All this stuff sounds either very naive or very marketing. You choose.
Can't you just create a heap dump at two or three points in time, create a histogram of object types, look at the types whose objects are apparently growing unbound, and examine what kind of objects are pointing to such objects, keeping them alive? No need for fancy, invasive tools.
Or doesn't Microsoft's C# come with a built-in heap dump facility and some analysis/browser software? This would be a pitty because such problems do occur in practice and are rather difficult to debug without proper tools.
Tying the reboot to time elapsed, and not working set size is a serious WTF, though. Rebooting as some sort of uber-garbage collector makes a lot of sense, but you really should make sure that you do it if and only if you actually need it.
How about full disclosure about what's changing on YOUR PC? There's no reason why MS can't provide that in a timely, good, cheap manner.
Microsoft believes that hiding details of security updates (for instance, about vulnerabilities which have been patched quietly, along with the officially announced ones) helps them to protect customers. So from their perspective, there is some reason for secrecy.
I don't understand the motivation behind the WGA checks. Microsoft sends a very confusing message regarding its purpose. One result is that those who believe they've got illegally copied software on their hard drive won't patch their Windows. I don't see how *this* is in Microsoft's interest. Or, to put it differently, there already is very little trust in Windows Update anyway (even though, from a technical perspective, their track record is nothing but spectacular).
The first submission lead people to believe that it was some kind of vulnerability in OpenBSD when its really a whole class of security problem affecting any kind of process that attempts to trap the system calls of another for the purposes policy verification.
It's not a new class, CVE-2006-0457 is in the same category, for instance.
This is especially promising, considering that the US used to intentionally degrade its own GPS signals available to civilians, for fear that it'd be used by "terrorists".
Somehow neither link seems to back up the claims in the article.
I can't really read Swedish, but Carl Bildt doesn't seem to mention that he's under investigation (wouldn't he'd got immunity while in office anyway?).
If you don't deploy some kind of filtering or attitude readjustment, most of your traffic will be file sharing (and the majority of that will be of questionable legality). If you can slash your network traffic to one fifth or even less, you can delay the provision of new equipment and new connectivity for quite some time. Traditionally, this means that the nominal bandwidth you can offer to students and researchers is no longer competitive, so there is a strong incentive not to police traffic too much. Nobody will fund you 10GE if you are running at less than a third of GE (peak of the five-minute average).
It could well be that the public as a whole is better off if this vicious circle can be broken. Diverting funding might be an option to achieve that. But HR 1689 doesn't really address the core issue. Saving bandwidth doesn't cost money, just reputation.
Besides, considering the outright abuse of.org,.com, and.net, what's to stop ".xxx" from being turned into a mush of sites which may have little or nothing to do with porn? After all, I can think of lots of groups that would love to have an.xxx extension, just for the cool factor (bloggers, artists, and not-so-intelligent l33t h4x0r sites just as a ferinstance).
A lot of.xxx domains will be registered for defensive purposes. It's likely that company running the registry will make a hell lot of money as a result (in addition to money from typosquatters funded through Google and Yahoo ads). In this regard,.xxx is no different from any other new TLD: it's an ICANN-granted license to print money.
Of course, you could force domain holders to run a web server which publishes porn, but this is not going to happen.
The data was collected by Comscore, which installs Trojan horses on Windows PCs to spy on users' Internet activities. See Blocking Marketscore: Why Cornell Did It and many other Marketscore references on the net.
What's stopping them from getting a domain name in a non-US-controlled TLD?
Their domain is used to address their various DNS-based blacklists. It is present in thousands of mail server configurations world-wide, and some products might even hard-wire it into the software. A transition will be quite difficult.
Perhaps not a $40K router, but a $15K one--for $3K (including the replacement, should the first unit fail).
1) it takes an RTOS to make things work well. You can grind all the driver code you want, but an RTOS foundation is required with lots of cache
IOS is not a real-time operating system, which nicely disproves your claim. 8-)
2) only PCI-X bus gets close, and most 1Us don't have it. That gives you a real ceiling in terms of port-port throughput; don't kid yourself
In some of the Cisco low-to-mid-range routers, the line cards are connected to PCI busses (not that what's usually called L3 switches, of course). In fact, these routers are basically PCs with a MIPS CPU.
3) the algorithms needed to maintain cross-bar speed are gruesome. You don't find this kind of code in anything but sledge-hammered C and assembler, and code that only a mother (and an embedded systems engineer) could love. There is very little forgiveness here.
Most vendors do not offer wirespeed performance in all cases, either. You usually do not need the last 10% or 20% in performance. Given the savings (both in terms of device price and training), I'm willing to sacrifice 50% of the performance and more.
The real issue is the feature set of the available software. For GNU/Linux or the BSDs, the basic protocol support is usually there (but perhaps just in a userspace implementation which sacrifices some performance), but even pretty common things are sometimes missing because those who sponsered the development didn't need it (and it's not required by the standards, either). In some case, the implemntation isn't very mature yet. For the price difference of a Cisco box, you could hire someone in Russia to implement the missing stuff, but this gets a bit complicated, especially if you just want a working router.
On the other hand, there are some things which are impossible to do with IOS (obscure policy-based routing, most kinds of payload analysis, prefix-based accounting, OpenVPN). But most people don't expect routers to do such things anyway.
The numbers just don't add up: "a 0.00001 cent levy on every email sent" translates to 1e-7 EUR per message (and probably per hop). Assuming that there are 1 million million message-hops per day (1 US trillion, way over the top IMHO), this translates to just 100,000 EUR per day, or 36.5 million EUR per year. Obviously, this doesn't even cover the cost of the required accounting infrastructure.
This would allow developers to continue developing Cocoa for Mac and have instant ports to Windows; no dual booting or emulation involved.
I agree that it's more likely, but there will be some porting hassles, of course. I think it's still worth it. After some time, Apple can dump MacOS X and switch to Windows entirely. It doesn't make sense for a reseller of consumer electronic devices to maintain their own desktop OS. I'm sure the shareholders would love to see that switch.
The Internet Evangelical-Theological Force (IETF) has published their own objection: .sex Considered Dangerous (RFC 3675) in 2004, when ".xxx" was still called ".sex".
I'm appalled by the way those Christian Conservatives shape the Internet!
The only real 'speech' laws that the US has that it activly tries to enforce over the Internet are child porn laws.
What about online gambling? This kind of commercial speech is also severely restricted in the U.S., to the extent that U.S. investors wondered if they were to be arrested after investing in Partygaming.
I don't understand as a developer what dynamic typing does to help a language, and what real world advantages it offers the developer.
It is much easier to design a usable dynamically typed language than a statically typed one. If the type system is too primitive, it's constantly in your way (especially if, unlike C, the type system cannot be subverted), and beyond that, implementations are very hard from the beginning (for dynamic languages, the troubles start once you want an efficient implementation). Of course, it pays off in the long run to make significant investments at the language design level (and in the compiler itself), but is really hard, and if you try to innovate, you are bound to make expensive mistakes (for the developers using the language, or for you if you try to correct them later on).
That being said, I still don't see what's so bad about Java the language. Based on the review, much of the author's criticism seems to be concerned with the Java-based frameworks which are currently en vogue, but you can use Java without them. I'm not a real Java fan (mostly because all of the available implementations have significant drawbacks), but I must concede that overall, it's not a poor design.
On the other hand perhaps that is exactly why the government is the only body to be able to do this - they can simply assign special rights to themselves.
No, they can't. Most Western countries have laws which allow disappropriation only in very limited cases, and the prior owners have to be compensated. The latter part is the problem because it's close to impossible to track down the copyright owners (or process their claims).
Bureaucracy is not the problem. The real issue is that you can't index works without permission from the authors because indexing is gradually recognized as a new commercial exploitation right (as far as copyright is concerned). Unless you blatantly ignore copyrights (which is problematic for a government-led project), a modern search engine can't really take off and become a useful tool.
Apart from that, various pressure groups will ask that the search results are adjusted according to various laws: search results should only include content suitable for minors, which is gender-neutral, legal advice only from lawyers, there must be no bias against certain religions, and so on. 8-)
The problem with SecDNS is that pretty much the same thing is already performed at the SSL level with domain certificates, so there is little argument for changing the DNS system.
Once you've got a DNSSEC-enabled zone, you can put interesting things into it, like CERT RRs with SSH keys. The advantage is clear: you only pay for the delegation (the domain registration fee), and not for each server certificate individually.
Apart from the threat to existing CA business models, there are also some unsolved technical problems (cryptographically secured negative answers without providing zone enumeration, for example).
So it coincides with the 87th anniversary of the Nazi party. What does that have to do with anything?
Simple answer: The article is wrong. This wasn't the first Sober variant. Previous versions have been used to send out "Nazi spam" (actually, it was mainly xenophobia), so it's reasonable to assume that this isn't a coincidence.
I don't understand why Verisign (the same company that offers bulletproof hosting for phishing sites, by the way) publicly documents how far their reverse engineering efforts have advanced. I thought we were out to catch those guys. Telling them what we know isn't a terribly good strategy.
Slashdot Mirror
All this stuff sounds either very naive or very marketing. You choose.
Can't you just create a heap dump at two or three points in time, create a histogram of object types, look at the types whose objects are apparently growing unbound, and examine what kind of objects are pointing to such objects, keeping them alive? No need for fancy, invasive tools.
Or doesn't Microsoft's C# come with a built-in heap dump facility and some analysis/browser software? This would be a pitty because such problems do occur in practice and are rather difficult to debug without proper tools.
Tying the reboot to time elapsed, and not working set size is a serious WTF, though. Rebooting as some sort of uber-garbage collector makes a lot of sense, but you really should make sure that you do it if and only if you actually need it.
For performance reasons, it uses a fixed address (instead of going through __objc_msgSend):
http://gcc.gnu.org/ml/gcc/2007-03/msg00251.html
Doesn't this defeat address space randomization?
How about full disclosure about what's changing on YOUR PC? There's no reason why MS can't provide that in a timely, good, cheap manner.
Microsoft believes that hiding details of security updates (for instance, about vulnerabilities which have been patched quietly, along with the officially announced ones) helps them to protect customers. So from their perspective, there is some reason for secrecy.
I don't understand the motivation behind the WGA checks. Microsoft sends a very confusing message regarding its purpose. One result is that those who believe they've got illegally copied software on their hard drive won't patch their Windows. I don't see how *this* is in Microsoft's interest. Or, to put it differently, there already is very little trust in Windows Update anyway (even though, from a technical perspective, their track record is nothing but spectacular).
The first submission lead people to believe that it was some kind of vulnerability in OpenBSD when its really a whole class of security problem affecting any kind of process that attempts to trap the system calls of another for the purposes policy verification.
It's not a new class, CVE-2006-0457 is in the same category, for instance.
Original post was here: http://it.slashdot.org/article.pl?sid=07/08/09/138224 (unless it's another dupe)
the corporate tax is low (12.5%) and income tax is ok as well (20%) tho EU slaps 20% VAT on everything
VAT is not EU-related.
But another data point is that Ireland is predominantly Catholic (> 80 %). I really doubt that the Pope will declare the country evil.
This is especially promising, considering that the US used to intentionally degrade its own GPS signals available to civilians, for fear that it'd be used by "terrorists".
, OID2734592_REF3,00.html (But commercial GPS jammers are available as well, so it's not clear how significant this actually is.)
Surprise, surprise -- the US can degrade Galileo signals as well: http://www.tagesschau.de/aktuell/meldungen/0,1185
Somehow neither link seems to back up the claims in the article.
I can't really read Swedish, but Carl Bildt doesn't seem to mention that he's under investigation (wouldn't he'd got immunity while in office anyway?).
Has IIS had any remotely exploitable holes since version 5?
What about the WebDAV issue that was used to break into DoD systems just before the Iraq war?
If you don't deploy some kind of filtering or attitude readjustment, most of your traffic will be file sharing (and the majority of that will be of questionable legality). If you can slash your network traffic to one fifth or even less, you can delay the provision of new equipment and new connectivity for quite some time. Traditionally, this means that the nominal bandwidth you can offer to students and researchers is no longer competitive, so there is a strong incentive not to police traffic too much. Nobody will fund you 10GE if you are running at less than a third of GE (peak of the five-minute average).
It could well be that the public as a whole is better off if this vicious circle can be broken. Diverting funding might be an option to achieve that. But HR 1689 doesn't really address the core issue. Saving bandwidth doesn't cost money, just reputation.
Besides, considering the outright abuse of .org, .com, and .net, what's to stop ".xxx" from being turned into a mush of sites which may have little or nothing to do with porn? After all, I can think of lots of groups that would love to have an .xxx extension, just for the cool factor (bloggers, artists, and not-so-intelligent l33t h4x0r sites just as a ferinstance).
.xxx domains will be registered for defensive purposes. It's likely that company running the registry will make a hell lot of money as a result (in addition to money from typosquatters funded through Google and Yahoo ads). In this regard, .xxx is no different from any other new TLD: it's an ICANN-granted license to print money.
A lot of
Of course, you could force domain holders to run a web server which publishes porn, but this is not going to happen.
Doesn't collecting data make you evil?
Only if you call the process "activation" instead of "metrics".
The data was collected by Comscore, which installs Trojan horses on Windows PCs to spy on users' Internet activities. See Blocking Marketscore: Why Cornell Did It and many other Marketscore references on the net.
What's stopping them from getting a domain name in a non-US-controlled TLD?
Their domain is used to address their various DNS-based blacklists. It is present in thousands of mail server configurations world-wide, and some products might even hard-wire it into the software. A transition will be quite difficult.
Perhaps not a $40K router, but a $15K one--for $3K (including the replacement, should the first unit fail).
1) it takes an RTOS to make things work well. You can grind all the driver code you want, but an RTOS foundation is required with lots of cache
IOS is not a real-time operating system, which nicely disproves your claim. 8-)
2) only PCI-X bus gets close, and most 1Us don't have it. That gives you a real ceiling in terms of port-port throughput; don't kid yourself
In some of the Cisco low-to-mid-range routers, the line cards are connected to PCI busses (not that what's usually called L3 switches, of course). In fact, these routers are basically PCs with a MIPS CPU.
3) the algorithms needed to maintain cross-bar speed are gruesome. You don't find this kind of code in anything but sledge-hammered C and assembler, and code that only a mother (and an embedded systems engineer) could love. There is very little forgiveness here.
Most vendors do not offer wirespeed performance in all cases, either. You usually do not need the last 10% or 20% in performance. Given the savings (both in terms of device price and training), I'm willing to sacrifice 50% of the performance and more.
The real issue is the feature set of the available software. For GNU/Linux or the BSDs, the basic protocol support is usually there (but perhaps just in a userspace implementation which sacrifices some performance), but even pretty common things are sometimes missing because those who sponsered the development didn't need it (and it's not required by the standards, either). In some case, the implemntation isn't very mature yet. For the price difference of a Cisco box, you could hire someone in Russia to implement the missing stuff, but this gets a bit complicated, especially if you just want a working router.
On the other hand, there are some things which are impossible to do with IOS (obscure policy-based routing, most kinds of payload analysis, prefix-based accounting, OpenVPN). But most people don't expect routers to do such things anyway.
The numbers just don't add up: "a 0.00001 cent levy on every email sent" translates to 1e-7 EUR per message (and probably per hop). Assuming that there are 1 million million message-hops per day (1 US trillion, way over the top IMHO), this translates to just 100,000 EUR per day, or 36.5 million EUR per year. Obviously, this doesn't even cover the cost of the required accounting infrastructure.
This would allow developers to continue developing Cocoa for Mac and have instant ports to Windows; no dual booting or emulation involved.
I agree that it's more likely, but there will be some porting hassles, of course. I think it's still worth it. After some time, Apple can dump MacOS X and switch to Windows entirely. It doesn't make sense for a reseller of consumer electronic devices to maintain their own desktop OS. I'm sure the shareholders would love to see that switch.
The Internet Evangelical-Theological Force (IETF) has published their own objection: .sex Considered Dangerous (RFC 3675) in 2004, when ".xxx" was still called ".sex".
I'm appalled by the way those Christian Conservatives shape the Internet!
Like the first post said, it'll end up as a class action suit most likely.
Oh the irony. A class-action suit brought by customers who feel defrauded because they did not get digital rights management.
The only real 'speech' laws that the US has that it activly tries to enforce over the Internet are child porn laws.
What about online gambling? This kind of commercial speech is also severely restricted in the U.S., to the extent that U.S. investors wondered if they were to be arrested after investing in Partygaming.
I don't understand as a developer what dynamic typing does to help a language, and what real world advantages it offers the developer.
It is much easier to design a usable dynamically typed language than a statically typed one. If the type system is too primitive, it's constantly in your way (especially if, unlike C, the type system cannot be subverted), and beyond that, implementations are very hard from the beginning (for dynamic languages, the troubles start once you want an efficient implementation). Of course, it pays off in the long run to make significant investments at the language design level (and in the compiler itself), but is really hard, and if you try to innovate, you are bound to make expensive mistakes (for the developers using the language, or for you if you try to correct them later on).
That being said, I still don't see what's so bad about Java the language. Based on the review, much of the author's criticism seems to be concerned with the Java-based frameworks which are currently en vogue, but you can use Java without them. I'm not a real Java fan (mostly because all of the available implementations have significant drawbacks), but I must concede that overall, it's not a poor design.
On the other hand perhaps that is exactly why the government is the only body to be able to do this - they can simply assign special rights to themselves.
No, they can't. Most Western countries have laws which allow disappropriation only in very limited cases, and the prior owners have to be compensated. The latter part is the problem because it's close to impossible to track down the copyright owners (or process their claims).
Bureaucracy is not the problem. The real issue is that you can't index works without permission from the authors because indexing is gradually recognized as a new commercial exploitation right (as far as copyright is concerned). Unless you blatantly ignore copyrights (which is problematic for a government-led project), a modern search engine can't really take off and become a useful tool.
Apart from that, various pressure groups will ask that the search results are adjusted according to various laws: search results should only include content suitable for minors, which is gender-neutral, legal advice only from lawyers, there must be no bias against certain religions, and so on. 8-)
The problem with SecDNS is that pretty much the same thing is already performed at the SSL level with domain certificates, so there is little argument for changing the DNS system.
Once you've got a DNSSEC-enabled zone, you can put interesting things into it, like CERT RRs with SSH keys. The advantage is clear: you only pay for the delegation (the domain registration fee), and not for each server certificate individually.
Apart from the threat to existing CA business models, there are also some unsolved technical problems (cryptographically secured negative answers without providing zone enumeration, for example).
So it coincides with the 87th anniversary of the Nazi party. What does that have to do with anything?
Simple answer: The article is wrong. This wasn't the first Sober variant. Previous versions have been used to send out "Nazi spam" (actually, it was mainly xenophobia), so it's reasonable to assume that this isn't a coincidence.
I don't understand why Verisign (the same company that offers bulletproof hosting for phishing sites, by the way) publicly documents how far their reverse engineering efforts have advanced. I thought we were out to catch those guys. Telling them what we know isn't a terribly good strategy.