This is a REAL Chicago winter... you kids have all gotten soft in the last 30 years. We used to have these all the time when I was a kid. I remember in about 1980, it had been this cold for sever days in a row so I had sever cabin fever (a condition resulting in the need to GET OUT OF THE HOUSE)... so I walked 1.2 miles in -40 temperatures to get to Montgomery Wards. (I just checked the distance using google maps) That's -40 REAL degrees (trivia: -40F == -40C), or -80F with the "Wind Chill".... I was very glad my dad came to pick me up and take me home, so I didn't need to make the return trip on foot.

Two pairs of jeans (the thick kind we used to have back then) were barely enough to keep my legs warm during that walk.

We've had these before, we'll have them again... shove off with the invented names like "Polar Vortex"... it's just WINTER. /rant

PS: Maybe it's cabin fever getting to me? ;-)

They thought the Civil war in the US would be over in an afternoon. People rushed into WWI, because the didn't want to miss it. The Germans thought they could roll through and capture Russia before taking over England, etc, repeating the mistake of Napoleon.

It's not about the first weeks of war... it's about the long fight that they all turn into... sure, we could have millions of cheap fancy Chinese made gizmos in our arsenal... but what happens if the war lasts long enough to need resupply?

I told you this would happen last year.

Not so fast... we all administer our own wallets, and we know not to send all our money to a PO Box in Nigeria. If there's no way to specify what can/can't be accessed, you get the default behavior you describe, because there really is no control. What we have now are systems just like EULAs, you either choose to run a program, or don't.

It doesn't have to be this way, and it wouldn't even cost much more to do it right. We could all have Orange Book A1 Secure computers, if we wanted to do the work as a community to make it so.

So, what these articles are both calling for is Capability Based Security, in which you feed a list of resources to the OS when you run a program. This has the pleasant and reasonable effect of limiting the side effects a program can do, and protects the user, the operating system, and everyone else on the internet.

The trusted systems of the 1980s required the Administrator to supply these lists... it could reasonably be done by users these days, because we're all system administrators of our own machines, when it comes down to brass tacks. It doesn't even have to look much different than what we're used to seeing. A capability based version of Word would ask the system to get a file... which would do so via a "powerbox" (a secure way of picking files which side-steps the application doing it directly).

I applaud this fellow traveler who seeks the same sane approach I've been shouting about for years. 8)

I, for one, do not wish to be hunted by any animals, nor rodents for that matter.

Troll? - Who moderated this troll?

If Obama actually defended the constitution from domestic enemies, he'd be dead within a month. Don't kid yourself about this. We live in an oligarchy, at best.

Well said. It seems that watching "lets play" videos on YouTube is the way they get interested in a game, then go off to play it themselves. Minecraft seems to be the current hit of my sproutlet, with an occasional burst of Spore. She spends more time watching than playing, however... which strikes me as bit odd, but hey, she's interested in something relatively safe to do.

They should have used Hugin, an open source GUI based on Panotools, for stitching that panorama, it could have dealt with the uneven light levels caused by falloff of the CCD, and made a much, MUCH nicer panorama out of it.

They need to visit the Vignetting page to learn how to fix things.

I had this idea for an FPGA design back in 1981... after reading Gilder's call to waste transistors... and I wonder if you think it might be worth doing even today? I believe that the design space for FPGAs may not have been adequately explored, and as a result we're all living with sub-optimal solutions.

It's very simple.. an orthogonal grid of 4 input, 4 output look up tables, wired to look like RAM to a host, and connect such that each output bit goes to one neighbor, and each input comes from a neighbor. Any logic function can be implemented in this manner (like all modern FPGAs). They could be clocked in A/B/A/B over B/A/B/A to eliminate race conditions, deadlocks, etc.

Bad cells could be routed around almost trivially... the big waste of course, is that without any dedicated routing fabric, all cells in the path of a given bit of data would have to handle it... and the propagation times would be long... but consistent. The advent of memristors makes this an extremely interesting idea to me, once again, as they make LUT costs almost zero.

So.. worth pursuing at all?

So, none of this mentions the lack of a proper security design in the Operating System. When someone says run a program, it let it use this much ram, this much cpu, and this folder.... that should be it.

But no existing commodity OS lets you do that, does it? Until capability based security becomes the norm, this will never be fixed, and information security jobs will flourish.

Let's go back to the way God intended it to be... local solar noon. Let the computers sort it out. ;-)

Capability based security is rooted in the principle of least privilege. The user decides what they wish the operating system to give the program access to, at run time. Just like you decide how much money to hand to a cashier at the checkout line, instead of giving them well defined limited access to your wallet and paypal account.

Trusting software is stupid, the only thing we should have to trust is the kernel of the operating system, and nothing else.

Progress is slowly being made in the use of capability based security. This will eventually (15-20 years from now) mean that computer security will be a solved problem.

Additionally, computer security can be outsourced and managed remotely, so it is likely to be commoditized, in much the same way as IT Administration was.

I would welcome limiting Comcast's ability to upload content to the internet. This would allow all the other content providers to blossom. 8)