I submit that in particular violent crime tends to be limited to bad areas within the US. One learns to not go there.
I do "concede" that within those areas, things can be appallingly bad, and I'm not sure quite how government should go about fixing this (if the people won't report who did the shootings, then it's hard to catch the perpetrator.)
1. It's a heluva interesting set of questions, with lots of interesting responses, as well as the usual set of flamebaits and displays of ignorance. (Such is free speech...)
2. However those who talk about a country that they have NOT lived in should indicate so. That particularly includes non-US residents who talk about all the problems with living in the US.
3. Me, I've spent 2 1/2 years in Canada (Vancouver, BC). What I've found most disturbing about the experience was the inaccurate knowledge of the US held by most Canadians. One incident particularly stands out. A Canadian said "I bet you feel a lot safer here than the US, with all the crime there." I responded, "No. Actually, in the sample-set of 'people I work with', the crime rate is MUCH HIGHER here. Where I worked before coming to Canada, in 9 years with that company I had my car stolen once and broken into once, and one other co-worker had his car broken into once, both car break-ins were at the same meeting. Here in Vancouver, in 2 years, about 10-15 people have been victims of property crimes, including having their homes broken into."
Unfortunately, it seems that most non-US residents gain their impressions of the US from TV shows and their own media (mis-reporting).
4. WIth respect to cost-of-living, it's difficult to compare. But I did the numbers in Canada. Because of the high housing costs in Vancouver, the high income tax rates, the high sales tax, etc, when the Looney was at.72 to the USD, I needed 2x US income in CAD to have the same disposable income. (I did this calculation by taking my after-tax US paycheck, subtracting housing costs, converting that to CAD, and then adding back in housing costs and CAD taxes.) By the way, one thing I learned is that the Canadian Health System is NOT free. It's paid 100% by your employer. I was offered either a salary or an hourly contracting contract, and was surprised to learn how much I'd have to pay for the insurance, just like I would as an hourly contract employee in the US.
There are good websites that do cost-of-living comparisons, I wish 10 years ago I had known some of what those sites tell you.
5. So when you factor out the money, you're left with a whole bunch of intangibles, and those become a lot harder to evaluate. The most interesting stories in these threads have been those that provide both good-points and bad-points on the intangibles.
6. Even though the US was a 30 minute drive away, I will tell you that particularly my wife got homesick and lonely. And in Canada (at least discounting Quebec:-) there's not the linguistic differences that you get elsewhere. So if you're really serious about this, don't discount that as a factor, particularly on family members. We both knew the Vancouver job wasn't 'forever', but we left earlier than I would have at my wife's insistance.
Well, when it comes to the corporate world, people are NOT given the choice. So when I changed jobs, I made it a condition of employment that they buy me a Mac.
What will tell is the next year. We'll see if Apple is really successful in convincing the general public there -IS- an alternative to the Blue Screen of Death and a petrie dish of viruses.
Well, in 28 years of owning some sort of personal computer, starting with TRS-80 Model 1 (purchased in Oct 78), the -only thing- with a Microsoft logo on it that ever made me jealous was Tablet PCs. But I'll point out that this is just a reification of the original Dynabook concept from Alan Kay at PARC.
But I continue to hope that Apple will take the lessons learned from Newton, combine them with OS X and its superior stability, etc, and produce a tablet that I'd actually want to use.
I agree with "anonymous coward" about the POTENTIAL ubiquity of tablets. And I'll demonstrate my Apple bias by saying "Hey, there were MP3 players before the iPod, too..."
The other company that had a shot at this was Palm, and PalmOS 5 demonstrates how badly they lost their sense of 'what is good'... I do NOT want a converged PDA/Phone. Phones are for talking. I get a giggle out of watching people play with their Blackberries trying to talk and read/write at the same time. Since I know how to type (an accident of High School, where I couldn't schedule pre-college personal use typing, and ended up in the pre-secretarial course; a great way to meet girls:-), I want a FULL SIZE keyboard and something akin to a FULL PAGE display. That's why Tablets make sense to me, while Blackberries/PDAs/"convergence devices" do not.
Now I would admit that human action is probably responsible for some of the CO2 build-up. But what if it's only 80, and not 300? What if the Earth was already moving towards a 'hot spell'? And 800,000 years is not that much time, along geological time scales.
What bothers me is how so many people (including Al Gore) are -so sure- they understand this stuff!
I'm waiting for someone who can explain the "Little Ice Age", and ice ages in general, which seem to have been happening long before there were significant amounts of fossil fuel combustion.
I don't doubt global warming, I just have a lot of skepticism that we really understand climatic processes on geologic time scales and in particular the human contributions to same.
But I will say that, without exception, all the best developers I've known in my career (yes, every single one of them) work with a text editor and a shell window.
That's my experience too, actually. And it's also the way I worked back when I pounded code for a living, working with (actually working around) the big Rational APEX IDE, this on a project with well more than its fair share of studly coders.
I also fully agree with those who have emphasized code reading/understanding as the critical activity in software development. Things like ctags were a really important development. At the same time, I've emphasized the readability of the running text itself. I've heard some advocate that "the IDE will locate cross-references, etc for you" implying that all developers will have equal access to the IDE -and- the IDE will be fail-proof in finding cross references/relevant related information through its own code understanding. Rather, I think that the one-and-only thing you're guaranteed to get in a maintenance situation is the source code, so source code must stand alone in its ability to be understood.
When you want to install zombieware or spyware you might as well target the 90%
OK, that's a valid point for some hackers with respect to intent to target. We need some sort of taxonomy for hackers:
thillseekers
evildoers looking for zombies
evildoers looking for personal information
evildoers looking to interfere with the operation of the machine/website (e.g. those that change websites to make some sort of political statement)
others?
I concede your point on Type 2 Hackers. My comment on Army AKO covers Type 1 and Type 4 hackers, and to some degree on Type 3 hackers. (There are hundreds of thousands of AKO accounts, based on every soldier having an AKO account...)
But still, 'motivation' is 'motivation for exploiting a vulnerability'. It says nothing about the existence of a vulnerability. I don't buy the argument that the distribution of vulnerability is constant over Operating Systems, and it's only the number of attacks that has any impact on the number of recorded infections.
It's important to fully consider the virus model. There are two -completely separable- parts to an infection, regardless of whether it's computer or biological:
1. there has to be a vulnerability
2. there has to be a vector
Now market share has substantial impact on -vectors-, but has -no impact- on the core vulnerability. This is the point so many people miss when they claim that the only reason MacOS X is not infected is because of market share. This is not my original thought, but I'm very sorry I do not remember who first pointed this out to me. (If you read/., please stand up and take a bow!)
For a long time (I don't know if this is still true), the Army corporate Intranet, Army Knowledge Online (AKO,) was run on top of a whole ton of Macs. This was after the Nth infection of their previous Win NT baseline, and the 3-star said "Fix it." It's my understanding from about 5 years ago from a friend who worked on that project that there were a few first-stage penetrations/DoS attacks, but NO (zero, nada, zilch) successful infections of the Macs, even when they were running WebStar on OS9, and then none when they moved to OS X. (He provided no details for security reasons, and I didn't ask. But having known this guy for 12 years at that point, I take him at his word.)
So to those who claim that "there's no reason for a hacker to infect a Mac-based system," I'd point to both the big-time hacker glory that people in that culture would get for screwing up www.us.army.mil, and to the much more serious impact of a deliberate cyber-attack (e.g. Al Queda, Hezbollah, Chinese espionage, etc - all of which I believe are documented as attacking US military web sites, and unfortunately with some success for sites other than AKO.) Most well-run websites can detect a penetration, even without a change to the home page.
Anyway, my point is that the lack of infections has to be attributed primarily to lack of vulnerability, and in evidence I offer the big headlines that come out whenever someone thinks they've found a vulnerability in OS X. But so far, to the best of my knowledge, there's been no successful infection "in the wild", and certainly NOTHING to resemble the Windoze viruses that seem to spread across the 'Net about every year or so. This canNOT be attributed only to "lack of market share".
You said that your kernel panic was mostly likely due to user error, a claim that's clearly not possible and you know it.
This assertion is crap, sorry. I was setting up LDAP mapping, running from an administrator's account. When you have root privilege on -any system-, it's pretty easy to make mistakes that cause system crashes, I don't care -what kind of OS- you are running. And I can cite examples from VAX/VMS and Ultrix, two of the OS I cited as most stable. Here I suspect that there was some strange interaction associated with various parts of account management/IA/protection stuff, but that's a pure guess. I don't have time to go pore through the system logs to run this down; I rebooted, made sure the LDAP configuration is correct, and it's running fine now. (This is probably just another instance of the observation by Jim Grey that says most system crashes are fixed by reboots, as they represent "heisenbugs', http://en.wikipedia.org/wiki/Heisenbug)
It should not be the case that inproper LDAP configuration causes a kernel panic. But the machine was running just fine until I started messing with this, over the last 2 years. That's not direct cause-and-effect. If it wasn't my configuration error, the other likely source was hardware, and I find it even less reasonable to expect an OS to be bombproof in the face of (transient) hardware problems, unless that is a design characteristic of the system as a whole (e.g. Tandem's Non-Stop stuff.)
It should be a design goal that the kernel never crashes, and Mac OS X and even Win XP are getting pretty close to meeting that goal. But if you start installing stuff that runs in kernel space (e.g. kext's in MacOS or some kinds of device drivers in WinXP), you are assuming risk by allowing this 3rd party code to run so close to the hardware. Now virtualization techniques may provide a significant increase in overall system stability, and That's A Good Thing when it happens.
And this returns us to the original thread of the article, namely the question as to whether the cited vulnerability was in Apple code or 3rd party code, and then what responsibility should an OS have to protect the system as a whole (not just the OS itself) from ill-behaved 3rd party drivers... One of the things that I respect Microsoft for is its initiatives in validating 3rd party drivers. (Of course, I'd fault them for having such an unguarded dependence on such things, but given that design choice, it's to Microsoft's credit that they've applied so much effort to verifying 3rd party drivers with model-driven verification tools. http://en.wikipedia.org/wiki/Symbolic_model_verifi cation)
I never said OS X was without flaws. The fact that I got a kernel panic is evidence of a significant bug somewhere. I just see them -much less often- on Mac OS X than on other PC based OSs I've worked with (since 1978, when I bought my TRS 80 Model 1).
Your experience with machines on your network is very different from mine. The token PC locks up much more frequently, and there's NOTHING running on it 99% of the time besides WinXT, antivirus, and Folding@Home.
My Macs, on the other hand, get lots and lots of work, and I tend to stretch them. Right now I'm moving individual per-machine accounts over to networked accounts with home directories hosted on an X Server machine. This has proven to be more difficult than I expected (by a long shot!). However, now that I have the X Server LDAP stuff working correctly, my problems are with applications, such as Mozilla, that don't work correctly when the user home directory is not a local file system.
1. The inconsistent position of the original demonstration? 2. The willingness of everyone to jump on an actual vulnerability in MacOS X (schadenfreude) ? 3. People who believe that the only reason software is vulnerable is its market share? 4. People who think that a company should be able to warrant/guarantee an OS regardless of what you do to the machine it's running on?
Does/. have a polling mechanism? Can we actually vote on these?
dave
p.s. my Mini, that runs continuously 24 hours/day including web server, iTunes broadcast, etc, had a kernel panic yesterday. First time, too! I think it was because I was in the middle of LDAP client configuration and left the machine in an inconsistent state, i.e. -operator error-. No, OS X isn't perfect, but it's a damn site better than -any other OS- I've used on personal hardware. The only things I've used in almost 30 years in the business that have been more reliable are VAX/VMS, Ultrix and SunOS 4.0.3...
I'm not a lawyer, and I don't play on on TV (or on the 'net). But it's my understanding that some restrictions placed on commercial activity don't apply to governments.
Specifically, I remember being told A Long Time Ago that there are certain kinds of Tort Lawsuits that you cannot sue the government under. That's because they're based on the notion of commercial 'conflict of interest' (i.e. the two participants in the transaction have potentially different objectives, each looking out for his own benefit). The Government is always presumed to be working 'on your side', so that conflict with respect to your benefit vice the other party's benefit doesn't exist. I don't know if that's true legal doctrine or not.
Similarly, copyright, I thought, is based on -commercial- advantage. Would the goverment need permission to reproduce copyrighted material for formal government purposes (again arguing from the notion that there is "no commercial advantage" to the government to do so)?
License clauses (as opposed to copyright) probably fall under a different part of the law.
Still it would be interesting for someone with the appropriate legal background to comment on these issues.
In a lot of organizations, you need a certain amount of "pull" to get a Mac on your desk due to the higher cost structure.
Exactly my point. Those with "pull" are exactly those who I claim to be "Top technical elite" , or at least relatively highly correlated with the "Top technical elite" , and those who had much more choice about computing platforms than the average tech staff. The fact that they exercised that pull is my specific counter-example to your claim that he "Top technical elite" had almost entirely bailed off the platform.
It might be a silly example, but I assert it most certainly speaks to (actually argues against) your point about "Top technical elite" abandoning the platform. I don't mind my post being called silly, but I disagree that it's irrelevant...
If you look at the Mac Community 10 years ago, the "Top technical elite" had almost entirely bailed off the platform.
There's some truth to this, but only some truth..
Of the senior people I work with who were on Macs 10 years ago, at least 50% are still there, and recently some that moved on to Windows are seriously considering moving back. And I'm talking about people like chief engineers, tech directors, etc; not just "old farts" who were unwilling to learn new technologies. Where I used to work, on a "pay scale" of 3..7, with 3.5 being the average paygrade of staff, the self-supporting Mac Users list had an average paygrade of about 5.5. (And that's with a typical pyramid distribution, there were very few paygrade 7s in the company, but I'll bet 10%-15% of those were die-hard Mac users.)
The primary reason for moving away was usually "Software I wanted wasn't available on the Mac." However, the continued problems with Windows viruses, spyware, malware, etc, plus the strength of the OS X underpinnings of Unix, have been a big part of the re-connection. Most of these same people have substantial Unix backgrounds, so coming back to OS X and popping up a terminal shell, is like 'coming home'. We'll see how much effect MacTel has on the availability of software for the Mac platform.
But I count myself as a super-loyalist, and that belief was strongly reinforced by the 18 months I spent being forced to use Windows NT (versus MacOS 8 at the time), and my continued attempts to try to maintain a Windows (98->2k->now XP Pro) machine in my home environment (alongside 1 old Mac running OS 9, and 4 Macs running X.4). My informal estimate was that being on Windows cost me between 10 and 30 minutes lost productivity each day at work on the Windows box. Multiplied by 250 days in a year, times my billing rate at the tme, and that's a fair amount of money (enough to buy me a new Mac every 30 months...) And that doesn't include the cost of all the tech support that was provided on the Windows box, that didn't come out of my productivity measure.
So when I switched jobs (in part because my employer was discontinuing all support for Macs, don't get me started on that situation and the company's unwillingness to back up assertions of life-cycle cost savings with the data we all knew they had collected...), I made it a condition of employment with my new company that they'd provide me with a Mac and make sure their core business systems (e.g. web-based timecards) would be standards-conformant to support not just my Mac, but anyone who wanted to remain on Linux.
When something better comes along, I'll try it. But I'll point out I bought my first personal computer in Oct 1978, and I've tried just about everything except Windows 3, BoB and Windows ME. Pretty much consistently, at each point in time, the Apple offering was markedly better than the WinTel offering, enough to justify the price (and performance) differential. Linux systems have some significant price/performance advantages over Mac OS X (and certainly over WinTel), but not strong enough usability for the 90% of the stuff I spend my time doing (and that's the stuff that cost me the productivity hit on Windows.)
On my token PC (the important stuff is all on MacOS X), I got the "we have updates for you today" notification. Since I -never- fully trust any update (even those from Apple), I checked "manual/custom install" (I forget exactly what it was called, the -opposite- of fully automatic). Right there, I saw the Pilot Windows Genuine Advantage (tm, I'm sure!) program being offered for installation, and declined. (I've heard too many horror stories about Microsoft deciding you're not running 'real Windows' and shutting the computer down, including those included in this thread.)
To anyone who wonders how this stuff got on their machine, I say "Next time, check to see what's being installed." And to those who saw this and granted permission for it to be installed, "What did you think this was going to do? Physically search your CD drawer for the install CD package?"
And to Microsoft I wonder, "OK what -is- the advantage of 'Genuine Windows'? Does it lesson my likelihood of bugs or of security holes?" But I will say that the one time I needed to talk to Microsoft about a CD read error, I did get through to a human (in Canada, eh?) and he sent me a new CD. So I will certainly admit that's an advantage of having a valid serial number for Windows that is not registered elsewhere. But I didn't need no stinkin' spyware to get THAT advantage.
What about paging/swapping? That's the primary thing that happens on rotating media that would bother me with a 10m duty cycle over 5 years.
And from a system perspective, where would you put the 'smarts' to continually move around "known system files" such as the pagefile, or the inode file? Should that be done on the controller, within the memory itself, or back on the OS kernel?
I hope this does not become an OS Kernel responsibility.
This topic came up on my program recently. The figure we were quoted as "best available practice" is 100k writes. Pointers to higher performance specs would be much appreciated. (Since my program is a long-lived embedded system, it's clear that using flash memory will result in having to replace the 'flash drives' periodically, and that's taking the device out of the field and into the shop, or at least sending a tech with a replacement part.)
But consider: 100k write duty-cycle, over a 3 year period, is an update rate of about 90 seconds. That means it's probably OK for user data, but clearly not OK for swap or for system usage such as inode tables for the file system... At 1m duty cycle, that goes down to 9 seconds, which is getting into the ballpark for system kinds of writes (e.g. inode updates for the file system), but it's still not there for swap.
But the underlying problem I'm having is recovery from an error. My guess is that you have to 'write then read' to verify that you have NOT hit the error, and that the probability of the read failing is much less than the probability of the write failing. (And I believe that reading is much more reliable than writing, so that's probably av valid assumption.)
What you then need is a recovery strategy for a failed 'write location'. I guess you could use current failed sector techniques.
So I think this is a cool idea, but I still have some questions about the end-to-end performance and reliability.
Here's what I've read so far before posting this note:
Some number of people say "political fearmongering". But most of them don't provide evidence to the contrary.
Some number of people say "absolutely real". Many of them express similarly unfounded views to the 'political fearmongering' crowd.
Some number of people say "there might be something here, but some of the scenarios are pushing it."
A few people cite personal knowledge/experience with respect to what could be done.
Now here's my $.02. 1. First we get into the discussion that's been around the block about whether or not any specific vulnerabilities on any specific system should be revealed. If you take the side of "no, keep it secret", you're back to the "do I trust this poster?" But some feasible/credible scenarios/examples have been posted, enough to counter the "reject out of hand" responses.
2. That being said, I have heard credible people talk about these kinds of scenarios (particularly with respect to the power grid) for at least 8 years. So I -explicitly reject- those who think this is an out-of-the-blue kind of thing. (I can't say if part of the motivation were political. What I can say is "this is not new...")
3. Certainly -some- computer viruses have the capability to do lots of malicious things to arbitrary computers. If these were targeted to specific machines with specific vulnerabilities (e.g. the LA Freeway signs or the traffic light control system for Manhattan traffic signals), it's easy to see the substantial consequences.
4. If I knew of specific efforts by either good guys or bad guys to do these kinds of things, I -sure as hell- wouldn't be posting here. That being said, I suspect I know people (who I'd consider 'good guys') who are both planning and prototyping 'offensive e-warfare', as well as 'defensive e-warfare'.
5. So my bottom line: Current systems, and not just Windows PCs, probably have substantial unacceptable vulnerabilities. I don't think someone can implement the "WarGames" (movie) scenario, but I do think that the ability to do things like mess with traffic signals or the power grid switching system is real.
The analogy with Y2K is only partly appropriate. There we -knew- when the bad thing could happen, and there was a concerted, very tightly focused effort to prevent it. But some of the scenarios that could have happened with unpatched Y2K software were very well documented and very real.
So as a community we need to consider these kinds of threats, not in the sense of 'fearmongering', but in the sense of "what should be we be doing to (a) prevent, (b) detect, (c) mitigate these kinds of attacks.
With respect to CPUs, I understand that Intel and AMD processors tend to smoke PowerPCs for integer computations, and it's the other way around for floating point calculations, particularly for things that make effective use of AltiVec.
So I'm wondering how this GPU-based (presumably intensively floating-point) approach compares to a PowerPC/AltiVec processor. Anyone got any numbers/analysis?
(This is more than just an academic proposition. Some have challenged a program's transition from PowerPC to Intel for precisely this reason, claiming that their PPC based algorthims wouldn't achieve necessary performance on Intel processors.)
Nope. The solution is to spend the thirty minutes uninstalling the crapware.
But how much do you have to know about Windows to do this? Mom, Pop and many average users don't have this knowledge, and don't necessarily want to invest in the knowledge.
Seems like a good opportunity for ShareWare: Use that knowledge to generate a list of "everything" that is on the machine, and then allow a check for items to (keep | be removed).
(Or, do what I do, which is stick with Macs and self-assembled clones with generic versions of MS Windoze.)
It seems to me that eMusic sells "by the song", which for classical equates with "by the track"? (I tried to ask this via their on-line 'send us comments' facility, but it wouldn't let me do so without having a valid user ID and associated credit card number.)
So Beethoven's 9th, 4 movements, almost 70 minutes, is $1.00 at $.25/"song", and something like "The Three Ravens", 73 minutes but -29- tracks, would sell for $7.25???
eMusic has a lot of stuff I'm interested in, but I'm not persuaded by their pricing model, especially for the Early Music kinds of things that I want.
On the other hand, if you like long 19th Century works, like Bruckner Symphonies, it's a heluva bargain!
Slashdot Mirror
Is very critical of the Sir Nicholas Stern paper:k /
http://www.msnbc.msn.com/id/15563663/site/newswee
I submit that in particular violent crime tends to be limited to bad areas within the US. One learns to not go there.
I do "concede" that within those areas, things can be appallingly bad, and I'm not sure quite how government should go about fixing this (if the people won't report who did the shootings, then it's hard to catch the perpetrator.)
dave
1. It's a heluva interesting set of questions, with lots of interesting responses, as well as the usual set of flamebaits and displays of ignorance. (Such is free speech...)
.72 to the USD, I needed 2x US income in CAD to have the same disposable income. (I did this calculation by taking my after-tax US paycheck, subtracting housing costs, converting that to CAD, and then adding back in housing costs and CAD taxes.) By the way, one thing I learned is that the Canadian Health System is NOT free. It's paid 100% by your employer. I was offered either a salary or an hourly contracting contract, and was surprised to learn how much I'd have to pay for the insurance, just like I would as an hourly contract employee in the US.
2. However those who talk about a country that they have NOT lived in should indicate so. That particularly includes non-US residents who talk about all the problems with living in the US.
3. Me, I've spent 2 1/2 years in Canada (Vancouver, BC). What I've found most disturbing about the experience was the inaccurate knowledge of the US held by most Canadians. One incident particularly stands out. A Canadian said "I bet you feel a lot safer here than the US, with all the crime there." I responded, "No. Actually, in the sample-set of 'people I work with', the crime rate is MUCH HIGHER here. Where I worked before coming to Canada, in 9 years with that company I had my car stolen once and broken into once, and one other co-worker had his car broken into once, both car break-ins were at the same meeting. Here in Vancouver, in 2 years, about 10-15 people have been victims of property crimes, including having their homes broken into."
Unfortunately, it seems that most non-US residents gain their impressions of the US from TV shows and their own media (mis-reporting).
4. WIth respect to cost-of-living, it's difficult to compare. But I did the numbers in Canada. Because of the high housing costs in Vancouver, the high income tax rates, the high sales tax, etc, when the Looney was at
There are good websites that do cost-of-living comparisons, I wish 10 years ago I had known some of what those sites tell you.
5. So when you factor out the money, you're left with a whole bunch of intangibles, and those become a lot harder to evaluate. The most interesting stories in these threads have been those that provide both good-points and bad-points on the intangibles.
6. Even though the US was a 30 minute drive away, I will tell you that particularly my wife got homesick and lonely. And in Canada (at least discounting Quebec:-) there's not the linguistic differences that you get elsewhere. So if you're really serious about this, don't discount that as a factor, particularly on family members. We both knew the Vancouver job wasn't 'forever', but we left earlier than I would have at my wife's insistance.
dave
If WinNT had the VMS privilege model, I'd go out of my way to find something good to say about it.
That's a piece of technology that is badly needed that no one has gotten anything close to right since the demise of VMS.
dave
Well, when it comes to the corporate world, people are NOT given the choice. So when I changed jobs, I made it a condition of employment that they buy me a Mac.
What will tell is the next year. We'll see if Apple is really successful in convincing the general public there -IS- an alternative to the Blue Screen of Death and a petrie dish of viruses.
dave
Well, in 28 years of owning some sort of personal computer, starting with TRS-80 Model 1 (purchased in Oct 78), the -only thing- with a Microsoft logo on it that ever made me jealous was Tablet PCs. But I'll point out that this is just a reification of the original Dynabook concept from Alan Kay at PARC.
:-), I want a FULL SIZE keyboard and something akin to a FULL PAGE display. That's why Tablets make sense to me, while Blackberries/PDAs/"convergence devices" do not.
But I continue to hope that Apple will take the lessons learned from Newton, combine them with OS X and its superior stability, etc, and produce a tablet that I'd actually want to use.
I agree with "anonymous coward" about the POTENTIAL ubiquity of tablets. And I'll demonstrate my Apple bias by saying "Hey, there were MP3 players before the iPod, too..."
The other company that had a shot at this was Palm, and PalmOS 5 demonstrates how badly they lost their sense of 'what is good'... I do NOT want a converged PDA/Phone. Phones are for talking. I get a giggle out of watching people play with their Blackberries trying to talk and read/write at the same time. Since I know how to type (an accident of High School, where I couldn't schedule pre-college personal use typing, and ended up in the pre-secretarial course; a great way to meet girls
dave
Now I would admit that human action is probably responsible for some of the CO2 build-up. But what if it's only 80, and not 300? What if the Earth was already moving towards a 'hot spell'? And 800,000 years is not that much time, along geological time scales.
What bothers me is how so many people (including Al Gore) are -so sure- they understand this stuff!
I'm waiting for someone who can explain the "Little Ice Age", and ice ages in general, which seem to have been happening long before there were significant amounts of fossil fuel combustion.
I don't doubt global warming, I just have a lot of skepticism that we really understand climatic processes on geologic time scales and in particular the human contributions to same.
dave
That's my experience too, actually. And it's also the way I worked back when I pounded code for a living, working with (actually working around) the big Rational APEX IDE, this on a project with well more than its fair share of studly coders.
I also fully agree with those who have emphasized code reading/understanding as the critical activity in software development. Things like ctags were a really important development. At the same time, I've emphasized the readability of the running text itself. I've heard some advocate that "the IDE will locate cross-references, etc for you" implying that all developers will have equal access to the IDE -and- the IDE will be fail-proof in finding cross references/relevant related information through its own code understanding. Rather, I think that the one-and-only thing you're guaranteed to get in a maintenance situation is the source code, so source code must stand alone in its ability to be understood.
dave
what more do you really need?
dave
OK, that's a valid point for some hackers with respect to intent to target. We need some sort of taxonomy for hackers:
- thillseekers
- evildoers looking for zombies
- evildoers looking for personal information
- evildoers looking to interfere with the operation of the machine/website (e.g. those that change websites to make some sort of political statement)
- others?
I concede your point on Type 2 Hackers. My comment on Army AKO covers Type 1 and Type 4 hackers, and to some degree on Type 3 hackers. (There are hundreds of thousands of AKO accounts, based on every soldier having an AKO account...)But still, 'motivation' is 'motivation for exploiting a vulnerability'. It says nothing about the existence of a vulnerability. I don't buy the argument that the distribution of vulnerability is constant over Operating Systems, and it's only the number of attacks that has any impact on the number of recorded infections.
dave
It's important to fully consider the virus model. There are two -completely separable- parts to an infection, regardless of whether it's computer or biological:
/., please stand up and take a bow!)
1. there has to be a vulnerability
2. there has to be a vector
Now market share has substantial impact on -vectors-, but has -no impact- on the core vulnerability. This is the point so many people miss when they claim that the only reason MacOS X is not infected is because of market share. This is not my original thought, but I'm very sorry I do not remember who first pointed this out to me. (If you read
For a long time (I don't know if this is still true), the Army corporate Intranet, Army Knowledge Online (AKO,) was run on top of a whole ton of Macs. This was after the Nth infection of their previous Win NT baseline, and the 3-star said "Fix it." It's my understanding from about 5 years ago from a friend who worked on that project that there were a few first-stage penetrations/DoS attacks, but NO (zero, nada, zilch) successful infections of the Macs, even when they were running WebStar on OS9, and then none when they moved to OS X. (He provided no details for security reasons, and I didn't ask. But having known this guy for 12 years at that point, I take him at his word.)
So to those who claim that "there's no reason for a hacker to infect a Mac-based system," I'd point to both the big-time hacker glory that people in that culture would get for screwing up www.us.army.mil, and to the much more serious impact of a deliberate cyber-attack (e.g. Al Queda, Hezbollah, Chinese espionage, etc - all of which I believe are documented as attacking US military web sites, and unfortunately with some success for sites other than AKO.) Most well-run websites can detect a penetration, even without a change to the home page.
Anyway, my point is that the lack of infections has to be attributed primarily to lack of vulnerability, and in evidence I offer the big headlines that come out whenever someone thinks they've found a vulnerability in OS X. But so far, to the best of my knowledge, there's been no successful infection "in the wild", and certainly NOTHING to resemble the Windoze viruses that seem to spread across the 'Net about every year or so. This canNOT be attributed only to "lack of market share".
dave
This assertion is crap, sorry. I was setting up LDAP mapping, running from an administrator's account. When you have root privilege on -any system-, it's pretty easy to make mistakes that cause system crashes, I don't care -what kind of OS- you are running. And I can cite examples from VAX/VMS and Ultrix, two of the OS I cited as most stable. Here I suspect that there was some strange interaction associated with various parts of account management/IA/protection stuff, but that's a pure guess. I don't have time to go pore through the system logs to run this down; I rebooted, made sure the LDAP configuration is correct, and it's running fine now. (This is probably just another instance of the observation by Jim Grey that says most system crashes are fixed by reboots, as they represent "heisenbugs', http://en.wikipedia.org/wiki/Heisenbug)
It should not be the case that inproper LDAP configuration causes a kernel panic. But the machine was running just fine until I started messing with this, over the last 2 years. That's not direct cause-and-effect. If it wasn't my configuration error, the other likely source was hardware, and I find it even less reasonable to expect an OS to be bombproof in the face of (transient) hardware problems, unless that is a design characteristic of the system as a whole (e.g. Tandem's Non-Stop stuff.)
It should be a design goal that the kernel never crashes, and Mac OS X and even Win XP are getting pretty close to meeting that goal. But if you start installing stuff that runs in kernel space (e.g. kext's in MacOS or some kinds of device drivers in WinXP), you are assuming risk by allowing this 3rd party code to run so close to the hardware. Now virtualization techniques may provide a significant increase in overall system stability, and That's A Good Thing when it happens.
And this returns us to the original thread of the article, namely the question as to whether the cited vulnerability was in Apple code or 3rd party code, and then what responsibility should an OS have to protect the system as a whole (not just the OS itself) from ill-behaved 3rd party drivers... One of the things that I respect Microsoft for is its initiatives in validating 3rd party drivers. (Of course, I'd fault them for having such an unguarded dependence on such things, but given that design choice, it's to Microsoft's credit that they've applied so much effort to verifying 3rd party drivers with model-driven verification tools. http://en.wikipedia.org/wiki/Symbolic_model_verifi cation)
dave
I never said OS X was without flaws. The fact that I got a kernel panic is evidence of a significant bug somewhere. I just see them -much less often- on Mac OS X than on other PC based OSs I've worked with (since 1978, when I bought my TRS 80 Model 1).
Your experience with machines on your network is very different from mine. The token PC locks up much more frequently, and there's NOTHING running on it 99% of the time besides WinXT, antivirus, and Folding@Home.
My Macs, on the other hand, get lots and lots of work, and I tend to stretch them. Right now I'm moving individual per-machine accounts over to networked accounts with home directories hosted on an X Server machine. This has proven to be more difficult than I expected (by a long shot!). However, now that I have the X Server LDAP stuff working correctly, my problems are with applications, such as Mozilla, that don't work correctly when the user home directory is not a local file system.
dave
1. The inconsistent position of the original demonstration?
/. have a polling mechanism? Can we actually vote on these?
2. The willingness of everyone to jump on an actual vulnerability in MacOS X (schadenfreude) ?
3. People who believe that the only reason software is vulnerable is its market share?
4. People who think that a company should be able to warrant/guarantee an OS regardless of what you do to the machine it's running on?
Does
dave
p.s. my Mini, that runs continuously 24 hours/day including web server, iTunes broadcast, etc, had a kernel panic yesterday. First time, too! I think it was because I was in the middle of LDAP client configuration and left the machine in an inconsistent state, i.e. -operator error-. No, OS X isn't perfect, but it's a damn site better than -any other OS- I've used on personal hardware. The only things I've used in almost 30 years in the business that have been more reliable are VAX/VMS, Ultrix and SunOS 4.0.3...
I'm not a lawyer, and I don't play on on TV (or on the 'net). But it's my understanding that some restrictions placed on commercial activity don't apply to governments.
Specifically, I remember being told A Long Time Ago that there are certain kinds of Tort Lawsuits that you cannot sue the government under. That's because they're based on the notion of commercial 'conflict of interest' (i.e. the two participants in the transaction have potentially different objectives, each looking out for his own benefit). The Government is always presumed to be working 'on your side', so that conflict with respect to your benefit vice the other party's benefit doesn't exist. I don't know if that's true legal doctrine or not.
Similarly, copyright, I thought, is based on -commercial- advantage. Would the goverment need permission to reproduce copyrighted material for formal government purposes (again arguing from the notion that there is "no commercial advantage" to the government to do so)?
License clauses (as opposed to copyright) probably fall under a different part of the law.
Still it would be interesting for someone with the appropriate legal background to comment on these issues.
dave
Exactly my point. Those with "pull" are exactly those who I claim to be "Top technical elite" , or at least relatively highly correlated with the "Top technical elite" , and those who had much more choice about computing platforms than the average tech staff. The fact that they exercised that pull is my specific counter-example to your claim that he "Top technical elite" had almost entirely bailed off the platform.
It might be a silly example, but I assert it most certainly speaks to (actually argues against) your point about "Top technical elite" abandoning the platform. I don't mind my post being called silly, but I disagree that it's irrelevant...
dave
There's some truth to this, but only some truth..
Of the senior people I work with who were on Macs 10 years ago, at least 50% are still there, and recently some that moved on to Windows are seriously considering moving back. And I'm talking about people like chief engineers, tech directors, etc; not just "old farts" who were unwilling to learn new technologies. Where I used to work, on a "pay scale" of 3..7, with 3.5 being the average paygrade of staff, the self-supporting Mac Users list had an average paygrade of about 5.5. (And that's with a typical pyramid distribution, there were very few paygrade 7s in the company, but I'll bet 10%-15% of those were die-hard Mac users.)
The primary reason for moving away was usually "Software I wanted wasn't available on the Mac." However, the continued problems with Windows viruses, spyware, malware, etc, plus the strength of the OS X underpinnings of Unix, have been a big part of the re-connection. Most of these same people have substantial Unix backgrounds, so coming back to OS X and popping up a terminal shell, is like 'coming home'. We'll see how much effect MacTel has on the availability of software for the Mac platform.
But I count myself as a super-loyalist, and that belief was strongly reinforced by the 18 months I spent being forced to use Windows NT (versus MacOS 8 at the time), and my continued attempts to try to maintain a Windows (98->2k->now XP Pro) machine in my home environment (alongside 1 old Mac running OS 9, and 4 Macs running X.4). My informal estimate was that being on Windows cost me between 10 and 30 minutes lost productivity each day at work on the Windows box. Multiplied by 250 days in a year, times my billing rate at the tme, and that's a fair amount of money (enough to buy me a new Mac every 30 months...) And that doesn't include the cost of all the tech support that was provided on the Windows box, that didn't come out of my productivity measure.
So when I switched jobs (in part because my employer was discontinuing all support for Macs, don't get me started on that situation and the company's unwillingness to back up assertions of life-cycle cost savings with the data we all knew they had collected...), I made it a condition of employment with my new company that they'd provide me with a Mac and make sure their core business systems (e.g. web-based timecards) would be standards-conformant to support not just my Mac, but anyone who wanted to remain on Linux.
When something better comes along, I'll try it. But I'll point out I bought my first personal computer in Oct 1978, and I've tried just about everything except Windows 3, BoB and Windows ME. Pretty much consistently, at each point in time, the Apple offering was markedly better than the WinTel offering, enough to justify the price (and performance) differential. Linux systems have some significant price/performance advantages over Mac OS X (and certainly over WinTel), but not strong enough usability for the 90% of the stuff I spend my time doing (and that's the stuff that cost me the productivity hit on Windows.)
dave
On my token PC (the important stuff is all on MacOS X), I got the "we have updates for you today" notification. Since I -never- fully trust any update (even those from Apple), I checked "manual/custom install" (I forget exactly what it was called, the -opposite- of fully automatic). Right there, I saw the Pilot Windows Genuine Advantage (tm, I'm sure!) program being offered for installation, and declined. (I've heard too many horror stories about Microsoft deciding you're not running 'real Windows' and shutting the computer down, including those included in this thread.)
To anyone who wonders how this stuff got on their machine, I say "Next time, check to see what's being installed." And to those who saw this and granted permission for it to be installed, "What did you think this was going to do? Physically search your CD drawer for the install CD package?"
And to Microsoft I wonder, "OK what -is- the advantage of 'Genuine Windows'? Does it lesson my likelihood of bugs or of security holes?" But I will say that the one time I needed to talk to Microsoft about a CD read error, I did get through to a human (in Canada, eh?) and he sent me a new CD. So I will certainly admit that's an advantage of having a valid serial number for Windows that is not registered elsewhere. But I didn't need no stinkin' spyware to get THAT advantage.
dave
What about paging/swapping? That's the primary thing that happens on rotating media that would bother me with a 10m duty cycle over 5 years.
And from a system perspective, where would you put the 'smarts' to continually move around "known system files" such as the pagefile, or the inode file? Should that be done on the controller, within the memory itself, or back on the OS kernel?
I hope this does not become an OS Kernel responsibility.
dave
This topic came up on my program recently. The figure we were quoted as "best available practice" is 100k writes. Pointers to higher performance specs would be much appreciated. (Since my program is a long-lived embedded system, it's clear that using flash memory will result in having to replace the 'flash drives' periodically, and that's taking the device out of the field and into the shop, or at least sending a tech with a replacement part.)
But consider: 100k write duty-cycle, over a 3 year period, is an update rate of about 90 seconds. That means it's probably OK for user data, but clearly not OK for swap or for system usage such as inode tables for the file system... At 1m duty cycle, that goes down to 9 seconds, which is getting into the ballpark for system kinds of writes (e.g. inode updates for the file system), but it's still not there for swap.
But the underlying problem I'm having is recovery from an error. My guess is that you have to 'write then read' to verify that you have NOT hit the error, and that the probability of the read failing is much less than the probability of the write failing. (And I believe that reading is much more reliable than writing, so that's probably av valid assumption.)
What you then need is a recovery strategy for a failed 'write location'. I guess you could use current failed sector techniques.
So I think this is a cool idea, but I still have some questions about the end-to-end performance and reliability.
dave
Here's what I've read so far before posting this note:
Some number of people say "political fearmongering". But most of them don't provide evidence to the contrary.
Some number of people say "absolutely real". Many of them express similarly unfounded views to the 'political fearmongering' crowd.
Some number of people say "there might be something here, but some of the scenarios are pushing it."
A few people cite personal knowledge/experience with respect to what could be done.
Now here's my $.02.
1. First we get into the discussion that's been around the block about whether or not any specific vulnerabilities on any specific system should be revealed. If you take the side of "no, keep it secret", you're back to the "do I trust this poster?" But some feasible/credible scenarios/examples have been posted, enough to counter the "reject out of hand" responses.
2. That being said, I have heard credible people talk about these kinds of scenarios (particularly with respect to the power grid) for at least 8 years. So I -explicitly reject- those who think this is an out-of-the-blue kind of thing. (I can't say if part of the motivation were political. What I can say is "this is not new...")
3. Certainly -some- computer viruses have the capability to do lots of malicious things to arbitrary computers. If these were targeted to specific machines with specific vulnerabilities (e.g. the LA Freeway signs or the traffic light control system for Manhattan traffic signals), it's easy to see the substantial consequences.
4. If I knew of specific efforts by either good guys or bad guys to do these kinds of things, I -sure as hell- wouldn't be posting here. That being said, I suspect I know people (who I'd consider 'good guys') who are both planning and prototyping 'offensive e-warfare', as well as 'defensive e-warfare'.
5. So my bottom line: Current systems, and not just Windows PCs, probably have substantial unacceptable vulnerabilities. I don't think someone can implement the "WarGames" (movie) scenario, but I do think that the ability to do things like mess with traffic signals or the power grid switching system is real.
The analogy with Y2K is only partly appropriate. There we -knew- when the bad thing could happen, and there was a concerted, very tightly focused effort to prevent it. But some of the scenarios that could have happened with unpatched Y2K software were very well documented and very real.
So as a community we need to consider these kinds of threats, not in the sense of 'fearmongering', but in the sense of "what should be we be doing to (a) prevent, (b) detect, (c) mitigate these kinds of attacks.
dave
Thanks, good point. But other posters here have observed that for most of what you're trying to do, 32 bits is enough.
So if we postulate only 32bit FFTs, I still reassert my question.
dave
With respect to CPUs, I understand that Intel and AMD processors tend to smoke PowerPCs for integer computations, and it's the other way around for floating point calculations, particularly for things that make effective use of AltiVec.
So I'm wondering how this GPU-based (presumably intensively floating-point) approach compares to a PowerPC/AltiVec processor. Anyone got any numbers/analysis?
(This is more than just an academic proposition. Some have challenged a program's transition from PowerPC to Intel for precisely this reason, claiming that their PPC based algorthims wouldn't achieve necessary performance on Intel processors.)
dave
But how much do you have to know about Windows to do this? Mom, Pop and many average users don't have this knowledge, and don't necessarily want to invest in the knowledge.
Seems like a good opportunity for ShareWare: Use that knowledge to generate a list of "everything" that is on the machine, and then allow a check for items to (keep | be removed).
(Or, do what I do, which is stick with Macs and self-assembled clones with generic versions of MS Windoze.)
dave
It seems to me that eMusic sells "by the song", which for classical equates with "by the track"? (I tried to ask this via their on-line 'send us comments' facility, but it wouldn't let me do so without having a valid user ID and associated credit card number.)
So Beethoven's 9th, 4 movements, almost 70 minutes, is $1.00 at $.25/"song", and something like "The Three Ravens", 73 minutes but -29- tracks, would sell for $7.25???
eMusic has a lot of stuff I'm interested in, but I'm not persuaded by their pricing model, especially for the Early Music kinds of things that I want.
On the other hand, if you like long 19th Century works, like Bruckner Symphonies, it's a heluva bargain!
dave