Both articles are off-topic because those mechanisms cannot prevent the attack being discussed here. DEP is irrelevant to this attack because it only affects user-space code. The StorageDevicePolicies key can also easily be bypassed (or reset) by code running at kernel level.
(I'm not the modder who originally marked the articles off-topic.)
It's a synchronous dataflow system. Why no comparisons with previous similar work (e.g. Flow-Based Programming or LabView/G)? Do you have a rationale for the use of synchronous dataflow as opposed to, say, asynchronous message passing?
That is: patents are being awarded to corporations not for solution of problems that many have tackled and were unable to solve. They are being awarded to companies who happen to consider a problem a few months before others have.
It's worse than that. In some cases patents are being awarded to companies who consider a problem even 10 or 20 years after it has been solved in the research literature. Patent offices make no serious attempt to find non-patent prior art.
Provisions which, by their nature, should remain in effect beyond the termination of this License shall survive.
It's not entirely clear what that means, and I'm pretty sure it would be unenforceable. It also says:
If this License is terminated for any reason, You must delete all copies of the BitKeeper Software and cease using the BitKeeper Software.
i.e. you must delete all copies of the software as well as ceasing to use it.
Anyway, it would be pretty stupid for McVoy to try to sue Linus or other former BitKeeper users at this point, even if the license provided any justification for doing so.
Here's a more objective test for you: which languages underlie the vast majority of high-performance mathematical/scientific/engineering applications developed in the past decade?
That tells you, at most, what languages people who choose languages think are better (not just fast) for mathematical/scientific/engineering applications. It's not really an objective test of what languages are actually fast.
'Ambassador Kosh' certainly isn't the only one to have observed that the C and C++ community tends to measure speed based on microbenchmarks, and not on real-world applications.
RunAs (more precisely CreateProcessWithLogonW and similar) doesn't and can't provide any meaningful process isolation.
Re:What it really does.
on
Firefox Hacks
·
· Score: 1
Huh? Javascript is only supposed to be able to access clipboardData if it has a ClipboardRead or UniversalClipboardAccess, which a random script won't have. Maybe this is trying to exploit some really old, long-fixed Netscape bug.
And much faster still if you apply the above hack -- less than half a second for me.
(printme.api has gone away, but you don't need it. Also make an empty plug_ins3d directory in the same way.)
* We are not in favour of the patenting of software as in the US.
We are in favour of patenting software, but our laws won't be word-for-word identical to the US ones.
* Europe needs a uniform legal approach to stop the drifting towards extending patentability to inventions, which would not have been traditionally allowed, and to stop patentability of pure business methods, algorithms or mathematical methods.
As a diversionary tactic, we claim to want to stop patentability of "pure business methods, algorithms or mathematical methods" and "inventions, which would not have been traditionally allowed", while actually defining these things vacuously.
* Software products as such, must not be patented.
The EPO should be allowed to continue to use its twisted interpretation of "as such" in Article 52 EPC, so that what everyone without our hidden agenda calls software patents will be permitted.
* Opensource software must be allowed to flourish and the Commission must ensure that this Directive does not have any adverse effect on opensource software and small software developers.
We couldn't care less about open-source or small developers, but we say that we do to deflect criticism.
* Patents and the threat of litigation must not be used as an anti-competitive weapon to squeeze out small companies.
We will wag our fingers and say "tut tut" to patent trolls and extortionists -- in public at least.
Furthermore, the Labour Euro MPs are supporting a UK campaign for a defence fund for small companies to protect themselves from litigation abuse by dominant market players.
Aren't protection rackets a good idea? Lately I've been brushing up on my patent lobby doublespeak -- "protect themselves", geddit?
Please be assured that the Council of Ministers and the Commission cannot ignore our views as democratically elected Members of the European Parliament.
There's an outside chance that the parliament might have a hissy fit and reject the swpat directive in retaliation for the commission doing something unrelated that pisses us off. After all, a week is a long time in politics. Don't count on it, though.
Unless we get full agreement between the three institutions (Parliament, Council and Commission) on this Directive, there is no guarantee that this law will be passed.
Rejecting this law will require half of all MEPs (not just half of all MEPs present) to vote against it. Factoring in the usual apathy quota that's about as likely as simultaneous direct meteoroid strikes on Strasbourg and Brussels. However, it's not impossible.
(I wish I were just being cynical here, but really, that is what the reply you got means. How people use the "as such" code phrase in this debate is a pretty reliable indicator of what side they're on.)
The Three Stigmata..., Martian Time-Slip, Do Androids Dream..., Ubik, and A Scanner Darkly are published in a single volume for under a tenner (UK): ISBN 0575075813.
Right, but the density of air is approximately 1/800 that of water. So simple unenclosed balance scales would have been (and still are) sufficient to measure masses for essentially all commercial purposes, and some scientific ones.
In the time it takes you to post your comment and for me to read it, someone who is on my side of the argument intervenes and changes it to what he believes is the correct answer, not because of our argument, but he's reviewing the page and comes across what he believes to be "false" information. By the time I click the link, now I'm officially "right" because wiki says so.
In that case you'd see that the page had changed. Wikipedia couldn't be used to settle the argument, but it would be obvious that it couldn't, and we'd go to a different source. The use of Wikipedia at most wasted some time (in a situation that is in practice very rare); it didn't silently cause us to come to the wrong conclusion.
I'm not claiming that there aren't cases where using Wikipedia could lead to a silent wrong conclusion, but that can happen (more often than you might think) with off-line/print sources as well. If anything, the authoritativeness that some people automatically attribute to print sources leads to a false sense of security.
(Anyway, "See! I'm right! [Because] Wikipedia says so!" is an obvious fallacy. "I'm right, and Wikipedia gives more supporting information." is how it should be used in a real argument.)
Then again, I've come across situations where someone has said, "See! I'm right because this expert says so!" and found that some expert did, in fact, say so, and the expert was generally considered an "expert", but the expert happened to be wrong.
For every such situation, IME there are scores in which the person you're arguing with is wrong because they haven't paid sufficient attention to expert opinion. An expert is just someone who has spent a lot of time and effort studying a particular field. I have a lot of respect for the knowledge and opinions of experts (within their domain of expertise), but I find that whether you're getting that knowledge or opinion from an e-mail conversation, a Wiki page, or a print encyclopedia makes no real difference to its reliability.
You're mistaken. A pound avoirdupois (symbol lb), which is what is usually meant by "pound", is defined as exactly 0.45359237 kg, and is definitely a unit of mass.
The meaning of "weight" is ambiguous between "force due to gravity" and "mass". In commerce, it has always referred to mass. (If you want to measure the quantity of something, you balance it on some scales against a known reference mass. Force can't be measured nearly as accurately or conveniently with simple equipment.)
You were probably thinking of a "pound-force" (symbol lbf), but that is a deprecated unit with no precise formal definition -- since it would have to depend on some arbitrary average value of g at the earth's surface. Sometimes a conventional value of g is used that comes out to 1 lbf ~= 4.448 222 newton, but that's not a standard.
I, for one, don't put much trust in the Wikipedia for settling contentious arguments, since I know full well that if I wanted to argue that Washington's birthday was on a different day, I could change the Wikipedia entry, and so could the person I was arguing with.
You could -- but why would you? Wikipedia works because most people are honest (or at least well-meaning) most of the time, even when they are engaged in contentious argument. "Contentious" is not the same thing as "no holds barred".
Prediction: a broadcast flag will not be adopted by any country that uses PAL.
The gap in quality between PAL and HDTV is much less than that between NTSC and HDTV, so HDTV is a very difficult sell in these countries. Adding extra limitations would kill it stone dead. Since the U.S. implementation of the flag is specific to ATSC, there's no compatibility reason for any PAL-based equipment to support it, either.
You're mistaken. It is possible to mark unmanaged code as "safe", and call it via PInvoke from managed code. Such code can easily violate the managed type system. There is no possibility of checking whether it actually is safe, other than manual code review. This means that any security bug in unmanaged code on a system can potentially compromise the managed code (just as JNI native methods can in the case of Java).
Slashdot Mirror
Both articles are off-topic because those mechanisms cannot prevent the attack being discussed here. DEP is irrelevant to this attack because it only affects user-space code. The StorageDevicePolicies key can also easily be bypassed (or reset) by code running at kernel level.
(I'm not the modder who originally marked the articles off-topic.)
It's a synchronous dataflow system. Why no comparisons with previous similar work (e.g. Flow-Based Programming or LabView/G)? Do you have a rationale for the use of synchronous dataflow as opposed to, say, asynchronous message passing?
It's worse than that. In some cases patents are being awarded to companies who consider a problem even 10 or 20 years after it has been solved in the research literature. Patent offices make no serious attempt to find non-patent prior art.
Provisions which, by their nature, should remain in effect beyond the termination of this License shall survive.
It's not entirely clear what that means, and I'm pretty sure it would be unenforceable. It also says:
If this License is terminated for any reason, You must delete all copies of the BitKeeper Software and cease using the BitKeeper Software.
i.e. you must delete all copies of the software as well as ceasing to use it.
Anyway, it would be pretty stupid for McVoy to try to sue Linus or other former BitKeeper users at this point, even if the license provided any justification for doing so.
That tells you, at most, what languages people who choose languages think are better (not just fast) for mathematical/scientific/engineering applications. It's not really an objective test of what languages are actually fast.
'Ambassador Kosh' certainly isn't the only one to have observed that the C and C++ community tends to measure speed based on microbenchmarks, and not on real-world applications.
RunAs (more precisely CreateProcessWithLogonW and similar) doesn't and can't provide any meaningful process isolation.
Huh? Javascript is only supposed to be able to access clipboardData if it has a ClipboardRead or UniversalClipboardAccess, which a random script won't have. Maybe this is trying to exploit some really old, long-fixed Netscape bug.
And much faster still if you apply the above hack -- less than half a second for me. (printme.api has gone away, but you don't need it. Also make an empty plug_ins3d directory in the same way.)
* We are not in favour of the patenting of software as in the US.
We are in favour of patenting software, but our laws won't be word-for-word identical to the US ones.
* Europe needs a uniform legal approach to stop the drifting towards extending patentability to inventions, which would not have been traditionally allowed, and to stop patentability of pure business methods, algorithms or mathematical methods.
As a diversionary tactic, we claim to want to stop patentability of "pure business methods, algorithms or mathematical methods" and "inventions, which would not have been traditionally allowed", while actually defining these things vacuously.
* Software products as such, must not be patented.
The EPO should be allowed to continue to use its twisted interpretation of "as such" in Article 52 EPC, so that what everyone without our hidden agenda calls software patents will be permitted.
* Opensource software must be allowed to flourish and the Commission must ensure that this Directive does not have any adverse effect on opensource software and small software developers.
We couldn't care less about open-source or small developers, but we say that we do to deflect criticism.
* Patents and the threat of litigation must not be used as an anti-competitive weapon to squeeze out small companies.
We will wag our fingers and say "tut tut" to patent trolls and extortionists -- in public at least.
Furthermore, the Labour Euro MPs are supporting a UK campaign for a defence fund for small companies to protect themselves from litigation abuse by dominant market players.
Aren't protection rackets a good idea? Lately I've been brushing up on my patent lobby doublespeak -- "protect themselves", geddit?
Please be assured that the Council of Ministers and the Commission cannot ignore our views as democratically elected Members of the European Parliament.
There's an outside chance that the parliament might have a hissy fit and reject the swpat directive in retaliation for the commission doing something unrelated that pisses us off. After all, a week is a long time in politics. Don't count on it, though.
Unless we get full agreement between the three institutions (Parliament, Council and Commission) on this Directive, there is no guarantee that this law will be passed.
Rejecting this law will require half of all MEPs (not just half of all MEPs present) to vote against it. Factoring in the usual apathy quota that's about as likely as simultaneous direct meteoroid strikes on Strasbourg and Brussels. However, it's not impossible.
(I wish I were just being cynical here, but really, that is what the reply you got means. How people use the "as such" code phrase in this debate is a pretty reliable indicator of what side they're on.)
The Three Stigmata..., Martian Time-Slip, Do Androids Dream..., Ubik, and A Scanner Darkly are published in a single volume for under a tenner (UK): ISBN 0575075813.
Extra credit for running it on top of bochs ;-)
Except that they've just had the license fee guaranteed until 2016.
Why not name the guilty? It was Lockheed Martin, although JPL should have caught it.
Since I don't have the right grammatical term at my fingertips...
"Lego", "sand", "sugar", etc. are mass nouns (as opposed to count nouns).
It is possible to replay the execution of programs that communicate with the outside world, rather than just in an isolated virtual machine: you have to log nondeterministic events. See http://www.erights.org/elang/concurrency/determini sm/overview.html.
a ge.
The first language I know of that supported replay is the Abundance database language, back in 1986. Also see http://c2.com/cgi/wiki?ReversibleProgrammingLangu
Right, but the density of air is approximately 1/800 that of water. So simple unenclosed balance scales would have been (and still are) sufficient to measure masses for essentially all commercial purposes, and some scientific ones.
In the time it takes you to post your comment and for me to read it, someone who is on my side of the argument intervenes and changes it to what he believes is the correct answer, not because of our argument, but he's reviewing the page and comes across what he believes to be "false" information. By the time I click the link, now I'm officially "right" because wiki says so.
In that case you'd see that the page had changed. Wikipedia couldn't be used to settle the argument, but it would be obvious that it couldn't, and we'd go to a different source. The use of Wikipedia at most wasted some time (in a situation that is in practice very rare); it didn't silently cause us to come to the wrong conclusion.
I'm not claiming that there aren't cases where using Wikipedia could lead to a silent wrong conclusion, but that can happen (more often than you might think) with off-line/print sources as well. If anything, the authoritativeness that some people automatically attribute to print sources leads to a false sense of security.
(Anyway, "See! I'm right! [Because] Wikipedia says so!" is an obvious fallacy. "I'm right, and Wikipedia gives more supporting information." is how it should be used in a real argument.)
Then again, I've come across situations where someone has said, "See! I'm right because this expert says so!" and found that some expert did, in fact, say so, and the expert was generally considered an "expert", but the expert happened to be wrong.
For every such situation, IME there are scores in which the person you're arguing with is wrong because they haven't paid sufficient attention to expert opinion. An expert is just someone who has spent a lot of time and effort studying a particular field. I have a lot of respect for the knowledge and opinions of experts (within their domain of expertise), but I find that whether you're getting that knowledge or opinion from an e-mail conversation, a Wiki page, or a print encyclopedia makes no real difference to its reliability.
The meaning of "weight" is ambiguous between "force due to gravity" and "mass". In commerce, it has always referred to mass. (If you want to measure the quantity of something, you balance it on some scales against a known reference mass. Force can't be measured nearly as accurately or conveniently with simple equipment.)
You were probably thinking of a "pound-force" (symbol lbf), but that is a deprecated unit with no precise formal definition -- since it would have to depend on some arbitrary average value of g at the earth's surface. Sometimes a conventional value of g is used that comes out to 1 lbf ~= 4.448 222 newton, but that's not a standard.
You could -- but why would you? Wikipedia works because most people are honest (or at least well-meaning) most of the time, even when they are engaged in contentious argument. "Contentious" is not the same thing as "no holds barred".
You can use TLS with the equivalent of host headers. See the "server_name" extension in RFC 3546. However I'm not sure this is widely supported yet.
;-)
RFC 2817 "HTTP TLS Upgrade" also works with Host headers.
(IOW, if virtual servers don't work with SSL/TLS blame the implementors, not the standards writers
Prediction: a broadcast flag will not be adopted by any country that uses PAL.
The gap in quality between PAL and HDTV is much less than that between NTSC and HDTV, so HDTV is a very difficult sell in these countries. Adding extra limitations would kill it stone dead. Since the U.S. implementation of the flag is specific to ATSC, there's no compatibility reason for any PAL-based equipment to support it, either.
Correct URL is http://www.planetary.org/news/2005/huygens_dwe_res ults_0209.html.
Sorry, wrong URL format. See http://msdn.microsoft.com/library/default.asp?url= /library/en-us/csref/html/vcwlkunsafecodetutorial. asp.
Incorrect. See .
You're mistaken. It is possible to mark unmanaged code as "safe", and call it via PInvoke from managed code. Such code can easily violate the managed type system. There is no possibility of checking whether it actually is safe, other than manual code review. This means that any security bug in unmanaged code on a system can potentially compromise the managed code (just as JNI native methods can in the case of Java).