It -could- mean that Microsoft is booking sales to OEMs, but consumers (both individual and corporate) aren't then re-purchasing Vista from the OEMs like HP, Dell, Gateway, etc.
Consider providing 2 "classes" of wiring to each room. One class is normal wiring, for lights, etc. The second class can be reserved for electronics, preventing some of the power surges from things like microwaves, etc.
Also -STRONGLY- consider whole-house surge protection, not just for the 110 v, but also for phone & cable feeds. (Our townhouse complex once got hit by lightning. Stuff connected to power wiring was OK. Stuff connected to phones or cable, like TVs, VCRs, cordless phones and computers with modems, were fried.)
Agree with parent comment. The hardest thing when retrofitting stuff is getting wires "through the floor". Running 1" PVC pipes from basement to attic, with access panels in closets, will make it a lot easier to install The Next Big Thing (TM) when it comes along.
Also, particularly in a Southern location, make sure you're using high grade (e.g. Plenum grade) wires.
dave
(My moderator points ran out, so I'm posting this instead of modding parent up:-)
Several times recently I've been handed a PowerPoint file (from a Windows user) with graphics in it, that either fail to render, or worse that crash Microsoft PowerPoint. The files open just fine in NeoOffice... I've also used an old version of Keynote (1.1) to work around Microsoft PowerPoint bugs opening PowerPooint presentations...
If you continue to depend on C and C++ for doing this kind of work, you can continue to expect these kinds of results.
Ada95 is a -much better- choice for this kind of programming, with a rich set of concurrency primitives (for both synchronization (rendezvous) and avoidance (protected objects), integrated into both a strong typing system and an object-oriented approach. And there's a good compliler in the GNU compiler family.
But programming language research seems to have been abandoned over the last 20 years, as if C++ and Java represented the final solution.
C/C++ and even Java thread models are truly appalling, and they were known to be bug-ridden back in the 90s when they were being standardized. I remember during a POSIX meeting, the people working on the Ada binding detected a race condition anomoly in the C/Pthreads specification. Ted Baker sketched the problem out in terms of Ada tasks and we went back, looked at the C & text, and verified Ted's observation. We called in some representatives from the C/Pthreads group, and it took them about 30 minutes just to work out a 'language'/notation to reason about their own standard. After that 30 minute discussion, they came back and looked at our work, and said "Geez, you're right!".
Another area where we need better tools are for the debugging of concurrent, parallel and distributed programs, preferrably starting with analytical tools that prevent, or at least detect before runtime, these kinds of problems. Debugging should be an embarrassment to an professional programmer, as it's basically a representation that you don't know what your code is actually doing.
I'm no fan of "model-driven architecture" in general, but model-driven approaches, coupled with the right kind of source code analysis tools, have real promise here. (Look at how Microsoft, a company I rarely praise, has used this for checking out device drivers...)
Many of the responses here, frankly, demonstrate how poorly people understand both the problem and the potential solutions.
Are we talking about situations that lend themselves to data flow techniques? Or Single Instruction/Multiple Data (e.g. vector) techniques? Or problems that can be broken down and distributed, requiring explicit synchronization or avoidance?
I agree with other posters (and I've said it elsewhere on/.) that for parallel/distributed processing, Language Does Matter. (And UML is clearly part of the problem...)
Then there's the related issue of long-lived computation. Many of the interesting problems in the real-world take more than a couple of seconds to run, even on today's machines. So you have to worry about faults, failures, timeouts, etc.
One place to start for distributed processing kinds of problems, including fault tolerance, is the work of Nancy Lynch of MIT. She has 2 books out (unfortunately not cheap), "Distributed Algorithms" and "Atomic Transactions". (No personal/financial connection, but I've read & used results from her papers for many years...)
I get the sense that parallelism/distributed computation is not taught at the undergrad level (it's been a long time since I was an undergrad, and mine is not a computer science/software engineering/computer engineering degree.) And that's a big part of the problem...
"Hello, this is God. Heaven hereby asserts copyright on the Bible, the Talmud, the Koran, etc, including text, plot elements, characters, etc. We expect the traditional tithe of 10% for the use of all of our intellectual property, including exclamations such as 'My God!' or 'Jesus Christ' whenever such expressions appear in published works, including the novels of Mr. Halprin. Copyright tithes should be made to the religious institution of choice. We will prosecute, those who violate our perpetual copyright can expect Eternal Damnation, as well as prosecution in more mundane/profane jurisdictions."
Yeah, containers make sense. But how different are the US and Russian gauges? Back before the adoption of the standard gauge (4' 8 1/2") in the US, some railroads were as wide as 6' gauge, and many were 5'. For those that were close, as I recall my rail history, there were tricks like narrow trucks with wide tires that could span from 4'8 to 5' gauges, etc. Another thing that was done was to change the trucks underneath the rail cars. (The East Broad Top did this for most of its history into the 50s and maybe 60s, if I remember correctly, putting 3' gauge trucks under standard gauge rail cars.)
If this were to happen, it might well make sense to design special railcars that carry containers that could run on both gauges. Although container handling is relatively inexpensive, it would still add substantial costs (labor, equipment and shipping delays) to something that probably needs every $$ or Ruble of profit it could get for the first 10-20 years.
CP isn't far behind, and I think one reason CP doesn't have quite the same reach are anti-trust concerns with the US railroad consolidations over the last 15 years or so. I know CP actively bid on some of US consolidations.
If I remember BC railroads correctly, BC Rail connects with CN at Prince Rupert. Is that right (I'm on the road and don't have access to my railroad maps at home.)
dave
p.s. I once heard Canada described as a country founded by a department store and glued together by a railroad (Hudson's Bay Company and the transcontinental RR requirement in the Canadian political document whose name escapes me right now from the turn of the last century.) I'm not Canadian, but lived in Vancouver for a couple of years and tried to learn something of Canadian history.
OK, so we get a tunnel to somewhere on the west coast of Alaska.... Then what? To the best of my recollection, there are no rail lines connecting Alaska with the Lower 48. So you're probably talking about a rail line paralleling the Alaska highway (built during WWII, when cost was no object...) to Prince Rupert, BC, and then probably to Edmonton, AB. So the people who would make out like bandits on this would be the Canadian railroads, all that bridge traffic to the United States.
If you're not familiar with the geography of Western Canada, it's worth taking a peek at your favorite mapping site... Make sure you look at something like Hybrid view on Google Maps, so you get a sense of the topography....
Unless there's already a rail connection from the proposed Alaskan terminal through Canada, I don't see this as being particularly economically feasible. Certainly the US should insist that Canada kick in a contribution.
But if this does come about, I hope they'll run passenger trains along that route, it would be a spectacular train ride!
dave (occasional railfan)
p.s. Speaking of Canada, how about the prospects for a tunnel from the Lower Mainland to Vancouver Island? My guess is that the island residents will never go for it, all that traffic would ruin their spectacular corner of the world...
True, but in my mind, there's a heluva difference in quality between "looks the same in all browsers" and "fails to work in any browser besides IE", and the latter was explicitly my situation.
I've played a bit with CSS, and find it to be surprisingly awkward to use in practice, even before getting to the rendering problems...
Well, my program uses a commercial product that shall remain nameless. A previous version exploited a bug in IE, where HTML code/Javascript was interpreted by IE, although the HTML standard said that such content was not legal HTML. The amount of $$$ we're spending on this product is outrageous (but that's another problem...)
I publicly embarrassed a manager saying, "Geez, can't you at least require [the product] to use standard HTML, considering what we are paying for it? Doesn't it bother you this product requires a specific version of Internet Explorer, so it can exploit a bug in that version?" My supervisor got his butt chewed for my remarks.
About 3 months later they submitted their HTML for W3C testing, and the site started working with FireFox...
They did a superb job modeling 'combat psychology'. This made the games more than just 'fun'. I found I could apply my military training, e.g. in how I'd set up a defense, and find that the bad guys would react in ways that sometimes surprised, but always made sense.
Hearsay alert It's my understanding that Atomic went under because they were first bought, and then stiffed, by Microsoft. I think they were bought by Microsoft, and I understand that relationship was terminated a couple years later. Atomic was subsequently acquired by another game company. (Aspyr?)
So if Keith Z, et.al. are out there, Thanks for all the great games!
p.s. Consistent with the "in 2006" methodology, all available patches at the time of the experiment were applied, resulting in MacOS X.4.8. Since then Apple has released X.4.9.
It would be an interesting follow-up to see if these vulnerabilities are fixed. This would establish that
(a) if you're up-to-date for OS X, you are or are not still at risk, and
(b) Apple is slower than the Linux alternatives in patching known vulnerabilities (but does fix them)
Since many of the tested services are built on Open Source baselines (e.g. Apple Web Server is based on Apache), that would show relative "time to repair" between the MacOS X systems and the tested Linux systems, and I think this is part of the value of the article and its (well-specified/consistently-executed) methodology.
1. I agree with and am concerned by the vulnerabilities mentioned in the article when MacOS X services are enabled, especially after Software Update is run (and the OS is expected to be fully up-to-date.) So that's not my problem with the article (but it is my problem with Apple now...)
2. My problem is this statement in the summary:
As far as "straight-out-of-box" conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities. If you install MacOS X or MacOS X Server out-of-the-box, and do NOT enable any services, then MacOS X has a very different vulnerability profile than Windows.
If you do the next reasonable thing, enabling typical services, then MacOS X reveals vulnerabilities.
That's what the methodology shows, but it's not what the summary says.
Note that on both MacOS X and MacOS X Server, there was a clean installation, followed by specific USER ACTIONS to ENABLE services. Thus it should not be a surprise if you turn on the Web service, for example, you now respond on port 80.
Now once you enable a service, it's legitimate to then analyze the exposed service for vulnerabilities, and I found that information interesting.
But it should have been clearly established that the vulnerabilities noted in Mac OS X are for services that the user specifically enabled. The general description does not call this out, and I think that the conclusions are flawed because of this.
I thought the dual CPU G5 machines were rated at 1 teraflop. Certainly PowerPC AltiVec processors are super floating-point engines (but I don't know exactly how they rank at flops/mhz....)
But then maybe the issue depends on the notion of what is "ubiquitous" and Macs don't qualify. I dunno, but I'm sure someone on/. will correct me:-)
On VMS, the fine-grained privilege model was clearly documented and explained to system administrators and "power users". It was very effectively used by softare installers.
Slashdot Mirror
It -could- mean that Microsoft is booking sales to OEMs, but consumers (both individual and corporate) aren't then re-purchasing Vista from the OEMs like HP, Dell, Gateway, etc.
And that's my guess on the current situation.
dave
Consider providing 2 "classes" of wiring to each room. One class is normal wiring, for lights, etc. The second class can be reserved for electronics, preventing some of the power surges from things like microwaves, etc.
Also -STRONGLY- consider whole-house surge protection, not just for the 110 v, but also for phone & cable feeds. (Our townhouse complex once got hit by lightning. Stuff connected to power wiring was OK. Stuff connected to phones or cable, like TVs, VCRs, cordless phones and computers with modems, were fried.)
dave
Agree with parent comment. The hardest thing when retrofitting stuff is getting wires "through the floor". Running 1" PVC pipes from basement to attic, with access panels in closets, will make it a lot easier to install The Next Big Thing (TM) when it comes along.
:-)
Also, particularly in a Southern location, make sure you're using high grade (e.g. Plenum grade) wires.
dave
(My moderator points ran out, so I'm posting this instead of modding parent up
Several times recently I've been handed a PowerPoint file (from a Windows user) with graphics in it, that either fail to render, or worse that crash Microsoft PowerPoint. The files open just fine in NeoOffice... I've also used an old version of Keynote (1.1) to work around Microsoft PowerPoint bugs opening PowerPooint presentations...
dave
If you continue to depend on C and C++ for doing this kind of work, you can continue to expect these kinds of results.
Ada95 is a -much better- choice for this kind of programming, with a rich set of concurrency primitives (for both synchronization (rendezvous) and avoidance (protected objects), integrated into both a strong typing system and an object-oriented approach. And there's a good compliler in the GNU compiler family.
But programming language research seems to have been abandoned over the last 20 years, as if C++ and Java represented the final solution.
C/C++ and even Java thread models are truly appalling, and they were known to be bug-ridden back in the 90s when they were being standardized. I remember during a POSIX meeting, the people working on the Ada binding detected a race condition anomoly in the C/Pthreads specification. Ted Baker sketched the problem out in terms of Ada tasks and we went back, looked at the C & text, and verified Ted's observation. We called in some representatives from the C/Pthreads group, and it took them about 30 minutes just to work out a 'language'/notation to reason about their own standard. After that 30 minute discussion, they came back and looked at our work, and said "Geez, you're right!".
Another area where we need better tools are for the debugging of concurrent, parallel and distributed programs, preferrably starting with analytical tools that prevent, or at least detect before runtime, these kinds of problems. Debugging should be an embarrassment to an professional programmer, as it's basically a representation that you don't know what your code is actually doing.
I'm no fan of "model-driven architecture" in general, but model-driven approaches, coupled with the right kind of source code analysis tools, have real promise here. (Look at how Microsoft, a company I rarely praise, has used this for checking out device drivers...)
dave
Many of the responses here, frankly, demonstrate how poorly people understand both the problem and the potential solutions.
/.) that for parallel/distributed processing, Language Does Matter. (And UML is clearly part of the problem...)
Are we talking about situations that lend themselves to data flow techniques? Or Single Instruction/Multiple Data (e.g. vector) techniques? Or problems that can be broken down and distributed, requiring explicit synchronization or avoidance?
I agree with other posters (and I've said it elsewhere on
Then there's the related issue of long-lived computation. Many of the interesting problems in the real-world take more than a couple of seconds to run, even on today's machines. So you have to worry about faults, failures, timeouts, etc.
One place to start for distributed processing kinds of problems, including fault tolerance, is the work of Nancy Lynch of MIT. She has 2 books out (unfortunately not cheap), "Distributed Algorithms" and "Atomic Transactions". (No personal/financial connection, but I've read & used results from her papers for many years...)
I get the sense that parallelism/distributed computation is not taught at the undergrad level (it's been a long time since I was an undergrad, and mine is not a computer science/software engineering/computer engineering degree.) And that's a big part of the problem...
dave
"Hello, this is God. Heaven hereby asserts copyright on the Bible, the Talmud, the Koran, etc, including text, plot elements, characters, etc. We expect the traditional tithe of 10% for the use of all of our intellectual property, including exclamations such as 'My God!' or 'Jesus Christ' whenever such expressions appear in published works, including the novels of Mr. Halprin. Copyright tithes should be made to the religious institution of choice. We will prosecute, those who violate our perpetual copyright can expect Eternal Damnation, as well as prosecution in more mundane/profane jurisdictions."
dave
A must-have from 1.5 that the last time I checked had not moved to 2.0 (at least not for T-Bird on the Mac.)
Yeah, containers make sense. But how different are the US and Russian gauges? Back before the adoption of the standard gauge (4' 8 1/2") in the US, some railroads were as wide as 6' gauge, and many were 5'. For those that were close, as I recall my rail history, there were tricks like narrow trucks with wide tires that could span from 4'8 to 5' gauges, etc. Another thing that was done was to change the trucks underneath the rail cars. (The East Broad Top did this for most of its history into the 50s and maybe 60s, if I remember correctly, putting 3' gauge trucks under standard gauge rail cars.)
If this were to happen, it might well make sense to design special railcars that carry containers that could run on both gauges. Although container handling is relatively inexpensive, it would still add substantial costs (labor, equipment and shipping delays) to something that probably needs every $$ or Ruble of profit it could get for the first 10-20 years.
dave
CP isn't far behind, and I think one reason CP doesn't have quite the same reach are anti-trust concerns with the US railroad consolidations over the last 15 years or so. I know CP actively bid on some of US consolidations.
If I remember BC railroads correctly, BC Rail connects with CN at Prince Rupert. Is that right (I'm on the road and don't have access to my railroad maps at home.)
dave
p.s. I once heard Canada described as a country founded by a department store and glued together by a railroad (Hudson's Bay Company and the transcontinental RR requirement in the Canadian political document whose name escapes me right now from the turn of the last century.) I'm not Canadian, but lived in Vancouver for a couple of years and tried to learn something of Canadian history.
OK, so we get a tunnel to somewhere on the west coast of Alaska.... Then what? To the best of my recollection, there are no rail lines connecting Alaska with the Lower 48. So you're probably talking about a rail line paralleling the Alaska highway (built during WWII, when cost was no object...) to Prince Rupert, BC, and then probably to Edmonton, AB. So the people who would make out like bandits on this would be the Canadian railroads, all that bridge traffic to the United States.
If you're not familiar with the geography of Western Canada, it's worth taking a peek at your favorite mapping site... Make sure you look at something like Hybrid view on Google Maps, so you get a sense of the topography....
Unless there's already a rail connection from the proposed Alaskan terminal through Canada, I don't see this as being particularly economically feasible. Certainly the US should insist that Canada kick in a contribution.
But if this does come about, I hope they'll run passenger trains along that route, it would be a spectacular train ride!
dave (occasional railfan)
p.s. Speaking of Canada, how about the prospects for a tunnel from the Lower Mainland to Vancouver Island? My guess is that the island residents will never go for it, all that traffic would ruin their spectacular corner of the world...
True, but in my mind, there's a heluva difference in quality between "looks the same in all browsers" and "fails to work in any browser besides IE", and the latter was explicitly my situation.
I've played a bit with CSS, and find it to be surprisingly awkward to use in practice, even before getting to the rendering problems...
dave
Well, my program uses a commercial product that shall remain nameless. A previous version exploited a bug in IE, where HTML code/Javascript was interpreted by IE, although the HTML standard said that such content was not legal HTML. The amount of $$$ we're spending on this product is outrageous (but that's another problem...)
I publicly embarrassed a manager saying, "Geez, can't you at least require [the product] to use standard HTML, considering what we are paying for it? Doesn't it bother you this product requires a specific version of Internet Explorer, so it can exploit a bug in that version?" My supervisor got his butt chewed for my remarks.
About 3 months later they submitted their HTML for W3C testing, and the site started working with FireFox...
dave
They did a superb job modeling 'combat psychology'. This made the games more than just 'fun'. I found I could apply my military training, e.g. in how I'd set up a defense, and find that the bad guys would react in ways that sometimes surprised, but always made sense.
Hearsay alert
It's my understanding that Atomic went under because they were first bought, and then stiffed, by Microsoft. I think they were bought by Microsoft, and I understand that relationship was terminated a couple years later. Atomic was subsequently acquired by another game company. (Aspyr?)
So if Keith Z, et.al. are out there, Thanks for all the great games!
dave
p.s. Consistent with the "in 2006" methodology, all available patches at the time of the experiment were applied, resulting in MacOS X.4.8. Since then Apple has released X.4.9.
It would be an interesting follow-up to see if these vulnerabilities are fixed. This would establish that
(a) if you're up-to-date for OS X, you are or are not still at risk, and
(b) Apple is slower than the Linux alternatives in patching known vulnerabilities (but does fix them)
Since many of the tested services are built on Open Source baselines (e.g. Apple Web Server is based on Apache), that would show relative "time to repair" between the MacOS X systems and the tested Linux systems, and I think this is part of the value of the article and its (well-specified/consistently-executed) methodology.
2. My problem is this statement in the summary: As far as "straight-out-of-box" conditions go, both Microsoft's Windows and Apple's OS X are ripe with remotely accessible vulnerabilities. If you install MacOS X or MacOS X Server out-of-the-box, and do NOT enable any services, then MacOS X has a very different vulnerability profile than Windows.
If you do the next reasonable thing, enabling typical services, then MacOS X reveals vulnerabilities.
That's what the methodology shows, but it's not what the summary says.
dave
Note that on both MacOS X and MacOS X Server, there was a clean installation, followed by specific USER ACTIONS to ENABLE services. Thus it should not be a surprise if you turn on the Web service, for example, you now respond on port 80.
Now once you enable a service, it's legitimate to then analyze the exposed service for vulnerabilities, and I found that information interesting.
But it should have been clearly established that the vulnerabilities noted in Mac OS X are for services that the user specifically enabled. The general description does not call this out, and I think that the conclusions are flawed because of this.
dave
WIll they pay their entire management structure "market wages" and fire managers making more than the manager of McDonald's???
dave
do you not understand (to be an oxymoron)?
dave
Defined as the CIO making decisions that make his/her life easier, that have substantial negative consequences on the user community.
But those users and their impacts don't come out of the CIO's budget, so they don't count.
Has anyone ever met a CIO who didn't have "CIO Syndrome"?
dave
So would the heat sinks leave 'scorch marks'? Would this lead to a redesign of heatsinks to provide branding/corporate logos on toast?
:-)
It might be kinda cool to get "Intel Inside" burnt onto a panini sandwich...
dave
I thought the dual CPU G5 machines were rated at 1 teraflop. Certainly PowerPC AltiVec processors are super floating-point engines (but I don't know exactly how they rank at flops/mhz....)
/. will correct me :-)
But then maybe the issue depends on the notion of what is "ubiquitous" and Macs don't qualify. I dunno, but I'm sure someone on
dave
If I woke up in bed with Vista, I'd gnaw off my hand holding the mouse.
dave
OK, interesting list. Now how would one expand this list to provide more security against malware?
Seems to me that there should be specific privileges associated with registry editing, for example.
dave
OK, I've heard rumors of this.
Show me how it's actively used in the real world.
On VMS, the fine-grained privilege model was clearly documented and explained to system administrators and "power users". It was very effectively used by softare installers.
Is this stuff still present in XP and Vista?
dave