The nice things about X is that you could run it equally well over a native messaging system, if you had one.
However, that is not the deciding facter in making the GUI more responsive than X; the kernel, appserver and libatheos are all heavily threaded,
As a wise man said, "threads and stupid people attract each other." It *may* make your GUI feel more responsive, but at the expensive of being much harder to get all the bugs out. It's very unclear that putting the same amount of effort into a non-threaded program would not get you better results.
A Microsoft staff engineer in the SecurityOffice leaked memos said that they deeply regretted choosing a heavily threaded architecture because it was very difficult to achieve the same levels of stability that people are accustomed to on Unix.
I can only really say that it feels much faster
I'm glad you can acknowledge that you're biased.:-)
Does ABrowse support all the standards that Mozilla does? Just the amount of processing that it has to do was substantially responsible for slowdowns in earlier versions.
I would certainly be interested in seeing some real objective comparisions between Message Ports and UNIX Sockets, though.
I've just been reading "Undocumented NT". It has a fair bit of discussion of the ugly hacks and special cases that the NT team had to put into their message-passing microkernel system to make it perform adequately well.
So if he'd stayed within his borders, we would have had no right or excuse to intervene?
In international law at the time: yes. Sovereignty was much stronger at the time; actions within a sovereign state were not really the concern of anyone else. It was only after WWII that the concept of "crimes against humanity" developed and was accepted: crimes so abhorent that every human is hurt by the fact of their being committed, and obliged to prevent them.
And in any case, homosexuality was still illegal in much of the western world, and jews and gypsies were widely discriminated against. (Consider that Alan Turing was harassed to suicide in Britain.) Native people were not citizens in many countries. It was a matter of degree rather than substance.
I work at hp. I have just this minute returned from helping smoke test a RedHat AS install on a quad Itanium 2, 40GB machine that's going to a large government customer. It's one of several dozen.
These people would just never cope with buying random hardware and downloading Linux onto it. Their mind doesn't work that way, regardless of the quality of the software. Buying from hp gives them assurance and support.
I just wish they'd give me one on long-term loan.:-) It's a sexy beast, even if it sounds like a hairdryer. Fat chance though.
Joel's articles used to be good, but now they seem to just be lame repetitions of things already said more clearly by other people. It's kind of disappointing. I suppose he feels like he needs to keep writing, even if he has nothing new to say. That said, "Painless Bug Tracking" (from 2000) is pretty clear.
To be more kind, perhaps some of it is new to some of his audience. I guess all the VB programmers and slashdot kiddies are wetting their pants over him because they don't read many books.
1) A remote crash is not a security compromise, its a DoS.
Molly, if you believe that, then you need to go and re-read a security textbook. Availability is by definition a necessary aspect of security.
2) If you have physical access to my wire, all is lost.
Packet injection does not require physical access.
3) If you have physical access to my machine, all is lost.
True, but this is still a significant privilege elevation attack and therefore a security flaw. For example, if you have 95 clients, a worm can use this problem to gain access to a departmental server running NT, potentially a bigger deal.
I'm mildly amused that I'm debating W95's security.:-)
The key issue here, though, is that with closed-source single-vendor systems you are at the vendor's mercy about when, how, and at what price you will upgrade. With open source you have a bit more freedom.
It's not black and white though: the DoD is basically *telling* HPQ to keep maintaining VMS for the next few decades; whereas your average home user will need to upgrade when their RH 6.0 machine goes out of maintenance.
But a largish government department is probably near the breakpoint: in conjunction with a good systems integrator a Linux solution would let them upgrade as and when they wish. This kind of flexibility is a great thing for all those organizations with solid and stable DOS, W95, Novell, or SCO installations.
(Unfortunately the site seems to be slashdotted so I can't see what Linus actually said. Roll on Freenet.)
The SCO complaint is written in plain English; you don't need to be a lawyer to understand it.
Their heart of their complaint is in paragraph 85: "It is not possible for Linux to rapidly reach UNIX performance standards for complete enterprise functionality without the misappropriation of UNIX code, methods or concepts to achieve such performance,..."
SCO consider themselves to have some kind of godlike power to write enterprise operating systems, that could never be matched by anybody else.
This is clearly incredibly silly. Linus is well qualified to demonstrate that the improvements in Linux have come about through independent work or public documentation, and from many contributors only a few of whom are at IBM. It's also clear that performance has been steadily improving over the last 12-odd years. There's no sudden dumping of SCO IP into Linux.
Things that have been borrowed from proprietary Unixes have been taken from public documentation or whitepapers. The slab allocator is a case in point.
In fact, you don't have to be Linus to work this out for yourself: just look at the lkml archives, and observe how many patches have been sent by non-IBM hackers. The development process by which Linux's performance was improved is largely a matter of public record.
And so, for those of you following along at home but without a Navy of your own:
Write to SCO now. info@sco.com. Tell them that you make or influence computer purchasing decisions, that you write software, and that you have friends, colleagues and customers in the industry. Tell them that it's a stupid action that ruins SCO's credibility and future, and that you're going to encourage people to avoid SCO. Tell them that they ought to take responsibility for their own miserable failure to capitalize on the resounding success of Linux.
I did. I don't suppose it'll dissuade them from this boneheadedness but perhaps there's a chance their death agony will do less damage to Linux.
- Unencrypted password hashes are sent across the wire.
- The password cache can be decrypted and read by anyone on the machine.
And this is just off the top of my head.
The important thing here is that weaknesses in the networking protocols are not just bugs that can be fixed, they're design flaws. Microsoft just have not backported the most recent RPC stack to W95, so there's no way you can get proper network security. (Why would they bother? It's not like they care about customers who haven't paid their upgrade tax.)
It's a really great book: as funny as most Discworld books, and a damn good popular science book to boot. The discussion of philosophy of science and evolution is as good as any you're likely to find outside of a specialist text.
As Pratchett says, "Discworld is a world, and a mirror of worlds." Because it has its own self-consistent logic and rules it really illuminates very well the way science is done on Earth.
On what grounds would they win in court? Seems to me they don't have a contract (express or implied) with the root server operators, and therefore no standing to sue.
You can't just randomly block abusers.
"Just watch me."
Either you have to offer DS services to everyone, or no one, or you have to start charging per lookup.
Not at all. "Management reserves the right to refuse service."
I agree that blocking them is probably too simplistic to be useful, but you're wrong about there being anything legally wrong with it.
2) such lists would be "requestable" under FOIA terms, which means any jackoff OUTSIDE Pennsylvania would have a free list of places to get spank material.
Well-drafted Freedom of Information legislation should handle that sort of problem.
The whole point of FOI is to allow maximum government openness without too great a cost to proper functioning, people's privacy, etc. So when information is released, typically some information is removed, perhaps to protect the privacy of members of the public who happen to be mentioned, or to protect ongoing criminal investigations. There is a lot of legal and public policy discussion about how to resolve these difficult tradeoffs.
Obviously it would be inappropriate for FOI information to include actual depicitions of child abuse or URLs to reach that information. (Suggesting this kind of thing is a typical strawman for opponents of open government.)
On the other hand, it's clearly harmful to have the government censoring the net with no accountability.
Hopefully the FOI Commissioner would just apply a little creativity and intelligence to the problem, and produce information that shows how the case is being handled, without the details. For example, they might give a description of the contents of particular sites sufficient to show that they should be blocked, but without the URL. Or they might release more detailed information to a bona-fide oversight organization.
Every open source project is an attempt to mimic the form or function of something else.... Apache is a free http server, and so on and so forth.
You picked a strange example there, troll. What is Apache attempting to mimic? The original CERN httpd, or the NCSA httpd upon which Apache was based. Both of them were open source.
Or perhaps you think the Apache developers managed the cunning stunt of mimicing IIS, even though IIS was released several years later?
Presumably you would use some kind of reputation-based system: you'd grant access to people based on their willingness to share with you.
This might be part of a solution to free-rider effects in p2p systems: you can (possibly) rely on the University not itself wanting to distribute copyright material.
Sometimes police do such things as part of an investigation, but it comes pretty close to entrapment. If UofWy offers me a nude goat picture and I take it then it might be hard for them to blame me for offering the same in return.
The college would be in a GREAT position for a man in the middle attack.
Heh, wouldn't that be interesting.
Yes, since the college presumably controls the routers they'd be ideally placed to do a man-in-the-middle attack against a key exchange protocol.
This could be trivially prevented by some kind of out-of-band (web,email) password exchange, but that's not the best part.
If the college was proxying all peer-to-peer traffic then they're explcitly cooperating in sharing copyrighted information. Surely this puts them in a worse position than merely passing packets without really knowing what is inside them.
Actually, Goundry is technically correct that an early revision of UNICODE allowed less than 2**16 codepoints, since it covered only the Basic Multilingual Plane of ISO/IEC-10646.
However, even at the time this article first came out there was clearly room for future expansion to a 32-bit space. And in any case, BMP is sufficient for all but the most esoteric uses. Sure, linguists studying dead or obscure languages might need special support, but really that's always going to be true. The UNICODE-troll author says he spends all his time spending arcane ancient Chinese texts. That a general-purpose standard is not exactly tailored to his needs is hardly surprising.
So I agree that the UNICODE article seemed pretty poor, and the author's reputation is low as far as I'm concerned. Picking a temporary limitation and blowing it up into an anglocentrist conspiracy is pretty lame.
To be fair though, Nicholas Carroll was only an editor of the UNICODE troll, not the author. I wish he'd edited it with rm, though. Some of his other papers are OK, though unoriginal.
The original post complained that UNICODE (as UCS-2) uses twice as much disk space as ASCII. The person you replied to pointed out, entirely accurately, that UTF-8 is exactly as efficient as ASCII for storing ASCII text. Similarly if most of your text is DBCS then you can simply use UCS-2 and be the same size in most cases.
Your other points are adequately answered by other posts. Of course it's not easy to support all human languages, but UNICODE makes the problem easier, not harder.
I think what annoys me about managementspeak is that it's often reused so mindlessly. "Coopetition" is an interesting neologism the first time you hear it, and it perhaps expresses a worthwhile concept. I think the heart of this problem is that people want to sound like they're up-to-date on all the latest management fads.
My personal bugbear at the moment is "exponentially". This has a precise mathematical meaning, but people use it carelessly to mean "rapidly". I have heard people describe something as "exponentially increasing", when in fact it is clearly literally linearly increasing, only with a high constant.
Oh, yeah, "literally" is abused terribly too. "Slashdot has literally billions of trolls".
Samba-TNG was originally an unstable CVS branch, run by people from the Samba team. However, the project has now forked, and is developed by a separate group. It's vaguely similar to XEmacs vs GNU Emacs, although the details are very different.
If you want the unstable version of Samba, try the Samba 3.0 alpha snapshots. Many of the domain integration features will be in this development series. If I understand correctly, some of the code is reused from Samba-TNG (both projects are GPL'd), but most is rewritten.
Slashdot Mirror
I haven't used VB for over 4 years, so I'm curious: why is checking the length better? I'm a bit scared what the answer might be....
The nice things about X is that you could run it equally well over a native messaging system, if you had one.
:-)
However, that is not the deciding facter in making the GUI more responsive than X; the kernel, appserver and libatheos are all heavily threaded,
As a wise man said, "threads and stupid people attract each other." It *may* make your GUI feel more responsive, but at the expensive of being much harder to get all the bugs out. It's very unclear that putting the same amount of effort into a non-threaded program would not get you better results.
A Microsoft staff engineer in the SecurityOffice leaked memos said that they deeply regretted choosing a heavily threaded architecture because it was very difficult to achieve the same levels of stability that people are accustomed to on Unix.
I can only really say that it feels much faster
I'm glad you can acknowledge that you're biased.
Does ABrowse support all the standards that Mozilla does? Just the amount of processing that it has to do was substantially responsible for slowdowns in earlier versions.
I would certainly be interested in seeing some real objective comparisions between Message Ports and UNIX Sockets, though.
I've just been reading "Undocumented NT". It has a fair bit of discussion of the ugly hacks and special cases that the NT team had to put into their message-passing microkernel system to make it perform adequately well.
Communication, though, is enver 100%.
:)
Indeed.
So if he'd stayed within his borders, we would have had no right or excuse to intervene?
In international law at the time: yes. Sovereignty was much stronger at the time; actions within a sovereign state were not really the concern of anyone else. It was only after WWII that the concept of "crimes against humanity" developed and was accepted: crimes so abhorent that every human is hurt by the fact of their being committed, and obliged to prevent them.
And in any case, homosexuality was still illegal in much of the western world, and jews and gypsies were widely discriminated against. (Consider that Alan Turing was harassed to suicide in Britain.) Native people were not citizens in many countries. It was a matter of degree rather than substance.
I work at hp. I have just this minute returned from helping smoke test a RedHat AS install on a quad Itanium 2, 40GB machine that's going to a large government customer. It's one of several dozen.
:-) It's a sexy beast, even if it sounds like a hairdryer. Fat chance though.
These people would just never cope with buying random hardware and downloading Linux onto it. Their mind doesn't work that way, regardless of the quality of the software. Buying from hp gives them assurance and support.
I just wish they'd give me one on long-term loan.
Joel's articles used to be good, but now they seem to just be lame repetitions of things already said more clearly by other people. It's kind of disappointing. I suppose he feels like he needs to keep writing, even if he has nothing new to say. That said, "Painless Bug Tracking" (from 2000) is pretty clear.
To be more kind, perhaps some of it is new to some of his audience. I guess all the VB programmers and slashdot kiddies are wetting their pants over him because they don't read many books.
// mbp (obviously in a bad mood this morning)
why don't you pay them, ya bastard? :-)
1) A remote crash is not a security compromise, its a DoS.
:-)
Molly, if you believe that, then you need to go and re-read a security textbook. Availability is by definition a necessary aspect of security.
2) If you have physical access to my wire, all is lost.
Packet injection does not require physical access.
3) If you have physical access to my machine, all is lost.
True, but this is still a significant privilege elevation attack and therefore a security flaw. For example, if you have 95 clients, a worm can use this problem to gain access to a departmental server running NT, potentially a bigger deal.
I'm mildly amused that I'm debating W95's security.
The key issue here, though, is that with closed-source single-vendor systems you are at the vendor's mercy about when, how, and at what price you will upgrade. With open source you have a bit more freedom.
It's not black and white though: the DoD is basically *telling* HPQ to keep maintaining VMS for the next few decades; whereas your average home user will need to upgrade when their RH 6.0 machine goes out of maintenance.
But a largish government department is probably near the breakpoint: in conjunction with a good systems integrator a Linux solution would let them upgrade as and when they wish. This kind of flexibility is a great thing for all those organizations with solid and stable DOS, W95, Novell, or SCO installations.
(Unfortunately the site seems to be slashdotted so I can't see what Linus actually said. Roll on Freenet.)
..."
The SCO complaint is written in plain English; you don't need to be a lawyer to understand it.
Their heart of their complaint is in paragraph 85: "It is not possible for Linux to rapidly reach UNIX performance standards for complete enterprise functionality without the misappropriation of UNIX code, methods or concepts to achieve such performance,
SCO consider themselves to have some kind of godlike power to write enterprise operating systems, that could never be matched by anybody else.
This is clearly incredibly silly. Linus is well qualified to demonstrate that the improvements in Linux have come about through independent work or public documentation, and from many contributors only a few of whom are at IBM. It's also clear that performance has been steadily improving over the last 12-odd years. There's no sudden dumping of SCO IP into Linux.
Things that have been borrowed from proprietary Unixes have been taken from public documentation or whitepapers. The slab allocator is a case in point.
In fact, you don't have to be Linus to work this out for yourself: just look at the lkml archives, and observe how many patches have been sent by non-IBM hackers. The development process by which Linux's performance was improved is largely a matter of public record.
(Great post, KFG. (Kentucky Fried Gerbil?))
And so, for those of you following along at home but without a Navy of your own:
Write to SCO now. info@sco.com. Tell them that you make or influence computer purchasing decisions, that you write software, and that you have friends, colleagues and customers in the industry. Tell them that it's a stupid action that ruins SCO's credibility and future, and that you're going to encourage people to avoid SCO. Tell them that they ought to take responsibility for their own miserable failure to capitalize on the resounding success of Linux.
I did. I don't suppose it'll dissuade them from this boneheadedness but perhaps there's a chance their death agony will do less damage to Linux.
--
"A language is a dialect with a navy."
so that we can all admire its stony security.
Ah, how soon they forget....
- The IP stack can be remotely crashed.
- Unencrypted password hashes are sent across the wire.
- The password cache can be decrypted and read by anyone on the machine.
And this is just off the top of my head.
The important thing here is that weaknesses in the networking protocols are not just bugs that can be fixed, they're design flaws. Microsoft just have not backported the most recent RPC stack to W95, so there's no way you can get proper network security. (Why would they bother? It's not like they care about customers who haven't paid their upgrade tax.)
It's a really great book: as funny as most Discworld books, and a damn good popular science book to boot. The discussion of philosophy of science and evolution is as good as any you're likely to find outside of a specialist text.
As Pratchett says, "Discworld is a world, and a mirror of worlds." Because it has its own self-consistent logic and rules it really illuminates very well the way science is done on Earth.
I highly recommend it.
Read "The Science of Discworld". Yes, there is elevator music.
Gee, and I thought they sounded like pretty useful instructions:
1. Learn a little bit about how the Internet works,
2. Jerk off, before...
3. Making overly simplistic comments about complex problems.
All of them sound like fun to me!
and of course...
5. Profit!
Hello Troll,
On what grounds would they win in court? Seems to me they don't have a contract (express or implied) with the root server operators, and therefore no standing to sue.
You can't just randomly block abusers.
"Just watch me."
Either you have to offer DS services to everyone, or no one, or you have to start charging per lookup.
Not at all. "Management reserves the right to refuse service."
I agree that blocking them is probably too simplistic to be useful, but you're wrong about there being anything legally wrong with it.
2) such lists would be "requestable" under FOIA terms, which means any jackoff OUTSIDE Pennsylvania would have a free list of places to get spank material.
Well-drafted Freedom of Information legislation should handle that sort of problem.
The whole point of FOI is to allow maximum government openness without too great a cost to proper functioning, people's privacy, etc. So when information is released, typically some information is removed, perhaps to protect the privacy of members of the public who happen to be mentioned, or to protect ongoing criminal investigations. There is a lot of legal and public policy discussion about how to resolve these difficult tradeoffs.
Obviously it would be inappropriate for FOI information to include actual depicitions of child abuse or URLs to reach that information. (Suggesting this kind of thing is a typical strawman for opponents of open government.)
On the other hand, it's clearly harmful to have the government censoring the net with no accountability.
Hopefully the FOI Commissioner would just apply a little creativity and intelligence to the problem, and produce information that shows how the case is being handled, without the details. For example, they might give a description of the contents of particular sites sufficient to show that they should be blocked, but without the URL. Or they might release more detailed information to a bona-fide oversight organization.
Every open source project is an attempt to mimic the form or function of something else. ... Apache is a free http server, and so on and so forth.
You picked a strange example there, troll. What is Apache attempting to mimic? The original CERN httpd, or the NCSA httpd upon which Apache was based. Both of them were open source.
Or perhaps you think the Apache developers managed the cunning stunt of mimicing IIS, even though IIS was released several years later?
Presumably you would use some kind of reputation-based system: you'd grant access to people based on their willingness to share with you.
This might be part of a solution to free-rider effects in p2p systems: you can (possibly) rely on the University not itself wanting to distribute copyright material.
Sometimes police do such things as part of an investigation, but it comes pretty close to entrapment. If UofWy offers me a nude goat picture and I take it then it might be hard for them to blame me for offering the same in return.
The college would be in a GREAT position for a man in the middle attack.
Heh, wouldn't that be interesting.
Yes, since the college presumably controls the routers they'd be ideally placed to do a man-in-the-middle attack against a key exchange protocol.
This could be trivially prevented by some kind of out-of-band (web,email) password exchange, but that's not the best part.
If the college was proxying all peer-to-peer traffic then they're explcitly cooperating in sharing copyrighted information. Surely this puts them in a worse position than merely passing packets without really knowing what is inside them.
Actually, Goundry is technically correct that an early revision of UNICODE allowed less than 2**16 codepoints, since it covered only the Basic Multilingual Plane of ISO/IEC-10646.
However, even at the time this article first came out there was clearly room for future expansion to a 32-bit space. And in any case, BMP is sufficient for all but the most esoteric uses. Sure, linguists studying dead or obscure languages might need special support, but really that's always going to be true. The UNICODE-troll author says he spends all his time spending arcane ancient Chinese texts. That a general-purpose standard is not exactly tailored to his needs is hardly surprising.
So I agree that the UNICODE article seemed pretty poor, and the author's reputation is low as far as I'm concerned. Picking a temporary limitation and blowing it up into an anglocentrist conspiracy is pretty lame.
To be fair though, Nicholas Carroll was only an editor of the UNICODE troll, not the author. I wish he'd edited it with rm, though. Some of his other papers are OK, though unoriginal.
> UTF-8, aka UTF-FSS, still doesn't help.
Yes it does
The original post complained that UNICODE (as UCS-2) uses twice as much disk space as ASCII. The person you replied to pointed out, entirely accurately, that UTF-8 is exactly as efficient as ASCII for storing ASCII text. Similarly if most of your text is DBCS then you can simply use UCS-2 and be the same size in most cases.
Your other points are adequately answered by other posts. Of course it's not easy to support all human languages, but UNICODE makes the problem easier, not harder.
What a beautiful sensible post.
I think what annoys me about managementspeak is that it's often reused so mindlessly. "Coopetition" is an interesting neologism the first time you hear it, and it perhaps expresses a worthwhile concept. I think the heart of this problem is that people want to sound like they're up-to-date on all the latest management fads.
My personal bugbear at the moment is "exponentially". This has a precise mathematical meaning, but people use it carelessly to mean "rapidly". I have heard people describe something as "exponentially increasing", when in fact it is clearly literally linearly increasing, only with a high constant.
Oh, yeah, "literally" is abused terribly too. "Slashdot has literally billions of trolls".
Samba-TNG was originally an unstable CVS branch, run by people from the Samba team. However, the project has now forked, and is developed by a separate group. It's vaguely similar to XEmacs vs GNU Emacs, although the details are very different.
If you want the unstable version of Samba, try the Samba 3.0 alpha snapshots. Many of the domain integration features will be in this development series. If I understand correctly, some of the code is reused from Samba-TNG (both projects are GPL'd), but most is rewritten.
As Andrews says in the open letter, diversity is good: you can try -TNG and 3.0a and see which one suits you.
It's simple, really... mountains are the new thing in pornography.
Just consider, for example, the Grand Tetons in Wyoming, or Canberra in Australia (supposedly an indigenous word for "breasts".)