And to digital cameras, iPods, DSes, etc., add all the processors under the hood of your car, in your breadmaker, in your washing machine, in you microwave oven, etc. (Lots of ARM, but I think PPC and derivitives of M68K are the bulk in automotive at present.)
Lots of processors you don't ever think about, and most of them are _not_ derivitave of x86.
The store string instruction was not particularly efficient (fast) in the early implementations, and the setup often made it less than useful.
But there's another reason your instructor was mad at you. Yes, the mechanically generated instructions could have been replaced with more efficient sequences. But you do _not_ want to do that in your first pass with a mechanical translator, especially if it's the first one you've ever written. Once you know what you're doing you can build optimizing passes and combine passes and such, but if you knew that much there would be no reason to take the class you were taking (unless it was just for the grade) and you should also know better than to try to confuse the other students.
We have the religion of keeping up with the neighbors. (Joneses they used to be.)
We have the religion of the fastest, newest hardware so that we can play the best VR games. (I finally understand computer games as a way to learn strategy without taking a beating in the real world, but what is this about VR? At some point, we have to decide that the real world isn't scary any more.)
We have the sacrament of going out drinking with our buddies.
We have a religion of feeding the body what it craves on one hand, and on another hand the religion of forcing the body into the shapes we have arbitrarily (with the help of the media) determined are ideal.
There's the worship of the naked body that some people will claim has driven the explosion in internet tech. Well, maybe it didn't need to explode so fast. Or maybe there could have been other things to motivate us, if we hadn't all been so hell bent on the religion of consumerism.
We are all running around like chickens with our heads cut off, in the illusion that running around is useful work.
Then we get religious and start telling other people their version of running around is unprofitable, polluting, anti-social, or just plain bad.
And then, since we have to prove that our religion is NOT bad after all, we run around in circles, faster, and longer hours every day.
And that just increases the rate of entropy.
I can't say I blame anyone for thinking that all religion must be bad, but some of the more traditional religions do teach people to not be so focused on material things, or on the evaluation we get from our neighbors. There is some truth in every religion, I think, even atheism.
Of course, the answer is not to just drag everything to a standstill. At least, not yet. A occasional pause to reflect on the ultimate results of our current activity is good.
I suppose this will get modded off topic and troll, but even geeks need to spend a little time reflecting on who we are, why we are here, what we are doing today and what we want to be doing the day after tomorrow. You know, questions that tend to either be blown off by "More XBOX!" or be put down as being religious.
And don't argue that atheism is better than religion. Religions of the past that have lasted have lasted precisely because they motivated people in general to change their destructive behaviors. That religions would later be turned to destructive purposes is not surprising, seeing how easy it is get into states of high rates of entropy. But there has to be something to motivate people to take a sabbath and redirect their energies, and such a something tends to take on metaphysical aspects (or to attach metaphysical aspects to material things in many cases.)
the very users that need to be protected from the code being imported are the ones who will get into the habit of clicking the accept button by reflex.
A warning is better than nothing, but when warnings pop up three to ten times a second, you really can't read every one of them.
And the worst of this is that pretty soon you'll quit looking for telltales that would distinguish between a dialog the suspicious code is putting up and a dialog the system puts up.
(Reference Mac OS X for this. Double click the package, and a dialog pops up to ask for permission to install. Whose could generated that dialog? The only safe thing to do is drag the package onto Installer.app (or right-click and select Installer.app as the application to open it with. You have to assume that there is always going to be another hole that allows executable code to present an icon that looks like something innocent. Any other assumption is not reasonable. I mean, if nothing else, a bundle's icon is containted inside the bundle.)
No, that's not the reason. The primary reason the police are not involved is that the RIAA is not pursuing these as crimes, but as civil offenses (or something like that).
I'm having trouble right at the moment trying to define the difference in a way that makes sense in these cases.
eventually going to be implemented, in one form or another. Probably not enforced in the US and other free countries, but China has a lot of excess manpower with which they are likely to _try_ (modulo bribes and the like) to enforce those within their subnet.
We should get rid of the gTLDs. Will we? Not enough people understand the context issues, so the default international domain will be the gTLDs and the US context will continue to be projected onto the international context until either the rest of the world becomes free or the US becomes not free or both. (And probably after that, as well.)
And, even though value judgement belongs within a cultural (country level or below, definitely not international) level of context, the same who refuse to understand why.com domains should be moved under.co.us (or.com.us, I don't remember which) or under.com.intl will eventually be pressured into establishing.kids, and shortly after that,.xxx. Evolution under the hands of stupid humans has some non-optimal implications.
(Not really arguing with you, just airing my armpits, errm, opinions. And, yes I did read your whole post, just didn't see any point in talking about the rest of it. Rude of me, I suppose, to refrain from arguing points I'm not interested in.)
Well, I don't like the idea of keirstead (or zukiger) being a TLD.
However, if we created a new TLD,.intl, and started moving.com,.net,.org,.biz,.etc under that, it _would_ make sense to have a.keirstead.intl domain. And one default solution for the owners of.keirstead.com,.et.al, would be that.keirstead.intl would initially be under the joint control of the owners of all the keirstead 2LDs under.net,.com,.org,.name,.coop,.etc.
Hmm..edu might be one to keep as a TLD..edu.intl seems a little redundant.
Hmm. Checking the iana's pages, there is a.int domain already. Not quite what I have in mind relative to.intl, and I find myself a little miffed that there should be a gTLD for treaty organizations and.com not under it.
Actually, scouting.org would probably not have that much trouble raising the fees.
But local community centers would not have extra money for this tax, and, conversely, a determined purveyor of child porn probably would have the money.
High fees are prabably not helpful.
Also, I cringe every time I walk into a store that advertises that it is "for kids".
Conceptially, it makes sense to have domains organized by content. It would be useful to browse the internet much like browsing in the stacks in the library.
I'm not sure that such a system has a place being implemented at the TLD level. Actually, I'm sure it flies in the face of data access design principles, and that is the real reason why.xxx as a TLD (as opposed to, perhaps, a 2LD under a.lib or.content TLD or as 2LDs under country TLDs) is not a good idea.
A lot of problems we have with the current internet are derived from people and corporations that asserted that the current laws shouldn't be applicable to the internet simply because the courts would not be technologically savvy enough to apply them properly.
(Big Microsoft corporations that want to market software before its ready, and who (not surprisingly) turn out not to be able to control its evolution in the ways they brag that they can.)
The concept of a separate virtual reality was a necessary conceit to get around the politics that was getting in the way of establishing an international communications infrastructure. It is now moslty unnecessary baggage, and has been since well before Microsoft put MSWindows666, I mean, MSWindows95 on the market.
However, a.xxx TLD is not the answer. Without an international regulating body to determine what goes under non-country TLDs, there's a power vacuum being created for every new non-country TLD.
and get rid, as many have suggested, of most of the TLDs..com --> [.com.us (.co.us?) |.com.intl ].org,.net,.gov,.biz, etc., etc., likewise.
Except that.gov.intl should not exist. In the place of that,.un.intl,.nato.intl, etc. Having a.gov domain is a really scary concept, if you think about it.
One might consider domains such as.un and.nato, but making them come under a TLD that specifies "international" is a little easier on my sense of propriety. On the other hand, the concern about who is administering the.intl domain could bother some people.
Which begs the question, in such a world, should there then be a.xxx.intl ?
joudanzuki, not sure if this one is a joke or serious
Enumeration was enabled by way of UserDir in the httpd.conf .
Yeah, the default httpd.conf provided by Apple has a couple of no-brainers in it. That is related to one of them. I suppose I should submit those to Apple's bug database.
I'm not sure how the enumeration is done, but I shut off UserDir. (I don't use rendezvous. There is a less sever mitigation, but I'm paranoid.)
Oh, yeah, if they can enumerate your users, it provides a foot up into, for example, brute-forcing passwords.
Interesting how some people are noting that x86 does level the playing field for the black hats a bit. I know that the hard core guys don't really find any barriers in the PPC machine code, but, as a speed bump, it was once a factor in slowing down incursions.
Sure wish Apple would keep both CPU lines. Also wish they would maintain a current, more minimal platform for people who don't want bells and whistles like dashboard. But I guess the upshot of that is, I'm going to max the RAM on my old clamshell iBook, put an 80G hard disk in it, and triple boot it (Classic, Mac OS X, Fedora Core. Shoot, if I can figure out the partitioning, I'll see if I can quad boot it with openbsd.) So, Apple moves me to Linux. Nothing strange going on there.
the vulnerability was, I believe, in the personal web sharing function, and we might guess it was saying it was a vulnerability similar to some specific oracle 9i vulnerability.
I was surprised several years back to find that oracle 8i and 9i had (semi-)custom apache and similar stuff.
True, Java has some issues with the temptation to do whatever the latest fad in dev management is, but as far as building a cross-platform browser sufficient to access your bank account securely, it would work.
With bouncycastle, of course.
Hmm. I suppose I should check whether bouncycastle is functional with the current gcj before I get too enthusiastic.
PayPal wants the ISPs to filter the phishes for them. Well, the solution is to get the customer off the GP browser.
You need secure connection? Build a custom browser. The browser checks the other end with its assymetric keys and maybe its one-time pads, and if the keys are wrong, it doesn't connect, tells the user to use something other than the 'net to contact the other guy.
No changing colors or showing lock images in the universal browser to show that the connectionis secure. Just make or break. The problem in general is letting the customer know, and getting the special purpose browser into the customers' hands. Physical banks can do that, but PayPal is going to have a weak point in the distribution. Physical mail could help, as could, perhaps, cooperation with financial institutions with a physical presence.
But the solution to dns poisoning, as some have noted, is to layer it on top of the current dns and IP infrastructure for those applications that need it. The lowest levels of communication have to be simple, and asymmetric keys are not that simple.
Oh, and one more thing. Centralized identity servers are an oxymoron, a conflict in requirements. No central office can know who an individual is, period. The current crop of peer-to-peer identity servers are a bit overdone, but the only good solution is peer-to-peer or local group. And separate identities for separate applications. Centralization removes the safety backup systems that work out-of-band. Gotta keep humans in the loop.
Slashdot Mirror
I don't think you understood that. But, I would hope register renaming would catch that sequence. Can segment registers be renamed?
And there are processors that can do you you were thinking about without any of those steps. Not all processors are equal.
Mod parent up.
And to digital cameras, iPods, DSes, etc., add all the processors under the hood of your car, in your breadmaker, in your washing machine, in you microwave oven, etc. (Lots of ARM, but I think PPC and derivitives of M68K are the bulk in automotive at present.)
Lots of processors you don't ever think about, and most of them are _not_ derivitave of x86.
The store string instruction was not particularly efficient (fast) in the early implementations, and the setup often made it less than useful.
But there's another reason your instructor was mad at you. Yes, the mechanically generated instructions could have been replaced with more efficient sequences. But you do _not_ want to do that in your first pass with a mechanical translator, especially if it's the first one you've ever written. Once you know what you're doing you can build optimizing passes and combine passes and such, but if you knew that much there would be no reason to take the class you were taking (unless it was just for the grade) and you should also know better than to try to confuse the other students.
joudanzuki
Or, rather, false religion.
We have the religion of keeping up with the neighbors. (Joneses they used to be.)
We have the religion of the fastest, newest hardware so that we can play the best VR games. (I finally understand computer games as a way to learn strategy without taking a beating in the real world, but what is this about VR? At some point, we have to decide that the real world isn't scary any more.)
We have the sacrament of going out drinking with our buddies.
We have a religion of feeding the body what it craves on one hand, and on another hand the religion of forcing the body into the shapes we have arbitrarily (with the help of the media) determined are ideal.
There's the worship of the naked body that some people will claim has driven the explosion in internet tech. Well, maybe it didn't need to explode so fast. Or maybe there could have been other things to motivate us, if we hadn't all been so hell bent on the religion of consumerism.
We are all running around like chickens with our heads cut off, in the illusion that running around is useful work.
Then we get religious and start telling other people their version of running around is unprofitable, polluting, anti-social, or just plain bad.
And then, since we have to prove that our religion is NOT bad after all, we run around in circles, faster, and longer hours every day.
And that just increases the rate of entropy.
I can't say I blame anyone for thinking that all religion must be bad, but some of the more traditional religions do teach people to not be so focused on material things, or on the evaluation we get from our neighbors. There is some truth in every religion, I think, even atheism.
Of course, the answer is not to just drag everything to a standstill. At least, not yet. A occasional pause to reflect on the ultimate results of our current activity is good.
I suppose this will get modded off topic and troll, but even geeks need to spend a little time reflecting on who we are, why we are here, what we are doing today and what we want to be doing the day after tomorrow. You know, questions that tend to either be blown off by "More XBOX!" or be put down as being religious.
And don't argue that atheism is better than religion. Religions of the past that have lasted have lasted precisely because they motivated people in general to change their destructive behaviors. That religions would later be turned to destructive purposes is not surprising, seeing how easy it is get into states of high rates of entropy. But there has to be something to motivate people to take a sabbath and redirect their energies, and such a something tends to take on metaphysical aspects (or to attach metaphysical aspects to material things in many cases.)
the very users that need to be protected from the code being imported are the ones who will get into the habit of clicking the accept button by reflex.
A warning is better than nothing, but when warnings pop up three to ten times a second, you really can't read every one of them.
And the worst of this is that pretty soon you'll quit looking for telltales that would distinguish between a dialog the suspicious code is putting up and a dialog the system puts up.
(Reference Mac OS X for this. Double click the package, and a dialog pops up to ask for permission to install. Whose could generated that dialog? The only safe thing to do is drag the package onto Installer.app (or right-click and select Installer.app as the application to open it with. You have to assume that there is always going to be another hole that allows executable code to present an icon that looks like something innocent. Any other assumption is not reasonable. I mean, if nothing else, a bundle's icon is containted inside the bundle.)
joudanzuki
How do you keep the other guy from misusing the code when you're sharing the code with him?
http://www.google.com/search?q=openbsd+live+CD+fir ewall
First result: http://www.alti.at/knowhow/obsdlivecd/fw.php
I have memories of threads on the subject in @misc . But I don't see them in marc, even searching from google.
Hmm. New format and url for marc -- marc.info.
No, that's not the reason. The primary reason the police are not involved is that the RIAA is not pursuing these as crimes, but as civil offenses (or something like that).
I'm having trouble right at the moment trying to define the difference in a way that makes sense in these cases.
Friend used to soup up the Dodge Colt, bore the engine and stuff, for a fast quarter-miler.
The engine was a Mitsubishi at the time.
Some guys would pull the engine and mount it on a funny car chassis, IIRC.
And I always wanted to put an airfoil on the back of my Colt station wagon. And an air ram on the front.
eventually going to be implemented, in one form or another. Probably not enforced in the US and other free countries, but China has a lot of excess manpower with which they are likely to _try_ (modulo bribes and the like) to enforce those within their subnet.
.com domains should be moved under .co.us (or .com.us, I don't remember which) or under .com.intl will eventually be pressured into establishing .kids, and shortly after that, .xxx. Evolution under the hands of stupid humans has some non-optimal implications.
We should get rid of the gTLDs. Will we? Not enough people understand the context issues, so the default international domain will be the gTLDs and the US context will continue to be projected onto the international context until either the rest of the world becomes free or the US becomes not free or both. (And probably after that, as well.)
And, even though value judgement belongs within a cultural (country level or below, definitely not international) level of context, the same who refuse to understand why
(Not really arguing with you, just airing my armpits, errm, opinions. And, yes I did read your whole post, just didn't see any point in talking about the rest of it. Rude of me, I suppose, to refrain from arguing points I'm not interested in.)
joudanzuki
Well, I don't like the idea of keirstead (or zukiger) being a TLD.
.intl, and started moving .com, .net, .org, .biz, .etc under that, it _would_ make sense to have a .keirstead.intl domain. And one default solution for the owners of .keirstead.com, .et .al, would be that .keirstead.intl would initially be under the joint control of the owners of all the keirstead 2LDs under .net, .com, .org, .name, .coop, .etc.
.edu might be one to keep as a TLD. .edu.intl seems a little redundant.
.int domain already. Not quite what I have in mind relative to .intl, and I find myself a little miffed that there should be a gTLD for treaty organizations and .com not under it.
However, if we created a new TLD,
Hmm.
Hmm. Checking the iana's pages, there is a
or was that www.flog.xxx ?
Actually, scouting.org would probably not have that much trouble raising the fees.
.xxx as a TLD (as opposed to, perhaps, a 2LD under a .lib or .content TLD or as 2LDs under country TLDs) is not a good idea.
But local community centers would not have extra money for this tax, and, conversely, a determined purveyor of child porn probably would have the money.
High fees are prabably not helpful.
Also, I cringe every time I walk into a store that advertises that it is "for kids".
Conceptially, it makes sense to have domains organized by content. It would be useful to browse the internet much like browsing in the stacks in the library.
I'm not sure that such a system has a place being implemented at the TLD level. Actually, I'm sure it flies in the face of data access design principles, and that is the real reason why
if I had mod points, I would.
.xxx TLD is not the answer. Without an international regulating body to determine what goes under non-country TLDs, there's a power vacuum being created for every new non-country TLD.
A lot of problems we have with the current internet are derived from people and corporations that asserted that the current laws shouldn't be applicable to the internet simply because the courts would not be technologically savvy enough to apply them properly.
(Big Microsoft corporations that want to market software before its ready, and who (not surprisingly) turn out not to be able to control its evolution in the ways they brag that they can.)
The concept of a separate virtual reality was a necessary conceit to get around the politics that was getting in the way of establishing an international communications infrastructure. It is now moslty unnecessary baggage, and has been since well before Microsoft put MSWindows666, I mean, MSWindows95 on the market.
However, a
How did the line that started with .com get joined to the line above, across a blank line? I'm pretty sure that top line was originally three lines.
/. as some.
Guess I obviously don't have as much experience with
and get rid, as many have suggested, of most of the TLDs. .com --> [ .com.us (.co.us?) | .com.intl ] .org, .net, .gov, .biz, etc., etc., likewise.
.gov.intl should not exist. In the place of that, .un.intl, .nato.intl, etc. Having a .gov domain is a really scary concept, if you think about it.
.un and .nato, but making them come under a TLD that specifies "international" is a little easier on my sense of propriety. On the other hand, the concern about who is administering the .intl domain could bother some people.
.xxx.intl ?
Except that
One might consider domains such as
Which begs the question, in such a world, should there then be a
joudanzuki, not sure if this one is a joke or serious
are the ones this is for.
It's one of the fundamental paradoxes of responsible government.
Are we RTheSameFoolishA?
Enumeration was enabled by way of UserDir in the httpd.conf .
Yeah, the default httpd.conf provided by Apple has a couple of no-brainers in it. That is related to one of them. I suppose I should submit those to Apple's bug database.
I'm not sure how the enumeration is done, but I shut off UserDir. (I don't use rendezvous. There is a less sever mitigation, but I'm paranoid.)
Oh, yeah, if they can enumerate your users, it provides a foot up into, for example, brute-forcing passwords.
Interesting how some people are noting that x86 does level the playing field for the black hats a bit. I know that the hard core guys don't really find any barriers in the PPC machine code, but, as a speed bump, it was once a factor in slowing down incursions.
Sure wish Apple would keep both CPU lines. Also wish they would maintain a current, more minimal platform for people who don't want bells and whistles like dashboard. But I guess the upshot of that is, I'm going to max the RAM on my old clamshell iBook, put an 80G hard disk in it, and triple boot it (Classic, Mac OS X, Fedora Core. Shoot, if I can figure out the partitioning, I'll see if I can quad boot it with openbsd.) So, Apple moves me to Linux. Nothing strange going on there.
... if you consider winning a lame analysis like this winning, ...
the vulnerability was, I believe, in the personal web sharing function, and we might guess it was saying it was a vulnerability similar to some specific oracle 9i vulnerability.
I was surprised several years back to find that oracle 8i and 9i had (semi-)custom apache and similar stuff.
No, I never did get an oracle certification,
but I don't think I particularly care to see this particular survey done on those business relevant systems.
True, Java has some issues with the temptation to do whatever the latest fad in dev management is, but as far as building a cross-platform browser sufficient to access your bank account securely, it would work.
With bouncycastle, of course.
Hmm. I suppose I should check whether bouncycastle is functional with the current gcj before I get too enthusiastic.
who do you know that uses slackwear, who will use it this way?
PayPal wants the ISPs to filter the phishes for them. Well, the solution is to get the customer off the GP browser.
You need secure connection? Build a custom browser. The browser checks the other end with its assymetric keys and maybe its one-time pads, and if the keys are wrong, it doesn't connect, tells the user to use something other than the 'net to contact the other guy.
No changing colors or showing lock images in the universal browser to show that the connectionis secure. Just make or break. The problem in general is letting the customer know, and getting the special purpose browser into the customers' hands. Physical banks can do that, but PayPal is going to have a weak point in the distribution. Physical mail could help, as could, perhaps, cooperation with financial institutions with a physical presence.
But the solution to dns poisoning, as some have noted, is to layer it on top of the current dns and IP infrastructure for those applications that need it. The lowest levels of communication have to be simple, and asymmetric keys are not that simple.
Oh, and one more thing. Centralized identity servers are an oxymoron, a conflict in requirements. No central office can know who an individual is, period. The current crop of peer-to-peer identity servers are a bit overdone, but the only good solution is peer-to-peer or local group. And separate identities for separate applications. Centralization removes the safety backup systems that work out-of-band. Gotta keep humans in the loop.
joudanzuki