Slashdot Mirror

Basically, bugs have a lifecycle - they may start out UNCOnfirmed, move to confirmed, then in progress, then resolved and finally rest in verified.

I used to do volunteer triage for Mozilla back in 2000 (folks like Gerv, Timeless and Asa probably don't remember me though ;). I even have an old out of date page called kill-unco.

However the reality is that there a lot of people filing bugs at a rate that is very high. Generally speaking there are not enough people to look at bugs at the best of times and this leads to a never ending amount of work. Bugs that poorly written, bugs that need to be followed up, bugs that are feature requests, bugs that are old and really difficult to fix and so on all take up vast amounts of time.

To handle this, people looking at bugs need to spend less time (or magically grow in number) in order to handle the ever increasing load. However being terse can lead to its own problems and the inevitable fall out occurs. The person in this blog post seems to be saying "Triagers are people too! We need more people doing triage full time" but the reality is this situation has existed since the beginning. Triage is a thankless, unfashionable task and the better you do it the more work you attract. It does teach how to write a really good bug report though :)

There are two issues here. One is universities not teaching things. The other is students not learning them. I agree that a computer science course shouldn't be teaching things like source control or the details of a specific programming language, but that doesn't mean that the students shouldn't be learning them. If you're doing a degree in a particular field then you should be interested in it, and you should be motivated to learn more outside of the course. Universities aren't schools. They aren't meant to teach, they're meant to provide opportunities for learning. When I was an undergraduate, some of these came from my course, others came from the computer society.

The course gave me a solid theoretical foundation, the computer society gave me some practical experiences. I learned how to admin a network of Linux machines, practiced programming in C and C++, learned how to use PHP (thankfully, I don't need to do that anymore) and a variety of other things via the computer society and other non-course-related projects.

Hey some of us young 'uns in SUCS would like to hear more about the old days of the 90s. If you've got a moment hop on by to the SUCS@20 site or drop by Milliways...

Hey some of us young 'uns in SUCS would like to hear more about the old days of the 90s. If you've got a moment hop on by to the SUCS@20 site or drop by Milliways...

If someone steals your car and you don't notice and it's used for a bank robbery, guess where the police will turn up?

Yes, they'll turn up, ask some questions and then leave you alone - you're not gonna get thrown in jail, even if you left your car unlocked with the keys in the ignition (although the insurance company ain't gonna pay out).

In the same way if your machine is used for a phishing scam expect to have your account terminated with prejudice, until you prove that you weren't involved.

You clearly haven't tried reporting abuse to many ISPs - most of them couldn't care less about one of their users running a cracked machine.

Agreed. But wouldn't the ISP of the innocent user have some kind of record of where the fraud messages are being sent?

I think you're making some bad assumptions that:
1. the malware will be communicating with it's owner through email messages
2. these email messages are going through the ISP's smarthost
3. The ISP gives a crap

In reality, the malware is probably talking to the fraudster via IRC or similar - you're going to find it very difficult working out who it's actually talking to. Even if it is using email messages, they almost certainly aren't being sent via the ISP's smarthost (and this is perfectly legitimate too - I certainly don't use my ISP for anything other than an IP connection). So since you've got no clue how it's communicating with the fraudster you're going to have to log and sift through *all* the IP traffic, and that's just not at all feasable.

Earthlink (or whatever the ISP was) was able to tell the DC Police the exact locations that Chandra Levy pulled up on Mapquest.

I don't know the details of that case but the user was probably accessing MapQuest via the ISP's proxy, and the ISP knew the address of both the user and MapQuest so filtering the proxy logs is pretty easy then.

Most likely the home user is plugged into a mainstream ISP ... and almost all do some kind of logging.

Well, again you're assuming that the ISP is logging the right traffic and has enough information to filter it down to a managable number of log entries. More importantly, you're assuming that the ISP cares, and in my experience they usually don't.

We're talking about universities, not evening schools.

Actually, even (especially) in schools I think it would be massively beneficial to have Linux machines. I'm not advocating binning all the Windows machines. I've seen far too many people who have basically been trained how to use Windows like animals (i.e. "to start a word processor you click Start -> Programs -> Office -> Word") and can't accept a computer which is slightly different. Basically they haven't got any thinking skills.

When I was at university I saw a lot of people come into the computer society and just freak out and leave when they realised they weren't going to use a Windows machine - they only wanted to surf the web or use a word processor (which our Linux machines were very capable of doing) but refused to deal with the concept that it wasn't Windows, many of them wouldn't even log into the machines, let alone try to use the software they were after.

People need to be introduced to non-windows machines at a young age and shown that it _isn't_ scary - install a bunch of Macs and Linux boxes at the schools and have a curriculum that gets people using them as much as the Windows machines - they will then learn that different != bad and simple problem solving skills (i.e. if the machine has an icon that says "OpenOffice Writer" instead of "Microsoft Word" then use that to get to the word processor rather than just giving up). Teaching people to use their brains to figure out how to do stuff instead of just expecting everything to always be exactly the same is an important life skill and will also help them when migrating between different versions of the same software (which invariably move everything around)

because they get enormous discounts to keep them on windows. at our university, microsoft charges us about 10% of list price.

Actually, I believe MS hand out a number of their products as freebees to universities in order to get the students hooked (along with free or heavilly discounted software development tools).

ISTR that the Swansea University Computer Society (with it's quite well known connections to Linux) was offered freebee licences a few years ago on the condition that they ran Windows on _all_ their machines (naturally they declined).

Infact, the way MS conducts business has many similarities with the narcotics business - get them hooked young and then crank up the price.

Personally, I'd rather have a written guide of some form to refer to when I implement IPv6

The bottom of http://sucs.org/wiki/ipv6 tells you how to configure 6to4 under Fedora Core 4. It's really just a case of setting a couple of options to "yes".

AOL has a reputation of being a bad ISP, and also creating bad software for it's users. Will this move help AOL, or hurt Google?

I'm not sure they have a reputation of being a "bad ISP" - they have a reputation of having a very large clueless userbase, which is not the same thing (if anything it might demonstrate their software is easier for clueless people to understand).

Admittedly they've made some fundamentally stupid decisions which has probably driven away a proportion of clueful users whilest making clueless users think the service is "better" (for example, their over-agressive spam filtering. Clueful people will be pissed off that it's overagressive the the clueless will think it's "better" because they're getting less spam).

Personally I wouldn't use any of the ISPs run by massive companies - I don't think any of them are any good:

NTL run an ISP with a terrible quality of service (they do things like run transparent proxies which break all the time and being transparent you can't just tell your browser not to use them). Also have a habit of completely ignoring abuse reports.

BT have a history of doing some fairly stupid things such as NATting their dialup customers, etc. Their technical abilities also seem pretty variable when things go wrong. If you read NANOG for long enough you will see complaints about BT ignoring technical requests from other ISPs too, which is rather bad form.

Demon were a great ISP until they were bought by Thus, at which point the quality of service went downhill and it appears the directive came from management to never admit something was their fault. Before they were bought they were happy to tell people there was a problem with their network but after Thus acquired them they would always deny there was any problem leaving the customers spending hours believing the fault was on their own equipment.

I suppose smaller ISPs manage to pick a small group of very capable employees whereas large companies seem to have a higher proportion of employees who really aren't qualified to do their job.

Swansea University Computer Science Department used to have a lab of Power Macintoshes. I am lead to believe the lab used to be an Amiga Lab. All the computers in that room were on a timeswitch which switched the power off for that room, I kid you not!

We also used to have the Sparc SLC lab - I don't recall them ever powering the machines down and of course you could never power off the monitors separately since the motherboard was built into the screens.

(Still have one of those SLCs in my cupboard after the Computer Society took a bunch of the SLCs off the Uni's hands and then chucked them out a couple of years later.)

Of course they upgraded the whole lab to Solaris x86 and then to Suse where they have nodoubt forgotten to turn on power management anyway. :)

NTL are one of the biggest ISPs in the UK and they do the same thing.

Hah, you're kidding right? NTL have one of the worst records when it comes to responding to abuse reports. Trust me - I've had to deal with them several times about abuse matters and frankly they don't care.

I did a month in tanzania for £3k (all in from the UK) you should still be able to do it for that. (see my tz blog)

As with everything in africa haggle on the price, and larger groups = cheaper

Tanzania is safe, Just dont go out alone after dark, and keep a eye on your valubles... as always check your goverments recomendations on such things

Mee too, Total amazing.. Worth it for the stars at night alone.. Prep day First day (up alot) Basicly Flat Day Up again (no more vegitation) Pre-summit day Summit day and going down More going down And relax :)

Mee too, Total amazing.. Worth it for the stars at night alone.. Prep day First day (up alot) Basicly Flat Day Up again (no more vegitation) Pre-summit day Summit day and going down More going down And relax :)

Mee too, Total amazing.. Worth it for the stars at night alone.. Prep day First day (up alot) Basicly Flat Day Up again (no more vegitation) Pre-summit day Summit day and going down More going down And relax :)

Mee too, Total amazing.. Worth it for the stars at night alone.. Prep day First day (up alot) Basicly Flat Day Up again (no more vegitation) Pre-summit day Summit day and going down More going down And relax :)

Mee too, Total amazing.. Worth it for the stars at night alone.. Prep day First day (up alot) Basicly Flat Day Up again (no more vegitation) Pre-summit day Summit day and going down More going down And relax :)

Mee too, Total amazing.. Worth it for the stars at night alone.. Prep day First day (up alot) Basicly Flat Day Up again (no more vegitation) Pre-summit day Summit day and going down More going down And relax :)

Mee too, Total amazing.. Worth it for the stars at night alone.. Prep day First day (up alot) Basicly Flat Day Up again (no more vegitation) Pre-summit day Summit day and going down More going down And relax :)

Mee too, Total amazing.. Worth it for the stars at night alone.. Prep day First day (up alot) Basicly Flat Day Up again (no more vegitation) Pre-summit day Summit day and going down More going down And relax :)

Even if your computer isn't vulnerable, you're still paying in terms of the bandwidth used up, both from machines outside the ISP sending virus mail into the network, and compromised machines within the network wasting outgoing bandwidth.

IMHO what should be happening (and I have no objection to this) is that the ISP detects compromised hosts on their own network and kicks them off until they're fixed. I don't honestly see a huge advantage in scanning inbound traffic in the same way - the bandwidth has already been used by the virus getting to the ISP, once inside the ISP's core network the bandwidth is essentially free. DSL lines aren't charged on a per-byte basis, and the amount of traffic caused by a virus arriving over a DSL line is reasonably small, certainly not enough to warrant paying to have the bandwidth cap raised on the line.

Of course, there's absolutely no chance of a lot of ISPs doing this since many don't even respond to abuse reports.

It should be pretty easy to change it to do full colour for each pixel, if it wasnt for the expense of the LEDs to do that.

A small movie shows a sample scrolling message displaying on it http://sucs.org/~arthur/blinken.mqv

The ISPs are unresponsive to emails, some don't have abuse@ addresses

How is that different from a lot of ISPs in the rest of the world?

Here in the UK, NTL still have an abuse@ address... shame they drop all the mail that goes to it into the bitbucket. They also have an abuse form on their website which they dutifully ignore - frankly they just don't give a damn.

We're having this problem at the Swansea University Computer Society, which has been well documented. (Not a spammer, but a virussed windows machine that's spamming the hell out of us).

I don't remember Mr Cox making any such drastic remarks. And he has been pretty vocal in his opposition to the EUCD as well.

In any case, lately he has been too busy breaking, sorry upgrading the SUCS server... and translating everything into Welsh.

Oh, and we do get quite a few geeks applying here already for a chance to meet Alan. Most of them have seen the credit to the Swansea University Computer Society in the Linux kernel boot messages.

Swansea University Computer Society is happy to accept book donations... (and other donations, if anyone wants to buy us some new kit :)

My experience of Opera's stability is quite the reverse, however. Moz hardly ever crashed. Opera crashes a couple of times a month. The difference is that when I have a load of tabs open in Moz and it crashes I then have to hunt for all the pages I was looking at. With Opera it lets me continue from exactly where I was pre-crash. I now tend to not bother with bookmarks, just open pages that are interesting in a new tab, move that tab to the left of my current active tab and leave it there. For sites like /. I tell it to refresh the page every 15 minutes, and I can see at a glance if there's any more news.

I have briefly set up the following with lots of help from the folks on #bittorrent (thanks!):

Mandrake 9.1 Bittorrent link. If you are behind a NAT or a stateful firewall then the link will not work until a few people whose machines accept incomming connections start downloading from it. Clicking the link will not automatically work but it can easily be fed to the Bittorrent command line tools.

Actually, we still run a couple of SparcStation 2s as dumb X terminals. We're phasing them out, but slaved to a duron they're still fast (although they only support 256 colours and no 3D).

We have a CD burner in one machine, and anyone who want to burn a CD runs xcdroast on that machine, posting the display back to the machine they're using. When I'm at home I often post X apps like red-carpet back so I can work remotely.

Network transparency is a wonderful thing. Sadly X does it at the wrong level. X apps posted home over my 1Mbit link are about as fast as MS remote desktop apps posted over a modem. This is because X draws the widgets and then passes them back, rather than passing the calls to draw widgets. Network transparency should be handeled by things like Qt and gtk, not X.

It would be no problem at all to replace X if we had something better. Apple have done this. As long as you provide an X server which sits on top of your main desktop environment, no one will care. I run XFree86 on Windows and it works fine (4.3.0 was a huge improvement). XF86 runs under OS X as well. There is no reason why abandoning X would cause you to lose backwards compatibility, you just need a transitional step.

I vaguely remember reading this release was due in January, although that changed every time I visited the roadmap page. Maybe if it had shipped then I wouldn't have moved to Opera. Mozilla to me is the open source project that has really reinforced the adage 'you get what you pay for' (okay, I don't actually pay for Opera, since the ads haven't irritated me, but I could in theory).

Here you go (108KB)

The reason it doesn't work in Moz is a known bug (number 3247).

CSS2 includes elements for forcing page breaks, and one of the CSS3 drafts deals with identifying the page number of an element etc.

For an example of some of the things you can do with CSS2 + Javascript + XHTML have a look ata print preview of this page. The headings are auto-numbered by CSS2, there are page breaks between the sections and a ToC is generated by JavaScript. CSS3 will allow the ToC to contain page numbers.

Currently the only browser to render this page properly (IE, Moz and KHTML don't) is Opera 7 (the JavaScript seems not to work in 6).

And yet over 4 years after the CSS2 spec was released, none of them fully implement it.

I've recently dropped Moz in favour of Opera for a number of reasons.

SCSI is expensive, FireWire is proven technology. Wouldn't it be more sensible to use FireWire?

Are you using version 6? Version 7 uses a completely new html engine, which is vastly superior. I've got a page here which I haven't seen redered correctly in any browser other than Opera, even though it validates perfectly. It uses CSS counters to number the headings. This is not supported in Moz or IE. I've not had a chance to try it with khtml. Make sure you do a print preview of the page, and make sure that your browser paginates it correctly.

No. The Linux TCP/IP stack was written from the spec mainly by Alan while he was at Swansea. Haven't you seen the credit to SUCS in your Linux boot-up? That's the problem with graphical splash screens...

Cross platform apps making windows less relevent? I could have sworn I said that back in september...

How about my all time favourite mozilla bug? The 'I know counters have been part of the CSS spec for over 4 years, but we're still not going to support them' (bug 3247). To be fair, IE's support is even worse. Take a look at this page. It all validates, but the only browser to render it correctly is Opera 7. (6 renders everything except the javascript.) IE and Moz both give up on the heading numbering, although they all seem to support the pagination (look at a print preview), which is nice.

As I pointed out here 1394 actually makes a lot of sense as a peripheral interconnect mechanism. It's powered and fast. It's proven technology and it's cheap.

You'd be in good company. There are currently two people there. One person who is actually a friend of mine in the big blue room (the reason he's there is a long and quite dull story). The second person posts stories about abusing small children. Remember Paedophiles use the Internet!

I used a sparcstation 5 up until a year ago at work, and while it was dog slow, it still worked all the time, because it was built at a time and for a market that expected that computers *worked*.
At the Swansea University Computer Society we still use a handful of Sparcstation 2s as dumb X terminals. We're gradually phasing them out, and replacing them with duron based machines, but I've noticed that these 10 year old (older?) machines usually have more uptime than the new x86 workstations. To us it doesn't matter greatly (if we have to reboot a machine every fwe months then so what) but if I were looking for an enterprise solution I wouldn't trust an x86 solution as far as I could throw it. You really do get what you pay for. People should remember this when comparing Sun and Apple hardware toa $300 walmart PC. As my flying instructor once remarked 'If you're trying to decide whether to do an emergency landing or eject, then remember one thing. Your parachute was supplied by the lowest bidder.'

I Posted this on my site yesterday along with an explanation of exactly why this is unreasonable (but then the BBC are never good at keeping up to date with tech news) and have since then received an email from NTl: Dear Sir, I will be sending an update out within a day or so. I am sorry for the manner and way this has happened. I learnt of it on Saturday morning and have been managing it since. Our problems is that there are a few users, under 1% of our total, that are setting up such heavy usage patterns that it is affecting the quality of our other 550,000 customers. You may not notice it, but it is coming through in different localities. You need not worry. There is no daily cap to speak of, our goal is to manage the customers who are using the service for consistant and prolonged periods of time especially around peak hours. This can mean that a few have set up mini-data centres from which large-scale file sharing is taking place. Further clarity will follow, but we truly value your custom and hope that your fears of restricted service fall away -- our typical customer uses 20X less capacity than the recommended usage level (and even that level will not mean you are disconnected or service stopped). Many Thanks, Aizad Hussain PS. I have also copied this email to Bill Goodland, our internet director who can address some of your specific points.

I'm not convinced. At the Swansea University Computer Society we're still running an old version (2.41, newer versions need a new version of perl, which breaks other things...) an I regularly get 10 or so spams being filed in my spam folder. About 1 a month gets let through and I've had no false possitives.

I hope this illiterate drivel was intended as a troll, but just in case it was not:

Forget Java man and go to PHP!

Java is a general purpose programming language, PHP is not. PHP is a scripting language designed for server side web scripting. Ever tried writting a server in PHP? You can't, it doesn't let you accept incomming socket connections.

PHP is 4 times faster than Java technology 'JSP' (Java server pages).
This tallies because compiled "C" program is 4 times faster than Java.

PHP is a very lightening fast object oriented scripting language.

PHP is not an OO language. PHP supports a few features of OO, but not the vast majority (public / private methods, inheritence etc). PHP Classes are more equivalent to namespaces than classes.

PHP is 100% written in "C" and there is no virtual machine as in Java.

PHP is an interpreted language (how many times do I have to say this?). There is a virtual machine, and it interprets the PHP script. The Java VM compiles the bytecode to native code at run time (and only once, when the JRE is started in server mode). <oversimplification>

Nothing can beat "C" language

This is the stupidest statement I have ever heard. C does nut support dynamic strings, so only a fool or a masochist would use it for simple text manipulation tasks (ever written a CGI script in C?). C has many advantages, it's a mature language so a lot of work has gone into making it fast. For this reason it is good for low level system work. It is not the best tool for every job. If the only tool you have is C, every problem looks like an operating system...

Java programmers will really "LOVE" PHP as PHP class is identical to Java's class keyword.

Java programmers will loath PHP. It doesn't properly support a large number of features found in Java, because it is not a general purpose language, and it isn't even an OO language. Web developers like PHP because it's simple. For a detailed criticism of PHP look at thi paper published at the UK Unix Users' Group last year. (And possibly read my reply to the criticisms made.

The aim of java was to abstract the OS and windowing system away from the developer, and in this it succeeds quite well (although it still has speed issues and the API is baroque in the extreme in places - try creating a non-blocking port in Java if you don't believe me). PHP is an interpreted scripting language aimed at web design, which has agregated, rather than being designed. Comparing the two is a crazy as saying Mozilla is far better than Linux.

You don't need to be a technical wizz to be able to do this. All you need to do is download the latest version of Mozilla and see if you can reproduce other people's bugs so that the developers know that their time won't be wasted on non-issues and ensure that real problems are looked at in a timely fashion.

More information in the kill-unco FAQ.

Quick plea - if you have filed an unconditional bug that hasn't seen activity for a month or two check whether it is still valid. If not resolve it worksforme. Thanks.

With all this increased testing, more and more bugs are being filed at increasingly speedier rate and the Bugzilla database could always do with an extra hand to stop bug counts spiralling out of control.

Plug
Over in #kill-unco on irc.mozilla.org we are trying and reduce the number of unconfirmed bugs. The more help we get, the sooner people's complaints are serviced and the sooner they can be fixed.

Sometimes unconditionals slip through intial net of bugzilla marshalls and just wind up being forgotten about. This can happen because the intial marshalls don't have access to the same platform or don't use a particular component much (macs, mail and news/java spring to mind). Other times the reporter doesn't file enough information and needs to be prompted for more. Often unconditionals are filed subsequently fixed by other bugs but not closed by their original reporters. All these things make for a messy database and engineers could use up
time marking dups rather than fixing bugs.

A few moments of your time could save engineers from going mad seeing the same bug reported by reported in 30 different places. If each slashdot reader helped resolve just two mozilla bugs a day then we could all get a better browser...

Unfortuately, the sparcs can only run in 8 bit. Many apps look terrible. Have you seen Mozilla running in 8 bit? Its theme alone chomps all the colours not to mention the problems there have been with the I-beam becoming invisible. The mere mention of Java or Shockwave is enough to send the CPU guage completely into the yellow.

Also programs that seem fine on a local X seem to update so incredibly slowly they become practily unusable when run posted remotely to the sparcs (Abiword when tyring to wrap text to a new line was guility here but maybe it was just that early build).

Worse still getting StarOffice up and running was nothing short of a nightmare (it would just core dump whenever it was posted to the sparcs). In the end I managed to find an IGNORE_XSESSIONERRORS envvar which let users start it up (with a core dump left behind).

When it comes to defaults for new users there is trouble there too - I installed Ximian to let us run Galeon because Mozilla was too slow. Unfortunately Ximian's pretty installer defaults to using Nautilus which completely overloaded the server when one sesison was running let alone four or five (make it stop! I mean start)... I made a gmc setting but getting rid of Nautilus as the default desktop manager once it's installed itself isn't as simple as it could be. In fact, it simply isn't (yet) all that easy to set up sensible Gnome desktop defaults for all new users - simple things like turning off thumbnail updating is important because when several machines are doing it at the same time it drains percious cpu. Maybe KDE would be better but that seems to run even slower than Gnome.

I've had to eject countless disks remotely because users have put them into the eject buttonless sparcs not realising that they could only access the floppy drive on the server and have then wondered exactly how they get their floppy back.

The idea of using esound turned out to be a stumbling block due to broken esound on the sparcs (I've tired building cross compilers but they never seem to completely work).

I need serious convincing that a bunch of dumb terminals really are better solution. Todays apps need more bandwidth and CPU than ever and when it's being shared out over a compartively slow bandwidth everyone suffers. If everyone stuck to using xterms then it wouldn't be so bad...

Maybe things don't feel so slow on 10/100Mbit networks but people readlily point it out here (why does it take so long to login?) to the extent that I'm undecided whether using NT4 on a PII with 64Mb is actually any worse.