Wow it must be nice to be able to force people to do whatever you want. If I could file a lawsuit to force slashdot to reveal the IP and email of every user that has ever insulted me and then sue them for 5000 each I'd be a very rich and happy man...
Should have went to law school....or had a wealthy mommy and daddy... or become an actor....
Reading about her interview and stuff, it turns out apparently potential new clients would ask her about the webpage, and what she was doing in the photos.
I rather find it crazy that the judge ruled that "skank" is not a term similar to "jerk" and that it denotes a matter of fact, rather than opinion.
I hate to say that the judge is a skank, because I could be charged with contempt of court, but seriously, someone needs to explain to that skank judge that skank is an opinion-charged insult, and not a statement of fact.
With the way the recession is currently in the US, it makes no sense for the US govt. to not only allow, but, in some cases expedite bringing foreigners in (or letting them in willy nilly across the border illegally) to fill jobs that our own citizens are in desperate need of...
That makes little sense, but I approve. In fact, as somebody who lives in Europe, I encourage every smart, qualified worker who doesn't feel welcome in the US to come over here. We'll get out of these economic problems by having smart people do innovative things. It doesn't really matter where they were born, but it does matter where they work.
I would be happy to come over to Europe to work, and live. I'm a well-qualified computer programmer. Would you be willing to hire me, so I can get my Arbeitserlaubnis?
If you're bitching that you need an iPhone even to use the source code
No, I'm bitching that I need a developer agreement in addition to an iPhone. Unlike the other examples you gave, this is not a hardware cost.
You don't need a developer agreement to use the binary... Unless I'm missing something, and Apple started making people pay in order to run an app that they downloaded from the AppStore.
If you're talking about the fact that you can't download and compile it yourself and run the binary... well, bitch at Apple, it's not the dev's fault.
I know you were just referring to a barrier for putting it on the app store as a free app
No, it's also a barrier for even using the compiled binary. The $99 isn't just for access to the App Store; it's also for access to install apps that you compiled on an iPod Touch PDA that you bought.
No, it's a barrier that you even need electricity at all! I can't play this on my tabletop with candles, (which even then requires the barrier for owning a table, and candles.. and fire.)
Look, there's a barrier to everything. I can't use SUSE ppc on anything but a PowerPC computer, I can't use Linux ia64 on anything but an Itanium, which are STILL stupid expensive.
That there is a barrier of entry to use the binary is stupid, and unimportant, because if the barrier of entry to use the binary is too high, then DON'T BUY OR DOWNLOAD THE BINARY!!!
If you're bitching that you need an iPhone even to use the source code, then download the source code, modify it for your platform of choice, and then make it interoperable with the iPhones.
Microsoft uses Perforce, which assuredly does have such identifiers. But there's a difference between some opaque id in a SCM (which at MS is actually some hyper-complex federated configuration) and a meaningful build tag you assign from the overall build management system, something higher level than just the SCM.
Actually, MSFT uses the build tag to create the SCM label for Perforce. So the build label (that "opaque id" in the build system that one can sync to in order to guarantee that the code was the same as that built for that build) is the same as the build tag.
A better approach is to use a SCM that has atomic checkins with unique identifiers. Then you sync to a specific checking id, and build from that. Time doesn't matter (and it is easy to make a mistake with time zones and all)
The build process actually clumps all the atomic checkins into a single label, and then that label is built. The timestamp is simply the start of the label's state. If something goes wrong during the build or something, then they can back a single checkin out of a build label, or they can include a single checkin into the build label. Once the build is finished, the build label is locked, and no one is supposed to change it. (In truth, only build staff even have the rights to change it, but then build staff gets crazy rights to everything in the source code.)
MSFT also doesn't have problems with timezones, because all of the developers on a project are in the same timezone, and if they're not in the same timezone then they understand that they are still subject to the Redmond, WA timezone checkin requirements.
So, you've made a few booboos here. First, you've assumed that MSFT was full of idiots when they designed their build system (they weren't), and you've assumed that your build environment is similar to the corporate environment at Microsoft. It is not.
I'm going to see how the adoption rates are for 7. I see a rocky road for MS; people are happy with XP, it's stable, and for most of us it's a f*cking desk. No amount of hype is going to convince me that I have to get a shinier pressboard and formica office desk; the one I have works just fine.
At Amazon, a lot of the desks are actually former doors. When they went and replaced all the doors, they just bolted legs onto the old ones and started handing them out.
It actually makes for a kind of cool MacGyver feeling at work.
The build timestamp is the timestamp in the source control system used to sync all the files to. When compiling, one chooses a time slightly before when you started the process, or a time slightly in the future. Then the automated build process starts up, waits for the time to arrive, then syncs to the given timestamp, then runs the build process.
However, trust me, Windows takes well more time than even Gentoo to compile...
You apparently missed what I was trying to say. Icelandic was "stuck in time" because it was a colony, and isolated from the rest of the Scandinavian cultures. This means that the innovation produced by the main three languages did not spread to Iceland.
Being a colony, all of the people on Iceland spoke a similar and standardized dialect, rather than distributed entrenched dialects. It's very similar to the way that speciation of biological organisms go through. If you have a small isolated population, it will not experience the same rate of change that a larger population will.
Now, what I was meaning as to English, is that American English was developed from the standard Victorian-esque British English from that time. As there were no entrenched dialects, everyone had to communicate with a standard dialect, rather than a regional dialect. This produced a chilling effect on innovation in American English, while British English continued to change. Thus, American English is much closer to Victorian English than British English.
I am well aware of the various propositions for written Norwegian... which is precisely because Bokmal is essentially Danish, and does not conform well to the spoken dialects that are entrenched in Norway.
In any case, my original complaint of your post remains: one does not "speak" Bokmal, vs Nynorsk. One reads/writes them. In fact, regardless of if one reads or writes Bokmal or Nynorsk, one would speak the same Norwegian.
Zoom in on the actual southern coast of England. It looks like a hastily drawn zigzag. England must be fake.
In all seriousness, if authentic, the map predates the effective computation of longitude. You notice how the East/West elements of the map are stretched and skewed, far more than the North/South elements? You try accurately illustrating a fairly complex coastline when you can't say where you are on the East/West axis except by dead reckoning.
Actually, this provides some of the best evidence against it being authentic (ok, solely in my opinion.)
The reason why? Everything in Europe is distorted incredibly, however Greenland is about 90% accurate. So, either the Vikings never bothered to measure their own peninsula, or Britain properly, yet totally managed to survey Greenland with nearly modern accuracy... or, it's likely a fake.
Actually, Norway has two languages - Norwegian Bokmål ("Book language" - but also spoken - very similar to Danish) and Norwegian Nynorsk ("New Norwegian"). Norwegian Nynorsk might be more like Icelandic than Danish, but Norwegian Bokmål is essentially Danish. I guess it's because Norway was part of Denmark some time ago...
I'm a dane and I speak both Danish and Norwegian (Bokmål). I know some Norwegian Nynorsk, but not enough to carry a conversation. I've heard quite a bit of Icelandic, and I don't understand a word... well... yeah, I know one word...:-)
When it comes to it though, Icelandic is very much like the language spoken in Denmark at the time of the map - if it's real...
Actually, Norwegians never spoke Bokmal. It looks like Danish, because it essentially is Danish. Norwegians spoke Norse, and wrote in Danish. Much like the middle ages where most of Europe spoke this language or that language, but everything was written in Latin.
Nynorsk was started in order to try and provide Norwegians with a written version of the language that they actually spoke, rather than continuing to force their children to learn a new language just to write in.
Icelandic is much closer to Old Norse than any surviving North Germanic language (which is the Scandinavian languages + Icelandic). Since they were isolated on an island, and were colonists, they tended towards linguistic conservation. A similar situation happened with English in the USA (only on a way smaller historical scale.)
Overall though, Nynorsk is about as similar to Icelandic as Danish/Bokmal, and Swedish are. The three "languages" are reasonably mutually intelligible, and mutually unintelligible with Icelandic.
I have a better question: "how do you force programmers to follow correct security in SELinux programming?"
And a few more: Shouldn't that be their goal t start with? Why the hell does it permit to map NULL into something that will not make the kernel panic? To debug?
There are two programming errors here actually.
1. Someone dereferenced an object before validating its inputs. 2. Someone in SELinux fucked shit up really bad, by creating a hole in a security module.
The first is addressed with my statement about how do you force a programmer to program in a secure manner.
The second was unaddressed, with a better statement being, "how do you enforce a plugin against violating the security protocols that you have set up, even if it purports to create a stronger security model than yours?"
The first is a matter of general programming, the second is a matter of handling security models, and design.
The first covers most flaws, the second covers things like WMF files being able to put in arbitrary code for a print error callback.
The quoted article is interesting. It's interesting because it shows that people can deal with bigoted people.
Guess what? That Neo-Nazi had to take orders from black officers. Blacks actually constitute a disproportionate part of the military, because it's an opportunity to bring themselves out of the disadvantaged situation that they disproportionately hold.
I find it interesting that people would try and push this story as something being done wrong. People want gays in the military? Well, grats, you get neo-nazis, too. Here's the difference, and the one and only thing were this doesn't apply. If any particular group of people create an environment where employees don't want to be in, then it's a violation of US law. (Whether you think it's moral or not is irrelevant.)
If that neo-nazi in the story had been offensive and harassing of his fellow soldiers, then his superior officers would have done something about it. Rather, they realized it was just a view of his, and joked around about it. Why? Because he did his job, and didn't let his opinions get in the way. This is obvious, because if he had refused to obey a superior officer who was black, which over the course of 2 years is a certainty, then they would have drummed him out of the military.
While it is certainly in bad taste to have officers voicing these opinions on a forum, what is even more absurd is the lack of integrity of these lawyers to file such an insane lawsuit. Was anything illegal even committed? Also worth noting that these same lawyers are tacking the "pool kids" case. I can't help but think that perhaps that story is a similar pile of "I'm a victim" bullshit. Its sad when people abuse race, because it leads to distrust of those who are actually being discriminated against and need help.
So, a bunch of black officers in a police station begin to distrust those other officers around them, because those other officers keep making racially bigoted statements.
Look, legal fact here, is that there is a question of fact about if the actions of the white officers have violated the law by creating a "hostile work environment" for black officers. One is not allowed to promote a work environment, where a protected class is feels that their status in that protect class is being used to harass them.
Questions of fact go to a jury or judge for decision, in this case, likely a jury. Just because you don't agree, or the public at large doesn't agree, does not mean that the case is a frivolous one.
Now, don't get me wrong, I could argue this from both sides. The police department could declare that since the website is a 3rd party website that they have no ability to enforce work policies upon it, and that filtering out the webpage would impose a prior constraint upon the rights of the individual officers, and thus would be illegal. It would also be important to stress that the police department has an anti-discrimination policy, and that the department neither endorses nor condones the behaviors of the individual officers.
The 3rd party to this is the bigoted police officers. Unfortunately, the only way that I would be able to argue that is that, sure the individual officer may be bigoted, but he kept it to himself, and didn't talk about it at work... oh wait, they did.
My (uninformed) guess is that one of these friendly security modules does some NULL-pointer handling and turns something that should be a hard fail into a soft error. There was an OpenSSH vulnerability a couple of years ago like this, where error-recovery code turned something that should have been a crash into a keep-running-in-an-undefined-state.
Just took a jaunt through the exploit code. Your guess is correct. SELinux seems to have an ability to defeat the mmap_min_addr protections that are supposed to block this sort of stuff.
I wonder sometimes if it's possible to be sufficiently pedantic about security to actually prevent stuff like this from happening.
I mean, really, the whole question of all of this is more "how do you force programmers to follow correct security in programming?"
I think the compiler is correct. If tun is null, then tun->sk is undefined and the compiler can do what even optimization it want.
So when the compiler see tun->sk it can assume that tun is not null, and do the optimization, because IF tun is null, then the program is invoked undefined behavier, which the compiler don't have to preserve/handle. (How do you keep the semantic of an undefined program??)
My favorite expression is that a proper implementation of undefined behavior may be to have monkeys fly out of the user's butt.
I agree, it's not really an error in GCC that someone implemented something wrong. A nice flag complaining that something is dereferenced before it's checked would be pretty nice...
Looking at the code, it's a pretty common behavior of programmers. "I'm setting up my variables, so I may as well initialize them with valid data." The problem is that you don't know if it's valid data if it's not a constant!
Say I own a company that supplies parts to automobile manufacturers. Say I also own stock in one of those automobile manufacturers. Say that automobile manufacturer violates a contract with my parts supplier. Is it crazy for me (the owner of the supplier) to sue the automobile manufacturer (which I also partly own)?
The article mentions other lien holders. It sounds to me like an entity is suing a pool of entities. If they win, then each member of that pool pays the first entity a share of the settlement. Having a stake in the losing side just means that they net only 80% of the settlement rather than 100%, not that the entire case is a wash.
Especially, with being the first and second lien holders. Let's say that there are 4 liens in addition to any that WF owns. If they win, they get 80% of the settlement, if they lose they have another run to get 100% of the settlement (which would be 80% of the original settlement)
Actually, for a 30 year mortgage at current interest rates, 1 years payments (if you include PMI and tax payments to an escrow account) would be around 1/10th the cost of the house. I'd be guessing the original poster didn't get the sweetest interest deal either, since it was an "investment" property, and banks tend to consider those higher risks.
It's still a stretch, but in some areas of the country, if you add vandalism to it, it's at least plausible.
I worked for Microsoft. I'm actually one of the few people who have compiled Windows.
They may have improved the build time since I worked for them, but the build times were a monotonously growing function of time when I left...
Can you share some tips on how to do nightly builds (that go beyond Wikipedia's article)? I'm not so concerned about speed (our product takes "only" about two hours) but are there tools to simplify screening the output of make -k or similar calls?
If you're in or near the Seattle area, then you could hire me, or I can work on consult.
If you're not in or near the Seattle area, I can do telecommute work as well, or you might even be able to fly me out for a short-term consult.
Other than that, there's little help in the way that I can provide help over the internet... most of the important stuff I know is what to do when things go wrong, and how to prepare against it.
Typically the worst that you can be hit for with copyright violation is fines
So, all your spouting of what can happen in a serious copyright infringement does not affect the truth of my statement that the typical case is someone committing non-criminal copyright infringement, which is by far the majority of violators.
Just to show how pedantic I am, I must however, point out that I made an error in that statement, since "typically" is an adverbial phrase, it need be set off from the rest of the sentence by a comma.
Moreover, in the US, mere DOWNLOADING is not infringement at all
The creation of a copy is a violation of the copyright reproduction right.
Wrong, you are granted by free-use to create a backup copy of all copyrighted material that you legally receive.
... under US law you are technically liable for copyright infringement for downloading and creating a copy of that work.
Ah, you've made it clear your mistake here. You are technically liable, however you are not criminally negligent, which is required for prosecution of a criminal act.
At best, it could be made a claim of "unjust enrichment", which requires simply the civil reimbursement of the cost for legal obtainment of the movie.
The legal burden is upon YOU to prove in court your innocent infringer status...
This is a civil liability, not a criminal liability. There are a number of civil liabilities that presume guilt until innocence is proved. Mainly, because civil decisions only need a "preponderance of evidence". Again, a civil liability cannot result in jail time.
you are still legally guilty of infringement and still hit with a $200 minimum damages per work.
Legally liable not "guilty".
I'm not DEFENDING that law - but yes that is in fact what US copyright law says. The nation would grind to a complete halt if we were to fully enforce all of the insane facts of our copyright law.
Again, it's civil liability, not criminal liability. In a case of civil liability it's the responsibility of the wronged (the one with "standing") to bring the matter to court. In the state of Washington, small claims court has a filing cost of $25, so if it's worth less than that for you, then there is no reason to sue. Not to mention that Small Claims Court of Washington doesn't allow granting of equity... thus you cannot sue someone in small claims court to stop doing something, you can only sue him for the damages caused. Normal civil court has filing fees of $200, and allows the defendant access to lawyers. So, seeking a granting of an injunction would be an even higher bar for bringing the matter to court.
In a case of criminal prosecution, the prosecutors are the ones to make the decision (most of the time) to bring the issue to court. There's a whole different level of weighing the worth of pushing this issue... but the easiest way to say it is that unless the prosecutor is convinced beyond a reasonable doubt, then he won't bring it to court, because if it's so easy for him to find reasonable doubt, then convincing 12 people that that reasonable doubt doesn't exist is pretty hard... well, as long as you're ethical.
Slashdot Mirror
Wow it must be nice to be able to force people to do whatever you want. If I could file a lawsuit to force slashdot to reveal the IP and email of every user that has ever insulted me and then sue them for 5000 each I'd be a very rich and happy man...
Should have went to law school....or had a wealthy mommy and daddy... or become an actor....
Reading about her interview and stuff, it turns out apparently potential new clients would ask her about the webpage, and what she was doing in the photos.
I rather find it crazy that the judge ruled that "skank" is not a term similar to "jerk" and that it denotes a matter of fact, rather than opinion.
I hate to say that the judge is a skank, because I could be charged with contempt of court, but seriously, someone needs to explain to that skank judge that skank is an opinion-charged insult, and not a statement of fact.
With the way the recession is currently in the US, it makes no sense for the US govt. to not only allow, but, in some cases expedite bringing foreigners in (or letting them in willy nilly across the border illegally) to fill jobs that our own citizens are in desperate need of...
That makes little sense, but I approve. In fact, as somebody who lives in Europe, I encourage every smart, qualified worker who doesn't feel welcome in the US to come over here. We'll get out of these economic problems by having smart people do innovative things. It doesn't really matter where they were born, but it does matter where they work.
I would be happy to come over to Europe to work, and live. I'm a well-qualified computer programmer. Would you be willing to hire me, so I can get my Arbeitserlaubnis?
If you're bitching that you need an iPhone even to use the source code
No, I'm bitching that I need a developer agreement in addition to an iPhone. Unlike the other examples you gave, this is not a hardware cost.
You don't need a developer agreement to use the binary... Unless I'm missing something, and Apple started making people pay in order to run an app that they downloaded from the AppStore.
If you're talking about the fact that you can't download and compile it yourself and run the binary... well, bitch at Apple, it's not the dev's fault.
I know you were just referring to a barrier for putting it on the app store as a free app
No, it's also a barrier for even using the compiled binary. The $99 isn't just for access to the App Store; it's also for access to install apps that you compiled on an iPod Touch PDA that you bought.
No, it's a barrier that you even need electricity at all! I can't play this on my tabletop with candles, (which even then requires the barrier for owning a table, and candles.. and fire.)
Look, there's a barrier to everything. I can't use SUSE ppc on anything but a PowerPC computer, I can't use Linux ia64 on anything but an Itanium, which are STILL stupid expensive.
That there is a barrier of entry to use the binary is stupid, and unimportant, because if the barrier of entry to use the binary is too high, then DON'T BUY OR DOWNLOAD THE BINARY!!!
If you're bitching that you need an iPhone even to use the source code, then download the source code, modify it for your platform of choice, and then make it interoperable with the iPhones.
I've just always wondered just where it is people are getting all this free beer.
Oddly enough, the place that I got the most free beer in my entire life was at Microsoft.
Of course with their FAIB browser, etc, they seem intent on using the concept of perk to coax people to buy their products.
I certainly didn't have much if any free speech at Microsoft.
That's awesome! I'm jealous. Your office makes my clone-like cubicle seem really mass-produced and depressing. Which it is. Every fucking day.
I'm jealous as well. I haven't worked in about a year!
Microsoft uses Perforce, which assuredly does have such identifiers. But there's a difference between some opaque id in a SCM (which at MS is actually some hyper-complex federated configuration) and a meaningful build tag you assign from the overall build management system, something higher level than just the SCM.
Actually, MSFT uses the build tag to create the SCM label for Perforce. So the build label (that "opaque id" in the build system that one can sync to in order to guarantee that the code was the same as that built for that build) is the same as the build tag.
A better approach is to use a SCM that has atomic checkins with unique identifiers. Then you sync to a specific checking id, and build from that. Time doesn't matter (and it is easy to make a mistake with time zones and all)
The build process actually clumps all the atomic checkins into a single label, and then that label is built. The timestamp is simply the start of the label's state. If something goes wrong during the build or something, then they can back a single checkin out of a build label, or they can include a single checkin into the build label. Once the build is finished, the build label is locked, and no one is supposed to change it. (In truth, only build staff even have the rights to change it, but then build staff gets crazy rights to everything in the source code.)
MSFT also doesn't have problems with timezones, because all of the developers on a project are in the same timezone, and if they're not in the same timezone then they understand that they are still subject to the Redmond, WA timezone checkin requirements.
So, you've made a few booboos here. First, you've assumed that MSFT was full of idiots when they designed their build system (they weren't), and you've assumed that your build environment is similar to the corporate environment at Microsoft. It is not.
I'm going to see how the adoption rates are for 7. I see a rocky road for MS; people are happy with XP, it's stable, and for most of us it's a f*cking desk. No amount of hype is going to convince me that I have to get a shinier pressboard and formica office desk; the one I have works just fine.
At Amazon, a lot of the desks are actually former doors. When they went and replaced all the doors, they just bolted legs onto the old ones and started handing them out.
It actually makes for a kind of cool MacGyver feeling at work.
Nah, it just took them 10 minutes to compile.
The build timestamp is the timestamp in the source control system used to sync all the files to. When compiling, one chooses a time slightly before when you started the process, or a time slightly in the future. Then the automated build process starts up, waits for the time to arrive, then syncs to the given timestamp, then runs the build process.
However, trust me, Windows takes well more time than even Gentoo to compile...
You apparently missed what I was trying to say. Icelandic was "stuck in time" because it was a colony, and isolated from the rest of the Scandinavian cultures. This means that the innovation produced by the main three languages did not spread to Iceland.
Being a colony, all of the people on Iceland spoke a similar and standardized dialect, rather than distributed entrenched dialects. It's very similar to the way that speciation of biological organisms go through. If you have a small isolated population, it will not experience the same rate of change that a larger population will.
Now, what I was meaning as to English, is that American English was developed from the standard Victorian-esque British English from that time. As there were no entrenched dialects, everyone had to communicate with a standard dialect, rather than a regional dialect. This produced a chilling effect on innovation in American English, while British English continued to change. Thus, American English is much closer to Victorian English than British English.
I am well aware of the various propositions for written Norwegian... which is precisely because Bokmal is essentially Danish, and does not conform well to the spoken dialects that are entrenched in Norway.
In any case, my original complaint of your post remains: one does not "speak" Bokmal, vs Nynorsk. One reads/writes them. In fact, regardless of if one reads or writes Bokmal or Nynorsk, one would speak the same Norwegian.
Zoom in on the actual southern coast of England. It looks like a hastily drawn zigzag. England must be fake.
In all seriousness, if authentic, the map predates the effective computation of longitude. You notice how the East/West elements of the map are stretched and skewed, far more than the North/South elements? You try accurately illustrating a fairly complex coastline when you can't say where you are on the East/West axis except by dead reckoning.
Actually, this provides some of the best evidence against it being authentic (ok, solely in my opinion.)
The reason why? Everything in Europe is distorted incredibly, however Greenland is about 90% accurate. So, either the Vikings never bothered to measure their own peninsula, or Britain properly, yet totally managed to survey Greenland with nearly modern accuracy... or, it's likely a fake.
Actually, Norway has two languages - Norwegian Bokmål ("Book language" - but also spoken - very similar to Danish) and Norwegian Nynorsk ("New Norwegian"). Norwegian Nynorsk might be more like Icelandic than Danish, but Norwegian Bokmål is essentially Danish. I guess it's because Norway was part of Denmark some time ago...
I'm a dane and I speak both Danish and Norwegian (Bokmål). I know some Norwegian Nynorsk, but not enough to carry a conversation. I've heard quite a bit of Icelandic, and I don't understand a word... well... yeah, I know one word... :-)
When it comes to it though, Icelandic is very much like the language spoken in Denmark at the time of the map - if it's real...
Actually, Norwegians never spoke Bokmal. It looks like Danish, because it essentially is Danish. Norwegians spoke Norse, and wrote in Danish. Much like the middle ages where most of Europe spoke this language or that language, but everything was written in Latin.
Nynorsk was started in order to try and provide Norwegians with a written version of the language that they actually spoke, rather than continuing to force their children to learn a new language just to write in.
Icelandic is much closer to Old Norse than any surviving North Germanic language (which is the Scandinavian languages + Icelandic). Since they were isolated on an island, and were colonists, they tended towards linguistic conservation. A similar situation happened with English in the USA (only on a way smaller historical scale.)
Overall though, Nynorsk is about as similar to Icelandic as Danish/Bokmal, and Swedish are. The three "languages" are reasonably mutually intelligible, and mutually unintelligible with Icelandic.
I have a better question: "how do you force programmers to follow correct security in SELinux programming?"
And a few more: Shouldn't that be their goal t start with? Why the hell does it permit to map NULL into something that will not make the kernel panic? To debug?
There are two programming errors here actually.
1. Someone dereferenced an object before validating its inputs.
2. Someone in SELinux fucked shit up really bad, by creating a hole in a security module.
The first is addressed with my statement about how do you force a programmer to program in a secure manner.
The second was unaddressed, with a better statement being, "how do you enforce a plugin against violating the security protocols that you have set up, even if it purports to create a stronger security model than yours?"
The first is a matter of general programming, the second is a matter of handling security models, and design.
The first covers most flaws, the second covers things like WMF files being able to put in arbitrary code for a print error callback.
The quoted article is interesting. It's interesting because it shows that people can deal with bigoted people.
Guess what? That Neo-Nazi had to take orders from black officers. Blacks actually constitute a disproportionate part of the military, because it's an opportunity to bring themselves out of the disadvantaged situation that they disproportionately hold.
I find it interesting that people would try and push this story as something being done wrong. People want gays in the military? Well, grats, you get neo-nazis, too. Here's the difference, and the one and only thing were this doesn't apply. If any particular group of people create an environment where employees don't want to be in, then it's a violation of US law. (Whether you think it's moral or not is irrelevant.)
If that neo-nazi in the story had been offensive and harassing of his fellow soldiers, then his superior officers would have done something about it. Rather, they realized it was just a view of his, and joked around about it. Why? Because he did his job, and didn't let his opinions get in the way. This is obvious, because if he had refused to obey a superior officer who was black, which over the course of 2 years is a certainty, then they would have drummed him out of the military.
While it is certainly in bad taste to have officers voicing these opinions on a forum, what is even more absurd is the lack of integrity of these lawyers to file such an insane lawsuit. Was anything illegal even committed? Also worth noting that these same lawyers are tacking the "pool kids" case. I can't help but think that perhaps that story is a similar pile of "I'm a victim" bullshit. Its sad when people abuse race, because it leads to distrust of those who are actually being discriminated against and need help.
So, a bunch of black officers in a police station begin to distrust those other officers around them, because those other officers keep making racially bigoted statements.
Look, legal fact here, is that there is a question of fact about if the actions of the white officers have violated the law by creating a "hostile work environment" for black officers. One is not allowed to promote a work environment, where a protected class is feels that their status in that protect class is being used to harass them.
Questions of fact go to a jury or judge for decision, in this case, likely a jury. Just because you don't agree, or the public at large doesn't agree, does not mean that the case is a frivolous one.
Now, don't get me wrong, I could argue this from both sides. The police department could declare that since the website is a 3rd party website that they have no ability to enforce work policies upon it, and that filtering out the webpage would impose a prior constraint upon the rights of the individual officers, and thus would be illegal. It would also be important to stress that the police department has an anti-discrimination policy, and that the department neither endorses nor condones the behaviors of the individual officers.
The 3rd party to this is the bigoted police officers. Unfortunately, the only way that I would be able to argue that is that, sure the individual officer may be bigoted, but he kept it to himself, and didn't talk about it at work... oh wait, they did.
My (uninformed) guess is that one of these friendly security modules does some NULL-pointer handling and turns something that should be a hard fail into a soft error. There was an OpenSSH vulnerability a couple of years ago like this, where error-recovery code turned something that should have been a crash into a keep-running-in-an-undefined-state.
Just took a jaunt through the exploit code. Your guess is correct. SELinux seems to have an ability to defeat the mmap_min_addr protections that are supposed to block this sort of stuff.
I wonder sometimes if it's possible to be sufficiently pedantic about security to actually prevent stuff like this from happening.
I mean, really, the whole question of all of this is more "how do you force programmers to follow correct security in programming?"
I think the compiler is correct. If tun is null, then tun->sk is undefined and the compiler can do what even optimization it want.
So when the compiler see tun->sk it can assume that tun is not null, and do the optimization, because IF tun is null, then the program is invoked undefined behavier, which the compiler don't have to preserve/handle. (How do you keep the semantic of an undefined program??)
My favorite expression is that a proper implementation of undefined behavior may be to have monkeys fly out of the user's butt.
I agree, it's not really an error in GCC that someone implemented something wrong. A nice flag complaining that something is dereferenced before it's checked would be pretty nice...
Looking at the code, it's a pretty common behavior of programmers. "I'm setting up my variables, so I may as well initialize them with valid data." The problem is that you don't know if it's valid data if it's not a constant!
Say I own a company that supplies parts to automobile manufacturers. Say I also own stock in one of those automobile manufacturers. Say that automobile manufacturer violates a contract with my parts supplier. Is it crazy for me (the owner of the supplier) to sue the automobile manufacturer (which I also partly own)?
The article mentions other lien holders. It sounds to me like an entity is suing a pool of entities. If they win, then each member of that pool pays the first entity a share of the settlement. Having a stake in the losing side just means that they net only 80% of the settlement rather than 100%, not that the entire case is a wash.
Especially, with being the first and second lien holders. Let's say that there are 4 liens in addition to any that WF owns. If they win, they get 80% of the settlement, if they lose they have another run to get 100% of the settlement (which would be 80% of the original settlement)
Actually, for a 30 year mortgage at current interest rates, 1 years payments (if you include PMI and tax payments to an escrow account) would be around 1/10th the cost of the house. I'd be guessing the original poster didn't get the sweetest interest deal either, since it was an "investment" property, and banks tend to consider those higher risks.
It's still a stretch, but in some areas of the country, if you add vandalism to it, it's at least plausible.
One word: Detroit.
I worked for Microsoft. I'm actually one of the few people who have compiled Windows.
They may have improved the build time since I worked for them, but the build times were a monotonously growing function of time when I left...
Can you share some tips on how to do nightly builds (that go beyond Wikipedia's article)? I'm not so concerned about speed (our product takes "only" about two hours) but are there tools to simplify screening the output of make -k or similar calls?
If you're in or near the Seattle area, then you could hire me, or I can work on consult.
If you're not in or near the Seattle area, I can do telecommute work as well, or you might even be able to fly me out for a short-term consult.
Other than that, there's little help in the way that I can provide help over the internet... most of the important stuff I know is what to do when things go wrong, and how to prepare against it.
the build times were a monotonously growing function of time when I left...
And I bet the monotony was monotonically increasing.
Where is my "+1, Yeah, that's what I meant" mod point?
Nice comment. One question: How do you know how long it takes to build windows? Is it public information? or do you work for Microsoft?
I worked for Microsoft. I'm actually one of the few people who have compiled Windows.
They may have improved the build time since I worked for them, but the build times were a monotonously growing function of time when I left...
I'll emphasize the word that you glossed over:
Typically the worst that you can be hit for with copyright violation is fines
So, all your spouting of what can happen in a serious copyright infringement does not affect the truth of my statement that the typical case is someone committing non-criminal copyright infringement, which is by far the majority of violators.
Just to show how pedantic I am, I must however, point out that I made an error in that statement, since "typically" is an adverbial phrase, it need be set off from the rest of the sentence by a comma.
Moreover, in the US, mere DOWNLOADING is not infringement at all
The creation of a copy is a violation of the copyright reproduction right.
Wrong, you are granted by free-use to create a backup copy of all copyrighted material that you legally receive.
... under US law you are technically liable for copyright infringement for downloading and creating a copy of that work.
Ah, you've made it clear your mistake here. You are technically liable, however you are not criminally negligent, which is required for prosecution of a criminal act.
At best, it could be made a claim of "unjust enrichment", which requires simply the civil reimbursement of the cost for legal obtainment of the movie.
The legal burden is upon YOU to prove in court your innocent infringer status...
This is a civil liability, not a criminal liability. There are a number of civil liabilities that presume guilt until innocence is proved. Mainly, because civil decisions only need a "preponderance of evidence". Again, a civil liability cannot result in jail time.
you are still legally guilty of infringement and still hit with a $200 minimum damages per work.
Legally liable not "guilty".
I'm not DEFENDING that law - but yes that is in fact what US copyright law says. The nation would grind to a complete halt if we were to fully enforce all of the insane facts of our copyright law.
Again, it's civil liability, not criminal liability. In a case of civil liability it's the responsibility of the wronged (the one with "standing") to bring the matter to court. In the state of Washington, small claims court has a filing cost of $25, so if it's worth less than that for you, then there is no reason to sue. Not to mention that Small Claims Court of Washington doesn't allow granting of equity... thus you cannot sue someone in small claims court to stop doing something, you can only sue him for the damages caused. Normal civil court has filing fees of $200, and allows the defendant access to lawyers. So, seeking a granting of an injunction would be an even higher bar for bringing the matter to court.
In a case of criminal prosecution, the prosecutors are the ones to make the decision (most of the time) to bring the issue to court. There's a whole different level of weighing the worth of pushing this issue... but the easiest way to say it is that unless the prosecutor is convinced beyond a reasonable doubt, then he won't bring it to court, because if it's so easy for him to find reasonable doubt, then convincing 12 people that that reasonable doubt doesn't exist is pretty hard... well, as long as you're ethical.