In case you don't know, Kylix is dead. You can't even run it on a supported OS: the latest Kylix 3 supports Red Hat 7.2, Mandrake(TM) 8.2, and SuSE(R) 7.3 - none of which is supported by appropriate OS vendor.
Most people are just damn lazy and motivated to do only what it takes to achieve some standard of living. If you just give that standard of living to them, they do nothing.
Capitalist does not change the nature of people, so it is not really much better. In any democracy - as soon as mediocrity realizes they don't have to work hard to achieve that standard of living and that there are simpler ways (e.g outlaw outsourcing to prevent competition from other laborers) they go for it.
At least when Karl Marx whote his Communist Manifesto, whe realized that rich will not give their money to poor themselves, and proposed revolutions to get those money - that poor should take "what belongs to them" (according to Karl Marx).
Instead of taking, Eric Raymond thinks he can just ask rich to give all they have and earned?
Interesting. Yesterday we flamed MS for dropping support of Windows 98, which is 5 years old, and today we are proposing to drop support of 2 weeks old kernel.
In the car market, the automakers don't open the code running on car's computer(s) to third parties. Any aftermarket chip updates are results of reverse integration of original chips. It is currently easier with cars compared to computers, only because car programs are much simpler.
Same with other technologies - e.g. Canon does not release specs of their EOS camera-to-lens protocol to third parties, so the "aftermarket" Sigma lens I use is the result of reverse engineering of this protocol.
With windows 95 (and likely 98 now), Microsoft is removing the availability of critical updates (equivalent factory recalls).
I have not seen any recent factory recalls for 59' Chevys.
They then wield the power via copyright law and DMCA to prevent anyone from making them available to people who run win 98, thus forcing a paid upgrade.
I stopped worrying about uptime of my wife's laptop at all. I configured the build in firewall, made her regular user (not admin), configured windows update to automatically download and install any security fixes, and pretty much forgot about this box.
It is running in this almost zero-admin mode probably couple of years. She never reboots it, only hibernate. Box only reboots if security update (automatically installed) requires it.
The only wasted time on this box is manual installation of Office updates (two so far) - if that was automatic as well, the box would have zero wasted time in two years.
All I say is that in the case of non-free software, the only solution to an exploitable bug usually is to block the service and wait for it to be fixed.
Interesting argument. Now for free software, how many users have any other option? 100, maybe 500?
Microsoft has probably 100 million users, so this difference between free and non-free only matters to 0.0001 percent of them.
It is just a current situation: unless you write your own OS, you have to wait for patch and damn patch your box. Unfortunately, most users are not capable even of this.
I've yet to see it buggy and incompatible on any machine I've built or the mutations my main box has seen over the years.
I have GeForce 2, and it has problems under Linux with Vertical Sync (or rather, Linux has problems with this card - it works fine under XP, but linux just can't sync it up with monitor, neither older ViewSonic 151 nor new Dell FP2000).
Anyway, my next card most probably going to be ATI 9600. The best fan-less card NVidia makes these days is 5200 which is not good enough to make me upgrade. I don't want extra noise, and Radeon 9600 looks like the best fan-less card currently available.
And they ask users to pay them to beta-test their software!
Sign up to Beta test the new Netscape Service for $1.00 per month through February 2004.* We need your help Beta testing the following features... AFTER MARCH 1, 2004, MONTHLY CHARGE WILL BE $9.95.
Remember, this is slashdot. So EAL 4 could be not secure at all when Microsoft certifies Windows for it. But EAL 2 (lower level) could be very secure once Red Had is in the game.
In reality, EALs does not certifies the security, it certifies functionality of security-related applications. So EAL certification does not say "this product does not have security vulnerabilities" (no certification can), it sais "this product implements such methods of access control, such authentication procedures, etc".
This meant that people could apply the patch without breaking half of their software, which depended on the particular API they were using.
This also meant that people had to apply hundred patches for every single application using gzip, instead of single patch that patches all of them.
Yes, that single patch is risky and can possible break some of the applications, but
1) I would prefer one patch instead of hundred
2) Hundred patches are as likely to break my system
3) You never know you deployed all patches you need
You really don't know the first thing about coding do you, when you use a library you do not cut and paste the code into your own, you use their functions and stuff
And you don't know anything about gzip vulnerability and instead generalize your ideas of how it should be to how it is actually done.
Lots of applications were using customized version of gzip, e.g. Linux kernel used a trimmed down version of gzip. They could not be simply recompiled with new library - the bug had to be fixed in every copy of the source code - yet, it was code reuse via copy/paste as much as it could possibly be. Too little applications used shared library, so even those application that used standard gzip had to be rebuild with new static library.
And if *nix world moves to using shared libraries more, it will face the same problem Microsoft has - a single security fix in a single shared library can potentially break any of hundred applications that use this library, and all these applications has to be tested with patched version. Which is still better than patching hundred applications independently.
This is not the design methodology used in the *nix world.
Code reuse is code reuse, whether it is Windows, Unix, or any other OS/app. Modern programmers are taught to do code reuse, and saing "This is not the design methodology used in the *nix world" is plain stupid.
When gzip security hole was discovered, it hit hundreds of Unix applications, because they reused the code from this library. Is the "design methodology" any different?
The gzip bug demonstrated that it sometimes can even be worse on *nix, due to source code coping instead of shared libs, so that the bug had to be fixed in multiple places.
By the way, Netscape was / Mozilla is actively trying to make itself a platform for writing applications using its XPCOM/XUL and other technologies. It is not very successful so far, but when it will, its bugs and patches will hit lots of independent applications, just like bugs/patches in IE do now.
So I buy a piece of hardware (say the newest ATI video card) so that I can play my games.... Is it my fault for wanting new hardware?
More or less true. It is also IBM's fault for creating open hardware platform where you can plug video cards and other crap, and also for creating user expectation that it should work.
The alternative is Macintosh, where you buy a fixed configuration computer with custom build OS specifically tuned for this computer. This OS of course works rock-solid with this hardware. But you can't buy a new video card for it (well, it is possible, but at this moment you loose Apple support).
I remember when in 1997 our company bought several Macs of different models in about 2 months. They ALL came with different OS CDs, and almost neither of them worked with CD from different computer. If you can modify OS after creating particular hardware, it is easy. If you ship OS and it should work with hardware that will be released 3 years after OS, it is much harder.
This is also true for most non-PC hardware. E.g. my Canon camera only supports Canon lenses. Yes, I bought Sigma lens for it, but Canon will not give me any support if I have any problem with this lens, even if camera crashes while this lens is installed (yes, sometimes it happens to people).
In any case, if a program misbehaves under Windows, I kill the program, and the system either hangs or becomes corrupted to the point of requiring a reboot
Looks like you are running Windows 95. I feel pity for you.
On the other hand, you would not be any better if you run any of 8 years old Linux distro.
I can see that soon this will go to Windows Update to find new or updated NDIS drivers.
Looks like more and more Linux is simply emulating Windows. But if you run Windows drivers and Windows programs via appropriate emulation layers, why not simply run Windows?
Slashdot Mirror
In case you don't know, Kylix is dead. You can't even run it on a supported OS: the latest Kylix 3 supports Red Hat 7.2, Mandrake(TM) 8.2, and SuSE(R) 7.3 - none of which is supported by appropriate OS vendor.
Capitalist does not change the nature of people, so it is not really much better. In any democracy - as soon as mediocrity realizes they don't have to work hard to achieve that standard of living and that there are simpler ways (e.g outlaw outsourcing to prevent competition from other laborers) they go for it.
Instead of taking, Eric Raymond thinks he can just ask rich to give all they have and earned?
It will think you are a masochist, if you keep using it while hating - and will punish you more.
Interesting. Yesterday we flamed MS for dropping support of Windows 98, which is 5 years old, and today we are proposing to drop support of 2 weeks old kernel.
Here is correct link
Same with other technologies - e.g. Canon does not release specs of their EOS camera-to-lens protocol to third parties, so the "aftermarket" Sigma lens I use is the result of reverse engineering of this protocol.
I have not seen any recent factory recalls for 59' Chevys.
They then wield the power via copyright law and DMCA to prevent anyone from making them available to people who run win 98, thus forcing a paid upgrade.
I have not seen MS doing this either.
Why would not you ask DOJ to force MS to upgrade hardware of every user who don't have enough money to do it themselves?
It is running in this almost zero-admin mode probably couple of years. She never reboots it, only hibernate. Box only reboots if security update (automatically installed) requires it.
The only wasted time on this box is manual installation of Office updates (two so far) - if that was automatic as well, the box would have zero wasted time in two years.
Interesting argument. Now for free software, how many users have any other option? 100, maybe 500?
Microsoft has probably 100 million users, so this difference between free and non-free only matters to 0.0001 percent of them.
It is just a current situation: unless you write your own OS, you have to wait for patch and damn patch your box. Unfortunately, most users are not capable even of this.
I have GeForce 2, and it has problems under Linux with Vertical Sync (or rather, Linux has problems with this card - it works fine under XP, but linux just can't sync it up with monitor, neither older ViewSonic 151 nor new Dell FP2000).
Anyway, my next card most probably going to be ATI 9600. The best fan-less card NVidia makes these days is 5200 which is not good enough to make me upgrade. I don't want extra noise, and Radeon 9600 looks like the best fan-less card currently available.
Sign up to Beta test the new Netscape Service for $1.00 per month through February 2004.* ...
We need your help Beta testing the following features
AFTER MARCH 1, 2004, MONTHLY CHARGE WILL BE $9.95.
Pay to beta-test dial-up service???
Crap. OS or application has to achieve standard-specified level of security functionality.
In reality, EALs does not certifies the security, it certifies functionality of security-related applications. So EAL certification does not say "this product does not have security vulnerabilities" (no certification can), it sais "this product implements such methods of access control, such authentication procedures, etc".
This also meant that people had to apply hundred patches for every single application using gzip, instead of single patch that patches all of them.
Yes, that single patch is risky and can possible break some of the applications, but
1) I would prefer one patch instead of hundred
2) Hundred patches are as likely to break my system
3) You never know you deployed all patches you need
And you don't know anything about gzip vulnerability and instead generalize your ideas of how it should be to how it is actually done.
Lots of applications were using customized version of gzip, e.g. Linux kernel used a trimmed down version of gzip. They could not be simply recompiled with new library - the bug had to be fixed in every copy of the source code - yet, it was code reuse via copy/paste as much as it could possibly be. Too little applications used shared library, so even those application that used standard gzip had to be rebuild with new static library.
And if *nix world moves to using shared libraries more, it will face the same problem Microsoft has - a single security fix in a single shared library can potentially break any of hundred applications that use this library, and all these applications has to be tested with patched version. Which is still better than patching hundred applications independently.
Code reuse is code reuse, whether it is Windows, Unix, or any other OS/app. Modern programmers are taught to do code reuse, and saing "This is not the design methodology used in the *nix world" is plain stupid.
When gzip security hole was discovered, it hit hundreds of Unix applications, because they reused the code from this library. Is the "design methodology" any different?
The gzip bug demonstrated that it sometimes can even be worse on *nix, due to source code coping instead of shared libs, so that the bug had to be fixed in multiple places.
By the way, Netscape was / Mozilla is actively trying to make itself a platform for writing applications using its XPCOM/XUL and other technologies. It is not very successful so far, but when it will, its bugs and patches will hit lots of independent applications, just like bugs/patches in IE do now.
Unless of course, "service pack" include new major releases of kernel, X Windows and Gnome/KDE.
More or less true. It is also IBM's fault for creating open hardware platform where you can plug video cards and other crap, and also for creating user expectation that it should work.
The alternative is Macintosh, where you buy a fixed configuration computer with custom build OS specifically tuned for this computer. This OS of course works rock-solid with this hardware. But you can't buy a new video card for it (well, it is possible, but at this moment you loose Apple support).
I remember when in 1997 our company bought several Macs of different models in about 2 months. They ALL came with different OS CDs, and almost neither of them worked with CD from different computer. If you can modify OS after creating particular hardware, it is easy. If you ship OS and it should work with hardware that will be released 3 years after OS, it is much harder.
This is also true for most non-PC hardware. E.g. my Canon camera only supports Canon lenses. Yes, I bought Sigma lens for it, but Canon will not give me any support if I have any problem with this lens, even if camera crashes while this lens is installed (yes, sometimes it happens to people).
VMM error? Guys, get real! It is 2003, why people are still running 8 years old OS (Windows 95)?
Looks like your greedy boss is to blame for this problem.
Looks like you are running Windows 95. I feel pity for you.
On the other hand, you would not be any better if you run any of 8 years old Linux distro.
More likely you are running MSDOS.
Looks like more and more Linux is simply emulating Windows. But if you run Windows drivers and Windows programs via appropriate emulation layers, why not simply run Windows?
If the fixes were from Microsoft, the /. would have an article "Two More Critical Windows Flaws".
But it is open source, so we get "Apache 2.0.48 Released".
So does it proof anything except double standard on /.?