Languages with array types tend to avoid such bugs because you can test for the validity of an array index using special constructs ("Channel_Id in Channels'Range" or something like that), and you don't have to resort to comparision operators.
There are actually two distinct databases: one for domain names, and one for IP addresses. The domain name database is not essential for operating the network. However, it is absolutely REQUIRED to have valid contact information in the IP address registry. Otherwise you cannot contact network administrator to alert them of problems. As a result, fewer problems will get fixed in a reasonable time frame, and the overall quality of the network degrades.
Entries for IP addresses have few privacy problems. Usually, not the end user is listed in the WHOIS database, but the ISP. It would be disastrous if misled privacy advocates and policymakers abolished this database.
Try it and see if you are good at math. At least here in Germany (and I think it's the same in other countries), if you have a university degree in mathematics, you can get a decent job in the industry pretty easily, no matter on what aspect of mathematics you have focused on at the university. This fallback option makes aiming at a career in theoretical mathematics less risky than it appears initially.
Did they write the alternative server? Why should they be able to prevent other people to reimplemnt servers? Using only traditional copyright law, they cannot do that. And patents won't help against true hobbyists.
Do you want Microsoft to prevent developers from writing import filters for proprietary Microsoft formats?
I was careful to talk about desktop machines.;-) There are no applications which require 4 GB per process on the desktop right now. Even databases do not require that much address space all at once (although it might simplify coding---but who runs large databases on a desktop computer?). Number crunching is a different issue, but you usually have specialized machines for this application if you really need it.
IA32 can currently handle up to 64 GB in one node, with some kind of EMS-like hack. This means that you can put more than 4 GB in your machine (actually, PCI devices need adress space, too, so you hit the barrier at 3.9 GB or so), and still use all of it.
On the other hand, the per-process adress space is still limited to 4 GB. I don't think this is a concern for the pro user who wants to show off his RAM size, though.
At the moment, Itanium systems are worth their money only if you have large address space requirements. Intel seems to focus on optimizing the Pentium 4 compiler, and not the Itanium compiler. I doubt that the Itanium architecture will surpass IA32/x86 on the desktop (where 4GB is enough for everyone;-) anytime soon.
That's why I doubt that we are going to see affordable IA64 systems soon. After all, the transition is quite rough, thanks to Itanium's abysmal IA32 emulation (performance-wise), so there isn't even much market demand.
In the future, Intel may well decide to switch to the IA64 instruction set before it is really time for it, just to make things a bit more complicated for AMD.
Why would anyone want to carry it around?
on
Foot-Powered Laptop
·
· Score: 2
An additional battery weighs about the same (both are around 300g).
They are, but only in isolation. Getting the big picture is indeed a difficult task.
Re:Good for some, nightmare for others
on
Peek-a-Boo(ty)
·
· Score: 2
I'm being told that you can access all major news sites on China - if you can read German.
The situation in China is not as worse as you might think, and while there are repeated announcements about tightened Internet control, it does not seem to be of much relevance to the casual surfer.
If you want to do basic syntax checking at the XML level, you end up with configuration files which are no longer human readable. Imagine mapping all those sendmail rulesets to XML! There's no better way to reduce readability, and you cannot use all the existing HOWTOs and books.
"Both the Debian and OpenBSD projects exhibit many of the aforementioned
characteristics which help explain why they are the Open Source UNIX
operating systems with the best security record."
Unfortunately, the data for Debian which leads to this conclusion is completely wrong. Important security holes were simply ignored when the statistics was prepared (for example, the OpenSSH remote root hole is missing).
Who performs systematic code audits on Free Software? Who is competent to do so for, say, an operating system kernel, and does not spend his or her time tracking down and fixing actual bugs?
Code audits are rather boring, and the usual incentives surrounding work on Free Software do not seem to apply. In addition, a lot of code is poorly commented and incomprehensible, works only by accident (but is correct nevertheless, in the mathematical sense of the word), and so on.
This is a cumulative patch that, when installed, eliminates all previously discussed security vulnerabilities
This is vendorspeak; "previously discussed" means "confirmed by the vendor" and not "discussed on BUGTRAQ". The phrase "all known security defects" means "all the defects we have admitted so far", and so on.
The data for Debian GNU/Linux is completely flawed. The OpenSSH CRC attack compensator bug is not listed, for example, and many remote vulnerabilities for which DSAs where issued aren't counted, either. (And the bugs other distributors fixed in 2001, and not in 2002 like Debian.)
In any case, if you are a Free Software zealot, you should seek for better arguments than security. Otherwise your friends will come back to you and ask, Why have you betrayed me?, when their machine gets hacked although they use Free Software which has been reviewed by thousands of capable programms.
Obviously, you have never read such notes, otherwise
you would now that CERT/CC never releases
information which can be used to reproduce problems.
They do point to the problems, but do not provide details. (Most of the time, you can guess the concrete problem, though.)
In fact, there are several different buffer overflow and format string bugs, in different SNMP implementations. The OUSPG report (which triggered this advisory)
seems to be more detailed, but I
still have to read it. (OTOH, SNMP vulnerabilities
are rather boring stuff nowadays, any sane person blocks SNMP at the closest router.)
For real-world numerical applications, using state-of-the-art Intel compilers, the Pentium 4 is faster than the Itanium. Of course, people still use the Itanium because of its substantially larger address space, which is a very, very significant issue. And we can expect the IA-64 architecture to catch up as compilers improve, as it is common with such architectures.
Slashdot Mirror
This is not a local exploit. And didn't OpenBSD ship vulnerable SSH server implementations (with the CRC32 attack decompensator buffer overflow)?
A modern language would not catch this bug
Languages with array types tend to avoid such bugs because you can test for the validity of an array index using special constructs ("Channel_Id in Channels'Range" or something like that), and you don't have to resort to comparision operators.
Bulgaria is an European country, sure, but it's not a member of the EU yet.
There are actually two distinct databases: one for domain names, and one for IP addresses. The domain name database is not essential for operating the network. However, it is absolutely REQUIRED to have valid contact information in the IP address registry. Otherwise you cannot contact network administrator to alert them of problems. As a result, fewer problems will get fixed in a reasonable time frame, and the overall quality of the network degrades.
Entries for IP addresses have few privacy problems. Usually, not the end user is listed in the WHOIS database, but the ISP. It would be disastrous if misled privacy advocates and policymakers abolished this database.
freeslashdot.org would have to be distributed from the beginning, built on top of existing infrastructure for broadcasting content (NNTP or even IRC).
I haven't got to pay a single dime for advert-free Usenet (even the spam cancels are gratis).
Bandwidth and server space isn't free, nor is it even cheap.
True, that's why you have to design your service that it scales well without wasting too much of your bandwidth. Think of Usenet, for example.
Try it and see if you are good at math. At least here in Germany (and I think it's the same in other countries), if you have a university degree in mathematics, you can get a decent job in the industry pretty easily, no matter on what aspect of mathematics you have focused on at the university. This fallback option makes aiming at a career in theoretical mathematics less risky than it appears initially.
Isn't Sun offering "server fram in a box" (aka partitioning) for their high-end systems as well?
Did they write the alternative server? Why should they be able to prevent other people to reimplemnt servers? Using only traditional copyright law, they cannot do that. And patents won't help against true hobbyists.
Do you want Microsoft to prevent developers from writing import filters for proprietary Microsoft formats?
I was careful to talk about desktop machines. ;-) There are no applications which require 4 GB per process on the desktop right now. Even databases do not require that much address space all at once (although it might simplify coding---but who runs large databases on a desktop computer?). Number crunching is a different issue, but you usually have specialized machines for this application if you really need it.
IA32 can currently handle up to 64 GB in one node, with some kind of EMS-like hack. This means that you can put more than 4 GB in your machine (actually, PCI devices need adress space, too, so you hit the barrier at 3.9 GB or so), and still use all of it.
On the other hand, the per-process adress space is still limited to 4 GB. I don't think this is a concern for the pro user who wants to show off his RAM size, though.
At the moment, Itanium systems are worth their money only if you have large address space requirements. Intel seems to focus on optimizing the Pentium 4 compiler, and not the Itanium compiler. I doubt that the Itanium architecture will surpass IA32/x86 on the desktop (where 4GB is enough for everyone ;-) anytime soon.
That's why I doubt that we are going to see affordable IA64 systems soon. After all, the transition is quite rough, thanks to Itanium's abysmal IA32 emulation (performance-wise), so there isn't even much market demand.
In the future, Intel may well decide to switch to the IA64 instruction set before it is really time for it, just to make things a bit more complicated for AMD.
An additional battery weighs about the same (both are around 300g).
They are, but only in isolation. Getting the big picture is indeed a difficult task.
I'm being told that you can access all major news sites on China - if you can read German.
The situation in China is not as worse as you might think, and while there are repeated announcements about tightened Internet control, it does not seem to be of much relevance to the casual surfer.
If you want to do basic syntax checking at the XML level, you end up with configuration files which are no longer human readable. Imagine mapping all those sendmail rulesets to XML! There's no better way to reduce readability, and you cannot use all the existing HOWTOs and books.
Unfortunately, the data for Debian which leads to this conclusion is completely wrong. Important security holes were simply ignored when the statistics was prepared (for example, the OpenSSH remote root hole is missing).
Who performs systematic code audits on Free Software? Who is competent to do so for, say, an operating system kernel, and does not spend his or her time tracking down and fixing actual bugs?
Code audits are rather boring, and the usual incentives surrounding work on Free Software do not seem to apply. In addition, a lot of code is poorly commented and incomprehensible, works only by accident (but is correct nevertheless, in the mathematical sense of the word), and so on.
This is vendorspeak; "previously discussed" means "confirmed by the vendor" and not "discussed on BUGTRAQ". The phrase "all known security defects" means "all the defects we have admitted so far", and so on.
The data for Debian GNU/Linux is completely flawed. The OpenSSH CRC attack compensator bug is not listed, for example, and many remote vulnerabilities for which DSAs where issued aren't counted, either. (And the bugs other distributors fixed in 2001, and not in 2002 like Debian.)
In any case, if you are a Free Software zealot, you should seek for better arguments than security. Otherwise your friends will come back to you and ask, Why have you betrayed me?, when their machine gets hacked although they use Free Software which has been reviewed by thousands of capable programms.
The 4 GB address space limit has become a severe limit on Java bloat. It's good to see that Sun finally addresses this problem.
At least California: San José State University has licensed the Windows source code.
That's one particular effect of the vulnerabilties on the products of one vendor (actually, multiple vendors, because of Cisco's acquisitions).
As expected, the Cisco notice does not contain any explanations which would make easier for you to conduct your own tests.
In fact, there are several different buffer overflow and format string bugs, in different SNMP implementations. The OUSPG report (which triggered this advisory) seems to be more detailed, but I still have to read it. (OTOH, SNMP vulnerabilities are rather boring stuff nowadays, any sane person blocks SNMP at the closest router.)
So what's holding it back?
For real-world numerical applications, using state-of-the-art Intel compilers, the Pentium 4 is faster than the Itanium. Of course, people still use the Itanium because of its substantially larger address space, which is a very, very significant issue. And we can expect the IA-64 architecture to catch up as compilers improve, as it is common with such architectures.