There may be some prior art. Some seriously prior art.
The client system is a VT-series dumb terminal. The single action is the act of logging in (not one click, but still...work with me here). The additional information previously stored is the/etc/passwd file and various other sysadminly trivia.
The product? CPU cycles. Remember when you had to pay by the clock for mainframe use?
Pointy Haired Boss. If you read Dilbert, a PHB is somebody like Dilbert's boss. If you don't, read on...
In the Dilbert comic strip, Dilbert's boss is never named, but often referred to as "the boss". He has receding-hairline baldness so that he has a horseshoe of hair, and that is pointed on both sides. If I remember correctly, Scott Adams (who writes Dilbert) said once that he more or less used it to symbolize Satan's horns.
You must understand two things about Dilbert's boss: he is overbearing, and he is completely incompetent. Worse than Homer Simpson (indeed, this is possible).
Thus, by extension, a PHB is any clueless supervisor. Not all managers are PHBs (though others may disagree with me on that one), but there are a lot of them out there.
I doubt that such a study has been conducted. The first problem with this is indeed defining the PHB. Egad, if you could do that you could actually launch PHB pogroms and purge your company of idiots.
As far as why PHBs get hired and why companies survive with PHBs in them, let's just say that corporate America is not as Darwinistic as it is cracked up to be--especially in tech firms.
Tech firms have what I call the Gorilla Effect to deal with. The Gorilla Effect is both the reason that Microsoft makes so much money and the reason that Linux is catching up to it in many ways.
The Gorilla Effect is: In a set of competing communities, the largest will gain size, even at the expense of smaller ones, regardless all but the most blatant discrepancies in quality of the technology holding the communities together..
This keeps Microsoft afloat because they sell more community than software. I am running Windows both at work and at home. IMHO, it stinks. But it lets me interact with a large community of software developers (mostly by purchasing their wares). I use Windows because it's the only way to run the software I want to run, because it lets me interact with a big enough community to meet certain of my needs.
This used to work against Linux, but Linux has gotten to the point this year where it is actually riding the effect. Linux is actually having a field day with the Gorilla Effect because it is open source. Closed source software improves at a rate only slightly related to the user base (popular code allows the vendor to hire more engineers), but open source software improves at a rate highly related to the size of the user base. This will allow Linux to meet that "most blatant difference" test, likely in the next year or two.
Why do PHBs get hired? Often, a person looks a lot different to his superordinates than to his subordinates. Often, superordinates and subordinates use two different yardsticks.
Again, this is rampant in tech firms. Superordinates see a manager who is using classical MBA-style management theory--that is, going by the book. A lot of this theory is built upon assumptions that don't jibe with the tech industry. Creative professionals (software engineers, musicians, actors/actresses) simply do not respond well to the MBA textbooks built to manage steelworkers and retail clerks.
Secondly, never underestimate the power of bull-slinging. Managers can often get away with several forms of lying--straight out, legalistic (a la Clinton and Gates), and the ever-popular lying by bamboozlement (string enough long words together, and people won't admit that they have no clue what you're saying). They can get away with this because their world is further from reality. The job of a manager is, quite literally, to stay a step back from reality. Theirs is not to actually do the company's business, but to motivate, assist, and coordinate others who actually do the company's business.
Individual contributors (ICs, basically everybody but the managers) immediately get burned by Real World effects: if the cash drawer doesn't add up, the donuts not made, the bridge not sturdy, the software buggy--they feel the consequences right quick. Such consequences get filtered through individual contributors before getting to managers at all.
Honestly dealing with reality is not a moral superiority of the individual contributor over the manager, but a matter of practicality. It simply hurts more to be a pointy-haired IC than a pointy-haired boss.
Finally, few PHBs get sent to the can-o-matic because relatively few idiots at all get sent to the can-o-matic. In my world at least, firing is pretty rare. Layoffs are less rare, but they are almost by definition not merit-based, so they aren't good for ditching the idiot. Frankly, firing people can open you up to legal action (so can breathing--don't get me started). In many European countries, it is even harder to actually fire people.
I'm not sure that defensive patenting is a better legal defense than prior art. If somebody patented the use of the middle mouse button, and then threatened to sue, it seems to me that the best defense would be pointing to X (the windowing system). I can personally vouch that it has been using the middle button since 1989 (when first I met X)--and that's enough to get the new patent to fail the "novel" test.
Of course he belives that. He has every right to claim that. For better or worse, MS did bring computing to the masses. Something that Unix vendors were unable to do for almost 20 years.
Unix were unable to bring computing to the masses for about the same reason that the Ford Motor Company was unable to bring computing to the masses: neither body thought that it was their problem. And in both cases, they were right.
Back in the day, when the 8-bits were ruling the home computing world (Commodore Vic-20/C-64, Atari 4/800, Apple ][), IBM brought something resembling a real machine to a price where you could put it on your desktop. The real innovation was the actual PC hardware, the BIOS, the 8-bit bus and 16-bit processor.
Gates' contribution to this was to "sell" IBM a kludgy old CP/M clone of an OS to run on it.
What would have happened if Gates never showed up? IBM would have found, or built, another OS. Remember, this was the day when the OS was a BASIC interpreter hardcoded into ROM. It would have worked.
What would have happened if IBM never tried a PC platform? Popular 16-bit desktop computing would be seriously delayed. Maybe the Amiga would be the machine of choice. Maybe Apple would have made the Macintosh without the PC to spurn them on. I'm not saying that we'd be stuck with 8-bits today (I seriously doubt that), but Microsoft merely went along for the ride at the beginning.
What has Microsoft brought to the masses? Not innovation, but standardization. He helps you go through the vast array of choices: why look at all those word processors, when Microsoft sells one?
Standardization is a Good Thing in a lot of ways, but has dangers associated with it. Standardizing on mediocrity prevents you from improving. IMHO, the price for Microsoft's standardization is horrible--that is, it literally evokes horror.
This reminds me of a dangerous surfing expidition I did a few years back. I went to ANSI for the sheer Hell of it. I was amazed to find that they had a mission statement. This is ANSI, an organization that is standards--the department of useful boredom. And they have a mission statement.
I click on the hotlink, and find that their mission statement is served up as a PowerPoint file.
Just because Microsoft is commercial and closed does not mean that they do not offer viable solutions. A lot of companies are like this, and provide viable closed-source solutions. That is not the point.
Because Microsoft is a monopoly (whether you believe in antitrust legislation or not, MS is a monopoly), they can thrive by not offering viable solutions. Frankly, they can and do ram garbage down our throats and make money. This is an abuse of capitalism, it is damage to the software and online industries, and that is the problem.
Microsoft is currently the company exploiting this problem; it usurped the throne from IBM. If Microsoft folded and nothing else changed, another company would likely take Microsoft's place as monopolistic vendor of garbage you must buy anyhow. Indeed, Larry Ellison of Oracle considers himself heir apparent.
Often, people will confuse Microsoft's current position with the company itself; it is certainly easy to equate the two. IMHO, a true open-sourcer wants to see Microsoft forced to play fair, not necessarily eliminated. Then again, it is unclear whether Microsoft can survive in such a competitive environment, forcing it to play fair may destroy it. That is not the aim, however.
It is not enough for Linux to work very well. The utility of a piece of software is directly related to the size of the community that it allows you to connect with. That is, mindshare is key. Linux would be relatively useless if it only had fifty users.
Linux is anti-Microsoft in one very important way: Microsoft is at competitive war with Linux. Microsoft perceives (rightly so) Linux to be a threat to Windows mindshare, and are taking action to destroy the power of Linux to take mindshare away from Windows. They are attempting destroy the mindshare because they currently do not see a way to destroy the actual code (hard to do in the OSS world).
Linux and Microsoft are competing for the same scarce resource: would-be users and developers. Thus, Microsoft and Linux are at war.
A lot of manufacturers won't sell their products direct to the customer for a couple of reasons.
First off, manufacturers like Victoriknox have geared themselves up to selling knives by the crate to thousands of customers, not by the unit to millions of customers. They aren't geared to end-customer retail, and would lose money setting themselves up for this sort of thing.
Secondly, manufacturers would usually piss off their channels by selling direct. If I were selling Victorinox knives retail, I would be peeved to find myself in direct competition with Victorinox itself!
That being said, it would make a hell of a lot of sense for them to link you to both online and brick-and-mortar retailers. It makes their channels happy, sells more knives, and is a lot cheaper for Victorinox than setting up their own international retail operation.
Imagine if the net had existed during the McCarthy era in the U.S. A lot of the people making leftist comments about software development could be in for investigation. And having *lots* of trouble getting work.
Yes, imagine the intersection of McCarthyism and the Internet. Frankly, I think that the Internet would have killed McCarthyism a lot faster than it was killed in real life.
Paranoia and authoritarianism is fueled by centralized control of the media. Whenever you see a highly centralized, oppressive government, you always see two things: state-controlled mass media and its opposition, guerilla media/pirate radio.
The Internet is guerilla media in ways that pirate radio can't dream of. Knowledge is power, and nobody should know that better than IT crew. The Internet diversifies the balance of power, making it hard for any one entity to take command.
Can the majority use the Internet to find and persecute the minority? Yes. If Microsoft wants to compile an enemies list, for example, it could do little better than get the active roster of Slashdot users. But on the other hand, the minority can use the Internet to band together. Divide-and-conquer tactics tend to fail against a wired population.
William Gibson described the Sprawl in Neuromancer as "a sick sociological experiment with somebody's finger permanently on the fast-forward button" (approximate quote; I don't have the text with me). One neat thing about the Internet is that it speeds up human interaction. Like biologists use fast-reproducing animals like insects to learn about genetics, we can use the Internet to learn about sociology.
The lesson learned here, as I have seen it: It is easier and better to do the Right Thing in the first place, rather than figure out where to hide the bodies later.
As people, we would often rather be crafty and sneaky than do the simple (and hard) Right Thing. It burns you in code. It burns you in life.
Consider Jane's guides to be similar to SANTA/SATAN. Both are publicly available. Both contain expertise usable to attack somebody. Because of this, both are actually more useful to defenders than attackers.
In the world of online security, it is better to have a publicly known weakness then to hide the weakness. If the weakness is hidden, then the Bad Guys share it among themselves and we don't know. If the weakness is known, we can post the moral equivalent of guards until somebody fixes the weakness.
Something like this should end up on sysadmins' desks pronto: they are our first defense against cyberterrorism. Fortunately, we here at Slashdot heard about it before publishing, and that means that a lot of sysadmins will know about this and be ready for it.
For anyone working at Jane's, I suggest that this article be target marketed to sysadmins. This would be a service to those people who keep our systems secure. This also would also increase circulation: rather than being targeted at a centralized military market, this is targeted at a decentralized computer security market. Unlike other forms of attack, this one cannot be defended by the military: cyberterrorism is best fought by a networked militia of private citizens and organizations.
I am not a fan of using lawyers to resolve differences (in the US, we tend to think of them as first resort rather than last resort), but I think that this is the place for them.
Microsoft is not only contradicting itself, but is contradicting itself in two realms where it is illegal to lie. Lying in court is called perjury. Lying about the capabilities of one's own product is called false advertisement. Lying about the capabilities of someone else's product is called slander.
Red Hat has a large amount of money right now, having just gone IPO. People are still trying to figure out what RH is going to do with this. Obviously, a lot of it is going to promote Linux in its entirety (it seems that Linux companies find it more profitable to grow a bigger Linux pie than to fight over one's piece of that pie).
I am not saying this out of any real or perceived "duty" on the part of RH, but from a Red Hat profit/loss perspective. Is it worth it to Red Hat to move some of their marketing budget over to legal to take some of Microsoft's more obviously false claims and ram said claims down their throat? That is, sue for slander, charging for legal expenses and a reasonable award of lost business (not a huge money amount). And the important part: do not settle.
While this sounds like a lot of fun, this may also be good marketing. If you can win a slander lawsuit in court, you force Microsoft to retract the statement, and can use the counter-statement (a matter of public record) in marketing.
There has been a big stink on either side about Microsoft and the law. The lawsuits tend to be about antitrust law or IP. To Microsoft's advantage, both pieces of legislation are themselves contraversial: some of us don't believe that the laws being applied should even be on the books, regardless of what Microsoft is doing with regards to these laws.
Slander suits are a beautiful way to sidestep this and to fight legal battles on much firmer ground. After all, who opposes anti-slander legislation?
Just imagine what would happen to the software industry, and especially the Linux industry, if we could just keep Microsoft from lying.
As typical free software false prophets (the same people who were praising Bill Gates three years ago, and who will happily follow corporate marketing to idolize Sun three years from now) you have the usual naive view that the world's software can be developed by a bunch of hackers sitting at home and writing code.
Praising Gates three years ago? Not I. Not since Win 3.1. Not since DOS 6.0.
Per the world's software developed by a bunch of hackers sitting at home and writing code: the fact is, we have proof. Even if we couldn't tell you why it happens (and ESR does a good explanation), we can show you that it does happen.
No one seems to consider that free software constantly plays a game of catch-up, and why is that? Because research and development (not cloning) costs money.
Perl. Emacs. Sendmail. Apache.
All best-in-class, or only-in-class, applications. All open source. I'm sure/. can come up with a host that I missed.
So Microsoft gives MIT a pile of money and says, "Go play." Good.
No, Microsoft gives MIT a pile of money and says "Install our stuff everywhere". Drug dealer marketing--the first one is free.
The money has to come from somewhere -- and I don't see VA Linux, RedHat, or any of Slashdot's favorite companies making any donations.
Those shops, by their very nature, donate code to everybody. Code can help you learn to program. Money rarely does.
First big shots like Ted Turner blast Gates for not being philantropic enough. Now, M$ decides to actually GIVE SOMETHING BACK to society, and we're railing against it. C'mon now. If it were Apple or Red Hat, I suspect folks would be cheering.
This is not philantrophy. This is drug-dealer marketing.
Look what is being given. Windows, and money. And you have to take the Windows to get the money. The last sime I saw somebody pay to give something to somebody else, it was hazmat.
If Microsoft made a simple grant, that would be philantrophy. But instead, they attached all these strings--Windows gets to infiltrate.
Is the dealer down the corner being philantrophic by giving away packets of crack to newcomers? No, he knows that this is how you get and retain paying customers (i.e. junkies).
Watch what Microsoft gives away. It often "contributes" huge amounts of resources for a project--in the form of software. Software which costs Microsoft nothing except the media costs. And while there is an opportunity cost associated with it (that is, it keeps them from charging license fees), this is outstripped by the licenses bought by those who get hooked on Windows early.
This wasn't even a remotely valid security test, so who the heck cares about the details?
The people who don't know that it is an invalid security test cares about the details.
Time and again, some magazine, company, or other shows NT's supposed improvements over Linux. Then somebody notices how the "test" was intentionally or unintentionally rigged. While this is great for the Slashdot community, this is the sort of stuff that needs to be seen by those who make the buy decisions.
Now that you know, you can argue this where you work or learn; when somebody points to this test as a reason to install NT at your site, you have an effective counterargument--and URLs to back it up.
I remember the backlash. I had a cousin that wanted to get into RPGs, but his father had bought into the D&D-is-Satanism. So I got him Palladium's Robotech RPG. Somehow, transforming jet plains and giant space aliens works.
Personal disclosure: I work at a facility that could, at worst, cause a lot of financial havoc if compromised. I am also partially responsible for security at this facility, particularly the ability to securely connect to other facilities (AKA public-key crypto). No, I am not a cryptographer or anything similar; I just know how to use the software available.
If you are really going to crack a facility, you can often do so from the inside. The most important skill needed to compromise such a facility is "social engineering"; basically the ability to lie through your teeth to other people. This sort of thing can get you inside your target's security with no computer skill whatsoever, and then you only need the skills required to cause the computers to do whatever it is you want them to do.
Let me list a few SE gambits. The first, which takes a bit of time but is usually safest, is to get yourself hired. You will need some computer skill even to do an attack from the inside, and that skill will get you hired in America's techie-hungry job market. This gives you building access and a computer account. If you have sysadmin skills, all the better: you will get a root password, the equivalent to an all-access pass.
The second gambit is simply to sneak into the physical facility in broad daylight, by pretending that you belong there. Low-security facilities may use badge-locking, but often one employee will hold the door open for someone who forgot their badge. Just about any facility will let people in if the security is lax at all. I remember a story (verified) about someone showing up at a 20-person company dressed as a delivery person. People let him in and out, and he made several trips carrying boxed printers out every time.
Another gambit that someone could try with enough time would be to infiltrate the development branch of a commercial security software company (or better yet, get a few terrorists together and form one), and put a back door into the software. The facility is rare that fails to trust shrink-wrapped software. If the software is a hit, you can hit multiple targets at will without anyone putting the pieces together.
Hopefully, the above tactics would not work in places like military facilities or nuclear plants, where paranoia should be a way of life. However, a creative mind can cause a lot of damage by infiltrating a facility not known for its paranoia. Hospitals and food-processing plants would likely be prime targets. Such attacks would not necessarily be "real" terrorism, but would look a lot like accidents (until, of course, somebody claimed responsibility for them).
All these people want is to be able to do thier jobs without a big ritual or having to take a weeks worth of training for the latest-greatest. Sure new way the speed up a repetative task is great and they go for it.
I think alot of software companies have missed the boat with the average home user:
If it's too complicated, they won't use it.
I'm not saying that they're dumb, they just have better things to do with thier lives than deal with something that's too hard to use.
Amen to that, brother.
I am a programmer, and I do a decent amount of word processing to document what I do (because I'm lazy, in the Larry Wall sense). I have Word (corporate standard, not my idea). I can keep 10 KLOC of Perl in my head. I am not just a luser.
I can't get Word to do what I want it to do. There is simply too many possibilities, too many ways to screw up.
Where's SpeedScript when I need it? Where's LaTeX?
Frankly, when I see a Windows app crash, I can't tell whether it is the fault of the app or the underlying OS. And if it's the latter, what chance do I have of getting that fixed?
I tried Windows programming back in the mid-90s (I am a dyed-in-the-wool Unix programmer). I gave up because, unlike Unix, I couldn't tell my bugs from Bill's bugs. And if you don't have confidence that your code has your bug, how can you reasonably debug?
In personal computing, this causes a lot of finger-pointing. I can't take responsibility for any Windows software I ship because I can't guarantee you that my code won't break Windows. I can pretty much guarantee that my code won't break Unix or Linux. If my code does break Unix, I can show the vendor what I did and show them a Unix bug--Unix is not supposed to allow mere apps to break it. If my code breaks Linux, I can hire someone to see how and fix Linux!
It's this sort of thing that prevents customers from expecting their software to work first time, every time. Even the most clueless of newbies realize that Windows is not a rock-solid platform.
No. Linux kernel 2.2 has *12* patches. 2.2 is (supposedly) the "stable" branch. 12 patches to a stable branch in less than a year???? And this is somehow "more stable" than Windows NT which had had five in the course of five years?? Please explain, I must be missing something.
It makes no sense to measure reliability in numbers of patch releases, especially when comparing proprietary with open source software. How much is fixed in which patch? Remember that open source software makes orders of magnitude more releases than closed source software, by design and for those who want it. Linux has distributions so that end users don't have to deal with the pitter-patter of little releases.
Look, I'm a full time EE and I work upteen hours every week. If you think I have time to fart around with buggy, unreliable software like Linux and its ilk and submit my patches you are dead wrong.
If you don't have the time to fart around with Linux, what do you have the time to fart around with? I'm not ready to say that Linux is the most reliable OS around, but I am ready to say that it is in the upper echelon. That is, other OSs may be more reliable than Linux, but it seems that nothing short of mainframe-style enterprise OSs is much more reliable than Linux.
If you're talking about enterprise-level systems like big-assed financial mainframes, I agree. You don't have the time to fumble with Linux--it's not built for the Big Guys (for that matter, neither is Unix). If you're dealing with Unix-sized problems or smaller, Linux is about as reliable as you're going to get.
At my network shop, we have three platforms: Solaris/Sparc, Linux/Intel, and NT/Intel. From our experience, Linux/Intel is about as reliable as Solaris, and much more reliable than NT. IMHO, Solaris is the Unix benchmark, so Linux is beautifully reliable for the types of jobs it takes a Unix box for.
Agreed. Frankly, a lot of software development problems can be tracked down to management without accounting.
Here is what I mean. Software development is usually a troika of marketing, QA and development. The marketing department wants the world--today. Hey, who doesn't? QA wants the most bug-free code possible. Hey, who doesn't? Development wants to build the coolest code possible and thus impress their friends. Hey, who doesn't?
Often, marketing is put in charge of the development process. Thus, they can ask for all those features without slipping the schedule. And here's the catch--if it bombs due to bugs, they can blame development and QA. In this realm, Marketing has great power without great responsibility. Basically, they never have a reason to slip the ship date.
Now this isn't a problem with Marketing. They are doing what they were hired for. They are just given the go/no-go decision without the responsiblity of failure.
For better software, make sure that the people that make the shipping decisions have full profit/loss responsibility. This may or may not be the responsibility of marketing. This is not the responsibility of QA or development, because their skillsets are more technical than business.
In the best of all possible worlds, there is a project manager with profit/loss responsibility, and said manager feels the pain of both late ships and buggy ships. Marketing reports to PM with what needs to be done to sell product. Development reports to PM with what they need to get the job done, and the current state of progress. QA reports to PM with the current stability of the product. Only the PM controls the schedule and makes the decision to ship.
This deals with one cause of buggy software--marketing push. What this doesn't deal with is the "first mover effect"--the idea that the first to market wins over the second-comer with more featureful or stable software. If you believe in the first mover effect (I do), then you believe that it makes business sense to ship buggy software--that you lose money waiting to fix bugs.
The first mover effect is a combination of two things. The first is that the consumer wants it. After all the marketing hype, people don't line up at midnight to get the first copy of a new software package unless they want the software. This sounds like blaming the customer, but think about it. If the customers buy early software more than they buy stable software, is that not telling us that the customer prefers the fast, buggy software, and that we should comply to the customers' wishes?
Un(?)fortunately, it isn't quite that simple. The other half of the first mover effect is what used to be called "connecter wars". The principle of connecter wars is that the first mover gets to set the proprietary standard and thus the community. Remember that in a lot of cases, the value of the software is directly related to the size of community it lets you interact with. For example, people buy MS Office so that they can exchange documents with other MS Office users. The second mover forces the customer to choose between (possibly) better software and the community of the older software.
Which brings us back to the obligatory Slashdot reference to Open Source software. The First Mover effect gets mightily morphed by OSS. The second mover can join the first mover's community, because the comm protocols are in visible code and thus snarfable. Better yet, the second mover can simply add their "better code" to the first mover's effort. Yet another reason that open source code tends to have fewer bugs than closed source code: "ship first" is no longer the imperative.
No matter how much we scream and holler that hacker != cracker, the common perception is that hacker == cracker.
I'm not so sure about that. AFAIK, there are two distinct groups in the minds of most Americans. There are those who know their way around computers, and there are those who know how to break into computers. They even understand that those in the former group often have the skills of the second.
We call the former "hackers" and the latter "crackers". Most people call the former "techies" or "computer whizzes" and the latter "hackers".
My take on this is that the DOJ is trying to say that the online world is a dangerous place. IMHO, it is, and it is much more dangerous than it was when I was posting on C-128 bboards in the 70s and 80s.
From what I read in the article, McGruff is more interested in keeping kids safe when they play on computers than in keeping them from learning about them. More than anything, this sounds like the computer equivalent of "How to walk around town without getting run over by cars."
Slashdot Mirror
The client system is a VT-series dumb terminal. The single action is the act of logging in (not one click, but still...work with me here). The additional information previously stored is the /etc/passwd file and various other sysadminly trivia.
The product? CPU cycles. Remember when you had to pay by the clock for mainframe use?
In the Dilbert comic strip, Dilbert's boss is never named, but often referred to as "the boss". He has receding-hairline baldness so that he has a horseshoe of hair, and that is pointed on both sides. If I remember correctly, Scott Adams (who writes Dilbert) said once that he more or less used it to symbolize Satan's horns.
You must understand two things about Dilbert's boss: he is overbearing, and he is completely incompetent. Worse than Homer Simpson (indeed, this is possible).
Thus, by extension, a PHB is any clueless supervisor. Not all managers are PHBs (though others may disagree with me on that one), but there are a lot of them out there.
As far as why PHBs get hired and why companies survive with PHBs in them, let's just say that corporate America is not as Darwinistic as it is cracked up to be--especially in tech firms.
Tech firms have what I call the Gorilla Effect to deal with. The Gorilla Effect is both the reason that Microsoft makes so much money and the reason that Linux is catching up to it in many ways.
The Gorilla Effect is: In a set of competing communities, the largest will gain size, even at the expense of smaller ones, regardless all but the most blatant discrepancies in quality of the technology holding the communities together..
This keeps Microsoft afloat because they sell more community than software. I am running Windows both at work and at home. IMHO, it stinks. But it lets me interact with a large community of software developers (mostly by purchasing their wares). I use Windows because it's the only way to run the software I want to run, because it lets me interact with a big enough community to meet certain of my needs.
This used to work against Linux, but Linux has gotten to the point this year where it is actually riding the effect. Linux is actually having a field day with the Gorilla Effect because it is open source. Closed source software improves at a rate only slightly related to the user base (popular code allows the vendor to hire more engineers), but open source software improves at a rate highly related to the size of the user base. This will allow Linux to meet that "most blatant difference" test, likely in the next year or two.
Why do PHBs get hired? Often, a person looks a lot different to his superordinates than to his subordinates. Often, superordinates and subordinates use two different yardsticks.
Again, this is rampant in tech firms. Superordinates see a manager who is using classical MBA-style management theory--that is, going by the book. A lot of this theory is built upon assumptions that don't jibe with the tech industry. Creative professionals (software engineers, musicians, actors/actresses) simply do not respond well to the MBA textbooks built to manage steelworkers and retail clerks.
Secondly, never underestimate the power of bull-slinging. Managers can often get away with several forms of lying--straight out, legalistic (a la Clinton and Gates), and the ever-popular lying by bamboozlement (string enough long words together, and people won't admit that they have no clue what you're saying). They can get away with this because their world is further from reality. The job of a manager is, quite literally, to stay a step back from reality. Theirs is not to actually do the company's business, but to motivate, assist, and coordinate others who actually do the company's business.
Individual contributors (ICs, basically everybody but the managers) immediately get burned by Real World effects: if the cash drawer doesn't add up, the donuts not made, the bridge not sturdy, the software buggy--they feel the consequences right quick. Such consequences get filtered through individual contributors before getting to managers at all.
Honestly dealing with reality is not a moral superiority of the individual contributor over the manager, but a matter of practicality. It simply hurts more to be a pointy-haired IC than a pointy-haired boss.
Finally, few PHBs get sent to the can-o-matic because relatively few idiots at all get sent to the can-o-matic. In my world at least, firing is pretty rare. Layoffs are less rare, but they are almost by definition not merit-based, so they aren't good for ditching the idiot. Frankly, firing people can open you up to legal action (so can breathing--don't get me started). In many European countries, it is even harder to actually fire people.
I'm not sure that defensive patenting is a better legal defense than prior art. If somebody patented the use of the middle mouse button, and then threatened to sue, it seems to me that the best defense would be pointing to X (the windowing system). I can personally vouch that it has been using the middle button since 1989 (when first I met X)--and that's enough to get the new patent to fail the "novel" test.
Unix were unable to bring computing to the masses for about the same reason that the Ford Motor Company was unable to bring computing to the masses: neither body thought that it was their problem. And in both cases, they were right.
Back in the day, when the 8-bits were ruling the home computing world (Commodore Vic-20/C-64, Atari 4/800, Apple ][), IBM brought something resembling a real machine to a price where you could put it on your desktop. The real innovation was the actual PC hardware, the BIOS, the 8-bit bus and 16-bit processor.
Gates' contribution to this was to "sell" IBM a kludgy old CP/M clone of an OS to run on it.
What would have happened if Gates never showed up? IBM would have found, or built, another OS. Remember, this was the day when the OS was a BASIC interpreter hardcoded into ROM. It would have worked.
What would have happened if IBM never tried a PC platform? Popular 16-bit desktop computing would be seriously delayed. Maybe the Amiga would be the machine of choice. Maybe Apple would have made the Macintosh without the PC to spurn them on. I'm not saying that we'd be stuck with 8-bits today (I seriously doubt that), but Microsoft merely went along for the ride at the beginning.
What has Microsoft brought to the masses? Not innovation, but standardization. He helps you go through the vast array of choices: why look at all those word processors, when Microsoft sells one?
Standardization is a Good Thing in a lot of ways, but has dangers associated with it. Standardizing on mediocrity prevents you from improving. IMHO, the price for Microsoft's standardization is horrible--that is, it literally evokes horror.
I click on the hotlink, and find that their mission statement is served up as a PowerPoint file.
I guess PowerPoint is an ANSI standard, then.
Ditch the "yst" part...
Because Microsoft is a monopoly (whether you believe in antitrust legislation or not, MS is a monopoly), they can thrive by not offering viable solutions. Frankly, they can and do ram garbage down our throats and make money. This is an abuse of capitalism, it is damage to the software and online industries, and that is the problem.
Microsoft is currently the company exploiting this problem; it usurped the throne from IBM. If Microsoft folded and nothing else changed, another company would likely take Microsoft's place as monopolistic vendor of garbage you must buy anyhow. Indeed, Larry Ellison of Oracle considers himself heir apparent.
Often, people will confuse Microsoft's current position with the company itself; it is certainly easy to equate the two. IMHO, a true open-sourcer wants to see Microsoft forced to play fair, not necessarily eliminated. Then again, it is unclear whether Microsoft can survive in such a competitive environment, forcing it to play fair may destroy it. That is not the aim, however.
It is not enough for Linux to work very well. The utility of a piece of software is directly related to the size of the community that it allows you to connect with. That is, mindshare is key. Linux would be relatively useless if it only had fifty users.
Linux is anti-Microsoft in one very important way: Microsoft is at competitive war with Linux. Microsoft perceives (rightly so) Linux to be a threat to Windows mindshare, and are taking action to destroy the power of Linux to take mindshare away from Windows. They are attempting destroy the mindshare because they currently do not see a way to destroy the actual code (hard to do in the OSS world).
Linux and Microsoft are competing for the same scarce resource: would-be users and developers. Thus, Microsoft and Linux are at war.
Jane's approach to this story is fundamentally flawed because they didn't clear it with Cringley first.
First off, manufacturers like Victoriknox have geared themselves up to selling knives by the crate to thousands of customers, not by the unit to millions of customers. They aren't geared to end-customer retail, and would lose money setting themselves up for this sort of thing.
Secondly, manufacturers would usually piss off their channels by selling direct. If I were selling Victorinox knives retail, I would be peeved to find myself in direct competition with Victorinox itself!
That being said, it would make a hell of a lot of sense for them to link you to both online and brick-and-mortar retailers. It makes their channels happy, sells more knives, and is a lot cheaper for Victorinox than setting up their own international retail operation.
But Victorinox doesn't make te Swiss Army Chainsaw. Larry Wall does.
Yes, imagine the intersection of McCarthyism and the Internet. Frankly, I think that the Internet would have killed McCarthyism a lot faster than it was killed in real life.
Paranoia and authoritarianism is fueled by centralized control of the media. Whenever you see a highly centralized, oppressive government, you always see two things: state-controlled mass media and its opposition, guerilla media/pirate radio.
The Internet is guerilla media in ways that pirate radio can't dream of. Knowledge is power, and nobody should know that better than IT crew. The Internet diversifies the balance of power, making it hard for any one entity to take command.
Can the majority use the Internet to find and persecute the minority? Yes. If Microsoft wants to compile an enemies list, for example, it could do little better than get the active roster of Slashdot users. But on the other hand, the minority can use the Internet to band together. Divide-and-conquer tactics tend to fail against a wired population.
William Gibson described the Sprawl in Neuromancer as "a sick sociological experiment with somebody's finger permanently on the fast-forward button" (approximate quote; I don't have the text with me). One neat thing about the Internet is that it speeds up human interaction. Like biologists use fast-reproducing animals like insects to learn about genetics, we can use the Internet to learn about sociology.
The lesson learned here, as I have seen it: It is easier and better to do the Right Thing in the first place, rather than figure out where to hide the bodies later.
As people, we would often rather be crafty and sneaky than do the simple (and hard) Right Thing. It burns you in code. It burns you in life.
In the world of online security, it is better to have a publicly known weakness then to hide the weakness. If the weakness is hidden, then the Bad Guys share it among themselves and we don't know. If the weakness is known, we can post the moral equivalent of guards until somebody fixes the weakness.
Something like this should end up on sysadmins' desks pronto: they are our first defense against cyberterrorism. Fortunately, we here at Slashdot heard about it before publishing, and that means that a lot of sysadmins will know about this and be ready for it.
For anyone working at Jane's, I suggest that this article be target marketed to sysadmins. This would be a service to those people who keep our systems secure. This also would also increase circulation: rather than being targeted at a centralized military market, this is targeted at a decentralized computer security market. Unlike other forms of attack, this one cannot be defended by the military: cyberterrorism is best fought by a networked militia of private citizens and organizations.
Microsoft is not only contradicting itself, but is contradicting itself in two realms where it is illegal to lie. Lying in court is called perjury. Lying about the capabilities of one's own product is called false advertisement. Lying about the capabilities of someone else's product is called slander.
Red Hat has a large amount of money right now, having just gone IPO. People are still trying to figure out what RH is going to do with this. Obviously, a lot of it is going to promote Linux in its entirety (it seems that Linux companies find it more profitable to grow a bigger Linux pie than to fight over one's piece of that pie).
I am not saying this out of any real or perceived "duty" on the part of RH, but from a Red Hat profit/loss perspective. Is it worth it to Red Hat to move some of their marketing budget over to legal to take some of Microsoft's more obviously false claims and ram said claims down their throat? That is, sue for slander, charging for legal expenses and a reasonable award of lost business (not a huge money amount). And the important part: do not settle.
While this sounds like a lot of fun, this may also be good marketing. If you can win a slander lawsuit in court, you force Microsoft to retract the statement, and can use the counter-statement (a matter of public record) in marketing.
There has been a big stink on either side about Microsoft and the law. The lawsuits tend to be about antitrust law or IP. To Microsoft's advantage, both pieces of legislation are themselves contraversial: some of us don't believe that the laws being applied should even be on the books, regardless of what Microsoft is doing with regards to these laws.
Slander suits are a beautiful way to sidestep this and to fight legal battles on much firmer ground. After all, who opposes anti-slander legislation?
Just imagine what would happen to the software industry, and especially the Linux industry, if we could just keep Microsoft from lying.
Praising Gates three years ago? Not I. Not since Win 3.1. Not since DOS 6.0.
Per the world's software developed by a bunch of hackers sitting at home and writing code: the fact is, we have proof. Even if we couldn't tell you why it happens (and ESR does a good explanation), we can show you that it does happen.
No one seems to consider that free software constantly plays a game of catch-up, and why is that? Because research and development (not cloning) costs money.
Perl. Emacs. Sendmail. Apache.
All best-in-class, or only-in-class, applications. All open source. I'm sure /. can come up with a host that I missed.
So Microsoft gives MIT a pile of money and says, "Go play." Good.
No, Microsoft gives MIT a pile of money and says "Install our stuff everywhere". Drug dealer marketing--the first one is free.
The money has to come from somewhere -- and I don't see VA Linux, RedHat, or any of Slashdot's favorite companies making any donations.
Those shops, by their very nature, donate code to everybody. Code can help you learn to program. Money rarely does.
This is not philantrophy. This is drug-dealer marketing.
Look what is being given. Windows, and money. And you have to take the Windows to get the money. The last sime I saw somebody pay to give something to somebody else, it was hazmat.
If Microsoft made a simple grant, that would be philantrophy. But instead, they attached all these strings--Windows gets to infiltrate.
Is the dealer down the corner being philantrophic by giving away packets of crack to newcomers? No, he knows that this is how you get and retain paying customers (i.e. junkies).
Watch what Microsoft gives away. It often "contributes" huge amounts of resources for a project--in the form of software. Software which costs Microsoft nothing except the media costs. And while there is an opportunity cost associated with it (that is, it keeps them from charging license fees), this is outstripped by the licenses bought by those who get hooked on Windows early.
The people who don't know that it is an invalid security test cares about the details.
Time and again, some magazine, company, or other shows NT's supposed improvements over Linux. Then somebody notices how the "test" was intentionally or unintentionally rigged. While this is great for the Slashdot community, this is the sort of stuff that needs to be seen by those who make the buy decisions.
Now that you know, you can argue this where you work or learn; when somebody points to this test as a reason to install NT at your site, you have an effective counterargument--and URLs to back it up.
I remember the backlash. I had a cousin that wanted to get into RPGs, but his father had bought into the D&D-is-Satanism. So I got him Palladium's Robotech RPG. Somehow, transforming jet plains and giant space aliens works.
If you are really going to crack a facility, you can often do so from the inside. The most important skill needed to compromise such a facility is "social engineering"; basically the ability to lie through your teeth to other people. This sort of thing can get you inside your target's security with no computer skill whatsoever, and then you only need the skills required to cause the computers to do whatever it is you want them to do.
Let me list a few SE gambits. The first, which takes a bit of time but is usually safest, is to get yourself hired. You will need some computer skill even to do an attack from the inside, and that skill will get you hired in America's techie-hungry job market. This gives you building access and a computer account. If you have sysadmin skills, all the better: you will get a root password, the equivalent to an all-access pass.
The second gambit is simply to sneak into the physical facility in broad daylight, by pretending that you belong there. Low-security facilities may use badge-locking, but often one employee will hold the door open for someone who forgot their badge. Just about any facility will let people in if the security is lax at all. I remember a story (verified) about someone showing up at a 20-person company dressed as a delivery person. People let him in and out, and he made several trips carrying boxed printers out every time.
Another gambit that someone could try with enough time would be to infiltrate the development branch of a commercial security software company (or better yet, get a few terrorists together and form one), and put a back door into the software. The facility is rare that fails to trust shrink-wrapped software. If the software is a hit, you can hit multiple targets at will without anyone putting the pieces together.
Hopefully, the above tactics would not work in places like military facilities or nuclear plants, where paranoia should be a way of life. However, a creative mind can cause a lot of damage by infiltrating a facility not known for its paranoia. Hospitals and food-processing plants would likely be prime targets. Such attacks would not necessarily be "real" terrorism, but would look a lot like accidents (until, of course, somebody claimed responsibility for them).
I think alot of software companies have missed the boat with the average home user:
If it's too complicated, they won't use it.
I'm not saying that they're dumb, they just have better things to do with thier lives than deal with something that's too hard to use.
Amen to that, brother.
I am a programmer, and I do a decent amount of word processing to document what I do (because I'm lazy, in the Larry Wall sense). I have Word (corporate standard, not my idea). I can keep 10 KLOC of Perl in my head. I am not just a luser.
I can't get Word to do what I want it to do. There is simply too many possibilities, too many ways to screw up.
Where's SpeedScript when I need it? Where's LaTeX?
I tried Windows programming back in the mid-90s (I am a dyed-in-the-wool Unix programmer). I gave up because, unlike Unix, I couldn't tell my bugs from Bill's bugs. And if you don't have confidence that your code has your bug, how can you reasonably debug?
In personal computing, this causes a lot of finger-pointing. I can't take responsibility for any Windows software I ship because I can't guarantee you that my code won't break Windows. I can pretty much guarantee that my code won't break Unix or Linux. If my code does break Unix, I can show the vendor what I did and show them a Unix bug--Unix is not supposed to allow mere apps to break it. If my code breaks Linux, I can hire someone to see how and fix Linux!
It's this sort of thing that prevents customers from expecting their software to work first time, every time. Even the most clueless of newbies realize that Windows is not a rock-solid platform.
It makes no sense to measure reliability in numbers of patch releases, especially when comparing proprietary with open source software. How much is fixed in which patch? Remember that open source software makes orders of magnitude more releases than closed source software, by design and for those who want it. Linux has distributions so that end users don't have to deal with the pitter-patter of little releases.
Look, I'm a full time EE and I work upteen hours every week. If you think I have time to fart around with buggy, unreliable software like Linux and its ilk and submit my patches you are dead wrong.
If you don't have the time to fart around with Linux, what do you have the time to fart around with? I'm not ready to say that Linux is the most reliable OS around, but I am ready to say that it is in the upper echelon. That is, other OSs may be more reliable than Linux, but it seems that nothing short of mainframe-style enterprise OSs is much more reliable than Linux.
If you're talking about enterprise-level systems like big-assed financial mainframes, I agree. You don't have the time to fumble with Linux--it's not built for the Big Guys (for that matter, neither is Unix). If you're dealing with Unix-sized problems or smaller, Linux is about as reliable as you're going to get.
At my network shop, we have three platforms: Solaris/Sparc, Linux/Intel, and NT/Intel. From our experience, Linux/Intel is about as reliable as Solaris, and much more reliable than NT. IMHO, Solaris is the Unix benchmark, so Linux is beautifully reliable for the types of jobs it takes a Unix box for.
Here is what I mean. Software development is usually a troika of marketing, QA and development. The marketing department wants the world--today. Hey, who doesn't? QA wants the most bug-free code possible. Hey, who doesn't? Development wants to build the coolest code possible and thus impress their friends. Hey, who doesn't?
Often, marketing is put in charge of the development process. Thus, they can ask for all those features without slipping the schedule. And here's the catch--if it bombs due to bugs, they can blame development and QA. In this realm, Marketing has great power without great responsibility. Basically, they never have a reason to slip the ship date.
Now this isn't a problem with Marketing. They are doing what they were hired for. They are just given the go/no-go decision without the responsiblity of failure.
For better software, make sure that the people that make the shipping decisions have full profit/loss responsibility. This may or may not be the responsibility of marketing. This is not the responsibility of QA or development, because their skillsets are more technical than business.
In the best of all possible worlds, there is a project manager with profit/loss responsibility, and said manager feels the pain of both late ships and buggy ships. Marketing reports to PM with what needs to be done to sell product. Development reports to PM with what they need to get the job done, and the current state of progress. QA reports to PM with the current stability of the product. Only the PM controls the schedule and makes the decision to ship.
This deals with one cause of buggy software--marketing push. What this doesn't deal with is the "first mover effect"--the idea that the first to market wins over the second-comer with more featureful or stable software. If you believe in the first mover effect (I do), then you believe that it makes business sense to ship buggy software--that you lose money waiting to fix bugs.
The first mover effect is a combination of two things. The first is that the consumer wants it. After all the marketing hype, people don't line up at midnight to get the first copy of a new software package unless they want the software. This sounds like blaming the customer, but think about it. If the customers buy early software more than they buy stable software, is that not telling us that the customer prefers the fast, buggy software, and that we should comply to the customers' wishes?
Un(?)fortunately, it isn't quite that simple. The other half of the first mover effect is what used to be called "connecter wars". The principle of connecter wars is that the first mover gets to set the proprietary standard and thus the community. Remember that in a lot of cases, the value of the software is directly related to the size of community it lets you interact with. For example, people buy MS Office so that they can exchange documents with other MS Office users. The second mover forces the customer to choose between (possibly) better software and the community of the older software.
Which brings us back to the obligatory Slashdot reference to Open Source software. The First Mover effect gets mightily morphed by OSS. The second mover can join the first mover's community, because the comm protocols are in visible code and thus snarfable. Better yet, the second mover can simply add their "better code" to the first mover's effort. Yet another reason that open source code tends to have fewer bugs than closed source code: "ship first" is no longer the imperative.
I'm not so sure about that. AFAIK, there are two distinct groups in the minds of most Americans. There are those who know their way around computers, and there are those who know how to break into computers. They even understand that those in the former group often have the skills of the second.
We call the former "hackers" and the latter "crackers". Most people call the former "techies" or "computer whizzes" and the latter "hackers".
My take on this is that the DOJ is trying to say that the online world is a dangerous place. IMHO, it is, and it is much more dangerous than it was when I was posting on C-128 bboards in the 70s and 80s.
From what I read in the article, McGruff is more interested in keeping kids safe when they play on computers than in keeping them from learning about them. More than anything, this sounds like the computer equivalent of "How to walk around town without getting run over by cars."