I've got a lot of other problems with debian which prevent me from using it. However, their security track record is not really one of them. Given the huge project with a very large number of machines and developers, and their long track record with very few incidents, I don't think it's fair to pick too much on this one.
That, and Gentoo is hardly immune to this sort of thing either.
Yes. But it really really sucks. A lot. If you're a major control freak (or just like avoiding auto-updates and such) you could probably go that route. Useful for people on dialup... download important updates, maybe dump them to a jumpdrive or burn a cd when you've got a couple of them.
I think they also do monthly iso-images that are just compilations of all the update installers in a given month, for the same reason -- not everyone's got a good net connection at home.
i think this company might have a shot to dethron the current king of control panel.(cpanel)
They're not selling a control panel to other places. They're marketing it as a competitive advantage for themselves -- a reason to use their service.
I'd bet on one or more of the following: (1) The backend to their panel is a hairy mess, and not of the quality that they would be willing to stake their reputation on it without having exclusive administrative control of it. (2) The options and setups are hacked up in such a way that they are very specific to that host's configuration -- ie, it would be basically impossible to package and sell their panel to other providers. (3) Possibly because of 1 and/or 2, they feel that it's going to be more profitable to keep their panel a proprietary selling point for their service, rather than selling their panel itself -- that is, the hosting market is more lucrative than the software development market.
Any one of those would be a compelling reason to pursue their current business model, selling access to their panel as part of their service, rather than entering the software sales business.
But within the role of service provider, they're extremely limited in scope. There's no way even a majority of people on other providers are going to migrate to their service. So no, they're not going to dethrone cpanel. They're not even playing in the same arena. They're just finding creative ways to save money -- paying python and ajax developers for an in-house solution rather than paying cpanel (and that's just fine -- more in-house apps means more jobs for developers, and more variety in applications).
I concur. This is a pretty pointless feeling article to me.
I mean... yeah, cpanel isn't much fun, neither is plesk or ensim. But that software is at least interesting.
This would be the equivalent of Dreamhost posting a story demoing their "one-click installs" of... well, the same standard-fare software. The only remotely interesting thing here is that he went through the trouble of encoding the video in ogg+theora.
Don't get me wrong, there's a LOT of room for improvement in the server control panel realm. But this story... isn't an answer to that. It's not a "here's our cpanel-competitor, and it's totally F/OSS and integrates with 4 major distro-families"... it's "here's our cpanel-competitor, this and more is available if you switch to our super-nifty hosting service".
Just fyi, all it took to scratch a first-revision nano was a moderately soft fabric -- softer than the material that makes up the pockets of most pants would do it. I don't know if that's still the case, but... it was pretty trivial to scuff up those things. I was pretty surprised seeing just how easy it was to scratch.
Just because there's an easy solution doesn't mean it's not a problem.
People living in an office workflow don't often have the background to understand and use version control paradigms, particularly copy-modify-merge.
People who are used to "working with computers" (most of slashdot, as opposed to the "working, with computers!" type) have trouble understanding just how much of an understanding gap can exist between one type of user and the other.
As far as version control of office docs, yeah, you can use subversion, but for most people working with them, sharepoint's going to be less of a problem, precisely because it uses the slightly more intuitive lock-modify-unlock paradigm instead of copy-modify-merge. I hear that sharepoint 2k7 rolls in CMS server too, which might help a bit more. Maybe svn on apache2 with webdav is the right answer? Maybe sharepoint 2k7 is the right answer? But any answer that involves dropping more than half a page of required reading to get the team up to speed on using it is probably going to be left curbside by next weekend while whatever broken model they're getting by with continues to hobble by.
The "true" alias is a direct mapping back to me. You could google it and along there find more than enough information to find out who I really am (and where I live, and what my phone number is, and how best to reach me, and a big chunk of the history of the last 4 or so years of my life).
In a sense, that's the very definition of an alias. Another name for the same thing (me, in this case).
On the other hand, there exist names which are mine, but which do not lead to me. These names are "false" aliases, in that while they belong to the same person as my "real" aliases, they aren't traceable to me in any sane way (I guess ip addresses, but switching on TOR would get around that pretty quickly, and places that I use those aliases I don't use "real" ones anyway).
If you want to know who I am, you don't have to look very hard. But if you want to know who one of those unmapped aliases is, you'll be at quite a loss. I think that's the general meaning of a "false alias" -- albeit a badly defined term.
Maybe "misleading alias" would be more appropriate?
If they're learning java and python, they're not getting "details of compiling, linking, stripping and so forth" anyway.
I'm a big fan of teaching with an IDE for most oo languages, because popup lists of member variables and autocompletion is a great tool when you're not 100% confident of every language feature around.
If you can't tell if you're free or not, are you really free?
Yes, you can be! You can't perceive your own freedom until you have something to compare it with or something that changes it. Consider the degree to which you're free as a frame of reference... if there's nothing changing it, you couldn't determine the extent to which it's there.
We can compare our own freedom to the relative lack of freedom slaves of the atlantic slave trade era had. We can also detect when things infringe on freedoms we enjoy -- for example, when laws are passed restricting free speech. Even more, we can hypothesize about not having such freedoms (see also: 1984).
But if we're all equally free, and don't have reminders of that freedom (ie: history, fiction), then we won't be aware of it. Further, even with reminders, when those reminders aren't salient, we will take our freedom for granted, the same way we take breathing for granted when we don't have trouble doing it.
Back on topic, the core question is: "is a livecd a program (under section 2 of the gpl), or is it a mere aggregation of independent and interdependent programs?"
If it's a program, then it's subject to those and all sorts of other restrictions, and the person "building" it needs to assert copyright and assign GPL license terms to every piece of software on the cd (according to GPL section 2). But if it's an aggregate, then he doesn't. That's really what it comes down to: is a livecd a program or isn't it?
Re:I'm the only GNU/Linux user in the office
on
Why Windows is Slow
·
· Score: 1
If you were behind a firewall (including good software firewalls) or ahead of the game, you'd have missed out on the big autorooters (slammer, blaster, nachi).
If you're not running IE for your normal internet usage, you'd miss out on a whole host of enjoyable exploits.
If you're running windows in a sane way, viruses and spyware aren't a big problem. And with the relative wealth of gratis security software out there (in the personal firewall side, the antivirus side and antispyware utils), with automatic updates, it's quite possible to completely avoid the whole virus scene.
There's nothing terribly special about running Windows and not having virii. It's easy to skew our perceptions of this based on how incredibly many people simply shouldn't be allowed to be admin of their own systems.
While it's despicable that every OS and every piece of network-related software (and most others too) comes out horribly broken, and everything has to be constantly patched, and it's even more terrible for those on slow network connections (patching to winxp-sp2 over 33.6 dialup would be a nightmare), that's just the state of things right now. Exploit-finding utilities, secure coding practices, and idiot-resistant languages are all important steps in resolving that state of affairs, both in the Windows world and the sphere of FOSS.
I think the best thing Gentoo does in/etc is the utility rc-update. It's the most sane init/runlevel interface I know.
Totally agree.
A buddy of mine is using my debian test box to develop a system management interface. He's coming from a strong fedora/redhat background, so he's familiar with the numerical runlevel model. But he's also familiar with the chkconfig utility to change what runs at a given runlevel, and the "service" interface to interface init scripts.
Now, I'm not great with debian, but so far the only thing I've found to approximate it from the cli is an ncurses-based utility, or manually changing the symlinks.
I'd say that chkconfig gives you a very complete interface, if not the most flexible or intuitive one... but being able to arbitrarily define runlevels is at very least a lot more flexible. And debian's apparent lack of any sort of cli interface for that is just... pretty mind-boggling.
Imagine what happens when libpng4 comes out - every program using libpng must be rebuilt to get the new features, so you've only sidestepped the problem.
Only if it breaks api compatibility with the previous version. Otherwise, that's what dynamic linking is for, isn't it?
Having multiple versions of libraries installed isn't a big deal either, unless you're tight on space. And if you're tight on space the idea of compiling large applications probably isn't something you'd appreciate anyway!
Right on... openoffice 2 spooled out to fill 8 gigs of free space when I tried to compile it with "nostrip" and with debug symbols. The linux kernel source, unpacked, weighs in around 230 megs, where the binary.deb for 2.6.15 is somewhere closer to 16 megs. Sure, you don't get the ultra-lean heavily-tuned kernel that you'd get building from source, but it certainly works.
Personally, I think the big benefits of running gentoo over debian are things like... the runlevel abstraction system, the ability to turn on and off features with more freedom, and the simple slickness of portage. Oh, and a very helpful and newbie-friendly community.
On the other hand, I'd say on a p4 3ghz desktop system with a very large software set, I'm probably averaging 2-3 hours a week of compiling for various updates, my debian and fc4 boxes spend more like 5-10 minutes a week downloading and unpacking them. But, if you're halfway decent at scheduling and don't have constant insanely-high demand everywhere, I'd say that update time isn't even a particularly big deal (after all, it's mostly non-interactive... fire it, forget it, come back when it's done).
Flash in and of itself is both harmless, and a huge problem solver for the embedded-video issue.
It's misuses of flash, in the context of the broken IE ActiveX model that open at least one set of floodgates for spyware.
And there's such mind-boggling headaches getting people to be able to reliably play video in any other format. Post a.mov, and now I've gotta sell my soul to apple to play it on a winbox, and what do I do about an embedded mov in linux?
WMV will draw the linux crowd's ire, too... and doesn't play very nicely with most alternate browsers. Not to mention it also has serious issues in osx.
Flash is installed on something like 95% of computers on the internet, and works in the big three (windows, linux, os-x -- in fact, I use it in all three). If you don't have it, you can lord your little five-percenter club over everyone else, and miss out on a whole world of good things that selectively allowing certain instances of flash brings. And for those that flash isn't good for... that's why adblock and flashblock firefox extensions exist.
So about 3 and a half years ago, I got myself a laptop (ibook g3-700). I wanted to be able to write philosophy and psych papers and do CS programming assignments anywhere I was.
The semester after I got it, I used it for EVERYTHING. I was taking notes on it, working on homeworks and projects, writing papers... the whole bit. It was great... even the coffee shops and some of the restaurants off campus have wireless, so you could do just about anything anywhere.
But as I used it, I slowly came to grips with a simple fact: when the laptop is out, there's more interesting things to do than pay attention to most professors. Sure, there's the rare exception where the prof's really interesting, or I'm really into the material... but for the most part, I'd follow random digressive thoughts (that on paper would be a note to look into later), and stop paying attention to the prof.
Last semester, after five semesters of using it for every class, my laptop ran into hardware problems. It's well out of warranty, and would be nontrivial to repair or replace. So I stopped using it, transferred my data off of it, and I grabbed a tablet of paper. The latter half of that semester, and all this semester so far without it, I've found I take better notes in class, I follow the material and discussions better in general and I'm more into the subject matter at hand. I think that not carrying my laptop has a significant bit to do with this, and I find myself not really missing the perpetual interruption (and REALLY not missing the five extra pounds in my backpack).
I think this invasion of technology into activities that don't require it is a terrible thing. It's way too easy, on a campus with ubiquitous wireless, to find something more interesting than the prof or the course material, and takes a LOT of self-discipline to skip that temptation in favor of actually devoting all of your attention to a topic.
I'd like to see a counter-insurgency: profs banning laptops and newspapers in their classes, to drag people into paying attention and taking notes. After all, if you're surfing the net or doing the latest crossword, you might as well not be there anyway.
If you want to pursue the "software life"... that is, you want to go after the apple/microsoft/ibm/novell brass rings and be a career programmer, then you're on the right track... hunt for programming internships, if you can't find them, hunt for programming jobs, and if you can't find them either then polish your skills by adopting a favorite open source project and working on it. Developing your abilities with real-world production code is definitely a plus, and a nice resume-builder if nothing else.
On the other hand, if you want to aim for an academic's path (ie: you want to go on to grad school pursuing a doctorate degree and doing research in the field), internships are pretty useless. Look for research opportunities. I know at my university, we've got an REU program (research experiences for undergrads) that are very popular, and both meet the suggested "don't spend the summer doing nothing" and "get experience" goals. It's a program sponsored by the NSF, and is apparently pretty popular around the country, and comes highly recommended. Oh, and the pay isn't terrible, as an extra bonus.
The nice thing about the academic paths -- undergrad research for a prof, REU programs, etc -- is that they end up working toward either goal. Getting an internship or getting a normal job may work toward the couple years of experience most places want for their better positions... but it's not going to get you into the PhD program at very many places, or enrich the depth and breadth of your knowledge and interest in the subject by a whole lot either. After all, when you spend a summer making copies and getting coffee... it doesn't really amount to _real_ work experience.
Anyway, think about things from the perspective of what doors they open. But be quick about it... there's a LOT of summer REU deadlines that are coming up in the next 3 days or so!
I think you're confusing "computer science" with "software engineering". In either case, neither is as easy as you seem to think.
Being a double major in compsci and psychology, having started in mechanical engineering, sampled electrical engineering and physics and philosophy and math, I'm comfortable (and qualified) to say that computer science, when taught at a reputable university, is very nearly as challenging and demanding as major disciplines in engineering, and quite a bit more demanding than the vast majority of liberal arts disciplines.
What you're probably bemoaning, however, is the lack of software engineering principles in corporate software development. That's a whole different animal than what classes you take in college (considering that a majority of professional developers today don't have college degrees in either computer science or software engeering, or indeed any relevant field).
The whole issue revolves not around whether we can understand bee flight or not. For science, this is just a reduction of an attack surface, and an interesting discovery.
How does this relate to ID?
Intelligent Design supporters who attack science with the article's argument "Science doesn't know how bees fly" attack it with an ad hominem argument.
Here's the argument, simplified: Science claims that life evolved on its own. Science isn't perfect. Therefore, the universe didn't evolve on its own.
Boiled down like that, it's pretty classic ad hominem form: A believes B, there's something wrong with A, so B is wrong.
Note that this does NOT indicate ANYTHING for or against ID's beliefs proper, nor does it support or reject evolution (and in fact, drawing a conclusion about ID based on this finding would be another ad hominem). Our capacity to understand bee flight is completely unrelated to how bees came to be able to fly, or whether such a thing is capable of developing from simpler forms of flight or if they have to be guided into existence by an unseen hand.
What's most interesting to me (from the realm of infosec, anyway) is the idea that the ID camp has set itself up as an adversary to science, and in constructing these arguments is essentially doing penetration testing: find a hole, exploit it for a short while, watch the scientific community close the hole. Ultimately, ID may be serving in some small way to motivate the advance of science, despite its stated goal of discrediting the whole scientific institution. This may be taken as a commentary on the relationship between attackers and defenders in general: having an adversary makes you grow stronger than not having one.
When I first started using RSS, I subscribed to yahoo, cnn (about 4 of their feeds), and abcnews news feeds. I was thinking, "I'll get multiple perspectives on major stories, and make comparisons". Ahh, the starry-eyed idealism of ignorance...
Then I learned the truth. The spin happens at journalist-time -- the talking heads (or the writers behind the talking heads, whatever) get their news from the same Associated Press feed, and spin it their own way. In internet-land, there's no talking head -- just the AP story (and inherently the bias of the original AP journalist).
If you're looking at AP news stories online, everyone is just reposting the sameexactstoryverbatimanyway. And generally non-AP topics don't get covered by many different perspectives.
thing is, all of those distros use the same software base. Redhat, Ubuntu, *BSD, they're all host to apache, samba, bind, openssh, php, gcc... they're all essentially the same, once you get past package management, the kernel and the c libraries.
If you want to count "OS" flaws, you need to remove ALL the third-party apps. That means in linux, you'd JUST be counting the flaws in the kernel and glibc, and in BSD only the core system as well. And those aren't even going to be distro-specific.
While you're right that it's probably not fair to shove os-x vulns in with the unix/linux category (os-x is its own unique animal and has a lot of things that no other *nix has) I think it is fair to mash together the F/OSS nixes. Or at least to mash together their non-os-specific parts.
Of course, these comparisons are inherently unfair, if they're used as a metric for "which OS is more secure". That's become something of a moot point. No matter how someone calculates their metrics, someone or another is going to be displeased with their methodology. What's more interesting, and more to the point, is the sheer number of vulns found across the board, and that's the whole point of the story.
Developers, including myself, have a tendency to spend time learning admin skills, while ignoring powerful stuff that would actually make us better programmers:-(
When I first started as a sysadmin, my devs all had admin access, root on the servers, etc. They spent so much time flailing trying to figure out how to do administrative things they shouldn't have been dealing with that they had trouble doing their jobs.
Now, they don't have root. I keep the systems running and happy and handle the things that they're totally clueless on (or just shouldn't be trusted with) while they write the code and the papers that keep getting us our research grants, and everyone is happy.
MySQL's got three big great things going for it: raw disgusting speed, relative simplicity to set up and administer, and the whole dual-license thing. Oh, and with innodb and with the 5.0 release, very nearly everything in the "technically superior" category (as far as most people are concerned) is covered. A lot of the things people bash mysql for are really complaints about the shortcomings of MyISAM instead. Oh, and don't forget that SO many websites and open source tools are built on top of the LAMP stack... and people wonder why it's talked about so much? Really, what's not to like?
Postgresql has relative simplicity to set up and maintain, but I don't think is quite as straightforward as mysql. And, as far as I've been able to tell, the speed just isn't there. We all love BSD licensing, and it still has some technical strengths over mysql, but the biggest issue is still speed, and all the benches I've seen still put mysql ahead on that one. (Besides, who's ever heard of the "LAPP" stack, and does it have something to do with strippers?)
Oracle, on the other hand, is already pretty fast and scalable, but non-free, non-f/oss, and generally an order of magnitude or two more complex to set up and maintain. In an organization large enough to have a dedicated database administrator, it's great, but it's not really suitable to be the database behind something like my weblog, or behind a small business's basic website.
I wouldn't, however, get all stuffy about 'no viruses on the Mac'... an awful lot of their code is closed, so it's hard to know how good it is. They were still doing some pretty dumb security-related things when OSX first shipped (the last time I truly spent time digging into the system), and I'm not at all sure they're as paranoid as they should be.
I'm counting something like 20 vulnerabilities this year alone on secunia in the "highly critical" or "extremely critical" categories.
It may be *nix. But it's no OpenBSD. And even if it were openbsd, it'd still be far from perfect.
on the other hand, if an app wants to write to your homedir/dotfiles instead of sticking itself in system locations, it can do it. How many of the "it just works, I like it" crowd have EVER looked at what dotfiles live in their home directory?
Most spyware comes from one of two places: renegade ActiveX or piggyback installations.
While the mac and *nix platforms don't have activeX to worry about, nothing's preventing people from bundling mac spyware with otherwise useful apps, and if the app brings something that people want, they'll ignore the stuff that comes with it. How do you think Gator operates?
It's just that nobody's decided to go after the mac market trying to turn shareware into adware or negotiating bundle deals, or even learning to write mac malware yet. Maybe that's the "excellence" you're talking about. But there's a big emphasis to be put on the "yet" part of that.
The mac platform is not without its security holes, and those things that compromise a high privilege process don't NEED to prompt you to install themselves everywhere.
if you've got cube-space (some do, some don't), consider rearranging so the monitor faces away from the entryway. Those sneaky users might be be able to evade your headphone/carpet-obscured hearing, but they damned sure won't get far enough to see what's on your screen without you seeing them coming well in advance.
Of course, then there's the guy on the other side of the back wall, or on the side walls. But a big hutch and a couple plants should keep that from being an issue as well.
Slashdot Mirror
I've got a lot of other problems with debian which prevent me from using it. However, their security track record is not really one of them. Given the huge project with a very large number of machines and developers, and their long track record with very few incidents, I don't think it's fair to pick too much on this one.
That, and Gentoo is hardly immune to this sort of thing either.
Yes. But it really really sucks. A lot. If you're a major control freak (or just like avoiding auto-updates and such) you could probably go that route. Useful for people on dialup ... download important updates, maybe dump them to a jumpdrive or burn a cd when you've got a couple of them.
I think they also do monthly iso-images that are just compilations of all the update installers in a given month, for the same reason -- not everyone's got a good net connection at home.
They're not selling a control panel to other places. They're marketing it as a competitive advantage for themselves -- a reason to use their service.
I'd bet on one or more of the following:
(1) The backend to their panel is a hairy mess, and not of the quality that they would be willing to stake their reputation on it without having exclusive administrative control of it.
(2) The options and setups are hacked up in such a way that they are very specific to that host's configuration -- ie, it would be basically impossible to package and sell their panel to other providers.
(3) Possibly because of 1 and/or 2, they feel that it's going to be more profitable to keep their panel a proprietary selling point for their service, rather than selling their panel itself -- that is, the hosting market is more lucrative than the software development market.
Any one of those would be a compelling reason to pursue their current business model, selling access to their panel as part of their service, rather than entering the software sales business.
But within the role of service provider, they're extremely limited in scope. There's no way even a majority of people on other providers are going to migrate to their service. So no, they're not going to dethrone cpanel. They're not even playing in the same arena. They're just finding creative ways to save money -- paying python and ajax developers for an in-house solution rather than paying cpanel (and that's just fine -- more in-house apps means more jobs for developers, and more variety in applications).
I concur. This is a pretty pointless feeling article to me.
... yeah, cpanel isn't much fun, neither is plesk or ensim. But that software is at least interesting.
... well, the same standard-fare software. The only remotely interesting thing here is that he went through the trouble of encoding the video in ogg+theora.
... isn't an answer to that. It's not a "here's our cpanel-competitor, and it's totally F/OSS and integrates with 4 major distro-families" ... it's "here's our cpanel-competitor, this and more is available if you switch to our super-nifty hosting service".
I mean
This would be the equivalent of Dreamhost posting a story demoing their "one-click installs" of
Don't get me wrong, there's a LOT of room for improvement in the server control panel realm. But this story
Just fyi, all it took to scratch a first-revision nano was a moderately soft fabric -- softer than the material that makes up the pockets of most pants would do it. I don't know if that's still the case, but ... it was pretty trivial to scuff up those things. I was pretty surprised seeing just how easy it was to scratch.
Just because there's an easy solution doesn't mean it's not a problem.
If you're looking for distributed version control, and you don't dislike subversion's general paradigm, you might be interested in svk
Basically it's a distributed version control system built on subversion's libs. Pretty slick if you're into that sort of thing...
There's something you're missing here:
People living in an office workflow don't often have the background to understand and use version control paradigms, particularly copy-modify-merge.
People who are used to "working with computers" (most of slashdot, as opposed to the "working, with computers!" type) have trouble understanding just how much of an understanding gap can exist between one type of user and the other.
As far as version control of office docs, yeah, you can use subversion, but for most people working with them, sharepoint's going to be less of a problem, precisely because it uses the slightly more intuitive lock-modify-unlock paradigm instead of copy-modify-merge. I hear that sharepoint 2k7 rolls in CMS server too, which might help a bit more. Maybe svn on apache2 with webdav is the right answer? Maybe sharepoint 2k7 is the right answer? But any answer that involves dropping more than half a page of required reading to get the team up to speed on using it is probably going to be left curbside by next weekend while whatever broken model they're getting by with continues to hobble by.
I have a true alias and a couple false ones.
The "true" alias is a direct mapping back to me. You could google it and along there find more than enough information to find out who I really am (and where I live, and what my phone number is, and how best to reach me, and a big chunk of the history of the last 4 or so years of my life).
In a sense, that's the very definition of an alias. Another name for the same thing (me, in this case).
On the other hand, there exist names which are mine, but which do not lead to me. These names are "false" aliases, in that while they belong to the same person as my "real" aliases, they aren't traceable to me in any sane way (I guess ip addresses, but switching on TOR would get around that pretty quickly, and places that I use those aliases I don't use "real" ones anyway).
If you want to know who I am, you don't have to look very hard. But if you want to know who one of those unmapped aliases is, you'll be at quite a loss. I think that's the general meaning of a "false alias" -- albeit a badly defined term.
Maybe "misleading alias" would be more appropriate?
If they're learning java and python, they're not getting "details of compiling, linking, stripping and so forth" anyway.
I'm a big fan of teaching with an IDE for most oo languages, because popup lists of member variables and autocompletion is a great tool when you're not 100% confident of every language feature around.
We can compare our own freedom to the relative lack of freedom slaves of the atlantic slave trade era had. We can also detect when things infringe on freedoms we enjoy -- for example, when laws are passed restricting free speech. Even more, we can hypothesize about not having such freedoms (see also: 1984).
But if we're all equally free, and don't have reminders of that freedom (ie: history, fiction), then we won't be aware of it. Further, even with reminders, when those reminders aren't salient, we will take our freedom for granted, the same way we take breathing for granted when we don't have trouble doing it.
Back on topic, the core question is: "is a livecd a program (under section 2 of the gpl), or is it a mere aggregation of independent and interdependent programs?"
If it's a program, then it's subject to those and all sorts of other restrictions, and the person "building" it needs to assert copyright and assign GPL license terms to every piece of software on the cd (according to GPL section 2). But if it's an aggregate, then he doesn't. That's really what it comes down to: is a livecd a program or isn't it?
If you were behind a firewall (including good software firewalls) or ahead of the game, you'd have missed out on the big autorooters (slammer, blaster, nachi).
If you're not running IE for your normal internet usage, you'd miss out on a whole host of enjoyable exploits.
If you're running windows in a sane way, viruses and spyware aren't a big problem. And with the relative wealth of gratis security software out there (in the personal firewall side, the antivirus side and antispyware utils), with automatic updates, it's quite possible to completely avoid the whole virus scene.
There's nothing terribly special about running Windows and not having virii. It's easy to skew our perceptions of this based on how incredibly many people simply shouldn't be allowed to be admin of their own systems.
While it's despicable that every OS and every piece of network-related software (and most others too) comes out horribly broken, and everything has to be constantly patched, and it's even more terrible for those on slow network connections (patching to winxp-sp2 over 33.6 dialup would be a nightmare), that's just the state of things right now. Exploit-finding utilities, secure coding practices, and idiot-resistant languages are all important steps in resolving that state of affairs, both in the Windows world and the sphere of FOSS.
Totally agree.
A buddy of mine is using my debian test box to develop a system management interface. He's coming from a strong fedora/redhat background, so he's familiar with the numerical runlevel model. But he's also familiar with the chkconfig utility to change what runs at a given runlevel, and the "service" interface to interface init scripts.
Now, I'm not great with debian, but so far the only thing I've found to approximate it from the cli is an ncurses-based utility, or manually changing the symlinks.
I'd say that chkconfig gives you a very complete interface, if not the most flexible or intuitive one... but being able to arbitrarily define runlevels is at very least a lot more flexible. And debian's apparent lack of any sort of cli interface for that is just
Only if it breaks api compatibility with the previous version. Otherwise, that's what dynamic linking is for, isn't it?
Right on
Personally, I think the big benefits of running gentoo over debian are things like
On the other hand, I'd say on a p4 3ghz desktop system with a very large software set, I'm probably averaging 2-3 hours a week of compiling for various updates, my debian and fc4 boxes spend more like 5-10 minutes a week downloading and unpacking them. But, if you're halfway decent at scheduling and don't have constant insanely-high demand everywhere, I'd say that update time isn't even a particularly big deal (after all, it's mostly non-interactive
Flash in and of itself is both harmless, and a huge problem solver for the embedded-video issue.
.mov, and now I've gotta sell my soul to apple to play it on a winbox, and what do I do about an embedded mov in linux?
... and doesn't play very nicely with most alternate browsers. Not to mention it also has serious issues in osx.
... that's why adblock and flashblock firefox extensions exist.
It's misuses of flash, in the context of the broken IE ActiveX model that open at least one set of floodgates for spyware.
And there's such mind-boggling headaches getting people to be able to reliably play video in any other format. Post a
WMV will draw the linux crowd's ire, too
Flash is installed on something like 95% of computers on the internet, and works in the big three (windows, linux, os-x -- in fact, I use it in all three). If you don't have it, you can lord your little five-percenter club over everyone else, and miss out on a whole world of good things that selectively allowing certain instances of flash brings. And for those that flash isn't good for
So about 3 and a half years ago, I got myself a laptop (ibook g3-700). I wanted to be able to write philosophy and psych papers and do CS programming assignments anywhere I was.
... the whole bit. It was great ... even the coffee shops and some of the restaurants off campus have wireless, so you could do just about anything anywhere.
The semester after I got it, I used it for EVERYTHING. I was taking notes on it, working on homeworks and projects, writing papers
But as I used it, I slowly came to grips with a simple fact: when the laptop is out, there's more interesting things to do than pay attention to most professors. Sure, there's the rare exception where the prof's really interesting, or I'm really into the material... but for the most part, I'd follow random digressive thoughts (that on paper would be a note to look into later), and stop paying attention to the prof.
Last semester, after five semesters of using it for every class, my laptop ran into hardware problems. It's well out of warranty, and would be nontrivial to repair or replace. So I stopped using it, transferred my data off of it, and I grabbed a tablet of paper. The latter half of that semester, and all this semester so far without it, I've found I take better notes in class, I follow the material and discussions better in general and I'm more into the subject matter at hand. I think that not carrying my laptop has a significant bit to do with this, and I find myself not really missing the perpetual interruption (and REALLY not missing the five extra pounds in my backpack).
I think this invasion of technology into activities that don't require it is a terrible thing. It's way too easy, on a campus with ubiquitous wireless, to find something more interesting than the prof or the course material, and takes a LOT of self-discipline to skip that temptation in favor of actually devoting all of your attention to a topic.
I'd like to see a counter-insurgency: profs banning laptops and newspapers in their classes, to drag people into paying attention and taking notes. After all, if you're surfing the net or doing the latest crossword, you might as well not be there anyway.
Now's a good time to evaluate your goals.
... that is, you want to go after the apple/microsoft/ibm/novell brass rings and be a career programmer, then you're on the right track ... hunt for programming internships, if you can't find them, hunt for programming jobs, and if you can't find them either then polish your skills by adopting a favorite open source project and working on it. Developing your abilities with real-world production code is definitely a plus, and a nice resume-builder if nothing else.
... but it's not going to get you into the PhD program at very many places, or enrich the depth and breadth of your knowledge and interest in the subject by a whole lot either. After all, when you spend a summer making copies and getting coffee ... it doesn't really amount to _real_ work experience.
... there's a LOT of summer REU deadlines that are coming up in the next 3 days or so!
If you want to pursue the "software life"
On the other hand, if you want to aim for an academic's path (ie: you want to go on to grad school pursuing a doctorate degree and doing research in the field), internships are pretty useless. Look for research opportunities. I know at my university, we've got an REU program (research experiences for undergrads) that are very popular, and both meet the suggested "don't spend the summer doing nothing" and "get experience" goals. It's a program sponsored by the NSF, and is apparently pretty popular around the country, and comes highly recommended. Oh, and the pay isn't terrible, as an extra bonus.
The nice thing about the academic paths -- undergrad research for a prof, REU programs, etc -- is that they end up working toward either goal. Getting an internship or getting a normal job may work toward the couple years of experience most places want for their better positions
Anyway, think about things from the perspective of what doors they open. But be quick about it
(REU Program: http://www.nsf.gov/crssprgm/reu/ )
I think you're confusing "computer science" with "software engineering". In either case, neither is as easy as you seem to think.
Being a double major in compsci and psychology, having started in mechanical engineering, sampled electrical engineering and physics and philosophy and math, I'm comfortable (and qualified) to say that computer science, when taught at a reputable university, is very nearly as challenging and demanding as major disciplines in engineering, and quite a bit more demanding than the vast majority of liberal arts disciplines.
What you're probably bemoaning, however, is the lack of software engineering principles in corporate software development. That's a whole different animal than what classes you take in college (considering that a majority of professional developers today don't have college degrees in either computer science or software engeering, or indeed any relevant field).
The whole issue revolves not around whether we can understand bee flight or not. For science, this is just a reduction of an attack surface, and an interesting discovery.
How does this relate to ID?
Intelligent Design supporters who attack science with the article's argument "Science doesn't know how bees fly" attack it with an ad hominem argument.
Here's the argument, simplified:
Science claims that life evolved on its own.
Science isn't perfect.
Therefore, the universe didn't evolve on its own.
Boiled down like that, it's pretty classic ad hominem form: A believes B, there's something wrong with A, so B is wrong.
Note that this does NOT indicate ANYTHING for or against ID's beliefs proper, nor does it support or reject evolution (and in fact, drawing a conclusion about ID based on this finding would be another ad hominem). Our capacity to understand bee flight is completely unrelated to how bees came to be able to fly, or whether such a thing is capable of developing from simpler forms of flight or if they have to be guided into existence by an unseen hand.
What's most interesting to me (from the realm of infosec, anyway) is the idea that the ID camp has set itself up as an adversary to science, and in constructing these arguments is essentially doing penetration testing: find a hole, exploit it for a short while, watch the scientific community close the hole. Ultimately, ID may be serving in some small way to motivate the advance of science, despite its stated goal of discrediting the whole scientific institution. This may be taken as a commentary on the relationship between attackers and defenders in general: having an adversary makes you grow stronger than not having one.
When I first started using RSS, I subscribed to yahoo, cnn (about 4 of their feeds), and abcnews news feeds. I was thinking, "I'll get multiple perspectives on major stories, and make comparisons". Ahh, the starry-eyed idealism of ignorance...
Then I learned the truth. The spin happens at journalist-time -- the talking heads (or the writers behind the talking heads, whatever) get their news from the same Associated Press feed, and spin it their own way. In internet-land, there's no talking head -- just the AP story (and inherently the bias of the original AP journalist).
If you're looking at AP news stories online, everyone is just reposting the same exact story verbatim anyway. And generally non-AP topics don't get covered by many different perspectives.
thing is, all of those distros use the same software base. Redhat, Ubuntu, *BSD, they're all host to apache, samba, bind, openssh, php, gcc ... they're all essentially the same, once you get past package management, the kernel and the c libraries.
If you want to count "OS" flaws, you need to remove ALL the third-party apps. That means in linux, you'd JUST be counting the flaws in the kernel and glibc, and in BSD only the core system as well. And those aren't even going to be distro-specific.
While you're right that it's probably not fair to shove os-x vulns in with the unix/linux category (os-x is its own unique animal and has a lot of things that no other *nix has) I think it is fair to mash together the F/OSS nixes. Or at least to mash together their non-os-specific parts.
Of course, these comparisons are inherently unfair, if they're used as a metric for "which OS is more secure". That's become something of a moot point. No matter how someone calculates their metrics, someone or another is going to be displeased with their methodology. What's more interesting, and more to the point, is the sheer number of vulns found across the board, and that's the whole point of the story.
When I first started as a sysadmin, my devs all had admin access, root on the servers, etc. They spent so much time flailing trying to figure out how to do administrative things they shouldn't have been dealing with that they had trouble doing their jobs.
Now, they don't have root. I keep the systems running and happy and handle the things that they're totally clueless on (or just shouldn't be trusted with) while they write the code and the papers that keep getting us our research grants, and everyone is happy.
technically superior, sure.
... umm .... what's the word I'm looking for?
But
Oh yeah. Slow.
MySQL's got three big great things going for it: raw disgusting speed, relative simplicity to set up and administer, and the whole dual-license thing. Oh, and with innodb and with the 5.0 release, very nearly everything in the "technically superior" category (as far as most people are concerned) is covered. A lot of the things people bash mysql for are really complaints about the shortcomings of MyISAM instead. Oh, and don't forget that SO many websites and open source tools are built on top of the LAMP stack... and people wonder why it's talked about so much? Really, what's not to like?
Postgresql has relative simplicity to set up and maintain, but I don't think is quite as straightforward as mysql. And, as far as I've been able to tell, the speed just isn't there. We all love BSD licensing, and it still has some technical strengths over mysql, but the biggest issue is still speed, and all the benches I've seen still put mysql ahead on that one. (Besides, who's ever heard of the "LAPP" stack, and does it have something to do with strippers?)
Oracle, on the other hand, is already pretty fast and scalable, but non-free, non-f/oss, and generally an order of magnitude or two more complex to set up and maintain. In an organization large enough to have a dedicated database administrator, it's great, but it's not really suitable to be the database behind something like my weblog, or behind a small business's basic website.
I'm counting something like 20 vulnerabilities this year alone on secunia in the "highly critical" or "extremely critical" categories.
It may be *nix. But it's no OpenBSD. And even if it were openbsd, it'd still be far from perfect.
on the other hand, if an app wants to write to your homedir/dotfiles instead of sticking itself in system locations, it can do it. How many of the "it just works, I like it" crowd have EVER looked at what dotfiles live in their home directory?
Most spyware comes from one of two places: renegade ActiveX or piggyback installations.
While the mac and *nix platforms don't have activeX to worry about, nothing's preventing people from bundling mac spyware with otherwise useful apps, and if the app brings something that people want, they'll ignore the stuff that comes with it. How do you think Gator operates?
It's just that nobody's decided to go after the mac market trying to turn shareware into adware or negotiating bundle deals, or even learning to write mac malware yet. Maybe that's the "excellence" you're talking about. But there's a big emphasis to be put on the "yet" part of that.
The mac platform is not without its security holes, and those things that compromise a high privilege process don't NEED to prompt you to install themselves everywhere.
if you've got cube-space (some do, some don't), consider rearranging so the monitor faces away from the entryway. Those sneaky users might be be able to evade your headphone/carpet-obscured hearing, but they damned sure won't get far enough to see what's on your screen without you seeing them coming well in advance.
Of course, then there's the guy on the other side of the back wall, or on the side walls. But a big hutch and a couple plants should keep that from being an issue as well.