... hey would have contribute back the patches so it is a win win situation.
This is hardly anything new. Look into how the DoD funded the development of the Internet (aka ARPAnet).
Actually, in most cases they didn't even develop their own patches. Rather, they told their academic and industry fundees about the problems in the latest code, let the hackers work out a solution, took the code for their own uses, and left it in the public code base for further use and development.
Yeah, they probably did a bit of development on their own, but the evidence is that there hasn't been as much of this as you might expect. The military has found the academic hacker community to be a much better testbed for most of the code, and a lot cheaper than trying to debug changes in a military setting. As long as the crypto stuff is highly modular (and it is), it's a lot more effective to just leave the code development in the public sector, where there are lots of eyes and people happy to show off their expertise by doing the hacking that a strictly-managed power structure finds highly distateful.
For a feel of the US government's relationship with the linux part of the open-source community, google for "secure linux" and do a bit of reading. There's a lot going on there.
The military security folks have been saying for decades "Don't run any software unless you have the source code all the way down, plus the circuit diagrams. If you don't, you have no idea what might be hidden inside."
So the DoD's decision makers are listening to their security experts?
I can't help but notice that all the authentication schemes being discussed are basically way that the bank verifies the customer is who they say they are. But the issue isn't that; it's that the customer is being tricked into thinking that they're talking to the bank when they are actually talking to someone else (who may be talking to the bank). There is nothing that I see that helps the customer verify that it's actually their bank on the other end.
The whole "phishing" thing is based on the fact that the bank's end can be spoofed, and customers have no reliable way to verify that they are really talking to their bank. A Man-in-the-Middle is simply a variant of this, in which the customer thinks they're talking to the bank, when they're actually talking to the MitM, who is talking to the bank.
Adding extra stuff to better authenticate the customer is not going to help here. Confusing the issue by just talking about "authentication" doesn't help either, since it conflates the two directions of authentication into one, and people don't notice that the customer may not have authenticated the bank.
The only circumstance I can see this happening is if you have two files in the same directory, only distinguished by case, or two directories in the same dir, only distinguished by case. Can you give me another situation in which that would happen? At this point, I have to say, get your source filesystem sorted out. This should never happen, it's confusing and stupid. Rename any files/directories that are distinguished only by case.
If I'm the one running a web server, it's not my job to modify my users' web sites. Not only do I not have the time to rewrite their stuff; if I do so, they'll probably look for some other place to host their stuff. And I wouldn't put up with such arrogance on the part of the managers of a machine that hosts any of my stuff. They might be able to tell me that some content (such as pr0n and malware) isn't allowed. But renaming my files and rewriting my code is far beyond the pale.
I particular, a webmaster has no business doing something like telling customers that their files are capitalized wrong. Sorry, but that's what I'd call "stupid". I won't do it, and I don't expect any other webmaster to do it.
If an OS requires me to modify such things on my customers' web sites, well, I'll just find a different OS. One that lets me simply upload a customers' files and plop them down on the disk unaltered. Any competent OS should allow that. If not, it's not good enough to be used as a web server.
Is there some potential badness that Google is indexing binary file content? What might that be?
The computer industry does have a nasty history of "shooting the messenger" when malware is reported. People really don't want to know that their machine has been compromised, especially if it implies lax security on their part. They routinely react by firing or prosecuting the people who do anything to pinpoint security problems like this. We can expect to read stories of threats against people who use this Google feature to find security problems.
The obvious explanation here is the old "stupidity rather than malice" saying. But this might not always be true. When someone in authority attempts to punish someone for exposing a security problem, you should probably assume that they understand what they're doing and have a motive for their action. It's likely that some of those with the authority to punish messengers are doing so because they don't want the problems exposed, for reasons of personal (or institutional) profit.
Tell me honestly, when was the last time you actually saw 2 files in the same directory distinguished only by capitalization?
Well, I don't recall the exact date, but it was within the last few days.;-)
The files were in a site dealing with European classical music. In most of Europe, it's common to use case to indicate major/minor keys. Thus "Sonata in D" and "Sonata in d" mean D major and D minor, respectively. The files I saw had names like "Sonate_D.mp3" and "Sonate_d.mp3". This is an imminently sensible way for a European classical musician to name files, because it matches exactly their standard notation for such things.
(Actually, you'd usually want a few more characters, since some composers wrote more than one sonata in D or d, but you get the idea.;-)
Now, you can say that this is a stupid way to name things, and you might be right. But musicians have never been known for intelligent notation. And as a programmer who deals with a lot of network issues involving people who don't always speak English too well, my reply is "It's not my job to tell people that their language is wrong; it's my job to implement things that work the way my users expect". In the above case, some musicians gave the files the obvious names, and it Just Worked. They didn't have to figure out why one of their files mysteriously disappeared, and the remaining file contained the wrong sonata.
Since there are a lot of uses of case distinctions in many languages, I'd prefer that my software implement the case distinctions that my customers are comfortable with. And if I'm making a decision on what to run on a server, I'm going to choose a system that doesn't impose a particular case policy on me. This is one of many reasons I'd choose linux or *BSD or Solaris for a server, but not OSX or MS-Windows. I don't need the hassle of an OS that imposes such policy decisions on me, contrary to what I know makes sense to my users. Yes, I can find a workaround, but why should I waste the time?
It's easy enough to come up with reasons that an English-speaking user might want to use case distinctions. Around here, we all know that "apple" and "Apple" mean different things (and one is a trademark so you'd better not misuse it;-). You don't necessarily need to make this distinction in file names, but it's a lot more convenient if you can. Thus, if I make a directory containing definitions of terms, it would be handy if I could have both "apple.html" and "Apple.html". Granted, I don't need to have this, and I can always program around it. But forbidding me to use such file names just puts one more silly barrier in the way of Getting The Job Done, and adds to my frustration level. It's one more things that tells me that I should stick to a real unix-like system that doesn't throw such gratuitous stumbling blocks in my path.
The unix world has long had a mantra: The OS implements mechanisms, not policies. Case (in)sensitivity is a policy, not a mechanism. As such, it properly belongs in the runtime libraries, where different groups of users can easily implement their own policies. It doesn't belong in the OS kernel, where a policy is imposed on all software and is very difficult to override if it's wrong for your application.
This was a very good design decision back in the 1970s, and it's still a good design. At least if you want to keep your programmers sane, and help them implement user-friendly apps. The kernel should treat a file name as a string of bytes, and not impose any interpretations or policies on what those bytes may contain. (The unix use of '/' is in fact a minor annoyance here, which I sometimes really wish Ken and Dennis hadn't done. But I understand the practical reasons why they did it, so I forgive them.;-)
Of course, part of the issue here is that Microsoft and Apple have long thought that it is their job to impose policies on their developers. This isn't real
This is also what happens if you, for example, use scp or rsync to copy files to an OSX system. Note that the file fooBar is the one that exists, but its name is "foobar". The case has not been preserved (and the original "foobar" file has been lost).
Some other descriptive phrase is needed here. "Case preserving" is incorrect and misleading, as the the case of a file name is not preserved in such situations.
Why would you want to switch TO a case-sensitive filesystem?
There are many situations where the case-sensitive filesystem is preferable.
One is a server that needs to store files from other computer systems. A case-sensitive filesystem can simply use the same names that were on the originating systems. A case-insensitive filesystem will occasionally map two files to the same name, losing one of the files (and 50% of the time using the wrong name for the file that's there). But if the filesystem preserves the correct byte values in the file names, you can just copy files to your server, and they maintain the correct name. You don't need to redesign anything.
This is a special case of a more general observation: If system X allows some particular thing and system Y doesn't, then system X is generally more usable. It may be more complex, of course. Case insensitivity is easy enough to implement at the "library" level in a system that is case sensitive. I've done it in several projects. But you can't easily fake case sensitivity if the file system ignores case. So if you want a general-purpose system, you're better going with the one that doesn't enforce such policy decisions inside the OS kernel.
There is a different problem with files coming from a system that allows '/' in file names; that one is a bit trickier to solve on a unix server. Are there any file systems that don't have any forbidden characters in file names?
I've also had the fun of trying to deal with projects that use code from several different sources. It's pretty easy on a conventional unix file system. When I've moved the result to OSX, the result was a nightmare due to the case insensitivity. This is because search paths inherit the case insensitivity. So if package X has a "foo" command and package Y has a "Foo" command, which you get depends on which directory is first in the search path. You find that scripts in X sometimes get "Foo" when they called "foo", and scripts in Y sometimes get "foo" when they called "Foo". Debugging this can take an inordinate amount of time, as there are no "not found" warnings. The software just quietly goes berserk.
I have advised against OSX (except as personal workstations) on several projects, and after watching this kind of disaster interfere with work, the managers agreed with me. Too bad, because there are a lot of good things about OSX. And sometimes you're lucky and things just work. But if you're using code from more than one source, you're just inviting a lot of long debugging sessions due to the case insensitivity. It's easier to go with a system that doesn't do that to you.
If you're building all your own apps from scratch, and never install anyone else's packages, this doesn't apply to you, of course. But I don't want to try using a case-insensitive file system on a server ever again. It's not worth the headaches, especially when linux systems are so cheap and easy to use.
Opera 9 allows per site preferences, so you can turn off/on plugins per site
Hmmm... I looked around explicitly for that, and didn't spot it. I founnd the Preferences.. Advanced.. Content, which has an "Enable plug-ins" checkbox, but it doesn't have any way to specify a site.
So where did they hide it?
One real problem with browser config settings is that they are in this maze of twisty links, all alike (to paraphrase something well-known). Even if you remember seeing something, sometimes you just can't find it again.
Yeah; I found that and disabled plugins. But, as in other browsers, that seems an "all or nothing" flag. If you disable plugins, they don't work in any tab. If you enable plugins, all of them start up in all your tabs (after a significant delay, it seems). I'm not actually sure that it's this simple, as I seem to remember cases where active thingies were running after I'd disabled all plugins, and it took a refresh to stop them. Or maybe I'm confused and not doing it right. In any case, one of the useful changes in Opera 9 is that the agent-id faking feature is now per-site. But things like blocking flash or active GIFs or javascript is still a single global flag, either on for all sites or off for all sites. It would be much more useful if these global flags could be set to a default (off!), and then individual sites set to the other state. This would go a long way toward preventing the marketers from taking over my cpu with their oh-so-clever active ads.
Yeah, I do that, too. But there are limitations. Thus, if you disable plugins with most browsers, it's a single enable/disable checkbox for all plugins in all of that browser's windows. Then, if you want to run something like a video clip in one tab, enabling the plugins means a loooooong pause while it runs through all the tabs in all windows and enables all plugins everywhere. Then if you neglect to turn it back off, perhaps because you wanted to watch several videos in that tab and then got distracted by some other job, you find that all your plugins are now running in all your tabs, wiping out your cpu.
And it seems there are things that aren't turned off in mozilla or firefox by disabling plugins, javascript, and active GIFs, and enabling flashblock. There are still some video thingies that run somehow, and a refresh= attribute in a meta tag is still honored. Sometimes I still find mozilla or firefox suddenly using most of the cpu, although I have every active thing I know of turned off. And closing all the browser's windows usually doesn't reduce the cpu or memory usage much.
It would be nice if a browser could handle this issue in a user-friendly manner (which would be inherently web-site-hostile in many cases).
I am predominantly a graphic designer/artist and I enjoy what can be done with flash.
Well, I'm both a computer user and professional programmer, so I consider you part of the problem, not part of the solution.;-)
While I do know of a few sites that use flash for the visitor's benefit, this isn't generally true. At least 99% of the flash is for distracting ads. When I'm trying to get some work done, an active image in my peripheral vision is a serious distraction that interferes with getting the job done, and I just want it stopped. I have flashblock installed in mozilla and firefox, and this is why I mostly use them. A browser that doesn't block flash (and "active" GIFs) is relegated to only occasional use with sites that can be trusted.
Also, I'm using my computer for things. Flash ads often soak up 30% to 60% of the cpu, interfering seriously with processes that are trying to do something that I want done. So again, I just want the flash stopped, so my productive tasks can run.
Now, I don't object to flash when it's showing me something that I want to see. But since flash is mostly used in an abusive fashion by advertisers, my main question is how do I stop it.
The best gift that opera could give me would be a simple, easily-available tool to turn flash and other active things on and off quickly and easily. I want them to run only when I want them to run. Any other time, they are distracting, cpu-hogging pests.
Something I've always wanted with all browsers is a single place that lists all the "active" (i.e., cpu-using) features, with a button to block/unblock each of them. It would be best if the blocking could be either per-site or per window/tab, or maybe both.
Yes, active stuff like flash is sometimes useful, and some sites use such things to great advantage. But 99% of flash, for example, is used to create distracting ads. When a site does this to me, arrogantly assuming that I have nothing better for my cpu to do than to run their ad, I attempt to block the site's ads, and if I can't do that, I put the site on my list of "greedy" sites to be avoided.
I used to have slashdot's images enabled. Then one day an active ad showed up that used more than half my cpu. I found/.'s setting to disable images, and I've used that ever since. The images here seem to have no content anyway (as far as I can tell). They're just eye candy, so I'm probably not missing anything.
Anyway, I tend to use mozilla for my "random" browsing, because that's the browser for which I've learned the most about turning off cpu-sucking active-ad junk. But even there, it occasionally goes berserk from some ad that knows how to get around all the blocks that I have enabled. Just an hour ago, I found mozilla had a size of 1.4 GB, and was using around 55% of the cpu. I killed it. Now I'll have to open those windows and tabs one at a time, trying to spot the culprit and put it in my hog list.
I've found opera to be not quite as crippled by such things as the other browsers I have installed. An ad that soaks up 40% of the cpu in mozilla or firefox will usually only use 5% or 10% in opera. But it's still a pain, and I can waste a lot of time hunting down the culprit if I have a lot of tabs open.
It sure would be nice if there were somewhere an explicit list of all the cpu-using things in a browser, with a way of turning each of them on/off as needed.
And a way of quickly locating a cpu- or memory-eating hog could also be useful. That can take a lot of time if you're working with a lot of open tabs. It would help a lot if the browser could tell me where it's using resources and why. That way, I wouldn't have to kill the whole browser; I could just kill the one hog.
[I]f terrorists were to blow up all the roads and bridges in New York City, they'd be doing everybody a favor.
Heh. Reminds me of one summary I read of the 9/11 WTC attack. The story went into Mohammed Atta's history, including the time he spent as an architecture student at a university.
The conclusion was that Atta hadn't led an act of terrorism; it was an act of architectural criticism.
Really, did you ever take a good look at those buildings? Probably not; if you're like most people, you found nothing at all interesting about them. I remember having a hard time remembering what the WTC looked like. Even as I watched them burning on the TV, I had trouble remembering whether I'd ever noticed them when I was in NYC.
It's easy to understand how an architecture student could just want them taken down.
Of course, taking them down in a suicide attack was a bit extreme, even for a would-be artist.
Nor should the government allow them to pull a bait-and-switch on the public.
Uh, they already do bait-and-switch, big time. If you don't believe me, look at the advertised rate you signed up for, and try to use your link at that speed for 24 hours straight. Guess what your ISP will do. If you're in the US, they'll cut you off.
That rate they told you was pure bait-and-switch. You can't use your link at even 10% of that rate without them cutting off your service.
Unless you're a big company, of course. But then you probably made a special deal for a dedicated line with precisely-defined characteristics. And your company's lawyers probably went over the contract to make sure that they had to deliver what you were contracting for.
Maybe you could get a similar deal for your home system, if you have a similar set of lawyers on retainer to negotiate for you.
Meanwhile, their ads are everywhere, with claims that they provide "blazing speed".
If I had to vote on this false dichotomy, I'd vote for the Federal Government running the Internet. After all, they were they ones who paid for building it, while the big telecom corporations only jumped on board after it was proved popular. Also, we already have lots of laws (starting with the Bill of Rights in the US, and similar laws elsewhere) restricting the Feds' censorship; private corporations have few laws limiting their censorship. (If you don't believe me, read your TOS, and then try firing up a few servers on your home machine. And try arguing your "rights" after they shut you down.;-)
Also, the Feds showed during the Internet's development that they understood their own incompetence. That's why they hired the design and development out to all those crazy hackers at universities, and hired out building the physical plant to private corporations (including the telcos). They actually have a much better history of competent management of the Internet than private industry has shown. Plus willingness to fund actual blue-sky research, rather than just "innovating" by taking someone else's ideas and producing a private, incompatible, locked commercial version.
Actually, of course, it was the DoD that did all this, not the US government in general. So maybe what we really should be pushing for is permanent control of the Internet by the US military. We just don't want them controlling other countries.
But we probably would be better off if Congress had no control over the Internet. The current net-neutrality battle has shown quite clearly the utter cluelessness of Congress as a whole (noting that Al Gore is a Senator, not a Congressman;-). What we need is a bill that puts the Internet permanently out of the reach of Congress, and re-establishes another DARPA committee to run the show.
Probably no chance of that, though. So we sit back and watch the Internet be totally politicised and controlled by whichever corporation can best bribe Congressmen.
Indeed; this is the main thing I noticed about the article.
I'm part of several open-source efforts. One is a music package first developed by a math prof in Germany. When he announced to the mailing list that he was getting too busy, at least three of us started forks of his code and implemented radically different new features (needed by different groups of musicians). All of us (including the original author) have put our source code online for anyone who wants it. This means that we aren't "vendors"; i.e., we aren't selling it. So we aren't included in this articles data. None of us developers are in Silicon Valley.
In a different direction, I'm one of at least a thousand C developers who has a personal collection of C debugging tools. I wrote some, downloaded some, and radically rewrote a few other tools. I keep it all online. I see occasional downloads (by non-search-bots;-), and I occasionally get email from users, often with patches to add new features. I also send occasional patches to others. None of this stuff is for sale; you can only get it free. So none of us are "vendors" of C debug tools, and we aren't in TFA's statistics.
Talking about open-source "vendors" pretty much labels the writer as clueless. Either that, or someone trying to prove something and hoping we won't notice the verbal sleight of hand.
The kind who thinks that Manhattan's below sea level?
Hey, he's just 15 or 2 years ahead of his time. He's a very forward-looking terrorist.
(And I'm waiting to see the/. discussion of the latest climate-change paper, just published today in Science. Someone has to have submitted it to/. already. So where is it?;-)
As long as we let slavery control our thinking in any way by doing things like playing the slave card every time a racial issue comes up, we'll never escape its legacy.
Some of us don't want to escape the legacy of slavery; we want to end it. And that can't be done by suppressing the memory. The only way is to constantly keep bringing it up, until humanity institutes some way of finally ending it. So far, there is little sign of this happening, so we still need frequent reminders.
There is slavery all over the world right now, including in the US. Just passing laws and saying we've solved the problem simply hasn't worked; it only drives such things underground. And when we're not watching, someone reinvents slavery under some new name. If we are serious about wanting to end such practices, we should be exposing and publicizing all the instances we can find.
Of course, this particular ad campaign is a bit of a silly example. But it does tell us that a lot of people are aware of the history and are sensitive to the topic. To anyone seriously interested in ending such atrocities, this is a good sign. And that we can laugh at it while being appalled is also a good sign.
Well, yeah, but the metric system was really designed by a small crowd of engineers. It spread mostly because in the mess of borders and local systems of measurement in Europe, the technical people found it useful to adopt a simplified decimal system. There were actually few cases where a top-level decision was made to use the metric system. Rather, politicians passed of such decisions to local bureaus of weights and measurements. But the important thing is probably that such decisions have been made mostly by experienced engineers.
Spelling is something different. There aren't any engineering issues. Most languages with decent spelling have had a single government bureau in a single country that decides spelling issues. With English, this has never worked. Can you imagine the residents of the UK and the US hono(u)ring spelling changes decreed by a government bureau of the other country? Yeah, like that's going to happen. Here in the US, the FDR administration attempted a spelling reform back in the 1930s. They did get a few changes adopted in the US, but of course the Brits mostly just chuckled if they even heard about it, and Americans ignored most of the suggested reforms.
The fun part of English spelling is that English-speaking people seem to mostly treat "the dictionary" as the spelling authority. But dictionary makers don't see themselves as policy makers; they are just reporting actual practice. This dates back to the earliest dictionary makers, Johnson (in the UK) and Webster (in the US), who both used the spellings that they saw as the most common. Their purpose wasn't to give "correct" spellings. They were primarily trying to help people who saw a word and wondered what it might mean. Modern dictionary makers mostly follow the same approach.
So dictionary makers report the common spellings, and people point to the dictionary as the spelling authority, giving us a traditional "vicious circle" that maintains an irrational spelling non-system indefinitely. The only way to break this circle is for some authority to step in and decree a new, rational system. This works with systems of measurement, because engineers and physicists are recognized authorities. It doesn't work with English spelling, because there aren't any recognized authorities. Many of us think that dictionaries are authorities, but the dictionary makers have never much wanted the job. Their actual job (reporting usage and meaning) is a lot more interesting and fun, and keeps them away from spelling flame wars.
If there ever is English spelling reform, it will mostly likely come from outside the English-speaking parts of the world.
Good point, how exactly is "Shock and Awe" a whole lot different from blitzkrieg?
Similar concepts, of course, but one could make some picky distinctions. "Blitzkrieg" literally means "lightning war", not really so much a terrorist sloan as an arrogant assertion that "We'll win so fast they won't even know what hit them". "Shock and awe" is talking directly about the psychological impact on the victims, so it better qualifies as a terrorist slogan.
(Is this my first Godwin? I think it is!)
Maybe, but it's on topic, so it might not really qualify. We are rapidly reaching the point where "terrorist" just means "anyone that I don't like". It could help to clarify such terms by discussing who qualifies and who doesn't. In the case of Hitler and his minions, the term "terrorist" probably doesn't really apply. They weren't trying to terrify people; they were trying to exterminate some of them and rule the rest with an iron fist. This isn't really the same thing as terrorism, whose goal is to persuade people to do your bidding by making them afraid of not following your suggestions.
Also, Godwin's comment was about the fact that mentioning Hitler or Nazis tends to bring a discussion to a halt. But in cases where it's relevant, this can occasionally lead to useful discussions. Thus, I've seen a few cases where someone has called George Bush a Nazi, and someone else replies "No, he's really more of a Fascist, because...". People tend to use such terms as mere insults, without knowing what they actually mean. If a discussion of the meaning of such terms follows, it can be educational.
English doesn't just belong to people who grew up speaking English anymore -- its the language (or one of the main languages) of international commerce, politics, science, and essentially everything. Catastrophically large changes to English which make "our" English mutually unintelligible with "their" English just won't happen.
Actually, the first sentence has been proposed as the lever that could lead to a rational English spelling system.
The scenario is: Political and educational leaders in non-English-speaking countries get together to discuss their problems with English. They agree that the main problem is that English is so difficult to learn to read, write and pronounce due to its atrocious spelling system. This takes extra years of educations, and decreases the number of their people who are fluent in English. This puts them at a disadvantage to people from English-speaking countries. They listen to a group of academics and decide to adopt their proposal. The non-English-speaking countries sign a formal agreement adopting a specific phonetic spelling for English. They don't ask the English-speaking countries to cooperate; they merely provide some software that can transliterate between the two spelling systems. English classes in 3/4 of the world rapidly adopt textbooks using Phonetic English. The schools start turning out millions of graduates who are reasonably fluent in the new spelling system, and as a result can also speak English fairly accurately.
But using the software is at times a pain, so the English-speaking part of the world slowly learns to read Phonetic English. In a generation, most of the young people in English-speaking countries view the tradition spelling as obsolete, weird, and not worth learning. In 30 or 40 years, it's a relic of interest mostly to scholars, and English has transited to a phonetic spelling system, without cooperation from any government agency in any English-speaking country.
The trouble with this scenario, of course, is that it is based on a much higher level of cooperation than we've ever seen before in this world. So it probably won't happen. But it has been discussed. And the discussion has come to the attention of a few English-speaking people, some of whom are cheering the plotters on.
... a virtual machine running on a cluster of thousands of machines,...
It's perhaps worth pointing out that it's been at least a quarter century since this sort of thing was done by The Newcastle Connection people. And there were a few smaller-scale projects before 1980 with roughly the same design.
Of course, that was built by a bunch of academics and used only by them and their (mostly government) sponsors, so I suppose it doesn't get noticed by the modern commercial world. Much better to pretend that we're doing something totally new.
Am I the only one who doesn't understand what an Internet OS is supposed to be?
It's whatever the writer wants it to mean. "OS" has long since ceased to have any proper definition, at least since MS successfully put over the claim that their browser was part of their OS. Nowadays, you can claim that anything at all is part of an OS, and nobody (except a few silly geeks) will challenge you.
This is even true here on/. I and others have been roundly chided and down-modded for objection to such sloppy terminology and trying to impose even a weak technical definition.
So don't bother trying to find a definition; it's just a marketing acronym.
(Please ignore this if you're studying for a test in a systems programming course. Your prof will expect you to use such terms with their technical meaning.;-)
... hey would have contribute back the patches so it is a win win situation.
This is hardly anything new. Look into how the DoD funded the development of the Internet (aka ARPAnet).
Actually, in most cases they didn't even develop their own patches. Rather, they told their academic and industry fundees about the problems in the latest code, let the hackers work out a solution, took the code for their own uses, and left it in the public code base for further use and development.
Yeah, they probably did a bit of development on their own, but the evidence is that there hasn't been as much of this as you might expect. The military has found the academic hacker community to be a much better testbed for most of the code, and a lot cheaper than trying to debug changes in a military setting. As long as the crypto stuff is highly modular (and it is), it's a lot more effective to just leave the code development in the public sector, where there are lots of eyes and people happy to show off their expertise by doing the hacking that a strictly-managed power structure finds highly distateful.
For a feel of the US government's relationship with the linux part of the open-source community, google for "secure linux" and do a bit of reading. There's a lot going on there.
The military security folks have been saying for decades "Don't run any software unless you have the source code all the way down, plus the circuit diagrams. If you don't, you have no idea what might be hidden inside."
So the DoD's decision makers are listening to their security experts?
I guess maybe it is news.
I can't help but notice that all the authentication schemes being discussed are basically way that the bank verifies the customer is who they say they are. But the issue isn't that; it's that the customer is being tricked into thinking that they're talking to the bank when they are actually talking to someone else (who may be talking to the bank). There is nothing that I see that helps the customer verify that it's actually their bank on the other end.
The whole "phishing" thing is based on the fact that the bank's end can be spoofed, and customers have no reliable way to verify that they are really talking to their bank. A Man-in-the-Middle is simply a variant of this, in which the customer thinks they're talking to the bank, when they're actually talking to the MitM, who is talking to the bank.
Adding extra stuff to better authenticate the customer is not going to help here. Confusing the issue by just talking about "authentication" doesn't help either, since it conflates the two directions of authentication into one, and people don't notice that the customer may not have authenticated the bank.
The only circumstance I can see this happening is if you have two files in the same directory, only distinguished by case, or two directories in the same dir, only distinguished by case. Can you give me another situation in which that would happen? At this point, I have to say, get your source filesystem sorted out. This should never happen, it's confusing and stupid. Rename any files/directories that are distinguished only by case.
If I'm the one running a web server, it's not my job to modify my users' web sites. Not only do I not have the time to rewrite their stuff; if I do so, they'll probably look for some other place to host their stuff. And I wouldn't put up with such arrogance on the part of the managers of a machine that hosts any of my stuff. They might be able to tell me that some content (such as pr0n and malware) isn't allowed. But renaming my files and rewriting my code is far beyond the pale.
I particular, a webmaster has no business doing something like telling customers that their files are capitalized wrong. Sorry, but that's what I'd call "stupid". I won't do it, and I don't expect any other webmaster to do it.
If an OS requires me to modify such things on my customers' web sites, well, I'll just find a different OS. One that lets me simply upload a customers' files and plop them down on the disk unaltered. Any competent OS should allow that. If not, it's not good enough to be used as a web server.
Why would anybody have .EXE files on their webservers? .EXE's don't run on Unix.
...
Um, so that Windows users can download them, maybe?
Just a guess
Is there some potential badness that Google is indexing binary file content? What might that be?
The computer industry does have a nasty history of "shooting the messenger" when malware is reported. People really don't want to know that their machine has been compromised, especially if it implies lax security on their part. They routinely react by firing or prosecuting the people who do anything to pinpoint security problems like this. We can expect to read stories of threats against people who use this Google feature to find security problems.
The obvious explanation here is the old "stupidity rather than malice" saying. But this might not always be true. When someone in authority attempts to punish someone for exposing a security problem, you should probably assume that they understand what they're doing and have a motive for their action. It's likely that some of those with the authority to punish messengers are doing so because they don't want the problems exposed, for reasons of personal (or institutional) profit.
Tell me honestly, when was the last time you actually saw 2 files in the same directory distinguished only by capitalization?
;-)
;-)
;-). You don't necessarily need to make this distinction in file names, but it's a lot more convenient if you can. Thus, if I make a directory containing definitions of terms, it would be handy if I could have both "apple.html" and "Apple.html". Granted, I don't need to have this, and I can always program around it. But forbidding me to use such file names just puts one more silly barrier in the way of Getting The Job Done, and adds to my frustration level. It's one more things that tells me that I should stick to a real unix-like system that doesn't throw such gratuitous stumbling blocks in my path.
;-)
Well, I don't recall the exact date, but it was within the last few days.
The files were in a site dealing with European classical music. In most of Europe, it's common to use case to indicate major/minor keys. Thus "Sonata in D" and "Sonata in d" mean D major and D minor, respectively. The files I saw had names like "Sonate_D.mp3" and "Sonate_d.mp3". This is an imminently sensible way for a European classical musician to name files, because it matches exactly their standard notation for such things.
(Actually, you'd usually want a few more characters, since some composers wrote more than one sonata in D or d, but you get the idea.
Now, you can say that this is a stupid way to name things, and you might be right. But musicians have never been known for intelligent notation. And as a programmer who deals with a lot of network issues involving people who don't always speak English too well, my reply is "It's not my job to tell people that their language is wrong; it's my job to implement things that work the way my users expect". In the above case, some musicians gave the files the obvious names, and it Just Worked. They didn't have to figure out why one of their files mysteriously disappeared, and the remaining file contained the wrong sonata.
Since there are a lot of uses of case distinctions in many languages, I'd prefer that my software implement the case distinctions that my customers are comfortable with. And if I'm making a decision on what to run on a server, I'm going to choose a system that doesn't impose a particular case policy on me. This is one of many reasons I'd choose linux or *BSD or Solaris for a server, but not OSX or MS-Windows. I don't need the hassle of an OS that imposes such policy decisions on me, contrary to what I know makes sense to my users. Yes, I can find a workaround, but why should I waste the time?
It's easy enough to come up with reasons that an English-speaking user might want to use case distinctions. Around here, we all know that "apple" and "Apple" mean different things (and one is a trademark so you'd better not misuse it
The unix world has long had a mantra: The OS implements mechanisms, not policies. Case (in)sensitivity is a policy, not a mechanism. As such, it properly belongs in the runtime libraries, where different groups of users can easily implement their own policies. It doesn't belong in the OS kernel, where a policy is imposed on all software and is very difficult to override if it's wrong for your application.
This was a very good design decision back in the 1970s, and it's still a good design. At least if you want to keep your programmers sane, and help them implement user-friendly apps. The kernel should treat a file name as a string of bytes, and not impose any interpretations or policies on what those bytes may contain. (The unix use of '/' is in fact a minor annoyance here, which I sometimes really wish Ken and Dennis hadn't done. But I understand the practical reasons why they did it, so I forgive them.
Of course, part of the issue here is that Microsoft and Apple have long thought that it is their job to impose policies on their developers. This isn't real
On the contrary; OSX doesn't preserve the case of files. Consider this experiment on a handy OSX box:
This is also what happens if you, for example, use scp or rsync to copy files to an OSX system. Note that the file fooBar is the one that exists, but its name is "foobar". The case has not been preserved (and the original "foobar" file has been lost).
Some other descriptive phrase is needed here. "Case preserving" is incorrect and misleading, as the the case of a file name is not preserved in such situations.
Why would you want to switch TO a case-sensitive filesystem?
There are many situations where the case-sensitive filesystem is preferable.
One is a server that needs to store files from other computer systems. A case-sensitive filesystem can simply use the same names that were on the originating systems. A case-insensitive filesystem will occasionally map two files to the same name, losing one of the files (and 50% of the time using the wrong name for the file that's there). But if the filesystem preserves the correct byte values in the file names, you can just copy files to your server, and they maintain the correct name. You don't need to redesign anything.
This is a special case of a more general observation: If system X allows some particular thing and system Y doesn't, then system X is generally more usable. It may be more complex, of course. Case insensitivity is easy enough to implement at the "library" level in a system that is case sensitive. I've done it in several projects. But you can't easily fake case sensitivity if the file system ignores case. So if you want a general-purpose system, you're better going with the one that doesn't enforce such policy decisions inside the OS kernel.
There is a different problem with files coming from a system that allows '/' in file names; that one is a bit trickier to solve on a unix server. Are there any file systems that don't have any forbidden characters in file names?
I've also had the fun of trying to deal with projects that use code from several different sources. It's pretty easy on a conventional unix file system. When I've moved the result to OSX, the result was a nightmare due to the case insensitivity. This is because search paths inherit the case insensitivity. So if package X has a "foo" command and package Y has a "Foo" command, which you get depends on which directory is first in the search path. You find that scripts in X sometimes get "Foo" when they called "foo", and scripts in Y sometimes get "foo" when they called "Foo". Debugging this can take an inordinate amount of time, as there are no "not found" warnings. The software just quietly goes berserk.
I have advised against OSX (except as personal workstations) on several projects, and after watching this kind of disaster interfere with work, the managers agreed with me. Too bad, because there are a lot of good things about OSX. And sometimes you're lucky and things just work. But if you're using code from more than one source, you're just inviting a lot of long debugging sessions due to the case insensitivity. It's easier to go with a system that doesn't do that to you.
If you're building all your own apps from scratch, and never install anyone else's packages, this doesn't apply to you, of course. But I don't want to try using a case-insensitive file system on a server ever again. It's not worth the headaches, especially when linux systems are so cheap and easy to use.
Opera 9 allows per site preferences, so you can turn off/on plugins per site
... I looked around explicitly for that, and didn't spot it. I founnd the Preferences .. Advanced .. Content, which has an "Enable plug-ins" checkbox, but it doesn't have any way to specify a site.
Hmmm
So where did they hide it?
One real problem with browser config settings is that they are in this maze of twisty links, all alike (to paraphrase something well-known). Even if you remember seeing something, sometimes you just can't find it again.
Yeah; I found that and disabled plugins. But, as in other browsers, that seems an "all or nothing" flag. If you disable plugins, they don't work in any tab. If you enable plugins, all of them start up in all your tabs (after a significant delay, it seems). I'm not actually sure that it's this simple, as I seem to remember cases where active thingies were running after I'd disabled all plugins, and it took a refresh to stop them. Or maybe I'm confused and not doing it right. In any case, one of the useful changes in Opera 9 is that the agent-id faking feature is now per-site. But things like blocking flash or active GIFs or javascript is still a single global flag, either on for all sites or off for all sites. It would be much more useful if these global flags could be set to a default (off!), and then individual sites set to the other state. This would go a long way toward preventing the marketers from taking over my cpu with their oh-so-clever active ads.
Yeah, I do that, too. But there are limitations. Thus, if you disable plugins with most browsers, it's a single enable/disable checkbox for all plugins in all of that browser's windows. Then, if you want to run something like a video clip in one tab, enabling the plugins means a loooooong pause while it runs through all the tabs in all windows and enables all plugins everywhere. Then if you neglect to turn it back off, perhaps because you wanted to watch several videos in that tab and then got distracted by some other job, you find that all your plugins are now running in all your tabs, wiping out your cpu.
And it seems there are things that aren't turned off in mozilla or firefox by disabling plugins, javascript, and active GIFs, and enabling flashblock. There are still some video thingies that run somehow, and a refresh= attribute in a meta tag is still honored. Sometimes I still find mozilla or firefox suddenly using most of the cpu, although I have every active thing I know of turned off. And closing all the browser's windows usually doesn't reduce the cpu or memory usage much.
It would be nice if a browser could handle this issue in a user-friendly manner (which would be inherently web-site-hostile in many cases).
I am predominantly a graphic designer/artist and I enjoy what can be done with flash.
;-)
Well, I'm both a computer user and professional programmer, so I consider you part of the problem, not part of the solution.
While I do know of a few sites that use flash for the visitor's benefit, this isn't generally true. At least 99% of the flash is for distracting ads. When I'm trying to get some work done, an active image in my peripheral vision is a serious distraction that interferes with getting the job done, and I just want it stopped. I have flashblock installed in mozilla and firefox, and this is why I mostly use them. A browser that doesn't block flash (and "active" GIFs) is relegated to only occasional use with sites that can be trusted.
Also, I'm using my computer for things. Flash ads often soak up 30% to 60% of the cpu, interfering seriously with processes that are trying to do something that I want done. So again, I just want the flash stopped, so my productive tasks can run.
Now, I don't object to flash when it's showing me something that I want to see. But since flash is mostly used in an abusive fashion by advertisers, my main question is how do I stop it.
The best gift that opera could give me would be a simple, easily-available tool to turn flash and other active things on and off quickly and easily. I want them to run only when I want them to run. Any other time, they are distracting, cpu-hogging pests.
Something I've always wanted with all browsers is a single place that lists all the "active" (i.e., cpu-using) features, with a button to block/unblock each of them. It would be best if the blocking could be either per-site or per window/tab, or maybe both.
/.'s setting to disable images, and I've used that ever since. The images here seem to have no content anyway (as far as I can tell). They're just eye candy, so I'm probably not missing anything.
Yes, active stuff like flash is sometimes useful, and some sites use such things to great advantage. But 99% of flash, for example, is used to create distracting ads. When a site does this to me, arrogantly assuming that I have nothing better for my cpu to do than to run their ad, I attempt to block the site's ads, and if I can't do that, I put the site on my list of "greedy" sites to be avoided.
I used to have slashdot's images enabled. Then one day an active ad showed up that used more than half my cpu. I found
Anyway, I tend to use mozilla for my "random" browsing, because that's the browser for which I've learned the most about turning off cpu-sucking active-ad junk. But even there, it occasionally goes berserk from some ad that knows how to get around all the blocks that I have enabled. Just an hour ago, I found mozilla had a size of 1.4 GB, and was using around 55% of the cpu. I killed it. Now I'll have to open those windows and tabs one at a time, trying to spot the culprit and put it in my hog list.
I've found opera to be not quite as crippled by such things as the other browsers I have installed. An ad that soaks up 40% of the cpu in mozilla or firefox will usually only use 5% or 10% in opera. But it's still a pain, and I can waste a lot of time hunting down the culprit if I have a lot of tabs open.
It sure would be nice if there were somewhere an explicit list of all the cpu-using things in a browser, with a way of turning each of them on/off as needed.
And a way of quickly locating a cpu- or memory-eating hog could also be useful. That can take a lot of time if you're working with a lot of open tabs. It would help a lot if the browser could tell me where it's using resources and why. That way, I wouldn't have to kill the whole browser; I could just kill the one hog.
[I]f terrorists were to blow up all the roads and bridges in New York City, they'd be doing everybody a favor.
Heh. Reminds me of one summary I read of the 9/11 WTC attack. The story went into Mohammed Atta's history, including the time he spent as an architecture student at a university.
The conclusion was that Atta hadn't led an act of terrorism; it was an act of architectural criticism.
Really, did you ever take a good look at those buildings? Probably not; if you're like most people, you found nothing at all interesting about them. I remember having a hard time remembering what the WTC looked like. Even as I watched them burning on the TV, I had trouble remembering whether I'd ever noticed them when I was in NYC.
It's easy to understand how an architecture student could just want them taken down.
Of course, taking them down in a suicide attack was a bit extreme, even for a would-be artist.
Nor should the government allow them to pull a bait-and-switch on the public.
Uh, they already do bait-and-switch, big time. If you don't believe me, look at the advertised rate you signed up for, and try to use your link at that speed for 24 hours straight. Guess what your ISP will do. If you're in the US, they'll cut you off.
That rate they told you was pure bait-and-switch. You can't use your link at even 10% of that rate without them cutting off your service.
Unless you're a big company, of course. But then you probably made a special deal for a dedicated line with precisely-defined characteristics. And your company's lawyers probably went over the contract to make sure that they had to deliver what you were contracting for.
Maybe you could get a similar deal for your home system, if you have a similar set of lawyers on retainer to negotiate for you.
Meanwhile, their ads are everywhere, with claims that they provide "blazing speed".
If I had to vote on this false dichotomy, I'd vote for the Federal Government running the Internet. After all, they were they ones who paid for building it, while the big telecom corporations only jumped on board after it was proved popular. Also, we already have lots of laws (starting with the Bill of Rights in the US, and similar laws elsewhere) restricting the Feds' censorship; private corporations have few laws limiting their censorship. (If you don't believe me, read your TOS, and then try firing up a few servers on your home machine. And try arguing your "rights" after they shut you down. ;-)
;-). What we need is a bill that puts the Internet permanently out of the reach of Congress, and re-establishes another DARPA committee to run the show.
Also, the Feds showed during the Internet's development that they understood their own incompetence. That's why they hired the design and development out to all those crazy hackers at universities, and hired out building the physical plant to private corporations (including the telcos). They actually have a much better history of competent management of the Internet than private industry has shown. Plus willingness to fund actual blue-sky research, rather than just "innovating" by taking someone else's ideas and producing a private, incompatible, locked commercial version.
Actually, of course, it was the DoD that did all this, not the US government in general. So maybe what we really should be pushing for is permanent control of the Internet by the US military. We just don't want them controlling other countries.
But we probably would be better off if Congress had no control over the Internet. The current net-neutrality battle has shown quite clearly the utter cluelessness of Congress as a whole (noting that Al Gore is a Senator, not a Congressman
Probably no chance of that, though. So we sit back and watch the Internet be totally politicised and controlled by whichever corporation can best bribe Congressmen.
open source vendors != open source creators
;-), and I occasionally get email from users, often with patches to add new features. I also send occasional patches to others. None of this stuff is for sale; you can only get it free. So none of us are "vendors" of C debug tools, and we aren't in TFA's statistics.
Indeed; this is the main thing I noticed about the article.
I'm part of several open-source efforts. One is a music package first developed by a math prof in Germany. When he announced to the mailing list that he was getting too busy, at least three of us started forks of his code and implemented radically different new features (needed by different groups of musicians). All of us (including the original author) have put our source code online for anyone who wants it. This means that we aren't "vendors"; i.e., we aren't selling it. So we aren't included in this articles data. None of us developers are in Silicon Valley.
In a different direction, I'm one of at least a thousand C developers who has a personal collection of C debugging tools. I wrote some, downloaded some, and radically rewrote a few other tools. I keep it all online. I see occasional downloads (by non-search-bots
Talking about open-source "vendors" pretty much labels the writer as clueless. Either that, or someone trying to prove something and hoping we won't notice the verbal sleight of hand.
what kind of retarded terrorist uses a chat room
/. discussion of the latest climate-change paper, just published today in Science. Someone has to have submitted it to /. already. So where is it? ;-)
The kind who thinks that Manhattan's below sea level?
Hey, he's just 15 or 2 years ahead of his time. He's a very forward-looking terrorist.
(And I'm waiting to see the
As long as we let slavery control our thinking in any way by doing things like playing the slave card every time a racial issue comes up, we'll never escape its legacy.
Some of us don't want to escape the legacy of slavery; we want to end it. And that can't be done by suppressing the memory. The only way is to constantly keep bringing it up, until humanity institutes some way of finally ending it. So far, there is little sign of this happening, so we still need frequent reminders.
There is slavery all over the world right now, including in the US. Just passing laws and saying we've solved the problem simply hasn't worked; it only drives such things underground. And when we're not watching, someone reinvents slavery under some new name. If we are serious about wanting to end such practices, we should be exposing and publicizing all the instances we can find.
Of course, this particular ad campaign is a bit of a silly example. But it does tell us that a lot of people are aware of the history and are sensitive to the topic. To anyone seriously interested in ending such atrocities, this is a good sign. And that we can laugh at it while being appalled is also a good sign.
Well, yeah, but the metric system was really designed by a small crowd of engineers. It spread mostly because in the mess of borders and local systems of measurement in Europe, the technical people found it useful to adopt a simplified decimal system. There were actually few cases where a top-level decision was made to use the metric system. Rather, politicians passed of such decisions to local bureaus of weights and measurements. But the important thing is probably that such decisions have been made mostly by experienced engineers.
Spelling is something different. There aren't any engineering issues. Most languages with decent spelling have had a single government bureau in a single country that decides spelling issues. With English, this has never worked. Can you imagine the residents of the UK and the US hono(u)ring spelling changes decreed by a government bureau of the other country? Yeah, like that's going to happen. Here in the US, the FDR administration attempted a spelling reform back in the 1930s. They did get a few changes adopted in the US, but of course the Brits mostly just chuckled if they even heard about it, and Americans ignored most of the suggested reforms.
The fun part of English spelling is that English-speaking people seem to mostly treat "the dictionary" as the spelling authority. But dictionary makers don't see themselves as policy makers; they are just reporting actual practice. This dates back to the earliest dictionary makers, Johnson (in the UK) and Webster (in the US), who both used the spellings that they saw as the most common. Their purpose wasn't to give "correct" spellings. They were primarily trying to help people who saw a word and wondered what it might mean. Modern dictionary makers mostly follow the same approach.
So dictionary makers report the common spellings, and people point to the dictionary as the spelling authority, giving us a traditional "vicious circle" that maintains an irrational spelling non-system indefinitely. The only way to break this circle is for some authority to step in and decree a new, rational system. This works with systems of measurement, because engineers and physicists are recognized authorities. It doesn't work with English spelling, because there aren't any recognized authorities. Many of us think that dictionaries are authorities, but the dictionary makers have never much wanted the job. Their actual job (reporting usage and meaning) is a lot more interesting and fun, and keeps them away from spelling flame wars.
If there ever is English spelling reform, it will mostly likely come from outside the English-speaking parts of the world.
Good point, how exactly is "Shock and Awe" a whole lot different from blitzkrieg?
...". People tend to use such terms as mere insults, without knowing what they actually mean. If a discussion of the meaning of such terms follows, it can be educational.
Similar concepts, of course, but one could make some picky distinctions. "Blitzkrieg" literally means "lightning war", not really so much a terrorist sloan as an arrogant assertion that "We'll win so fast they won't even know what hit them". "Shock and awe" is talking directly about the psychological impact on the victims, so it better qualifies as a terrorist slogan.
(Is this my first Godwin? I think it is!)
Maybe, but it's on topic, so it might not really qualify. We are rapidly reaching the point where "terrorist" just means "anyone that I don't like". It could help to clarify such terms by discussing who qualifies and who doesn't. In the case of Hitler and his minions, the term "terrorist" probably doesn't really apply. They weren't trying to terrify people; they were trying to exterminate some of them and rule the rest with an iron fist. This isn't really the same thing as terrorism, whose goal is to persuade people to do your bidding by making them afraid of not following your suggestions.
Also, Godwin's comment was about the fact that mentioning Hitler or Nazis tends to bring a discussion to a halt. But in cases where it's relevant, this can occasionally lead to useful discussions. Thus, I've seen a few cases where someone has called George Bush a Nazi, and someone else replies "No, he's really more of a Fascist, because
English doesn't just belong to people who grew up speaking English anymore -- its the language (or one of the main languages) of international commerce, politics, science, and essentially everything. Catastrophically large changes to English which make "our" English mutually unintelligible with "their" English just won't happen.
Actually, the first sentence has been proposed as the lever that could lead to a rational English spelling system.
The scenario is: Political and educational leaders in non-English-speaking countries get together to discuss their problems with English. They agree that the main problem is that English is so difficult to learn to read, write and pronounce due to its atrocious spelling system. This takes extra years of educations, and decreases the number of their people who are fluent in English. This puts them at a disadvantage to people from English-speaking countries. They listen to a group of academics and decide to adopt their proposal. The non-English-speaking countries sign a formal agreement adopting a specific phonetic spelling for English. They don't ask the English-speaking countries to cooperate; they merely provide some software that can transliterate between the two spelling systems. English classes in 3/4 of the world rapidly adopt textbooks using Phonetic English. The schools start turning out millions of graduates who are reasonably fluent in the new spelling system, and as a result can also speak English fairly accurately.
But using the software is at times a pain, so the English-speaking part of the world slowly learns to read Phonetic English. In a generation, most of the young people in English-speaking countries view the tradition spelling as obsolete, weird, and not worth learning. In 30 or 40 years, it's a relic of interest mostly to scholars, and English has transited to a phonetic spelling system, without cooperation from any government agency in any English-speaking country.
The trouble with this scenario, of course, is that it is based on a much higher level of cooperation than we've ever seen before in this world. So it probably won't happen. But it has been discussed. And the discussion has come to the attention of a few English-speaking people, some of whom are cheering the plotters on.
... a virtual machine running on a cluster of thousands of machines, ...
It's perhaps worth pointing out that it's been at least a quarter century since this sort of thing was done by The Newcastle Connection people. And there were a few smaller-scale projects before 1980 with roughly the same design.
Of course, that was built by a bunch of academics and used only by them and their (mostly government) sponsors, so I suppose it doesn't get noticed by the modern commercial world. Much better to pretend that we're doing something totally new.
Am I the only one who doesn't understand what an Internet OS is supposed to be?
/. I and others have been roundly chided and down-modded for objection to such sloppy terminology and trying to impose even a weak technical definition.
;-)
It's whatever the writer wants it to mean. "OS" has long since ceased to have any proper definition, at least since MS successfully put over the claim that their browser was part of their OS. Nowadays, you can claim that anything at all is part of an OS, and nobody (except a few silly geeks) will challenge you.
This is even true here on
So don't bother trying to find a definition; it's just a marketing acronym.
(Please ignore this if you're studying for a test in a systems programming course. Your prof will expect you to use such terms with their technical meaning.