Seriously, because: 1) University Grad students think that Microsoft security problems are good Thesis topics. 2) It is the most prevalent OS on desktop machines, so it gets more attention. 3) Unlike other software vendors, they actually fix issues and distribute the patches instead of forcing customers to sign a NDA to get the known flaw in their enterprise class machine fixed (SUN). 4) They create complex software to provide the user with a better experience, but complex software is hard to test.
Considering that Windows Server 2003 has been out for a few months, has been touted as being much more secure than any previous product, and these are the first security problems to be found, yes, this is progress!
Oracle's "Unbreakable" claims were shown up with dozens of major vulerabilities within a couple weeks of their Ad campaign.
Previous MS products have had required fixes within weeks of their release.
This, to me, looks like significant improvement. They seem to recognize that security is important, have made major improvements, and are looking at the places where they still need to improve and adding checks for those problems as well.
(Now, watch bugtraq and ntbugtraq and compare the Windows Server 2003 problems with the linux problems.)...btw, MS source code is available to academia...
Sure, just hope that the enemy doesn't crack your signal and convince the mines that there are too many mines along a center path so that they all move out of the enemy's way.:)
So write a perl script that uses procmail and a web based calendar so you can send emails with a schedule request in the subject...just like majordomo but for schedule items instead of mailing list messages.
You don't need a *@$%^ #@%@ (*(!@$ exchange replacement to do that.
Use a couple brain cells, make a solution (it isn't that hard), and stop complaining about how much you hate Microsoft!
Shouldn't OSS be about solving problems that people want to work on rather than trying to be a cloning engine for Microsoft software?
If someone wants an exchange replacement, they will make it...if not, why fuss?
If you like what exchange does, buy it or code your own replacement. If you don't, then don't worry about it. Most people seem happy to kludge together solutions out of lots of little parts that can be used for many purposes. Exchange isn't a little part and it really has only one purpose: to be the server side of outlook. Most people here hate outlook too, so why do you want a clone of exchange???
Or at least on I520 westbound, just prior to the bridge, the cops are on FOOT pulling people over for using the carpool lane when they only have one person in the car.
From 4pm to 7pm, at least a few spots on the map will be black. Back means that traffic is moving between 20 MPH and completely parked. And the majority of what is measured is freeway.
A 20 minute commute in good traffic can be a 3 hour commute in bad traffic! Traffic is bad when you can safely read 20 pages of a book while driving home.
Hilary B. Rosen, Chairman and Chief Executive Officer Cary Sherman, President
Board of Directors â Roger Ames, Warner Music Group â Michele Anthony, Sony Music Entertainment Inc. â Val Azzoli, The Atlantic Group â Jose Behar, Univision Music Group â Bob Cavallo, Buena Vista Music Group â Ronnie Dashev, Maverick Recording Company â Clive Davis, RCA Music Group â Tracey Edmonds, Edmonds Record Group â Dick Griffey, Solar Records/J.Hines Co. â Zach Horowitz, Universal Music Group â Don Ienner, Sony Music U.S. â David Johnson, Warner Music Group â Lawrence Kenswil, Universal Music Group â Mel Lewinter, Universal Music Group â Alain Levy, EMI Recorded Music â Roy Lott, Virgin Records â David Munns, EMI Recorded Music Worldwide â Antonio Reid, Arista Records Inc. â Sylvia Rhone, Elektra Entertainment Group â Rolf Schmidt-Holtz, BMG Entertainment â Tom Silverman, Tommy Boy Music â Andy Slater, Capitol Records â Thomas Stein, BMG Entertainment â Tom Tyrrell, Sony Music Entertainment, Inc.
(I am Not a lawyer, so I don't know if this is even possible, however...)
What if every (or a large number of) upset music listeners each filed an individual small claims court lawsuit against RIAA? Would 10,000 simultanious small claims court cases slow them down?
Hey, I have only purchased 50 or so CDs, so I'd be happy with $140 dollars back out of the $700 or so I have spent.:)
Sounds like the type of hell I put my developers through. I have been averaging roughly 2 bugs per day, while writing test automation, verifying fixes, generating reports, etc.
The customer probably would have only reported a dozen of those bugs if they weren't fixed, and they might only notice a couple dozen now that they are fixed and different from the previous version, but the developers fixed several hundred of the bugs that I found.
As for "Why in the world would I do THAT?", "because the code let me do it." Any good software tester should continually challenge the assumptions of the developers. The code needs to work correctly.
What you say is correct if you assume that the software development organization's management does not value software testing.
In an organization that values testing, there will be at least one tester per developer and the tester is responsible for representing the customer and ensuring that the software meets the needs of the user.
I have filed a sizable number bugs on a closed source project over the last few years, and most of those bugs were fixed before we released the product! Then again, I am paid a nice salary to find and file those bugs and my employer does care about the quality of the software that we release.
Which explains why up until a recent BIND worm hit, I was running a 5 year old version...
In my experience, people don't upgrade unless absolutely necessary, and even then only if it won't disrupt other activities. Open source doesn't force them to upgrade any more than closed source does...
Good points, however when developers fix a bug in the latest version, can't they *sometimes* go back and fix earlier versions as well ?
Sure, it happened dozens of times in windows after the start of the security push. First they fixed the bugs in Windows 2003 and XP (before the products were shipped), then they went back and put those security fixes into Windows 2000 service packs.
Developers can only do so much at one time, if they can only fix an average of 5 bugs per day, then 400 testers each finding 5 bugs per day is overkill since some bugs will hide others and some fixes will introduce new bugs.
On the flip side, if a tester focuses on testing a program long enough, the tester can write automated test code. Personally, my test automation for the closed source project that I am employed to test performs approximately three weeks worth of manual testing work in a 30 minute test run.
That's funny, I've purchased several closed source software packages over the web, and other than bandwidth, it didn't cost the developer anything to release that new version.
...studies reveal that bugs are found more quickly when people actually test software.
Unfortunately, I've talked to a couple closed source software firms who (unlike my current employer) don't test software. According to them, their customers don't want to pay for software to be tested.
Yes, I test software for a living, and it is closed-source, and I'm fairly certain that I do a much more complete job of testing, and I try more devious tests than are performed against most OSS projects.
If someone wants to pay my salary, I'm sure I could file a thousand bugs a year on linux packages.
Just the fact that you can say "the Church" and "Orrin Hatch" or "Utah" and everyone knows which religion you are talking about is interesting in the context of power. Blessings aside, he might not need to do anything other than claim to be a member of "the Church" to get the support of the majority of it's membership.
...until a senator can have a reasonable conversation with an average person and explain the entire context and impact of their proposed laws, why it is needed, and why it is better than the other alternatives, I claim that they are not informed enough and should not be allowed to decide if the proposed law is a good thing or not.
The switch has one fan, and the hub has three fans. The fans are all little 1.25" fans like what you use on a heatsink for an older processor.
Each fan adds a little to the noise level...it isn't much compared to the rackmount servers, but it is enough to notice if everything else is turned off.
Good point, a resistor would be better than just a screwdriver, but if your goal is to guy a monitor chassis without killing yourself, a well insulated screwdriver should be good enough, shouldn't it?
(I, admittedly, don't have formal training and most of my experience has been dismantling things that I don't have further use of.)
Funny, I always looked inside the "High Voltage - Danger!" doors. Then again, I also repaired computers in areas of a lab marked off as BioHazard areas.:)
At the same time, I knew that the researchers were just working with plant pathogens, and I just followed their lead...when they walked past the warnings, so did I.
I guess I should watch my step before I get nominated for a darwin award.
4. Discharge the capacitors if you are going to touch anything
Take an old screwdriver that you don't care about and either use it to short directly across any capacitors. Those things can maintain a charge for months, and that charge can kill you if you aren't careful!
(Yes, I have done stupid stuff like replacing a contact switch in my microwave, and I am not licensed to do such a thing, but I *STRONGLY* urge anyone to be very careful with high voltages.)
I have felt 220V AC run from my index finger to my ring finger, luckily both were on the same hand. It only made contact for less than a second, left a 1/8th inch white burn mark on both the entry and exit point, my arm was flailing for several minutes, and my hand was jittering for several hours.
Even the lower voltages in a phone system, I think the ring tone hits up to 48 volts, can cause a tingling sensation.
Also, remember that while your skin normally acts as a good insulator, if you are sweating, or it is damp, the resistivity of skin drops to almost nothing and even a very, very small voltage across the heart can kill you.
If in doubt, ask for help from someone who has some experience with TV or computer monitor repair.
While I like the workmanship and effort that went into it, although it looks very functional, I would have gone with a more asthetic design.
The biggest thing that throws me off of this design is the number of fans and the noise that it would make. Personally, I'm tempted to put the CPU in a closet and have a USB floppy and dvd in a noise and vibration dampened drawer for occasional use....then again, I'm probably just wanting some silence because I have 2 rackmount servers, two desktop boxes, and three towers at my desk in addition to laser printer, inkjet, scanner, TiVo, 16 port hub, 8 port switch, and a few other things at my desk that make noise.
Slashdot Mirror
Why does MS come out with patches so often?
Seriously, because:
1) University Grad students think that Microsoft security problems are good Thesis topics.
2) It is the most prevalent OS on desktop machines, so it gets more attention.
3) Unlike other software vendors, they actually fix issues and distribute the patches instead of forcing customers to sign a NDA to get the known flaw in their enterprise class machine fixed (SUN).
4) They create complex software to provide the user with a better experience, but complex software is hard to test.
Considering that Windows Server 2003 has been out for a few months, has been touted as being much more secure than any previous product, and these are the first security problems to be found, yes, this is progress!
...btw, MS source code is available to academia...
Oracle's "Unbreakable" claims were shown up with dozens of major vulerabilities within a couple weeks of their Ad campaign.
Previous MS products have had required fixes within weeks of their release.
This, to me, looks like significant improvement. They seem to recognize that security is important, have made major improvements, and are looking at the places where they still need to improve and adding checks for those problems as well.
(Now, watch bugtraq and ntbugtraq and compare the Windows Server 2003 problems with the linux problems.)
You are saying two different things here:
1) Open Source
2) Auditable
I fully agree on the auditable.
Open source shouldn't matter much if the system is fully auditable.
No, I think that NASDAQ is using MS SQL Server and Windows 2003 Server.
Sure, just hope that the enemy doesn't crack your signal and convince the mines that there are too many mines along a center path so that they all move out of the enemy's way. :)
So write a perl script that uses procmail and a web based calendar so you can send emails with a schedule request in the subject...just like majordomo but for schedule items instead of mailing list messages.
You don't need a *@$%^ #@%@ (*(!@$ exchange replacement to do that.
Use a couple brain cells, make a solution (it isn't that hard), and stop complaining about how much you hate Microsoft!
Shouldn't OSS be about solving problems that people want to work on rather than trying to be a cloning engine for Microsoft software?
If someone wants an exchange replacement, they will make it...if not, why fuss?
If you like what exchange does, buy it or code your own replacement. If you don't, then don't worry about it. Most people seem happy to kludge together solutions out of lots of little parts that can be used for many purposes. Exchange isn't a little part and it really has only one purpose: to be the server side of outlook. Most people here hate outlook too, so why do you want a clone of exchange???
Microsoft Active Directory is compatibe with MIT Kerberos version 5.
You haven't seen seattle traffic.
Or at least on I520 westbound, just prior to the bridge, the cops are on FOOT pulling people over for using the carpool lane when they only have one person in the car.
Check out the puget sound traffic map.
From 4pm to 7pm, at least a few spots on the map will be black. Back means that traffic is moving between 20 MPH and completely parked. And the majority of what is measured is freeway.
A 20 minute commute in good traffic can be a 3 hour commute in bad traffic! Traffic is bad when you can safely read 20 pages of a book while driving home.
From www.riaa.com
RIAA Leadership:
Hilary B. Rosen, Chairman and Chief Executive Officer
Cary Sherman, President
Board of Directors
â Roger Ames, Warner Music Group
â Michele Anthony, Sony Music Entertainment Inc.
â Val Azzoli, The Atlantic Group
â Jose Behar, Univision Music Group
â Bob Cavallo, Buena Vista Music Group
â Ronnie Dashev, Maverick Recording Company
â Clive Davis, RCA Music Group
â Tracey Edmonds, Edmonds Record Group
â Dick Griffey, Solar Records/J.Hines Co.
â Zach Horowitz, Universal Music Group
â Don Ienner, Sony Music U.S.
â David Johnson, Warner Music Group
â Lawrence Kenswil, Universal Music Group
â Mel Lewinter, Universal Music Group
â Alain Levy, EMI Recorded Music
â Roy Lott, Virgin Records
â David Munns, EMI Recorded Music Worldwide
â Antonio Reid, Arista Records Inc.
â Sylvia Rhone, Elektra Entertainment Group
â Rolf Schmidt-Holtz, BMG Entertainment
â Tom Silverman, Tommy Boy Music
â Andy Slater, Capitol Records
â Thomas Stein, BMG Entertainment
â Tom Tyrrell, Sony Music Entertainment, Inc.
(I am Not a lawyer, so I don't know if this is even possible, however...)
:)
What if every (or a large number of) upset music listeners each filed an individual small claims court lawsuit against RIAA? Would 10,000 simultanious small claims court cases slow them down?
Hey, I have only purchased 50 or so CDs, so I'd be happy with $140 dollars back out of the $700 or so I have spent.
Where can we get a list of RIAA mailing addresses, phone numbers, and email addresses?
Sounds like the type of hell I put my developers through. I have been averaging roughly 2 bugs per day, while writing test automation, verifying fixes, generating reports, etc.
The customer probably would have only reported a dozen of those bugs if they weren't fixed, and they might only notice a couple dozen now that they are fixed and different from the previous version, but the developers fixed several hundred of the bugs that I found.
As for "Why in the world would I do THAT?", "because the code let me do it." Any good software tester should continually challenge the assumptions of the developers. The code needs to work correctly.
What you say is correct if you assume that the software development organization's management does not value software testing.
In an organization that values testing, there will be at least one tester per developer and the tester is responsible for representing the customer and ensuring that the software meets the needs of the user.
I have filed a sizable number bugs on a closed source project over the last few years, and most of those bugs were fixed before we released the product! Then again, I am paid a nice salary to find and file those bugs and my employer does care about the quality of the software that we release.
Which explains why up until a recent BIND worm hit, I was running a 5 year old version...
In my experience, people don't upgrade unless absolutely necessary, and even then only if it won't disrupt other activities. Open source doesn't force them to upgrade any more than closed source does...
Good points, however when developers fix a bug in the latest version, can't they *sometimes* go back and fix earlier versions as well ?
Sure, it happened dozens of times in windows after the start of the security push. First they fixed the bugs in Windows 2003 and XP (before the products were shipped), then they went back and put those security fixes into Windows 2000 service packs.
That depends on the size of your test team.
Developers can only do so much at one time, if they can only fix an average of 5 bugs per day, then 400 testers each finding 5 bugs per day is overkill since some bugs will hide others and some fixes will introduce new bugs.
On the flip side, if a tester focuses on testing a program long enough, the tester can write automated test code. Personally, my test automation for the closed source project that I am employed to test performs approximately three weeks worth of manual testing work in a 30 minute test run.
That's funny, I've purchased several closed source software packages over the web, and other than bandwidth, it didn't cost the developer anything to release that new version.
I thought the first rule in software engineering was "you don't talk about software engineering."
Nope, the first rule in software engineering is: "There is no software engineering."
...studies reveal that bugs are found more quickly when people actually test software.
Unfortunately, I've talked to a couple closed source software firms who (unlike my current employer) don't test software. According to them, their customers don't want to pay for software to be tested.
Yes, I test software for a living, and it is closed-source, and I'm fairly certain that I do a much more complete job of testing, and I try more devious tests than are performed against most OSS projects.
If someone wants to pay my salary, I'm sure I could file a thousand bugs a year on linux packages.
Just the fact that you can say "the Church" and "Orrin Hatch" or "Utah" and everyone knows which religion you are talking about is interesting in the context of power. Blessings aside, he might not need to do anything other than claim to be a member of "the Church" to get the support of the majority of it's membership.
...until a senator can have a reasonable conversation with an average person and explain the entire context and impact of their proposed laws, why it is needed, and why it is better than the other alternatives, I claim that they are not informed enough and should not be allowed to decide if the proposed law is a good thing or not.
The switch has one fan, and the hub has three fans. The fans are all little 1.25" fans like what you use on a heatsink for an older processor.
Each fan adds a little to the noise level...it isn't much compared to the rackmount servers, but it is enough to notice if everything else is turned off.
Good point, a resistor would be better than just a screwdriver, but if your goal is to guy a monitor chassis without killing yourself, a well insulated screwdriver should be good enough, shouldn't it?
(I, admittedly, don't have formal training and most of my experience has been dismantling things that I don't have further use of.)
Funny, I always looked inside the "High Voltage - Danger!" doors. Then again, I also repaired computers in areas of a lab marked off as BioHazard areas. :)
At the same time, I knew that the researchers were just working with plant pathogens, and I just followed their lead...when they walked past the warnings, so did I.
I guess I should watch my step before I get nominated for a darwin award.
4. Discharge the capacitors if you are going to touch anything
Take an old screwdriver that you don't care about and either use it to short directly across any capacitors. Those things can maintain a charge for months, and that charge can kill you if you aren't careful!
(Yes, I have done stupid stuff like replacing a contact switch in my microwave, and I am not licensed to do such a thing, but I *STRONGLY* urge anyone to be very careful with high voltages.)
I have felt 220V AC run from my index finger to my ring finger, luckily both were on the same hand. It only made contact for less than a second, left a 1/8th inch white burn mark on both the entry and exit point, my arm was flailing for several minutes, and my hand was jittering for several hours.
Even the lower voltages in a phone system, I think the ring tone hits up to 48 volts, can cause a tingling sensation.
Also, remember that while your skin normally acts as a good insulator, if you are sweating, or it is damp, the resistivity of skin drops to almost nothing and even a very, very small voltage across the heart can kill you.
If in doubt, ask for help from someone who has some experience with TV or computer monitor repair.
While I like the workmanship and effort that went into it, although it looks very functional, I would have gone with a more asthetic design.
...then again, I'm probably just wanting some silence because I have 2 rackmount servers, two desktop boxes, and three towers at my desk in addition to laser printer, inkjet, scanner, TiVo, 16 port hub, 8 port switch, and a few other things at my desk that make noise.
The biggest thing that throws me off of this design is the number of fans and the noise that it would make. Personally, I'm tempted to put the CPU in a closet and have a USB floppy and dvd in a noise and vibration dampened drawer for occasional use.