If we're going to play the "My code is more obsolete than yours" game, although I don't know the Moz/FF source intimately, I'm sure there's still stuff in there from NetScape (from Mosaic, just as SpyGlass was).
Still, that seems a pretty silly game to play.
Actually, in the name of accuracy, he did list the number of exploits. FF had more than IE.
How many are used (and succesfully exploited) in the wild is an impossible figure to identify. It's safe to assume that with >90% usage, more IE users were effected than FF users. That data (were it available) would only reflect usage, and says nothing about relative security.
Nowhere near the (28% + 3% + 13%) = 44% for MSIE6, of course, but 24% is still pretty high.
Comparing Criticality, FF has 23% "Highly Critical" whilst IE has 14% Extremely Critical + 29% Highly Critical = 43%. That really is bad for IE.
Of course, numbers prove very little, and there's lots of room for reinterpreting these figures (availability of FF source can make vulns easier to find and exploits easier to write; huge IE install base increases likelihood of discovery and increased incentive to exploit, etc).
Does that just mean that FF hasn't yet hit the critical mass which makes it worth creating dodgy pages to exploit FF, when you can hit 95% of t'intarweb by exploiting IE?
If FF/IE was 50/50, would we have the same confidence?
After all, the GPL allows forks and doesn't require a name-change.
Although it seems unlikely at the moment, it's possible that Linux will deteriorate and fork a superior version (like with gcc/egcs many moons ago) - Linus could get hit by a bus or lose his mind... it's not likely, but it's possible.
If the source for a Wikipedia article is some blogger with nothing better to do with his time than submit articles to Wikipedia, then it's not exactly credible.
If the source is Linus Torvalds explaining explicitly what Linux is, then that has more credibility.
Plus the comments above this one... I've never gone into the CVS/etc level of doing stuff, but at least back it up to httpd.conf.`date`, if nothing else.
Our httpd.conf is over 4000 lines now, so I've broken it up into seperate files, with a script which simply cat's them together (001header, 002laterstuff, 003middlestuff, 004endstuff, basically). Then create an httpd.conf from the sub-files.
The script doesn't deal with someone hacking the httpd.conf by hand, but all it does is create a http`date`.conf file, displays a "diff" from the existing httpd.conf, and tells you what to do if you choose to activate the differences.
It's not perfect, I'd never claim that anything was perfect, but it gives backups by date/time, and allows you to confirm the changes before you activate them. It also (deliberately) does not have the balls to activate the new config, it just tells the sysadmin what s/he would have to do to activate it (having shown the diffs).
this allows a website owner to configure their own website, without affecting the other websites on the box, or having to ask the administrator to make the changes for them.
Given random feeds from t'intarweb, the best possible tool would be incapable of generating any rules (or, in reality, would generate rules such as "it's" means "its", or "their" and "there" are identical).
In reality, we'd need some academics to agree on grammar in the first place, to be able to verify any such software.
Here's a novel idea... why not educate children about grammar (and spelling, come to think of it), and expect people to be able to do this stuff for themselves?
What else do you want? A machine to wipe your bum for you because you're too lazy to work out how to do it yourself??!
Read more of his writings, especially his Sex God stuff: Well, what do you think happens when you start channelling the freaking God of Sex Himself? Yes, ESR is a self-confessed Sex God.
CatB, at the time it was written, was actually very prescient. Most of it now seems like obvious trash, but CatB was the first real document which combined these ideas into a coherent structure.
That was certainly far more than Fetchmail (for fsck's sake!), and more than he has done since.
CatB was ESR's great moment.
TAOUP has the potential to be made into a useful reference, if all the hyperbole is removed. However, that would probably transform it from a book to a pamphlet.
God, I felt old on/. in 1998; I feel ancient having to explain all this stuff 7 years later!
He was polite on the phone, but then he claims to have sent the quoted email. ESR used email to threaten to to shoot Bruce Perens, don't forget.
I've not met the man, but he seems too timid to say such things face-to-face, but from the safety of his computer screen, he can be most excessive.
Whether he actually does anything beyond shooting guns at inanimate objects and bizarre witchcraft, I can not say.
Excellent point, IMHO.
Given that there was a few days notice of Katrina, there seems to be no excuse for the way in which it has been dealt with by the richest nation on the planet.
Had it been an unforseen terrorist attack, Dubwa would be blaming it all on terrorists... this just goes to show that the USA is too arrogant to defend itself against anything, and that Dubya isn't capable of dealing with his pretzels, let alone a nation.
I suppose that's a valid usage by the literal definition, but it's not in common usage, certainly.
In your example, you want to emphasise that it is, as opposed to isn't.
Also, "Indeeed, it is" isn't a proper sentence; there's no verb.
How about "It's true that you can replace 'it is' with 'it's'"?
I've been busy.. I may have dropped a few emails. Mail me back and I'll try to get back to you.
I see your/. email is blocked (sensible!), so that's my only option,
Steve
Gcc was - if not necessary - certainly a very useful tool in the development of Linux (in the circumstances in which it happened) and the license of GCC appears to have had a certain influence in the license of Linux, despite different ideologies (Free as in Freedom (GCC) / Convenient to be free (Linux)).
If you figure out who was being petty, think about letting me know... then think about whether or not I care.
Okay. You're being petty. I don't care whether or not you care.
Whether it actually did anything to patch a vulnerability would be a secondary issue, and not nearly as important.
Surely that is what *is* important.
An attitude of "The app software still does what we think the end-users use it for and seems to work, and presumably it fixes the problem it claims to fix" is a non-answer.
I like a Solaris patch which includes a new.conf file, for example, because I can check it against our existing config file, and decide whether to patch or not. I might even add the patch then manually put back the bits I don't like, just so the patch doesn't get re-added.
From feedback from a recruiting consultant, I made various changes to my CV (resume, for the Yanks), including putting my quals at the end of the CV. "Real" qualifications (GCSE's, A-Levels, Degree) first, then industry training. I had put these first on the CV, in a nice little table showing date, institution, etc. Simple bullet-points at the end of the CV seem to work well - they back up the claims I make in the body of the CV - who I am, what I do, what I've achieved for previous/current employers, without saying "whoohoo! I've got Cert X or done Training Course Y".
I also trimmed down the detail on older jobs, since more recent stuff is more relevant (in my case, at least, since I've been in the same job for six years).
If you're a web designer, build a few web pages, showing the range of your abilities. Document each one, showing what techniques were used in each site.
If you're a programmer, it can be more difficult; I've written a few Free Software utilities, which I can link to from my CV; I can also provide the URL to the commercial package I have written, in my own case.
This is more problematic, though, as a potential employer would need to download the software and run it to see if it seems any good. Unless it's got an OSI license, they probably won't get any chance to view the code you actually wrote.
If you're a sysadmin, it's even more difficult; you can say "I did X, Y and Z" but it's hard to prove, unless you were the key element in transforming a major website (eg, you implemented the UI change which eBay made a year or two ago).
If you have no paperwork to back you up, and no portfolio, I have no reason to look at you twice. You need to give me (as a potential employer) something else, which will at least make me give you a 30minute phone call, in which you can wow me with your prowess.
I recently (succesfully - start in 4 weeks) had an interview which was designed in the formal pattern, though they were good enough to provide the manager and a techie to do the interview.
We were in there for 2 and a half hours (felt like 30 minutes) whilst the techie and myself argued about different points (we even got down to drawing diagrams of how we'd do things, and why) - we rarely agreed - whilst the manager just sat and listened, since he didn't understand 90% of what we were saying. So although they'd formualted the interview into a setup of "techie asks questions / manager asks questions", I think I threw them by getting too involved in the details of the questions they were asking (which indicates that they were asking good questions).
After 2.5h of fun argument, I phoned the agency to say "it was fun, but I don't know if they'll want to give me a job because I was just an argumentative bastard!", I got a call back within an hour saying they did want to give me a job.
Then it got passed back to HR, who took another 2.5 weeks (!) to get the paperwork to me.
Techies are good at interviewing techies.
I do enjoy giving (and receiving) oddball questions in interviews, whichever side of the desk I'm on. As a potential employer, it gives me a good idea about the kind of person I'm going to be working with. As a potential employee, getting asked an oddball question tells me that they're not just a bunch of box-tickers, but that they value original thinkers.
An interview with no oddball questions disturbs me; it makes me think that I'll be forced to sit inside a box alongside countless identical "individuals".
It doesn't only have a good chance of providing the correct answer (the question is unlikely to specify any requirement to return the barometer), it also shows social [engineering] skills.
Slashdot Mirror
The point must be how valid the code is in 2005.
Twice a day for a year? That's 730 crashes, then?
... well, rather a lot.
That seems
As another poster suggests, turn on the QA agent. That's a config the Mozilla guys would want to know about.
How many are used (and succesfully exploited) in the wild is an impossible figure to identify. It's safe to assume that with >90% usage, more IE users were effected than FF users. That data (were it available) would only reflect usage, and says nothing about relative security.
Nowhere near the (28% + 3% + 13%) = 44% for MSIE6, of course, but 24% is still pretty high.
Comparing Criticality, FF has 23% "Highly Critical" whilst IE has 14% Extremely Critical + 29% Highly Critical = 43%. That really is bad for IE.
Of course, numbers prove very little, and there's lots of room for reinterpreting these figures (availability of FF source can make vulns easier to find and exploits easier to write; huge IE install base increases likelihood of discovery and increased incentive to exploit, etc).
If FF/IE was 50/50, would we have the same confidence?
Just a thought,
I'm not going to switch to Apache2 just for that, though am I?!
Although it seems unlikely at the moment, it's possible that Linux will deteriorate and fork a superior version (like with gcc/egcs many moons ago) - Linus could get hit by a bus or lose his mind... it's not likely, but it's possible.
In that case, which should use the TM?
The difference is the quality of the source.
If the source for a Wikipedia article is some blogger with nothing better to do with his time than submit articles to Wikipedia, then it's not exactly credible.
If the source is Linus Torvalds explaining explicitly what Linux is, then that has more credibility.
mv????
Surely you mean cp at least?!
Plus the comments above this one... I've never gone into the CVS/etc level of doing stuff, but at least back it up to httpd.conf.`date`, if nothing else.
Our httpd.conf is over 4000 lines now, so I've broken it up into seperate files, with a script which simply cat's them together (001header, 002laterstuff, 003middlestuff, 004endstuff, basically). Then create an httpd.conf from the sub-files.
The script doesn't deal with someone hacking the httpd.conf by hand, but all it does is create a http`date`.conf file, displays a "diff" from the existing httpd.conf, and tells you what to do if you choose to activate the differences.
It's not perfect, I'd never claim that anything was perfect, but it gives backups by date/time, and allows you to confirm the changes before you activate them. It also (deliberately) does not have the balls to activate the new config, it just tells the sysadmin what s/he would have to do to activate it (having shown the diffs).
Ah - you mean .htaccess
Now that's what I call innovation :-)
Given random feeds from t'intarweb, the best possible tool would be incapable of generating any rules (or, in reality, would generate rules such as "it's" means "its", or "their" and "there" are identical).
In reality, we'd need some academics to agree on grammar in the first place, to be able to verify any such software.
Here's a novel idea... why not educate children about grammar (and spelling, come to think of it), and expect people to be able to do this stuff for themselves?
What else do you want? A machine to wipe your bum for you because you're too lazy to work out how to do it yourself??!
Read more of his writings, especially his Sex God stuff:
Well, what do you think happens when you start channelling the freaking God of Sex Himself? Yes, ESR is a self-confessed Sex God.
CatB, at the time it was written, was actually very prescient. Most of it now seems like obvious trash, but CatB was the first real document which combined these ideas into a coherent structure. /. in 1998; I feel ancient having to explain all this stuff 7 years later!
That was certainly far more than Fetchmail (for fsck's sake!), and more than he has done since.
CatB was ESR's great moment.
TAOUP has the potential to be made into a useful reference, if all the hyperbole is removed. However, that would probably transform it from a book to a pamphlet.
God, I felt old on
He was polite on the phone, but then he claims to have sent the quoted email.
ESR used email to threaten to to shoot Bruce Perens, don't forget.
I've not met the man, but he seems too timid to say such things face-to-face, but from the safety of his computer screen, he can be most excessive.
Whether he actually does anything beyond shooting guns at inanimate objects and bizarre witchcraft, I can not say.
Excellent point, IMHO.
Given that there was a few days notice of Katrina, there seems to be no excuse for the way in which it has been dealt with by the richest nation on the planet.
Had it been an unforseen terrorist attack, Dubwa would be blaming it all on terrorists... this just goes to show that the USA is too arrogant to defend itself against anything, and that Dubya isn't capable of dealing with his pretzels, let alone a nation.
I suppose that's a valid usage by the literal definition, but it's not in common usage, certainly.
In your example, you want to emphasise that it is, as opposed to isn't.
Also, "Indeeed, it is" isn't a proper sentence; there's no verb.
How about "It's true that you can replace 'it is' with 'it's'"?
NBC: Commercial Broadcaster, USA (largest contributor to global warming).
I've been busy.. I may have dropped a few emails. Mail me back and I'll try to get back to you. I see your /. email is blocked (sensible!), so that's my only option,
Steve
Gcc was - if not necessary - certainly a very useful tool in the development of Linux (in the circumstances in which it happened) and the license of GCC appears to have had a certain influence in the license of Linux, despite different ideologies (Free as in Freedom (GCC) / Convenient to be free (Linux)).
If you figure out who was being petty, think about letting me know... then think about whether or not I care.
Okay. You're being petty. I don't care whether or not you care.
Surely that is what *is* important. .conf file, for example, because I can check it against our existing config file, and decide whether to patch or not. I might even add the patch then manually put back the bits I don't like, just so the patch doesn't get re-added.
An attitude of "The app software still does what we think the end-users use it for and seems to work, and presumably it fixes the problem it claims to fix" is a non-answer.
I like a Solaris patch which includes a new
But hey, Windows is Windows ;-)
From feedback from a recruiting consultant, I made various changes to my CV (resume, for the Yanks), including putting my quals at the end of the CV. "Real" qualifications (GCSE's, A-Levels, Degree) first, then industry training. I had put these first on the CV, in a nice little table showing date, institution, etc. Simple bullet-points at the end of the CV seem to work well - they back up the claims I make in the body of the CV - who I am, what I do, what I've achieved for previous/current employers, without saying "whoohoo! I've got Cert X or done Training Course Y".
I also trimmed down the detail on older jobs, since more recent stuff is more relevant (in my case, at least, since I've been in the same job for six years).
If you're a web designer, build a few web pages, showing the range of your abilities. Document each one, showing what techniques were used in each site.
If you're a programmer, it can be more difficult; I've written a few Free Software utilities, which I can link to from my CV; I can also provide the URL to the commercial package I have written, in my own case.
This is more problematic, though, as a potential employer would need to download the software and run it to see if it seems any good. Unless it's got an OSI license, they probably won't get any chance to view the code you actually wrote.
If you're a sysadmin, it's even more difficult; you can say "I did X, Y and Z" but it's hard to prove, unless you were the key element in transforming a major website (eg, you implemented the UI change which eBay made a year or two ago).
If you have no paperwork to back you up, and no portfolio, I have no reason to look at you twice. You need to give me (as a potential employer) something else, which will at least make me give you a 30minute phone call, in which you can wow me with your prowess.
We were in there for 2 and a half hours (felt like 30 minutes) whilst the techie and myself argued about different points (we even got down to drawing diagrams of how we'd do things, and why) - we rarely agreed - whilst the manager just sat and listened, since he didn't understand 90% of what we were saying. So although they'd formualted the interview into a setup of "techie asks questions / manager asks questions", I think I threw them by getting too involved in the details of the questions they were asking (which indicates that they were asking good questions).
After 2.5h of fun argument, I phoned the agency to say "it was fun, but I don't know if they'll want to give me a job because I was just an argumentative bastard!", I got a call back within an hour saying they did want to give me a job.
Then it got passed back to HR, who took another 2.5 weeks (!) to get the paperwork to me.
Techies are good at interviewing techies.
I do enjoy giving (and receiving) oddball questions in interviews, whichever side of the desk I'm on. As a potential employer, it gives me a good idea about the kind of person I'm going to be working with. As a potential employee, getting asked an oddball question tells me that they're not just a bunch of box-tickers, but that they value original thinkers.
An interview with no oddball questions disturbs me; it makes me think that I'll be forced to sit inside a box alongside countless identical "individuals".
It doesn't only have a good chance of providing the correct answer (the question is unlikely to specify any requirement to return the barometer), it also shows social [engineering] skills.