Most of those displays are MPG for all fuel through the system since the last time you reset the average mpg display not the trip odometer. There are times when you do a lot of in town driving and then are times when you take highway trips... If you reset it each time you fill up the gas tank it will be much closer to that actual mpg when you figure it up for that tank of gas.
FYI - they typically only average the last 500 miles; not sure if that means they only do 800 km (500 miles) or 500 km for those using metric.
They don't infinitely calculate it and in many (like my 2010 Dodge Grand Caravan) you can't reset it.
I expect there to be outrage here on slashdot. But think about it. How is this really different from, lets say, Lockheed Martin designing the F-35 and storing all the design data associated with it. Sure, they're not a "private cloud vendor", but they're probably running a bunch of servers for this purpose. So "top secret cloud" is already happening.
Bingo. Amazon has been hiring people with sec. clearance for quite some time. These DoD clouds are not stuff deployed on typical heroku or AWS, but cloud infrastructure deployed on secured facilities.
I blame the term "the cloud", too amorphous of a term to mean just about anything.
Reality is that they're only replacing existing DoD contractors that are already providing theses services but at a much higher cost. This just opens the playing field up a bit more. That's all this is about - helping reduce costs on existing services.
Exactly. Secrets need to be kept in house, and even then they're not totally secure.
Give it to a contractor and even the most idiot person in the world will understand that there is a 99% chance you'll find that info spilled on the internet. I guess nothing stands in the way of cost reductions to zero eh ? Stupidity all around.
That is stupid. The same can be said for disgruntled employees. When we are talking contractors in a DoD setting, we are not talking about Infosys handing over work to someone overseas, but:
a bunch of US Citizens of different technical backgrounds already with sufficient clearance,
that works for a defense contractor,
for a very specific project
under non-negotiable guidelines of security
AT facilities physically vetted for the necessary clearance
Nothing on that list will prevent someone from leaking stuff out to the interweeds, but to presume that under those conditions there is a 99% change of that (as you said), that is just nonsense.
Not all cleared personnel are US citizens; but the higher the clearance the more likely that is the case.
No, actually they are often masters of BS, at least BS good enough for the short-term.
This isn't a matter of having a degree in BSing; it's a matter of racial prejudice and promotion. I've seen it at several other "Indian" firms as well; and typically the positions are written such that only people from their Indian offices qualify so that they can pump them into their US branches under H1Bs. There's a strategy to it; however subtle they may try to make it.
In TFA is true, then the recruiters are trying to call them out on it, and Good for them for doing so.
I also have not heard of people still using software on Linux and Mac that is as old as stuff that people depend on with a Windows system. It probably stemmed from Microsoft's strong stance on keeping backward compatibility for as long as they can and not breaking old software. Now people out there rely on some unique and old piece of code that doesn't have a modern equivalent and will become upset with Microsoft if it breaks.
Some truth. In part...
...for Linux you can typically get the source so someone keeps it up to date/forks/etc, or you have a vendor and you know it's the vendor's issue, not your distro's. So people don't complain about Linux and the distros that way, they'll complain about the vendor.
...for Mac, they just really don't keep APIs around terribly long. So Apple users are use to having to get new software or updated software on every change to the OS since its inception.
But that goes exactly to what I was saying - the developers for Linux just expect that the system will do the right thing or be fixed; so they continue to the APIs available, and keep them up to date. Same generally goes for Mac.
Where as Windows devs don't expect MS to fix anything, and MS tries to protect the Windows devs from everything; so bugs get baked in and then relied upon - what at one time could have been fixed, no longer can be. If you recall the "Compatibility Modes" that MS started with Windows XP, this was in large part why. It wasn't a simple "present X version of the APIs"; it was a "present X version of APIs and apply patches A, B and C to achieve behaviour D that was in API version X-1 and fixed in API version X+1". How did MS discover this info? Windows Error Reporting - where they fix bugs for you.
The problem is that the data collection is assuming the same user by trying to associate different things. However, we tend to share systems more, making it extremely difficult to validate that any given "user" is the same "user". It's the same as any authentication problem where more than one person uses the same credentials.
And that doesn't even get into the multi-faceted view of the human psyche - we where different hats at different times for different activities, and those don't always jive well together; in fact, they're often in conflict with each other - a conflict that even us non-computers have a hard time justifying, let alone trying to code it up into a way that computers could figure it out.
All-in-all, this completely screws up the "contextual" part. Whether because the account is being used by several literal people (Jane, Bob, Sue, and Alfonso), or several figurative people (Jane as Jane, Jane as Janie, Jane as Jan, etc) all using the same accounts.
Actually there isn't and never has been. Let's see you post a link about it then, one that doesn't just point to speculation or to some hacked together fan version of Windows.
Well...programmers tend to be more introverted than most of society; and there's fewer introverts in the female gender - women are a very social gender. But that's about the only "biological" argument that could be made - the programming culture is just not very suitable to attracting women.
All said though, the culture is slowly shifting to more amenable; but it's still going to take quite some time.
This has everything to do with bad programming, and no Mac and Linux are most definitely not immune from this either.
True. The difference is one of philosophy: Microsoft believes that if an application incorrectly relies on behavior that appeared in a release of Windows, then it's the OS's responsibility to support that application. Mac and Linux work on the philosophy that it's the application's responsibility to correct the bug.
Wrong.
Microsoft takes the appraoch that Developers are dumb so they do a lot of things to protect developers from themselves, developers. But once they release an API, they keep it written in stone, even if it is buggy. Developers have in turn relied on this and add work-arounds in the applications; which has further pushed Microsoft into maintaining those broken interfaces.
In contrast, Mac/Linux/UNIX developers do not expect APIs to maintain compatibility between major versions of libraries or OS releases. They're more expected to report issues so that those issues can be resolved by the libraries that they appear in. So developers can rely more on the libraries to do the right thing, provide nicer interfaces that make it easier to do the applications. They also do not try to protect developers from themselves - developers can easily blow up the system.
Almost all of the results in the search are Java applications. Java doesn't provide access to the specified API. The only way you can do it is with System.getProperty("os.name") and System.getProperty("os.version") which both return strings.
Well, the only way you can do it without adding C-bindings to utilize teh Win32 API from within Java.
It's just the most lazy programmers - which Java probably tends to attract - that do that dumb method.
(I had uniformed people swear to me that they were on Win2K because they were running WinME
When they released Windows 2000 there was suppose to be a Consumer Edition (CE) version. However, it was drastically behind schedule and didn't make the cut when Windows 2000 (Profession, Server, etc) was released. Windows ME came from that; and most likely was just a release to get a release out; short-cutting much. I go from that due to all the changes in errors and other things - Windows ME was based on 9x, but it was also a heavy integration of the NT source into it. So there's truth both ways; and the mixed status of its integration is probably why it ended up with the reputation that it had - it wasn't really finished.
An incredible Number of windows developers do not know how to check versions. I.e if major>=5 AND minor>=1. In this case there are apps that check version by retrieving the OS name string I.e Windows 7. This was a popular but incorrect way to check if running on Windows 9x
Neither do you apparently because Windows does not split them apart. It uses a 16-bit hex value - 0x0601 is version 6.1. So the check is simply "version > 0x0600" to detect anything newer than Widnows Vista.
It's how Java exposes the OS name to its users. If you look in that list, that os.name property is a native Java function. The Java library itself probably goes through all the BS required to get that, instead of the version number or some other more reliable method to see if your stuff will run.
If they actually tried to do the proper Windows version lookup then they would have not used taht java interface. Instead, they took the chean, easy way out and now it's biting them.
Yes but you're the ideal 'unlimited' customer. You do most of your data on WiFi and don't really use much otherwise while traveling.
For the time being yes; but primarily b/c I'm not use to having it. As that changes, habits will change. I'm also planning on writing a number of apps that while they won't be any where near Netflix like usage, they will be ideal with regular usage. So again, that will change over time.
The 'bad' unlimited customer is a road warrior that has work VPN running for 8-10 hours a day and personal streaming, netflix, torrents, downloads, etc. running the remainder of his/her personal time. My office PC has pushed 4.3GB in the past 6 days for example. It might be a bit less if I was on a cellular connection but...not by much.
From experience in other areas, pushing that kind of data usage via cellular or wireless in general is typically not a very good practice. A system I use to work on had cellular connections so that we could support it; supporting it would generally each through those data caps very quickly, and bills easily racked up. Not because of the system itself; but b/c of the data we had to either push or pull from the system, and some computers in the system were Windows-based so RDP and other factors came in as well. It was easy to surpass 1GB in an hour; and we delivered these systems internationally.
So if you really need that kind of data pipe, it's best to really be where you have a wired connection when you can. But if you can't, then you're really looking at a different class of service to start with, with a dedicated data modem instead of a data/voice connection - you'll be able to get higher speeds that way as well, and probably get better rates. It still won't necessarily be cheap though.
I wish T-mobile's "unlimited" throttle gave you something good enough for web browsing.
When you hit the cap, they fucking throttle you to 2400 bps and you can barely check email with it.
We're doing the $50 T-mobile plan with a second for $30. When I first looked at it 6 months ago the limit was 200 MB. When we signed up in August it was 1GB. When we got our first bill it was 3GB. So yeah...effectively unlimited.
Now we didn't even broach 300MB between both phones for our first billing period; but then, we're not use to having a data plan either - this is the first we've had one of any kind. But needless to say, T-Mobile is way ahead of us on the Unlimited thing. We'll see how the next bill comes out for usage as I accidentally watched a portion of a Netflix movie on my phone via data instead of via WiFi the other day; so I probably used a good portion of the 3GB, but will still probably be below the "limit".
Also just to note, T-mobile's "unlimited" offering of this nature is exactly why we switched to T-mobile in August from AT&T where we never had any data/text on our plans b/c I refused to pay their extortionist rates.
...is that you force everyone to follow the letter of the law instead of the intent of the law. One reason why "plain English" laws are better for the populous even though they may be harder for the lawyers and the courts.
// Is this because he hasn't a clue about science or because he is catering to a particular political base?
Both, I don't know, either.
There are numerous reasons for the UK to still teach Imperial, many of which benefit businesses.
For example, the Railway system in the UK uses Miles+Chains (Reason: Historical so that they can keep accurate records of the track maintenance; it would take more paperwork than a even a Vorgon would care for to change it). It's beneficial for anyone dealing with the railway system to understand what those are.
I'm sure you'll find similar things in other parts of the UK economy as well.
...as one G+ commentator put it, the old joke of "why is 6 afraid of 7? B/c 7 ate 9" won't be had for Windows. It'll probably still be true though that Win7 will fair better than Windows 10.
>Right now if they ground up the waste and vented it into the atmosphere it would be less damaging than that caused by coal mining, megawatt for megawatt.
The Fukushima and Chernobyl exclusion zones would show that to be extreme hyperbole. Grab a tent and go live for a month a mile from a coal burning plant in a field, and then try the same thing a mile from Pripyat and let me know how that goes for you.
IIRC, You can safely walk around Chernobyl without fear of radiation now. They've been using it as a study on the effects of a meltdown, and how the environment reacts when human kind leaves.
The right's basic mechanism is, when caught lying (or even just wrong), never ever admit it, just double down on the error and increase the PR. Have you ever heard the rightwing echo chamber admit they were ever wrong?
Have tyou heard the left admit they were wrong either? It's a problem on both sides of the aisle.
So brilliant programming languages do not permit eval($ENV["FOO"])?
Correct, because good programming languages don't have anything like eval().
Normally, in a decent programming language, if you're convinced you really need to execute unknown-until-runtime code, the first step is to get over your misconception. If you're unable to get over the misconception, then you do something like
fopen('tmp.c'); fwrite... fclose, system('cc variousflags tmp.c'); system('tmp'); and then you spend the next few weeks worrying about how awful what you did was, and rethink your unnecessary "need" to run generated code.
eval() is not C or C++. It's Bourne Shell, and it's a necessary evil for a Shell language to have.
That said:
What makes you think Windows doesn't have problems like this?
They did. But it is a long time since that last vulnerability on this scale. Following the embarrassing Nimda and Code Red (and many vulnerabilities in IIS), Microsoft started it's "security push". The central part of that is the Secure Development Lifecycle (SDL) which as a collection of processes, methodologies, tooling, mandatory education, guidance and mandatory threat modelling, reviews and auditing.
OSS has SDL too, primarily due to very extensive use by many projects of code testing (f.e autotest), Coverity testing (provided for free to OSS projects), use of Valgrind, and more. OSS projects generally have far more testing involved with them than closed projects, in part b/c people report bugs and those bugs become tests in the project's test suite.
And with companies like Red Hat, Coverity, etc providing more influential secure coding testing and fixing patches (Red Hat, Debian, etc) it probably gets done more often.
But let's not also forget in OSS patches tend to stay in the code; where MIcrosoft has a long history of applying a fix in one patch, undoing it in the next, and having to repatch over and over again (see the WMF bugs, repatched from Win NT4 through Windows 7, if even Windows 8, e.g after SDL was implemented).
The difference is that being open source third parties can review the code and find problems. There is no way to keep them secret and from the public.
That all fine and dandy. Only, these bugs (the original Shellshock and these later) have existed for 22+ years! During all that time, nobody (we hope) "reviewed the code and found problems". So, if there were any third parties looking at the source, they failed miserably (or sold exploit information on the black market).
Look, there have been bugs found in old MS code as well. A few years back there was a vulnerability in the old DOS emulation code.
It is time to let the myth of the many eyes die. The community is not going to help you by reviewing code unless you *pay* them to do so. It is the most boring discipline of developing code, and nobody does it out of interest.
A company like Microsoft can *pay* people to review and audit code. A big part of SDL is exactly those supporting roles and checks/gates. The open source community must wake up and set up foundations OpenSSL style and start asking those who reap the biggest benefits for some funding.
Companies like Coverity provide it for free to OSS projects, and companies like Red Hat and Canonical pay for it as well. The OSS community has the practices and reviews in place on many projects; there's a few, like OpenSSL, that have slipped through due to the structure of the teams surrounding them. For OpenSSL many probably assumed that since OpenSSL was FIPS certified that things were being done in the OSS branch too; Heartbleed revealed that assumption to be false and now we have LibreSSL as a result where the norms for OSS projects are being applied.
Also, fixes were pushed out within hours of notification.
Do you really want to go there, given the incomplete patches and host of related problems which could have been found had the maintainers taken more time?
Part of SDL in Microsoft is exactly a process where, when a vulnerability has been reported, they must take time to analyze if there are related or similar vulnerabilities, what impact a patch could have. On top of that they have a gigantic test farm where they test for compatibility with a huge number of popular software applications.
Essentially, what Microsoft does *internally* and prior to releasing information on the bug, is now what for bash takes place *externally* (external security researchers) and *after* the vulnerability info was released.
Look at it this way - projects release the fixes very
Slashdot Mirror
Most of those displays are MPG for all fuel through the system since the last time you reset the average mpg display not the trip odometer. There are times when you do a lot of in town driving and then are times when you take highway trips... If you reset it each time you fill up the gas tank it will be much closer to that actual mpg when you figure it up for that tank of gas.
FYI - they typically only average the last 500 miles; not sure if that means they only do 800 km (500 miles) or 500 km for those using metric.
They don't infinitely calculate it and in many (like my 2010 Dodge Grand Caravan) you can't reset it.
I expect there to be outrage here on slashdot. But think about it. How is this really different from, lets say, Lockheed Martin designing the F-35 and storing all the design data associated with it. Sure, they're not a "private cloud vendor", but they're probably running a bunch of servers for this purpose. So "top secret cloud" is already happening.
Bingo. Amazon has been hiring people with sec. clearance for quite some time. These DoD clouds are not stuff deployed on typical heroku or AWS, but cloud infrastructure deployed on secured facilities.
I blame the term "the cloud", too amorphous of a term to mean just about anything.
Reality is that they're only replacing existing DoD contractors that are already providing theses services but at a much higher cost. This just opens the playing field up a bit more. That's all this is about - helping reduce costs on existing services.
Nothing like setting oneself up for failure.
Exactly. Secrets need to be kept in house, and even then they're not totally secure. Give it to a contractor and even the most idiot person in the world will understand that there is a 99% chance you'll find that info spilled on the internet. I guess nothing stands in the way of cost reductions to zero eh ? Stupidity all around.
That is stupid. The same can be said for disgruntled employees. When we are talking contractors in a DoD setting, we are not talking about Infosys handing over work to someone overseas, but:
Nothing on that list will prevent someone from leaking stuff out to the interweeds, but to presume that under those conditions there is a 99% change of that (as you said), that is just nonsense.
Not all cleared personnel are US citizens; but the higher the clearance the more likely that is the case.
No, actually they are often masters of BS, at least BS good enough for the short-term.
This isn't a matter of having a degree in BSing; it's a matter of racial prejudice and promotion. I've seen it at several other "Indian" firms as well; and typically the positions are written such that only people from their Indian offices qualify so that they can pump them into their US branches under H1Bs. There's a strategy to it; however subtle they may try to make it.
In TFA is true, then the recruiters are trying to call them out on it, and Good for them for doing so.
I also have not heard of people still using software on Linux and Mac that is as old as stuff that people depend on with a Windows system. It probably stemmed from Microsoft's strong stance on keeping backward compatibility for as long as they can and not breaking old software. Now people out there rely on some unique and old piece of code that doesn't have a modern equivalent and will become upset with Microsoft if it breaks.
Some truth. In part...
...for Linux you can typically get the source so someone keeps it up to date/forks/etc, or you have a vendor and you know it's the vendor's issue, not your distro's. So people don't complain about Linux and the distros that way, they'll complain about the vendor.
...for Mac, they just really don't keep APIs around terribly long. So Apple users are use to having to get new software or updated software on every change to the OS since its inception.
But that goes exactly to what I was saying - the developers for Linux just expect that the system will do the right thing or be fixed; so they continue to the APIs available, and keep them up to date. Same generally goes for Mac.
Where as Windows devs don't expect MS to fix anything, and MS tries to protect the Windows devs from everything; so bugs get baked in and then relied upon - what at one time could have been fixed, no longer can be. If you recall the "Compatibility Modes" that MS started with Windows XP, this was in large part why. It wasn't a simple "present X version of the APIs"; it was a "present X version of APIs and apply patches A, B and C to achieve behaviour D that was in API version X-1 and fixed in API version X+1". How did MS discover this info? Windows Error Reporting - where they fix bugs for you.
...is who said what and did what. There's simply not enough info to say.
The problem is that the data collection is assuming the same user by trying to associate different things. However, we tend to share systems more, making it extremely difficult to validate that any given "user" is the same "user". It's the same as any authentication problem where more than one person uses the same credentials.
And that doesn't even get into the multi-faceted view of the human psyche - we where different hats at different times for different activities, and those don't always jive well together; in fact, they're often in conflict with each other - a conflict that even us non-computers have a hard time justifying, let alone trying to code it up into a way that computers could figure it out.
All-in-all, this completely screws up the "contextual" part. Whether because the account is being used by several literal people (Jane, Bob, Sue, and Alfonso), or several figurative people (Jane as Jane, Jane as Janie, Jane as Jan, etc) all using the same accounts.
Actually there isn't and never has been. Let's see you post a link about it then, one that doesn't just point to speculation or to some hacked together fan version of Windows.
No link; and I no longer have access to the CD.
Well...programmers tend to be more introverted than most of society; and there's fewer introverts in the female gender - women are a very social gender. But that's about the only "biological" argument that could be made - the programming culture is just not very suitable to attracting women.
All said though, the culture is slowly shifting to more amenable; but it's still going to take quite some time.
This has everything to do with bad programming, and no Mac and Linux are most definitely not immune from this either.
True. The difference is one of philosophy: Microsoft believes that if an application incorrectly relies on behavior that appeared in a release of Windows, then it's the OS's responsibility to support that application. Mac and Linux work on the philosophy that it's the application's responsibility to correct the bug.
Wrong.
Microsoft takes the appraoch that Developers are dumb so they do a lot of things to protect developers from themselves, developers. But once they release an API, they keep it written in stone, even if it is buggy. Developers have in turn relied on this and add work-arounds in the applications; which has further pushed Microsoft into maintaining those broken interfaces.
In contrast, Mac/Linux/UNIX developers do not expect APIs to maintain compatibility between major versions of libraries or OS releases. They're more expected to report issues so that those issues can be resolved by the libraries that they appear in. So developers can rely more on the libraries to do the right thing, provide nicer interfaces that make it easier to do the applications. They also do not try to protect developers from themselves - developers can easily blow up the system.
Almost all of the results in the search are Java applications. Java doesn't provide access to the specified API. The only way you can do it is with System.getProperty("os.name") and System.getProperty("os.version") which both return strings.
Well, the only way you can do it without adding C-bindings to utilize teh Win32 API from within Java. It's just the most lazy programmers - which Java probably tends to attract - that do that dumb method.
(I had uniformed people swear to me that they were on Win2K because they were running WinME
When they released Windows 2000 there was suppose to be a Consumer Edition (CE) version. However, it was drastically behind schedule and didn't make the cut when Windows 2000 (Profession, Server, etc) was released. Windows ME came from that; and most likely was just a release to get a release out; short-cutting much. I go from that due to all the changes in errors and other things - Windows ME was based on 9x, but it was also a heavy integration of the NT source into it. So there's truth both ways; and the mixed status of its integration is probably why it ended up with the reputation that it had - it wasn't really finished.
There was not a Windows 97, unless you could the things cobbled together by wannabe-hacker kids.
Actually there was, but no released to US/Europe. I've seen it.
An incredible Number of windows developers do not know how to check versions. I.e if major>=5 AND minor>=1. In this case there are apps that check version by retrieving the OS name string I.e Windows 7. This was a popular but incorrect way to check if running on Windows 9x
Neither do you apparently because Windows does not split them apart. It uses a 16-bit hex value - 0x0601 is version 6.1. So the check is simply "version > 0x0600" to detect anything newer than Widnows Vista.
It's how Java exposes the OS name to its users. If you look in that list, that os.name property is a native Java function. The Java library itself probably goes through all the BS required to get that, instead of the version number or some other more reliable method to see if your stuff will run.
If they actually tried to do the proper Windows version lookup then they would have not used taht java interface. Instead, they took the chean, easy way out and now it's biting them.
Yes but you're the ideal 'unlimited' customer. You do most of your data on WiFi and don't really use much otherwise while traveling.
For the time being yes; but primarily b/c I'm not use to having it. As that changes, habits will change. I'm also planning on writing a number of apps that while they won't be any where near Netflix like usage, they will be ideal with regular usage. So again, that will change over time.
The 'bad' unlimited customer is a road warrior that has work VPN running for 8-10 hours a day and personal streaming, netflix, torrents, downloads, etc. running the remainder of his/her personal time. My office PC has pushed 4.3GB in the past 6 days for example. It might be a bit less if I was on a cellular connection but...not by much.
From experience in other areas, pushing that kind of data usage via cellular or wireless in general is typically not a very good practice. A system I use to work on had cellular connections so that we could support it; supporting it would generally each through those data caps very quickly, and bills easily racked up. Not because of the system itself; but b/c of the data we had to either push or pull from the system, and some computers in the system were Windows-based so RDP and other factors came in as well. It was easy to surpass 1GB in an hour; and we delivered these systems internationally.
So if you really need that kind of data pipe, it's best to really be where you have a wired connection when you can. But if you can't, then you're really looking at a different class of service to start with, with a dedicated data modem instead of a data/voice connection - you'll be able to get higher speeds that way as well, and probably get better rates. It still won't necessarily be cheap though.
I wish T-mobile's "unlimited" throttle gave you something good enough for web browsing.
When you hit the cap, they fucking throttle you to 2400 bps and you can barely check email with it.
We're doing the $50 T-mobile plan with a second for $30. When I first looked at it 6 months ago the limit was 200 MB. When we signed up in August it was 1GB. When we got our first bill it was 3GB. So yeah...effectively unlimited.
Now we didn't even broach 300MB between both phones for our first billing period; but then, we're not use to having a data plan either - this is the first we've had one of any kind. But needless to say, T-Mobile is way ahead of us on the Unlimited thing. We'll see how the next bill comes out for usage as I accidentally watched a portion of a Netflix movie on my phone via data instead of via WiFi the other day; so I probably used a good portion of the 3GB, but will still probably be below the "limit".
Also just to note, T-mobile's "unlimited" offering of this nature is exactly why we switched to T-mobile in August from AT&T where we never had any data/text on our plans b/c I refused to pay their extortionist rates.
...is that you force everyone to follow the letter of the law instead of the intent of the law. One reason why "plain English" laws are better for the populous even though they may be harder for the lawyers and the courts.
// Is this because he hasn't a clue about science or because he is catering to a particular political base?
Both, I don't know, either.
There are numerous reasons for the UK to still teach Imperial, many of which benefit businesses.
For example, the Railway system in the UK uses Miles+Chains (Reason: Historical so that they can keep accurate records of the track maintenance; it would take more paperwork than a even a Vorgon would care for to change it). It's beneficial for anyone dealing with the railway system to understand what those are.
I'm sure you'll find similar things in other parts of the UK economy as well.
...as one G+ commentator put it, the old joke of "why is 6 afraid of 7? B/c 7 ate 9" won't be had for Windows. It'll probably still be true though that Win7 will fair better than Windows 10.
>Right now if they ground up the waste and vented it into the atmosphere it would be less damaging than that caused by coal mining, megawatt for megawatt.
The Fukushima and Chernobyl exclusion zones would show that to be extreme hyperbole. Grab a tent and go live for a month a mile from a coal burning plant in a field, and then try the same thing a mile from Pripyat and let me know how that goes for you.
IIRC, You can safely walk around Chernobyl without fear of radiation now. They've been using it as a study on the effects of a meltdown, and how the environment reacts when human kind leaves.
The right's basic mechanism is, when caught lying (or even just wrong), never ever admit it, just double down on the error and increase the PR. Have you ever heard the rightwing echo chamber admit they were ever wrong?
Have tyou heard the left admit they were wrong either? It's a problem on both sides of the aisle.
Correct, because good programming languages don't have anything like eval().
Normally, in a decent programming language, if you're convinced you really need to execute unknown-until-runtime code, the first step is to get over your misconception. If you're unable to get over the misconception, then you do something like fopen('tmp.c'); fwrite... fclose, system('cc variousflags tmp.c'); system('tmp'); and then you spend the next few weeks worrying about how awful what you did was, and rethink your unnecessary "need" to run generated code.
eval() is not C or C++. It's Bourne Shell, and it's a necessary evil for a Shell language to have. That said:
So what again was your point?
What makes you think Windows doesn't have problems like this?
They did. But it is a long time since that last vulnerability on this scale. Following the embarrassing Nimda and Code Red (and many vulnerabilities in IIS), Microsoft started it's "security push". The central part of that is the Secure Development Lifecycle (SDL) which as a collection of processes, methodologies, tooling, mandatory education, guidance and mandatory threat modelling, reviews and auditing.
OSS has SDL too, primarily due to very extensive use by many projects of code testing (f.e autotest), Coverity testing (provided for free to OSS projects), use of Valgrind, and more. OSS projects generally have far more testing involved with them than closed projects, in part b/c people report bugs and those bugs become tests in the project's test suite.
And with companies like Red Hat, Coverity, etc providing more influential secure coding testing and fixing patches (Red Hat, Debian, etc) it probably gets done more often.
But let's not also forget in OSS patches tend to stay in the code; where MIcrosoft has a long history of applying a fix in one patch, undoing it in the next, and having to repatch over and over again (see the WMF bugs, repatched from Win NT4 through Windows 7, if even Windows 8, e.g after SDL was implemented).
The difference is that being open source third parties can review the code and find problems. There is no way to keep them secret and from the public.
That all fine and dandy. Only, these bugs (the original Shellshock and these later) have existed for 22+ years! During all that time, nobody (we hope) "reviewed the code and found problems". So, if there were any third parties looking at the source, they failed miserably (or sold exploit information on the black market).
Look, there have been bugs found in old MS code as well. A few years back there was a vulnerability in the old DOS emulation code.
It is time to let the myth of the many eyes die. The community is not going to help you by reviewing code unless you *pay* them to do so. It is the most boring discipline of developing code, and nobody does it out of interest.
A company like Microsoft can *pay* people to review and audit code. A big part of SDL is exactly those supporting roles and checks/gates. The open source community must wake up and set up foundations OpenSSL style and start asking those who reap the biggest benefits for some funding.
Companies like Coverity provide it for free to OSS projects, and companies like Red Hat and Canonical pay for it as well. The OSS community has the practices and reviews in place on many projects; there's a few, like OpenSSL, that have slipped through due to the structure of the teams surrounding them. For OpenSSL many probably assumed that since OpenSSL was FIPS certified that things were being done in the OSS branch too; Heartbleed revealed that assumption to be false and now we have LibreSSL as a result where the norms for OSS projects are being applied.
Also, fixes were pushed out within hours of notification.
Do you really want to go there, given the incomplete patches and host of related problems which could have been found had the maintainers taken more time?
Part of SDL in Microsoft is exactly a process where, when a vulnerability has been reported, they must take time to analyze if there are related or similar vulnerabilities, what impact a patch could have. On top of that they have a gigantic test farm where they test for compatibility with a huge number of popular software applications.
Essentially, what Microsoft does *internally* and prior to releasing information on the bug, is now what for bash takes place *externally* (external security researchers) and *after* the vulnerability info was released.
Look at it this way - projects release the fixes very
The Shellshock bug is from 1992.
Please quote the bug report and date filed.