By its very nature, Open source will tend to fix important bugs and leave unimportant ones unfixed, while standard QA processes associated with commercial software will tend to fix little UI issues during the release schedule before dealing with vulnerabilities.
As one who works in QA, I take exception to this assertion. It can happen that some undisciplined individual developers may find it more attractive to pick the low hanging fruit of miscolored widget-type bugs, but in my experience, standard QA and configuration management processes associated with commercial software definitely do take into account the severity and priority of bugs when deciding which ones to tackle.
I live in Falls Church, VA. I have used two non-Bell phone companies, both of them because of bundled internet service. The first was Cavalier. Internet service was DSL. Very nice. Static IP, very reasonable TOS. Advertised data rate: 256 synchronous. Actual data rate: closer to 512. Phone service: horrible. They were a small company who clearly didn't have procedures down, and my wife finally made me dump them. We then went to StarPower. Internet service is cable. 512 = Data rate 1.5M. TOS bad, DHCP, incoming port 80 blocked. Phone service: OK so far.
Re:Top 5 reasons to process HDTV signals on your P
on
HDTV via GNU Radio
·
· Score: 1
it's like 900MHz portable phones-- an idea past its time
Hey, my old 900 MHz cordless phone works great throughout my whole house, _and_ it never interferes with my 2.4 GHz wireless network. The idea is not at all past its time. You can have my 900 MHz phone when you pry it from...
"We have tried to get Mr. Pavlovich to agree that he would not distribute (the DeCSS software), but he has left it up in the air what he would do and refused to indicate what his intentions are. We'll have to take that into account in deciding how we will proceed," Kessler said. Translation: "We threatened Mr. Pavlovich some more, but he wouldn't buckle, so we're holding the threat of more actions over his head."
In this case, although it may have seemed like the writer of the article was sensationalizing it, they were actually using the term correctly. We have no idea whether or not it was a Trojan horse, and it may or may not have been a time bomb, but it was definitely a logic bomb. From Charles P. Pfleeger's "Security in Computing" 2ed. p 197:
A
Trojan horse is a piece of malicious code that, in addition to its primary effect, has a second, nonobvious malicious effect. An example of a computer Trojan horse is a login script that solicits a user's identification and password, passes the identification information on to the rest of the system for login processing, but also retains a copy of the information for later, malicious use. In this example, the user sees only the login occurring as expected, so he or she has no evident reason to suspect anything else.
A logic bomb is a class of malicious code that "detonates" or goes off when a specified condition occurs. A time bomb is a logic bomb whose trigger is a time or date.
Don't you think there was a bit more progress than less than doubling in processor speed from 1949 to 1977? Clearly, there are more ways to measure progress than speed: storage, efficiency, reliability, to name a few. How about error-free cycles per second per watt? How would CSIRAC stack up against the Apple ][ on that metric?
I was going to mod the parent up, but it's high enough already to get some attention, and I would like to reinforce one point:
...to have control over the standards of the profession.
There is no control over the standards of the profession, as there is in other fields. There is no accountability. There are no repercussions (ok, maybe the occasional contractual one) for shoddy system design and implementation.
Therefore, software and systems companies get away with murder.
I work in software testing. It's my observation that most companies do very little methodical, rigorous testing. Hey, it's sexy to create programs and be a star. Testing? Ah, let that intern and the entry-level programmer-wanna-be grunts pound on it for a while... We'll call it tested. My gut feeling is that the reason is that there aren't serious enough penalties for doing a bad job.
Granted, not every software product needs rigorous testing (although it is my opionion that it is often cheaper to do it anyway).
How about this, though: Let there be recognized levels of software production, and let each software product be labeled with the level of process that was used to create it. Level 0: don't pay much for it, and don't expect much from it. (e.g., shareware) Level 5: We promise it will do what we engineered it to do, and we will stand behind the product. (e.g., medical equiment and records, avionics, etc.).
I realize that there are CMM levels, but I still feel that there needs to be more accountability. Software engineering is not that immature that we don't know how to do things. We just choose not to, because nobody makes us. Just imagine the new quality religion that the software industry would get if there were real penalties for poor performance (malpractice).
And prices won't have to go up, as some people are going to scream. If you're a hot-dog programming shop that doesn't use recognized professional standards, and don't want to stand behind your work, fine, just label it "grade B sofware product". Just don't call it engineered software.
That photo on the main page this article links to is the same one that George Ziemann has on his site from the Ebay Vs. Musician article earlier.
I don't see any indication that this is supposed to be his server room. So who's lying?
Well, it does say on Ziemann's site, "Important note -- This is a joke! We received this unattributed photo in an e-mail."
That's not to say that the Register has it correct. They're not exactly a paragon of journalism, and they probably don't have a corps of fact checkers. It's a joke, son.
I think I can tell from the context what the author was trying to say. But let's take your first sentence: It means that for the average person, it is harder to learn. If something is hard to learn, the amout of knowledge, skill, etc., increases slowly with time. That means that the slope is smaller (i.e. shallower). Now take your third sentence:This would make the graph of the learning curve steeper. Steeper means that the slope is high, and when referring to a learning curve, means that the amount learned as a function of time increases very fast. Your first and third sentences are in direct contradiction to each other.
As for your second sentence, it doesn't seem to lead from the first to the third sentence. Nor does the third sentence follow from the second. You seem to be saying that one would learn less from using Debian. In that case, the learning curve would have a smaller slope (i.e. be shallower, not steeper).
If a learning curve is steep, either the learner is a good learner or the material is easy to learn. Since you are talking about "the average person", we must be holding the person constant, and varying the material (the distribution). If we vary both the learner and the material, the individual learning curves may be valid by themselves, but are not useful for making comparisons. Perhaps if you considered Linux distributions to be Linux teaching tools, and then measured one group's Linux knowledge at various points in time after using Debian and another group's knowledge after using, say, Lycoris, the Debian group might actually be found to have learned more (because they had to, or because of Debian's teaching effectiveness), and the learning curve of Linux knowledge as a function of time for them would be steeper. On the other hand, presented with the barrier for entry given by Debian's installation process, they might just throw up their hands in disgust and learn nothing. Given we are talking about the average person, who has an IQ of about 100, and is probably not a very experienced computer user, I would guess that that scenario is more likely.:-)
But that's not the issue here. The original note I quoted said that the learning curve for Debian was "higher". What the heck does that mean?? Higher does not mean steeper, just as higher also does not mean taller (a mistake my six year old daughter seems to make a lot.:-) ). Does it mean that the person immediately starts out with a lot of knowledge (hmmm)? It's just non-sensical.
Describe the project, include how long it's estimated to take, how much it is estimated to cost, how it is expected to perform, etc. Now tell them that their job is to do it in half the time, with half the cost, twice the performance, etc. Tell them how it's done is up to them and explain that your job is to support them with resources. Now leave.
If my boss really trusted me, then why, after I tell her how long I estimate it will take, etc., would she ask me to do it eight times more efficiently? If I really thought I knew those numbers, and I thought my boss would pull crap as described above, I would be tempted to double them all in advance. This does not sound like an environment of trust.
The advisory mentions that the worm compiles code on the infected machine.
Well, that brings up an interesting point. Is it really necessary to have a compiler on a production web server machine? A truly security-conscious organization would never include a compiler on a production web server. Only the components required to do the job should be on a machine exposed to the outside. The place I used to work enforced that rigorously. (They even got rid of me!;-) )
How about doing things like capacity planning? Or figuring out where bottlenecks in a computer system are? These things definitely could apply in your kind of situation. There are algebraic techniques that help a lot with those kinds of questions. If you have a certain type of tool in your toolbox, and know how to use it, then you can recognize the situation where it is appropriate, and use it. If not, then you will simply miss the times when you could apply it and be a star.
As for your programming situation you refer to above, where you have the formula, there are situations where it can be very beneficial to be able to manipulate formulas to avoid inaccuracies or improve efficiency.
If your job consists of keeping things going (but not creating them or engineering them), then maybe algebra is not that useful to you. But you probably won't go much higher in the technical direction. (Not to say that you wouldn't be a good manager.)
By the way, I suggest you run a spell check on your home page.
Jeez-lou-fucking-eez. It sounds like you are in the kind of social circle where that kind of thing is really important. You're probably going to spend a lot on the wedding and honeymoon, too. You go, boy. When my wife and I got married about 14 years ago, we were poor college students. My wife didn't want an engagement ring of any type. She had just returned from three years of volunteering in Burkina Faso. The idea of wearing something worth many years of a person's earnings on her finger was very unappealing. And yeah, we were cheap. Our entire wedding cost $1500. Then, we went on a 101 day honeymoon which cost $30 per day, total. You can have a life without spending a lot of money. By the way, I don't believe anyone ever mentioned the lack of a ring or rock.
It would have been better to ask, "can Linux spin hard drives down?".
Actually, it wouldn't have been better to ask that. I have observed that on newsgroups and this type of discussion forum, the fastest way to get the answer to a question such as, "How do you do X?" is to say, "X cannot be done." Then, people who like to show how superior they are will take the opportunity to demonstrate their superiority. Often, simply asking the question only allows nice people to show how nice they are, and there don't seem to be as many nice people as there are "superior" people.
Slashdot Mirror
By its very nature, Open source will tend to fix important bugs and leave unimportant ones unfixed, while standard QA processes associated with commercial software will tend to fix little UI issues during the release schedule before dealing with vulnerabilities.
As one who works in QA, I take exception to this assertion. It can happen that some undisciplined individual developers may find it more attractive to pick the low hanging fruit of miscolored widget-type bugs, but in my experience, standard QA and configuration management processes associated with commercial software definitely do take into account the severity and priority of bugs when deciding which ones to tackle.
I live in Falls Church, VA. I have used two non-Bell phone companies, both of them because of bundled internet service. The first was Cavalier. Internet service was DSL. Very nice. Static IP, very reasonable TOS. Advertised data rate: 256 synchronous. Actual data rate: closer to 512. Phone service: horrible. They were a small company who clearly didn't have procedures down, and my wife finally made me dump them. We then went to StarPower. Internet service is cable. 512 = Data rate 1.5M. TOS bad, DHCP, incoming port 80 blocked. Phone service: OK so far.
Does the $3,500 include the $1,300 cost of the Measurement Computing PCI-DAS4020/12 20
it's like 900MHz portable phones-- an idea past its time
Hey, my old 900 MHz cordless phone works great throughout my whole house, _and_ it never interferes with my 2.4 GHz wireless network. The idea is not at all past its time. You can have my 900 MHz phone when you pry it from...
"We have tried to get Mr. Pavlovich to agree that he would not distribute (the DeCSS software), but he has left it up in the air what he would do and refused to indicate what his intentions are. We'll have to take that into account in deciding how we will proceed," Kessler said.
Translation: "We threatened Mr. Pavlovich some more, but he wouldn't buckle, so we're holding the threat of more actions over his head."
Don't you think there was a bit more progress than less than doubling in processor speed from 1949 to 1977?
Clearly, there are more ways to measure progress than speed: storage, efficiency, reliability, to name a few. How about error-free cycles per second per watt? How would CSIRAC stack up against the Apple ][ on that metric?
I was going to mod the parent up, but it's high enough already to get some attention, and I would like to reinforce one point:
...to have control over the standards of the profession.
There is no control over the standards of the profession, as there is in other fields. There is no accountability. There are no repercussions (ok, maybe the occasional contractual one) for shoddy system design and implementation.
Therefore, software and systems companies get away with murder.
I work in software testing. It's my observation that most companies do very little methodical, rigorous testing. Hey, it's sexy to create programs and be a star. Testing? Ah, let that intern and the entry-level programmer-wanna-be grunts pound on it for a while... We'll call it tested. My gut feeling is that the reason is that there aren't serious enough penalties for doing a bad job.
Granted, not every software product needs rigorous testing (although it is my opionion that it is often cheaper to do it anyway).
How about this, though: Let there be recognized levels of software production, and let each software product be labeled with the level of process that was used to create it. Level 0: don't pay much for it, and don't expect much from it. (e.g., shareware) Level 5: We promise it will do what we engineered it to do, and we will stand behind the product. (e.g., medical equiment and records, avionics, etc.).
I realize that there are CMM levels, but I still feel that there needs to be more accountability. Software engineering is not that immature that we don't know how to do things. We just choose not to, because nobody makes us. Just imagine the new quality religion that the software industry would get if there were real penalties for poor performance (malpractice).
And prices won't have to go up, as some people are going to scream. If you're a hot-dog programming shop that doesn't use recognized professional standards, and don't want to stand behind your work, fine, just label it "grade B sofware product". Just don't call it engineered software.
Hemp oil is supposed to be pretty good for this too.
Carma: Fscked up (its mostly effected by my lack of a sence of humer.
Or maybe the beast was representing itself in base16 from the beginning of time. It would be appropriate for the beast to express itself in 'hex' :
"1638 - ya didn't know that it was the number of the beast."
I guess the real question is "how many fingers does the beast have on each paw?"
- Seen in a sig: --- 29A....The Hexidecimal of the Beast
That would be funny if "hexadecimal" wasn't misspelled.I don't see any indication that this is supposed to be his server room. So who's lying?
Well, it does say on Ziemann's site, "Important note -- This is a joke! We received this unattributed photo in an e-mail."
That's not to say that the Register has it correct. They're not exactly a paragon of journalism, and they probably don't have a corps of fact checkers. It's a joke, son.
I think I can tell from the context what the author was trying to say. But let's take your first sentence: It means that for the average person, it is harder to learn. If something is hard to learn, the amout of knowledge, skill, etc., increases slowly with time. That means that the slope is smaller (i.e. shallower). Now take your third sentence:This would make the graph of the learning curve steeper. Steeper means that the slope is high, and when referring to a learning curve, means that the amount learned as a function of time increases very fast. Your first and third sentences are in direct contradiction to each other.
:-)
:-) ). Does it mean that the person immediately starts out with a lot of knowledge (hmmm)? It's just non-sensical.
As for your second sentence, it doesn't seem to lead from the first to the third sentence. Nor does the third sentence follow from the second. You seem to be saying that one would learn less from using Debian. In that case, the learning curve would have a smaller slope (i.e. be shallower, not steeper).
If a learning curve is steep, either the learner is a good learner or the material is easy to learn. Since you are talking about "the average person", we must be holding the person constant, and varying the material (the distribution). If we vary both the learner and the material, the individual learning curves may be valid by themselves, but are not useful for making comparisons. Perhaps if you considered Linux distributions to be Linux teaching tools, and then measured one group's Linux knowledge at various points in time after using Debian and another group's knowledge after using, say, Lycoris, the Debian group might actually be found to have learned more (because they had to, or because of Debian's teaching effectiveness), and the learning curve of Linux knowledge as a function of time for them would be steeper. On the other hand, presented with the barrier for entry given by Debian's installation process, they might just throw up their hands in disgust and learn nothing. Given we are talking about the average person, who has an IQ of about 100, and is probably not a very experienced computer user, I would guess that that scenario is more likely.
But that's not the issue here. The original note I quoted said that the learning curve for Debian was "higher". What the heck does that mean?? Higher does not mean steeper, just as higher also does not mean taller (a mistake my six year old daughter seems to make a lot.
Describe the project, include how long it's estimated to take, how much it is estimated to cost, how it is expected to perform, etc. Now tell them that their job is to do it in half the time, with half the cost, twice the performance, etc. Tell them how it's done is up to them and explain that your job is to support them with resources. Now leave.
If my boss really trusted me, then why, after I tell her how long I estimate it will take, etc., would she ask me to do it eight times more efficiently? If I really thought I knew those numbers, and I thought my boss would pull crap as described above, I would be tempted to double them all in advance. This does not sound like an environment of trust.
Higher learning curve than others.
A learning curve is the graph of amount learned (skill, knowledge, ability, etc.) as a function of time. How does this make sense?
Oh yeah? Well I hand-weaved a linux 1.2 kernel using only the lint caught in the fan guard and installed from that.
Mod parent up funny. I laughed out loud!
Oh... first of all, it's viruses. Not virus's... what the hell is that?
Amen to that, brother!
The advisory mentions that the worm compiles code on the infected machine.
;-) )
Well, that brings up an interesting point. Is it really necessary to have a compiler on a production web server machine? A truly security-conscious organization would never include a compiler on a production web server. Only the components required to do the job should be on a machine exposed to the outside. The place I used to work enforced that rigorously. (They even got rid of me!
How about doing things like capacity planning? Or figuring out where bottlenecks in a computer system are? These things definitely could apply in your kind of situation. There are algebraic techniques that help a lot with those kinds of questions. If you have a certain type of tool in your toolbox, and know how to use it, then you can recognize the situation where it is appropriate, and use it. If not, then you will simply miss the times when you could apply it and be a star.
As for your programming situation you refer to above, where you have the formula, there are situations where it can be very beneficial to be able to manipulate formulas to avoid inaccuracies or improve efficiency.
If your job consists of keeping things going (but not creating them or engineering them), then maybe algebra is not that useful to you. But you probably won't go much higher in the technical direction. (Not to say that you wouldn't be a good manager.)
By the way, I suggest you run a spell check on your home page.
Jeez-lou-fucking-eez. It sounds like you are in the kind of social circle where that kind of thing is really important. You're probably going to spend a lot on the wedding and honeymoon, too. You go, boy. When my wife and I got married about 14 years ago, we were poor college students. My wife didn't want an engagement ring of any type. She had just returned from three years of volunteering in Burkina Faso. The idea of wearing something worth many years of a person's earnings on her finger was very unappealing. And yeah, we were cheap. Our entire wedding cost $1500. Then, we went on a 101 day honeymoon which cost $30 per day, total. You can have a life without spending a lot of money. By the way, I don't believe anyone ever mentioned the lack of a ring or rock.
It would have been better to ask, "can Linux spin hard drives down?".
Actually, it wouldn't have been better to ask that. I have observed that on newsgroups and this type of discussion forum, the fastest way to get the answer to a question such as, "How do you do X?" is to say, "X cannot be done." Then, people who like to show how superior they are will take the opportunity to demonstrate their superiority. Often, simply asking the question only allows nice people to show how nice they are, and there don't seem to be as many nice people as there are "superior" people.
To call the support "sporatic" is inflamatory at best.
And at worst, it shows that you don't spell very well.
This guy will never last there. He's way too hip.