Well, that's a bit like saying 32-bit unix look-a-likes doesn't take full advantage of the 32-bit architecture, because they usually don't rely on LDT for execution. Since W95 that most of the "DOS" subsystem was served by "virtual" interrupts, a common technique that involved a DPMI layer and a call gate (the same technique was used by DOS extenders such as EMM386). Shure, there was a lot of legacy code, but just because int 0x21 had a valid handler it doesn't mean it's DOS. The same way people don't complain when, for example, run a Vesa 1.2/2.0 text terminal on a modern Linux machine (it envolves switching to v86 mode).
Welcome to both opensource (if you want it fixed, download de source and do it yourself) and slashdot!(the opensource program I use for a given function is perfect and it has no bugs or side effects)
Also, where's the software repository so that I can install software from a known "good" source and have updates to all my software applied with just a couple of clicks?
And that is an advantage how? Many professional programs for desktop use are paid, regardless of the operating systems. Do you have them available on that "good" source? Because if all you want is all those freeware apps packaged, you have "sources" like ninite that already provide that for you.
I've actually found driver support in Windows to be extremely flaky. I've had old hardware refuse to work under Windows 7 as the only driver available is a 32bit WinXP one. I've heard stories of scanners and printers not working in Windows 7 - I don't know if they're true or not.
Some hardware has shitty drivers, true. But I've yet to find a piece of hardware that doesn't work on Windows.
My experience of loading WinXP onto laptops is typically painful
So, if you load a 2001 Linux distro on a modern laptop, will you expect it to detect your hardware? Or did you forget to make the recovery CD's?
My view is that I don't care what OS other people run as long as we're all using standards that don't care what OS we run.
That is a bit of whisful thinking. You have "de-facto" standards that aren't open nor free. And the availability of the applications needed for a given task usually dictates operating system choice.
I was comparing what you get when you install Windows vs what you get when you install e.g. Ubuntu
But Ubuntu is a "distribution" - a collection of different packages of software. Of course, Linux-based operating systems use the same exact philosophy for the OS itself, but you usually also get "additional software". You could make a "distribution" of Windows for your own use (or for corporate use) with all those software pieces you miss included. Or just go to Ninite and download the EXE and think of it as a "patch".
However, OpenOffice (or whatever it is called today) is IMHO superior to Microsoft Office
That's your opinion - fine. I work with both everyday, and I strongly disagree.
Gimp and Inkscape are great drawing programs.
They are good programs, but not great. And while you can cite 2 popular graphics programs for Linux/Unix (that also run on Windows, btw) there are hundreds of options Windows-only, ranging from Paint.net to Photoshop.
Casual games tend to be cross-platform while hard-core games don't universally work on Windows anyway - this is what a game platform is for
I'm not a gamer, but I'm pretty shure those DirectX9/10/11 games won't run in anything BUT Windows. And are you actually recommending the aquisition of a _proprietary_ gaming system so people can run Linux on their desktop?
The printer "just works" without any need for the user to fuss with drivers.
Just because it prints, it doesn't mean it works, specially when talking about multi-function devices. If you only have a generic driver, you won't get access to specific options on your printer. And I'm still waiting for decent ICC profiling support for CUPS - which, btw, is an Apple product.
The good tax programs are all web-based now.
So, one should trust their tax details to a 3rd party via a webinterface, so one can enjoy the freedom of Linux?
Sharepoint - seriously? - does anyone use that pile of crap?
Considering the amount of development effort made by thousands of Microsoft partners all over the world, and the hundreds/thousands of applications in market today based on Sharepoint, you can bet many many companies rely on Sharepoint.
Most importantly, videos and music plays without a fuss
Except when you try to play those encrypted DVDs you bought. Or decode H264 video files in some countries.
NFS networking actually works all the time, unlike tempermental CIFS.
This one actually made me laugh. Not that CIFS isn't bad, but I guess you never tried to use NFS with auth in mixed environments. Or over VPN links. I guess you are really talking about how shitty Samba is (I use it everyday, and it baffles me how many enterprises rely on it).
And Linux is so much simpler to use than Windows.
It's a matter of opinion. I find multi-monitor support better on windows, with better font rendering, decent dpi settings, usable colormanagement, and a GUI that doesn't look like it was drawn by a preschool kid.
Windows is still dominant because Microsoft uses its monopoly to force manufacturers to charge for it and preinstall it. End of story.
If you're happy with Linux, fine. But Windows is dominant because it's mostly "idiot-proof" (virus aside). And the argument of the OEM deals is a fallacy - most OEM manufacturers do prefer to maintain exclusivity with Microsoft so they are eligible for a discount, not because Microsoft forces them. I can assemble and sell all the computers I want (laptops included) and ship them with FreeDOS, Linux, BSD, Haiku or whatever I want to put on them.
I've seen hand-written assembly listings and guessed correctly how many programmers worked on it, and which ones did what. Most compilers do leave a signature, specially if the code is compiled with optimizations - there are many ways of implementing the same base algorithms, and the key tricks show on the disassembly.
Or just consider that the Borland Turbo Assembler did have "native" OO support, and that there are a ton of MASM OO macros than can be somewhat easily adapted to any modern assembler.
Multiple inheritance isn't a Java concept. It's a OO concept, older than java itself. Also, PHP isn't a OO development language, but a scripting language that supports OO constructs, and the latest releases have been focusing hard on modern OO funcionality. If you don't like a given feature, don't use it. Try do something in java that doesn't involve instantiation of an object.
Re:It's better than Ruby's "best practices".
on
PHP 5.4 Released
·
· Score: 1
Sane programmers however, just use what's best for the job.
This.
Why all the good ones appear when I'm out of modpoints?
Re:advantages of multiple inheritance
on
PHP 5.4 Released
·
· Score: 2
Actually, you *do* have exceptions. And traps. And aborts. In x86/ia32, the first 32 interrupt vectors are reserved for cpu exceptions. In all modern x86 operating systems, virtual memory is managed trough (you guessed it) exceptions.
Regarding the if/else blocks, they are a bit like the bad programmers that use goto because they can't process anything else. How do you think those fancy exception structures are translated? You can quicly slap one of a dozen variants on an assembly project. An easy lazy version? At a given point, you have a var with the offset of the common error handling routine, and you pass as a parameter the error code you want to use and (optionally) the severity. Have a macro created that does something like (push errorCode / call [_errorHandler]). Your error routine will quit on fatal errors, or return to the execution (or change the return path in the stack) just like any other function. the iteration to get error messages? Use arrays of offsets, then add the base address of the offset array to the error code, and this step is similar to many other languages (but in asm you can have funcion offsets to call for specific handlers without using complicated object inheritance).
Re:advantages of multiple inheritance
on
PHP 5.4 Released
·
· Score: 1
Now repeat in assembly.
Just because a given language has goto constructs, it doesn't mean that you need to use them. There are some use cases, (and many other constructs will translate to labels and jumps, so I don't really understand the pavor of using it), and in the example you gave, a poor compiler would produce crappy machine code for the 2nd version.
Yes, you're right - the web isn't a secure way of access shell commands, but you are already accessing a bunch of them (webserver, scripting language, etc). It's not the web application's responsability to ensure that the server has the proper security in place, nor discarding the additional protection given by the commandline parser or limits imposed by the environment buffer is a security measure. The library code will still be executed with the same UID/GID, but in the same process space, which - by itself - exposes the application to a whole new range of security issues. Also, in most environments, it is easier to monitor what is going on at a given step by having a proper process tree than a bunch of libraries linked in, that may mask malicious execution on a busy server.
Regarding web/language security, i'ts like everything else. Security is a process, and benefits from multiple layers. Discarding "one layer" because of poor understanding of system internals isn't a security measure, and promotes lazyness from an administrator point of view. I could say that everyday millions of servers are managed using web-facing executables that fork the apopriate binaries (sshd with scp/sftp support, rsync, etc), with much more success securitywise than any ruby/php/whatever application, but that isn't the issue. The issue is that bad programmers will always do bad code, and linking libraries directly (and at least some libraries I've seen already expect fully sanitized parameterts, so will behave poorly during a break-in attempt) without knowing what's inside won't do any good. It will probably create new security issues.
Yes, but the fact remains that you/rubyists you refer actually didn't write the extension, only the wrapper part. And writing a wrapper is hardly a low-level detail regarding security.
While there are a lot of cases when directly linking to a library makes sense, there are a lot of others it does not. Having loose coupling between a given application and a library allows the application to use different available components, and not a specific one. As an example, imagine if you develop your app with a specific imagemagick extension linked in as a library - yes, you somewhat get faster execution, at the cost of sharing the eventual memory leaks of the library, and giving away the ability to use, for example, graphicsmagick instead. And you don't benefit from the additional checks made by the commandline parser. The correct approach isn't as black-and-white as you put it, as performance and security aren't usually the only concerns.
This is why we write C extensions rather than executing shell commands from web applications, which is asinine.
So what you're saying is that you rely on your own set of utilities developed in C, instead of using the tried-and-true, often secure and in some cases with more than one decade in deployment (as in -stable-) shell commands? And this is your counter-argument to why "rubyists" don't understand security?
I still have a couple of 1st gen PowerPC from Apple. I'd describe them as a 64-bit computer with a 16-bit bus and an 8-bit SCSI controller. You tell me if that isn't crap.
I had a Super Nintendo that stopped working after it was shipped... in it's original packaging 7 years later and no longer worked when it arrived.(...)
None of the game consoles are any good as a long term investment.
The equipments usually have a warranty period for a reason. Every day the equipment works after the expiring of the warranty, is a "gift". Also, most electronics still use traditional electrolytic capacitors. If the devices aren't powered on for a long time, cheaper ones tend to stop working. So, if you plan to keep old electronics around just for the sake of it, power them on at least once or twice every 6 months.
Before it was called multisim, it was called EWB (Electronics Workbench). It was good as and educational tool, and for simulation of simple "almost-perfect" circuits, but for real-life prototyping it was quite limited. Not that today's choices are much better - a couple of days ago I designed an embedded system in ISIS with a microcontroller, connected the TTL-level serial port of the microcontroller to a full blown RS232 connector and it worked without frying the cpu...
9.0 is the first release I remember since 5.0 that actually broke things; I have some un-upgradeable servers with gmirror that will require a clean installation because of incompatibilities introduced. I'm shure that will happen again, as it is an evolving system.
If I recall correctly, there were some major conflicts regarding the design decisions of FreeBSD 5.0 branch. If I recall correctly, Dillon wanted to continue the 4.X work and gradually remove the giant lock from kernel, and other developers wanted to rewrite/re-engineer the kernel torwards multiprocessor support. Dillon left the team and started working on DragonFlyBSD.
It is interesting, all this years later, that it seems Dillon was right. According to the Dfly 2.13 benchmarks, FreeBSD and DFly are close enough to be considered equivalents, and with DFly taking a lead in some tests. AFAIK PostgreSQL isn't threaded so for at least process-based applications, both Dillon's vision and the FreeBSD team turned out to be equivalent. (But the "breaking of things" and funcionality that started with the 5.0 branch was a huge long-term benefit, as it forced the reimplementation of key infrastructure components - network, storage, etc).
If the filesystems themselves are different, why should they bother on standardizing device encryption? The kernel implementations are at this point so different, it is easier to provide reliable encryption within their own framework, than to cater to other's interests.
And, last I checked, TrueCrypt is very strong with Microsoft users (as probably BSD/Linux users have other strong alternatives already in the base system), so I really don't understand your problem.
FreeBSD changes quite a lot between major releases, but usually doesn't break/remake what already exists. There are some few exceptions.
The ports system is also available on Linux; The pkgsrc system (that is used by DragonFly and NetBSD) is available for both Linux and Solaris.
PF is an awesome user-friendly firewall, but it has its limitations on high traffic systems (pf isn't multi-core friendly). Probably NPF will be an option soon.
The documentation is existing, up-to-date and usually accurate.
For servers, there are 4 key awesome technology components ATM - Jails (Linux has namespaces, but I don't know if it's funcional yet), CARP (pf-based redundancy), ZFS and HAST (somewhat equivalent do DRDB).
Slashdot Mirror
Well, that's a bit like saying 32-bit unix look-a-likes doesn't take full advantage of the 32-bit architecture, because they usually don't rely on LDT for execution. Since W95 that most of the "DOS" subsystem was served by "virtual" interrupts, a common technique that involved a DPMI layer and a call gate (the same technique was used by DOS extenders such as EMM386). Shure, there was a lot of legacy code, but just because int 0x21 had a valid handler it doesn't mean it's DOS. The same way people don't complain when, for example, run a Vesa 1.2/2.0 text terminal on a modern Linux machine (it envolves switching to v86 mode).
Welcome to both opensource (if you want it fixed, download de source and do it yourself) and slashdot!(the opensource program I use for a given function is perfect and it has no bugs or side effects)
Also, where's the software repository so that I can install software from a known "good" source and have updates to all my software applied with just a couple of clicks?
And that is an advantage how? Many professional programs for desktop use are paid, regardless of the operating systems. Do you have them available on that "good" source? Because if all you want is all those freeware apps packaged, you have "sources" like ninite that already provide that for you.
I've actually found driver support in Windows to be extremely flaky. I've had old hardware refuse to work under Windows 7 as the only driver available is a 32bit WinXP one. I've heard stories of scanners and printers not working in Windows 7 - I don't know if they're true or not.
Some hardware has shitty drivers, true. But I've yet to find a piece of hardware that doesn't work on Windows.
My experience of loading WinXP onto laptops is typically painful
So, if you load a 2001 Linux distro on a modern laptop, will you expect it to detect your hardware? Or did you forget to make the recovery CD's?
My view is that I don't care what OS other people run as long as we're all using standards that don't care what OS we run.
That is a bit of whisful thinking. You have "de-facto" standards that aren't open nor free. And the availability of the applications needed for a given task usually dictates operating system choice.
I was comparing what you get when you install Windows vs what you get when you install e.g. Ubuntu
But Ubuntu is a "distribution" - a collection of different packages of software. Of course, Linux-based operating systems use the same exact philosophy for the OS itself, but you usually also get "additional software". You could make a "distribution" of Windows for your own use (or for corporate use) with all those software pieces you miss included. Or just go to Ninite and download the EXE and think of it as a "patch".
Parts of the userland of OSX are from FreeBSD, but the kernel isn't. So it's not just "FreeBSD".
However, OpenOffice (or whatever it is called today) is IMHO superior to Microsoft Office
That's your opinion - fine. I work with both everyday, and I strongly disagree.
Gimp and Inkscape are great drawing programs.
They are good programs, but not great. And while you can cite 2 popular graphics programs for Linux/Unix (that also run on Windows, btw) there are hundreds of options Windows-only, ranging from Paint.net to Photoshop.
Casual games tend to be cross-platform while hard-core games don't universally work on Windows anyway - this is what a game platform is for
I'm not a gamer, but I'm pretty shure those DirectX9/10/11 games won't run in anything BUT Windows. And are you actually recommending the aquisition of a _proprietary_ gaming system so people can run Linux on their desktop?
The printer "just works" without any need for the user to fuss with drivers.
Just because it prints, it doesn't mean it works, specially when talking about multi-function devices. If you only have a generic driver, you won't get access to specific options on your printer. And I'm still waiting for decent ICC profiling support for CUPS - which, btw, is an Apple product.
The good tax programs are all web-based now.
So, one should trust their tax details to a 3rd party via a webinterface, so one can enjoy the freedom of Linux?
Sharepoint - seriously? - does anyone use that pile of crap?
Considering the amount of development effort made by thousands of Microsoft partners all over the world, and the hundreds/thousands of applications in market today based on Sharepoint, you can bet many many companies rely on Sharepoint.
Most importantly, videos and music plays without a fuss
Except when you try to play those encrypted DVDs you bought. Or decode H264 video files in some countries.
NFS networking actually works all the time, unlike tempermental CIFS.
This one actually made me laugh. Not that CIFS isn't bad, but I guess you never tried to use NFS with auth in mixed environments. Or over VPN links. I guess you are really talking about how shitty Samba is (I use it everyday, and it baffles me how many enterprises rely on it).
And Linux is so much simpler to use than Windows.
It's a matter of opinion. I find multi-monitor support better on windows, with better font rendering, decent dpi settings, usable colormanagement, and a GUI that doesn't look like it was drawn by a preschool kid.
Windows is still dominant because Microsoft uses its monopoly to force manufacturers to charge for it and preinstall it. End of story.
If you're happy with Linux, fine. But Windows is dominant because it's mostly "idiot-proof" (virus aside). And the argument of the OEM deals is a fallacy - most OEM manufacturers do prefer to maintain exclusivity with Microsoft so they are eligible for a discount, not because Microsoft forces them. I can assemble and sell all the computers I want (laptops included) and ship them with FreeDOS, Linux, BSD, Haiku or whatever I want to put on them.
I've seen hand-written assembly listings and guessed correctly how many programmers worked on it, and which ones did what. Most compilers do leave a signature, specially if the code is compiled with optimizations - there are many ways of implementing the same base algorithms, and the key tricks show on the disassembly.
Or just consider that the Borland Turbo Assembler did have "native" OO support, and that there are a ton of MASM OO macros than can be somewhat easily adapted to any modern assembler.
I *wish* my day-to-day job was OO asm development. I've done a fair amount of x86 OO programming, and it is quite easy (if you're fluent in asm).
Multiple inheritance isn't a Java concept. It's a OO concept, older than java itself. Also, PHP isn't a OO development language, but a scripting language that supports OO constructs, and the latest releases have been focusing hard on modern OO funcionality. If you don't like a given feature, don't use it. Try do something in java that doesn't involve instantiation of an object.
Sane programmers however, just use what's best for the job.
This. Why all the good ones appear when I'm out of modpoints?
Actually, you *do* have exceptions. And traps. And aborts. In x86/ia32, the first 32 interrupt vectors are reserved for cpu exceptions. In all modern x86 operating systems, virtual memory is managed trough (you guessed it) exceptions.
Regarding the if/else blocks, they are a bit like the bad programmers that use goto because they can't process anything else. How do you think those fancy exception structures are translated? You can quicly slap one of a dozen variants on an assembly project. An easy lazy version? At a given point, you have a var with the offset of the common error handling routine, and you pass as a parameter the error code you want to use and (optionally) the severity. Have a macro created that does something like (push errorCode / call [_errorHandler]). Your error routine will quit on fatal errors, or return to the execution (or change the return path in the stack) just like any other function. the iteration to get error messages? Use arrays of offsets, then add the base address of the offset array to the error code, and this step is similar to many other languages (but in asm you can have funcion offsets to call for specific handlers without using complicated object inheritance).
Now repeat in assembly.
Just because a given language has goto constructs, it doesn't mean that you need to use them. There are some use cases, (and many other constructs will translate to labels and jumps, so I don't really understand the pavor of using it), and in the example you gave, a poor compiler would produce crappy machine code for the 2nd version.
Yes, you're right - the web isn't a secure way of access shell commands, but you are already accessing a bunch of them (webserver, scripting language, etc). It's not the web application's responsability to ensure that the server has the proper security in place, nor discarding the additional protection given by the commandline parser or limits imposed by the environment buffer is a security measure. The library code will still be executed with the same UID/GID, but in the same process space, which - by itself - exposes the application to a whole new range of security issues. Also, in most environments, it is easier to monitor what is going on at a given step by having a proper process tree than a bunch of libraries linked in, that may mask malicious execution on a busy server.
Regarding web/language security, i'ts like everything else. Security is a process, and benefits from multiple layers. Discarding "one layer" because of poor understanding of system internals isn't a security measure, and promotes lazyness from an administrator point of view. I could say that everyday millions of servers are managed using web-facing executables that fork the apopriate binaries (sshd with scp/sftp support, rsync, etc), with much more success securitywise than any ruby/php/whatever application, but that isn't the issue. The issue is that bad programmers will always do bad code, and linking libraries directly (and at least some libraries I've seen already expect fully sanitized parameterts, so will behave poorly during a break-in attempt) without knowing what's inside won't do any good. It will probably create new security issues.
Yes, but the fact remains that you/rubyists you refer actually didn't write the extension, only the wrapper part. And writing a wrapper is hardly a low-level detail regarding security.
While there are a lot of cases when directly linking to a library makes sense, there are a lot of others it does not. Having loose coupling between a given application and a library allows the application to use different available components, and not a specific one. As an example, imagine if you develop your app with a specific imagemagick extension linked in as a library - yes, you somewhat get faster execution, at the cost of sharing the eventual memory leaks of the library, and giving away the ability to use, for example, graphicsmagick instead. And you don't benefit from the additional checks made by the commandline parser. The correct approach isn't as black-and-white as you put it, as performance and security aren't usually the only concerns.
The point of writing C extensions is to link the libraries and gain access to the function calls that the shell commands themselves invoke.
So, it's not an extension (it does not provide funcionality by itself), but a wrapper. Even a monkey can make a wrapper.
Are you even a programmer?
I could ask you the same, but I guess it would be offensive.
This is why we write C extensions rather than executing shell commands from web applications, which is asinine.
So what you're saying is that you rely on your own set of utilities developed in C, instead of using the tried-and-true, often secure and in some cases with more than one decade in deployment (as in -stable-) shell commands? And this is your counter-argument to why "rubyists" don't understand security?
I still have a couple of 1st gen PowerPC from Apple. I'd describe them as a 64-bit computer with a 16-bit bus and an 8-bit SCSI controller. You tell me if that isn't crap.
I had a Super Nintendo that stopped working after it was shipped... in it's original packaging 7 years later and no longer worked when it arrived.(...) None of the game consoles are any good as a long term investment.
The equipments usually have a warranty period for a reason. Every day the equipment works after the expiring of the warranty, is a "gift". Also, most electronics still use traditional electrolytic capacitors. If the devices aren't powered on for a long time, cheaper ones tend to stop working. So, if you plan to keep old electronics around just for the sake of it, power them on at least once or twice every 6 months.
Before it was called multisim, it was called EWB (Electronics Workbench). It was good as and educational tool, and for simulation of simple "almost-perfect" circuits, but for real-life prototyping it was quite limited. Not that today's choices are much better - a couple of days ago I designed an embedded system in ISIS with a microcontroller, connected the TTL-level serial port of the microcontroller to a full blown RS232 connector and it worked without frying the cpu...
9.0 is the first release I remember since 5.0 that actually broke things; I have some un-upgradeable servers with gmirror that will require a clean installation because of incompatibilities introduced. I'm shure that will happen again, as it is an evolving system.
Yeah, I misread the sentence.
If I recall correctly, there were some major conflicts regarding the design decisions of FreeBSD 5.0 branch. If I recall correctly, Dillon wanted to continue the 4.X work and gradually remove the giant lock from kernel, and other developers wanted to rewrite/re-engineer the kernel torwards multiprocessor support.
Dillon left the team and started working on DragonFlyBSD.
It is interesting, all this years later, that it seems Dillon was right. According to the Dfly 2.13 benchmarks, FreeBSD and DFly are close enough to be considered equivalents, and with DFly taking a lead in some tests. AFAIK PostgreSQL isn't threaded so for at least process-based applications, both Dillon's vision and the FreeBSD team turned out to be equivalent. (But the "breaking of things" and funcionality that started with the 5.0 branch was a huge long-term benefit, as it forced the reimplementation of key infrastructure components - network, storage, etc).
If the filesystems themselves are different, why should they bother on standardizing device encryption? The kernel implementations are at this point so different, it is easier to provide reliable encryption within their own framework, than to cater to other's interests.
And, last I checked, TrueCrypt is very strong with Microsoft users (as probably BSD/Linux users have other strong alternatives already in the base system), so I really don't understand your problem.
FreeBSD changes quite a lot between major releases, but usually doesn't break/remake what already exists. There are some few exceptions.
The ports system is also available on Linux; The pkgsrc system (that is used by DragonFly and NetBSD) is available for both Linux and Solaris.
PF is an awesome user-friendly firewall, but it has its limitations on high traffic systems (pf isn't multi-core friendly). Probably NPF will be an option soon.
The documentation is existing, up-to-date and usually accurate.
For servers, there are 4 key awesome technology components ATM - Jails (Linux has namespaces, but I don't know if it's funcional yet), CARP (pf-based redundancy), ZFS and HAST (somewhat equivalent do DRDB).