> Oh yeah, because the other distros dictate which software you have to install.
Exactly. Try and install ONLY the software you WANT on a RedHat system for example: impossible because of dependencies. And I am not speaking of libraries here. Try and install without X, LDAP (add favourite useless app here) for instance.
I love our Sun. And I want to see it every single day. At 100%. Not at a mere 10%! Imagine to live on a dull planet with 10% Sun light. I somehow wonder how crap like this ends up as serious "news".
How is this a security model? All a "privilege" does is open a special hole in an otherwise secure model. Almost any of these holes can be used to execute arbitrary code as the superuser. So instead of giving a token any of these privileges you could simply run the token as the superuser - it's not less secure.
Backup: I can read any file, especially the password DB. Restore: I can replace any system file with a modified version. Take ownership: I can replace any system file with a modified version. Debug: I can read system memory and obtain secure information like cached passwords. Load driver: I can install a rootkit. Lock pages: I can run the system out of memory and force swapping security related information to disk from where it is easier to intercept. Create token: not sure what it does in detail, but sounds scary.
It doesn't matter if the installer is apt, urpmi, up2date, or yum. All the major distributions need to pull their heads out of the asses, and get together to agree on a single installer.
No, I am using Gentoo. And I absolutely love portage / emerge. Nobody will ever make me change that for this bloody rpm bullshit.
Just to clarify: The article speaks about the chemical toxic properties of heavy metals (especially Uranium). The toxicity can be eliminated by converting the substance into another chemical compound. The article however does NOT talk about the physical radiocative properties of Uranium. Bacteria CAN NOT convert radioactive substances into non-radioactive ones.
My site does not actively boycot IE in terms of redirecting people to Firefox or locking them out. But my site just gives the user a worse user experience. The code is just standards compliant and looks as intended on all popular browsers except IE. On IE the page would actually be unusable, but I have included a conditional CSS to compensate the most annoying stuff. Still the page doesn't render as nice as in other browsers.
Remember the Netscape times? When the web evolved and Netscape didn't, it's market share dropped, because it wasn't able to render many pages correctly. Guess what will happen when IE doesn't render many pages correctly any more.
1. They say no word about the problem and the implementation of the solutions. Results may vary depending on the problem. 2. Comparing J2EE/.NET to PHP/Plone is bollocks. Problems that are solved with J2EE/.NET today are so complex that choosing PHP/Plone instead is no option. It's like comparing trains to airplanes. 3. Where are tables, figures and graphs?
How much do you trust a network or rather the users and programs on that network? Experience showed us that there is no such thing as a trusted network. Corporate intranets are suddenly pentrated by laptops, WIFI and other mobile devices. SSH tunnels create unmonitorable connections to the outside world. Email and Webdownloads create other holes. So again, how can anybody define "trust" in a network, or even a "network" in the first place?
CSS claims to be a language for layouting HTML. Why are the layouting capabilities so limited then? Were any graphical designers / people with layouting experience actually involved in the development of the standard?
To illustrate my point of view: Positioning of block elements in CSS can only be absolute (which is not suitable for arbitrary size screens), relative to immediately preceding or following elements (which is not very flexible) or floating (which is also not very flexible as it only affects subsequent elements). This makes the order of the HTML elements significant. As a consequence HTML must still be modified when changing the design. Doesn't this defeat the purpose of CSS?
The HTML code of my site has always been standards compliant. The tricky part is how you code the CSS to make it show up properly with IE. When I recently revamped the layout I totally ignored IE. I was coding on a Linux box anyway. So I used standards only and tested in Firefox and Konqueror. I was not surprised that it didn't look quite as nice in IE. But this could easily be fixed with an IE-specific CSS include using . My focus was not to make it look nice on IE, but to get it to a point where the content was readable. In my opinion it's totally okay that people still using this broken IE thing get a worse browsing experience than people using a standards compliant tool.
Now we can start contributing bugfixes for the long-standing bugs in the standard API.
The API source is already available and you get it in the src.zip file of every JDK. It also includes the com.sun.* packages. So in theory you could always fix those API bugs in your own fork of the standard API making your applications incompatible with the rest of the Java world.
What Sun is talking about now, is releasing the source code of their VM implementation.
Eclipse is a bit a special case as it is a Java application. Its memory requirements have nothing to do with Linux. 256MB honestly are too low too use Eclipse. Java has its own memory management (garbage collected heap) and thus is assigned a fixed large chunk of memory at startup time to work with. You can control the amount of memory that is assigned to Eclipse with some commandline switches: -Xmx128m -XX:MaxPermSize=128m would give it 128MB of heap and 128MB of space for most non-heap (code) memory. I use 256 MB heap and 128 MB perm gen and have never hit a limit with this configuration - and I use Eclipse daily with a lot of code and many plugins. If you add -Dcom.sun.management.jmxremote you may use jconsole to inspect the internal memory structure and further finetune.
If you end up swapping a Java process to disk, performance will go down drastically. Because of its own memory management, Java has very bad locality and touches lots of memory all the time (as probably all GC heaps do) - so its best not to swap a Java process at all.
Slashdot Mirror
> Oh yeah, because the other distros dictate which software you have to install.
Exactly. Try and install ONLY the software you WANT on a RedHat system for example: impossible because of dependencies. And I am not speaking of libraries here. Try and install without X, LDAP (add favourite useless app here) for instance.
... as I was just working on an ebuild for it...
Though not born as a girl, clearly Julianne Frances Haugh is missing. She wrote the Unix shadow password framework.
First thing I do on any new desktop: disable the sound scheme. Oh, and I disable the PC speaker driver in Linux kernel.
I love our Sun. And I want to see it every single day. At 100%. Not at a mere 10%! Imagine to live on a dull planet with 10% Sun light. I somehow wonder how crap like this ends up as serious "news".
(a) using an open-source wrapper, so their real driver doesn't use any of the Linux kernel interfaces directly,
.... (fill in here).
The glue code links to the kernel directly. So it must be GPL. The user space code links to the glue code directly. So it must be
How is this a security model? All a "privilege" does is open a special hole in an otherwise secure model. Almost any of these holes can be used to execute arbitrary code as the superuser. So instead of giving a token any of these privileges you could simply run the token as the superuser - it's not less secure.
Backup: I can read any file, especially the password DB.
Restore: I can replace any system file with a modified version.
Take ownership: I can replace any system file with a modified version.
Debug: I can read system memory and obtain secure information like cached passwords.
Load driver: I can install a rootkit.
Lock pages: I can run the system out of memory and force swapping security related information to disk from where it is easier to intercept.
Create token: not sure what it does in detail, but sounds scary.
The city of Zurich (Switzerland) has been guarding its drinking water for the last 30 years with trouts.
Yeah, I am confident that virtualization will make the OS less complex...
Fine. Can you demonstrat the same with kde and all it's dependencies, please?
With Gentoo portage it's as simple as:
# emerge kde
It doesn't matter if the installer is apt, urpmi, up2date, or yum. All the major distributions need to pull their heads out of the asses, and get together to agree on a single installer.
No, I am using Gentoo. And I absolutely love portage / emerge. Nobody will ever make me change that for this bloody rpm bullshit.
Just to clarify: The article speaks about the chemical toxic properties of heavy metals (especially Uranium). The toxicity can be eliminated by converting the substance into another chemical compound. The article however does NOT talk about the physical radiocative properties of Uranium. Bacteria CAN NOT convert radioactive substances into non-radioactive ones.
My site does not actively boycot IE in terms of redirecting people to Firefox or locking them out. But my site just gives the user a worse user experience. The code is just standards compliant and looks as intended on all popular browsers except IE. On IE the page would actually be unusable, but I have included a conditional CSS to compensate the most annoying stuff. Still the page doesn't render as nice as in other browsers.
Remember the Netscape times? When the web evolved and Netscape didn't, it's market share dropped, because it wasn't able to render many pages correctly. Guess what will happen when IE doesn't render many pages correctly any more.
Answering myself:
Some tables and figures are here.
Plus JBoss has answered the "study" with a nice blog entry:
1. They say no word about the problem and the implementation of the solutions. Results may vary depending on the problem.
2. Comparing J2EE/.NET to PHP/Plone is bollocks. Problems that are solved with J2EE/.NET today are so complex that choosing PHP/Plone instead is no option. It's like comparing trains to airplanes.
3. Where are tables, figures and graphs?
How much do you trust a network or rather the users and programs on that network? Experience showed us that there is no such thing as a trusted network. Corporate intranets are suddenly pentrated by laptops, WIFI and other mobile devices. SSH tunnels create unmonitorable connections to the outside world. Email and Webdownloads create other holes. So again, how can anybody define "trust" in a network, or even a "network" in the first place?
CSS claims to be a language for layouting HTML. Why are the layouting capabilities so limited then? Were any graphical designers / people with layouting experience actually involved in the development of the standard?
To illustrate my point of view: Positioning of block elements in CSS can only be absolute (which is not suitable for arbitrary size screens), relative to immediately preceding or following elements (which is not very flexible) or floating (which is also not very flexible as it only affects subsequent elements). This makes the order of the HTML elements significant. As a consequence HTML must still be modified when changing the design. Doesn't this defeat the purpose of CSS?
The HTML code of my site has always been standards compliant. The tricky part is how you code the CSS to make it show up properly with IE. When I recently revamped the layout I totally ignored IE. I was coding on a Linux box anyway. So I used standards only and tested in Firefox and Konqueror. I was not surprised that it didn't look quite as nice in IE. But this could easily be fixed with an IE-specific CSS include using . My focus was not to make it look nice on IE, but to get it to a point where the content was readable. In my opinion it's totally okay that people still using this broken IE thing get a worse browsing experience than people using a standards compliant tool.
Now we can start contributing bugfixes for the long-standing bugs in the standard API.
The API source is already available and you get it in the src.zip file of every JDK. It also includes the com.sun.* packages. So in theory you could always fix those API bugs in your own fork of the standard API making your applications incompatible with the rest of the Java world.
What Sun is talking about now, is releasing the source code of their VM implementation.
When will this data be available in Google?
Eclipse is a bit a special case as it is a Java application. Its memory requirements have nothing to do with Linux. 256MB honestly are too low too use Eclipse. Java has its own memory management (garbage collected heap) and thus is assigned a fixed large chunk of memory at startup time to work with. You can control the amount of memory that is assigned to Eclipse with some commandline switches: -Xmx128m -XX:MaxPermSize=128m would give it 128MB of heap and 128MB of space for most non-heap (code) memory. I use 256 MB heap and 128 MB perm gen and have never hit a limit with this configuration - and I use Eclipse daily with a lot of code and many plugins. If you add -Dcom.sun.management.jmxremote you may use jconsole to inspect the internal memory structure and further finetune.
If you end up swapping a Java process to disk, performance will go down drastically. Because of its own memory management, Java has very bad locality and touches lots of memory all the time (as probably all GC heaps do) - so its best not to swap a Java process at all.
Too many applications are just plain huge; e.g. Open Office.
I don't find a 18 megs increase of used ram too much.
This system was running xorg, KDE, Firefox, Thunderbird, Eclipse and Oo writer, Apache, MySql, Postfix and used 228 megs.
After shutting down Thunderbird, Eclipse and Oo I have roughly 122 megs used.
XP without ANY of the above applications running uses 140 megs and more right after startup.
Wasn't an OS meant to MANAGE resources, not to CONSUME them?
I never used "sudo -s" but always "sudo bash" on systems that allowed it. Because prefixing all commands with sudo was annoying...
This is a bug tracking tool and not a news site. People need this to get their work done. We don't want this slashdotted for a reason.