So, say it's been a few months since I last downloaded a security patch, and I decide it's about time to grab the latest. I can't remember the URL, so I go to www.sun.com. I see many new toys to spend the company's money on, but no patches. ("Patches? We don't need no stinkin' patches!") So I use their helpful "Search" function, and get loads of unrelated garbage. Finally, I go to google, which gets me to the patches within seconds.
However, then I need to check the patches on my system against the revision numbers on the current patches, and download each one. Or I can download the big lump of patches, but that only covers about 90% of what needs patching.
Eventually, I install all the patches.
This is just a little tiny bit more involved than "apt-get update && apt-get upgrade".
This whole IIS thing is only a Microsoft problem by coincidence. Any piece of software can have security holes, so the key to reducing their effect is timely application of patches. That appears to be the main thrust of MS's "securing IIS" effort.
Unfortunately, almost nobody makes it easy to get security patches. Debian does the best job, from an admin's point-of-view--just "apt-get update && apt-get upgrade" when there's a security announcement, and you can even put this into a cron job. MS doesn't do too badly, with "Windows Update". Solaris stinks--Sun seems to go out of their way to hide security patches from visitors to their website. I don't have much experience with other platforms--there may be better systems than Debian's, but I haven't seen them.
most benchtests for ANY
one parameter invariably produce a wildly misleading result.
What's misleading about this result? The goal was to test the performance of a particular feature of the OS in a way that would isolate that feature's performance (as much as possible) from other influences.This is useful, in that it allows cross-platform developers to make informed decisions about the relative performance of different design options.
Also, by restricting the test to simple cases, there are fewer ways that the tester can manipulate the tests to favor one OS or another. The kind of testing you favor is notoriously prone to "massaging" of the test cases. Besides, holistic testing typically doesn't give any information about which OS features should be avoided.
In all, I would say that this study is well planned, well run, and well summarized. My only beef is that they neglected to include other Unix variants in the mix.
ust to pick pits, but fgets() is no safer than gets(). gets() is simply a more specific version of fgets(), using stdin as the
file handle
Bull. The reason gets() is unsafe is it doesn't have any way to specify the maximum number of bytes to read, so any call to gets() is an automatic buffer overrun hole. fgets() takes as a parameter the maximum number of bytes to read, and is therefore safer.
By the way, any program that doesn't read external input is known as a HOMEWORK PROBLEM. Such programs are not very useful.
Wow, somebody has created a GUI for some of the
really useful Unix utilities, at least in effect.
The program to search all of your files quickly?
grep or "find... -exec grep...". No wonder it's
fast. Replacing abbreviations? awk. Every feature
describe is, as the article mentions, exactly
what Unix users expect from their computing
environment.
I wince every time I try to use a system that
lacks these features.
If I buy a book, that book is MINE. I will never need to renew my membership to re-read that book, nor will the book evaporate when the publisher goes out of business. I can read my book in any kind of light, not just light produced by GE Soft White (TM) light bulbs. US Law protects my right to cite portions of my book in my own writing. I can lend my book to a friend, donate it to a library, or even sell it.
Have you ever seen a for-pay scheme for online content that granted all of these benefits? Neither have I. That's why I will gladly pay for books, but never for online content.
Not 1901--1970, which is the beginning of the Unix epoch. So the choice is to either buy a new, 64-bit machine that won't think it's 1970 for another gajillion years, or to stock up on bellbottoms and lava lamps.
Software has always written itself. A human describes what the program needs to do, and voila! an application! That's right, boys and girls, when I tell the computer "jmp.L16", by Cthulhu, that's just what it does! Yow! If I describe enough things for the computer can do, the possibilities are endless.
Seriously: Do you have ANY IDEA how DIFFICULT it is to describe the operation of a program in English prose. Writing good documentation is 5-10 times harder than writing good code, because you don't really know its audience, and you can't just run tests to see if it works.
Rather than waiting 25-30 years for someone to come out with an English-to-C compiler, why don't you learn an actual programming language or six?
Re:Iain Banks without the M
on
The Business
·
· Score: 1
All his SF books seem to have the same problem; his 'normal' books don't.
So, what fault did you find with Feersum Endjinn? I agree that slogging through CP was pretty painful, but FE was such a joy that I strded myzbeling wirdz wyfoat evn nowtzing.
Sure you can sue them. However, bear in mind that Microsoft has N lawyers in full-time pay (where N is a large positive integer). They can afford to throw huge amounts of legal effort into defending themselves. How much cash are you willing to gamble on a favorable court decision?
Have you read the CPRM proposal? The idea is that there's a part of your hard drive that the hardware hides from your OS. If your OS supports it, and you have an application that can convince the hardware that it's "blessed", then that application will be able to get the cleartext form of a "copy-protected" (i.e. encrypted) file. If your OS does not support it, ALL applications are SOL. Circumvention is possible only if the OS supports CPRM and your application can figure out the decryption key.
At least, that's what I remember from my reading of the spec.
So, if Linus wants to avoid all possibility of such lawsuits, his best course of action is to refuse to support CPRM.
First of all, oxytocin is NOT what makes mothers (surrogate or not) feel attached to their babies. The real cause is something called "love"--perhaps you've heard of it? Did you ever notice that humans who are not mothers (or even female) will frequently drop everything they are doing just to make silly faces at a baby?
Second (in random order): if you're getting genetic material from an "anonymous third party", then there is NO POINT in making a clone to harvest organs. The only reason cloning is related to organ harvesting is that you--with YOUR OWN GENETIC MATERIAL--can create another person who is genetically identical to yourself. This means that the chance for tissue rejection is nil.
Granted, there is danger of starting a trend of murdering cloned persons for their organs, but the first suspect for the crime would be the progenitor. The real danger, as I see it, is that the world's governments, showing their usual lack of clue or caring, will declare cloned persons to be non-persons, and therefore legal to slaughter.
Bah! There is no Ultimate Weapon! XML is big today, but SOMETHING shinier, spiffier, and slicker, with a much longer acronym (or initialism) will make it passe.
What you want is not carrier-controlled QoS, but rather the ability to control the priority of the various sockets on your own host. After all YOU know exactly what data is important to you; your ISP doesn't have a clue.
Forget censorship. This would lead to a bold new world of broken links. It's bad enough to have to update hyperlinks on pages on your own server. Imagine trying to get someone like Network Solutions to update their database every time you move a file.
Yup. Of course, if UUCP were still the dominant medium, companies would be scurrying to register things like "snarf!foovax!kremvax!kgbvax!joshua!ucbvax" as trademarks.
.name: Global Name Registry. Organized under the laws of England and Whales.
I wonder what kind of Intellectual Property laws whales live under. If I were a whale, would I be violating whale copyright law by sinking a ship captained by a one-legged maniac?
Slashdot Mirror
So, say it's been a few months since I last downloaded a security patch, and I decide it's about time to grab the latest. I can't remember the URL, so I go to www.sun.com. I see many new toys to spend the company's money on, but no patches. ("Patches? We don't need no stinkin' patches!") So I use their helpful "Search" function, and get loads of unrelated garbage. Finally, I go to google, which gets me to the patches within seconds.
However, then I need to check the patches on my system against the revision numbers on the current patches, and download each one. Or I can download the big lump of patches, but that only covers about 90% of what needs patching.
Eventually, I install all the patches.
This is just a little tiny bit more involved than "apt-get update && apt-get upgrade".
This whole IIS thing is only a Microsoft problem by coincidence. Any piece of software can have security holes, so the key to reducing their effect is timely application of patches. That appears to be the main thrust of MS's "securing IIS" effort.
Unfortunately, almost nobody makes it easy to get security patches. Debian does the best job, from an admin's point-of-view--just "apt-get update && apt-get upgrade" when there's a security announcement, and you can even put this into a cron job. MS doesn't do too badly, with "Windows Update". Solaris stinks--Sun seems to go out of their way to hide security patches from visitors to their website. I don't have much experience with other platforms--there may be better systems than Debian's, but I haven't seen them.
most benchtests for ANY one parameter invariably produce a wildly misleading result.
What's misleading about this result? The goal was to test the performance of a particular feature of the OS in a way that would isolate that feature's performance (as much as possible) from other influences.This is useful, in that it allows cross-platform developers to make informed decisions about the relative performance of different design options.
Also, by restricting the test to simple cases, there are fewer ways that the tester can manipulate the tests to favor one OS or another. The kind of testing you favor is notoriously prone to "massaging" of the test cases. Besides, holistic testing typically doesn't give any information about which OS features should be avoided.
In all, I would say that this study is well planned, well run, and well summarized. My only beef is that they neglected to include other Unix variants in the mix.
Nature is a peer reviewed journal, and one of the more prestigious ones to boot.
Damn, here I've been going under the misapprehension that nature is a big open place full of green things and other things that can poop on you.
From the IIS article:
I couldn't agree more. Apache just can't compete with the speed of Microsoft's PR department in spinning every horrendous hole as "innovation".
ust to pick pits, but fgets() is no safer than gets(). gets() is simply a more specific version of fgets(), using stdin as the file handle
Bull. The reason gets() is unsafe is it doesn't have any way to specify the maximum number of bytes to read, so any call to gets() is an automatic buffer overrun hole. fgets() takes as a parameter the maximum number of bytes to read, and is therefore safer.
By the way, any program that doesn't read external input is known as a HOMEWORK PROBLEM. Such programs are not very useful.
OK, I'm done ranting now. Now I feel better.
Wow, somebody has created a GUI for some of the ... -exec grep ...". No wonder it's
really useful Unix utilities, at least in effect.
The program to search all of your files quickly?
grep or "find
fast. Replacing abbreviations? awk. Every feature
describe is, as the article mentions, exactly
what Unix users expect from their computing
environment.
I wince every time I try to use a system that
lacks these features.
The only Gauls I know of who would have a chance against Goliath are Asterix and Obelix.
If I buy a book, that book is MINE. I will never need to renew my membership to re-read that book, nor will the book evaporate when the publisher goes out of business. I can read my book in any kind of light, not just light produced by GE Soft White (TM) light bulbs. US Law protects my right to cite portions of my book in my own writing. I can lend my book to a friend, donate it to a library, or even sell it.
Have you ever seen a for-pay scheme for online content that granted all of these benefits? Neither have I. That's why I will gladly pay for books, but never for online content.
Whoops, my bad.
I bow to your superior knowledge of negative numbers.
Not 1901--1970, which is the beginning of the Unix epoch. So the choice is to either buy a new, 64-bit machine that won't think it's 1970 for another gajillion years, or to stock up on bellbottoms and lava lamps.
Software has always written itself. A human describes what the program needs to do, and voila! an application! That's right, boys and girls, when I tell the computer "jmp .L16", by Cthulhu, that's just what it does! Yow! If I describe enough things for the computer can do, the possibilities are endless.
Seriously: Do you have ANY IDEA how DIFFICULT it is to describe the operation of a program in English prose. Writing good documentation is 5-10 times harder than writing good code, because you don't really know its audience, and you can't just run tests to see if it works.
Rather than waiting 25-30 years for someone to come out with an English-to-C compiler, why don't you learn an actual programming language or six?
All his SF books seem to have the same problem; his 'normal' books don't.
So, what fault did you find with Feersum Endjinn? I agree that slogging through CP was pretty painful, but FE was such a joy that I strded myzbeling wirdz wyfoat evn nowtzing.
Uh, a PC is a microcomputer.
Less time spent reading /. per day means more time doing other stuff, like talking about movies and baseball. This is an OBVIOUS performance boost.
Sure you can sue them. However, bear in mind that Microsoft has N lawyers in full-time pay (where N is a large positive integer). They can afford to throw huge amounts of legal effort into defending themselves. How much cash are you willing to gamble on a favorable court decision?
Have you read the CPRM proposal? The idea is that there's a part of your hard drive that the hardware hides from your OS. If your OS supports it, and you have an application that can convince the hardware that it's "blessed", then that application will be able to get the cleartext form of a "copy-protected" (i.e. encrypted) file. If your OS does not support it, ALL applications are SOL. Circumvention is possible only if the OS supports CPRM and your application can figure out the decryption key.
At least, that's what I remember from my reading of the spec.
So, if Linus wants to avoid all possibility of such lawsuits, his best course of action is to refuse to support CPRM.
Yup. A Java "interface" purely defines a type. A Java "class" defines both a class and a type.
To state the problem briefly:
A type describes the properties and operations that make sense for a given value, while a class describes the implementation details of the value.
There is no necessary connection between the two. However, since C++ horribly confused them, most programmers don't know the difference.
Ye gods. Where to start...
First of all, oxytocin is NOT what makes mothers (surrogate or not) feel attached to their babies. The real cause is something called "love"--perhaps you've heard of it? Did you ever notice that humans who are not mothers (or even female) will frequently drop everything they are doing just to make silly faces at a baby?
Second (in random order): if you're getting genetic material from an "anonymous third party", then there is NO POINT in making a clone to harvest organs. The only reason cloning is related to organ harvesting is that you--with YOUR OWN GENETIC MATERIAL--can create another person who is genetically identical to yourself. This means that the chance for tissue rejection is nil.
Granted, there is danger of starting a trend of murdering cloned persons for their organs, but the first suspect for the crime would be the progenitor. The real danger, as I see it, is that the world's governments, showing their usual lack of clue or caring, will declare cloned persons to be non-persons, and therefore legal to slaughter.
Bah! There is no Ultimate Weapon! XML is big today, but SOMETHING shinier, spiffier, and slicker, with a much longer acronym (or initialism) will make it passe.
What you want is not carrier-controlled QoS, but rather the ability to control the priority of the various sockets on your own host. After all YOU know exactly what data is important to you; your ISP doesn't have a clue.
Forget censorship. This would lead to a bold new world of broken links. It's bad enough to have to update hyperlinks on pages on your own server. Imagine trying to get someone like Network Solutions to update their database every time you move a file.
Yup. Of course, if UUCP were still the dominant medium, companies would be scurrying to register things like "snarf!foovax!kremvax!kgbvax!joshua!ucbvax" as trademarks.
I wonder what kind of Intellectual Property laws whales live under. If I were a whale, would I be violating whale copyright law by sinking a ship captained by a one-legged maniac?