That's because Doom is the last game J.C. created. Look at the list of games since then:
Dec 1993: Doom Oct 1994: Doom II. More Doom levels. Dec 1994: Heretic. Doom with magic instead of guns. Oct 1995: Hexen. More Doom with magic. And some RPG elements. 1996: Final Doom. More Doom levels. May 1996: Strife. Doom with RPG elements. Literally. Jun 1996: Quake. Yeah, this is just Doom with aliens Mar 1997: Doom 64. Dec 1997: Quake II. More Doom with aliens Dec 1999: Quake III Arena. Doom: Deathmatch Edition. Dec 2000: Quake III Team Arena. Doom: Team Deathmatch Edition. Nov 2001: RtCW. Doom with Nazis. Aug 2004: Doom 3. Doom in the dark. Apr 2005: Doom 3: Resurrection of Evil. More Doom in the dark. Sep 2005: Doom RPG. It's, uh, Doom with RPG elements. Oct 2005: Quake 4. More Doom with aliens. May 2006: Orcs & Elves. Wow! It's new! Oh, wait, it's Doom RPG rebranded. Sep 2007: Enemy Territory: Quake Wars. Doom: Team Deathmatch Edition 2! Aug 2009: Wolfenstein. Doom with Nazis. Sep 2011: Rage. Post-apocalyptic Doom. Forthcoming: Doom 4. Yeah.....
Don't get me wrong, the guy is a game engine genius. Still, he's very much a one-trick pony. He's the John Carpenter of video games rather than the Stanley Kubrick.
And that would be excellent if all the government did was ecological regulation, but it does a lot more than that. If the ostensible foundation of a political party is promoting the environment, what exactly is their social policy going to be? Or their defense policy? What about foreign policy? When you're talking about something as diverse as a national government, yes, a party that focuses on ecology is a narrow, special interest group.
What kinds of compromises in economic policy would such a party make in order to accomplish stated ecological goals? Historically, that answer has been quite a lot in the short term (which is typically what people are concerned about, right or wrong). When you're talking about "life over money" you certainly sound noble, but all money is for most people is a tangible, quantitative representation of work or effort. In that light, it might be more accurate to say the Green party emphasizes "quantity of life over quality of life". Then their platform becomes much less appealing. I'd like to "save the planet", but I wouldn't be happy if I had to give up my automobile, diverse diet, or electrical luxuries to do it.
I find that it's most similar to the complaints I've heard from friends who are doctors/nurses, lawyers/legal aids, or therapists. People have a surprising ability to ignore the fact that those who make their living based upon knowledge and skills might not want to be treated like a walking manual. People do not consider expertise valuable, for some odd reason.
Reminds me of the famous "Knowing which screw to turn" parable:
A manufacturer had a problem with one of the older machines on their line. It shut down the line and held up production, costing many thousands of dollars in lost production. Since it was older equipment it was hard to find someone knowledgeable in repairing the machine, and nobody on-site knew what the problem could be. They found a technician with knowledge of the machine and hired him to come in and fix it.
When the technician arrived on site he listened to the client’s description of the problem, examined the machine, opened a panel, and turned a single screw. He restarted the machine and it was back to full function. The line was up and running and the manufacturer was happy.
A week later the manufacturer received a bill for services: $1000. They called the technician and demanded an explanation - after all, they reasoned, he had only turned one screw to fix the problem. He agreed to re-bill, this time with itemized charges. The next bill contained two lines.
Turning the screw $1 Knowing which screw to turn $999
I would say it's more a vote of confidence in the ability of Oracle to mismanage Java into obscurity rather than any real confidence in JavaScript's longevity.
And yet 500 years ago, people would have described the Atlantic Ocean as "impossibly vast, empty, storm-tossed expanse of undrinkable water". And you'll note that Columbus had to lie about the diameter of the Earth to get funding for his trip. How big of a lie? Basically where he found the Caribbean Islands is where he told the Kind and Queen of Spain he would find Japan.
I don't believe that it will be worthwhile for a long time, but I believe there will eventually be expeditions at least as far as the asteroid belt.
Heat lamps are not subject to this ban. I suspect the market will produce heating lamps of lower wattages precisely because people have used standard light bulbs for this purpose.
What looks like a problem to you is actually a brand new market for low watt heating lamps.
Yes, when my systems are experiencing problems the first thing I think of doing is asking the developers if they have any workarounds for undisclosed vulnerabilities that would address my issue.
As a sysadmin I don't care about the timeliness of the fix as much as the timeliness of the disclosure. I care that nobody said anything about it so I couldn't mitigate the risk or be aware of the problem. They knew about it for six weeks and said nothing. Why? They released a new version that fixed the issue, and *still* didn't say anything for two weeks. ISC itself rated the vulnerability severity as "High". Is this how you should handle a high severity vulnerability?
It's not "OMG where is the fix." It's "dude why did you leave me completely in the dark so long?"
Yeah, a lot of anti-malware software does this. Spybot Search & Destroy adds about 15,000 entires to hosts that point to 127.0.0.1, which might fail safer than a null route. It amounts to the same thing.
I see, it was originally just a locking bug. That makes it easier to find a likely candidate in the Release Notes: "Corrected a defect where a combination of dynamic updates and zone transfers incorrectly locked the in-memory zone database, causing named to freeze. [RT #22614]"
Even if I do believe you, why did you wait so long to notify the community of the DoS vulnerability?
OK, so the content filter now just terminates sessions that have an SSL certificate that does not match the whitelist. SSL content filtering is not that complicated. Most content filtering appliances already do this.
That's true, but the CERT advisory only lists the severity metric as 4.5. That's not out of 10. It's out of 180. http://www.kb.cert.org/vuls/id/559980
ISC very well may use a different ranking scheme for vulnerabilities. DNS is required to have high availability, and this would severely impact that. ISC may rate it highly simply because the common usage scenarios for BIND make this more concerning.
Hosts is old. It predates DNS, and is one of the reasons for DNS. DNS (and WINS, technically) were developed because maintenance of the hosts file across a network of computers is too complex. Updates would be slow, insecure, inconsistent and unreliable, particularly if you use DHCP on your network instead of static addressing (which everybody with a brain does on a non-trivial network). Cache poisoning would be a constant problem. Nevermind that all the hosts file does is translate names to IP addresses, while DNS does much more than that.
So, yes, if you're willing to sacrifice ease of administration, security, functionality, performance, and reliability, you can absolutely revert to distributed hosts files over DNS.
That's because the latest BIND was released specifically to patch this vulnerability. They just didn't really tell anybody about the vulnerability until after 9.7.3 was released. Don't believe me?
Thanks, ISC, for patching a vulnerability a month after you found out about it and then telling us two weeks later that you did that. That's awesome security procedure there.
You're aware of how impractical that is, right? The first experiment to prove that had to be on the astronomical scale. Einstein's experiment was to examine how the light from stars was bent when viewed close to the Sun, and was only possible to perform during a total eclipse. To define something that requires those kinds of distances and masses to observe when the precision required is so high seems unwise.
The quality of instruments you'd need to determine how far a 1kg weight would bend a beam of photons is probably not discernible through any natural means based on quantum problems (the smallest unit of measure you should probably be working with is an Angstrom, and even then quantum issues arise). Nevermind that the frame of reference you'd be using is gravity-based, and since that technically varies as objects move across the surface of the Earth, the Earth rotates in space, the Moon revolves around the Earth, the Earth revolves around the Sun, as do the planets, asteroids, etc, your frame of reference is extremely inconsistent. Since your relying on a 1kg object here, well, what happens when your 80kg researcher walks across the room during the experiment 100 feet away?
I wouldn't start on vi. I'd start with nano because it follows the same logic as programs the students would likely be familiar with. On most distros nowadays even when you run visudo you get nano.
The key here is to make the learning curve not resemble the White Cliffs of Dover.
No, but you certainly can sue when, say, the hydraulics in the car aren't strong enough to apply the breaks when the temperature drops below -5 C.
Is the manufacturer liable for producing a product which has an inherent flaw? Yes. If a system is to be connected to the Internet, should security be a necessary design component? Yes. HIPAA, SOX, and FERPA all mandate that reasonable security measures to prevent tampering or access be taken for health, large financial, and public school information for example.
So the question is: Should that type of mandate be extended to robotics? What about ATM financial transactions (I don't know if there's regulation for this)?
Fundamentally: When is a software security issue a manufacturing flaw?
For example, there's an iPhone app that lets you connect to a LAN and it will scan the network for any surveillance cameras, which you can then pull up and view. My friend can do this (and I've seen it) at the local community college he attends. Obviously, there's a huge implementation error here. Those cameras should be on a VLAN which is inaccessible from any computer other than the necessary video systems, or at least there should be an authentication wall. What kind of implementation requirements did the manufacturer specify? Did they provide none? Did they specify a VLAN? Is there an authentication mechanism that defaults to off but could be enabled? Did the manufacturer specify that the network should have no security features at all?
We've all seen vendors do stupid things like this. Require blank default passwords with admin access that can't be changed. Require network services like DNS or databases but deny the ability to put the system on a domain (or run the system with Windows Home or Basic) and deny the ability to run any antivirus, or patch management, or any management software of any kind. They basically demand you replicate their development environment instead of getting their system to function in the real world. Vendors keep saying "here's our shitty system now you secure it but you can't use any normal security systems". That's complete bullshit, and if people start getting hurt because of it they should be at fault. The programmers are absolutely to blame, but you don't sue them. You sue the vendor who signed off on such poorly implemented systems. They knew or should have known that there was a problem.
It's not the customer's fault that they bought the wrong system. Customers aren't experts. That's why they buy systems. You don't blame a consumer when their Pinto bursts into flames for being rear-ended. There has to be a point where you stop blaming how it's used and instead point to how it was made.
Slashdot Mirror
That's because Doom is the last game J.C. created. Look at the list of games since then:
Dec 1993: Doom
Oct 1994: Doom II. More Doom levels.
Dec 1994: Heretic. Doom with magic instead of guns.
Oct 1995: Hexen. More Doom with magic. And some RPG elements.
1996: Final Doom. More Doom levels.
May 1996: Strife. Doom with RPG elements. Literally.
Jun 1996: Quake. Yeah, this is just Doom with aliens
Mar 1997: Doom 64.
Dec 1997: Quake II. More Doom with aliens
Dec 1999: Quake III Arena. Doom: Deathmatch Edition.
Dec 2000: Quake III Team Arena. Doom: Team Deathmatch Edition.
Nov 2001: RtCW. Doom with Nazis.
Aug 2004: Doom 3. Doom in the dark.
Apr 2005: Doom 3: Resurrection of Evil. More Doom in the dark.
Sep 2005: Doom RPG. It's, uh, Doom with RPG elements.
Oct 2005: Quake 4. More Doom with aliens.
May 2006: Orcs & Elves. Wow! It's new! Oh, wait, it's Doom RPG rebranded.
Sep 2007: Enemy Territory: Quake Wars. Doom: Team Deathmatch Edition 2!
Aug 2009: Wolfenstein. Doom with Nazis.
Sep 2011: Rage. Post-apocalyptic Doom.
Forthcoming: Doom 4. Yeah.....
Don't get me wrong, the guy is a game engine genius. Still, he's very much a one-trick pony. He's the John Carpenter of video games rather than the Stanley Kubrick.
And that would be excellent if all the government did was ecological regulation, but it does a lot more than that. If the ostensible foundation of a political party is promoting the environment, what exactly is their social policy going to be? Or their defense policy? What about foreign policy? When you're talking about something as diverse as a national government, yes, a party that focuses on ecology is a narrow, special interest group.
What kinds of compromises in economic policy would such a party make in order to accomplish stated ecological goals? Historically, that answer has been quite a lot in the short term (which is typically what people are concerned about, right or wrong). When you're talking about "life over money" you certainly sound noble, but all money is for most people is a tangible, quantitative representation of work or effort. In that light, it might be more accurate to say the Green party emphasizes "quantity of life over quality of life". Then their platform becomes much less appealing. I'd like to "save the planet", but I wouldn't be happy if I had to give up my automobile, diverse diet, or electrical luxuries to do it.
That's not what corporate America and IP lawyers would have you believe.
I find that it's most similar to the complaints I've heard from friends who are doctors/nurses, lawyers/legal aids, or therapists. People have a surprising ability to ignore the fact that those who make their living based upon knowledge and skills might not want to be treated like a walking manual. People do not consider expertise valuable, for some odd reason.
Reminds me of the famous "Knowing which screw to turn" parable:
Zimbabwean dollars ok?
I would say it's more a vote of confidence in the ability of Oracle to mismanage Java into obscurity rather than any real confidence in JavaScript's longevity.
And yet 500 years ago, people would have described the Atlantic Ocean as "impossibly vast, empty, storm-tossed expanse of undrinkable water". And you'll note that Columbus had to lie about the diameter of the Earth to get funding for his trip. How big of a lie? Basically where he found the Caribbean Islands is where he told the Kind and Queen of Spain he would find Japan.
I don't believe that it will be worthwhile for a long time, but I believe there will eventually be expeditions at least as far as the asteroid belt.
Heat lamps are not subject to this ban. I suspect the market will produce heating lamps of lower wattages precisely because people have used standard light bulbs for this purpose.
What looks like a problem to you is actually a brand new market for low watt heating lamps.
So, indistinguishable from actual women?
Yes, when my systems are experiencing problems the first thing I think of doing is asking the developers if they have any workarounds for undisclosed vulnerabilities that would address my issue.
As a sysadmin I don't care about the timeliness of the fix as much as the timeliness of the disclosure. I care that nobody said anything about it so I couldn't mitigate the risk or be aware of the problem. They knew about it for six weeks and said nothing. Why? They released a new version that fixed the issue, and *still* didn't say anything for two weeks. ISC itself rated the vulnerability severity as "High". Is this how you should handle a high severity vulnerability?
It's not "OMG where is the fix." It's "dude why did you leave me completely in the dark so long?"
Yeah, a lot of anti-malware software does this. Spybot Search & Destroy adds about 15,000 entires to hosts that point to 127.0.0.1, which might fail safer than a null route. It amounts to the same thing.
I see, it was originally just a locking bug. That makes it easier to find a likely candidate in the Release Notes:
"Corrected a defect where a combination of dynamic updates and zone transfers incorrectly locked the in-memory zone database, causing named to freeze. [RT #22614]"
Even if I do believe you, why did you wait so long to notify the community of the DoS vulnerability?
OK, so the content filter now just terminates sessions that have an SSL certificate that does not match the whitelist. SSL content filtering is not that complicated. Most content filtering appliances already do this.
That's true, but the CERT advisory only lists the severity metric as 4.5. That's not out of 10. It's out of 180.
http://www.kb.cert.org/vuls/id/559980
ISC very well may use a different ranking scheme for vulnerabilities. DNS is required to have high availability, and this would severely impact that. ISC may rate it highly simply because the common usage scenarios for BIND make this more concerning.
Hosts is old. It predates DNS, and is one of the reasons for DNS. DNS (and WINS, technically) were developed because maintenance of the hosts file across a network of computers is too complex. Updates would be slow, insecure, inconsistent and unreliable, particularly if you use DHCP on your network instead of static addressing (which everybody with a brain does on a non-trivial network). Cache poisoning would be a constant problem. Nevermind that all the hosts file does is translate names to IP addresses, while DNS does much more than that.
So, yes, if you're willing to sacrifice ease of administration, security, functionality, performance, and reliability, you can absolutely revert to distributed hosts files over DNS.
That's because the latest BIND was released specifically to patch this vulnerability. They just didn't really tell anybody about the vulnerability until after 9.7.3 was released. Don't believe me?
CERT was notified at the end of January.
"Date Notified: 2011-01-24" [ http://www.kb.cert.org/vuls/id/559980 ]
The CVE was reserved in the middle of January.
"Assigned (20110111)" [ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0414 ]
Yet the release notes for 9.7.3 don't mention any fixes which would coincide with this vulnerability:
http://ftp.isc.org/isc/bind9/9.7.3/RELEASE-NOTES-BIND-9.7.3.html
Thanks, ISC, for patching a vulnerability a month after you found out about it and then telling us two weeks later that you did that. That's awesome security procedure there.
The Democrats at least have the common decency to be ineffective.
Such a system does not exist. Rather, such a system would be a trivial one and thus would not be in a production environment.
You're aware of how impractical that is, right? The first experiment to prove that had to be on the astronomical scale. Einstein's experiment was to examine how the light from stars was bent when viewed close to the Sun, and was only possible to perform during a total eclipse. To define something that requires those kinds of distances and masses to observe when the precision required is so high seems unwise.
The quality of instruments you'd need to determine how far a 1kg weight would bend a beam of photons is probably not discernible through any natural means based on quantum problems (the smallest unit of measure you should probably be working with is an Angstrom, and even then quantum issues arise). Nevermind that the frame of reference you'd be using is gravity-based, and since that technically varies as objects move across the surface of the Earth, the Earth rotates in space, the Moon revolves around the Earth, the Earth revolves around the Sun, as do the planets, asteroids, etc, your frame of reference is extremely inconsistent. Since your relying on a 1kg object here, well, what happens when your 80kg researcher walks across the room during the experiment 100 feet away?
This is a rods-to-the-hogshead solution.
Hell, Slashdot editors don't screen summaries!
Wasn't he Speaker of the House?
I've never met anyone who -- with no training at all -- hasn't been able to open a text file with nano, make some changes, and then save and quit.
I've also never met anyone who -- with no training at all -- hasn't responded to vi with "why can't I type" followed quickly by "OMG I can't quit!".
I wouldn't start on vi. I'd start with nano because it follows the same logic as programs the students would likely be familiar with. On most distros nowadays even when you run visudo you get nano.
The key here is to make the learning curve not resemble the White Cliffs of Dover.
No, but you certainly can sue when, say, the hydraulics in the car aren't strong enough to apply the breaks when the temperature drops below -5 C.
Is the manufacturer liable for producing a product which has an inherent flaw? Yes.
If a system is to be connected to the Internet, should security be a necessary design component? Yes. HIPAA, SOX, and FERPA all mandate that reasonable security measures to prevent tampering or access be taken for health, large financial, and public school information for example.
So the question is: Should that type of mandate be extended to robotics? What about ATM financial transactions (I don't know if there's regulation for this)?
Fundamentally: When is a software security issue a manufacturing flaw?
For example, there's an iPhone app that lets you connect to a LAN and it will scan the network for any surveillance cameras, which you can then pull up and view. My friend can do this (and I've seen it) at the local community college he attends. Obviously, there's a huge implementation error here. Those cameras should be on a VLAN which is inaccessible from any computer other than the necessary video systems, or at least there should be an authentication wall. What kind of implementation requirements did the manufacturer specify? Did they provide none? Did they specify a VLAN? Is there an authentication mechanism that defaults to off but could be enabled? Did the manufacturer specify that the network should have no security features at all?
We've all seen vendors do stupid things like this. Require blank default passwords with admin access that can't be changed. Require network services like DNS or databases but deny the ability to put the system on a domain (or run the system with Windows Home or Basic) and deny the ability to run any antivirus, or patch management, or any management software of any kind. They basically demand you replicate their development environment instead of getting their system to function in the real world. Vendors keep saying "here's our shitty system now you secure it but you can't use any normal security systems". That's complete bullshit, and if people start getting hurt because of it they should be at fault. The programmers are absolutely to blame, but you don't sue them. You sue the vendor who signed off on such poorly implemented systems. They knew or should have known that there was a problem.
It's not the customer's fault that they bought the wrong system. Customers aren't experts. That's why they buy systems. You don't blame a consumer when their Pinto bursts into flames for being rear-ended. There has to be a point where you stop blaming how it's used and instead point to how it was made.