That being said, I have a hard time believing in equality as a tenet of our country (even equality of opportunity) when the opportunities of a poor kid from the ghetto, a farm kid from small-town America, a middle-class kid from the burbs, and a rich kid from a mansion differ so greatly. Affirmative action was a way (no matter how imperfect) to attempt to address this issue. I wonder how long the myth of American "equality" can sustain itself when even ameliorative programs such as this are shut down with nothing offered in their place to address this issue.
You've got it wrong. The tenet is equal protection under the law, not equal opportunity. By segregating the country by race for "affirmative action", you're explicitly violating a principle of law. I applaud the voters of Michigan for getting rid of this garbage.
For example take Richard Reid aka the "shoe bomber". Only a completely incompetent idiot tries to light a fuse in full view of everyone, rather than take the simple expediency of locking yourself in the toilet!!!
To underline how stupid and incompetent they are the "underwear bomber" made exactly the same critical mistake.
The underwear bomber apparently spent 20 minutes in the bathroom preparing the device. I don't know why he didn't just try to light it in the bathroom. Anyways, it doesn't matter, since in both cases the devices were faulty anyways. If they had been in working order, they would have succeeded because they had sufficient time before the passengers reacted.
It's insinuated that Julie is being deceitful by hiding the fact that the engineer is an ex-boyfriend. If it is, in fact, true that it was an ex-boyfriend, it's equally reasonable that Julie excluded that part of the story from her public side of the tale in order to protect his identity and not publicly call him out. Keep in mind Julie didn't even mention the founder or his wife by name.
You're bending over backwards here. If it is true it was an ex-boyfriend, that completely changes the dynamic of the story and it was deceptive of her to leave it out. She didn't name the founder, but offered plenty of details. It's beyond belief that she was merely trying to protect the engineer's identity by omitting such a salient detail (again, if it is true).
Given the "meritocracy" rug crap, her mention of the hula hoop incident, and her feminist "Passion Projects" activism at the company, I'm not inclined to give her any benefit of the doubt and think she's more interested in feminist issues than being a productive worker.
That's the documentary I watched, and the specific part that shows he remained silent at the pinnacle moment. It's a shame that he did so much to prevent the disaster up until that point, but didn't yell out one last time and override his managers.
(e.g. the late Roger Boisjoly, who was the Morton Thiokol engineer that strongly warned of the O-ring failure and tried to postpone Challenger's launch)
I saw a documentary on that. What's sad is that despite all the good work he did to try and avert the disaster, when given a last chance to object on the conference call to NASA he remained silent.
In addition to that, other than things like acquisitions there are very few "top-level executive decisions" at Google. Most decisionmaking is driven from the bottom up.
You're probably still not impressed.
You're right, I'm not. "Things like acquisitions" are what empire building is all about. Google had their own video service but wanted YouTube's marketshare. They've stuck their fingers in a lot of other pies as well. It's not about the technology.
Then it's not the same as mine. I've also followed the company from the beginning... and I have the benefit of the insider view.
Unless your insider view involved board meetings making top-level executive decisions, I'm not impressed.
YouTube was a very obvious acquisition. What YouTube needed to survive and grow was low-cost scalability and a way to monetize the views it was getting. What Google had was massive data centers and network connectivity, plus a proven revenue model.
YouTube managed to grow to epic proportions before Google had to "save" them, as you imply. They also good have slapped ads onto their service at any time without Google buying them out.
YouTube also needed a better search engine, and Google was interested in finding ways to index and search non-textual content. It was an ideal match, technologically.
This is garbage. Google didn't have to buy YouTube to figure out how to search videos. In fact, Google already had their own video service in operation when they bought YouTube. What Google wanted was YouTube's marketshare.
The basis for my claim is three years of seeing how the company operates and what decisions it makes, and how, from the inside.
My basis is the same as yours, except not from the inside, and not from just three years. I've been following Google since their early days. They used to be an Internet search company. I can't reference it, but I swear at one point as they were getting big they said they were going to remain focused on search.
The tipping point came when they bought YouTube for an obscene amount of money (at the time). You don't spread your tendrils in such fashion throughout the industry just because you like technology.
helping the "brightest pure programmers" understand why the cool solution they developed is a POS in production
Absolutely. I was in a startup as a dev, and by necessity we were the operations guys early on. It was a financial service that needed to be running 24/7, and having to deal with "oh shit" moments while under the gun instilled the importance of writing software that was built for reliability, graceful failures, recovery, and error reporting.
None of this "brogrammer" shit or programmer "cowboys" or any of that other nonsense.
I read the thread from your post onwards, and up-posts some as well. If you mean the entire, up to the root, it's hundreds of posts long.
If you still fail to find where these donations went to, and what the yes on prop8 group advertised then request a citation.
Then I'm formally requesting a citation that backs up your original post.
Further, you never explicitly stated that you can't find data. You stated that my post was a troll and are defending that position.
I said, "But it does give the appearance of a troll." and referenced the many readers, one writer problem, which you have not once acknowledged.
Your laziness does not make me wrong, your laziness makes you lazy.
It makes you lazy for not providing it in the first place, or second place... I never said you were wrong, only that you failed to provide a reference (and handwaving at Google or a large body of Slashdot comments is not a reference).
Should higher level languages be used when possible? Absolutely. I'm a fan of high level languages. I prefer to write software in Haskell and Scala when possible.
This was my main point. Whether it is practical to rewrite OpenSSL in a safe language isn't something I was arguing. To requote what I originally responded to:
C and C++ are not necessarily the problem. It's true that higher level languages solve this particular kind of vulnerability, but they are not safe from other vulnerabilities. To solve problems like these, we need better coding style in critical open source projects.
Bullshit, you are trying to redefine a word in order to make a claim that "trolling" is the same thing as having a different opinion.
No, I explicitly used your definition and said it was inflammatory. This isn't a question of opinion. It's a question of whether your accusations are true or not. If your accusations are true then your post was not a troll, and you could have reduced the chances of it being labeled as such by providing references in advance.
You also keep insisting that the claim is false yet there is ample evidence to support the claim.
I didn't say it was false. I said you didn't provide any evidence, and you still haven't (I wonder why?)
So you are being untruthful in several ways.
You're the one being untruthful here, per above.
A well articulated non-offensive response lacking citations is no different than the person I responded to who provided no citation.
First of all, the post you responded to made reference to a quote that was linked in the summary. You, on the other hand, made a sweeping accusation without any references.
Second, by claiming the group he donated to promoted "hate speech" and making comparisons to Westboro Baptist Church, drug dealers, and slave traders, your post is offensive if the accusations aren't true.
That person must have been trolling by your definition, but you are defending their position in your fabricated claim.
The fabrications are all on your end, and given your carelessness here, your original post becomes even more suspect.
Could a higher level language help? Sure. Is it a realistic and practical solution to OpenSSL's issues? Not really.
Buffer overflows are an extremely common security error, especially at the level something like OpenSSL is written at.
I've heard this argument, and I've seen blunders of vulnerabilities in Java, C#, Ruby, Python, and other higher level languages. This is not a language or platform specific problem.
You're arguing because bugs still exist, there's no reason to remove a large class of bugs and it isn't the language's fault. That's nonsense. Buffer overflows are a language problem endemic to C.
Better languages can help, but they are not a panacea. It takes dedication and hard work to write hardened code.
I didn't say it was a panacea. It's still a large class of errors that can be completely removed without the failed advice that we can just code better to avoid them.
C and C++ are not necessarily the problem. It's true that higher level languages solve this particular kind of vulnerability, but they are not safe from other vulnerabilities. To solve problems like these, we need better coding style in critical open source projects.
It's better to remove a very large class of bugs by the language making them impossible rather than insisting that a certain coding style will save you, "This time for sure!"
This is not a memory management issue per se, and has nothing to do with mmap or malloc.
But what the grandparent post said still applies. It's how C treats memory via pointers. The issue, from looking at the code you posted, is that memcpy() copies from beyond the length of rec_p. In a sane language that doesn't treat memory as free-for-all, this isn't possible.
Due to the fact that this code works more or less exactly as designed, the exploit functions across architectures and operating systems. This bug is so amateurish, i almost find it difficult to believe that it was unintentional.
It's the kind of mistake programmers make all the time in C. Sure, you can tell me battle-hardened, conscientious, professional programmers wouldn't make this mistake. Whatever, we've seen this kind of thing too many times for this sentiment to mean anything practically useful.
No, it does not. Please read the definition of troll and trolling again. A different opinion is not "trolling" or being a "troll".
If your accusations appear untrue and inflammatory, they have the appearance of being a troll. We've been over this. That's the whole point of providing evidence, which you are too lazy to do even at this point.
Not only myself, but numerous other people in this thread explained a different opinion respectfully and allegorically. All of them were down modded. It's called censorship, and it happens all the time here. It's been much worse since the beta exodus.
Sure, it happens all the time, but there's less chance of it happening when you substantiate your claims.
As it is, this thread is full of references to back my statement.
I didn't see any when I read this thread and replied.
It's not baseless because a person refuses to look for or read information.
You're ignoring the many readers, one writer problem. If you want your posts to be taken seriously when there's a good chance it won't be taken at face value, it's better to substantiate them upfront yourself.
Which is drastically different from providing easy to find references in a Google search because someone is too lazy to search themselves.
Without evidence it is inflammatory. There are many readers and one writer. Expecting all your readers to verify your accusations is a non-starter. You can give yourself credibility at the time of reading by not being lazy yourself and providing the evidence in advance.
Bullshit. Windows 95 was a rockstar (as in it was that well-received). It became the standard UI for computing, the one people run back to when Gnome 3 and other abominations came out. It almost killed the Mac.
Except that it was not 'because of his political views', it was because he gave money to support a group spreading FUD about homosexuality making him affiliated with a group promoting hate speech. [..] Hey, douche bag with mod points. This is not a troll.
Maybe if you had provided evidence for your accusations it wouldn't have been labeled a troll.
Slashdot Mirror
That being said, I have a hard time believing in equality as a tenet of our country (even equality of opportunity) when the opportunities of a poor kid from the ghetto, a farm kid from small-town America, a middle-class kid from the burbs, and a rich kid from a mansion differ so greatly. Affirmative action was a way (no matter how imperfect) to attempt to address this issue. I wonder how long the myth of American "equality" can sustain itself when even ameliorative programs such as this are shut down with nothing offered in their place to address this issue.
You've got it wrong. The tenet is equal protection under the law, not equal opportunity. By segregating the country by race for "affirmative action", you're explicitly violating a principle of law. I applaud the voters of Michigan for getting rid of this garbage.
For example take Richard Reid aka the "shoe bomber". Only a completely incompetent idiot tries to light a fuse in full view of everyone, rather than take the simple expediency of locking yourself in the toilet!!!
To underline how stupid and incompetent they are the "underwear bomber" made exactly the same critical mistake.
The underwear bomber apparently spent 20 minutes in the bathroom preparing the device. I don't know why he didn't just try to light it in the bathroom. Anyways, it doesn't matter, since in both cases the devices were faulty anyways. If they had been in working order, they would have succeeded because they had sufficient time before the passengers reacted.
It's insinuated that Julie is being deceitful by hiding the fact that the engineer is an ex-boyfriend. If it is, in fact, true that it was an ex-boyfriend, it's equally reasonable that Julie excluded that part of the story from her public side of the tale in order to protect his identity and not publicly call him out. Keep in mind Julie didn't even mention the founder or his wife by name.
You're bending over backwards here. If it is true it was an ex-boyfriend, that completely changes the dynamic of the story and it was deceptive of her to leave it out. She didn't name the founder, but offered plenty of details. It's beyond belief that she was merely trying to protect the engineer's identity by omitting such a salient detail (again, if it is true).
Given the "meritocracy" rug crap, her mention of the hula hoop incident, and her feminist "Passion Projects" activism at the company, I'm not inclined to give her any benefit of the doubt and think she's more interested in feminist issues than being a productive worker.
http://www.youtube.com/watch?v...
That's the documentary I watched, and the specific part that shows he remained silent at the pinnacle moment. It's a shame that he did so much to prevent the disaster up until that point, but didn't yell out one last time and override his managers.
(e.g. the late Roger Boisjoly, who was the Morton Thiokol engineer that strongly warned of the O-ring failure and tried to postpone Challenger's launch)
I saw a documentary on that. What's sad is that despite all the good work he did to try and avert the disaster, when given a last chance to object on the conference call to NASA he remained silent.
I don't understand that parents who were former victims of bullying themselves don't just whoop these bullies asses.
And if you end up in jail over said actions?
I'll just visit the bully after school and pin him down while I hock loogies on him.
That's what the keyboard hero says he'll do.
Interesting, I've never heard of this event before.
In addition to that, other than things like acquisitions there are very few "top-level executive decisions" at Google. Most decisionmaking is driven from the bottom up.
You're probably still not impressed.
You're right, I'm not. "Things like acquisitions" are what empire building is all about. Google had their own video service but wanted YouTube's marketshare. They've stuck their fingers in a lot of other pies as well. It's not about the technology.
Then it's not the same as mine. I've also followed the company from the beginning... and I have the benefit of the insider view.
Unless your insider view involved board meetings making top-level executive decisions, I'm not impressed.
YouTube was a very obvious acquisition. What YouTube needed to survive and grow was low-cost scalability and a way to monetize the views it was getting. What Google had was massive data centers and network connectivity, plus a proven revenue model.
YouTube managed to grow to epic proportions before Google had to "save" them, as you imply. They also good have slapped ads onto their service at any time without Google buying them out.
YouTube also needed a better search engine, and Google was interested in finding ways to index and search non-textual content. It was an ideal match, technologically.
This is garbage. Google didn't have to buy YouTube to figure out how to search videos. In fact, Google already had their own video service in operation when they bought YouTube. What Google wanted was YouTube's marketshare.
The basis for your claim is?
The basis for my claim is three years of seeing how the company operates and what decisions it makes, and how, from the inside.
My basis is the same as yours, except not from the inside, and not from just three years. I've been following Google since their early days. They used to be an Internet search company. I can't reference it, but I swear at one point as they were getting big they said they were going to remain focused on search.
The tipping point came when they bought YouTube for an obscene amount of money (at the time). You don't spread your tendrils in such fashion throughout the industry just because you like technology.
Nice one, sheeple.
Fuck off, keyboard warrior.
Google's primary goal is the technology, the profits and competitive advantage are a means to that end, not the other way around.
They are empire building. The technology is a means to that end.
helping the "brightest pure programmers" understand why the cool solution they developed is a POS in production
Absolutely. I was in a startup as a dev, and by necessity we were the operations guys early on. It was a financial service that needed to be running 24/7, and having to deal with "oh shit" moments while under the gun instilled the importance of writing software that was built for reliability, graceful failures, recovery, and error reporting.
None of this "brogrammer" shit or programmer "cowboys" or any of that other nonsense.
I stated to read the thread if you can't Google.
I read the thread from your post onwards, and up-posts some as well. If you mean the entire, up to the root, it's hundreds of posts long.
If you still fail to find where these donations went to, and what the yes on prop8 group advertised then request a citation.
Then I'm formally requesting a citation that backs up your original post.
Further, you never explicitly stated that you can't find data. You stated that my post was a troll and are defending that position.
I said, "But it does give the appearance of a troll." and referenced the many readers, one writer problem, which you have not once acknowledged.
Your laziness does not make me wrong, your laziness makes you lazy.
It makes you lazy for not providing it in the first place, or second place... I never said you were wrong, only that you failed to provide a reference (and handwaving at Google or a large body of Slashdot comments is not a reference).
Should higher level languages be used when possible? Absolutely. I'm a fan of high level languages. I prefer to write software in Haskell and Scala when possible.
This was my main point. Whether it is practical to rewrite OpenSSL in a safe language isn't something I was arguing. To requote what I originally responded to:
C and C++ are not necessarily the problem. It's true that higher level languages solve this particular kind of vulnerability, but they are not safe from other vulnerabilities. To solve problems like these, we need better coding style in critical open source projects.
Bullshit, you are trying to redefine a word in order to make a claim that "trolling" is the same thing as having a different opinion.
No, I explicitly used your definition and said it was inflammatory. This isn't a question of opinion. It's a question of whether your accusations are true or not. If your accusations are true then your post was not a troll, and you could have reduced the chances of it being labeled as such by providing references in advance.
You also keep insisting that the claim is false yet there is ample evidence to support the claim.
I didn't say it was false. I said you didn't provide any evidence, and you still haven't (I wonder why?)
So you are being untruthful in several ways.
You're the one being untruthful here, per above.
A well articulated non-offensive response lacking citations is no different than the person I responded to who provided no citation.
First of all, the post you responded to made reference to a quote that was linked in the summary. You, on the other hand, made a sweeping accusation without any references.
Second, by claiming the group he donated to promoted "hate speech" and making comparisons to Westboro Baptist Church, drug dealers, and slave traders, your post is offensive if the accusations aren't true.
That person must have been trolling by your definition, but you are defending their position in your fabricated claim.
The fabrications are all on your end, and given your carelessness here, your original post becomes even more suspect.
Could a higher level language help? Sure. Is it a realistic and practical solution to OpenSSL's issues? Not really.
Buffer overflows are an extremely common security error, especially at the level something like OpenSSL is written at.
I've heard this argument, and I've seen blunders of vulnerabilities in Java, C#, Ruby, Python, and other higher level languages. This is not a language or platform specific problem.
You're arguing because bugs still exist, there's no reason to remove a large class of bugs and it isn't the language's fault. That's nonsense. Buffer overflows are a language problem endemic to C.
Better languages can help, but they are not a panacea. It takes dedication and hard work to write hardened code.
I didn't say it was a panacea. It's still a large class of errors that can be completely removed without the failed advice that we can just code better to avoid them.
C and C++ are not necessarily the problem. It's true that higher level languages solve this particular kind of vulnerability, but they are not safe from other vulnerabilities. To solve problems like these, we need better coding style in critical open source projects.
It's better to remove a very large class of bugs by the language making them impossible rather than insisting that a certain coding style will save you, "This time for sure!"
This is not a memory management issue per se, and has nothing to do with mmap or malloc.
But what the grandparent post said still applies. It's how C treats memory via pointers. The issue, from looking at the code you posted, is that memcpy() copies from beyond the length of rec_p. In a sane language that doesn't treat memory as free-for-all, this isn't possible.
Due to the fact that this code works more or less exactly as designed, the exploit functions across architectures and operating systems. This bug is so amateurish, i almost find it difficult to believe that it was unintentional.
It's the kind of mistake programmers make all the time in C. Sure, you can tell me battle-hardened, conscientious, professional programmers wouldn't make this mistake. Whatever, we've seen this kind of thing too many times for this sentiment to mean anything practically useful.
No, it does not. Please read the definition of troll and trolling again. A different opinion is not "trolling" or being a "troll".
If your accusations appear untrue and inflammatory, they have the appearance of being a troll. We've been over this. That's the whole point of providing evidence, which you are too lazy to do even at this point.
Not only myself, but numerous other people in this thread explained a different opinion respectfully and allegorically. All of them were down modded. It's called censorship, and it happens all the time here. It's been much worse since the beta exodus.
Sure, it happens all the time, but there's less chance of it happening when you substantiate your claims.
That does not make a post a troll!
But it does give the appearance of a troll.
As it is, this thread is full of references to back my statement.
I didn't see any when I read this thread and replied.
It's not baseless because a person refuses to look for or read information.
You're ignoring the many readers, one writer problem. If you want your posts to be taken seriously when there's a good chance it won't be taken at face value, it's better to substantiate them upfront yourself.
Which is drastically different from providing easy to find references in a Google search because someone is too lazy to search themselves.
Without evidence it is inflammatory. There are many readers and one writer. Expecting all your readers to verify your accusations is a non-starter. You can give yourself credibility at the time of reading by not being lazy yourself and providing the evidence in advance.
Windows 95: meh
Bullshit. Windows 95 was a rockstar (as in it was that well-received). It became the standard UI for computing, the one people run back to when Gnome 3 and other abominations came out. It almost killed the Mac.
Except that it was not 'because of his political views', it was because he gave money to support a group spreading FUD about homosexuality making him affiliated with a group promoting hate speech. [..] Hey, douche bag with mod points. This is not a troll.
Maybe if you had provided evidence for your accusations it wouldn't have been labeled a troll.
Okay, Slashdot. Pop quiz time.
Shut the fuck up.