"If you pass along an infected e-mail you are spreading a virus that could have stopped with you."
If you pass a long an infected email by forwarding an attachment that you didn't even open at all (the assumption here is that you are running a free operating system and Windows virri can't really do any damage), then you are not only spreading a virus that could have stopped with you. You are being stupid and unnecessarily annoying, and you deserve to be blacklisted.
If an MTA passes along an infected email, then clamav and other filtering programs exist. It's probably a good idea to install one.
Using (setq...) for local bindings is un-Lispy, and you don't really have to use (if...) for conditional assigment, because `read-string' supports a default value:
(let ((search-pattern (read-string "Search files [all]:" T "*"))) (forms-for-searching search-pattern))
What you have there is very similar to the built-in `lgrep', `rgrep', `find-grep' and `find-grep-dired' commands. Have a look in their help. They may be useful [I like find-grep-dired a *lot*:)].
So have you started bugging your wireless NIC vendor to give you GNU/Linux drivers along with the Windows-specific ones, when you bought the NIC and discovered that there are no GNU/Linux drivers in the CD-ROM?
There are many ways of putting the fact that there are no GNU/Linux drivers in words:
"Linux doesn't support my wireless NIC."
"My wireless NIC vendor didn't supply me with GNU/Linux drivers."
"My wireless NIC vendor only supports Windows."
It's all a matter of which POV you want to emphasize.
The fact that you can't just go out, buy any random wireless NIC at Wal-Mart, plug it into your GNU/Linux laptop's PC-CARD slot and have it "automagically" work is as much a failure of GNU/Linux as it is of the vendor too. Please do not blame solely GNU/Linux for the failure of the vendor to provide wireless NIC drivers for all the platforms you want to use.
At least, with the ndiswrapper effort, GNU/Linux and other FS/OSS operating systems have shown that they are willing to go a long way towards providing their users with support for their hardware. The same sort of good-will should be shown by hardware vendors. The good thing is that some of the hardware vendors have already shown their willingness to support FS/OSS systems:-)
Just as a factual matter, Linux and GPL software have recieved about 10^6 more corporate support than BSD-licenced software in recent years. The GPL has proven to be a very corporate-friendly license because it allows copyright holders to share their code without giving away the 'exploitation rights'.
I must be living in a different planet, where GPl'd software is indeed a problem in corporate environments that don't feel like sharing their entire intellectual property & rights to code they have written because "it happens to link to GPL'd code".
As for fine-grained locking, I can still make FreeBSD 5.3 on four-way box sieze up with heavy sshd load, for example (one of my favorite pet tests since 5.0).
The 5.X branch has moved way past 5.3 now and we all know 5.3 was released "because it was about time something was released"; not necessarily because it was a polished, . Things have improved vastly since last October.
Give a try to newer 5.X versions (i.e. 5.4 of last March or the head of the RELENG_5 branch). Things should be much more stable:-)
Re:FreeBSD
on
Why FreeBSD
·
· Score: 2, Insightful
1. drivers: more devices supported in the Linux world
That's true.
Some BSD users may argue that the level of support is not very good or that Linux kernels tend to include support for "highly beta, experimental features" in stable kernels, which is not entirely false.
Others will note that the size of the BSD development teams is far smaller than "the world at large", so it's normal to have less people who can develop drivers and/or test them.
The truth is, as usual, somewhere in between:-)
2. install: bsd install still primative, and disk partitioning is weird especially for novice, and multiple boot can be hard to set up
If by "primative", you mean "primitive", then I have to respectfully ask that you elaborate why you think the installer is primitive.
smp - scaling: 5.x freebsd is still having trouble with its spinlocks, and can still sieze up under heavy load (4.x version with giant lock doesn't have this problem). The core issue is that the freebsd folks don't seem to realize releasing locks in the same order they are applied makes things easy, while what they are doing can make trouble. This is why I use 4. in production.
Oh, but we do. Have a look at the description of "WITNESS" and "lock order reversal", what it is and why FreeBSD people are making their best to improve parallelismm but avoid the problems of the second with the help of the first:-)
Admittedly it's been a long way since 4.0 was "CURRENT", or even since 4.0 was first released, but there have both been an amazing amount of improvements in both the kernel and userlevel side of applications that support and make good use of parallelism. There is, of course, still a lot of room for improvement, but that's not inherently a bad thing:-)
4. filesystem - ext3 and reiserfs can get into inconsistent unrecoverable state, pure and simple. XFS and maybe some other Linux filesystems don't have that problem.
I've had ext3 filesystems die on me or lose/etc/inittab or something worse, so I can agree about ext3fs here. I don't know about the rest though.
5. Linux GPL great for some things and horrible for others, BSD license ditto.
Yes. Your point, here, is?...
6. startup scripts easier to understand in BSD, getting pretty hairy in some Linux distros. My favorite commercial distro SuSE and RedHat are really getting tangled.
True. I can bring up a FreeBSD machine after typing just a couple of lines in/etc/rc.conf, i.e.:
hostname="flame.local"
ifconfig_sis0="DHCP"
It's usually far more complex and some times (oh the horrors!) it practically requires a GUI to configure interfaces of a Linux machine, or guesswork for tweaking some complex, barely documented set of files under/etc/sysconfig/long/subdir/path/here. Give me my/etc/rc.d BSD scripts any day, thank you!
7. More Enterprise software available (and supported) on Linux, maybe not a big deal unless you're in big SAN environment or absolutely MUST use Oracle and such. I'm betting though you'll see more stuff popping up for Debian and friends now that Debian has bounded back into life.
It takes a lot of effort to support, and I mean really SUPPORT, as in be prepared to answer technical questions and resolve bug reports 24x7, a dozen or so different types of UNIX systems, be they Solaris releases, Linux distributions, or BSD versions. That's understandable. Not something I really like, but understandable...
Start computer. Put in Windows XP CD. Press a key. Press Enter, D, L, Enter, Enter. Done.
You forgot to include:
"Discover shortly after that your sound card no longer produces any sort of sound, your video mode (provided you actually *know* what a video "mode" is) is now stuck in an unalterable 640x480 with a horrible 16-color scheme, and you have no antivirus software, which is a shame because you end up infected by the same malware scum in a couple of days, after struggling for hours to find out what the hell went wrong and you have all those new devices every time the darned thing is turned on."
As an aside, back in my university days, I worked on a project where we did all of our coding in FrameMaker. This allowed us to put in pictures, colored comments -- basically anything. The build script turned the FrameMaker file into C++ source, which then got compiled. It was kind of the extreme version of self-documenting code.
This sounds a lot like a relatively old, but intriguing idea. "Literate Programming" is exactly what you describe.
It is exciting to write heavily documented code, but I doubt it can be done after the fact:-/
Why in good grief's name would one move to a Windows desktop and run UNIX emulators, instead of using the Real Thing(TM) in the first place? The answer "to be able to run Word 2003" is not correct, sorry... (see Open Office, AbiWord, StarOffice, etc).
That's why some people consider -Wall insufficient and compile their programs with more strict warnings enabled:
orion:/tmp/slashdot$ make Warning: Object directory not changed from original/tmp/slashdot cc -O2 -pipe -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wformat=2 -Wno-format-extra-args -Werror -c slashdot.c slashdot.c:6: warning: function declaration isn't a prototype slashdot.c: In function `main': slashdot.c:7: warning: initialization discards qualifiers from pointer target type *** Error code 1
Stop in/tmp/slashdot. orion:/tmp/slashdot$
The 'initialization' discards qualifiers warning is because "abcdefg" is a (const char *) and not a (char *). Changing the declaration of 'a' to (const char *) then triggers another warning:
orion:/tmp/slashdot$ make Warning: Object directory not changed from original/tmp/slashdot cc -O2 -pipe -Wsystem-headers -Werror -Wall -Wno-format-y2k -W -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wcast-align -Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wformat=2 -Wno-format-extra-args -Werror -c slashdot.c slashdot.c:6: warning: function declaration isn't a prototype slashdot.c: In function `main': slashdot.c:9: error: assignment of read-only location *** Error code 1
Stop in/tmp/slashdot. orion:/tmp/slashdot$
The 'assignment of read-only location' warning provides a hint of *one* of the problems with this program.
You do have a valid point about the lack of bound checking support in the language itself though.
"If you don't want to, you don't have to read your e-mail."
The spam in newspapers is (mostly) limited in a special area called "ads section". You have the luxury of being able to avoid nearly all the spam by avoiding to read a special section.
I haven't seen any spammers clearly tag their messages as "X-Spam: yes" to make sure I don't have to read their trash if I don't want to, though;-)
when printing a monospace 12 point font on a piece of paper.
Well, since you mentioned 12 points, this is too large for my taste. I usually use something around 8-9pt for printed code. But you're right it's still nice to be able to read code without semi-random wraparounds that make the rest of the page look like a mess.
Re:No! I use CapsLock as my "ESC" key
on
Is Caps Lock Dead?
·
· Score: 1
I usually leave it mapped to Ctrl too. Now that you mentioned it I might try mapping it to Hyper, Meta or some other modifier handy in Emacs:-)
The one who executes him, becomes a virus writer for Win64 for the duration of the execution. A laptop for quickly writing the second Win64 virus before the effects of the execution wear off is entirely optional, of course...
And even more people have been killed in the cause of atheism (Communism).
I hope you do realise that atheism is not equivalent to Communism. The former is the denial of any belief in the existence of God, while the latter is a political system. Note that even "applied communism" is different from "communism", in general.
What was it you were trying to point out? This time, without mixing up religious belief or unbelief with political theories and/or systems, please:-)
My point is that discussing whether they would recommend OSS systems on desktops is not directly relevant to security concerns.
I don't really agree here. That makes it seem as if security is something that should not 'bother' desktop users. Recent years have proven that there is an increase in desktop related problems (trojans, other forms of viruses, scans and break-ins that put at risk any computer that is networked, desktop or not). Why should we put the 'security of the desktop' aside?
An expert on security may, or may not, be able to offer reasonable arguments pro or con, may have spent little prior critical thinking time evaluating the subject, and may or may not be able to show their expertise in security through the discussion.
That's ok. One should probably read such interviews with an understanding that nobody knows it all. This isn't a good enough reason for asking only the sort of questions like "what can Microsoft do to improve its security track record" though:-/
It doesn't communicate to the other people reading the question and answer anything useful regarding security.
I think it might provide a good way to steer the discussion towards security practises that are nice. It's not a small thing to be able to do source code audits. It will certainly serve fine as a way to let those security experts that do appreciate source code availability to talk about ways in which it's useful. Those who aren't familiar with the side-effects of having access to the source can always answer "I don't think this is important, because [blah] since we do and encourage [blah]".
Plus, it's not like the whole interview is this one question:)
Are you familiar with the old RSAREF license (relevant before the RSA patent expired)?
Yes. I was around for quite a while already when the patent expired.
That wasn't OSS. Taken a look at the PGP license? Again, not OSS. "OSS vs. closed source" is not an issue relevant to the security community.
Although I agree that "case studies" are important in determining if something is true of false, you're attacking the wrong sort of point. My point wasn't that "OSS is more secure" but that this (more or less) would be one of the first things I'd ask a security expert about. I don't know if there *is* an OSS issue with the security community. This is why I'd ask. If you know the answer already, from verifiable, trusted contacts you have in that community, that's cool... thanks:-)
As far as PGP or RSA is concerned, I have my doubts about the safety of the non-quite-OSS implementation of the first (I assume you are talking about PGP and not its OSS friends like GnuPG), and the second isn't safe because it was patented but because some people did the Right(TM) sort of math when writing about it. But this is increasingly off-original-topic now...
"Would you recomend free software, such as Debian or Red Hat, on the desktop?"
This is not relevant to a discussion about security. This is an attempt to slip ideology into a technical discussion. Back away.
It's probably an inappropriate question only because it is too specific, imho. One of the first things I'd probably ask a guy or girl who is known for his experience and expertise in security would definitely be something along the lines of:
"Given the increasing interest of the business world about OSS, what are, in your opinion as a security expert, the advantages if any and disadvantages that you know about of OSS when compared to closed source software?"
One might argue that this is too generic as a question, or that the question "begs for a particular sort of answer". I would encourage answers that are as objective as possible though.
If hackers are painters, then text editors are the "bowl of fruit" painting. Check freshmeat if you don't believe me.:)
Hahaha... indeed!
Last afternoon, I told a local teen that he should start with simple programs and move on to more advanced stuff a bit later, when he feels confident enough. He immediately replied "Oh cool! I'll probably write myself a small text editor then."
Not really a tool per se, but just a hint that can prove helpful. You might find the existing CVS server configuration of projects like NetBSD or FreeBSD useful. I know I did:-)
Instead of repeating the steps that others have taken to configure your CVSROOT/ stuff, you can copy existing configurations and make a few modifications to match your local style, taste, or other details of setup. For instance, this article from the FreeBSD documentation set describes how you can set things up for automatic mail notifications and commit log archiving, using the scripts developed by the FreeBSD CVS admins.
In my research field they found out that a paper that's freely available on the internet gets quoted at least three times as often as a paper that's "locked away" in a "proprietary" journal... (Couldn't find the link I was searching for for that figure, sorry).
I believe this paper of Steve Lawrence is what you were looking for:-)
Slashdot Mirror
Heh, best joke of the year! Oh, and I'm Greek, btw :)
"If you pass along an infected e-mail you are spreading a virus that could have stopped with you."
If you pass a long an infected email by forwarding an attachment that you didn't even open at all (the assumption here is that you are running a free operating system and Windows virri can't really do any damage), then you are not only spreading a virus that could have stopped with you. You are being stupid and unnecessarily annoying, and you deserve to be blacklisted.
If an MTA passes along an infected email, then clamav and other filtering programs exist. It's probably a good idea to install one.
Using (setq ...) for local bindings is un-Lispy, and you don't really have to use (if ...) for conditional assigment, because `read-string' supports a default value:
What you have there is very similar to the built-in `lgrep', `rgrep', `find-grep' and `find-grep-dired' commands. Have a look in their help. They may be useful [I like find-grep-dired a *lot* :)].
There are many ways of putting the fact that there are no GNU/Linux drivers in words:
- "Linux doesn't support my wireless NIC."
- "My wireless NIC vendor didn't supply me with GNU/Linux drivers."
- "My wireless NIC vendor only supports Windows."
It's all a matter of which POV you want to emphasize.The fact that you can't just go out, buy any random wireless NIC at Wal-Mart, plug it into your GNU/Linux laptop's PC-CARD slot and have it "automagically" work is as much a failure of GNU/Linux as it is of the vendor too. Please do not blame solely GNU/Linux for the failure of the vendor to provide wireless NIC drivers for all the platforms you want to use.
At least, with the ndiswrapper effort, GNU/Linux and other FS/OSS operating systems have shown that they are willing to go a long way towards providing their users with support for their hardware. The same sort of good-will should be shown by hardware vendors. The good thing is that some of the hardware vendors have already shown their willingness to support FS/OSS systems :-)
sudo watch -n1 "netstat -nape --inet"
Heh! That will be fun to run on anything else but Linux.
Especially on FreeBSD, which happens to have a watch(1) command but for quite a different purpose :-)
Good idea though. Something similar can be done on the BSDs and on Solaris with:
Then it would soon turn out a bit dull and back to normality, err, I mean... slashdot ;P
I must be living in a different planet, where GPl'd software is indeed a problem in corporate environments that don't feel like sharing their entire intellectual property & rights to code they have written because "it happens to link to GPL'd code".
Bzzzzzt! I don't think GPL is corporate-friendly.
The 5.X branch has moved way past 5.3 now and we all know 5.3 was released "because it was about time something was released"; not necessarily because it was a polished, . Things have improved vastly since last October.
Give a try to newer 5.X versions (i.e. 5.4 of last March or the head of the RELENG_5 branch). Things should be much more stable :-)
That's true.
Some BSD users may argue that the level of support is not very good or that Linux kernels tend to include support for "highly beta, experimental features" in stable kernels, which is not entirely false.
Others will note that the size of the BSD development teams is far smaller than "the world at large", so it's normal to have less people who can develop drivers and/or test them.
The truth is, as usual, somewhere in between :-)
If by "primative", you mean "primitive", then I have to respectfully ask that you elaborate why you think the installer is primitive.
Oh, but we do. Have a look at the description of "WITNESS" and "lock order reversal", what it is and why FreeBSD people are making their best to improve parallelismm but avoid the problems of the second with the help of the first :-)
Admittedly it's been a long way since 4.0 was "CURRENT", or even since 4.0 was first released, but there have both been an amazing amount of improvements in both the kernel and userlevel side of applications that support and make good use of parallelism. There is, of course, still a lot of room for improvement, but that's not inherently a bad thing :-)
I've had ext3 filesystems die on me or lose /etc/inittab or something worse, so I can agree about ext3fs here. I don't know about the rest though.
Yes. Your point, here, is?...True. I can bring up a FreeBSD machine after typing just a couple of lines in /etc/rc.conf, i.e.:
It's usually far more complex and some times (oh the horrors!) it practically requires a GUI to configure interfaces of a Linux machine, or guesswork for tweaking some complex, barely documented set of files underIt takes a lot of effort to support, and I mean really SUPPORT, as in be prepared to answer technical questions and resolve bug reports 24x7, a dozen or so different types of UNIX systems, be they Solaris releases, Linux distributions, or BSD versions. That's understandable. Not something I really like, but understandable...
You forgot to include:
"Discover shortly after that your sound card no longer produces any sort of sound, your video mode (provided you actually *know* what a video "mode" is) is now stuck in an unalterable 640x480 with a horrible 16-color scheme, and you have no antivirus software, which is a shame because you end up infected by the same malware scum in a couple of days, after struggling for hours to find out what the hell went wrong and you have all those new devices every time the darned thing is turned on."
Bzzzzzzzzt! Game over. Insert coin
This sounds a lot like a relatively old, but intriguing idea. "Literate Programming" is exactly what you describe.
It is exciting to write heavily documented code, but I doubt it can be done after the fact :-/
Why in good grief's name would one move to a Windows desktop and run UNIX emulators, instead of using the Real Thing(TM) in the first place? The answer "to be able to run Word 2003" is not correct, sorry... (see Open Office, AbiWord, StarOffice, etc).
The 'initialization' discards qualifiers warning is because "abcdefg" is a (const char *) and not a (char *). Changing the declaration of 'a' to (const char *) then triggers another warning:
The 'assignment of read-only location' warning provides a hint of *one* of the problems with this program.
You do have a valid point about the lack of bound checking support in the language itself though.
--
The spam in newspapers is (mostly) limited in a special area called "ads section". You have the luxury of being able to avoid nearly all the spam by avoiding to read a special section.
I haven't seen any spammers clearly tag their messages as "X-Spam: yes" to make sure I don't have to read their trash if I don't want to, though ;-)
which, of course, looks awful when you have to actually use the names later on:
I never quite got it why people find the above piece of source more elegant than say...
The ridiculous names are the cause of most of the problems people have with 80-column terminals IMHO.
Well, since you mentioned 12 points, this is too large for my taste. I usually use something around 8-9pt for printed code. But you're right it's still nice to be able to read code without semi-random wraparounds that make the rest of the page look like a mess.
--
I hope you do realise that atheism is not equivalent to Communism. The former is the denial of any belief in the existence of God, while the latter is a political system. Note that even "applied communism" is different from "communism", in general.
What was it you were trying to point out? This time, without mixing up religious belief or unbelief with political theories and/or systems, please :-)
I don't really agree here. That makes it seem as if security is something that should not 'bother' desktop users. Recent years have proven that there is an increase in desktop related problems (trojans, other forms of viruses, scans and break-ins that put at risk any computer that is networked, desktop or not). Why should we put the 'security of the desktop' aside?
That's ok. One should probably read such interviews with an understanding that nobody knows it all. This isn't a good enough reason for asking only the sort of questions like "what can Microsoft do to improve its security track record" though :-/
I think it might provide a good way to steer the discussion towards security practises that are nice. It's not a small thing to be able to do source code audits. It will certainly serve fine as a way to let those security experts that do appreciate source code availability to talk about ways in which it's useful. Those who aren't familiar with the side-effects of having access to the source can always answer "I don't think this is important, because [blah] since we do and encourage [blah]".
Plus, it's not like the whole interview is this one question :)
--
Yes. I was around for quite a while already when the patent expired.
Although I agree that "case studies" are important in determining if something is true of false, you're attacking the wrong sort of point. My point wasn't that "OSS is more secure" but that this (more or less) would be one of the first things I'd ask a security expert about. I don't know if there *is* an OSS issue with the security community. This is why I'd ask. If you know the answer already, from verifiable, trusted contacts you have in that community, that's cool... thanks :-)
As far as PGP or RSA is concerned, I have my doubts about the safety of the non-quite-OSS implementation of the first (I assume you are talking about PGP and not its OSS friends like GnuPG), and the second isn't safe because it was patented but because some people did the Right(TM) sort of math when writing about it. But this is increasingly off-original-topic now...
--
It's probably an inappropriate question only because it is too specific, imho. One of the first things I'd probably ask a guy or girl who is known for his experience and expertise in security would definitely be something along the lines of:
"Given the increasing interest of the business world about OSS, what are, in your opinion as a security expert, the advantages if any and disadvantages that you know about of OSS when compared to closed source software?"
One might argue that this is too generic as a question, or that the question "begs for a particular sort of answer". I would encourage answers that are as objective as possible though.
--
Hahaha... indeed!
Last afternoon, I told a local teen that he should start with simple programs and move on to more advanced stuff a bit later, when he feels confident enough. He immediately replied "Oh cool! I'll probably write myself a small text editor then."
I nodded and smiled :)
Not really a tool per se, but just a hint that can prove helpful. You might find the existing CVS server configuration of projects like NetBSD or FreeBSD useful. I know I did :-)
Instead of repeating the steps that others have taken to configure your CVSROOT/ stuff, you can copy existing configurations and make a few modifications to match your local style, taste, or other details of setup. For instance, this article from the FreeBSD documentation set describes how you can set things up for automatic mail notifications and commit log archiving, using the scripts developed by the FreeBSD CVS admins.
--I believe this paper of Steve Lawrence is what you were looking for :-)
--