Oh wait. First I need money to pay for an office to hold my new employees. Plus, I'll need money to pay for the employees. And I'll need money for whatever supplies are needed for these employees to do their jobs (computers, products, etc).
Are you still living in the 50's? I wouldn't assert that you can build a business in two days, but in a matter of a couple months you could have a viable business up and running. You don't need office space, and you probably don't even need to buy equipment for your employees. I bet that if you know so many people out of a job, you could probably come up with a viable business plan and have your friends get their own computers and run a business online. I'm not talking about a dot-com. I'm just talking about using the internet to help. Meetings? Get together in someone's home. You can start a small business that way, and if you all work as partners, you don't have the "pay the employees" issue at the start.
Why does Microsoft feel the need to try to dumb down everything that has to do the PC.
Because the average consumer doesn't understand enough to know what they are getting. Think about the research required to pick out a new system. You need to know CPU model and speed (because cycles per second ain't enough); system memory; type and speed, FSB speed; HD interface and speed (including burst and sustained); HD size, speed (burst and sustained), latency, cache; video adapter model, speed and memory size.... I think you get my point. Anyway, just like everybody else, I don't think assigning a generic level system will solve the problem because the levels will change too quickly and a level 7 from one manufacturer will not be the same as a level 7 from another. What would be better is to find some universally agreed upon standard for rating computers in terms of processing power, storage capacity, data transfer speed, video and sound. The system would have to be good enough that systems with the same ratings from different vendors would be VERY close in performance. But this will probably never happen. There are too many variables, and there's at the moment pretty much zero incentive for vendors to provide any easy way to compare their systems with those of their competitors.
So what you are asking, while perhaps relevant for the Slashdot audience, is slightly biased.
Given that it is a Slashdot audience that will read the answers, bias is appropriate. Although we might try to convince people otherwise, our natural reaction to any kind of change is to seek what impact it will have on us personally. Will we be better or worse off, and by how much? Actually caring about others usually takes place after we've assessed the potential damage to ourselves.
This machine I am on is a 200PP and I'm running gnome desktop on FC2 with 224 megs ram just fine.
Can you do a test for me? Could you try stripping it down to 96MB and let me know how it runs? I'm trying to find some inexpensive EDO RAM and not having much success. Before I go dropping money on it, I want to get some idea of the performance impact. I know there will be far less swapping, but I don't want to rely on guesses that all my performance problems will go away.
No, seriously, this guy is either an idiot, or has never really used gentoo. Let's look at his list here:
Thank you for providing a rather redundant (at least for me) list of all the options you have with Gentoo. Now, tell me how long it will take for you to determine what works best for each and every package on your system. What about all of the configuration options that you CAN'T control with the USE flags? Think about it for a minute. An expert with Gentoo could probably get through everything in a few days of dedicated time (don't forget compiling), but then comes all of the testing to make sure the configuration is optimal and that everything is stable. I would guess the whole process would take a couple weeks. A novice with Gentoo would probably take well over a month to accomplish the same thing. Don't get me wrong. I'm a Gentoo user. I believe it offers the most flexibility in obtaining the ultimate performance. But what this guy is doing is much of the experimenting and testing for the rest of the community. I wouldn't be too surprised to find that most people who are willing to give Linux a try are probably experimenting with older machines, and providing a system that has many of the optimizations already included makes that process much less painful. Gentoo is not really for beginners unless they are actually trying to learn how the system works.
If you still think he's an idiot, then I would challenge you to produce your own distribution based on Gentoo and targeted for the i686 platform that performs as well or better than YOPER in less than two weeks. Remember that you have to test everything for stability and be able to keep it up to date with periodic changes. Make sure you also check out all the packages included in YOPER so that you don't miss anything. If you can manage that, I will forever support your right to call him an idiot.
Weeks and months? has he ever tried prelinking..was pretty quick and painless for me. thanks to the nice guide [gentoo.org]
Not only has he tried prelinking, but he has tried (among other things) applying performance-related patches, stripping the binaries and ignoring what./configure finds and instead only including objects upon which each package is truly dependant. I think that pretty much justifies the weeks to months timeframe listed.
I was excited about this for my old 350mhz celeron laptop.
Were the old 350Mhz celerons considered i686 or only i586? I can't remember, but I think they were all i686. But in the unlikely event they were i586-based, that is why it crashed and burned for you. Too bad. I was hoping to get some impression of how it would run on my old 200 MHz Pentium Pro. Anybody else try on a slower machine like that?
but a class action against them might reap some benifits and wouldn't be too expensive.
More importantly, I wonder if the RIAA uses similar tactics. It would make an interesting court battle for one of the potentially innocents who get nailed with a P2P piracy charge. Publicity like this could be used to get the case thrown out of court (if it can be shown that the RIAA is equally lazy in checking the validity of their searches).
But isn't a mission statement as generic as possible?
As generic as possible while still providing enough framework to avoid frequent disputes over the "how" of getting things done. For example, the mission statement may specify various categories of ministry that the church wishes to pursue. However, there's always a danger of being so narrow as to really limit the church in scope. In your example, "helping feed the needy" would be a better choice, but is of course still more specific than "serving the community."
What would you consider the validity of places that offer human services (food, shelter, etc) only to christians of a particular sect? I personally consider it to be a serious wrong. I don't see why a Catholic is the only person who could be fed at a Catholic charity, or a Baptist at a Baptist charity. I think it tarnishes the point.
I personally agree with you and consider it neither correct nor effective to place limitations on who gets the benefit of human services. While I feel that any church should be free to make this decision on their own, I would question the wisdom of restricting services to only those that follow the same beliefs of the church. For starters, most human services are also provided as part of an outreach, and such a ministry would be pretty pointless if the only people you were serving were those who shared your beliefs anyway. The only exceptions I could see to this are specific functions that are "by invitation only" and are designed for a particular sect (which by definition probably wouldn't be considered human services), and also providing services to a group of people within the community who are known and proven to use the benefit of those services in ways that are counter-productive to the community. The delicate part is in determining whether what you see as counter-productive could really just be defined as "contrary to your beliefs." At any rate, I don't think that particular situation arises very often.
Just for the record, when my church offers human services, it does not place restrictions on who can receive them, other than the requirement that the recipients be in need of the services. I would not hesitate to break membership in any church that did otherwise.
Seems simple, but I thought that the bible was the christian mission statement?
Yes, of course. However, I think you'd have to agree that there is more than one method of accomplishing the same mission, and that what works in one community might not work in another. Usually a mission statement will include more detail than what you suggested.
I see. Since it is a church the objective is to be as disorganized as possible? Every single organization in existence has a goal of some sort, whether it is written down or not. Once it gets to a certain size, it's helpful to actually write those goals down. That way, future decisions can be compared against the mission statement. If they conflict, you either change the decision or change the mission statement. Besides, if you are thinking of becoming a member, reading the mission statement is always a good idea.
Folks, it isn't the technology field that invented this junk. For years corporations have been spewing the same buzzword-riddled crud. My best example is the church I attend. It's a good church, but the mission statement and vision were written during a time when almost all the church members worked for a certain very large and prominent corporation that is in the area. Although I agree with the basic goals of both documents, it literally makes me ill to read them because they contain the famous 1980's buzzwords like "empowering." In my mind, both the mission statement and vision should have stuck to plain, straightforward language. But I guess it should come as no surprise. The people writing them would have naturally written them in the same way they had been trained at work.
Note to parent poster: I wasn't referring specifically to you.;)
Thanks.;)
I swear OSS developers are the most childish assholes I've ever seen.
Actually, this characteristic doesn't fall solely to OSS developers. It's pretty much universal. Some people are just better at hiding it than others. I can think of a couple of executives at, say, Oracle and Microsoft, that have been caught exhibiting equally childish behavior.
"Yeah, we don't agree with this statement which we know to be factually correct when applied to commercial software, so we're all going to put our fingers in our ears and pretend we don't hear it."
I'm not sure if you were indicating that the statement that OSS is less secure than commercial software is true, but if so I don't completely agree. Although when look at the added word "may" I can probably agree.
He brings up good points, ones that NEED to be addressed.
I absolutely agree with this. I'm merely skeptical that he actually had the intention of helping. Yes, he's definitely trying to sell a book, although it's a bit childish to point that out like it's a bad thing. I mean, what author DOESN'T want to sell books, especially when he/she depends on their sales to put food on the table.;) However, he did make a critical error: he's probably not going to sell many books to the Open Source developers out there. Too bad -- it could have actually done some good at improving some of the Open Source projects.
Somebody mod the parent up, or please post a reason why this is any more a Linux kill than any other new piece of hardware. I'm trying to find some information about why somebody couldn't just create a Linux driver to interact with the new USB devices. Is there a patent at work here that I'm not aware of?
I think Viega is actually out to help the open source community and shine a flashlight into the dark corners where it needs to go.
I agree that Viega may have some material that is useful to the open source community, but I have a hard time believing that we is really out to help. Opening your article with a statement like "This article looks at why open source software may currently be less secure than its commercial counterparts" is likely to so polarize Open Source developers that most won't even bother to read the rest of the article. You can already see that happening. Any decent writer knows that you must first win over your audience before you start being critical of things they hold near and dear.
Furthermore, he tears apart the "many eyeballs" argument while ignoring the fact that although commercial entities have better methodology in place, they rarely use it. Tight timelines, budget decisions, and competition cause commercial software to be released with serious known bugs and very little testing. I know this because I've worked for a couple large software companies, and I'm seen some stellar examples of bugs in products already shipped that were easy to find (in fact, hard to miss) and really easy to fix, but didn't get fixed for several releases. One of the best examples was one I tracked for a year before it was repaired; the fix was only about 15 minutes of work, too.
So, if John really wanted to help the Open Source community, he could have asserted instead that while the many-eyed advantage of Open Source can yield a product that is more secure than commercial products, there are some areas for improvement that should be addressed.
How the heck did you get the client to accept the 25 seconds of delay they probably see?
It was actually quite easy. I explained to them the alternative interface that would not require a 25 second delay. I also gave them the option of purchasing new desktop machines at a cost of $10,000 each. The truth is, however, that when I first set this thing up, it ran quickly because there was a reasonable amount of data involved. When they started entering all kinds of data that I knew they'd never use, I warned them about what the consequences would be. I also periodically make the content "I wonder how much of that detail ever gets used..." to remind them that they've been warned.
I haven't had a client that would accept more than one, maybe two seconds of JavaScript-induced delay since the days when 28.8 was catching on.
The truth is that they aren't happy about the delay, but there's not much chance to improve it without a major revamp to the interface. Revamping the interface always seems to get the lower priority on the project list, and since they are the ones who set the priorities, they can't really point the finger at me.
But yeah, a 25 second delay for anything on the client side should be considered unacceptable. There is some new technology available here for web development that would allow me to perform some of these checks on the server side with much better performance, but nobody wants to devote the time and resources to change platforms.
If anybody is interested, I have a little non-scientific feedback on performance, if anybody is interested. I compared to IE running on the same computer. Initially opening a web page under Firefox seems slightly slower than IE, maybe 1/4 second. Total page rendering time seems to be about the same, experienced over several sites. I also ran the thing on a monster web scenario that I developed that does some heavy computation using Javascript, and Firefox literally blew IE out of the water. The site sends to the browser three list boxes of information with several hundred items each. The items are related, so javascript builds a relationship matrix, and then when you choose an item (or multiple items) in one listbox, it narrows the choices to related items in the other boxes. On both browsers, the second of javascript that builds the matrix is enough to generate the "javascript is slowing down your machine message." However, Firefox completed the rendering in 15 seconds as compared to nearly 25 for IE. But my favorite performance improvement is over what happens when I choose an item in one of the boxes. On IE, the browser freezes for about 3.5 seconds while calculates the related items and rebuilds the other boxes. Refreshing the entries back to their default takes nearly 9 seconds. On Firefox, clicking on an item in one box updates the other boxes almost instantaneously -- I couldn't even measure it. And the refresh procedure takes less than half a second.
As I said, these results aren't scientific -- no controls, not enough samples, etc. But they are convincing enough to me that I may suggest that some of the people here use Firefox on the intranet as well.
If sites have code to detect the object to determine if it's IE, as many do, then they hopefully won't be able to tell.
Even without detection, just the existence of the object makes things tons better. I just tested it today on a web scenario that I wrote for our corporate internet. I designed the thing specifically for Internet Explorer because I didn't have time to do enough research to replace some of the IE-specific code with standards-compliant code that was both elegant and performed well. During my test today, I only found ONE thing that wasn't working, and I'm pretty sure I can fix it quickly.
is to convert an I.E. / outlook user to Mozilla / Thunderbird today...
I've already converted a bunch of them at work. Microsoft made it really easy for me what with all the ActiveX exploits, lack of features updates, etc. The process is always the same:
COWORKER: My computer is really slow all of the sudden.
ME: Have you checked for spyware lately? Run Ad-aware and Spybot lately?
COWORKER: OK... ... 30 minutes later...
COWORKER: Wow, there sure were a lot of nasties on there. I've removed them all and things are running much faster. Thanks for the tip!
... The next day...
COWORKER: My PC was slow again this morning, so I ran Ad-aware and Spybot again. They found all sorts of new stuff. Is there any way to keep this from happening?
ME: There's three ways:
Stay off the internet
Completely customize your security settings on IE for internet zones to disable ActiveX for anything not in your trusted sites list and live with the fact the lots of sites break when they see you have IE and ActiveX doesn't work.
Install Firefox and use that for all your internet browsing and just reserve IE for the local intranet and the few web sites that don't work properly with Firefox.
COWORKER: Oh, option 3 sounds good. I'll install it right now.
The good thing is, my upgrade today to Firefox PR1.0 seems to work on a lot of sites that weren't working with Mozilla, so it's only going to get better. However, the realist in me says that once Firefox really takes off, we can look forward to people finding security exploits in it too.
First off, since it apparently wasn't clear, let me say that I'm not against choice. I support being able to choose what components go on my computer. I'm particularly happy with being able to choose between KDE and Gnome (among others) and I'm happy with the XFree / X.Org fork because I was concerned with where XFree was heading. I'm just advocating that people put a little more thought into the projects they work on. Sure, they are free to do what they want and I would never deny them that freedom, but doing some research and planning is never a bad thing.
Cars get better, cheaper and more secure all the time.
Cars aren't a good comparison, but let's go with it anyway. What if I gave you 10 models of car to choose from. They all have identical specs regarding performance. They all come in the same color. They all are sold for the same price. There are really only two differences between them: 1. the nameplate on the front grill that indicates who the manufacturer is and 2. the shapes and sizes of most of the parts differ, guaranteeing that you can't use the parts from one car to fix another, and you have to be careful about what aftermarket parts you choos And to top it off, they only have a 30 day warranty and they use technology that is several years behind where it should be. Why? Because instead of combining efforts to make one really good car, all the companies are out making 10 identical mediocre cars. That old Ford is starting to look better and better, isn't it?
Here's what you've got to consider. Open Source development has a vast amount of resources behind it -- far more than any commercial entity. With a little bit of focus, it should be possible to turn out a product that is vastly superior to ANY commercial product out there. After all, companies like Microsoft thrive on monopoly situations, and therefore aren't really motivated to make substantial improvements to their products. In fact, the only reason Microsoft has been making improvements lately is because they are busy competing with themselves. If they manage to switch to a maintenance fee (subscription) model, you can bet "innovation" will slow to a crawl. Open Source has the opportunity to do much better than this. Giving users lots of carefully thought out options, coupled with highly robust products thanks to the incredible armies of developers is the key. But when I hear stories of a fork just because a couple people never learned to communicate in a civil manner, it just makes me shake my head.
If KDE and Gnome merged, what language would they use?
Man, I hope they never merge. Desktop environment is one of the good choices. The best they can do is work together on things like clipboard operations and such.
Forking is a form of routing around damage.
I have no problem with forking when there are good reasons for it.
X.org formed to route around the restrictions imposed in XFree86.
And this is one of the examples of forking that I applaud.
It benefits anyone who understands the importance of and appreciates having a choice.
Oh please, give me a break. I'm all for choice, but choosing between two things that have exactly the same outcome isn't really a choice at all, now is it? It's especially problematic if other software that must interact needs to have separate coding to deal with each of the "choices." I realize that many times projects get duplicated simply because someone doesn't know about the existence of another project. That can't really be helped. I also realize that many times a project will fork because of disagreements within the development team, but that usually implies philosophical differences that would justify the fork. In other words, it would be expected that there really will be a choice for others. But I think it would be best if everybody starting projects spends a little time doing research about what's already there and takes a few minutes to consider what will distinguish their project from others that are similar.
BTW, I believe that having both Gnome and KDE is good. It really does provide a choice, as there are definite differences in the goals of the two development teams.
That's only part of the issue. Lots of people don't want a KDE and Gnome merger because of philosophical differences on what a desktop should be like. I do, however, wish that on many forked or duplicated projects people would take just a second to think about who, besides themselves, a fork (or duplication) would actually benefit. When the forked or new version provides no significant new features, it's probably doing more harm than good.
Yeah, but this comment set of my "dork-o-meter." The dork considered three SR41 (watch size [7.9mm x 3.6mm]) batteries in the pen and two (count them, only two) AAA betteries in the memory unit to be excessive. While I agree with many of his comments, the tone of the article in general was negative from the start, so it was pretty obvious that Gordon was suffering from severe constipation when he reviewed the product. I mean the guy even complained about the "boxy components at the head of the link cable."
In fairness however, my verdict basically matches his. Way too expensive, cheap construction, not enough thought went into useability and design, bugs in the software. Overall, a bad value. But the batteries aren't really an issue, although I'd opt to replace the three SR41s in the pen with one or two AAAs because they are easier to find and you can get 15-minute rechargeables from Rayovac.
Slashdot Mirror
Are you still living in the 50's? I wouldn't assert that you can build a business in two days, but in a matter of a couple months you could have a viable business up and running. You don't need office space, and you probably don't even need to buy equipment for your employees. I bet that if you know so many people out of a job, you could probably come up with a viable business plan and have your friends get their own computers and run a business online. I'm not talking about a dot-com. I'm just talking about using the internet to help. Meetings? Get together in someone's home. You can start a small business that way, and if you all work as partners, you don't have the "pay the employees" issue at the start.
Which just goes to prove that Windows is better than Linux (at least for this device). ;)
Because the average consumer doesn't understand enough to know what they are getting. Think about the research required to pick out a new system. You need to know CPU model and speed (because cycles per second ain't enough); system memory; type and speed, FSB speed; HD interface and speed (including burst and sustained); HD size, speed (burst and sustained), latency, cache; video adapter model, speed and memory size.... I think you get my point. Anyway, just like everybody else, I don't think assigning a generic level system will solve the problem because the levels will change too quickly and a level 7 from one manufacturer will not be the same as a level 7 from another. What would be better is to find some universally agreed upon standard for rating computers in terms of processing power, storage capacity, data transfer speed, video and sound. The system would have to be good enough that systems with the same ratings from different vendors would be VERY close in performance. But this will probably never happen. There are too many variables, and there's at the moment pretty much zero incentive for vendors to provide any easy way to compare their systems with those of their competitors.
Given that it is a Slashdot audience that will read the answers, bias is appropriate. Although we might try to convince people otherwise, our natural reaction to any kind of change is to seek what impact it will have on us personally. Will we be better or worse off, and by how much? Actually caring about others usually takes place after we've assessed the potential damage to ourselves.
Can you do a test for me? Could you try stripping it down to 96MB and let me know how it runs? I'm trying to find some inexpensive EDO RAM and not having much success. Before I go dropping money on it, I want to get some idea of the performance impact. I know there will be far less swapping, but I don't want to rely on guesses that all my performance problems will go away.
Thank you for providing a rather redundant (at least for me) list of all the options you have with Gentoo. Now, tell me how long it will take for you to determine what works best for each and every package on your system. What about all of the configuration options that you CAN'T control with the USE flags? Think about it for a minute. An expert with Gentoo could probably get through everything in a few days of dedicated time (don't forget compiling), but then comes all of the testing to make sure the configuration is optimal and that everything is stable. I would guess the whole process would take a couple weeks. A novice with Gentoo would probably take well over a month to accomplish the same thing. Don't get me wrong. I'm a Gentoo user. I believe it offers the most flexibility in obtaining the ultimate performance. But what this guy is doing is much of the experimenting and testing for the rest of the community. I wouldn't be too surprised to find that most people who are willing to give Linux a try are probably experimenting with older machines, and providing a system that has many of the optimizations already included makes that process much less painful. Gentoo is not really for beginners unless they are actually trying to learn how the system works.
If you still think he's an idiot, then I would challenge you to produce your own distribution based on Gentoo and targeted for the i686 platform that performs as well or better than YOPER in less than two weeks. Remember that you have to test everything for stability and be able to keep it up to date with periodic changes. Make sure you also check out all the packages included in YOPER so that you don't miss anything. If you can manage that, I will forever support your right to call him an idiot.
Not only has he tried prelinking, but he has tried (among other things) applying performance-related patches, stripping the binaries and ignoring what ./configure finds and instead only including objects upon which each package is truly dependant. I think that pretty much justifies the weeks to months timeframe listed.
Were the old 350Mhz celerons considered i686 or only i586? I can't remember, but I think they were all i686. But in the unlikely event they were i586-based, that is why it crashed and burned for you. Too bad. I was hoping to get some impression of how it would run on my old 200 MHz Pentium Pro. Anybody else try on a slower machine like that?
More importantly, I wonder if the RIAA uses similar tactics. It would make an interesting court battle for one of the potentially innocents who get nailed with a P2P piracy charge. Publicity like this could be used to get the case thrown out of court (if it can be shown that the RIAA is equally lazy in checking the validity of their searches).
As generic as possible while still providing enough framework to avoid frequent disputes over the "how" of getting things done. For example, the mission statement may specify various categories of ministry that the church wishes to pursue. However, there's always a danger of being so narrow as to really limit the church in scope. In your example, "helping feed the needy" would be a better choice, but is of course still more specific than "serving the community."
What would you consider the validity of places that offer human services (food, shelter, etc) only to christians of a particular sect? I personally consider it to be a serious wrong. I don't see why a Catholic is the only person who could be fed at a Catholic charity, or a Baptist at a Baptist charity. I think it tarnishes the point.
I personally agree with you and consider it neither correct nor effective to place limitations on who gets the benefit of human services. While I feel that any church should be free to make this decision on their own, I would question the wisdom of restricting services to only those that follow the same beliefs of the church. For starters, most human services are also provided as part of an outreach, and such a ministry would be pretty pointless if the only people you were serving were those who shared your beliefs anyway. The only exceptions I could see to this are specific functions that are "by invitation only" and are designed for a particular sect (which by definition probably wouldn't be considered human services), and also providing services to a group of people within the community who are known and proven to use the benefit of those services in ways that are counter-productive to the community. The delicate part is in determining whether what you see as counter-productive could really just be defined as "contrary to your beliefs." At any rate, I don't think that particular situation arises very often.
Just for the record, when my church offers human services, it does not place restrictions on who can receive them, other than the requirement that the recipients be in need of the services. I would not hesitate to break membership in any church that did otherwise.
Yes, of course. However, I think you'd have to agree that there is more than one method of accomplishing the same mission, and that what works in one community might not work in another. Usually a mission statement will include more detail than what you suggested.
I see. Since it is a church the objective is to be as disorganized as possible? Every single organization in existence has a goal of some sort, whether it is written down or not. Once it gets to a certain size, it's helpful to actually write those goals down. That way, future decisions can be compared against the mission statement. If they conflict, you either change the decision or change the mission statement. Besides, if you are thinking of becoming a member, reading the mission statement is always a good idea.
Folks, it isn't the technology field that invented this junk. For years corporations have been spewing the same buzzword-riddled crud. My best example is the church I attend. It's a good church, but the mission statement and vision were written during a time when almost all the church members worked for a certain very large and prominent corporation that is in the area. Although I agree with the basic goals of both documents, it literally makes me ill to read them because they contain the famous 1980's buzzwords like "empowering." In my mind, both the mission statement and vision should have stuck to plain, straightforward language. But I guess it should come as no surprise. The people writing them would have naturally written them in the same way they had been trained at work.
Thanks. ;)
I swear OSS developers are the most childish assholes I've ever seen.
Actually, this characteristic doesn't fall solely to OSS developers. It's pretty much universal. Some people are just better at hiding it than others. I can think of a couple of executives at, say, Oracle and Microsoft, that have been caught exhibiting equally childish behavior.
"Yeah, we don't agree with this statement which we know to be factually correct when applied to commercial software, so we're all going to put our fingers in our ears and pretend we don't hear it."
I'm not sure if you were indicating that the statement that OSS is less secure than commercial software is true, but if so I don't completely agree. Although when look at the added word "may" I can probably agree.
He brings up good points, ones that NEED to be addressed.
I absolutely agree with this. I'm merely skeptical that he actually had the intention of helping. Yes, he's definitely trying to sell a book, although it's a bit childish to point that out like it's a bad thing. I mean, what author DOESN'T want to sell books, especially when he/she depends on their sales to put food on the table. ;) However, he did make a critical error: he's probably not going to sell many books to the Open Source developers out there. Too bad -- it could have actually done some good at improving some of the Open Source projects.
Somebody mod the parent up, or please post a reason why this is any more a Linux kill than any other new piece of hardware. I'm trying to find some information about why somebody couldn't just create a Linux driver to interact with the new USB devices. Is there a patent at work here that I'm not aware of?
I agree that Viega may have some material that is useful to the open source community, but I have a hard time believing that we is really out to help. Opening your article with a statement like "This article looks at why open source software may currently be less secure than its commercial counterparts" is likely to so polarize Open Source developers that most won't even bother to read the rest of the article. You can already see that happening. Any decent writer knows that you must first win over your audience before you start being critical of things they hold near and dear.
Furthermore, he tears apart the "many eyeballs" argument while ignoring the fact that although commercial entities have better methodology in place, they rarely use it. Tight timelines, budget decisions, and competition cause commercial software to be released with serious known bugs and very little testing. I know this because I've worked for a couple large software companies, and I'm seen some stellar examples of bugs in products already shipped that were easy to find (in fact, hard to miss) and really easy to fix, but didn't get fixed for several releases. One of the best examples was one I tracked for a year before it was repaired; the fix was only about 15 minutes of work, too.
So, if John really wanted to help the Open Source community, he could have asserted instead that while the many-eyed advantage of Open Source can yield a product that is more secure than commercial products, there are some areas for improvement that should be addressed.
It was actually quite easy. I explained to them the alternative interface that would not require a 25 second delay. I also gave them the option of purchasing new desktop machines at a cost of $10,000 each. The truth is, however, that when I first set this thing up, it ran quickly because there was a reasonable amount of data involved. When they started entering all kinds of data that I knew they'd never use, I warned them about what the consequences would be. I also periodically make the content "I wonder how much of that detail ever gets used..." to remind them that they've been warned.
I haven't had a client that would accept more than one, maybe two seconds of JavaScript-induced delay since the days when 28.8 was catching on.
The truth is that they aren't happy about the delay, but there's not much chance to improve it without a major revamp to the interface. Revamping the interface always seems to get the lower priority on the project list, and since they are the ones who set the priorities, they can't really point the finger at me.
But yeah, a 25 second delay for anything on the client side should be considered unacceptable. There is some new technology available here for web development that would allow me to perform some of these checks on the server side with much better performance, but nobody wants to devote the time and resources to change platforms.
As I said, these results aren't scientific -- no controls, not enough samples, etc. But they are convincing enough to me that I may suggest that some of the people here use Firefox on the intranet as well.
Even without detection, just the existence of the object makes things tons better. I just tested it today on a web scenario that I wrote for our corporate internet. I designed the thing specifically for Internet Explorer because I didn't have time to do enough research to replace some of the IE-specific code with standards-compliant code that was both elegant and performed well. During my test today, I only found ONE thing that wasn't working, and I'm pretty sure I can fix it quickly.
I've already converted a bunch of them at work. Microsoft made it really easy for me what with all the ActiveX exploits, lack of features updates, etc. The process is always the same:
COWORKER: My computer is really slow all of the sudden.
... 30 minutes later ...
...
ME: Have you checked for spyware lately? Run Ad-aware and Spybot lately?
COWORKER: OK...
COWORKER: Wow, there sure were a lot of nasties on there. I've removed them all and things are running much faster. Thanks for the tip!
... The next day
COWORKER: My PC was slow again this morning, so I ran Ad-aware and Spybot again. They found all sorts of new stuff. Is there any way to keep this from happening?
ME: There's three ways:
COWORKER: Oh, option 3 sounds good. I'll install it right now.
The good thing is, my upgrade today to Firefox PR1.0 seems to work on a lot of sites that weren't working with Mozilla, so it's only going to get better. However, the realist in me says that once Firefox really takes off, we can look forward to people finding security exploits in it too.
Cars get better, cheaper and more secure all the time.
Cars aren't a good comparison, but let's go with it anyway. What if I gave you 10 models of car to choose from. They all have identical specs regarding performance. They all come in the same color. They all are sold for the same price. There are really only two differences between them: 1. the nameplate on the front grill that indicates who the manufacturer is and 2. the shapes and sizes of most of the parts differ, guaranteeing that you can't use the parts from one car to fix another, and you have to be careful about what aftermarket parts you choos And to top it off, they only have a 30 day warranty and they use technology that is several years behind where it should be. Why? Because instead of combining efforts to make one really good car, all the companies are out making 10 identical mediocre cars. That old Ford is starting to look better and better, isn't it?
Here's what you've got to consider. Open Source development has a vast amount of resources behind it -- far more than any commercial entity. With a little bit of focus, it should be possible to turn out a product that is vastly superior to ANY commercial product out there. After all, companies like Microsoft thrive on monopoly situations, and therefore aren't really motivated to make substantial improvements to their products. In fact, the only reason Microsoft has been making improvements lately is because they are busy competing with themselves. If they manage to switch to a maintenance fee (subscription) model, you can bet "innovation" will slow to a crawl. Open Source has the opportunity to do much better than this. Giving users lots of carefully thought out options, coupled with highly robust products thanks to the incredible armies of developers is the key. But when I hear stories of a fork just because a couple people never learned to communicate in a civil manner, it just makes me shake my head.
Man, I hope they never merge. Desktop environment is one of the good choices. The best they can do is work together on things like clipboard operations and such.
Forking is a form of routing around damage.
I have no problem with forking when there are good reasons for it.
X.org formed to route around the restrictions imposed in XFree86.
And this is one of the examples of forking that I applaud.
Oh please, give me a break. I'm all for choice, but choosing between two things that have exactly the same outcome isn't really a choice at all, now is it? It's especially problematic if other software that must interact needs to have separate coding to deal with each of the "choices." I realize that many times projects get duplicated simply because someone doesn't know about the existence of another project. That can't really be helped. I also realize that many times a project will fork because of disagreements within the development team, but that usually implies philosophical differences that would justify the fork. In other words, it would be expected that there really will be a choice for others. But I think it would be best if everybody starting projects spends a little time doing research about what's already there and takes a few minutes to consider what will distinguish their project from others that are similar.
BTW, I believe that having both Gnome and KDE is good. It really does provide a choice, as there are definite differences in the goals of the two development teams.
That's only part of the issue. Lots of people don't want a KDE and Gnome merger because of philosophical differences on what a desktop should be like. I do, however, wish that on many forked or duplicated projects people would take just a second to think about who, besides themselves, a fork (or duplication) would actually benefit. When the forked or new version provides no significant new features, it's probably doing more harm than good.
Yeah, but this comment set of my "dork-o-meter." The dork considered three SR41 (watch size [7.9mm x 3.6mm]) batteries in the pen and two (count them, only two) AAA betteries in the memory unit to be excessive. While I agree with many of his comments, the tone of the article in general was negative from the start, so it was pretty obvious that Gordon was suffering from severe constipation when he reviewed the product. I mean the guy even complained about the "boxy components at the head of the link cable."
In fairness however, my verdict basically matches his. Way too expensive, cheap construction, not enough thought went into useability and design, bugs in the software. Overall, a bad value. But the batteries aren't really an issue, although I'd opt to replace the three SR41s in the pen with one or two AAAs because they are easier to find and you can get 15-minute rechargeables from Rayovac.