Slashdot Mirror


User: argent

argent's activity in the archive.

Stories
0
Comments
12,456
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,456

  1. Re:The problem is... on Former CIA Head Calls for Limiting Access to the Internet · · Score: 1

    If you want the Internet to be all encompassing and for everybody, then you have to assume that the majority of users will be ignorant towards security.

    At first, yes. And I don't expect them to become security experts. I *do* expect them to become aware that running Microsoft Outlook or Internet Explorer is a bad idea for the same reason that taking their pay in cash and carrying hundreds or thousands of dollars on their person is a bad idea.

    That's not the user's problem for using what they think is legitimate software. It's Microsoft's.

    Microsoft is a corporation. The only reason a corporation changes its behaviour is because it costs them more to keep doing things the old way. The only way that Microsoft is going to change is if it costs them more to distribute inherently insecure software. The only way that's going to happen is if people are aware that security matters and act accordingly.

    Internet Explorer and Outlook were known to be inherently unsafe almost a decade ago. Microsoft doesn't need to be educated about the problem, they knew about it in 1997. They just didn't have any business case for changing the design until enough people started to take security seriously that it looked like it might cost them sales.

    Writing laws about what kinds of computer systems are allowed to connect to the Internet will not solve the problem. You don't imagine for one minute that Microsoft will be denied a license under whatever laws that result, do you? There's no way that would happen under any administration. More likely the people running locked-down OpenBSD-based firewalls will get the short end of the stick, and Microsoft will release some more homeopathic security patches that pop up more annoying dialogs that make people think they're taking security seriously, and leave the deep security flaws unchanged.

    The only thing that will is for people to quit treating insecure software as legitimate. And the only way that can happen is by educating them. Is it likely to happen? I can't say I'm optimistic... but it's sure as hell more likely than George Tenet's control-freak fantasies will actually do anything to improve security.

  2. Re:Inferior & Vulnerable tools is the weakness on Former CIA Head Calls for Limiting Access to the Internet · · Score: 1

    I think the idea in this discussion is that computers on the net are "horribly dangerous crackpot contraptions" as you say

    But computers on the Internet are not "horribly dangerous", unless they are directly in control of some device or system that can hurt people if it's misused.

    That is, if you don't know how to drive and you get on the road in your car you're likely to hurt or kill someone. If your car has no brakes you're likely to hurt or kill someone. If you don't know how to use your computer, or your computer is unsafe, you may inconvenience people but you're not going to hurt or kill someone.

    Computers that are like cars, in that they are inherently dangerous because of the way they're being used, those have some justification in being treated like cars. Most people's computers aren't like that, they're like someone walking along the sidewalk.

    What George Tenet is saying is that because someone on the sidewalk might throw stones at cars, and some of those cars may be carrying money or weapons, we should restrict who should be allowed on the sidewalk.

    What I'm saying is "don't carry your valuables in a Yugo with 'driver carries $1,000,000 cash' or 'get your nukes here' painted on the side, carry them in unmarked armored cars". Don't run critical applications over unsecured links.

  3. Re:Inferior & Vulnerable tools is the weakness on Former CIA Head Calls for Limiting Access to the Internet · · Score: 1

    Sir, may I see your driver's license and registration please?

    "I don't have any."

    Sir, please step out of the car......

    "What car? I'm walking."

    Cars are licensed because they are horribly dangerous crackpot contraptions that are likely to kill people if the operator's attention wanders for a moment.

    There are computer systems like that, and I'd be happy to require systems like industrial control systems or life support and medical diagnostic equipment to be certified for the environment they're expected to operate in. Of course that would mean "no routed connection to the public internet is permitted while operating this equipment" in most cases.

  4. Re:The problem is... on Former CIA Head Calls for Limiting Access to the Internet · · Score: 1

    It's the industry's fault for not pushing for tighter controls on the equipment that provides Internet access points.

    The only way to do that would be to lock up the basic networking protocols so you couldn't implement an Internet access point on a Palm Pilot.

    I don't believe that people should be held accountable for knowing security inside and out.

    I believe that people should be willing to know the basics of security and behave appropriately. People who wouldn't dream of using a knife that's fallen on the floor are perfectly willing to do the Internet equivalent of running barefoot over broken glass in a "hot ward". People who avoid eating potato skins or sushi because an "expert" told them there was a remote chance of poisoning won't accept the word of an expert who is AT THAT MOMENT cleaning 87 spyware applications and Blaster out of their computer that Outlook Express is a bad choice of email application.

    I don't believe that people should be held accountable for knowing security inside and out.

    I believe that they should at least realise that security matters.

  5. Re:The iPod merely brought attention to iBook or G on Some iPod Fans Dump PCs For Macs · · Score: 1

    Let's close that $300-computer red-herring of yours first:

    For college kids scraping pennies together there's Apple credit accounts that work like a credit card.

    The target audience for such a system would be...cheapskates

    if you can save up $300 over a couiple of months...

    *sigh*

    For a lot of students, a hundred bucks extra a semester means they can afford current textbooks. They're eating rice and beans because cup-a-ramen is too expensive. If a computer was still a luxury rather than a necessity, as it was when I was at college, they wouldn't have one at all. They're not "cheapskates". I'd go on, but I'm afraid I'd start getting sarcastic about your idea of the economic realities for most high school and college students.

    Back to the $600 computer that I was actualy talking about.

    For offices an all-in-one iMac or eMac would be a better deal than a headless system.

    The new iMac, maybe, but it's way over our per-desk hardware budget and getting a machine that's not running Windows into the office is hard enough as it is. The eMac? Give me a break: we've pulled monitors off people's desks that were better than the one in the eMac because people were complaining about their quality.

    The eMac's monitor easily rivals the "free" 17" CRTs that come with some Dell and HP systems after rebates and such.

    There are a lot of lousy 17" monitors out there, but most of the ones I've seen, including cheap ones, are better than the eMac's. The cheap 17" on my desk right now is why I don't have an eMac right now because I couldn't bring myself to spend $500 on a *used* eMac and risk straining my aging eyes any further.

    If people buy these and no other Mac software it doesn't entice anyone to make more Mac software.

    OK, I could maybe see this reasoning for your $300 fantasy computer, but $600 isn't a "cheapskate" price for a computer. It's a modest but still "mainstream" price for a computer. A $600 computer and a good monitor puts you at Apple's entry level price for the eMac: a $600 "iSlab" is right smack dab on target for the market Apple's going after right now.

    Except it's going after it with something that people are likely to actually buy. Why is that a bad thing?

  6. Re:The iPod merely brought attention to iBook or G on Some iPod Fans Dump PCs For Macs · · Score: 1

    The crowd that buys the $300 cheapo PCs is not one that any computer company truly wants as customers. They will not likely be repeat customers because they will always go for the best apparent deal.

    Maybe, though a hell of a lot of them are just young and in high school or college and $300 is a lot of money for them now... but if you can get them buying Macs now they'll keep buying them when they can afford to drop a grand on a computer.

    But, I don't see what your point is: I didn't suggest Apple sell a Mac to compete with the $300 PC. The price I suggested was, in fact, precisely twice that: $600 is a pretty mainstream price for a PC if you're not going for a hot gaming box.

  7. Re:No OS is 100% secure on Security Vulnerabilities Discovered in WinXP SP2 · · Score: 1

    And Windows XP Embedded; it uses the same binaries as normal XP but ALL the components are optional. Every component of the shell. Every driver. Even Win32 itself is optional.

    Yeh, that's what you'd start with to build my fantasy "NT without Windows" platform.

    My position is that Windows, espescially the shell, is quite bad at protecting a user from himself. But then again, how many operating systems targeted at consumer use are good at this by default?

    Pretty much everything else is light-years better than Windows, now that classic Mac OS is out of the picture. Even Lindows (whoops, I mean Linspire), which logs you in as root by default (which is enough for me to reject it completely), doesn't give you a browser or shell that's as broken as Explorer.

    NT has a lot of security potential, more than capable of securing the system, that higher layers (the shell), poor defaults, and average users do not make use of.

    That's about where I started this side-thread, except that I would say "the higher layers (the shell, COM, .NET, etc...) do not make effective use of, and there's many components that simply can not be secured no matter how expert you are".

    And it's not just the shell...

    I recently asked one of Microsoft's security guys on his blog how I could lock just the networking down, to the point where no Windows services would be listening to the external interface even without a firewall. That is... the default situation on most other desktop operating systems these days. He suggested using IPSEC.

    :)

  8. Re:The iPod merely brought attention to iBook or G on Some iPod Fans Dump PCs For Macs · · Score: 2, Informative

    I am constantly amazed by this comment about "If only Macs were cheaper".

    Why? People do care about price.

    Apple simply doesn't make a machine that can sell into the entry-level market. When Joe User can get a mini-tower PC with a flat panel for less than an eMac, he isn't even going to look at an iMac.

    And Joe already has a PC, so upgrading to a desktop Mac is even less attractive, because he's already got a monitor he's happy with: it's almost certainly a better one than the eMac's (which is why the eMac doesn't interest him).

    If Apple took the entry level eMac, stripped out the CRT, and stuck the rest in a pretty slab like the NeXTstation... and sold it for $600 (about the price of a good 17" CRT below the eMac) then they'd have something that Joe User could replace their PC with that only seems a little bit overpriced.

    And now that Joe's looking at Macs, that iMac looks pretty damned cool.

    And Apple would win, because they'd still get decent margins from the G4 "iSwitch" slab: it's still a good 50% more expensive than a comparable desktop PC.

  9. Re:Sorry, price isn't stopping you from getting a on Some iPod Fans Dump PCs For Macs · · Score: 1

    not a laptop- Mac laptops are pretty damn price-competitive with PC laptops

    Assuming you don't care about screen resolution. I can get a Thinkpad with 1400x1150 for the price of an iBook with 1024x768. I realise some people consider high resolution on a laptop irrelevant, but if you're playing fair you have to count things like this.

    not a consumer-level Mac- Prices are also very competitive

    The entry level eMac goes for $800, with a mediocre 17" display, mediocre video, and an inconvenient design. I was able to go to HP's website and come up with a system with a better video card and a good 15" flat panel display for less than the eMac... a comparable eMachines all-in-one is significantly less.

    The iMac is priced like a decent gamer PC. It's beautiful, slick, elegant, efficient... but it's not really in the consumer price range.

    Not a used Mac

    Even a first generation iMac is over $100, a Blue-and-White Powermac is more like $200. People are advertising, and getting, several hundred dollars for reasonably equipped (for Panther) AGP G4s. A cheap used Mac that can run OS/X well requires getting a bargain on something like a Beige or B&W G3 and then spending a lot of time and money on upgrades... to the point where you're in new-PC territory again. AND you're getting the headaches of a build-your-own.

    E-Machines: http://www.emachines.com/products/products.html?pr od=eMachines_T2862

    $400, 2.66 GHz Celeron, 256M RAM, 40G hard drive, no monitor. A 17" Trinitron from someone like CTX will set you back $100-$200.

    For $400 you're going to get an older G4 AGP, maybe around 500 MHz, or an eMac (if you can stand the screen) around 700 MHz. If you want a comparable used PC, maybe 800-900 MHz, you're looking at $150 or less.

    Macs hold value much better than PC's

    Indeed. I'm not saying the higher price isn't justified, but claiming that price isn't an issue is silly. If anything, it's at the high end that Macs become price-competitive with PCs, because all Macs, even the iMac, are high-end products.

    The eMac is really the closest thing they have to a low-end Mac, and it's not exactly cheap.

  10. Re:Alternate Reality dream... on Will Open Source Solaris Kill Linux? · · Score: 1

    Mach+Cocoa+Quartz+Aqua are really just NEXTstep

    That's right. They're NeXTstep. They're not the hosted OpenStep you were referring to. That OpenStep, the one ported to run on Windows and SunOS was not the whole of the thing.

    It wouldn't be just a matter of replacing the Mach/BSD part with Solaris 10 as it is, you'd need to either redesign Quartz and Aqua significantly or redesign Solaris. Well, that, or dump all the eye candy and make it look like NeXTstep or CDE. :)

    The point is that abandoning PowerPC would really hurt.

    It would be stupid. Like I said, Sparc has always been an anemic architecture. People didn't buy into Sparc because it was a red hot CPU, they bought Sun boxes because of the software base... but that software base is used to recompiling to eke the last skerrick of performance out of the system.

    I could see Apple coming out with an x86 version (and you hinted at that), but Sparc? "I don't know why you'd bother, though... Sparc's a pretty anemic CPU."

  11. Re:No OS is 100% secure on Security Vulnerabilities Discovered in WinXP SP2 · · Score: 1

    I think I can close off a lot of side threads here by concentrating on this one question:

    Are you saying that corruption of Win32's state is unavoidable due to its design, or that Win32 adds too much attack area?

    This brings up two questions.

    First, what part of the system are we talking about.

    I'm talking about the components that provide the API that Windows applications call. While, technically, you could probably come up with an OS design that used Win32 but excluded everything outside it (COM, ActiveX, etcetera), that OS doesn't exist and is unlikely to exist: Microsoft targets that part of the market with Windows CE.

    I don't think it's meaningful to talk about the security implications of Win32 without considering the rest of the shared software... the system software... that rides on it.

    Secondly, what's inherent in the design, and what's an unavoidable outcome of the complexity of the design and the richness of the API? Again, I don't think it's meaningful to distinguish them. Microsoft isn't building back to a secure core, dropping functionality and rearranging the design to factor out potential attack paths: they're leaving the system largely untouched, lest they break an application, and adding new features. This is normal: all operating systems follow this path and only rarely do you get a significant non-backwards-compatible API change.

    The result of all this is that there are hard security problems are inherent in the design of Windows: it's large and complex with a rich set of communication mechanisms that expose a lot more "surface area" to attack, and it's not practical to reduce this surface area unless you're Microsoft, or even if you're Microsoft.

    So the answer to that question is "yes".

    I don't have time to properly answer the rest of your comments, I've been waiting 10 minutes for the linux tarball you pointed me to to downnload and unpack, and I have to go to work.

  12. Re:No OS is 100% secure on Security Vulnerabilities Discovered in WinXP SP2 · · Score: 1

    Win32 has to use kernel syscalls to do things, too. Win32 is an environment subsystem. It exists to provide an environment (and the services needed to implement it) that is different than the native environment...

    By Win32 I mean everything that a Windows application calls or passes control to that isn't in the kernel.

    Yes, I know it has to use kernel system calls to perform I/O and IPC and so on. It still maintains shared state that can lead to security violations if it's corrupted, so that internal state has to be considered part of the trust boundary.

    Server and Workstation actually mean SMB Server and SMB Workstation.

    The corresponding components in UNIX include the native UNIX network file systems as well as Samba: Most UNIX systems only use Samba for compatibility with Windows... like a kind of FTP, they use NFS (or occasionally RFS or AFS) to communicate with their peers. Apart from older Linux systems NFS is a kernel component.

    Something like the mass of shared memory blocks and pipes that X uses?

    X is commonly used on UNIX, but it's not really part of the OS. You can easily install a UNIX system with no X servers or even clients, and it works just as well as one with. My free UNIX of choice doesn't even have X in the basic install, it's an optional component.

    Also, the shared memory extension to X is a performance enhancement. X will run over any communication channel that provides a single reliable buffered stream.

    XP SP2 has 285 syscalls. Linux 2.6.7 has 268.

    Linux is a particularly profligate implementation of UNIX, yes, but I suspect that count's significantly inflated. If it's based on listing the number of files in /usr/share/man/man2 (the usual way of counting) that includes multiple entries for most system calls... exec(), for example, is one system call but 8 entries. On Linux I've also seen things in section 2 because they've traditionally been there, after they've been made library routines.

    If you were to count Windows XP system calls the same way they'd number in the thousands.

    It's not about overhead, but about compatibility. Too many programs broke because they didn't know how to communicate with other sessions correctly.

    It's all part of the same distinction. If your communication is over a buffered stream, you don't need to know what's at the other end.

    Users are allowed to CREATE files only and the creator of a file has full access. [...] It's like giving a user access to /tmp; this is just a specialized temp directory.

    Except it's a specialised temp directory that's on the same filesystem as things that get very unhappy if they can't create files... and the temp directory on UNIX (which I usually set up as a separate filesystem) is an acknowledged historical dreg. There's UNIX systems with no writable shared temp, apps that write to /tmp or /usr/tmp instead of $TEMP (or the local equivalent) have to be ported.

    How are pipes on NT any different than pipes on UNIX? How is shared memory on NT any different than shared memory on UNIX?

    Don't know about the pipes, but the difference in the shared memory is that interprocess-shared memory on UNIX is a scarce resource that's used reluctantly, usually within the same security domain. There's historical reasons for this, but sharing memory with a potentially hostile application is not something that's commonly done. The extra copies, as noted, produce some overhead that doesn't exist on NT, which is why there's optimizations like the shared memory extension in X.

    From the docs for lsof, there seems to be an awefully large quantity of object types... 66?

    Depends on the platform. These are internal object types, anyway... the distinctions between them aren't generally visible outside the kernel unless the application goes out of its way to figure them out.

    The UNIX

  13. Re:Alternate Reality dream... on Will Open Source Solaris Kill Linux? · · Score: 1

    1. Cocoa is OpenStep, updated. Quartz and Aqua are replacements for the display components, written from scratch. Carbon is Apple code, and quite a different framework.

    2. The portable OpenStep didn't contain a lot of components that are in Mac OS X: drivers, kernel extensions, all of that comes from NeXTstep.

    3/4. Of course the OS is portable. So's Darwin: it already runs on PPC and Intel. Porting Darwin to run on Sparc wouldn't be a big deal.

    Porting OS/X to the Sparc platform, or porting Cocoa (but not Carbon) and re-implementing Quartz and Aqua (maybe using the Berlin code-base) on top of Solaris, either of these would be relatively easy, but the former wouldn't be Solaris, and the latter would require a porting effort for pretty much every OS/X application that isn't pure Cocoa.

    The Sparc-Power-PC thing wouldn't be a big deal. Porting from PPC to Sparc would be easier than porting to x86, because both Sun's Sparc API and Apple's PPC API are big-endian. I don't know why you'd bother, though... Sparc's a pretty anemic CPU.

  14. Re:Linux isn't about the OS... on Will Open Source Solaris Kill Linux? · · Score: 1

    I'm not talking about corporate backing here. Linux got major corporate backing despite the GPL because it took off.

    IBM is not about to release a bunch of software to FreeBSD so Microsoft can just use it without paying them any money.

    IBM can take BSD-licensed software and release their enhancements under a license that keeps Microsoft's grubby hands off it. In fact they do do this, and did it long before they touched any Linux code.

    Linux can take and use BSD code and release it under a GPL license

    Depends on which version. They used to complain bitterly about the attribution clause, until the Berkeley people took it out.

    By commercially here I mean use it in proprietary software.

    Microsoft ships both GPL-ed and BSD-licensed code in proprietary software distributions.

  15. Re:FireFox NOT ready for prime-time on FireFox Sets the World Ablaze · · Score: 1

    You can check it out in the Bugzilla database if you like. Why don't you do that instead of just posting what you recall from Fudzilla?

  16. Re:Tried Firefox but went back to IE6 on FireFox Sets the World Ablaze · · Score: 1

    Remind me why I should be using Firefox?

    Tabbed Browsing.
    Flashblock Extension.

    With my IE security settings set to High[...]

    Personally I find the "Some website is doing something suspicious, do you want me to freak out" dialogs much less annoying than the sites that are a little funny-looking because the site designer chose to code for IE only.

    I've yet to find a site that I can't browse in Firefox. Just a few that have CSS DIVs running over the side or bottom of what IE thinks are their containers.

  17. Re:Alternate Reality dream... on Will Open Source Solaris Kill Linux? · · Score: 2, Interesting

    Nothing makes [darwin] have a selling point other than it exists and it is freebsd-like.

    OS/X is full of Mach dependencies, which means that Solaris would need to go through the same process as FreeBSD did. The result would be Solaris-like, but porting the high-end capabilities of Solaris to the result would probably not be a whole lot easier than keeping the existing Darwin kernel and porting Solaris components to it.

    And THAT would be like giving Solaris a big old dose of Metamucil. Clear out the System V junk from its digestive tract, upgrade the 4.3-based parts to 4.4, and get that good old SunOS 4 vim and vigor again...

  18. Re:Maybe, depending on how you define kill on Will Open Source Solaris Kill Linux? · · Score: 1

    Sun uses a real open source license - meaning GPL compatible.

    Well, LGPL-compatible at least.

    Sun doesn't reserve major high end components of the system.

    Remember Net/2 and 4.4-Lite?

    If Sun's like every other commercial UNIX I've seen, they've got all kinds of third-party licensed software in there, and at least some of that isn't going to get open-sourced. What part of that is going to be in the "major high-end components"? I don't know, but I know which way I'd bet.

  19. Linux isn't about the OS... on Will Open Source Solaris Kill Linux? · · Score: 2, Insightful

    Well, the site's been slashdotted...

    Linux isn't about the OS, it's about the community. At this late date, could any kind of realistic Open Source Solaris get the kind of mindshare Linux has among the people who are in a position to do something useful with it?

    The Linux distros only had a year or two community-growth head start over the BSD releases, for example, and BSD was much further ahead of Linux technically... but Linus had the right formula and Linux took off.

    Now the distance between Red Hat or Suse and Solaris is much less, and Linux has been growing as an open source OS for a decade and change... I don't see any reason to worry about an Open Source Solaris kicking its butt.

  20. Re:No OS is 100% secure on Security Vulnerabilities Discovered in WinXP SP2 · · Score: 1

    Apps cannot create under-the-table-magic communications pipes.

    I wasn't suggesting they could. What I was talking about was the fact that the stuff that's passed THROUGH these pipes that Windows provides is far richer and exposes far more of the state of the objects on the far end.

    it's the same way that RDP works.

    As far as I know, RDP is based on Citrix technology. Citrix lets GDI write into a screen buffer and then transmits bitmaps (delta-ed and compressed, of course) of what's changed. NTerprise operated at the front end: the calls never hit a local screen buffer.

    The difference is that NTerprise exposed the latency of the communications channel to the application, whereas Citrix hid it from the application (but exposed it to the user: what the user sees is no longer in sync with what the application thinks they see).

    The result was that when an application performed lot of redundant lockstep operations, you got to see them happening. So you could see how applications came to depend on the high-performance low-latency communication channels that would be compromised if NT restricted them to UNIX's tightly controlled buffered stream.

  21. Re:No OS is 100% secure on Security Vulnerabilities Discovered in WinXP SP2 · · Score: 1

    "Win32 includes [...] large parts of what in UNIX would be kernel modules. Take that out and you're left with less than the UNIX kernel.

    I thought that the NT had more, not less things running in kernel mode.


    I'm not saying that NT components have dependencies on Win32 components, I'm saying that the division of responsibilities between applications, Win32 modules, and the NT kernel are such that where a UNIX application would make a system call to the kernel and back out, an NT application may end up with the same operation implemented in Win32.

    One thing in particular that I believe is largely a Win32 construct is the application-visible filesystem forest. It's built from bits of the much larger NT namespace hierarchy.

    Also, I'm not talking specifically about services, some of these components are almost certainly going to be implemented as ahared libraries. But here's a few services that would I believe would be kernel components in UNIX.

    Plug and Play.
    Server, Workstation.
    HID Input service, et al.

    there is no such thing as THE UNIX kernel.

    That's a bit of a red herring. There are multiple implementations of the UNIX operating system, but with few exceptions they all (even most of the so-called microkernels) share the same basic design of a single process structure that switches between user and kernel mode using a common system-call interface, with a fairly small collection of fairly abstract system calls with comparatively tightly defined behaviour.

    "the design of the Win32 subsystem practically invites them in."

    Invites? How's that?


    ActiveX, the MS HTML control, "security zones", the complex networking model, the low level APIs, the uncoordinated layering, the unvalidated context switches.

    Just because the security model is complex, doesn't mean it is broken.

    The complex security policy makes it much harder to keep it from being broken. This is true for UNIX as well: where security decisions are put in applications (either explicitly, with setuid/setgid, or implicitly because they're being performed by daemons on behalf of users) there tend to be more problems. The UNIX equivalent of these privilege-boosting attacks is applications running with more privileges than are really needed, such as mail or printing software running as root instead of a unique user-ID.

    The difference is that I can go in and replace sendmail or lpd with a newer version, or with a different implementation. In Windows I still have to let people who want to be able to print write to the spool directory.

    For the last part, I don't understand what you are trying to say; how is this different from any other security model?

    In UNIX, I don't have to grant anyone any greater OS level privileges to allow them to print. They don't have to be able to write into a spool directory, instead the application they call to perform the operation is granted that right.

    The only way to request services of the kernel is through the system call interrupt, and all those functions are exported by ntdll.dll.

    I'm not talking about requesting services of the kernel explicitly, I'm talking about passing information in general between components (kernel or not) inside different security boundaries. Some of these security boundaries aren't even things the kernel is aware of, like the one between a web browser and the desktop. In UNIX there's a system call interface, and that interface knows the sizes and locations of everything that's passed to it. It's very simple, and in some areas there's more overhead than there is in Windows as a result, but the result is a system with few dar corners that are hard to understand.

    In Windows there's some very high level and commonly used APIs that pass complex objects into the kernel and out again, where they get unpacked and referenced through (via shared memory or, unless I'm mistaken, via impersonation) back in user mode in a diffe

  22. ESR's analogy was all screwed up... on Linux 'Awfully Cathedral-Like' - Java's a Bazaar · · Score: 3, Interesting

    The reason people get confused about the Cathedral and the Bazaar, and why Schwartz isn't the first to consider Linux pretty cathedral like, is that the way real cathedrals were generally built pretty closely followed ESR's "bazaar" metaphor, with thousands of just-ordinary-folks with a huge variety of skills popping in to do their part. The architect/builder (or builders, for many cathedrals took generations to reach their final form) had far less control over the implementation than Linus does.

    Eric really needs to take a step or two back and ask if he really said what he thought he said.

  23. Wait until he hears about Everquest. on Internet Porn More Addictive Than Crack, Senate Told · · Score: 1

    Porn? Bah, a trifle. Usenet? A blip on the screen. IRC? IM? That's so five-minutes ago. Slashdot? Blogs? Soft drinks! No, no, the real tools of the demon Internet are far more powerful than these.

    MMORPGs.

  24. Re:Open Source vs Open Systems on Sun-isms Debunked · · Score: 1

    If someone else has the right to pull those out and compile it on whatever platform combination they choose, then that is open, as defined by the open source / free software community.

    And that's exactly the point: the definition of open as defined by certain parts of the free software / open source community is not the only valid definition, and the one that Scott appeared to be referring to is also valid... and more important than a lot of people seem to think.

    The comment you quoted isn't intended to be an argument against open source software, but instead an argument for awareness of the open systems ideal. It's an ideal, if course, not a hard rule: if you absolutely need to depend on an extension to an interface... because it's got functionality you need, or it's significantly more efficient, then you have to use it. But if you don't need to, it's no great burden to write a little more code to avoid that dependency. And that's not done nearly often enough: lot of free and open source software is full of things, like the "?:" shorthand in GCC, that are little more than convenience features.

    And the dig in the original article about the meaning of "open" shows the same kind of thinking. If the only "openness" a developer worries about is using the right license, their code can end up just as dependent on a specific implementation of an API or other interface as if they'd written it to a completely proprietary one.

    Open systems and open source software are both important. But they're not identical, and neither automatically follows from the other.

  25. Open Source vs Open Systems on Sun-isms Debunked · · Score: 5, Interesting

    McNealy equates "proprietary" with "interoperable only with the same brand." While that may be true from a narrow frame of reference, the free software world tends to use a different definition; when we say "proprietary," we mean that all of the rights to that software are locked away from us.

    Back in the old days, before RMS and ESR got into a fight over what free meant, and we just gave away our code because we thought it was cool what other people did with it, proprietary meant "you buy this, you're stuck with it". Open systems, whatever the status of their code base, were a response to that.

    Write your code to an open API and it'll run, with some effort, anywhere that API was implemented. If you used a proprietary API, you had to either rewrite a lot of your code when you wanted to transport it, or create your own transportable API and port it to each platform. One of the reasons UNIX was so popular is that the API was abstract, distant from the implementation, so it served BOTH purposes well enough that everyone, Microsoft included, ended up with UNIX emulation of some kind or another.

    But benefiting from an open system requires remaining aware of the open API and what's not open. And this gives a back door for proprietary interfaces to sneak in again. You can get yourself locked in to an API without intending to. It takes effort to fight that, and a lot of the open source community doesn't seem interested in spending that effort. Apart from the unnecessarily complex X11 toolkit situation, there's just too much code that depends on proprietary GCC features, or on specific extensions to open-source versions of open-systems tools.

    So McNealy is quite justified in using proprietary in terms of interfaces and protocols, and there's a lot of open-source developers out there who ought to pay attention. The source isn't enough. If we have to pull things like "a ?: b" out of your code to get it running on other implementations of open systems, then your software isn't as "open" as you think it is.

    Whether Solaris is actually as open, in this older sense, as Scott would like you to think it is... possibly not. Sun's played the 'stealth extensions' game themselves in the past. But that's a different matter. I'm only talking about the meaning of the word here.