So long as the operating system uses and supports open interfaces in a real and effective way, it doesn't matter a damn whether the kernel is Darwin, FreeBSD, Linux, BeOS, NT, or Minix. It doesn't matter whether the kernel is a microkernel, a monolithic kernel, or some unholy blend of the two. The UNIX fanil of operating systems makes the OS technology itself irrelevant, to the point that there are ISPs selling hosted virtual Linux systems that are actually FreeBSD Jails running the Linux emulator... and they work.
The fungible UNIX operating system is so important that even Microsoft has played with being in the UNIX world, even after they bailed from Xenix, when they bought Softway Systems and for a while were releasing Interix for any modern Windows. That's why it doesn't matter, so long as you write your code to be portable on UNIX (and that doesn't necessarily mean "write for POSIX", you have to pay attention to what portability really means) it doesn't matter what OS your customers use to a rather large extent. The OS itself is just an implementation detail, like the screen resolution or nameserver.
I think they screwed up, and brought this on themselves. I already thought that it was annoying having so verbose an identifier... this just makes it more hateful.
If they'd at least made the identifier NOT a URI, something like domain.example.com::[path/]versionstring, or something else that wasn't a URT, so it was clearly an identifier even if it was ultimately convertible to a URI, they would have avoided this kind of problem.
"Only 3 percent of the vulnerabilities that are discovered are ever exploited," he said. "Yet there is huge amount of attention given to vulnerability disclosure, patch management, and so forth."
And it does not occur to you that this may not be part of the reason that only 3% of vulnerabilities disclosed are exploited. In fact, I would say that three percent is a rather high number considering how many vulnerabilities are patched before being disclosed (at least in the open source world). Concluding that the success of vulnerability management is a sign that it's wasted effort does not seem to be entirely justified.
These vulnerabilities are not at all similar to "firing an arrow through the sunroof of a Ford and kill the driver". An automobile body is not designed to stop arrows, in the first place, and there's little incentive for someone to make such an attack, and there are mechanisms to deter any such potential attacker in other ways. Computer vulnerabilities are similar to being able to push a button and have the car send the contents of its trunk or glove compartment to the attacker... untraceably. Shoudl automobiles suffer such flaws, I am sure that people would be most interested in having them discovered and fixed!
But in 1995 I honestly believed that no company would be stupid enough to automatically run code delivered in an email message, and in 1997 that Microsoft would be forced by public opinion to back down on the obviously absurd integration of the browser and the desktop, and in 2000 that people would reject an operating system with components to lock them out of their own computer... after all, dongles had proven to be a passing fad, surely people were wising up to things like this.
I no longer believe in any limits to the complaisance and naivete of the computer-using public.
I can understand some of the reasoning behind it, but I think this is mostly one giant ego trip. Ooh the CIA took a look at us, we are the next battleground, aren't we important!
Right, the CIA and the Washington Post are run by teenage kids in their parents basements.
Can someone please explain to me why an electronic voting machine is a Bad Thing(tm)?
If something goes wrong with your ATM you know it happened right there when it happened, you contact your bank and get it fixed right then. And even then, you don't really *trust* the ATM. At least I hope you take your paper receipt, and check your balance, and if they don't match you can STILL call the bank about it.
If something goes wrong with your voting machine you NEVER know about it, because you don't get any feedback (like, you know, the money doesn't come out). So what you need to do is to take your paper ballot from the machine and put it in a box and make sure that the boxes and the papers are safe and *those* are what need to be retained for a recount when someone thinks things don't match and needs to "call the bank about it".
While they may help reveal specific information about vulnerabilities, which is good, they don't provide much useful information about the security of the systems being attacked.
And googling around after posting that I found your interview with David Brin and Bob Forward, and also an online copy of Brin's Tank Farm Dynamo... which for some reason I had remembered as being by Robert Forward. Maybe that was in a parallel universe...?:)
I gotta say, the internet's getting pretty damn good at instant gratification. I can't recall the last time I went downtown to the library... no, I can, it was at least 10 years ago, and I was looking for a copy of the August 1976 BSTJ.
Hmm...so are you advocating writing GUI apps completely in Tcl, or writing the app in some other language, but doing the GUI parts in Tk?
Depends on the problem you're trying to solve. Both approaches work, so does writing the GUI in Perl/Tk or Scheme/Tk, or even using a captive Tcl interpreter for the GUI under your scripting language of choice. If Perl/Tk is not being maintained, that's a problem, of course. I'm not sure what you mean by "handles pointers as if this was 1978", unless you're talking about pre-unsigned code that used (char *) as an integral type to get unsigned integers. Only half-smiley: I'm old enough to remember that kind of hack.
I would personally stick with Tcl, because I'm big on reflective languages and languages with simple syntax like Forth, Lisp, Smalltalk, and Tcl. If you're not, well, it's a fun way to code.
As for "learning a new language"... pretty much any GUI library has more to learn than the amount of Tcl you need for writing the Gui in Tk. The Tk part of the process is much more work than the Tcl part, especially if you start off in Tcl/Tk 8.5 and Ttk.
I love the credits on that paper. I recognise John Cramer and Robert Forward as physicists and novelists, is Gregory Benford the physicist the same person as Gregory Benford the novelist?
If what I want to do is supported by the widget set of Tk (and it's just been significantly enhanced with Tcl/Tk 8.5) that's what I'll use. It's BSD-style licensed, runs natively on X11, Win32, and Cocoa/Carbon, and was designed from the start around rapid prototyping and embedding.
At least they're not pouring them out into a big common barrel of mixed up potentially explosive goop in the middle of a crowded and poorly ventilated area any more.:p
Tivo has bought up an ancient overly broad patent that shouldn't ever have been granted in the first place, a patent that would have prevented them from getting started if the owner had noticed them and decided to enforce it against them, and are using it to cut down on competition.
If Dish had bought that patent instead, and Tivo was on the losing side, nobody would be defending Dish. And it could have happened that way: that's the way patent trolls work, after all. A stopped clock tells the right time twice a day, and if a broken system NEVER happened to be abused by someone who would have a valid case if the system actually worked as intended that would be surprising... but regardless of Tivo's innovation, they're not being rewarded by the patent system for their own patent that they created as a result of their innovation, they're being rewarded because they happened to buy into a trollable patent before someone else did.
And the purpose of the patent system isn't to reward "first to troll".
The next step is to give each machine a direct Internet connection, with appropriate security technology, skipping the LAN, he predicted.
"The two major barriers are performance and reliability," Whiteley noted.
* gigabit speeds seem fast now, but for LAN traffic they'll start looking slow pretty soon. What will we be needing more than a gigabit to the desk for? I don't know... centralized disk farms with diskless workstations? I just know that "if you build it, they will come".
* Whatever they use >gigabit for, latency will make people concerned about every extra router.
* And they'll need it to be there just to keep the system running. They won't want the desktop coming down just because FLAG got cut again.
* See what everyone else has been saying about security.
I haven't looked in the archives, because there's no bloody way I'm installing Microsoft's next delivery of concentrated FAIL on my computer, but from the current strip it looks like Clippy deserves a home here.
On the contrary. Behaviorism is saying "what we can't explain doesn't matter". I'm saying "we haven't figured this bit out for the body itself yet, and I suspect that it'll turn out to be the same mechanism".
Is it possible for someone to drive a car who has never driven one before?
No, they have to learn how.
And how does that explain that the muscles contracting are quite different when the hand is at different positions on a steering wheel?
It doesn't, any more than it explains how the muscles contracting are quite different when you scratch your head when your arm is starting from your side or outstretched, but you can do either without thinking about it. Hold your hand behind your neck. Touch your nose. Lie on your back with your arm by your side. Touch your nose. Did you think about either? There's a deeper level of indirection between intention and action, yes, but the fact that tools are involved is, I think, a red herring.
So long as the operating system uses and supports open interfaces in a real and effective way, it doesn't matter a damn whether the kernel is Darwin, FreeBSD, Linux, BeOS, NT, or Minix. It doesn't matter whether the kernel is a microkernel, a monolithic kernel, or some unholy blend of the two. The UNIX fanil of operating systems makes the OS technology itself irrelevant, to the point that there are ISPs selling hosted virtual Linux systems that are actually FreeBSD Jails running the Linux emulator... and they work.
The fungible UNIX operating system is so important that even Microsoft has played with being in the UNIX world, even after they bailed from Xenix, when they bought Softway Systems and for a while were releasing Interix for any modern Windows. That's why it doesn't matter, so long as you write your code to be portable on UNIX (and that doesn't necessarily mean "write for POSIX", you have to pay attention to what portability really means) it doesn't matter what OS your customers use to a rather large extent. The OS itself is just an implementation detail, like the screen resolution or nameserver.
I think they screwed up, and brought this on themselves. I already thought that it was annoying having so verbose an identifier... this just makes it more hateful.
If they'd at least made the identifier NOT a URI, something like domain.example.com::[path/]versionstring, or something else that wasn't a URT, so it was clearly an identifier even if it was ultimately convertible to a URI, they would have avoided this kind of problem.
They are trying for the copyright regime in the SF novel "Persistence" by Karl Schroeder.
What they don't seem to understand that this is science fiction not science fact.
(not to mention that their fictional counterparts are the bad guys in Persistence)
"Only 3 percent of the vulnerabilities that are discovered are ever exploited," he said. "Yet there is huge amount of attention given to vulnerability disclosure, patch management, and so forth."
And it does not occur to you that this may not be part of the reason that only 3% of vulnerabilities disclosed are exploited. In fact, I would say that three percent is a rather high number considering how many vulnerabilities are patched before being disclosed (at least in the open source world). Concluding that the success of vulnerability management is a sign that it's wasted effort does not seem to be entirely justified.
These vulnerabilities are not at all similar to "firing an arrow through the sunroof of a Ford and kill the driver". An automobile body is not designed to stop arrows, in the first place, and there's little incentive for someone to make such an attack, and there are mechanisms to deter any such potential attacker in other ways. Computer vulnerabilities are similar to being able to push a button and have the car send the contents of its trunk or glove compartment to the attacker... untraceably. Shoudl automobiles suffer such flaws, I am sure that people would be most interested in having them discovered and fixed!
But in 1995 I honestly believed that no company would be stupid enough to automatically run code delivered in an email message, and in 1997 that Microsoft would be forced by public opinion to back down on the obviously absurd integration of the browser and the desktop, and in 2000 that people would reject an operating system with components to lock them out of their own computer... after all, dongles had proven to be a passing fad, surely people were wising up to things like this.
I no longer believe in any limits to the complaisance and naivete of the computer-using public.
I can understand some of the reasoning behind it, but I think this is mostly one giant ego trip. Ooh the CIA took a look at us, we are the next battleground, aren't we important!
Right, the CIA and the Washington Post are run by teenage kids in their parents basements.
FTA: "... Linux microkernel ...".
Can someone please explain to me why an electronic voting machine is a Bad Thing(tm)?
If something goes wrong with your ATM you know it happened right there when it happened, you contact your bank and get it fixed right then. And even then, you don't really *trust* the ATM. At least I hope you take your paper receipt, and check your balance, and if they don't match you can STILL call the bank about it.
If something goes wrong with your voting machine you NEVER know about it, because you don't get any feedback (like, you know, the money doesn't come out). So what you need to do is to take your paper ballot from the machine and put it in a box and make sure that the boxes and the papers are safe and *those* are what need to be retained for a recount when someone thinks things don't match and needs to "call the bank about it".
While they may help reveal specific information about vulnerabilities, which is good, they don't provide much useful information about the security of the systems being attacked.
Cool.
:)
And googling around after posting that I found your interview with David Brin and Bob Forward, and also an online copy of Brin's Tank Farm Dynamo... which for some reason I had remembered as being by Robert Forward. Maybe that was in a parallel universe...?
I gotta say, the internet's getting pretty damn good at instant gratification. I can't recall the last time I went downtown to the library... no, I can, it was at least 10 years ago, and I was looking for a copy of the August 1976 BSTJ.
Found it, too.
You're offering 50 gigabytes. Time Warner is apparently considering offering 5, 10, or 20 gigabytes. Their *high end* plan is stingier than yours.
Ah, you mean "handles pointers as if this was 2008".
:p
What, me cynical?
Hell yes.
Hmm...so are you advocating writing GUI apps completely in Tcl, or writing the app in some other language, but doing the GUI parts in Tk?
Depends on the problem you're trying to solve. Both approaches work, so does writing the GUI in Perl/Tk or Scheme/Tk, or even using a captive Tcl interpreter for the GUI under your scripting language of choice. If Perl/Tk is not being maintained, that's a problem, of course. I'm not sure what you mean by "handles pointers as if this was 1978", unless you're talking about pre-unsigned code that used (char *) as an integral type to get unsigned integers. Only half-smiley: I'm old enough to remember that kind of hack.
I would personally stick with Tcl, because I'm big on reflective languages and languages with simple syntax like Forth, Lisp, Smalltalk, and Tcl. If you're not, well, it's a fun way to code.
As for "learning a new language"... pretty much any GUI library has more to learn than the amount of Tcl you need for writing the Gui in Tk. The Tk part of the process is much more work than the Tcl part, especially if you start off in Tcl/Tk 8.5 and Ttk.
The only important part of the superbowl is the halftime commercials, right? And they'll all be on youtube anyway...
I love the credits on that paper. I recognise John Cramer and Robert Forward as physicists and novelists, is Gregory Benford the physicist the same person as Gregory Benford the novelist?
If what I want to do is supported by the widget set of Tk (and it's just been significantly enhanced with Tcl/Tk 8.5) that's what I'll use. It's BSD-style licensed, runs natively on X11, Win32, and Cocoa/Carbon, and was designed from the start around rapid prototyping and embedding.
It's "if Trolltech stops development".
Ah, my mistake, apologies.
Why was President Bush holding it prisoner in the first place? This is more fallout from 9/11 and the War on Scapegoats, isn't it?
At least they're not pouring them out into a big common barrel of mixed up potentially explosive goop in the middle of a crowded and poorly ventilated area any more. :p
Tivo has bought up an ancient overly broad patent that shouldn't ever have been granted in the first place, a patent that would have prevented them from getting started if the owner had noticed them and decided to enforce it against them, and are using it to cut down on competition.
If Dish had bought that patent instead, and Tivo was on the losing side, nobody would be defending Dish. And it could have happened that way: that's the way patent trolls work, after all. A stopped clock tells the right time twice a day, and if a broken system NEVER happened to be abused by someone who would have a valid case if the system actually worked as intended that would be surprising... but regardless of Tivo's innovation, they're not being rewarded by the patent system for their own patent that they created as a result of their innovation, they're being rewarded because they happened to buy into a trollable patent before someone else did.
And the purpose of the patent system isn't to reward "first to troll".
Ha! Don't let them know there's a back door to their luciferous lunacy. :)
* gigabit speeds seem fast now, but for LAN traffic they'll start looking slow pretty soon. What will we be needing more than a gigabit to the desk for? I don't know... centralized disk farms with diskless workstations? I just know that "if you build it, they will come".
* Whatever they use >gigabit for, latency will make people concerned about every extra router.
* And they'll need it to be there just to keep the system running. They won't want the desktop coming down just because FLAG got cut again.
* See what everyone else has been saying about security.
I haven't looked in the archives, because there's no bloody way I'm installing Microsoft's next delivery of concentrated FAIL on my computer, but from the current strip it looks like Clippy deserves a home here.
That smells a bit like behaviorism.
On the contrary. Behaviorism is saying "what we can't explain doesn't matter". I'm saying "we haven't figured this bit out for the body itself yet, and I suspect that it'll turn out to be the same mechanism".
Is it possible for someone to drive a car who has never driven one before?
No, they have to learn how.
And how does that explain that the muscles contracting are quite different when the hand is at different positions on a steering wheel?
It doesn't, any more than it explains how the muscles contracting are quite different when you scratch your head when your arm is starting from your side or outstretched, but you can do either without thinking about it. Hold your hand behind your neck. Touch your nose. Lie on your back with your arm by your side. Touch your nose. Did you think about either? There's a deeper level of indirection between intention and action, yes, but the fact that tools are involved is, I think, a red herring.