dialog boxes prompting for administration passwords identify the calling application at the bottom...
Well, that's easy enough to fix on a Posix system:
rename(argv[0],target_name);
execv(target_name,argv);
This is assuming of course that it doesn't give the whole path to the application... Now I don't think this is a horrible or likely attack anyway, but its good to remind people who say an application "is only running with user privileges". It's pretty easy to escalate in general, and multitasking interfaces make it that much easier.
You can make it a lot worse that that. It is (somewhat) exploitable by a timing attack if your virus waits patiently for another program to start installing. There is probably some recognizable signature you can check for in ps, and just keep running it repeatedly. Once another program is installing, the virus can then jump in and do the operation that requires root, thus popping up a dialog box. The title will probably be wrong, but the timing of the dialog box will be *right*, so most users wouldn't notice except for a second box popping up later. They'll probably convince themselves that they mistyped the password the first time.
This is a common vulnerability to just about any shared medium, and why users need to be careful even just running untrusted programs as a user. The unix equivalent is well timed "password" prompts from malware when the user runs something else they expect to generate such a message, such as ssh.
Not a bad list, but a bunch of things you answered as "No" are really "Yes". We still have a few No's, but they are kind of questionable IMO.
Is a computer ethics policy in place for the school? No Yes We Do
Do students have access to Usenet newsgroups? No Yes (news.andrew.cmu.edu).
Does the school provide multimedia equipment? No Yes, the CFA (College of Fine Arts) cluster has just about everything (computers, scanners, etc), and the mobile portions can be signed out (cameras).
Does the school offer courses in emerging technologies? No Yes! In methodology they mention computer security, robotics, and "videogaming". So, there's the class 15-827, "Security and Cryptography". Then there's the 25 year old Robotics Institute, which offers undergraduate minors and graduate degrees (MS,PhD) in Robotics. And as far as video game courses, do you want engine programming or cross-discipline game design?
That leaves requiring/providing computers for every student (pointless now that most students have machines anyway, and free clusters if they don't). Oh, and "support for handhelds", which has nothing to do with connectivity. If so, which one are they supposed to support since they are all different? Why not just have a course web page?
His job is to say no a few times, so that developers create better and better versions of the feature, until one is good enough and he says "yes".
Kernel cleanly done kernel-preemption patch went in, but the "lock-break" patch which predated it did not . That's because the latter peppered "reschedule me" calls all over the code tree. If he hadn't said "no" the first time, the later clean solution probably would not have come.
You don't get it. The point is, *he* should be making all the noise with his boat, and nobody else should spoil that. Also, he should not have to avoid obstacles in his way, instead they should not be put in his way.
As a Debian user, I do see one problem with "expert" distros such as Gentoo and Debian. It's that when all the experts use different distros than newbies, it's harder to give them help. I suggest Mandrake or Suse to other people who want to install Linux for the first time, but the differences mean I have more trouble helping them out if things don't work correctly.
Not that I don't like the concept of highly customizable/expert level distros, but that's the one problem I see with that approach. Having split easy/expert installs alleviates the problem somewhat, which is the direction Debian is going in (following other OSes in that regard of course).
Ah, but with approval voting, the lamination will be easier to remove than our tried-and-true current system! Seriously, I get the feeling the grandparent must be an executive in one our beloved two parties or something, as his post was basically the definition of FUD.
And in our current system, marking another vote will get that ballot thrown out. This has the same effect as marking an extra person on an approval ballot. In other words, this is no different from the situation we're already in. It is true that extra marks won't be noticed as quickly as lots of incorrect ballots, but that can be fixed easily: Have people mark both "yes" and "no" votes, so all that can be done is to mark both and make that ballot invalid. Then it really is no different from the current system in terms of problems. There's a reason ballot counters have a lot of oversight.
But that does not mean that since.Net was out first they were the first to think of them.
You do realize that there aren't really any features in either Java or C# that are new, right? They pretty much all came from other languages. Smalltalk, ML, Lisp, or Eiffel came up with nearly every one of the features people harp about now. It's nice when features break into common languages from their esoteric ancestors. However in general its a fallacy to think that the currently popular languages invented them.
For example, I do almost all of my programming in C++, but there isn't a moment I don't respect SML functors for being everything that C++ templates aren't (that is, they are the most elegant implementation of generics I've ever seen).
The popular vote would be an improvement, but has one fatal flaw: It would result in country-wide recounts in close elections (most of the recent ones, for example). IMO approval voting by district is the best compromise of representation by area and issue. It would also allow a true multi-party system. This is the same system the Libertarian cantidate wants. Unfortunately the major two parties will never let this happen, since it opens the doors to more parties.
If Al Gore had ever tried to propose an amendment implementing election reform in his time in the US Senate, then maybe I would feel sorry for him. Same goes for Senator Kerry if a similar unfortunate fate befalls him. The Democrats seems to be happy with the system, even willing to lose a few elections to it, in order to keep the status quo of two parties. I was really hoping the Dems would push for election reform after 2000, but alas no, they instead focus their energies on swing states and fighting Nader in court and in the press.
Though I don't agree with the great-great-grandparent post, this line makes complete mathematical sense. It's pretty simple actually.
For example, if Bill Gates donated 30% of the cost, and 5 other donors gave 14% of the cost, then Bill Gates donated the largest percentage. But notice that he paid for less than 50% of the cost, so he didn't pay for "most of the building".
They estimate the new CMU building will cost $50M, so Gates' donation is 40% in this case, which is also less than half. Whether or not that matters for getting your name on the building is left as an exercise for the philosopher.
I would have thought that their SMP hardware would be interesting to geeks - unlike the compromised NUMA architecture that lesser Unix boxes run.
NUMA is good, as that's the only way things scale; Shared busses are what is bad. Crays, Opterons, and Itanium servers use NUMA. The Xeon and AthlonMP use a shared bus. I wouldn't call a Cray a lesser unix box.
Solaris should definitely be of interest to anyone interested in UNIX or Linux - unless features such as partitioning and scalability are dull?
Every Unix besides SCO supports that stuff at this point, its not really a market differentiator. If I wanted large-scale scalability I'd talk to SGI, not Sun. Guess which company is working on Linux scalability now? But for most things, going beyond 8 way is incredibly rare. For example, how many network interfaces would a 32-way system need to compete with a group of 4 way servers? Niagara is interesting yes, but I'll wait until they have numbers before I'd bet anything on it.
Java 'Highly proprietary'? Ah - I guess that is why the spec is published, and why GNU can implement Java;... There is nothing proprietary about Java, only the name, which you must pass compatibility tests to use.
Java is a proprietary language with an open implementation. One company controls the language spec, rather than a standards body or industry group. It's rather like the difference between DirectX and OpenGL. DirectX has open specs and many drivers that implement it, just like Java. But ultimately you have to trust one company with the evolution and future viability of the language.
GNU GCJ is kind of a bad example since Sun dislikes them for working on a native compiler, and generally treats them like dirt. The blog link is for one of the main GCJ developers.
No, training takes over and you do what you did in training. "You fight like you train" is a theme not only in the armed forces but in many martial arts as well.
If you have no training, then of course anything can happen, such as how you describe. Someone who's not going to have the "presence of mind" in that situation should not be using a weapon since they might harm themselves or even bystanders.
One clue detectives often use in solving murders is the amount of force used: Excessive force (10+ shots in the chest, for example) often indicates a crime of passion, while minimum force (one deadly shot) often means a professional or otherwise well-trained shooter.
We can call this future Farenheit 221 (a temperature by which most electronics will die). Conveniently plastic and PCBs melt much easier than books burn. People might write down designs for their circumvention devices howeverm, so you'll still need the flame-throwers for such meta-circumvention documents.
Has anyone else here figured out how to play the CNet videos on anything besides Windows or Mac? I haven't been able to get real to do anything besides just sit there in embedded mode in Mozilla, Firefox or Konqueror. Real loads, but doesn't play or download any video, or generate any error message. The video filename isn't in the html either, as it seems that it comes from the loads of external javascript they reference.
That's a good point. Perhaps the university should install 2.4 GHz jamming equipment all around the apartment building until everyone stops operating their own APs. Perfectly within all rules and regulations, and a PITA for everyone.
Or they could just ask students not to DoS other students from using the university network. It's called the RPP. You're right they they can't demand it, but I bet any good Uni could have their EE's make a nice radio jammer...
It should, now that X developers can work with package maintainers rather than having an establishment work against them (the XFree86 way). Yay for more code and less politics.
Previous long lead times, according the Brandon (Debian's X release manager) were brokenness on some of the platforms Debian supports about which the developers in power didn't care, as well as reams of patches they wouldn't accept (like ones from ATI supporting "new" cards that weren't accepted after 6 months).
The whole point of FreeDesktop was to help everyone coordinate so that the process could be smoother. Most of the poeple on both sides were fed up with the politics and are working to make that the reality now.
Slashdot Mirror
dialog boxes prompting for administration passwords identify the calling application at the bottom...
Well, that's easy enough to fix on a Posix system:
rename(argv[0],target_name);
execv(target_name,argv);
This is assuming of course that it doesn't give the whole path to the application... Now I don't think this is a horrible or likely attack anyway, but its good to remind people who say an application "is only running with user privileges". It's pretty easy to escalate in general, and multitasking interfaces make it that much easier.
You can make it a lot worse that that. It is (somewhat) exploitable by a timing attack if your virus waits patiently for another program to start installing. There is probably some recognizable signature you can check for in ps, and just keep running it repeatedly. Once another program is installing, the virus can then jump in and do the operation that requires root, thus popping up a dialog box. The title will probably be wrong, but the timing of the dialog box will be *right*, so most users wouldn't notice except for a second box popping up later. They'll probably convince themselves that they mistyped the password the first time.
This is a common vulnerability to just about any shared medium, and why users need to be careful even just running untrusted programs as a user. The unix equivalent is well timed "password" prompts from malware when the user runs something else they expect to generate such a message, such as ssh.
Not a bad list, but a bunch of things you answered as "No" are really "Yes". We still have a few No's, but they are kind of questionable IMO.
Is a computer ethics policy in place for the school? No
Yes We Do
Do students have access to Usenet newsgroups? No
Yes (news.andrew.cmu.edu).
Does the school provide multimedia equipment? No
Yes, the CFA (College of Fine Arts) cluster has just about everything (computers, scanners, etc), and the mobile portions can be signed out (cameras).
Does the school offer courses in emerging technologies? No
Yes! In methodology they mention computer security, robotics, and "videogaming". So, there's the class 15-827, "Security and Cryptography". Then there's the 25 year old Robotics Institute, which offers undergraduate minors and graduate degrees (MS,PhD) in Robotics. And as far as video game courses, do you want engine programming or cross-discipline game design?
That leaves requiring/providing computers for every student (pointless now that most students have machines anyway, and free clusters if they don't). Oh, and "support for handhelds", which has nothing to do with connectivity. If so, which one are they supposed to support since they are all different? Why not just have a course web page?
"and the increasing numbers at the bottom will get enough scraps to live on to keep them from revolting and REDISTRIBUTING the wealth more fairly."
Programmers of the world, unite!
His job is to say no a few times, so that developers create better and better versions of the feature, until one is good enough and he says "yes".
Kernel cleanly done kernel-preemption patch went in, but the "lock-break" patch which predated it did not . That's because the latter peppered "reschedule me" calls all over the code tree. If he hadn't said "no" the first time, the later clean solution probably would not have come.
Here's a corrected second link. It's the funnier of the two, but read Kerry's "notes" first.
You don't get it. The point is, *he* should be making all the noise with his boat, and nobody else should spoil that. Also, he should not have to avoid obstacles in his way, instead they should not be put in his way.
As a Debian user, I do see one problem with "expert" distros such as Gentoo and Debian. It's that when all the experts use different distros than newbies, it's harder to give them help. I suggest Mandrake or Suse to other people who want to install Linux for the first time, but the differences mean I have more trouble helping them out if things don't work correctly.
Not that I don't like the concept of highly customizable/expert level distros, but that's the one problem I see with that approach. Having split easy/expert installs alleviates the problem somewhat, which is the direction Debian is going in (following other OSes in that regard of course).
Or C# goes nowhere, which is the fate of the vast majority of languages. Only time will tell...
I think there's prior art for that :)
Ah, but with approval voting, the lamination will be easier to remove than our tried-and-true current system! Seriously, I get the feeling the grandparent must be an executive in one our beloved two parties or something, as his post was basically the definition of FUD.
And in our current system, marking another vote will get that ballot thrown out. This has the same effect as marking an extra person on an approval ballot. In other words, this is no different from the situation we're already in. It is true that extra marks won't be noticed as quickly as lots of incorrect ballots, but that can be fixed easily: Have people mark both "yes" and "no" votes, so all that can be done is to mark both and make that ballot invalid. Then it really is no different from the current system in terms of problems. There's a reason ballot counters have a lot of oversight.
But that does not mean that since .Net was out first they were the first to think of them.
You do realize that there aren't really any features in either Java or C# that are new, right? They pretty much all came from other languages. Smalltalk, ML, Lisp, or Eiffel came up with nearly every one of the features people harp about now. It's nice when features break into common languages from their esoteric ancestors. However in general its a fallacy to think that the currently popular languages invented them.
For example, I do almost all of my programming in C++, but there isn't a moment I don't respect SML functors for being everything that C++ templates aren't (that is, they are the most elegant implementation of generics I've ever seen).
The popular vote would be an improvement, but has one fatal flaw: It would result in country-wide recounts in close elections (most of the recent ones, for example). IMO approval voting by district is the best compromise of representation by area and issue. It would also allow a true multi-party system. This is the same system the Libertarian cantidate wants. Unfortunately the major two parties will never let this happen, since it opens the doors to more parties.
If Al Gore had ever tried to propose an amendment implementing election reform in his time in the US Senate, then maybe I would feel sorry for him. Same goes for Senator Kerry if a similar unfortunate fate befalls him. The Democrats seems to be happy with the system, even willing to lose a few elections to it, in order to keep the status quo of two parties. I was really hoping the Dems would push for election reform after 2000, but alas no, they instead focus their energies on swing states and fighting Nader in court and in the press.
Though I don't agree with the great-great-grandparent post, this line makes complete mathematical sense. It's pretty simple actually.
For example, if Bill Gates donated 30% of the cost, and 5 other donors gave 14% of the cost, then Bill Gates donated the largest percentage. But notice that he paid for less than 50% of the cost, so he didn't pay for "most of the building".
They estimate the new CMU building will cost $50M, so Gates' donation is 40% in this case, which is also less than half. Whether or not that matters for getting your name on the building is left as an exercise for the philosopher.
I would have thought that their SMP hardware would be interesting to geeks - unlike the compromised NUMA architecture that lesser Unix boxes run.
... There is nothing proprietary about Java, only the name, which you must pass compatibility tests to use.
NUMA is good, as that's the only way things scale; Shared busses are what is bad. Crays, Opterons, and Itanium servers use NUMA. The Xeon and AthlonMP use a shared bus. I wouldn't call a Cray a lesser unix box.
Solaris should definitely be of interest to anyone interested in UNIX or Linux - unless features such as partitioning and scalability are dull?
Every Unix besides SCO supports that stuff at this point, its not really a market differentiator. If I wanted large-scale scalability I'd talk to SGI, not Sun. Guess which company is working on Linux scalability now? But for most things, going beyond 8 way is incredibly rare. For example, how many network interfaces would a 32-way system need to compete with a group of 4 way servers? Niagara is interesting yes, but I'll wait until they have numbers before I'd bet anything on it.
Java 'Highly proprietary'? Ah - I guess that is why the spec is published, and why GNU can implement Java;
Java is a proprietary language with an open implementation. One company controls the language spec, rather than a standards body or industry group. It's rather like the difference between DirectX and OpenGL. DirectX has open specs and many drivers that implement it, just like Java. But ultimately you have to trust one company with the evolution and future viability of the language.
GNU GCJ is kind of a bad example since Sun dislikes them for working on a native compiler, and generally treats them like dirt. The blog link is for one of the main GCJ developers.
No, training takes over and you do what you did in training. "You fight like you train" is a theme not only in the armed forces but in many martial arts as well.
If you have no training, then of course anything can happen, such as how you describe. Someone who's not going to have the "presence of mind" in that situation should not be using a weapon since they might harm themselves or even bystanders.
One clue detectives often use in solving murders is the amount of force used: Excessive force (10+ shots in the chest, for example) often indicates a crime of passion, while minimum force (one deadly shot) often means a professional or otherwise well-trained shooter.
Perhaps that's how they spell it on Seti Alpha Five?
We can call this future Farenheit 221 (a temperature by which most electronics will die). Conveniently plastic and PCBs melt much easier than books burn. People might write down designs for their circumvention devices howeverm, so you'll still need the flame-throwers for such meta-circumvention documents.
Luckily, your tinfoil hat is good up to 935 F.
Not to mention you have to convince them why they need to buy their music collection again, just to get it on a different format (see CD vs. vinyl).
That's because most of the population died in the civil war, of course. Now they're all in shallow permafrost graves just like the wooly mammoths.
Dead pig flavored jello?
Has anyone else here figured out how to play the CNet videos on anything besides Windows or Mac? I haven't been able to get real to do anything besides just sit there in embedded mode in Mozilla, Firefox or Konqueror. Real loads, but doesn't play or download any video, or generate any error message. The video filename isn't in the html either, as it seems that it comes from the loads of external javascript they reference.
That's a good point. Perhaps the university should install 2.4 GHz jamming equipment all around the apartment building until everyone stops operating their own APs. Perfectly within all rules and regulations, and a PITA for everyone.
Or they could just ask students not to DoS other students from using the university network. It's called the RPP. You're right they they can't demand it, but I bet any good Uni could have their EE's make a nice radio jammer...
It should, now that X developers can work with package maintainers rather than having an establishment work against them (the XFree86 way). Yay for more code and less politics.
Previous long lead times, according the Brandon (Debian's X release manager) were brokenness on some of the platforms Debian supports about which the developers in power didn't care, as well as reams of patches they wouldn't accept (like ones from ATI supporting "new" cards that weren't accepted after 6 months).
The whole point of FreeDesktop was to help everyone coordinate so that the process could be smoother. Most of the poeple on both sides were fed up with the politics and are working to make that the reality now.