My comment was more one of the hypocracy in the US Security discussion. That, certainly, the information is fully available in public. Yet, it is STILL likely considered a security risk. A prime example of this is encryption... the algorithms are well-known, yet it is still illegal to export certain cryptographic software. How much sense does THAT make when there is already available software outside of the US, yet US producers may not export some software?
There has been a very long tradition of making source code developed by Government projects available to the general computing public. This is the true "public domain" software that has existed since the beginning of computing. I believe many bits of code from NASA made it into the public domain over the years.
I would bet that the information you desire is now considered to be highly classified and thus not available. You could produce trajectory information for ballistic missiles and who knows how it might be mis-construed as useful to those "terrorists" of whom the US is so fearful these days.
Besides... you might find a units of measure error or two if you got to see this code.
Been using it since it was released and Love It
on
Effective C#
·
· Score: 1
I started working on a hardcore C# project around the end of last fall. Effective C# has been my guide and while there are a few recommendations that I'm still experimenting with, I must say I have been very pleased with the results of following its recommendations. While I do concur that the number of typos was surprising, most are simply a missing space between two words and thus little is lost other than the finish of the book. In general, the entire "Effective" series of books has been equally useful, though this one misses the fine sense of humor Scott Meyers has contributed to his own books.
This is surely one of those slippery slopes that we do not want to go down. I am a father and certainly can understand the horror of what happened in the case that motivated this law. But, this country used to have a principal whereby if you were convicted of a crime, you served your time and then were allowed re-enter society to become a productive member of society. Recently, there has been a competition to see who can impose the harsher punishments, and who can be the least forgiving. All in the name of preventing abuse and molestation of children. But, why should we stop with those individuals who have been convicted. Let's monitor anyone who has been arrested in association with an investigation of alleged molestation or child abuse. Even better, lets just monitor EVERYONE. We have the technology. And, surely the only people who wouldn't want their location known are those with something to hide. We could even solve most problems with this single solution... if we know where everyone is, and when they are there, we will far more quickly solve all crimes, and prevent terrorism. Sounds like the perfect solution, doesn't it?
I'll also suggest that for government leaders who profess to be strict adherents of the Christian faith, this is surely a most un-Christian solution.
The problem is that lots of software REQUIRES Administrator simply to function properly. You can argue that one should simply ditch that software, but unfortunately its not always that easy.
Case in point: Visual Studio.NET 2003. Debugging managed code in a Web Application/Web Service, or a Windows Service pretty much requires Administrator access.
Re:Too much testing, not enough Interviewing
on
IT Literacy Test
·
· Score: 2, Interesting
You ask: if you get 100 applicants for 10 positions, then why not use tests...?
The answer is simply that you are making assumptions about what the test is measuring. Maybe the test is filtering out the best people for the job, not the worst? There is only one way to know, and that is to validate the metric, test, against the goal, selecting the best candidates from a larger group.
To the best of my knowledge, no one has done this groundwork. Therefore, you can not know what applying the metric will actually accomplish. You have a hypothesis that it selects the best candidates from a larger group. But, as any researcher in the social sciences will tell you, doing the study to validate this hypothesis, and thus the metric, frequently yields surprising results.
While it is easy to argue that people are very subjective, and that they apply criteria other than those desired, in reality these are frequently exactly the insights necessary to identify that superior individual from the crowd. There are things one can do to protect against overly subjective evaluation by people during interviews. There is a long history of experience in this area, and for the most part it is successful.
Testing has a far shorter track record than the personal interview, and thus requires MORE care and checks rather than fewer checks. Since each test is a new metric, testing actually also requires more work to establish its validity than personal interviewing. The saddest bit is that most people not only do not perform the necessary work to validate a test's validity, they rarely even understand it's need.
Too much testing, not enough Interviewing
on
IT Literacy Test
·
· Score: 4, Insightful
Our society has gotten far to hung up on testing as a silver bullet. Tests are just attempts to measure something, exactly as a ruler measures length or a scale measures weight. But tests such as the one in the article are, due to their nature, far less accurate or precise.
I see the introduction of yet another test as a poor substitute for one on one personal interviewing of the test subject. They are looking for a quick fix, one that is not people intensive when the fact is, people are best able to evaluate these complex abilities and skills, so long as they take sufficient time in doing so.
This is just like "No Child Left Behind". Instead of investing in the people, in that case teachers to work with students, a battery of standardized tests are introduced as a substitute. Yet, there is no validation of the testing against its objective, while we entrust our decisions to those very tests.
That is the biggest issue here as well. We are attempting to replace human judgement with supposedly objective testing, when it is precisely the complexity of that human judgement that is called for.
Rather than going nuclear, maybe there is an ingenious way to clear the dust off their solar panels, thus extending their useful lifespan indefinitely. I can't imagine there isn't a solution to that problem... maybe something as "simple" as the ability to rotate the panels into a 90-degree position and then shake. Sure seems much simpler than engineering a nuclear based solution.
I hate to say this, but they were probably billing the government project you were "working" on for your time while you waited for your clearance. Thus, of COURSE, they cared what you were doing. They surely did not want to find you sitting in front of a congressional committee testifying to how you read a fictional book, or surfed the anti-social websites while being paid by the USAF (or whomever was behind the project). On the other hand, if your project required a clearance, then it was only good security that they would not let you touch anything until you had that clearance. All that money spent paying for your time while you waited... surely an excellent investment in the security of the effort.
These Websites are no different than the function served by the help wanted section of the newspaper up until just a few years ago. Companies have various legal and internal policy requirments to satisfy and the job websites satisfy these requirements just as listing in newpapers have in the past. In fact, it is considered high-tech that laws and corporate policy permits the use of the web for these purposes.
Unfortunately, the laws and corporate policies driving this segment of job listings has little to do with actual hiring. Instead, they are used to justify H1B hiring, selection of internal people for specific positions, elimination of positions, etc. In other words, there is good reason to treat most job listings on the web and in the help wanted section as suspect at best.
If you are serious about your job hunt, then you really do need to focus on the one proven technique that continues to work, even during the current depression in the software market. That technique, and this should be no surprise, is NETWORKING.
Use the websites as a contact point where you might make contact with someone with whom you can network. But, there are many other places that are effective for networking... and since many of them have a more personal element (voice on the phone, handshake in person), they tend to be more effective. This is not to say that you should not try the websites, only that they should be one part of a broader effort.
Has almost ANY NASA project survived intact 12 years?
The answer is that not even shuttle survived intact. Go back and look at the initial plans. It was for a flexible launch system that was fully reusable with a wide range of achievable orbits. What we got was a crippled alternative, with very high cost of turnaround, SRBs that must be almost completely rebuilt before reuse, and a maximum of Low Earth Orbit. Not much return on the dollar if you ask me.
I am also concerned that this announcement will drain all remaining funding from the current unmanned exploration programs. These are the programs that have been the greatest successes of NASA... and they are the ones learning to go with reusable designs, small and light, lots of flexibility. If we're being asked to drop those and pursue a single exploration strategy of manned missions, first to build a permanent presence on the moon and then a trip to Mars, it seems wrong. Let's not put all our eggs in this one basket.
I am no expert in this software patent field. But, looking at the claims and today's specifics, it sure seems to me to suggest the real intellectual property claim. It sure looks to me like SCO is claiming rights on the material specifics embodied in the files they've listed. So, its not the actual text, but the logical content of the files. Thus, errno.h is significant in the actual values, and the concepts behind how errors get returned to the caller (its not a return value, its in the errno global... ). ctype is significant for the character type operations, not for the very specific text comprising the file.
I am sure the anti-SCO folks, myself included, will be quick to point out that these things are NOT patentable. But, they are material enough that I CAN see how SCO might claim them for their own. I also don't see how one can write Linux, or any other *nix, without them being substantially interoperable, and there is likely the basis of the SCO claim.
While there are certainly plenty of issues surrounding use of RFID in personal items, I believe there are plenty of opportunities for their use in non-Personal items that carry none of these issues. For example, what if RFID were integrated into all of the multitude of assembly line and related devices found on a factory floor. They could then be used to quickly inventory the items currently in a specific area of that factory. Or, track the spare devices in a storage area, making it very easy to determine if there is a replacement for a failed part without having to search through multiple storage areas only to learn there is a discrepency between electronic records and what is physically present.
Or, how about using RFID to track all items entering and leaving a construction site? This would provide very accurate and timely tracking of items arriving from suppliers, or being returned to suppliers.
None of these examples has privacy issues, yet they offer new solutions to rather challenging issues. Chief among them is the ability to match up electronic records with physical reality without being nearly as vulnerable to human error.
The one aspect that lends credibility to the Microsoft explanation is this... My ISP is Comcast. And Comcast was publicly acknowledging that their network had been badly infected. Thus, if the hub that handles my cable link was infected... it has the feel of being slightly plausible.
On the other hand, I think I was so shocked at getting a phone call from Microsoft regarding this problem that I was not necessary at my most analytical during that conversation.
I speak as someone who, in spite of running an totally up to date Norton Antivirus, Norton Personal Firewall, AND a hardware Firewall, got infected. And, the infection occured while I was manually running Windows Update to bring my Windows 2000 system totally up to date with the latest patches.
The most remarkable aspect of the infection was that Microsoft called me to try to help me recover and clean my system. When I asked how, with all of these protective measures, I got infected, I was amazed by their explanation. They explained that the files on their server(s) are fine, but that the payload was infected IN TRANSIT while I ran Windows Update.
I am stunned that someone would be able to infect something such that the windows update traffic could be intercepted and replaced by an infected version of the payload, all without affecting the performance of the network transfer as viewed by me the user.
I am doubly stunned that Windows Update would not protect against modification of the payload in-transit, particularly since it appears to sidestep both Firewalls and Antivirus protections. In its current state, it would seem Windows Update is a wonderful backdoor just waiting to be exploited.
Now there's something I want running without my knowledge...!
Maybe I was unclear... I meant that a security related random number generator should not be built to the exclusion of a more traditional random number generator as to do so would render applications such as simulations invalid and useless.
The original motivation for random number generators was simulation. One of the early mainframes, and I am afraid I forget which one, included a true random number generator. It was an unexpected disaster, totally unusable for simulation and other then-state-of-the-art users of random numbers. They were "too random".
It turns out that for an experiment to be useful it need to be repeatable. Thus, it was critical that users be able to repeat the sequence of "random" numbers. Thus the reason why all random number mechanisms permit you to set the seed... otherwise they could just use a sufficiently random seed and life would be good.
Another aspect of random number is that they must not only be "random", but they need to have a well defined distribution over the range of possible values. You might assume it is desirable to have a linear distribution, which IS useful in some settings, but other distributions ("bell curve", and exponential come to mind) are also extremely useful.
IF one has a real need for truly random numbers, the source for those number does need to perform to a certain distribution over the range of possible values. And it can not be used to the exclusion of the existing techniques which have been extremely useful in their intended problem domains. This is really just another case of a good solution in one problem domain being used in another without its underlying foundation being examined for applicability to that new problem domain.
I am running a 4 port netgear hub as a firewall, AND had the Norton Personal Firewall running at the time I believe the system was infected. I also do periodic scans with Ad-aware and Spybot. None came up with anything.
I am one of those knowledgable software engineering types. For a variety of reasons, highest among that my wife needs the same set of applications on this machine as what she uses at work (not compatible or similar, but the same:-( ). Therefore, I run Windows 2000 Professional. I run Norton AntiVirus, maintain my subscription, and keep it and Windows as current as possible.
Having said all this, I am pretty convinced my machine has fallen victim to a virus/worm, and quite possibly this Blaster Worm.
The symptoms all presented themselves when I ran a windows update 1 1/2 weeks ago which resulted in my Internet connection degrading substantially. The only website with consistently good response after that was... MICROSOFT! All the others were not loading well after the patching.
I sure would love to totally ditch Windows on my home machines, but there are too many very compelling reasons to keep running it. Just the Microsoft line of "well, of course we charge $249 for a support issue for W2k Pro... its a BUSINESS operating system, you shouldn't be running it at home" is such utter nonsense. I want to run something stable with some amount of security and W2k Pro has done that for me (yeah, it has been secure in handling multiple users in my home).
For a variety of reasons, I am fixing the situation by installing a new hard drive and installing from a full format up. Rather painful, but I'm sure I'll be running a clean system. At least until I connect to the Internet to do the post-install windows update...
Wonder if windows update will complete loading and installing all 40+ changes before my system is attacked and re-infected.
SMTP should have been replaced long ago
on
Replacing SMTP?
·
· Score: 4, Interesting
I come to this discussion as an expert, albeit a bit dated, as I spent a number of years as the lone software developer supporting ALL email software at Apollo Computer (before it was bought by HP).
There once was a very interesting competing standard from OSI, the X.400 standard. Most people now think of X.400 as an interconnect standard for bridging the various email systems out there. Yet, it actually is a specification for a very robust email system in and of itself. It is based on a self-describing data representation... no, not XML since XML wasn't even a twinkle in someone's eye at that time, but ASN.1. That standard has been somewhat successful as used in X.500, which has become somewhat popular through its exposure via LDAP.
SMTP has never been a particularly strong standard. First, it is not the specification for a complete email system. It mearly describes a protocol for exchanging messages between two processes via the network. This is not sufficient to build an email system. Thus we also get POP and IMAP, and any number of supplimental bits that are not necessarily standards. Even sticking to exchanging email between two processes, SMTP has always been rather loosely specified. Sendmail has served as the reference implementation. Supporting sendmail was more a matter of figuring out what it was doing than reading the SMTP specification since sendmail used a far richer protocol for exchanging email than described in the specification. Thus, the question of what comprised a compliant implementation was more like (does it interoperate fully with sendmail) than going through a specification and checking off each element it described.
Apollo started a project to produce a native X.400 email system. It had a very rich set of features that go far beyond what we see today in Unix and Windows email systems. The project was put on hold when I was reassigned to a higher priority task, I was a member of a strategic technology team given the task of determining what "everyone" meant by the term "CASE Integration" with the goal of producing a corporate strategy and piloting and/or prototyping some initial products. Given the state of the CASE community, it sure seems like pursuing the email strategy would have had better long term success. Of course the CASE Integration project died a painful and horrible death when HP bought the company. Surely "SoftBench" did everything and more...
I have been following all of the discussions regarding SCO and their claims to Unix/Linux. One issue that I have not seen mentioned is that there were concerns in the second half of the 1980's that something like this was going to happen.
Back then, the focal point for everything was AT&T and their licensing of System V Release 4 (I believe that's the right release). All of the commercial Unix vendors were licensing rights to Unix from AT&T. Prior to System V Release 4 AT&T was charging a very minor fee and licensing under a minimally restrictive set of terms and conditions. With the release of System V Release 4, AT&T tightened up the terms and conditions. My memory is that they did not significantly increase pricing. But, the industry reacted with a great deal of concern that AT&T was laying the foundation for significant increases in licensing pricing. These companies viewed this as a major threat to their existance. If they signed on for the System V Release 4 license, went their line of reasoning, they were giving up control of their Unix OS product pricing, and at any point, AT&T could jack up prices and put them out of business.
Thus motivated, Apollo Computer (remember them?) put together a consortium that included HP, IBM, Digital, and forgive me for forgetting the other players. Their initial charter was to produce a Unix OS reference code base that was licensed under terms and conditions that ensured all parties had control of their own destinies. To the best of my knowledge, the only vendor to ever actually ship that OS was Digital, initially shipping it under the OSF name of OSF1, and then renaming it Tru64.
One company visibly went a different path. Sun very early in the process partnered with AT&T. They, in fact, had a lot of involvement in the development of System V Release 4.
So, why is this history important?
First, Sun and their Solaris product line is exempt from the SCO excitment because of their special licensing terms and conditions that originated in their partnering with AT&T in their work on System V Release 4.
Second, as I see it, the actions being taken by SCO are precisely those that motivated the formation of the OSF.
Does anyone know if Digital and Tru64 are also exempt from SCO's actions? If so, then it would give HP an unexpected (they couldn't be THAT visionary, could they?) benefit from their purchase of Digital.
Never the high performance leader
on
Sun's Last Stand
·
· Score: 2, Interesting
I find this discussion and article interesting as Sun has never been the high performance leader, even in their own machine class. When it comes to RISC, Sun's SPARC line and decendents has always been slower than the competition. DEC's alpha, IBM's PowerPC, HP's PA-RISC all were always ahead.
What Sun provided was a platform on which more software was available sooner than any other platform. Then, it became more software than any other platform except Microsoft. I am sure this is the origin of the pre-occupation with Microsoft. Yet, while Sun was regularly able to pummel its better performing competitors with its wider and earlier software availability, it just can not rival Microsoft in the breadth and timing of software available. Note that I am not refering just to the software produced by the system manufacturers. In fact, if that were the sole measure, then HP and IBM would have given Sun a much greater challenge. Sun's key to success was getting ISVs to use their platform as their native development platform, ensuring it was the first platform everyone released on. All the others were ports, and thus were released months later. This was a huge edge for Sun that was terribly difficult for competitors to remedy. Simply building faster, "better" hardware would not lure ISVs to shift their development platform to another hardware vendor's product.
But, Micrsoft is far ahead of Sun in exactly those things that allowed Sun to beat its competition. I don't see Sun ever being able to succeed using that strategy, and they sure don't seem to be interested in any other. Though, with the other RISC platforms dropping like flies, being replaced by Itanium with all of its performance and acceptance problems, and sudden Sun's hardware looks like it may become king of that hill. Of course, no one is paying for that class of hardware any longer... if they do, they now go buy IBM's tREX and run piles of virtual Linux machines on it.
>> And how does one describe software well enough >> that a machine can have the same level of >> understanding that people do?
This is of course a significant piece of what makes this so hard. And why reuse efforts have avoided it. I think there needs to be some serious research (University, NSF, etc) done into this area. I do have a few ideas, but there is no proof or foundation behind them and thus I'll keep them to myself right now.
>> BTW would you say that interpreted languages lend >> themsleves more to code reuse than compiled?
No difference between interpreted vs. compiled languages. More an issue is the level of abstraction... the higher level the "language" the more successful reuse appears to have been. Though, I suspect it has more to do with the limited number of parts and the ability to reuse them more frequently.
Slashdot Mirror
My comment was more one of the hypocracy in the US Security discussion. That, certainly, the information is fully available in public. Yet, it is STILL likely considered a security risk. A prime example of this is encryption... the algorithms are well-known, yet it is still illegal to export certain cryptographic software. How much sense does THAT make when there is already available software outside of the US, yet US producers may not export some software?
There has been a very long tradition of making source code developed by Government projects available to the general computing public. This is the true "public domain" software that has existed since the beginning of computing. I believe many bits of code from NASA made it into the public domain over the years.
I would bet that the information you desire is now considered to be highly classified and thus not available. You could produce trajectory information for ballistic missiles and who knows how it might be mis-construed as useful to those "terrorists" of whom the US is so fearful these days.
Besides... you might find a units of measure error or two if you got to see this code.
I started working on a hardcore C# project around the end of last fall. Effective C# has been my guide and while there are a few recommendations that I'm still experimenting with, I must say I have been very pleased with the results of following its recommendations. While I do concur that the number of typos was surprising, most are simply a missing space between two words and thus little is lost other than the finish of the book. In general, the entire "Effective" series of books has been equally useful, though this one misses the fine sense of humor Scott Meyers has contributed to his own books.
This is surely one of those slippery slopes that we do not want to go down. I am a father and certainly can understand the horror of what happened in the case that motivated this law. But, this country used to have a principal whereby if you were convicted of a crime, you served your time and then were allowed re-enter society to become a productive member of society. Recently, there has been a competition to see who can impose the harsher punishments, and who can be the least forgiving. All in the name of preventing abuse and molestation of children. But, why should we stop with those individuals who have been convicted. Let's monitor anyone who has been arrested in association with an investigation of alleged molestation or child abuse. Even better, lets just monitor EVERYONE. We have the technology. And, surely the only people who wouldn't want their location known are those with something to hide. We could even solve most problems with this single solution... if we know where everyone is, and when they are there, we will far more quickly solve all crimes, and prevent terrorism. Sounds like the perfect solution, doesn't it?
I'll also suggest that for government leaders who profess to be strict adherents of the Christian faith, this is surely a most un-Christian solution.
The problem is that lots of software REQUIRES Administrator simply to function properly. You can argue that one should simply ditch that software, but unfortunately its not always that easy.
.NET 2003. Debugging managed code in a Web Application/Web Service, or a Windows Service pretty much requires Administrator access.
Case in point: Visual Studio
You ask: if you get 100 applicants for 10 positions, then why not use tests...?
The answer is simply that you are making assumptions about what the test is measuring. Maybe the test is filtering out the best people for the job, not the worst? There is only one way to know, and that is to validate the metric, test, against the goal, selecting the best candidates from a larger group.
To the best of my knowledge, no one has done this groundwork. Therefore, you can not know what applying the metric will actually accomplish. You have a hypothesis that it selects the best candidates from a larger group. But, as any researcher in the social sciences will tell you, doing the study to validate this hypothesis, and thus the metric, frequently yields surprising results.
While it is easy to argue that people are very subjective, and that they apply criteria other than those desired, in reality these are frequently exactly the insights necessary to identify that superior individual from the crowd. There are things one can do to protect against overly subjective evaluation by people during interviews. There is a long history of experience in this area, and for the most part it is successful.
Testing has a far shorter track record than the personal interview, and thus requires MORE care and checks rather than fewer checks. Since each test is a new metric, testing actually also requires more work to establish its validity than personal interviewing. The saddest bit is that most people not only do not perform the necessary work to validate a test's validity, they rarely even understand it's need.
Our society has gotten far to hung up on testing as a silver bullet. Tests are just attempts to measure something, exactly as a ruler measures length or a scale measures weight. But tests such as the one in the article are, due to their nature, far less accurate or precise.
I see the introduction of yet another test as a poor substitute for one on one personal interviewing of the test subject. They are looking for a quick fix, one that is not people intensive when the fact is, people are best able to evaluate these complex abilities and skills, so long as they take sufficient time in doing so.
This is just like "No Child Left Behind". Instead of investing in the people, in that case teachers to work with students, a battery of standardized tests are introduced as a substitute. Yet, there is no validation of the testing against its objective, while we entrust our decisions to those very tests.
That is the biggest issue here as well. We are attempting to replace human judgement with supposedly objective testing, when it is precisely the complexity of that human judgement that is called for.
Rather than going nuclear, maybe there is an ingenious way to clear the dust off their solar panels, thus extending their useful lifespan indefinitely. I can't imagine there isn't a solution to that problem... maybe something as "simple" as the ability to rotate the panels into a 90-degree position and then shake. Sure seems much simpler than engineering a nuclear based solution.
I can't help but think... what happens when this stuff gets out in the wild?
I hate to say this, but they were probably billing the government project you were "working" on for your time while you waited for your clearance. Thus, of COURSE, they cared what you were doing. They surely did not want to find you sitting in front of a congressional committee testifying to how you read a fictional book, or surfed the anti-social websites while being paid by the USAF (or whomever was behind the project). On the other hand, if your project required a clearance, then it was only good security that they would not let you touch anything until you had that clearance. All that money spent paying for your time while you waited... surely an excellent investment in the security of the effort.
These Websites are no different than the function served by the help wanted section of the newspaper up until just a few years ago. Companies have various legal and internal policy requirments to satisfy and the job websites satisfy these requirements just as listing in newpapers have in the past. In fact, it is considered high-tech that laws and corporate policy permits the use of the web for these purposes.
Unfortunately, the laws and corporate policies driving this segment of job listings has little to do with actual hiring. Instead, they are used to justify H1B hiring, selection of internal people for specific positions, elimination of positions, etc. In other words, there is good reason to treat most job listings on the web and in the help wanted section as suspect at best.
If you are serious about your job hunt, then you really do need to focus on the one proven technique that continues to work, even during the current depression in the software market. That technique, and this should be no surprise, is NETWORKING.
Use the websites as a contact point where you might make contact with someone with whom you can network. But, there are many other places that are effective for networking... and since many of them have a more personal element (voice on the phone, handshake in person), they tend to be more effective. This is not to say that you should not try the websites, only that they should be one part of a broader effort.
You asked:
Has almost ANY NASA project survived intact 12 years?
The answer is that not even shuttle survived intact. Go back and look at the initial plans. It was for a flexible launch system that was fully reusable with a wide range of achievable orbits. What we got was a crippled alternative, with very high cost of turnaround, SRBs that must be almost completely rebuilt before reuse, and a maximum of Low Earth Orbit. Not much return on the dollar if you ask me.
I am also concerned that this announcement will drain all remaining funding from the current unmanned exploration programs. These are the programs that have been the greatest successes of NASA... and they are the ones learning to go with reusable designs, small and light, lots of flexibility. If we're being asked to drop those and pursue a single exploration strategy of manned missions, first to build a permanent presence on the moon and then a trip to Mars, it seems wrong. Let's not put all our eggs in this one basket.
I am no expert in this software patent field. But, looking at the claims and today's specifics, it sure seems to me to suggest the real intellectual property claim. It sure looks to me like SCO is claiming rights on the material specifics embodied in the files they've listed. So, its not the actual text, but the logical content of the files. Thus, errno.h is significant in the actual values, and the concepts behind how errors get returned to the caller (its not a return value, its in the errno global... ). ctype is significant for the character type operations, not for the very specific text comprising the file.
I am sure the anti-SCO folks, myself included, will be quick to point out that these things are NOT patentable. But, they are material enough that I CAN see how SCO might claim them for their own. I also don't see how one can write Linux, or any other *nix, without them being substantially interoperable, and there is likely the basis of the SCO claim.
While there are certainly plenty of issues surrounding use of RFID in personal items, I believe there are plenty of opportunities for their use in non-Personal items that carry none of these issues. For example, what if RFID were integrated into all of the multitude of assembly line and related devices found on a factory floor. They could then be used to quickly inventory the items currently in a specific area of that factory. Or, track the spare devices in a storage area, making it very easy to determine if there is a replacement for a failed part without having to search through multiple storage areas only to learn there is a discrepency between electronic records and what is physically present.
Or, how about using RFID to track all items entering and leaving a construction site? This would provide very accurate and timely tracking of items arriving from suppliers, or being returned to suppliers.
None of these examples has privacy issues, yet they offer new solutions to rather challenging issues. Chief among them is the ability to match up electronic records with physical reality without being nearly as vulnerable to human error.
The one aspect that lends credibility to the Microsoft explanation is this... My ISP is Comcast. And Comcast was publicly acknowledging that their network had been badly infected. Thus, if the hub that handles my cable link was infected... it has the feel of being slightly plausible.
On the other hand, I think I was so shocked at getting a phone call from Microsoft regarding this problem that I was not necessary at my most analytical during that conversation.
I speak as someone who, in spite of running an totally up to date Norton Antivirus, Norton Personal Firewall, AND a hardware Firewall, got infected. And, the infection occured while I was manually running Windows Update to bring my Windows 2000 system totally up to date with the latest patches.
The most remarkable aspect of the infection was that Microsoft called me to try to help me recover and clean my system. When I asked how, with all of these protective measures, I got infected, I was amazed by their explanation. They explained that the files on their server(s) are fine, but that the payload was infected IN TRANSIT while I ran Windows Update.
I am stunned that someone would be able to infect something such that the windows update traffic could be intercepted and replaced by an infected version of the payload, all without affecting the performance of the network transfer as viewed by me the user.
I am doubly stunned that Windows Update would not protect against modification of the payload in-transit, particularly since it appears to sidestep both Firewalls and Antivirus protections. In its current state, it would seem Windows Update is a wonderful backdoor just waiting to be exploited.
Now there's something I want running without my knowledge...!
Correct, BUT random numbers are used in both problem domains. We just need to be very careful to treat them independently.
Maybe I was unclear... I meant that a security related random number generator should not be built to the exclusion of a more traditional random number generator as to do so would render applications such as simulations invalid and useless.
The original motivation for random number generators was simulation. One of the early mainframes, and I am afraid I forget which one, included a true random number generator. It was an unexpected disaster, totally unusable for simulation and other then-state-of-the-art users of random numbers. They were "too random".
It turns out that for an experiment to be useful it need to be repeatable. Thus, it was critical that users be able to repeat the sequence of "random" numbers. Thus the reason why all random number mechanisms permit you to set the seed... otherwise they could just use a sufficiently random seed and life would be good.
Another aspect of random number is that they must not only be "random", but they need to have a well defined distribution over the range of possible values. You might assume it is desirable to have a linear distribution, which IS useful in some settings, but other distributions ("bell curve", and exponential come to mind) are also extremely useful.
IF one has a real need for truly random numbers, the source for those number does need to perform to a certain distribution over the range of possible values. And it can not be used to the exclusion of the existing techniques which have been extremely useful in their intended problem domains. This is really just another case of a good solution in one problem domain being used in another without its underlying foundation being examined for applicability to that new problem domain.
I am running a 4 port netgear hub as a firewall, AND had the Norton Personal Firewall running at the time I believe the system was infected. I also do periodic scans with Ad-aware and Spybot. None came up with anything.
Is ZoneAlarm's firewall that much different?
I am one of those knowledgable software engineering types. For a variety of reasons, highest among that my wife needs the same set of applications on this machine as what she uses at work (not compatible or similar, but the same :-( ). Therefore, I run Windows 2000 Professional. I run Norton AntiVirus, maintain my subscription, and keep it and Windows as current as possible.
Having said all this, I am pretty convinced my machine has fallen victim to a virus/worm, and quite possibly this Blaster Worm.
The symptoms all presented themselves when I ran a windows update 1 1/2 weeks ago which resulted in my Internet connection degrading substantially. The only website with consistently good response after that was... MICROSOFT! All the others were not loading well after the patching.
I sure would love to totally ditch Windows on my home machines, but there are too many very compelling reasons to keep running it. Just the Microsoft line of "well, of course we charge $249 for a support issue for W2k Pro... its a BUSINESS operating system, you shouldn't be running it at home" is such utter nonsense. I want to run something stable with some amount of security and W2k Pro has done that for me (yeah, it has been secure in handling multiple users in my home).
For a variety of reasons, I am fixing the situation by installing a new hard drive and installing from a full format up. Rather painful, but I'm sure I'll be running a clean system. At least until I connect to the Internet to do the post-install windows update...
Wonder if windows update will complete loading and installing all 40+ changes before my system is attacked and re-infected.
I come to this discussion as an expert, albeit a bit dated, as I spent a number of years as the lone software developer supporting ALL email software at Apollo Computer (before it was bought by HP).
There once was a very interesting competing standard from OSI, the X.400 standard. Most people now think of X.400 as an interconnect standard for bridging the various email systems out there. Yet, it actually is a specification for a very robust email system in and of itself. It is based on a self-describing data representation... no, not XML since XML wasn't even a twinkle in someone's eye at that time, but ASN.1. That standard has been somewhat successful as used in X.500, which has become somewhat popular through its exposure via LDAP.
SMTP has never been a particularly strong standard. First, it is not the specification for a complete email system. It mearly describes a protocol for exchanging messages between two processes via the network. This is not sufficient to build an email system. Thus we also get POP and IMAP, and any number of supplimental bits that are not necessarily standards. Even sticking to exchanging email between two processes, SMTP has always been rather loosely specified. Sendmail has served as the reference implementation. Supporting sendmail was more a matter of figuring out what it was doing than reading the SMTP specification since sendmail used a far richer protocol for exchanging email than described in the specification. Thus, the question of what comprised a compliant implementation was more like (does it interoperate fully with sendmail) than going through a specification and checking off each element it described.
Apollo started a project to produce a native X.400 email system. It had a very rich set of features that go far beyond what we see today in Unix and Windows email systems. The project was put on hold when I was reassigned to a higher priority task, I was a member of a strategic technology team given the task of determining what "everyone" meant by the term "CASE Integration" with the goal of producing a corporate strategy and piloting and/or prototyping some initial products. Given the state of the CASE community, it sure seems like pursuing the email strategy would have had better long term success. Of course the CASE Integration project died a painful and horrible death when HP bought the company. Surely "SoftBench" did everything and more...
I have been following all of the discussions regarding SCO and their claims to Unix/Linux. One issue that I have not seen mentioned is that there were concerns in the second half of the 1980's that something like this was going to happen.
Back then, the focal point for everything was AT&T and their licensing of System V Release 4 (I believe that's the right release). All of the commercial Unix vendors were licensing rights to Unix from AT&T. Prior to System V Release 4 AT&T was charging a very minor fee and licensing under a minimally restrictive set of terms and conditions. With the release of System V Release 4, AT&T tightened up the terms and conditions. My memory is that they did not significantly increase pricing. But, the industry reacted with a great deal of concern that AT&T was laying the foundation for significant increases in licensing pricing. These companies viewed this as a major threat to their existance. If they signed on for the System V Release 4 license, went their line of reasoning, they were giving up control of their Unix OS product pricing, and at any point, AT&T could jack up prices and put them out of business.
Thus motivated, Apollo Computer (remember them?) put together a consortium that included HP, IBM, Digital, and forgive me for forgetting the other players. Their initial charter was to produce a Unix OS reference code base that was licensed under terms and conditions that ensured all parties had control of their own destinies. To the best of my knowledge, the only vendor to ever actually ship that OS was Digital, initially shipping it under the OSF name of OSF1, and then renaming it Tru64.
One company visibly went a different path. Sun very early in the process partnered with AT&T. They, in fact, had a lot of involvement in the development of System V Release 4.
So, why is this history important?
First, Sun and their Solaris product line is exempt from the SCO excitment because of their special licensing terms and conditions that originated in their partnering with AT&T in their work on System V Release 4.
Second, as I see it, the actions being taken by SCO are precisely those that motivated the formation of the OSF.
Does anyone know if Digital and Tru64 are also exempt from SCO's actions? If so, then it would give HP an unexpected (they couldn't be THAT visionary, could they?) benefit from their purchase of Digital.
I find this discussion and article interesting as Sun has never been the high performance leader, even in their own machine class. When it comes to RISC, Sun's SPARC line and decendents has always been slower than the competition. DEC's alpha, IBM's PowerPC, HP's PA-RISC all were always ahead.
What Sun provided was a platform on which more software was available sooner than any other platform. Then, it became more software than any other platform except Microsoft. I am sure this is the origin of the pre-occupation with Microsoft. Yet, while Sun was regularly able to pummel its better performing competitors with its wider and earlier software availability, it just can not rival Microsoft in the breadth and timing of software available. Note that I am not refering just to the software produced by the system manufacturers. In fact, if that were the sole measure, then HP and IBM would have given Sun a much greater challenge. Sun's key to success was getting ISVs to use their platform as their native development platform, ensuring it was the first platform everyone released on. All the others were ports, and thus were released months later. This was a huge edge for Sun that was terribly difficult for competitors to remedy. Simply building faster, "better" hardware would not lure ISVs to shift their development platform to another hardware vendor's product.
But, Micrsoft is far ahead of Sun in exactly those things that allowed Sun to beat its competition. I don't see Sun ever being able to succeed using that strategy, and they sure don't seem to be interested in any other. Though, with the other RISC platforms dropping like flies, being replaced by Itanium with all of its performance and acceptance problems, and sudden Sun's hardware looks like it may become king of that hill. Of course, no one is paying for that class of hardware any longer... if they do, they now go buy IBM's tREX and run piles of virtual Linux machines on it.
>> And how does one describe software well enough
>> that a machine can have the same level of
>> understanding that people do?
This is of course a significant piece of what makes this so hard. And why reuse efforts have avoided it. I think there needs to be some serious research (University, NSF, etc) done into this area. I do have a few ideas, but there is no proof or foundation behind them and thus I'll keep them to myself right now.
>> BTW would you say that interpreted languages lend
>> themsleves more to code reuse than compiled?
No difference between interpreted vs. compiled languages. More an issue is the level of abstraction... the higher level the "language" the more successful reuse appears to have been. Though, I suspect it has more to do with the limited number of parts and the ability to reuse them more frequently.