/ppc and linux - from Windows, and each time, we had to get a decent grasp on some fairly complex issues that required hundreds of hours of study of the OS code. As well as deal with Windows various problems. These range from various incarnations of Windows graphics UI's working backwards from one another across concurrently available versions to memory leaks and Microsoft's multi-year long failure to institute a check bounds on such prosaic items as the bloody system file dialog multiple-select results despite being told repeatedly about the problems. All of which nastiness we managed to navigate, and fix for them, since they couldn't get their act together enough to act responsibly. So yes, I have some vague idea what is going on inside these operating systems, thanks for asking.
Also, because of developing an application of such size and broad incarnation OS-wise, I have experience with a wide range of users. And that is what leads me to advise against Windows if at all possible. Users don't need extra problems. Computers are complex enough, and the idea that a user wants to tussle with OS design shortcomings has been false from the beginning. The subset of technical people who want to do that isn't even all that large, and in the application end-user space, they're just about non-existant. The absolute best answer at the present time is OSX. Buy the computer, turn it on, answer a few reasonable questions (like, What Is Your Name?) and you're running. Safely. Reliably. Enjoyably.
Are there more complex, more functional security models than *nix? Sure. Do we need them? Now that is another matter. When (actually if, because it hasn't been demonstrated yet) OSX is getting multiple disastrous hacks a day as is Windows, when Apple machines are being pwned right and left, Apple demonstrates it can't keep up a 'la Microsoft, and the *nix security model itself is shown to be insufficient to the task of keeping the user safe, then we can have a productive conversation about the security model perhaps needing a good thrashing. Until then, to drag out a really tired one, OSX apparently isn't broken and there's no indication it needs fixing.
First you state that a Mac (presumably you mean the OS X operating system, as you use it in the same breath as Linux) is the only solution, and then only a few words later you state that Linux is a possibility as well
I see you are having reading comprehension problems. Read again. Slowly. You may be able to determine that those are two different statements, with two different sets of requirements.
This doesn't say much for your technical abilities. I have been highly successful in educating the least knowledgeable computer users (read: home users) in basic security practices.
You know what? I don't have to "educate" users I point at Macs, because Macs work and are secure out of the box. Also, I don't mind in the least being characterized as a fan of systems that work. Don't worry too much about my technical abilities; I've been writing code and designing computer hardware since the early 1970's. One of the consequences of that is I am quite familiar with Windows, *nix, old Apple systems, OSX, and a bunch of earlier operating systems as well. And if there's one constant that's been the same since day one, it is that the less the user needs to know to use the computer safely, the better off they are.
You like Windows? Fine and dandy. I don't. I won't recommend the OS as a primary operating environment any longer under any circumstances. Virtualized in a sandbox, yes - when you need a particular application. Otherwise, no.
These aren't great solutions anyway. We're at a technological crossing; we have great electrical motors, but we're still stuck with shitty storage (batteries.)
When ultra-capacitors become widely available, batteries will go away, cars will be able to store enough energy to have 300-400 mile ranges, and the only reason to have a combustion engine in the car will be for emergency power (when you run out of electrons, which mostly, you won't.)
You watch. Ten years from now, the idea of having an internal combustion engine in a new vehicle will seem ludicrous.
I'm already vastly cheered by the idea of a car that has a 40 mile electrical range. 99%+ of my driving is under 40 miles cumulative every 7 days or so; if I remembered to plug it in once a week, I'd be covered. Lots of other people around here see the same kind of uses. Drive to work, the grocery store, the post office, occasionally the hardware store... and all of it within 10 short blocks. We only have ten blocks.:)
Let me put it to you this way: I sell Windows software for a living. Not Mac-ware. Not yet. . Still, I recommend to everyone I know that they get a Mac. I can't, in good conscience, recommend Windows. Malware, yes, that's certainly a huge problem. DRM issues in Vista are another (such as degrading audio if unsigned.) Ridiculous license terms are another (no virtualization for home? Change your hardware, lose your authorization? ridiculous!) Constant reboots and restarts are another. Incorrect configuration out of the box is another - not just privileges, but what is running and what is not, what is turned on and what is not. As near as I can tell, the key Microsoft OS policy is "Wreck the user's day. Every day."
Quite possibly. Shoot them. They won't do it again. It's quite Darwinian.
Fine. Let's talk about AF1. Air force one has twice the wiring of the standard model; literally tons more furniture than the standard model; extra hydraulic lifts; heavy EMP shielding on all the wiring; ECM hardware; chaff hardware; flare hardware; an escape system; a communications suite that weighs more than some aircraft all by itself; a well stocked pharmacy, an operating table and medical suite; aerial refueling hardware; all this and armor, and it can still carry seventy people, 2000 meals (no, that's not a typo) and a full deck of luggage and supplies. Plus there is stuff that is classified; who knows what that does to the weight of the aircraft - the only thing we can be sure of is that it adds weight, rather than subtracts it.
Now, subtract all the "presidential" stuff, leave the armor, and you've got capacity for a whole lot more passengers. In other words, yes, it is perfectly practical to armor an aircraft. Thanks for pointing out a vehicle that proves my case.
I have no argument with your position. Same thing with the drug war; they solve nothing with the effort, but they do employ a ton of people at all levels of law enforcement pretending to protect us while they suck the public tit for money and (not very) gradually whittle away our freedoms.
No, I'm not kidding in the least. If you can't do what I described, you're not a serious programmer anyway as far as I'm concerned. If you simply hadn't thought of it, I'd be forgiving, but remain insistent; if I had hired you to work for me and you said that you felt it was too much of an imposition to make sure your code was secure by your own efforts, you'd be back out on the street. If you could not write the above things in a reasonable amount of time... say a couple weeks total... you'd also be back on the street, and you'd never, ever get a chance to code for our flagship products. C is not a forgiving language. For the extra speed and efficiency, you have the freedom to completely screw up. You have to demonstrate to me that you won't. Our flagship app is a fraction of the size of its nearest competitor, does more, does it faster, and is considerably more reliable. That's because I don't accept excuses; I demand you meet the challenge or toddle off.
In your own life, you're free to do whatever you want; my original post was passing along what I think is important, and of course you can take it or leave it. But please don't make the mistake of thinking I wasn't serious. I certainly was, and am.
Simple question: If everyone has wised up, why are there new exploits appearing just about every day?
There is no language out there that offers the efficiency and performance of C. If you want to provide the smallest possible application with the highest efficiency to your customers in some vague resemblance to a reasonable amount of time and at least one level of abstraction above assembler, there is no other choice. If your application doesn't require efficiency (and many do not) then something like Python is a lot more appealing. I'd use Python for everything if I could. It's a beauty of a language, and it solves tons of problems before you ever get to see them as a programmer. But it is pig slow compared to C, and so for things like graphics apps, it's not even remotely practical.
Open source is also a minefield for many companies; again, you're better off to develop cleanly in house. The up front cost is a fraction of the cost of trying to navigate the myriad legal minefields represented by the mixture of OS/FOSS licenses out there. Of course, if you're not good enough to write your own reliable code in a reasonable amount of time, you'll have to compromise (or change jobs) because otherwise, you're not going to get anything useful done.
Finally, using other people's libraries is one sure way to let other people introduce problems into your shipping product without you knowing about it. Write your own; now you have control, and no one else does. Your customers will benefit, as will you. Yes, it takes time. All good things do.
If someone is stupid (or drunk) enough to pull a weapon on a flight, they'd get shot about a hundred times in five seconds. Problem solved. They won't be doing that again. Society benefits all-round.
Personally, I don't drink or drug, because I consider it self-destructive; but I support your right to do so. If your choices lead you to do something dangerous - or suicidal - my only interest is in how quickly I can dispose of the problem you represent. As a drunk driver, I'd just as soon kill you as look at you; pull a gun on a plane, I think you should be shot first, and your blood alcohol level taken second. If, on the other hand, you indulge mildly and remain in control, then I have no beef with you (and you won't be pulling a gun on a plane, or weaving into the lane where my family is now at risk from you.)
Punish people for what they do; not for what they might do, or what you imagine they might do.
Every adult should be armed and trained to use those arms. Criminal behavior drops radically in every instance where the populace is known to be well armed, and rises dramatically in every venue where they are not. These are facts.
Fine. It's a lot less than you think - armor can weigh a fraction of what a person weighs, and of course you can issue frangible ammunition which kills people just fine but doesn't penetrate metal well, or at all - but I certainly agree that added armor adds weight. So will several hundred handguns, for that matter. Ticket price goes up a little. Maybe 10% (which I doubt, on an aircraft like a 747-400 which can take off at 845,000 pounds but lets just run with it - 84,000 pounds of armor and guns. Holy crap!) Now there is no chance of terrorists hijacking a plane. None at all. Now there are no lines and no security checks at the airport. Now you don't have to get cavity searched, stripped, delayed, or put on a no-fly list. Now your ability to travel is unimpeded. Now the aircraft is almost certain to reach either its destination or at least a nearby airport.
Me, I'd pay the 10%. Ignoring for the moment the INCREDIBLE amount of money the government has spent on completely USELESS "precautions" that DO NOT ADDRESS THE PROBLEM.
Come on. If everyone was armed, the odds of some loony standing up with a gun pulled are about zero. Because they'd get shot. About a hundred times. As they should be. To put a fine point on it, if they did draw a weapon, they'd only get to do it once, thus solving the entire problem right away.
The primary reason people feel free to act like idiots is because they know they won't be called on it. The more you depend on the government (in your example, air marshals) the more you give up. It's not worth it. I'm not willing to give up my right to be armed because you think it is the government's job to pad your cell. Since you and yours took away my right to carry a weapon, I found it useful to become one. Four martial arts and forty years later, I can kill or disable a threatening person with nothing but my limbs, and quickly, too. I regret the time having to have been spent, but at least I'm not subject to my babysitter-oriented government and the cowardly citizens that put it in place in order to ensure my personal safety and that of my family.
The government wasn't ever supposed to stand in for us being vigilant and protective of our families, land and possessions. Depending on them to do so is a terrible mistake that makes you more helpless and your family more likely to be victims. Police arrive after you've been assaulted 99.9% of the time, much like firemen. Just as it is your job not to set fire to your home in the first place, it is your job to prevent your family from being assaulted. Even on an aircraft. If you think it's OK to delegate that role to others, then you are a vastly different person than I am and we will never agree.
What part of "armor the skins and ports" did you not understand?
Nah. All you need to do is ensure that the outer pressure capsule isn't violated. You can do that with what amounts to a layer of cloth. There are all kinds of high-tech, very light armoring methods. It doesn't have to be a layer of steel or anything heavy. It can replace cosmetic internal plastic, too. Viewports can be replaced with lexan and similar goodness. Lighter than glass, not easily punctured by bullets.
Yes, it'd add weight; but not like you're thinking.
Write an input routine that cannot be overflowed; takes it's characters one at a time, counts them, makes sure each byte is counted if they're multibyte, stops before filling the return buffer and positively terminates said buffer, obeys length restrictions from the caller which are REQUIRED in order for the routine to work in the first place, and preferably enforces some kind of sanity on the data itself (I want an int... a float... a double... ASCII... Unicode... a complex number... a url... etc.)
Direct everything that takes data through this bottleneck. If you come up with a need for a new datatype, write it into the bottleneck. Don't write some new chunk that has to be maintained separately.
Your program should never be exposed to a string it doesn't like, can't handle, or contains anything that doesn't look like exactly what you asked for.
A similar approach is called for with regard to memory when using C. You should never let the OS manage memory using basic memory allocation controls. Provide, and mark boundaries on your memory. Track your use 100%. Check those boundaries for violations when the memory is being deallocated and at other times that seem prudent to you. At exit, call a general deallocator to clean up anything that is left over and scream bloody murder about if anything is found still allocated, and about any bounds that are written over. The time taken to write a fast memory allocator that watches for border excursions will be returned many times over in applications that don't leak, don't break and don't annoy your customers (or yourself.) You can, if you like, write this two ways: One for testing, where everything is turned on and will hair trigger, and one for release, where most of this stuff is off for speed... but frankly, you should keep everything on all the time, because your code should never screw up AND because a good reporting section will let you find a bug in about two seconds. And besides, it'll teach you to write fast memory allocation and testing code.
Write a powerful linked list system. Aside from the fact that it's a great exercise, it has tons of uses for memory management and again, will pay for the time taken many times over. These are typically very small in terms of the code required for all manner of sophisticated and cool list handling functions, as is a memory manager. Input validation isn't that simple, or at least, not as you add significant numbers of well checked datatypes, but it is so useful that even if it does take a hundred k of code (it won't, I'm exaggerating) it's still worth it.
One last thing: Don't use other people's code if they've buried input routines in it. Yes, that means that many objects are out of bounds. Tough. Man (or lady) up and write it yourself. If you don't know exactly what is in there, and you can't vouch that it is 100% safe, you have no business using it anyway.
If they actually wanted to solve this problem, they should have:
No hijacking can succeed in such a situation. You can't get at the pilots, and the pilots have no way of knowing what is going on in the cabin behind them, so you can't directly control the aircraft; you can't threaten the entire set of passengers at once, and consequently, someone will pop you before you can say in'shallah.
This also has the additional benefit of demonstrating the inherent value of the 2nd amendment. Because this would actually work, it would relieve the feds of the apparent need they have created to screw with legitimate citizens going about their normal activities. No fly lists; searches; long lines and delays; etc.
This doesn't solve straight up bombings, or at least, probably not most of them, but neither does anything else. Any intelligent and technical person could get a bomb onto an aircraft; it's just that intelligent and technical people generally won't pursue such stupidities. Anyway, exploding a bomb on an aircraft isn't something you can leverage into causing the kind of damage you can by using the aircraft itself as an aimed kinetic energy weapon.
ex post facto is laid out in section 9 of the constitution:
No Bill of Attainder or ex post facto Law shall be passed.
ex post facto encompasses four types of things, legally speaking:
There are a couple of ways that ex post facto has been violated that I am aware of. One is the creation of gun laws that remove 2nd amendment rights from those convicted of a felony prior to the enactment of those laws. As the removal of those rights was not part of the applied punishment at the time, adding the removal of 2nd amendment rights post-conviction is clearly ex post facto as in (3) above. Another is forcing those convicted of sexual or violent offenses to submit to listing on "predator" lists where such listing was not part of the punishment, or the law, at the time of the person's conviction. This action has been deemed "not punishment" by the USSC, and therefore not ex post facto, however any thinking person will view such listing as considerably punitive and I reject the USSC's rationale as sophist in the extreme. This also falls under (3), above.
Problems have already arisen as a consequence of the reasoning behind these constitutionally invalid laws. One you will be familiar with is the no-fly list. The reason you can be listed without any control of your own and no court hearing, is the reasoning behind the sexual and violent offender laws. The USSC said that "listing is not punishment" and they also said in the same ruling that "the state can list you on any list it likes if it says it has an interest" and importantly "consequences of listing are not the responsibility of the state." So: They list you without notice, hearing or ability to contest (just like a sexual/violent offender), you can't fly, whatever the consequences of this are — loss of job or business, failure to see your mom before she dies in hospital, inability to be there when your kid is born — that's your problem, not the state's. Similarly, if a person on the sexual / violent offender list can't live somewhere, gets mugged or killed, can't get a job, has their house egged, etc., the state says that they are not responsible for this and so... listing, they claim, is not punishment.
Of course, this very kind of reasoning has been struck down in courtroom after courtroom; "Yes, I pointed the gun, yes, I pulled the trigger, but I didn't put the gunpowder in the bullet so I say I'm not guilty of murder." US law has always broadly and consistently held that if you knowingly participate in an action or series of actions that you know are certain to bring disastrous results, then you are responsible. No court would ever let a criminal get away with the very reasoning that the USSC has brought to bear on these issues; yet, they think it is OK for them. Clearly, the intent of the ex post facto clause was to prevent the system from going back and hammering someone after they'd already had their day in court. And just as clearly, that's exactly what these laws do.
Where did you get the impression I was trying to speak for you? I'm unaware of any such agenda. I was speaking for me, as far as I know, with regard to what I like and can take advantage of. Please elaborate.
I have no objection at all to closed (or open) systems. Just poorly crafted ones. If I feel that linux ever gets to the level of quality and consistency that OSX has, I'll be happy to recommend it. I use it every day, so I'm sure I'd notice were it to ante up, as it were. Today, as far as I'm concerned, the only OS I am as comfortable recommending to a technical person as to my grandmother is OSX.
How I managed to write it while "knowing little about it" is just amazing to me. I guess that "million monkeys" thing really works for me. You're pretty funny, you know that? :)
No - it isn't. The easy way: buy a Mac. Set up accounts for your kid(s). Whitelist where you are willing to let them go. Sit with them as much as you can and expand the whitelist as appropriate. Whitelist their email contacts and their chat contacts. The result? There is no problem. They're as constrained as you want them to be, or not. Nothing horrifying can be accessed unless YOU say it can. This is easily done, and you should do it. As opposed to trying to get the entire world changed to reflect your sensibilities. I'll back you 100% as long as you're just adjusting your kids as you see fit. The very second you start to try to adjust mine, you're out of line. You can do this with your entire home network, regardless of what OS you use, by directing all HTTP and other access through squid on linux or something similar; we use squid at work to keep surfing to work-related sites. It is just as effective at making a whitelist for your kids, it just takes a little study. You wouldn't let your kids be root, would you?
Yes, sometimes it is. Freedom of speech is more important than victorian sensibilities (or lack thereof.) Every time we have "compromised" our rights, we have been screwed. No more.
No. Not at all. You missed the point entirely. Not being there to see that it doesn't happen, or arranging that specifically in your little world, it can't happen, is depending on someone else to do YOUR job, at the expense of everyone else's freedoms.
If, for whatever reason, you want your kid to be free to sit at the computer without encountering the real world, use a whitelist system to control browsing. No accidents will happen (unless YOU screw up the whitelist.) That's all you need to do. When your child is adult enough for you to accept the idea that they will not implode, become perverted, etc., upon encountering adult play, then you can open the whitelist. Or not; you are, after all, the responsible individual.
Take responsibility as a parent; you can have as much control as you like. Nothing is stopping you. However, if you decide that the government should control everything so that the world artificially looks the way you think it should for the benefit of your offspring, regardless of what anyone else thinks, then you've become the enemy of freedom. My kids don't need to have your ideals inflicted on them. If you try, I will oppose you.
(a) The notion is that putting everything sexual into a slot where one simple action at law can force one simple action at the DNS that shuts it all down is the problem -- it has nothing to do with the name. What is depressing to me is that you can't see it coming.
(b) It doesn't matter in the least if some people's idea is that pornography == sexuality. The important idea is that you don't get to tell me, and I don't get to tell you, what is interesting, stimulating, erotic or otherwise. Sexuality is personal. You concentrate on yours, everyone else will concentrate on theirs, and there won't be any reason for you to be depressed. As soon as you being to think that your (romantic, idealistic, whatever) idea of sexuality is "the thing for everyone", you've become the enemy of the people and then you have a reason to be depressed.
Comprende?
Because we're trying to use the new environment to move away from victorian (and worse) notions of self-appointed moral police proscribing everyone else's idea of what is OK, even if they're in the majority.
Let me fix that for you: ...create ghettos and put a lance right through the heart of equality.
And what do we do when the maniacs in congress legislate the ghetto out of existence? The political system is rigged; you know it and I know it; so if we let them back these people into this corner, what happens when they take that inevitable next step... "for the children"?
Yes, I would imagine the whole bloody bunch of you who have delegated the upbringing of your children in a padded world will be very pleased indeed. owning up to the responsibility of having children is so... tedious. Isn't it much nicer when the government does it for you?
First they came for the pornographers. But I was not a pornographer, so I said nothing.
Then they came for the others. But I was not them, either. I remained silent.
Then they came for me. And there was no one left to speak for me.
With apologies to the WWII ear personage who penned the original.
MISUSE OF MODERATION ABOVE - valid opinion, substantiated by the evidence and general cultural activity, mis-moderated as flamebait.
My understanding is that domain names are controlled in the USA. If that is correct, then US law can (and almost certainly will) make them move to xxx. If your choice is move or disappear, you'll move.
Remember, as one slashdot signature accurately has it: The root passwords to the US constitution are "thinkofthechildren" and "terrorist."
And of course, once they move, they can be censored. And they will be censored.
They're working to flood us with issues: loss of habeas corpus, ex post facto law and punishment, censorship, government support of religion, watering down science education and the cultivating of a newly gullible populace, wars of aggression, loss of 2nd amendment, commerce clause absurdities, phone tapping and mail opening and lists of enemies of the state (no-fly lists, no live here lists, no get job lists), torture, politics as a completely rigged shell game, theft of land for tax revenue... and it's working just fine. We can't fix any of this the usual way. The xxx industry is just going to be the latest casualty. Just ask yourself: Will you stand up and save them when the time comes? How many others? Don't hold your breath.
You missed:
Apparently resolving this isn't that simple. Otherwise, ad-aware (not to mention its innumerable brethren) wouldn't be one of the single-most downloaded applications for Windows, now would it? Norton and all the other "security vendors" wouldn't have anything to do either, would they? Do you see tons of users running for adware prevention or virus checkers or third party firewall software on the Mac/OSX the first day they get it? Or later? No - you don't. And why? Because it isn't needed. Those who have opted for the very few programs in those categories on the Mac have been scammed: because there is no such set of problems. Those problems are Windows problems.
And that is why that today, at least, OSX is better for the vast majority of end users. Not because it is better looking, though it certainly is. Not because it is easier to use, though it is that, too. Not because the hardware always works, though it does, and without any fussing around, too. But because it is easy, reliable, and doesn't continually force the user into a state of pissed-off fugue.
It used to be that because some applications were only developed for windows, that the Mac was accurately seen as a poor choice for some based on app availability. Today, with Parallels running exquisite sandboxed virtualizations on totally kick-ass hardware, you can run the serious windows apps you have to and then kill windows, tossing the OS state completely, keeping only user filesystem data and chopping off most Windows security problems at the neck while muttering, "Die, you #$%^er!" There's never been a better time to go OSX and say goodbye to the black hat hacker community.
As a matter of fact, I've probably spent more time looking at Windows source than most people outside of Microsoft. I'm the developer of a major Windows application, easily in the top 1% in terms of complexity and sophistication and 100% compatible through considerable effort across the various large scale Windows platforms, not just the ones you're probably familiar with, but also including all three of the RISC Windows versions, PPC, MIPS and Alpha. Apple's source has been comparatively easily available, and of course, linux source is 100% in our faces all the time. I've spent tons of time in all of them. We've successfully ported to all three operating systems - OSX/intel, OSX/ppc and linux - from Windows, and each time, we had to get a decent grasp on some fairly complex issues that required hundreds of hours of study of the OS code. As well as deal with Windows various problems. These range from various incarnations of Windows graphics UI's working backwards from one another across concurrently available versions to memory leaks and Microsoft's multi-year long failure to institute a check bounds on such prosaic items as the bloody system file dialog multiple-select results despite being told repeatedly about the problems. All of which nastiness we managed to navigate, and fix for them, since they couldn't get their act together enough to act responsibly. So yes, I have some vague idea what is going on inside these operating systems, thanks for asking.
Also, because of developing an application of such size and broad incarnation OS-wise, I have experience with a wide range of users. And that is what leads me to advise against Windows if at all possible. Users don't need extra problems. Computers are complex enough, and the idea that a user wants to tussle with OS design shortcomings has been false from the beginning. The subset of technical people who want to do that isn't even all that large, and in the application end-user space, they're just about non-existant. The absolute best answer at the present time is OSX. Buy the computer, turn it on, answer a few reasonable questions (like, What Is Your Name?) and you're running. Safely. Reliably. Enjoyably.
Are there more complex, more functional security models than *nix? Sure. Do we need them? Now that is another matter. When (actually if, because it hasn't been demonstrated yet) OSX is getting multiple disastrous hacks a day as is Windows, when Apple machines are being pwned right and left, Apple demonstrates it can't keep up a 'la Microsoft, and the *nix security model itself is shown to be insufficient to the task of keeping the user safe, then we can have a productive conversation about the security model perhaps needing a good thrashing. Until then, to drag out a really tired one, OSX apparently isn't broken and there's no indication it needs fixing.
I see you are having reading comprehension problems. Read again. Slowly. You may be able to determine that those are two different statements, with two different sets of requirements.
You know what? I don't have to "educate" users I point at Macs, because Macs work and are secure out of the box. Also, I don't mind in the least being characterized as a fan of systems that work. Don't worry too much about my technical abilities; I've been writing code and designing computer hardware since the early 1970's. One of the consequences of that is I am quite familiar with Windows, *nix, old Apple systems, OSX, and a bunch of earlier operating systems as well. And if there's one constant that's been the same since day one, it is that the less the user needs to know to use the computer safely, the better off they are.
You like Windows? Fine and dandy. I don't. I won't recommend the OS as a primary operating environment any longer under any circumstances. Virtualized in a sandbox, yes - when you need a particular application. Otherwise, no.
These aren't great solutions anyway. We're at a technological crossing; we have great electrical motors, but we're still stuck with shitty storage (batteries.)
When ultra-capacitors become widely available, batteries will go away, cars will be able to store enough energy to have 300-400 mile ranges, and the only reason to have a combustion engine in the car will be for emergency power (when you run out of electrons, which mostly, you won't.)
You watch. Ten years from now, the idea of having an internal combustion engine in a new vehicle will seem ludicrous.
I'm already vastly cheered by the idea of a car that has a 40 mile electrical range. 99%+ of my driving is under 40 miles cumulative every 7 days or so; if I remembered to plug it in once a week, I'd be covered. Lots of other people around here see the same kind of uses. Drive to work, the grocery store, the post office, occasionally the hardware store... and all of it within 10 short blocks. We only have ten blocks. :)
Bring it on.
Let me put it to you this way: I sell Windows software for a living. Not Mac-ware. Not yet. . Still, I recommend to everyone I know that they get a Mac. I can't, in good conscience, recommend Windows. Malware, yes, that's certainly a huge problem. DRM issues in Vista are another (such as degrading audio if unsigned.) Ridiculous license terms are another (no virtualization for home? Change your hardware, lose your authorization? ridiculous!) Constant reboots and restarts are another. Incorrect configuration out of the box is another - not just privileges, but what is running and what is not, what is turned on and what is not. As near as I can tell, the key Microsoft OS policy is "Wreck the user's day. Every day."