Although I agree with the majority of the comments to this article I am glad that Mr Russell Jones wrote his article. Why ?
One big problem that the open source community faces is that of complacency -- ie knowing that we are: better, more secure,...
What we know may well be true, but it will not remain true if we relax, content in the warm glow of our superiority. To remain ahead needs continuous awareness of the issues, which, in the case of security means a constant paranoia prompting reassessment of procedures, possible risks, etc.
There have been articles like that of Mr Russell Jones before; I hope that they keep coming just to remind everyone to keep on their toes.
The authors of the mydoom virus could indeed be disaffected Linux supporters, but equally likely they could be some different group that is now laughing at how Linux supporters are carrying the can for their actions.
No matter what I think of SCO - what the virus does is vandalism that: hurts innocent users who have their PCs infected; hurts the Internet by hogging bandwidth; hurts SCO.
The only thing that I can say is that the authors are not my friends.
Most people (other the CEOs) are smart enough to realise that `studies' are sponsored and so unreliable, and similarily that anything that appears in a M$ sponsored advert is not to be trusted.
So decision makers will look elsewhere.
What you forget is that the ``leading IT publications'' get a large part of their revenue from advertising. Very often when you see some full page adverts you will see ``editorial'' on a closely related topic in the same issue - surprisingly the views of the advertiser just happen to be supported.
It is this more subtle ``information provision'' that will have the bigger impact. The up front adverts are a distraction.
All that this shows is that a Linux based system works in the way that it should. Would you expect anything else if you ran your: TV, central heating,... for a long period ?
The trouble is that, after a period of increased stability in the 1980's, in the last decade people have come to expect that computers fail, and they wonder with amasement if they don't.
OK: 30 years ago I remember it being a good day if the mainframe stayed up 12 hours. But things have moved on, today you expect your: MVS, VMS, Unix, Linux machine to stay working. The only OS vendor who's products have not matured is the one in Redmond - largely because of rampant infestation with new features.
The above is not intended to belittle the fantastic efforts of all those involved.
Next they pick up on RFID tags ...
on
Smart Billboards
·
· Score: 1
What did you buy last in the shop... show some adverts that relate to that so you might buy some more.
So you just picked up your hot date, and being a health concious sort of guy dropped round the chemist (== pharmacy for US readers) before meeting her - so what gets flashed up on every billboard as you drive her home ?
The desired result it to eliminate master/slave from the dictionary. The result will be that future generations will not understand the words, the result will be that they won't appreciate the effects of slavery of their ancestors. That would be a home goal.
I want to use the English language to its full extent. This sort of thing makes description fuzzier.
How did they get the screen shots ? I thought that the big thing about this release was supposed to be DRM & Fritz chip to stop this -- or are all of these GIFs going to stop working next week ?
Oh, wait - I get it, silly me, it's Microsoft, so of course: it just doesn't work. SNAFU.
The really important feature is that your server must play with MS Outlook clients as well as with the OSS ones (Ximian, KOffice,...).
The point is that groupware is mainly useful for (large) businesses. You will not get everyone to migrate to a Linux/OSS desktop together (some will never move), so your server must be able to work with the legacy MS Outlook.
You can either pretend to be an exchange server, or write your own MAPI module to plug into outlook - this seems to be the way that others are doing this.
Normally when a company comes out with a new service they splash announcements all over the place for some weeks in advance. Verisign didn't do this. Why not ? Did they have event the tinyest bit of doubt that not everyone would be over enthused with their innovation?
You often learn more by not looking at what people do as to how they do it.
But that has always been the point about the latest and greatest - most people don't need it because the software that is sold in volume today is designed to work adequately fast on the hardware that is sold in volume today.
It is only the people that are pushing the edge that need the top end stuff. The rest of us will buy it at 1/2 the price in 18 months time.
It would be interesting to see if the Chinese can type 'make' (or whatever is the MS Windows equivalent) and end up with something that is bit wise identical to what MS ships as part of a standard distribution. If they cannot do this, one has to question why not ? and we will be left with the suspicion that there is something that MS doesn't want the Chinese to see (be that different MS or NSA code).
Let's enforce a no-resale clause
on
NYT on RFID
·
· Score: 2, Interesting
If a manufacturer wants to stop resale of it's goods on the second hand market (think: CD, software, E-book) it says so on the packet and puts a unique RFID into every item.
Then it goes round the car boot sales and picks up the items (doesn't even need to buy/touch them - scan as they walk by), tie back to the original sale (you did pay by credit card didn't you ?) and hit you with a court case.
Well, it will now be able to to use the clothes that you wear as an additional clue. So don't ever wear anyone else's clothes again otherwise it will report you to the morality police.
Re:Article - no reg.
on
NYT on RFID
·
· Score: 3, Insightful
Privacy advocates have suggested, among other things, that the tags be designed so that they cannot be reactivated once they are turned off, that all goods with a tag carry a consumer warning and that the tag must be removed when a product is sold unless the buyer agrees to leave it on.
Either:
We will remove it for you sir, but that will cost you 50c.
How many will choose to leave it on.
Why do you want to remove it sir, what have you got to hide ?
And if you have something to hide, then that is just the excuse that the police/... need to come sniffing.
Either way, the pressures will be such that most people won't bother/want to have them removed.
If you think that Unix is such a great security architecture take a look at the C language and the APIs in the standard C runtime. The buffer overun problem was almost non existent before C. Fortran, Algol and even Basic always supported array bounds checking (OK some fortrans made you turn it on). Then along came C with the loosey goosey null terminated strings and array pointers without bounds specifiers.
The APIs of the standard C runtime are not much better, look at the way that functions like atoi signal that the user gave invalid input (they don't). I just spent an hour chassing down a bug in some code I wrote that turned out to be due to a math overflow when multiplying two integers. Fortunately I caught the problem because I had some assertions set up to check for wierd results. But every other language would have signalled a math overflow.
But before C came along operating systems and OS utilities (editors, compilers,...) were written in assembler. C did not really change things much as it is effectively a machine independent assembler - with all the power and speed, but all of the pitfalls. Having the compiler check array bounds slows run time speed. It can all be done properly in C, it just needs a bit more work.
A lot of the problem is poor programming. Some of it is due to bad coders, much of it due to commercial pressures (get it out to market quickly). The result is that many programmers don't check the result of system calls, array bounds, etc.
Slashdot Mirror
Although I agree with the majority of the comments to this article I am glad that Mr Russell Jones wrote his article. Why ?
...
One big problem that the open source community faces is that of complacency -- ie knowing that we are: better, more secure,
What we know may well be true, but it will not remain true if we relax, content in the warm glow of our superiority. To remain ahead needs continuous awareness of the issues, which, in the case of security means a constant paranoia prompting reassessment of procedures, possible risks, etc.
There have been articles like that of Mr Russell Jones before; I hope that they keep coming just to remind everyone to keep on their toes.
The authors of the mydoom virus could indeed be disaffected Linux supporters, but equally likely they could be some different group that is now laughing at how Linux supporters are carrying the can for their actions.
No matter what I think of SCO - what the virus does is vandalism that: hurts innocent users who have their PCs infected; hurts the Internet by hogging bandwidth; hurts SCO.
The only thing that I can say is that the authors are not my friends.
I don't think that the average girl would notice that small a difference.
and save time if I wrote my cheque for the license fee out to Microsoft?
I mean, they are going to want a return for the money that they have put into SCO.
Why the past tense ? I still do use SC for many things.
The temptation to just have a peek at: your ex's/neighbour's/brother's_business_rival's/... records will be more than some people can resist.
Quite appart that there should be a right to privacy.
Most people (other the CEOs) are smart enough to realise that `studies' are sponsored and so unreliable, and similarily that anything that appears in a M$ sponsored advert is not to be trusted.
So decision makers will look elsewhere.
What you forget is that the ``leading IT publications'' get a large part of their revenue from advertising. Very often when you see some full page adverts you will see ``editorial'' on a closely related topic in the same issue - surprisingly the views of the advertiser just happen to be supported.
It is this more subtle ``information provision'' that will have the bigger impact. The up front adverts are a distraction.
All that this shows is that a Linux based system works in the way that it should. Would you expect anything else if you ran your: TV, central heating, ... for a long period ?
The trouble is that, after a period of increased stability in the 1980's, in the last decade people have come to expect that computers fail, and they wonder with amasement if they don't.
OK: 30 years ago I remember it being a good day if the mainframe stayed up 12 hours. But things have moved on, today you expect your: MVS, VMS, Unix, Linux machine to stay working. The only OS vendor who's products have not matured is the one in Redmond - largely because of rampant infestation with new features.
The above is not intended to belittle the fantastic efforts of all those involved.
What did you buy last in the shop ... show some adverts that relate to that so you might buy some more.
So you just picked up your hot date, and being a health concious sort of guy dropped round the chemist (== pharmacy for US readers) before meeting her - so what gets flashed up on every billboard as you drive her home ?
the damn fool didn't patent the idea and save many people a lot of bother :-)
to political correctness.
The desired result it to eliminate master/slave from the dictionary. The result will be that future generations will not understand the words, the result will be that they won't appreciate the effects of slavery of their ancestors. That would be a home goal.
I want to use the English language to its full extent. This sort of thing makes description fuzzier.
It must be pretty good stuff!
Hmmmm, what happens if your house catches fire ?
8 copies of the same document all nicely toasted!
If you were unemployed and without good skills would you turn your nose up at this job ?
So they get to break all the existing applications - yet again.
I still daily run code that I first wrote on Unix 18 years ago, it has evolved at bit but is largely unchanged in 10 years.
People will get tired of the change, change, change.
How did they get the screen shots ? I thought that the big thing about this release was supposed to be DRM & Fritz chip to stop this -- or are all of these GIFs going to stop working next week ?
Oh, wait - I get it, silly me, it's Microsoft, so of course: it just doesn't work. SNAFU.
The point is that groupware is mainly useful for (large) businesses. You will not get everyone to migrate to a Linux/OSS desktop together (some will never move), so your server must be able to work with the legacy MS Outlook.
You can either pretend to be an exchange server, or write your own MAPI module to plug into outlook - this seems to be the way that others are doing this.
If I produced a shoot-em-up game with Darl McBride as the main target, would that be OK ?
You often learn more by not looking at what people do as to how they do it.
But that has always been the point about the latest and greatest - most people don't need it because the software that is sold in volume today is designed to work adequately fast on the hardware that is sold in volume today.
It is only the people that are pushing the edge that need the top end stuff. The rest of us will buy it at 1/2 the price in 18 months time.
It would be interesting to see if the Chinese can type 'make' (or whatever is the MS Windows equivalent) and end up with something that is bit wise identical to what MS ships as part of a standard distribution. If they cannot do this, one has to question why not ? and we will be left with the suspicion that there is something that MS doesn't want the Chinese to see (be that different MS or NSA code).
If a manufacturer wants to stop resale of it's goods on the second hand market (think: CD, software, E-book) it says so on the packet and puts a unique RFID into every item.
Then it goes round the car boot sales and picks up the items (doesn't even need to buy/touch them - scan as they walk by), tie back to the original sale (you did pay by credit card didn't you ?) and hit you with a court case.
Result: more profit
Well, it will now be able to to use the clothes that you wear as an additional clue. So don't ever wear anyone else's clothes again otherwise it will report you to the morality police.
Either:
How many will choose to leave it on.
And if you have something to hide, then that is just the excuse that the police/... need to come sniffing.
Either way, the pressures will be such that most people won't bother/want to have them removed.
The APIs of the standard C runtime are not much better, look at the way that functions like atoi signal that the user gave invalid input (they don't). I just spent an hour chassing down a bug in some code I wrote that turned out to be due to a math overflow when multiplying two integers. Fortunately I caught the problem because I had some assertions set up to check for wierd results. But every other language would have signalled a math overflow.
But before C came along operating systems and OS utilities (editors, compilers, ...) were written in assembler. C did not really change things much as it is effectively a machine independent assembler - with all the power and speed, but all of the pitfalls. Having the compiler check array bounds slows run time speed. It can all be done properly in C, it just needs a bit more work.
A lot of the problem is poor programming. Some of it is due to bad coders, much of it due to commercial pressures (get it out to market quickly). The result is that many programmers don't check the result of system calls, array bounds, etc.