Sadly, the musical note is 'see sharp', whereas Microsoft's language is 'see octothorp'. Which almost certainly gives Microsoft clear title to the term.
4.) Ease of use and security are inversely proportional.
This bit of dogma always bothers me. On my OS X Mac at home, I enabled my firewall in one click. When I feel like having my web server running, it also takes one click. Note that enabling the web server also opened up port 80 in the firewall. That's easy to use and quite sensible.
At work, I insist on running OpenBSD as our web server OS. To achieve a similar configuration, you have to learn how to configure and enable PF through its/etc text file. Once you figure it out - and in all honesty it isn't so hard - you can put together a configuration equivilent in security to what I achieve at home with a couple of clicks. But by this rule I keep hearing, my home Mac is less secure than my web server at work. It must be, because it was much easier to configure.
This oft-cited inverse proportional relationship ignores at least two other important variables. One is obviously flexibility, which is much easier to achieve with traditional UNIX-style text configuration files. The other variable is polish; Apple puts a great deal of thought into how its systems' features should be presented and integrated.
I understand people like these little sound-bite rules, but this one just doesn't stand up to reasonable scrutiny.
Ok, Gates claims he never said it. Great. I'd leave it at that, but I went to a talk he gave at the University of Waterloo in 1989, and he did meekly accept responsibility for that quote. We all politely chuckled, and the talk went on.
I could easily be mistaken, as that was quite a while ago, but I distinctly remember it as a mea culpa.
What's up with the NYTimes link in the article? Did the submitter decide to track people through a webmasterworld.com referal, or is this a/. experiment?
In case it isn't obvious, the National Post is a very right wing paper, at least in Canadian terms. That doesn't mean they are wrong, but they have a history of taking any opportunity to attack the Kyoto Accord.
As a case in point, I offer the title, subtitle and byline for the article:
Kyoto debunked
A pillar of the Kyoto Accord is based on flawed calculations, incorrect data and an overtly biased selection of climate records, an important new paper reveals
Tim Patterson
Financial Post
I would say, for instance, that a more cautious interpretation would be that an important new paper suggests flaws in the research, not that it reveals it. Particularly if I were a writer for a business & economics paper, not a climate change researcher. And then there is the title itself...
To give credit where it is due, he does tend to use the phrase 'climate change' rather than the older 'global warming', which is a more accurate description of what the body of research underpinning Kyoto actually suggests. Usually you can spot biased participants in debates like this by their choice of language.
Personally, I have never taken sides over whether climate change is likely to be a reality or not. I don't need it as a justification for my environmental leanings. I think there are many national security and economic justifications for taking such actions as improving energy efficiency throughout society without relying on theories such as climate change that are far beyond my ability to competently analyze. So go ahead and tear Kyoto apart if you care to, but don't use that as an excuse to increase dependence on Middle East oil, for example.
And I haven't seen a big appetite for new nuclear or coal power plants in the US as of late either.
I'm arguing for moderation on the part of OSS folks, not for any support of SCO.
I have to agree with you there. Not that I want to, mind you. What I want to do is jump up and down and scream at SCO for threatening Linux et al. But whatever SCO is up to, a lot of posturing and PR spin is clearly part of the game plan. It isn't like that is rare in lawsuits.
So, as you suggest, I will calm down, get on with my life, and wait to see what happens.
Neither of us is going to make careers out of submitting slashdot articles, I'm afraid.
I don't disagree with everything you say, but one point seems a little hard to support:
For the record (and those who can't get to the article), SCO did not say anthing about suing Red Hat or SuSE.
You then proceed to quote the article:
There will be a day of reckoning for Red Hat and SuSE when this is done. But we're focused on the IBM situation.
It seems totally unreasonable to you to interpret that as a threat to sue? It is a pack of lies? I don't know how to respond to that, but I'll try by a completely hypothetical example:
Someday you will die, but right now I'm busy killing this other guy.
If someone told me that, I'd be calling the police. But you would be totally unconcerned?
Wow. Lots of discussions of puzzle questions here. Does that mean it is off topic to suggest that this was a really well written book review? I don't remember ever reading a review of this quality on Slashdot, although I don't read them all.
I'll be the one pulling the laptop out from underneath the Major's corpse trying to figure out where the heck is the second mouse button went.
Then just plug in a standard USB two button mouse and be done with it. I'd recommend a scroll mouse, personally.
I'm using a Logitech optical scroll mouse right now on my iMac. No drivers to install or anything. The right button brings up context menus on just about anything, and AppleWorks is the only program I have that doesn't respond to the scroll wheel.
I love the look and feel of the Apple 'Pro Mouse', and I'd pay Apple $50 for a two button scroll wheel version, but I'm perfectly happy to put up with this one piece of ugly beige plastic to get its superior functionality.
I almost bought a digital camera near the beginning of this year, and then Foveon announced "immediate availability" of their X3 sensor (Feb 11 press release). I was going to nominate them just now, but checking their site I see they announced on Nov 17 that the Sigma SD9 is actually available for purchase.
Still I had to check that Froogle had some listings for this thing before I let off the trigger finger. Now I just wish they'd put out some consumer-level cameras with the thing, like they claimed should have been available soon.
At any rate, it has been confirmed that the 10.2.3 update patches the security holes in the CUPS code in addition to lots of other security and performance-related stuff.
Ok, fixes for CUPS updates are good. But for most home users, wouldn't they be safe behind the OS's default firewall configuration anyway? Nobody on the net has any business opening connections to anything but my ssh port, and even that wasn't accessible externally until I found the right checkbox.
Almost all of my spam is from taiwan or china and sadly enough yahoo mail doesn't provide any good way to filter this out when the messages have fake headers.
I find Yahoo has decent spam filtering. Ok, more accurately, it lets you create your own decent filters. There is no statistical filtering or anything, unfortunately.
Let's say your email address is "spam_victim@y.c". In your first rule, run: "If subject contains 'spam_victim' move message to trash." That gets rid of all those "Special offer for spam_victim!" messages.
In your last rule, put "If To/CC does not contain spam_victim@y.c move message to trash." I.e. trash all Bcc'd messages. Most spam is delivered this way.
Now you just need to check your trash once in a while for legitimate mailing list subscriptions, and white-list the sender: "If From contains goodguy@example.com move message to inbox."
I get lots of spam at Yahoo, but this gets rid of 95% of it.
I've just started using Emusic, and I really like it so far. It works great on OS X downloading with Chimera [mozilla based], but I find on my Windows box at work that it works better with IE than Mozilla. The thing with Emusic is that you will want to use a download manager to pull down several mp3's at a time, and Mozilla doesn't seem to integrate as well with Emusic's Windows download manager as IE does. Maybe its my configuration, but as I say, I've just started using Emusic.
I expect that it would work fine on other UNIX OS's, at least if you have Mozilla available.
You have to accept that 128kbps mp3 is your only download option, and you aren't getting much (if any) recent major label content. No Britney.
I tried Napster & Gnutella, but I don't like the ethics involved.
I used to use mp3.com, but I gave up on it because it felt like I was wading through too much junk trying to find the occasional bits of good stuff. I don't have the time or intestinal fortitude for that. I'm theorizing that the fact that Emusic bands are all signed to labels may be some kind of minimal quality filter. Maybe mp3.com has changed since 2000 or thereabout, so YMMV. At any rate, so far, so good on the Emusic band quality front.
Emusic has a surprisingly large collection of older stuff as well, (i.e. Judy Garland, Louis Armstrong, Ella Fitzgerald, Benny Goodman) if you are into it. And lots of classical music, although 128kbps mp3 starts to show through more here than anywhere else, in my opinion.
Emusic isn't the Heavenly Jukebox people were hoping for in the early days of the mp3 revolution. But its compromises are small enough and user friendly enough that I'm happy to spend US$10/month on their service. I get all the decent quality mp3's I can listen too, and I can feel good about doing it.
They pick shitty passwords, leave tons of security holes open, don't bother patching, and don't even know what they're doing is unsafe.
Right, in which case they are placing themselves at risk. My mother's computer is running Norton AV with regularly updated definitions, and it has Windows Critical Update Notification enabled. I believe that these measures, plus reasonable caution on the part of the user, ought to be enough to keep someone safe from all but persistent, directed attacks. I mean, if someone really wants in, they can always break in and steal the hardware.
I just don't think that Microsoft has put together a full solution here, suitable for use on a home computer, if known-bad code signed by Microsoft can still be accepted by a fully patched machine.
but I think Microsoft is doing the right thing here. They are in a pickle and they have given a good solution
I've seen this said several times now, how Microsoft's solution is a good one, but I can't accept that claim.
A good solution is one I can apply to my Mother's home PC and feel confident that the problem will stay solved. If I have to explain to her that she should never "trust Microsoft", the Windows UI is broken.
Yes, she can remember this rule, but she shouldn't have to. As other people occasionally use her computer, she would also have to explain the rule to them, or learn to go through the process of regularly checking that nobody has added any trusted certificates to her computer.
DirectX is no industry standard. OpenGL is. Killing off OpenGL is VERY hard to do.
Unless you have some help from the patent office. What are the odds Microsoft has a pile of DirectX 9 software patent applications slowly wandering their way through the USPTO?
I installed it once, badly. It had a hard time with my hardware, and I guess I didn't spend enough time figuring out how to administer it. It seemed easier just to flip back to Red Hat.
But if you are suggesting it has the equivalent of Windows Update, in which a browser or other GUI app tells the user what security updates are required, and allows the user to download and install them in a point-and-click manner, then (a) I'll definitely be giving it another go, and (b) I am much more hopeful for Linux on the desktop. If you are referring to some command-line capability, than (a) may apply, but (b) won't.
And yes, I am familiar with Red Hat's GUI-bassed RHN service, but US$60/year for updates is a little steep. Nice, but steep.
My original point still stands, however; if Exremadura is going to have a large number of non-technical home users without sysadmins to support them on Linux, I'm nervous about what happens when security problems are found.
The bugs I'm worried about are security bugs. What happens when remotely exploitable holes start showing up in this distribution?
The one feature I like about Windows (& Mac OS) that I haven't seen in any Linux distribution yet is no cost, easy to install security patches. Windows Update, Critical Update Notification, and the like. Non-geeks aren't going to cope too well with, "download this patch, apply it, recompile, and restart the affected service (or reboot)."
Does Extremadura have something in place to handle this?
Summarizing about half the posts in this discussion, SuperDuG says:
Personally I don't see a need to switch to 2.0 yet. My site runs just fine on 1.x series.
Another large group (myself included) seems to be waiting until PHP et al are widely considered stable on the new platform, which in the case of PHP will occur sometime after the Zend site has a big fat endorsement on its front page.
The only reason I am looking at Apache 2.0 before that endorsement goes up is the Subversion project. This is a free software replacement for CVS which is getting relatively close to release and which will provide nice little features that CVS doesn't have like versioned moves and renames for files and directories. That one feature alone will make me very happy. The Subversion server requires Apache 2.0 for remote access, therefore 2.0 becomes more immediately interesting to me.
Wouldn't it be a little ironic if version control was what finally drove migration from the 1.3 series to 2.0?
Lets say you have dump/restore or something available through Mac OS X on your 60GB hard drive. What do you dump *to*? 3 to 6 tapes for a DDS3 DAT backup? A 60GB iPod?
My G4 iMac went corrupt on me. Luckily I could restore my user directory from an iPod backup. But especially after that experience I'd like to do a full backup once in a while to catch all my apps & such, and I can't see anything that looks remotely cost effective for a backup medium, once you start getting larger drives (and presumably filling them).
What I can't wait for are things like a DiVX player (DivX movies on TV!), Linux -> and with it all those wonderful applications, DVD Movies without the hardware adapter, etc. and all of this for only 200 bucks!
I keep wondering if an Xbox with keyboard, mouse & montior, running Linux, might not make a good, inexpensive classroom computer? I mean, the box is already rad-hardened against hyperactive game-playing children, right?
Slashdot Mirror
Can piano teachers please patent C# asap?
Sadly, the musical note is 'see sharp', whereas Microsoft's language is 'see octothorp'. Which almost certainly gives Microsoft clear title to the term.
4.) Ease of use and security are inversely proportional.
This bit of dogma always bothers me. On my OS X Mac at home, I enabled my firewall in one click. When I feel like having my web server running, it also takes one click. Note that enabling the web server also opened up port 80 in the firewall. That's easy to use and quite sensible.
At work, I insist on running OpenBSD as our web server OS. To achieve a similar configuration, you have to learn how to configure and enable PF through its /etc text file. Once you figure it out - and in all honesty it isn't so hard - you can put together a configuration equivilent in security to what I achieve at home with a couple of clicks. But by this rule I keep hearing, my home Mac is less secure than my web server at work. It must be, because it was much easier to configure.
This oft-cited inverse proportional relationship ignores at least two other important variables. One is obviously flexibility, which is much easier to achieve with traditional UNIX-style text configuration files. The other variable is polish; Apple puts a great deal of thought into how its systems' features should be presented and integrated.
I understand people like these little sound-bite rules, but this one just doesn't stand up to reasonable scrutiny.
Ok, Gates claims he never said it. Great. I'd leave it at that, but I went to a talk he gave at the University of Waterloo in 1989, and he did meekly accept responsibility for that quote. We all politely chuckled, and the talk went on.
I could easily be mistaken, as that was quite a while ago, but I distinctly remember it as a mea culpa.
What's up with the NYTimes link in the article? Did the submitter decide to track people through a webmasterworld.com referal, or is this a /. experiment?
How were those volunteer panelists chosen?
Good question. 40,000 is a lot of people to voluntarily allow NPD Group to install monitoring software on their computers.
I wonder if some program out there somewhere has a computer monitoring clause in its EULA? It would be funny if it were Kazaa.
That doesn't imply local warming must occur, but rather that the weather becomes more unpredictable.
That is why people in this field generally refer to 'climate change' now, instead of the older term 'global warming'.
In case it isn't obvious, the National Post is a very right wing paper, at least in Canadian terms. That doesn't mean they are wrong, but they have a history of taking any opportunity to attack the Kyoto Accord.
As a case in point, I offer the title, subtitle and byline for the article:
I would say, for instance, that a more cautious interpretation would be that an important new paper suggests flaws in the research, not that it reveals it. Particularly if I were a writer for a business & economics paper, not a climate change researcher. And then there is the title itself...
To give credit where it is due, he does tend to use the phrase 'climate change' rather than the older 'global warming', which is a more accurate description of what the body of research underpinning Kyoto actually suggests. Usually you can spot biased participants in debates like this by their choice of language.
Personally, I have never taken sides over whether climate change is likely to be a reality or not. I don't need it as a justification for my environmental leanings. I think there are many national security and economic justifications for taking such actions as improving energy efficiency throughout society without relying on theories such as climate change that are far beyond my ability to competently analyze. So go ahead and tear Kyoto apart if you care to, but don't use that as an excuse to increase dependence on Middle East oil, for example.
And I haven't seen a big appetite for new nuclear or coal power plants in the US as of late either.
Dear Steve,
Please don't allow this service in Canada. My credit card might melt.
Thanks.
I'm arguing for moderation on the part of OSS folks, not for any support of SCO.
I have to agree with you there. Not that I want to, mind you. What I want to do is jump up and down and scream at SCO for threatening Linux et al. But whatever SCO is up to, a lot of posturing and PR spin is clearly part of the game plan. It isn't like that is rare in lawsuits.
So, as you suggest, I will calm down, get on with my life, and wait to see what happens.
Neither of us is going to make careers out of submitting slashdot articles, I'm afraid.
I don't disagree with everything you say, but one point seems a little hard to support:
You then proceed to quote the article:
It seems totally unreasonable to you to interpret that as a threat to sue? It is a pack of lies? I don't know how to respond to that, but I'll try by a completely hypothetical example:
If someone told me that, I'd be calling the police. But you would be totally unconcerned?
Wow. Lots of discussions of puzzle questions here. Does that mean it is off topic to suggest that this was a really well written book review? I don't remember ever reading a review of this quality on Slashdot, although I don't read them all.
OT, but...
I'll be the one pulling the laptop out from underneath the Major's corpse trying to figure out where the heck is the second mouse button went.
Then just plug in a standard USB two button mouse and be done with it. I'd recommend a scroll mouse, personally.
I'm using a Logitech optical scroll mouse right now on my iMac. No drivers to install or anything. The right button brings up context menus on just about anything, and AppleWorks is the only program I have that doesn't respond to the scroll wheel.
I love the look and feel of the Apple 'Pro Mouse', and I'd pay Apple $50 for a two button scroll wheel version, but I'm perfectly happy to put up with this one piece of ugly beige plastic to get its superior functionality.
How do they know he returned his original iTunes SDK, and not a copy?
Do the bits smell fruity, or carbon-blacky?
I almost bought a digital camera near the beginning of this year, and then Foveon announced "immediate availability" of their X3 sensor (Feb 11 press release). I was going to nominate them just now, but checking their site I see they announced on Nov 17 that the Sigma SD9 is actually available for purchase.
Still I had to check that Froogle had some listings for this thing before I let off the trigger finger. Now I just wish they'd put out some consumer-level cameras with the thing, like they claimed should have been available soon.
At any rate, it has been confirmed that the 10.2.3 update patches the security holes in the CUPS code in addition to lots of other security and performance-related stuff.
Ok, fixes for CUPS updates are good. But for most home users, wouldn't they be safe behind the OS's default firewall configuration anyway? Nobody on the net has any business opening connections to anything but my ssh port, and even that wasn't accessible externally until I found the right checkbox.
Almost all of my spam is from taiwan or china and sadly enough yahoo mail doesn't provide any good way to filter this out when the messages have fake headers.
I find Yahoo has decent spam filtering. Ok, more accurately, it lets you create your own decent filters. There is no statistical filtering or anything, unfortunately.
Let's say your email address is "spam_victim@y.c". In your first rule, run: "If subject contains 'spam_victim' move message to trash." That gets rid of all those "Special offer for spam_victim!" messages.
In your last rule, put "If To/CC does not contain spam_victim@y.c move message to trash." I.e. trash all Bcc'd messages. Most spam is delivered this way.
Now you just need to check your trash once in a while for legitimate mailing list subscriptions, and white-list the sender: "If From contains goodguy@example.com move message to inbox."
I get lots of spam at Yahoo, but this gets rid of 95% of it.
Ok, here's a mini-review:
I've just started using Emusic, and I really like it so far. It works great on OS X downloading with Chimera [mozilla based], but I find on my Windows box at work that it works better with IE than Mozilla. The thing with Emusic is that you will want to use a download manager to pull down several mp3's at a time, and Mozilla doesn't seem to integrate as well with Emusic's Windows download manager as IE does. Maybe its my configuration, but as I say, I've just started using Emusic.
I expect that it would work fine on other UNIX OS's, at least if you have Mozilla available.
You have to accept that 128kbps mp3 is your only download option, and you aren't getting much (if any) recent major label content. No Britney.
I tried Napster & Gnutella, but I don't like the ethics involved.
I used to use mp3.com, but I gave up on it because it felt like I was wading through too much junk trying to find the occasional bits of good stuff. I don't have the time or intestinal fortitude for that. I'm theorizing that the fact that Emusic bands are all signed to labels may be some kind of minimal quality filter. Maybe mp3.com has changed since 2000 or thereabout, so YMMV. At any rate, so far, so good on the Emusic band quality front.
Emusic has a surprisingly large collection of older stuff as well, (i.e. Judy Garland, Louis Armstrong, Ella Fitzgerald, Benny Goodman) if you are into it. And lots of classical music, although 128kbps mp3 starts to show through more here than anywhere else, in my opinion.
Emusic isn't the Heavenly Jukebox people were hoping for in the early days of the mp3 revolution. But its compromises are small enough and user friendly enough that I'm happy to spend US$10/month on their service. I get all the decent quality mp3's I can listen too, and I can feel good about doing it.
They pick shitty passwords, leave tons of security holes open, don't bother patching, and don't even know what they're doing is unsafe.
Right, in which case they are placing themselves at risk. My mother's computer is running Norton AV with regularly updated definitions, and it has Windows Critical Update Notification enabled. I believe that these measures, plus reasonable caution on the part of the user, ought to be enough to keep someone safe from all but persistent, directed attacks. I mean, if someone really wants in, they can always break in and steal the hardware.
I just don't think that Microsoft has put together a full solution here, suitable for use on a home computer, if known-bad code signed by Microsoft can still be accepted by a fully patched machine.
but I think Microsoft is doing the right thing here. They are in a pickle and they have given a good solution
I've seen this said several times now, how Microsoft's solution is a good one, but I can't accept that claim.
A good solution is one I can apply to my Mother's home PC and feel confident that the problem will stay solved. If I have to explain to her that she should never "trust Microsoft", the Windows UI is broken.
Yes, she can remember this rule, but she shouldn't have to. As other people occasionally use her computer, she would also have to explain the rule to them, or learn to go through the process of regularly checking that nobody has added any trusted certificates to her computer.
Is that reasonable? For a home computer?
DirectX is no industry standard. OpenGL is. Killing off OpenGL is VERY hard to do.
Unless you have some help from the patent office. What are the odds Microsoft has a pile of DirectX 9 software patent applications slowly wandering their way through the USPTO?
You haven't heard of Debian have you?
I installed it once, badly. It had a hard time with my hardware, and I guess I didn't spend enough time figuring out how to administer it. It seemed easier just to flip back to Red Hat.
But if you are suggesting it has the equivalent of Windows Update, in which a browser or other GUI app tells the user what security updates are required, and allows the user to download and install them in a point-and-click manner, then (a) I'll definitely be giving it another go, and (b) I am much more hopeful for Linux on the desktop. If you are referring to some command-line capability, than (a) may apply, but (b) won't.
And yes, I am familiar with Red Hat's GUI-bassed RHN service, but US$60/year for updates is a little steep. Nice, but steep.
My original point still stands, however; if Exremadura is going to have a large number of non-technical home users without sysadmins to support them on Linux, I'm nervous about what happens when security problems are found.
The bugs I'm worried about are security bugs. What happens when remotely exploitable holes start showing up in this distribution?
The one feature I like about Windows (& Mac OS) that I haven't seen in any Linux distribution yet is no cost, easy to install security patches. Windows Update, Critical Update Notification, and the like. Non-geeks aren't going to cope too well with, "download this patch, apply it, recompile, and restart the affected service (or reboot)."
Does Extremadura have something in place to handle this?
Summarizing about half the posts in this discussion, SuperDuG says:
Personally I don't see a need to switch to 2.0 yet. My site runs just fine on 1.x series.
Another large group (myself included) seems to be waiting until PHP et al are widely considered stable on the new platform, which in the case of PHP will occur sometime after the Zend site has a big fat endorsement on its front page.
The only reason I am looking at Apache 2.0 before that endorsement goes up is the Subversion project. This is a free software replacement for CVS which is getting relatively close to release and which will provide nice little features that CVS doesn't have like versioned moves and renames for files and directories. That one feature alone will make me very happy. The Subversion server requires Apache 2.0 for remote access, therefore 2.0 becomes more immediately interesting to me.
Wouldn't it be a little ironic if version control was what finally drove migration from the 1.3 series to 2.0?
A little off topic, but please forgive me.
Lets say you have dump/restore or something available through Mac OS X on your 60GB hard drive. What do you dump *to*? 3 to 6 tapes for a DDS3 DAT backup? A 60GB iPod?
My G4 iMac went corrupt on me. Luckily I could restore my user directory from an iPod backup. But especially after that experience I'd like to do a full backup once in a while to catch all my apps & such, and I can't see anything that looks remotely cost effective for a backup medium, once you start getting larger drives (and presumably filling them).
Any ideas?
What I can't wait for are things like a DiVX player (DivX movies on TV!), Linux -> and with it all those wonderful applications, DVD Movies without the hardware adapter, etc. and all of this for only 200 bucks!
I keep wondering if an Xbox with keyboard, mouse & montior, running Linux, might not make a good, inexpensive classroom computer? I mean, the box is already rad-hardened against hyperactive game-playing children, right?
Is there any chance this would work?