wipro claim to have a high SEI certification. I've worked with them and think their PMs have a high PHB certification, not so sure about the technical skills of the staff. They seem smart, but the one I worked was honest about hisjava inexperience, and I caught him exaggerating his C# skills (I guess saying 'I know c#' is impressive to say and hard to catch people on right now -he was unlucky)
I dunno what the UK govt have with GPS as a solution to road pricing and last year to control speeding by limiting car speed to the limit on the road the system thought it was on. GPS may work for in car navigation, but that is because it benefits the driver. once you use GPS for an in car police state, the aim of the driver would be to subvert it.
civilian GPS has no authentication; it'd be feasable to bring up a spoof GPS signal to tell cars they were in france and do what they liked. Or motorists would just snip the antenna cable to the GPS receiver and drive as fast/as free as they liked. That is unless the failure mode on loss of signal was to slow the car and bill massively, but then what do you do in long tunnels?
laptop batteries not only have short protection, they talk I2C to the notebook bios. If ever you hack notebook bioses (not hard, usually a 16 bit risc uC which is always in some state of awake), then messages from the battery saying 'stop charging me' should always be left alone. Play with messages to/from the dock instead.
Re:anybody know of a similar Pc based system
on
Palm on a Bicycle
·
· Score: 1
I wired up the cadence sensor of my bike to a PC once (via the fire button on the joystick port & polling).
If I did it again, I'd use the serial port and generate a RI signal to raise an interrupt (even wake the thing from sleep!), and do the same for a rear sensor for the trainer.
This seems like a good little programming exercise; it'd be easy to log this data, serve to the web. hey, have a live web page to see what you were doing on your bike, add a central portal to see the others, have the server mail you if you arent logging enough hours, etc, etc.
I was told by some DARPA person that one of the problems the military had with wearable tech was that a bullet which has just travelled through a lithium battery was more toxic than one which hadnt; wearing a coat with Li-ion elements is not the kind of thing you'd want to do on the battlefield. is that correct?
I think your point about remote admin is the key one: unix may be too complex for a normal individual to look after, but so is securing your home windows server against network attacks.
But all these home users need to know someone who will remote manage the box. Do we need to start a 'mentor a home PC user' program?
I should point out that I did work in a tier 1 home PC operation, and there is enough of a minority of purchasers who dont know how to use a mouse to kill support margins. These are the people who drive down to walmart and buy a PC, and they and their friends are some of the people that the home vendors target. Linux is too much for them; hey, even WinXP is dangerously complex.
maybe so, but java2D didnt, which meant something like Apache batik couldnt do SVG headless, which meant that the coocoon 2 team would get bugreps saying one output path was broken. This headless support is a good thing.
Re:What is Better than .NET ? - SunONE
on
What is .NET?
·
· Score: 1
This is marketing b.s.
java+apache is the java alternative to.NET, SunOne is just another attempt by sun to stuff the other java players (like IBM), and as usual it is late.
me too. Been probing to see what the lag is between a major bug report and XP update having it. Last time it was 48 hours, this time the site's DNS record is missing.
maybe it's down in this four week rush to get security right in windows.
It wasnt deliberate. I dont quite know how they managed to lose so much (suspicion, too much own design and mfg, not ODM based purchase of intel mainboards, plus supply chain issues), but they probably have a vision for profitablity.
They do give away a lot of software on alphaworks which is intended to lose money, just not on the scale of the pc divisions, and with the intent of improving their reputation
'hey IBM gives away software at a loss: they must be nice' versus 'hey, IBM sells PCs at a loss, they must be incompetent'. Sforge may fit in there...
Also ccase integrates clearquest, whose webinterface sucks worse than bugzilla. Ever had a session time out while entering a long bugrep? with cquest you will.
Agreed, clearcases handling of file names and dirs is better than CVS, and It does great branching...I should pull down subversion and try it.
I guess it will work over SSH as well as or better than CVS, which is one of the great CVS features I like, not just for committing changes to sforge or apache, but to my home server from work.
huh. you check something out from one IP address; cant check it back in on another. we had to be given fixed IP addrs and couldnt work properly on my notebook.
Maybe the latest version of ccase has fixed that; I blissfully uninstalled it after leaving a project.
What I dont know is if you still have to reboot the system on a regular basis whenever it starts to get 'confused'. What really scares me about it though is if anything goes wrong, your local copy of the source just disappears, albeit temporarily, though I think that is my own fault for using winnt; on linux it is more robust.
half those class calls are thin wrappers around the OS. Example,.net drawing API is a wrapper to GDI+; all the file IO is modelled on NT objects, not the unix device model.
Even if you arent talking to the API, the package model assumes it is there. ASP.NET even assumes that COM+ is there for things like message queuing and transactions.
MONO could do their own package heirarchy for talking to the OS, and run on all platforms, mac, unix, windows, etc, instead of cloning the windows package heirarchy in one go.
If consider that all the cathedrals you see today are the ones that didnt fall down, you will realise that the gap betwen software and cathedrals is smaller than you think.
Also, butressing was a mid-project refactoring on a few of them, as their sibling projects started to fall down as they got above a certain size.
Finally, cathedrals were a projects lasting a few hundred years with fairly stable requirements 'watertight building to worship a deity"; I dream of s/w projects that stable.
Good list. Killing scripting and macros would be a great step. Who uses WSH at all (ok, I have Active Perl but thats special)? Last time I installed IE, it went and rebound.js,.vbs,.wsf etc back to windows scripting, rather than trusty old notepad which I had set it to. They need to pull WSH out of IE, and never install it again.
>5. Starty moving as much as possible out of kernel mode and into user mode, so a program crash or dodgy video driver is less likely to bring down the O/S
I remember than NT3.51 used to do exactly this; display drivers were win32 subsys, not k-mode. The performance improvements done for better gaming and GUI are exactly what you dont want on your server. Still, at least on win2K they fixed the stupid idea of NT4 of running print drivers k-mode. With that any print job which killed a driver could take down any server you could print through.
anyone else fancy an audit of the.NET runtime? we recompile it from IL to C#, grep through looking for where it calls assert() to acquire some security right, then work out how an untrusted app can abuse the right. If we spend all february doing it, we can have something ready for the day VS.net officially launches...
1. doesnt your memory dump contain personal information? If its email, or even a kernel dump of a bluescreen of file IO, it certainly can.
2. bluescreens have this online crash analysis (oca.microsoft.com), but other crashes have no followup site. It'd be nice to see an index of top bugreps that week - I wonder if Explorer would be at the top of the list.
3. Every time I've written bug reports to them, the most I've ever got back were 'reformat your hard disk and reinstall'.
I fear that the complexity of windows and the continual emphasis on new versions and upgrade revenue forces features over quality. Only the last couple of years of security embarrasments is forcing action, probably to pre-empt liability legislation, and to stop unix remaining the only server anyone trusts. The online bug reporting probably just helps them to prioritize bug fixes, rather than improve code quality overall.
If they gave us the source, we could fix this stuff ourselves. Same for the JRE.
um, pipelining existed a long time before RISC; risc just makes it easier as you dont need a complex control unit taking up Si and being hard to debug.
Intel's CPU R&D is no better than many others (certainly not as good as AMD or IBMs), but they have the advantage of cash flow which lets them invest in more, larger fabs than anyone else, so can use fab technology to overcome fundamental CPU issues. Effectively they throw die area at the performance problem, which is effective, but makes it hard to compete at the low end, which is where AMD rules the PC biz, and commodity ARM cores are king. (yes, intel do strongARM but that is a DEC design).
And yes, intel have to put much more R&D $ into part design, but they have the volume to pay for it, which Moto doesnt. Intel have also realised that quoted MHz means more to many purchasers than absolute performance, hence the P4 product family.
LGPL doesnt work well for.NET or Java Apps; because they are mostly all 'libraries'; any app can usually be loaded as a library and its classes and methods called directly. So LGPL==GPL for these systems.
Maybe the FSF need to issue an LLGPL for these platforms, which says 'any changes you make to this set of classes, or new classes you add to same packages (java) and assemblies (.NET) have to be GPL, but if you include this stuff inside another library, what you do with the rest is up to you.
I always felt it spent too much of (our, I work for a sponsor) cash on frivolousness, and as someone who works at a corporate R&D lab, beleive me I can recognise a rigged demo when I see one.
The lego and the learning was the best stuff to make it out there -why did we have to pay for things like that wierd bloke with the webcam on his head, or Negroponte's endless travels to ask us for more money. Given we sponsors travel in coach and use our own cellphones, it is irritating to see the academics frittering away our stuff. That and buying computers from vendors like Dell who dont give them any money on the grounds they are cheaper: of course they are cheaper -they dont waste money on MIT.
I think this will give the group focus. If it doesnt, they will go the way of Interval Research
Stewart Brandt criticises the building a lot in How Buildings Learn, well worth a read, especially given he wrote "the media lab" which went on about how wonderful it was.
BTW, I thought the article was wrong: the top floors of the big empty space in the middle were filled in, though they didnt mention the worst lifts you could possibly put in a building, which didnt make you want to go up there.
1. file and dir names are not encrypted. So you can tell that "shoe_bomb_designs.ppt" and "my_fellow_terrorists.xls" are worth botherting to spend CPU time attacking...knowing which files to crack first must help a lot
2. page files and hibernate files are not encrypted, so anything in memory is saved to disk when you hibernate.
Well, they have a plan for that; it is called HDTV.
The intent will probably to permit 'legacy' NTSC/PAL quality recording, but decent digital recordings will be a no, no, because then you wont want to watch the DVD later. Once analog TV goes off the air, you will have no choice but to get a receiver if you want TV, and they will give you the receiver they want
The European Sky DTV receivers already use macrovision to prevent recording of pay-per-view content; these are the same boxes that dial home with your viewing habits every night.
Slashdot Mirror
wipro claim to have a high SEI certification. I've worked with them and think their PMs have a high PHB certification, not so sure about the technical skills of the staff. They seem smart, but the one I worked was honest about hisjava inexperience, and I caught him exaggerating his C# skills (I guess saying 'I know c#' is impressive to say and hard to catch people on right now -he was unlucky)
I dunno what the UK govt have with GPS as a solution to road pricing and last year to control speeding by limiting car speed to the limit on the road the system thought it was on. GPS may work for in car navigation, but that is because it benefits the driver. once you use GPS for an in car police state, the aim of the driver would be to subvert it.
civilian GPS has no authentication; it'd be feasable to bring up a spoof GPS signal to tell cars they were in france and do what they liked. Or motorists would just snip the antenna cable to the GPS receiver and drive as fast/as free as they liked. That is unless the failure mode on loss of signal was to slow the car and bill massively, but then what do you do in long tunnels?
-Steve
(who cycles to work)
laptop batteries not only have short protection, they talk I2C to the notebook bios. If ever you hack notebook bioses (not hard, usually a 16 bit risc uC which is always in some state of awake), then messages from the battery saying 'stop charging me' should always be left alone. Play with messages to/from the dock instead.
I wired up the cadence sensor of my bike to a PC once (via the fire button on the joystick port & polling).
If I did it again, I'd use the serial port and generate a RI signal to raise an interrupt (even wake the thing from sleep!), and do the same for a rear sensor for the trainer.
This seems like a good little programming exercise; it'd be easy to log this data, serve to the web. hey, have a live web page to see what you were doing on your bike, add a central portal to see the others, have the server mail you if you arent logging enough hours, etc, etc.
I was told by some DARPA person that one of the problems the military had with wearable tech was that a bullet which has just travelled through a lithium battery was more toxic than one which hadnt; wearing a coat with Li-ion elements is not the kind of thing you'd want to do on the battlefield. is that correct?
How do any of these user logging requirements work if I started using multicast IP instead of TCP to pump out radio?
I could multicast it out and argue that the number of users was a big round zero, because there was no way to tell otherwise.
I think your point about remote admin is the key one: unix may be too complex for a normal individual to look after, but so is securing your home windows server against network attacks.
But all these home users need to know someone who will remote manage the box. Do we need to start a 'mentor a home PC user' program?
I should point out that I did work in a tier 1 home PC operation, and there is enough of a minority of purchasers who dont know how to use a mouse to kill support margins. These are the people who drive down to walmart and buy a PC, and they and their friends are some of the people that the home vendors target. Linux is too much for them; hey, even WinXP is dangerously complex.
maybe so, but java2D didnt, which meant something like Apache batik couldnt do SVG headless, which meant that the coocoon 2 team would get bugreps saying one output path was broken. This headless support is a good thing.
This is marketing b.s.
.NET, SunOne is just another attempt by sun to stuff the other java players (like IBM), and as usual it is late.
java+apache is the java alternative to
me too. Been probing to see what the lag is between a major bug report and XP update having it. Last time it was 48 hours, this time the site's DNS record is missing.
maybe it's down in this four week rush to get security right in windows.
It wasnt deliberate. I dont quite know how they managed to lose so much (suspicion, too much own design and mfg, not ODM based purchase of intel mainboards, plus supply chain issues), but they probably have a vision for profitablity.
They do give away a lot of software on alphaworks which is intended to lose money, just not on the scale of the pc divisions, and with the intent of improving their reputation
'hey IBM gives away software at a loss: they must be nice' versus 'hey, IBM sells PCs at a loss, they must be incompetent'. Sforge may fit in there...
Also ccase integrates clearquest, whose webinterface sucks worse than bugzilla. Ever had a session time out while entering a long bugrep? with cquest you will.
Agreed, clearcases handling of file names and dirs is better than CVS, and It does great branching...I should pull down subversion and try it.
I guess it will work over SSH as well as or better than CVS, which is one of the great CVS features I like, not just for committing changes to sforge or apache, but to my home server from work.
-steve
huh. you check something out from one IP address; cant check it back in on another. we had to be given fixed IP addrs and couldnt work properly on my notebook.
Maybe the latest version of ccase has fixed that; I blissfully uninstalled it after leaving a project.
What I dont know is if you still have to reboot the system on a regular basis whenever it starts to get 'confused'. What really scares me about it though is if anything goes wrong, your local copy of the source just disappears, albeit temporarily, though I think that is my own fault for using winnt; on linux it is more robust.
half those class calls are thin wrappers around the OS. Example, .net drawing API is a wrapper to GDI+; all the file IO is modelled on NT objects, not the unix device model.
Even if you arent talking to the API, the package model assumes it is there. ASP.NET even assumes that COM+ is there for things like message queuing and transactions.
MONO could do their own package heirarchy for talking to the OS, and run on all platforms, mac, unix, windows, etc, instead of cloning the windows package heirarchy in one go.
But they'd be better of writing Gnome 4 in java
the trouble with clearcase is in yor post: "clearcase administrator". Its an RCS tool -why does it need full time hand holding to be happy.
Also, regarding their windows support, that sucks too, just differently. Doesnt work on notebooks with DHCP network addresses, for example.
If consider that all the cathedrals you see today are the ones that didnt fall down, you will realise that the gap betwen software and cathedrals is smaller than you think.
Also, butressing was a mid-project refactoring on a few of them, as their sibling projects started to fall down as they got above a certain size.
Finally, cathedrals were a projects lasting a few hundred years with fairly stable requirements 'watertight building to worship a deity"; I dream of s/w projects that stable.
Good list. Killing scripting and macros would be a great step. Who uses WSH at all (ok, I have Active Perl but thats special)? Last time I installed IE, it went and rebound .js, .vbs, .wsf etc back to windows scripting, rather than trusty old notepad which I had set it to. They need to pull WSH out of IE, and never install it again.
.NET runtime? we recompile it from IL to C#, grep through looking for where it calls assert() to acquire some security right, then work out how an untrusted app can abuse the right. If we spend all february doing it, we can have something ready for the day VS.net officially launches...
>5. Starty moving as much as possible out of kernel mode and into user mode, so a program crash or dodgy video driver is less likely to bring down the O/S
I remember than NT3.51 used to do exactly this; display drivers were win32 subsys, not k-mode. The performance improvements done for better gaming and GUI are exactly what you dont want on your server. Still, at least on win2K they fixed the stupid idea of NT4 of running print drivers k-mode. With that any print job which killed a driver could take down any server you could print through.
anyone else fancy an audit of the
1. doesnt your memory dump contain personal information? If its email, or even a kernel dump of a bluescreen of file IO, it certainly can.
2. bluescreens have this online crash analysis (oca.microsoft.com), but other crashes have no followup site. It'd be nice to see an index of top bugreps that week - I wonder if Explorer would be at the top of the list.
3. Every time I've written bug reports to them, the most I've ever got back were 'reformat your hard disk and reinstall'.
I fear that the complexity of windows and the continual emphasis on new versions and upgrade revenue forces features over quality. Only the last couple of years of security embarrasments is forcing action, probably to pre-empt liability legislation, and to stop unix remaining the only server anyone trusts. The online bug reporting probably just helps them to prioritize bug fixes, rather than improve code quality overall.
If they gave us the source, we could fix this stuff ourselves. Same for the JRE.
-steve
um, pipelining existed a long time before RISC; risc just makes it easier as you dont need a complex control unit taking up Si and being hard to debug.
Intel's CPU R&D is no better than many others (certainly not as good as AMD or IBMs), but they have the advantage of cash flow which lets them invest in more, larger fabs than anyone else, so can use fab technology to overcome fundamental CPU issues. Effectively they throw die area at the performance problem, which is effective, but makes it hard to compete at the low end, which is where AMD rules the PC biz, and commodity ARM cores are king. (yes, intel do strongARM but that is a DEC design).
And yes, intel have to put much more R&D $ into part design, but they have the volume to pay for it, which Moto doesnt. Intel have also realised that quoted MHz means more to many purchasers than absolute performance, hence the P4 product family.
LGPL doesnt work well for .NET or Java Apps; because they are mostly all 'libraries'; any app can usually be loaded as a library and its classes and methods called directly. So LGPL==GPL for these systems.
Maybe the FSF need to issue an LLGPL for these platforms, which says 'any changes you make to this set of classes, or new classes you add to same packages (java) and assemblies (.NET) have to be GPL, but if you include this stuff inside another library, what you do with the rest is up to you.
I always felt it spent too much of (our, I work for a sponsor) cash on frivolousness, and as someone who works at a corporate R&D lab, beleive me I can recognise a rigged demo when I see one.
The lego and the learning was the best stuff to make it out there -why did we have to pay for things like that wierd bloke with the webcam on his head, or Negroponte's endless travels to ask us for more money. Given we sponsors travel in coach and use our own cellphones, it is irritating to see the academics frittering away our stuff. That and buying computers from vendors like Dell who dont give them any money on the grounds they are cheaper: of course they are cheaper -they dont waste money on MIT.
I think this will give the group focus. If it doesnt, they will go the way of Interval Research
-steve
Stewart Brandt criticises the building a lot in How Buildings Learn, well worth a read, especially given he wrote "the media lab" which went on about how wonderful it was.
BTW, I thought the article was wrong: the top floors of the big empty space in the middle were filled in, though they didnt mention the worst lifts you could possibly put in a building, which didnt make you want to go up there.
Win2K EFS does have some major flaws
1. file and dir names are not encrypted. So you can tell that "shoe_bomb_designs.ppt" and "my_fellow_terrorists.xls" are worth botherting to spend CPU time attacking...knowing which files to crack first must help a lot
2. page files and hibernate files are not encrypted, so anything in memory is saved to disk when you hibernate.
think about that, when you use an NT laptop.
Well, they have a plan for that; it is called HDTV.
The intent will probably to permit 'legacy' NTSC/PAL quality recording, but decent digital recordings will be a no, no, because then you wont want to watch the DVD later. Once analog TV goes off the air, you will have no choice but to get a receiver if you want TV, and they will give you the receiver they want
The European Sky DTV receivers already use macrovision to prevent recording of pay-per-view content; these are the same boxes that dial home with your viewing habits every night.