As someone who was on the software team I would point you at the 15 minute number for a full label.
Print time is proportional to the number of rings that have dark bits; head seek time is a major factor in the delay.
I will say this though: a full label looks *excellent*. Almost on a par with what you get from monochrome silk screened music. I plan to label all my music disks this way.
I believe they changed IE to stop whining when you have ActiveX disabled and the web page wants to download something. I cannot confirm that fact, even though I am on the SP2 beta program. Not for NDA reasons, but because mozilla firefox runs on XP SP2 so well...
I'd point people at CruiseControl for rebuilding and running the tests every time CVS changes get checked in. That app sends us hate mail every time somebody breaks something, and it is fantastic!
I've used CppUnit in testing complex code, and the big problem in C++ land is that a catastrophic failure of one test (i.e. pointer trouble) can contaminate the process so badly the remaining tests fail. Java tends to catch up on such things faster, so contaminates the other tests less often. This makes it harder to write test suites that rigorously try bad things and which all run happily. But on the positive side, once you have done that you end up with a nicely robust C++ program, as you fix all the pointer defects it throws.
Oh, the other problem is catching and reporting things like pointer errors; CppUnit is set up to only catch std::exception subclasses.
I've actually met Clemens and he does great stuff providing add-on thingies that makes web services built on ASP.net usable.
nice stuff, stuff that should have been in there from the beginning, but which is missing so he gets to add it and charge for help in getting it working. I dont think he is fully a wage-slave to MS; he will take money off whoever will give it, and if Sun or IBM paid him to make their Web Service products usable, he'd probably do that too. The core of his business: talking, consultancy, books, would still be viable in the OSS world.
doesnt mean that he is not utterly wrong in this case, and I speak as someone who presented at the same conference as him on the Apache alternative to the Microsoft platform, and who earns (some) $ from a book on apache ant.
I think you have picked up on a point: Intel are promising this for sales. They say 'we realise that linux people dont want our laptops as they dont work, so we will give them drivers to sell our kit'. In a way it is progress, but it is not a real contribution, more a forced concession.
I have bad experiences with Intel graphics chipsets -even on WinXP they bluescreen regularly. That doesnt mind me to think highly of their centrino wireless support.
I know it complicates FCC licensing, but is it any more hazardous than people doing firmware mods of their car computers?
I have a legal panasonic 2.4 GHz spread spectrum phone that kills 802.11 when you are talking on it. That irritates me; compared to that people modifying their own cards is a minor issue.
The other things is intel take on the cost of maintenance and testing. Or at least, prerelease testing.
I worked on a C++ project for some future DVD+RW devices, and we wrote windows only last year, even though I did all my dev in VmWare under linux -I can tell if the technology takes off there will be complaints that we didnt bring out a linux driver.
But even a pure Win32 driver (a) reused lots of existing windows code (some with Win16/win32 #ifdefs to show its age), and (b) took a lot of engineering effort. I dont realistically think the company will rush to duplicate that effort for Linux, unless it is tangibly lost sales. Even then, it will take ages. The new code we wrote will be ok -its all std:: C++ stuff, but the public API (COM) and legacy stuff is a historic mess.
I hope the company does the right thing and just documents the new SCSI commands and let other people write the Linux stack on demand. No maintenance costs, no development costs, the first implementation starts of OSS and stays that way.
The original patent clause was way too broad and upset a lot of people, but I thought the final one had the debian folk happy, and the FSF giving it a nod. Maybe we were wrong; maybe it just makes for good controversy. See the licensing mail archive.
There have always been incompatibilities between Apache and GPL; the Apache stance is that Java LGPL libraries cannot be used from Apache code, except via a non-LGPL API (such as JDBC). This complicates things, but is something we have come to live with.
you must mean *another* degree in CS, to go with my first class honours degree from Edinburgh University, the one where my final year project was 'formal specification of microprocessors':)
1. Search for "AT&T Cyclone" to see a proposed descendant of C that takes away the opportunity to screw up so badly.
2. While the core unix/linus OS is pretty secure, there are all those add on apps that have to be looked at. wu-ftpd for example. Do things like that really, really, need to be written in pointer-unsafe languages? Apache HTTPD is mandatory for a loaded site with lots of static content, but anything with lightweight access can serve up content using alternate implementations. I think my home music server has perl and java http servers, and very good they are too.
4. Point about C# taken. Actually it is more secure than Java in some ways -it remembers where code came from and grants it the rights of the origin, not the current location. But where it goes wrong is
(a) They dont mandate signed everywhere. If only signed.net code runs, then it gets easier to centrally revoke the rights of a worm to run.
(b) They make it so easy to import C/C++ functions from DLLs that much of the framework is just a thin wrapper around the C libraries. A bit of decompiling and you can find out what libraries are used from network entry points, and then it is time to look for security holes.
(c) They have created a world where some.exe files are safe to run remotely, as they are.net exes, but the rest arent. This is an area ripe for social engineering -"Run this, it is a.net executable and safe to execute".
On the subject of Von Neumann machines, well, Harvard Architectures are pretty much immune to data/code confusion, given they read them from separate places. Modern CPUs (all 'cept x86) call themselves Harvard Arch, and do have separate $I and $D caches, but you can get away with dynamic code generation on RISC engines if you flush the caches after every write.
AMD Opteron has the ability to mark regions of memory as no-execute, so only the code pages of your app can be executed; the buffers dont work. WinXP SP2 promises to support this, on both computers out there running 64-bit windows on AMD kit.
maybe so, but it is so hard to be competent when the failure modes of C/C++ are memory leaks and buffer overflows. Also, stdlib almost builds overflows in to so many of the calls. Take, for example, strcpy(). Default action on receiving a source larger than the destination: buffer overflow. Only strncpy() checks for trouble, but even when people are 'clever' and use that, they usually forget to force a \000 into the last char and so when big data comes in, things still go wrong.
Memory leaks? Incompetence? Probably, but it is very hard to manage object lifetimes in a multithread environment. You end up implementing a reference count layer (as COM and Mozilla's COM equivalent do), and then have reference count bugs instead.
Now it may just be that with adequate competence and time these problems dont arise, but today they do. All over the place. And I dont think mandating superior competence for developers is going to work -and nor do I think it is necessary. Instead languages that dont leak memory or overflow buffers eliminate common problems.
As someone elso points, out, incompetence treats failsafes as as damage to be routed around, and real incompetents will only go on to bigger disasters in a more productive language. But that does not mean we have to stick to languages and runtimes that dont do a thing to eliminate the fundamental problems. Its like saying we should ban ABS on cars as bad drivers will still run into things.
What good is execution time tuning if the time saved waiting for something to execute is lost dealing with security problems?
I dont want to fault C & C++ explicitly, but buffer overflows and memory leaks are key problems of them, problems we dont need any more. Are any of the next generation languages a good alternative. Maybe not yet. But there is no need for every single line of code to be written in C/C++ for performance these days, and many places where other languages are more secure and easier to write with.
C# could be more secure. I have issues with it, but it is better than raw Win32. Though so are most things:)
There is work under way at AT&T research to do a safe version of C. Its called cyclone, and I have pointed to it in other replies to my post. This could be the basis for those bits of code that absolutely must run in native mode.
The other issue is this: which is more important: performance or security? Its that same tradeoff of 'works vs fast'. If you have a choice, do you choose the working one, or the fast one?
The problem with security is that nobody (Well, outside redmond) ships knowingly insecure code, but it gets found and exploited anyway. As you cannot 'know' that your code is secure, you need help from the system. If code that ran near any untrusted data source -sockets, HTTP server, whatever- put more emphasis on security rather than tip-top speed, then the system would be more secure.
Case in point: the SQL blaster used the SQL server discovery point. There is no need for some net service that lists SQL Servers running on a machine to be high performance native code. If you are going to run it, a bit of perl or python will suffice.
1. See Cyclone for a version of C without buffer overflows.
2. C# is not interpreted; it is always compiled down. But it is against the license terms to discuss performance -it may still crawl but we cannot talk about it.
3. Java GUIs do crawl, but that is what IBM's SWT is for -Swing is the real issue.
You could imagine transforms that move code around in memory, so that while the buffer overflow is still there, it is hard to exploit -primarily because all the other interesting addresses are missing.
Specifically, overflow attacks like to jump the program to the buffer they have written, or a copy thereof. And in that buffer the code needs to reuse existing imports (library calls) so that they can do bad things. If everything moved around during load, exploitation would be harder. Then again, so would processing a core dump:(
personally, I think there is a better solution, stop using 'buffer overflow' languages like C, C++. Anything else: perl, python, java, C# is more secure. Why are all our systems built on such a foundation of instability?
Re:*5* Reasons?
on
SCOoby Snacks
·
· Score: 3, Insightful
I like how they say 'one single vendor' just above where the feature set of the next edition is openLDAP, tomcat, PHP and Mozilla. I guess that makes them the single vendor of all these products:)
I guess in the way they'd have to be: who is going to field a support call related to SCO problems? The first response would be 'have you tried a nightly build of the app and debian unstable yet'
All verisign are trying to do is steal the revenue that MS get with their 90+ share of the browser world. But MS wont like, and will come up with a workaround, like a 'critical' IE patch.
but in the meantime, everyone whose app uses DNS suffers, not just web browsers. Web Services -programs hitting servers for their own posts and gets- really suffer, because any configuration failure now results in really obscure messages (bad mime type), (307: not supported), instead of ones that users are vaguely familiar with ('not found), and that makes diagnostics and support worse. Once people start patching their DNS, a lot worse, as replication gets harder.
That is what irritates me: Verisign are screwing up every network application other than a web browser to get advertising $.
In the book 'the skunk works', one of the pilots in the stealth fighters in the first Bush gulf war describes how before the war began they used to go to their hangars in the morning and find the planes surrounded by dead bats.
There were a lot of bats in the area, and the design of the fighters meant they not only didnt reflect radar, they didnt reflect sound. So these bats would be swooping around what sounded like an empty hangar, when suddenly they'd run into an invisible force field that would injure or kill them...
I think people knew, but they used to use the 'I didnt know' excuse in court; the (c) mark means that it is harder to try that one. Also there may be internationalisation issues. Is it illegal for me to copy a US note in the UK? Or a UK note in the US? maybe not, but (c) abuse is very formalised.
The (c) design is reasonably discreet on the current batch. I think its the 10 quid note that has something else that would cause a stir in the US: the back artwork is of darwin. I can imagine a note celebrating evolution being unacceptable in some states as currency.
Assume all software is a mirror of the organisation that created it (Conway's law?). MS: fast but unreliable. Linux: whimisical, not enough interoperbility and integration. IBM: dull. HP: inconsistent.
IMO all printers should have a LAN port from the beginning, and a standard job ticket+print job submit mech. IPP would work; CUPs and Win2K handle it. UPNP is too cut down.
In an ideal world, you dont need any print drivers at all -you just submit a doc in a well known format, with well known print options.
But I guess modern 'added value' features (like looking for counterfeit notes) need CPU and memory, which is cheaper on the PC than in a $49 bit of machinery,
I always wanted something for use in france that would flash lights at the car in front when you came up behind it and your closure rate meant that you were going to run into the back of it in a few seconds.
Yeah, I saw degradation on my wedding pics -but it wasnt the printer, it was the fact that Sony CCD cameras are noisy in low light conditions, and have shit flashes. I was lucky I also brought a decent camera with fuji sensia slide film.
I also have a friend who is a serious pro photographer, and he says that people in the fashion shoot industry are reverting back to slide film because it is consistent. If you have 3 people doing digital shoots with 3 different cameras, each ones RGB map will be different, so the images will be different. Without filters, the colour gamut of slide film is constant for the brand (and processing and print, I guess)
So lets not worry about printer damage till the cameras improve their colour accuracy, low light conditions and image quality.
Slashdot Mirror
As someone who was on the software team I would point you at the 15 minute number for a full label.
Print time is proportional to the number of rings that have dark bits; head seek time is a major factor in the delay.
I will say this though: a full label looks *excellent*. Almost on a par with what you get from monochrome silk screened music. I plan to label all my music disks this way.
I believe they changed IE to stop whining when you have ActiveX disabled and the web page wants to download something. I cannot confirm that fact, even though I am on the SP2 beta program. Not for NDA reasons, but because mozilla firefox runs on XP SP2 so well...
I always thought a certain level in an organisation you stop being able to use email and have to send long rambly voicemail messages instead.
Good summary.
I'd point people at CruiseControl for rebuilding and running the tests every time CVS changes get checked in. That app sends us hate mail every time somebody breaks something, and it is fantastic!
I've used CppUnit in testing complex code, and the big problem in C++ land is that a catastrophic failure of one test (i.e. pointer trouble) can contaminate the process so badly the remaining tests fail. Java tends to catch up on such things faster, so contaminates the other tests less often. This makes it harder to write test suites that rigorously try bad things and which all run happily. But on the positive side, once you have done that you end up with a nicely robust C++ program, as you fix all the pointer defects it throws.
Oh, the other problem is catching and reporting things like pointer errors; CppUnit is set up to only catch std::exception subclasses.
I've actually met Clemens and he does great stuff providing add-on thingies that makes web services built on ASP.net usable.
nice stuff, stuff that should have been in there from the beginning, but which is missing so he gets to add it and charge for help in getting it working. I dont think he is fully a wage-slave to MS; he will take money off whoever will give it, and if Sun or IBM paid him to make their Web Service products usable, he'd probably do that too. The core of his business: talking, consultancy, books, would still be viable in the OSS world.
doesnt mean that he is not utterly wrong in this case, and I speak as someone who presented at the same conference as him on the Apache alternative to the Microsoft platform, and who earns (some) $ from a book on apache ant.
I wrote an article about how
Web Services broke a few months back -if sitefinder returns it will need rereading.
I think you have picked up on a point: Intel are promising this for sales. They say 'we realise that linux people dont want our laptops as they dont work, so we will give them drivers to sell our kit'. In a way it is progress, but it is not a real contribution, more a forced concession.
I have bad experiences with Intel graphics chipsets -even on WinXP they bluescreen regularly. That doesnt mind me to think highly of their centrino wireless support.
Is it really that serious?
I know it complicates FCC licensing, but is it any more hazardous than people doing firmware mods of their car computers?
I have a legal panasonic 2.4 GHz spread spectrum phone that kills 802.11 when you are talking on it. That irritates me; compared to that people modifying their own cards is a minor issue.
The other things is intel take on the cost of maintenance and testing. Or at least, prerelease testing.
I worked on a C++ project for some future DVD+RW devices, and we wrote windows only last year, even though I did all my dev in VmWare under linux -I can tell if the technology takes off there will be complaints that we didnt bring out a linux driver.
But even a pure Win32 driver (a) reused lots of existing windows code (some with Win16/win32 #ifdefs to show its age), and (b) took a lot of engineering effort. I dont realistically think the company will rush to duplicate that effort for Linux, unless it is tangibly lost sales. Even then, it will take ages. The new code we wrote will be ok -its all std:: C++ stuff, but the public API (COM) and legacy stuff is a historic mess.
I hope the company does the right thing and just documents the new SCSI commands and let other people write the Linux stack on demand. No maintenance costs, no development costs, the first implementation starts of OSS and stays that way.
The original patent clause was way too broad and upset a lot of people, but I thought the final one had the debian folk happy, and the FSF giving it a nod. Maybe we were wrong; maybe it just makes for good controversy. See the licensing mail archive.
There have always been incompatibilities between Apache and GPL; the Apache stance is that Java LGPL libraries cannot be used from Apache code, except via a non-LGPL API (such as JDBC). This complicates things, but is something we have come to live with.
you must mean *another* degree in CS, to go with my first class honours degree from Edinburgh University, the one where my final year project was 'formal specification of microprocessors' :)
.net code runs, then it gets easier to centrally revoke the rights of a worm to run.
.exe files are safe to run remotely, as they are .net exes, but the rest arent. This is an area ripe for social engineering -"Run this, it is a .net executable and safe to execute".
1. Search for "AT&T Cyclone" to see a proposed descendant of C that takes away the opportunity to screw up so badly.
2. While the core unix/linus OS is pretty secure, there are all those add on apps that have to be looked at. wu-ftpd for example. Do things like that really, really, need to be written in pointer-unsafe languages? Apache HTTPD is mandatory for a loaded site with lots of static content, but anything with lightweight access can serve up content using alternate implementations. I think my home music server has perl and java http servers, and very good they are too.
4. Point about C# taken. Actually it is more secure than Java in some ways -it remembers where code came from and grants it the rights of the origin, not the current location. But where it goes wrong is
(a) They dont mandate signed everywhere. If only signed
(b) They make it so easy to import C/C++ functions from DLLs that much of the framework is just a thin wrapper around the C libraries. A bit of decompiling and you can find out what libraries are used from network entry points, and then it is time to look for security holes.
(c) They have created a world where some
On the subject of Von Neumann machines, well, Harvard Architectures are pretty much immune to data/code confusion, given they read them from separate places. Modern CPUs (all 'cept x86) call themselves Harvard Arch, and do have separate $I and $D caches, but you can get away with dynamic code generation on RISC engines if you flush the caches after every write.
Yes, doesnt Forth do something like this?
AMD Opteron has the ability to mark regions of memory as no-execute, so only the code pages of your app can be executed; the buffers dont work. WinXP SP2 promises to support this, on both computers out there running 64-bit windows on AMD kit.
maybe so, but it is so hard to be competent when the failure modes of C/C++ are memory leaks and buffer overflows. Also, stdlib almost builds overflows in to so many of the calls. Take, for example, strcpy(). Default action on receiving a source larger than the destination: buffer overflow. Only strncpy() checks for trouble, but even when people are 'clever' and use that, they usually forget to force a \000 into the last char and so when big data comes in, things still go wrong.
Memory leaks? Incompetence? Probably, but it is very hard to manage object lifetimes in a multithread environment. You end up implementing a reference count layer (as COM and Mozilla's COM equivalent do), and then have reference count bugs instead.
Now it may just be that with adequate competence and time these problems dont arise, but today they do. All over the place. And I dont think mandating superior competence for developers is going to work -and nor do I think it is necessary. Instead languages that dont leak memory or overflow buffers eliminate common problems.
As someone elso points, out, incompetence treats failsafes as as damage to be routed around, and real incompetents will only go on to bigger disasters in a more productive language. But that does not mean we have to stick to languages and runtimes that dont do a thing to eliminate the fundamental problems. Its like saying we should ban ABS on cars as bad drivers will still run into things.
What good is execution time tuning if the time saved waiting for something to execute is lost dealing with security problems?
I dont want to fault C & C++ explicitly, but buffer overflows and memory leaks are key problems of them, problems we dont need any more. Are any of the next generation languages a good alternative. Maybe not yet. But there is no need for every single line of code to be written in C/C++ for performance these days, and many places where other languages are more secure and easier to write with.
C# could be more secure. I have issues with it, but it is better than raw Win32. Though so are most things :)
There is work under way at AT&T research to do a safe version of C. Its called cyclone, and I have pointed to it in other replies to my post. This could be the basis for those bits of code that absolutely must run in native mode.
The other issue is this: which is more important: performance or security? Its that same tradeoff of 'works vs fast'. If you have a choice, do you choose the working one, or the fast one?
The problem with security is that nobody (Well, outside redmond) ships knowingly insecure code, but it gets found and exploited anyway. As you cannot 'know' that your code is secure, you need help from the system. If code that ran near any untrusted data source -sockets, HTTP server, whatever- put more emphasis on security rather than tip-top speed, then the system would be more secure.
Case in point: the SQL blaster used the SQL server discovery point. There is no need for some net service that lists SQL Servers running on a machine to be high performance native code. If you are going to run it, a bit of perl or python will suffice.
1. See
Cyclone for a version of C without buffer overflows.
2. C# is not interpreted; it is always compiled down. But it is against the license terms to discuss performance -it may still crawl but we cannot talk about it.
3. Java GUIs do crawl, but that is what IBM's SWT is for -Swing is the real issue.
You could imagine transforms that move code around in memory, so that while the buffer overflow is still there, it is hard to exploit -primarily because all the other interesting addresses are missing.
:(
Specifically, overflow attacks like to jump the program to the buffer they have written, or a copy thereof. And in that buffer the code needs to reuse existing imports (library calls) so that they can do bad things. If everything moved around during load, exploitation would be harder. Then again, so would processing a core dump
personally, I think there is a better solution, stop using 'buffer overflow' languages like C, C++. Anything else: perl, python, java, C# is more secure. Why are all our systems built on such a foundation of instability?
I like how they say 'one single vendor' just above where the feature set of the next edition is openLDAP, tomcat, PHP and Mozilla. I guess that makes them the single vendor of all these products :)
I guess in the way they'd have to be: who is going to field a support call related to SCO problems? The first response would be 'have you tried a nightly build of the app and debian unstable yet'
I wrote an article on this not so long ago, The impact of sitefinder on Web Services.
All verisign are trying to do is steal the revenue that MS get with their 90+ share of the browser world. But MS wont like, and will come up with a workaround, like a 'critical' IE patch.
but in the meantime, everyone whose app uses DNS suffers, not just web browsers. Web Services -programs hitting servers for their own posts and gets- really suffer, because any configuration failure now results in really obscure messages (bad mime type), (307: not supported), instead of ones that users are vaguely familiar with ('not found), and that makes diagnostics and support worse. Once people start patching their DNS, a lot worse, as replication gets harder.
That is what irritates me: Verisign are screwing up every network application other than a web browser to get advertising $.
This is funny.
In the book 'the skunk works', one of the pilots in the stealth fighters in the first Bush gulf war describes how before the war began they used to go to their hangars in the morning and find the planes surrounded by dead bats.
There were a lot of bats in the area, and the design of the fighters meant they not only didnt reflect radar, they didnt reflect sound. So these bats would be swooping around what sounded like an empty hangar, when suddenly they'd run into an invisible force field that would injure or kill them...
I think people knew, but they used to use the 'I didnt know' excuse in court; the (c) mark means that it is harder to try that one. Also there may be internationalisation issues. Is it illegal for me to copy a US note in the UK? Or a UK note in the US? maybe not, but (c) abuse is very formalised.
The (c) design is reasonably discreet on the current batch. I think its the 10 quid note that has something else that would cause a stir in the US: the back artwork is of darwin. I can imagine a note celebrating evolution being unacceptable in some states as currency.
Assume all software is a mirror of the organisation that created it (Conway's law?). MS: fast but unreliable. Linux: whimisical, not enough interoperbility and integration. IBM: dull.
HP: inconsistent.
IMO all printers should have a LAN port from the beginning, and a standard job ticket+print job submit mech. IPP would work; CUPs and Win2K handle it. UPNP is too cut down.
In an ideal world, you dont need any print drivers at all -you just submit a doc in a well known format, with well known print options.
But I guess modern 'added value' features (like looking for counterfeit notes) need CPU and memory, which is cheaper on the PC than in a $49 bit of machinery,
I always wanted something for use in france that would flash lights at the car in front when you came up behind it and your closure rate meant that you were going to run into the back of it in a few seconds.
That is how they drive, see.
Yeah, I saw degradation on my wedding pics -but it wasnt the printer, it was the fact that Sony CCD cameras are noisy in low light conditions, and have shit flashes. I was lucky I also brought a decent camera with fuji sensia slide film.
I also have a friend who is a serious pro photographer, and he says that people in the fashion shoot industry are reverting back to slide film because it is consistent. If you have 3 people doing digital shoots with 3 different cameras, each ones RGB map will be different, so the images will be different. Without filters, the colour gamut of slide film is constant for the brand (and processing and print, I guess)
So lets not worry about printer damage till the cameras improve their colour accuracy, low light conditions and image quality.