If I had mod points, I'd rate this as +1 Funny. Then I realized you weren't joking. Wow, its so intuitive. Reminds me of Windows 3.1 where you had edit win.ini every so often. Way to go Ubuntu! Lets hear it for progress! Installing programs can kill your mouse!
Reminds me of a Keyboard-Video Card confict I had back in 1995... IRQ's and all that rot. You know, there's something called Plug n Play these days. I hear it's pretty nice and you don't even have to use Emacs to get all of the keys on your keyboard working.
All Hail Linux, the OS that Programs YOU to accept that buggy poorly assembeled crap is progress. And where poor graphics performance is viewed a oppression instead of a natural consequence of non-conformity.
Have you ever done real taxes? Thank you for your profoundly deep insight into the problem of filing taxes, and I'm glad that your 8th grade level ultra-simplified tax forms have qualified you to single handedly make CPAs obsolete. Calculators you say? What a concept!
I think you may have missed the point of difficulty entirely.
Seriously, I'm sorry to tell you this, you're obviously bright and it will get you far, but the world is rarely a priori knowable or logically derivable. Expertise is a beautiful and amazing thing.
Let me illustrate with a few of the simpler tax quandries I confronted this year. Since the math (sic) is so easy, please answer them. Bear in mind that I work for a company which pays me in both NY and CT, even though the job is only in CT and I only live in NY. This means that both NY and CT want a piece of the action and have variably taxed my income.
how much do I have to amortize the amount (between CT and NY) of my US EE bond that I cashed this year given that I used the entire amount to pay for education expenses in a graduate setting?
Please note that some of the tax law needed to answer this question is new this year.
Is it obvious to you that as someone who lives only in NY that I must file taxes in CT as a whole year resident because my spouse has no CT income?
would you recommend that I use the HOPE or Lifetime Learning Credit for my education expenses? They are mutually exclusive and have many many stipulations on how they must be used.
do I qualify for the NY education credit?
My federal return was about 20 pages long this year, and I don't even have a private business. And the federal was nothing compared to working out the competition between my TWO state returns. I've done my taxes with software every year since I had to start filing and now consider myself well versed in the tax law, but this year nearly broke me. The amount of time I put into deciphering the tax code numbered in the tens of hours, and I only have about 2 hours a day that I can be awake between work and need for sleep and call disposable. It look me Weeks to figure out, and I certainly don't consider myself dimwittied. (except that I didn't cave-in and get a CPA this year) If it was just the arithmetic it would have taken me at most 20 minutes while watching TV. Gathering the paperwork took about another 60 minutes spread out across 2 months, cake walk. Its the aquisition, interpretation, and execution of new non-intuitive and sometimes conflicting knowledge that makes it fun. Just FYI. Thats what life is really about.
(answers: need more info; only if you know the tax law; lifetime learning only; no)
This is just an advertisement manifesting as news! Was there any info in the slashdot summary other than a new product has been released?
Even a simple, yes/no/sort of would have been more helpful than nothing. TFA is interesting and all, but it should have a summary. Not a teaser!
Very simple marketing tactics. I would have expected better from slashdot.
(oh wait, nevermind, thats what I have come to expect from slashdot. silly me)
This was absolutely fantastic! Watching it reaching outerspace and seeing the curvature of the earth LIVE! I know it was just a webcast and I'm still at home, but it felt like we there there!
Any comments on the near end wobble? Did anyone else see that? It looked like it was hitting turbulence. Was that the end of the atmosphere or was it losing attitude control. It looked like it was increasing in magnitude with each oscilation so I'm guessing it was a fault that was overcompensated? Any other theories? Not that I want to detract from what SpaceX is doing, but I'm just curious about what might have happend. These guys are my new heros!
Yeah, that answers a lot of the "Oh Noes the Guberment!" problems, but your own post has a logical fallicy.
You say that it is meaningless to "exclude" people from using an ID in this context, but then in every example you use you are illustrating types of exclusion. If X is allowed to post on my blog, then it is implicit that there are others, not X, that are Not allowed to post to your blog. But if the identity X does not assert that "X" != "not X", then X is meaningless.
The big problem with the OpenID white list model is the same as the AOL whilelist model. Once a certain ID/ID Server becomes popular enough it will become a target for undesirable access. However, if someone undesirable starts using the ID, then the entire set of people using the ID must be excluded. You ban the ID/ID server and everyone using it goes away.
If you are just trying to exclude all posts not from people, it would be much more simple to implement a "type in these hard to read characters" system for every post than to set up a readily compromised, non-identifying, identity system. If you are trying to exclude certain subsets of humanity, you need to choose an exclusionary ID system. Period.
I agree that systems must be built upon eachother, but this system, in and of itself, has no real function and thus is obligated to be built upon another system. Its like building a piston and having no engine to go along with it.
Its people like the grandparent poster who make Linux completely inaccessible to the masses. Can't use Linux, its because you're too stupid, and not because I'm too (a lazy, b arrogant, c clueless) to program a simple working UI that works. 3 Linux distros, 4 days work, what do I have to show for it, an XP laptop. Of course, that's because I'm stupid according to people like you. But wait, Perhaps this in an inferiority complex? After all, I put an XP cd in the drive and 20 minutes later I've got a fully functional computer, no kernal recompiling, no driver hunting, it just works. Why didn't you program linux that well? For crying out loud, the latest version of Ubuntu doesn't even natively support WPA encryption. Perhaps the reason you don't have spyware is because you're not actually on the internet? (joke, I know, but I hope you see my point)
In your opinion, perhaps Linux people with all their specialized knowledge should be the arbiters of who procreates and who doesn't? Then again, if its only specialized knowledge that's needed regardless of esoteric field, maybe the auto mechanics should be that arbiter, or maybe quantum physicists, or farmers, perhaps economists, or maybe roughnecks? Get over yourself. So you have specialized knowledge, so do most other people on this earth, you're just too blinded by your own arrogance to see it.
Yes, I know this is flame bait and a troll, but sometimes a guy just can't take the 24/7 condescension from some of the Linux folks, purporting to have a great system. Saying 'My grandma can use it' is all well and good but when you can say your grandma can INSTALL it, then it will be a great system. For now, the most virtiolic ones really seem to be overcompensating, or at the very least are extremely detrimental to their own cause.
Lets say that some one came after two different people with a baseball bat, one ran away and the other politely asked him to put it down. Who would be the bigger idiot in your opinion?
I'd call the supider one the one who dismisses this riskyness of his situation and boldy gets his head bashed in.
I agree with you, the teacher should have talked to the student before taking it any further, at least with the principal present if he was truely worried, but I'm not sure if I'd call him an idiot.
Say you're 25, your IM icon for interacting with collegues and business partners is exactly the same, except its your boss instead of your teacher. You would definately be fired (expelled, not suspended) and quite possibly arrested.
Why is it that so many people are thinking 'heh I did that too with pen & paper' so its Ok? Why is the teacher an ok recepient for this sort of thing? Please, someone who supports this kids actions reply to this and explain it to me. Why is it ok to disrespect a teacher to such an incredible degree?
Why is middle school, or elementry school not the proper place to teach children the codes of respect and civility that govern our society?
Yeah, me too, in 1st grade. This is a 15 y/o in the upper reaches of middle school, the longer it takes him to learn this lesson the worse its going to be when he eventually learns it.
I'm sorry you put up with so much codensention, but just think about how 4 years of learning to deal with it helped you in the real world with mean ol' bosses, that condescending bank teller, that stupid guy posting a reply on slashdot. We're surrounded by condesention, but that doesn't exactly justify any old response. There are far worse fates than being condesended, and last I checked we're not allowed to murder or even threaten murder for any but a select handfull of them. This is a lesson well learned in my view: the cicrumstances don't matter at all, its how we respond to them that makes us who we are.
Why doesn't an image represent a threat? A picture, demostrating harm, that also has words explaining the illustration seems like the most basic form of written communication humanity knows. If you choose to call it a 'poster' or an 'icon' makes no difference.
The issue is one of privacy, its not a threat to have this materials in your bedroom, its quite another thing to depict someone burning in effigy on your front lawn. The difference is visibility.
From TFA:
On their face, the words 'Kill Mr. VanderMolen' and the accompanying graphic cannot be viewed as anything but an unequivocal, unconditional, immediate threat of injury specific as to the person threatened, such as conveys a gravity of purpose and imminent prospect of execution.
(emphasis mine)
So long as this remained private (ie. just on his computer), I could see it as not being a threat, but then he used it as his IM icon, there by making it public. It circulated among his peers, those he trusted and distrusted, and at least one of his peers (possibly many - how many high school students acting alone would report this sort of thing?) didn't see it as humor but as provocation. And so they reported it, they move the picture from one public circle to another. Thus the threat became known to the potential victim. This caused the victim to fear for his and his family's safety. While the intent may not have been there, the icon certainly was percieved as a threat which is entirely reasonable on its face. The fact that it was digital and on the internet certainly didn't change a darn thing.
Bear in mind the standard would be different in a criminal proceeding, but this is a violation of the schools rules, and the school is the proper and correct arbiter of its own rules. The courts were only involved to see if the schools had violated a constitutional right or their own stated and universally agreed to policies. Which they had not. Perhaps the severity was more than we would like to see, but thats not a reason for the court to nullify the school's decision.
Do you have the legal or moral right to forcefully take your fellow citizen's money? No.
B-
Do you have the legal or moral right to decide what's right and wrong for your fellow, equal-in-rights citizen to do? No.
But doesn't A imply B? Doesn't A NEED B in order to be true?
Logically: We (the majority) have decided that stealing should be illegal (B), so (A).
If you want laws, you have to enforce some sort of morality, because that is only what laws are: enforced morality, with explicitly stated pushishments for non-compliance.
What exactly are you getting at with your post?
Ok geeks, how many of us can rebuild our car? How many of us know the compression ratios of the engine or where to find the fuel pump? How many of us are aware of the nuances of how the exhaust pipe is shaped for best fuel economy? How many people could diagram a torque converter, its interface with the automatic transmission and even point out an error if a diagram that they saw?
I'm guessing very few. Most of us would take our car to a mechanic if it were to break because we don't have the specialized knowledge set to diagnose and fix it. Mechanics always talk about the stupid easily fixable things people bring in their cars for.
My point is that most of us just want a car that goes. After I buy a Nissan, I might also buy floormats to keep it clean, but I don't have to choose which spark plugs to use if I want to go into a high elevation climate. The car just goes! I put in gas, change the oil, and it goes. Some poeple drive manual, some drive automatic, that is the difference between interfaces, like MacOS vs WinXP. Sure there are technical reasons why each might be better under the hood, like front vs rear wheel drive, but honestly they're both tools to get the job done. If they don't go when I buy them, I take them back.
Installing drivers should be like 'installing' gasoline: readily available and easy to do. Readily available doesn't mean it exists, it means it can be found right under your nose. Listen to yourselves! Installing something as simple as firefox on Ubuntu requires a huge number of non-intuitive steps that must be hand copies perfectly into a command prompt. How does that save the user work? https://wiki.ubuntu.com/FirefoxNewVersion
All people really want out of OS is for it to save them more and more time. Microsoft and Macintosh get this. You never Need to go to prompt for any daily or monthly or even yearly task. Your click the button, it works. Our job as geeks is to make sure the abstraction is so total that the user never needs to know what kernel version they are running much less what file system they are using. Until we can understand that the average user will never want or be able to migrate to Linux without a gun pointed to their head.
An example - I have 5 good friends who are expert level computer hobbyists. They all migrated to linux, but it required too much overhead out of their daily lives to keep. They all learned linux, really liked a lot of things about it, and switched back. When you can tell me why, then you will understand whats wrong with linux today.
I'm not really sure where you got that out of my argument. I was using the 'home=castle' approach, and the telephone falls under that. I think my arguments stand just fine against invasion by telemarketers, but perhaps you were responding to some other poster's ideas and not to mine?
The telemarketer is a wonderful analogy. Just because my number is publicly available doesn't mean you have the right to call it. Depending on your use, that would be harassment, which telemarketers can be convicted of. Similarly, the Statue of Liberty is a public artifice, but that does not mean that any member of the public is free to use or abuse it in any manner they wish.
I would argue that they do Not have the right to call me at home since that right has been revoked by the national do-not-call list. There is also a difference between distraction and distruction. A solicitor is free to knock on my door and be told to go away (unless she's a girl scout with cookies). They are not, however, allowed to enter my home without invitation. Picking up the phone is the same as answering the door. You're free to refuse to parley with the other person at the gateway to your domain.
Whats different between the telemarketer and the invasive security firm? Destructiveness. It may be true that I keep my backdoor unlocked; that is my perogative. But if someone publishes that I do so, they have substantially increased the risk of my choice. I am Less secure than before they arrived. Their actions, however well meaning, have increased my personal risk, and that is destructive. However, if they simply tell me that it is not wise to leave the door unlocked, then the risk of my choice is unchanged. It may be a stupid risk, but its my risk to take.
Now, if I'm a guardian of a public treasure and I leave it vulnerable, then I am accountable for that vulnerability. But since there is no perfect shield, I cannot defend it from every possible attack. Let us assume that my protection is sub-par, sub-minimal in fact, but I project an image of total security. That image may be enough to differ all but the most determinied, who, it might be reasoned, could circumvent even the strongest defense. If you expose the weakness of my protection without having a plan to replace me, then you have made the public treasure vulnerable. Even though you did not attack, you provided intelligence to the attacker, and thus were an accomplice, albeit unknowningly so.
"With great access (freedom) comes great responsibility."
So what's the solution? You don't trust my protection, and I won't listen to what you see are basic precautions. You make noise, you tell my bosses: he isn't guarding the treasure well, it will be stolen, you should have an independant party examine his security, we can do it, but if you don't trust us, you must allow someone to challenge him and see if he is guarding the treasure well.
Ultimately its about permission. I will never trust anyone, (security firm especially) who feels free to violate my permission. I would hope that large corporations would act the same way.
That means the law frequently rests on the definition of "authorization." Many cases suggest that if the owner doesn't want you to use the system, for whatever reason, your use is unauthorized. In one case I took on appeal, the trial court had held that searching for airline fares on a publicly available, unprotected website was unauthorized access because the airline had asked the searcher to stop.
If a shop owner tells you to get out of his store, then you must comply or the police will be called. Why? Because if you do not comply with the wishes of the owner, its called trespass. But on the other side, the shop owner must notify the customer that they need to leave before calling the cops, otherwise its harrasment.
Just because you know something about computer systems doesn't give you the right to invade them and show the owner what you found. How would you like a home security firm to break into your house and then publish in the local paper that you keep a key under the doormat? Yes, my house is 'publicly available' given that its not behind any gates or walls, but that is not an invitation for everyone to come in.
What needs to happen is for security professionals as an industry to have more savvy contracts with the companys they consult for. With clauses stating that the consultant will be free from prosecution if a) they notify the company and give time to repsond and b) if the company doesn't take action and the risk is great to the public or the company's clients then c) the consultant has the right to go public with the information.
Of course there are more clauses you might want to add, but it seems like a lot of this could be solved in the contracting steps of taking the job. If you can't get a good contract, don't take the job.
Vigalante justice is illegal. Robin Hood was a good guy, as were the American Revolutionaries, but from a criminal law perspective they were all guilty of many crimes. They chose to break the law because of their personal convictions but they also more or less accepted the risks of doing so.
What happened to whistle blower protection laws, wouldn't those apply in these situations?
Read the whole Wiki. It states that the article wasn't published in Science or Nature, presumably because of resistance in the medical establishment. But that wasn't the problem, the real problem was how the study was preformed.
In practice morphine is always injected. Why? 1) Because it is metabolized in the liver and first pass pharmokinetics powerfully reduce its effects, so you'd need a ton to have any effect on pain. 2) Morphine inhibits intestinal motility. So if you were to drink a morphine solution it would all go straight to your gut and you might not poop for a week. Long standing constipation is a hallmark of someone on morphine. 3) Its freaking bitter. Most animals are conditioned not to eat/drink poisons by their tastebuds. If someone was to put morphine in water and hand it to an addict, they might drink it, but I can bet they might puke too.
So what does this Rat Park Survey tell us? That rats don't like to drink morphine. It can't really tell us anything more, because they didn't provide an adequate control. If they had given the rats in cages morphine to drink it would have shown something, but they didn't they just gave it to them IV.
Basic pharmacology people. Nothing to see here, move along.
The reason AZT was shelved is because it didn't work. Why? Because although it is a chain terminator, it doesn't really have that much specificity for DNA transcriptase. However it has a high specificity for RNA reverse transcriptase. Thats why its good for retroviruses. They're the only things that carry referse transcriptase. So uninfected cells aren't as badly affected as the infected cells. This is a lot better targeting than a lot of chemotherapy which simply targets dividing cells.
90% of the drugs on the market are poisons by that criterion. So whats your point? Everyone dies eventually.
AZT side effect: anemia, bone marrow supression yes. Leukocytopenia? no. Anvanced HIV infection leading to AIDS manefests with leukocytopenia, so you can't say that AZT even begins to cause AIDS.
Sorry the disease is just incurable at this point, does it mean we shouldn't treat it to give people a longer life?
Whoops! Strike that, forgot to proofread. HIV is a positive sense ssRNA virus, not a dsDNA virus. Told ya I didn't proofread. Doh! Please substitute RNA for DNA where I'm talking about the virus particle. The discussion of HIV DNA not being found in human genomic segments is still accurate.
First off, I did not mean to make it personal. Just my own views. I can see how what I said could be insulting, and I really did not mean that. Science moves forward by challenging the establishment. 200 years ago if you told someone that the heard functions to pump blood they would have laughed at you. 50 years ago universal precautions were virtually unknown. Sometimes the 'crackpots' get it right, so its neccicary to regorously examine their claims. I'm sorry you've been insulted for your views, I hope not to do that, but only to engage in debate. I really wish we could sit down over coffee with a couple of text books and journals and really talk about this stuff. Lets move on...
The reason I didn't tackle some of the other issues (and not necciarly the primary 4 you referred to) was that I don't have it. It would require a paper of triple the lenght of the original to compose a fully cited and complete rebuttle. Many of the 'harder issues' I referred to require background that is not easy to impart quickly and briefly. For example, I have no clue how the math works behind the Riemann Zeta equation, and I doubt anything less than months if not years of intense study would bring me up to speed. http://science.slashdot.org/article.pl?sid=06/03/2 7/1315212 The issues at hand are definately not that erudite, but I hope you get my meaning. My point for some my contentions was that the author of the article was making fun of simple ideas like "lightbulbs make light", and so she earned some easy crackpot points for belittling fundamental ideas. (overt anti-establishment thought process to the point of scientific disregard)
To answer your 4 questions: 1) Yes, I will admit that the mechanism has not been elucidated. However, the word idiopathic peppers medical literature, it is not uncommon to not know the exact mechanism, but to know generally whats happening. For example, digoxin (aka. digitalis) has been around since 1756, but the exact mechanism of how it effects cardiomyocytes is still under investigation. There are several theories, some very good, but none have been proven conclusively. A lot of pharmacology is that way. But I digress. What has been shown is that if you take blood from someone with aids, and inject into another person, you get aids in that person too. Furthermore, if you isolate HIV from the blood of an infected person you can induce CD4 cell destruction and AIDS like symptoms in model organisms. Lets hope someone has not tried this on humans. Of course, this explaination will not hold water for you if you do not believe HIV can be isolated, so lets move on to #2.
2) The initial research was flawed, granted. However, their research has been followed by others who have not been as fraudulent. I offer this instead:
Plus, there are more ways than antibodies to detect HIV. HIV is a dsDNA virus with many unique proteins in its repitoire. Yes, there are other retroviruses out there, and some have embedded themselves in our DNA. However, they do not have the same genetic sequence of HIV. HIV like any unique organism has a unique genetic code. It has been sequenced, and is in fact regularly sequenced to determine which drugs the patients are treated with. The correlation is emperical - different HIV sequences have been shown to correlate 100% with resistance or succeptability to certain drugs. There are many sequences due to the innacuracies of reverse transcriptase, and not all of these changes result in a functional modification.
You cannot isolate the HIV DNA sequence from someone not infect
What a bunch of tripe. Michael Moore would be really proud of the first paper. (I didn't read the second one, sorry) I can excuse the writer if 1/2 of the inaccuracies are from an ignorance of the field, but it honestly seems like she's trying to dissuade. Virtually every 3rd paragraph contains and inaccuracy or inappropriate insinuation that is subtle enough to be missed by someone who isn't trained in these fields. The author focuses her arguments by looking at small segments of the literature and history and ignoring the broader sweeps. For example:
The paper's initial assertion is that AIDS was introduced as a polio virus. Simple logical disproof: 1) polio vaccine is given across social/habitual classes. 2) There has not been 1 case of AIDS where the person didn't have one of the following three risk factors: blood transfusion, risky sex*, IV drug use. 3) Not everyone in the US has previous three risk factors. 4) If 2 is true 1 or 3 must be false or at least excruciatingly improbable. 5) 3 is true, therefore 1 must be false. QED. (*risky sex = sexual activity where both partners are not exclusively monogamous to each other at any time during or prior to their relationship)
Several pages deal with the controversy surrounding the initial discovery of the HIV virus. There was also controversy surrounding the discovery of DNA, therefore we shouldn't believe DNA is the 'source code' of life?
She makes light of the microliter aliquots used in the CBC tests but fails to mention that all CBC tests (test which count the types and number of cells in your blood) uses these metrics. We shouldn't trust tests for hundreds of diseases including leukemia, polycythemia, or even iron deficiency based on this implication. (for example, look at the normals on this page: http://www.saintfranciscare.com/11377.cfm)
She also does not respect the validity of the HIV Load test, saying that since it uses PCR (a very common technique in medicine) it cannot be accurate. (no more genetic testing, goodbye cancer diagnosis, goodbye endocrinology) She also asserts that the HIV Load assay will give false-positives and is inaccurate if the procedures are not followed. Yes, it does give false positives, it is a HIGHLY sensitive test, with a low specificity. It is not a screening test, and it cannot be used for one because of its high false positive rate. Additionally, I challenge anyone to find a test in any field that is valid when its procedures are not followed. (magnetism doesn't attract wood, therefore magnetism is false) http://www.labtestsonline.org/understanding/analyt es/viral_load/test.html
But the coup-de-gras for me was her statistics that showed how low CD4 counts don't correlate to AIDS. (AIDS is, incidentally, practically being defined by low CD4 count)
* "61% of people with CD4 count = 200 in 1997 were AIDS free" * -response: Yes, CD4=200 is the upper limit at which you see AIDS symptoms, this is expected
* "190,000 Americans in 1993 with CD4 count=200 were AIDS free" * -response: See above, plus in 1993 the AIDS definition was changing so you see changes in the statistics. Additionally, that number is far less than a quarter of the number of AIDS cases in the US that year. (http://wonder.cdc.gov/wonder/data/aidsPublic.html )
* "No studies have been done to show removal of anti-retrovirals = disease" * -response: No, but anti-retovirals have been tightly correlated to increased CD4 counts, and their withdrawal to lower CD4 counts. It has also been shown repeatedly (and even in this paper!) that low CD4 count correlates with disease.
The list goes on and on. I just pointed out a few of the most egregious and most easily refuted examples. It just goes to show that if someone really wants to believe someth
Here comes the Flamebait mod, but it had to be said:
I for one certainly hope, that with all the anti-bush, war for oil, anti-SUV, and general conservationist rhetoric present on this forum, that those same people aren't the ones with the enormous data centers.
Personally, I just have 2 laptops, a linux box, and a old PC. Nothing fancy, just enough to toy with, and most sit on the shelf most of the time. I think its insane the amount of money people are willing to pour into this hobby. But of course, each to their own, and I guess it can be easily be called job training.
But of course, if you feel that the Iraq war is blood for oil (I don't), I hope you're realizing you're pouring that blood into your personal data centers. (sorry sorry, but I just know there are people out there who hate waste and then leave 4 computers on constantly, and those people really bug me)
Missed the Point
on
Mitnick on OSS
·
· Score: 5, Interesting
All of you who are commenting that this is an obvious idea may be missing the point.
We all know that security through obfuscation in cryptography is stupid: peer review illuminates the crevices the architect never conceived. But is all open source code subject to this same sort of peer review? If you've ever worked on an open source project, how much time to do sit down and pour over the code looking for security flaws.
Essentially, it's the same problem with Wikipedia: peer-review requires 1) the skill of the peers matches or exceeds the skill of the author, and 2) peers are actually reviewing, and 3) peers are trustworthy. It's the second criterion that Mitnick was questioning.
What's more, since it seems like accidental (and very subtle) bugs result in most security holes that don't get noticed. Wouldn't it then be trivial for someone with a great amount of skill to simply insert a hole? Either by subtle manipulation of existing code or by direct implementation in a segment which they are responsible for coding. If its done well, the 'oops, coding error!' excuse could always be proffered in the event the tampering was detected.
If I wanted to attack a system which I knew ran on OSS (and I had mad coding skillz), I think I would try to obtain some method of working on one of their software packages. Either directly or by 'acquiring' someone else's permissions if that was easier. Then I would insert a piece of backdoor code in a little used (or often used-'hidden in plain sight') code segment. Once the next release is running on that system, exploit the code, and get out. Depending on my goals, the operation could very likely be done before a hole is found and a patch is issued. As a small bonus anyone else installing that software would have the same vulnerability. Of course, some user level app won't be able to induce this scenario, but you get the idea.
Proprietary software doesn't have this vulnerability in so much as the programmers are much more tightly regulated by a company who has legal and monetary interests in controlling its code base and holding its employees accountable. (whether this actually happens is another discussion);)
For all the self-righteousness of the open source movement, I remain convinced that the primary reason that more open-source packages are not targeted for attack is because they are not an appealing target. Specific implementations are not in popular use (globally), or they are too close to home. Meaning its preferable to attack your enemy than your family.
...you could meet that requirement with a list of the *responsible* programmers - i.e., the people in charge making decisions. Thus, you don't need to list every programmer...
Have you ever seen computer code? Ever heard of an Easter Egg? How about the movie 'Office Space'? I'm sure the big decision makers in the accounting database didn't plan to have a few cents of every dollar be tucked somewhere else, but it happened because of the little guy.
This is why we need to know every single person who put code into the voting system, (and hopefully keep track of the versioning system used for coding it) because even one small one line non-planned line of code can radically alter the behavior of the program. It would be trivial to bury a little several line vote-tweaking procedure deep in some obscure and rarely modified class.
Sure, knowing who is making design decisions about the code keeps us safe from corporate sanctioned vote manipulation, but it doesn't save us from the underpaid, overworked, not really supervised guy who really really really likes Ralph Nader & his Green Party.
It does sound like quite a burden on the programmer to have your name permanently attached to your code, but the task of safeguarding and tallying the votes of a democracy is a privileged one, and with great power comes great responsibility. Besides, lots of professionals have to deal with that kind of responsibility every day. If you don't want it, then don't design the system that would be the gatekeeper of our democracy.
If justice has any sense of irony, then SonyBMG will be liable not simply for the provable installations on peoples computers, but all Possible installations on peoples computers.
So lets see... Little Johnny bought 1 CD, and listened to at at, say 25 friends houses, so 25 installations. Thats 25 offenses per CD. So that's actually $2,500,000 per CD sold. Now we'd see Sony cringe.
To bad justice doesn't work the same way the criminals at the RIAA do.
On the other hand, if this was medical malpracice on this scale, sony would be liable for $infinity-1 plus emotional damages.
Perhaps I'm missing something, but I had a great change to demo several LED vs incandescent headlamps while spelunking in Belize recently.
The LED users (including myself) never had to worry about batteries, and their surrounding 20' lit up well. However their field of view was un-naturally gray and colorless, like the moon, and depth-perception was impaired). Beyond that, you could see ABSOLUTELY NOTHING with an LED. Its like the world just didn't exist, no reflections, nada. If I wanted to see the flowstone 20' in front of me, I had to pull out the maglight.
The Incandescent users brought an extra couple sets of AAA's just in case, but they had great depth of field, and the colors of various mineral formations were vivid and clear. Best of all they could see formations over 100' away without busting out any special equipment. The weight they carried with extra batteries was less than the extra flashlight I had to carry.
IMHO LEDs are great for around basecamp or just fudging around or even for torches for tables, but if I'm repelling of a cliff in the dark of the earth, please oh please make my headlamp an incandescent.
What am I missing that makes everone else want these things?
Slashdot Mirror
If I had mod points, I'd rate this as +1 Funny. Then I realized you weren't joking. Wow, its so intuitive. Reminds me of Windows 3.1 where you had edit win.ini every so often. Way to go Ubuntu! Lets hear it for progress! Installing programs can kill your mouse!
Reminds me of a Keyboard-Video Card confict I had back in 1995... IRQ's and all that rot. You know, there's something called Plug n Play these days. I hear it's pretty nice and you don't even have to use Emacs to get all of the keys on your keyboard working.
All Hail Linux, the OS that Programs YOU to accept that buggy poorly assembeled crap is progress.
And where poor graphics performance is viewed a oppression instead of a natural consequence of non-conformity.
Sniff.. Goodbye Karma.
Seriously, I'm sorry to tell you this, you're obviously bright and it will get you far, but the world is rarely a priori knowable or logically derivable.
Expertise is a beautiful and amazing thing.
Let me illustrate with a few of the simpler tax quandries I confronted this year. Since the math (sic) is so easy, please answer them. Bear in mind that I work for a company which pays me in both NY and CT, even though the job is only in CT and I only live in NY. This means that both NY and CT want a piece of the action and have variably taxed my income.
Please note that some of the tax law needed to answer this question is new this year.
My federal return was about 20 pages long this year, and I don't even have a private business. And the federal was nothing compared to working out the competition between my TWO state returns. I've done my taxes with software every year since I had to start filing and now consider myself well versed in the tax law, but this year nearly broke me. The amount of time I put into deciphering the tax code numbered in the tens of hours, and I only have about 2 hours a day that I can be awake between work and need for sleep and call disposable. It look me Weeks to figure out, and I certainly don't consider myself dimwittied. (except that I didn't cave-in and get a CPA this year) If it was just the arithmetic it would have taken me at most 20 minutes while watching TV. Gathering the paperwork took about another 60 minutes spread out across 2 months, cake walk. Its the aquisition, interpretation, and execution of new non-intuitive and sometimes conflicting knowledge that makes it fun. Just FYI. Thats what life is really about.
(answers: need more info; only if you know the tax law; lifetime learning only; no)
Even a simple, yes/no/sort of would have been more helpful than nothing.
TFA is interesting and all, but it should have a summary. Not a teaser!
Very simple marketing tactics. I would have expected better from slashdot.
(oh wait, nevermind, thats what I have come to expect from slashdot. silly me)
This was absolutely fantastic! Watching it reaching outerspace and seeing the curvature of the earth LIVE! I know it was just a webcast and I'm still at home, but it felt like we there there!
Any comments on the near end wobble? Did anyone else see that? It looked like it was hitting turbulence. Was that the end of the atmosphere or was it losing attitude control. It looked like it was increasing in magnitude with each oscilation so I'm guessing it was a fault that was overcompensated? Any other theories? Not that I want to detract from what SpaceX is doing, but I'm just curious about what might have happend. These guys are my new heros!
If anybody can find a video please post it!
Yeah, that answers a lot of the "Oh Noes the Guberment!" problems, but your own post has a logical fallicy.
You say that it is meaningless to "exclude" people from using an ID in this context, but then in every example you use you are illustrating types of exclusion. If X is allowed to post on my blog, then it is implicit that there are others, not X, that are Not allowed to post to your blog. But if the identity X does not assert that "X" != "not X", then X is meaningless.
The big problem with the OpenID white list model is the same as the AOL whilelist model. Once a certain ID/ID Server becomes popular enough it will become a target for undesirable access. However, if someone undesirable starts using the ID, then the entire set of people using the ID must be excluded. You ban the ID/ID server and everyone using it goes away.
If you are just trying to exclude all posts not from people, it would be much more simple to implement a "type in these hard to read characters" system for every post than to set up a readily compromised, non-identifying, identity system. If you are trying to exclude certain subsets of humanity, you need to choose an exclusionary ID system. Period.
I agree that systems must be built upon eachother, but this system, in and of itself, has no real function and thus is obligated to be built upon another system. Its like building a piston and having no engine to go along with it.
MOD PARENT UP!
Its people like the grandparent poster who make Linux completely inaccessible to the masses. Can't use Linux, its because you're too stupid, and not because I'm too (a lazy, b arrogant, c clueless) to program a simple working UI that works. 3 Linux distros, 4 days work, what do I have to show for it, an XP laptop. Of course, that's because I'm stupid according to people like you. But wait, Perhaps this in an inferiority complex? After all, I put an XP cd in the drive and 20 minutes later I've got a fully functional computer, no kernal recompiling, no driver hunting, it just works. Why didn't you program linux that well? For crying out loud, the latest version of Ubuntu doesn't even natively support WPA encryption. Perhaps the reason you don't have spyware is because you're not actually on the internet? (joke, I know, but I hope you see my point)
In your opinion, perhaps Linux people with all their specialized knowledge should be the arbiters of who procreates and who doesn't? Then again, if its only specialized knowledge that's needed regardless of esoteric field, maybe the auto mechanics should be that arbiter, or maybe quantum physicists, or farmers, perhaps economists, or maybe roughnecks? Get over yourself. So you have specialized knowledge, so do most other people on this earth, you're just too blinded by your own arrogance to see it.
Yes, I know this is flame bait and a troll, but sometimes a guy just can't take the 24/7 condescension from some of the Linux folks, purporting to have a great system. Saying 'My grandma can use it' is all well and good but when you can say your grandma can INSTALL it, then it will be a great system. For now, the most virtiolic ones really seem to be overcompensating, or at the very least are extremely detrimental to their own cause.
Lets say that some one came after two different people with a baseball bat, one ran away and the other politely asked him to put it down. Who would be the bigger idiot in your opinion?
I'd call the supider one the one who dismisses this riskyness of his situation and boldy gets his head bashed in.
I agree with you, the teacher should have talked to the student before taking it any further, at least with the principal present if he was truely worried, but I'm not sure if I'd call him an idiot.
Lets wind this forward a few years.
Say you're 25, your IM icon for interacting with collegues and business partners is exactly the same, except its your boss instead of your teacher. You would definately be fired (expelled, not suspended) and quite possibly arrested.
Why is it that so many people are thinking 'heh I did that too with pen & paper' so its Ok? Why is the teacher an ok recepient for this sort of thing? Please, someone who supports this kids actions reply to this and explain it to me. Why is it ok to disrespect a teacher to such an incredible degree?
Why is middle school, or elementry school not the proper place to teach children the codes of respect and civility that govern our society?
Yeah, me too, in 1st grade. This is a 15 y/o in the upper reaches of middle school, the longer it takes him to learn this lesson the worse its going to be when he eventually learns it.
I'm sorry you put up with so much codensention, but just think about how 4 years of learning to deal with it helped you in the real world with mean ol' bosses, that condescending bank teller, that stupid guy posting a reply on slashdot. We're surrounded by condesention, but that doesn't exactly justify any old response. There are far worse fates than being condesended, and last I checked we're not allowed to murder or even threaten murder for any but a select handfull of them. This is a lesson well learned in my view: the cicrumstances don't matter at all, its how we respond to them that makes us who we are.
The issue is one of privacy, its not a threat to have this materials in your bedroom, its quite another thing to depict someone burning in effigy on your front lawn. The difference is visibility.
From TFA: (emphasis mine)
So long as this remained private (ie. just on his computer), I could see it as not being a threat, but then he used it as his IM icon, there by making it public. It circulated among his peers, those he trusted and distrusted, and at least one of his peers (possibly many - how many high school students acting alone would report this sort of thing?) didn't see it as humor but as provocation. And so they reported it, they move the picture from one public circle to another. Thus the threat became known to the potential victim. This caused the victim to fear for his and his family's safety. While the intent may not have been there, the icon certainly was percieved as a threat which is entirely reasonable on its face. The fact that it was digital and on the internet certainly didn't change a darn thing.
Bear in mind the standard would be different in a criminal proceeding, but this is a violation of the schools rules, and the school is the proper and correct arbiter of its own rules. The courts were only involved to see if the schools had violated a constitutional right or their own stated and universally agreed to policies. Which they had not. Perhaps the severity was more than we would like to see, but thats not a reason for the court to nullify the school's decision.
But doesn't A imply B? Doesn't A NEED B in order to be true?
Logically:
We (the majority) have decided that stealing should be illegal (B), so (A).
If you want laws, you have to enforce some sort of morality, because that is only what laws are: enforced morality, with explicitly stated pushishments for non-compliance. What exactly are you getting at with your post?
Ok geeks, how many of us can rebuild our car? How many of us know the compression ratios of the engine or where to find the fuel pump? How many of us are aware of the nuances of how the exhaust pipe is shaped for best fuel economy? How many people could diagram a torque converter, its interface with the automatic transmission and even point out an error if a diagram that they saw?
I'm guessing very few. Most of us would take our car to a mechanic if it were to break because we don't have the specialized knowledge set to diagnose and fix it. Mechanics always talk about the stupid easily fixable things people bring in their cars for.
My point is that most of us just want a car that goes. After I buy a Nissan, I might also buy floormats to keep it clean, but I don't have to choose which spark plugs to use if I want to go into a high elevation climate. The car just goes! I put in gas, change the oil, and it goes. Some poeple drive manual, some drive automatic, that is the difference between interfaces, like MacOS vs WinXP. Sure there are technical reasons why each might be better under the hood, like front vs rear wheel drive, but honestly they're both tools to get the job done. If they don't go when I buy them, I take them back.
Installing drivers should be like 'installing' gasoline: readily available and easy to do. Readily available doesn't mean it exists, it means it can be found right under your nose. Listen to yourselves! Installing something as simple as firefox on Ubuntu requires a huge number of non-intuitive steps that must be hand copies perfectly into a command prompt. How does that save the user work? https://wiki.ubuntu.com/FirefoxNewVersion
All people really want out of OS is for it to save them more and more time. Microsoft and Macintosh get this. You never Need to go to prompt for any daily or monthly or even yearly task. Your click the button, it works. Our job as geeks is to make sure the abstraction is so total that the user never needs to know what kernel version they are running much less what file system they are using. Until we can understand that the average user will never want or be able to migrate to Linux without a gun pointed to their head.
An example - I have 5 good friends who are expert level computer hobbyists. They all migrated to linux, but it required too much overhead out of their daily lives to keep. They all learned linux, really liked a lot of things about it, and switched back. When you can tell me why, then you will understand whats wrong with linux today.
I'm not really sure where you got that out of my argument. I was using the 'home=castle' approach, and the telephone falls under that. I think my arguments stand just fine against invasion by telemarketers, but perhaps you were responding to some other poster's ideas and not to mine?
The telemarketer is a wonderful analogy. Just because my number is publicly available doesn't mean you have the right to call it. Depending on your use, that would be harassment, which telemarketers can be convicted of. Similarly, the Statue of Liberty is a public artifice, but that does not mean that any member of the public is free to use or abuse it in any manner they wish.
I would argue that they do Not have the right to call me at home since that right has been revoked by the national do-not-call list. There is also a difference between distraction and distruction. A solicitor is free to knock on my door and be told to go away (unless she's a girl scout with cookies). They are not, however, allowed to enter my home without invitation. Picking up the phone is the same as answering the door. You're free to refuse to parley with the other person at the gateway to your domain.
Whats different between the telemarketer and the invasive security firm? Destructiveness. It may be true that I keep my backdoor unlocked; that is my perogative. But if someone publishes that I do so, they have substantially increased the risk of my choice. I am Less secure than before they arrived. Their actions, however well meaning, have increased my personal risk, and that is destructive. However, if they simply tell me that it is not wise to leave the door unlocked, then the risk of my choice is unchanged. It may be a stupid risk, but its my risk to take.
Now, if I'm a guardian of a public treasure and I leave it vulnerable, then I am accountable for that vulnerability. But since there is no perfect shield, I cannot defend it from every possible attack. Let us assume that my protection is sub-par, sub-minimal in fact, but I project an image of total security. That image may be enough to differ all but the most determinied, who, it might be reasoned, could circumvent even the strongest defense. If you expose the weakness of my protection without having a plan to replace me, then you have made the public treasure vulnerable. Even though you did not attack, you provided intelligence to the attacker, and thus were an accomplice, albeit unknowningly so.
"With great access (freedom) comes great responsibility."
So what's the solution? You don't trust my protection, and I won't listen to what you see are basic precautions. You make noise, you tell my bosses: he isn't guarding the treasure well, it will be stolen, you should have an independant party examine his security, we can do it, but if you don't trust us, you must allow someone to challenge him and see if he is guarding the treasure well.
Ultimately its about permission. I will never trust anyone, (security firm especially) who feels free to violate my permission. I would hope that large corporations would act the same way.
That means the law frequently rests on the definition of "authorization." Many cases suggest that if the owner doesn't want you to use the system, for whatever reason, your use is unauthorized. In one case I took on appeal, the trial court had held that searching for airline fares on a publicly available, unprotected website was unauthorized access because the airline had asked the searcher to stop.
If a shop owner tells you to get out of his store, then you must comply or the police will be called. Why? Because if you do not comply with the wishes of the owner, its called trespass. But on the other side, the shop owner must notify the customer that they need to leave before calling the cops, otherwise its harrasment.
Just because you know something about computer systems doesn't give you the right to invade them and show the owner what you found. How would you like a home security firm to break into your house and then publish in the local paper that you keep a key under the doormat? Yes, my house is 'publicly available' given that its not behind any gates or walls, but that is not an invitation for everyone to come in.
What needs to happen is for security professionals as an industry to have more savvy contracts with the companys they consult for. With clauses stating that the consultant will be free from prosecution if a) they notify the company and give time to repsond and b) if the company doesn't take action and the risk is great to the public or the company's clients then c) the consultant has the right to go public with the information.
Of course there are more clauses you might want to add, but it seems like a lot of this could be solved in the contracting steps of taking the job. If you can't get a good contract, don't take the job.
Vigalante justice is illegal. Robin Hood was a good guy, as were the American Revolutionaries, but from a criminal law perspective they were all guilty of many crimes. They chose to break the law because of their personal convictions but they also more or less accepted the risks of doing so.
What happened to whistle blower protection laws, wouldn't those apply in these situations?
Read the whole Wiki. It states that the article wasn't published in Science or Nature, presumably because of resistance in the medical establishment. But that wasn't the problem, the real problem was how the study was preformed.
In practice morphine is always injected. Why?
1) Because it is metabolized in the liver and first pass pharmokinetics powerfully reduce its effects, so you'd need a ton to have any effect on pain.
2) Morphine inhibits intestinal motility. So if you were to drink a morphine solution it would all go straight to your gut and you might not poop for a week. Long standing constipation is a hallmark of someone on morphine.
3) Its freaking bitter. Most animals are conditioned not to eat/drink poisons by their tastebuds. If someone was to put morphine in water and hand it to an addict, they might drink it, but I can bet they might puke too.
So what does this Rat Park Survey tell us? That rats don't like to drink morphine. It can't really tell us anything more, because they didn't provide an adequate control. If they had given the rats in cages morphine to drink it would have shown something, but they didn't they just gave it to them IV.
Basic pharmacology people. Nothing to see here, move along.
The reason AZT was shelved is because it didn't work. Why? Because although it is a chain terminator, it doesn't really have that much specificity for DNA transcriptase. However it has a high specificity for RNA reverse transcriptase. Thats why its good for retroviruses. They're the only things that carry referse transcriptase. So uninfected cells aren't as badly affected as the infected cells. This is a lot better targeting than a lot of chemotherapy which simply targets dividing cells.
90% of the drugs on the market are poisons by that criterion. So whats your point? Everyone dies eventually.
AZT side effect: anemia, bone marrow supression yes.
Leukocytopenia? no. Anvanced HIV infection leading to AIDS manefests with leukocytopenia, so you can't say that AZT even begins to cause AIDS.
Sorry the disease is just incurable at this point, does it mean we shouldn't treat it to give people a longer life?
Whoops! Strike that, forgot to proofread. HIV is a positive sense ssRNA virus, not a dsDNA virus. Told ya I didn't proofread. Doh! Please substitute RNA for DNA where I'm talking about the virus particle. The discussion of HIV DNA not being found in human genomic segments is still accurate.
First off, I did not mean to make it personal. Just my own views. I can see how what I said could be insulting, and I really did not mean that. Science moves forward by challenging the establishment. 200 years ago if you told someone that the heard functions to pump blood they would have laughed at you. 50 years ago universal precautions were virtually unknown. Sometimes the 'crackpots' get it right, so its neccicary to regorously examine their claims. I'm sorry you've been insulted for your views, I hope not to do that, but only to engage in debate. I really wish we could sit down over coffee with a couple of text books and journals and really talk about this stuff. Lets move on...
The reason I didn't tackle some of the other issues (and not necciarly the primary 4 you referred to) was that I don't have it. It would require a paper of triple the lenght of the original to compose a fully cited and complete rebuttle. Many of the 'harder issues' I referred to require background that is not easy to impart quickly and briefly. For example, I have no clue how the math works behind the Riemann Zeta equation, and I doubt anything less than months if not years of intense study would bring me up to speed. http://science.slashdot.org/article.pl?sid=06/03/2 7/1315212 The issues at hand are definately not that erudite, but I hope you get my meaning. My point for some my contentions was that the author of the article was making fun of simple ideas like "lightbulbs make light", and so she earned some easy crackpot points for belittling fundamental ideas. (overt anti-establishment thought process to the point of scientific disregard)
To answer your 4 questions:
1) Yes, I will admit that the mechanism has not been elucidated. However, the word idiopathic peppers medical literature, it is not uncommon to not know the exact mechanism, but to know generally whats happening. For example, digoxin (aka. digitalis) has been around since 1756, but the exact mechanism of how it effects cardiomyocytes is still under investigation. There are several theories, some very good, but none have been proven conclusively. A lot of pharmacology is that way. But I digress. What has been shown is that if you take blood from someone with aids, and inject into another person, you get aids in that person too. Furthermore, if you isolate HIV from the blood of an infected person you can induce CD4 cell destruction and AIDS like symptoms in model organisms. Lets hope someone has not tried this on humans. Of course, this explaination will not hold water for you if you do not believe HIV can be isolated, so lets move on to #2.
2) The initial research was flawed, granted. However, their research has been followed by others who have not been as fraudulent. I offer this instead:
http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?cmd= Retrieve&db=pubmed&dopt=Abstract&list_uids=1656345 8&query_hl=2&itool=pubmed_docsum
Plus, there are more ways than antibodies to detect HIV. HIV is a dsDNA virus with many unique proteins in its repitoire. Yes, there are other retroviruses out there, and some have embedded themselves in our DNA. However, they do not have the same genetic sequence of HIV. HIV like any unique organism has a unique genetic code. It has been sequenced, and is in fact regularly sequenced to determine which drugs the patients are treated with. The correlation is emperical - different HIV sequences have been shown to correlate 100% with resistance or succeptability to certain drugs. There are many sequences due to the innacuracies of reverse transcriptase, and not all of these changes result in a functional modification.
You cannot isolate the HIV DNA sequence from someone not infect
What a bunch of tripe. Michael Moore would be really proud of the first paper. (I didn't read the second one, sorry) I can excuse the writer if 1/2 of the inaccuracies are from an ignorance of the field, but it honestly seems like she's trying to dissuade. Virtually every 3rd paragraph contains and inaccuracy or inappropriate insinuation that is subtle enough to be missed by someone who isn't trained in these fields. The author focuses her arguments by looking at small segments of the literature and history and ignoring the broader sweeps. For example:
The paper's initial assertion is that AIDS was introduced as a polio virus. Simple logical disproof: 1) polio vaccine is given across social/habitual classes. 2) There has not been 1 case of AIDS where the person didn't have one of the following three risk factors: blood transfusion, risky sex*, IV drug use. 3) Not everyone in the US has previous three risk factors. 4) If 2 is true 1 or 3 must be false or at least excruciatingly improbable. 5) 3 is true, therefore 1 must be false. QED. (*risky sex = sexual activity where both partners are not exclusively monogamous to each other at any time during or prior to their relationship)
Several pages deal with the controversy surrounding the initial discovery of the HIV virus. There was also controversy surrounding the discovery of DNA, therefore we shouldn't believe DNA is the 'source code' of life?
She makes light of the microliter aliquots used in the CBC tests but fails to mention that all CBC tests (test which count the types and number of cells in your blood) uses these metrics. We shouldn't trust tests for hundreds of diseases including leukemia, polycythemia, or even iron deficiency based on this implication. (for example, look at the normals on this page: http://www.saintfranciscare.com/11377.cfm)
She also does not respect the validity of the HIV Load test, saying that since it uses PCR (a very common technique in medicine) it cannot be accurate. (no more genetic testing, goodbye cancer diagnosis, goodbye endocrinology) She also asserts that the HIV Load assay will give false-positives and is inaccurate if the procedures are not followed. Yes, it does give false positives, it is a HIGHLY sensitive test, with a low specificity. It is not a screening test, and it cannot be used for one because of its high false positive rate. Additionally, I challenge anyone to find a test in any field that is valid when its procedures are not followed. (magnetism doesn't attract wood, therefore magnetism is false)
http://www.labtestsonline.org/understanding/analyt es/viral_load/test.html
But the coup-de-gras for me was her statistics that showed how low CD4 counts don't correlate to AIDS. (AIDS is, incidentally, practically being defined by low CD4 count)
* "61% of people with CD4 count = 200 in 1997 were AIDS free"
* -response: Yes, CD4=200 is the upper limit at which you see AIDS symptoms, this is expected
* "190,000 Americans in 1993 with CD4 count=200 were AIDS free"
* -response: See above, plus in 1993 the AIDS definition was changing so you see changes in the statistics. Additionally, that number is far less than a quarter of the number of AIDS cases in the US that year. (http://wonder.cdc.gov/wonder/data/aidsPublic.html )
* "No studies have been done to show removal of anti-retrovirals = disease"
* -response: No, but anti-retovirals have been tightly correlated to increased CD4 counts, and their withdrawal to lower CD4 counts. It has also been shown repeatedly (and even in this paper!) that low CD4 count correlates with disease.
The list goes on and on. I just pointed out a few of the most egregious and most easily refuted examples. It just goes to show that if someone really wants to believe someth
Here comes the Flamebait mod, but it had to be said:
I for one certainly hope, that with all the anti-bush, war for oil, anti-SUV, and general conservationist rhetoric present on this forum, that those same people aren't the ones with the enormous data centers.
Personally, I just have 2 laptops, a linux box, and a old PC. Nothing fancy, just enough to toy with, and most sit on the shelf most of the time. I think its insane the amount of money people are willing to pour into this hobby. But of course, each to their own, and I guess it can be easily be called job training.
But of course, if you feel that the Iraq war is blood for oil (I don't), I hope you're realizing you're pouring that blood into your personal data centers. (sorry sorry, but I just know there are people out there who hate waste and then leave 4 computers on constantly, and those people really bug me)
All of you who are commenting that this is an obvious idea may be missing the point.
;)
We all know that security through obfuscation in cryptography is stupid: peer review illuminates the crevices the architect never conceived. But is all open source code subject to this same sort of peer review? If you've ever worked on an open source project, how much time to do sit down and pour over the code looking for security flaws.
Essentially, it's the same problem with Wikipedia: peer-review requires 1) the skill of the peers matches or exceeds the skill of the author, and 2) peers are actually reviewing, and 3) peers are trustworthy. It's the second criterion that Mitnick was questioning.
What's more, since it seems like accidental (and very subtle) bugs result in most security holes that don't get noticed. Wouldn't it then be trivial for someone with a great amount of skill to simply insert a hole? Either by subtle manipulation of existing code or by direct implementation in a segment which they are responsible for coding. If its done well, the 'oops, coding error!' excuse could always be proffered in the event the tampering was detected.
If I wanted to attack a system which I knew ran on OSS (and I had mad coding skillz), I think I would try to obtain some method of working on one of their software packages. Either directly or by 'acquiring' someone else's permissions if that was easier. Then I would insert a piece of backdoor code in a little used (or often used-'hidden in plain sight') code segment. Once the next release is running on that system, exploit the code, and get out. Depending on my goals, the operation could very likely be done before a hole is found and a patch is issued. As a small bonus anyone else installing that software would have the same vulnerability. Of course, some user level app won't be able to induce this scenario, but you get the idea.
Proprietary software doesn't have this vulnerability in so much as the programmers are much more tightly regulated by a company who has legal and monetary interests in controlling its code base and holding its employees accountable. (whether this actually happens is another discussion)
For all the self-righteousness of the open source movement, I remain convinced that the primary reason that more open-source packages are not targeted for attack is because they are not an appealing target. Specific implementations are not in popular use (globally), or they are too close to home. Meaning its preferable to attack your enemy than your family.
No kidding? Do you have any links to info about said building?
It seems like unhardcoding it would be a lot less expensive than wasted real estate in Tokyo. Sounds like a great way to make a fortune!
Have you ever seen computer code? Ever heard of an Easter Egg? How about the movie 'Office Space'? I'm sure the big decision makers in the accounting database didn't plan to have a few cents of every dollar be tucked somewhere else, but it happened because of the little guy.
This is why we need to know every single person who put code into the voting system, (and hopefully keep track of the versioning system used for coding it) because even one small one line non-planned line of code can radically alter the behavior of the program. It would be trivial to bury a little several line vote-tweaking procedure deep in some obscure and rarely modified class.
Sure, knowing who is making design decisions about the code keeps us safe from corporate sanctioned vote manipulation, but it doesn't save us from the underpaid, overworked, not really supervised guy who really really really likes Ralph Nader & his Green Party.
It does sound like quite a burden on the programmer to have your name permanently attached to your code, but the task of safeguarding and tallying the votes of a democracy is a privileged one, and with great power comes great responsibility. Besides, lots of professionals have to deal with that kind of responsibility every day. If you don't want it, then don't design the system that would be the gatekeeper of our democracy.
If justice has any sense of irony, then SonyBMG will be liable not simply for the provable installations on peoples computers, but all Possible installations on peoples computers.
So lets see... Little Johnny bought 1 CD, and listened to at at, say 25 friends houses, so 25 installations. Thats 25 offenses per CD. So that's actually $2,500,000 per CD sold. Now we'd see Sony cringe.
To bad justice doesn't work the same way the criminals at the RIAA do.
On the other hand, if this was medical malpracice on this scale, sony would be liable for $infinity-1 plus emotional damages.
Perhaps I'm missing something, but I had a great change to demo several LED vs incandescent headlamps while spelunking in Belize recently.
The LED users (including myself) never had to worry about batteries, and their surrounding 20' lit up well. However their field of view was un-naturally gray and colorless, like the moon, and depth-perception was impaired). Beyond that, you could see ABSOLUTELY NOTHING with an LED. Its like the world just didn't exist, no reflections, nada. If I wanted to see the flowstone 20' in front of me, I had to pull out the maglight.
The Incandescent users brought an extra couple sets of AAA's just in case, but they had great depth of field, and the colors of various mineral formations were vivid and clear. Best of all they could see formations over 100' away without busting out any special equipment. The weight they carried with extra batteries was less than the extra flashlight I had to carry.
IMHO LEDs are great for around basecamp or just fudging around or even for torches for tables, but if I'm repelling of a cliff in the dark of the earth, please oh please make my headlamp an incandescent.
What am I missing that makes everone else want these things?