> why do people believe that we should cater to small minoritys of the population?
I see it as a philosophical issue, where society wants to send the message that unjustifiable discrimination is bad, no matter how small the minority is who is affected. I assume that you understand why society doesn't want Target to have a large sign
at the entrance of its stores saying "NO BLACKS". For the same reason, it should not be able
to have a sign saying "NO LEFT-HANDED BLUE-EYED DEAF BAHAI TEXAN ASIANS", even though the number of people affected would be very, very, small.
The emphasis on "unjustifiable" wasn't accidental, since sometimes there is clear justification to discriminate based on physical handicaps. Deaf telephone operators, alternative versions of movies for the blind, and whatnot. But in the case in question, if you read many of the other comments, making an accessible website is not only not particularly hard, it's even advantageous in terms of ease of future formatting changes, etc.
IANAL, thank God, but it seems to me that that would only be prior art if you had publicized it somehow. Prior art has to be public, for obvious reasons.
If you didn't publicize it, your prior invention only gives you the personal right to use your version of the technology without paying Microsoft. Until they sue you of course, then you'll either pay them or lawyers.
Your point about non-OSS being more of a "black box" because of commercial disincentives is OK, but you compared a Debian development machine to windowsupdate.microsoft.com which is stupid considering both that Debian and Microsoft sign their releases.
This compromise is more like Microsoft's internal development network being compromised, which has happened.
Unless, of course, the current compromise includes Debian's private key, which I doubt.
That's probably because you totally lack imagination. Now consider a society where a small minority rule others by force and tax away all of their income, so that most die of starvation before the age of 30. The masses then revolt and break into the treasury.
They find you there wagging your finger at them: "No, no, no, bad mob, bad mob, this would be theft, and theft is always bad!"
Good luck.
And before you accuse me of setting up a straw man, consider this. The content industry has shown that it controls the government because it has a lot of money to pay lobbyists and politicians, and we, the consumers, aren't smart enough to understand and organize any resistance. The only difference is that we're not going to physically die without the music or other culture which is being taken from us (legally).
> Microsoft offered source code access as a form of documentation, but the EU rejected it.
Interesting. I guess we're just lucky, then, that Linux doesn't rely on undocumented internal API's, and interoperability isn't one of its design goals. And your open source project shouldn't do that, either, so fix it, if you're so worried. Or are you, like pembo13 suspects, a troll?
> And what if they require Linus to provide full legally-acceptable documentation > for the Linux kernel? Who is going to write it?
I don't think they can't require Linus to do anything, since he only owns the trademark. In addition, as commented above, the source itself could be claimed to be sufficient documentation.
"or write it yourself"... and if you do so you can even license it under the GPL v.2!
I wonder when the first wiseacre does that without "clean rooming" and the FSF sues him for publishing software under the GPL v.2 which was licensed solely under the GPL v.3....
"The game is FOSS, so the developers aren't getting anything except egoboo from it, but they're still writing for as many people as possible. Why can't commercial developers be as considerate?
Well, offhand I'd say you included the answer with your question. Since a large part of "egoboo" is having your software be used and liked by as many people as possible.
While on the other hand, if catering to a hypothetical extra N% of satisfied customers requires increasing the development cost by more (or even slightly less) than the expected extra profits from those customers, the proper commercial decision is not to do it.
Are you talking from experience here? Because I don't see why this strategy would necessarily cause bounds errors to become unreproducible, as long as the randomness in the addresses was in units of memory pages. I'm talking about the bounds errors where you access my_array[end_index + something_reasonably_small], not the ones where you access my_array[completely_trashed_index].
Even in the trashed index case (in my experience, usually caused by a negative number somewhere being interpreted as unsigned) I'd be surprised if the randomization would cause it to be likely that you wouldn't dump core.
I find it hard to think of other ordinarily predictable common bugs which would become unpredictable, could you give more examples? I can see it making the ordinarily unpredictable bugs (e.g., bounds error on the stack overwriting the stack frame's return address with data) even less predictable, but don't think the extra unpredictability would be really significant.
Of course, in the best Slashdot tradition all this was just off the top of my head, so, anyone out there with real experience want to jump in?
Uggh. Good catch. In this case the troll factor was pretty obvious from the text of the post, but I see that his bluetooth comment got moderated "+1 Interesting".
*Sigh*. Does this mean I have to research the commenter's posting history on every moderation? Seems excessive on a forum where (practically) no one reads TFA, and maybe even dangerous to my mod points if the majority of meta-moderators don't follow suit.
Maybe I should submit an "Ask Slashdot" post about it...
FTA:
"The new content-protection scheme would be the first time customers who have no intention of breaking copyright laws would be penalized because of piracy concerns."
What about all those people who had the pleasure to have Sony's rootkits installed on their computers? They got "penalized" up the ****.
If you would peruse the sudo documentation, you'd realize it is possible to customize it to allow particular users to execute particular commands as root.
Even without sudo, it's possible to allow only very specific actions as root by using chmod suid magic.
Of course, every time you use either of these methods, your security is lessened with respect to the next vulnerability found in sudo or whatever application you've authorized the user to run as root. But I did not get
the impression that the poster was trying to set this up in a super-high-security situation.
If you have access to the machine you don't need to know the root password, you can easily access any file on the machine by booting a live-cd or any OS that can mount the filesystem type the *nix is installed with.
As I said "might be as easy as inserting bootable media and rebooting".
You don't seem to be aware of possible
defenses, like physical locks and locked BIOS settings.
Actually, since posting, I've thought of a way in which a remote attacker might be able to discover the password (but not use it). See my reply to the previous replier.
> Physical access will usually let you do nasty things on any machine.
As I said "might be as easy as inserting bootable media and rebooting".
Your use of "usually" leads me to believe that you are aware of possible
defenses.
Actually, since posting, I've thought of a way in which a remote attacker might be able to discover the password (but not use it). He merely has to
convince any user on the box to run a Java applet with privileges while
browsing.
On second thought, I'm pretty sure Ubuntu doesn't install by default with Java. But it would be a much more common thing for an average user to install than, for example, sshd or ftpd.
1) The standard Ubuntu install does not install any network services so by default this problem does not cause any remote vulnerability.
2) There are no standard login-able userids on a standard Ubuntu install. But it is clear anyway from the description of the problem that in order to exploit it, you need to get access to the filesystem of the computer involved, which would ordinarily require a valid login, but might be as easy as inserting bootable media and rebooting.
Yes, and how does one "kill" a computer? The worst that you can do is corrupt your OS and force a reinstall.
That may have been true a long time ago, but is no longer.
How long have you been reading Slashdot? You must have missed this
and this.
And that's just in the recent past.
IIRC, at various times in the past, doing things like setting the wrong scan rate for flat panel displays for long enough periods have been known to cause hardware damage. The oldest such report I remember was from IBM, who discovered that if the heads of one of their multiplatter hard disk drives were driven in and out at a certain frequency for a long enough time, the vibrations could be transfered to the rotating media, causing head crashes. They actually patched the firmware to prevent any such periodic seeking.
Slashdot Mirror
> why do people believe that we should cater to small minoritys of the population?
I see it as a philosophical issue, where society wants to send the message that unjustifiable discrimination is bad, no matter how small the minority is who is affected. I assume that you understand why society doesn't want Target to have a large sign at the entrance of its stores saying "NO BLACKS". For the same reason, it should not be able to have a sign saying "NO LEFT-HANDED BLUE-EYED DEAF BAHAI TEXAN ASIANS", even though the number of people affected would be very, very, small.
The emphasis on "unjustifiable" wasn't accidental, since sometimes there is clear justification to discriminate based on physical handicaps. Deaf telephone operators, alternative versions of movies for the blind, and whatnot. But in the case in question, if you read many of the other comments, making an accessible website is not only not particularly hard, it's even advantageous in terms of ease of future formatting changes, etc.
IANAL, thank God, but it seems to me that that would only be prior art if you had publicized it somehow. Prior art has to be public, for obvious reasons.
If you didn't publicize it, your prior invention only gives you the personal right to use your version of the technology without paying Microsoft. Until they sue you of course, then you'll either pay them or lawyers.
> Why on earth would you even want to install Vista on a P-III laptop!?
It'd be much more interesting to find out what drugs is he taking to think that he'd even succeed!
I can't believe this hasn't been moderated funny even once yet.
Wake up, moderators!
Uhm, from the article, nobody can even assess whether it really is a quantum computer.
More like someone who knows the answer to the joke
"What kind of sh*t can an 800-lb gorilla make you eat?"
All browsers have their quirks, but really, show me a major website which has workarounds for old versions of Galeon...
Your point about non-OSS being more of a "black box" because of commercial disincentives is OK, but you compared a Debian development machine to windowsupdate.microsoft.com which is stupid considering both that Debian and Microsoft sign their releases.
This compromise is more like Microsoft's internal development network being compromised, which has happened.
Unless, of course, the current compromise includes Debian's private key, which I doubt.
> So, according to the OP, theft is good.
> That's certainly a new one for me.
That's probably because you totally lack imagination. Now consider a society where a small minority rule others by force and tax away all of their income, so that most die of starvation before the age of 30. The masses then revolt and break into the treasury.
They find you there wagging your finger at them: "No, no, no, bad mob, bad mob, this would be theft, and theft is always bad!"
Good luck.
And before you accuse me of setting up a straw man, consider this. The content industry has shown that it controls the government because it has a lot of money to pay lobbyists and politicians, and we, the consumers, aren't smart enough to understand and organize any resistance. The only difference is that we're not going to physically die without the music or other culture which is being taken from us (legally).
Ouch. I'm really tired today --- change "interoperability" in my reply to "thwarting interoperability"...
> Microsoft offered source code access as a form of documentation, but the EU rejected it.
Interesting. I guess we're just lucky, then, that Linux doesn't rely on undocumented internal API's, and interoperability isn't one of its design goals. And your open source project shouldn't do that, either, so fix it, if you're so worried. Or are you, like pembo13 suspects, a troll?
> And what if they require Linus to provide full legally-acceptable documentation
> for the Linux kernel? Who is going to write it?
I don't think they can't require Linus to do anything, since he only owns the trademark. In addition, as commented above, the source itself could be claimed to be sufficient documentation.
"or write it yourself" ... and if you do so you can even license it under the GPL v.2!
....
I wonder when the first wiseacre does that without "clean rooming" and the FSF sues him for publishing software under the GPL v.2 which was licensed solely under the GPL v.3
You might start with www.wesnoth.org : "The Battle for Wesnoth"...
Who knows, maybe you won't have to write any code!
Well, offhand I'd say you included the answer with your question. Since a large part of "egoboo" is having your software be used and liked by as many people as possible.
While on the other hand, if catering to a hypothetical extra N% of satisfied customers requires increasing the development cost by more (or even slightly less) than the expected extra profits from those customers, the proper commercial decision is not to do it.
See George O. Smith's "Venus Equilateral" stories, they're compiled into a collection called "The Complete Venus Equilateral".
I'm sure you'll find it on the Internet somewhere (yea! now I'm back on topic!)
Are you talking from experience here? Because I don't see why this strategy would necessarily cause bounds errors to become unreproducible, as long as the randomness in the addresses was in units of memory pages. I'm talking about the bounds errors where you access my_array[end_index + something_reasonably_small], not the ones where you access my_array[completely_trashed_index].
Even in the trashed index case (in my experience, usually caused by a negative number somewhere being interpreted as unsigned) I'd be surprised if the randomization would cause it to be likely that you wouldn't dump core.
I find it hard to think of other ordinarily predictable common bugs which would become unpredictable, could you give more examples? I can see it making the ordinarily unpredictable bugs (e.g., bounds error on the stack overwriting the stack frame's return address with data) even less predictable, but don't think the extra unpredictability would be really significant.
Of course, in the best Slashdot tradition all this was just off the top of my head, so, anyone out there with real experience want to jump in?
Uggh. Good catch. In this case the troll factor was pretty obvious from the text of the post, but I see that his bluetooth comment got moderated "+1 Interesting".
*Sigh*. Does this mean I have to research the commenter's posting history on every moderation? Seems excessive on a forum where (practically) no one reads TFA, and maybe even dangerous to my mod points if the majority of meta-moderators don't follow suit.
Maybe I should submit an "Ask Slashdot" post about it...
"The new content-protection scheme would be the first time customers who have no intention of breaking copyright laws would be penalized because of piracy concerns."
What about all those people who had the pleasure to have Sony's rootkits installed on their computers? They got "penalized" up the ****.
RTFM
If you would peruse the sudo documentation, you'd realize it is possible to customize it to allow particular users to execute particular commands as root.
Even without sudo, it's possible to allow only very specific actions as root by using chmod suid magic.
Of course, every time you use either of these methods, your security is lessened with respect to the next vulnerability found in sudo or whatever application you've authorized the user to run as root. But I did not get the impression that the poster was trying to set this up in a super-high-security situation.
Some moderator seems to be on drugs.
As I said "might be as easy as inserting bootable media and rebooting". You don't seem to be aware of possible defenses, like physical locks and locked BIOS settings.
Actually, since posting, I've thought of a way in which a remote attacker might be able to discover the password (but not use it). See my reply to the previous replier.
> Physical access will usually let you do nasty things on any machine.
As I said "might be as easy as inserting bootable media and rebooting". Your use of "usually" leads me to believe that you are aware of possible defenses.
Actually, since posting, I've thought of a way in which a remote attacker might be able to discover the password (but not use it). He merely has to convince any user on the box to run a Java applet with privileges while browsing.
On second thought, I'm pretty sure Ubuntu doesn't install by default with Java. But it would be a much more common thing for an average user to install than, for example, sshd or ftpd.
If I get your drift:
1) The standard Ubuntu install does not install any network services so by default this problem does not cause any remote vulnerability.
2) There are no standard login-able userids on a standard Ubuntu install. But it is clear anyway from the description of the problem that in order to exploit it, you need to get access to the filesystem of the computer involved, which would ordinarily require a valid login, but might be as easy as inserting bootable media and rebooting.
No, troll, I take them at face value when they claim "The worst that you can do is corrupt your OS and force a reinstall."
I never claimed destroying hardware was profitable or desirable for malware authors....
That may have been true a long time ago, but is no longer.
How long have you been reading Slashdot? You must have missed this and this. And that's just in the recent past.
IIRC, at various times in the past, doing things like setting the wrong scan rate for flat panel displays for long enough periods have been known to cause hardware damage. The oldest such report I remember was from IBM, who discovered that if the heads of one of their multiplatter hard disk drives were driven in and out at a certain frequency for a long enough time, the vibrations could be transfered to the rotating media, causing head crashes. They actually patched the firmware to prevent any such periodic seeking.