Either I don't get your 'humor' or you are plain stupid, referring to German speakers as nazi's.
Anyway, this techweb article tells you how productive Germans are in the open source world. Now it may be true that open source programmers don't make up as much of the slashdot gang as they used to, but there probably still are quite a lot of German slashdot readers.
This was my last Slashdot read. Posting quality has degraded nicely over the past few years. Now if Slashdot thinks it's necessary to let Katz expose his intellect by telling the world how important it can be NOT to vote, then obviously I don't belong here.
Maybe Mozilla still crashes on some pages, but then again so does Netscape Communicator. Stability, for me at least, isn't the Mozilla show stopper anymore. Communicator crashes more often on me nowadays! But I don't visit a lot of Java-rich sites..
It's still a memory hog though, and doesn't always respond well. Sometimes it's really slow.
.. or use an non-proprietary-dependent chatty thingee. I agree, people should know better than to use non-free 'free stuff' from Big Business Boys. There always is a catch.
How would you at all determine whether anybody is an expert at security then, short of being one yourself? It's all about reputation. And to my knowledge, the developers of e.g. OpenSSL and OpenSSH have a reputation that at least approaches that of developers at RSA and say, F-Secure. With the big difference that RSA and F-Secure can point fingers at flaws in OpenSSL/SSH design, and not always the other way round. Although a lot of security companies, probably not without reason, tend to be openish themselves; this at least partly goes for RSA and F-Secure also.
The point here is that open source is auto-hardening. 'Normal' closed commercial software which is being attacked is hopefully fixed, but nobody, expert or not, can review the resulting, if at all, design changes. What remains is name calling: 'Novell had this flaw' 'Microsoft had that' 'SCO such and such'. With open source name calling doesn't really help cause everybody (including experts) can see whether you are actually adapting.
I think that incompetent open code would be rather quickly dismissed by people/of reputation/, looking over their shoulders. If it doesn't get dismissed then chances are the 'core team' of that piece of code are probably quite expert.
About peer review: of course most people potentially having a look at the code don't know what they're looking at. But there are always experts ou there, who tend to be interested in their field. You bet they are watching!
In a broader view, of course there are no guarantees that open source software is 'secure'. But security/encryption related OSS packages probably are, more or less. If other packages use these few firmly audited crypto libs for encryption related stuff, and adapt a 'secure' coding style with regards to buffer overflows/memory leaks and such (which is reviewable by a much larger group, although I admit yet not everybody), then what results is very nicely secured software. I don't see this advantage in the closed source world.
Apache as an example: everybody can check out and see that apache uses mod_ssl uses openssl. Also, everybody can check out whether Apache has been audited. So everybody can make a rough estimate about the security mindedness of Apache. IIS: not so (apart from experience)
I apologize for my less then compact writing here, this could be better I'm sure. The point is that while there is no guarantee, there can hardly be a disadvantage. Overall people will be better out with open source.
In the end they don't really disagree; where ESR says Open Source security would be better almost by definition, whereas Elias Levy notes that the 'open source way' is potentially better but it all depends on the many eyes actually watching/being able to watch for harmful code (the cc malicious chicken and egg problem aside; but proprietary software doesn't seem to offer any advantage here).
Then again, there's mostly a small team of hard core developers for any open source project, and especially the (mostly technical) security related stuff. Any nasty stuff would probably have to be done by someone inside such a team. An outsider trying to submit something 'bad' would very probably be noticed by one of the core members.
So if, as a user, you don't want to code everything yourself, it all comes down, I think, to trust. The only question in the open source vs proprietary case is: who do you trust more in the end, a proprietary developer team or an open one.
Security by Obscurity could maybe temporarily help the Proprietary case, but the 'Exploit-Found' scenerio would always turn out better for Open Source: more fixers, hence quicker fixes. And the fix-it-yourself option.
Documented, normally disabled 'backdoors' for which you need physical access, yes maybe. Undocumented backdoors, opened at the manufacturers' whim, no!
If this is true, they did/not/ do a good thing here, they did a foolish, security-dumb thing. Lots of people will still have this enabled within a year from now. While this goes for any security breach, this one has been put in deliberately.
Would such software be in use in my organization, then I would sue the hell out of MS for this.
Check this out: slackintosh.exploits.org. Slackintosh is (to be) Slackware for PowerMacs. As I understand it, installation can be done but Your Mileage May Vary. Unfortunately I only have one of these early PowerMacs with NuBus, which isn't supported by vanilla kernels, so I didn't yet have the chance to try it myself.
Porting to Crusoe would indeed at this time mean porting to x86. But that other, really interesting bit of info in that rumour article would indeed need porting to a new platform:
... -- and tenuous evidence suggests that AMD may also have shown interest in supporting Darwin with a modified version of its Athlon processor that has been stripped of its x86 emulation hardware.
Now maybe this is old news for some, but I didn't know that AMD seriously considered stripping the Athlon of its x86 legacy stuff. Such a processor could/really/ be something!
IMHO, whereas I agree about the less controlled nature of linux as a whole, wrt things like upgrading, security and interoperability of the various parts, in practice the situation is mostly well-organized with Linux also. This is due to the fact that about nobody assembles his or her own general Linux system.
Rather, everybody uses this or that distro, and most distro's at least take care of patches and announcements. Upgrades are not so bad either, for most of them (says this Slackware man:)
On security, the more controlled way of development is indeed probably a plus, even though I think most of the ports collection, of which you'd probably install quite some packages, is no different from what's in any Linux distro.
The only way, I'd say, to mobilize public support needed for 'going outer space' the old-fashioned, exploring way, is when there's another war or semi-war were 'we' need to get 'there' before 'they' do (whoever and where-ever). That, not the spinning off romance, was the reason for the Apollo Project in the first place.
That's also why, contrary to what the article says, it isn't at all surprising that people lost interest, once having beaten the Sovjets to the moon. It has indeed cost huge amounts of money and not all people are fascinated by science fiction.
I'm sure somebody must have explained what the acronym QA stands for, somewhere earlier in the discussion, but I can't find it. My guess would be Quality Assessment but I can't be sure.
Does anybody understand _why_ Unisys persues this? I might understand if they were a tiny setup and just somehow acquired the LZW patent in hopes to become really rich.
But Unisys is a very big player, they do al sorts of things. This gives them a lot of bad press, over (for them) a smallish non-issue! The way I see it it could make more sense to give LZW to the world, in order to get themselves some nice ride-the-open-source-wave publicity.
Of course, if the cash they virtually counted would really stream in, it _would_ probably worthwhile. But there's little chance of that, for reasons named all over this discussion: GIF is becoming outdated about _now_, there are alternatives and it's hard to enforce this anyway.
Info is hardly userfriendly, but fortunately somebody (Przemek Borys from Poland) made a more usable browser for it: pinfo. It feels more or less like lynx.
I have found the LDP docs of _excellent_ quality in cases where I wanted to now a lot about how the system works. Usenet is great if you want to get answers to particular questions, but if you need the whole story then LDP is superb. Since 2.2 it seems that updates have been slower, I think that's exactly the problem which Matt is addressing.
Could it be that with the 'userfriendly' distributions (RedHat, SuSe) nowadays less people are interested in the whole story? That could be another reason for lags in documentation.
Slashdot Mirror
Same in Holland...
Either I don't get your 'humor' or you are plain stupid, referring to German speakers as nazi's.
Anyway, this techweb article tells you how productive Germans are in the open source world. Now it may be true that open source programmers don't make up as much of the slashdot gang as they used to, but there probably still are quite a lot of German slashdot readers.
This was my last Slashdot read. Posting quality has degraded nicely over the past few years. Now if Slashdot thinks it's necessary to let Katz expose his intellect by telling the world how important it can be NOT to vote, then obviously I don't belong here.
Howdy!
.. so they probably don't care about MacOS
Maybe Mozilla still crashes on some pages, but then again so does Netscape Communicator. Stability, for me at least, isn't the Mozilla show stopper anymore. Communicator crashes more often on me nowadays! But I don't visit a lot of Java-rich sites..
It's still a memory hog though, and doesn't always respond well. Sometimes it's really slow.
.. or use an non-proprietary-dependent chatty thingee. I agree, people should know better than to use non-free 'free stuff' from Big Business Boys. There always is a catch.
The new Coolpix 990 is great (but not cheap at about $900), judging from this in-depth review by Phil Askey of dpreview.com.
How would you at all determine whether anybody is an expert at security then, short of being one yourself? It's all about reputation. And to my knowledge, the developers of e.g. OpenSSL and OpenSSH have a reputation that at least approaches that of developers at RSA and say, F-Secure. With the big difference that RSA and F-Secure can point fingers at flaws in OpenSSL/SSH design, and not always the other way round. Although a lot of security companies, probably not without reason, tend to be openish themselves; this at least partly goes for RSA and F-Secure also.
/of reputation/, looking over their shoulders. If it doesn't get dismissed then chances are the 'core team' of that piece of code are probably quite expert.
The point here is that open source is auto-hardening. 'Normal' closed commercial software which is being attacked is hopefully fixed, but nobody, expert or not, can review the resulting, if at all, design changes. What remains is name calling: 'Novell had this flaw' 'Microsoft had that' 'SCO such and such'. With open source name calling doesn't really help cause everybody (including experts) can see whether you are actually adapting.
I think that incompetent open code would be rather quickly dismissed by people
About peer review: of course most people potentially having a look at the code don't know what they're looking at. But there are always experts ou there, who tend to be interested in their field. You bet they are watching!
In a broader view, of course there are no guarantees that open source software is 'secure'. But security/encryption related OSS packages probably are, more or less. If other packages use these few firmly audited crypto libs for encryption related stuff, and adapt a 'secure' coding style with regards to buffer overflows/memory leaks and such (which is reviewable by a much larger group, although I admit yet not everybody), then what results is very nicely secured software. I don't see this advantage in the closed source world.
Apache as an example: everybody can check out and see that apache uses mod_ssl uses openssl. Also, everybody can check out whether Apache has been audited. So everybody can make a rough estimate about the security mindedness of Apache.
IIS: not so (apart from experience)
I apologize for my less then compact writing here, this could be better I'm sure. The point is that while there is no guarantee, there can hardly be a disadvantage. Overall people will be better out with open source.
In the end they don't really disagree; where ESR says Open Source security would be better almost by definition, whereas Elias Levy notes that the 'open source way' is potentially better but it all depends on the many eyes actually watching/being able to watch for harmful code (the cc malicious chicken and egg problem aside; but proprietary software doesn't seem to offer any advantage here).
Then again, there's mostly a small team of hard core developers for any open source project, and especially the (mostly technical) security related stuff. Any nasty stuff would probably have to be done by someone inside such a team. An outsider trying to submit something 'bad' would very probably be noticed by one of the core members.
So if, as a user, you don't want to code everything yourself, it all comes down, I think, to trust. The only question in the open source vs proprietary case is: who do you trust more in the end, a proprietary developer team or an open one.
Security by Obscurity could maybe temporarily help the Proprietary case, but the 'Exploit-Found' scenerio would always turn out better for Open Source: more fixers, hence quicker fixes. And the fix-it-yourself option.
Documented, normally disabled 'backdoors' for which you need physical access, yes maybe. Undocumented backdoors, opened at the manufacturers' whim, no!
/not/ do a good thing here, they did a foolish, security-dumb thing. Lots of people will still have this enabled within a year from now. While this goes for any security breach, this one has been put in deliberately.
If this is true, they did
Would such software be in use in my organization, then I would sue the hell out of MS for this.
400 Mbit/s Firewire as an ethernet replacement, well maybe, but then what about Gigabit ethernet (1000 Mbit/s) as a SCSI/Firewire alternative?
Is that plausible?
Check this out: slackintosh.exploits.org. Slackintosh is (to be) Slackware for PowerMacs. As I understand it, installation can be done but Your Mileage May Vary. Unfortunately I only have one of these early PowerMacs with NuBus, which isn't supported by vanilla kernels, so I didn't yet have the chance to try it myself.
Slashdot would be the obvious example, right? So ask CmdrTaco and his crew, and take care to download en fiddle with Slash first!
FWIW: I agree. Not all Jon Katz's posts are worth while but this one is, I would say. Anyway, whining about his articles never makes sense.
What I would really like to see as a standard feature these days, on any computer but especially laptops in this range, is /ethernet/.
I really don't understand why a 3D accelerator is considered more esential than networking.
And I don't think a simple 10/100 Mbit implementation would make the thing much more power hungry or expensive or bigger or whatever.
Porting to Crusoe would indeed at this time mean porting to x86. But that other, really interesting bit of info in that rumour article would indeed need porting to a new platform:
... -- and tenuous evidence suggests that AMD may also have shown interest in supporting Darwin with a modified version of its Athlon processor that has been stripped of its x86 emulation hardware.
Now maybe this is old news for some, but I didn't know that AMD seriously considered stripping the Athlon of its x86 legacy stuff. Such a processor couldGood piece!
:)
IMHO, whereas I agree about the less controlled nature of linux as a whole, wrt things like upgrading, security and interoperability of the various parts, in practice the situation is mostly well-organized with Linux also. This is due to the fact that about nobody assembles his or her own general Linux system.
Rather, everybody uses this or that distro, and most distro's at least take care of patches and announcements. Upgrades are not so bad either, for most of them (says this Slackware man
On security, the more controlled way of development is indeed probably a plus, even though I think most of the ports collection, of which you'd probably install quite some packages, is no different from what's in any Linux distro.
The only way, I'd say, to mobilize public support needed for 'going outer space' the old-fashioned, exploring way, is when there's another war or semi-war were 'we' need to get 'there' before 'they' do (whoever and where-ever). That, not the spinning off romance, was the reason for the Apollo Project in the first place.
That's also why, contrary to what the article says, it isn't at all surprising that people lost interest, once having beaten the Sovjets to the moon. It has indeed cost huge amounts of money and not all people are fascinated by science fiction.
Is this Fred VanKampen actually Fred van Kempen, who used to do the Linux TCP/IP stack before Alan Cox 'took over'?
I'm sure somebody must have explained what the acronym QA stands for, somewhere earlier in the discussion, but I can't find it. My guess would be Quality Assessment but I can't be sure.
We couldn't possibly celebrate the Internet's 30th birthday without a link to some Internet history stuff now could we... (it's the ISOC's).
Does anybody understand _why_ Unisys persues this? I might understand if they were a tiny setup and just somehow acquired the LZW patent in hopes to become really rich.
But Unisys is a very big player, they do al sorts of things. This gives them a lot of bad press, over (for them) a smallish non-issue! The way I see it it could make more sense to give LZW to the world, in order to get themselves some nice ride-the-open-source-wave publicity.
Of course, if the cash they virtually counted would really stream in, it _would_ probably worthwhile. But there's little chance of that, for reasons named all over this discussion: GIF is becoming outdated about _now_, there are alternatives and it's hard to enforce this anyway.
Info is hardly userfriendly, but fortunately somebody (Przemek Borys from Poland) made a more usable browser for it: pinfo. It feels more or less like lynx.
I have found the LDP docs of _excellent_ quality in cases where I wanted to now a lot about how the system works. Usenet is great if you want to get answers to particular questions, but if you need the whole story then LDP is superb. Since 2.2 it seems that updates have been slower, I think that's exactly the problem which Matt is addressing.
Could it be that with the 'userfriendly' distributions (RedHat, SuSe) nowadays less people are interested in the whole story? That could be another reason for lags in documentation.
I really don't know what the Smithsonian is, _the_ Museum of Technology or something?