I agree with pretty much everything you said. The LinkScanner is by far a worse problem than the local scanner, which was what I was getting at with my "to various degrees" phrase.
However, the local scanner is not as benign as one might expect, mainly because of the ability to search within archives. As you mention, there was one exploit in RAR file parsing. Imagine if the same thing had happened to ZIP files. Now remember that.jar files are a form of.zip files, and consider what would happen if someone launched a SQL injection attack against a popular site to put an infected.jar file up. Normally, the.jar file would be harmless because of Java's internal security checking and byte code verification, but add in an insecure AV and it's exploitable.
If the exploit left the.jar file in a usable state, this could be very difficult to track down.
The whole situation is pretty depressing, really, especially when you consider that the job of AV software is theoretically impossible. Consider that you are trying to find an infection within an infected machines. We already know that certain types of rootkits and infections can hide from AV software (consider a virus that removes itself from the virus signature list). If the machine isn't infected yet, then you have to guard against all possible infections, which means that you have to hope that the AV people move faster than the virus writers, which is impossible. There will always be a window where the virus is not detected by any AV vendor. Add in self-modifying viruses and the situation starts looking pretty hopeless.
All antivirus programs suffer from this problem to various degrees. The on-demand scanners for AV programs scan everything, not just code that will be executed. Furthermore, they often recommend doing periodic system-wide scans which will open all files on the machine. It's quite possible that there's a bug in the scanner that can be exploited simply by storing a file on disk. Thus, if you can get your file fetched via a web browser (e.g. embed it in a.js file or something), you don't even need a browser exploit.
Does this mean that AV software isn't the best thing for our security? Maybe, but there are two mitigating factors: it's supposedly written by people who know how to write secure software, and it does simpler things with the data than the software that uses it, so it's less likely to have security bugs.
It's a trade-off. AV software makes it more likely that you will find viruses and other bad things that get onto your machine, but they can also make it more likely that this badware makes it onto your machine or gets executed in the first place.
It is deadly apparent that nonsensical puns are the first.
So where do we send the mortician?
Really, though, get a sense of humor. That was groan-worthy if anything ever was, but come on. The only thing demonstrating stupidity was his signature, which you more or less agreed with.
I give up. You win. Of course, I was referring to the entire war and every article about it when I was responding to someone who asked for proof about this particular article. I also am sure that all communications originating from Al-Queda are in no way propaganda material. And clearly, when I said nothing heavy handed was going on, I couldn't have been referring to this article. I must have been referring to everything the US has done in its history.
I was wrong. I apologize. I will never do it again.
To quote XKCD, "Did that man just go crazy and jump out the window?"
Seriously, what are you talking about?
The Washington Post, I can expect, at least checked its facts. They also cited references. If you read through them, you'll see that Al-Qaeda does indeed have an Internet-based propaganda machine and that they were staging Q&A sessions.
In fact, the article sounds critical of the US, saying that we're getting our asses kicked because of incompetence. That ought to be pretty good Slashdot material.
Also, the article seems to suggest that the US is not trying anything heavy handed. In fact, it just seems like a piece on how they release their videos and what (little) the US is doing about it.
Perhaps if the government were proposing some infringement of my rights in this article, or if there were something that seems absurd, or even out of the ordinary, you might, maybe have a point. In this case, though, I have no reason to doubt its validity, and I certainly didn't come away from it thinking I should let the government curtail some of my rights.
I wonder if a law about handing over your keys could be invalidated based on the fifth amendment if it came to a legal trial. It seems to violate the bit about not having to bear witness against oneself.
It's from a reputable source. Besides, there's nothing really strange about this. The idea of using PGP and decentralized servers makes perfect sense. The dubious bit is that warning lights go off in my head every time someone mentions Al-Qaeda because usually it's someone trying to scare me for political reasons.
If you can't imagine how selective use of facts can bias a conclusion, then you're just not very creative. Facts may stand on their own, but if you start with a conclusion and then try to support it with facts, you will find facts to support it. It is far better to form a hypothesis and try to falsify it, as in the scientific method. If all you look for are the supporting facts, then you're never going to find the contradictory ones.
Of course, you make the same mistake in your post. You say we should assume the bible is false and then look for facts that derive from it. That's not what the parent said, and it's rather dishonest of you to spin it that way. The parent said that we assume the bible is true and then look for contradictory evidence. As it turns out, there's plenty to be had.
If, as you say, we assume the bible is false and it proves nothing, then there's nothing it's disproven, either, which means that there's no supporting evidence. So, by your own argument, the bible is a failed hypothesis.
Finally, I'd like to point out that your phrasing, "science was true" is meaningless. Science is not something that can be true or false. It is a methodology, a way of thinking, if you will. Either it works or it does not. You can label individual ideas that came from the scientific method as true or false, but the methodology is neither.
Mind you, I'm being liberal with my use of language. I find it scary when people use big words like charlatan and modus ponens without knowing what they mean. Here's a hint: a charlatan would be someone who pretends to be familiar with logic by using jargon like "modus ponens" because he pretends to have a skill he does not have. Someone who defends science is not a charlatan simply because he has used bad logic.
That's because Slashdot doesn't usually link to a GeoCities page.
By the way, you look the same as everyone else from where I'm standing.:-p
Re:Um ...Dumb Question.
on
Water Ice On Mars
·
· Score: 2, Interesting
Water freezes at zero degrees.:-p
But seriously, this is oversimplified. Water freezes at 0 degrees on Earth, at standard pressure. Furthermore, even when water freezes, there's still water vapor. Really, if you think about it, you can't have the physical states without multiple molecules. Liquids and solids require certain arrangements of multiple molecules. In either case, individual molecules can escape, thus sublimating. The energy from the sun was enough to cause these molecules to escape, even though the ambient temperature was below the melting point of water.
Really, the best way to think about the melting point and the boiling point is that the melting point is the lowest temperature at which liquid will exist, and the boiling point is the highest temperature at which liquid will exist. Gas can exist at all temperatures because gas is nothing more than molecules that have broken off from the liquid or solid.
Eventually, if you raise the temperature enough, no liquid or solid can form. Likewise, if you lower the temperature enough, eventually, no molecule can escape. This is why metal doesn't generally sublimate. The amount of energy needed is not provided by the temperatures commonly found on earth (metal can sublimate in other conditions).
I can't hate people who say stupid things? Yeah, that makes sense.
The rest of your post is directly contradicted by other people in this discussion who have said that their primary reason for choosing NetFlix was queue management, and by the simple observation that you've now started attacking straw men. "I deserve whatever I want at whatever price I feel like paying"? Way to end any serious discussion. That's even more idiotic than the guy above.
There is no problem. I think we're in violent agreement. The problem comes when people say that "company $x is a business, so they can do whatever they want" without the necessary qualification that, if they do, they will "run their business into the ground."
All I'm saying is that there are consequences, even for businesses. Basically, it's the people who forget the "enlightened" part of "enlightened self-interest". If it's not enlightened, then self-interest doesn't generally look out for your interests very well.
I hate people who make statements like that, because those statements are idiotic. I've also got no problems with what NetFlix is trying to do. I'm just annoyed that they are trying to spin this as good for the customer while degrading their service. It's dishonest. They're doing this because it makes good business sense. They probably should do it, but they should try a little harder to be nice to their customers in doing so.
Yes, it's just DVD rentals. But I don't like companies who try to spin everything, whatever their wares. But I have a NetFlix account and I'm not canceling it. I just like the company a little less than I did yesterday.
Anger management? Who said I'm angry? I said I hate people like him.
But OK, maybe I need a hate management course? Of course, I gave a reason for saying what I said. It's that the viewpoint is idiotic because it's way too simplistic. It ignores the fact that businesses need their customers to survive, and that even investors have morals. If you prefer toleration of idiocy, then be my guest. But please, try not to confuse people who don't suffer fools with people who are angry and bitter.
Next up, about my "biased subjective hateful opinion" (as opposed to an objective opinion?;-)) perhaps it would help if you consulted a dictionary. Sleazy means "mean, or contemptuously low". I think that taking away features that customers love is mean, it's bad PR, and they haven't offered any migration path or apology gifts. They have, in fact, tried to spin this as helping customers (check the wording of the emails). All together, it seems pretty low.
(As a side note, they do reduce people's ability to rent movies (Google for NetFlix throttling), which is also kind of sleazy because they didn't actually mention that little fact until after they were sued about it, but that's pretty ancillary to my point here.)
But I guess calling a spade a spade will always be considered hateful by some people. You'll note, of course, that I haven't said NetFlix isn't allowed to do this or even that they shouldn't. I'm just saying they should try to be a bit nicer to their customers so as not to alienate them. If you read some of the other comments here, you'll see that there are plenty of people who are either canceling their service or at least looking elsewhere.
I bet if NetFlix had said that they would offer a discounted account for people using profiles so that they could continue to pay the same, but for multiple accounts, pretty much everybody would shrug and say, "I don't like it, but that seems fair." As is, it reads more like some underhanded way of getting people to pay more money for the same things.
Anyway, I don't have a high horse. Never learned to ride one, really. If you take issue with why I singled out that post, please feel free to respond to my points after the first line. Until then, you don't have much grounds to object to my hatred.
I think you've missed my point. I mean they can simplify their system without this. As-is, you have multiple queues tied to a single account, so they are not 1:1. Also, DVDs that are sent out need to be marked with the queue, rather than the account. The UI is different for the profile accounts, and there are special things that the profile owner can do, such as change the split. All this code and complexity goes away if you get rid of this feature, and most people will probably realize that signing up for multiple accounts is only a little more expensive and do that instead.
I can guarantee that the separation of accounts from queues causes quite a bit of complexity (think about how that has to be implemented at the UI, class, database, and even fulfillment level). For the customer convenience of having just one billing statement to a credit card (which gets you what, exactly?) seems a little ludicrous.
People who say things like, "Well, obviously, company $x is a business, so they can do whatever they want" or "Your boss pays you money to work, so you have to do whatever he says" are invariably idiots.
NetFlix offered this feature. Some people bought the service in part because of this feature. Now it's being taken away. No discounts or temporary account upgrades or anything. Not even a way to migrate the old profiles to a new account. That's pretty sleazy.
As for "dead-beat customers that cost them more than they make", that does not make someone a dead beat. That makes them thrifty.
It is expected that both sides will act rationally. Customers will make the most out of their money, and NetFlix will cut features that cost them money. Calling their customers deadbeats is idiotic. But NetFlix is not handling this very well at all. They are taking something away without offering a thing. Customers are going to be pissed, and they've got a right to be.
I'd imagine a substantial portion of their customers will now pay for two accounts. The rest will make due with one queue for two people. It'll also reduce their maintenance cost. Pretty sleazy, nonetheless.
I think the problem here is that all good coders need to clean up after the bad ones. Most people are bad coders, be they men or women. So it all makes perfect sense, you see. Both sexes equally stupid.
Slashdot Mirror
I agree with pretty much everything you said. The LinkScanner is by far a worse problem than the local scanner, which was what I was getting at with my "to various degrees" phrase.
However, the local scanner is not as benign as one might expect, mainly because of the ability to search within archives. As you mention, there was one exploit in RAR file parsing. Imagine if the same thing had happened to ZIP files. Now remember that .jar files are a form of .zip files, and consider what would happen if someone launched a SQL injection attack against a popular site to put an infected .jar file up. Normally, the .jar file would be harmless because of Java's internal security checking and byte code verification, but add in an insecure AV and it's exploitable.
If the exploit left the .jar file in a usable state, this could be very difficult to track down.
The whole situation is pretty depressing, really, especially when you consider that the job of AV software is theoretically impossible. Consider that you are trying to find an infection within an infected machines. We already know that certain types of rootkits and infections can hide from AV software (consider a virus that removes itself from the virus signature list). If the machine isn't infected yet, then you have to guard against all possible infections, which means that you have to hope that the AV people move faster than the virus writers, which is impossible. There will always be a window where the virus is not detected by any AV vendor. Add in self-modifying viruses and the situation starts looking pretty hopeless.
All antivirus programs suffer from this problem to various degrees. The on-demand scanners for AV programs scan everything, not just code that will be executed. Furthermore, they often recommend doing periodic system-wide scans which will open all files on the machine. It's quite possible that there's a bug in the scanner that can be exploited simply by storing a file on disk. Thus, if you can get your file fetched via a web browser (e.g. embed it in a .js file or something), you don't even need a browser exploit.
Does this mean that AV software isn't the best thing for our security? Maybe, but there are two mitigating factors: it's supposedly written by people who know how to write secure software, and it does simpler things with the data than the software that uses it, so it's less likely to have security bugs.
It's a trade-off. AV software makes it more likely that you will find viruses and other bad things that get onto your machine, but they can also make it more likely that this badware makes it onto your machine or gets executed in the first place.
It is deadly apparent that nonsensical puns are the first.
So where do we send the mortician?
Really, though, get a sense of humor. That was groan-worthy if anything ever was, but come on. The only thing demonstrating stupidity was his signature, which you more or less agreed with.
Then I demand proof of collusion. :-)
I give up. You win. Of course, I was referring to the entire war and every article about it when I was responding to someone who asked for proof about this particular article. I also am sure that all communications originating from Al-Queda are in no way propaganda material. And clearly, when I said nothing heavy handed was going on, I couldn't have been referring to this article. I must have been referring to everything the US has done in its history.
I was wrong. I apologize. I will never do it again.
To quote XKCD, "Did that man just go crazy and jump out the window?"
Seriously, what are you talking about?
The Washington Post, I can expect, at least checked its facts. They also cited references. If you read through them, you'll see that Al-Qaeda does indeed have an Internet-based propaganda machine and that they were staging Q&A sessions.
In fact, the article sounds critical of the US, saying that we're getting our asses kicked because of incompetence. That ought to be pretty good Slashdot material.
Also, the article seems to suggest that the US is not trying anything heavy handed. In fact, it just seems like a piece on how they release their videos and what (little) the US is doing about it.
Perhaps if the government were proposing some infringement of my rights in this article, or if there were something that seems absurd, or even out of the ordinary, you might, maybe have a point. In this case, though, I have no reason to doubt its validity, and I certainly didn't come away from it thinking I should let the government curtail some of my rights.
I wonder if a law about handing over your keys could be invalidated based on the fifth amendment if it came to a legal trial. It seems to violate the bit about not having to bear witness against oneself.
It's from a reputable source. Besides, there's nothing really strange about this. The idea of using PGP and decentralized servers makes perfect sense. The dubious bit is that warning lights go off in my head every time someone mentions Al-Qaeda because usually it's someone trying to scare me for political reasons.
The real problem here is that what you call critical thinking is not what most religious nuts call critical thinking.
Critical thinking means that you don't believe something without evidence.
To these people, however, it means that you can criticize things that don't agree with what you want to say.
Teaching critical thinking has nothing to do with this bill. It's critical, alright, but it's missing the thinking bit.
If you can't imagine how selective use of facts can bias a conclusion, then you're just not very creative. Facts may stand on their own, but if you start with a conclusion and then try to support it with facts, you will find facts to support it. It is far better to form a hypothesis and try to falsify it, as in the scientific method. If all you look for are the supporting facts, then you're never going to find the contradictory ones.
Of course, you make the same mistake in your post. You say we should assume the bible is false and then look for facts that derive from it. That's not what the parent said, and it's rather dishonest of you to spin it that way. The parent said that we assume the bible is true and then look for contradictory evidence. As it turns out, there's plenty to be had.
If, as you say, we assume the bible is false and it proves nothing, then there's nothing it's disproven, either, which means that there's no supporting evidence. So, by your own argument, the bible is a failed hypothesis.
Finally, I'd like to point out that your phrasing, "science was true" is meaningless. Science is not something that can be true or false. It is a methodology, a way of thinking, if you will. Either it works or it does not. You can label individual ideas that came from the scientific method as true or false, but the methodology is neither.
Mind you, I'm being liberal with my use of language. I find it scary when people use big words like charlatan and modus ponens without knowing what they mean. Here's a hint: a charlatan would be someone who pretends to be familiar with logic by using jargon like "modus ponens" because he pretends to have a skill he does not have. Someone who defends science is not a charlatan simply because he has used bad logic.
That's because Slashdot doesn't usually link to a GeoCities page.
By the way, you look the same as everyone else from where I'm standing. :-p
Water freezes at zero degrees. :-p
But seriously, this is oversimplified. Water freezes at 0 degrees on Earth, at standard pressure. Furthermore, even when water freezes, there's still water vapor. Really, if you think about it, you can't have the physical states without multiple molecules. Liquids and solids require certain arrangements of multiple molecules. In either case, individual molecules can escape, thus sublimating. The energy from the sun was enough to cause these molecules to escape, even though the ambient temperature was below the melting point of water.
Really, the best way to think about the melting point and the boiling point is that the melting point is the lowest temperature at which liquid will exist, and the boiling point is the highest temperature at which liquid will exist. Gas can exist at all temperatures because gas is nothing more than molecules that have broken off from the liquid or solid.
Eventually, if you raise the temperature enough, no liquid or solid can form. Likewise, if you lower the temperature enough, eventually, no molecule can escape. This is why metal doesn't generally sublimate. The amount of energy needed is not provided by the temperatures commonly found on earth (metal can sublimate in other conditions).
Pray tell, why do you think that Obama can't keep the country safe from "foreign threats"? And what foreign threats are you talking about, anyway?
I can't hate people who say stupid things? Yeah, that makes sense.
The rest of your post is directly contradicted by other people in this discussion who have said that their primary reason for choosing NetFlix was queue management, and by the simple observation that you've now started attacking straw men. "I deserve whatever I want at whatever price I feel like paying"? Way to end any serious discussion. That's even more idiotic than the guy above.
There is no problem. I think we're in violent agreement. The problem comes when people say that "company $x is a business, so they can do whatever they want" without the necessary qualification that, if they do, they will "run their business into the ground."
All I'm saying is that there are consequences, even for businesses. Basically, it's the people who forget the "enlightened" part of "enlightened self-interest". If it's not enlightened, then self-interest doesn't generally look out for your interests very well.
Nope, I've got a pretty good life.
I hate people who make statements like that, because those statements are idiotic. I've also got no problems with what NetFlix is trying to do. I'm just annoyed that they are trying to spin this as good for the customer while degrading their service. It's dishonest. They're doing this because it makes good business sense. They probably should do it, but they should try a little harder to be nice to their customers in doing so.
Yes, it's just DVD rentals. But I don't like companies who try to spin everything, whatever their wares. But I have a NetFlix account and I'm not canceling it. I just like the company a little less than I did yesterday.
Anger management? Who said I'm angry? I said I hate people like him.
;-)) perhaps it would help if you consulted a dictionary. Sleazy means "mean, or contemptuously low". I think that taking away features that customers love is mean, it's bad PR, and they haven't offered any migration path or apology gifts. They have, in fact, tried to spin this as helping customers (check the wording of the emails). All together, it seems pretty low.
But OK, maybe I need a hate management course? Of course, I gave a reason for saying what I said. It's that the viewpoint is idiotic because it's way too simplistic. It ignores the fact that businesses need their customers to survive, and that even investors have morals. If you prefer toleration of idiocy, then be my guest. But please, try not to confuse people who don't suffer fools with people who are angry and bitter.
Next up, about my "biased subjective hateful opinion" (as opposed to an objective opinion?
(As a side note, they do reduce people's ability to rent movies (Google for NetFlix throttling), which is also kind of sleazy because they didn't actually mention that little fact until after they were sued about it, but that's pretty ancillary to my point here.)
But I guess calling a spade a spade will always be considered hateful by some people. You'll note, of course, that I haven't said NetFlix isn't allowed to do this or even that they shouldn't. I'm just saying they should try to be a bit nicer to their customers so as not to alienate them. If you read some of the other comments here, you'll see that there are plenty of people who are either canceling their service or at least looking elsewhere.
I bet if NetFlix had said that they would offer a discounted account for people using profiles so that they could continue to pay the same, but for multiple accounts, pretty much everybody would shrug and say, "I don't like it, but that seems fair." As is, it reads more like some underhanded way of getting people to pay more money for the same things.
Anyway, I don't have a high horse. Never learned to ride one, really. If you take issue with why I singled out that post, please feel free to respond to my points after the first line. Until then, you don't have much grounds to object to my hatred.
I think you've missed my point. I mean they can simplify their system without this. As-is, you have multiple queues tied to a single account, so they are not 1:1. Also, DVDs that are sent out need to be marked with the queue, rather than the account. The UI is different for the profile accounts, and there are special things that the profile owner can do, such as change the split. All this code and complexity goes away if you get rid of this feature, and most people will probably realize that signing up for multiple accounts is only a little more expensive and do that instead.
I can guarantee that the separation of accounts from queues causes quite a bit of complexity (think about how that has to be implemented at the UI, class, database, and even fulfillment level). For the customer convenience of having just one billing statement to a credit card (which gets you what, exactly?) seems a little ludicrous.
God, I hate people like you.
People who say things like, "Well, obviously, company $x is a business, so they can do whatever they want" or "Your boss pays you money to work, so you have to do whatever he says" are invariably idiots.
NetFlix offered this feature. Some people bought the service in part because of this feature. Now it's being taken away. No discounts or temporary account upgrades or anything. Not even a way to migrate the old profiles to a new account. That's pretty sleazy.
As for "dead-beat customers that cost them more than they make", that does not make someone a dead beat. That makes them thrifty.
It is expected that both sides will act rationally. Customers will make the most out of their money, and NetFlix will cut features that cost them money. Calling their customers deadbeats is idiotic. But NetFlix is not handling this very well at all. They are taking something away without offering a thing. Customers are going to be pissed, and they've got a right to be.
They have that already. It's called separate accounts.
I'd imagine a substantial portion of their customers will now pay for two accounts. The rest will make due with one queue for two people. It'll also reduce their maintenance cost. Pretty sleazy, nonetheless.
I think the problem here is that all good coders need to clean up after the bad ones. Most people are bad coders, be they men or women. So it all makes perfect sense, you see. Both sexes equally stupid.
Exactly. Maybe September will finally end, too.
Because these idiots are trying to sell us something. That gives them a reason to lie.
If you believe every press release you read, maybe you should stop reading them.