Another thing is that the value proposition, in time and money, isn't as good cooking for one person as it is cooking for a family. If I get a hankering for a sandwich, I need to buy a LOAF of bread, a HEAD of lettuce, a package of cheese, etc. The bottle of mayo will go bad before I use 1/4 of it. Then take the time cutting the vegetables and such. All for one sandwich. Subway starts to look like a reasonable option.
If a family of four wants sandwiches, it's still a loaf of bread, a head of lettuce, etc to feed all four people. That's a better value proposition.
I probably could plan out different meals a week ahead to use up that whole red onion, which I got to put 1/16th of it on my sandwich. It's a bit of a hassle, though.
I'm glad to see that restaurants, even fast food places, are slowly starting to offer healthier options.
Thanks for replying. I'll explain my use of the word "political" shortly.
I'm still very curious to hear what you meant when you said "you're using the word 'political' to advance your own views". What views do you think I was advancing?
On that basis, you then said "Frankly, your overmoderated post is all too typical of what passes for acceptable". Clearly you're bothered by how I "advance my views", so I'd like to know what you think those are.
You *could* look up the actual facts I'm under two minutes instead of imagining things and then believing that it must be true because you imagined it.
The article you linked says the journalist disagrees with Ryan on economic policy. Okay, cool. As I mentioned, I also disagree with him on policy often enough.
The journalist does not claim, and could not make a case, that Ryan isn't one of the smartest and best informed politicians we've had in decades.
Again, I can disagree with Stephen Hawking's theory. I can't reasonably say Hawking has no idea what he's talking about. That would be silly. Most Congresscriyters have no idea what they're talking about. They don't even read the bills, much less understand them.
> I'm under the impression that there were a lot more breaking changes from 3.0 through 3.3 than from 3.3 through 3.6
That's may well be right. I only know that most of the time, a Python script (any Python script) won't run on a system that has Python installed. Because of that and several other reasons, I tend to avoid Python. For simpler scripts it's quicker to write something similar in another language than to try to get the Python script working.
Once in a while breaking changes are needed. Most projects make breaking changes at a major release, such as Apache 1.x vs 2.x, rather than breaking different things with every minor release. It's also common to have a feature used in 1.x, marked it deprecated in 2.x, then remove it in 3.x.
I'm not sure what point you're making. I'm sure you have a good point, I'm just missing it.
I notice that I can download "Firefox for Windows" and "Firefox for Mac". "Firefox for Windows" contains no Windows code. Windows Subsystem for Linux seems similar to me - it's FOR Linux (programs), not IS Linux.
Secret brand deodorant for women doesn't contain any women. And?
Thanks for that. I've booked that for next time. Finally, over the weekend I got my WMI issue almost solved I think. Apparently it has to do with ntlm versions and such. Windows 10 made a change in that regard.
That's funny. I'm not sure sure if you're being serious or sarcastic, but that's about right. Can't even say you have a Python 3 script. Wrote some code for Python 3.2? Next month you get to rewrite it for Python 3.3. No other language does that.
If you're lucky, it just stops working entirely. If you're unlucky, it continues to run, but does something completely different under 3.3.
That law is good and all, but not enough until it's amended to remove a few words. Right now we have:
Cops can be punished if they violate your Constitutional rights and the prosecution proves proves that they did it because you're black or Mexican.*
How about we take out the part and just have:
Cops can be punished if they violate your Constitutional rights.
* I'm not actually kidding about the "black or Mexican part. Shockingly, the federal code also includes the words "discrimination against Caucasian persons is not discrimination". I'd have to double check the surrounding wording to see if that could be applied in the context you quoted.
> . One of great thing about python is you can built portable environment around it, with particular python version, libs, etc.
One of the horrible things about Python is that to run a simple script you have ship an entire separate environment for each script, with particular python version, libs, etc.
Perl, PHP, and other similar languages don't have this requirement. Perl scripts I wrote 15 years ago still run fine in an up-to-date environment, because they don't break the language with every update. They add new features and facilities, rather than removing commonly-used things, or worse, changing things around with no real benefit - just because the Python maintainers decided that they prefer left instead of right. Either way works, but switching things around without a clear need to do so is silly.
After writing that, it occurred to me that the one time I had to make a "similar" announcement, I did so on the same day it was discovered. That was a much, much smaller company than Chili's, though, with much simpler systems.
In our our case, investigation lead to the conclusion that there probably was no leak of data, but because we saw something that raises eyebrows we notified customers. We suggested that they keep an eye on their credit card statements over the next days and weeks and let us know if they saw any questionable charges.
Which reminds me, there is something in the Chili's same-day announcement which could have been done better. The apparent leak was credit card numbers, not social security numbers. Yet Chili's suggested customers monitor their credit reports and file a fraud flag with the credit reporting agencies. That's the wrong course of action. Those things might make sense if your SSN was leaked. For a leaked CC number, the right thing to do is watch that credit card account. Bad guys use your CC number to make fraudulent charges in the CC, not to open new accounts.
I don't like it when companies spend months before making an announcement, but making a public announcement the SAME DAY it's first discovered is surprising. It takes time to investigate and see if it's only an attacker in a certain city hitting nearby restaurants (such as over their wifi on no-table kiosks) or if it's very widespread. Chili's is a franchise, so there are many different companies running Chili's branded restaurants and they probably have separate payment systems.
It also takes time for the technical people, executives, lawyer, and PR people to talk and make sure the public statement says the right things - that it's accurate and doesn't unnecessarily implicate Chili's in something that may be just one franchisee, for example. Getting the statement out the same day it was discovered is surprising.
I'm glad to see they've already brought in third-party experts. In-house people may want to cover their own ass, or cover their friend's ass, or likely simply don't specialize in computer forensics and investigations, so calling in third-party experts is a really good idea.
Calling someone stupid is always rude, but calling them stupid while you spout "facts" that well-known to be completely false makes you look really silly.
For a few weeks, Microsoft TALKED ABOUT maybe releasing an "E" version of Windows 7 for Europe, which would have the IE icon removed from the desktop and such. It would still be installed, because it's required by a lot of other system components, but the shortcut to launch a pure IE window wouldn't be there by default. A few weeks later they announced they wouldn't be doing that, Europe would get Windows with IE pre-installed.
I completely agree Microsoft has changed a lot in the last ten years or so. As their Windows revenue has been falling every year for a long time, they've shifted their focus to profitable products instead.
You criticized me for pointing out that for Stillman, free software is a political issue, then you linked to one of his articles in which he says it's a "political camp" and that to "the Free Software movement, non-free software is a social problem".
So you're upset that I said he thinks that, then you link to him saying that? I'm confused.
> to advance your own views
What views do you think those are? My views I'm trying to advance, you say, what views do you think I'm trying to advance?
Would I be advancing a certain view if I said Linus thinks proprietary, closed development is a "suboptimal" way of developing software? Which view would that advance? Would stating Linus' view in those terms be advocating for or against what Stallman says?
> And it's not perfect but since you can review the code you can figure out exactly where and how it doesn't do what it's supposed to do.
That's super important to me. I virtually ALWAYS find and fix any issue at all on an open source system by using one consistent method - trace the program, let look at the source to see exactly what's going on. If the issue is that I have to pass a different argument to the program, I can see that clearly. It'll say right in the source:
if (option.be_sane) {
do_what_ray_wants(); }
If there is a bug in the program, I can see it and fix it. Whatever the problem, the solution is always the same - go look at the portion of the code that handles that and see exactly what's going on.
For the last couple of weeks a co-worker and I have been trying to enable WMI on a Windows 10 box. According to all the documentation we can find, that should be a simple 3-minute process. Yet it doesn't work. No matter what we try, Windows just returns an undocumented and apparently irrelevant error code. The Windows logs show nothing. All we can do at this point is make random guesses and try different things which are not documented to be needed. There is no process which will solve problems on Windows, or any proprietary software, because we can't look at the source and see what's going on. We can only guess at random and hope we eventually hit the Windows jackpot and happen across the lucky set of registry settings and reboots that makes it work, for no apparent reason.
Python also breaks if you hit the tab key - on any OS.:) Python also breaks if you update from last week's version this week's - you have to rewrite all your a scripts every time you update Python.
This reminds me of Friday during scrum one of my co-workers was proposing to do a certain thing on AWS Cloud watch and others weren't so sure it was a good idea. "It's like writing a Python script", he said. That scored him -8 points with the people he was trying to convince. I suggested that perhaps next time he was trying to say something is a good idea, don't use the phrase "it's just like Python". Lol
Yes, applications written for LINUX, such as OpenVPN, will run on Android. Bash, Imagemagick, Perl, Python, ffmpeg, sed, awk, Emacs, vim, nano... all this stuff runs fine on Android. Postgresql is a bit tricky to install.
Applications written for X11 will run on systems with X11- which doesn't include most of the hundreds of Linux systems I've owned or administered, mostly servers, along with some VPN endpoints and other types of systems. Applications written for KDE will run on KDE systems, Gnome applications on systems with Gnome, etc.
I'm tired of the "Gnu/Linux" discussion too. Anyone who cares to can call it "Apache/Mozilla/Gnu/X/Gnome/Linux" if that's their preference, I call it Linux.
The submitter brought up an interesting tangent, though:
> although operating systems are pretty much apolitical by nature as far as I can tell.
For Richard Stallman and the FSF leaders, free software is very much political. In case anyone was unsure, he said it is just two weeks ago. For Stallman, it's about changing (part of) society, advancing a popularist ideology which has some things in common with Marxism. To Stallman,. proprietary software is EVIL, an evil which must be defeated.
For Linus Torvalds and the "open source" folks generally, it's not really political, it's simply a way of producing quality software, a good way to produce software which has several advantages. To Linus, proprietary software isn't the best match to his needs - except when it is. The kernel source control was a proprietary system he bought called Bitkeeper. He could have used open source version control, but at the time he thought Bitkeeper, the proprietary system, fit his needs better. So he used it. Later, Linus wrote git to exactly fit his needs.
What are people's thoughts on this? Free Software as a political movement, or Open Source as a better way to get software done?
Many security vulnerabilities can be exploited through multiple attack vectors. I'm more interested in where the actual flaw(s) are than which attack vectors are most convenient or popular at the moment.
If Firefox has an issue that allows JavaScript to be loaded from URLs it shouldn't load from, bad on Firefox. If Windows (or Linux) had a big in the kernel that allowed JavaScript, in any browser, to bypass the separation between processes and read memory assigned to another process, bad on Microsoft. It is the kernel's job to enforce that protection. The flaw could be exploited in any number of ways, by any program, including via JavaScript.
It is the sworn testimony of Microsoft's top executives Microsoft intertwined their browser so deep into the OS internals that it's impossible for Microsoft to make a version of Windows that can even boot without running browser code. Linux isn't designed that way. The browser isn't intertwined with the kernel or key parts of the OS. The browser (actually browsers) are completely separate applications like any other application, and the Linux OS is in no way dependant on the browser.
It is fair, I think, to take Microsoft at their word, especially given the supporting evidence. When they testify under oath that their engineers are unable to remove legacy Internet Explorer code from Windows because it's so intertwined with the OS, and we see that in fact browser-based exploits do in fact infect the Windows OS at a deep level, we can only conclude that their testimony is true and they really did embed IE code deep in the OS.
Unless we get some strong evidence that Microsoft was committing perjury, it does make sense to acknowledge that their browser is an intrinsic part of their OS. It also makes sense to acknowledge the fact that Linux is not designed that way.
I just noticed a typo in what I wrote. My bachelors was INexpensive, not expensive. It should read: -- My bachelors was also an inexpensive online program offered by a respectable university. The degree program increased my income enough to pay for the school even BEFORE I graduated. --
> The 4th Amendment does not provide any exceptions to its rules. Search and Seizure requires a warrant. It does not say except on the border *or except when there is suspicion.*
Here's the exact wording of the fourth amendment, with my comments on each of its two parts: -- The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated --
The fourth says we have a right to be secure against UNREASONABLE searches. There is a legal principle that if the sign says "No parking on Sundays", that implies that parking is allowed at other times. Otherwise the sign would just say "No parking". When the Constitution says no "unreasonable searches", that means that *reasonable* searches are allowed. Courts have ruled that in order for a search to be reasonable, it must be based on reasonable suspicion.
Whenever I point out what the law says, somebody gets mad at me and starts arguing "so you think...". I actually didn't write the Constitution, I only read it. Secure "against unreasonable searches" isn't what I think the Constitution SHOULD say, it's what the Constitution DOES say.
If I was writing it today, I might say something more specific than "unreasonable". As it is, it's up to the courts to decide if a search is "reasonable" based on principles laid out by the Supreme Court. Courts have two ways to look the reasonableness of a search. They can determine if a search WAS reasonable based on the circumstances, or if time allows they can rule on whether a particular search of a particular place WILL BE reasonable in the future. The fourth amendment addresses one of those two specifically.
Continuing now with the rest of the fourth amendment: -- and --
Just one little word, but it's worth pointing out that the framers wrote AND, not "or", not a comma, not "therefore". The use of "and" means the above is true, and separately the next part is also true.
Continuing: -- no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized --
If a court is going to issue a ruling that a future search will be reasonable (a warrant), those requirements must be met. This also gives a hint on how to define "reasonable" when looking at searches that already occurred - they need to have probable cause.
If a person is arrested and put I'm jail, it's reasonable to avoid allowing contraband into the jail by search them during booking. No need for them to spend a day in quarantine waiting for a search warrant that will definitely be issued. Where there is probable cause to believe a person has evidence of a crime AND that evidence will disappear if you let them go and come back tomorrow with a warrant, a search with probable cause may be reasonable. A court can decide whether it was reasonable.
The fourth doesn't say that all searches must be pre-approval, with a warrant. It says they must be reasonable. A warrant is one way of handling the determination of reasonableness.
Here's something that's just my opinion. It's not in the Constitution. I'd like to see better consequences for officers who violate this and other Constitutional rights in a clear way. If an officer knew, or should have known, that their actions violate Constitutional rights, penalties should be imposed on the officer. It should happen regularly enough that officers expect they'll likely get busted if they do that sort of thing, especially if they do it often they'll get busted before long. I also think that courts should continue to be free to disagree with an officer's determination of reasonableness and disallow the evidence, without penalizing the officer if they reasonably thought their actions were okay under the circumstances. Only idiots would become cops if cops go to jail the first time a court disagrees with them on a judgement call. YouTube has plenty of examples of cops who knew they didn't have probable cause, though, or should have known.
> Have a job paying 60k, save 30k, and for each day you work you earn one day of retirement.
That's true! It's something I'm working on.
> rather than spending $$$ going back to school in the hopes of a higher paying job.
After the tax credit, my masters from Georgia Tech will only cost me about $4,500. Maybe less if I can get my employer to pitch in or something. Conservatively, my masters should bump my income by *at least* $5K / year, so it'll pay for itself the first year. After that, it's an extra $5K-$15K each year of additional means to live beneath.
My bachelors was also an expensive online program offered by a respectable university. The degree program increased my income enough to pay for the school even BEFORE I graduated. The final exams for some of the classes were industry certifications like Cisco CCNA and Security+. Having those certifications caught the attention of recruiters so my income went up while I was still in school.
There has in fact been change at the top. It was a tiny company. About a year before I joined they had one "programmer" who wrote all the code. He wasn't trained as a programmer. A family started the business together. The brother who was "good at computers" did all the code. Since then, it's been bought by a larger company with more mature processes, but headquarters still mostly leaves us alone and let's us do things our own way.
In the last two years I've implemented code review, introduced test scripts, and pushed getting the version control (Git) in shape.
My entire career has been with very small companies or groups, so although I've *read* a lot about best practices, I haven't had much opportunity to see what's really done by most companies and truly provides the best bang-for-buck in software quality. You said " This stands out in this day and age.... I haven't heard of a shop in the last decade that doesn't implement peer review." What other practices have you seen used a lot, practical processes which really provide clear value?
Slashdot Mirror
Another thing is that the value proposition, in time and money, isn't as good cooking for one person as it is cooking for a family. If I get a hankering for a sandwich, I need to buy a LOAF of bread, a HEAD of lettuce, a package of cheese, etc. The bottle of mayo will go bad before I use 1/4 of it. Then take the time cutting the vegetables and such. All for one sandwich. Subway starts to look like a reasonable option.
If a family of four wants sandwiches, it's still a loaf of bread, a head of lettuce, etc to feed all four people. That's a better value proposition.
I probably could plan out different meals a week ahead to use up that whole red onion, which I got to put 1/16th of it on my sandwich. It's a bit of a hassle, though.
I'm glad to see that restaurants, even fast food places, are slowly starting to offer healthier options.
Thanks for replying. I'll explain my use of the word "political" shortly.
I'm still very curious to hear what you meant when you said "you're using the word 'political' to advance your own views".
What views do you think I was advancing?
On that basis, you then said "Frankly, your overmoderated post is all too typical of what passes for acceptable".
Clearly you're bothered by how I "advance my views", so I'd like to know what you think those are.
> I'd imagine the read them.
I imagine that Rihanna seduces me.
You *could* look up the actual facts I'm under two minutes instead of imagining things and then believing that it must be true because you imagined it.
The article you linked says the journalist disagrees with Ryan on economic policy. Okay, cool. As I mentioned, I also disagree with him on policy often enough.
The journalist does not claim, and could not make a case, that Ryan isn't one of the smartest and best informed politicians we've had in decades.
Again, I can disagree with Stephen Hawking's theory. I can't reasonably say Hawking has no idea what he's talking about. That would be silly. Most Congresscriyters have no idea what they're talking about. They don't even read the bills, much less understand them.
> I'm under the impression that there were a lot more breaking changes from 3.0 through 3.3 than from 3.3 through 3.6
That's may well be right. I only know that most of the time, a Python script (any Python script) won't run on a system that has Python installed. Because of that and several other reasons, I tend to avoid Python. For simpler scripts it's quicker to write something similar in another language than to try to get the Python script working.
Once in a while breaking changes are needed. Most projects make breaking changes at a major release, such as Apache 1.x vs 2.x, rather than breaking different things with every minor release. It's also common to have a feature used in 1.x, marked it deprecated in 2.x, then remove it in 3.x.
I'm not sure what point you're making. I'm sure you have a good point, I'm just missing it.
I notice that I can download "Firefox for Windows" and "Firefox for Mac". "Firefox for Windows" contains no Windows code. Windows Subsystem for Linux seems similar to me - it's FOR Linux (programs), not IS Linux.
Secret brand deodorant for women doesn't contain any women. And?
Thanks for that. I've booked that for next time.
Finally, over the weekend I got my WMI issue almost solved I think. Apparently it has to do with ntlm versions and such. Windows 10 made a change in that regard.
Thanks for that. It's not the same as having the source code, but it may be helpful at times.
That's funny. I'm not sure sure if you're being serious or sarcastic, but that's about right. Can't even say you have a Python 3 script. Wrote some code for Python 3.2? Next month you get to rewrite it for Python 3.3. No other language does that.
If you're lucky, it just stops working entirely. If you're unlucky, it continues to run, but does something completely different under 3.3.
That law is good and all, but not enough until it's amended to remove a few words. Right now we have:
Cops can be punished if they violate your Constitutional rights and the prosecution proves proves that they did it because you're black or Mexican.*
How about we take out the part and just have:
Cops can be punished if they violate your Constitutional rights.
* I'm not actually kidding about the "black or Mexican part. Shockingly, the federal code also includes the words "discrimination against Caucasian persons is not discrimination". I'd have to double check the surrounding wording to see if that could be applied in the context you quoted.
> . One of great thing about python is you can built portable environment around it, with particular python version, libs, etc.
One of the horrible things about Python is that to run a simple script you have ship an entire separate environment for each script, with particular python version, libs, etc.
Perl, PHP, and other similar languages don't have this requirement. Perl scripts I wrote 15 years ago still run fine in an up-to-date environment, because they don't break the language with every update. They add new features and facilities, rather than removing commonly-used things, or worse, changing things around with no real benefit - just because the Python maintainers decided that they prefer left instead of right. Either way works, but switching things around without a clear need to do so is silly.
After writing that, it occurred to me that the one time I had to make a "similar" announcement, I did so on the same day it was discovered. That was a much, much smaller company than Chili's, though, with much simpler systems.
In our our case, investigation lead to the conclusion that there probably was no leak of data, but because we saw something that raises eyebrows we notified customers. We suggested that they keep an eye on their credit card statements over the next days and weeks and let us know if they saw any questionable charges.
Which reminds me, there is something in the Chili's same-day announcement which could have been done better. The apparent leak was credit card numbers, not social security numbers. Yet Chili's suggested customers monitor their credit reports and file a fraud flag with the credit reporting agencies. That's the wrong course of action. Those things might make sense if your SSN was leaked. For a leaked CC number, the right thing to do is watch that credit card account. Bad guys use your CC number to make fraudulent charges in the CC, not to open new accounts.
I don't like it when companies spend months before making an announcement, but making a public announcement the SAME DAY it's first discovered is surprising. It takes time to investigate and see if it's only an attacker in a certain city hitting nearby restaurants (such as over their wifi on no-table kiosks) or if it's very widespread. Chili's is a franchise, so there are many different companies running Chili's branded restaurants and they probably have separate payment systems.
It also takes time for the technical people, executives, lawyer, and PR people to talk and make sure the public statement says the right things - that it's accurate and doesn't unnecessarily implicate Chili's in something that may be just one franchisee, for example. Getting the statement out the same day it was discovered is surprising.
I'm glad to see they've already brought in third-party experts. In-house people may want to cover their own ass, or cover their friend's ass, or likely simply don't specialize in computer forensics and investigations, so calling in third-party experts is a really good idea.
Calling someone stupid is always rude, but calling them stupid while you spout "facts" that well-known to be completely false makes you look really silly.
For a few weeks, Microsoft TALKED ABOUT maybe releasing an "E" version of Windows 7 for Europe, which would have the IE icon removed from the desktop and such. It would still be installed, because it's required by a lot of other system components, but the shortcut to launch a pure IE window wouldn't be there by default. A few weeks later they announced they wouldn't be doing that, Europe would get Windows with IE pre-installed.
I completely agree Microsoft has changed a lot in the last ten years or so. As their Windows revenue has been falling every year for a long time, they've shifted their focus to profitable products instead.
My autocorrect likes to call Stallman "Stillman". I suppose that's not the worst thing he's been called.
You criticized me for pointing out that for Stillman, free software is a political issue, then you linked to one of his articles in which he says it's a "political camp" and that to "the Free Software movement, non-free software is a social problem".
So you're upset that I said he thinks that, then you link to him saying that? I'm confused.
> to advance your own views
What views do you think those are? My views I'm trying to advance, you say, what views do you think I'm trying to advance?
Would I be advancing a certain view if I said Linus thinks proprietary, closed development is a "suboptimal" way of developing software? Which view would that advance? Would stating Linus' view in those terms be advocating for or against what Stallman says?
> And it's not perfect but since you can review the code you can figure out exactly where and how it doesn't do what it's supposed to do.
That's super important to me. I virtually ALWAYS find and fix any issue at all on an open source system by using one consistent method - trace the program, let look at the source to see exactly what's going on. If the issue is that I have to pass a different argument to the program, I can see that clearly. It'll say right in the source:
if (option.be_sane) {
do_what_ray_wants();
}
If there is a bug in the program, I can see it and fix it.
Whatever the problem, the solution is always the same - go look at the portion of the code that handles that and see exactly what's going on.
For the last couple of weeks a co-worker and I have been trying to enable WMI on a Windows 10 box. According to all the documentation we can find, that should be a simple 3-minute process. Yet it doesn't work. No matter what we try, Windows just returns an undocumented and apparently irrelevant error code. The Windows logs show nothing. All we can do at this point is make random guesses and try different things which are not documented to be needed. There is no process which will solve problems on Windows, or any proprietary software, because we can't look at the source and see what's going on. We can only guess at random and hope we eventually hit the Windows jackpot and happen across the lucky set of registry settings and reboots that makes it work, for no apparent reason.
Python also breaks if you hit the tab key - on any OS. :)
Python also breaks if you update from last week's version this week's - you have to rewrite all your a scripts every time you update Python.
This reminds me of Friday during scrum one of my co-workers was proposing to do a certain thing on AWS Cloud watch and others weren't so sure it was a good idea. "It's like writing a Python script", he said. That scored him -8 points with the people he was trying to convince. I suggested that perhaps next time he was trying to say something is a good idea, don't use the phrase "it's just like Python". Lol
Yes, applications written for LINUX, such as OpenVPN, will run on Android. Bash, Imagemagick, Perl, Python, ffmpeg, sed, awk, Emacs, vim, nano ... all this stuff runs fine on Android. Postgresql is a bit tricky to install.
Applications written for X11 will run on systems with X11- which doesn't include most of the hundreds of Linux systems I've owned or administered, mostly servers, along with some VPN endpoints and other types of systems. Applications written for KDE will run on KDE systems, Gnome applications on systems with Gnome, etc.
I'm tired of the "Gnu/Linux" discussion too.
Anyone who cares to can call it "Apache/Mozilla/Gnu/X/Gnome/Linux" if that's their preference, I call it Linux.
The submitter brought up an interesting tangent, though:
> although operating systems are pretty much apolitical by nature as far as I can tell.
For Richard Stallman and the FSF leaders, free software is very much political. In case anyone was unsure, he said it is just two weeks ago. For Stallman, it's about changing (part of) society, advancing a popularist ideology which has some things in common with Marxism. To Stallman,. proprietary software is EVIL, an evil which must be defeated.
For Linus Torvalds and the "open source" folks generally, it's not really political, it's simply a way of producing quality software, a good way to produce software which has several advantages. To Linus, proprietary software isn't the best match to his needs - except when it is. The kernel source control was a proprietary system he bought called Bitkeeper. He could have used open source version control, but at the time he thought Bitkeeper, the proprietary system, fit his needs better. So he used it. Later, Linus wrote git to exactly fit his needs.
What are people's thoughts on this? Free Software as a political movement, or Open Source as a better way to get software done?
Many security vulnerabilities can be exploited through multiple attack vectors. I'm more interested in where the actual flaw(s) are than which attack vectors are most convenient or popular at the moment.
If Firefox has an issue that allows JavaScript to be loaded from URLs it shouldn't load from, bad on Firefox. If Windows (or Linux) had a big in the kernel that allowed JavaScript, in any browser, to bypass the separation between processes and read memory assigned to another process, bad on Microsoft. It is the kernel's job to enforce that protection. The flaw could be exploited in any number of ways, by any program, including via JavaScript.
It is the sworn testimony of Microsoft's top executives Microsoft intertwined their browser so deep into the OS internals that it's impossible for Microsoft to make a version of Windows that can even boot without running browser code. Linux isn't designed that way. The browser isn't intertwined with the kernel or key parts of the OS. The browser (actually browsers) are completely separate applications like any other application, and the Linux OS is in no way dependant on the browser.
It is fair, I think, to take Microsoft at their word, especially given the supporting evidence. When they testify under oath that their engineers are unable to remove legacy Internet Explorer code from Windows because it's so intertwined with the OS, and we see that in fact browser-based exploits do in fact infect the Windows OS at a deep level, we can only conclude that their testimony is true and they really did embed IE code deep in the OS.
Unless we get some strong evidence that Microsoft was committing perjury, it does make sense to acknowledge that their browser is an intrinsic part of their OS. It also makes sense to acknowledge the fact that Linux is not designed that way.
I just noticed a typo in what I wrote. My bachelors was INexpensive, not expensive. It should read:
--
My bachelors was also an inexpensive online program offered by a respectable university. The degree program increased my income enough to pay for the school even BEFORE I graduated.
--
> The 4th Amendment does not provide any exceptions to its rules. Search and Seizure requires a warrant. It does not say except on the border *or except when there is suspicion.*
Here's the exact wording of the fourth amendment, with my comments on each of its two parts:
--
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated
--
The fourth says we have a right to be secure against UNREASONABLE searches. There is a legal principle that if the sign says "No parking on Sundays", that implies that parking is allowed at other times. Otherwise the sign would just say "No parking". When the Constitution says no "unreasonable searches", that means that *reasonable* searches are allowed. Courts have ruled that in order for a search to be reasonable, it must be based on reasonable suspicion.
Whenever I point out what the law says, somebody gets mad at me and starts arguing "so you think ...". I actually didn't write the Constitution, I only read it. Secure "against unreasonable searches" isn't what I think the Constitution SHOULD say, it's what the Constitution DOES say.
If I was writing it today, I might say something more specific than "unreasonable". As it is, it's up to the courts to decide if a search is "reasonable" based on principles laid out by the Supreme Court. Courts have two ways to look the reasonableness of a search. They can determine if a search WAS reasonable based on the circumstances, or if time allows they can rule on whether a particular search of a particular place WILL BE reasonable in the future. The fourth amendment addresses one of those two specifically.
Continuing now with the rest of the fourth amendment:
--
and
--
Just one little word, but it's worth pointing out that the framers wrote AND, not "or", not a comma, not "therefore". The use of "and" means the above is true, and separately the next part is also true.
Continuing:
--
no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized
--
If a court is going to issue a ruling that a future search will be reasonable (a warrant), those requirements must be met. This also gives a hint on how to define "reasonable" when looking at searches that already occurred - they need to have probable cause.
If a person is arrested and put I'm jail, it's reasonable to avoid allowing contraband into the jail by search them during booking. No need for them to spend a day in quarantine waiting for a search warrant that will definitely be issued. Where there is probable cause to believe a person has evidence of a crime AND that evidence will disappear if you let them go and come back tomorrow with a warrant, a search with probable cause may be reasonable. A court can decide whether it was reasonable.
The fourth doesn't say that all searches must be pre-approval, with a warrant. It says they must be reasonable. A warrant is one way of handling the determination of reasonableness.
Here's something that's just my opinion. It's not in the Constitution. I'd like to see better consequences for officers who violate this and other Constitutional rights in a clear way. If an officer knew, or should have known, that their actions violate Constitutional rights, penalties should be imposed on the officer. It should happen regularly enough that officers expect they'll likely get busted if they do that sort of thing, especially if they do it often they'll get busted before long. I also think that courts should continue to be free to disagree with an officer's determination of reasonableness and disallow the evidence, without penalizing the officer if they reasonably thought their actions were okay under the circumstances. Only idiots would become cops if cops go to jail the first time a court disagrees with them on a judgement call. YouTube has plenty of examples of cops who knew they didn't have probable cause, though, or should have known.
> Have a job paying 60k, save 30k, and for each day you work you earn one day of retirement.
That's true! It's something I'm working on.
> rather than spending $$$ going back to school in the hopes of a higher paying job.
After the tax credit, my masters from Georgia Tech will only cost me about $4,500. Maybe less if I can get my employer to pitch in or something. Conservatively, my masters should bump my income by *at least* $5K / year, so it'll pay for itself the first year. After that, it's an extra $5K-$15K each year of additional means to live beneath.
My bachelors was also an expensive online program offered by a respectable university. The degree program increased my income enough to pay for the school even BEFORE I graduated. The final exams for some of the classes were industry certifications like Cisco CCNA and Security+. Having those certifications caught the attention of recruiters so my income went up while I was still in school.
There has in fact been change at the top. It was a tiny company. About a year before I joined they had one "programmer" who wrote all the code. He wasn't trained as a programmer. A family started the business together. The brother who was "good at computers" did all the code. Since then, it's been bought by a larger company with more mature processes, but headquarters still mostly leaves us alone and let's us do things our own way.
In the last two years I've implemented code review, introduced test scripts, and pushed getting the version control (Git) in shape.
My entire career has been with very small companies or groups, so although I've *read* a lot about best practices, I haven't had much opportunity to see what's really done by most companies and truly provides the best bang-for-buck in software quality. You said " This stands out in this day and age. ... I haven't heard of a shop in the last decade that doesn't implement peer review." What other practices have you seen used a lot, practical processes which really provide clear value?