In the section where I work, it's become common practice not to buy any software that does come with source.... If there's a bug, we fix it. If we need a feature, we add it. We're less dependent on third parties to complete our jobs.
Let me take a guess at the results. You are buying 3-nines software from the vendor. You are effectively using 4-nines or 5-nines software. Having the source should give you about 1 or 2 nines more reliability at a pretty cheap cost.
Or more to the point, working out ways to hide the symptoms of known security flaws..... I seem to recall from somewhere that the biggest risk to security is a false sense of security, thinking you're safe when you are not. When things look safe but are not, people tend to have bad accidents. When things look unsafe but are not quite as bad as they look, people tend to not have accidents.
relates behavior that 80 years ago would have had the Masons (if not the whole town) showing up at the perpetrator's door with firearms. And you wonder why people hate Bill Gates.....
No idea if the story is fictional or not, but if true, it would have been handled as quietly as possible and would not be in any news bulletins. Even if it didn't happen in the past, it will almost certainly happen in the future.
their ad saying that their servers stay up for days without attention. That's an acomplishment??? I'd expect a RedHat Beta to do better than that. I'd expect the kernel du'jour to do better than that. I'd expect an automated FeeBSD-Current to do better than that.
If their code does get "opened", what are the odds that someone will find a really dangerous hole and exploit it? Very high. About the same odds that someone will find a really dangerous hole and exploit it if they do not release the source. What's different is the odds of the code being corrected and the corrected code actually being installed.
As for MS witholding interfaces, please, show me where they did that.
Does this count? During his second day on the stand, Allchin conceded that Microsoft has already identified at least one protocol and two APIs that it plans to withhold from public disclosure under the security carve-out.
which interfaces were these? what did they control? How many others? No idea. That's the crux of being witheld.
Maybe some malicious underground cracker already figured out how to exploit this. You don't know. It's Security Through Obscurity, and will NEVER work. Oh, I dunno. Seems like Security through Obscurity is working for the crackers. BTW, "this" is singular. Surely you don't think there's just one?
Based on your logic we shouldn't have doors because someone will always be able to break them down. Without doors, they get in real easy, almost as easy as broken windows;)
You think the.NET standard is legally less safe to implement than, say Sun's proprietary Java
That's funny. I get my "Sun's proprietary Java" from IBM. Regardless of non-binding statements by non-principals, I would prefer to trust a pair of 2-ton-whatevers to keep each other honest.
The very idea of a standard that is not freely implementable is to be laughed at. Well, there's the standard meter. Lot's of luck freely implementing that.
Microsoft has positioned the.NET as a cross-platform runtime environment Cross-platform? Wintel-to-Wintel?
You don't have to be a *nix advocate to hate microsoft. A *nix advocate doesn't hate Microsoft, no need to. It's the Microsoft users that hate Microsoft.
How hard is it to post a story with a tacked on insult or blessing?? Not all that difficult, I'd imagine. Its what starts the commentary that follows, which is what we readers and commenters are really after.
If it takes splitting hairs to get the scopes right, then better split hairs. char* foo, bar; looks like: (char*) ((foo),( bar)); behaves like: (char)((* foo),( bar));
I think OpenBSD would be much better off providing ISO images for download. They don't. They have their own (I'd say little, but it's not that little) system going that they're kind enough (and that's not exactly accurate either) to let us outsiders enjoy. It's not exactly a Private Club, but it has a lot of that feel, and a rather exclusive club at that.
surely you need relativistic mechanics to describe the orbits themselves As I vaguely recall from a physics course long long ago, Newton's equations are not wrong. There is a derivative term that everyone assumes is a constant, but written as a derivative, which is not constant under relativistic effects. Written properly, Maxwell's equations would be still be valid with relativistic effects. Classical mechanics is just a simplification of relativistic mechanics.
They put out a lot of RF garbage. IIRC there was an early mainframe that was put out of action by a florescent fixture. Keyboard or mouse most likely gets a signal that gooses the computer.
Analogies are dangerous, but consider a tail light assembly. Other than something like a bumber clamp-on type of thingee, you have almost no chance of being able to reuse it from one model of car to another. Your manager is right in no time being spent on making the code reuseable. It is worthwhile making the code a bit more general than necessary, but the crux is in making the code match the edge conditions that exist in the customer's requirements. That makes little subtle distinctions that do NOT transfer well.
M$ has a way of setting standards even if they are crap. Gotta quibble about the word "even". Microsoft software is designed so that someone who doesn't know what they are doing can produce something that looks good, at least until you start to examine it closely. Essentially, Microsoft makes mediocrity an aspiration.
I'm afraid I don't buy that theory. It seems to say that evolutionary innovation only occurs in small, isolated groups. The fact is, the innovations the isolated group develop would be more likely to occur in the larger group where they would be quickly quashed by the vast majority. Almost all changes will be debilitating instead of strengthening. The odds of making enough changes to go through a valley to a different peak are likely much better in a small isolated group, struggling to find an identity as which it can survive. In parallel, the large group will develop a pool of mostly recessive characteristics which may allow some of its members to survive an evolutionary crisis. In any event, you would most likely miss evolution in progress even if you were looking right at it.
Slashdot Mirror
In the section where I work, it's become common practice not to buy any software that does come with source. ... If there's a bug, we fix it. If we need a feature, we add it. We're less dependent on third parties to complete our jobs.
Let me take a guess at the results. You are buying 3-nines software from the vendor. You are effectively using 4-nines or 5-nines software. Having the source should give you about 1 or 2 nines more reliability at a pretty cheap cost.
Or more to the point, working out ways to hide the symptoms of known security flaws.....
I seem to recall from somewhere that the biggest risk to security is a false sense of security, thinking you're safe when you are not. When things look safe but are not, people tend to have bad accidents. When things look unsafe but are not quite as bad as they look, people tend to not have accidents.
It really gets to be fun if you have spies doing the BSA audits.
Microsoft being wrong does not imply that everybody else is right.
Occasionally Microsoft comes up against something even more wrong.
relates behavior that 80 years ago would have had the Masons (if not the whole town) showing up at the perpetrator's door with firearms. .....
And you wonder why people hate Bill Gates
No idea if the story is fictional or not, but if true, it would have been handled as quietly as possible and would not be in any news bulletins. Even if it didn't happen in the past, it will almost certainly happen in the future.
Oh, it's not your English. It's that everybody seems to be assuming that there's only ONE of them and fixing that one will solve everything.
their ad saying that their servers stay up for days without attention.
That's an acomplishment???
I'd expect a RedHat Beta to do better than that.
I'd expect the kernel du'jour to do better than that.
I'd expect an automated FeeBSD-Current to do better than that.
If their code does get "opened", what are the odds that someone will find a really dangerous hole and exploit it?
Very high. About the same odds that someone will find a really dangerous hole and exploit it if they do not release the source.
What's different is the odds of the code being corrected and the corrected code actually being installed.
As for MS witholding interfaces, please, show me where they did that.
Does this count?
During his second day on the stand, Allchin conceded that Microsoft has already identified at least one protocol and two APIs that it plans to withhold from public disclosure under the security carve-out.
which interfaces were these? what did they control?
How many others?
No idea. That's the crux of being witheld.
Maybe some malicious underground cracker already figured out how to exploit this. You don't know. It's Security Through Obscurity, and will NEVER work.
Oh, I dunno. Seems like Security through Obscurity is working for the crackers.
BTW, "this" is singular. Surely you don't think there's just one?
Based on your logic we shouldn't have doors because someone will always be able to break them down.
Without doors, they get in real easy, almost as easy as broken windows;)
Why on earth does this guy call "violating security" of web services "hacking?"
Because it's so much easier than actually fixing anything.
You think the .NET standard is legally less safe to implement than, say Sun's proprietary Java
.NET as a cross-platform runtime environment
That's funny. I get my "Sun's proprietary Java" from IBM.
Regardless of non-binding statements by non-principals, I would prefer to trust a pair of 2-ton-whatevers to keep each other honest.
The very idea of a standard that is not freely implementable is to be laughed at.
Well, there's the standard meter. Lot's of luck freely implementing that.
Microsoft has positioned the
Cross-platform? Wintel-to-Wintel?
You don't have to be a *nix advocate to hate microsoft.
A *nix advocate doesn't hate Microsoft, no need to. It's the Microsoft users that hate Microsoft.
How hard is it to post a story with a tacked on insult or blessing??
Not all that difficult, I'd imagine. Its what starts the commentary that follows, which is what we readers and commenters are really after.
If it takes splitting hairs to get the scopes right, then better split hairs.
char* foo, bar;
looks like: (char*) ((foo),( bar));
behaves like: (char)((* foo),( bar));
You get the same effect from:
y = x * a+b;
I think OpenBSD would be much better off providing ISO images for download.
They don't. They have their own (I'd say little, but it's not that little) system going that they're kind enough (and that's not exactly accurate either) to let us outsiders enjoy. It's not exactly a Private Club, but it has a lot of that feel, and a rather exclusive club at that.
surely you need relativistic mechanics to describe the orbits themselves
As I vaguely recall from a physics course long long ago, Newton's equations are not wrong. There is a derivative term that everyone assumes is a constant, but written as a derivative, which is not constant under relativistic effects. Written properly, Maxwell's equations would be still be valid with relativistic effects. Classical mechanics is just a simplification of relativistic mechanics.
my opinion of the world at large isn't high enough for me really to be interested in what they have to say
Now, if that's not a bad attitude I don't know what is.
The opinion that counts is his own opinion of himself. He does not put himself at the mercy of the opinions of the twerps.
Hehe, Mickey Mouse doomed to the ashcan of history, as if he had never existed.
They put out a lot of RF garbage. IIRC there was an early mainframe that was put out of action by a florescent fixture. Keyboard or mouse most likely gets a signal that gooses the computer.
Analogies are dangerous, but consider a tail light assembly. Other than something like a bumber clamp-on type of thingee, you have almost no chance of being able to reuse it from one model of car to another. Your manager is right in no time being spent on making the code reuseable. It is worthwhile making the code a bit more general than necessary, but the crux is in making the code match the edge conditions that exist in the customer's requirements. That makes little subtle distinctions that do NOT transfer well.
There are risks from:
knowns
unknowns
unknown unknowns.
It's pretty hard to get competence and expertise for the "unk-unk"s.
Feed a GNU utility something you shouldn't be feeding it and if it barfs the wrong way, fix the utility so it doesn't go ape over small problems.
M$ has a way of setting standards even if they are crap.
Gotta quibble about the word "even".
Microsoft software is designed so that someone who doesn't know what they are doing can produce something that looks good, at least until you start to examine it closely. Essentially, Microsoft makes mediocrity an aspiration.
I'm afraid I don't buy that theory. It seems to say that evolutionary innovation only occurs in small, isolated groups. The fact is, the innovations the isolated group develop would be more likely to occur in the larger group where they would be quickly quashed by the vast majority.
Almost all changes will be debilitating instead of strengthening. The odds of making enough changes to go through a valley to a different peak are likely much better in a small isolated group, struggling to find an identity as which it can survive. In parallel, the large group will develop a pool of mostly recessive characteristics which may allow some of its members to survive an evolutionary crisis. In any event, you would most likely miss evolution in progress even if you were looking right at it.