Don't you realize, this is the best business model of all? But of course, now that the nerds, geeks and generally intelligent people are widely blaming microsoft they want to quickly sidestep widespread scrutiny by (you guessed it) telling us security is their highest priority.
As someone who's actually inside the Borg cube I can tell you that security is currently our highest priority. Thousands of people across various product teams have attended security lectures, new development has been stopped, old code and new code has been stringently reviewed, an emphasis on secure defaults is beginning to occur, and new functionality is designed with security in mind before all else.
Of course some people will complain about why this has taken so long while others will probably say "better late than never" but either way it should be noted that a code review/security audit on this scale is probably unprecedented in software development history. Some may chime in about how Open Source is supposedly a constant large scale code review but I've previously written on the fallacy of this kind of thinking.
Now on to counter the main claims of your post that releasing software with security issues is a good business model. This may have been true in an un-networked world where the most a compromise could do was allow another user on your system perform some mischief but in a world where some kid in Asia can tie up mail servers on most of the planet by using a GUI virus toolkit, security becomes very important. Unfortunately across the entire software development spectrum from *NIX to Windows, from Open Source to proprietary we as developers are failing and clinging to panaceas and silver bullets (Open Source - the with many all bugs are shallow myth, safe programming languages, just use crypto, etc) when in truth there is more to security than just applying a buzzword technology or software development style. I outlined some of the practices and techniques that lead to more secure software in my The Myth of Open Source Security Revisited v2.0 article. Having done some more research into security issues I should probably do a followup article and focus on other fallacies and problems which lead to complacency in software development and from there insecure software.
Disclaimer:This post is my opinion and does not reflect the opinions, intentions, strategies or plans of my employer.
an interface to the MSDN KB that actually works. And by works, I mean, returns useful hits on queries. I almost always resort to searching the MSDN KB using Google, usually with quicker, more accurate results. Tell your employers that they should spend some time and money making their online support tools less shitty.
Believe me, the folks at MSDN are well aware of how unsatisfied some people are by their search results. If and when any drastic change will occur is in doubt so for now I suggest using the Microsoft-related search on Google
Re:Cool, but.... They never said if was free!
on
Google to Offer API
·
· Score: 4, Informative
They could actually charge for a devkit or usage to break even on the project. Even if it did costsome money, I could see it being well worth the price, if it works well.
I just wonder how it will tie into my app. Will it open my browser? Will the Google Bar plugin be the foundation?
The post describes a SOAP web service which in most cases is an RPC call in your application of choice. However unlike RPC in days of yore using SOAP to do RPC in applications is relatively easy. If you want to learn more about SOAP I suggest reading A GEntle Introduction To SOAP by Sam Ruby for an overview of the protocol and A Busy Developer's Guide to WSDL 1.1 to see how one could go from defining a WSDL file (as the Google sys admin is trying to do) to actually accessing the web service remotely from a Java application.
To answer your question, if the Google API is available as a web service then it can be intergrated into any application at all from command line to dynamic web page to GUI application as long as there is network availability on the host machine.
Re:This is the beginning of the revolution
on
Google to Offer API
·
· Score: 3, Interesting
It's not MSDN and MSN.
I'm curious as to whether people would actually want such functionality from MSDN. It's one thing to be able to do a Google search from a function call and get the results back as XML but do people want API docs and technical articles retrieved via getArticle() and getAPI() webmethods?
One place where it might be useful however is KnowledgeBase articles. Perhaps a web service that retrieves a KB article given the Q number (e.g. Q123456) might be useful.
Disclaimer: This post is my opinion on doesnot reflect the thoughts, strategies, intentions or opinions of my employer.
That is flat out silly. Java provides object wrappers for it's primitive types.
Object wrappers for primitives is not the same as the primitives themselves being treated as objects. Anyone whose used a true OO language like Smalltalk cringes and the inconsistency in Java between primitives and objects. Even C++ tries to make them as interchangeable as possible especially with templates.
For instance in Java there's no way to pass just a primitive like "5" or 2.6 to a method that takes an object while in C# and Smalltalk you can.
If you want to talk about non-OOP features, C# is full of them. Like structs for example. Who came up with that idea? And how about pointers? WTF?
The above comments how that you've somehow confused object oriented with Java which unfortunately are not the same thing. An object oriented system has 3 main qualities i) encapsulation or information hiding ii) inheritance and iii) polymporhism. All three of which can be done with C# structs (or value types). Secondl, I am immensely confused what the existence of an explicit pointer type has to do with whether a language is OO or not.
As far as Indexers go (and pretty much all the differences between Java and C#), they are just syntactic sugar that really just makes code confusing to read compared to Java.
That's a hoot! The fact is that CLR doesn't support anything that can't be accessed from C#. That's why implementations of other languages have had to drop features like multiple inheritance before CLR implementations. All CLR does is provide a Procrustian cot for other languages to lie on. Head over the top? Lop it off!
The Java VM was designed to run Java while the CLR was designed to be language agnostic. The fact that C++ can run on the CLR is a testament to this fact.
More Information: Taken From My K5 Submission
on
MS: Use the Source, Luke!
·
· Score: 5, Informative
Microsoft has released a shared source implementation of the Common Language Runtime (CLI).The Common Language Infrastructure (CLI) is the ECMA standard that describes the core of the.NET Framework world. The Shared Source CLI is a compressed archive of the source code to a working implementation of the ECMA CLI and the ECMA C# language specification. The shared source CLI license is available here.
Features
An implementation of the runtime for the Common Language Infrastructure (ECMA-335) that builds and runs on Windows XP and FreeBSD
Compilers that work with the Shared Source CLI for C# (ECMA-334) and JScript
Development tools for working with the Shared Source CLI such as assembler/disassemblers (ilasm, ildasm), a debugger (cordbg), metadata introspection (metainfo), and other utilities
The Platform Adaptation Layer (PAL) used to port the Shared Source CLI from Windows XP to FreeBSD
Build environment tools (nmake, build, and others)
Documentation for the implementation
Test suites used to verify the implementation
[This is mostly cut & paste from the MSDN page]
A few semi-interesting threads have started about this on K5 including this one and this one.
I've always known this was true, but now we have a REAL company vouching it..but how does MS do it? Do they send goons in and say "if you don't install Windows we will break your legs?" I mean, how is this different from racketeering? The Mafia does that in major cities with Waste Management. You can only use THEIR company, or they break your legs or set your building on fire. WHich is very similar to how tings work in Eastern-bloc countries.
I don't know where you are from but in the United States exclusive contracts are a typical occurence in the business environment. The only thing that makes MSFT's an issue is that after a company has achieved a certain amount of market share it may be unfair for them to have exclusive deals with other vendors because it may effectively shut down the competition.
AFor instance a common example of such exclusive deals is schools, stadia, fast food places and restuarants that only serve soft drinks from a particular vendor (e.g. only Pepsi or Coke products).
However it is up to the courts to decide whether there was anything inappropriate about these OEM deals and if so to come up with a decision. Likening it to racketeering on the other hand is a gross exagerration and implies that you think that MSFT forces its competitors to accede to its demands through violent means. If you know this for a fact I'm sure the courts would love to hear your testimony.
Re:Gotta represent (er, maintain)
on
More Marcelo Tosatti
·
· Score: 5, Interesting
Does it strike anyone else as strange that the Linux kernel is still run by a small monarchy?
Actually the truth of the matter is that most successful projects are run by a small group of people (e.g. one to four) with absolute say and complete CVS access with a smattering of others who submit patches on and on and a number of others who submit bug reports. I've actively monitored Open Source projects of various sizes including Scoop, JDEE, Mono and Xindice where the general case seems to be that core development was done by one to four members of the team who controlled most or all of the project with token contributions coming in from a few more.
In fact the recent Slashdot article on KOffice did nothing but reinforce the notion that I've long since suspected that most Free Software/Open Source projects are primarily the work of a small, autocratic team regardless of the size or scope of the project.
If you look back, I think you'll see that RMS concieved the copyleft because a number of projects he was working on suddenly went commercial, leaving his out of the loop and separated from the hard work he'd been putting in.
Interesting, I've never heard this version of events before.
On the stuff I've been reading about finding and fixing buffer overflows, it seems like it's generally not too hard to spot where these things could potentially happen.
From this statement I assume you are not a programmer. Buffer overflows caused by using known unsafe library functions (e.g. strcpy, strcat, gets, etc.) can be handled by simple pattern matching but actually investigating the code to make sure every memory/array access does not go out of bounds is not a simple pattern matching problem.
I just looked at the Symantec write up for W32.HLLP.Sharpei@mm and from what I read its primarily just another social engineering email-with-executable-attachment worm ("Please run this MSFT update") which happens to use C# in some of the code it runs after it has 0wn3d your machine.
The fact that the worm tries to run a C# executable after it has already compromised the machine is not much of a technical feat since it could run anything including a Perl script, Java program, Lisp code, etc as long as the runtimes were available on the target machine.
Disclaimer:The opinions expressed in this post are mine and mine alone and do not reflect the opinions, wishes, strategies or intentions of my employer.
Whether you're in school or not, learning about developing in a Microsoft environment requires parting with some cash. Personally I'd love to have copies of Microsoft development tools just so I can learn about the technology, but I'm not going to spend hundreds of dollars on a product just to try it out.
Actually many Microsoft development tools are available for free download or can be shipped on CD for the little more than the price of shipping and handling. These include
I also know that one can download the data access SDK to allow development of ODBC and ADO apps but don't have a link handy. Anyway my point is that Microsoft does allow developer's to learn about their platform without requiring them to part with some cash. However some of these SDKs do require Visual C++ which is priced academically starting at $44.95
Disclaimer: I am a Microsoft employee but this post is not being made in any official capacity nor does it reflect the wishes, intentions, strategies or opinions of my employer.
In the boxing match that is MS vs AOL... I'm cheering for AOL.
Why is this? AOL Time Warner supports the DMCA, the SSSCA and was against DeCSS this is besides the fact that they are the primary source of information for millions of people via their ownership of Time magazine, CNN, Warner Brothers movies and records, TNT, TBS, the WB televison network, Sports Illustrated, NewLine Cinema, as well as their online ventures which means they are the influencing the lives and actions of millions of people around the world.
I can see where one may dislike a company becoming the primary provider of software related goods and services but don't see why that same person would not be even more wary of another company becoming the primary provider of information related goods and services from internet access to the news we read and watch.
Disclaimer: The opinions in this post are mine and do not reflect the opinions, wishes, intentions or strategies of my employer.
Wrong: Google Makes 70% Of Revenue From Ads
on
Search Engine Payola
·
· Score: 3, Informative
Google's biggest income source is the licensing of their search technology out as intranet solutions. Of late, there was a story about Google's new search-engine-in-box, a rack-mountable, scalable solution for companies looking to search-index all internal documents.
Simplicity? XML is about as simple as you can get. XML is just straight text in tags similar to HTML. Of course, it's only go to do with data transfer, but XML is generally very simple. And for those people who don't know "data" from a hole in thr ground, there's no reason to use XML in the first place.
In the good old days, XML was simple but this is no longer the case as the W3C has created more and more complex standards that seem to require a P.hD to understand.
Want to specify a structure for your XML? XMLSchemas
Many of the above standards are rather complex and difficult for most people to understand completely. This is besides the stuff one has to understand about XML infoset and XML namespaces to fully understand how to use XML properly.
DISCLAIMER: The opinions in the above post are MINE ALONE and do not reflect the opinions, intentions or strategies of my employer.
Article is inaccurate.
on
What is .NET?
·
· Score: 4, Informative
Although the article is a decent technical overview of the.NET Framework I don't agree with the articles description of what constitutes.NET. From looking at.NET first hand I prefer Miguel's description of.NET which is
Microsoft.NET strategy encompasses many efforts including:
The.NET development platform, a new platform for writing software [.NET Framework discussed in article]
Web services
Microsoft Server Applications
New tools that use the new development platform
Hailstorm, the Microsoft.NET Passport-centralized single sign-on system that is being integrated into Microsoft Windows XP. [now called.NET My Services]
Disclaimer: I work at MSFT but this is MY PERSONAL OPINION not some official claim.
I think the difference is that.NET and C# are designed as a network-based platform; e.g., you grab code off of the 'net as you need it, rather than storing everything locally.
Really??? What gives you this idea? Java + VM is relatively equivalent to C# + CLR (as mentioned in my article that appeared on Slashdot a while ago). Code can be downloaded from the Internet and run just like with Java applets or RMI applications but this is far from the primary design of the platform .
Of all the people in the world I'd expect to criticize a technology without adequately reading up on it first, Bill Joy would have beemn one of the last I'd expect to do such a thing.
Bill Joy (and your post) go on and on about the vulnerability of network programming then ends with the reference to unsafe code which aims at giving the impression that downloaded.NET code can be unsafe. However this is incorrect, and I quote
From a technical viewpoint, the term unsafe refers to whether the program is known to be safe. Before a program is converted from
intermediate language (IL) to native code, there's a part of the runtime security system known as the verifier that looks at the IL to
determine whether it's safe to execute. In this context, safe means that the verifier can prove that the IL doesn't do anything unsavory.
IL safety is important for certain Microsoft.NET scenarios--it's nice to know that the chunk of code that you downloaded from a Web site
isn't going to do anything bad to your machine. The default policy for remote code (either from a Web site or from a net share) is that the
code must be verified safe to execute.
In other situations, it's useful to write code that can't be verified to be safe. In C#, any use of pointers generates unsafe code, as does any
use of interop, such as COM interop or platform invoke.
Since you don't want to write such code inadvertently, C# requires you to use the unsafe keyword on your class or method whenever you
write code that deals with pointers. When you use the unsafe keyword, the resulting IL is marked as unsafe and can only run in a fully
trusted environment (usually, security policy only trusts local assemblies). In the current version of the runtime, unsafe is defined at an
assembly level, so having any unsafe code in assembly makes the entire assembly unsafe.
If the underlying security model is flawed then no amount of patches will change this fact. For instance, UNIX has a superuser account in an environment where the programs are written in an unsafe language like C. Almost every UNIX security exploit is based on this fundamental flaw in the security model.
Both your questions are irrelevant. The first set of questions about whether Microsoft can change the C# and CLI spec is irrelevant because already a lot of stuff in.NET is not in the C# or CLI specification. Miguel has stated that creating a compatible implementation of.NET is not his goal yet people keep assuming it is. The CLI and C# are good technologies that fix some of the mistakes that Sun made with Java (and made some new ones) but somehow assuming that implementing the development platform now means that Ximian will have to mirror the.NET development environment when MSFT probably has twice or thrice the number of programmers working on.NET fulltime versus Mono's five fulltime and about fifty volunteer employees.
Quite frankly, I don't ever expect Mono to be a port of the.NET framework to Linux. Instead I assume it will be a successful port of C# and the Common Language Infrastructure which is good enough for me.
As for your second set of questions, I somehow doubt that MSFT can hand over their technology to a standards body yet still threaten to sue anyone who implements it. However, IANAL and stranger things have happened.
I love the idea of a common runtime environment that supports C++, Java, Perl, Python, etc., runs on all platforms, etc. etc. etc., but I DON'T want that platform in any way controlled by Microsoft (or by Sun, or RedHat, or me!) If any one entity controls the platform, that one entity has entirely too much power - we've simply traded one monopolist for another.
Considering that C# and the CLI are ECMA standards exactly how does Microsoft control the Mono platform? However Java is very much still entirely controlled by Sun which hasn't stopped a vibrant Free Software community to grow around Java? So even if C# and the CLI were completely controlled by MSFT (which they aren't) there is no reason why Free Software cannot benefit from it.
Now, if Miquel wishes to create such an environment under GPL, with no patents held by any organization, then I'm all for it - that way no one organization can embrace and extend the spec.
According to miguel the Mono runtime is released under the LGPL, the compiler is released under the GPL, and the class libraries are released under the X11 license..
From where I sit that is all FREE SOFTWARE unless you are one of those GPL zealots that believes that if it isn't GPL it isn't Free Software even though we all know that Apache, BSD, Kerberos, BIND, etc aren't GPL.
The linked article clearly mentions that MSFT uses the BSD implemntation of FTP and a few more command line tools. Here is an excerpt since you don't seem to have read it
However, it looks like some of those Unix utilities were never rewritten. If you look at the executables, you can still see the copyright notice from the regents of the University of California (BSD is short for Berkeley Software Distrubution, Berkeley being a branch of the University of California, for some reason referred to as "Berkeley" on the East Coast and "California" on the West Coast...and "Berkeley" is one of those words that starts to look real funny if you stare at it too long - but I digress).
Keep in mind there is no reason to rewrite that code. If your ftp client works fine (no comments from the peanut gallery!) then why change it? Microsoft has other fish to fry. And the software was licensed perfectly legally, since the inclusion of the copyright notice satisfied the BSD license.
However, the point of contention has always been the claim that the MSFT Windows TCP/IP stack "stole" code from BSD and not whether some command line utilities are ports of the BSD versions.
Well if we talk about software being taken from BSD, used, and the source dissappears for ever, there is probably no better example than Microsoft [microsoft.com]. Their network stack owes a lot to BSD, but has any of it been passed back? No.
This claim is one of those internet myths that has festered on Slashdot that has never been conclusively proved.
Secondly, unlike most of the zealots on Slashdot I don't think the purpose of Free Software is a battle between prospective platforms and user communities but instead is the optimal way to provide utility to users of software. Even if MSFT uses a BSD-derived TCP/IP stack, this would mean that improved networking has benefitted millions of computer users who use MSFT Windows and couldn't handle BSD boxen. The BSD license is about getting as many people as possible to benefit from your software and not an attempt to bend the software industry to the world view of a dissaffected MIT computer science professor.
Yeah, thats rocket science all right, boy. Put the bacardi down and masturbate 2 handed you will enjoy it more.
LOL. What makes him a geek isn't the fact that what he did is difficult, it is the fact that he does this in his free time. The same way Linus is a supreme geek in my eyes because he works on a freaking operating system as his means of unwinding after a hard day of work. Of couurse, it takes a real geek to appreciate such things.:)
I sit here a newly minted graduate about to start my first job after getting my Bachelor's degree in two weeks. Most of my friends suggested that I go on a vacation or get drunk non-stop to celebrate my last real month of freedom. So it's 11:50 PM on a Friday night and I'm sitting here sipping some Bacardi-O while passing up an opportunity to go clubbing to work on an implementation for an XML database query language that I plan to GPL or BSD license upon completing.
Yet all I can say is this guy is the biggest geek I have ever seen. I am bowled over. The part about writing a Perl script to analyze the output of the image to ASCII art program to match his distribution of Modulux blocks was the straw that broke the camel's back. That is bad ass!!!
GCC constructs that made it into the C99 standard
on
Borland C++ For Linux
·
· Score: 2
whether the GCC folks are doing anything to try and get their extensions included in the standard?
A number of GCC-isms ended up in the C99 standard. Such as support for C++-style comments, inline functions and named initializations of structs.
For more info on C99 differences from C89 try reading Are you Ready For C99? which appeared on Kuro5hin about a year ago.
Slashdot Mirror
Don't you realize, this is the best business model of all? But of course, now that the nerds, geeks and generally intelligent people are widely blaming microsoft they want to quickly sidestep widespread scrutiny by (you guessed it) telling us security is their highest priority.
As someone who's actually inside the Borg cube I can tell you that security is currently our highest priority. Thousands of people across various product teams have attended security lectures, new development has been stopped, old code and new code has been stringently reviewed, an emphasis on secure defaults is beginning to occur, and new functionality is designed with security in mind before all else.
Of course some people will complain about why this has taken so long while others will probably say "better late than never" but either way it should be noted that a code review/security audit on this scale is probably unprecedented in software development history. Some may chime in about how Open Source is supposedly a constant large scale code review but I've previously written on the fallacy of this kind of thinking.
Now on to counter the main claims of your post that releasing software with security issues is a good business model. This may have been true in an un-networked world where the most a compromise could do was allow another user on your system perform some mischief but in a world where some kid in Asia can tie up mail servers on most of the planet by using a GUI virus toolkit, security becomes very important. Unfortunately across the entire software development spectrum from *NIX to Windows, from Open Source to proprietary we as developers are failing and clinging to panaceas and silver bullets (Open Source - the with many all bugs are shallow myth, safe programming languages, just use crypto, etc) when in truth there is more to security than just applying a buzzword technology or software development style. I outlined some of the practices and techniques that lead to more secure software in my The Myth of Open Source Security Revisited v2.0 article. Having done some more research into security issues I should probably do a followup article and focus on other fallacies and problems which lead to complacency in software development and from there insecure software.
Disclaimer: This post is my opinion and does not reflect the opinions, intentions, strategies or plans of my employer.
an interface to the MSDN KB that actually works. And by works, I mean, returns useful hits on queries. I almost always resort to searching the MSDN KB using Google, usually with quicker, more accurate results. Tell your employers that they should spend some time and money making their online support tools less shitty.
Believe me, the folks at MSDN are well aware of how unsatisfied some people are by their search results. If and when any drastic change will occur is in doubt so for now I suggest using the Microsoft-related search on Google
They could actually charge for a devkit or usage to break even on the project. Even if it did costsome money, I could see it being well worth the price, if it works well.
.NET Framework community website.
I just wonder how it will tie into my app. Will it open my browser? Will the Google Bar plugin be the foundation?
The post describes a SOAP web service which in most cases is an RPC call in your application of choice. However unlike RPC in days of yore using SOAP to do RPC in applications is relatively easy. If you want to learn more about SOAP I suggest reading A GEntle Introduction To SOAP by Sam Ruby for an overview of the protocol and A Busy Developer's Guide to WSDL 1.1 to see how one could go from defining a WSDL file (as the Google sys admin is trying to do) to actually accessing the web service remotely from a Java application.
There is also a grab bag of resources on XML webservices at the
To answer your question, if the Google API is available as a web service then it can be intergrated into any application at all from command line to dynamic web page to GUI application as long as there is network availability on the host machine.
It's not MSDN and MSN.
I'm curious as to whether people would actually want such functionality from MSDN. It's one thing to be able to do a Google search from a function call and get the results back as XML but do people want API docs and technical articles retrieved via getArticle() and getAPI() webmethods?
One place where it might be useful however is KnowledgeBase articles. Perhaps a web service that retrieves a KB article given the Q number (e.g. Q123456) might be useful.
Disclaimer: This post is my opinion on doesnot reflect the thoughts, strategies, intentions or opinions of my employer.
Object wrappers for primitives is not the same as the primitives themselves being treated as objects. Anyone whose used a true OO language like Smalltalk cringes and the inconsistency in Java between primitives and objects. Even C++ tries to make them as interchangeable as possible especially with templates.
For instance in Java there's no way to pass just a primitive like "5" or 2.6 to a method that takes an object while in C# and Smalltalk you can.
If you want to talk about non-OOP features, C# is full of them. Like structs for example. Who came up with that idea? And how about pointers? WTF?
The above comments how that you've somehow confused object oriented with Java which unfortunately are not the same thing. An object oriented system has 3 main qualities i) encapsulation or information hiding ii) inheritance and iii) polymporhism. All three of which can be done with C# structs (or value types). Secondl, I am immensely confused what the existence of an explicit pointer type has to do with whether a language is OO or not.
As far as Indexers go (and pretty much all the differences between Java and C#), they are just syntactic sugar that really just makes code confusing to read compared to Java.
Really? So is easier to read than On what planet?
That's a hoot! The fact is that CLR doesn't support anything that can't be accessed from C#. That's why implementations of other languages have had to drop features like multiple inheritance before CLR implementations. All CLR does is provide a Procrustian cot for other languages to lie on. Head over the top? Lop it off!
The Java VM was designed to run Java while the CLR was designed to be language agnostic. The fact that C++ can run on the CLR is a testament to this fact.
Features
- An implementation of the runtime for the Common Language Infrastructure (ECMA-335) that builds and runs on Windows XP and FreeBSD
- Compilers that work with the Shared Source CLI for C# (ECMA-334) and JScript
- Development tools for working with the Shared Source CLI such as assembler/disassemblers (ilasm, ildasm), a debugger (cordbg), metadata introspection (metainfo), and other utilities
- The Platform Adaptation Layer (PAL) used to port the Shared Source CLI from Windows XP to FreeBSD
- Build environment tools (nmake, build, and others)
- Documentation for the implementation
- Test suites used to verify the implementation
[This is mostly cut & paste from the MSDN page]A few semi-interesting threads have started about this on K5 including this one and this one.
I've always known this was true, but now we have a REAL company vouching it..but how does MS do it? Do they send goons in and say "if you don't install Windows we will break your legs?" I mean, how is this different from racketeering? The Mafia does that in major cities with Waste Management. You can only use THEIR company, or they break your legs or set your building on fire. WHich is very similar to how tings work in Eastern-bloc countries.
I don't know where you are from but in the United States exclusive contracts are a typical occurence in the business environment. The only thing that makes MSFT's an issue is that after a company has achieved a certain amount of market share it may be unfair for them to have exclusive deals with other vendors because it may effectively shut down the competition.
AFor instance a common example of such exclusive deals is schools, stadia, fast food places and restuarants that only serve soft drinks from a particular vendor (e.g. only Pepsi or Coke products).
However it is up to the courts to decide whether there was anything inappropriate about these OEM deals and if so to come up with a decision. Likening it to racketeering on the other hand is a gross exagerration and implies that you think that MSFT forces its competitors to accede to its demands through violent means. If you know this for a fact I'm sure the courts would love to hear your testimony.
Does it strike anyone else as strange that the Linux kernel is still run by a small monarchy?
Actually the truth of the matter is that most successful projects are run by a small group of people (e.g. one to four) with absolute say and complete CVS access with a smattering of others who submit patches on and on and a number of others who submit bug reports. I've actively monitored Open Source projects of various sizes including Scoop, JDEE, Mono and Xindice where the general case seems to be that core development was done by one to four members of the team who controlled most or all of the project with token contributions coming in from a few more.
In fact the recent Slashdot article on KOffice did nothing but reinforce the notion that I've long since suspected that most Free Software/Open Source projects are primarily the work of a small, autocratic team regardless of the size or scope of the project.
If you look back, I think you'll see that RMS concieved the copyleft because a number of projects he was working on suddenly went commercial, leaving his out of the loop and separated from the hard work he'd been putting in.
Interesting, I've never heard this version of events before.
I thought RMS started Free Software after the issue with the printer driver.
<irony> A MSFT employee correcting someone with a 3-digit slashdot UID on the origin of copyleft </irony>
On the stuff I've been reading about finding and fixing buffer overflows, it seems like it's generally not too hard to spot where these things could potentially happen.
/GS switch in Visual C++.NET.
From this statement I assume you are not a programmer. Buffer overflows caused by using known unsafe library functions (e.g. strcpy, strcat, gets, etc.) can be handled by simple pattern matching but actually investigating the code to make sure every memory/array access does not go out of bounds is not a simple pattern matching problem.
However some automated techniques have been developed to discover buffer overflows and similar errors in a generic manner. The most significant efforts I have seen are the Stanford Meta-level Compilation Project and the
I just looked at the Symantec write up for W32.HLLP.Sharpei@mm and from what I read its primarily just another social engineering email-with-executable-attachment worm ("Please run this MSFT update") which happens to use C# in some of the code it runs after it has 0wn3d your machine.
The fact that the worm tries to run a C# executable after it has already compromised the machine is not much of a technical feat since it could run anything including a Perl script, Java program, Lisp code, etc as long as the runtimes were available on the target machine.
Disclaimer: The opinions expressed in this post are mine and mine alone and do not reflect the opinions, wishes, strategies or intentions of my employer.
Actually many Microsoft development tools are available for free download or can be shipped on CD for the little more than the price of shipping and handling. These include
- Microsoft
.NET Framework SDK
- Handheld PC SDK
- Direct X 8.1 SDK
- Microsoft Passport SDK
- Microsoft Speech SDK
- Windows Media Player 7.1 SDK
- Microsoft Agent SDK
I also know that one can download the data access SDK to allow development of ODBC and ADO apps but don't have a link handy. Anyway my point is that Microsoft does allow developer's to learn about their platform without requiring them to part with some cash. However some of these SDKs do require Visual C++ which is priced academically starting at $44.95Disclaimer: I am a Microsoft employee but this post is not being made in any official capacity nor does it reflect the wishes, intentions, strategies or opinions of my employer.
In the boxing match that is MS vs AOL... I'm cheering for AOL.
Why is this? AOL Time Warner supports the DMCA, the SSSCA and was against DeCSS this is besides the fact that they are the primary source of information for millions of people via their ownership of Time magazine, CNN, Warner Brothers movies and records, TNT, TBS, the WB televison network, Sports Illustrated, NewLine Cinema, as well as their online ventures which means they are the influencing the lives and actions of millions of people around the world.
I can see where one may dislike a company becoming the primary provider of software related goods and services but don't see why that same person would not be even more wary of another company becoming the primary provider of information related goods and services from internet access to the news we read and watch.
Disclaimer: The opinions in this post are mine and do not reflect the opinions, wishes, intentions or strategies of my employer.
Google's biggest income source is the licensing of their search technology out as intranet solutions. Of late, there was a story about Google's new search-engine-in-box, a rack-mountable, scalable solution for companies looking to search-index all internal documents.
This is contrary to statements that have been made by Google executives and considering that they just launched their Google Search Appliance two weeks ago it highly unlikely that it is thier primary source of income.
Here's a link to the C|Net article which states that most of their revenue comes from ads
In the good old days, XML was simple but this is no longer the case as the W3C has created more and more complex standards that seem to require a P.hD to understand.
- Want to specify a structure for your XML? XML Schemas
- Want to query XML? XQuery
- Want to transform XML to some other format? XSLT
- Want to use XML as a transfer format for RPC calls? SOAP.
- Want to create links between XML documents? XPointer, XLink, and XML:Base are all needed.
- Want to include XML files in each other? XInclude
Many of the above standards are rather complex and difficult for most people to understand completely. This is besides the stuff one has to understand about XML infoset and XML namespaces to fully understand how to use XML properly.DISCLAIMER: The opinions in the above post are MINE ALONE and do not reflect the opinions, intentions or strategies of my employer.
Really??? What gives you this idea? Java + VM is relatively equivalent to C# + CLR (as mentioned in my article that appeared on Slashdot a while ago). Code can be downloaded from the Internet and run just like with Java applets or RMI applications but this is far from the primary design of the platform .
Of all the people in the world I'd expect to criticize a technology without adequately reading up on it first, Bill Joy would have beemn one of the last I'd expect to do such a thing.
Bill Joy (and your post) go on and on about the vulnerability of network programming then ends with the reference to unsafe code which aims at giving the impression that downloaded
If the underlying security model is flawed then no amount of patches will change this fact. For instance, UNIX has a superuser account in an environment where the programs are written in an unsafe language like C. Almost every UNIX security exploit is based on this fundamental flaw in the security model.
Sadly alternatives and improvements to the UNIX security model have been proposed for years but it seems in this case Worse Is Better.
Both your questions are irrelevant. The first set of questions about whether Microsoft can change the C# and CLI spec is irrelevant because already a lot of stuff in .NET is not in the C# or CLI specification. Miguel has stated that creating a compatible implementation of .NET is not his goal yet people keep assuming it is. The CLI and C# are good technologies that fix some of the mistakes that Sun made with Java (and made some new ones) but somehow assuming that implementing the development platform now means that Ximian will have to mirror the .NET development environment when MSFT probably has twice or thrice the number of programmers working on .NET fulltime versus Mono's five fulltime and about fifty volunteer employees.
.NET framework to Linux. Instead I assume it will be a successful port of C# and the Common Language Infrastructure which is good enough for me.
Quite frankly, I don't ever expect Mono to be a port of the
As for your second set of questions, I somehow doubt that MSFT can hand over their technology to a standards body yet still threaten to sue anyone who implements it. However, IANAL and stranger things have happened.
I love the idea of a common runtime environment that supports C++, Java, Perl, Python, etc., runs on all platforms, etc. etc. etc., but I DON'T want that platform in any way controlled by Microsoft (or by Sun, or RedHat, or me!) If any one entity controls the platform, that one entity has entirely too much power - we've simply traded one monopolist for another.
Considering that C# and the CLI are ECMA standards exactly how does Microsoft control the Mono platform? However Java is very much still entirely controlled by Sun which hasn't stopped a vibrant Free Software community to grow around Java? So even if C# and the CLI were completely controlled by MSFT (which they aren't) there is no reason why Free Software cannot benefit from it. Now, if Miquel wishes to create such an environment under GPL, with no patents held by any organization, then I'm all for it - that way no one organization can embrace and extend the spec.
According to miguel the Mono runtime is released under the LGPL, the compiler is released under the GPL, and the class libraries are released under the X11 license..
From where I sit that is all FREE SOFTWARE unless you are one of those GPL zealots that believes that if it isn't GPL it isn't Free Software even though we all know that Apache, BSD, Kerberos, BIND, etc aren't GPL.
Well if we talk about software being taken from BSD, used, and the source dissappears for ever, there is probably no better example than Microsoft [microsoft.com]. Their network stack owes a lot to BSD, but has any of it been passed back? No.
This claim is one of those internet myths that has festered on Slashdot that has never been conclusively proved.
However this myth has been debunked in an article by a former Microsoft employee that explains with really happened?
Secondly, unlike most of the zealots on Slashdot I don't think the purpose of Free Software is a battle between prospective platforms and user communities but instead is the optimal way to provide utility to users of software. Even if MSFT uses a BSD-derived TCP/IP stack, this would mean that improved networking has benefitted millions of computer users who use MSFT Windows and couldn't handle BSD boxen. The BSD license is about getting as many people as possible to benefit from your software and not an attempt to bend the software industry to the world view of a dissaffected MIT computer science professor.
Yeah, thats rocket science all right, boy. Put the bacardi down and masturbate 2 handed you will enjoy it more.
:)
LOL. What makes him a geek isn't the fact that what he did is difficult, it is the fact that he does this in his free time. The same way Linus is a supreme geek in my eyes because he works on a freaking operating system as his means of unwinding after a hard day of work. Of couurse, it takes a real geek to appreciate such things.
I sit here a newly minted graduate about to start my first job after getting my Bachelor's degree in two weeks. Most of my friends suggested that I go on a vacation or get drunk non-stop to celebrate my last real month of freedom. So it's 11:50 PM on a Friday night and I'm sitting here sipping some Bacardi-O while passing up an opportunity to go clubbing to work on an implementation for an XML database query language that I plan to GPL or BSD license upon completing.
Yet all I can say is this guy is the biggest geek I have ever seen. I am bowled over. The part about writing a Perl script to analyze the output of the image to ASCII art program to match his distribution of Modulux blocks was the straw that broke the camel's back. That is bad ass!!!
whether the GCC folks are doing anything to try and get their extensions included in the standard?
A number of GCC-isms ended up in the C99 standard. Such as support for C++-style comments, inline functions and named initializations of structs.
For more info on C99 differences from C89 try reading Are you Ready For C99? which appeared on Kuro5hin about a year ago.