Sun used the CDDL just to make sure Linux never got ZFS
That's a paranoid way of looking at it. Why Sun chose the CDDL instead of the GPL was to retain the right to fork a proprietary version while retaining GPL-like lincensing in all other respects. The CDDL is a better choice for businesses than the GPL as it offers some degree of protection from FSF lawsuits while still requiring that modifications be contributed back to the community.
A common misconception is about CDDL and GPL incompatibility. (Incompatibility in the sense: to combine two source files, one under GPL and another under CDDL, to create a common executable.) GPL is incompatible with most licenses like Mozilla Public License, Apache, and CDDL. GPL wants you erase those licenses and use GPL in that place, where as these licenses do not permit erasing them. Hence the incompatibility deadlock.
Either that or recognizing how quickly MS could kill a Silicon Valley company like Yahoo (as they did to GO).
No, I think Yahoo's real Achilles heel can be summed-up in two words: middle management. Well ok, four words: technically underqualified middle management. The low point was when one of these middle managers tried to switch the entire corporate email system to MS Exchange. While that was the lowest of their low points many others continue to be nearly as bad. Bottom-line is that middle managers are rarely held responsible, upper managers are too busy, and everyone is skilled at pretending to be over-committed (which many are) and afraid to do anything about it.
Solaris tried to act like it was Linux and just failed
Curious how Solaris tried? IMO the problem was that they didn't try. They had a good thing started with SunFreeware, and Blastwave, but completely dropped that (package repository) ball. That and their lack of a coherent desktop strategy pretty much limited them to non-repo, non-desktop applications i.e., high-end servers. I blame this on management living in their own world and not getting out into the field much.
I must confess to still liking Solaris for a limited number of datacenter / compute-farm tasks. It has so many fewer bugs than anything GNU, leaving admins free from rpm/deb dependency-hell, upgrade-hell, and the far, far too frequent Linux kernel vulnerabilities and non-backwards-compatible ABI changes.
That said Sunsolve is but a shadow of its former self, there's still no sign Sun/Oracle will follow through on any of their recent initiatives (javafx, glassfish, java scripting language integration,...), and no sign they have a clue WRT desktops, low-end entry points, package management, cross-platform compatibility, or much of anything the other 95% of the Unix/Linux mind-share/market is doing.
The jury is still out on how Oracle might change any of this.
They closed the 64-bit Linux beta... but didn't release a 64-bit Linux version of 10.1? So they closed the beta but not the security hole? Rocket surgery indeed!
Obviously something fundamental is wrong at Adobe. My guess is that they're code-bound by proprietary hooks, much the same as Microsoft (and Apple) though to a far greater degree.
Bottom line is Flash must go.
Flash is the suckiest application on the web, beating all rivals in unpatched vulnerabilities by a country mile. (ok, maybe Acrobat is a close second)
Disappointing that Palm won't talk about the incident. Make you wonder what else they're not talking about (like WebOS security...).
The most likely root cause of this outage was WebOS' Achilles heel, its dependence on Javascript. This design flaw, putting so much behind an impossible to secure, single-threaded, shared-memory, programming language/environment has cost Palm a lot of development cycles and will continue to give Android the advantage IMHO.
Infosec in the Government has needed funding for a long time now
Funding alone won't have an effect on the organizational dynamics.
The only way.gov security is going to improve is if qualified people have the authority to enforce effective policies.
To get qualified people you have to require regular training and testing. You also have to go where the qualified people are (by not requiring them to move to DC, Baltimore,...). To get effective policies you have to allow them to be written per business (not government) best practices without undue influence from special interests. Such policies would have to be created outside of the traditional groups such as the IETF, IANA/ARIN et al as those have all become as stifled by special interests (directly and through astroturfing/lobbyists) over the past decade. Lastly and most importantly such policies would have to be enforceable. That means an authority (like DHS should have been, could have been) that can cancel contracts and fire people.
Problem is the leadership needed to hire and empower qualified people and create enforceable policies does not exist at any level of the US Federal government.
Sounds great, except for the part about living in the D.C. area...
Good point. This is a _large_ part of the problem. The best IT people are simply not going to move for a government job that pays less, has double the bureaucracy. and requires them to live in someplace like DC (which has some pretty nice neighborhoods actually, just not when compared to the West Coast in general and Silicon Valley in particular).
Good luck to the security professionals who think they can make a difference in the Federal government. I subcontracted at the GAO many years ago and saw some of the same issues. Mentioned them to higher-ups, and higher-higher-ups. No repsponse, no improved security, not even a formal recognition of the problem. The primary contractors themselves were just as much to blame. Their main goal seemed to be maintaining the contract at any expense, including bad security, including shooting the messenger.
Bottom line is that.gov security issues are not really security issues as such, they are organizational issues. As long as you don't address the fundamental problem of entrenched, mid-level, non-technical management all the money in the world won't fix it.
No news here. Anyone purchasing services from Network Solutions simply hasn't done their homework. The rest of us left this disreputable vendor years ago.
These bugs can all be traced back to that fact that WebOS is essentially a web browser and the applications are written in JavaScript and HTML.
The article is accurate in so far as JavaScript is concerned. Palm has a long way to go if they ever hope to implement javascript securely on the scale they're using it. Checks have to be built into the SDK and the client engine, and they have to be updated regularly (quite frequently if Firefox' Noscript is any benchmark).
I've authored enough JS (not to be confused with CSS) to doubt that Palm will be able to do it. Nobody else has implemented JS securely, so WebOS device owners should expect to be hacked and use their cell phones accordingly.
paying kids for books read increased standardized test scores
It also instills the value that you shouldn't read unless you're being paid to. This is a well known downside, covered in most behavioral / developmental psychology degree programs.
A similar drawback exists for standardized tests themselves as well as technical certificate testing. The testing rarely translates into significant real-world problem solving abilities. As with pay-for-study the instruction becomes valued for it's immediate result and tends to have a negative effect on learning. See also research on deferred gratification and planning horizons.
In short, like deficit spending, it trades a small short-term payoff for a relatively large long-term handicap.
Java's Big Thing was its ability to be written once, and run on VMs on any platform. That advantage was promptly killed by the rise of AJAX and all its cross-platform happiness
Java had a great start but really dropped the ball after the first couple of releases, as did its parent company after SunOS 4. I mean come on, Java had no regular expression support until Java 1.4!
The future of Java is in its scripting languages, Jython in particular. As per Sun's "GM Management Style" their languages guru emphasized Groovy and Jruby and didn't support Jython to class compilation development. Not surprisingly Java's slide has continued throughout this manager's tenture. He resigned a few weeks ago, indicating there is more of clue among top management.
If the dysfunctional JVM scripting language de-emphasis goes away we'll be see more applications with a Java core and scripting at the edges. I'm sure hoping it does, and soon.
Since our company has a requirement for Open Standard file formats we can still forbid MS. When Microsoft apologists whine "but it's OOXML, that's an ISO standard" we can reply "sorry, it isn't standard OOXML".
Universities are lagging not just in security tech but systems tech in general, and systems administration in particular. Network engineering training programs do a a much better job, and software engineering programs do a fair job addressing security. The missing component is systems administration.
Security is only as good as its weakest link. If you are focused on communications, or focused on code, and ignore the larger picture (i.e., systems) vulnerabilities will be inevitable.
Another problem is financial. Bean counters and stock holders are focused on the short term whereas security requires a long-term perspective. Because new features can be implemented quickly, without taking time to implement security (see any Microsoft OS for the most obvious examples) they often are. Only high-level input from systems analysts (i.e., senior systems administrators) can address this/ This is also why a lot of applications are coded in scripting languages like PHP and Perl which don't provide for strong compile-time code checking or have good run-time security profiles.
When universities have Unix/Linux Systems Administration degree programs we will see better computer and communications security, especially if those programs are run by experienced sysadmins (as opposed to PhDs or career academics). When systems administion graduates have a seat at table alongside project managers, software engineers, requirements analysts, hr and accounting you will see better security.
Until then it will continue to be the same ol' same ol', with lots of activity in Bugtraq and CERT, and lots of time wasted on software upgrades.
* vendor lock-in
* cost (most of which goes to pay for lobbying, marketing and fighting anti-trust)
* security (nothing beats IE or Outlook as virus and trojan vectors)
* cross-platform compatibility (i.e., ooxml, AD and other pseudo-"standards")
* cost (much of which goes into developing code for vendor lock-in)
* privacy (how many ways does W7 report back to MS, nobody knows for sure but it would make Google blush)
* cost (of incentivizing 3rd party software and hardware vendors not to develop for Linux, Unix, Mac,...)
* cost (of systems administation, 10 to 50 times greater than for Mac or Linux desktops)
* security (how many times are you prepared to reinstall after the next BSOD?)
* (truncated for brevity, but an internet search will document much more)
I have a reasonably fast Vista notebook (Windows score 4.2.) MS Word 2003 starts in... let me measure... 4 seconds
Never ceases to amaze me how few Windows users know about all the autoloaded applications that put themselves into memory at boot time. MS Word doesn't load in 4 seconds unless it is autoloaded. All those autoloaded applications cause anything that's not autoloaded to run slow because there's less ram available.
Of course OpenOffice can be autoloaded too but it doesn't autoload itself by default, without telling you.
I use OpenOffice at home but it would be a tad heavy for a netbook
"Heavy", for a "netbook"? what on earth are you talking about? I own an MSI Wind which cost all of $280 USD. It has a 40GB hard drive, 2GB RAM (upgraded from 1GB for $12), 802.11, ethernet, vga, and three USB ports. Openoffice loads in less time on this netbook than on my desktop. Why would I opt for something as feature poor as Abiword or Google Docs given all that OO has to offer?
Ubuntu's deal with Google is nothing more than horse trading. They were simply paid more by Google than by Sun/Oracle. Bottom line, end of story. Install Debian if you don't like corporate back room deals. Or install Ubuntu and run 'aptitude install Openoffice'. But don't for a minute believe the maketing hype that this was somehow meant to benefit netbook consumers.
Yes, the "beauty of open source" is that people waste time and energy on an obsolete product
That's not what "obsolete" means. Fact is that httpd 1.3 does more than everything we need in less memory than any 2.X version. It also has had less than half the security vulnerabilities of the 2.X branch. Over the past 8 years that secure code base has saved something like one engineer-month (~$10K) in upgrades alone. But then I'm lazy, and happy to have better things to do than upgrade software for no good reason.
Unfortunately, NIH syndrome is endemic to software engineering. As a result we get stuck with absolute crap like KDE4, bash and ksh scripts where sh would do (and be POSIX compliant), and bloatware like named and drupal which are nowhere near modular enough to build without unneeded features.
Until we have a sort of reciprocity wrt searching data, until we know who has been doing it, we will be at a disadvantage. The searching is already happening. But who is watching the watch-birds? That's what I want to know.
Considering the news that broke just today, outlining how Google is partnering with the NSA to investigate CN state sponsored "cyber attacks", it should come as no surprise when this opportunistic partnership matures into something very different from what was originally intended (the China pretense).
Same thing happened when the Special Prosecutor position created to investigate Richard Nixon matured into the investigation of Bill Clinton's extra-marital affair (the Whitewater pretense), and Bush's blanket telecommunications investigation "matured" into a similar witch hunt of the governor of New York, who coincidentally was one of the few lawyers prosecuting banking and investment fraud (the 911 pretense).
I'd bet any money the Google/NSA partnership will mature into more political and economic espionage than it will into protection from anything illegal.
https can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data
Reference please? How would encrypted data travel any different than unencrypted date? Routers don't look at content and the difference in payload sizes is negligible.
Perhaps the poster is assuming the CPU required for encryption/decryption will slow the message down but we're talking about milliseconds, nothing that rises to the level of human perception.
Honestly have to wonder whether the OP is a Yahoo!, Compuserv, or AOL employee, given how out-of-date those companies' email and webmail offerings have become. Everyone else converted to HTTPS webmail and IMAP/POP over SSL/TLS long ago.
Nor do a large percentage of websites currently back-ended by relational dbs need to be. For sites that don't need persistence SQlite is a better choice.
A web site is a classic multiuser scenario for an RDBMS
When you're a hammer everything looks like a nail. Such is the rational for much bloated code and many unnecessarily dependency-laden systems and applications.
It's also MySQL's sweet spot.
And Postgres', and Oracle's, and... One thing I like about MySQL is being able to pick and choose among different table types. Of course the downside is the default myisam's locking, and ability to become corrupt ("repair table" and "truncate table" are the MySQL admin's friends). But then innodb tables don't offer anything over PgSQL... So, if you like clean code and good documentation Postgres tends to be in the sweet spot. Also helps that it has far and away the best resistance to vendor lock-in.
Impetus for this change will come, he believes, from the phone world
The predicted convergence is very unlikely for two reasons: keyboard and display. It is not possible to be as productive on a less-than 25cm wide cell phone keyboard as on a netbook, and nobody has holsters or shirt pockets large enough for a real keyboard. The same holds true for displays. Phones are fine for reading WAP-enabled HTML and composing short emails or text messages, but that's not what people use netbooks for.
Apple's rumored iSlate, an iPhone with ports for keyboard and monitor, may work for some but the hassle of carrying around a keyboard/monitor won't be easier than carrying around a netbook, and netbooks will always have far more CPU and RAM.
I have to agree with my engineering friends on the other side of the pond and chalk up another faux-pas to the BBC, whose website, streaming audio, and tech reporting have never been particularly cutting edge. Not that our own NPR/PRI does tech any better.
How can a competent developer not understand operating system concepts?
Operating system concepts are one thing, systems administration is quite another. Most competent engineers can install and configure software given a package management interface but few can manage a system, including their own desktop. Every instance I've known where developers had root/administrator access they regularly screwed it up.
SA and ENG are both full time disciplines and nobody can do both well. Sure they think they can, but auditing their systems/code tells a different story.
And therein lies the problem with being an SA. Everyone thinks they can do it regardless of training or experience. It's like engineers programming themselves and their companies into dead end, high maintenance, dependency handicapped, unreadable code hell. Cleaning up takes lots of time and money whether the mess was created by an SA or an engineer. Badly designed systems, like badly designed code, has derailed many an otherwise promising application and business and will continue to do so wherever developers act as administrators and visa-versa.
Personally, I wouldn't buy any netbook with a screen smaller than 10', larger than 11', or heavier than 2.5lbs. The ideal is IMO 8.5x11.0.5, =4h battery life.
Slashdot Mirror
Sun used the CDDL just to make sure Linux never got ZFS
That's a paranoid way of looking at it. Why Sun chose the CDDL instead of the GPL was to retain the right to fork a proprietary version while retaining GPL-like lincensing in all other respects. The CDDL is a better choice for businesses than the GPL as it offers some degree of protection from FSF lawsuits while still requiring that modifications be contributed back to the community.
Quoting http://blogs.sun.com/chandan/entry/copyrights_licenses_and_cddl_illustrated
A common misconception is about CDDL and GPL incompatibility. (Incompatibility in the sense: to combine two source files, one under GPL and another under CDDL, to create a common executable.) GPL is incompatible with most licenses like Mozilla Public License, Apache, and CDDL. GPL wants you erase those licenses and use GPL in that place, where as these licenses do not permit erasing them. Hence the incompatibility deadlock.
thumb your nose at the evil MS
Either that or recognizing how quickly MS could kill a Silicon Valley company like Yahoo (as they did to GO).
No, I think Yahoo's real Achilles heel can be summed-up in two words: middle management. Well ok, four words: technically underqualified middle management. The low point was when one of these middle managers tried to switch the entire corporate email system to MS Exchange. While that was the lowest of their low points many others continue to be nearly as bad. Bottom-line is that middle managers are rarely held responsible, upper managers are too busy, and everyone is skilled at pretending to be over-committed (which many are) and afraid to do anything about it.
Solaris tried to act like it was Linux and just failed
Curious how Solaris tried? IMO the problem was that they didn't try. They had a good thing started with SunFreeware, and Blastwave, but completely dropped that (package repository) ball. That and their lack of a coherent desktop strategy pretty much limited them to non-repo, non-desktop applications i.e., high-end servers. I blame this on management living in their own world and not getting out into the field much.
I must confess to still liking Solaris for a limited number of datacenter / compute-farm tasks. It has so many fewer bugs than anything GNU, leaving admins free from rpm/deb dependency-hell, upgrade-hell, and the far, far too frequent Linux kernel vulnerabilities and non-backwards-compatible ABI changes.
That said Sunsolve is but a shadow of its former self, there's still no sign Sun/Oracle will follow through on any of their recent initiatives (javafx, glassfish, java scripting language integration, ...), and no sign they have a clue WRT desktops, low-end entry points, package management, cross-platform compatibility, or much of anything the other 95% of the Unix/Linux mind-share/market is doing.
The jury is still out on how Oracle might change any of this.
They closed the 64-bit Linux beta ... but didn't release a 64-bit Linux version of 10.1? So they closed the beta but not the security hole? Rocket surgery indeed!
Obviously something fundamental is wrong at Adobe. My guess is that they're code-bound by proprietary hooks, much the same as Microsoft (and Apple) though to a far greater degree.
Bottom line is Flash must go.
Flash is the suckiest application on the web, beating all rivals in unpatched vulnerabilities by a country mile. (ok, maybe Acrobat is a close second)
Disappointing that Palm won't talk about the incident. Make you wonder what else they're not talking about (like WebOS security...).
The most likely root cause of this outage was WebOS' Achilles heel, its dependence on Javascript. This design flaw, putting so much behind an impossible to secure, single-threaded, shared-memory, programming language/environment has cost Palm a lot of development cycles and will continue to give Android the advantage IMHO.
Infosec in the Government has needed funding for a long time now
Funding alone won't have an effect on the organizational dynamics.
The only way .gov security is going to improve is if qualified people have the authority to enforce effective policies.
To get qualified people you have to require regular training and testing. You also have to go where the qualified people are (by not requiring them to move to DC, Baltimore, ...). To get effective policies you have to allow them to be written per business (not government) best practices without undue influence from special interests. Such policies would have to be created outside of the traditional groups such as the IETF, IANA/ARIN et al as those have all become as stifled by special interests (directly and through astroturfing/lobbyists) over the past decade. Lastly and most importantly such policies would have to be enforceable. That means an authority (like DHS should have been, could have been) that can cancel contracts and fire people.
Problem is the leadership needed to hire and empower qualified people and create enforceable policies does not exist at any level of the US Federal government.
Sounds great, except for the part about living in the D.C. area ...
Good point. This is a _large_ part of the problem. The best IT people are simply not going to move for a government job that pays less, has double the bureaucracy. and requires them to live in someplace like DC (which has some pretty nice neighborhoods actually, just not when compared to the West Coast in general and Silicon Valley in particular).
Good luck to the security professionals who think they can make a difference in the Federal government. I subcontracted at the GAO many years ago and saw some of the same issues. Mentioned them to higher-ups, and higher-higher-ups. No repsponse, no improved security, not even a formal recognition of the problem. The primary contractors themselves were just as much to blame. Their main goal seemed to be maintaining the contract at any expense, including bad security, including shooting the messenger.
Bottom line is that .gov security issues are not really security issues as such, they are organizational issues. As long as you don't address the fundamental problem of entrenched, mid-level, non-technical management all the money in the world won't fix it.
No news here. Anyone purchasing services from Network Solutions simply hasn't done their homework. The rest of us left this disreputable vendor years ago.
These bugs can all be traced back to that fact that WebOS is essentially a web browser and the applications are written in JavaScript and HTML.
The article is accurate in so far as JavaScript is concerned. Palm has a long way to go if they ever hope to implement javascript securely on the scale they're using it. Checks have to be built into the SDK and the client engine, and they have to be updated regularly (quite frequently if Firefox' Noscript is any benchmark).
I've authored enough JS (not to be confused with CSS) to doubt that Palm will be able to do it. Nobody else has implemented JS securely, so WebOS device owners should expect to be hacked and use their cell phones accordingly.
paying kids for books read increased standardized test scores
It also instills the value that you shouldn't read unless you're being paid to. This is a well known downside, covered in most behavioral / developmental psychology degree programs.
A similar drawback exists for standardized tests themselves as well as technical certificate testing. The testing rarely translates into significant real-world problem solving abilities. As with pay-for-study the instruction becomes valued for it's immediate result and tends to have a negative effect on learning. See also research on deferred gratification and planning horizons.
In short, like deficit spending, it trades a small short-term payoff for a relatively large long-term handicap.
Java's Big Thing was its ability to be written once, and run on VMs on any platform. That advantage was promptly killed by the rise of AJAX and all its cross-platform happiness
AJAX is wholly orthogonal to Java uptake.
Java had a great start but really dropped the ball after the first couple of releases, as did its parent company after SunOS 4. I mean come on, Java had no regular expression support until Java 1.4!
The future of Java is in its scripting languages, Jython in particular. As per Sun's "GM Management Style" their languages guru emphasized Groovy and Jruby and didn't support Jython to class compilation development. Not surprisingly Java's slide has continued throughout this manager's tenture. He resigned a few weeks ago, indicating there is more of clue among top management.
If the dysfunctional JVM scripting language de-emphasis goes away we'll be see more applications with a Java core and scripting at the edges. I'm sure hoping it does, and soon.
Since our company has a requirement for Open Standard file formats we can still forbid MS. When Microsoft apologists whine "but it's OOXML, that's an ISO standard" we can reply "sorry, it isn't standard OOXML".
Universities are lagging not just in security tech but systems tech in general, and systems administration in particular. Network engineering training programs do a a much better job, and software engineering programs do a fair job addressing security. The missing component is systems administration.
Security is only as good as its weakest link. If you are focused on communications, or focused on code, and ignore the larger picture (i.e., systems) vulnerabilities will be inevitable.
Another problem is financial. Bean counters and stock holders are focused on the short term whereas security requires a long-term perspective. Because new features can be implemented quickly, without taking time to implement security (see any Microsoft OS for the most obvious examples) they often are. Only high-level input from systems analysts (i.e., senior systems administrators) can address this/ This is also why a lot of applications are coded in scripting languages like PHP and Perl which don't provide for strong compile-time code checking or have good run-time security profiles.
When universities have Unix/Linux Systems Administration degree programs we will see better computer and communications security, especially if those programs are run by experienced sysadmins (as opposed to PhDs or career academics). When systems administion graduates have a seat at table alongside project managers, software engineers, requirements analysts, hr and accounting you will see better security.
Until then it will continue to be the same ol' same ol', with lots of activity in Bugtraq and CERT, and lots of time wasted on software upgrades.
What's wrong with Windows
That's easy:
* vendor lock-in ...)
* cost (most of which goes to pay for lobbying, marketing and fighting anti-trust)
* security (nothing beats IE or Outlook as virus and trojan vectors)
* cross-platform compatibility (i.e., ooxml, AD and other pseudo-"standards")
* cost (much of which goes into developing code for vendor lock-in)
* privacy (how many ways does W7 report back to MS, nobody knows for sure but it would make Google blush)
* cost (of incentivizing 3rd party software and hardware vendors not to develop for Linux, Unix, Mac,
* cost (of systems administation, 10 to 50 times greater than for Mac or Linux desktops)
* security (how many times are you prepared to reinstall after the next BSOD?)
* (truncated for brevity, but an internet search will document much more)
I have a reasonably fast Vista notebook (Windows score 4.2.) MS Word 2003 starts in ... let me measure ... 4 seconds
Never ceases to amaze me how few Windows users know about all the autoloaded applications that put themselves into memory at boot time. MS Word doesn't load in 4 seconds unless it is autoloaded. All those autoloaded applications cause anything that's not autoloaded to run slow because there's less ram available.
Of course OpenOffice can be autoloaded too but it doesn't autoload itself by default, without telling you.
I use OpenOffice at home but it would be a tad heavy for a netbook
"Heavy", for a "netbook"? what on earth are you talking about? I own an MSI Wind which cost all of $280 USD. It has a 40GB hard drive, 2GB RAM (upgraded from 1GB for $12), 802.11, ethernet, vga, and three USB ports. Openoffice loads in less time on this netbook than on my desktop. Why would I opt for something as feature poor as Abiword or Google Docs given all that OO has to offer?
Ubuntu's deal with Google is nothing more than horse trading. They were simply paid more by Google than by Sun/Oracle. Bottom line, end of story. Install Debian if you don't like corporate back room deals. Or install Ubuntu and run 'aptitude install Openoffice'. But don't for a minute believe the maketing hype that this was somehow meant to benefit netbook consumers.
Yes, the "beauty of open source" is that people waste time and energy on an obsolete product
That's not what "obsolete" means. Fact is that httpd 1.3 does more than everything we need in less memory than any 2.X version. It also has had less than half the security vulnerabilities of the 2.X branch. Over the past 8 years that secure code base has saved something like one engineer-month (~$10K) in upgrades alone. But then I'm lazy, and happy to have better things to do than upgrade software for no good reason.
Unfortunately, NIH syndrome is endemic to software engineering. As a result we get stuck with absolute crap like KDE4, bash and ksh scripts where sh would do (and be POSIX compliant), and bloatware like named and drupal which are nowhere near modular enough to build without unneeded features.
Until we have a sort of reciprocity wrt searching data, until we know who has been doing it, we will be at a disadvantage. The searching is already happening. But who is watching the watch-birds? That's what I want to know.
Considering the news that broke just today, outlining how Google is partnering with the NSA to investigate CN state sponsored "cyber attacks", it should come as no surprise when this opportunistic partnership matures into something very different from what was originally intended (the China pretense).
Same thing happened when the Special Prosecutor position created to investigate Richard Nixon matured into the investigation of Bill Clinton's extra-marital affair (the Whitewater pretense), and Bush's blanket telecommunications investigation "matured" into a similar witch hunt of the governor of New York, who coincidentally was one of the few lawyers prosecuting banking and investment fraud (the 911 pretense).
I'd bet any money the Google/NSA partnership will mature into more political and economic espionage than it will into protection from anything illegal.
https can make your mail slower since encrypted data doesn't travel across the web as quickly as unencrypted data
Reference please? How would encrypted data travel any different than unencrypted date? Routers don't look at content and the difference in payload sizes is negligible.
Perhaps the poster is assuming the CPU required for encryption/decryption will slow the message down but we're talking about milliseconds, nothing that rises to the level of human perception.
Honestly have to wonder whether the OP is a Yahoo!, Compuserv, or AOL employee, given how out-of-date those companies' email and webmail offerings have become. Everyone else converted to HTTPS webmail and IMAP/POP over SSL/TLS long ago.
It's not a multiuser database
Nor do a large percentage of websites currently back-ended by relational dbs need to be. For sites that don't need persistence SQlite is a better choice.
A web site is a classic multiuser scenario for an RDBMS
When you're a hammer everything looks like a nail. Such is the rational for much bloated code and many unnecessarily dependency-laden systems and applications.
It's also MySQL's sweet spot.
And Postgres', and Oracle's, and ... One thing I like about MySQL is being able to pick and choose among different table types. Of course the downside is the default myisam's locking, and ability to become corrupt ("repair table" and "truncate table" are the MySQL admin's friends). But then innodb tables don't offer anything over PgSQL... So, if you like clean code and good documentation Postgres tends to be in the sweet spot. Also helps that it has far and away the best resistance to vendor lock-in.
Impetus for this change will come, he believes, from the phone world
The predicted convergence is very unlikely for two reasons: keyboard and display. It is not possible to be as productive on a less-than 25cm wide cell phone keyboard as on a netbook, and nobody has holsters or shirt pockets large enough for a real keyboard. The same holds true for displays. Phones are fine for reading WAP-enabled HTML and composing short emails or text messages, but that's not what people use netbooks for.
Apple's rumored iSlate, an iPhone with ports for keyboard and monitor, may work for some but the hassle of carrying around a keyboard/monitor won't be easier than carrying around a netbook, and netbooks will always have far more CPU and RAM.
I have to agree with my engineering friends on the other side of the pond and chalk up another faux-pas to the BBC, whose website, streaming audio, and tech reporting have never been particularly cutting edge. Not that our own NPR/PRI does tech any better.
How can a competent developer not understand operating system concepts?
Operating system concepts are one thing, systems administration is quite another. Most competent engineers can install and configure software given a package management interface but few can manage a system, including their own desktop. Every instance I've known where developers had root/administrator access they regularly screwed it up.
SA and ENG are both full time disciplines and nobody can do both well. Sure they think they can, but auditing their systems/code tells a different story.
And therein lies the problem with being an SA. Everyone thinks they can do it regardless of training or experience. It's like engineers programming themselves and their companies into dead end, high maintenance, dependency handicapped, unreadable code hell. Cleaning up takes lots of time and money whether the mess was created by an SA or an engineer. Badly designed systems, like badly designed code, has derailed many an otherwise promising application and business and will continue to do so wherever developers act as administrators and visa-versa.
the creep up towards 12" screens is annoying
May be annoying but if there's a market for it...
Personally, I wouldn't buy any netbook with a screen smaller than 10', larger than 11', or heavier than 2.5lbs. The ideal is IMO 8.5x11.0.5, =4h battery life.