That article doesn't make anysense, it's a bunch of quotes taken out of context. "However Brin left the door open a little. Documents would be easier to work with in the future, he promised, but he didn't think a fat client was the way to go." Doesn't tell us anything. What documents is talking about?
This big "announcement" is not. There is nothing on the sun site or even the press conference that really spells out what's going on. It was an opportunity for McNealy to get some good press next to google. In the press video, they had these stupid posters up listing each of the CEO's achievements over the last few years. Who cares? Especially when it comes to McNealy.
Open Office is most certainly *not* going to be a web based application. My guess is that it will be refitted to be launched by the google toolbar and allow you to use google as a storage area for your documents (do you really want to do that?). That's great that it's free though.
Take the drive, compress your files in an archive to keep them smaller, then encrypt the file with a program. Include on that drive the program that you used to encrypt the file, and the compression program used to compress the file. Make sure the drive is formatted with a cross platform FS as well. For added reliability include other platform versions of the encryption and compression programs.
Waterproofing the flash drive is pretty easy, put it a small sealed container the smaller the better. If you're really paranoid about losing it in water, put the flash drive in a very small container filled with mineral oil or some other inert liquid, seal the container. If your drive goes to any depth, the use of a liquid will prevent water from getting in the container and destroying the drive.
Internet connections are simply not this unstable, at least for a significant number of users
The connections are stable, but the network is not. The variability in speed of DNS, Ping Times, etc. is still very high. Any DNS issue at the client is enought to render a web based application like this useless. Have you used a public access point recently that's free? They are usually slow and frequently have connection issues.
There is the consideration of deployment as well. There is one scenario that this application might perform reasonably well in, and *maybe* have some administrative benefits, the corporate intranet. VPN is notoriously slow so I'm not sure that users would get a decent remote experience, but locally it could be usable.
The "administrative issues" for deploying desktop software though are not, these days. Applications can be pushed out to the client through facilities such as active directory, or file shares (linux/unix). Also, most it people utilize disk images when possible, only in the smallest of offices would you do a manual install.
As far as file formats go - whatever office application for the web is created is not going to somehow magically solve file format interoperability issues. In fact an application like this will likely create more work as two parties would need to negotiate a common format before exchangin files.
Home users might use it if it were free - or very, very cheap. But again, do you really want your word processor to be down just because your cable or dsl connection is on the fritz?
The thing thing that is going to stymie adoption is ubiquitous availability. I think that there will be some serious user acceptance (and management acceptance) issues in the corporate area. Not everyone works at the office, employees travel, and while this might perform very well in the intranet scenario, it's going to be less usable over any type of remote connection. Having a help desk field calls re: i can't get to the word processor will be a nightmare. Ususally software issues are realted to "wierd" misconfigurations that end up being resolved by a re-install or a quick bit of tinkering. These happen on a user by user basis. With a server hosted app such as this - the capacity for lost productivity is high, if the server or connection between is down for any reason it causes a massive loss of productivtiy, we are also not talking about file server level application either, the risk of instability from updates and general use is much higher.
It just doesn't make sense really. Why create a situation where your users are more at risk to be unproductive? Cost? How about 2 hours of everyone's time wasted (over 3 years or so) by not having access to their office application. That alone would be enough to justify purchasing office or installing OpenOffice, so that it would be "always available".
As far as the home user goes, there are already too many things that can go wrong with my computer, no need to add another point of failure.
Thin, web-based clients have been a good idea for a long time
This is a terrible idea (It's also not really thin client).
Here are a couple scenarios: Internet down? OH CRAP, I just lost my work. Internet Down, "Ah, the word processor is down". CRAP I just hit the back button.
Ideas like this can learn a little bit from the emergence and acceptance of services like Vonage. It layers complexity onto a currently reliable system - Vonage customers experience downtime on average 20 minutes a day, usually at peak hours. Can you imagine how mad you would be if your phone stopped working at peak hours? With VoIP we're more tolerant becuase it's more complicated. It would not be the case with Bell South, Verizon, SBC, QWest or any of the other carriers.
The same goes for a web office suite. Adding the requirement of an internet connection to run the software (and not just a dial up connection) introduces reliability issues in an otherwise pretty reliable system. When you have the option of having an always available, stable, fast software suite on your pc, ready to go to work at anytime or the possibility of headaches equivalent to 1998 PC or Mac crashes which is better?
So apart from the fact that your future web enabled office suite is going to be less reliable than your current suite let's consider speed. An SSL'd version of an Ajax app is going to be slow. It will be noticably slow. Basic things like typing will be fine but operations like spell checking, saving loading, any sort of wizard operation. Moving data between the browser and the server is not a fast operation in ajax.
Most of the avionics in aircraft are remarkably simple. The auto pilot is not connected to any internal sensors apart from flight controls and instruments. Most autopilots are only capable of holding an altitude and a heading. Typically they are not connected to the throttle.
Autoland is available for a limited number of airports and has some restrictions that would make it unuseable in adverse weather conditions. There are also no systems in place that could automatically re-route the aircraft and setup an approach to an airport to a suitable runway. There are also no electronic clearance mechanisms that could be used to communicate clearance between the tower and aircraft. All of this is handled by good old radio.
Change is something that happens slowly in the aviation industry, primary because new is Dangerous. The less complicated, and less sophisticated the systems are, the higher the reliability.
I asked my flight instructor why he didn't want to get his rotocraft (helicopter) endorsement his answer was "Too many moving parts". I think that really sums it up.
You see, on the Mac, 64MB of VRAM is considered "ideal" for Quartz 2D Extreme, so the Windows Vista requirements are still 4 times higher.
You are making that up. The apple line contains systems with 32 - 128 mb of VRAM. In addition there are no pages on the apple site that state the "ideal" amount of ram, just the minimum @ 16 MB. Source? Also, the requirements are not 4 times higher.
And now you're trying to make an uneducated extrapolation that Vista's effects will even work in 64MB of VRAM, when the very site you quote only mentions 128MB VRAM and 256MB VRAM. Indeed, to quote from the very first paragraph:
LOL. At least I cite sources. You've made baseless unproven claims. See this link: http://www.microsoft.com/whdc/device/display/graph ics-reqs.mspx. Aero will require 32 mb, and Aero Glass will require 64 mb for minimums. Also, 128 is cited as "recommended" for aero glass.
Apple's requirements are a quarter of what is currently known about Vista's requirements in the video processing capabilities you yourself decided to compare.
Apple's requirements are half of the proposed vista minimums not a quarter.
(And I'm not even going to get into the fact that Vista is still more than a year away, and that what we currently know about it's minimum requirements could very well go up during that time...the fact that you're comparing vaporware to released software that achieves the same ends with less hardware is telling in and of itself).
"Vaporware" - that's why there is a beta out? Last time I checked vaporware applied to a product that has been announced but has no tangible proof of its existance. The minium requirements could change, thanks for restating what I've already said.
What you fail to realize is that at OS X's inital release it's system requirements were significantly higher than XP's. This is why I say that OS X has already "set the bar" if you will, and that for the most part the jump to Vista is not really that drastic in comparison to what Apple has already done. At it's release XP required a video card that will support 800x600 operation and at least 8 mb of video ram if you want to watch DVD's. OS X required double the minimum amount of RAM of XP, the recommended amount was also double of XP as well. It is for these reasons that I use OS X as an example for an OS that has high system requirements.
Have a read. 256 is "ideal". 128 is "better" which would indicate that 64 is not out of the running as a minimum. the ati radeon 9600, a near univeral chip ships at 128 (in your beloved G5 no less LOL) and 256 . You can also get the 256 model for 75 bucks. What's the problem? If you had to ask apple what the "ideal" GPU requirements for the OS were, what do you think they would say? There is also no way of knowing how well it will perform until it's released. Nigel is the only source of information that we have on GPU requirements. But to put all of this squarely against your statement: Microsoft is requiring nothing of you as a user. You don't need to upgrade if you don't want to buy a new graphics card. Nor is there any indication that if you did upgrade you would be "required" to go out and buy a video card with 256 mb ram.
Considering the processing demands of something like, *cough* Windows Vista, its important to be able to keep your computer cool without it getting loud."
There have been a number of posts in recent weeks that have been all/cry/moan/sob about Vista's requirements.
High computing requirements are a fact of life when you have an operating system that has a fully abstracted graphics layer (OS X comes to mind). No doubt Vista will be "borrowing" the quartz architecture. From Apple's site "Quartz Extreme functionality is supported by the following video GPUs: NVIDIA GeForce2 MX and later, or any AGP-based ATI RADEON GPU. A minimum of 16MB VRAM is required."
I don't read anything about people complaining that their G4 or G5 requires a dedicated GPU and very fast processor to run OS X. Apple has made their hardware such a black box that no one really notices that the hardware is generally several steps above the PC realm in terms of performance (though you wouldn't always know it). Microsoft is moving in a similar direction, though I'm sure that even thouse of us with integrated intel graphics cards will have a reasonable experience.
The funny thing is Mac users have had these hardware requirements (and cost) for over 4 years now.
Needless to say it's not sitting between my servers and internet connection anymore, LOL. If anyone wants more deets, I'd be happy to provide firmware and more detailed model info.
As I said, I don't know for a fact that they are not signed. Although the file is a simple bin file - there apprears to be no sort of signing going on. Even if they are signed, then there is code on the router that would allow a would be attacker to falsify such a signature.
Beyond all of that, there are times when you say "this is high quality software" and there are other times that you say "this is shite". I would have to say that it looks like shite. For example, I could browse web screens that had been disabled or hidden after logging in. An example - the provisioning screens even though my router hadn't been provisioned.
The point that I was trying to make was that Vonage owns the router. They were not very clear about that, but Vonage has the abilty to monitor/redirect/or record every packet and piece of information that goes through that router if they so desire. More importantly, they can do so if they were asked by a 3rd party, *cough* Homeland Security and they can make it happen in 24 hours.
Thus, all of this talk about mandates and such is silly because one of the largest VoIP providers in the U.S. is already equipping their customers with hardware that makes this sort of eavesdropping as trivial as TFTP.
A few weeks ago while on vacation I bought a Linksys wrtp54g router from Radio Shack. It is touted as a two line VoIP router that is compatible with vonage. It seemed like what I needed at the time, a g capable wireless router that wouldn't crash like my old netgear.
I set it up - and it's been running quite well for a month now. I noticed though, that I could SSH to it. What was curious was the fact that i couldn't login. I used the "administrative" login, but it didn't work. I also tried the other default passwords - with no luck. This made me wonder who infact had the password and could login to the router. I wasn't too worried about it. Until today.
I've been trying to get inbound PPTP VPN working, and it hangs at "Verfiying Username and Password..." only to return error 721. Indeed it would seem that inbound GRE forwarding doesn't work. So I thought to myself, I'll just get a firmware update and everything will be happy. The question was "Where is the firmware?". It's not on linksys's site. I come to find that Vonage controls the firmware for this router. I've also found that it's not easy to get through proper channels. Also, it seems to not flash when the router is not in a "provisioned" state.
This is where things get really interesting. It would seem that Vonage has complete control over the router. There are a number of default passwords that can be accessed, but not changed through the various interfaces. It would also seem that there is a bit of "phoning home" going on. Some of the firmware versions have automatic update installed allowing them to download the latest version via TFTP.
Now that's an interesting topic. From my reading, the updates are not encrypted nor are they transmitted over a secure connection. There seems to be no verification of the contents of the firmware file. Let's go out on a limb for a moment and say that the update server is compromised and a compromised update is placed on the server. The update is then automatically, with no verification or intervention, downloaded and installed on all of the vonage routers that have been provisioned.
The result: *PWND*. Every last router.
This is terrible. Not only is it terrible, there is absolutely nothing on the box, or in the literature that says that this router is programatically connected to Vonage. There is absolutely no warning that there is even a *chance* that Vonage, could for example install various utilities or wares on your router at their discretion.
This device should not be sold in stores. It should be shipped by Vonage to end customers who agree and ackknowledge that they are giving up control of what goes in and out of their network.
They said from the very beginning - this is not a palmtop notebook. It's a low-power digital memo pad/calendar.
And that is why they failed. It took way to long to get a connected version of the organizer. People "got" the first version of the palm. Then they wanted more. Palm continuted to deliver the same unconnected, unsophisticated device well past 2001. The cellphone version of the Treo is also very expenisve.
You might have missed my point entirely. It's not just about brackets. When I talk about standards I mean that there should be a consistant agreed upon way of approaching code, line by line, class, interface, module, and subsystem construction. Consistancy is vitally important to the success and longevity of applications. It's also about readablity - consistancy of the code base from method structure to the way that methods, classes and events are used. There should be an agreed upon method for all of these within the context of any development project or orgainzation. Not having said methods in places increases the time it takes other developers to understand the code that's written and in some cases may lead to structral incompatibilities e.g. One developer prefers interfaces over inheritance. It's also generally better to get agreement from the developers about how they want to work - it's not about shoving standards down everyone's throat. Standards are also great for new programmers that don't know any better. Setting them on a path that works for everyone is a Good Thing. As far as documentation goes - standard API documentation is important especially in larger teams. It's not a lot to ask to structure comments in an appropriate format. Most of the auto doc syntaxes are simple as well. The problem with MS and what that article points to is that the messed up code base is a result of lack of control of developement - all the way around. Did you ever look at the code base for NT? It's a "mess". Nothing is done in consistant way - it's difficult to understand. This sort of code is a result of lack of technical leadership. Longhorn was scrapped not because brackets were in the wrong place but becuase of a lack of architectural leadership. It arguably more difficult to exercise this kind of control but it just goes along with my previous statements. Not only that but MS's plight highlights quite nicely why this sort of leadership should be instituted in a large development environment.
I agree. I'm not saying that you should comment the hell out of things, just that along with writing clear consistent code (after all, it's what is doing the work) it's important to say what a method, function or object is for, especially if it is not toatally obvious. In the end the code should "speak for itself" but when someone doesn't have the source... well you need to be moderately descriptive.
That's just silly Leeeeeroyy. Would you have your team of 10 programmers also code in whatever style they please? Um - no? Standards are part of the development process from coding, db design and yes, even comments. It's not the developers choice to comment their code. They do it because they are told to do it, and it's their forking job. If they don't do it, ya FIAED. Plus any developer worth his salt comments when he has to work with other programmers. As far as comment formats - if you work with a decent IDE such as eclipse or VS.NET there are a couple de facto formats for comments out there. Code documentation and auto generation at an API level is very useful and it is simply one of a number of tools that you can use to maintain visibility into your code base. To say otherwise is well, just silly.
Yes, Apache is everywhere, exploit-free. So are lots and lots of other binaries. It's only when you compare Apache to IIS 4/5 that it's really such a perfect example.
No it's not. Compare Apache to IIS 6/5. That's a more equal comparison. IIS 6 has a stellar security record and it's been available for 2 years now. IIS 5 has also gotten a lot of the bugs worked out.
I'm a knowledgeable user as well and I've never (knock on wood) been hit by an IE flaw. In the end, it's not about the user, it's about the software. If Firefox is to tbe the alternative, then it better be better than what's currently out there.
No - why does APACHE not SHIP with a got damn GUI for configuration? I don't want to download some 3rd party GUI for the httpd.conf file. I want apache to maintain their own. Every other vendor in the "real world" provides these kinds of wares for their prodcuts.
Slashdot Mirror
"I end up with the spare parts that they don't want"
Get rid of them?
LOL
That article doesn't make anysense, it's a bunch of quotes taken out of context. "However Brin left the door open a little. Documents would be easier to work with in the future, he promised, but he didn't think a fat client was the way to go." Doesn't tell us anything. What documents is talking about?
This big "announcement" is not. There is nothing on the sun site or even the press conference that really spells out what's going on. It was an opportunity for McNealy to get some good press next to google. In the press video, they had these stupid posters up listing each of the CEO's achievements over the last few years. Who cares? Especially when it comes to McNealy.
Pretty lame if you ask me.
How well an OSS product fares as a closed source product. Bets are on: better or worse a year from now?
Open Office is most certainly *not* going to be a web based application. My guess is that it will be refitted to be launched by the google toolbar and allow you to use google as a storage area for your documents (do you really want to do that?). That's great that it's free though.
There is no war here, move along.
Take the drive, compress your files in an archive to keep them smaller, then encrypt the file with a program. Include on that drive the program that you used to encrypt the file, and the compression program used to compress the file. Make sure the drive is formatted with a cross platform FS as well. For added reliability include other platform versions of the encryption and compression programs.
Waterproofing the flash drive is pretty easy, put it a small sealed container the smaller the better. If you're really paranoid about losing it in water, put the flash drive in a very small container filled with mineral oil or some other inert liquid, seal the container. If your drive goes to any depth, the use of a liquid will prevent water from getting in the container and destroying the drive.
Internet connections are simply not this unstable, at least for a significant number of users
The connections are stable, but the network is not. The variability in speed of DNS, Ping Times, etc. is still very high. Any DNS issue at the client is enought to render a web based application like this useless. Have you used a public access point recently that's free? They are usually slow and frequently have connection issues.
There is the consideration of deployment as well. There is one scenario that this application might perform reasonably well in, and *maybe* have some administrative benefits, the corporate intranet. VPN is notoriously slow so I'm not sure that users would get a decent remote experience, but locally it could be usable.
The "administrative issues" for deploying desktop software though are not, these days. Applications can be pushed out to the client through facilities such as active directory, or file shares (linux/unix). Also, most it people utilize disk images when possible, only in the smallest of offices would you do a manual install.
As far as file formats go - whatever office application for the web is created is not going to somehow magically solve file format interoperability issues. In fact an application like this will likely create more work as two parties would need to negotiate a common format before exchangin files.
Home users might use it if it were free - or very, very cheap. But again, do you really want your word processor to be down just because your cable or dsl connection is on the fritz?
The thing thing that is going to stymie adoption is ubiquitous availability. I think that there will be some serious user acceptance (and management acceptance) issues in the corporate area. Not everyone works at the office, employees travel, and while this might perform very well in the intranet scenario, it's going to be less usable over any type of remote connection. Having a help desk field calls re: i can't get to the word processor will be a nightmare. Ususally software issues are realted to "wierd" misconfigurations that end up being resolved by a re-install or a quick bit of tinkering. These happen on a user by user basis. With a server hosted app such as this - the capacity for lost productivity is high, if the server or connection between is down for any reason it causes a massive loss of productivtiy, we are also not talking about file server level application either, the risk of instability from updates and general use is much higher.
It just doesn't make sense really. Why create a situation where your users are more at risk to be unproductive? Cost? How about 2 hours of everyone's time wasted (over 3 years or so) by not having access to their office application. That alone would be enough to justify purchasing office or installing OpenOffice, so that it would be "always available".
As far as the home user goes, there are already too many things that can go wrong with my computer, no need to add another point of failure.
Thin, web-based clients have been a good idea for a long time
This is a terrible idea (It's also not really thin client).
Here are a couple scenarios: Internet down? OH CRAP, I just lost my work. Internet Down, "Ah, the word processor is down". CRAP I just hit the back button.
Ideas like this can learn a little bit from the emergence and acceptance of services like Vonage. It layers complexity onto a currently reliable system - Vonage customers experience downtime on average 20 minutes a day, usually at peak hours. Can you imagine how mad you would be if your phone stopped working at peak hours? With VoIP we're more tolerant becuase it's more complicated. It would not be the case with Bell South, Verizon, SBC, QWest or any of the other carriers.
The same goes for a web office suite. Adding the requirement of an internet connection to run the software (and not just a dial up connection) introduces reliability issues in an otherwise pretty reliable system. When you have the option of having an always available, stable, fast software suite on your pc, ready to go to work at anytime or the possibility of headaches equivalent to 1998 PC or Mac crashes which is better?
So apart from the fact that your future web enabled office suite is going to be less reliable than your current suite let's consider speed. An SSL'd version of an Ajax app is going to be slow. It will be noticably slow. Basic things like typing will be fine but operations like spell checking, saving loading, any sort of wizard operation. Moving data between the browser and the server is not a fast operation in ajax.
Why make it more complicated than it needs to be?
Most of the avionics in aircraft are remarkably simple. The auto pilot is not connected to any internal sensors apart from flight controls and instruments. Most autopilots are only capable of holding an altitude and a heading. Typically they are not connected to the throttle.
Autoland is available for a limited number of airports and has some restrictions that would make it unuseable in adverse weather conditions. There are also no systems in place that could automatically re-route the aircraft and setup an approach to an airport to a suitable runway. There are also no electronic clearance mechanisms that could be used to communicate clearance between the tower and aircraft. All of this is handled by good old radio.
Change is something that happens slowly in the aviation industry, primary because new is Dangerous. The less complicated, and less sophisticated the systems are, the higher the reliability.
I asked my flight instructor why he didn't want to get his rotocraft (helicopter) endorsement his answer was "Too many moving parts". I think that really sums it up.
You see, on the Mac, 64MB of VRAM is considered "ideal" for Quartz 2D Extreme, so the Windows Vista requirements are still 4 times higher.
h ics-reqs.mspx. Aero will require 32 mb, and Aero Glass will require 64 mb for minimums. Also, 128 is cited as "recommended" for aero glass.
You are making that up. The apple line contains systems with 32 - 128 mb of VRAM. In addition there are no pages on the apple site that state the "ideal" amount of ram, just the minimum @ 16 MB. Source? Also, the requirements are not 4 times higher.
And now you're trying to make an uneducated extrapolation that Vista's effects will even work in 64MB of VRAM, when the very site you quote only mentions 128MB VRAM and 256MB VRAM. Indeed, to quote from the very first paragraph:
LOL. At least I cite sources. You've made baseless unproven claims. See this link: http://www.microsoft.com/whdc/device/display/grap
Apple's requirements are a quarter of what is currently known about Vista's requirements in the video processing capabilities you yourself
decided to compare.
Apple's requirements are half of the proposed vista minimums not a quarter.
(And I'm not even going to get into the fact that Vista is still more than a year away, and that what we currently know about it's minimum requirements could very well go up during that time...the fact that you're comparing vaporware to released software that achieves the same ends with less hardware is telling in and of itself).
"Vaporware" - that's why there is a beta out? Last time I checked vaporware applied to a product that has been announced but has no tangible proof of its existance. The minium requirements could change, thanks for restating what I've already said.
What you fail to realize is that at OS X's inital release it's system requirements were significantly higher than XP's. This is why I say that OS X has already "set the bar" if you will, and that for the most part the jump to Vista is not really that drastic in comparison to what Apple has already done. At it's release XP required a video card that will support 800x600 operation and at least 8 mb of video ram if you want to watch DVD's. OS X required double the minimum amount of RAM of XP, the recommended amount was also double of XP as well. It is for these reasons that I use OS X as an example for an OS that has high system requirements.
The size statements are independent. Better does not modify ideal.
"Am I high?" No.
http://www.daniweb.com/blogs/entry360.html
Have a read. 256 is "ideal". 128 is "better" which would indicate that 64 is not out of the running as a minimum. the ati radeon 9600, a near univeral chip ships at 128 (in your beloved G5 no less LOL) and 256 . You can also get the 256 model for 75 bucks. What's the problem? If you had to ask apple what the "ideal" GPU requirements for the OS were, what do you think they would say? There is also no way of knowing how well it will perform until it's released. Nigel is the only source of information that we have on GPU requirements. But to put all of this squarely against your statement: Microsoft is requiring nothing of you as a user. You don't need to upgrade if you don't want to buy a new graphics card. Nor is there any indication that if you did upgrade you would be "required" to go out and buy a video card with 256 mb ram.
Oh yes - all those comments about the accounting system and web servers running linux were from the MS playbook.
Considering the processing demands of something like, *cough* Windows Vista, its important to be able to keep your computer cool without it getting loud."
/cry /moan /sob about Vista's requirements.
There have been a number of posts in recent weeks that have been all
High computing requirements are a fact of life when you have an operating system that has a fully abstracted graphics layer (OS X comes to mind). No doubt Vista will be "borrowing" the quartz architecture. From Apple's site "Quartz Extreme functionality is supported by the following video GPUs: NVIDIA GeForce2 MX and later, or any AGP-based ATI RADEON GPU. A minimum of 16MB VRAM is required."
I don't read anything about people complaining that their G4 or G5 requires a dedicated GPU and very fast processor to run OS X. Apple has made their hardware such a black box that no one really notices that the hardware is generally several steps above the PC realm in terms of performance (though you wouldn't always know it). Microsoft is moving in a similar direction, though I'm sure that even thouse of us with integrated intel graphics cards will have a reasonable experience.
The funny thing is Mac users have had these hardware requirements (and cost) for over 4 years now.
Needless to say it's not sitting between my servers and internet connection anymore, LOL. If anyone wants more deets, I'd be happy to provide firmware and more detailed model info.
As I said, I don't know for a fact that they are not signed. Although the file is a simple bin file - there apprears to be no sort of signing going on. Even if they are signed, then there is code on the router that would allow a would be attacker to falsify such a signature.
Beyond all of that, there are times when you say "this is high quality software" and there are other times that you say "this is shite". I would have to say that it looks like shite. For example, I could browse web screens that had been disabled or hidden after logging in. An example - the provisioning screens even though my router hadn't been provisioned.
The point that I was trying to make was that Vonage owns the router. They were not very clear about that, but Vonage has the abilty to monitor/redirect/or record every packet and piece of information that goes through that router if they so desire. More importantly, they can do so if they were asked by a 3rd party, *cough* Homeland Security and they can make it happen in 24 hours.
Thus, all of this talk about mandates and such is silly because one of the largest VoIP providers in the U.S. is already equipping their customers with hardware that makes this sort of eavesdropping as trivial as TFTP.
Something I wrote a few months ago:
A few weeks ago while on vacation I bought a Linksys wrtp54g router from Radio Shack. It is touted as a two line VoIP router that is compatible with vonage. It seemed like what I needed at the time, a g capable wireless router that wouldn't crash like my old netgear.
I set it up - and it's been running quite well for a month now. I noticed though, that I could SSH to it. What was curious was the fact that i couldn't login. I used the "administrative" login, but it didn't work. I also tried the other default passwords - with no luck. This made me wonder who infact had the password and could login to the router. I wasn't too worried about it. Until today.
I've been trying to get inbound PPTP VPN working, and it hangs at "Verfiying Username and Password..." only to return error 721. Indeed it would seem that inbound GRE forwarding doesn't work. So I thought to myself, I'll just get a firmware update and everything will be happy. The question was "Where is the firmware?". It's not on linksys's site. I come to find that Vonage controls the firmware for this router. I've also found that it's not easy to get through proper channels. Also, it seems to not flash when the router is not in a "provisioned" state.
This is where things get really interesting. It would seem that Vonage has complete control over the router. There are a number of default passwords that can be accessed, but not changed through the various interfaces. It would also seem that there is a bit of "phoning home" going on. Some of the firmware versions have automatic update installed allowing them to download the latest version via TFTP.
Now that's an interesting topic. From my reading, the updates are not encrypted nor are they transmitted over a secure connection. There seems to be no verification of the contents of the firmware file. Let's go out on a limb for a moment and say that the update server is compromised and a compromised update is placed on the server. The update is then automatically, with no verification or intervention, downloaded and installed on all of the vonage routers that have been provisioned.
The result: *PWND*. Every last router.
This is terrible. Not only is it terrible, there is absolutely nothing on the box, or in the literature that says that this router is programatically connected to Vonage. There is absolutely no warning that there is even a *chance* that Vonage, could for example install various utilities or wares on your router at their discretion.
This device should not be sold in stores. It should be shipped by Vonage to end customers who agree and ackknowledge that they are giving up control of what goes in and out of their network.
Now it's time to do something about it.
They said from the very beginning - this is not a palmtop notebook. It's a low-power digital memo pad/calendar.
And that is why they failed. It took way to long to get a connected version of the organizer. People "got" the first version of the palm. Then they wanted more. Palm continuted to deliver the same unconnected, unsophisticated device well past 2001. The cellphone version of the Treo is also very expenisve.
You might have missed my point entirely. It's not just about brackets. When I talk about standards I mean that there should be a consistant agreed upon way of approaching code, line by line, class, interface, module, and subsystem construction. Consistancy is vitally important to the success and longevity of applications. It's also about readablity - consistancy of the code base from method structure to the way that methods, classes and events are used. There should be an agreed upon method for all of these within the context of any development project or orgainzation. Not having said methods in places increases the time it takes other developers to understand the code that's written and in some cases may lead to structral incompatibilities e.g. One developer prefers interfaces over inheritance.
It's also generally better to get agreement from the developers about how they want to work - it's not about shoving standards down everyone's throat. Standards are also great for new programmers that don't know any better. Setting them on a path that works for everyone is a Good Thing. As far as documentation goes - standard API documentation is important especially in larger teams. It's not a lot to ask to structure comments in an appropriate format. Most of the auto doc syntaxes are simple as well.
The problem with MS and what that article points to is that the messed up code base is a result of lack of control of developement - all the way around. Did you ever look at the code base for NT? It's a "mess". Nothing is done in consistant way - it's difficult to understand. This sort of code is a result of lack of technical leadership. Longhorn was scrapped not because brackets were in the wrong place but becuase of a lack of architectural leadership. It arguably more difficult to exercise this kind of control but it just goes along with my previous statements. Not only that but MS's plight highlights quite nicely why this sort of leadership should be instituted in a large development environment.
Bit tech doesn't seem to have done their homework. Their numbers are really out of whack in comparison to everyone else.
AuMatar,
9 448,00.html?mod=todays_us_page_one
This, is why you are incorrect.
http://online.wsj.com/article/0,,SB11274368032834
Philosophies such as yours don't scale. Period.
I agree. I'm not saying that you should comment the hell out of things, just that along with writing clear consistent code (after all, it's what is doing the work) it's important to say what a method, function or object is for, especially if it is not toatally obvious. In the end the code should "speak for itself" but when someone doesn't have the source... well you need to be moderately descriptive.
That's just silly Leeeeeroyy. Would you have your team of 10 programmers also code in whatever style they please? Um - no? Standards are part of the development process from coding, db design and yes, even comments. It's not the developers choice to comment their code. They do it because they are told to do it, and it's their forking job. If they don't do it, ya FIAED. Plus any developer worth his salt comments when he has to work with other programmers. As far as comment formats - if you work with a decent IDE such as eclipse or VS.NET there are a couple de facto formats for comments out there. Code documentation and auto generation at an API level is very useful and it is simply one of a number of tools that you can use to maintain visibility into your code base. To say otherwise is well, just silly.
Yes, Apache is everywhere, exploit-free. So are lots and lots of other binaries. It's only when you compare Apache to IIS 4/5 that it's really such a perfect example.
No it's not. Compare Apache to IIS 6/5. That's a more equal comparison. IIS 6 has a stellar security record and it's been available for 2 years now. IIS 5 has also gotten a lot of the bugs worked out.
I'm a knowledgeable user as well and I've never (knock on wood) been hit by an IE flaw. In the end, it's not about the user, it's about the software. If Firefox is to tbe the alternative, then it better be better than what's currently out there.
Then at least make the config file pretty :-)
Does it sound like I'm f&^( brain dead?
No - why does APACHE not SHIP with a got damn GUI for configuration? I don't want to download some 3rd party GUI for the httpd.conf file. I want apache to maintain their own. Every other vendor in the "real world" provides these kinds of wares for their prodcuts.