Slashdot Mirror

1. If the guest can take over the host, this is an EXTREME vulnerability. VMs are used for security research sandboxes, intrusion containment ... hosting providers tend to sell root access to Xen guests. The Xen privilaged parts (e.g. dom0) tend to run within trusted networks. This is as bad as a remote root hole - probably worse, because it can affect a lot more machines. See a write-up about a Gartner report fearing exactly this sort of hole.
2. Compare "lots of holes, usually fixed quickly" with "very few holes". Vulnerabilities should not exist in this sort of software, no matter how quickly fixed. Would you use SSH if vulnerabilities "happen almost daily, and are usually fixed quickly"? The rate of occurrence of bugs like this is indicative of code quality. Don't be an apologist where security software is concerned.

Good news... There are several reports that Firefox 2 uses less memory than IE 7. Only a small percentage of users ever had problems with memory usage to begin with.

I understand that. However, absolutely none of these people can report how to reproduce the problem, so no one can see what it is and it cannot be fixed. Additionally, as is said even in the famous InternetWeek article about Firefox 1.5 problems, it is clearly only a "on a small percentage of Windows, Mac, and Linux computers" that this problem occurs. The people who are not using those computers don't see any problem.

Just give us the code under a fine Free Software licence and we'll port the Firefox extentions framework

Oh, and also rip out everything that makes Opera kickass and took the company a long time to create and insert it into FireFox. That would be really good for Opera's business. Most Opera users I know (including myself) don't give a shit about firefox extensions, they like having all the features they need already integrated into the browser. When I get a new computer I go download the Opera installer and run it and import my settings and boom, I am up and running. With FireFox I would have to go download and install not only FF but also all of the extensions I wanted to use. FF is also very unstable compared to Opera: http://internetweek.cmp.com/174907404, could Opera be more stable because it is closed source and has dedicated developers working on it? I think so.

The biggest thing that annoys me about most (not all) open source projects is the quality of the code SUCKS (bad design, horrible commenting, doing things just so they work not so they work correctly, cutting corners, basically bad hacks). Most of it just cannot compete with software created by dedicated, paid, teams of developers. About the only open source projects that actually were properly developed and of good quality are projects that actual companies have open sourced.

You will never get the code and if because you cannot access the code you will not use Opera that is your own prerogative but you will be missing out on using the best browser available today which costs NO MONEY. It's your loss and you (along with the other open source zealots) will be the only people who care that Opera is closed source, rational people realize they are a business and they have their reasons to keep it closed source but they are very generous to allow the application to still be used for free.

I have been wondering who at Intel would be getting fired as a result of this SNAFU, and stumbled on this commentary http://techsearch.cmp.com/blog/archives/2006/06/do es_intel_xsca.html?loc=hardware/
that suggests that Otellini is actually buying himself some time with this sale.

"If Skype bows to FCC pressure (which they will) then they will not provide encryption in their service which means that the people using Skype won't be able to encrypt their calls."

http://www.philzimmermann.com/EN/zfone/

From the link: "Zfone uses a new protocol called ZRTP, which is better than the other approaches to secure VoIP, because it achieves security without reliance on a PKI, key certification, trust models, certificate authorities, or key management complexity that bedevils the email encryption world. It also does not rely on SIP signaling for the key management, and in fact does not rely on any servers at all. It performs its key agreements and key management in a purely peer-to-peer manner over the RTP packet stream. It interoperates with any standard SIP phone, but naturally only encrypts the call if you are calling another ZRTP client. This new protocol has been submitted to the IETF as a proposal for a public standard, to enable interoperability of SIP endpoints from different vendors."

If it's digital, its encrypt-able. They can monitor everything they want, but as long as VoIP goes through an internet connection (which is the whole point of VoIP), it's encrypt-able. The same goes for all things over the internet.

Remember, the NSA is already monitoring lots of internet and phone traffic. They're blanket tapping us all. Right now, if my connection is going out over an AT&T line, they are watching me. No longer is it just paranoia that we're all being watched. If you want privacy, don't just encrypt your phone conversations. Encrypt your searches, encrypt your email, encrypt your downloads, encrypt your files. The NSA may be able to see the traffic, but you can prevent them from red flagging you by your content.

It is no longer akin to an act of civil disobedience to run encryption, it is a survival tactic for what another poster called Joe Sixpack (aka Joe Bloe, John Smith, Average Joe).

Actually, if you go back and look at the rest of his blog, you'll find that he claims to be a developer. In fact, when he attended University of Tulsa, he was apparently surprised to find that some few students there were actually smarter than he was! So he's clearly a very smart developer!

No, but really, if you browse the rest of his blog, he just comes off sounding like a dumbass. Well, more of a dumbass than he sounds like just from this nonsense about unique visitors to his web site.

• Opera has none of these problems. So, the quote from the Mozillazine blog shown below, although it is typical, is not supported by the facts.
  
  
• Whatever causes the CPU hogging bug is definitely associated with extreme memory use. No doubt there are leaks, but this is not a leak, since it is not necessarily associated with greater use of Firefox.
  
  
• Users often report that just leaving Firefox open overnight causes CPU hogging and extreme memory use.
  
  
• The problems are the same in Mozilla browser.
  
  
• It's good to test Firefox with a laptop in a quiet environment. When you hear the laptop fan begin to run while there is no activity, you know Firefox has begun to suck CPU cycles.
  
  
• Putting a computer into standby or hibernation often makes the CPU hogging bug much worse. That's why Firefox users sometimes just leave their computers on.
  
  
• When a computer takes a long, long time to start from standby, you know Firefox is taking CPU cycles. What about coming out of standby makes Firefox unstable? No other program has that problem.
  
  

1. Being a scientist -- Often the most difficult programming is easier than the most difficult debugging. Often debugging requires creative scientific thinking. First, it is necessary to gather information. Second, make a theory that fits the facts. Third, design an experiment that tests the theory. Fourth, perform that experiment and analyze the results. Fifth, using the information that was learned, design a new theory, and repeat the steps above. The information that has been provided about Firefox instability is plenty to begin making theories.
2. Skill in social interaction -- Often the social interaction necessary to understanding what is needed and wanted is more difficult than any coding challenge. Social skills can be learned, and are part of being a good programmer.
3. Designing the user interface -- Only someone who has habits of caring for others can have the necessary detailed insight and creativity to discover how to do everything possible for the user.

Instead there are excuses:

Mozilla Top 12 Excuses

Top 12 things Firefox and Mozilla developers say about those who report difficult bugs, collected during the last 3 years:

1. Maybe this bug is fixed in the nightly build.
2. Yes, this bug exists, but other things are more important.
3. No one has posted a TalkBack report. [If they had read the bug report, they would know that there is never a TalkBack report, because the bug crashes TalkBack, too, or a TalkBack report is not generated.]
4. If you would just give us more information, we would fix this bug.
5. This bug report is a composite of other bugs, so this bug report is invalid. [The other bugs aren't specified.]
6. You are using Firefox in a way that would cras

1. Skill in social interaction -- Often the social interaction necessary to understanding what is needed and wanted is more difficult than any coding challenge. Social skills can be learned, and are part of being a good programmer.
   
   
2. Being a scientist -- Often the most difficult programming is easier than the most difficult debugging. Often debugging requires creative scientific thinking. First, it is necessary to gather information. Second, make a theory that fits the facts. Third, design an experiment that tests the theory. Fourth, perform that experiment and analyze the results. Fifth, using the information that was learned, design a new theory, and repeat the steps above.
   
   
3. Designing the user interface -- Only someone who has habits of caring for others can have the necessary detailed insight and creativity to discover how to do everything possible for the user.

1. Maybe this bug is fixed in the nightly build.
2. Yes, this bug exists, but other things are more important.
3. No one has posted a TalkBack report. (If they had read the bug report, they would know that there is never a TalkBack report, because the bug crashes TalkBack, too, or a TalkBack report is not generated.)
4. If you would just give us more information, we would fix this bug.
5. This bug report is a composite of other bugs, so this bug report is invalid. (The other bugs aren't specified.)
6. You are using Firefox in a way that would crash any software. (But the same use does not crash Opera.)
7. I don't like the way you worded your report. (So, I didn't read it or think about it.)
8. You should run a debugger and find what causes this problem yourself. (Then when you have done most of the work, tell us what causes the problem, and we may fix it.)
9. Many bugs that are filed aren't important to 99.99% of the users.
10. If you are saying bad things about Mozilla and Firefox, you must be trolling. (They say this even though Firefox and Mozilla instability is beginning to be reported in media such as Information Week.)

It's an ugly fact, but Firefox is the most unstable program in common use. For me, that's ugly because it is my favorite browser. Perhaps people get tired of the crashing and CPU hogging, and have moved to Opera, which has no stability problems that I'm able to detect.

The CPU and memory hogging bug in Firefox 1.5 is well known. In two extensive articles, Information Week reports that opening and closing many Firefox windows and tabs causes crashes and CPU and memory hogging. That kind of heavy user often sees Firefox consuming 99% CPU while idle and/or more than 400 Megabytes. See Firefox 1.5: Not Ready For Prime Time? and Firefox 1.5 Stability Problems? Readers And Mozilla Respond.

The bug seems to be due to insufficient allocation of resources inside Firefox, such as inadequate stack space. Those who use a browser to do extensive research, for example, are likely to have more windows and tabs open than the average user. Apparently Firefox developers did not plan for that.

The bug has been reported to Bugzilla, and is very easy to reproduce (see below), but Firefox developers have marked it invalid because there is not enough specific information! The bug has existed in Firefox for more than 2 years, and several people report that it is worse in Firefox 1.5. Firefox's Bugzilla does not allow direct links from Slashdot, so copy and paste Bugzilla URLs into a new tab. Remove the space:
https://bugzilla.mozilla.org/show_bug.cgi?id=131 456
https://bugzilla.mozilla.org/show_bug.cgi?id=222 660

See comments #48 and #49 of bug 222660 for an example of the symptoms under Windows XP. A typical Windows Task Manager screen shot attached to comment #49 shows the "I/O Other Bytes" increasing by 20K/second with no program activity. At that point, the bug was not yet showing the worst symptoms.

The huge memory use, and 94% CPU use or more with no activity, normally occur after opening and closing many Firefox windows and tabs, as happens when researching something on the internet over a period of hours or days. The bug symptoms are worse after putting the computer on standby or after hibernating. My experience has been that the memory and CPU hogging always occur together, so they appear to be the same bug. However, the CPU hogging symptom takes longer to appear. If the computer has perhaps 256 Megabytes of memory, the most obvious symptom at the beginning is hard disk thrashing.

You can demonstrate the memory use problem quickly by loading and closing the following large web page into multiple Firefox tabs a few times:
http://www.gnu.org/software/libc/manual/html_mono/ libc.html. To see the memory and CPU percentage used in Windows, right-click on the Taskbar and choose Task Manager. Choose the Processes tab.This demonstrates one aspect of the bug, but is not representative of big occuring in normal use, since that web page is huge.

Maybe the only solution is for a developer who knows the code to reproduce the problem and see what causes it. It is not clear to me why they are unwilling to do so. This bug seems especially interesting to me. It is likely that fixing this bug will fix other issues. It is likely that fixing this bug will make it easier to work on the Firefox code.

The bug has often been reported on Slashdot. Here are a few examples:
" >http://slashdot.org/comments.pl?sid=169676&cid=14 143632
http://slashdot.org/comments.pl?sid=168683&cid=140 62501
http://slashdot.org/comments.pl?sid=168683&cid=140 62671

It's an ugly fact, but Firefox is the most unstable program in common use. For me, that's ugly because it is my favorite browser. Perhaps people get tired of the crashing and CPU hogging, and have moved to Opera, which has no stability problems that I'm able to detect.

The CPU and memory hogging bug in Firefox 1.5 is well known. In two extensive articles, Information Week reports that opening and closing many Firefox windows and tabs causes crashes and CPU and memory hogging. That kind of heavy user often sees Firefox consuming 99% CPU while idle and/or more than 400 Megabytes. See Firefox 1.5: Not Ready For Prime Time? and Firefox 1.5 Stability Problems? Readers And Mozilla Respond.

The bug seems to be due to insufficient allocation of resources inside Firefox, such as inadequate stack space. Those who use a browser to do extensive research, for example, are likely to have more windows and tabs open than the average user. Apparently Firefox developers did not plan for that.

The bug has been reported to Bugzilla, and is very easy to reproduce (see below), but Firefox developers have marked it invalid because there is not enough specific information! The bug has existed in Firefox for more than 2 years, and several people report that it is worse in Firefox 1.5. Firefox's Bugzilla does not allow direct links from Slashdot, so copy and paste Bugzilla URLs into a new tab. Remove the space:
https://bugzilla.mozilla.org/show_bug.cgi?id=131 456
https://bugzilla.mozilla.org/show_bug.cgi?id=222 660

See comments #48 and #49 of bug 222660 for an example of the symptoms under Windows XP. A typical Windows Task Manager screen shot attached to comment #49 shows the "I/O Other Bytes" increasing by 20K/second with no program activity. At that point, the bug was not yet showing the worst symptoms.

The huge memory use, and 94% CPU use or more with no activity, normally occur after opening and closing many Firefox windows and tabs, as happens when researching something on the internet over a period of hours or days. The bug symptoms are worse after putting the computer on standby or after hibernating. My experience has been that the memory and CPU hogging always occur together, so they appear to be the same bug. However, the CPU hogging symptom takes longer to appear. If the computer has perhaps 256 Megabytes of memory, the most obvious symptom at the beginning is hard disk thrashing.

You can demonstrate the memory use problem quickly by loading and closing the following large web page into multiple Firefox tabs a few times:
http://www.gnu.org/software/libc/manual/html_mono/ libc.html. To see the memory and CPU percentage used in Windows, right-click on the Taskbar and choose Task Manager. Choose the Processes tab.This demonstrates one aspect of the bug, but is not representative of big occuring in normal use, since that web page is huge.

Maybe the only solution is for a developer who knows the code to reproduce the problem and see what causes it. It is not clear to me why they are unwilling to do so. This bug seems especially interesting to me. It is likely that fixing this bug will fix other issues. It is likely that fixing this bug will make it easier to work on the Firefox code.

The bug has often been reported on Slashdot. Here are a few examples:
" >http://slashdot.org/comments.pl?sid=169676&cid=14 143632
http://slashdot.org/comments.pl?sid=168683&cid=140 62501
http://slashdot.org/comments.pl?sid=168683&cid=140 62671

""we come together"? could a google/MS merger be in the works?"

Nah, Paula really meant the resolution to the Kai-Fu argument (a.k.a. popularly the Kung Fu argument).
http://internetweek.cmp.com/internetbusiness/17540 0164

...I was hoping to see a modification to a real wallet, not a wallet made out of duct tape with foil added...

And 49 willing vergins? C'mon, this is /., if it works it's fashionable...enough.

I bet even RMS wants one.

For those who do extensive research using a browser, Firefox has serious problems. Opening and closing many Firefox windows and tabs causes crashes and CPU and memory hogging. That kind of heavy user often sees Firefox using 99% CPU and/or more than 400 Megabytes. See these Information Week articles:

Firefox 1.5: Not Ready For Prime Time?

Firefox 1.5 Stability Problems? Readers And Mozilla Respond

The problems are the same in the Mozilla browser. Both have had a CPU and memory hogging bug for more than 2 1/2 years.

The evidence is that Mozilla leaders don't care. Quote from the second article linked above: "Schroepfer and Beard admitted that Mozilla is not working on any of the problems in our bulleted list except for the high memory usage issue. So problems like high CPU usage, program freezes and lock-ups, and long pauses before a tab or the browser opens from hyperlink clicks in other applications might not be fixed in the next version of the program."

For both Firefox and the Mozilla browser, there is a lot of talk about crashes and how to avoid them. Here are some quotes about crashes from the Known Issues for SeaMonkey 1.0 Beta page:

"A significant number of SeaMonkey crashes are actually caused by Java. Please make sure you are using the latest available version of Java."

"Sun's JRE will crash at startup if your useragent does not begin with Mozilla/5."

"Some SeaMonkey crashes are actually caused by Flash. Please make sure you are using the latest available Flash plugin (Bug 211213)."

"On Windows the Adobe SVG plugin crashes. Workaround: Don't copy it (NPSVG3.dll, NPSVG3.zip) into your plugins folder. If you want to view SVGs, SeaMonkey builds (except Linux GTK1) include native SVG support. (Bug 133567)"

Mozilla developers refuse to consider bugs that bug reporters cannot characterize completely. See this Slashdot comment: Leadership problem? See this list of excuses: 1) Maybe this bug is fixed in the nightly version. 2) Yes, this bug exists, but it isn't important. 3) No one has posted a TalkBack report. (If they read the bug report, they would know that there is never a TalkBack report, because the bug crashes TalkBack, too.) 4) If you would just give us more information, we would fix this bug. 5) This bug report is a composite of other bugs, so this bug report is invalid. (The other bugs aren't specified.) 6) You are using Firefox in a way that would crash any software. 7) I don't like the way you worded your report. 8) You should run a debugger and find what causes this problem yourself.

For those who do extensive research using a browser, Firefox has serious problems. Opening and closing many Firefox windows and tabs causes crashes and CPU and memory hogging. That kind of heavy user often sees Firefox using 99% CPU and/or more than 400 Megabytes. See these Information Week articles:

Firefox 1.5: Not Ready For Prime Time?

Firefox 1.5 Stability Problems? Readers And Mozilla Respond

The problems are the same in the Mozilla browser. Both have had a CPU and memory hogging bug for more than 2 1/2 years.

The evidence is that Mozilla leaders don't care. Quote from the second article linked above: "Schroepfer and Beard admitted that Mozilla is not working on any of the problems in our bulleted list except for the high memory usage issue. So problems like high CPU usage, program freezes and lock-ups, and long pauses before a tab or the browser opens from hyperlink clicks in other applications might not be fixed in the next version of the program."

For both Firefox and the Mozilla browser, there is a lot of talk about crashes and how to avoid them. Here are some quotes about crashes from the Known Issues for SeaMonkey 1.0 Beta page:

"A significant number of SeaMonkey crashes are actually caused by Java. Please make sure you are using the latest available version of Java."

"Sun's JRE will crash at startup if your useragent does not begin with Mozilla/5."

"Some SeaMonkey crashes are actually caused by Flash. Please make sure you are using the latest available Flash plugin (Bug 211213)."

"On Windows the Adobe SVG plugin crashes. Workaround: Don't copy it (NPSVG3.dll, NPSVG3.zip) into your plugins folder. If you want to view SVGs, SeaMonkey builds (except Linux GTK1) include native SVG support. (Bug 133567)"

Mozilla developers refuse to consider bugs that bug reporters cannot characterize completely. See this Slashdot comment: Leadership problem? See this list of excuses: 1) Maybe this bug is fixed in the nightly version. 2) Yes, this bug exists, but it isn't important. 3) No one has posted a TalkBack report. (If they read the bug report, they would know that there is never a TalkBack report, because the bug crashes TalkBack, too.) 4) If you would just give us more information, we would fix this bug. 5) This bug report is a composite of other bugs, so this bug report is invalid. (The other bugs aren't specified.) 6) You are using Firefox in a way that would crash any software. 7) I don't like the way you worded your report. 8) You should run a debugger and find what causes this problem yourself.

I find it obvious that they have absolutely no intention of changing from legacy MS-centric software to free software ...

Not very legacy, IBM used AIX in 2000 and prior years. M$/M$NBC got a crack at it for the first time in 2002. And had to use Akamai running Linux caches to bail their asses out as the sites couldn't handle the load. Maybe Windows Datacenter is cheap, but it scales poorly. IBM didn't have to do that.

A quote from an Internetweek article: http://internetweek.cmp.com/newslead01/lead102201. htm

MSNBC switched over to servers operated by service provider Akamai Technologies to serve entire pages of the site from distributed caches, but that process took two hours. Typically, MSNBC uses Akamai only to cache GIFs, and only once before, during the 2000 elections, did it have to call on Akamai to serve entire pages.

As for the main article content:

Costs for open source in China could yet derail the plans

Bullshit. This article came from the FUD foundries of Micro$oft. China has MILLIONS of Linux users and quite likely more programmers than all of North America combined. Besides they could shake the dust of the AIX code and compile it on Linux. And like Netgrear, Linksys, D-Link, and others sell and appliance to support the protection of Windows.

The real issue here is it takes so many Micro$oft systems to do the job it is impractical.

We don't know what you are referring to, so you should have more information about what you read.

When we click on the above link, we don't know if CWP is showing us something different than when you originally saw their site.

Indeed, that page has text which sounds like "we're too good for your eyes".

Unless they come up with a darn good reason why they chose to block referring URLs from Linux Today, I'll have to decide whether or not to continue receiving the publications (url is http://www.cmp.com/publist) of theirs I currently subscribe to.

If I'm not allowed to point others at articles of theirs I find interesting and useful, they are of no more use to me, personally or professionally.

Here's a reason.

Should voice their opinion by using the feedback
link for EE Times to express their displeasure with
the obviously biased garbage that Charles J. Murray
was nice enough to throw together haphazardly.

The mail feedback link is here:

EE Times Feedback

For those that don't use email with their browser:

The email address is: rkeane@cmp.com
The subject inserted by the webform is:
EE Times Feedback

I've already sent mine.

Maybe this is due to the fact that Linux is used in more "Mission Critical" applications. Therefore, the companies running Linux boxen are going to be more likely to keep their boxen secure and up to date.

For instance, most corporations have went to using Win2k for their desktops, yet it is rare to find a desktop Linux box. The TCO of a desktop is certainly less than that of a web server!!!

I'm going to guess that the lack of detail is intentional...

Of course with a little sleuthing, you can find out they're running IIS...and this page describes themselves as a marketing company (hey, it's the same company that owns TechWeb).

Go a little further and you find they're handing out awards for M$ ... but I think they way their site held up to a good slashdotting shows how good Win2k solutions are...

As a SysaAdmin (who never explicitly subscribed) to any of the 3 CMP/techweb publications I now receive weekly/biweekly/monthly or the electronic C|net shite I'm now eternally a "customer" of, it's pretty obvious who pays the bills for the (largely) waste of bandwidth reviews they provide. Wake up... they aren't going to bite they hands that feeds them - particularly MS or Oracle.

While you/I/every other jaded IT employee with half a brain can be critical of this two faced advertising driven BS, the individual with a tight grip on the purse strings for IT expenditures is getting the same mailings & treating them as dogma - because he doesn't know/care that he's being fed crap with a fancy ribbon around it.

Until the push-periodicals are no longer driven by big bucks advertising contracts & therefor biased coverage of these products, IT "managers" will have a steady supply of bullshit benchmarks & reviews IN WRITING to reinforce & perpetuate their decision making process.

-ct

O'Rielly Open Source Con

Linux Business Expo

Open Source Forum

Java One (yes, there are a LOT of apache people there)

CMP Event list (good list of conference/trade shows)

I am just a little curious if these Cons are just ways for the Apache group to make money while CLAIMING that they are open source. I can understand donations to fund the effort, but $1200/person is more on the scale of a "political contribution". Wait... that just must be my paranoia...

--
He had come like a thief in the night,

broken mailto

Here's what I sent (paraphrased from the discussion below - sorry if your quote is uncredited, sue me :P)

Regarding your article "MP3 Is Possible Culprit In CD Sales Slump", you neglected to mention four important facts.

1) CDs still cost the same as they did 10 years ago, even while their cost of production has gone down astronomically.

2) The RIAA has already played this game twice with us before. The first time, they said cassettes were killing vinyl. The second time, they pointed their fingers at used CDs.

3) According to the RIAA itself sales for the 15-25 group have been decreasing EVERY year since 1988.

4) The RIAA isn't what I would called unbiased espicially wrt mp3s.

Finally (and this is my opinion)

5) There is less worth buying. Year after year of mergers and consolidation have left commercial music a smear of homogenous crap.

And to quote the head of another monstrously slow-to-adapt, clueless megaconglomerate:

"The Middle Man Must Add Value."

Record companies have been ignoring this rule for at least 3 decades. Time for their just desserts.