Disclaimer: I work at Microsoft but this is not an official endorsement nor rebuttal of the claims in the article. I'm simply pointing people to where they can verify the claims in the article for themselves
According to the current text in the linked article SuSe explicitly stated that they still support UnitedLinux. The relevant excerpt is
"Accordingly, we are currently reevaluating our relationship with the SCO Group," Seibt continued. "That said,
we want to very clearly and unequivocally voice our support of the ideals and goals of UnitedLinux and the Linux community."
I assume some of this information may be "company secrets" but I'm very interested in learning what metrics are used to determine which source code is "buggier" than others. Is this something as simple as running lint + "gcc -Wall -ansi -pedantic" then piping the output to "wc -l" ?
Are there checks for use of unsafe functions like gets and the str* family of functions in C? Are there more complex data flow analysis algorithms at play here like those in the used in Stanford's Meta-level compilation techniques?
Inquiring minds want to know. A pronouncement like OS foo is has more/less bugs than OS bar is meaningless without a definition of what having more/less bugs means.
I work at Microsoft, David Stutz was influential. He was the driving force behind the closest Microsoft has come to Open Source with his efforts on the Shared Source CLI. Your post is uninformed garbage.
Disclaimer: The above comments do not represent the thoughts, intentions, plans or strategies of my employer. They are solely my opinion.
Service Pack 1 of Office XP (which contains Outlook 2002) adds a feature for disabling HTML mail which is described in Microsoft KB Article # 307594 . Users of previous versions of Outlook can use the macros provided here
...he's described any social system with a large number of participants. At first glance one would think that the World Wide Web and the grand vision of "anyone can be a publisher" would move us away from cliques and one or two very popular entities but the reverse has been true.
For instance, despite how easy it is for anyone to start a Slashdot or Fark ripoff site no one commands as much traffic in their genre as either site. In fact as more people get online, the proportion of those that end up of being Slashbots or Farkheads versus migrating to their "competition" is quite disproportional.
One could also say why despite the fact that the music sharing networks allow anyone to get their music heard by the masses they end up being clogged with the same top 40 shit from the radio from boy bands, Britney Spears and wannabe hip hop thugs.
There are many things computer science education does not teach the average student about programming. This is burdened by the fact that programming can vary significantly across areas of CS (i.e. networking vs. database implementation) and even within the same area (GUI programming on Windows vs. GUI programming on Apple computers).
When I was at GA Tech the administration prided themselves on creating students that could learn quickly about technologies thrown at them and had broad knowledge about various areas of CS. There was also more focus on learning how to program in general than specifics. This meant that there was no C++ taught in school even at the height of the language's popularity because its complexity got in the way of teaching people how to program.
Students were especially thought to learn how to think 'abstractly' which especially with the advent of Java meant not only ignoring how hardware works but also how things like memory management work as well. In the general case, one can't be faulted for doing this while teaching students. Most of my peers at the time were getting work at dotcoms doing Java servlets or similar web/database programming so learning how things like how using linked lists vs. arrays for a data structure affects the number of page faults the system makes were not things that they would really have to concern themselves with considering how things like the virtual machine and database server would be more significantly affect their application than any code they wrote.
Unfortunately for the few people who ended up working on embedded systems where failure is a life or death situation (such as at shops like Medtronic) this meant they sometimes would not have the background to work in those environments. However some would counter that the training they got in school would give them the aptitude to learn what they needed.
I believe the same applies for writing secure software. Few schools teach people how to write secure code not even simple things like why not to use C functions like gets() or strcpy(). However I've seen such people become snapped into shape when exposed to secure programming practices.
I know that a number of vendors require permission before being able to perform and report the results of benchmarking their products especially in the database arena and was wondering if this ruling could me made to apply to them as well?
I don't have a EULA or licence handy but would be quite interested in seeing whether this sets a precedent or is unrelated.
Any professional software development project has regression test suites that are meant to ensure that thinks like patches or checkins do not break previously working functionality. It's one thing for a patch to break some esoteric edge case such as your go to "help: about", then "edit: cut", then "edit: paste" file saves won't work and another for a core scenario to stop working. The former is something that is too expensive to test for and probably will be missed while the latter is something that should be caught.
However, without more details as to what kinds of DHTML is broken by Mozilla one cannot tell if this is an obvious scenario that should have been regression tested (does
Hmmmm, so the researchers thought that the fact that broadband had faster download speeds would mean that people would spend less time online? I'm not surprised that the reverse is true and people spend more time online when using broadband than when they had dialup.
With broadband using the 'net isn't as frustrating with all the waiting around so I don't stop out of irritation. I don't have to get off the 'net to keep the phone line free. I also don't have to deal with the annoying modem screech and inevitable busy signals before connecting to the 'net.
Open Source software is already mainstream both for regular users (look at Apple's OS X) and developers (look at all the work IBM's been doing in this area). What else is there to be done before it is considered mainstream? Grandma submitting a kernel patch by sending in a diff? W
When the W3C XML Schema recommendation was first released, there
were
certain parties whom overwhelmed by its newness, complexity and buggy
implementations began to advocate using as few features as possible
which
culminated in the article W3C XML
Schema Made Simple by
Kohsuke Kawaguchi. However, a year later with parser
implementations getting up to speed and more people using the
technology it
is clear that a number of the earlier misgivings about using some parts
of
the technology were misguided.
I used to love having a PDA (Palm IIIxe) around and used it for a variety of reasons including
Meeting schedule always handy even when I wasn't at work (plus beeping reminders).
Todo list always handy (plus beeping reminders).
Games to play during boring meetings.
Email Inbox always available
No more scrabbling for a pen when I want to get a girl's phone number
reason I stopped using it
It started taking too long to sync Outlook to my Palm which sucked since I used to do it at the end of the workday and waiting 10 - 30 minutes for it to finish syncing wore on my patience.
What hogwash. News sites shouldn't even post such outright lies. Whether or not I GPL a program I write, MS still has the same "rights" to their proprietary software as they did before. My GPLing a program has absolutely no effect on MS or any other company "protecting their intellectual property".
You should put things in context instead of rushing to flame (although rushing to flame is a great way to get +4 or +5 posts on Slashdot). In this specific case the question is whether the government GPLing a piece of software discriminates against proprietary software vendors who want to protect their intellectual property (i.e. their changes) yet want to use the code created by the tax dollars of the corporation and its employees.
As many have pointed out, the GPL is a discriminatory licence in this situation while the BSDL is not. The BSDL isn't much more than putting it in public domain except for the requirement to retain copyright notices. With a putting software in the public domain or licensing it under the GPL then both Open Source and Proprietary software developers can benefit from the software.
You are working backwards. Looking at it objectively, it is clear that a system where applications have to become superuser to perform certain tasks but can relinquish this authority is inferior to a system where superuser priveleges are never given to a process.
Your position is understandable since this is how the Unix security model has worked for decades even though better mechanisms have been proposed but rarely caught on. For example, look at POSIX 1.E which is almost 2 decades for an example of a better model for handling systems permissions than the traditional Unix model. Recently there has been work done on FreeBSD POSIX 1.E capabilities as well as on the Linux front. This is a good indication that more and more people are disatisfied with the deficiencies of the Unix security model and its reliance on a "superuser" account for so many essential tasks.
Lastly I don't think any Linux distro has ever been certified as POSIX compliant although many feel that doing so wouldn't be difficult.
how is this better than setuid, setgid? At least with setuid and setgid, control over system privileges is given on a per-application basis.
Which do you think is more secure? Given a choice between having an application run as root [with all the attendant problems that this entails especially if a security problem is found in the app] versus giving the application minimal privileges [specifically all it needs to get the job done and nothing more], how could anyone think the setuid and setgid approach is better.
The difference between both approaches is the difference between a sledge hammer and a surgeon's scalpel. In fact the only downside to the minimal privileges approach, is performance and efficiency. In this day and age where one can buy half a gig of memory for around $100 and 3.0 GHz processors are on the horizon it really is time for us to adopt techniques for building secure software that have been known for decades but unimplemented due to performance/efficiency concerns.
Slashdot Mirror
Why not download one of the ASP.NET Starter Kits and check it out yourself?
Disclaimer: I work at Microsoft but this is not an official endorsement nor rebuttal of the claims in the article. I'm simply pointing people to where they can verify the claims in the article for themselves
Server Platforms (which includes SQL Server which by itself brings in a billion dollars in revenue) is also profitable.
Disclaimer: The above comments do not represent the thoughts, intentions, plans or strategies of my employer. They are solely my opinion.
What the heck is FRRBBB? Free Registration Required, Bitch, Bitch, Bitch?
I assume some of this information may be "company secrets" but I'm very interested in learning what metrics are used to determine which source code is "buggier" than others. Is this something as simple as running lint + "gcc -Wall -ansi -pedantic" then piping the output to "wc -l" ?
Are there checks for use of unsafe functions like gets and the str* family of functions in C? Are there more complex data flow analysis algorithms at play here like those in the used in Stanford's Meta-level compilation techniques?
Inquiring minds want to know. A pronouncement like OS foo is has more/less bugs than OS bar is meaningless without a definition of what having more/less bugs means.
I work at Microsoft, David Stutz was influential. He was the driving force behind the closest Microsoft has come to Open Source with his efforts on the Shared Source CLI. Your post is uninformed garbage.
Disclaimer: The above comments do not represent the thoughts, intentions, plans or strategies of my employer. They are solely my opinion.
- Introduction
- How To Be Sexy
- The Art of the Pickup
- The Dating Game
- On Being Good In Bed
- Sex and Consequences
- Relationship Management
- Avoiding the Curse of Oversensitivity
Probably the most unintentionally funny thing ESR has ever written.Service Pack 1 of Office XP (which contains Outlook 2002) adds a feature for disabling HTML mail which is described in Microsoft KB Article # 307594 . Users of previous versions of Outlook can use the macros provided here
...he's described any social system with a large number of participants. At first glance one would think that the World Wide Web and the grand vision of "anyone can be a publisher" would move us away from cliques and one or two very popular entities but the reverse has been true.
For instance, despite how easy it is for anyone to start a Slashdot or Fark ripoff site no one commands as much traffic in their genre as either site. In fact as more people get online, the proportion of those that end up of being Slashbots or Farkheads versus migrating to their "competition" is quite disproportional.
One could also say why despite the fact that the music sharing networks allow anyone to get their music heard by the masses they end up being clogged with the same top 40 shit from the radio from boy bands, Britney Spears and wannabe hip hop thugs.
There are many things computer science education does not teach the average student about programming. This is burdened by the fact that programming can vary significantly across areas of CS (i.e. networking vs. database implementation) and even within the same area (GUI programming on Windows vs. GUI programming on Apple computers).
When I was at GA Tech the administration prided themselves on creating students that could learn quickly about technologies thrown at them and had broad knowledge about various areas of CS. There was also more focus on learning how to program in general than specifics. This meant that there was no C++ taught in school even at the height of the language's popularity because its complexity got in the way of teaching people how to program.
Students were especially thought to learn how to think 'abstractly' which especially with the advent of Java meant not only ignoring how hardware works but also how things like memory management work as well. In the general case, one can't be faulted for doing this while teaching students. Most of my peers at the time were getting work at dotcoms doing Java servlets or similar web/database programming so learning how things like how using linked lists vs. arrays for a data structure affects the number of page faults the system makes were not things that they would really have to concern themselves with considering how things like the virtual machine and database server would be more significantly affect their application than any code they wrote.
Unfortunately for the few people who ended up working on embedded systems where failure is a life or death situation (such as at shops like Medtronic) this meant they sometimes would not have the background to work in those environments. However some would counter that the training they got in school would give them the aptitude to learn what they needed.
I believe the same applies for writing secure software. Few schools teach people how to write secure code not even simple things like why not to use C functions like gets() or strcpy(). However I've seen such people become snapped into shape when exposed to secure programming practices.
Right Here
I know that a number of vendors require permission before being able to perform and report the results of benchmarking their products especially in the database arena and was wondering if this ruling could me made to apply to them as well?
I don't have a EULA or licence handy but would be quite interested in seeing whether this sets a precedent or is unrelated.
The Judge's opinion is available as a PDF obtained via the C|Net article.
For those who were wondering what the specific problems the GNU folks have with the APSL are, the GNU site lists their problems with the Apple License
However, without more details as to what kinds of DHTML is broken by Mozilla one cannot tell if this is an obvious scenario that should have been regression tested (does work?) or an edge case.
Hmmmm, so the researchers thought that the fact that broadband had faster download speeds would mean that people would spend less time online? I'm not surprised that the reverse is true and people spend more time online when using broadband than when they had dialup.
With broadband using the 'net isn't as frustrating with all the waiting around so I don't stop out of irritation. I don't have to get off the 'net to keep the phone line free. I also don't have to deal with the annoying modem screech and inevitable busy signals before connecting to the 'net.
Why wouldn't I spend more time online?
Open Source software is already mainstream both for regular users (look at Apple's OS X) and developers (look at all the work IBM's been doing in this area). What else is there to be done before it is considered mainstream? Grandma submitting a kernel patch by sending in a diff? W
People who bought this book also bought clean underwear, ladybug rainboots and cheetah print slippers
When the W3C XML Schema recommendation was first released, there were certain parties whom overwhelmed by its newness, complexity and buggy implementations began to advocate using as few features as possible which culminated in the article W3C XML Schema Made Simple by Kohsuke Kawaguchi. However, a year later with parser implementations getting up to speed and more people using the technology it is clear that a number of the earlier misgivings about using some parts of the technology were misguided.
This is very similar to the situation with Mozilla and C++. In 1998, a few months after the ISO standard was ratified a set of guidelines for using C++ were specified by the Mozilla team which included rules like don't use templates, don't use exceptions, and don't use namespaces. Since then the Mozilla team has looked back at their decision and realized that some of the decisions they made were unwise specifically listed as mistakes were avoiding exceptions and templates. I truly commend the Mozilla team for making their post mortem available online for other [C++ or otherwise based] software development projects to learn from.
This article aims to do the same thing for the XML community and the W3C XML Schema recommendation.
- Meeting schedule always handy even when I wasn't at work (plus beeping reminders).
- Todo list always handy (plus beeping reminders).
- Games to play during boring meetings.
- Email Inbox always available
- No more scrabbling for a pen when I want to get a girl's phone number
reason I stopped using itThe Federal Ministry of the Interior in Austria is the first government body in Europe to be granted the source code for Windows XP under Microsoft's Shared Source Initiative
What hogwash. News sites shouldn't even post such outright lies. Whether or not I GPL a program I write, MS still has the same "rights" to their proprietary software as they did before. My GPLing a program has absolutely no effect on MS or any other company "protecting their intellectual property".
You should put things in context instead of rushing to flame (although rushing to flame is a great way to get +4 or +5 posts on Slashdot). In this specific case the question is whether the government GPLing a piece of software discriminates against proprietary software vendors who want to protect their intellectual property (i.e. their changes) yet want to use the code created by the tax dollars of the corporation and its employees.
As many have pointed out, the GPL is a discriminatory licence in this situation while the BSDL is not. The BSDL isn't much more than putting it in public domain except for the requirement to retain copyright notices. With a putting software in the public domain or licensing it under the GPL then both Open Source and Proprietary software developers can benefit from the software.
You are working backwards. Looking at it objectively, it is clear that a system where applications have to become superuser to perform certain tasks but can relinquish this authority is inferior to a system where superuser priveleges are never given to a process.
Your position is understandable since this is how the Unix security model has worked for decades even though better mechanisms have been proposed but rarely caught on. For example, look at POSIX 1.E which is almost 2 decades for an example of a better model for handling systems permissions than the traditional Unix model. Recently there has been work done on FreeBSD POSIX 1.E capabilities as well as on the Linux front. This is a good indication that more and more people are disatisfied with the deficiencies of the Unix security model and its reliance on a "superuser" account for so many essential tasks.
Lastly I don't think any Linux distro has ever been certified as POSIX compliant although many feel that doing so wouldn't be difficult.
how is this better than setuid, setgid? At least with setuid and setgid, control over system privileges is given on a per-application basis.
Which do you think is more secure? Given a choice between having an application run as root [with all the attendant problems that this entails especially if a security problem is found in the app] versus giving the application minimal privileges [specifically all it needs to get the job done and nothing more], how could anyone think the setuid and setgid approach is better.
The difference between both approaches is the difference between a sledge hammer and a surgeon's scalpel. In fact the only downside to the minimal privileges approach, is performance and efficiency. In this day and age where one can buy half a gig of memory for around $100 and 3.0 GHz processors are on the horizon it really is time for us to adopt techniques for building secure software that have been known for decades but unimplemented due to performance/efficiency concerns.