Wrong choice of words, garbage collection has no relevance to security
Taking memory disposal out of the hands of the programmer makes it far more practical to prevent programmers accessing memory through stale pointers (either accidentally or maliviously). Preventing programmers accessing memory through stale pointers is important for any environment that mixes code of different trust levels (think the java plugin in your browser) and also helps limit the damage programmer errors can cause.
Reference counting could be used instead of tracing GC but in typical GUI code the programmer would have to use a lot of weak references to prevent dead cycles.
No memory management to have to deal with, right? Not so, at least for VB.net. Declare a form? Have to call dispose on it. The third party grid control set we use, we have to call dispose on many things created for those grids.
It's basically the same problem java has. Tracing GC is tolerable for memory management but is no use for managing other resources that likely need to be freed up sooner.
And RAII handles all cases without having to have dispose like kludges tacked on.
Afaict RAII is nice for the simple stuff but it does have problems of it's own. Primerally how multiple references to the same resource and reference cycles are handled. Get this wrong and you can end up with stuff not being disposed of because a reference cycle keeps reference counts nonzero even after all external references are gone.
Actual transactions on the bitcoin network are not possible to roll back unless you have more computing power than the rest of the bitcoin network put together.
This story refers to an exchange where people keep balances denominated in both BTC and USD. The exchange may be able to roll back transactions where the bitcoins are still on the exchange but they will be stuck with the loss for transactions where the bitcoins were withdrawn..
As for native formats, the native formats of OO are fully documented and open, and gradually people are starting to wake up to the importance of keeping any important data in open formats. Keeping your data in proprietary formats is a huge risk to your business,.
While propriety formats can be a problem in some situations* I think in the case of office suites it's a storm in a teacup. The MS office formats are well enough known to get the actual data out and if your aim is to perfectly preserve formatting then you should probablly be using a format that is designed for that purpose (e.g. PDF).
* such as CAD apps where a change needs to be made to an old design while minimising the chances of changes elsewhere and their associated risk.
You only think a car means freedom because you have been deprived of a good transportation system.
I live in the near manchester in the UK which I consider to be an area with pretty good public transport and haven't yet learnt to drive. I can't justify the expensive of learning and starting to drive at the moment but not being able to drive seriously limits my options.
Sure getting to the uni in the city center (i'm a PHD student) is no problem and neither is visiting my parents because I picked where I live to be on the intersection of a train route for the former and a bus route for the later. but if I want to go anywhere in the area that isn't on a direct bus or train link from where I am the time from "deciding to go" to actually getting there is MUCH longer by public transport than by car and i'm very limited in what I can carry. The latter means if I want anything large i'm stuck with either getting it delivered (which means waiting in for ages since I live alone) or getting my parents to help (either to drive to where it's sold with me or to drop it off after it's delivered at their house).
And then there is the problem that public transport drops off sharply in the evenings and on sundays and stops almost completely in the middle of the night. This combined with the total number of hours in an evening makes going out in the evening largely impractical unless I go directly from uni
A car means freedom to go in the direction I want when I want rather than having to plan my life around the directions the public transport goes in and the times that the public transport runs. It means the freedom to stop off on a long journey without having to drag my luggage with me (or try to find a left luggage place but they seem to be rare and expensive and often have annoying restrictions on what can be stored). It means the freedom to take far more stuff with me rather than being forced to travel light all the time.
If someone has access to your user session then encrypting your wallet it is only going to make the attackers life slightly harder since you will need to supply the software with a password to decrypt it at some point.
There isn't really any good soloution to this other than moving the wallet completely off the machine that is running an insecure general purpose OS onto a limited function device.
"first big counterfeiting scandal" Show me a way to break public key encryption and a way to generate hash keys really really fast, and I'll show you a way to "counterfeit" a bitcoin.
More likely IMO would be an arithmetic or logic bug that allows a transaction to be seen as valid by the software even though it clearly doesn't follow the intent of the system.
It's actually already happened once. lukilly the transaction was so unreasonable (when a transaction outputs more bitcoins than the total of all bitcoins in existance onlookers tend to notice) it was spotted very quickly and the bitcoin mining community was responsive enough that the fixed software could outhash the unfixed software and effectively remove the transaction from history but if someone found a more subtule flaw it could run undetected for a long time and then the descision on whether or not to remove it from history could fracture the bitcoin community.
One miner endorses one transaction, another miner endorses another: doesn't sound like resolving the problem.
At the core of bitcoin is the blockchain which is basically a ledger of all transactions so far. Miners constantly try to add blocks to the blockchain but the system is set up so they usually fail (and it is designed to crank up the chance of failure as the total mining power increases). Roughly every 10 minutes a miner somewhere succeeds and a new block is added to the blockchain.
It is possible for the blockchain to branch but unless an attacker has a huge ammount of hashing power (more than the rest of the network put together) and/or the ability to hugely disrupt network communication those branches will be short lived.
You can make a similar case for Java and JNI. JNI is completely legal in the Java language specification, but when you use JNI does your program stop being a Java program?
Well JNI is an interface to specially written native code (in principle I belive any language that compiles to native code and supports the platforms standard ABI can be used, in practice you will probablly find it painful to use anything except C or C++). So a program that uses JNI is no longer pure java, it's a mixed language program.
JNA is a more borderline case because it allows your program to remain pure java while directly using native code libraries without having to write specific peices of native code as a bridge between the native library and the java application.
One of the things in a language like C++ is that sooner or later you end up having to work with APIs that take plain pointers. That means you have to make plain pointers from your smart pointers. In some ways this is even worse than using plain pointers throughout because the early-free isn't directly visible in your code.
But the bigger issue with memory corruption bugs is that the place(s) where they show up can be totally unrelated to the place(s) that cause them.
Or keep your Bitcoins in a Bitcoin bank. There probably is one now -- I've not looked. If there isn't one, there's no technical reason for there not to be one.
There are "ewallet" providers but I'd consider them more comparable to something like paypal than to a bank. Expect to have little to no recourse if they suddenly close up shop and abscond with your bitcoins.
I doubt a true bitcoin bank will emerge for a long time if ever. Banks work by borrowing your money and then either loaning it out to other customers or otherwise investing it. The profit comes from the difference between the interest rate they pay you and the interest rate they charge their loan customers.
However given bitcoins volatility only an idiot would take out a bitcoin denominated loan and a spike in the value of bitcoins could easilly cause mass-defaults. In other words banking in bitcoin is a suckers game.
mmm, anyone who puts money they can't afford to lose into bitcoin is an idiot. Bitcoins do not have intrinsic value, they do not have tax value and they do not have any gauranteed exchange rate to anything else. If everyone decides to cash out then the value of bitcoins could drop through the floor very quickly.
That doesn't mean bitcoin doesn't have it's uses. They provide a way to make transactions without government interference and they previously provided a way of making small transactions without the high fees of things like paypal and international bank transfers (unfortunaly the current high value of bitcoins means that under current transaction fee rules this is getting less true).
Frames work to some extent but linking across different framesets (either different parts of a site or completely different sites) is a pain in the arse since a URL cannot express both a frameset and a set of instructions on how it's frames should be filled.. Some may see that as a feature but IMO the inability to correctly link to any page directly goes against the whole principle of the web.
Presumablly because they assumed (or at least the engineers convinced the powers that be while knowing full well what would really happen) that by limiting the streams to iphones users would have no way to dump them to disk.
I agree it's all rather stupid though given that they broadcast the things on unencrypted DVB anyway.
Does anyone have any stats for the average lifetime healthcare costs of smokers VS non-smokers and how the extra costs (if any) compare to the money the government makes from tobacco taxes?
Re:Not a terribly complex game, surprisingly
on
AI Takes On Pac-Man
·
· Score: 2
Afaict at least in the case of the 360 (i'm not sure about the original xbox, it was before I really started following the console buisness) microsoft acheived their success by selling their console incredibly cheap, at one stage the base model was selling for less than the wii despite being a far more powerful console and it is FAR cheaper than the PS3. If you want to play the latest big hit HD games and are short on cash then you get a base model* 360.
The only reason they can do that is that console vendors control the market surrounding a console. Want to buy a game? MS gets a cut! Want to play online? MS gets your subscription, want a second controller that matches the one that came with your console, then you buy it from MS and so on. Therefore they can justify (to their shareholders) taking a loss on the console under the assumption they can make it up in extras (that is the theory anyway, my understanding is that over the lifetime of their console division MS hasn't made money out of the venture).
I don't think MS can pull the same trick in the phone market, where most of the ongoing income goes to the carrier NOT the phone manufacturer.
Um... It's Verizon's job to advertise the products IT IS SELLING!
The product they are selling is phone service and "mobile internet"* service. The phones themselves are just the devices to let people use that service. If anything they probablly want to sell the deivce that gives them (rather than the phone vendor or OS vendor) the most control over the experience but mainly they just want to sell you the service. So they are going to advertise the phones they consider most attractive to customers and/or the ones that give them most control over the experiance and ignore the ones that don't fit either of those categories.
It probably means exactly what it says, heap* allocations that haven't been marked as anything in particular.
* The heap is where allocations made with the likes of malloc and similar constructs are allocated from (contrast with the global variables which have fixed locations and the local variables which are located on the stack).
Agreed, it felt like they were taking themselves too seriously and trying to be too realistic. They took out a lot of the "fun" stuff like taxi missions, parachutes (though they re-added the parachute in the ballad of gay tony) and airplanes (though they kept helicopters), and added the really annoying windscreen ejections and friends bothering you all the time. They also took out character stats (I find it nice to have your character continue getting better at stuff even when your innate skill isn't so you tend to pass stuff eventually).
On the positive side the new combat system with the ability to fire out from behind cover was IMO a big improvement.
Yes it is allocated to RIPE as part of the much larger block 2001:4A00::/23.
So RIPE apparently gave BBC 2001:4b10:bbc::/48
I see no evidence to back up this claim, whois clearly states that 2001:4b10::/32 is allocated to bogons limited. The allocation below that is not registered in whois but it seems most likely that bogons limited gave the BBC 2001:4b10:bbc::/48
But this time, the IETF is pretty conservative about how it's distributed the addresses
I've heard the opposite, for example free.fr got a/26 (64 times larger than the default ISP allocation of a/32) to support the highly address space inefficiant technology (at least in the form free deployed it in) known as 6rd.
only 2001::/16 has been given to the IANA so far [iana.org]
BS that page has no mention of 2001::/16 and indeed your first link already shows allocations to the RIRs outside that range.
since every organization will need only one/48 global routing prefix
/48 may seem like a lot but assuming standard sized subnets (nessacery for stateless autoconfiguration to work) it's only 65536 subnets, I could easilly see a large organisation exceeding that.
Just checked and it seems I was wrong in the BBCs case, looks like bogons own the address and suballocated it to the BBC (i'd guess the allocation range was 2001:4b10:bbc::/48 ). I was rather surprised at this given the size of the BBC I expected them to have a direct allocation from RIPE. Maybe this shows that they are just dipping their toes in the IPv6 waters.
I suspect google are actually big enough to get a/32 which means they can put whatever they like in the rightmost 96 bits. The BBC is probablly in a similar position.
Wrong choice of words, garbage collection has no relevance to security
Taking memory disposal out of the hands of the programmer makes it far more practical to prevent programmers accessing memory through stale pointers (either accidentally or maliviously). Preventing programmers accessing memory through stale pointers is important for any environment that mixes code of different trust levels (think the java plugin in your browser) and also helps limit the damage programmer errors can cause.
Reference counting could be used instead of tracing GC but in typical GUI code the programmer would have to use a lot of weak references to prevent dead cycles.
No memory management to have to deal with, right? Not so, at least for VB.net. Declare a form? Have to call dispose on it.
The third party grid control set we use, we have to call dispose on many things created for those grids.
It's basically the same problem java has. Tracing GC is tolerable for memory management but is no use for managing other resources that likely need to be freed up sooner.
And RAII handles all cases without having to have dispose like kludges tacked on.
Afaict RAII is nice for the simple stuff but it does have problems of it's own. Primerally how multiple references to the same resource and reference cycles are handled. Get this wrong and you can end up with stuff not being disposed of because a reference cycle keeps reference counts nonzero even after all external references are gone.
Actual transactions on the bitcoin network are not possible to roll back unless you have more computing power than the rest of the bitcoin network put together.
This story refers to an exchange where people keep balances denominated in both BTC and USD. The exchange may be able to roll back transactions where the bitcoins are still on the exchange but they will be stuck with the loss for transactions where the bitcoins were withdrawn..
As for native formats, the native formats of OO are fully documented and open, and gradually people are starting to wake up to the importance of keeping any important data in open formats. Keeping your data in proprietary formats is a huge risk to your business, .
While propriety formats can be a problem in some situations* I think in the case of office suites it's a storm in a teacup. The MS office formats are well enough known to get the actual data out and if your aim is to perfectly preserve formatting then you should probablly be using a format that is designed for that purpose (e.g. PDF).
* such as CAD apps where a change needs to be made to an old design while minimising the chances of changes elsewhere and their associated risk.
You only think a car means freedom because you have been deprived of a good transportation system.
I live in the near manchester in the UK which I consider to be an area with pretty good public transport and haven't yet learnt to drive. I can't justify the expensive of learning and starting to drive at the moment but not being able to drive seriously limits my options.
Sure getting to the uni in the city center (i'm a PHD student) is no problem and neither is visiting my parents because I picked where I live to be on the intersection of a train route for the former and a bus route for the later. but if I want to go anywhere in the area that isn't on a direct bus or train link from where I am the time from "deciding to go" to actually getting there is MUCH longer by public transport than by car and i'm very limited in what I can carry. The latter means if I want anything large i'm stuck with either getting it delivered (which means waiting in for ages since I live alone) or getting my parents to help (either to drive to where it's sold with me or to drop it off after it's delivered at their house).
And then there is the problem that public transport drops off sharply in the evenings and on sundays and stops almost completely in the middle of the night. This combined with the total number of hours in an evening makes going out in the evening largely impractical unless I go directly from uni
A car means freedom to go in the direction I want when I want rather than having to plan my life around the directions the public transport goes in and the times that the public transport runs. It means the freedom to stop off on a long journey without having to drag my luggage with me (or try to find a left luggage place but they seem to be rare and expensive and often have annoying restrictions on what can be stored). It means the freedom to take far more stuff with me rather than being forced to travel light all the time.
If someone has access to your user session then encrypting your wallet it is only going to make the attackers life slightly harder since you will need to supply the software with a password to decrypt it at some point.
There isn't really any good soloution to this other than moving the wallet completely off the machine that is running an insecure general purpose OS onto a limited function device.
"first big counterfeiting scandal" Show me a way to break public key encryption and a way to generate hash keys really really fast, and I'll show you a way to "counterfeit" a bitcoin.
More likely IMO would be an arithmetic or logic bug that allows a transaction to be seen as valid by the software even though it clearly doesn't follow the intent of the system.
It's actually already happened once. lukilly the transaction was so unreasonable (when a transaction outputs more bitcoins than the total of all bitcoins in existance onlookers tend to notice) it was spotted very quickly and the bitcoin mining community was responsive enough that the fixed software could outhash the unfixed software and effectively remove the transaction from history but if someone found a more subtule flaw it could run undetected for a long time and then the descision on whether or not to remove it from history could fracture the bitcoin community.
One miner endorses one transaction, another miner endorses another: doesn't sound like resolving the problem.
At the core of bitcoin is the blockchain which is basically a ledger of all transactions so far. Miners constantly try to add blocks to the blockchain but the system is set up so they usually fail (and it is designed to crank up the chance of failure as the total mining power increases). Roughly every 10 minutes a miner somewhere succeeds and a new block is added to the blockchain.
It is possible for the blockchain to branch but unless an attacker has a huge ammount of hashing power (more than the rest of the network put together) and/or the ability to hugely disrupt network communication those branches will be short lived.
You can make a similar case for Java and JNI. JNI is completely legal in the Java language specification, but when you use JNI does your program stop being a Java program?
Well JNI is an interface to specially written native code (in principle I belive any language that compiles to native code and supports the platforms standard ABI can be used, in practice you will probablly find it painful to use anything except C or C++). So a program that uses JNI is no longer pure java, it's a mixed language program.
JNA is a more borderline case because it allows your program to remain pure java while directly using native code libraries without having to write specific peices of native code as a bridge between the native library and the java application.
Or a smart pointer...
One of the things in a language like C++ is that sooner or later you end up having to work with APIs that take plain pointers. That means you have to make plain pointers from your smart pointers. In some ways this is even worse than using plain pointers throughout because the early-free isn't directly visible in your code.
But the bigger issue with memory corruption bugs is that the place(s) where they show up can be totally unrelated to the place(s) that cause them.
Or keep your Bitcoins in a Bitcoin bank. There probably is one now -- I've not looked. If there isn't one, there's no technical reason for there not to be one.
There are "ewallet" providers but I'd consider them more comparable to something like paypal than to a bank. Expect to have little to no recourse if they suddenly close up shop and abscond with your bitcoins.
I doubt a true bitcoin bank will emerge for a long time if ever. Banks work by borrowing your money and then either loaning it out to other customers or otherwise investing it. The profit comes from the difference between the interest rate they pay you and the interest rate they charge their loan customers.
However given bitcoins volatility only an idiot would take out a bitcoin denominated loan and a spike in the value of bitcoins could easilly cause mass-defaults. In other words banking in bitcoin is a suckers game.
UMM the top gear team were in a 24 hour race but I'm pretty sure it WASN'T le-mans. le-mans is probablly the most famous 24 hour race in the world.
http://en.wikipedia.org/wiki/2011_24_Hours_of_Le_Mans
According to wikipedia this guy's car (note: in 24 hour races there are multiple drivers per car entered) was second in the LMP2 class and ninth overall.
mmm, anyone who puts money they can't afford to lose into bitcoin is an idiot. Bitcoins do not have intrinsic value, they do not have tax value and they do not have any gauranteed exchange rate to anything else. If everyone decides to cash out then the value of bitcoins could drop through the floor very quickly.
That doesn't mean bitcoin doesn't have it's uses. They provide a way to make transactions without government interference and they previously provided a way of making small transactions without the high fees of things like paypal and international bank transfers (unfortunaly the current high value of bitcoins means that under current transaction fee rules this is getting less true).
Frames work to some extent but linking across different framesets (either different parts of a site or completely different sites) is a pain in the arse since a URL cannot express both a frameset and a set of instructions on how it's frames should be filled.. Some may see that as a feature but IMO the inability to correctly link to any page directly goes against the whole principle of the web.
Presumablly because they assumed (or at least the engineers convinced the powers that be while knowing full well what would really happen) that by limiting the streams to iphones users would have no way to dump them to disk.
I agree it's all rather stupid though given that they broadcast the things on unencrypted DVB anyway.
Does anyone have any stats for the average lifetime healthcare costs of smokers VS non-smokers and how the extra costs (if any) compare to the money the government makes from tobacco taxes?
http://www.pacman-vs-ghosts.net/rules
Looks like they introduced a few rules to make the ghost team's life harder.
Afaict at least in the case of the 360 (i'm not sure about the original xbox, it was before I really started following the console buisness) microsoft acheived their success by selling their console incredibly cheap, at one stage the base model was selling for less than the wii despite being a far more powerful console and it is FAR cheaper than the PS3. If you want to play the latest big hit HD games and are short on cash then you get a base model* 360.
The only reason they can do that is that console vendors control the market surrounding a console. Want to buy a game? MS gets a cut! Want to play online? MS gets your subscription, want a second controller that matches the one that came with your console, then you buy it from MS and so on. Therefore they can justify (to their shareholders) taking a loss on the console under the assumption they can make it up in extras (that is the theory anyway, my understanding is that over the lifetime of their console division MS hasn't made money out of the venture).
I don't think MS can pull the same trick in the phone market, where most of the ongoing income goes to the carrier NOT the phone manufacturer.
Um... It's Verizon's job to advertise the products IT IS SELLING!
The product they are selling is phone service and "mobile internet"* service. The phones themselves are just the devices to let people use that service. If anything they probablly want to sell the deivce that gives them (rather than the phone vendor or OS vendor) the most control over the experience but mainly they just want to sell you the service. So they are going to advertise the phones they consider most attractive to customers and/or the ones that give them most control over the experiance and ignore the ones that don't fit either of those categories.
That sounds like a good reason for the carriers to do everything in their power to make WP7 fail...
70MB on "heap-unclassified" whatever that is
It probably means exactly what it says, heap* allocations that haven't been marked as anything in particular.
* The heap is where allocations made with the likes of malloc and similar constructs are allocated from (contrast with the global variables which have fixed locations and the local variables which are located on the stack).
GTA IV felt like a step backwards.
Agreed, it felt like they were taking themselves too seriously and trying to be too realistic. They took out a lot of the "fun" stuff like taxi missions, parachutes (though they re-added the parachute in the ballad of gay tony) and airplanes (though they kept helicopters), and added the really annoying windscreen ejections and friends bothering you all the time. They also took out character stats (I find it nice to have your character continue getting better at stuff even when your innate skill isn't so you tend to pass stuff eventually).
On the positive side the new combat system with the ability to fire out from behind cover was IMO a big improvement.
4b10 is allocated to RIPE - see here
Yes it is allocated to RIPE as part of the much larger block 2001:4A00::/23.
So RIPE apparently gave BBC 2001:4b10:bbc::/48
I see no evidence to back up this claim, whois clearly states that 2001:4b10::/32 is allocated to bogons limited. The allocation below that is not registered in whois but it seems most likely that bogons limited gave the BBC 2001:4b10:bbc::/48
But this time, the IETF is pretty conservative about how it's distributed the addresses
I've heard the opposite, for example free.fr got a /26 (64 times larger than the default ISP allocation of a /32) to support the highly address space inefficiant technology (at least in the form free deployed it in) known as 6rd.
http://ripe58.ripe.net/content/presentations/ipv6-free.pdf
only 2001::/16 has been given to the IANA so far [iana.org]
BS that page has no mention of 2001::/16 and indeed your first link already shows allocations to the RIRs outside that range.
since every organization will need only one /48 global routing prefix
/48 may seem like a lot but assuming standard sized subnets (nessacery for stateless autoconfiguration to work) it's only 65536 subnets, I could easilly see a large organisation exceeding that.
Just checked and it seems I was wrong in the BBCs case, looks like bogons own the address and suballocated it to the BBC (i'd guess the allocation range was 2001:4b10:bbc::/48 ). I was rather surprised at this given the size of the BBC I expected them to have a direct allocation from RIPE. Maybe this shows that they are just dipping their toes in the IPv6 waters.
I suspect google are actually big enough to get a /32 which means they can put whatever they like in the rightmost 96 bits. The BBC is probablly in a similar position.