>>Since then who can count the number of patches, updates and vulnerabilities. >>
85 patches in the last two years (200 and change if you count all MS applications, including the ones not bundled with XP). (Shockingly, computers can indeed count that high: http://www.microsoft.com/technet/security/current. aspx ) Thats an average of 3.5 a month... Now Linux, on the other hand, we all know thats rock-solid. I mean, a quick browse over to LinuxSecurity.com proves it -- only 16 patches! Oh, that was in July of 2006 alone? Uh, well, maybe that was a bad month. I mean, if you average it since January... oh, erm, over 1000 patches over that interval. Well, uh, that counts as one patch per distribution, and clearly thats not entirely fair to Linux... Lets break down that number:
Now, I know I've got incoming replies that say "Well, patch/vulnerability counts don't matter for diddly, Linux is more secure than Windows". I actually tend to agree with both of these statements... but its sort of curious that Slashdot has this attitude that patches for one system are an admission of weakness but patches for another system show how a million eyes make bugs shallow.
The confusion between "Die for Allah, get virgins" and "Die for Allah, get raisins" is actually a serious theological debate within Islam. See this Guardian story among a couple hundred other places. If Robbin Williams has Yodafied the joke before my apologies to him, but I haven't heard a word from the man since Mrs. Doubtfire and given that that was pre-September 11th I'm guessing I've never heard his take on Islam. Or Star Wars, for that matter.
OBI-N LADEN: These are not the droids you're looking for. *handwave* PREDATOR DRONE: No, but this drone is looking for you. *boom*
OBI-N LADEN: That sucked. Oh well, being a blue glowie in paradise isn't so bad. Yo Yallah, how about the 72 virgins? YALLAH: Get the message, you did not. Raisins, I promised. OBI-N LADEN: NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO. DARTH VADER: Thats my line, idiot.
A windows exe won't run on Unix, but you can name your unix executables whatever the heck you want, including.exe. I do this all the time for ease of portability (Java interface/network code with an external C program to do the heavy lifting, named whatever.exe on both Windows and Linux to save having to edit the Java source) and to visually flag the executables when I ls on a black and white terminal.
... there is no way you can actually draw power specifically from the farm. Electricity flows into The Grid, it flows out of The Grid, but once its on the Grid it doesn't care whether its coal, nuclear, cow flatulence, whatever -- there are no special ways to flavor an electrical charge. So what you're really doing is making a donation to the Cow Power farm to put a little juice back onto the grid... when they get paid already for doing that (you can, too: most states will let you bill the electric company if you use negative amounts, for example if you install a home solar system).
If you really have your knickers in a twist about global warming take the money you were going to spend on donations to Cow Power and use it on insulation. You'll reduce your heating/cooling costs and decrease your own personal energy consumption, which will have a bigger environmental impact (measured in units of "infintessimally small", of course) than just changing x% of your energy budget from fossil fuels to marginally cleaner methane.
My main academic interest was AI and I am currently working at a Japanese technology incubator, half for being able to speak English and half for that whole engineering degree thing. Specifically in AI I did a lot of work with natural languages. Those, um, don't lend themselves to working on the robots: of the 8 researchers I personally know on robotics the main commonality is a strong background in image processing (computational vision, etc) and 3D math (vision, motion, etc).
As to the availability of actual jobs in the industry: if you are bilingual and can program your way out of a paper bag Japan has a job for you. There are government incubators and private research labs (most associated with universities or laaaaaaaarge corporations) which have ooooodles of cash to throw at this field and not nearly enough qualified Japanese grad students to spend it on. If you can nail the language thing and get an introduction into the industry (which is not too difficult if you can handle the language thing and can program your way out of a paper bag), you're pretty much set.
As for pay and working conditions... well, put it this way, they vary wildly. I work ~35 hours a week and get paid about what a US liberal arts graduate would expect to make (not counting a compensation package offering decent perks like $50 a month housing & free insurance/taxes, so my actual quality of life corresponds to a salary somewhere in the $50-60k range, I'm guessing). I know another research at another institution who works a whole lot more for, well, a whole lot more. I'm sure there's also folks who work more for less.
Oh, incidentally, if you want something to burnish your resume a little bit and don't want to go into image processing human-computer interaction is pretty hot at the moment in my neck of the woods.
After a conference talking about the responses to the Sumatura (sp?) tsunami I've come to the conclusion that South East Asian Distaster Preparedness Manager is about the worst job ever:
* You've got about three hours to six hours from the time the earthquake is detected to the time the tsunami makes landfall. The US, which has none of the problems I'm about to outline, can barely accomplish a passable evacuation over three days (72 hours).
* In those same three hours, you have to evacuate between several hundred thousand to several million people, spread over multiple countries and an absolutely gigantic geographic region.
* The overwhelming majority of them live in coastal cities which have no significant landmass which is high above sea level.
* Your challenges include the fact that most of these folks do not own a television or radio, many of them do not trust your government (and some will shoot your agents on sight), road conditions are poor and gridlock is a fact of life *every* morning to say nothing of when everyone is taking the one single-lane dirt road to safety, and you've got to coordinate the efforts of multiple national governments, most of which are barely competent in the best of times.
* The first time you have a false alarm and order the *immediate and that means NOW* shutdown of 6+ national economies for a day, your program will get canceled. Murphy's Law being what it is, you will be shut down just in time to miss The Big One.
* Pick an hour, any hour, for the tsunami to occur. If it occurs in mid-morning your populace will be gridlocked and unreachable for warning alerts. If it occurs during the workday, ditto. If it occurs after work hours or, God forbid, during the night you'll never get the news to everybody in time.
I hope Sony notices the significant demand for the missing functionality provided by these homebrew systems.
You probably have a very different perception of the word "significant" as compared to a company which books about $7.5 million in revenue in the average hour.
This time that happy-sappy capitalist running dog doplhin gets it with our new Precision Guided Silkworm Missile! Take that, Flipper! Bwahahaha! -- Hey, its not any LESS crazy than what passes for the real North Korean government.
mr brown is entitled to his views. But opinions which are widely circulated in a regular column in a serious newspaper should meet higher standards. Instead of a diatribe mr brown should offer constructive criticism and alternatives. And he should come out from behind his pseudonym to defend his views openly.
Gee, I wonder why the man would insist on anonymity...
It is not the role of journalists or newspapers in Singapore to champion issues, or campaign for or against the Government.
On the other hand, that could be a fairly good reason to want to stay anonymous.
If a columnist presents himself as a non-political observer, while exploiting his access to the mass media to undermine the Government's standing with the electorate, then he is no longer a constructive critic, but a partisan player in politics.
This sounds to me an awful lot like "You'll stay healthy as long as you say what we want you to say", given that Singapore is a one-party state and "partisan players" are literally criminals by definition. (I'm not being that unfair here: you'd be charged with violating the Internal Security Act. A Socialist who had the terminity to run against the government got hit with 23 years for that, eventually getting out in 1989 (source: http://friskodude.blogspot.com/2004/08/singapore-p olitical-dissidents.html ) More recently, the limping and ineffectual Opposition Party is busy seeing its key members get sued to death for "defamation" for calling the government, uh, less than a paragon of transparently democratic virtue.).
By the way, for the 430,000 Slashdotters who will say "Yeah, but Dubya is worse": whens the last time someone knocked on your door for illegal partisanship?
"Sites", not "sights". I know exactly why I did this, too: I've been working on a side-project developing a program which makes bingo cards for teachers and have mistyped "Dolch sight word lists" as "Dolch site word lists" so many times in the last two weeks that this must have been out of a desire to even the balance.
I'm currently wearing Adidas. I can Google "Adidas labor practices" and figure out if I need to be converend fairly quickly (well, OK, I don't think "sweatshops" are necessarily something I need to be concerned about, but even if I shared the politics of the people hyperventilating about them I wouldn't need the barcode to do it). My technology incubator does traceability for beef (using cellphone based barcode readers -- they're a dime a dozen here), where you can look up exactly what farm and processing plant a particular hamburger patty went through, but even that is mostly useless information designed to convince the fickle Japanese consumer that somebody important is tracking their food safety.
Japan has, let me think, in excess of a hundred million people who spell through "through"? English doesn't just belong to people who grew up speaking English anymore -- its the language (or one of the main languages) of international commerce, politics, science, and essentially everything. Catastrophically large changes to English which make "our" English mutually unintelligible with "their" English just won't happen.
Economically inevitable my hindquarters. It is true, if you invested 90% of the home/office PC budget into thin clients you'd have better stuff for less money. The same could be said of spending 90% of what is spent on consumer automobiles in the US to develop mass transit. Do we see incredibly efficient mass transit across America? No. Its not inevitable, because there are hidden costs to the action -- loss of autonomy, "edge cases" which border on hideous ("Sure, you can't play games on your InternetOS, but what family needs to play games?" "Sure, you can't use mass transit unless you live in a city, but who doesn't live in cities?"), incredible transition costs, etc etc etc.
Sure, Google could theoretically cross-promote everything on the auction sight to users of the main search service. That still wouldn't necessarily solve the critical mass problem, which allows eBay to kill off every other significant competitor -- if you need it, its on eBay. Thus, the buyers are on eBay. Thus, all sellers go to eBay. What would you have to offer the first couple hundred thousand auction sellers to convince them to go to Gooooogle?
You have no constitutional right to having content, any more than you have a constitutional right to owning a printing press. You just have a constitutional right not to get the printing press which you do own taken by the government for what you say. I sympathize with "copyright terms are too long and the ones Congress has authorized arguably exceed the authority which the Constitution grants it". I have no sympathy for "copyright sucks ergo I should be able to listen to this year's new hotness for free".
Similarly, while the Constitution allows (doesn't require, incidentally, allows) Congress to promotethe progress of science and the useful arts it says absolutely nothing about promoting free downloads: "The Congress shall have power...To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries;" If you want free downloads, create something worth downloading.
Worse language than PHP for security?
on
PHP Hacks
·
· Score: 2, Funny
"The language doesn't actually compel you to write insecure code, but it would be hard to imagine one which came closer."
C? (Ouch, my poor karma -- but seriously, memory management is a security vulnerability in the hands of the average programmer AND every programmer thinks they are above average).
Hmm, brokering a low price on an item by guaranteeing high volume... how did that word go again... oh yeah: retailer. Seriously, this is exactly what Best Buy does every day of the year when they call up manufacturer/distributor X and say "We'll put that in front of our 'flash mob' of people who we're going to induce to come to our stores tomorrow, in return you'll give it to us for 50% of the MSRP. Now if you don't sell to us we'll guarantee our 'flash mob' DOESN'T purchase from you, bwahaha.".
People have already pointed out that co-ops, big-box retailers, etc are all just variants on this model. Ditto any number of eBay sellers, dot-bombs, etc.
geek browsed customer's computer to a nasty web site and got it infected with spyware and viruses (two weeks ago)
Yeah, suuuuuuure... "Oh, I have no idea how that porn site got into my history. I know I never visit porn sites, and my husband/son/dog are morally upstanding individuals... it must have been the Geek Squad!"
If you spend monumental amounts of effort developing a web spider, search engine ranking system, and then a way to distribute the content over an arbitrary number of nodes on the Internet (in essence, replicating in opene source Google's entire reason for being), THEN add automated peer discovery to that, you'll have a pretty sweet search engine. For a week. Then some enterprising person is going to figure out that they can control your search engine results by taking your open source enginge, modifying it, and distributing it to a botnet -- redirecting X% of your search requests to Google AdSense or affiliate pages they control. And the best part -- what they are doing isn't even illegal!
Library records which contain the names or other personally identifying details regarding the users of libraries are confidential and shall not be disclosed except in the following circumstances:
a. The records are necessary for the proper operation of the library;
b. Disclosure is requested by the user; or
c. Disclosure is required pursuant to a subpena [sic -- probably transcription error in the database] issued by a court or court order.
Slashdot Mirror
>>Since then who can count the number of patches, updates and vulnerabilities.
. aspx ) Thats an average of 3.5 a month... Now Linux, on the other hand, we all know thats rock-solid. I mean, a quick browse over to LinuxSecurity.com proves it -- only 16 patches! Oh, that was in July of 2006 alone? Uh, well, maybe that was a bad month. I mean, if you average it since January... oh, erm, over 1000 patches over that interval. Well, uh, that counts as one patch per distribution, and clearly thats not entirely fair to Linux... Lets break down that number:
>>
85 patches in the last two years (200 and change if you count all MS applications, including the ones not bundled with XP). (Shockingly, computers can indeed count that high: http://www.microsoft.com/technet/security/current
Distro | Security Advisories Since January 2006
Debian (between 190 and 200)
Gentoo 101
Redhat 69
PXswodniW 25
Now, I know I've got incoming replies that say "Well, patch/vulnerability counts don't matter for diddly, Linux is more secure than Windows". I actually tend to agree with both of these statements... but its sort of curious that Slashdot has this attitude that patches for one system are an admission of weakness but patches for another system show how a million eyes make bugs shallow.
The confusion between "Die for Allah, get virgins" and "Die for Allah, get raisins" is actually a serious theological debate within Islam. See this Guardian story among a couple hundred other places. If Robbin Williams has Yodafied the joke before my apologies to him, but I haven't heard a word from the man since Mrs. Doubtfire and given that that was pre-September 11th I'm guessing I've never heard his take on Islam. Or Star Wars, for that matter.
OBI-N LADEN: These are not the droids you're looking for. *handwave*
PREDATOR DRONE: No, but this drone is looking for you. *boom*
OBI-N LADEN: That sucked. Oh well, being a blue glowie in paradise isn't so bad. Yo Yallah, how about the 72 virgins?
YALLAH: Get the message, you did not. Raisins, I promised.
OBI-N LADEN: NOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO.
DARTH VADER: Thats my line, idiot.
A windows exe won't run on Unix, but you can name your unix executables whatever the heck you want, including .exe. I do this all the time for ease of portability (Java interface/network code with an external C program to do the heavy lifting, named whatever.exe on both Windows and Linux to save having to edit the Java source) and to visually flag the executables when I ls on a black and white terminal.
... there is no way you can actually draw power specifically from the farm. Electricity flows into The Grid, it flows out of The Grid, but once its on the Grid it doesn't care whether its coal, nuclear, cow flatulence, whatever -- there are no special ways to flavor an electrical charge. So what you're really doing is making a donation to the Cow Power farm to put a little juice back onto the grid... when they get paid already for doing that (you can, too: most states will let you bill the electric company if you use negative amounts, for example if you install a home solar system).
If you really have your knickers in a twist about global warming take the money you were going to spend on donations to Cow Power and use it on insulation. You'll reduce your heating/cooling costs and decrease your own personal energy consumption, which will have a bigger environmental impact (measured in units of "infintessimally small", of course) than just changing x% of your energy budget from fossil fuels to marginally cleaner methane.
My main academic interest was AI and I am currently working at a Japanese technology incubator, half for being able to speak English and half for that whole engineering degree thing. Specifically in AI I did a lot of work with natural languages. Those, um, don't lend themselves to working on the robots: of the 8 researchers I personally know on robotics the main commonality is a strong background in image processing (computational vision, etc) and 3D math (vision, motion, etc).
As to the availability of actual jobs in the industry: if you are bilingual and can program your way out of a paper bag Japan has a job for you. There are government incubators and private research labs (most associated with universities or laaaaaaaarge corporations) which have ooooodles of cash to throw at this field and not nearly enough qualified Japanese grad students to spend it on. If you can nail the language thing and get an introduction into the industry (which is not too difficult if you can handle the language thing and can program your way out of a paper bag), you're pretty much set.
As for pay and working conditions... well, put it this way, they vary wildly. I work ~35 hours a week and get paid about what a US liberal arts graduate would expect to make (not counting a compensation package offering decent perks like $50 a month housing & free insurance/taxes, so my actual quality of life corresponds to a salary somewhere in the $50-60k range, I'm guessing). I know another research at another institution who works a whole lot more for, well, a whole lot more. I'm sure there's also folks who work more for less.
Oh, incidentally, if you want something to burnish your resume a little bit and don't want to go into image processing human-computer interaction is pretty hot at the moment in my neck of the woods.
After a conference talking about the responses to the Sumatura (sp?) tsunami I've come to the conclusion that South East Asian Distaster Preparedness Manager is about the worst job ever:
* You've got about three hours to six hours from the time the earthquake is detected to the time the tsunami makes landfall. The US, which has none of the problems I'm about to outline, can barely accomplish a passable evacuation over three days (72 hours).
* In those same three hours, you have to evacuate between several hundred thousand to several million people, spread over multiple countries and an absolutely gigantic geographic region.
* The overwhelming majority of them live in coastal cities which have no significant landmass which is high above sea level.
* Your challenges include the fact that most of these folks do not own a television or radio, many of them do not trust your government (and some will shoot your agents on sight), road conditions are poor and gridlock is a fact of life *every* morning to say nothing of when everyone is taking the one single-lane dirt road to safety, and you've got to coordinate the efforts of multiple national governments, most of which are barely competent in the best of times.
* The first time you have a false alarm and order the *immediate and that means NOW* shutdown of 6+ national economies for a day, your program will get canceled. Murphy's Law being what it is, you will be shut down just in time to miss The Big One.
* Pick an hour, any hour, for the tsunami to occur. If it occurs in mid-morning your populace will be gridlocked and unreachable for warning alerts. If it occurs during the workday, ditto. If it occurs after work hours or, God forbid, during the night you'll never get the news to everybody in time.
You probably have a very different perception of the word "significant" as compared to a company which books about $7.5 million in revenue in the average hour.
This time that happy-sappy capitalist running dog doplhin gets it with our new Precision Guided Silkworm Missile! Take that, Flipper! Bwahahaha! -- Hey, its not any LESS crazy than what passes for the real North Korean government.
Gee, I wonder why the man would insist on anonymity...
It is not the role of journalists or newspapers in Singapore to champion issues, or campaign for or against the Government.
On the other hand, that could be a fairly good reason to want to stay anonymous.
If a columnist presents himself as a non-political observer, while exploiting his access to the mass media to undermine the Government's standing with the electorate, then he is no longer a constructive critic, but a partisan player in politics.
This sounds to me an awful lot like "You'll stay healthy as long as you say what we want you to say", given that Singapore is a one-party state and "partisan players" are literally criminals by definition. (I'm not being that unfair here: you'd be charged with violating the Internal Security Act. A Socialist who had the terminity to run against the government got hit with 23 years for that, eventually getting out in 1989 (source: http://friskodude.blogspot.com/2004/08/singapore-p olitical-dissidents.html ) More recently, the limping and ineffectual Opposition Party is busy seeing its key members get sued to death for "defamation" for calling the government, uh, less than a paragon of transparently democratic virtue.).
By the way, for the 430,000 Slashdotters who will say "Yeah, but Dubya is worse": whens the last time someone knocked on your door for illegal partisanship?
... it turns out super takes like chicken.
"Sites", not "sights". I know exactly why I did this, too: I've been working on a side-project developing a program which makes bingo cards for teachers and have mistyped "Dolch sight word lists" as "Dolch site word lists" so many times in the last two weeks that this must have been out of a desire to even the balance.
... just wait until the dupe links to the open version.
I'm currently wearing Adidas. I can Google "Adidas labor practices" and figure out if I need to be converend fairly quickly (well, OK, I don't think "sweatshops" are necessarily something I need to be concerned about, but even if I shared the politics of the people hyperventilating about them I wouldn't need the barcode to do it). My technology incubator does traceability for beef (using cellphone based barcode readers -- they're a dime a dozen here), where you can look up exactly what farm and processing plant a particular hamburger patty went through, but even that is mostly useless information designed to convince the fickle Japanese consumer that somebody important is tracking their food safety.
Japan has, let me think, in excess of a hundred million people who spell through "through"? English doesn't just belong to people who grew up speaking English anymore -- its the language (or one of the main languages) of international commerce, politics, science, and essentially everything. Catastrophically large changes to English which make "our" English mutually unintelligible with "their" English just won't happen.
Economically inevitable my hindquarters. It is true, if you invested 90% of the home/office PC budget into thin clients you'd have better stuff for less money. The same could be said of spending 90% of what is spent on consumer automobiles in the US to develop mass transit. Do we see incredibly efficient mass transit across America? No. Its not inevitable, because there are hidden costs to the action -- loss of autonomy, "edge cases" which border on hideous ("Sure, you can't play games on your InternetOS, but what family needs to play games?" "Sure, you can't use mass transit unless you live in a city, but who doesn't live in cities?"), incredible transition costs, etc etc etc.
Sure, Google could theoretically cross-promote everything on the auction sight to users of the main search service. That still wouldn't necessarily solve the critical mass problem, which allows eBay to kill off every other significant competitor -- if you need it, its on eBay. Thus, the buyers are on eBay. Thus, all sellers go to eBay. What would you have to offer the first couple hundred thousand auction sellers to convince them to go to Gooooogle?
You have no constitutional right to having content, any more than you have a constitutional right to owning a printing press. You just have a constitutional right not to get the printing press which you do own taken by the government for what you say. I sympathize with "copyright terms are too long and the ones Congress has authorized arguably exceed the authority which the Constitution grants it". I have no sympathy for "copyright sucks ergo I should be able to listen to this year's new hotness for free".
...To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries;" If you want free downloads, create something worth downloading.
Similarly, while the Constitution allows (doesn't require, incidentally, allows) Congress to promotethe progress of science and the useful arts it says absolutely nothing about promoting free downloads: "The Congress shall have power
C? (Ouch, my poor karma -- but seriously, memory management is a security vulnerability in the hands of the average programmer AND every programmer thinks they are above average).
... as actual corporations generally provide a service to their customers when they spend billions of dollars a year.
Hmm, brokering a low price on an item by guaranteeing high volume... how did that word go again... oh yeah: retailer. Seriously, this is exactly what Best Buy does every day of the year when they call up manufacturer/distributor X and say "We'll put that in front of our 'flash mob' of people who we're going to induce to come to our stores tomorrow, in return you'll give it to us for 50% of the MSRP. Now if you don't sell to us we'll guarantee our 'flash mob' DOESN'T purchase from you, bwahaha.".
People have already pointed out that co-ops, big-box retailers, etc are all just variants on this model. Ditto any number of eBay sellers, dot-bombs, etc.
Yeah, suuuuuuure... "Oh, I have no idea how that porn site got into my history. I know I never visit porn sites, and my husband/son/dog are morally upstanding individuals... it must have been the Geek Squad!"
If you spend monumental amounts of effort developing a web spider, search engine ranking system, and then a way to distribute the content over an arbitrary number of nodes on the Internet (in essence, replicating in opene source Google's entire reason for being), THEN add automated peer discovery to that, you'll have a pretty sweet search engine. For a week. Then some enterprising person is going to figure out that they can control your search engine results by taking your open source enginge, modifying it, and distributing it to a botnet -- redirecting X% of your search requests to Google AdSense or affiliate pages they control. And the best part -- what they are doing isn't even illegal!
Just think of it as pre-duping next year's article.
Library records which contain the names or other personally identifying details regarding the users of libraries are confidential and shall not be disclosed except in the following circumstances:
a. The records are necessary for the proper operation of the library;
b. Disclosure is requested by the user; or
c. Disclosure is required pursuant to a subpena [sic -- probably transcription error in the database] issued by a court or court order.
L. 1985, c. 172, s. 2, eff. May 31, 1985.