No kidding, this is about the sanest thing that's been done in the name of security in a long time, but people are so primed to hate any kind of security they're knee-jerking against this one too.
Guess what, people? The more smart security we have, the less dumb security we'll need.
It's the programmer and the language. Give the world's best carpenter a ball-peen hammer and ask him to build you a beautiful armoire, see what happens.
You can say now that they'll be much further next year, but until then "Which means that the language did the job very nicely" should be "Which would mean that the language did the job very nicely." If you put in a reminder of some sort to come back and say I told you so, I'd be more than happy to eat my words if they continue using C# and place in the top 33%. Hell, I'd even concede that you might be right if they manage the top 50%.
I say, however, that there is a right language for the job. Sure, there's overlap, but you don't implement your FFT in Perl when the problem is that you need the fastest FFT possible, you don't write a word-processor in assembly, and you don't write anything in Brainfuck even though they're all Turing-complete. Anyone who says you can do anything in any language is trying to justify using their favorite language for absolutely everything.
I have to respectfully disagree, and here's why: Their abstraction leaked on them. It's a soft abstraction, and it while doesn't explicitly guarantee that objects are "fire and forget" it implies it really, really hard, the same as PHP, Ruby, Bash and the like imply that you don't have to worry about type safety. The problem is, they're not, you do, and C# is so incredibly complex and abstracted it's nearly impossible to know what's actually happening.
On a hyperbolic note that's sure to get me flamed, I'm not sure exactly what it is, but every program I've ever interacted with that's written in C# has been poor quality, even the ones written by "professional" programmers. They have weird UI stuff that doesn't work, memory leaks, crashes, you name it. What causes it exactly, I couldn't say, but I know I wouldn't want a.NET pacemaker, no matter how much it won't segfault when it's parsing a string.
No, in C++ they would have had containers or references/pointers to the objects. They explicitly deleted the objects in their C# code--or so they thought. In C++ they would have actually deleted the object, and left a dangling pointer, if they made the exact same mistake. When they tried to call that, they'd either get a segfault, or depending on their code and memory manager, a pointer to the wrong object of the same type--which would be pretty subtle--or a pointer to the wrong type, leading again to an almost certain segfault.
Also, when you delete in C++, standard practice is to set the pointer to 0, which is safe to call delete on.
This kind of thing makes me so happy. Sure, it's not really a bug in C#, but this is even better, a perfect demonstration of how GC does next to nothing to prevent this type of bug, and instead fools people into complacency while making the bug much more subtle.
In my opinion there is a proper language level for nearly any task. For kernel programming, drivers, or RT stuff, C. User-level stuff is usually better in C++. Well, I'm a big fan of C++ and more comfortable there so I'll usually extend its range down to some lower-level work and sometimes I'll bang out a quick-and-dirty app or script type thing (lots of user input parsing and other things C++ isn't great at) in it too, even if it could be done better (yes, better as in higher quality) or faster in another language.
Anyway, although I could be making incredibly wrong assumptions about the nature of the problem, I'm pretty sure that C# wasn't the right language for the job. C# very nicely occupies the space between C++ level languages and scripting languages, but for a problem that involves probably no parsing whatsoever (it shouldn't, anyway), needs to be perfectly stable (in my experience GC apps are buggier, I'm not going to go off on that tangent now and explain, but it's been my experience), and have as deterministic runtime as possible, it's C or a subset of C++ (little to no STL) all the way. This paragraph was brought to you by Lisp.
This problem was caused by, I'm going to go out on a limb here and say the wrong language choice. If this was C/C++, there would have been a segfault (easy to debug--usually) or the old reference wouldn't have mattered at all. C#'s real strong point, its huge and well-integrated library, probably didn't help them out very much.
Every programmer who wants to call themselves a real programmer should learn as many languages in as wide a range as possible. Sure, have favorites, but that should mean trying to work in your language's realm, not extending it way beyond its range.
Exactamundo. And, since the game is so complex, you still get better (although in Eve, you get better instead of your character) with practice, so somebody who does that but never plays is still going to be basically worthless. Even better though, if you're smart you don't have to spend quite as much time on it.
Sorry man, but any MMORPG that allows exploits like the Guiding Hand Social Club's is incredible. I don't think there's another game out there that allows playing on that level.
But that's what I don't get! How is it so exciting to force someone that's scared you'll fire them to have flirt-have sex with you? I don't crush ants and go, "ooh look at me, I'm so POWERFUL!" If you were trying to feel your own power, it seems like bagging your boss would be the way to go.
Yup. For one, at that level, or with management in general, it's always sexual harassment. Well, sometimes it's gross incompetence. The harassment I don't get, though. I mean, if they want some free sex, couldn't they just go to a bar and say, "Yeah, I'm a VP of a multi-billion dollar corporation, and I make nine thousand dollars an hour. Let's take my jet and go screw in the hot tub at my 4th summer place."
Nope. It's like it's the opposite of the thrill of the hunt for them, preying on people who (they think) can't really defend themselves.
Plus, you just look at this guy and you know he's a complete pussy hound. The insecure type, that's always chasing it like it's the last piece he'll ever get. Just totally ruled by it, the poor thing.
Not their fault? This is four times. It shoudn't have even been able to happen once, but four times is just insane.
Yeah, it's a corporate data center. The data center my company's offsite servers are at is surrounded by concrete anti-ram poles, has 24-7 armed guards, forced entry alarms on all of the cages that notifies the owner of the cage, foot-thick actually reinforced concrete walls, alarms that call the police directly, and a security procedure with a call after any kind of suspicious behavior.
I'd consider that, along with a bunch of other stuff (biometric + keycard + pin + guard has to identify you by your ID and buzz you in to airlock-style doors) pretty good physical security. The thing is, that's a baseline for a colo data center. It's only about $500 a month (before bandwidth) for a full rack there, so it's not like this is some kind of super-expensive facility.
Although you'd be a fool to not check it out, physical security being part of the deal is assumed when you're talking about colocation.
OK, I went back and RTFA. It appears they do send a correct SEQ RST, along with one in the 12xxx range. The problem is, they send them, spoofed, in both directions. So, even if you did come up with a way to ignore valid RSTs when there was an invalid RST very nearby, you'd also have to make the remote host not honor RSTs from you.
And, of course, since they're your ISP, they can just stop delivering your traffic. I'd suggest letting everyone you possibly can know about this, hopefully get it into the papers in some form that Joe Sixpack can understand, or at least one that makes him mad, and wait for Comcast to backpedal. On the slower, but more effective front, there's class action lawsuits, and even slower but still more effective is legislation. That's really all you have available to you, since you most likely don't have a choice in providers.
Why wouldn't it have a valid sequence number? Don't they only need a single packet to get the proper sequence number? Wouldn't most TCP implementations throw away a sequence number that was so far off?
Slashdot Mirror
*ahem*
...
lol what?
P.S. Crack is cocaine.
No kidding, this is about the sanest thing that's been done in the name of security in a long time, but people are so primed to hate any kind of security they're knee-jerking against this one too.
Guess what, people? The more smart security we have, the less dumb security we'll need.
Really.
*blank stare*
I doubt this was on purpose, but it is an outstanding word. I propose that it means, "perfectly rational, if you are crazy."
I run Exchange servers, and yes, it means that the actual RAM (+ PF) is fragmented. It is not merely complaining about the page file.
You're right. We won't be able to fix problems today, so fuck it, let's just never fix them.
Is that a form of "ass burgers?"
You're right, they'd be looking for orbiting brain lasers.
It's the programmer and the language. Give the world's best carpenter a ball-peen hammer and ask him to build you a beautiful armoire, see what happens.
You can say now that they'll be much further next year, but until then "Which means that the language did the job very nicely" should be "Which would mean that the language did the job very nicely." If you put in a reminder of some sort to come back and say I told you so, I'd be more than happy to eat my words if they continue using C# and place in the top 33%. Hell, I'd even concede that you might be right if they manage the top 50%.
I say, however, that there is a right language for the job. Sure, there's overlap, but you don't implement your FFT in Perl when the problem is that you need the fastest FFT possible, you don't write a word-processor in assembly, and you don't write anything in Brainfuck even though they're all Turing-complete. Anyone who says you can do anything in any language is trying to justify using their favorite language for absolutely everything.
I have to respectfully disagree, and here's why: Their abstraction leaked on them. It's a soft abstraction, and it while doesn't explicitly guarantee that objects are "fire and forget" it implies it really, really hard, the same as PHP, Ruby, Bash and the like imply that you don't have to worry about type safety. The problem is, they're not, you do, and C# is so incredibly complex and abstracted it's nearly impossible to know what's actually happening.
On a hyperbolic note that's sure to get me flamed, I'm not sure exactly what it is, but every program I've ever interacted with that's written in C# has been poor quality, even the ones written by "professional" programmers. They have weird UI stuff that doesn't work, memory leaks, crashes, you name it. What causes it exactly, I couldn't say, but I know I wouldn't want a .NET pacemaker, no matter how much it won't segfault when it's parsing a string.
No, in C++ they would have had containers or references/pointers to the objects. They explicitly deleted the objects in their C# code--or so they thought. In C++ they would have actually deleted the object, and left a dangling pointer, if they made the exact same mistake. When they tried to call that, they'd either get a segfault, or depending on their code and memory manager, a pointer to the wrong object of the same type--which would be pretty subtle--or a pointer to the wrong type, leading again to an almost certain segfault.
Also, when you delete in C++, standard practice is to set the pointer to 0, which is safe to call delete on.
This kind of thing makes me so happy. Sure, it's not really a bug in C#, but this is even better, a perfect demonstration of how GC does next to nothing to prevent this type of bug, and instead fools people into complacency while making the bug much more subtle.
In my opinion there is a proper language level for nearly any task. For kernel programming, drivers, or RT stuff, C. User-level stuff is usually better in C++. Well, I'm a big fan of C++ and more comfortable there so I'll usually extend its range down to some lower-level work and sometimes I'll bang out a quick-and-dirty app or script type thing (lots of user input parsing and other things C++ isn't great at) in it too, even if it could be done better (yes, better as in higher quality) or faster in another language.
Anyway, although I could be making incredibly wrong assumptions about the nature of the problem, I'm pretty sure that C# wasn't the right language for the job. C# very nicely occupies the space between C++ level languages and scripting languages, but for a problem that involves probably no parsing whatsoever (it shouldn't, anyway), needs to be perfectly stable (in my experience GC apps are buggier, I'm not going to go off on that tangent now and explain, but it's been my experience), and have as deterministic runtime as possible, it's C or a subset of C++ (little to no STL) all the way. This paragraph was brought to you by Lisp.
This problem was caused by, I'm going to go out on a limb here and say the wrong language choice. If this was C/C++, there would have been a segfault (easy to debug--usually) or the old reference wouldn't have mattered at all. C#'s real strong point, its huge and well-integrated library, probably didn't help them out very much.
Every programmer who wants to call themselves a real programmer should learn as many languages in as wide a range as possible. Sure, have favorites, but that should mean trying to work in your language's realm, not extending it way beyond its range.
Exactamundo. And, since the game is so complex, you still get better (although in Eve, you get better instead of your character) with practice, so somebody who does that but never plays is still going to be basically worthless. Even better though, if you're smart you don't have to spend quite as much time on it.
Sorry man, but any MMORPG that allows exploits like the Guiding Hand Social Club's is incredible. I don't think there's another game out there that allows playing on that level.
Thank you.
Why? And, basically the same question, less than 70kb per what?
But that's what I don't get! How is it so exciting to force someone that's scared you'll fire them to have flirt-have sex with you? I don't crush ants and go, "ooh look at me, I'm so POWERFUL!" If you were trying to feel your own power, it seems like bagging your boss would be the way to go.
Guess that's why I'm not a CXO.
Yup. For one, at that level, or with management in general, it's always sexual harassment. Well, sometimes it's gross incompetence. The harassment I don't get, though. I mean, if they want some free sex, couldn't they just go to a bar and say, "Yeah, I'm a VP of a multi-billion dollar corporation, and I make nine thousand dollars an hour. Let's take my jet and go screw in the hot tub at my 4th summer place."
Nope. It's like it's the opposite of the thrill of the hunt for them, preying on people who (they think) can't really defend themselves.
Plus, you just look at this guy and you know he's a complete pussy hound. The insecure type, that's always chasing it like it's the last piece he'll ever get. Just totally ruled by it, the poor thing.
Then again, I could be completely wrong.
Weird. a@a.a worked.
They don't validate the e-mail address.
Not their fault? This is four times. It shoudn't have even been able to happen once, but four times is just insane.
Yeah, it's a corporate data center. The data center my company's offsite servers are at is surrounded by concrete anti-ram poles, has 24-7 armed guards, forced entry alarms on all of the cages that notifies the owner of the cage, foot-thick actually reinforced concrete walls, alarms that call the police directly, and a security procedure with a call after any kind of suspicious behavior.
I'd consider that, along with a bunch of other stuff (biometric + keycard + pin + guard has to identify you by your ID and buzz you in to airlock-style doors) pretty good physical security. The thing is, that's a baseline for a colo data center. It's only about $500 a month (before bandwidth) for a full rack there, so it's not like this is some kind of super-expensive facility.
Although you'd be a fool to not check it out, physical security being part of the deal is assumed when you're talking about colocation.
Well, if it really happens maybe those movies aren't quite as silly as you thought.
I mean, yeah, they're stupid ... but it's harder to claim they're unrealistic now.
Your HDD couldn't write 800KBps?
OK, I went back and RTFA. It appears they do send a correct SEQ RST, along with one in the 12xxx range. The problem is, they send them, spoofed, in both directions. So, even if you did come up with a way to ignore valid RSTs when there was an invalid RST very nearby, you'd also have to make the remote host not honor RSTs from you.
And, of course, since they're your ISP, they can just stop delivering your traffic. I'd suggest letting everyone you possibly can know about this, hopefully get it into the papers in some form that Joe Sixpack can understand, or at least one that makes him mad, and wait for Comcast to backpedal. On the slower, but more effective front, there's class action lawsuits, and even slower but still more effective is legislation. That's really all you have available to you, since you most likely don't have a choice in providers.
Why wouldn't it have a valid sequence number? Don't they only need a single packet to get the proper sequence number? Wouldn't most TCP implementations throw away a sequence number that was so far off?