A static checker will find most of those errors, including sometimes range issues like the last OpenSSH hole.
If you're interested in static analysis...
http://www.cs.berkeley.edu/~weimer/osq/
http://suif.stanford.edu/
http://www.research.ibm.com/people/h/hind/
discover.com has an article on FF graphics which touches on this subject. The squaresoft designers go into modeling flesh and why the skin has to be translucent to allow light to bounce off the blood and blood vessels beneath!
I can't get to the stanford paper right, but it appears that the squaresoft designers have known about, and used this in FF.
Another very good FDL'ed book is the "GNU automake, autoconf and libtool" book written by Gary V. Vaughan, Ben Elliston, Tom Tromey and Ian Lance Taylor.
This book has helped me a lot in understanding the interaction between automake, autoconf, and libtool. The GNU manual for these tools are excellent, but the book does a great job in showing how the three interaction. I'd say this is a must read for beginning outsource programmers.
The hardcopy's ISBN is 1578701902 and can be found at bn.com
Why is the the price of the software listed whenever this product is mentioned?
SSH is a great product and well worth it's price. The company has been very response to bugs in the past, this one being no exception. I've been using the commercial SSH for years now. It has a very liberal educational license and the ALL the source for the unix version is available. In fact I usually compile from source. Plus I seem to remember just as much OpenSSH holes in the past as ssh.com ones.
From the article I pickup the old 'all commercial software is bad and opensource rules' attitude, and for a journalist that's just frickin' sad.
NuSphere is wrong for registering [ a domain which is ] the TRADEMARK of a DIRECT COMPETITOR.
It is that simple IMHO.
MySQL AB probably puts a lot into development in the MySQL database, more than any other company I'd also assume. They spend money and effort on developing the core product, other companies can thus spend money on packaging that product and branding. Note that the activities the second company takes part in do not necessarily benefit the original company, and in fact may often hurt it's bottom line.
My point is, after looking very seriously into starting a opensource oriented software establishment, I've come to the conclusion that companies like MySQL are screwed.
If another company comes and drives MySQL AB out of business, even though fair competition, You, as a MySQL user, had better hope that company is ready and willing to pickup on core development where MySQL left off.
This is a bit off topic. But I wonder what a defacto linux kernel CVS feed would do the the development and distrubution of linux. I know Linus is very opposed to the idea.
(i) People would cvs update instead of downloading the entire source tree. I know we are suppose to use the patch, but how many people do that?
(ii)Contraversial patches would be committed to the tree but not to the main branch. that way there is a central repository of patches. Making accounting for previous patches much easier.
(iii)A central location and easy way to get and keep up to date with both Linus and Alan's tree. Even with some of the other guys as well.
To me just the central patch repository is a cool idea.
Hmmm, I sense a little tension,... Yes, yes, I think I do.
Jamie. What is AI?
I'd argue that the reporters may be correct to say this is AI and you are wrong.
Maybe AI is not just "learning algorithms", or simply what you'd normally study in a AI CS college class, but AI is "whatever seems to be intelligent, but's not natural". Actually have come across some interviews of very prominent AI researchers have equally loose definitions of AI. I tried to get the real video AI piece from CNN where the director of MIT AI labs gives a similar defination of AI, but I can't find it. It was one of the stories after the recent release of the AI movie.
Any algorithm that passes the turing test, no matter how it was built, is intelligent. Even if the programmer predicted *every* possible reaction to his program and just reacted to that in a human fashion, then his work is intelligent.
You can get general equipment racks that size, they're just really hard to come across. Because smaller racks aren't in high demand, they are harder to find and more expensive than a standard (19 inch wide) 72in. Rack. I saw 72inch open relay's going as cheap as $120 ( from APC, the UPS company, turns out they make racks too, check their website they have pictures), while I finally got my 48inch at $200 ( aluminum, black finish from codemicro.com ). I saw a few nice models from hammond inc. [ hammonddirect.com ] but they were impossible to find at retailers, and the webstore was out as well. I guess you can always buy a taller open relay rack and cut it. Chatsworth is another company you can look for.
I got one for my home lab. It's a 48in. rack open frame equipment rack ( basically 2 poles with holes in them attached to a metal plate at the bottom, they're much more accessible and cheaper than the enclosures ). I also got the cool thumb screws from rackrelease.com. I add/remove components all the time without the use of a screwdriver.
Look on ebay as well. There are rack models sometimes called "table top racks" . They are usually very cheap, as low as about $40 bucks and I've seen them on ebay for less. they look small and flimsy but should get as tall as about 8U I think
The original piece was irresponsible and so is the slashdot coverage.
Is every Chinese software company holding back changes made to GPL software? Are we just going to lump all "Chinese developers" as ignoring the GPL? Read the article and notice how the antagonist is always just "the Chinese developers".
I really dislike stories were the writers don't have the decency to research and give specific issues, name specific groups, ie. But go on and make *VERY* large and biased GENERALIZATIONS.
I'm not Chinese but I feel for the Chinese developers and hackers out there which this in no doubt offends.
I think that this is slightly off the mark. The difference in packaging formats is, IMO, a comparatively trivial complaint. It should be comparatively straightforward for just about any software supplier to provide both DEBs and RPMs for their software. It's not even a matter of recompiling, just repackaging.
I agree. Packaging is a trivial issue, and one poster already suggested the standard may have decided on RPM
OTOH, the lack of a standard desktop environment has the potential to be more of a problem.
Then support freedesktop.org. This group has already worked on and released a window manager standard for inter-op between desktops, and continue to work those other issues. The window manager standard was very well recieved I believe with just about every group out there represented (I followed the mailing list).
I believe if we support groups like freedesktop, the KDE/GNOME issue will slip more and more into the background, right where it belongs.
I'd like to take a moment and second that plea. XFS looks like, at least on paper, as the most promising general purpose jfs in the bunch, IMHO.
For some reason, and I strongly believe it's political, it's not in the official kernel. Even as "experimental" as reiser is. Even though SGI has declared the project stable enough for this step.
IMHO this is the second great addition SGI has given that has been so far rejected, the first being the kernel debugger.
Why are these projects being blocked? I have no idea. Ultimately, the user should be given the choice of whether they would like to run jfs/xfs/reiser/ext3 etc., and also whether he/she would like to debug with printk's or kdb., etc., etc.
UNIX POSIX are NOT just labels. How do you think the developers of GNU proogie got it to work on so many UNIX systems. Do you think there are a team of programmers for each OS? Or more than likely just one or two people who do the minimal patch required to get the program to compile on the "secondary" platforms.
Using POSIX or UNIX standard, programs can be written to run on a variety of platforms. These standards ARE necessary.
You can choose not to care about these acronyms because the GNU proogie developers, using UNIX and POSIX standards, have already done the caring for you.
Java is a morbid joke under most *nixes, at least in my experiences. SSI is ok but again for heavy content, sites with
massive interaction from the server to client, it can become cumbersome too.
I agree with your general aguement 100%, right tool for the right job, but you are entirely wrong on java.
Forget Java servlets, try JSP. JSP source is compiled by the JSP server ( eg. apache tomcat ) right before the page is viewed the first time. This makes JSP potentially very fast. I don't have benchmarks, but I'd bet a mature JSP server would kick most other scripting languages' butts in speed.
JSP also has some very cool features useful for larger projects. Taglibs allow you to make your own markup tags. This allows you as a programmer to hide the implementation details from the designers (as not to confuse them, separation of content/presentation, etc.). Check out info on taglibs at the apache tomcat web site. PS I'd love to see taglibs in PHP.
JSP allows you to store objects at different scope levels. So you can, for example, have a method execute at startup, and the result is saved in application scope for every session of your app to use.
Many of the open source web applications I see out, IMHO, there are better suited for JSP then PHP. I NOT a big fan of java and I understand the pressure to use PHP because of more talent out there (I had to make that decision recently), But I think more people should download tomcat give JSP a try. It might be the better technology for your next web project.
(i) you don't understand XML very well
(ii)you haven't done much with xml parsers
A few points... (I'm not going to bother copy/paste your comment)
(i)DTDs don't have to be remote.
(ii)Most XML apps will not touch the parser code, just the API (eg. using libxml or the like)
(iii)XML solves a lot of the problems earlier, 'looser' SGML based standards brought on, eg HTML. and it's 'optionally-closed-tags' for instanced. That's way HTML was written in XML ( XHTML ), TO MAKE IT EASIER TO PARSE!! I'm not going to venture as far as to say that writing XML parsers (from scratch) is easy. I have in the past, and I'm currently working on one right now - It is not cake. But it is far from difficult and the benefits of a very portable language is worth it
(iv)What the hell does a XML grammer have be standardised by the W3? There are tons of these grammers out there. And that's exactly what I think the W3C had in mind when they created XML. To have those specialized languages parsable WITH ONE PARSER.
I have a new bandwagon for you, "the bandwagon of people who know little about a technology but blindly bash it for exactly that".
I'm sorry man but I'd suggest you stop over at http://www.w3.org/ and do some reading
I always give the pretty girls 0's and the ugly girls 10, just to fuck with the system.
I feel like I'm getting back at the swell headed ones, and giving the shy ones a boost of moral
I have some friends who screwed senior design because of that site. Every meeting they would all load up that site and click for hours.
There's a neat saying I picked up from psych. class, it is
hindsight is 20/20
We can sit back now and laugh at those predictions knowing the outcome, but with the rapid change back then, these predictions were not as outrageous as they appear to be now
I agree with the predictions actually, to some extent. Sites like BBQ.com have changed the internet using society. Poorly thought of dot coms are dying just as any weak traditional company would. But there are tons of niche sites out there still thriving.
But does it have a restricted mode?
on
To Z Or Not To Z
·
· Score: 1
I tried zsh a while back looking for a restricted mode shell. Although the documentation said it had this feature I could not get it to work. I ended up using bash shell restricted mode.
What I'd like to see in a shell is a configurable restricted mode. So I can allow some users to cd , some to cd out of their homedirectory hierarchary, etc., etc...
The real fix, of course, is to find operating systems vendors liable for selling systems which allow attackers to use OS
vulnerabilities to take over a system and use it to attack a third party.
And where would that leave linux, *bsd, etc? Should Alan or Linus be sued for tcp bugs?
Slashdot Mirror
This already exists, try splint formally lclint at http://splint.org/
A static checker will find most of those errors, including sometimes range issues like the last OpenSSH hole.
If you're interested in static analysis...
http://www.cs.berkeley.edu/~weimer/osq/
http://suif.stanford.edu/
http://www.research.ibm.com/people/h/hind/
Make sure you check out Hind's intro paper at http://www.research.ibm.com/people/h/hind/paste01. ps
discover.com has an article on FF graphics which touches on this subject. The squaresoft designers go into modeling flesh and why the skin has to be translucent to allow light to bounce off the blood and blood vessels beneath!
I can't get to the stanford paper right, but it appears that the squaresoft designers have known about, and used this in FF.
The article is at http://www.discover.com/july_01/featvirtual.html
Another very good FDL'ed book is the "GNU automake, autoconf and libtool" book written by Gary V. Vaughan, Ben Elliston, Tom Tromey and Ian Lance Taylor.
This book has helped me a lot in understanding the interaction between automake, autoconf, and libtool. The GNU manual for these tools are excellent, but the book does a great job in showing how the three interaction. I'd say this is a must read for beginning outsource programmers.
The hardcopy's ISBN is 1578701902 and can be found at bn.com
Why is the the price of the software listed whenever this product is mentioned?
SSH is a great product and well worth it's price. The company has been very response to bugs in the past, this one being no exception. I've been using the commercial SSH for years now. It has a very liberal educational license and the ALL the source for the unix version is available. In fact I usually compile from source. Plus I seem to remember just as much OpenSSH holes in the past as ssh.com ones.
From the article I pickup the old 'all commercial software is bad and opensource rules' attitude, and for a journalist that's just frickin' sad.
NuSphere is wrong for registering [ a domain which is ] the TRADEMARK of a DIRECT COMPETITOR.
It is that simple IMHO.
MySQL AB probably puts a lot into development in the MySQL database, more than any other company I'd also assume. They spend money and effort on developing the core product, other companies can thus spend money on packaging that product and branding. Note that the activities the second company takes part in do not necessarily benefit the original company, and in fact may often hurt it's bottom line.
My point is, after looking very seriously into starting a opensource oriented software establishment, I've come to the conclusion that companies like MySQL are screwed.
If another company comes and drives MySQL AB out of business, even though fair competition, You, as a MySQL user, had better hope that company is ready and willing to pickup on core development where MySQL left off.
This is a bit off topic. But I wonder what a defacto linux kernel CVS feed would do the the development and distrubution of linux. I know Linus is very opposed to the idea.
(i) People would cvs update instead of downloading the entire source tree. I know we are suppose to use the patch, but how many people do that?
(ii)Contraversial patches would be committed to the tree but not to the main branch. that way there is a central repository of patches. Making accounting for previous patches much easier.
(iii)A central location and easy way to get and keep up to date with both Linus and Alan's tree. Even with some of the other guys as well.
To me just the central patch repository is a cool idea.
Hmmm, I sense a little tension,... Yes, yes, I think I do.
Jamie. What is AI?
I'd argue that the reporters may be correct to say this is AI and you are wrong.
Maybe AI is not just "learning algorithms", or simply what you'd normally study in a AI CS college class, but AI is "whatever seems to be intelligent, but's not natural". Actually have come across some interviews of very prominent AI researchers have equally loose definitions of AI. I tried to get the real video AI piece from CNN where the director of MIT AI labs gives a similar defination of AI, but I can't find it. It was one of the stories after the recent release of the AI movie.
Any algorithm that passes the turing test, no matter how it was built, is intelligent. Even if the programmer predicted *every* possible reaction to his program and just reacted to that in a human fashion, then his work is intelligent.
To simply put my arguement...
Intelligence is as the intelligent does.
For some reason, when I saw the article I thought of cat5.
The article had me going for a while as I tried to figure out what the big deal was, I mean, we've had 1000Mb for copper for years now : )
You can get general equipment racks that size, they're just really hard to come across. Because smaller racks aren't in high demand, they are harder to find and more expensive than a standard (19 inch wide) 72in. Rack. I saw 72inch open relay's going as cheap as $120 ( from APC, the UPS company, turns out they make racks too, check their website they have pictures), while I finally got my 48inch at $200 ( aluminum, black finish from codemicro.com ). I saw a few nice models from hammond inc. [ hammonddirect.com ] but they were impossible to find at retailers, and the webstore was out as well. I guess you can always buy a taller open relay rack and cut it. Chatsworth is another company you can look for.
I got one for my home lab. It's a 48in. rack open frame equipment rack ( basically 2 poles with holes in them attached to a metal plate at the bottom, they're much more accessible and cheaper than the enclosures ). I also got the cool thumb screws from rackrelease.com. I add/remove components all the time without the use of a screwdriver.
Look on ebay as well. There are rack models sometimes called "table top racks" . They are usually very cheap, as low as about $40 bucks and I've seen them on ebay for less. they look small and flimsy but should get as tall as about 8U I think
I feel I must point this out.
The original piece was irresponsible and so is the slashdot coverage.
Is every Chinese software company holding back changes made to GPL software? Are we just going to lump all "Chinese developers" as ignoring the GPL? Read the article and notice how the antagonist is always just "the Chinese developers".
I really dislike stories were the writers don't have the decency to research and give specific issues, name specific groups, ie. But go on and make *VERY* large and biased GENERALIZATIONS.
I'm not Chinese but I feel for the Chinese developers and hackers out there which this in no doubt offends.
I agree. Packaging is a trivial issue, and one poster already suggested the standard may have decided on RPM
OTOH, the lack of a standard desktop environment has the potential to be more of a problem.
Then support freedesktop.org. This group has already worked on and released a window manager standard for inter-op between desktops, and continue to work those other issues. The window manager standard was very well recieved I believe with just about every group out there represented (I followed the mailing list).
I believe if we support groups like freedesktop, the KDE/GNOME issue will slip more and more into the background, right where it belongs.
A very good detailed (again, DETAILED!) piece : )
I'd like to take a moment and second that plea. XFS looks like, at least on paper, as the most promising general purpose jfs in the bunch, IMHO.
For some reason, and I strongly believe it's political, it's not in the official kernel. Even as "experimental" as reiser is. Even though SGI has declared the project stable enough for this step.
IMHO this is the second great addition SGI has given that has been so far rejected, the first being the kernel debugger.
Why are these projects being blocked? I have no idea. Ultimately, the user should be given the choice of whether they would like to run jfs/xfs/reiser/ext3 etc., and also whether he/she would like to debug with printk's or kdb., etc., etc.
my two cents...
that comment getting +5 scares me.
UNIX POSIX are NOT just labels. How do you think the developers of GNU proogie got it to work on so many UNIX systems. Do you think there are a team of programmers for each OS? Or more than likely just one or two people who do the minimal patch required to get the program to compile on the "secondary" platforms.
Using POSIX or UNIX standard, programs can be written to run on a variety of platforms. These standards ARE necessary.
You can choose not to care about these acronyms because the GNU proogie developers, using UNIX and POSIX standards, have already done the caring for you.
I agree with your general aguement 100%, right tool for the right job, but you are entirely wrong on java.
Forget Java servlets, try JSP. JSP source is compiled by the JSP server ( eg. apache tomcat ) right before the page is viewed the first time. This makes JSP potentially very fast. I don't have benchmarks, but I'd bet a mature JSP server would kick most other scripting languages' butts in speed.
JSP also has some very cool features useful for larger projects. Taglibs allow you to make your own markup tags. This allows you as a programmer to hide the implementation details from the designers (as not to confuse them, separation of content/presentation, etc.). Check out info on taglibs at the apache tomcat web site. PS I'd love to see taglibs in PHP.
JSP allows you to store objects at different scope levels. So you can, for example, have a method execute at startup, and the result is saved in application scope for every session of your app to use.
Many of the open source web applications I see out, IMHO, there are better suited for JSP then PHP. I NOT a big fan of java and I understand the pressure to use PHP because of more talent out there (I had to make that decision recently), But I think more people should download tomcat give JSP a try. It might be the better technology for your next web project.
PS. those colors really are an improvement
From your reply..
(i) you don't understand XML very well
(ii)you haven't done much with xml parsers
A few points... (I'm not going to bother copy/paste your comment)
(i)DTDs don't have to be remote.
(ii)Most XML apps will not touch the parser code, just the API (eg. using libxml or the like)
(iii)XML solves a lot of the problems earlier, 'looser' SGML based standards brought on, eg HTML. and it's 'optionally-closed-tags' for instanced. That's way HTML was written in XML ( XHTML ), TO MAKE IT EASIER TO PARSE!! I'm not going to venture as far as to say that writing XML parsers (from scratch) is easy. I have in the past, and I'm currently working on one right now - It is not cake. But it is far from difficult and the benefits of a very portable language is worth it
(iv)What the hell does a XML grammer have be standardised by the W3? There are tons of these grammers out there. And that's exactly what I think the W3C had in mind when they created XML. To have those specialized languages parsable WITH ONE PARSER.
I have a new bandwagon for you, "the bandwagon of people who know little about a technology but blindly bash it for exactly that".
I'm sorry man but I'd suggest you stop over at http://www.w3.org/ and do some reading
Choice?
The user ( or developer using moz embedded) gets to pick her/his widget tk.
I don't think that's a bad design goal either.
I always give the pretty girls 0's and the ugly girls 10, just to fuck with the system. I feel like I'm getting back at the swell headed ones, and giving the shy ones a boost of moral I have some friends who screwed senior design because of that site. Every meeting they would all load up that site and click for hours.
There's a neat saying I picked up from psych. class, it is
hindsight is 20/20
We can sit back now and laugh at those predictions knowing the outcome, but with the rapid change back then, these predictions were not as outrageous as they appear to be now
I agree with the predictions actually, to some extent. Sites like BBQ.com have changed the internet using society. Poorly thought of dot coms are dying just as any weak traditional company would. But there are tons of niche sites out there still thriving.
I tried zsh a while back looking for a restricted mode shell. Although the documentation said it had this feature I could not get it to work. I ended up using bash shell restricted mode.
What I'd like to see in a shell is a configurable restricted mode. So I can allow some users to cd , some to cd out of their homedirectory hierarchary, etc., etc...
And where would that leave linux, *bsd, etc? Should Alan or Linus be sued for tcp bugs?