Slashdot Mirror

Well, Web Techniques was a great magazine - until it became "New Architect" (puke) and died a death. The Perl Journal was another great read - until it got swallowed up by DDJ. These days, there's still a few good ones - The Perl Review for example, but yes, most are just humungous adverts. These are great for the bathroom/commute (not if you're driving though!) - two places where I won't use a laptop :) So I can continue to geek when not at the PC. So there is a small market for them :)

This sounds like the classic Framework versus Library debate. Some good reading:

The Dojo mailing list thread "dojo: framework vs library"
http://dojotoolkit.org/pipermail/dojo-interest/200 5-May/000231.html

Joel Spolsky's "Why I Hate Frameworks"
http://discuss.joelonsoftware.com/default.asp?joel .3.219431.12

Arnon Rotem-Gal-Oz's "Frameworks vs. Libraries"
http://www.ddj.com/blog/architectblog/archives/200 6/07/frameworks_vs_l.html

That being said, there are plenty of features in Prototype which are more library-like than framework-like, so it is easy to use parts of it without buying into a whole framework methodology. I don't know much about the other evaluated tools.

That's garbage. Tech support reasons were hardly what was behind the AARD code.

First of all, the code *is* present in the final win.com. What's different is that they added a flag byte in the final version to control if the error message should appear or not. A one byte patch will make the "error" message re-appear in the final code. Basically, they patched around it once caught. In all likelihood, their lawyers figured out it wasn't a great idea.

Why did the code present a confusing bug like error message of "Non-Fatal error detected: error #2726" rather than a simple "MS-DOS not found" message? The code didn't even check for something *useful*, like checking the data structures to verify that they contain information they're going to need later.

And if this code was so benign, why was it using all the tricks that copy protection routines used, self modifying code, XOR encryption, anti-debugger tricks? Why spend developer hours *hiding* this code? They had nothing better to do? Time on their hands, Windows was finished, they're just waiting for the release date, so what the heck, let's try our hand at obfuscating some code for fun.

And Microsoft has never purposefully designed their OS to interfere with another competitors product.

The main issue with threaded programming is creating reliable programs. With multiple cores, you get a much higher level of parallelism than we have seen before.

There is a great (though depressing) paper that discusses the challenges:

http://www.ddj.com/dept/64bit/196901362?cid=RSSfee d_DDJ_All -- a very brief summary/review
http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EE CS-2006-1.pdf -- full paper

There are a number of source for the information I was quoting. By far the best "original" source of information about the early history of IC production can be found at:

http://technetcast.ddj.com/tnc_catalog.html?item_i d=393

This is a lecture given by none other than Gordon Moore (of Moore's Law fame) that goes into the history of ICs.

There was also some time about (about a year or so, perhaps a little longer) a /. story about the Apollo Guidance Computer and an attempt to completely recreate it as a part of a home simulator. For details about this project, you can look at this website for some much futher information:

http://klabs.org/history/build_agc/

There is other information that I've picked up over the years as well, but these are two sources to get you started if you are really interested in some of the early history of the Apollo mission computers. Of course Wikipedia is also available with some other outstanding information if you look up "Apollo Guidance Computer", particularly if you read through the sources to generate the Wikipedia article.

You can't get around the fact that Java simply does not have those many important features I listed (and linked to their definitions on Wikipedia), which are all extremely useful for implementing things like Relax/NG validators.

James Clark, the guy who wrote the Haskell code, is the SAME guy who wrote the Java code, and he's written a whole lot of other complex Java code, as well as many other languages, and also designed and implemented many XML standards. FYI, he served as the technical lead of the original W3C XML Working Group and as the editor of the XSLT and XPath recommendations.

Kiddo, you have no idea who you're calling a "poor (or stubborn) programmer". James Clark is one of the best programmers on the planet, who has written some of the most important code that's run by millions of people every day. Have you ever heard of Expat, the XML parser? Or XSLT? And no, James Clark is NOT the guy who founded Netscape. That Jim Clark just made millions of dollars off of the open source code generously designed, written and shared by James Clark.

Here is a brilliant interview with James Clark from Dr. Dobb's Journal. I've included some of my favorite parts, but the entire interview is fascinating and well worth reading. A Triumph of Simplicity: James Clark on Markup Languages and XML:

If you peek under the hood of high-profile open-source projects such as Mozilla, Apache, Perl, and Python, you'll find a little program called "expat" handling the XML parsing. If you've ever used the man command on your GNU/Linux distribution, then you've also used groff, the GNU version of the UNIX text formatting application, troff. If you've ever done any work with SGML, from generating documentation from DocBook to building your own SGML applications, you've undoubtedly come across sgmls, SP, and Jade.

Whether you've heard of him or not (and mostly likely, you haven't), James Clark (below right) has made your life easier. In addition to authoring these and other widely used open-source tools (see http://www.jclark.com/ for a complete list), Clark served as the technical lead of the original W3C XML Working Group and as the editor of the XSLT and XPath recommendations. He recently founded Thai Open Source Software Center (http://www.thaiopensource.com/). His latest project is TREX, an XML schema language. Clark sat down with Eugene Eric Kim to discuss markup languages, the standardization process, and the importance of simplicity.

DDJ: How did you get involved with SGML?

JC: I was interested in using SGML as a replacement for one part of what groff was doing. Then I got Charles Goldfarb's book, The SGML Handbook, and I thought, "Hmm, this is an interesting thing. Let's see if I can write a program for it." Then Charles Goldfarb released his ARCSGML SGML parser, and I started working with that. The more I worked with it, the more I felt it needed improvements and bug fixes, and nobody else seemed to be doing that. There seemed to be a real need for turning a research-worthy tool into more of a production-quality tool, and that turned into sgmls. Working with sgmls, I got more and more dissatisfied with its basic internal structure. There were some things in SGML that would have been very hard to implement within sgmls, and I felt that I really understood how SGML parsing worked, and so I produced a completely new SGML parser, SP.

DDJ: Did you feel like there were any major itches that you got to scratch with the specification of XML?

JC: I knew how insanely complex writing an SGML parser was. SGML is really doing something very simple. It's providing a standard way to represent a tree, and your nodes have a label with names and they can have attributes. That's all it's doing. It's not a complicated concept. Yet SGML manages to make writing something that implements it into a several-man-year project.

A lot of the features do have a reasonable mo

Yes you can - sort of. Read my article about it in CUJ: http://www.ddj.com/dept/cpp/184402076.

Was the 2004 election stolen?

A call for investigation

Security Analysis of the Diebold AccuVote-TS Voting Machine

They Said it Couldn't be Done

"It is BECAUSE it cannot guarantee swapping by the OS, so as a hack, you allocate far less memory than is physically available in the hopes that Windows will not swap."

Umm, nope. You can lock pages into memory using Win32 -- if you're using AWE to allocate memory it is never swapped out. http://technet2.microsoft.com/WindowsServer/en/lib rary/00284c8d-7a42-40f2-8a01-8de61dccd8c91033.mspx ?mfr=true

"AWE allows an application to reserve portions of real memory that cannot be paged out to the paging file or otherwise manipulated except by the reserving application. AWE will keep this data in real memory at all times. Because the memory manager does not manage this memory, it will never be swapped out to the paging file. The application is completely responsible for handling the memory."

AWE allows allocating huge amounts of memory - in excess of the 4GB virtual address space each process has (although you can only allocate out of physical ram, it is aimed at many-gigabyte servers; it does work perfectly fine on XP.)

(Okay, DDJ asserts that AWE is the only way to lock pages into memory; nevertheless, AWE has been around since Windows 2000.)

Also, stop and think about MacOS 9 memory managment. An obivous reason why that feature was not included in MacOS 9 versions of photoshop is because the MacOS 9 allocated memory to the program at start up - remember, you change the amount of RAM allocated by using Get Info in the finder? Adobe didn't need to implement this "hack" BECAUSE IT WAS PART OF THE OPERATING SYSTEM.

The real reason why Photoshop uses its own scratch disks instead of Windows or MacOS (or MacOS X) VMM is simple. The scratch disk system supports multiple exabytes of space - you require a 64 bit operating system and a 64 bit native version of photoshop to handle that amount of space using the OS's VMM, and 64 bit just isn't common on either Windows or Mac.

If you think about the amounts of data that photoshop could potentially work with (huge billboards, multiple layers, 16 bits per channel with several undo levels) it's not surprising that Photoshop may need to work with very large data sets.)

I have seen a number of articles on DBC & C++ on Artima

A quick google came up with:

http://www.artima.com/cppsource/deepspace.html

though search the Artima site and I'm sure you'll find lots more.

Another one:

http://www.ddj.com/184405997

No, Microsoft has already been there, done that.

Here's a link to the single page print version of the article.

As much as I aim to avoid MS, it dominates my organisation, and unfortunately the rest of the world. An expensive commercial plug-in from Teamprise was available. So this got me looking around and I found that Visual Studio Team System Foundation Server exposed a soap service for interacting with its repository. So this reminded me of an old Dr. Dobbs article which led me back to the VSTSEclipse project on sourceforge.

The project hasn't released any source yet, however looking at other mailing lists it appeared that there had been some activity in the past. I have a feeling that Teamprise actually bought up the VSTSEclipse team, given that I saw a post where a VSTSEclipse developer claimed to have started working for them. So that leaves you with the question as to who else is doing this. Which leads you to thinking that 'I'd like to write an open sourced intermediary service which communicates with VSTS Foundation Server and exposes a familiar and open interface to the rest of the world; including an Eclipse Plug-in.

Does this exist yet? Anyone else interested?

Less clicking.

Corba was totally fucked up and doomed to suck, long before Java was invented. The part about EJB compatibility came a long time later. Are you old enough to remember all the earlier bullshit about DOE and NEO and OpenStep compatibility? CORBA is a fashion victim, and after TNT, XView, OLIT, MOOLIT, Motif, CDE, Fresco, DOE, NEO, OpenStep and TCL fell out of fashion, EJB eventually became fashionable, and they changed the standard to reflect that, too.

Does anyone remember Mark Linton's C++ user interface toolkit called Fresco (based on his earlier work on Interviews), which was at one time supposed to become the official display services for DOE? What ever happened to that? (Not to be confused with the more recent Fresco which was just a new name for Berlin -- or do they actually share any code or architecture?)

According to Chuck Price at Sun:

Fresco(TM) is being developed by a working group within the MIT X Consortium. It is a platform and language independent environment for constructing applications. Specifications have not yet been released from the working group, but certain decisions have been made public, to wit: 1) Fresco interfaces will be specified using the Object Management Group's Interface Definition Language, 2) the system is intended to support "distributed embedding", and 3) it defines a notion of structured graphics.

OMG was always so confused about what their user interface and "Display Services" would be -- everybody went off in different directions, that they eventually abandoned: From the Common Desktop Environment (CDE) Frequently Asked Questions:

Subject: 4.5 Is an object-oriented GUI toolkit like Fresco in the works for CDE?

I have not heard anything about Fresco by name, but OpenDoc, OpenStep, and Taligent are on the minds of (i.e., being finacially supported by) those who are the sponsors of COSE. There has not been any public mention of the plans for transition from CDE as it is today to an object-oriented environment, but one is certainly needed since the COSE sponsors are heading down that path.

The potential problem is that the new object-oriented environment from Sun (i.e., OpenStep) does not interoperate with the environment from IBM (i.e., Taligent) and that they have a different "look and feel." This is precisely the problem that CDE is supposed to solve. In a session at Xhibition '94, Sun held a developer's meeting in which they described the future desktop environment with CDE windows, OpenStep windows, WABI windows, etc. as a desirable thing. Sun went further to state that (and I am paraphrasing here) that developers could choose between rapid application development (and all the other good things from the object-oriented paradigm) using OpenStep or cross-platform portability with CDE. Of course, it might be nice to have both.

Here's another interesting article from DDJ about Object Interconnections: The History of the OMG C++ Mapping.

Why a C++ Mapping?

Versions 1.0-1.2 of the OMG CORBA Specification [3], which existed from 1991-1995, contained a language mapping only for C. Unfortunately, given CORBA's OO (object-oriented) nature, writing CORBA programs in C was tedious and error-prone. However, given that CORBA was strongly influenced by C-based RPC systems such as the Apollo NCS (Network Computing System), standardizing a C language mapping first was easiest for those blazing the CORBA trail.

Even as the first versions of CORBA were being published in 1991, however, the need to

The killer for CORBA in the real world was how the f*** do you get 5000 copies of the IDL to 10 platforms at the same time?

Use an interface repository

The profits from space exploration that I am talking about, are not about successful space ventures. When I say 'long-term investment', the returns that I am talking about are: velcro, semiconductors, advanced ceramics, advanced plastics, aerogel, etc. I am not suggesting that any space venture is going to give a positive ROI directly.

First, you don't need to monopolize space.

You are thinking short-term again. I was not talking about monopolizing space. I was talking about monopolizing the profits from the advancements that come from space projects. IBM isn't going to fund a space project, when it is 3M that is going to reap the profits from velcro. Microsoft isn't going to fund a space project, when many of the advances will benefit Google and Amazon.com.

In the 1960's Fairchild gave birth to the industry. ... The government played almost no role in the size reduction of computers.

Check out link: The Apollo Guidance Computer (AGC) was built by Raytheon and used approximately 4000 discrete integrated circuits from Fairchild Semiconductor. Spanning nearly a decade of project development, the AGC began as a research project at the MIT Instrumentation Lab in Cambridge, Massachusetts. ... However, until Apollo, all computations for the equations of motion in these systems were performed by analog computers. In April 1961, NASA contracted with MIT to study the feasibility of a digital control system for the Apollo program. ... The speed, power, and size requirements for the AGC drove an entire industry that was just taking its first steps along the breathtaking curve of Moore's Law.

Where do you people dredge-up this insistence that industry rather than government drove these advances?

I was moded as flamebait.. Go figure..

But I saw a demo while at IBM by Bill Joy of Sun fame, it was jini and how devices could comunicate and be aware of what they're connected to and provide the correct functionality (you hook up a camera to a printer the camera can print, hook camera up to hard drive, camera can off load pictures).
That way 1999.

We have a little of that today so we are edging closer.
see bill joys speach..

http://technetcast.ddj.com/tnc_play_stream.html?st ream_id=186

From what I've read, I think that might be because some developers on the Linux camp have been a factor of irritation when they produce Linuxisms is C code, foresaking portability.You see this phenomenom mentioned in what regards GNOME in the article. It almost sounds as if GNOME developers are a clique that don't give a shit about other projects.

Another famous little war was Linuxers resistance (glibc maintainers, to be exact) resistance against the safer strlcpy and strlcat functions from OpenBSD's libc:
See these amazing threads that illustrate prejudice against the OpenBSD developers. After 2 or smth years, they finally gave in and the OpenBSD functions are part of glibc. But here's my sample:

Here's a Debian developer calling on GNOME developer's biased and prejudiced views against OpenBSD's innovation for safer C programming:
http://lists.debian.org/debian-devel/2002/03/msg00 305.html

Here's the guy that sends the patch for glibc: http://sources.redhat.com/ml/libc-alpha/2000-08/ms g00052.html

Here's the amazing answer from the glibc's maintainer Ulrich Drepper, a real insight into strong software engineering principles. No wonder Linux boxes got so rootkitted:
This is horribly inefficient BSD crap. Using these function only
leads to other errors. Correct string handling means that you always
know how long your strings are and therefore you can you memcpy
(instead of strcpy). http://sources.redhat.com/ml/libc-alpha/2002-01/ms g00002.html

Theo's take:
TdR: They're still not in glibc. They're everywhere else. They're in Solaris. We invented them two years ago. They're showing up in vendor operating systems. We made a convincing argument why these things are necessary. http://www.ddj.com/184404914

Look at CERT's list for "glibc" vulnerabilites here. Please draw comparisons with BSDs. Answer honestly: who's got bragging rights?

Others when subsequently looking at future security challenges noted the approach of the Kurzweil(AI)ian singularity, eg Burnham thrice in his keynote at the Usenix Computer Security Symposium back in 2000.

Ray currently suggests that "by the 2040s our civilization will be billions of times more intelligent".

The Summit for the Future last week was focused on risks; upcoming SSS is wait listing ... your mileage may vary ;-)

Others when subsequently looking at future security challenges noted the approach of the Kurzweil(AI)ian singularity, eg Burnham thrice in his keynote at the Usenix Computer Security Symposium back in 2000.

Ray currently suggests that "by the 2040s our civilization will be billions of times more intelligent".

The Summit for the Future last week was focused on risks; upcoming SSS is wait listing ... your mileage may vary ;-)

Yeah the PSE bit (bit 4) in CR4, here's some info: http://www.ddj.com/documents/s=961/ddj9605n/

There was actually a C++ development an UI package that a columnist in Dr. Dobb's wrote, called D-Flat.

While it may be true that the SQL database market has become a commodity market, SQL databases have never solved object persistence nicely: SQL always remained a foreign language in Java and C#. The object-relational mismatch has forced us to write billions of lines of code over and over again.

Alternate technologies are currently seeing a revival:

- A new portal on object databases was recently launched:
http://www.odbms.org/

- Object databases are going open source:
http://www.db4o.com/

- Microsoft has released LINQ to relieve developers from having to write SQL strings. Code that interfaces with the database is now checked at compile time:
http://msdn.microsoft.com/netframework/future/linq /

- Native Queries show that Java and C# can be directly used to express typesafe queries:
http://www.ddj.com/documents/s=9948/ddj0602e/0602e .html

See also "Meme hacking for fun and profit" by ESR (http://technetcast.ddj.com/tnc_play_stream.html?s tream_id=318). It's a bit dated, but hasn't lost any truth or relevance.

As much as one might agree with RMS and prefer the term "free software" to "open source" (I do), one must admit that ESR got his marketing skills worked out (at least for advocating free software).

One important point that he makes, that you apparently miss (and I'm convinced it's true): you want to emphasise risk, not cost.

Had you considered PHP? It has the huge advantage of simplicity (you can get started very very fast); it's also very powerful and widely useful (many many functions are available). In many ways, it is similar to C or Perl, so it's easy to migrate. The online documentation is brilliant. Also, you can use it as a scripting language (php-cli), for a simple GUI (php-gtk), or even for network-socket programming.

P.S. Visual Basic is, and always was, utterly horrid.
http://www.ddj.com/documents/s=1503/ddj0001vs/jan0 0.htm

Isn't that what PERL is all about?

No, that's what python is all about: http://www.python.org/doc/essays/cp4e.html and http://technetcast.ddj.com/tnc_play_stream.html?st ream_id=240

Guido (the creator of python) mentions a story about a taxi driver not much unlike what has been already mentioned about an accountant: a non-programmer fits together a small script that glues together high-level components. I call that programming.

Also, RMS says in one of his talks: "anyone of reasonable of intelligence can learn how to program. They may not be able to do hard jobs, but they can learn enough to do easy jobs"

And back in the day, (not too long) before I'd call myself a real programmer, I could still use .bat gotos and javascript document.backgroundColor = chartreuse. Not "real" programming, but in some sense programming none the less.

Let's not underestimate the programming abilities of "non-programmers" (ignoring the contradiction of terms). But let's certainly not overestimate it either!

> does MS have competition in the digital boockshelf market?

No, and the reason is that MS owns the trademark on the word 'Bookshelf' (computer related) and copyright on the implementation of a computer in the form of a book for putting on the bookshelf.

In the early 1980s MS bought a company that produced a product called the 'Bookshelf Computer' that ran CP/M and was book sized (large book).

http://www.ddj.com/documents/s=989/ddj9507n/

I have a stack of ICL DRS300 computers here that were made in the late 80s and came in A4 sized parts that clipped together: K1 power supply, A2 CPU, D1 floppy drive, D4 hard drive, S1 tape drive, etc. Ran Concurrent-DOS or Unix (or both if you had two CPU units).

Some comments here wonder what value RSS provides? RSS offers much more than syndicated news feeds, it helps control your information overload. Two examples follow. First, Dr. Dobbs article shows how to build your own RSS with Ruby to track information when certain events occur. Dave Thomas writes artcles and books about Ruby. He says "You can use RSS to collect and summarize information from your projects and from your life" in the Dr. Dobbs article.

Second, Yahoo maps documentation says, "The XML used by the Yahoo! Maps Simple API is based on geoRSS 2.0." Here is another link about GeoRSS and worldKit, a map built using shockwave flash. You publish your map content, and GeoRSS for every point you want on the map.

IMHO, GeoRSS is becoming a de facto standard, becoming part of many blogs, and content managment systems, like Plone. and, BTW, Good luck with all your adventures this New Year.

I suggest you look into two of his books, "3:16 Bible Texts Illuminated" and "Things a Computer Scientist Rarely Talks About".

He gave some lectures about how he wrote "3:16", his motivations for doing so, and various thoughts about God. These lectures were the basis for "Things a Computer Scientist Rarely Talks About"

[Picture of guy with no shirt, a necklace, and a big tattoo of a sun on his chest] "Gone. Went to find himself. Left you with a Linux box that won't boot, 80,000 lines of C code #ifdefed to look like Pascal, and no documentation."

There's no point bringing emulated xbox titles into this since the 360 is spending so much power just translating the game. Drive speeds also don't matter much once data is loaded into RAM. For memory bandwidth, the xbox has 6.4GB/s, and the 360 has 22.4 GB/s memory interface bus bandwidth, 256 GB/s memory bandwidth to EDRAM, 21.6 GB/s frontside bus. So that's almost 4x.

You are correct that at 1280x720 the 360 may not be able to render 8x as many polygons compared to 640x480. However since the card has been optimized for 720p rendering, it probably can. It can also do some shader effects with little to no performance hit. So while there might not necessarily be 8x as many polygons, the overall power of the machine in reality should be 4-6x.

Suppose we benchmarked games on a 733MHz PC with a GF3 and an Alienware machine today with PC games from 5 years ago. I expect the new machine to get at least 8x the frames. Isn't that what we're talking about here? And if we use todays more complex games, the 733 won't even be able to run them. The combination of increased graphical complexity and better image quality is what makes the 360 4-6x more powerful.

Stop assuming you're right and google the damn phrase.

Microsoft has a documented history of deliberately, maliciously and completely unnecessarily breaking compatability with competitors' products. This isn't even a question any more - it's been proven repeatedly. There are even articles reverse-engineering MS code and showing you the breaking at work, FFS.

I'm all for giving companies (Microsoft included) the benefit of the doubt, but I'm also all for actually researching my position before I start arguing it in public... ;-)

However relatively bad the security of Microsoft's products are in comparison to what the free licensed and open source communities ( as well as practically every other vendor on the planet ) provide, Microsoft is not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as ever other OS and vendor.

From the Plimsoll Club history

Samuel Plimsoll brought about one of the greatest shipping revolutions ever known by shocking the British nation into making reforms which have saved the lives of countless seamen. By the mid-1800's, the overloading of English ships had become a national problem. Plimsoll took up as a crusade the plan of James Hall to require that vessels bear a load line marking indicating when they were overloaded, hence ensuring the safety of crew and cargo. His violent speeches aroused the House of Commons; his book, Our Seamen, shocked the people at large into clamorous indignation. His book also earned him the hatred of many ship owners who set in train a series of legal battles against Plimsoll. Through this adversity and personal loss, Plimsoll clung doggedly to his facts. He fought to the point of utter exhaustion until finally, in 1876, Parliament was forced to pass the Unseaworthy Ships Bill into law, requiring that vessels bear the load line freeboard marking. It was soon known as the "Plimsoll Mark" and was eventually adopted by all maritime nations of the world.

The risks,issues and solutions for providing a more secure operating and application enviroment have been known for decades.

Those who do not already comprehend the issues and are willing to learn, should take some time out to listen to some of the speeches at Dr. Dobbs Journal's Technetcast security archives, starting with Meeting Future Security Challenges by Dr. Blaine Burnham, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA)

The design and implementation of some applications and servers are just too unsafe to use in the "open ocean" of the internet.

Numerous security experts have railed against Microsoft's lack of security, best summed up by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc who rightly said:

Honestly, security experts don't pick on Microsoft because we have some fundamental dislike for the company. Indeed, Microsoft's poor products are one of the reasons we're in business. We pick on them because they've done more to harm Internet security than anyone else, because they repeatedly lie to the public about their products' security, and because they do everything they can to convince people that the problems lie anywhere but inside Microsoft. Microsoft treats security vulnerabilities as public relations problems. Until that changes, expect more of this kind of nonsense from Microsoft and its products. (Note to Gartner: The vulnerabilities will come, a couple of them a week, for years and years...until people stop looking for them. Waiting six months isn't going to make this OS safer.)

However Microsoft's products are not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as any other OS and vendor.

In a recent speech "Fixing Network Security by Hacking the Business Climate", also now on Technetcast, Bruce Schneier claimed that for change to occur the software industry must become libel for damages from "unsecure" software

However relatively bad the security of Microsoft's products are in comparison to what the free licensed and open source communities ( as well as practically every other vendor on the planet ) provide, Microsoft is not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as ever other OS and vendor.

From the Plimsoll Club history

Samuel Plimsoll brought about one of the greatest shipping revolutions ever known by shocking the British nation into making reforms which have saved the lives of countless seamen. By the mid-1800's, the overloading of English ships had become a national problem. Plimsoll took up as a crusade the plan of James Hall to require that vessels bear a load line marking indicating when they were overloaded, hence ensuring the safety of crew and cargo. His violent speeches aroused the House of Commons; his book, Our Seamen, shocked the people at large into clamorous indignation. His book also earned him the hatred of many ship owners who set in train a series of legal battles against Plimsoll. Through this adversity and personal loss, Plimsoll clung doggedly to his facts. He fought to the point of utter exhaustion until finally, in 1876, Parliament was forced to pass the Unseaworthy Ships Bill into law, requiring that vessels bear the load line freeboard marking. It was soon known as the "Plimsoll Mark" and was eventually adopted by all maritime nations of the world.

The risks,issues and solutions for providing a more secure operating and application enviroment have been known for decades.

Those who do not already comprehend the issues and are willing to learn, should take some time out to listen to some of the speeches at Dr. Dobbs Journal's Technetcast security archives, starting with Meeting Future Security Challenges by Dr. Blaine Burnham, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA)

The design and implementation of some applications and servers are just too unsafe to use in the "open ocean" of the internet.

Numerous security experts have railed against Microsoft's lack of security, best summed up by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc who rightly said:

Honestly, security experts don't pick on Microsoft because we have some fundamental dislike for the company. Indeed, Microsoft's poor products are one of the reasons we're in business. We pick on them because they've done more to harm Internet security than anyone else, because they repeatedly lie to the public about their products' security, and because they do everything they can to convince people that the problems lie anywhere but inside Microsoft. Microsoft treats security vulnerabilities as public relations problems. Until that changes, expect more of this kind of nonsense from Microsoft and its products. (Note to Gartner: The vulnerabilities will come, a couple of them a week, for years and years...until people stop looking for them. Waiting six months isn't going to make this OS safer.)

However Microsoft's products are not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as any other OS and vendor.

In a recent speech "Fixing Network Security by Hacking the Business Climate", also now on Technetcast, Bruce Schneier claimed that for change to occur the software industry must become libel for damages from "unsecure" software

However relatively bad the security of Microsoft's products are in comparison to what the free licensed and open source communities ( as well as practically every other vendor on the planet ) provide, Microsoft is not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as ever other OS and vendor.

From the Plimsoll Club history

Samuel Plimsoll brought about one of the greatest shipping revolutions ever known by shocking the British nation into making reforms which have saved the lives of countless seamen. By the mid-1800's, the overloading of English ships had become a national problem. Plimsoll took up as a crusade the plan of James Hall to require that vessels bear a load line marking indicating when they were overloaded, hence ensuring the safety of crew and cargo. His violent speeches aroused the House of Commons; his book, Our Seamen, shocked the people at large into clamorous indignation. His book also earned him the hatred of many ship owners who set in train a series of legal battles against Plimsoll. Through this adversity and personal loss, Plimsoll clung doggedly to his facts. He fought to the point of utter exhaustion until finally, in 1876, Parliament was forced to pass the Unseaworthy Ships Bill into law, requiring that vessels bear the load line freeboard marking. It was soon known as the "Plimsoll Mark" and was eventually adopted by all maritime nations of the world.

The risks,issues and solutions for providing a more secure operating and application enviroment have been known for decades.

Those who do not already comprehend the issues and are willing to learn, should take some time out to listen to some of the speeches at Dr. Dobbs Journal's Technetcast security archives, starting with Meeting Future Security Challenges by Dr. Blaine Burnham, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA)

The design and implementation of some applications and servers are just too unsafe to use in the "open ocean" of the internet.

Numerous security experts have railed against Microsoft's lack of security, best summed up by Bruce Schneier Founder and CTO Counterpane Internet Security, Inc who rightly said:

Honestly, security experts don't pick on Microsoft because we have some fundamental dislike for the company. Indeed, Microsoft's poor products are one of the reasons we're in business. We pick on them because they've done more to harm Internet security than anyone else, because they repeatedly lie to the public about their products' security, and because they do everything they can to convince people that the problems lie anywhere but inside Microsoft. Microsoft treats security vulnerabilities as public relations problems. Until that changes, expect more of this kind of nonsense from Microsoft and its products. (Note to Gartner: The vulnerabilities will come, a couple of them a week, for years and years...until people stop looking for them. Waiting six months isn't going to make this OS safer.)

However Microsoft's products are not alone in the presence of vulnerabilities, this is a major issue for Linux/BSD and Unix as well as any other OS and vendor.

In a recent speech "Fixing Network Security by Hacking the Business Climate", also now on Technetcast, Bruce Schneier claimed that for change to occur the software industry must become libel for damages from "unsecure" software

I like Dr. Dobbs Journal, C/C++ Users Journal, Communications of the ACM and IEEE CGA.

If you haven't heard of DDJ or CUJ before, give them both a try. DDJ covers all sorts of stuff and (as an example) the October '05 CUJ had the best accidental intro to template metaprogramming I've ever seen.

One of CACM's selling points is that the articles are regularly featured on slashdot. :p

IMO, IEEE CGA is much more useful to me than any of ACM's SIGGRAPH stuff. This is only relevant if you're into computer graphics at all.

I'm thinking of joining the Association of C/C++ Users for it's C-Vu journal, I dunno.

I read 2600 for the hell of it.

Your mileage will vary.

I was tempted to mod funny, but with a name like "rampant mac," I'm surprised you didn't point out the obvious, why use a linux environment if you can run Mac OSX? Unless its for geeks putting together a tech cast ala Dr Dobb's http://technetcast.ddj.com/, its seems likely ease-of-use would trump OSS software for would-be budget filmmakers.
Apple is pursuing the budget A/V geek market, and offering free-as-in-beer software (and Firewire for videocameras) with Mac minis. I don't do video editing myself, but are they aiming to eventually port to OSX or am I missing something?

Note that this jargon file entry refers to internet users as "old-timers" a mere two years later in 1993:
http://www.catb.org/~esr/jargon/html/S/September-t hat-never-ended.html

And Sonny, next time save it for the script kiddies. Some of us were "old-timers" before you ever heard of computers. Most especially you can stick your public graffiti (Wiki, Everything I&II, etc.) where the sun don't shine when it comes to citing it as an authorative source; anybody can write it. Granted, you can change the definition of what a "web page" is to include the latest technology, your choice of proprietary system, etc, and claim to have been "first". By the same logic, SCO owns Linux, everybody who's ever created a .gif file owes Unisys a settlement, and Microsoft invented the GUI. But a web page is JUST files on a server. A web site is JUST a server with files that's accessible to other computers via some kind of wire. It gets tricky, here, because the old acoustic modems weren't "wires" as such, at one point, they were rubber cups you set the old-fashioned kind of phone reciever in. And don't get me started on RFC 1149 (proposed in 1990)!

And if ignorance were light bulbs, you'd be General Electric.

I have heard first hand from developers that Lotus and MS exchanged confidential information in some of the early WIN32 implementations. Lotus revealed their plans in exchange for access to WIN32 so that they could get their apps working correctly and that came back to bite Lotus. THere was belief that the Lotus stuff didn't stay within the Windows group and may have been distributed to the Office people and that the APIs Lotus worked against were altered enough to substantially damage their code. Engineers often have limited perspective on the matters and are too close to the code and the problems emotionally to be completely subjective but from what I've heard, it wasn't so much "make it break" as it was a roadblock, playing follow the API and it was at a time in the industry where getting your word processor out 9 months ahead of the competition and having it fully integrated with windows was worth market share. They'd give you 5 versions of an API, call it good and then when it GAed there would be some substantial changes to it, it's not illegal, just unethical and annoying and maybe breaking a contract that they agreed to. You look at the DR-DOS AARD stuff and while you cannot come up with real evidence of wrong doing, I wouldn't be surprised if there were lot's of little cases of it that added up. Lotus was a big and fairly well run company, with a full suite of office tools that worked well and actually even did some really cool stuff and MS stomped them dead. By the time IBM bought them it was like they didn't have a refuge anywhere, stopped working on windows office suite software because MS was trying to kill them and couldn't make money from OS/2 because nobody ran it. The worst part was that they had good tools that were easily on par with the MS Office tools at the same time.

Yeah, the message on a BETA version of windows 3.1 that said "Non-Fatal error detected...." on non Microsoft versions of DOS. Windows would continue to WORK, and it was a BETA version of windows, but dont let that get in the way of your fantasies of evil Redmondians.

Read the article on DDJ

The canonical investigation here:

http://www.ddj.com/documents/s=1030/ddj9309d/

http://technetcast.ddj.com/tnc_play_stream.html?st ream_id=423

"ECHELON and the Insecurity Industry"

You can grab it with StreamRipper (as the download link appears to be broken, even via ftp), and listen to your heart's content. I'll spare you the details, but at one point he mentions how the USS Jimmy Carter has been overhauled -- at MASSIVE expense -- to have a bigger "ocean interface", which means (as it has in the past) that, in addition to the incredibly rare rescue scenarios, they still believe that tapping undersea cables is a viable technique.

Since almost everything important is running on fiber nowadays, and the old cables are going the way of the dodo, the obvious conclusion of security industry observers (and of Sy Hersh, recently and notably) is that the big players in the sigint/commint community can tap undersea fiber.

This is not make-believe! It's not bull, or exaggeration. It's widely known and accepted within the intelligence community (including the community of intel watchdogs).

Generally, the US *does* tap endpoints (and the countries that it shares intel with, like Britain and Australia and New Zealand, all help), and there are really only a couple of cables of interest in the Mediterranean, but in Asia and the Middle East, there are a lot of places that the US does not have end-point access to via the ISPs.

Contrary to popular belief, it is far less risky for the US to tap an undersea cable than to do so covertly on land in a country like Pakistan (or to secure THAT level of intel cooperation with their government; they're cooperative in some ways, but not THAT cooperative).

that was HTTP Response Splitting (article: http://www.ddj.com/documents/s=9220/ddj0408g/0408g .html)
This is Request Smuggling, different method completely but some of the same outcomes are possible.

Exaggerated? Hardly.
Ransom Love himself, at the LinuxWorld 2000 convention, is RECORDED as saying that SCO was in the process of moving UNIX code to AI-32 and AI-64 Linux as quickly as possible. This was shortly AFTER Caldra acquired SCO. You can catch that comment at the 47 minute mark of his 50 minute speech at:
http://technetcast.ddj.com/tnc_stream.html?stream_ id=393
and other places. I have the last 2 min and 50 seconds in an mp3 clip.

Right here. My favourite. An all-time classic.

Gotta admit, the dotdotdot article does seem to ring a few bells.

In the question and answer session at the end of the keynote (44:30 minutes into the videostream), Love was asked about the possible confict over Monterey and Linux IA-64. (A mp3 capture of the transcribed portion)

"Q: What happens about Project Monterey, because that conflicts with the IA-64 Linux, 64-bit Linux?

"Love: OK. I don't -- if we do our job right in making Linux scale over like UnixWare to the degree that everybody, that we know we can... May I ask, some people have said, "Well, people have tried this in the past, but they haven't been that successful," may I suggest: we don't have any ulterior motives for not making it successful. Technologically has not been the reason why it hasn't done it before. There's always some other motive, right? And so to talk about Monterey, clearly we want to make sure we have the same level of Linux integration on Monterey that we would have in our Unixware product. Now, we don't control, I mean, we have a great relationship... it's a joint development relationship with IBM which we intend to preserve ... but they have similar interests and so this is really a very synergistic, uh, this transaction is great for all of the major partners as they have already wanted to embrace Linux moving forward.

"Now, let me address one other aspect of your question, which is that the Monterey Project is in conflict with the IA-64 Linux Project. I don't believe it's in conflict at all. Now, clearly, we have tremendous vested interest in the IA-64 Linux Project and with the acquisition of SCO, they've been doing a lot, so you combine those, and we've got one of the more comprehensive offerings, I believe, on the IA-64 Linux. So that's clearly an area that we're very committed to. But like Unixware, there's elements of the Monterey kernel that are more scalable, OK? Now, on the IA-64 platform, I don't know how long of window that is, but today, it's a little bit more robust and more scalable than the IA-64 Linux is today. Now, I'm not saying that over time that won't change.

"But, and let me address one other thing. Sorry, (laughs) you're getting all of it through one question. But clearly we are going to add components back to the Linux kernel on both IA-32 and IA-64 platforms. We'll work with Linus and everyone in order to make that available. That will take some time. And as I mentioned earlier, I don't know that over time you can have a single kernel -- in fact I know you can't -- that will scale, you know, the breadth of IT technology needs. So I think we're looking, in the Linux community, at having multiple kernels, so...

"Q: Multiple Linux kernels? Or multiple UNIX kernels?

"Love: Multiple Linux kernels as well, over time.

"Q: Thank you.

"Love: You bet.

While it's not evidence of sabotage in XP, MS's track record says that they're not above misrepresenting working alternatives as somehow non-working.