While companies like Microsoft or Sun make it possible to extend their operating systems, they often keep some of the information secret to maintain their leverage.
Oh, like... dunno... the source code? *laugh* --MSM
Now I DO know how to code. I'm taking my super-happy C++ coding classes in high school, so I know my way around a compiler and the like. So, after reading this article, I thought "hey, lets see if I can understand this NOW!" Guess what? It's still spaghetti code. I still can't unstand a stick of it, other then the PRINTFs and SCANFs. That's it. And I got a 98% in the class.
Sorry, but you *don't* know how to code, no matter what you teacher says. If all you can identify is PRINTFs and SCANFs, I'm already thinking about the great programs you create. If you don't know how to program, source code isn't for you. Think of is as a feature.:) Go get some books.
Sure, the source code is available. But is anyone reading it? They can or cannot. But if you don't build they won't come. Today how many programmers work with open source? It's kinda like saying in the early years of the car that it's better to have a horse, since with a car you didn't had roads to go everywhere. True, but this doesn't mean that the concept of a car is wrong. We can get to a point that there are more OSS than programmers, but as more and more companies adopt OSS, and put theis programmers to review the software they will use, this problem will be solved.
Even if people are reviewing the code, that doesn't mean they're qualified to do so. True, and this is different of closed source how? But them you're comparing the knowledgement of the security review team (if there is one) on the company to the knowledgement of the entire world. Where do you thing would lie more people prone to find errors?
It is easy to hide vulnerabilities in complex, little understood and undocumented source code. Yep, right again. But remember Netscape. How many years have they spend with a codebase hard to work with and extend? Slow and insecure? Why did this change when they openned the source? Because new people, excited to contribute needed something simples. Have you ever worked in a big software company, with 1st layer and 2nd layer managers? It's "do this, fix this and make it work". Building a house in sand. People joke that Microsoft doesn't want to open Windows because people would laugh at its code. Truth is, OSS is different, you don't have so much tight control as in a company. Some people say to not mix code and politics, but we must, to understand OSS's potential. Understand how different things are in a company and in a mailing list. What would happen if Netscape decided to not use Gecko? Think about that. I was reading about a table bug in Netscape 4 that was discovered in Netscape 1!
There is no strong guarantee that source code and binaries of an application have any real relationship. Bullshit. Trusted sources... The example given here was to an extreme. (it is, for me, the greatest hack I know of). If you don't trust the source, just compile the source. Truth is, we need better tools for software deployment. Ok if a bug is discovered a patch is issued in days. And then what? How many people among the users will issue the patch? Most of them will wait till the next version. We need something down to the OS level that could automatically update software and libraries from a trusted source. But then again, this is a problem with most programs and OSs.
Open Source makes it easy for the bad guys to find vulnerabilities. Bullshit. Most of the vulnerabilities are related to input, when the software comunicates with the world. When it reads a file, accepts a data packet, etc. This in any software. You just focus in the 1% of the code that has something to do with external data. Data validation to avoid buffer overflow, invalid commands or characters, etc... This in an open or closed software.
But make no mistake, simply being open source is no guarantee of security. Did anyone say that you just have to open the source to be safe? You mostly touched points that are related to both systems, but are easily addressably by OSS. It doesn't mean that all the open software out there that is open is ineherently better than a similar closed one, but that is uses a better method of development and debug proccess.
I admit that I haven't been following the Mozilla story as closely I as I probably should be over the last few months, but now I see the reason that there isn't a fully functional browser release. Since when has the Mozilla project been about a platform?
Since when? Since the beginning, at least for me. I remember to read some big gun at Netscape talking about the possibility of a new platform, years ago. This was the only reason I read see that could explain Microsoft giving a browser away.
Microsoft is always afraid of someone taking away their lock in the operating system. What could happen if Navigator turned into a platform, and you could try any OS you damn please, because all that apps you used to love and hate are there? Read Cringely's column about this.
This is what IBM has been trying to do for years. And Sun. And God knows who else. Too ambitious? You bet! But if they get to accomplish this, man how different will the computing world be! --MSM
He! It's from a book, then you have to read the whole paragraph before commenting. It's not about greed, nor power. It's about going on. What is the sufficient to make you happy, *now*? A million dollars? That redhead babe? Then let's say you stop spending you time here, go work or flirt and get a million dollars or the babe. (well, if you get the million, the babe will get you)
Then what? When you get something you desire, you need find something else to desire, or you'll have no objectives on life. What JC wants, and the author wrote, is find reasons to live and have fun, his choice was creating new companies and markets and trying to change the world. Yours?
Jim Clark is an impatient and very lucky dilettante.
Why Lucky? he's still trying to prove that the three multibillion companies he helped create weren't luck, do you really think it's luck? And all the companies are totally different markets. The only thing I can argue is that Netscape, transforming an open architeture, that the browser was at the time, into a closed product wasn't something bright...
If you have lots of money to begin with, you can make a whole lot more, regardless.
Bullshrimp. Money helps make more money, but there are studies showing that if you have money, your children and their children will probably trash it than win more money. How many powerful Rockfellers are out there. And isn't it the american dream, the freedom to go from poverty to richness, working? (btw like JC did)
The real business of technology is in stock market manipulation; the product itself is irrelevant.
No, the real business is marketing. Did you miss M$ Business History class?
Corollary: The difference between an OK programmer and a great programmer is the ability to convince people to buy your stock..
There's really a BIG difference between an OK programmer and a great programmer. You are born a programmer, with logic on the blood stream, you just happens to discover that computer logic is "easy" later.
Slashdot Mirror
While companies like Microsoft or Sun make it possible to extend their operating systems, they often keep some of the information secret to maintain their leverage.
Oh, like... dunno... the source code? *laugh*
--MSM
Now I DO know how to code. I'm taking my super-happy C++ coding classes in high school, so I know my way around a compiler and the like. So, after reading this article, I thought "hey, lets see if I can understand this NOW!" Guess what? It's still spaghetti code. I still can't unstand a stick of it, other then the PRINTFs and SCANFs. That's it. And I got a 98% in the class.
:) Go get some books.
Sorry, but you *don't* know how to code, no matter what you teacher says. If all you can identify is PRINTFs and SCANFs, I'm already thinking about the great programs you create. If you don't know how to program, source code isn't for you. Think of is as a feature.
--MSM
Sure, the source code is available. But is anyone reading it?
They can or cannot. But if you don't build they won't come. Today how many programmers work with open source? It's kinda like saying in the early years of the car that it's better to have a horse, since with a car you didn't had roads to go everywhere. True, but this doesn't mean that the concept of a car is wrong. We can get to a point that there are more OSS than programmers, but as more and more companies adopt OSS, and put theis programmers to review the software they will use, this problem will be solved.
Even if people are reviewing the code, that doesn't mean they're qualified to do so.
True, and this is different of closed source how? But them you're comparing the knowledgement of the security review team (if there is one) on the company to the knowledgement of the entire world. Where do you thing would lie more people prone to find errors?
It is easy to hide vulnerabilities in complex, little understood and undocumented source code.
Yep, right again. But remember Netscape. How many years have they spend with a codebase hard to work with and extend? Slow and insecure? Why did this change when they openned the source? Because new people, excited to contribute needed something simples. Have you ever worked in a big software company, with 1st layer and 2nd layer managers? It's "do this, fix this and make it work". Building a house in sand.
People joke that Microsoft doesn't want to open Windows because people would laugh at its code. Truth is, OSS is different, you don't have so much tight control as in a company. Some people say to not mix code and politics, but we must, to understand OSS's potential. Understand how different things are in a company and in a mailing list. What would happen if Netscape decided to not use Gecko? Think about that. I was reading about a table bug in Netscape 4 that was discovered in Netscape 1!
There is no strong guarantee that source code and binaries of an application have any real relationship.
Bullshit. Trusted sources... The example given here was to an extreme. (it is, for me, the greatest hack I know of). If you don't trust the source, just compile the source. Truth is, we need better tools for software deployment. Ok if a bug is discovered a patch is issued in days. And then what? How many people among the users will issue the patch? Most of them will wait till the next version. We need something down to the OS level that could automatically update software and libraries from a trusted source. But then again, this is a problem with most programs and OSs.
Open Source makes it easy for the bad guys to find vulnerabilities.
Bullshit. Most of the vulnerabilities are related to input, when the software comunicates with the world. When it reads a file, accepts a data packet, etc. This in any software. You just focus in the 1% of the code that has something to do with external data. Data validation to avoid buffer overflow, invalid commands or characters, etc... This in an open or closed software.
But make no mistake, simply being open source is no guarantee of security.
Did anyone say that you just have to open the source to be safe? You mostly touched points that are related to both systems, but are easily addressably by OSS. It doesn't mean that all the open software out there that is open is ineherently better than a similar closed one, but that is uses a better method of development and debug proccess.
--MSM
I admit that I haven't been following the Mozilla story as closely I as I probably should be over the last few months, but now I see the reason that there isn't a fully functional browser release. Since when has the Mozilla project been about a platform?
Since when? Since the beginning, at least for me. I remember to read some big gun at Netscape talking about the possibility of a new platform, years ago. This was the only reason I read see that could explain Microsoft giving a browser away.
Microsoft is always afraid of someone taking away their lock in the operating system. What could happen if Navigator turned into a platform, and you could try any OS you damn please, because all that apps you used to love and hate are there? Read Cringely's column about this.
This is what IBM has been trying to do for years. And Sun. And God knows who else. Too ambitious? You bet! But if they get to accomplish this, man how different will the computing world be!
--MSM
He! It's from a book, then you have to read the whole paragraph before commenting. It's not about greed, nor power. It's about going on. What is the sufficient to make you happy, *now*? A million dollars? That redhead babe? Then let's say you stop spending you time here, go work or flirt and get a million dollars or the babe. (well, if you get the million, the babe will get you)
Then what? When you get something you desire, you need find something else to desire, or you'll have no objectives on life. What JC wants, and the author wrote, is find reasons to live and have fun, his choice was creating new companies and markets and trying to change the world. Yours?
[]s
Mauricio
Jim Clark is an impatient and very lucky dilettante.
Why Lucky? he's still trying to prove that the three multibillion companies he helped create weren't luck, do you really think it's luck? And all the companies are totally different markets. The only thing I can argue is that Netscape, transforming an open architeture, that the browser was at the time, into a closed product wasn't something bright...
If you have lots of money to begin with, you can make a whole lot more, regardless.
Bullshrimp. Money helps make more money, but there are studies showing that if you have money, your children and their children will probably trash it than win more money. How many powerful Rockfellers are out there. And isn't it the american dream, the freedom to go from poverty to richness, working? (btw like JC did)
The real business of technology is in stock market manipulation; the product itself is irrelevant.
No, the real business is marketing. Did you miss M$ Business History class?
Corollary: The difference between an OK programmer and a great programmer is the ability to convince people to buy your stock..
There's really a BIG difference between an OK programmer and a great programmer. You are born a programmer, with logic on the blood stream, you just happens to discover that computer logic is "easy" later.
[]s
Mauricio