Mod parent up.

That's correct. The best known demonstration of this is the Microsoft Static Driver Verifier, which every signed driver since Windows 7 has passed. It's a proof of correctness system which checks drivers for buffer overflows, bad pointers, and bad parameters to the APIs drivers use. It works by symbolically tracing through the program, forking off a sub-analysis at each branch point. It can be slow, but it works.

Microsoft Research reports that in about 5% of the cases, the Verifier cannot reach a decision. It can't find a bug, but it can't demonstrate the lack of one either. After 45 minutes of case analysis it gives up.

If your driver is such a mess that it's anywhere near undecidable, it's broken. Those drivers get rewritten with a less ambiguous design, usually by adding more run-time checks. Problem solved.

(Remember when driver bugs crashed Windows all the time? Notice that's not happening any more? That's why.)

No, they can't and it shows.

A STRANGE GAME ... THE ONLY WINNING MOVE IS NOT TO PLAY.

HOW ABOUT A NICE GAME OF CHESS?

anti-lameness: qq ww ee rr tt yy uu ii oo pp aa ss dd ff gg hh jj kk ll zz xx cc vv bb nn mm

Does it make me a crony capitalist or a welfare queen when I decide I'd rather the power go to those I can vote out of office than those I can't?

If you think voting significantly changes the government, that just makes you naive. The bureaucrats run most things and are unaccountable.

If the entire government became Libertarian today, it would take less than 10 years for corporations to take total control of governance

Do you mean they'd have private armies in the streets? Like in the US from 1776-1870, before permanent corporations were legal?

I already pay a small fortune in school tax. Let them find the money for it from there.

Last I checked, my local government school has a 3 meg connection because that's what Comcast gives them for free. They have a three million dollar budget but can't find $3000 a year to upgrade that to a hundred meg.

It could be that after all the teachers' salaries and benefits are paid for they don't have any money left (and considering the reams of copy paper we get home...) or it could be that high-speed internet allows remote teaching which is seen as a threat to union jobs.

I do work for one private school (area towns tuition their kids there) and they paid a lot of money to get fiber brought to their facility.

The incentives are aligned differently.

I fail to understand the reasoning for choice as well.

I think I get this.

One example: I have a handful of shell and perl scripts that I use to manage virtual machine interdependencies at startup time - this vm needs to be listening on this port before I can think about starting this other vm, etc. and I express that in a JSON tree for configuration.

I've recently been noticing that the dependency "engine" is a bit buggy and also duplicates much of what systemd already provides (pre-dating it by some years), so I'm going to look at making it work with systemd instead and cutting out a bunch of the code. That also gets me pretty easy dependency tracking on various filesystem mounts, network status, etc., so it could be better than 'sleep 20' in some spots.

Now, if I wanted to offer that up to the community, somebody could choose to package that into Debian. Assuming my experiment works, systemd would be a hard requirement to use this particular system.

Somebody in the Debian community proposed that for this package to be accepted I would also have to [re]write another dependency engine and support that. I can't see doing that if the systemd approach works.

Does it make sense that people who don't want to run systemd (which is fine) also can't impose additional work on developers who do want to use systemd?

This is the problem with outsourcing manufacturing and keeping the "brand". Eventually, if they're good, the outsourcing company takes over. It's about time for this to happen to Apple. The hardware is approaching maturity. The last rev of the iPhone was only a minor change over the previous one, and the technology was comparable to HTC's product of two years ago.

The "let" keyword is not the same thing as "let blocks" and "let expressions".

The keyword looks like this:

    let x = 5;

and is in ES6. A let block or let expression (neither of which is in ES6) looks like this:

    let (x = 5) alert(x);

so that "x" is only in scope for the duration of the let block. It's syntactic sugar for:

{
    let x = 5;
    alert(x);
}

especially since storing the bitcoin keys can't really be seen as presenting any sort of hardship to them

I would have just guessed that Lockheed Services is charging them $400K/mo to store them.

I was going to say $40K/mo, but you know, the first rule of government contracting.

in a nice posh fortune 500 org where such resources are available to HIM

In many cases this can be true, but consider a case where there's a zero-day in the MS TLS implementation. The only possible thing that can be done here is to have a pre-existing TLS interception mechanism deployed (local CA root on workstations with on-the-fly cert regeneration on the proxy) and have that be on a non-MS platform.

Even if that's a good idea, many F500 companies won't have that deployed, much less the F50000.

There are some situations where not only is extensive testing not possible, it's the stupid decision. I realize many corp-o-drones have CYA policies to hide behind while they make bad decisions, but I still would not want to be the guy who followed policy and got his internal network completely infested.

Windows Server 2003 Service Pack 2 (Critical)

Since XP and 2003 usually go together. I didn't find a technical discussion link on the advisory but if this is the buffer overflow in the TLS library that has been making the rounds recently, this could be the one that finally kills the XP machines on the 'net.

Unless Microsoft backpedals again and enables the XP holdouts for a while longer.
 

If you roll out your patches the moment they come in, you are a retard ... do you enjoy running around like a headless chicken when theres a compatibility conflict?

If only security were so binary - in the real world it's a constant process of risk/reward calculations.

Is this the vulnerability the boards have been buzzing about that gives a remote code exploit by merely visiting a malicious TLS server? If so, having all your end-user machines pwned inside the firewall is not better than the risk of a compatibility conflict. One cripples an organization, the other, at worst, breaks one app.

Have they been learning from the politicians and lobbyists?

Of course - who do you think has been attacking them for the past couple years? Now, they will say that Uber started it by threatening their 17th-Century business model of cartels and thugs, but only one actor is holding the guns.

There's an outside chance that some journalists 'investigating' Uber full-time are completely independent and not colluding with the thugs, but let's not be naieve about how the government-media complex operates.

That said, this dope from Uber should just shut up about it, and they should uncover those ties, not the personal foibles of the opposition (if for no other reason than that nobody cares).

Not quite. Cities have established local insurance requirements, and they require cab drivers to provide certain standards of proof that they meet the requirements. For example, NYC has a certain standard policy that all cab drivers have to buy. They get a certificate, with an expiration date, to demonstrate that they've bought that policy.

In NYC Uber could meet that requirement by hiring only licensed cab drivers with that insurance certificate, which I think they do. Otherwise, there's no assurance that they have equivalent coverage, and they probably don't. They could say they have equivalent coverage, but how do we know?

For example, as I recall the case, an Uber driver in California killed a child, and Uber said they had no liability because the driver wasn't carrying a passenger or picking up a passenger, he was waiting for a call. Company lawyers always come up with things like that. Then, as a result of the bad publicity, Uber decided to cover it after all.

The purpose of auto liability insurance is to make sure injured people are compensated under all reasonably forseeable circumstances, and one of the reasons we have insurance regulators is to examine those policies and make sure they do cover them.

New York City personal injury lawyers can tell you of lots of cases in which a taxi horribly injured a passenger or a pedestrian, the cost of medical expenses alone exceeded its $100,000 liability policy, the driver didn't have assets to cover it, and went bankrupt, or went back to Pakistan or the Dominican Republic. They can tell you about insurance companies where somebody committed fraud and they didn't have enough assets to cover their claims. The reason we have regulations is to make sure that people who are injured by others will get compensation.

In the U.S., insurance is complicated, because every state, and every jurisdiction, has its own requirements. That's the price we pay for local choice. (The alternative is a national dictator.) Uber probably can't come up with one national insurance policy that will satisfy the requirements of every jurisdiction. (Hertz has a large insurance department, and a large litigation department.) Uber can't just say, "Oh, we're transformational, we'll just ignore local laws and do it our own way." Driving people from A to B is easy. Convincing local jurisdictions that you meet their insurance and other requirements is the hard part.

Evidence, in the way that in medicine we have randomized controlled trials to prove that lowering blood pressure saves lives? No, but we seldom have that kind of evidence in public policy. (Or even in medicine.) It seems reasonable that if we put people in jail for robbing grocery stores, they'll be less likely to rob grocery stores, but there's no randomized trials to prove it. It isn't perfect, but it seems reasonable, and we have to do something to keep crime as low as possible, so we do it.

I am often reminded of the way women are concerned about safety. There are several cases in the newspapers which a woman took a cab (or an unlicensed ride) home from a bar because she was drunk, and was sexually assaulted. I guarantee you that women overwhelmingly don't want to take a chance on getting a driver who served time in jail for a violent crime, and women want their drivers to have criminal background checks. Their everyday experience is enough evidence for them. Lawmakers know it, and they provide regulations to accommodate them.

A quick Google search for "uber drivers criminal" will turn up evidence. http://www.nbclosangeles.com/n... http://pando.com/2014/01/06/ex...

But that's not the point. Who has the burden of proof? Do I as a passenger have to prove that when Uber takes over the market, they won't be as safe? Or does Uber have to prove that they're as safe before they take over the market? There's a principle in science that the burden of proof is on the innovator. I think that applies here. At any rate, that's what most legislatures are going to say.

And what about a medallion? Bonding? And is race discrimination a problem at Uber or Lyft (or in any cab company these days)?

Bonding is part of insurance. There's a good reason for it.

There is a good reason and a bad reason for a medallion. The experience is that when anybody can set himself up as a cab driver, the streets become blocked with traffic (like India), and no one can get through the traffic jams. The streets are built by the government, and whether they like it or not, governments have to regulate traffic. So good reason is that they have a right to restrict the number of medallions to keep the streets usable. The bad reason is that cab drivers, like barbers, want to limit competition. But is it a good public policy to throw open the cab driving business to any anyone in the world who can buy a plane ticket to New York and is willing to work for $4 an hour? I'm not prepared to say yes.

One of the ongoing problems with street cabs is that they often don't pick up black passengers. (Although I know a black woman who always takes a cab home to Brooklyn in the evening.) Uber may have an advantage there. They may have an advantage in making it more difficult for an anonymous passenger to rob them. I'd be interested in any evidence.

Well thank you. One can sometimes find a rational discussion on the Internet, although it takes some searching.

I'm trying to make a more rational world, although most of the time it seems like an impossible task.

The military has run short courses for electronic technicians and paramedics for decades. Paramedic boot camp is about 14 weeks.