Not really chilling at all. Microsoft has the best hand no matter what any company, law firm, or government agency says. It can simply say it will stop supporting and releasing patches for its products and that it will close it's doors and go out of business before it releases it source.
Methinks it would get real interesting to see Microsoft attempt that. For FUD value, hint that Microsoft is considering just that.
Sorry? Do you mean give everyone full control to my system drive, as well as your AV definitions, configuration files and executable code? You've got to be kidding!
Hehe, you have to parse anti-virus correctly. If you consider it in the same class as Melissa-virus and Code-Red-Virus and whatever's running loose now, it will make sense. The "Anti" virus is now so prevalent that it comes preinstalled on many computers.
The objective of the "Anti" virus is to make you appreciate how clever it is at catching yesterday's viruses while opening you wide-open to tomorrows's viruses.
I[t] could just as easily right [write] a Unix game that requires you to be root.
Could be, but the odds are much higher that a Unix game would quite properly refuse to run if run as root. I think there are some old games that are very broken if attempted from a root login.
If the game is distributed as an RPM, it will almost certainly have to be installed by root, since the places it must go are controlled by root. If the game is distributed as a tarball, no reason for root to have anything to do with it. If the game requires root access to run, you can count on a swarm of users running it in a sandbox to find the trojan you planted in it.
"The code doesn't get secure by polluting it with tons of security checks. It gets secure by keeping the security checks in as few places as possible."
True. Difficult but true. This belongs in the category of making programs more competent, more flexible, faster, and smaller.
The ideal is something that if it passes a few simple tests, is incapable of finding a (complicated) way to fail.
Re:Writing is bad enough, testing is worse
on
Exploiting Software
·
· Score: 1
As far as disasters all out of proportion to the cause, computers are famous for that.
The situation is worse. People are surprised when it happens.
I'd blame unit testing and only attempting integration when the units are "debugged". I'm lazy. I prefer the approach of throwing the whole mess together immediately and watch the fireworks. It's not enough for a unit to behave properly when the rest of the world is correct. It much behave no worse than can be expected regardless of the bugs in the rest of the system. How many (serious) bugs show up only in the presence of another bug?
All men are created equal. Maybe. All bugs are created equal. No way.
Re:Writing is bad enough, testing is worse
on
Exploiting Software
·
· Score: 3, Interesting
If architects make buildings like programmers write code then every woodpecker that comes along destroys civilization.
And the architects' answer would be to woodpecker-proof every stick of wood???
If you need to test every case, check every return code, etc, etc, there is something very bad, very fundamentally bad, with the design of the whole mess.
With no testing or checking whatever in the program, it should be impossible to create a disaster all out of proportion to the cause.
And the free software community would be one of the first to burn from the full heat of it.
Balderdash! With Closed Source, the vendor is the only party in a position to correct any problems. With Open Source, the source itself operates in lieu of warranty. Regardless of how any contracts are worded, the facts of the situation are significantly different.
There has to be some relationship between the liability of the vendor and the purchase price. There should be some precedents in the cases of misprints in advertising and the liability of the party carrying the advertising.
It's like a city. In a city there are the slums, artists all move to the slums because they can't afford to live on the other side of the tracks. Eventually the artists section of town becomes fashionable because all the cool galleries, restaurants and clubs are there and the yuppies move in. Prices skyrocket the artists move [to] the next slum and the whole cycle starts over again.
The yuppies move in. "Fix up" the joint. Raise the rents. The artists move out. After a period of time it becomes the slums again.
There is an economic solution. Discriminatory pricing. The yuppie pays an exhorbitant rent for an inferior apartment compared to the artist. The yuppie is really paying for the privilege of living in the artist's space. It's a delicate arrangement, but if nobody gets greedy and grabby it can be very workable. You don't make money from the artists themselves. You can make a lot because they are there. If you have a goose that's laying golden eggs, you'll be ahead to feed it instead of killing it.
You're seeing some of that happening now. IBM is dumping money into Linux. IBM claims that they're more than getting their money's worth. I'm sure they are, but have no idea how they figure it. Red Hat splits into the expensive Red Hat Enterprise and the free (only?) Fedora Core, abandoning the profitable Red Hat Professional boxed set. This after training my boss to always buy the latest Red Hat Professional boxed set even when my stock answer is that what's in it is a better set of screen savers!
force the user to run root in a minimalistic environment
This has already been done to some extent. A number of gee-whizz stuff refuses to run as root. A number of things go to a more minimalistic, brute-force feel to them. If you keep the name "root" and not do something stupid like "Administrator", the situation will tend to be self-correcting.
root is for when you have to fix things. You run as root because you need to, not because you want to. We still run Microsoft Windows, but I was smart enough to rename the domain administrator account to "root". If I leave a user's computer with root still logged in, my users get in a hurry to get rid of root and get their own stuff back. I don't know what they associate "root" with (seems like I've overheard some cracks about roter-rooter). My users aren't exactly/. material, but they do not "click on everything". If the account were still named "Administrator", It'd be a different story.
Linux is still an old car, you can fix it. Microsoft is engineered to be complicated, just like modern cars.
Partially true, but I'd say that Linux is more like an old modified racing Porsche and Microsoft is like a shiny new Chevette.
Linux on the desktop. It's not enough that Linux is almost as good. Even that Linux is somewhat better. Linux comes into its own on the desktop when it does stuff where Microsoft is incapable of competing. I dunno what or how, but I can feel it coming. You'll know it here when corporations are buying new hardware to run Linux.
It has to be Theo-compatible to be part of OpenBSD. (from grandparent)
Methinks he's quite accurate.
Note that there's no connotation that there is anything wrong with that.
Don't be fooled by the fact that you can download it or buy the CDs cheap. OpenBSD has very much the feel of an exclusive club. A very exclusive club which owns a rather good and secure OS. By owns, I mean that you or I cannot afford to buy an opinion that makes any difference. I rather doubt that Bill Gates could buy what those people own. Outside users are tolerated, and it's not from altruism. If there's a land mine in it, they'd rather I run into it first.
O.T. Microsoft Office leaves you stranded on a mountain top without survival gear or climbing gear. Worse than being up a creek without a paddle.
"The reason for this excitement is that it is becoming clear to us that we can develop very clean-looking, elegant, debuggable, SMP scaleable software using this model whereas using the mutex model generally results in much less elegant (even ugly), difficult-to-debug code. Code complexity and code quality is a very important issue in any large piece of software and we believe we have hit on a model that directly addresses the issue in an SMP environment without compromising performance."
I don't really know what he's talking about, but: If he's right, everybody wins. Even if he's wrong and we find out why, everybody wins. It sounds like Linux isn't hurting BSD any, and methinks for a number of reasons, Linux wouldn't be what it is today without the BSD's.
The open source community needs to make every effort to bridge this gap between the intellectual and business worlds - other wise these battles and wars will just get worse, and consequently just as threatening...
Symbiosis can be defined as mutual parasitism. It's a lop-sided arrangement, but to both party's unfair advantage. As long as neither side gets grabby and greedy, I'm sure something can be worked out. Both sides need to be aware that the other side has very real concerns even if they don't seem to make any sense. The point is they don't need to make any sense. If someone takes something I don't care about, why should I care. If I can give someone something they need desperately, with no cost or effort on my part, why not?
Rule#1 of business is "Don't piss of your customers."
I don't care who the region's sales engineer is. Checkpoint is gone.
If you have to get into bed with the region's sales engineer to get the the service you need, you need to jump ship because when you really need it, he's gonna be long gone.
Re:Wretched, foul, irredeemable.
on
Spam Bits
·
· Score: 1
If I hear one more spammer refer to himself as a victim
Hmmmm, my reaction is that the more victimized the spammer is the better. What we need is the modern equivalent of tar and feathers and riding out of town on a rail. By person or persons unknown.
Re:Wow, they requested this?
on
Spam Bits
·
· Score: 1
to add a bit. 1) Mass mailings are stupid. Repeated mass mailings are real stupid. You're making your valuable customer list available to your competitors. Real cheap. Your former customers will be more interested in what your competitors have to say than what you have to say. 3) Don't piss off your customers. Repeat. This is a fundamental rule of business.
As noted elsewhere in this thread Legitimate companies do not sell my e-mail address. Never. None of them. An immediate correlary is that any company that does sell my e-mail address is not legitimate. The obvious conclusion is that it's better to avoid anything to do with any company that would even consider selling my e-mail address.
Re:Wow, they requested this?
on
Spam Bits
·
· Score: 1
The results: legitimate companies do not sell my e-mail address. Never. None of them.
Should be no surprise. Legitimate companies do not want to annoy their customers (or anyone else they do business with). Legitimate companies consider their customer list to be company-confidential, a very valuable asset. They do not want this information to fall into the hands of their competition. Legitimate companies would be wise to be extremely cautious about outsourcing anything that uses their customer list. A secret shared too many times ceases to be a secret.
The results: legitimate companies do not sell my e-mail address. Never.
Actually they do. When they sell the whole business! Count on it being mentioned explicitly in the contract of sale.
Hmmmm, it's possible that the WMD were there in Iraq. The massive dossiers that Saddam & co. kept on all its people.
Re:Linux Has Travelled Far... In The Wrong Directi
on
Linus on Linux in 1994
·
· Score: 1
Linux has created two classes of people. Those who can, and those who can't.... Today, the schism between these two classes is so great one views the other with hostility and mistrust.
There are two classes of people. Those who understand and make tools, and those who use tools without understanding them. To drive a car it is not necessary to be able to tear down and rebuild the engine. It's a good idea to have a bit of respect for all the stuff you are not aware of.
What should be done in the next ten years? De-mystify Linux Good Luck, but remember (misphrased?) "Unix is simple but it takes a genius to understand its simplicity". Unix is lower-case and case sensitive. This is very off-putting to anyone who associates computers with PRINTED BLOCK CAPITALS. Lower case looks and feels different. Remember there is an enormous gulf between doing some things and doing all things.
True. Past the trivial, Windows users need to be superior to Linux users to accomplish the same thing. It's just a computer. The better the computer system, the more this holds. Computer systems suffer from the Flat Earth Society Syndrome. The computer does not know what the computer does not know. There is an edge where the computer's knowledge drops off. The computer not only cannot see the edge, it is incapable of comprehending that an edge could even exist.
Stop saying how bad windows is. Say how good Linux is. Sorry, but I am using Windows. I will keep saying how bad Windows is. When I am using Linux I will stop saying how bad Windows is.
Non-forgeable From-addresses would be nice, but the most critical emails that I send or receive are when email is broken and/or one of us is not in a position to be able to use the normal channels.
It's like phoning the phone company to report that your phone is out of order. It's like a backup system that works perfectly as long as you don't need it.
The from-address is where the email claims to be from. It should be easily forgeable. If I am using someone else's computer to send a quick note, I should be able to send it, from me, without messing up the computer's settings.
The headers also include where the email came from, at least the last leg of the trip. The headers should be blatantly obvious when mail is delivered. Otherwise it's like the postman delivering the letter inside and keeping the envelope.
The problem with spam is not that it is unsolicited, nor that it is commercial. The problem is that there is far too much of it, and it is being sneaky about delivering it. Spam is socially unaceptable and the solution will be social not technical. For the technical side, the email client needs to distinguish between what it knows and what the email purports to be. For HTML emails, it would help to see which domains are referenced by the email. The difference between the malware running loose now and the Unix Honor Virus is that with the latter you can see what is going on. Anything that pretends to be other than what it is is up to no good. Anything that encourages this pretense (hint, hint Microsoft) is encouraging the malware. Anything that calls something secure when it has only secured part of it is encouraging the malware. A tar-paper shack with a steel security door is not secure.
Slashdot Mirror
Not really chilling at all. Microsoft has the best hand no matter what any company, law firm, or government agency says. It can simply say it will stop supporting and releasing patches for its products and that it will close it's doors and go out of business before it releases it source.
Methinks it would get real interesting to see Microsoft attempt that.
For FUD value, hint that Microsoft is considering just that.
Sorry? Do you mean give everyone full control to my system drive, as well as your AV definitions, configuration files and executable code? You've got to be kidding!
Hehe, you have to parse anti-virus correctly.
If you consider it in the same class as Melissa-virus and Code-Red-Virus and whatever's running loose now, it will make sense.
The "Anti" virus is now so prevalent that it comes preinstalled on many computers.
The objective of the "Anti" virus is to make you appreciate how clever it is at catching yesterday's viruses while opening you wide-open to tomorrows's viruses.
I[t] could just as easily right [write] a Unix game that requires you to be root.
Could be, but the odds are much higher that a Unix game would quite properly refuse to run if run as root. I think there are some old games that are very broken if attempted from a root login.
If the game is distributed as an RPM, it will almost certainly have to be installed by root, since the places it must go are controlled by root. If the game is distributed as a tarball, no reason for root to have anything to do with it.
If the game requires root access to run, you can count on a swarm of users running it in a sandbox to find the trojan you planted in it.
I'm still using NT4, you insensitive clod.
Here is the silver lining of the surveillance society. The hope, or perhaps the dream, that we can at least surveil those in power.
Pipe dream. Figure the odds. We manage to catch a fluke or two. They catch all the non-flukes.
Er, how would you report an error to the user if printf() failed?
... , something gets printed and you unwind the stack.
You use printf(), obviously.
And prinf() had damned well better be recursive.
Now if the failure is intermittent,
If the failure is permanent, you need to be able to read the blinking lights.
Works with the old obsolete stuff. With the fancy new stuff you're SOL;)
"The code doesn't get secure by polluting it with tons of security checks. It gets secure by keeping the security checks in as few places as possible."
True. Difficult but true. This belongs in the category of making programs more competent, more flexible, faster, and smaller.
The ideal is something that if it passes a few simple tests, is incapable of finding a (complicated) way to fail.
As far as disasters all out of proportion to the cause, computers are famous for that.
The situation is worse.
People are surprised when it happens.
I'd blame unit testing and only attempting integration when the units are "debugged".
I'm lazy. I prefer the approach of throwing the whole mess together immediately and watch the fireworks. It's not enough for a unit to behave properly when the rest of the world is correct. It much behave no worse than can be expected regardless of the bugs in the rest of the system. How many (serious) bugs show up only in the presence of another bug?
All men are created equal. Maybe.
All bugs are created equal. No way.
If architects make buildings like programmers write code then every woodpecker that comes along destroys civilization.
And the architects' answer would be to woodpecker-proof every stick of wood???
If you need to test every case, check every return code, etc, etc, there is something very bad, very fundamentally bad, with the design of the whole mess.
With no testing or checking whatever in the program, it should be impossible to create a disaster all out of proportion to the cause.
And the free software community would be one of the first to burn from the full heat of it.
Balderdash!
With Closed Source, the vendor is the only party in a position to correct any problems.
With Open Source, the source itself operates in lieu of warranty. Regardless of how any contracts are worded, the facts of the situation are significantly different.
There has to be some relationship between the liability of the vendor and the purchase price. There should be some precedents in the cases of misprints in advertising and the liability of the party carrying the advertising.
It's like a city. In a city there are the slums, artists all move to the slums because they can't afford to live on the other side of the tracks. Eventually the artists section of town becomes fashionable because all the cool galleries, restaurants and clubs are there and the yuppies move in. Prices skyrocket the artists move [to] the next slum and the whole cycle starts over again.
The yuppies move in. "Fix up" the joint. Raise the rents. The artists move out. After a period of time it becomes the slums again.
There is an economic solution. Discriminatory pricing.
The yuppie pays an exhorbitant rent for an inferior apartment compared to the artist. The yuppie is really paying for the privilege of living in the artist's space. It's a delicate arrangement, but if nobody gets greedy and grabby it can be very workable. You don't make money from the artists themselves. You can make a lot because they are there. If you have a goose that's laying golden eggs, you'll be ahead to feed it instead of killing it.
You're seeing some of that happening now.
IBM is dumping money into Linux. IBM claims that they're more than getting their money's worth. I'm sure they are, but have no idea how they figure it.
Red Hat splits into the expensive Red Hat Enterprise and the free (only?) Fedora Core, abandoning the profitable Red Hat Professional boxed set. This after training my boss to always buy the latest Red Hat Professional boxed set even when my stock answer is that what's in it is a better set of screen savers!
force the user to run root in a minimalistic environment
/. material, but they do not "click on everything". If the account were still named "Administrator", It'd be a different story.
This has already been done to some extent. A number of gee-whizz stuff refuses to run as root. A number of things go to a more minimalistic, brute-force feel to them. If you keep the name "root" and not do something stupid like "Administrator", the situation will tend to be self-correcting.
root is for when you have to fix things. You run as root because you need to, not because you want to. We still run Microsoft Windows, but I was smart enough to rename the domain administrator account to "root". If I leave a user's computer with root still logged in, my users get in a hurry to get rid of root and get their own stuff back. I don't know what they associate "root" with (seems like I've overheard some cracks about roter-rooter). My users aren't exactly
Linux is still an old car, you can fix it. Microsoft is engineered to be complicated, just like modern cars.
Partially true, but I'd say that Linux is more like an old modified racing Porsche and Microsoft is like a shiny new Chevette.
Linux on the desktop. It's not enough that Linux is almost as good. Even that Linux is somewhat better. Linux comes into its own on the desktop when it does stuff where Microsoft is incapable of competing. I dunno what or how, but I can feel it coming. You'll know it here when corporations are buying new hardware to run Linux.
It has to be Theo-compatible to be part of OpenBSD. (from grandparent)
Methinks he's quite accurate.
Note that there's no connotation that there is anything wrong with that.
Don't be fooled by the fact that you can download it or buy the CDs cheap. OpenBSD has very much the feel of an exclusive club. A very exclusive club which owns a rather good and secure OS. By owns, I mean that you or I cannot afford to buy an opinion that makes any difference. I rather doubt that Bill Gates could buy what those people own. Outside users are tolerated, and it's not from altruism. If there's a land mine in it, they'd rather I run into it first.
O.T. Microsoft Office leaves you stranded on a mountain top without survival gear or climbing gear. Worse than being up a creek without a paddle.
A sufficiently advanced opinion is a fact. ;-)
Or soon will be
Throwaway accounts should never be, out of all places, registered on Hotmail.com. They suspend your account if you don't login for 30 days.
Isn't that the idea of a throwaway account?
"The reason for this excitement is that it is becoming clear to us that we can develop very clean-looking, elegant, debuggable, SMP scaleable software using this model whereas using the mutex model generally results in much less elegant (even ugly), difficult-to-debug code. Code complexity and code quality is a very important issue in any large piece of software and we believe we have hit on a model that directly addresses the issue in an SMP environment without compromising performance."
I don't really know what he's talking about, but:
If he's right, everybody wins.
Even if he's wrong and we find out why, everybody wins.
It sounds like Linux isn't hurting BSD any, and methinks for a number of reasons, Linux wouldn't be what it is today without the BSD's.
The open source community needs to make every effort to bridge this gap between the intellectual and business worlds - other wise these battles and wars will just get worse, and consequently just as threatening...
Symbiosis can be defined as mutual parasitism. It's a lop-sided arrangement, but to both party's unfair advantage. As long as neither side gets grabby and greedy, I'm sure something can be worked out. Both sides need to be aware that the other side has very real concerns even if they don't seem to make any sense. The point is they don't need to make any sense. If someone takes something I don't care about, why should I care. If I can give someone something they need desperately, with no cost or effort on my part, why not?
Rule#1 of business is "Don't piss of your customers."
I don't care who the region's sales engineer is. Checkpoint is gone.
If you have to get into bed with the region's sales engineer to get the the service you need, you need to jump ship because when you really need it, he's gonna be long gone.
If I hear one more spammer refer to himself as a victim
Hmmmm, my reaction is that the more victimized the spammer is the better.
What we need is the modern equivalent of tar and feathers and riding out of town on a rail. By person or persons unknown.
to add a bit.
1) Mass mailings are stupid. Repeated mass mailings are real stupid. You're making your valuable customer list available to your competitors. Real cheap. Your former customers will be more interested in what your competitors have to say than what you have to say.
3) Don't piss off your customers. Repeat. This is a fundamental rule of business.
As noted elsewhere in this thread Legitimate companies do not sell my e-mail address. Never. None of them.
An immediate correlary is that any company that does sell my e-mail address is not legitimate. The obvious conclusion is that it's better to avoid anything to do with any company that would even consider selling my e-mail address.
The results: legitimate companies do not sell my e-mail address. Never. None of them.
Should be no surprise.
Legitimate companies do not want to annoy their customers (or anyone else they do business with).
Legitimate companies consider their customer list to be company-confidential, a very valuable asset. They do not want this information to fall into the hands of their competition.
Legitimate companies would be wise to be extremely cautious about outsourcing anything that uses their customer list. A secret shared too many times ceases to be a secret.
The results: legitimate companies do not sell my e-mail address. Never.
Actually they do. When they sell the whole business!
Count on it being mentioned explicitly in the contract of sale.
Hmmmm, it's possible that the WMD were there in Iraq. The massive dossiers that Saddam & co. kept on all its people.
Linux has created two classes of people. Those who can, and those who can't. ...
Today, the schism between these two classes is so great one views the other with hostility and mistrust.
There are two classes of people. Those who understand and make tools, and those who use tools without understanding them. To drive a car it is not necessary to be able to tear down and rebuild the engine. It's a good idea to have a bit of respect for all the stuff you are not aware of.
What should be done in the next ten years?
De-mystify Linux
Good Luck, but remember (misphrased?) "Unix is simple but it takes a genius to understand its simplicity". Unix is lower-case and case sensitive. This is very off-putting to anyone who associates computers with PRINTED BLOCK CAPITALS. Lower case looks and feels different. Remember there is an enormous gulf between doing some things and doing all things.
True. Past the trivial, Windows users need to be superior to Linux users to accomplish the same thing.
It's just a computer. The better the computer system, the more this holds.
Computer systems suffer from the Flat Earth Society Syndrome. The computer does not know what the computer does not know. There is an edge where the computer's knowledge drops off. The computer not only cannot see the edge, it is incapable of comprehending that an edge could even exist.
Stop saying how bad windows is. Say how good Linux is.
Sorry, but I am using Windows. I will keep saying how bad Windows is. When I am using Linux I will stop saying how bad Windows is.
Non-forgeable From-addresses would be nice, but the most critical emails that I send or receive are when email is broken and/or one of us is not in a position to be able to use the normal channels.
It's like phoning the phone company to report that your phone is out of order.
It's like a backup system that works perfectly as long as you don't need it.
The from-address is where the email claims to be from. It should be easily forgeable. If I am using someone else's computer to send a quick note, I should be able to send it, from me, without messing up the computer's settings.
The headers also include where the email came from, at least the last leg of the trip. The headers should be blatantly obvious when mail is delivered. Otherwise it's like the postman delivering the letter inside and keeping the envelope.
The problem with spam is not that it is unsolicited, nor that it is commercial. The problem is that there is far too much of it, and it is being sneaky about delivering it. Spam is socially unaceptable and the solution will be social not technical. For the technical side, the email client needs to distinguish between what it knows and what the email purports to be. For HTML emails, it would help to see which domains are referenced by the email. The difference between the malware running loose now and the Unix Honor Virus is that with the latter you can see what is going on. Anything that pretends to be other than what it is is up to no good. Anything that encourages this pretense (hint, hint Microsoft) is encouraging the malware. Anything that calls something secure when it has only secured part of it is encouraging the malware. A tar-paper shack with a steel security door is not secure.