I'm not a software engineer, but it seems to me that the OS should offer a rigid set of services and functions to the programs that are supposed to run within the environment provided to them. Am I wrong about this?
You're completely right, BUT
There are places where the problem is. There are places where you can fix things. These places do NOT line up very well.
Open Source, you've maybe got a fighting chance. Closed Source, too many unknowns.
An OS starts nice and simple and well defined. As time marches on, it accumulates various stuff. It is much easier to add than to take away. Improving by making smaller takes much more skill than adding stuff.
Re:how about this bug in the msvc debug libraries
on
Debugging
·
· Score: 1
guess what happened when that counter overflowed (after a few weeks of my program running)? This program has performed an illegal operation and will be shut down.... was their convenient forgetting to check for overflow on this integer a deliberate mistake,
OK, I'll take a few stabs at it. It's another version of the Y2K phenomenon. The basic answer to Y2K is 99+1=00 with no excitement. Assuming the obvious x86 binary integers, incrementing the counter is a non-problem. The problems comes when something decides it needs to get excited because adding one to a positive number created a negative number (or adding one to a positive number made a zero). What makes it hilarious is that it is the checking for overflow that causes it to bomb.
Right. Slashdot is what it is because of what it is. No sense ruining a working formula. The format is a link to some article (some people even follow the links;) and some editorial comment to help stir up the commentary. I suspect that most of us are here for the multi-viewpoint commentary rather than some bland digest of current "news".
But the fact that there exist a large number of compatible and incompatible licenses indicates that the state of the licensing world is broken. And there's an opportunity for the FSF to take a leadership role here. [Emphasis added]
No more broken than anytime you have two or more organizations whose aims have anything in common.
The critical distinctions are not the terms themselves, but who gets to set those terms. You will never get a "one size fits all" license.
The major players in each of the major projects will attempt, to the best of their ability, to prevent someone else from doing to themselves and to their project like SCO is trying to do to UNIX.
Apache is available for free, but everything I've seen indicates that the driving forces behind Apache are not particularly to make the best free software but to serve the interests of several of the major players for whom the development, debugging and deployment of what they need would otherwise be prohibitively expensive. Apache is free, but nothing about it is cheap.
Maybe I should be clearer: none of us care about your hobby.
Wrong.
When things go wrong and none of the exotic high-speed stuff works, the hams can and do manage to get some word out when nothing else can get anything out. I'm not talking high-speed stuff like 300 baud modems either. When the choice is between a few words and no words, a few words is much better.
Broadband over power lines? Seems like you'd have better luck with gigabit ethernet over silver-satin telephone cables.
But the language won't fundamentally limit their thoughts. I'm sure you can think of times when you had an idea or an emotion that you lacked words for; if the claim in your post was true, you would not be capable of such thoughts.
Methinks the language can be and is limiting. If you lack the words and grammar, you can have the thought but it is extremely difficult to do much more than that with it. Analysis or expression of the thought is difficult to impossible.
Language makes for a convenient labeling system, but it doesn't define your thoughts. How do you think, except in terms of those convenient labels?
Do you really, truly believe that somebody can be colorblind just because they don't have color words more specific than "dark" and "light?" Does a B&W photograph or television look realistic? With no words for color, no means of expressing any difference in color, the perceived differences in color just become part of the background noise.
Given a reasonable degree of flexibility in the language, it's hard to find definitive cases where the language is limiting simply because there are too many ways to route around the damage.
Why do people keep associating OSS with anti-Microsoft? As I said yesterday, OSS is about choices, not about putting MS out of business. No matter how much any of us dislikes or even hates MS, that should not be what OSS is about.
Speaking for myself, there's some of us who use Microsoft and are thereby Microsoft-haters. We hang out here because it offers hope for the future. The impression I have is that for the most part, OSS simply ignores Microsoft. I know I would if I didn't have to contend with it.
I doubt we will ever see open source retail stores, hardware factories, or apartment buildings
Actually it would be very hard to find "closed source" varients of the same. Imagine that if you shop at WallMart you couln't even look at Target. Imagine you couldn't check out competing apartments to the one you live in.
As for capital intensive, seems like bridges, dams, tunnels, skyscrapers are all pretty much open source.
Basically, open source benefits the industry at maybe a bit of cost to the individual corporation whereas closed source benefits the individual corporation at the expense of the industry. If "reinventing the wheel" is perceived as a loss, closed source is a good way to ensure the perpetuity of that loss.
BTW, open source does not mean free (as in beer) or cheap. Methinks open source may actually wind up more expensive than closed because it is sufficiently more effective that things will be done using open source that would never be attempted with closed source.
Anyone want to bet that the number of exploited Windows security holes is NOT gonna soar?
Yeah, I'd take that bet. For baseline, there is a trend going back to Melissa that indicates an ever increasing level of malware. "soar" is above that baseline.
The bad guys have every reason to use the newly exposed source. The good guys have every reason to avoid the newly exposed source. Still there should be a few cheap hacks so that my computer does what I wand it to do instead of what Microsoft wants it to do. My best guess is that the level of malware will be slightly below the baseline. An interesting possibility is that exposure to the source messes up the minds of the bad guys sufficiently that the level actually goes down.
The whole "Many eyes makes the problem shallow" only works if everyone is equally skilled
Totally wrong.
The advantage of many eyes is that they are different eyes. The problem is only visible if it is viewed from the right angle, in the right lighting, etc. The skill sets required to identify that a bug exists, to identify what the bug is, and to actually fix the bug are all very different.
To modify a binary, even without access to the source code for said binary, is a trivial task for anyone with a rudimentary knowledge of assembler.
And closed source makes it trivial to keep anyone else from knowing that the binary has been modified. Anyone along the line can inject a backdoor or trojan.
It will be interesting to see how Microsoft fares with some of their source gone public. There is a trend dating back to Melissa that suggests an ever increasing level of malware. My own prediction is that, with a few cheap hacks to have my computer do what I want it to do instead of what Microsoft wants it to do, the level of malware will be a tad smaller than the trend projected. That despite the fact that the bad guys have every reason to use it and the good guys have every reason to avoid it, the leaked source, I mean.
Thousands of people have used updates I've built; nobody has ever emailed to ask "who are you, and why should I trust you?"
Sure you could do something nefarious, but why would you? Seems like somehow you'd have a lot more to lose than to gain.
Since you have no control over, and not much knowledge of who downloads what when, it seems utterly fantastic that you'd use those binaries to target your enemies.
Somebody compiles his own binaries. It should be fairly normal for him to download your binaries and see how his stacks up against yours. If there's something strange about yours, he's likely to try to find out what and why and unlikely to keep quiet if he finds any evidence of something wrong.
It's not that I trust you or don't trust you. I'm sure that I can trust you a lot more than I need to trust you. If I have to ask why I should trust you then I probably should not trust you. Either way, I don't ask. If I did ask, I no idea of any answer you could give that would cause me to trust you. It's more like I'd trust you because the binaries are there than that I'd trust the binaries because I trust you.
That's why serious electricians tend to avoid grounding their off hand when they're near hot wires
Right, but add feet to that. It's hard for anything that doesn't go through you to kill you.
Completely ungrounded, hold one lead of a neon transformer in one hand and a flourescent tube in the other. You won't feel a thing, but the flourescent tube will light up.
And Linux geeks never pride themselves on rebuilding everything from the kernel up using gcc, and even if they did do that, which they don't, they'd always download an independent C compiler to build gcc first, of course...;-)
Almost all don't. A few paranoids will. Quietly. Until they finally "find proof". And it only takes one.
Given that a source-level exploit is more likely to occur in the first place when the source is widely and anonymously available, [Emphasis added]
Point made, but methinks the realities strongly favor open source. The NIH (Not Invented Here) syndrome is probably stronger in open source than in closed source. While I could easily fork something with my own nefarious code, or submit long anonymous patches to whoever maintains the main line, the odds are that I would be totally ignored. Seems like during the OpenSSH stuff, Debian refused to patch without first being shown the exploit.
I can anonymously get open source. Except for making an obvious point, there is no way I can anonymously put open source anywhere that stands much of a chance of making any difference. Too many eyes. Too much suspicion.
Hehe. The software has to work effectively in the world it finds itself in. Assuming the software is effective, it will change that world it was in and even if unbuggy in the world it was in, it will now be buggy in the world it now finds itself in.
"All programs have bugs." (with the possible exception of something by Knuth) This is not an excuse after the fact. It is part of the design requirements. It is necessary that programs not go beserk if fed unexpected input. Execute strings as machine code if too long. Wipe out a database with a bad item description. If a few of these are "exploitable" and the the "exploits" are more spectacular than harmful, you have to wonder "who is the enemy?"
If everything goes like it's supposed to, we don't really need HAMs. When things don't go like they're supposed to, HAMs tend to be very reaourceful and useful, even necessary.
Now, a more plausible thing would be to install Cygwin. The user won't see any difference but suddenly their computer has become a lot more useful of a platform from which to launch attacks.
Which makes me wonder why so few Linux/*BSD attacks and why they all seem to fizzle out. Not to knock Cygwin, but surely the real thing would be better.
For a site that ostensibly relays stale news, Slashdot seems to have a lot of influence. I would be greatly surprised if the Slashdot editors didn't put some planning and foresight into the placement and timing of the articles. I do know that Slashdot does seem to be the best available early warning system for Microsoft wormage. I know its saved my skin a couple of times. Reading Slashdot at work? That's a lot of what they're paying me for. (Posting inane comments? Maybe a different matter;)
Slashdot Mirror
I'm not a software engineer, but it seems to me that the OS should offer a rigid set of services and functions to the programs that are supposed to run within the environment provided to them. Am I wrong about this?
You're completely right, BUT
There are places where the problem is.
There are places where you can fix things.
These places do NOT line up very well.
Open Source, you've maybe got a fighting chance.
Closed Source, too many unknowns.
An OS starts nice and simple and well defined.
As time marches on, it accumulates various stuff.
It is much easier to add than to take away.
Improving by making smaller takes much more skill than adding stuff.
guess what happened when that counter overflowed (after a few weeks of my program running)? ... was their convenient forgetting to check for overflow on this integer a deliberate mistake,
This program has performed an illegal operation and will be shut down.
OK, I'll take a few stabs at it.
It's another version of the Y2K phenomenon. The basic answer to Y2K is 99+1=00 with no excitement.
Assuming the obvious x86 binary integers, incrementing the counter is a non-problem. The problems comes when something decides it needs to get excited because adding one to a positive number created a negative number (or adding one to a positive number made a zero). What makes it hilarious is that it is the checking for overflow that causes it to bomb.
Does anyone else feel dirty after reading this?
Messing with bugs and you expect to feel clean ???
Right.
Slashdot is what it is because of what it is. No sense ruining a working formula.
The format is a link to some article (some people even follow the links;) and some editorial comment to help stir up the commentary. I suspect that most of us are here for the multi-viewpoint commentary rather than some bland digest of current "news".
But the fact that there exist a large number of compatible and incompatible licenses indicates that the state of the licensing world is broken. And there's an opportunity for the FSF to take a leadership role here. [Emphasis added]
No more broken than anytime you have two or more organizations whose aims have anything in common.
The critical distinctions are not the terms themselves, but who gets to set those terms. You will never get a "one size fits all" license.
The major players in each of the major projects will attempt, to the best of their ability, to prevent someone else from doing to themselves and to their project like SCO is trying to do to UNIX.
Apache is available for free, but everything I've seen indicates that the driving forces behind Apache are not particularly to make the best free software but to serve the interests of several of the major players for whom the development, debugging and deployment of what they need would otherwise be prohibitively expensive. Apache is free, but nothing about it is cheap.
Maybe I should be clearer: none of us care about your hobby.
Wrong.
When things go wrong and none of the exotic high-speed stuff works, the hams can and do manage to get some word out when nothing else can get anything out. I'm not talking high-speed stuff like 300 baud modems either. When the choice is between a few words and no words, a few words is much better.
Broadband over power lines? Seems like you'd have better luck with gigabit ethernet over silver-satin telephone cables.
just hope they stored it on unsigned ints ... ;)
gives a new meaning to overdrafts
Right. Essay test.
It reads a lot like an essay by someone who hasn't really read up on the subject matter and is bullshitting his way through it.
But the language won't fundamentally limit their thoughts. I'm sure you can think of times when you had an idea or an emotion that you lacked words for; if the claim in your post was true, you would not be capable of such thoughts.
Methinks the language can be and is limiting.
If you lack the words and grammar, you can have the thought but it is extremely difficult to do much more than that with it. Analysis or expression of the thought is difficult to impossible.
Language makes for a convenient labeling system, but it doesn't define your thoughts.
How do you think, except in terms of those convenient labels?
Do you really, truly believe that somebody can be colorblind just because they don't have color words more specific than "dark" and "light?"
Does a B&W photograph or television look realistic? With no words for color, no means of expressing any difference in color, the perceived differences in color just become part of the background noise.
Given a reasonable degree of flexibility in the language, it's hard to find definitive cases where the language is limiting simply because there are too many ways to route around the damage.
Last I checked, there are no verbs or nouns in C.
Operators function as verbs.
Variables and constants function as nouns.
Why do people keep associating OSS with anti-Microsoft? As I said yesterday, OSS is about choices, not about putting MS out of business. No matter how much any of us dislikes or even hates MS, that should not be what OSS is about.
Speaking for myself, there's some of us who use Microsoft and are thereby Microsoft-haters. We hang out here because it offers hope for the future. The impression I have is that for the most part, OSS simply ignores Microsoft. I know I would if I didn't have to contend with it.
I doubt we will ever see open source retail stores, hardware factories, or apartment buildings
Actually it would be very hard to find "closed source" varients of the same. Imagine that if you shop at WallMart you couln't even look at Target. Imagine you couldn't check out competing apartments to the one you live in.
As for capital intensive, seems like bridges, dams, tunnels, skyscrapers are all pretty much open source.
Basically, open source benefits the industry at maybe a bit of cost to the individual corporation whereas closed source benefits the individual corporation at the expense of the industry. If "reinventing the wheel" is perceived as a loss, closed source is a good way to ensure the perpetuity of that loss.
BTW, open source does not mean free (as in beer) or cheap. Methinks open source may actually wind up more expensive than closed because it is sufficiently more effective that things will be done using open source that would never be attempted with closed source.
Geez. I was able to follow what you said until this part. Now I'm feeling dizzy.
;-)
Tehe. It's almost impossible not to confuse ability with need.
Anyone want to bet that the number of exploited Windows security holes is NOT gonna soar?
Yeah, I'd take that bet.
For baseline, there is a trend going back to Melissa that indicates an ever increasing level of malware. "soar" is above that baseline.
The bad guys have every reason to use the newly exposed source.
The good guys have every reason to avoid the newly exposed source.
Still there should be a few cheap hacks so that my computer does what I wand it to do instead of what Microsoft wants it to do.
My best guess is that the level of malware will be slightly below the baseline.
An interesting possibility is that exposure to the source messes up the minds of the bad guys sufficiently that the level actually goes down.
The whole "Many eyes makes the problem shallow" only works if everyone is equally skilled
Totally wrong.
The advantage of many eyes is that they are different eyes. The problem is only visible if it is viewed from the right angle, in the right lighting, etc. The skill sets required to identify that a bug exists, to identify what the bug is, and to actually fix the bug are all very different.
To modify a binary, even without access to the source code for said binary, is a trivial task for anyone with a rudimentary knowledge of assembler.
And closed source makes it trivial to keep anyone else from knowing that the binary has been modified. Anyone along the line can inject a backdoor or trojan.
It will be interesting to see how Microsoft fares with some of their source gone public. There is a trend dating back to Melissa that suggests an ever increasing level of malware. My own prediction is that, with a few cheap hacks to have my computer do what I want it to do instead of what Microsoft wants it to do, the level of malware will be a tad smaller than the trend projected. That despite the fact that the bad guys have every reason to use it and the good guys have every reason to avoid it, the leaked source, I mean.
Thousands of people have used updates I've built; nobody has ever emailed to ask "who are you, and why should I trust you?"
Sure you could do something nefarious, but why would you? Seems like somehow you'd have a lot more to lose than to gain.
Since you have no control over, and not much knowledge of who downloads what when, it seems utterly fantastic that you'd use those binaries to target your enemies.
Somebody compiles his own binaries. It should be fairly normal for him to download your binaries and see how his stacks up against yours. If there's something strange about yours, he's likely to try to find out what and why and unlikely to keep quiet if he finds any evidence of something wrong.
It's not that I trust you or don't trust you. I'm sure that I can trust you a lot more than I need to trust you. If I have to ask why I should trust you then I probably should not trust you. Either way, I don't ask. If I did ask, I no idea of any answer you could give that would cause me to trust you. It's more like I'd trust you because the binaries are there than that I'd trust the binaries because I trust you.
Most days have 24 hours so 1.2kW would give 28.8kWh/day not 1.2kWh/day,
That's why serious electricians tend to avoid grounding their off hand when they're near hot wires
Right, but add feet to that.
It's hard for anything that doesn't go through you to kill you.
Completely ungrounded, hold one lead of a neon transformer in one hand and a flourescent tube in the other. You won't feel a thing, but the flourescent tube will light up.
And Linux geeks never pride themselves on rebuilding everything from the kernel up using gcc, and even if they did do that, which they don't, they'd always download an independent C compiler to build gcc first, of course... ;-)
Almost all don't. A few paranoids will. Quietly. Until they finally "find proof". And it only takes one.
Given that a source-level exploit is more likely to occur in the first place when the source is widely and anonymously available, [Emphasis added]
Point made, but methinks the realities strongly favor open source.
The NIH (Not Invented Here) syndrome is probably stronger in open source than in closed source. While I could easily fork something with my own nefarious code, or submit long anonymous patches to whoever maintains the main line, the odds are that I would be totally ignored. Seems like during the OpenSSH stuff, Debian refused to patch without first being shown the exploit.
I can anonymously get open source.
Except for making an obvious point, there is no way I can anonymously put open source anywhere that stands much of a chance of making any difference. Too many eyes. Too much suspicion.
Because the real world doesn't have bugs, right?
Hehe. The software has to work effectively in the world it finds itself in. Assuming the software is effective, it will change that world it was in and even if unbuggy in the world it was in, it will now be buggy in the world it now finds itself in.
"All programs have bugs." (with the possible exception of something by Knuth)
This is not an excuse after the fact. It is part of the design requirements. It is necessary that programs not go beserk if fed unexpected input. Execute strings as machine code if too long. Wipe out a database with a bad item description. If a few of these are "exploitable" and the the "exploits" are more spectacular than harmful, you have to wonder "who is the enemy?"
If everything goes like it's supposed to, we don't really need HAMs.
When things don't go like they're supposed to, HAMs tend to be very reaourceful and useful, even necessary.
Now, a more plausible thing would be to install Cygwin. The user won't see any difference but suddenly their computer has become a lot more useful of a platform from which to launch attacks.
Which makes me wonder why so few Linux/*BSD attacks and why they all seem to fizzle out. Not to knock Cygwin, but surely the real thing would be better.
For a site that ostensibly relays stale news, Slashdot seems to have a lot of influence. I would be greatly surprised if the Slashdot editors didn't put some planning and foresight into the placement and timing of the articles. I do know that Slashdot does seem to be the best available early warning system for Microsoft wormage. I know its saved my skin a couple of times. Reading Slashdot at work? That's a lot of what they're paying me for. (Posting inane comments? Maybe a different matter;)