Hell, cans and string tied to a barbecue grill make better groupware than the Exchange lineup. I'd rather try to use my penis to bang out morse code on red coals than suffer through Exchange. "How come when I {post to this group/forum, send this mail, search through this directory, etc.} it {takes 45 minutes to pop out, is in the wrong order, is jumbled up, has these little squares and hieroglyphics, has the attachments screwed up, tries to dialup, etc.}?" Yeah I ever wanna deal with that shit again. I know exactly why that guy's irate. Friggin' shitware. Sendmail version 5 (yeah, "5"), talk, a common shared directory with a 2Mb quota, and an NNTP server from 1992 using tin (over ssh launched from a DOS prompt) are more effective than friggin' Exchange.
O.k., so I exaggerated a bit -- make that a 4Mb quota.
While I'm an Open Source zealot, and fully expect the dogs to descend (and rightly so IMHO) upon this press release (counter FUD/sensationalism or no) there are a couple of points I'd like to make which make me disappointed yet again in the way Microsoft releases software. Before I spout off, let me draw a clear distinction -- the design/code/test/release cycle is independent from marketing. Whatever "it's stable" "we've done this and that" "best since sliced bread" marketing campaigns are being carried out have little to do with the product itself. We know this intuitively, and I'm not even going to address marketing further than to say -- marketing for Win2k has nothing to do with reality for Win2k.
O.k. the issue I'd like to highlight is the fact that Microsoft has very thorough configuration management software. I don't know what they use, but you can bet your sweet ass it beats the pants off Bugzilla (which I love, don't get me wrong) -- they can afford it and they need it. That being said, it is certain that they have now and have had for years bug tracking resources in their development teams.
The fact that there are 21,000 or 63,000 "bugs" -- for the sake of some degree of objectivity let's assume there are 20,000 actual "bugs" in Window 2000, as tracked by Microsoft's internal bug tracking systems -- that are being announced now implies that there were (let's say again) very close to 20,000 (or more -- this is assuming they've been busting ass to fix them since they went "gold") bugs that were in the bug tracking system when the product was shipped to manufacturers.
This is in spite off the resources they are claiming they have used to beta test the product! [ I should note that beta testing is rarely testing in a production-load environment, so it is not as useful for finding bugs likely to emerge in Real Use (this is not an indictment of Microsoft, it's just the unfortunate truth) ] I can only imagine how much of a piece of shit Win2k was when it went out for beta testing...
We know why they ship buggy product (two primary reasons -- to meet shipping deadlines, and because a "perfect" product has no need for upgrades:-) ). That they ship buggy product for exhorbitant prices is unforgiveable (ignoring even the marketing that claims otherwise as I'm trying hard to do). That they spend as much as they do on testing and still release shitware is an indictment of their development process -- though what they're doing wrong is open for holy war ("talk amongst yourselves...").
Bottom line: a large number (~20,000) bugs were most likely known, IN THE SOURCE CONTROL SYSTEM, at the time the product was shipped to manufacturers.
There's a patch for Linux, too, using something called a "SYN-cookie". This is a marginal idea, and I don't know if it made it into any of the standard Linux distributions. But if you're under attack, you might want to turn it on.
It appears to be fairly standard in the major distributions (whether or not it is enabled by default is another matter -- and a question to which I don't know the answer). I have been using SYN cookies for nearly a year now (although the few SYN floods directed at me may have had little result anyway). I tend to make my machines look as much like black holes as possible... and I'm also not Yahoo.:->
That's not a half-bad idea. Essentially auctioning Congress to the highest bidder (or a Congressman of your choice) with all auction proceeds donated to the EFF for lobbying/defense funds... The PR could be substantial.
So, do you wanna do it or do you want me to? (it was your idea after all so you should have the credit for it if you wanna tackle it)
I've got a recommendation for you *and* Microsoft. Subscribe to the BugTraq and CERT lists. That alone would save Microsoft the embarrassment of saying "oh, we didn't know about the hole."
Oh, wait, I'm sorry. There are Microsoft people on the BugTraq/CERT lists. Well, then how could they not know about the holes?...
[ fade to a daughter sitting in her father's lap while he reads a story to her: ]
"So, daddy, nobody came to help the little boy who cried 'Wolf'?"
"That's right honey. Because he lied to the people too many times and they didn't believe him any more."
"But, daddy, didn't you say that those Windows people lied about Windows over and over again? But you've got the new one now."
"Well, that's different honey. Microsoft is really going to do things right this time."
Actually, IE 5.5 is the most standards-compliant browser in existence.
What are you smoking? Here's a number for ya... go to this site. What is standard about the tag "meta http-equiv="Site-Enter" content="revealTrans(Duration=6.0,Transition=1)""? ??
IIRC their DOM is not W3C either. Embrace, extend, lather, rinse, repeat.
Send regular mail (I've been sending a lot of letters lately), it takes more resources to read, and shows them you're pissed enough to lick an envelope:
Motion Picture Association of America 15503 Ventura Blvd Encino, CA 91436
Glad to see that a college student will misspell a headline.:-)
This gets into that whole "educational use only" argument. I live on campus, and the internet net connection that I *pay* for here is the only one I get. Are you about to tell me that just because it is hooked up to the campus network directly that I'm not allowed to use it for anything non-eductional? That I'm not allowed to look at anything interesting on the Internet? I take great offense to that. This is my home. This is my Internet Connection. I have no other. I believe I have a right to download whatever the heck I want.
The problem is that you (both individually, and the larger collective "you" of the masses of college students downloading and trading mp3's) are on their physical network and using a network more than partly funded by various 3rd parties. The university is held accountable when its students use the network to break laws (we could get into a discussion about whether copyright law is outdated at this point -- but you'd probably find me on your side there). The universities don't generally have a moral concern here -- they are a business. They have to watch out about copyright violations just like they have to watch out about kids getting killed on top of elevators (universities could give a crap whether you elevator surf or not, but their insurers make them care about their bottom line...).
Additionally, if a sizeable percentage of their bandwidth (btw, you don't know their utilization unless you work for the network administrators -- and even then you only get one piece of the picture, believe me) is going to mp3z, the research being done elsewhere might well be suffering. While you are their livestock (the masses used to generate income), the researchers, and the occasional future benefactor (which may emerge from the herds), are their real priority. If the researchers complain that the bandwidth the University bought for them is unusable, the University will act. This is, again, all a part of being in the University business.
Finally, since the University is a business, and a PR-based business to a great degree at that, rampant news stories about college students "Breaking the law" do not look good for Universities. Parents don't want their children going away to become criminals. Alumni don't want their degree tarnished. Donors don't want to give to a cesspool. This may seem like exaggeration, but this is how most universities view these things.
Believe it or not, you don't have a right to download and trade mp3's (again, we could have a long discussion about the validity of the laws which prohibit this, but they are the same laws the universities are forced to live under). Eventually the ability of the university to insulate you from the disciplinary structure of the rest of society will break and you will have to be accountable for your actions. Believe me, I understand how university life is -- been there, done that.
I doubt the previous poster was jealous of your bandwidth (I have more bandwidth than I can generally use coming into my house). Many of us have used and/or administered networks on pipes that would boggle you. Penis envy of a 10/100 line on a university-size public use network with thousands of users is rarely in order. The fact that you have to pay for your bandwidth, however, is an unfortunate part of the unfairness of college life. The university can make you pay, even though you have no other choice. The fact that 9x% of college students are between 18 and 25 years old points to the fact that if you're going to raise a stink over not being able to download mp3z on your pipe you are going to have to get mommy&daddy involved. Guess what? The university knows that mommy&daddy don't want to get involved if they know it's about mp3z/warez/pr0n/etc. Anyway, they stick it to you and you can't do anything about it.
With regard to cost issues, you should know that 5 years ago only the most cutting-edge and/or affluent universities had wired dorms. The fact that it's a "selling point" now is an indication of how much things have changed. The ubiquity of campus connectivity, however, belies the cost of this infrastructure. The universities (hell, the society at large as we subsidize the bulk of this infrastructure) will be paying for this upgrade for years to come. To assume that this is some sort of grift job to squeeze a quick profit out of students, or that wiring campus was cheap and easy (and therefore a right) is just plain ignorant. The problem with being in college is that, as the individual student in this day and age, you are the least important and least influential part of the university business plan; however, it may take 5-10 years after graduation to figure this out (truthfully most college grads never figure it out). Yet, we are generally sent to college at our most arrogant and idiotic phase of development, so we prattle on about our rights, our importance, and How It Really Is.
I have finally had enough of this shit. I just donated $300 (a benefactor membership, and an additional $50 donation) to the EFF in support of their efforts against the numerous threats to liberty -- including many that are aimed primarily against the Free Software movement. It is not that I can afford to spend that kind of money, but I cannot afford to be inactive -- if the EFF does not receive support, the things about which we are complaining will become a permanent reality. The corporations are out to screw us to the fscking wall as quickly and as thoroughly as possible, without regard for fair play. This is how Big Business is done, and we are ill-prepared to defend ourselves. Safeguarding future profits is worth the manipulations, deceit, and legal maneuvering that will continue throughout the forseeable future.
Anyone who seriously considers the events of the past year understands that the monopolies in place for content distribution are outmoded. Five years from now the distribution systems of the 20th century will have been almost wholly replaced. Information is not physical and has different distribution properties. The monopolies were established primarily because creation and distribution of the physical medium requires infrastructure and capital. Remove the physical medium and the market must change.
Anyway, enough banter. Here is a copy of the letter I sent to the EFF after sending my donation. I urge each of you to consider contributing or volunteering your time to the EFF (why not at least visit their page?)
To whom it may concern:
I just completed registration for a $250 benefactor membership and donated an additional $50 to EFF. I thought I would share with you the reasons for my support of your cause.
In recent years the EFF has been visibly in support of electronic privacy and a person's right to freedom from censorship online; and against short-sighted legislation, prosecution, and abuses of the trademark, patent, and copyright systems. There have been numerous occasions where the presence of the EFF, and its cooperation with EPIC, the FSF, the ACLU, and other entities safeguarding our rights both online and offline, has indeed made a difference.
During many of those times I felt myself either too poor, or too busy to contribute to your efforts -- choosing instead to hope that others would contribute, and hiding behind their efforts. It is not that I am no longer constrained (if anything I am more busy than ever before), but I have stood on the sidelines far too long, and it is now time that I give money, if I cannot afford more of my time to help.
The threats to our liberty are greater than ever. The DMCA legislation is a catastrophe; the DeCSS lawsuit is a well-funded Blitzkrieg by the corporate stormtroopers of the MPAA. The RIAA is clearly out of control. Various states and governments are trampling our online rights faster than we can realize that we have them. The manuevering by the American government regarding cryptographic export controls, while deft, is an insult to those of us who understand the word "liberty".
In order to mount a defense against the threats posed by the greedy, power-hungry, ignorant, and immoral you need resources. I hope my meager contribution will be of aid in this fight.
And yes, I know full well that IPSec and other ciphers could be used, but not for all the applications I need, unless I am severely mistaken and/or really dumb.
Actually, IPsec is a protocol and not a cipher. It provides means for doing "secure" IP and may use a wide range of ciphers and hashes to provide various services. I don't really see IPsec providing services similar to SSL anytime soon, but the comparison is more of an apples-oranges comparison.
Become a Microsoft Certified Professional. If you're a computer professional - or want to be one - it's the best way to show employers, clients and colleagues that you have the knowledge and skills required
(1)... to install expensive bloatware that will reduce their productivity while forcing them to purchase new hardware to run larger tied and bundled applications with the same functionality as the previous versions...
(2)... to take nearly a decade to catch on to the fact that Microsoft has a monopoly on PC OS systems and that maybe getting certified would catch you some of their trickle-down dollars.
(3)... to download pr0n and ju4r3z over their fat pipe oblivious to the fact that the non-MS network gear is logging your illicit and illegal behavior
(4)... to read a "dummies" guide to certification to pay to be tested on IT common sense.
I can say this much, if gnumeric supports VBA and includes the language by default, I stop using gnumeric. I will not have that insecure garbage on my system.
Trade secrets are not protected in the same manner as patents. A reverse-engineered trade secret is no longer a trade secret, and is afforded no protection.
You are correct that Speed != Quality. This is why OpenBSD has solved, sometimes years ago, the identical problems which Bugtraq/CERT advisories are still appearing for other Open operating systems (Linux, FreeBSD, NetBSD, for the most prominent examples). This is also the reason that perl -MCPAN -e shell is one of the cleanest installers available -- including download, checksum validation, compilation (for XS'ed C code), and ubiquitous regression testing.
It takes dedication and commitment to make a good open product into a quality open product.
... and this coming from someone with 5 Linux boxen (among others)...
Re:Design of Mozilla must address fears of busines
on
Mozilla Status Update
·
· Score: 2
If you must depend on Javascript for your presentation (which appears to be the primary reason for being concerned with User Agent strings) don't use agent strings. First, they can be forged, second your site does not have a comprehensive list of browsers and their capabilities. Test functionality (query the DOM for instance) and not the User Agent string.
Additaionlly, whoever the dumbass was who decided that doing Javascript validation of user input (and yes I realize that new morons probably reinvent this scheme hourly) should be shot in the face in public. The idea that such validation is effective, or actually provides any measure of security or integrity is ludicrous.
There should be a stable Mozilla within a few (~2-3) months. There should be a branded Netscape based upon Mozilla within about the same time frame. This is my opinion, judging from the Mozilla chatter on #mozilla and on the news.mozilla.org newsgroups. YMMV.
Not saying there aren't problems with Mandrake (in my experience Mandrake's been rock solid), but generally when one sees numerous kernel panics one is looking at *bad* hardware. If I were you I'd start checking my components -- start with memory, then drives and controllers, NICs, video, and then the motherboard. Do it under another distro or OS if you think it's Mandrake specific.
Forgive me that minor:-) detail. The fact of the matter is that, as pointed out elsewhere, AOL is moving towards this merger as a hedge because of the uncertainty of AOL's future value. I still believe the inception of the deal came about largely because of T/W's content concerns (of course AOL's need for content to hold its user base in light of broadband competition should not be hard to see). The large amount of flexibility in the AOL stock price in the deal points to the fact that they had to give a lot of concessions to partner with T/W. I think in this case "who bought whom" isn't as important as why they were even talking.
Slashdot Mirror
But Microsoft Windows systems do run Linux better and cleaner than the alternatives. :-)
O.k., so I exaggerated a bit -- make that a 4Mb quota.
O.k. the issue I'd like to highlight is the fact that Microsoft has very thorough configuration management software. I don't know what they use, but you can bet your sweet ass it beats the pants off Bugzilla (which I love, don't get me wrong) -- they can afford it and they need it. That being said, it is certain that they have now and have had for years bug tracking resources in their development teams.
The fact that there are 21,000 or 63,000 "bugs" -- for the sake of some degree of objectivity let's assume there are 20,000 actual "bugs" in Window 2000, as tracked by Microsoft's internal bug tracking systems -- that are being announced now implies that there were (let's say again) very close to 20,000 (or more -- this is assuming they've been busting ass to fix them since they went "gold") bugs that were in the bug tracking system when the product was shipped to manufacturers.
This is in spite off the resources they are claiming they have used to beta test the product! [ I should note that beta testing is rarely testing in a production-load environment, so it is not as useful for finding bugs likely to emerge in Real Use (this is not an indictment of Microsoft, it's just the unfortunate truth) ] I can only imagine how much of a piece of shit Win2k was when it went out for beta testing...
We know why they ship buggy product (two primary reasons -- to meet shipping deadlines, and because a "perfect" product has no need for upgrades :-) ). That they ship buggy product for exhorbitant prices is unforgiveable (ignoring even the marketing that claims otherwise as I'm trying hard to do). That they spend as much as they do on testing and still release shitware is an indictment of their development process -- though what they're doing wrong is open for holy war ("talk amongst yourselves...").
Bottom line: a large number (~20,000) bugs were most likely known, IN THE SOURCE CONTROL SYSTEM, at the time the product was shipped to manufacturers.
Draw your own conclusions.
It appears to be fairly standard in the major distributions (whether or not it is enabled by default is another matter -- and a question to which I don't know the answer). I have been using SYN cookies for nearly a year now (although the few SYN floods directed at me may have had little result anyway). I tend to make my machines look as much like black holes as possible... and I'm also not Yahoo. :->
So, do you wanna do it or do you want me to? (it was your idea after all so you should have the credit for it if you wanna tackle it)
Oh, wait, I'm sorry. There are Microsoft people on the BugTraq/CERT lists. Well, then how could they not know about the holes? ...
[ fade to a daughter sitting in her father's lap while he reads a story to her: ]
I've had a cordless wheelman mouse working under linux since m12. Don't know why yours doesn't work.
What are you smoking? Here's a number for ya... go to this site. What is standard about the tag "meta http-equiv="Site-Enter" content="revealTrans(Duration=6.0,Transition=1)""? ??
IIRC their DOM is not W3C either. Embrace, extend, lather, rinse, repeat.
Motion Picture Association of America
15503 Ventura Blvd
Encino, CA 91436
This gets into that whole "educational use only" argument. I live on campus, and the internet net connection that I *pay* for here is the only one I get. Are you about to tell me that just because it is hooked up to the campus network directly that I'm not allowed to use it for anything non-eductional? That I'm not allowed to look at anything interesting on the Internet? I take great offense to that. This is my home. This is my Internet Connection. I have no other. I believe I have a right to download whatever the heck I want.
The problem is that you (both individually, and the larger collective "you" of the masses of college students downloading and trading mp3's) are on their physical network and using a network more than partly funded by various 3rd parties. The university is held accountable when its students use the network to break laws (we could get into a discussion about whether copyright law is outdated at this point -- but you'd probably find me on your side there). The universities don't generally have a moral concern here -- they are a business. They have to watch out about copyright violations just like they have to watch out about kids getting killed on top of elevators (universities could give a crap whether you elevator surf or not, but their insurers make them care about their bottom line...).
Additionally, if a sizeable percentage of their bandwidth (btw, you don't know their utilization unless you work for the network administrators -- and even then you only get one piece of the picture, believe me) is going to mp3z, the research being done elsewhere might well be suffering. While you are their livestock (the masses used to generate income), the researchers, and the occasional future benefactor (which may emerge from the herds), are their real priority. If the researchers complain that the bandwidth the University bought for them is unusable, the University will act. This is, again, all a part of being in the University business.
Finally, since the University is a business, and a PR-based business to a great degree at that, rampant news stories about college students "Breaking the law" do not look good for Universities. Parents don't want their children going away to become criminals. Alumni don't want their degree tarnished. Donors don't want to give to a cesspool. This may seem like exaggeration, but this is how most universities view these things.
Believe it or not, you don't have a right to download and trade mp3's (again, we could have a long discussion about the validity of the laws which prohibit this, but they are the same laws the universities are forced to live under). Eventually the ability of the university to insulate you from the disciplinary structure of the rest of society will break and you will have to be accountable for your actions. Believe me, I understand how university life is -- been there, done that.
I doubt the previous poster was jealous of your bandwidth (I have more bandwidth than I can generally use coming into my house). Many of us have used and/or administered networks on pipes that would boggle you. Penis envy of a 10/100 line on a university-size public use network with thousands of users is rarely in order. The fact that you have to pay for your bandwidth, however, is an unfortunate part of the unfairness of college life. The university can make you pay, even though you have no other choice. The fact that 9x% of college students are between 18 and 25 years old points to the fact that if you're going to raise a stink over not being able to download mp3z on your pipe you are going to have to get mommy&daddy involved. Guess what? The university knows that mommy&daddy don't want to get involved if they know it's about mp3z/warez/pr0n/etc. Anyway, they stick it to you and you can't do anything about it.
With regard to cost issues, you should know that 5 years ago only the most cutting-edge and/or affluent universities had wired dorms. The fact that it's a "selling point" now is an indication of how much things have changed. The ubiquity of campus connectivity, however, belies the cost of this infrastructure. The universities (hell, the society at large as we subsidize the bulk of this infrastructure) will be paying for this upgrade for years to come. To assume that this is some sort of grift job to squeeze a quick profit out of students, or that wiring campus was cheap and easy (and therefore a right) is just plain ignorant. The problem with being in college is that, as the individual student in this day and age, you are the least important and least influential part of the university business plan; however, it may take 5-10 years after graduation to figure this out (truthfully most college grads never figure it out). Yet, we are generally sent to college at our most arrogant and idiotic phase of development, so we prattle on about our rights, our importance, and How It Really Is.
Anyone who seriously considers the events of the past year understands that the monopolies in place for content distribution are outmoded. Five years from now the distribution systems of the 20th century will have been almost wholly replaced. Information is not physical and has different distribution properties. The monopolies were established primarily because creation and distribution of the physical medium requires infrastructure and capital. Remove the physical medium and the market must change.
Anyway, enough banter. Here is a copy of the letter I sent to the EFF after sending my donation. I urge each of you to consider contributing or volunteering your time to the EFF (why not at least visit their page?)
Actually, IPsec is a protocol and not a cipher. It provides means for doing "secure" IP and may use a wide range of ciphers and hashes to provide various services. I don't really see IPsec providing services similar to SSL anytime soon, but the comparison is more of an apples-oranges comparison.
(1) ... to install expensive bloatware that will reduce their productivity while forcing them to purchase new hardware to run larger tied and bundled applications with the same functionality as the previous versions...
(2) ... to take nearly a decade to catch on to the fact that Microsoft has a monopoly on PC OS systems and that maybe getting certified would catch you some of their trickle-down dollars.
(3) ... to download pr0n and ju4r3z over their fat pipe oblivious to the fact that the non-MS network gear is logging your illicit and illegal behavior
(4) ... to read a "dummies" guide to certification to pay to be tested on IT common sense.
Where do I sign up again?
It takes dedication and commitment to make a good open product into a quality open product.
Additaionlly, whoever the dumbass was who decided that doing Javascript validation of user input (and yes I realize that new morons probably reinvent this scheme hourly) should be shot in the face in public. The idea that such validation is effective, or actually provides any measure of security or integrity is ludicrous.
There should be a stable Mozilla within a few (~2-3) months. There should be a branded Netscape based upon Mozilla within about the same time frame. This is my opinion, judging from the Mozilla chatter on #mozilla and on the news.mozilla.org newsgroups. YMMV.