enntwo's comments

On a Windows/Hospital related note, I heard this antecdote in a class, any confirmation if true or source? Seems very plausible and likely.

During an operation, one of the OR monitoring devices went down because it was running on Windows and was neglected for some period of time, causing Windows to do an automatic reboot for a "Critical Windows Update."

Of course, seeing a necessary piece of OR equipment go down due to a Windows setting didn't make anyone happy, so the response was to remove automatic update from all of the Windows boxes in the Hospital. Not just mission critical ones, all of them: Secratary's machies, Nurse's machines, IT machines, etc. Fast forwood some months/years, no manual updates were done either, and with automatic ones turned off, a virus came across through a worker's computer and wiped out everything.

True or not, I still think it is a good story for how not to handle security issues.

I have to agree. I really like the concept of the service, and I am sure it will find some niches, but I don't think I have ever considered "...like X, but better..." a strong marketing argument.

I would suggest just comparing it to Heroku and then specifying how your service is different, instead of making a claim about how one should be valued over the other.

Best of luck regardless.

If you use something enough, and truly want to understand it, then I assume you know all about some programmers, and that enough others are like you that these people can be considered famous.

It also seems laughable to think that those programmers who are considered famous do not benefit from it in the industry.

Off the top of my head: John Resig Matz Steve Yegges Shawn Hargreaves _why

And assuming you have been to one conference, or dug a little bit deeper, I am sure you know much of the core team and library teams around a technology too.

I am not sure what qualifies someone as famous, but I would be surprised if these people did not qualify given the right fields.

Just because you don't know about them doesnt mean thousands of other people don't.

It just spun around a bunch and then the feed cut. Is the show over or did something happen?

My main argument is now that they have allowed public comments and such backlash occurred, they cannot feasibly double back on it. Any purging of comments would only further feed the fire and damage there PR as you mentioned.

I don't believe that the avoiding the creation of a public forum on your service's site is surpessing information and communications though, but I will agree that once one is made it must be dealy with judiciously and should not have its contents purged or modified after the fact just because they are not in the companies best interest. This would only hurt further, and from what we have seen so far here, ZenDesk has left all the comments intact.

I also don't think such a backlash would be felt if originated from elsewhere, even from many other sources. The main issue here is that all of the users who are first discovering the issue have no time to think about how it truly effects there business, but are only tossed into a frenzy of doubt and anger.

Many of the users would not know about the complaints and discussions on twitter, and there competitors would not be getting so much attention if it were not directly linked and discussed on their page.

Of course I cannot know how much different it would be if they did not provide such a public discussion area, but it seems now they have provided a universal entry point into the user-mob that they must actually maintain.

I have had this book on my shelf for a few months now, yet I had never read it, nor really planned on it.

That's different now, I will try to start tonight.

Regardless of who's side you fall on, I think this is a pretty good example of why allowing public comments is a bit of a dangerous move.

(Clearly the more dangerous move here was the price hike, but I do not know the internals of the company that led to the decision, or the interest that it was in, so I will not comment on that so much.)

It is tough to imagine them recoverving from the sort of mob-rule that has formed in that comment thread, even if they restore current pricing plans. So much doubt was created amongst the users, which of course spread to twitter, here, and others, and you can see the discussion clearly degrade from concern to rage.

Public interaction with users can be helpful to show a personal side of the company and try to show a strong effort for support/interaction, but do not forget that this risk exists. As with anything, use with caution.

Thank you for this, this was apparently fixed in .NET 4.0 which I was unaware of.

I think there is still some validity in my post in confusing whether you are using native accessing or routing through an additional tool/library, but the fix definitely elimates the performance hit I was discussing, so much of my post was in error.

edit: Also 3.5 it seems, I need to be more up-to-date with my concerns.

Many people find function chaining more intuitive to read, or enjoy it more after being exposed to it for a period of time. The reason that functions are used to set flags or parameters is one of the basises of functional programming, which is to remove side effects.

In the above example, the state of employees is the same after the execution of the statement as it was before, if you were to set the "Parallel" flag or "Ordered" flag before hand each as their own assignment statement, then you would have modified the initial object and created a side effect.

I am not challenging your opinion, but simply answering your question as to why.

One small caution when using LINQ, especially in performance critical areas (XNA for instance): .Count and .Count() are dramatically difference in performance, when simply looking for the size of an array or list, be sure to use the .Count property as it is orders of magnitude faster. If you are using LINQ else where, .Count() will achieve the same behavior but will be much slower, so it can be a tough optimization to track down.

It was worded a bit awkward, but again the goal is not to eliminate the boilerplate code, but to abstract it to a level where you only need to write it once.

It is mindsets like his that destroy and stagnate langauges, and fill them with bloat to support outdated legacy code.

I don't see why anyone should be truly content with a platform or environment that refuses to evolve, progress will obviously cause breaking changes, but in the far majority of cases, the resulting fix will improve the existing application.

If someone is too lazy to take the chance to improve an application of their own, then they truly don't care about it in the first place, but then again if they are statisfied with the stagnation of their entire platofrm and environment, it makes sense that they would be statisfied with the stagnation of their own programs as well.

Software evolves, poor programmers complain and resist, good programmers go with the flow, but great programmers embrace this.

If Google offered its first public services in '98, where did these posts originate from? Did Google merge an existing message board system into Groups when it was released?

The module used in the article was simply to demo the exploit. It could be used against any null deference vulnerabilities found in current kernels (the article uses a recent one as an example as well).

The point of the article is to demonstrate why they are dangerous, and how they are exploited, not to provide an example of a current vulnerabilty.

If you found such a vulnerabilty (which does happen, hence the example given in the article) you would be able to use this technique to root. (Assuming you were able to circumvent mid address limition on mmap, which the author says used to be, and possibly still is feasible.)

The title seems to accurately describe the article, given a "kernel NULL pointer vulnerabilty" here is how to root it.

I think you are missing the point. First, the article doesn't care what you want.

Second, it is using the current population density of Brooklyn, and that is with the current transportation infrastructure. If your foreseeable maximum travel distance was 100 miles, none of this would be necessary. It is very unlikely you or 99% of the people would need cars. Transportation would be optimized for mass transit/walking/biking. It would probably feel less crowded than current day brooklyn.

Do you refer to the long flat ones at airports as lateralscalators, forwardscalators, or orthangonalscalators?

The author is arguing that it is good enough, and going any farther is unnecessary complicated. However, the use of a static salt or modifier, in this case "foo" does not change much if anything to the attacker. All portions of the salt should be random based on the user or account, so that for each individual account, an entire rainbow table would have to be created, which even with distributed cloud computing would be too expensive.

There was an article linked a while ago that plotted prices to crack common hashes using Amazon's cloud, and even for 8 length alphanumeric + symbol it was over $50,000 of estimated computing, adding a significant unique salt (username in this case) would make it unjustifiable from a monetary point of view.

Very cool, but I have to question one statement from the article.

"""The coconut-carrying behavior makes the veined octopus the newest member of the elite club of tool-using animals—and the first member without a backbone, researchers say."""

What about hermit crabs, trap door spiders, and those crabs that build refuse that they find on their shells as camo?

In each of these cases the organism is using an external object(s) as a form of shelter/protection/camo, in the same way the octopus is. While we are more accustomed to them as they are common, there seems to be very few differences in behavior. We are simply seeing the first generation of a new trait amongst some octopi. Of course any new trait, especially one as nifty as this is cool, it seems like a stretch to call them the first invertibrate tool-user.

It is a nice thought, but it does seem to not fall under the scope of the prize.

It would probably make more sense to pursue the creation of a Nobel (or other global prize) category for Compuational/Information Sciences. The impact of progress in this field have just as much, if not more, of an effect on the world today as the other Nobel fields (Chemsitry, Biology, etc.) Note: I am not saying this is a realistic possibility, but it is probably more likely than a computer scientist winning the peace prize.

It seems like there are plenty of people in the field (as well as other Engineering related fields that are more relevant to the world now than they were during the creation of the Nobel prizes) that justify a global acknowledgement. Considering the importance of the internet in global daily life, and the fact that now jQuery is used on 1/5th of the world's websites, it seems Resig has had enough influence on the world to deserve metion too. Remember, the Nobel prizes stress more recent accomplishments over past successes.

Many of the techinical people I know play go, or atleast know of it. I'm not sure if there is a direct correlation, but generally the stronger they are at Go, the better of a programmer and learner they are in general.

If anyone here is interested in learning or playing, I am about 2d on KGS (nickBlake) and would be willing to play or teach anyone.