Personally, I claim that my own software is alpha when it is feature-incomplete, meaning it lacks features I plan for the final release. By that metric, MS Win2k would not move from alpha to beta until RC3, which is when they plan to be feature-complete.
Beta software is feature-complete, but lacks the testing and refinement that needs to go into gold releases. By gold I mean a program that has met whatever metrics that were set out at the beginning for stability and compatibility.
Note that these definitions require a structured development plan, which I think many software pieces (mostly on the Windows platform) lack.
As for stability metrics, I think the 1 hour MTBF for Mozilla is a little low, but then, the developers in charge consider that alpha software.
My father is a P.E. in Arizona, with a B.S. in Mechanical Engineering and a Masters as well. He had to take the P.E. exam several (I believe 3) times before he passed. After he passed, though, he was in the league of engineers that could reasonably ask for around $90/hour for consulting work and get it.
Granted, that's mechanical engineering work he is doing. However, the state of Arizona requires that construction projects be approved by a P.E. With the difficulty in getting the license, weighed against the pay increase you can expect, I would say its worth it.
It does matter though, which state you are in. Some states, like Arizona, give one test covering all engineering fields, whereas others give several P.E. tests for several different fields. Something to consider, especially if you aren't as good as you need to be in a particular subject, like statics or dynamics.
You must remember that a cancelled stamp can be admitted as evidence (as opposed to hearsay). This is a critical service that the others can't provide. Until they can, the USPS will still be around.
The USPS can claim one thing that FedEx, UPS, and e-mail can't: a cancelled stamp can be admitted in court as a certified document, unlike the others. However, even if e-mail can gain this certification (through PGP, perhaps?) the USPS will remain. You must remember, it is a government agency, and they never go away.
MSM
Re: freedom can only mean absolute freedom
on
RMS Responds
·
· Score: 1
freedom can only mean absolute freedom
This is incorrect. There are many definitions of liberty (which is what you really refer to). Taking the definition from Webster's 1828 dictionary,
Natural Liberty is "... the power of acting as one thinks fit, without any restraint or control, except from the laws of nature. It is a state of exemption from the control of others, and from positive laws and the institutions of social life. This liberty is abridged by the establishment of government."
"Civil Liverty is the liberty of men in a state of society, or natural liberty, so far only abridged and restrained, as is necessary and expedient for the safety and interest of the society, state or nation.... The liberty of one depends not so much on the removal of all restraint from him, as on the due restraint upon the liberty of others. In this sentence, the latter word liberty denotes natural liberty."
There is a lot of misunderstanding about the GPL and the FSF, and TC gets right to the point about it. RMS & Co. need to change their language of "free software". There is a preconceived notion of what that term means. I suggest what others have already begun using: freedomware, since you don't hear that word and it stirs your interest.
>If you're just talking software, dollars/*anything* linux is zero and will win.
Not necessarily. Someone may be evaluating a supported distro, such as RH6 boxed, in which case there is a price. However, unless you install via ftp or borrow a cd, there is always a price. Its just that for Linux the price is orders of magnitude lower than MS. But yes, I was just referring to price, since hardware is the same no matter what OS is installed (in this case), and Windows and Linux run on the same platforms.
>These studies do not address price/performance. True, but how exactly do you plan to measure performance, and what aspects of the server should this performance reflect? Perhaps units of dollars/(clients served/second)?
>These studies do not address stability. Again, how should you measure stability? I would suggest in units of crashes/month, but then MS would cry foul;)
>These studies do not address security. Cracks/week/cracker?
One thing that concerns me though, is the reaction the community will give. I think, unless some major news comes out, that we should accept these numbers at face value and implement changes in the kernel and all other appropriate software. In this respect, Linus' idea of stable kernels released more often would be a good idea; many people don't like the idea of recompiling a 2.odd kernel on a deployed server, since it would affect the stability. Accepting these values would show the world that we aren't a bunch of crybabies and are willing to put our code where our mouths are.
Well, you could use nmap to figure out which OS the computer in question is running, but as to which Windows version and patch level, I haven't a clue. nmap doesn't support that, yet. There are programs out there that do, but I can't remember any right now.
Microsoft Security Bulletin (MS99-019) --------------------------------------
Workaround Available for "Malformed HTR Request" Vulnerability
Originally Posted: June 15, 1999
Summary ======= Microsoft has released a patch that eliminates a vulnerability in Microsoft (r) Internet Information Server 4.0. The vulnerability could allow denial of service attacks against an IIS server or, under certain conditions, could allow arbitrary code to be run on the server.
Microsoft has issued this bulletin to advise customers of steps they can take to protect themselves against this vulnerability. A patch to eliminate this vulnerability is being developed, and an update to this bulletin will be released to advise customers when it is available.
Issue ===== IIS supports several file types that require server-side processing. When a web site visitor requests a file of one of these types, an appropriate filter DLL processes it. A vulnerability exists in ISM.DLL, the filter DLL that processes.HTR files. HTR files enable remote administration of user passwords.
The vulnerability involves an unchecked buffer in ISM.DLL. This poses two threats to safe operation. The first is a denial of service threat. A malformed request for an.HTR file could overflow the buffer, causing IIS to crash. The server would not need to be rebooted, but IIS would need to be restarted. The second threat would be more difficult to exploit. A carefully-constructed file request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither scenario could occur accidentally. This vulnerability does not involve the functionality of the password administration features of.HTR files.
While there are no reports of customers being adversely affected by this vulnerability, Microsoft is proactively releasing this bulletin to allow customers to take appropriate action to protect themselves against it.
Affected Software Versions ========================== - Microsoft Internet Information Server 4.0
What Microsoft is Doing ======================= Microsoft has provided a workaround that fixes the problem identified. The workaround is discussed below in What Customers Should Do.
Microsoft also has sent this security bulletin to customers subscribing to the Microsoft Product Security Notification Service. See http://www.microsoft.com/security/services/bulleti n.asp for more information about this free customer service.
What Customers Should Do ======================== Microsoft highly recommends that customers disable the script mapping for.HTR files as follows: - From the desktop, start the Internet Service Manager by clicking Start | Programs | Windows NT 4.0 Option Pack | Microsoft Internet Information Server | Internet Service Manager - Double-click "Internet Information Server" - Right-click on the computer name and select Properties - In the Master Properties drop-down box, select "WWW Service", then click the "Edit" button . - Click the "Home Directory" tab, then click the "Configuration" button . - Highlight the line in the extension mappings that contains ".HTR", then click the "Remove" button. - Respond "yes" to "Remove selected script mapping?" say yes, click OK 3 times, close ISM
A patch will be available shortly to eliminate the vulnerability altogether.
Customers should monitor http://www.microsoft.com/security for an announcement when the patches are available.
Microsoft recommends that customers review the IIS Security Checklist at http://www.microsoft.com/security/products/iis/C heckList.asp
More Information ================ Please see the following references for more information related to this issue.
- Microsoft Security Bulletin MS99-019, Workaround Available for "Malformed HTR Request" Vulnerability (The Web-posted version of this bulletin), http://www.microsoft.com/security/bulletins/ms99 -019.asp.
Obtaining Support on this Issue =============================== If you require technical assistance with this issue, please contact Microsoft Technical Support. For information on contacting Microsoft Technical Support, please see http://support.microsoft.com/support/contact/def ault.asp.
Revisions ========= - June 15, 1999: Bulletin Created.
For additional security-related information about Microsoft products, please visit http://www.microsoft.com/security
Slashdot Mirror
Personally, I claim that my own software is alpha when it is feature-incomplete, meaning it lacks features I plan for the final release. By that metric, MS Win2k would not move from alpha to beta until RC3, which is when they plan to be feature-complete.
Beta software is feature-complete, but lacks the testing and refinement that needs to go into gold releases. By gold I mean a program that has met whatever metrics that were set out at the beginning for stability and compatibility.
Note that these definitions require a structured development plan, which I think many software pieces (mostly on the Windows platform) lack.
As for stability metrics, I think the 1 hour MTBF for Mozilla is a little low, but then, the developers in charge consider that alpha software.
My father is a P.E. in Arizona, with a B.S. in Mechanical Engineering and a Masters as well. He had to take the P.E. exam several (I believe 3) times before he passed. After he passed, though, he was in the league of engineers that could reasonably ask for around $90/hour for consulting work and get it.
Granted, that's mechanical engineering work he is doing. However, the state of Arizona requires that construction projects be approved by a P.E. With the difficulty in getting the license, weighed against the pay increase you can expect, I would say its worth it.
It does matter though, which state you are in. Some states, like Arizona, give one test covering all engineering fields, whereas others give several P.E. tests for several different fields. Something to consider, especially if you aren't as good as you need to be in a particular subject, like statics or dynamics.
You must remember that a cancelled stamp can be admitted as evidence (as opposed to hearsay). This is a critical service that the others can't provide. Until they can, the USPS will still be around.
Matt
The USPS can claim one thing that FedEx, UPS, and e-mail can't: a cancelled stamp can be admitted in court as a certified document, unlike the others. However, even if e-mail can gain this certification (through PGP, perhaps?) the USPS will remain. You must remember, it is a government agency, and they never go away.
MSM
This is incorrect. There are many definitions of liberty (which is what you really refer to). Taking the definition from Webster's 1828 dictionary,
Natural Liberty is "... the power of acting as one thinks fit, without any restraint or control, except from the laws of nature. It is a state of exemption from the control of others, and from positive laws and the institutions of social life. This liberty is abridged by the establishment of government."
"Civil Liverty is the liberty of men in a state of society, or natural liberty, so far only abridged and restrained, as is necessary and expedient for the safety and interest of the society, state or nation. ... The liberty of one depends not so much on the removal of all restraint from him, as on the due restraint upon the liberty of others. In this sentence, the latter word liberty denotes natural liberty."
There is a lot of misunderstanding about the GPL and the FSF, and TC gets right to the point about it. RMS & Co. need to change their language of "free software". There is a preconceived notion of what that term means. I suggest what others have already begun using: freedomware, since you don't hear that word and it stirs your interest.
>If you're just talking software, dollars/*anything* linux is zero and will win.
Not necessarily. Someone may be evaluating a supported distro, such as RH6 boxed, in which case there is a price. However, unless you install via ftp or borrow a cd, there is always a price. Its just that for Linux the price is orders of magnitude lower than MS. But yes, I was just referring to price, since hardware is the same no matter what OS is installed (in this case), and Windows and Linux run on the same platforms.
>These studies do not address price/performance.
;)
True, but how exactly do you plan to measure performance, and what aspects of the server should this performance reflect? Perhaps units of dollars/(clients served/second)?
>These studies do not address stability.
Again, how should you measure stability? I would suggest in units of crashes/month, but then MS would cry foul
>These studies do not address security.
Cracks/week/cracker?
One thing that concerns me though, is the reaction the community will give. I think, unless some major news comes out, that we should accept these numbers at face value and implement changes in the kernel and all other appropriate software. In this respect, Linus' idea of stable kernels released more often would be a good idea; many people don't like the idea of recompiling a 2.odd kernel on a deployed server, since it would affect the stability. Accepting these values would show the world that we aren't a bunch of crybabies and are willing to put our code where our mouths are.
Well, you could use nmap to figure out which OS the computer in question is running, but as to which Windows version and patch level, I haven't a clue. nmap doesn't support that, yet. There are programs out there that do, but I can't remember any right now.
Microsoft Security Bulletin (MS99-019)
.HTR files. HTR files enable remote administration of user passwords.
.HTR file could overflow the buffer, causing IIS to crash. The server would not need to be rebooted, but IIS would need to be restarted. The second threat would be more difficult to exploit. A .HTR files.
i n.asp for more information about this free customer service.
.HTR files as follows:
C heckList.asp
9 -019.asp.
C heckList.asp
f ault.asp.
- ------------------
--------------------------------------
Workaround Available for "Malformed HTR Request" Vulnerability
Originally Posted: June 15, 1999
Summary
=======
Microsoft has released a patch that eliminates a vulnerability in Microsoft (r) Internet Information Server 4.0. The vulnerability could allow denial of service attacks against an IIS server or, under certain conditions, could allow arbitrary code to be run on the server.
Microsoft has issued this bulletin to advise customers of steps they can take to protect themselves against this vulnerability. A patch to eliminate this vulnerability is being developed, and an update to this bulletin will be released to advise customers when it is available.
Issue
=====
IIS supports several file types that require server-side processing. When a web site visitor requests a file of one of these types, an appropriate filter DLL processes it. A vulnerability exists in ISM.DLL, the filter DLL
that processes
The vulnerability involves an unchecked buffer in ISM.DLL. This poses two threats to safe operation. The first is a denial of service threat. A malformed request for an
carefully-constructed file request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Neither scenario could occur accidentally. This vulnerability does not involve the functionality of the password administration features of
While there are no reports of customers being adversely affected by this vulnerability, Microsoft is proactively releasing this bulletin to allow customers to take appropriate action to protect themselves against it.
Affected Software Versions
==========================
- Microsoft Internet Information Server 4.0
What Microsoft is Doing
=======================
Microsoft has provided a workaround that fixes the problem identified. The workaround is discussed below in What Customers Should Do.
Microsoft also has sent this security bulletin to customers subscribing to the Microsoft Product Security Notification Service.
See http://www.microsoft.com/security/services/bullet
What Customers Should Do
========================
Microsoft highly recommends that customers disable the script mapping for
- From the desktop, start the Internet Service Manager by clicking Start | Programs | Windows NT 4.0 Option Pack | Microsoft Internet Information Server | Internet Service Manager
- Double-click "Internet Information Server"
- Right-click on the computer name and select Properties
- In the Master Properties drop-down box, select "WWW Service", then click the "Edit" button .
- Click the "Home Directory" tab, then click the "Configuration" button .
- Highlight the line in the extension mappings that contains ".HTR", then click the "Remove" button.
- Respond "yes" to "Remove selected script mapping?" say yes, click OK 3 times, close ISM
A patch will be available shortly to eliminate the vulnerability altogether.
Customers should monitor http://www.microsoft.com/security for an announcement when the patches are available.
Microsoft recommends that customers review the IIS Security Checklist at
http://www.microsoft.com/security/products/iis/
More Information
================
Please see the following references for more information related to this issue.
- Microsoft Security Bulletin MS99-019,
Workaround Available for "Malformed HTR Request" Vulnerability (The Web-posted version of this bulletin),
http://www.microsoft.com/security/bulletins/ms9
- IIS Security Checklist,
http://www.microsoft.com/security/products/iis/
Obtaining Support on this Issue
===============================
If you require technical assistance with this issue, please contact Microsoft Technical Support. For information on contacting Microsoft
Technical Support, please see
http://support.microsoft.com/support/contact/de
Revisions
=========
- June 15, 1999: Bulletin Created.
For additional security-related information about Microsoft products, please visit http://www.microsoft.com/security
-----------------------------------------------