You want me to get a fucking license to program and toady up to a bunch of self-important people on the "Board of Professional Programmers" in order to practice my profession?
Yes. What makes you so special? I'll bet dollars to donuts you're no smarter than the average PEng or MIEE or MD. And, I'll place a side bet that you think that you are.
leave the strangling over-regulation and "professionalism" to fields which are pretty much mature, static, and stagnant... though perhaps that's the _reason_ they're stagnant.
I'd hardly call medical science "stagnant" - in fact, bioinformatics is likely to be a growth area in IT. Or engineering for that matter, a far more innovative and dynamic field than software. Computer geeks salivate over, say, nanotech, but mechanical engineers are making it happen.
IF THEY WON'T SHOW YOU THE SOURCE CODE, THERE IS OBVIOUSLY SOMETHING WRONG WITH IT! OTHERWISE THEY WOULD NOT FEEL THE NEED TO HIDE IT FROM YOU!
Sorry, but this argument holds no water and you are doing a disservice to Open Source by propagating it. It is equivalent to saying "if you are doing nothing illegal, why don't you let the government track your movements via an electronic tag, otherwise obviously you have something to hide".
If Microsoft were liable for the damages caused by the worms such as MSBlaster and Slammer because their software was vulnerable, don't you think their culture would change very rapidly?
Well, given that Microsoft had released patches for both of the vulnerabilities exploited by those two viruses long before the viruses were ever released, I'm not sure it even should be liable. Nothing helps if the sysadmins don't stay on top of things.
I'm an MEng and I've still written programs that crash... so have you.
Sure, it wouldn't be a perfect system - but it would better than the situation we have now, where no-one is willing to take responsibility for quality. A strong professional body for granting certified status, backed by a public unwillingness to buy software that didn't have a signature on it from a qualified engineer (maybe in turn backed by a law that some software must be signed off to be sold to the public) would work wonders.
If a software program is poorly designed, it crashes, Joe User restarts his machine and goes on with his life. He doesn't even bother to investigate what caused the crash because it happens so often.
But it is possible to write reliable software. Aircraft, for example, run on extremely reliable software. The way it works in civil engineering is, if you can't get a CEng to sign off on the plans, you can't go ahead with the project. A CEng won't sign unless he's sure, because if it fails, he's responsible and he'll likely never work again. The fact that he's an employee is neither here nor there, he answers to the ICE, not the company. A similar approach could be taken with software - make the senior programmer on a team personally responsible, and give them the authority - independant of the company employing them - to say yes or no.
You know, I didn't waste much of my time reading your inane ramble but I read the first line and that was enough to know you had no idea what you're talking about. For reference, I'm a leftist libertarian and complaining about exploitative labor in other countries is very well within my political philosophy.
Firstly, programmers in India are emphatically not "exploited". The USD.INR exchange rate is such that a relatively small amount of dollars (say $15,000) corresponds to a very generous annual salary. A programmer in India on that much would easily count as middle class, it would buy more than a salary of $75,000 in most US cities.
Secondly, libertarianism is about a hands-off policy from government, leaving individuals to do as they please so long as they aren't harming one another. Leftism is about the state taking ownership and control. The two are mutually contradictory. There is a word for what you are and it is "syndicalist". Go look it up in a political theory textbook. I know this because my uncle is one:-)
However, I happened to have a problem with a Netgear router, and I was transferred to a bunch of thick-accented tech support people who were fairly obviously in India. What was clear after talking to them is that it was very hard to be understood, and I think it would be even worse if I had to communicate to them about a difficult software project.
I had exactly the same experience with Netgear. Sure their stuff is cheap, but you're screwed when things go wrong. Next time, I'll pay the extra for Alteon or Juniper or something. Last time I dealt with Alteon they had a lot of Russian PhDs running around, but they all spoke great English.
Regulation is not the answer - professionalism is. The government has oversight over the construction industry for example, but engineers are accredited and the profession is run day-to-day but the professional institution, in the UK this is the Institute of Civil Engineers. Same in medicine, the government oversees, but day to day regulation rests with the BMA, the British Medical Association, and doctors answer to them. Same with lawyers, accountants, investment bankers... even lifeguards and hairdressers have professional bodies.
Software development needs to become more like engineering, and software developers should be required to take a qualification like CEng (UK) or PEng (US) in order to work in positions of authority and responsibility. Remember that engineering is about public safety - bridges don't often collapse, buildings don't often topple, and that's all because the people designing them have been certified by independant bodies. Programmers of safety-critical systems are already often required to be certified by the relevant body, usually that of the electrical engineers.
It never ceases to amaze me the assumptions a person will make about another person after reading only two sentences.
Yeah, the freaks are out in force on this thread. Lots of people crying that, despite plenty of evidence the the contrary, Unix is perfectly secure and always has been. Don't let it bother you.
If you don't know the answer to something simple like this, why in the hell do you think your are qualified to make any usefull comment concerning UNIX and security?
Oh, I know the theory - that Unix machines were big and expensive, and the only people you could trust were the sysadmins, because they were trusted in turn by the owners of the computers, and therefore you could trust any process listening on a low-numbered port. Unfortunately, while that probably sounded great in the lab, it didn't work in the real world. Compromise one root-owned process, you've compromised everything. That's why it accomplished nothing.
If, from day 1, BIND had been running as the bind user, fingerd as the finger user, sendmail as the mail user, etc, an entire class of Unix security breaches simply wouldn't have happened. But no, Unix security philosophy meant that all those processes were root-owned.
Before running your mouth, try searching the CERT of Bugtraq (if you've even heard of those) archives for BIND and sendmail. You might get a nasty surprise when you realize that historically, Unix hasn't held up to attack too well. And in case you're wondering where I'm coming from, also search those archives for breaches on VMS - here's a hint, there aren't many.
The truth is, every other mainstream OS has solved the security problem better than Microsoft. Most other OSes, especially *nix ones, have a philosophy of least privelege
Actually, security was added to Unix as an afterthought. You talk about least privilege, but most Unix systems have exactly two privilege levels: user and superuser. And no ACLs on the filesystem either. At least with Windows, there really is seperation of privilege; someone can be a printer administrator without the privilege to set the system clock, for example. It only needs a competent admin to set it up.
As an example of Unix security philosophy, consider the idea that only root-owned processes could bind to ports below 1024. Exactly what does that accomplish? Nothing useful, and it's directly responsible for all the sendmail and BIND exploits there have been over the years. So much for the "Unix way".
There's an old saying about people who live in glass houses.
This is a ~10 year old vulnerability in DCOM. Corporate neglagence is still a crime. and Corporations are Individuals, therefore Microsoft, Inc. Should be incarcerated.
1) Microsoft issued a patch over a month before MSBLAST was deployed in the wild. No competent sysadmin was bothered by this "virus" in the slightest. If a doctor offers you a vaccine for free and you decline, can you blame him if you are later taken ill?
2) Who do you expect to carry the can for all the sendmail and BIND exploits there've been over the years? Linux isn't a corporation so how about Linus himself? After all, it's his fault there's an executable stack.
These copies are "counterfeit" in the sense that they aren't legitimate copies from Symantec, but they do in fact allow you to update your virus definition.
Not having one of these counterfeits, I can neither confirm or deny this. And if you were a little surer of your position, you'd have no need to be anonymous.
A USB or Firewire external drive would store far more data and could be rotated offsite.
You never use a device like a HD for backing up critical data.
You see, tapes themselves are pretty robust, the thing that is most likely to fail is the tape drive - which can easily be replaced. If a HD fails, what are you going to do, transplant the platters onto a new spindle? *LOL*
How would product activation protect users? Piracy prevention only protects symantec.
Because Symantec's product relies on regular updates of virus definitions from Symantec. I assume - tho' I have not checked - that Symantec requires some form of authentication for this, after all, they sell subscriptions and that's what pays for the database to be kept up to date. Counterfeit copies of the product will be unable to access these updates, lulling users into a false sense of security. Everyone loses - Symantec lose because they don't get the money, the user loses because they paid for a counterfeit. The only one who benefits is the pirate.
Ah, the old "ad hominem" attack. Don't worry if you don't know what that means. You attack the messenger because you can't fault the message.
Reiserfs is trying to innovate filesystem semantics, finally hoping to provide relational structure ACID capabilities and what not, like a dynamically-typed database.
What does ReiserFS have that NTFS hasn't had for a decade? Or that VMS didn't have since the late 70s? My point stands.
Patents in general are entirely anti-capitalistic devices. Their primary purpose is to inhibit competition, by making it illegal to compete.
I don't know where you got that idea - certainly not any of the statute books. In fact, you just made it up. The purpose of patents is to encourage investment in research by providing 1) a mechanism by which a return may be earned on that investment and 2) a mechanism by which organizations and individuals are encouraged to do research rather than wait for someone else to do it then copy it.
Look around the Open Source world. Just the other day, there was a story here in Slashdot boasting about how GNUmeric now had some features of Excel. You see what's happening here? The Open Source community does not innovate - it sees a commercially developed idea then copies it - for the express purpose of hurting the original developer. That's why the Open Source community is anti-patent.
So how long before Microsoft chanages Excel to be totally incompatable with their old file format and/or functionality, just to screw the open source community yet again?
The data in an office file is a persisted COM object wrapped in a pseudo-filesystem. The format does not change as part of a deliberate obfuscation effort (altho' equally, no effort is expended to make it familiar), its changes are merely a result of the classes that represent the document in memory having features added, and the internal representation of data changing.
Saying that MS changes the format purely to confound the open source community is just paranoid raving.
As a businessman, when you lower your cost base you *don't* cut your prices unless you have some cutthroat[1] competition who is already kicking your arse on price.
Few businesses are more competitive than consumer retail. Just ask the ubiquitous K-mart. Oh wait, you can't, Wal*mart drove them to the wall, they don't exist any more.
By using an obviously cracked exe, the chances are that I'd be assumed to be a pirate even though I am innocently trying to exercise my fair use rights. To take it a step further, what if the publisher is a member of the BSA?
Then you or your lawyer says "Your Honour, exhibit A, an original CD, exhibit B, a receipt from Best Buy for said CD, please note that my client's credit card details are clearly visible on said receipt".
The judge turns to the BSA and says "if you ever bother me with your bullshit cases again, I'll have your sorry ass slung in jail for wasting the court's time".
People are pissy, because MS bitched and bitched for AOL to open thier IM service, and preached about an open IM standard.
Actually, as of version 4.7 of the client, MSN Messenger supports SIP, which is an open standard for point-to-point communication that has widespread support in the telco industry, for example it's used in IP phones. Jabber is a nice idea, but let's be honest, it doesn't have the industry support that SIP does.
This is nothing to do with protocols and standards, it's to do with who uses a service that Microsoft pays for. Would you allow anyone to walk in off the street and make calls on your phone?
It's not that people are stupid. That's an incredible arrogant and geek centric way to look at it.
Absolutely correct. In addition, I have observed that the ones who trot out the "users are stupid" line are the ones who haven't written a line of kernel code in their lives. Real engineers understand that the end users are the whole point of what they do.
My guess is that someone at Microsoft is waiting for people to forget about it so that they can re-introduce and patent the embraced, extended version for patch downloads.
Microsoft already has a new technique for downloading things. It's far smarter than most other transfer methods, since it can sense in real time how much bandwidth you need interactively and adjust its speed to only use the spare capacity.
Slashdot Mirror
You want me to get a fucking license to program and toady up to a bunch of self-important people on the "Board of Professional Programmers" in order to practice my profession?
Yes. What makes you so special? I'll bet dollars to donuts you're no smarter than the average PEng or MIEE or MD. And, I'll place a side bet that you think that you are.
leave the strangling over-regulation and "professionalism" to fields which are pretty much mature, static, and stagnant... though perhaps that's the _reason_ they're stagnant.
I'd hardly call medical science "stagnant" - in fact, bioinformatics is likely to be a growth area in IT. Or engineering for that matter, a far more innovative and dynamic field than software. Computer geeks salivate over, say, nanotech, but mechanical engineers are making it happen.
IF THEY WON'T SHOW YOU THE SOURCE CODE, THERE IS OBVIOUSLY SOMETHING WRONG WITH IT! OTHERWISE THEY WOULD NOT FEEL THE NEED TO HIDE IT FROM YOU!
Sorry, but this argument holds no water and you are doing a disservice to Open Source by propagating it. It is equivalent to saying "if you are doing nothing illegal, why don't you let the government track your movements via an electronic tag, otherwise obviously you have something to hide".
If Microsoft were liable for the damages caused by the worms such as MSBlaster and Slammer because their software was vulnerable, don't you think their culture would change very rapidly?
Well, given that Microsoft had released patches for both of the vulnerabilities exploited by those two viruses long before the viruses were ever released, I'm not sure it even should be liable. Nothing helps if the sysadmins don't stay on top of things.
I'm an MEng and I've still written programs that crash... so have you.
Sure, it wouldn't be a perfect system - but it would better than the situation we have now, where no-one is willing to take responsibility for quality. A strong professional body for granting certified status, backed by a public unwillingness to buy software that didn't have a signature on it from a qualified engineer (maybe in turn backed by a law that some software must be signed off to be sold to the public) would work wonders.
If a software program is poorly designed, it crashes, Joe User restarts his machine and goes on with his life. He doesn't even bother to investigate what caused the crash because it happens so often.
But it is possible to write reliable software. Aircraft, for example, run on extremely reliable software. The way it works in civil engineering is, if you can't get a CEng to sign off on the plans, you can't go ahead with the project. A CEng won't sign unless he's sure, because if it fails, he's responsible and he'll likely never work again. The fact that he's an employee is neither here nor there, he answers to the ICE, not the company. A similar approach could be taken with software - make the senior programmer on a team personally responsible, and give them the authority - independant of the company employing them - to say yes or no.
You know, I didn't waste much of my time reading your inane ramble but I read the first line and that was enough to know you had no idea what you're talking about. For reference, I'm a leftist libertarian and complaining about exploitative labor in other countries is very well within my political philosophy.
:-)
Firstly, programmers in India are emphatically not "exploited". The USD.INR exchange rate is such that a relatively small amount of dollars (say $15,000) corresponds to a very generous annual salary. A programmer in India on that much would easily count as middle class, it would buy more than a salary of $75,000 in most US cities.
Secondly, libertarianism is about a hands-off policy from government, leaving individuals to do as they please so long as they aren't harming one another. Leftism is about the state taking ownership and control. The two are mutually contradictory. There is a word for what you are and it is "syndicalist". Go look it up in a political theory textbook. I know this because my uncle is one
However, I happened to have a problem with a Netgear router, and I was transferred to a bunch of thick-accented tech support people who were fairly obviously in India. What was clear after talking to them is that it was very hard to be understood, and I think it would be even worse if I had to communicate to them about a difficult software project.
I had exactly the same experience with Netgear. Sure their stuff is cheap, but you're screwed when things go wrong. Next time, I'll pay the extra for Alteon or Juniper or something. Last time I dealt with Alteon they had a lot of Russian PhDs running around, but they all spoke great English.
Regulation is not the answer - professionalism is. The government has oversight over the construction industry for example, but engineers are accredited and the profession is run day-to-day but the professional institution, in the UK this is the Institute of Civil Engineers. Same in medicine, the government oversees, but day to day regulation rests with the BMA, the British Medical Association, and doctors answer to them. Same with lawyers, accountants, investment bankers... even lifeguards and hairdressers have professional bodies.
Software development needs to become more like engineering, and software developers should be required to take a qualification like CEng (UK) or PEng (US) in order to work in positions of authority and responsibility. Remember that engineering is about public safety - bridges don't often collapse, buildings don't often topple, and that's all because the people designing them have been certified by independant bodies. Programmers of safety-critical systems are already often required to be certified by the relevant body, usually that of the electrical engineers.
It never ceases to amaze me the assumptions a person will make about another person after reading only two sentences.
Yeah, the freaks are out in force on this thread. Lots of people crying that, despite plenty of evidence the the contrary, Unix is perfectly secure and always has been. Don't let it bother you.
If you don't know the answer to something simple like this, why in the hell do you think your are qualified to make any usefull comment concerning UNIX and security?
Oh, I know the theory - that Unix machines were big and expensive, and the only people you could trust were the sysadmins, because they were trusted in turn by the owners of the computers, and therefore you could trust any process listening on a low-numbered port. Unfortunately, while that probably sounded great in the lab, it didn't work in the real world. Compromise one root-owned process, you've compromised everything. That's why it accomplished nothing.
If, from day 1, BIND had been running as the bind user, fingerd as the finger user, sendmail as the mail user, etc, an entire class of Unix security breaches simply wouldn't have happened. But no, Unix security philosophy meant that all those processes were root-owned.
Before running your mouth, try searching the CERT of Bugtraq (if you've even heard of those) archives for BIND and sendmail. You might get a nasty surprise when you realize that historically, Unix hasn't held up to attack too well. And in case you're wondering where I'm coming from, also search those archives for breaches on VMS - here's a hint, there aren't many.
The truth is, every other mainstream OS has solved the security problem better than Microsoft. Most other OSes, especially *nix ones, have a philosophy of least privelege
Actually, security was added to Unix as an afterthought. You talk about least privilege, but most Unix systems have exactly two privilege levels: user and superuser. And no ACLs on the filesystem either. At least with Windows, there really is seperation of privilege; someone can be a printer administrator without the privilege to set the system clock, for example. It only needs a competent admin to set it up.
As an example of Unix security philosophy, consider the idea that only root-owned processes could bind to ports below 1024. Exactly what does that accomplish? Nothing useful, and it's directly responsible for all the sendmail and BIND exploits there have been over the years. So much for the "Unix way".
There's an old saying about people who live in glass houses.
This is a ~10 year old vulnerability in DCOM.
Corporate neglagence is still a crime. and Corporations are Individuals, therefore Microsoft, Inc. Should be incarcerated.
1) Microsoft issued a patch over a month before MSBLAST was deployed in the wild. No competent sysadmin was bothered by this "virus" in the slightest. If a doctor offers you a vaccine for free and you decline, can you blame him if you are later taken ill?
2) Who do you expect to carry the can for all the sendmail and BIND exploits there've been over the years? Linux isn't a corporation so how about Linus himself? After all, it's his fault there's an executable stack.
Then again, we should have a superhero called GoldMan (Gold Man)!
Spider-man versus Goldberg? My money's on Goldberg!
These copies are "counterfeit" in the sense that they aren't legitimate copies from Symantec, but they do in fact allow you to update your virus definition.
Not having one of these counterfeits, I can neither confirm or deny this. And if you were a little surer of your position, you'd have no need to be anonymous.
A USB or Firewire external drive would store far more data and could be rotated offsite.
You never use a device like a HD for backing up critical data.
You see, tapes themselves are pretty robust, the thing that is most likely to fail is the tape drive - which can easily be replaced. If a HD fails, what are you going to do, transplant the platters onto a new spindle? *LOL*
How would product activation protect users? Piracy prevention only protects symantec.
Because Symantec's product relies on regular updates of virus definitions from Symantec. I assume - tho' I have not checked - that Symantec requires some form of authentication for this, after all, they sell subscriptions and that's what pays for the database to be kept up to date. Counterfeit copies of the product will be unable to access these updates, lulling users into a false sense of security. Everyone loses - Symantec lose because they don't get the money, the user loses because they paid for a counterfeit. The only one who benefits is the pirate.
Warning: sql kitten is a known troll.
Ah, the old "ad hominem" attack. Don't worry if you don't know what that means. You attack the messenger because you can't fault the message.
Reiserfs is trying to innovate filesystem semantics, finally hoping to provide relational structure ACID capabilities and what not, like a dynamically-typed database.
What does ReiserFS have that NTFS hasn't had for a decade? Or that VMS didn't have since the late 70s? My point stands.
Patents in general are entirely anti-capitalistic devices. Their primary purpose is to inhibit competition, by making it illegal to compete.
I don't know where you got that idea - certainly not any of the statute books. In fact, you just made it up. The purpose of patents is to encourage investment in research by providing 1) a mechanism by which a return may be earned on that investment and 2) a mechanism by which organizations and individuals are encouraged to do research rather than wait for someone else to do it then copy it.
Look around the Open Source world. Just the other day, there was a story here in Slashdot boasting about how GNUmeric now had some features of Excel. You see what's happening here? The Open Source community does not innovate - it sees a commercially developed idea then copies it - for the express purpose of hurting the original developer. That's why the Open Source community is anti-patent.
So how long before Microsoft chanages Excel to be totally incompatable with their old file format and/or functionality, just to screw the open source community yet again?
The data in an office file is a persisted COM object wrapped in a pseudo-filesystem. The format does not change as part of a deliberate obfuscation effort (altho' equally, no effort is expended to make it familiar), its changes are merely a result of the classes that represent the document in memory having features added, and the internal representation of data changing.
Saying that MS changes the format purely to confound the open source community is just paranoid raving.
if you wear those trousers and go back into the store you bought them in, then you're a repeat customer
Talk about paranoid! They can already do that if you pay by card. And guess what, no Orwellian nightmare has come to pass!
As a businessman, when you lower your cost base you *don't* cut your prices unless you have some cutthroat[1] competition who is already kicking your arse on price.
Few businesses are more competitive than consumer retail. Just ask the ubiquitous K-mart. Oh wait, you can't, Wal*mart drove them to the wall, they don't exist any more.
By using an obviously cracked exe, the chances are that I'd be assumed to be a pirate even though I am innocently trying to exercise my fair use rights. To take it a step further, what if the publisher is a member of the BSA?
Then you or your lawyer says "Your Honour, exhibit A, an original CD, exhibit B, a receipt from Best Buy for said CD, please note that my client's credit card details are clearly visible on said receipt".
The judge turns to the BSA and says "if you ever bother me with your bullshit cases again, I'll have your sorry ass slung in jail for wasting the court's time".
End of story.
People are pissy, because MS bitched and bitched for AOL to open thier IM service, and preached about an open IM standard.
Actually, as of version 4.7 of the client, MSN Messenger supports SIP, which is an open standard for point-to-point communication that has widespread support in the telco industry, for example it's used in IP phones. Jabber is a nice idea, but let's be honest, it doesn't have the industry support that SIP does.
This is nothing to do with protocols and standards, it's to do with who uses a service that Microsoft pays for. Would you allow anyone to walk in off the street and make calls on your phone?
It's not that people are stupid. That's an incredible arrogant and geek centric way to look at it.
Absolutely correct. In addition, I have observed that the ones who trot out the "users are stupid" line are the ones who haven't written a line of kernel code in their lives. Real engineers understand that the end users are the whole point of what they do.
My guess is that someone at Microsoft is waiting for people to forget about it so that they can re-introduce and patent the embraced, extended version for patch downloads.
Microsoft already has a new technique for downloading things. It's far smarter than most other transfer methods, since it can sense in real time how much bandwidth you need interactively and adjust its speed to only use the spare capacity.