Berkeley CSUA MOTD:Entry 36351
Berkeley CSUA MOTD
2018/03/24 [General] UID:1000 Activity:popular

2005/2/21-22 [Computer/SW/Security] UID:36351 Activity:very high
2/21    List of big design blunders in computer science, I'll start:
        \_ IP6 needed because IP4's running out (reality: NAT made IP4 more
           abundant hence IP6 adoption has been slow to a crawl)
        \_ IPv6 needed because IPv4's running out (reality: NAT made IPv4
           more abundant hence IPv6 adoption has been slow to a crawl)
           \_ That's not a design blunder; IPv6 is still needed, just not
              as quickly as was first anticipated.  -tom
           \_ NAT is a bad thing(tm). It breaks applications that need
              end to end connectivity. It also makes it difficult to
              manage large clusters of systems each using the same
              NAT address space. In the IPv4 world we have been stuck
              using overlay networks to deal with these problems. If
              everyone was using IPv6 people would not need these type
              of hacks.
              \_ I'm increasingly convinced that the future is IPv6
                 overlays that have to be negotiated/constructed dynamically
                 by some sort of link control protocol where all the
                 paranoid authz checks can be done by the folks who
                 think firewalls and NAT are the greatest thing since
                 sliced cables.
        \_ Therac 25, baby.
        \_ DOS, 640K RAM is enough for everyone (reality: never enough RAM)
           \_ Why is DOS a blunder? For many applications DOS works well
              enough (ex. my DSLR runs DOS and it works just fine).
        \_ gets(), strcpy(), strcat(), and all other C standard library
           functions that assume infinite buffer sizes.
           \_ C++, period. Ugly, ugly, ugly.
              \_ Go away troll.
        \_ Y2K: first the prevelance of the bug, then the overblown reaction
           to it
           \_ bug != design decision.  People designed systems with two digits
              to hold the year because it was the right design tradeoff at the
              time.  If any of the designers really expected the systems to
              stay in use for literally decades they would have decided
              \_ wouldn't it have been more space efficient to represent the
                 year as a single byte, offset from 1900? that would have kept
                 them safe until 2155 and saved a byte. Would that have been
                 more computationally expensive?
                 \_ You obviously aren't familiar with BCD and its prevalence
                    in the financial world.
        \_ Microsoft Bob. -gm
           \_ I just looked at it. It actually seems pretty cool albeit the
              primitive looking GUI. What happened to it?
              \_ I was referring in particular to its "password reset" feature,
                 which would prompt you for a new password if you entered the
                 wrong password three times. As for Bob in general, I don't
                 think it was ever really adopted, and its purpose (make the
                 Windows UI easier to use) became obsolete. -gm
                 \_ The password thing is just an implementation fuckup. -John
            --Professor Larry "The Slammer" Rowe.
            \_ slammer?
        \_ JavaScript. Language sucks, feature sucks, security sucks.
           \_ That's ECMAscript beotch!!!
        \_ The unification of data types and conceptual types in programming
           languages.  Unification isn't even the right word, because these
           two generally have not been separated to begin with.
           Also, the general philosophy of early CS pioneers of designing
           for non-malicious, cooperative use.  We are still dealing with the
           repercussions of THAT (unsafe languages, problems with network
           protocols, etc). -- ilyas
           protocols, etc).
           Designing languages for the 'average case' rather than the
           'best case' (I am talking about users of languages).  Designing for
           the average gives you Java. -- ilyas
        \_ Multics. The entire x86 security ring architecture. Java.
           SMTP (sans authentication).
           \_ Java? Yeah, that's big design blunder -- a language that is
              easy to program in and works on all sorts of different devices,
              not to mention fuels my paycheck every month.  Maybe the
              transistor is another big mistake?
           \_ I see your "Multics" and raise you a "Nachos". -gm
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2018/03/24 [General] UID:1000 Activity:popular

You may also be interested in these entries...
2012/8/26-11/7 [Computer/SW/Security] UID:54465 Activity:nil
8/26    Poll: how many of you pub/priv key users: 1) use private keys that
        are not password protected 2) password protect your private keys
        but don't use ssh-agent 3) use ssh-agent:
        1) .
        2) ..
        3) ...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
2012/8/7-10/17 [Computer/SW/Security] UID:54455 Activity:nil
8/6     Amazon and Apple have lame security policies:
        "First you call Amazon and tell them you are the account holder, and
         want to add a credit card number to the account. All you need is the
         name on the account, an associated e-mail address, and the billing
         address. "
2012/7/18-8/19 [Health/Men, Computer/SW/Security] UID:54438 Activity:nil
7/18    "Largest penis record holder arouses security suspicions at airport" (
        \_ I often have that same problem.
        \_ I think the headline writer had some fun with that one.
           \_ One time when I glanced over a Yahoo News headline "U.S. busts
              largest-ever identity theft ring" all I saw was "U.S. busts
2012/4/23-6/1 [Computer/SW/WWW/Browsers] UID:54360 Activity:nil
4/19    My Firefox 3.6.28 pops up a Software Update box that reads "Your
        version of Firefox will soon be vulnerable to online attacks."  Are
        they planning to turn off some security feature in my version of
        \_ Not as such, no, but they're no longer developing this version,
           so if a 3.6.x-targeted hack shows up, you're not going to get
2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil
11/8    ObM$Sucks
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
2011/11/11-30 [Computer/SW/Security] UID:54224 Activity:nil
11/11   MacOSX's Sandbox security hole: [arstechnica]