It was less the educational elites with their propaganda and more the aristocrats and people wanting to be like them. The wealthy could afford education, spelling, while not truly standardized, had a right and wrong within high society, and people with less resources wanted to emulate the wealthy, just like always.
Or right wing anti-government groups, or left wing radical environmentalists, or some random cult, or some kind of false flag that quietly got dropped instead of milked, or some really dedicated jerks with too much free time. Or maybe time travelers who realized that the particular security station in question was going to be the first network node to become sentient and send humanity down a the long dark path of extermination thus they took it out first. Heros I tell you, heros!
I think the poster was referring to the FERC trying to redact and re-release a document when it is already out there in its original form, thus the action is meaningless.
Yes, but for most people in california that would represent several years worth of income, and since rewards generally try to attract the attention of as many people as possible in the hopes someone knows something, 'does not appeal to wealthy people', who, by definition, are rather rare, is not a big concern.
I would argue it is only 'sloopy' in that it gets picked up outside the field and reported on more general sites like slashdot. As with so many things, I feel it is science reporting that messes things up, not scientists talking amongst themselves.
That is how I interpret it, a quick sound byte attaching a particular pairing of blue collar and white collar positions to point out the problem with the whole 'well, blue collar workers will just become white collar ones' approach to the issue.
Well put. People are focusing too much on the specific combination here and skipping over the reference to the more general problem with Zuckericanneverrmemberthespelling's overly focused solution.
Unless they really screwed it up, a custom allocator when you know the size of your data blocks (and they are all the same) is going to out preform the general one on any system, it is just a matter of how much performance gain you get vs the risk inherent in adding the allocator. The general allocators have gotten better over the years, but there will always be additional overhead involved in maintaining pools capable of handling any arbitrary sized allocation request.
Wow.. that piece really stretches things and makes some rather impressive leaps. Much of it seems to to simply be 'the bible is true, when science hits an unknown, it is proof of god' and then goes into the standard 'there must be an intelligent designer because things need to be intelligently designed' reasoning followed up by 'if you read the bible just right and compare history we already know, look how prophetic it is!'
Keep in mind, we are talking about overriding libc, not the kernel. For the most part it does do things better then the default allocator. If you want to use the car analogy, this would be like replacing your standard seat-belts with a 5 point cross belt but a manufacturing defect slipped through on one of the rollers. The defect is not a little deal, but it does not mean the 5 point belt is inherently worse then the standard on, there was simply a defect that passed through quality control, which happens.
Thing is, subdividing things does not lead to as much simplicity as people tend to hope. Splitting up OpenSSL because you are only using parts of it would be a bit like taking red and green out of a graphics library because you are only using blue.
Well, it is popular because it is a generally well regarded and vetted package that supports a fairly rich set of cryptography tasks out of the box.
As for what could be done in the future? Well, automated tests really only cover cases you think about, and stress tests may or may not actually notice something. To a degree, there will always be things that slip through, and most of the time things are fixed and patched. In this case something unusually bad slipped through.
So as far as I can tell, his rant is essentially that people should not use custom allocators and instead rely on the general purpose one built into libc because they can add system wide tools there.
I can see the argument for most cases, that is kinda the point of a general purpose allocator, but encryption (esp if you are doing lots of it) really strikes me as a case where you can really benefit from having explicit control over the behavior. I have worked on a number of applications where custom allocators had significant (user facing, not just benchmarks) impacts on performance. Ironically it also meant we were able to do better checking then the general exploit detection kits since we could bake more specific knowledge into the validator.
Given the high barrier involved in brining such a suit for other people, they are pretty much on their own too. Demonstrating that age/sex/gender/etc were the reasons is non trivial and cases are usually dismissed unless there is something really blatant.
That is not how protected classes work. As a white strait male, one has two (or three) criteria that one can be discriminated under and cases do go forward for them.
Actually, I think the research lines up rather nicely with them dropping the ball too. It could be an example of them having no clue what they are doing or having their own understanding of how things work. So 'incompetence' is still firmly in the running.
Yeah, but it is still kinda cool to see people dissect exactly how it happens or how claims are untrue. Suspecting and knowing are two very different things.
Slashdot Mirror
It was less the educational elites with their propaganda and more the aristocrats and people wanting to be like them. The wealthy could afford education, spelling, while not truly standardized, had a right and wrong within high society, and people with less resources wanted to emulate the wealthy, just like always.
Ah yes, because earning less then they could with the same degree out in private industry is such a gravy train....
People who actually work in the field and spend decades of their life in dedicated study of the subject disagree.
Or right wing anti-government groups, or left wing radical environmentalists, or some random cult, or some kind of false flag that quietly got dropped instead of milked, or some really dedicated jerks with too much free time. Or maybe time travelers who realized that the particular security station in question was going to be the first network node to become sentient and send humanity down a the long dark path of extermination thus they took it out first. Heros I tell you, heros!
I think the poster was referring to the FERC trying to redact and re-release a document when it is already out there in its original form, thus the action is meaningless.
Yes, but for most people in california that would represent several years worth of income, and since rewards generally try to attract the attention of as many people as possible in the hopes someone knows something, 'does not appeal to wealthy people', who, by definition, are rather rare, is not a big concern.
The tricky part is what constitutes 'proper' security measures and how those weigh against other factors.
I would argue it is only 'sloopy' in that it gets picked up outside the field and reported on more general sites like slashdot. As with so many things, I feel it is science reporting that messes things up, not scientists talking amongst themselves.
You know.. ..if I had a time machine and too much free time, that would be some serious lulz.
That is how I interpret it, a quick sound byte attaching a particular pairing of blue collar and white collar positions to point out the problem with the whole 'well, blue collar workers will just become white collar ones' approach to the issue.
Well put. People are focusing too much on the specific combination here and skipping over the reference to the more general problem with Zuckericanneverrmemberthespelling's overly focused solution.
Unless they really screwed it up, a custom allocator when you know the size of your data blocks (and they are all the same) is going to out preform the general one on any system, it is just a matter of how much performance gain you get vs the risk inherent in adding the allocator. The general allocators have gotten better over the years, but there will always be additional overhead involved in maintaining pools capable of handling any arbitrary sized allocation request.
Wow.. that piece really stretches things and makes some rather impressive leaps. Much of it seems to to simply be 'the bible is true, when science hits an unknown, it is proof of god' and then goes into the standard 'there must be an intelligent designer because things need to be intelligently designed' reasoning followed up by 'if you read the bible just right and compare history we already know, look how prophetic it is!'
Which is why it is described a 'mathmatical proof', a domain where 'proof' has a different and specific usage then general english.
Well, adding 'zero' to the number system was a pretty big deal about nothing.
"This book was dictated but not read"
Keep in mind, we are talking about overriding libc, not the kernel. For the most part it does do things better then the default allocator. If you want to use the car analogy, this would be like replacing your standard seat-belts with a 5 point cross belt but a manufacturing defect slipped through on one of the rollers. The defect is not a little deal, but it does not mean the 5 point belt is inherently worse then the standard on, there was simply a defect that passed through quality control, which happens.
Thing is, subdividing things does not lead to as much simplicity as people tend to hope. Splitting up OpenSSL because you are only using parts of it would be a bit like taking red and green out of a graphics library because you are only using blue.
Well, it is popular because it is a generally well regarded and vetted package that supports a fairly rich set of cryptography tasks out of the box.
As for what could be done in the future? Well, automated tests really only cover cases you think about, and stress tests may or may not actually notice something. To a degree, there will always be things that slip through, and most of the time things are fixed and patched. In this case something unusually bad slipped through.
True, they did not, but I would put that at the level of mistake rather then being unreasonable.
So as far as I can tell, his rant is essentially that people should not use custom allocators and instead rely on the general purpose one built into libc because they can add system wide tools there.
I can see the argument for most cases, that is kinda the point of a general purpose allocator, but encryption (esp if you are doing lots of it) really strikes me as a case where you can really benefit from having explicit control over the behavior. I have worked on a number of applications where custom allocators had significant (user facing, not just benchmarks) impacts on performance. Ironically it also meant we were able to do better checking then the general exploit detection kits since we could bake more specific knowledge into the validator.
Given the high barrier involved in brining such a suit for other people, they are pretty much on their own too. Demonstrating that age/sex/gender/etc were the reasons is non trivial and cases are usually dismissed unless there is something really blatant.
That is not how protected classes work. As a white strait male, one has two (or three) criteria that one can be discriminated under and cases do go forward for them.
Actually, I think the research lines up rather nicely with them dropping the ball too. It could be an example of them having no clue what they are doing or having their own understanding of how things work. So 'incompetence' is still firmly in the running.
Yeah, but it is still kinda cool to see people dissect exactly how it happens or how claims are untrue. Suspecting and knowing are two very different things.