"Keep in mind that what we (and sun, and philips) needed to provide when bidding for contracts would have been compliance documentation, not down to the byte documentation of internal APIs, memory structures and file formats that were never intended to be used by any third party."
The excuse that the documentation is in "the wrong format or detail level" is a bit absurd -- it SHOULD have been used to design produce the product, and SHOULD have been used to document the product. If the "feedback" loop would allow the documentation and product to vary wildly (it is no longer useful), then the documentation CANNOT be of use internally, either. There SHOULD be a process in place to audit this -- if there isn't, would you not get a BIG FLAG to do some serious process improvement on your ISO 9000 audit?
I guess it could be ignored, but maintenance costs would go up EXPONENTIALLY. After all, new developers have to learn... I guess by the "use the source, Luke" method.
What I find truly fascinating is that it is taking this much effort...
I have never worked for Microsoft, but I have been on staff for Philips in the early '80s, writing software for dedicated word processors. Philips had a department that was dedicated to keeping track of source code, file formats, documentation, to levels required by government (and other) regulation.
Basically, all formats are documented and accessible. I have worked at SUN Microsystems -- same deal. There is a PILE of documentation available for most things. Also, SUN published specifications on a regular basis (NFS, NIS, etc.). It may be more difficult to dig up "ancient history" on OpenOffice (or even impossible) especially as compared to Solaris. But at least the core stuff was documented.
The proof is, of course, in the pudding -- Solaris was successfully open-sourced (which means that ALL copyrights in the source base needed to be traced).
Now you are telling me that Microsoft, with such a high government usage is going to take years to recover from what it should have already had?
Whether the documentation is of ANY use is quite irrelevant. It would be trivial for SUN to supply this information for recent OpenOffice, NFS, NIS, NIS+, Solaris; and they are not even in a monopoly position. It just makes good engineering sense. Are you telling me that Microsoft is THAT badly fucked up?
Actually, insertion of a clause such as "All third party legal remedies incurred during the performance of normal requested duties are to be incurred by the contracting party" or some such suffices. Refer to your atty for details of the required wording in your jurisdiction (acting as an "agent" of your employer may be all that is needed). Also, I carried indemnification insurance when I was self-employed (very expensive).
It's a good trot... But, still a strawman (since I am referring to PERSONAL USE SOFTWARE).
I would hope that you can't enter EULA personally for your company... So, you don't have to read it. Unless, of course, you were hired to provide legal advice for your company.
Personally, this doesn't apply. My lawyer charges a very hefty amount to read and digest documents and provide opinions. But, any employment contract I enter is CERTAINLY passed on to my lawyer. (whether I am free-lancing, or, as I am now, in a staff role).
If my employment contract ever contained a clause that *I WAS LIABLE FOR EULAS* I would strike the clause -- I certainly wouldn't entertain that liability. Now, if YOU have been stuck with this liability; um.. too bad for you (I would offer you my shoulder to cry on).
I am not a liar. I don't consider myself socially inept. But, I used to read EULAs. Of software that I used, anyway.
Since life is too short, I have adopted that attitude that "Either your software is covered by Copyright, or Copyright with GNU contract provisions, or is Public Domain or I don't use it."
Simple and easy. I just don't enter into shrink-wrap license agreements anymore. The last good one was the "Borland - like a book" agreement. Worked for me. Saves money too -- some of these EULAs seem larger than professional service contracts! And they can't be negotiated... why would I agree to be governed by Delaware? Why would I agree to pay Defendents legal costs if I wasn't so ordered by the Court? Why would I give up the right to transfer the license without negotiating something in return?
I even decided that it was too difficult to READ the fucking things, and I turned to "Free and Open Source Software" for my needs.
IBM: not sure about them -- older releases of IBMs mainframe OS came with source, so I expect that z/OS comes with source. I *haven't* personally seen the source for AIX.
In general, OSs have ALWAYS come with source; back in the early '80s, for example, Digital VMS came with source (by default on microfiche AFAIR). The "closed source" OS was debuted by CP/M, and carried forward by MSDOS.
BT should really not be compared to HTTP and FTP. BT exists to fill two problems:
1 - a content generator doesn't want to consume bandwidth distributing the SAME material (in which case BT should be compared to MULTICASTING)
and
2 - upstream rates are very limited as compared to downstream rates (for most users interested in certain kinds of content). If up and down speeds were the same, why not use HTTP or FTP? No benefit to BT for the user (but see point 1; BT would still have an advantage for the generator).
BT should last as long as there is such an enormous disparity between upload and download rates (I get 10x more download than upload). But, there are better solutions... What is needed is for a way for an ISP to multicast content WITHOUT knowing what the content is (or being able to trivially find out).
"The other issue is putting a fee on recordable media. If you do that, then making unlimited noncommercial copies should instantly become legal. If I have paid a fee that is theoretically to compensate the artist for my making a copy, then I should therefore be allowed to make as many copies as I want, and do whatever I want with them, as long as I don't sell them."
If there is a fee on recordable media, the artist has been compensated. So, why not allow a sale? Why should there be any difference between the two (legal) copies?
Unless, of course, (like the Canadian Govt), there is a confusion between Copy-right with Transfer-right.
Networking is, indeed, not a necessary component of an OS. However, a number of services do depend on networking.
And, as to my "agenda" -- I am actually a Solaris guy. Yes, I do Linux and Windows work on occasion, but I mostly deal with "lights-out" server farms. Currently, two projects: "utility computing" billing, and a VMS to Unix migration. So, yes, in a way, my bias shows. Both Solaris and VMS have source available, and the drivers can be "end user audited prior to deployment".
Also, the systems I work with (with utility computing test machines are on the other side of the country) would be "useless" without networking.
Back to the technical discussion:
Now... I questioned whether a "user mode network driver" is of use. I *DID NOT* specify whether (or not) such a thing exists. Now, from my (meager, except that I *have* written commercial deployed Windows drivers) knowledge:
From Wikipedia (the simplest reference) -- http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies we discover that the ONLY thing that runs in "user mode" is WinSock. WSK (WinSock kernel), TDI (Transport Driver Interface), AFD (Ancillary Function Driver) all run in kernel mode. The bottom end is still an NDIS driver and this runs in kernel mode as well. (NOTE: this is a reasonably accurate article, in my opinion. But I will also link to other sites, including Microsoft, later, as well).
The UMDF (User Mode Driver Framework) supported in Vista is designed for such things as cell phones, digital cameras, USB devices, etc. UMDF drivers do NOT require Code Integrity Signing (package signing will do) to load as well (which makes it easier for some vendors).
Low performance networking (along the lines of "USB connect ethernet") should CERTAINLY go into a UMDF driver. But, the original poster SPECIFICALLY mentioned gigabit ethernet. To which I replied...
Microsoft ITSELF recommends (http://www.microsoft.com/whdc/driver/foundation/DrvRoadmap.mspx) KMDF for network drivers (which is KERNEL MODE DRIVER FRAMEWORK). As a quick overview for KMDF, try: http://en.wikipedia.org/wiki/Kernel-Mode_Driver_Framework
"Ugh" - Can't answer to that, sorry (I guess I DON'T get out much).
Interestingly, user mode network drivers do not add appreciably to OS stability. The reason is that the driver needs to interact intimately with the network stack -- if the driver is in user mode, the network stack is also in user mode.
If this is not done, either (1) certain features won't work well (failover for one), or (2) performance will be REALLY bad (each packet will require many more context switches - many more than 4 per packet).
Presuming that the network stack itself is moved into user space, it can be brought down with the (supposedly) buggy driver. In turn, the network stack will/may not be able to transfer any other traffic, rendering most any socket level services useless.
The implication is that a bad driver can shut down the network stack. This doesn't affect non-networked or local use, but is just as much of a show stopper as having the OS itself crash.
We still need a "dead-man" switch that can reboot the system (or another communications channel -- the SUN "lights out" management for example).
Putting the network driver into user space *may* increase security, but it would be better to simply 'vette the driver itself.
Personally, I think that the network drivers have been moved to isolate them and prevent driver issues from being potential security holes. This is the (arguably) the only use of the feature. So, the tradeoff is security vs. speed in the context of unreviewed drivers.
We can regain the speed by simply reviewing the drivers -- and network physical drivers are simple enough to verify.
[tinfoil hat] There is another possiblity. Network drivers are SO simple, that the mechanism to actually run the driver has been put into alternate Operating Environments. The "NDIS" driver model no longer locks the user into Windows. It was time to change the model to keep drivers from the other Operating Environments. [/tinfoil hat]
Rogers USED to run mail, web, and usenet servers. Not anymore. Rogers USED to supply my modem -- not anymore (they rent it to me, or make me buy it outright). Rogers USED to not have data caps; now they cap me at 60GB per month. Roger *WON'T* sell me business service (I ask them to every three months).
Speed upgrades? I honestly don't care (see the next point). Rogers USED to allow bittorrent traffic; they throttle it now. Rogers USED to allow all ports; some ports are blocked (with no way of unblocking). They do increase my fees, though I seem to get less and less service.
Rogers is now a "dumb pipe". Yahoo provides all of the "smarts". Rogers may not WANT to be just a dumb pipe -- but THEY THEMSELVES made the decisions. Rogers the dumb pipe/Yahoo the services provider. Oh, Rogers DOES provide one service - throttling.
So why wouldn't Rogers go on a "pay per GB" plan? Same as the freakin' Gas Company! Rogers has a monoply, but it sure isn't regulated as it should be.
Quote
"they" didn't do testing on a gbit network card.
And, this means that *I* am supposed to? The reason I spend money on an OS is to assure that it has been tested; if I do the testing there are plenty of no-cost alternatives.
Quote
Network and sound drivers now userland.
Is this good? Back to the gbit network, that would be 100mbytes/second of data. Passed through kernel (i/o priviledged) layers back to "userland" (non i/o priviledged), back to kernel (process isolation) and to another process. What this means: A block of data (of, say, 50K) needs 4 process/privilege transitions. 2000 blocks per second to saturate the link -- that is 8000 context switches per second.
Yes, I *do* take issue with Microsoft. (and Apple, if the DRM measure is implemented in the OS X system).
Basically, DRM for this purpose should not be in a "General Purpose" Operating Environment. Breaking rank and implementing bends to the will of the media companies. I do not mind a crypto facility that I am in control of, though. As long as *I* am in control of the hardware.
If I buy a dedicated player, I don't expect it to be a "General Purpose" device. It would be nice, though, just not what I paid for.
In breaking rank, other proprietary Operating Environment vendors will feel pressured to ALSO include the feature; hardware vendors will feel the pressure, and the media companies will PWN YOU.
How this affects me? I have an excellent HD TV (Hitachi 42") that is analogue (no DVI or HDMI inputs). It actually resolves 1080i, and HD movies look great. But with the ICT token, I cannot view HD (and ICT has just started to be enabled by Studio Canal for some HD-DVD releases). Pisses me off, but at least its limited to my dedicated HD-DVD player. I wouldn't tolerate this on my computer.
So -- no Vista (or even general deployment of XP) for me (I will ALSO not tolerate the need to register my copy -- more than is needed to run a single instance of XP). If OS X does it, I won't be using that either. I guess I am "stuck" with Solaris, Linux and BSD.
Which relates to my signature. Ratboy666 is not (as some may think), the sign of the devil. Ratboy is an indication of my tendency to occasionally "go down ratholes" in search of answers, and 666 is the Unix "open access to all" permission.
Back to the original topic. For these (and some other) reasons, I have never used Microsoft Vista. Which means that the release of "SP1" is of utterly no interest (the reactions of other people is the only interesting thing here).
I am *certainly* not qualified to comment -- I have never used Vista.
But, I am interested in one thing; what criteria do you use when selecting an OS? That I am curious about.
1 - It just came installed 2 - I have an investment in applications 3 - I evaluated it (on performance/cost/other factors) 4 - I trust the vendor 5 - It is the platform needed for a desired application 6 - It is the platform I suspect I need for a future application
"Downloading copyrighted material is theft under the law. Helping people to do this is being an accessory to a crime."
No, downloading copyrighted material is not theft under the law. It *may* be copyright infringement. If you are making a copy. Even THAT is arguable -- either the downloader is making the copy, or the person who is hosting the material is making a copy.
In some jurisdictions the act of "uploading" is copyright infringement. Downloading? Perfectly ok (actually, I think that holds in the US as well).
Or, the material is copyrighted, but the copy has been authorized.
Is running an on-line bulletin board with advertisements against the law? Not in my jurisdiction. As long as that service does not have child pornography, or incite people to hate crimes. If "The Pirate Bay" is found guilty, and that prosecution holds, then *I* could be liable for statments like "If you want a free copy of Harry Potter and the Goblet of Fire, go to google.com and enter the search phrase 'harry potter and the goblet of fire torrent'". The *first* item that comes up is a bittorrent.
There, I just broke your supposed law. And now we have to shut down ME, *and* GOOGLE.
Laws are absolute -- be very careful of what you wish for.
Can ".net" be relied upon? Can the media player be relied upon? How about a "vista gen" installer that uses live video and 3d compositing to assist the user...
Since vista is a demand paged OS, don't the "bloat" pieces stay on disc until they are actually needed? And if THAT is the case, why are they considered "bloat"?
Or, is vista somehow being considered for embedded roles (dsm-320, toshiba hd-a3, etc.). I would imagine it's very late for that party.
Rule #1 of the internet: If you don't want anyone to see something, don't fucking put it it on the internet!
Yes, that includes banking information, and everything else you don't want on the internet.
Now, the internet is a net of nets. It is, after all, the inter-net. It *is* possible to put things on securely -- on nets that are under your control or trust. That would be SSH, and (for your banking pleasure) https to your bank (you must trust your bank).
The information is NEVER unencrypted on a server that you do not have a trust relationship with.
It is still better to not have certain information on a trusted computer, and certain information should ONLY be in someones head.
So, let's review what the statement means:
Rule #1 of the internet: If you don't want anyone to see something, don't fucking put it it on the internet!
"put it on the internet" means "put it on a server that you have no trust relationship with or that you do not, or can not, trust".
Do I trust "MySpace"? No. The ONLY data that you should put on "MySpace" is data that you want the world to see. Do *you* trust "MySpace". Well, if you did, you were a fool. Please note that this is "Rule #1".
I use tripwire to build hashes for all files, and store them "off-machine". The hashes are compared against a baseline, and any differences are highlighted. Disk use in monitored, and (not yet found) anomalies are investigated. Logs are examined, and ssh dictionary attacks are dropped.
The server does NOT run database -- only (pure static) apache. Scripts are NOT run on this machine. Certain things are directed off to https, on another machine, with user/password authentication. That, in turn, actually talks to the db. If there IS a breakin, it almost certainly would have to be an "inside job" and I would be able to find the perp (but only 12-ish people use this system).
The entire disk is also backed to tape, and the size of the tape is checked (it has never been larger than the data backed up). The idea is that a non-OS method is used to determine what the size should be, and this can be compared to the OS method. If the OS method "lies" (that is, root-kitted), the other method will give a different result.
If the contents/length of the files change, the hash would be different, and the hashes are under the control of a DIFFERENT system. Basically, the attacker would need to modify tape firmware, and TWO machines to "invisibly" corrupt the front-end.
So either the hacker has been REALLY REALLY good, or it hasn't happened.
So, I don't know if I have been "exploited", but I really don't think so... Tripwire with offlining logs is probably ok for you.
Of course, what I find *really* fascinating is that PHP duplicates exactely a syntax error in SNOBOL4, but temporally shifted by 40 years...
But, of course, SNOBOL4 was actually designed, and it had an "item(array,index)" function to correct this defect... I am sure that PHP *must* have something equivalent? (I am actually interested in the answer -- I am assuming PHP DOES have a solution that won't involve additional variables),
define('foo()') * because "output = foo()[1]" won't compile -- same as PHP issue...
output = item(foo(),1):(end) * this also works, but is not in the spirit of the thing at all: * a = foo() * output = a[1]:(end) foo foo = array(2)
foo[1] = 'a'
foo[2] = 'b':(return) end
The suit cannot be about infringing copyright -- Ford is alleging "trade dress". Trade dress relates to the the variety of elements in which a product is packaged. Is the Ford motocar packaged in a calendar? When I purchased a Ford product (last time was 2000), NOTHING was mentioned about calendars. Really.
So, it can't be about trade dress, either. Are the accused producing a car that LOOKS like a Ford? No on that as well. Are they using a Ford trademark in a way that would dilute Fords car making reputation? No.
I would have told Ford to sod off.
And, now, a true statement, to raise Ford's ire. My Mazda 2000 MPV is a piece of shit. It has required alternator replacement 4 times, and has required a replacement of the spare tire retention mechanism (a $700 repair) BEFORE the spare was ever needed. As well, I suspect that the front end alignment (power steering or drive mechanism) is defective. DO NOT PURCHASE THIS VEHICLE.
As to WHY anyone would actually want to print up a calendar featuring Ford products? That is a mystery to me.
Of course. The copyright holder has (actually, has no choice) in authorized the copy in Canada (in my example). Which means that 523 US 135 is satisfied. In a sense, NAFTA trumps (I don't think that it is legal to disallow sales or importing of music CDs to Canada. And, if the music is "legal" in Canada, the Canadian Personal Copy Exemption applies). So, overturn NAFTA, and we are good to go again.
Slashdot Mirror
I WISH that there were a "+1 Troll" mod! Just for messages like this!
You just made my day. I just hope that this WAS a troll (and, like any good troll, it's got me guessing).
You Rule!
"Keep in mind that what we (and sun, and philips) needed to provide when bidding for contracts would have been compliance documentation, not down to the byte documentation of internal APIs, memory structures and file formats that were never intended to be used by any third party."
The excuse that the documentation is in "the wrong format or detail level" is a bit absurd -- it SHOULD have been used to design produce the product, and SHOULD have been used to document the product. If the "feedback" loop would allow the documentation and product to vary wildly (it is no longer useful), then the documentation CANNOT be of use internally, either. There SHOULD be a process in place to audit this -- if there isn't, would you not get a BIG FLAG to do some serious process improvement on your ISO 9000 audit?
I guess it could be ignored, but maintenance costs would go up EXPONENTIALLY. After all, new developers have to learn... I guess by the "use the source, Luke" method.
What I find truly fascinating is that it is taking this much effort...
I have never worked for Microsoft, but I have been on staff for Philips in the early '80s, writing software for dedicated word processors. Philips had a department that was dedicated to keeping track of source code, file formats, documentation, to levels required by government (and other) regulation.
Basically, all formats are documented and accessible. I have worked at SUN Microsystems -- same deal. There is a PILE of documentation available for most things. Also, SUN published specifications on a regular basis (NFS, NIS, etc.). It may be more difficult to dig up "ancient history" on OpenOffice (or even impossible) especially as compared to Solaris. But at least the core stuff was documented.
The proof is, of course, in the pudding -- Solaris was successfully open-sourced (which means that ALL copyrights in the source base needed to be traced).
Now you are telling me that Microsoft, with such a high government usage is going to take years to recover from what it should have already had?
Whether the documentation is of ANY use is quite irrelevant. It would be trivial for SUN to supply this information for recent OpenOffice, NFS, NIS, NIS+, Solaris; and they are not even in a monopoly position. It just makes good engineering sense. Are you telling me that Microsoft is THAT badly fucked up?
Actually, insertion of a clause such as "All third party legal remedies incurred during the performance of normal requested duties are to be incurred by the contracting party" or some such suffices. Refer to your atty for details of the required wording in your jurisdiction (acting as an "agent" of your employer may be all that is needed). Also, I carried indemnification insurance when I was self-employed (very expensive).
It's a good trot... But, still a strawman (since I am referring to PERSONAL USE SOFTWARE).
I would hope that you can't enter EULA personally for your company... So, you don't have to read it. Unless, of course, you were hired to provide legal advice for your company.
Personally, this doesn't apply. My lawyer charges a very hefty amount to read and digest documents and provide opinions. But, any employment contract I enter is CERTAINLY passed on to my lawyer. (whether I am free-lancing, or, as I am now, in a staff role).
If my employment contract ever contained a clause that *I WAS LIABLE FOR EULAS* I would strike the clause -- I certainly wouldn't entertain that liability. Now, if YOU have been stuck with this liability; um.. too bad for you (I would offer you my shoulder to cry on).
I am not a liar. I don't consider myself socially inept. But, I used to read EULAs. Of software that I used, anyway.
Since life is too short, I have adopted that attitude that "Either your software is covered by Copyright, or Copyright with GNU contract provisions, or is Public Domain or I don't use it."
Simple and easy. I just don't enter into shrink-wrap license agreements anymore. The last good one was the "Borland - like a book" agreement. Worked for me. Saves money too -- some of these EULAs seem larger than professional service contracts! And they can't be negotiated... why would I agree to be governed by Delaware? Why would I agree to pay Defendents legal costs if I wasn't so ordered by the Court? Why would I give up the right to transfer the license without negotiating something in return?
I even decided that it was too difficult to READ the fucking things, and I turned to "Free and Open Source Software" for my needs.
Isn't that the definition of a "mess"? Is there another player (other than PS/3) that is profile 2.0?
Of the Operating Environments you mentioned, source is available. The last "hold-out" was Microsoft -- even they make source licenses available now.
HP: see http://licensing.hp.com/slm/swl/view.slm?page=source (VMS, Tru64)
Solaris: completely open-source, see http://opensolaris.org/os/
IBM: not sure about them -- older releases of IBMs mainframe OS came with source, so I expect that z/OS comes with source. I *haven't* personally seen the source for AIX.
In general, OSs have ALWAYS come with source; back in the early '80s, for example, Digital VMS came with source (by default on microfiche AFAIR). The "closed source" OS was debuted by CP/M, and carried forward by MSDOS.
BT should really not be compared to HTTP and FTP. BT exists to fill two problems:
1 - a content generator doesn't want to consume bandwidth distributing the SAME material (in which case BT should be compared to MULTICASTING)
and
2 - upstream rates are very limited as compared to downstream rates (for most users interested in certain kinds of content). If up and down speeds were the same, why not use HTTP or FTP? No benefit to BT for the user (but see point 1; BT would still have an advantage for the generator).
BT should last as long as there is such an enormous disparity between upload and download rates (I get 10x more download than upload). But, there are better solutions... What is needed is for a way for an ISP to multicast content WITHOUT knowing what the content is (or being able to trivially find out).
"The other issue is putting a fee on recordable media. If you do that, then making unlimited noncommercial copies should instantly become legal. If I have paid a fee that is theoretically to compensate the artist for my making a copy, then I should therefore be allowed to make as many copies as I want, and do whatever I want with them, as long as I don't sell them."
If there is a fee on recordable media, the artist has been compensated. So, why not allow a sale? Why should there be any difference between the two (legal) copies?
Unless, of course, (like the Canadian Govt), there is a confusion between Copy-right with Transfer-right.
Networking is, indeed, not a necessary component of an OS. However, a number of services do depend on networking.
And, as to my "agenda" -- I am actually a Solaris guy. Yes, I do Linux and Windows work on occasion, but I mostly deal with "lights-out" server farms. Currently, two projects: "utility computing" billing, and a VMS to Unix migration. So, yes, in a way, my bias shows. Both Solaris and VMS have source available, and the drivers can be "end user audited prior to deployment".
Also, the systems I work with (with utility computing test machines are on the other side of the country) would be "useless" without networking.
Back to the technical discussion:
Now... I questioned whether a "user mode network driver" is of use. I *DID NOT* specify whether (or not) such a thing exists. Now, from my (meager, except that I *have* written commercial deployed Windows drivers) knowledge:
From Wikipedia (the simplest reference) -- http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies we discover that the ONLY thing that runs in "user mode" is WinSock. WSK (WinSock kernel), TDI (Transport Driver Interface), AFD (Ancillary Function Driver) all run in kernel mode. The bottom end is still an NDIS driver and this runs in kernel mode as well. (NOTE: this is a reasonably accurate article, in my opinion. But I will also link to other sites, including Microsoft, later, as well).
The UMDF (User Mode Driver Framework) supported in Vista is designed for such things as cell phones, digital cameras, USB devices, etc. UMDF drivers do NOT require Code Integrity Signing (package signing will do) to load as well (which makes it easier for some vendors).
Low performance networking (along the lines of "USB connect ethernet") should CERTAINLY go into a UMDF driver. But, the original poster SPECIFICALLY mentioned gigabit ethernet. To which I replied...
Microsoft ITSELF recommends (http://www.microsoft.com/whdc/driver/foundation/DrvRoadmap.mspx) KMDF for network drivers (which is KERNEL MODE DRIVER FRAMEWORK). As a quick overview for KMDF, try: http://en.wikipedia.org/wiki/Kernel-Mode_Driver_Framework
"Ugh" - Can't answer to that, sorry (I guess I DON'T get out much).
Interestingly, user mode network drivers do not add appreciably to OS stability. The reason is that the driver needs to interact intimately with the network stack -- if the driver is in user mode, the network stack is also in user mode.
If this is not done, either (1) certain features won't work well (failover for one), or (2) performance will be REALLY bad (each packet will require many more context switches - many more than 4 per packet).
Presuming that the network stack itself is moved into user space, it can be brought down with the (supposedly) buggy driver. In turn, the network stack will/may not be able to transfer any other traffic, rendering most any socket level services useless.
The implication is that a bad driver can shut down the network stack. This doesn't affect non-networked or local use, but is just as much of a show stopper as having the OS itself crash.
We still need a "dead-man" switch that can reboot the system (or another communications channel -- the SUN "lights out" management for example).
Putting the network driver into user space *may* increase security, but it would be better to simply 'vette the driver itself.
Personally, I think that the network drivers have been moved to isolate them and prevent driver issues from being potential security holes. This is the (arguably) the only use of the feature. So, the tradeoff is security vs. speed in the context of unreviewed drivers.
We can regain the speed by simply reviewing the drivers -- and network physical drivers are simple enough to verify.
[tinfoil hat]
There is another possiblity. Network drivers are SO simple, that the mechanism to actually run the driver has been put into alternate Operating Environments. The "NDIS" driver model no longer locks the user into Windows. It was time to change the model to keep drivers from the other Operating Environments.
[/tinfoil hat]
Bullshit
Rogers USED to run mail, web, and usenet servers. Not anymore. Rogers USED to supply my modem -- not anymore (they rent it to me, or make me buy it outright). Rogers USED to not have data caps; now they cap me at 60GB per month. Roger *WON'T* sell me business service (I ask them to every three months).
Speed upgrades? I honestly don't care (see the next point). Rogers USED to allow bittorrent traffic; they throttle it now. Rogers USED to allow all ports; some ports are blocked (with no way of unblocking). They do increase my fees, though I seem to get less and less service.
Rogers is now a "dumb pipe". Yahoo provides all of the "smarts". Rogers may not WANT to be just a dumb pipe -- but THEY THEMSELVES made the decisions. Rogers the dumb pipe/Yahoo the services provider. Oh, Rogers DOES provide one service - throttling.
So why wouldn't Rogers go on a "pay per GB" plan? Same as the freakin' Gas Company! Rogers has a monoply, but it sure isn't regulated as it should be.
Quote
"they" didn't do testing on a gbit network card.
And, this means that *I* am supposed to? The reason I spend money on an OS is to assure that it has been tested; if I do the testing there are plenty of no-cost alternatives.
Quote
Network and sound drivers now userland.
Is this good? Back to the gbit network, that would be 100mbytes/second of data. Passed through kernel (i/o priviledged) layers back to "userland" (non i/o priviledged), back to kernel (process isolation) and to another process. What this means: A block of data (of, say, 50K) needs 4 process/privilege transitions. 2000 blocks per second to saturate the link -- that is 8000 context switches per second.
But then, processors *are* cheap these days.
Yes, I *do* take issue with Microsoft. (and Apple, if the DRM measure is implemented in the OS X system).
Basically, DRM for this purpose should not be in a "General Purpose" Operating Environment. Breaking rank and implementing bends to the will of the media companies. I do not mind a crypto facility that I am in control of, though. As long as *I* am in control of the hardware.
If I buy a dedicated player, I don't expect it to be a "General Purpose" device. It would be nice, though, just not what I paid for.
In breaking rank, other proprietary Operating Environment vendors will feel pressured to ALSO include the feature; hardware vendors will feel the pressure, and the media companies will PWN YOU.
How this affects me? I have an excellent HD TV (Hitachi 42") that is analogue (no DVI or HDMI inputs). It actually resolves 1080i, and HD movies look great. But with the ICT token, I cannot view HD (and ICT has just started to be enabled by Studio Canal for some HD-DVD releases). Pisses me off, but at least its limited to my dedicated HD-DVD player. I wouldn't tolerate this on my computer.
So -- no Vista (or even general deployment of XP) for me (I will ALSO not tolerate the need to register my copy -- more than is needed to run a single instance of XP). If OS X does it, I won't be using that either. I guess I am "stuck" with Solaris, Linux and BSD.
Which relates to my signature. Ratboy666 is not (as some may think), the sign of the devil. Ratboy is an indication of my tendency to occasionally "go down ratholes" in search of answers, and 666 is the Unix "open access to all" permission.
Back to the original topic. For these (and some other) reasons, I have never used Microsoft Vista. Which means that the release of "SP1" is of utterly no interest (the reactions of other people is the only interesting thing here).
I am *certainly* not qualified to comment -- I have never used Vista.
But, I am interested in one thing; what criteria do you use when selecting an OS? That I am curious about.
1 - It just came installed
2 - I have an investment in applications
3 - I evaluated it (on performance/cost/other factors)
4 - I trust the vendor
5 - It is the platform needed for a desired application
6 - It is the platform I suspect I need for a future application
or some other reason?
"Downloading copyrighted material is theft under the law. Helping people to do this is being an accessory to a crime."
No, downloading copyrighted material is not theft under the law. It *may* be copyright infringement. If you are making a copy. Even THAT is arguable -- either the downloader is making the copy, or the person who is hosting the material is making a copy.
In some jurisdictions the act of "uploading" is copyright infringement. Downloading? Perfectly ok (actually, I think that holds in the US as well).
Or, the material is copyrighted, but the copy has been authorized.
Is running an on-line bulletin board with advertisements against the law? Not in my jurisdiction. As long as that service does not have child pornography, or incite people to hate crimes. If "The Pirate Bay" is found guilty, and that prosecution holds, then *I* could be liable for statments like "If you want a free copy of Harry Potter and the Goblet of Fire, go to google.com and enter the search phrase 'harry potter and the goblet of fire torrent'". The *first* item that comes up is a bittorrent.
There, I just broke your supposed law. And now we have to shut down ME, *and* GOOGLE.
Laws are absolute -- be very careful of what you wish for.
And what does "MinWin" mean?
Can ".net" be relied upon? Can the media player be relied upon? How about a "vista gen" installer that uses live video and 3d compositing to assist the user...
Since vista is a demand paged OS, don't the "bloat" pieces stay on disc until they are actually needed? And if THAT is the case, why are they considered "bloat"?
Or, is vista somehow being considered for embedded roles (dsm-320, toshiba hd-a3, etc.). I would imagine it's very late for that party.
Sign me: Curious in Toronto.
Um... Let's try this again:
Rule #1 of the internet: If you don't want anyone to see something, don't fucking put it it on the internet!
Yes, that includes banking information, and everything else you don't want on the internet.
Now, the internet is a net of nets. It is, after all, the inter-net. It *is* possible to put things on securely -- on nets that are under your control or trust. That would be SSH, and (for your banking pleasure) https to your bank (you must trust your bank).
The information is NEVER unencrypted on a server that you do not have a trust relationship with.
It is still better to not have certain information on a trusted computer, and certain information should ONLY be in someones head.
So, let's review what the statement means:
Rule #1 of the internet: If you don't want anyone to see something, don't fucking put it it on the internet!
"put it on the internet" means "put it on a server that you have no trust relationship with or that you do not, or can not, trust".
Do I trust "MySpace"? No. The ONLY data that you should put on "MySpace" is data that you want the world to see. Do *you* trust "MySpace". Well, if you did, you were a fool. Please note that this is "Rule #1".
I use tripwire to build hashes for all files, and store them "off-machine". The hashes are compared against a baseline, and any differences are highlighted. Disk use in monitored, and (not yet found) anomalies are investigated. Logs are examined, and ssh dictionary attacks are dropped.
The server does NOT run database -- only (pure static) apache. Scripts are NOT run on this machine. Certain things are directed off to https, on another machine, with user/password authentication. That, in turn, actually talks to the db. If there IS a breakin, it almost certainly would have to be an "inside job" and I would be able to find the perp (but only 12-ish people use this system).
The entire disk is also backed to tape, and the size of the tape is checked (it has never been larger than the data backed up). The idea is that a non-OS method is used to determine what the size should be, and this can be compared to the OS method. If the OS method "lies" (that is, root-kitted), the other method will give a different result.
If the contents/length of the files change, the hash would be different, and the hashes are under the control of a DIFFERENT system. Basically, the attacker would need to modify tape firmware, and TWO machines to "invisibly" corrupt the front-end.
So either the hacker has been REALLY REALLY good, or it hasn't happened.
So, I don't know if I have been "exploited", but I really don't think so... Tripwire with offlining logs is probably ok for you.
When private industry cooperates with government for the "benefit of the people", the name we normally use is facism, not "kinder capitalism".
This close relationship between industry and government may "make the trains run on time", but may also screw the people, without any oversight.
Of course, what I find *really* fascinating is that PHP duplicates exactely a syntax error in SNOBOL4, but temporally shifted by 40 years...
:(end) :(end) :(return)
But, of course, SNOBOL4 was actually designed, and it had an "item(array,index)" function to correct this defect... I am sure that PHP *must* have something equivalent? (I am actually interested in the answer -- I am assuming PHP DOES have a solution that won't involve additional variables),
define('foo()')
* because "output = foo()[1]" won't compile -- same as PHP issue...
output = item(foo(),1)
* this also works, but is not in the spirit of the thing at all:
* a = foo()
* output = a[1]
foo foo = array(2)
foo[1] = 'a'
foo[2] = 'b'
end
So, what have we learned in 40 years?
Um... that would be the same as the last language - scheme. (which probably echoes what everyone else will say).
The suit cannot be about infringing copyright -- Ford is alleging "trade dress". Trade dress relates to the the variety of elements in which a product is packaged. Is the Ford motocar packaged in a calendar? When I purchased a Ford product (last time was 2000), NOTHING was mentioned about calendars. Really.
So, it can't be about trade dress, either. Are the accused producing a car that LOOKS like a Ford? No on that as well. Are they using a Ford trademark in a way that would dilute Fords car making reputation? No.
I would have told Ford to sod off.
And, now, a true statement, to raise Ford's ire. My Mazda 2000 MPV is a piece of shit. It has required alternator replacement 4 times, and has required a replacement of the spare tire retention mechanism (a $700 repair) BEFORE the spare was ever needed. As well, I suspect that the front end alignment (power steering or drive mechanism) is defective. DO NOT PURCHASE THIS VEHICLE.
As to WHY anyone would actually want to print up a calendar featuring Ford products? That is a mystery to me.
Of course. The copyright holder has (actually, has no choice) in authorized the copy in Canada (in my example). Which means that 523 US 135 is satisfied. In a sense, NAFTA trumps (I don't think that it is legal to disallow sales or importing of music CDs to Canada. And, if the music is "legal" in Canada, the Canadian Personal Copy Exemption applies). So, overturn NAFTA, and we are good to go again.