"If they want to addresse the issue of quality in open source software, there is a lot they need to consider. Most importantly... what do they mean by quality? What represents good quality in one project, may not be relevant to others."
Sticking with the "ISO" flavour, ISO 9126 defines software quality characteristics as Functionality, Reliability, Usability, Efficiency, Maintainability and Portability
PJ of Groklaw has quit OSRM over her relationship to the study. She states references madr by SCO lead her to the decision.
SCO has been having a road show in the UK. As it happens, a Groklaw reader attended, and this individual reported to me that one of the speakers, in a talk about intellectual property risks in Linux and how you shouldn't use it in business as a result, mentioned me by name, and twisted my relationship with OSRM to say that it proved that I believe there are substantial IP risks in Linux.
The most notable quote is "Money is nice, but integrity is everything."
You make it sound like this is an attitude exclusivly to Mozilla developers.
I can assure(maybe unassure?) you that this is not the case. This attitude is prevalent across many development areas. Why? Ego. You have to have a significant ego level to think these things can be accomplished.
I have spent the last 5 and 1/2 years in testing and test lead positions and recognize that the level of confidence required the create software from nothing is huge. The
"Impossible! Go fuck yourself neil[at]neilpearce.com - Lotsa abuse - Oh... Ah... Hmmm.... You seen this? - Errr... Shit! - Hmmm..."
is just unprofessional. Not atypical, but very unprofessional.
As you say you are a security novice, I would suggest you take a look at the Common Criteria for information security evaluation. This is what most security evaluations are assessed against. Threat Analysis/Risk Assessmeny (TARA) consultants are in high demand and can earn a lot of $$ these days.
What is "the authorized machine"? Can't I use my iPod (that I don't have yet) anywhere I like? And people actually buying this crap? How is this better than any other mp3 player that acts as an USB stick without any stupid DRM and other restrictions? What does iPod offer that makes people to put up with DRM?
This is not a troll.
And, to answer the "troll"'s question: It's from Apple??
It also has this little note which I find amusing:
Outlook is only installed on a machine if the user has specifically installed it, either as a standalone application, or as part of the Microsoft Office suite.
or if you install IE (service pack or upgrade) The last time I tested a IE 5.5 to 6 "upgrade", I found OE was installed as well.
Can you write a tool to scan an entire drive for a particular, static DLL? Can it be replaced by a patched version in all instances?
Simple answer: "Yes".
I fail to see where you get the idea that this is a "third party" DLL. It is a DLL redistributed by a third party. It is still one static piece of code. It is still owned by Microsoft not the ever evil "third parties" that link their programs to it. Responsibility for this code lies with the owner, the same as it does for any code.
I, personally, don't care who runs the site. If the facts are clear, the source is immaterial. I frequently use info from the MSKB site. Does that make me "anti-linux" or "anti-Mac"? No, that would give me a very narrow point of view.
Please don't forget that this is not a random exploit in a "snippit of code". It is a vulnerability in a Microsoft DLL that is not subject to modification or "improvement" by anyone except Microsoft.
Slashdot Mirror
I know it's probably not what the /.ed page was presenting, but it is something.
It has benn interesting to watch this over the years.
Bad form to double-post, here goes: You might want to read "Securing an Open Society".
In Canada, the strategy is presented in the document (PDF) "Securing an Open Society".
One tidbit is:
Thank you. That clears this up.
For Beta testing, I would say beta testers.
For non-working", I would guess no-one.
"If they want to addresse the issue of quality in open source software, there is a lot they need to consider. Most importantly... what do they mean by quality? What represents good quality in one project, may not be relevant to others."
Sticking with the "ISO" flavour, ISO 9126 defines software quality characteristics as Functionality, Reliability, Usability, Efficiency, Maintainability and Portability
I'm using my imagination to arrive at a place where your spelling of the word anywhere would be correct.
Although a supercilious comment such as yours should be modded to oblivion, a definition of supercilious should suffice.
Very, very good rant.
No mod points so just accolades.
Cheers.
The most notable quote is "Money is nice, but integrity is everything."
Also check out The Open Web Application Security Project.
I think "Poon" is appropriate. Isn't that what most searches are targeted towards?
Who cares? As long as "index of /porn" search turns up good results!
I can assure(maybe unassure?) you that this is not the case.
This attitude is prevalent across many development areas.
Why?
Ego.
You have to have a significant ego level to think these things can be accomplished.
I have spent the last 5 and 1/2 years in testing and test lead positions and recognize that the level of confidence required the create software from nothing is huge.
The is just unprofessional. Not atypical, but very unprofessional.
As you say you are a security novice, I would suggest you take a look at the Common Criteria for information security evaluation.
This is what most security evaluations are assessed against. Threat Analysis/Risk Assessmeny (TARA) consultants are in high demand and can earn a lot of $$ these days.
This is not a troll.
And, to answer the "troll"'s question: It's from Apple??
Now, that is not so frequent.
Then why are you using the "MS Word" spell-checker?
The only thing I have no tolerance for is intolerance.
Is that self-contradictory or a conviction to principles?
So, it's an evolutionary thing?
Can you write a tool to scan an entire drive for a particular, static DLL? Can it be replaced by a patched version in all instances?
Simple answer: "Yes".
I fail to see where you get the idea that this is a "third party" DLL. It is a DLL redistributed by a third party. It is still one static piece of code.
It is still owned by Microsoft not the ever evil "third parties" that link their programs to it.
Responsibility for this code lies with the owner, the same as it does for any code.
I, personally, don't care who runs the site.
If the facts are clear, the source is immaterial.
I frequently use info from the MSKB site. Does that make me "anti-linux" or "anti-Mac"?
No, that would give me a very narrow point of view.
Please don't forget that this is not a random exploit in a "snippit of code". It is a vulnerability in a Microsoft DLL that is not subject to modification or "improvement" by anyone except Microsoft.