So there are positive features to the *BSD splits after all!:-)
Absolutely, and there is absolutely nothing wrong with some duplication of work, here. This is why homogenous environments (think Windows-only or one-UNIX-flavor-only) are simply accidents waiting to happen. Good administrators really should be proficient in three operating systems, and they should find appropriate ways to use each OS in their network.
That suggests that 2% of people routinely check signatures. I assume that less people check the code than check the signatures so... it's probably safe to say that no more than 0.5% of people do.
Yes, but this is all it takes to discover an anomoly. Even if knowledge is initially contained in 2%, or even 0.5%, of users, understand that the knowledge can spread world-wide in just a few hours.
I'd say this system works pretty well, and there are much fewer victims as a result.
People keep harping on about how open source software means that they can trust downloaded source code...
Those people are idiots, who deserve what they get. They are no different than people who still prefer the auto-execute features of MS Outlook.
Everyone, just get into the habit of using `md5` or `sum` or other tools to validate things you download. If you want to be extra careful, you can even validate your install CDs. Sometimes, it isn't a bad idea to download from several sites and compare the results. Just do what you need to do to ensure you are getting the real thing.
Talk about huge generalizations! Closed source software is not "inherently sloppy".
That's why I said "for the most part", which I strongly feel is accurate, and I made sure to mention only "mature" open source software. Of course, there are excellent commercial projects out there, as you've pointed out, and I am certainly not slamming all of them. I surely would hate to use a improperly-done compiler, for example, or see the NYSE crash every ten minutes.
However, commercial software, for the most part, really is sloppy (even many of the really expensive "industrial-strength" packages). I've used many software applications, operating systems, and tools, and have been in and/or seen several software development projects, where the software is just sloppy. It is a fact that much of the software industry employs little or no standards, employee turnover is high, rigorous analysis is not performed, and quality control is an afterthought.
This is why the Department of Defense has set strict standards, and the Software Engineering Institute has published its CMMs. There are other initiatives, too, which attempt to grasp the problems of software engineering. However, industry-wide acknowledgement of these things is sparse, and adoption of their ideas has been slow.
The most fundamental cause is the failure to recognize that good software is difficult and expensive. There really aren't any magic IDEs or widgets that solve these basic issues. It's just a fact that leaves many project managers and programmers in denial.
This is where open source software gains some credibility. Much of it is written by people who aren't bound by schedules nor budgets. The expensive part of the equation just doesn't manifest itself. The difficulty is handled by the projects taking as long as they need to do something. Few commercial projects would have lasted as long as it took Mozilla to get to 1.0, the first real deliverable in several years. It is more likely that a commercial project will be forced to release early or to do more within a inadequate budget (thus, leading to poor quality).
Recently many widely used Opensource applications were backdoored due to an exploit on the website for these applications. Months passed before anyone noticed that the sites were cracked and the applications replaced with backdoored copies.
Curious how I haven't gotten one of these. It must be due to me using a select few websites, and those checksums don't hurt either. The risk of trojans has always existed and will always exist. I think you are trying to make this sound bigger than it really is.
You swallow more 'FUD' from the opensource community than you do from MS, wise up. Just go with what makes sense.
I don't swallow 'FUD'. You'd probably be suprised that my software choices are actually very objective.
The truth is that Microsoft, Netscape, Real and others have produced software that actively phones home about various things, some of which are not desireable (URLs, search strings, downloads). It is much less likely that Mozilla would be able to do anything secretive for long, and trojaned copies are the exception and not the rule.
Quite amusing to see the States now start to reach this level and notice it. Not intended as a putdown, just as a statement - mobile tech is one area where many parts of Europe are still way ahead, very much due to GSM. Things will probably even out in the future.
Not taken as a putdown. Please understand, however, that the U.S. is more rural than Europe. Perhaps in Europe, the success of personal communicators is guaranteed, simply because the population density is nearly 2.5 times that of the U.S. I'm sure there are places in the U.S., such as San Francisco or New York, that could be like this, but these cities are not typical, here.
What good is having the option to look at the source code?
The source code is auditable by anyone who has the interest and initiative. This helps provide assurance that marketing departments and governments aren't looking over your shoulder, and it helps keep the people in charge of Mozilla modest.
The Mozilla programmers will have their pride served back to them on a platter if they are really sloppy. This makes it more likely that Mozilla is popular due to its merits, which is much better than being popular by default.
Closed source software, for the most part, is inherently sloppy. There is much less incentive to make it tidy and well organized for just the sake of it. Slop tends to stick in commercial software for a long time, simply because no one wants to pay for making it better. This is why mature open source software often feels much more sound than comparable closed source software.
That was from a guy I knew in Philly who made 7 figures a year, and that he employed the strategy on all consultant gigs from management, to manufacturing and IT.
So, the lesson here is: To make it big and rich in IT, sell your soul to the Devil, and cheat your way to the top.
Awesome. This honest, stable, and average-paying programming job was getting stale, anyway. Now, where'd I put that back-stabbin' knife...
(just kidding; honest and stable is pretty darn good)
...but the user experience is more important than security to me!
Do you prefer to leave all the doors on your home unlocked, so those darned keys don't spoil your "experience"?
Security is always a set of compromises. Not automatically executing files is one of them, firewalls are another, SSH is yet another.
These compromises are analogous to anything else we do each day out of habit. Take shopping, for example. It is wise to drive defensively, even though it adds a few seconds to the trip. It is wise to put valuables out-of-sight in your car, even though you have to take a few moments to do it. A moment to lock the car doors is good. Putting your wallet in your front pocket or holding tightly onto your purse also helps. Expending effort to ensure your children are safe is essential.
With networked computers, the principles are the same, execpt that the things at stake are slightly different (but no less valuable).
In time (perhaps a long time), our society at large will develop defensive habits for network use that mirror the other "real life" habits we all take for granted. Unfortunately, Microsoft has set us back several years, but their influence will certainly fade. That's when the Internet will have matured, and we most definitely won't need Palladium to get us there.
...but Mozilla is a "1.0" release, and from a security perspective, it's usually better to go with a more mature application.
Yes, but Mozilla was leading up to 1.0 for years. It really is a mature application, as applications go, so most of the "gross" holes probably have been addressed. The remaining holes fall under the law of diminishing returns, where there are certainly some, but they will found less frequently as time passes. In this regard, Mozilla and IE are on equal footing.
Also, Mozilla gives quite a bit of flexibility concerning cookies and JavaScript, so I would believe that whole classes of bugs wouldn't be exploitable, simply because I allow cookies only to sites that have earned my trust, for example. Now, if per-site JavaScript control is incorporated into a later release of Mozilla, that will be the icing on the cake.
Has anyone out there studied whether IE acts as spyware, where it "phones home" browsing habits or search strings?
Ultimate control over who knows what could be an enormous advantage of Open Source browsers, such as Mozilla, and would make a much stronger argument against IE.
I suppose this could even be applied to Mozilla vs. Netscape, because it is always possible that Netscape could add spyware, too.
Bzzt. You are misled, and I disagree entirely. UNIX is successful among the engineering community and the tech savvy/tech weenie crowd only.
I really don't think so. My main point is about the continuum of possibilities that UNIX offers. It can satisfy the tech weenies, but, especially as GNOME and KDE continue to mature, the non-weenies can be accomodated, too. This is one reason why Sun has adopted GNOME and is a reason why Microsoft truly views Linux as a competitor. One day, there will be a Linux distribution as easy as Windows and Mac OS. It clearly isn't here, yet, but all the trends I see make it a near certainty.
First, are there application or user experience standards for KDE, Gnome, X, or command line apps?
POSIX standardized the CLI and many UNIX tools. X Windows is standardized (www.x.org). CDE and Motif are standardized. KDE and GNOME, I guess, largely write their own standards but only after Bazaar-style deliberation. Application designers do follow the guidelines for each standard; the difference, here, is that there are multiple standards rather than the one for Microsoft or Apple.
Second, how many open source projects have done a usability study...
Sun has performed some usability studies for GNOME.
If you want me to move back to using linux as my main desktop machine, you need to make it much easier to install and configure the OS, the desktop, and all of the applications.
I think what you find lacking are wizard-type interfaces like Windows tries to do. Since each Linux distribution is unique, the responsiblity of providing them lies mostly on the distributors. Red Hat and others have made progress in ease of use, but they do need more time to mature.
Having different Linux distributors is definitely not a bad thing along these lines, since the user-friendly Linux distributions tend to feel a lot like Windows in bloat and behavior. For users who have grown to not need this bloat, they can move on to Slackware, for example. It's just that distributors like Red Hat still have a ways to go to truly replace Windows or Mac OS for most end-users.
2. design the gui for a 3 year old -- make the boot screen look more like palm o/s
What if you are older than three years old?
3. screw power users -- you want power-user mode, boot to an ANSI console (root doesn't get a gui)
If power-user-mode is totally separate, then how does one learn to become a power user?
The reason UNIX has been so successful and will continue to be successful, is that nearly all special cases can be met. It allows newbies to start with graphical file managers and menus, who , over time, frequently grow up to vi and shell scripts. There is no newbie-mode vs. power-mode; rather, it is a continuum from one extreme to the other.
I LOVE the idea of aliases. I could save so much time. But I refuse to let myself use them for fear that someday (it wouldnt take long) I would run an alias in a pipeline that doesnt exist and destroy a filesystem, or something as horrible.
Another reason why I don't use aliases is that they simply aren't universal. I move between four different UNIX environments, and it just isn't practical to try to sync all the customizations. It is generally just better and safer to take a quick look at man pages to figure out what command-line options to use at the moment. It really isn't cumbersome as part of a routine, and, as a bonus, I've learned quite a bit about BSD vs. System V.
It would have been much faster to resintall and point the installer to the same directory. You would not have lost your configurations. Furthermore, in Win2k you can mount a directory to a drive letter as well. Also I beliebe Lavasoft [lavasoft.de] has an 'advanced' registry editor freeware prog called 'reghance.' I have not used it but that could help you.
Thanks for the info, but my Windows installation is so old and rickety that I just try to prop it up as best I can. Also, I have a second hard drive with Slackware and GNOME all primed up, and I'm working on replacing each Windows application as I learn how. I've been suprisingly successful, so it won't be much longer before I can perform the final "fix" and put the Windows drive onto a shelf.
Besides, if I'm paying more for the damn thing, I would expect it to be a little more stable than the one put together by voulenteers
Uh, have you ever worked on commercial software?
Linux and the free BSDs are not bound to marketing departments, tight budgets, irresponsible deadlines, and high turnover. Nearly all commercial software, including Windows, is dominated by these things.
Unlike hardware, in software you do not often get what you pay for.
I've since deleted my SunPCI's HD image but I once installed three spyware laden P2P file stealing programs on it in one day.
Nothing like a hardware sandbox for programs you don't trust.
SunPCi is really slick for this. I even run the sunpci command su-ed to a powerless user account. Windows can read but it can't write to my home directory, so I can actually run Windows without the paranoia that typically comes with it.
FYI: An install of MSFT Visual Studio adds 4 MB to the windows9x registry.
I wonder what Office adds. Recently, my Windows box decided it was tired of its drive letters and remapped D: (for no good reason). Of course the Registry doesn't have regular expressions nor global replace, so I had to manually update hundreds, perhaps even a thousand, entries just for Office alone.
I really despise Windows. At least with UNIX, all the time I spend fighting it is time spent actually learning something. With Windows, time spent fighting it is just time wasted.
Are both the artist and scientist manifestations of two sides of a coin?
Of the people I've known, a brilliant scientist and a brilliant artist are most frequently found in the same person. It really isn't two sides of something but two different words for the same thing.
It is unfortunate that our culture has separated art and science, because both are manifestations of knowledge, critical thinking, and ingenuity. For example, Ludwig van Beethoven and Sigmund Freud each had profound insight into human psychology, but they employed different vocabularies and reached different audiences.
Re:What nintendo etc needs to do to END illegal ro
on
Borrowing ROMs
·
· Score: 2
License a user-built emulator, re-rip every cart for your system, and offer them for sale.
Exactly. That way Nintendo can offer something that is better than free. Now, if the music industry could just find a way...
So there are positive features to the *BSD splits after all! :-)
Absolutely, and there is absolutely nothing wrong with some duplication of work, here. This is why homogenous environments (think Windows-only or one-UNIX-flavor-only) are simply accidents waiting to happen. Good administrators really should be proficient in three operating systems, and they should find appropriate ways to use each OS in their network.
That suggests that 2% of people routinely check signatures. I assume that less people check the code than check the signatures so ... it's probably safe to say that no more than 0.5% of people do.
Yes, but this is all it takes to discover an anomoly. Even if knowledge is initially contained in 2%, or even 0.5%, of users, understand that the knowledge can spread world-wide in just a few hours.
I'd say this system works pretty well, and there are much fewer victims as a result.
People keep harping on about how open source software means that they can trust downloaded source code...
Those people are idiots, who deserve what they get. They are no different than people who still prefer the auto-execute features of MS Outlook.
Everyone, just get into the habit of using `md5` or `sum` or other tools to validate things you download. If you want to be extra careful, you can even validate your install CDs. Sometimes, it isn't a bad idea to download from several sites and compare the results. Just do what you need to do to ensure you are getting the real thing.
Talk about huge generalizations! Closed source software is not "inherently sloppy".
That's why I said "for the most part", which I strongly feel is accurate, and I made sure to mention only "mature" open source software. Of course, there are excellent commercial projects out there, as you've pointed out, and I am certainly not slamming all of them. I surely would hate to use a improperly-done compiler, for example, or see the NYSE crash every ten minutes.
However, commercial software, for the most part, really is sloppy (even many of the really expensive "industrial-strength" packages). I've used many software applications, operating systems, and tools, and have been in and/or seen several software development projects, where the software is just sloppy. It is a fact that much of the software industry employs little or no standards, employee turnover is high, rigorous analysis is not performed, and quality control is an afterthought.
This is why the Department of Defense has set strict standards, and the Software Engineering Institute has published its CMMs. There are other initiatives, too, which attempt to grasp the problems of software engineering. However, industry-wide acknowledgement of these things is sparse, and adoption of their ideas has been slow.
The most fundamental cause is the failure to recognize that good software is difficult and expensive. There really aren't any magic IDEs or widgets that solve these basic issues. It's just a fact that leaves many project managers and programmers in denial.
This is where open source software gains some credibility. Much of it is written by people who aren't bound by schedules nor budgets. The expensive part of the equation just doesn't manifest itself. The difficulty is handled by the projects taking as long as they need to do something. Few commercial projects would have lasted as long as it took Mozilla to get to 1.0, the first real deliverable in several years. It is more likely that a commercial project will be forced to release early or to do more within a inadequate budget (thus, leading to poor quality).
Flamebait? Surely, you can do better than that! Perhaps "Redundant" is better, because I really only state the obvious, anyway.
Recently many widely used Opensource applications were backdoored due to an exploit on the website for these applications. Months passed before anyone noticed that the sites were cracked and the applications replaced with backdoored copies.
Curious how I haven't gotten one of these. It must be due to me using a select few websites, and those checksums don't hurt either. The risk of trojans has always existed and will always exist. I think you are trying to make this sound bigger than it really is.
You swallow more 'FUD' from the opensource community than you do from MS, wise up. Just go with what makes sense.
I don't swallow 'FUD'. You'd probably be suprised that my software choices are actually very objective.
The truth is that Microsoft, Netscape, Real and others have produced software that actively phones home about various things, some of which are not desireable (URLs, search strings, downloads). It is much less likely that Mozilla would be able to do anything secretive for long, and trojaned copies are the exception and not the rule.
Moderation Totals: Overrated=1, Total=1.
Thanks for looking out for me!
Quite amusing to see the States now start to reach this level and notice it. Not intended as a putdown, just as a statement - mobile tech is one area where many parts of Europe are still way ahead, very much due to GSM. Things will probably even out in the future.
Not taken as a putdown. Please understand, however, that the U.S. is more rural than Europe. Perhaps in Europe, the success of personal communicators is guaranteed, simply because the population density is nearly 2.5 times that of the U.S. I'm sure there are places in the U.S., such as San Francisco or New York, that could be like this, but these cities are not typical, here.
Would you rather have 500 locks on your door, and require a key for each? Or just one single lock?
The key word, here, is "compromise."
What good is having the option to look at the source code?
The source code is auditable by anyone who has the interest and initiative. This helps provide assurance that marketing departments and governments aren't looking over your shoulder, and it helps keep the people in charge of Mozilla modest.
The Mozilla programmers will have their pride served back to them on a platter if they are really sloppy. This makes it more likely that Mozilla is popular due to its merits, which is much better than being popular by default.
Closed source software, for the most part, is inherently sloppy. There is much less incentive to make it tidy and well organized for just the sake of it. Slop tends to stick in commercial software for a long time, simply because no one wants to pay for making it better. This is why mature open source software often feels much more sound than comparable closed source software.
That was from a guy I knew in Philly who made 7 figures a year, and that he employed the strategy on all consultant gigs from management, to manufacturing and IT.
So, the lesson here is: To make it big and rich in IT, sell your soul to the Devil, and cheat your way to the top.
Awesome. This honest, stable, and average-paying programming job was getting stale, anyway. Now, where'd I put that back-stabbin' knife...
(just kidding; honest and stable is pretty darn good)
...but the user experience is more important than security to me!
Do you prefer to leave all the doors on your home unlocked, so those darned keys don't spoil your "experience"?
Security is always a set of compromises. Not automatically executing files is one of them, firewalls are another, SSH is yet another.
These compromises are analogous to anything else we do each day out of habit. Take shopping, for example. It is wise to drive defensively, even though it adds a few seconds to the trip. It is wise to put valuables out-of-sight in your car, even though you have to take a few moments to do it. A moment to lock the car doors is good. Putting your wallet in your front pocket or holding tightly onto your purse also helps. Expending effort to ensure your children are safe is essential.
With networked computers, the principles are the same, execpt that the things at stake are slightly different (but no less valuable).
In time (perhaps a long time), our society at large will develop defensive habits for network use that mirror the other "real life" habits we all take for granted. Unfortunately, Microsoft has set us back several years, but their influence will certainly fade. That's when the Internet will have matured, and we most definitely won't need Palladium to get us there.
...but Mozilla is a "1.0" release, and from a security perspective, it's usually better to go with a more mature application.
Yes, but Mozilla was leading up to 1.0 for years. It really is a mature application, as applications go, so most of the "gross" holes probably have been addressed. The remaining holes fall under the law of diminishing returns, where there are certainly some, but they will found less frequently as time passes. In this regard, Mozilla and IE are on equal footing.
Also, Mozilla gives quite a bit of flexibility concerning cookies and JavaScript, so I would believe that whole classes of bugs wouldn't be exploitable, simply because I allow cookies only to sites that have earned my trust, for example. Now, if per-site JavaScript control is incorporated into a later release of Mozilla, that will be the icing on the cake.
Has anyone out there studied whether IE acts as spyware, where it "phones home" browsing habits or search strings?
Ultimate control over who knows what could be an enormous advantage of Open Source browsers, such as Mozilla, and would make a much stronger argument against IE.
I suppose this could even be applied to Mozilla vs. Netscape, because it is always possible that Netscape could add spyware, too.
Bzzt. You are misled, and I disagree entirely. UNIX is successful among the engineering community and the tech savvy/tech weenie crowd only.
I really don't think so. My main point is about the continuum of possibilities that UNIX offers. It can satisfy the tech weenies, but, especially as GNOME and KDE continue to mature, the non-weenies can be accomodated, too. This is one reason why Sun has adopted GNOME and is a reason why Microsoft truly views Linux as a competitor. One day, there will be a Linux distribution as easy as Windows and Mac OS. It clearly isn't here, yet, but all the trends I see make it a near certainty.
First, are there application or user experience standards for KDE, Gnome, X, or
command line apps?
POSIX standardized the CLI and many UNIX tools. X Windows is standardized (www.x.org). CDE and Motif are standardized. KDE and GNOME, I guess, largely write their own standards but only after Bazaar-style deliberation. Application designers do follow the guidelines for each standard; the difference, here, is that there are multiple standards rather than the one for Microsoft or Apple.
Second, how many open source projects have done a usability study...
Sun has performed some usability studies for GNOME.
If you want me to move back to using linux as my main desktop machine, you need to make it much easier to install and configure the OS, the desktop, and all of the applications.
I think what you find lacking are wizard-type interfaces like Windows tries to do. Since each Linux distribution is unique, the responsiblity of providing them lies mostly on the distributors. Red Hat and others have made progress in ease of use, but they do need more time to mature.
Having different Linux distributors is definitely not a bad thing along these lines, since the user-friendly Linux distributions tend to feel a lot like Windows in bloat and behavior. For users who have grown to not need this bloat, they can move on to Slackware, for example. It's just that distributors like Red Hat still have a ways to go to truly replace Windows or Mac OS for most end-users.
1. limit all fonts to a 24 point minimum
What if you are using a low resolution display?
2. design the gui for a 3 year old -- make the boot screen look more like palm o/s
What if you are older than three years old?
3. screw power users -- you want power-user mode, boot to an ANSI console (root doesn't get a gui)
If power-user-mode is totally separate, then how does one learn to become a power user?
The reason UNIX has been so successful and will continue to be successful, is that nearly all special cases can be met. It allows newbies to start with graphical file managers and menus, who , over time, frequently grow up to vi and shell scripts. There is no newbie-mode vs. power-mode; rather, it is a continuum from one extreme to the other.
How often do shell replacements break applications that are expecting the original?
I LOVE the idea of aliases. I could save so much time. But I refuse to let myself use them for fear that someday (it wouldnt take long) I would run an alias in a pipeline that doesnt exist and destroy a filesystem, or something as horrible.
Another reason why I don't use aliases is that they simply aren't universal. I move between four different UNIX environments, and it just isn't practical to try to sync all the customizations. It is generally just better and safer to take a quick look at man pages to figure out what command-line options to use at the moment. It really isn't cumbersome as part of a routine, and, as a bonus, I've learned quite a bit about BSD vs. System V.
It would have been much faster to resintall and point the installer to the same directory. You would not have lost your configurations. Furthermore, in Win2k you can mount a directory to a drive letter as well. Also I beliebe Lavasoft [lavasoft.de] has an 'advanced' registry editor freeware prog called 'reghance.' I have not used it but that could help you.
Thanks for the info, but my Windows installation is so old and rickety that I just try to prop it up as best I can. Also, I have a second hard drive with Slackware and GNOME all primed up, and I'm working on replacing each Windows application as I learn how. I've been suprisingly successful, so it won't be much longer before I can perform the final "fix" and put the Windows drive onto a shelf.
Besides, if I'm paying more for the damn thing, I would expect it to be a little more stable than the one put together by voulenteers
Uh, have you ever worked on commercial software?
Linux and the free BSDs are not bound to marketing departments, tight budgets, irresponsible deadlines, and high turnover. Nearly all commercial software, including Windows, is dominated by these things.
Unlike hardware, in software you do not often get what you pay for.
I've since deleted my SunPCI's HD image but I once installed three spyware laden P2P file stealing programs on it in one day.
Nothing like a hardware sandbox for programs you don't trust.
SunPCi is really slick for this. I even run the sunpci command su-ed to a powerless user account. Windows can read but it can't write to my home directory, so I can actually run Windows without the paranoia that typically comes with it.
FYI: An install of MSFT Visual Studio adds 4 MB to the windows9x registry.
I wonder what Office adds. Recently, my Windows box decided it was tired of its drive letters and remapped D: (for no good reason). Of course the Registry doesn't have regular expressions nor global replace, so I had to manually update hundreds, perhaps even a thousand, entries just for Office alone.
I really despise Windows. At least with UNIX, all the time I spend fighting it is time spent actually learning something. With Windows, time spent fighting it is just time wasted.
Are both the artist and scientist manifestations of two sides of a coin?
Of the people I've known, a brilliant scientist and a brilliant artist are most frequently found in the same person. It really isn't two sides of something but two different words for the same thing.
It is unfortunate that our culture has separated art and science, because both are manifestations of knowledge, critical thinking, and ingenuity. For example, Ludwig van Beethoven and Sigmund Freud each had profound insight into human psychology, but they employed different vocabularies and reached different audiences.
License a user-built emulator, re-rip every cart for your system, and offer them for sale.
Exactly. That way Nintendo can offer something that is better than free. Now, if the music industry could just find a way...