Slashdot Mirror

The Gnome 2 move was inspired from Sun's usability study on Gnome 1. The HIG gives quite a few references: http://library.gnome.org/devel/hig-book/stable/id2671625.html.en and there are others: http://www.informit.com/articles/article.aspx?p=1146301 who agree.

Apple isn't playing in Microsoft's sandbox. Particularly the Enterprise one.

Macs are moving into the enterprise: "Analyst checks show Apple Mac enterprise growth; usage could increase 2x-3x over next 2 years". "Macs in the Enterprise: Top Ten Assumptions, Myths, and Misconceptions".

Falcon

Move along, people. Nothing remotely new here.

Now if you want to actually do something to improve security performance, how about establishing some security metrics as a point of reference?

OpenBSD systrace?
This is a bit less dry : http://www.informit.com/articles/article.aspx?p=363731

I was going to post a long reply to this, but it's probably simpler to post a link to something I wrote on the subject a year ago.

If you are into eclipse RCP I would recommend Eclipse: Building Commercial-Quality Plug-Ins
And then there is this superb newsgroup.
For algorithms I found "Algorithms in C" by Robert Sedgewick very useful.

You're just wanking over ZFS because it's a big black monolith from a supposedly successful, inscrutable (i.e. unhelpful) company. You have no idea how it works

I think you are projecting a bit here. If you'd like to understand ZFS better, I suggest you read the article I wrote on the subject. It's slightly out of date now - a few things have changed in recent releases of ZFS - but the overall architecture is the same. Then come back and we can have a reasonable discussion.

The Official Ubuntu Book by Hill, et al.
http://www.informit.com/store/product.aspx?isbn=0137136684

Many inmates will be treating the program as a sort-of library where they can browse topics of interest, hence they need some good generalist books to act as the introduction & foundation from which they can make specific subject requests later.

The Ubuntu Book is good because it covers the broad range of what personal computers are used for, and how to do it for the beginner. And of course it also points out that FOSS exists, and what it is.

There are probably other good generalist books, but as a geek I'm having a hard time thinking of any because I don't use them. Who can name some more?

Sounds like Xorg is making good progress, but I'm hoping for more. Borrow as much Xorg code as you can, but make the leap and blow a gigantic hole in backward compatibility, and focus on building a top-notch modern rendering system. Talk to the Gnome and KDE dudes to make sure you've got an API they're prepared to handle, and let xeyes and xclock and twm and fvwm slowly twist in the wind.

Okay, this is the stupidest thing I've read in this thread so far. Backwards compatibility is a massive strength for X11. Code written in the '80s still works with a modern X server. The traditional display model is archaic, but new code doesn't use it. New code renders sub-pixel antialiased fonts (with the glyphs rendered on the client but stored on the server, and composited in hardware) into off-screen buffers and composites it (again, in hardware) to the main buffer. New code uses XDAMAGE to notify the server when a part of the buffer has been modified so you can do small transfers when running remotely. For a look at how a modern X11 implementation works, read this.

People like GNOME and KDE developers don't touch X directly. They use Qt or GTK which, in turn, use Cairo for drawing, and this uses X11. Cairo is a postscript-like API developed by the some of the X.org team, which uses the new extensions in X. You seem to be a fan of Apple's Quartz, but there is nothing that Quartz does that X.org doesn't support (and with Cairo they expose a very similar drawing model - we have a partial implementation of the CoreGraphics APIs on top of Cairo in svn if you're interested). There are, however, a lot of things that X11 does that Quartz doesn't do, with network transparency being close to the top of the list.

Sure. NetBSD, OpenBSD and Dragonfly.

Sure. NetBSD, OpenBSD and Dragonfly.

Sure. NetBSD, OpenBSD and Dragonfly.

you can, though it's a lot more stable and secure... in honesty though, that's a capability that's widely available. i'd be willing to bet (a small amount of) money that OSX can do it too, if not now, within 5 years.

2. Generators && Closures && lambdas

C++09 will have language-level (as opposed to library-level) closures/lambdas, albeit with a predictably ugly syntax:

http://www.informit.com/guides/content.aspx?g=cplusplus&seqNum=254
http://www.informit.com/guides/content.aspx?g=cplusplus&seqNum=393
http://www.informit.com/guides/content.aspx?g=cplusplus&seqNum=394

Once compilers support that feature (which should not be difficult based on the articles' description of compiler implementation), I suspect that generic library implementations of generators will appear, the downside being that those would not be "standard" C++.

3. Strong "reflection" capabilities too, which means that code can inspect, load and modify other code (in Java, C# too).

AFAIK, C++09 will not have such features; I tend to doubt that C++ will ever have them.

-T

2. Generators && Closures && lambdas

C++09 will have language-level (as opposed to library-level) closures/lambdas, albeit with a predictably ugly syntax:

http://www.informit.com/guides/content.aspx?g=cplusplus&seqNum=254
http://www.informit.com/guides/content.aspx?g=cplusplus&seqNum=393
http://www.informit.com/guides/content.aspx?g=cplusplus&seqNum=394

Once compilers support that feature (which should not be difficult based on the articles' description of compiler implementation), I suspect that generic library implementations of generators will appear, the downside being that those would not be "standard" C++.

3. Strong "reflection" capabilities too, which means that code can inspect, load and modify other code (in Java, C# too).

AFAIK, C++09 will not have such features; I tend to doubt that C++ will ever have them.

-T

2. Generators && Closures && lambdas

C++09 will have language-level (as opposed to library-level) closures/lambdas, albeit with a predictably ugly syntax:

http://www.informit.com/guides/content.aspx?g=cplusplus&seqNum=254
http://www.informit.com/guides/content.aspx?g=cplusplus&seqNum=393
http://www.informit.com/guides/content.aspx?g=cplusplus&seqNum=394

Once compilers support that feature (which should not be difficult based on the articles' description of compiler implementation), I suspect that generic library implementations of generators will appear, the downside being that those would not be "standard" C++.

3. Strong "reflection" capabilities too, which means that code can inspect, load and modify other code (in Java, C# too).

AFAIK, C++09 will not have such features; I tend to doubt that C++ will ever have them.

-T

The question is, why go that far?

yeah - why bother when Microsoft will just deprecate it and replace it with proprietary underbar functions anyway?

I'm probably going to be shouted down but in my 30 years of coding, I *rarely* reused code.

Donald Knuth recently said: "I also must confess to a strong bias against the fashion for reusable code."

Personally, I think a lot depends on the sorts of things you do, and (probably more importantly) the way you tend to think. A few decades ago (or so) when I started college, Pascal was the cool new thing, and top-down development was going to save the world. At least IMO, top-down development has some very good points -- but code reuse isn't one of them.

OTOH, some people tend to work and think primarily bottom up. For them, work on a particular project basically consists of building a good library for that type of work, and once they have a good library, that particular project is little more than building a user interface to give access to those components.

One big problem is that code reuse has been pushed as a good idea for long enough not that a lot of people who simply don't have the mindset to produce reusable code still feel that they should do so, and feel guilty if they don't. IMO, this is silly -- there's a lot of room for both kinds of development, and IME, successful projects rarely stick to one direction or the other -- rather, there's a tendency towards some people working bottom up, and others top-down, and the project as a whole is more or less a "meet in the middle" approach.

Of course, getting this to work requires a fair amount of care -- in particular, you need to ensure against a major "fault line" where the top and bottom sides meet. Unfortunately, I don't have an easy prescription for preventing that -- if I did, I'd probably be the author of a famous book instead of some unknown guy writing on slashdot... :-)

Might just be virgin messing with me but the site isn't loading well, so here's the 1 page version
and the google cache

http://www.informit.com/articles/article.aspx?p=344816

http://www.comp.lancs.ac.uk/~fittond/ppcjava.html

There's at least one gaping hole in the RAII paradigm: What if you want to throw an exception during destruction? (Not all resources can be freed without failure.)

Answer: You can't. (Or at the very least, not without extensively language lawyering your particular use first.) So you're back to making sure you deallocate resources with an explicit release() method or something like that.

It'd be nice if C++ had something like Java's finally for these situations (rare though they might be), instead of relying exclusively on the constructor/destructor mechanism to handle everything.

In fact, Microsoft already supports finally as an extension to their C++ compiler, and it's being considered for the next ISO standard. (Though that article doesn't address my issue with the advisability of throwing an exception in the destructoor.)

"f software makers don't document their registry keys, how is that Microsoft's fault?"

This is a blatant straw man, because I didn't say or imply that it was Microsoft's fault.

"f software makers don't document their registry keys, how is that Microsoft's fault?"

I fail to see why you're so obsessed with INI files. I am claiming that application data that isn't meant to be shared doesn't belong in a global repository, but should be stored locally instead. Nothing about this requires the use of the old INI file format.

"Well, first of all, configuration information..."

My last post clarified the fact that I'm not just talking about configuration information, so why are you harping about configuration information again?

"...is meant to be "read or modified" by products from other vendors and end users. The product from other vendors being tools like group policies, and the end users being people who select Tools->Options."

This depends entirely on the market an application is meant for. The vast majority of Windows software isn't aimed at corporate users with Active Directory setups, so why should the people who write it spend time and effort supporting group policies if none of their customers will ever use them?

"In fact, by your definition, the AppData directory is exactly where you should put that data, since it's data the that (by your own definition) isn't meant to be modified by other vendors or end users."

Why not keep things simple and put it in the same directory as the application instead? it's what Microsoft do with their manifest files, so why shouldn't we be allowed to follow their lead?

"First of all, I'm pretty sure Microsoft never required local data to be stored in the registry."

You're wrong. There aren't any web links to Microsoft's own documentation about Windows-95 logo requirements because nobody wants Windows-95 logos anymore, but there's plenty of other stuff on the web from that period, e.g.;

http://www.informit.com/guides/content.aspx?g=windowsserver&seqNum=26

Quote: "So for Windows 95, Microsoft advised its supporting manufacturers that applications that qualify for the Windows 95 logo should disavow any use of .INI files, in favor of the Registry instead."

"The registry is, and always has been, for configuration only."

If this is the case, then why does it support volatile keys that are never written to the Registry hive?

"Are you seriously suggesting that IE4 stored (or should have stored) the browser cache in the registry? That's ridiculous."

It is indeed ridiculous, hence the fact that i didn't suggest it.

"If they want to make quality software, they'll spend two days writing the abstraction layer, or just finding one already written. If they don't give a shit about making quality software, then they can do whatever the hell they want. But it won't be quality software."

I'm actually rather taken aback by the fact that anyone would write a piece of utter tripe like this on a forum which is read by many professional programmers.

"The reason not to use XML isn't because "Microsoft doesn't support it." You don't need to convince me that Microsoft has a MSXML library, because, see, I'm not a retard."

I humbly suggest that the piece of tripe you wrote above would seem to contradict your assessment of yourself.

"The point of using the registry is that it's simply better at storing configuration information than XML in several important ways, all of which Raymond Chen outlined in the post that started this stupid conversation."

I would appreciate it if you could include a link to the article where Raymond Chen says the Registry is better than XML, because the one in your original post was about it being better than Windows INI files, which don't use XML.

"The registry has locks and transactions, so if the program is written

90% of everything is crap.

The traditional publishers' 90% is usually professionally proofread and edited. Anyone who thinks a major publisher's imprint on a book is a guarantee of quality content really needs to read a lot more.

That said, I'm most likely to go with POD should I publish a book on Linux, and I know an increasing number of writing professionals who are either considering POD or are already personally using it. The people I hear making your argument are people who hope to be published someday.

My first published work was back in 1987. My next published work will be a how-to piece on configuring apt, it'll be on Informit in a month or so.

Upside of POD? Control of content, much higher profit per book, and control over how the book is publicized and marketed. If you actually want to sell a POD book, build your own website and promote it using the POD site as a back end to take orders, don't depend on potential readers finding your book among the thousands published on their site. And spend the extra money to buy a package including an ISBN so they can be ordered through brick-and-mortar bookstores.

Downside: No megacorporate budget to buy shelf space, but unless you're already "A" list, you aren't going to get much help from your publisher anyway. If you want a book professionally edited, find a good editor and prepare for sticker shock when you get the hourly rate and time estimate.

Remember that for a professional writer, the point behind writing is profit. You might be able to make more with 10K book sales via POD than 100K book sales via a mainstream publisher. And that very few mainstream published books earn out their advances.

I believe the original poster is most probably asking about DB2 UDB and not the mainframe version.

I'm sure I've already answered that question. I'd probably add FORTH and Self to that list now (Self is particularly important if you want to ever fully understand JavaScript).

And did you build a bootstrap C compiler from scratch?

http://www.informit.com/articles/article.aspx?p=102181&seqNum=4

Wow, you're right, Dell stopped doing that. See the "Dell Proprietary" section on this page: link, which indicates that they only did it between 1996 and 2000. Back when I did PC hardware/tech work, I used to have to replace Dell power supplies on occasion. I was cheap enough that I would rewire ATX supplies instead of buying insanely expensive Dell supplies ;-). I'm glad that they've switched to using standard power supplies!

Here's a basic article that might help set this in context: http://www.informit.com/guides/content.aspx?g=security&seqNum=284&rl=1

gem

http://www.cigital.com/~gem

Also, the authors of Exploiting Online Games have a sample chapter available, and Usenix has a video of one of Gary McGraw's presentations on their web site.

Sounds like someone has been using the islike operator a bit too freely.

These are the six programming languages I think everyone should know. If you have more time after that then learn FORTH (or PostScript if you want a real challenge and like pretty pictures) for a good example of a stack-based language. I'd also consider adding Self, Io or JavaScript (or NewtonScript if you can find a machine that runs it) to that list. You can do prototype-based OO in Smalltalk but it's not nearly as easy as doing it in a language designed for it.

I don't know why you haven't been moderated up. The belief that secure and user friendly are incompatible is the cause of a lot of insecure, unusable software. Security is a user interface problem. If you make security features that aren't user friendly, then the user will just disable them. If you make it so they can't be disabled, the user will use a different product. If you make them hard to understand, the user will use them wrongly.

> 3. Change the program loader to wrap each executable and library with checks like

you'll be amazed as to the levels that microsoft have gone to in order to achieve this goal.

this should be required reading:

http://www.informit.com/content/images/9780321440303/samplechapter/Chen_bonus_ch01.pdf

License != Contract.
I guess you have consideration. What about the offer and acceptance? Do you really have an exchange of promises?

A license is not a contract. It is more a one-sided offer of permission to do something that would, without the license grant, be illegal. A license can have restrictions.

The idea with the GPL is it has restrictions. The logic is that if you don't comply with these restrictions then you never had the right to distribute. And in the case of a copyrighted work, if you redistribute without ownership or a license, and you do it willfully, then you are liable for 3x the statutory damages.

http://www.informit.com/articles/article.aspx?p=212176&seqNum=3&rl=1

That's the theory anyway. I guess we'll see.

-- John.

I call BS on this one also. I've deployed numerous Win2K3 server boxes and it is in fact disabled by default. It is installed, but disabled.

Here is a how to guide for remote administration:

http://www.informit.com/articles/article.aspx?p=174352&rl=1

And people wonder why adblock is gaining 400k users a month
this site with its multiple pages is one of the reasons

http://www.informit.com/articles/printerfriendly.aspx?p=1016102&rl=1

Do musicians really have so little say? I'm a writer, and when my publisher approached me with the idea of writing a few Shortcuts, to be distributed as PDFs, my first question was 'Do you use DRM?' My editor's reply was that she'd had this conversation with authors before, knew how much we hated DRM, and wasn't going to try to force it on us. I would expect musicians to be able to exert the same degree of influence.

This article has a full description of the OSC's complaints. A copy of this article was presented to the BBC Trust by the OSC as background material prior to their meeting.

For general-purpose usage, the most interesting design I've seen recently is the PWRficient from P.A. Semi. It's a nice dual-core 64-bit PowerPC, with low power usage, similar performance to IBM's PowerPC 970 series. It has a lot of nice stuff on-die (crypto, a really shiny DMA architecture, etc).

For a complete round-up of current alternatives, take a look at this article and the next two in the series.

[1] They are generally marketed as 'cell phones' or similar, rather than 'computers'.

1. Lay out your data so a vector unit can operate on it (128-bit aligned, etc) and let the compiler do it for you (100% portable). Most modern compilers do some form of auto-vectorisation, which will attempt to turn groups of scalar operations into vector ops. It's a hard problem to get right though. It would be much easier with a language that allowed the compiler to define the memory layout, not the programmer.
2. Use the vector intrinsics (things that look like functions but will compile down to a single SIMD instruction, maybe with a load and store). Since these are generally defined by the CPU manufacturer, they are fairly portable across compilers, but not across architectures.
3. Use thevector_size __attribute__ to define a vector type and then use standard operations (+,-,/,*, etc) on it to get basic SIMD ops for your target architecture. This works with all architectures (on ones without a SIMD unit, it will generate scalar code), but ties you to GCC.

The Wii is a thoroughly well-designed and enjoyable toy. I'd certanly like to see it opened up a bit.

1. Number of transistors per die.
2. Number of transistors per core.

Exactly what the best trade-off is depends on your workload. Sun are aiming at the web-app server market. It's a good business decision, since this is a rapidly growing area. It's also one of the easiest workloads to run, since it's inherently massively parallel; each web-app typically has a few tens to a few thousand users per server. If one thread in a T1 has a cache miss, then there are a huge number of others that are able to take advantage of the processing resources. Intel and AMD have to support a lot of legacy single-threaded code. A cache miss in one of these is expensive. Main memory accesses are of the order of 100-200 cycles, and so a cache miss every 100 cycles would cause a 50% performance reduction. For the T1, with its 8 contexts per core, it would cause a negligible performance reduction overall, as long as the other threads still have work to do.

On a more serious note, there are some differences. If you use the new vector extensions for GCC then you can write code that compiles to AltiVec or SSE, but if you use the old Apple AltiVec stuff then it's not quite compatible with this. Beyond that, there are some very slight differences between the behaviour of the linker on PowerPC and i386 which can bite you if you're not careful. There are also some subtle differences (read: bugs) in the implementation of Foundation and AppKit.

Coming from a BSD background, the thing I dislike the most about Solaris is that it refuses to have a 'minimal install' that is actually usable. I can install *BSD in a few tens of MBs, and then add the packages I want easily. This makes it easy to secure and run the machine, because I know exactly what's on it. Last time I installed Solaris, the base system seemed to be about 4GB.

Actually, American Express Canada does log you in securely. When you click that login button, it executes a script, which then submits the form to an https address.

http://blogs.msdn.com/ie/archive/2005/04/20/410240 .aspx

And for a method to do the man in the middle to a wireless user see airpwn

http://www.informit.com/guides/content.asp?g=secur ity&seqNum=158&rl=1

Better go with the bad username/password trick to get a full https page.

How about this: the browser could highlight the domain in the URL. If you were browsing a page at www.amazon.com.evildomain.com, then evildomain.com would be highlighted. That would hopefully make it obvious that you're not at amazon.com.

I was trying to tell my dad how to recognize what domain he was at, but I couldn't think of how to describe it while taking into account all the variations a phisher might use. Then I saw a regular expression designed to extract the domain name from a URL. It basically said to take the part just before the third slash. That seems pretty good to me and easy enough to explain to my dad. Can a scammer fake that? Another way in Firefox at least is that Firefox shows the domain on the status bar at the lower right.

Another problem I've run into lately is that a couple of institutions that I deal with have stopped using SSL encryption for the entire login page. They use regular http for most of the page and just have the username and password form submitted with https. The problem is that you see no padlock and there is no way to know that the page is really from the domain you see in the address bar. A man in the middle could have intercepted the page between you and the bank and removed the encryption from the login form and redirected your password to a bad guy. The entire page and everything on it needs to be encrypted with https or the page is insecure. Even Microsoft's Internet Explorer programmers say this is bad and tell the banks not to do it but the banks do it anyway. Read more about it at Microsoft's website.

http://blogs.msdn.com/ie/archive/2005/04/20/410240 .aspx

This is not just a possibility but it seems to me like a realistic attack. On most wired networks you don't have to worry too much about ISP employees doing a man in the middle attack on you, but if you're using wireless at a coffee shop you'd better watch out for the https in your address bar. A hacker might use something like airpwn

http://www.informit.com/guides/content.asp?g=secur ity&seqNum=158&rl=1

to do a man in the middle attack and to intercept your password. It looks like it would be pretty easy.

I read an easy way you can get an entirely encrypted login page even if they don't have one available. You start your login by giving a bogus username and password. The bank will usually come back with an entirely encrypted login page that says you entered the wrong password. Just check the domain and check for the s in https and then go ahead and enter the correct username and password.

Linux could have done the same thing, since all of the layers of ZFS are implemented inside the kernel. It didn't, and you can draw whatever conclusions from that you wish.

An easier to read, all on one page version of the FA is here.