I too am an MSFC contractor. I'm right with you in hoping that NASA thoroughly burns AJT's biscuits at renewal time.
For those who don't know, safety is always spelled with a capital S in and around NASA. Their homage to this sacred cow -- mandatory monthly meetings with cliff-hanger videos that make the American Red Cross look like Cannes Film Festival triumphants, monthly inspections by overbearing site safety managers, some inane safety tip in email at least weekly from same -- borders on asinine.
If AJT doesn't get a sound smacking, there's probably a rat somewhere in the chain of their contract.
What are the chances of getting some editorial accountability around this place?
Jamie, before you go stating that "OSS != Security," please consider:
Bugs in crypto systems are extraordinarily difficult to hunt down and squish. Read Applied Cryptography if you feel like getting your brain around why.
A bug of this magnitude in a product with source code not available would probably never have been discovered.
PGP's license has never met the Open Source Definition (it's free to use only under certain circumstances). Despite this technicality, your headline is stupidly sensational and self-defeating. Wouldn't it have been much better to title it "Key Generation Bug Found in PGP 5"?
I have done development work on commerce sites using CCVS for card verification. I have to say that the API is very well documented and easy to write to. I understand that HKS are some cool folks as well, and people of the Penguin (they ran a promo at ALS in 1998 offering a significant discount to new customers who mentioned the show).
I've been a Linux user for over five years, and a *BSD user for around two. I'm glad to see more notice of the various 4.4BSD derivatives coming from the Linux community, but any time those two letters "vs" show up between the names of these two excellent products, it burns my cookies a little bit.
One of the old linpeople IRC regulars once said something to the effect that:
"Linux and BSD both have their uses, and I use both. The two work together much better than they work apart."
(FWIW, #linpeople is where my nick came from, when I truly was a newbie)
Should there be a law, or a line in the NSI contract saying that it would be illegal to have a name based on a typo, or a misleading name?
Two problems:
It's no longer NSI's game, what with ICANN and all the competing registrars. That means that any prohibition would have to be either in the ICANN rules (read "designed and executed by a committee") or in a U.S. federal law (read "designed by a committee that is indisputably controlled by the interests of organizations more like EToys than Etoy in their inclinations, and executed by the U.S. legal system.")
If each registrar tried to adopt some sort of policy regarding this hot potato, the minefield of competing policies would surely exaccerbate more disputes than it would prevent or resolve.
In my experience, mixing IDE and SCSI devices causes a performance hit on the SCSI side. In fact, I've seen a noticeable increase in the performance of a good UltraII SCSI chain by disabling the on-board IDE controller.
Open Source Quake makes it easier for a broader range of people to cheat. It's going to be mostly script-kiddie types using cheater clients, the rest of us who enjoy the game might try it once but will quickly grow tired of an unfair advantage.
Yes! Yes! Yes! I often find myself thinking that Linux is going down a slippery slope as it becomes more popular. I see a huge danger in such things as certification programs (especially those offered by a distribution vendor such as Red Hat) creating a "cert mill" situation similar to the existing MCSE one. It's not hard to imagine the day when any moron who can bring up a system and make it kinda work some of the time is elevated to expert status because s/he made it through a certification boot camp.
OTOH, it sucks for professionals like me to have to fly in good solutions under the radar of a management that insists on branding and illusions of legal recourse.
Linux is in danger of suffering from its own success. It's so well-designed and scalable that it really does work equally well on the desktop and in the datacenter, and does so without relying on licensing costs to differentiate where it's meant to be used.
Good free software, it seems, can be a mixed blessing. Fortunately, the really important bits (the kernel and surrounding GNU utils) are remaining untainted and showing steady progress. The most popular distributions, however, are increasingly bloated, insecure, and end-user targeted. More than Linux leaving the power-user segment, I fear the departure of the power users from the Linux camp.
Agreed on the point of Windows installation being a drag. How many computer users in the general population do you know who have ever installed any operating system? Ease of installation seems a silly point to nag on, when it makes more sense to reward vendors like Dell and VA who will sell you a preinstalled Linux box by giving them our business, and encouraging other vendors to make similar offerings.
The term "HURD" refers strictly to the Mach microkernel and supporting servers that provide kernel-like functionality. In the same way, the term "Linux" is really applicable only to the kernel that Linus founded. This is why Debian refers to its current offering as "Debian GNU/Linux" and to its forthcoming HURD-based distro as "Debian GNU/HURD". The GNU part refers to the utilities surrounding and supporting the kernel-like infrastructure.
In fact, it is my understanding that RMS founded the GNU (GNU's Not Unix) project as a set of tools designed to support a Unix-like microkernel infrastructure -- the Hird of Unix-Replacing Daemons (HURD). The Linux kernel happened to pop up under the same license before the HURD ever thought of bootstrapping, and kind of sidetracked the efforts of the community that was implementing GNU.
So if the HURD itself is beginning to appear Debian-like, it would be only in its development cycle and practices.
Slashdot Mirror
For those who don't know, safety is always spelled with a capital S in and around NASA. Their homage to this sacred cow -- mandatory monthly meetings with cliff-hanger videos that make the American Red Cross look like Cannes Film Festival triumphants, monthly inspections by overbearing site safety managers, some inane safety tip in email at least weekly from same -- borders on asinine.
If AJT doesn't get a sound smacking, there's probably a rat somewhere in the chain of their contract.
---
--
Jamie, before you go stating that "OSS != Security," please consider:
PGP's license has never met the Open Source Definition (it's free to use only under certain circumstances). Despite this technicality, your headline is stupidly sensational and self-defeating. Wouldn't it have been much better to title it "Key Generation Bug Found in PGP 5"?
The 68Ks have been around for a good long time, and are extraordinarily versatile. However,the first Macs debuted in 1984...
--
One of the old linpeople IRC regulars once said something to the effect that:
"Linux and BSD both have their uses, and I use both. The two work together much better than they work apart."
(FWIW, #linpeople is where my nick came from, when I truly was a newbie)
Two problems:
OTOH, it sucks for professionals like me to have to fly in good solutions under the radar of a management that insists on branding and illusions of legal recourse.
Linux is in danger of suffering from its own success. It's so well-designed and scalable that it really does work equally well on the desktop and in the datacenter, and does so without relying on licensing costs to differentiate where it's meant to be used.
Good free software, it seems, can be a mixed blessing. Fortunately, the really important bits (the kernel and surrounding GNU utils) are remaining untainted and showing steady progress. The most popular distributions, however, are increasingly bloated, insecure, and end-user targeted. More than Linux leaving the power-user segment, I fear the departure of the power users from the Linux camp.
The term "HURD" refers strictly to the Mach microkernel and supporting servers that provide kernel-like functionality. In the same way, the term "Linux" is really applicable only to the kernel that Linus founded. This is why Debian refers to its current offering as "Debian GNU/Linux" and to its forthcoming HURD-based distro as "Debian GNU/HURD". The GNU part refers to the utilities surrounding and supporting the kernel-like infrastructure.
In fact, it is my understanding that RMS founded the GNU (GNU's Not Unix) project as a set of tools designed to support a Unix-like microkernel infrastructure -- the Hird of Unix-Replacing Daemons (HURD). The Linux kernel happened to pop up under the same license before the HURD ever thought of bootstrapping, and kind of sidetracked the efforts of the community that was implementing GNU.
So if the HURD itself is beginning to appear Debian-like, it would be only in its development cycle and practices.