If C programmers knew what the hell they were doing then we wouldn't see dozens of buffer overflows every month.
My original point is that merely reading the code is not the only way to find all security flaws. If it were, then writing a 'parser to examine C code for security problems' would be a snap. Since you stated that this is a hard problem, then you must acknowledge that you cannot just read the code from 'start to finish' and say you have completed the security audit. Surely, you security experts actually run programs and try to break them, right? If not, then you are utterly clueless.
And yes, you do need to know how to code to look for security problems and yes, maybe a half decent C programmer can do it...
Your presumption of the competence of C programmers (at Interbase) or otherwise speaks to your ignorance about building programs and the number of flaws per lines of code. Buffer overflows are so pervasive in C code because of two things: 1. incompetent test cases and 2. clueless programmers. For example, clueless programmer Joe writes code that does not check for overflows. Clueless Joe never runs a test case run which exploits the overflow, so he thinks his code is 'all clear'. Clueless Joe moves onto the next project and repeats cycle.
The bottom line is that programmers (like security experts) are fallable. Sometimes the fallability is a matter of incompetence/ignorance (mostly) or laziness (rarely).
"Fat, drunk, and stupid is no way to go through life."
No I am not a security expert. IMHO, understanding how a program works is an obvious pre-requisite to find security flaws. You cannot understand how a program works simply by reading the code.
In the Interbase example, (I could not read the CERT advisory before my post), it may have been easy to find, maybe not. Quite possibly, no one looked at or read those modules, or (more importantly) understood the code to determine that it was a back door.
Your buffer overflow example is pointless. Anyone with 1 year experience as a C programmer can find a buffer overflow. IMHO - this is not a 'security problem', it's a 'stupid programmer problem' - i.e., competent programmers check memory boundaries.
As far as grepping around the code, fine - write some shell scripts and have a party. If you are so worried about it, why didn't you read the Interbase code from 'start to finish'. Or better yet, write a parser that will examine C code for security problems. This would be a hell of a lot more useful to perform security audits, compared to reading the code from 'start to finish'.
Later
"Fat, drunk, and stupid is no way to go through life."
I would have thought that the first day that the source was released someone would have read the code from start to finish with a pen and paper next to them and written "obvious backdoor in eight files, remove" and fixed it.
You must not be a programmer, because reading a program from 'start to finish' is an assinine way to understand it. In addition, it is impractical because the source for Interbase is probably several hundred thousand (million?) lines of code. Finally, reading it from start to finish would not cause a 'backdoor' bug to be found. It is unlikely that there is a function called login_backdoor(), so finding such a security hole is a subtle process.
For a program as complex as Interbase I am not surprized that it took a year for someone (outside Borland) to understand it enough to find the 'back door'.
Later
"Fat, drunk, and stupid is no way to go through life."
Regarding point 1: Without going into a long philosophical or psychological explanation of the Human Psyche (tm), suffice it to say that we are victims of our own free will. Our free will allows people, not 'organized' religions to inflict harm on others. The religion itself is not imperfect (so its followers believe), but the execution of a religion, because it is carried out by fallible humans, is definitely imperfect. Therefore, all religious organizations are human creations and therefore are subject to human mistakes in judgement. Can you make perfect decisions? Of course not, so to expect that a group of humans will make perfect decisions is too much to ask.
On Creationism. As a trained biologist (with a BS and MS) I can tell you that any cosmological (i.e., 'start of the universe') hypotheses contain little empirical evidence. This means that unlike the law of entropy, cosmological phenomenon cannot be repeated or observed and therefore not predicted. Sure, cosmologists sound convincing, but after teaching the Big Bang theory for several years to college freshmen, I believe it less and less because it is so full of conjecture. An objective scientist must reject it as almost pure speculation.
The scientific method is used to make observations and draw conclusions within our physical world. The Universe is already created and any objective biologist or physicist will admit that we cannot re-test the creation of the Universe. So, anyone can purport his theory of the Big Bang, but the fact is that we'll probably never know how the Universe was created (maybe it was never created, maybe it has 'just existed' for eternity).
What isn't a priority for you (e.g., 'organized' religion) is a definite priority for the majority of everyone else on the planet. There are countless religious individuals who have changed the world for the better. To generalize that organized religion and creationism have been the largest setbacks to human development is naive at best and idiotic at worst. Some of the greatest thinkers and innovators were deeply religious individuals. One example that immediately comes to mind is Thomas Aquinas.
Later
"Fat, drunk, and stupid is no way to go through life."
Read this for a quick bio on your beloved Canadian hero. Like most Canadians, he headed for the greener pasters of the U.S. -- graduated from the University of Colorado Medical School, served in the First Kansas Infantry in 1916.
Here is another bit of info that describes how, when and where Basketball was invented...
We know from Bernice Larson Webb's authoritative 1973 book The Basketball Man that Naismith's assignment to develop a new game was not one he was originally enthused about undertaking.
The process began at what is now known as Springfield College, in Springfield, Mass., under the direction of physical education superintendent Luther H. Gulick. It was Gulick who believed, among other things, that there was "nothing new under the sun," and that meant a new indoor game would most likely be developed by combining aspects of different existing games.
And by 1891, when Naismith undertook this task, a new game was needed...
Later, eh?
"Fat, drunk, and stupid is no way to go through life."
The posting population of Slashdot shuns control, regardless of the source (Government or Corporation). Posting opinions is one form of anti-control. Another is the lively discussions about the apparent constant erosion of U.S. civil rights.
Although it seems that Things (tm) are getting worse in the good old USA, I suggest you take a step back (from Slashdot) and read some other opinions. Do they confirm or contradict the sentiment here?
. . .
The most interesting part of the debate is the fact that Corporations seem to want to us to exchange our liberties for capitalism. I am not sure why there is a dichotomy between liberty and capitalism. Further, it is laughable that Corporations seek to impose liberty limitations on the purchasing Americans at the expense of their own personal liberties.
People like to complain about how their privacy has been invaded, yet continue to work for and purchase from the Corporations that try to erode their libery. Maybe it's me and my arrogant attitude, but the majority of folks that I know do not care that their liberties probably are eroding. They only seem to care about how much money they can make while doing as little work as possible. Are these people legitimately stupid? or just not clued in?
"Fat, drunk, and stupid is no way to go through life."
Whose priorities? The VCs gave money to every assinine idea so they could get rich, not so they could advance society. To the VCs, it is 'clear thinking' to bank on 1 of 10 ventures paying off. Maybe you disagree, and thus the large impasse is created.
IMHO - The biggest impediment to human progress is our free will. Things that are important to 'socially minded' folks are not important to others. Once our basic needs are met, the importance and allocation of resources becomes complicated. Such complications are fodder for wars, famine, and any other Bad Things (tm) that have occurred since humans became 'civilized'.
OTH - I do not want to give up my free will so we can become like the 'humans' in THX 1138.
Later.
"Fat, drunk, and stupid is no way to go through life."
Maybe at 29 I am out of the loop, but this fellow at 15 is way more coherent and thoughtful than the majority of my pin-head software engineer colleagues. Good show.
"Fat, drunk, and stupid is no way to go through life."
At least 75% of college is useless as far as contributing to later work.
Is this why so many people cannot form complete sentences, particularly when writing? The grammar of most of my CS colleagues is terrible. Often they cannot spell simple words. Take these same CS grads and ask them to write a design document. The result is a document that is virtually useless because it is written so poorly. Then consider what a well-rounded education may cost in later work.
IMHO, there is no excuse for mastering the grammar of your native tongue, particularly if you earned your college degree.
"Fat, drunk, and stupid is no way to go through life."
Re:I'd rather hire a BA in history or indust-desig
on
CS vs CIS
·
· Score: 1
CS degree does nonethless teach you a valuable structured way of thinking, and encourage a disciplined approach...
So does a major in any science like Chemistry, Biology, Geology. Some of the best software engineers I know were trained (earned a degree) in Biology, Physics, or Geology. My hypothesis is that the scientific method fits well into computer problem-solving.
"Fat, drunk, and stupid is no way to go through life."
Uhh. Have you looked at Konqueror by KDE? It includes 'networking enhancements' and 'groovy' document handling via component programs and 'impressive' customization. Check out the links in the above page and please explain how 'Eazel does it better'? Only reading about Eazel, it does not appear that it does more than Konqueror. Except that Konqueror has been shipping for 3 months and Eazel is still in development.
"Fat, drunk, and stupid is no way to go through life."
How do you define what is/should be flagged as a 'dependancy'?
For example, the Slackware installpkg utility can warn you if you are going to over-write existing files. Some (presumably not you) would argue that this is a dependancy check.
Similarly, the man page from the removepkg utility states:
Removing a package (as well as installing one) can be a dangerous undertaking. For this reason, there is the -warn option available. When you use this, removepkg will not actually remove any files or links, but will output a detailed report of what it would do if you
actually did remove the package.
Personally, as a Slack user for the past 6 years, I have not had a need or desire to remove a package and all of its dependant libraries. Furthermore, I have been able to upgrade my system using only the package tools provided. For example, I removed KDE1 and installed KDE2 - without a hitch and only using the pkgtool utilities. It would seem that this means Slackware's package system is at least effective enough for me to do such things as upgrade a major part of my system, no?
One could argue that if a package uses the System C libraries, then are not those libraries a dependancy? Clearly, you would not want your package system to remove all dependancies. In this example, your system would be useless without the glibc libraries.
My point is that there is more than one way to define a package and its uses. Slackware is slightly different, but IMHO, the main functions are available for the Slackware user. Slackware is not about holding the user's hand. This is reflected in its package system. If you want hand-holding, use RHAT.
Finally, if packages were so simple and definable, why are there so many package systems available? Food for thought, indeed.
"Fat, drunk, and stupid is no way to go through life."
Err, How about some facts to back up your assertions?
Contrary to popular mis-information, Slackware packages are not just archives. They do contain rules for installation, version information, and meta-information. This is why Slackware users know that you just cannot 'unzip and untar' a Slackware package -- you need to run 'installpkg' to install something correctly. (BTW - You can use installpkg to install 'simple tarballs', but these do not contain the additional package information used by the Slackware package system).
In the UserLocal interview, they discuss that 'autopkg' and 'protopkg' are the next generation of tools for the Slackware packaging system. For example, here's what the UserLocal interviewer wrote about 'protopkg':
I've recently made a package with protopkg, I was completely amazed at how simple it was to use (I actually just modified an existing prototype found on ftp.slackware.com in the/unsupported dir). This system seems almost revolutionary in the fact that essentially it allows users to trade binaries just by exchanging these prototype text files.
I don't know whether protopkg is revolutionary, but it is certainly not primative.
Later
"Fat, drunk, and stupid is no way to go through life."
I have been on a 9/80 flextime schedule for the past year - 80 hours in 9 working days instead of 10. Then the 10th day is off.
From my perspective, it is great. I can take my dogs to the vet or go to the dentist on my Friday off, so I do not schedule these things during my week. It also is nice to have extra days off because the US typically does not give enough time off to workers (I have 2 weeks vacation / year, but 3 next year). 9/80 means ~20 3 day weekends.
From a company perspective, it can be inconvenient if you need to talk to an employee who is off. I have also noticed that employees have a tendency to abuse the system, The most common abuse is not working 9 full hours M-Th. Finally, if we are busy with a beta release, we sometimes need to work on our scheduled day off. Some employees tend to bitch when this happens.
Although I work for a large company, the 9/80 program is discretionary by department. Some managers refuse to allow the 9/80 schedule. Personally, I think this is because these managers have lazy employees and the 9/80 would exacerbate the problem. However, if you are in a department that has 9/80 your friends or colleagues from other departments may harbor jealous feelings.
I have noticed that the management style dictates the success of the 9/80 schedule. Micromanagers and anal-retentive managers do not like losing the perceived control on work hours. This is a valid point, given the common abuse of slacking on hours. OTH-Managers that worry only about results (which != hours) tend to be happy. This is cool because if you get your work done asap, then managers tend to leave you alone (isn't this true without flextime?)
"Fat, drunk, and stupid is no way to go through life."
I had not considered the cygwin option and I concluded that PG does not run on NT natively when I went to download a binary distribution. Have you tried it under cygwin? Is there a performance hit because PG would run in the cygwin emulation, rather than native?
I was unaware of the MVCC of PG because the NT part was the first issue, so I did not explore use of PG after I didn't find a binary NT version.
Thanks for the corrections!
"Fat, drunk, and stupid is no way to go through life."
Actually, this probably means that the database was very well-designed.
Your comment minimizes the performance issues. You can create a beautiful, 3rd normal form database and find that it is slow as hell when you try to read or write to the schema.
Most real-world databases require a whole lot more {tables}.
For a web site, pages need to return in 1-2 seconds, but if your 16 table join takes 1-2 seconds, you're in trouble because your response time now depends entirely on the network conditions.
Theoretical ideals of relational theory applied to databases are fun to talk about and design, but the real-world dictates some compromizes. Often, denormalization is the first compromize. This reduces the number of joins required to read read the database. It also speeds up writes because you have to issue fewer SQL statements.
Later.
"Fat, drunk, and stupid is no way to go through life."
Here's the specifications for Interbase:
http://www.interbase.com/open/research/tech_specs. html
Maximum size of database: 32TB using multiple files; largest recorded InterBase database in production is over 200GB
Maximum size of one file: 4GB on most platforms; 2GB on some platforms
Maximum number of tables: 64K Tables
Maximum size of one table: 32TB
Maximum number of rows per table: 4G Rows
Maximum row size: 64KB
Maximum number of columns per table: Depends on the datatypes you use. (Example: 16,384 INTEGER (4 byte) values per row.)
Maximum number of indexes per table: 64K indexes
Maximum number of indexes per database: 4G indexes
"Fat, drunk, and stupid is no way to go through life."
I am building a data entry site in PHP + Interbase and Interbase has shown itself to be rock solid (both on NT and Linux).
I could not use PostGreSQL because it does not run on NT (client only has NT server and does not want a Linux box for this system). I don't know much about PG, so I don't know how good it is.
I did not use MySQL even though I have run it on Linux and NT for these reasons:
No transactions (could not wait for MaxSQL before implementation).
No integrity constraints. Unfortunately, data entry systems require integrity constraints and the attitude of the MySQL developers is IMHO assinine. I have worked on databases with and without integrity constraints and in my experience, the data is always worse in databases where the philosophy is to 'let the database developers' deal with it.
Unlike MySQL, PG, and most databases, in Interbase, writers never block readers. Check the product overview for details.
Interbase may not have industrial strength for massive number of concurrent users, but this particular implementation is a data entry, low volume system. I cannot personally attest to the viability of Interbase in a large number of users.
Concerning the 'opennes' of Interbase, the source is released, there are no restrictions and this database is not going anywhere soon. The main problem is that Inprise's release of the source left a bad taste in the mouths of free software advocates. This issues have been remedied and they have delivered on their promise to release the source.
Check Interbase out, you'll be surprized.
"Fat, drunk, and stupid is no way to go through life."
Slashdot Mirror
If C programmers knew what the hell they were doing then we wouldn't see dozens of buffer overflows every month.
My original point is that merely reading the code is not the only way to find all security flaws. If it were, then writing a 'parser to examine C code for security problems' would be a snap. Since you stated that this is a hard problem, then you must acknowledge that you cannot just read the code from 'start to finish' and say you have completed the security audit. Surely, you security experts actually run programs and try to break them, right? If not, then you are utterly clueless.
And yes, you do need to know how to code to look for security problems and yes, maybe a half decent C programmer can do it...
Your presumption of the competence of C programmers (at Interbase) or otherwise speaks to your ignorance about building programs and the number of flaws per lines of code. Buffer overflows are so pervasive in C code because of two things: 1. incompetent test cases and 2. clueless programmers. For example, clueless programmer Joe writes code that does not check for overflows. Clueless Joe never runs a test case run which exploits the overflow, so he thinks his code is 'all clear'. Clueless Joe moves onto the next project and repeats cycle.
The bottom line is that programmers (like security experts) are fallable. Sometimes the fallability is a matter of incompetence/ignorance (mostly) or laziness (rarely).
"Fat, drunk, and stupid is no way to go through life."
No I am not a security expert. IMHO, understanding how a program works is an obvious pre-requisite to find security flaws. You cannot understand how a program works simply by reading the code.
In the Interbase example, (I could not read the CERT advisory before my post), it may have been easy to find, maybe not. Quite possibly, no one looked at or read those modules, or (more importantly) understood the code to determine that it was a back door.
Your buffer overflow example is pointless. Anyone with 1 year experience as a C programmer can find a buffer overflow. IMHO - this is not a 'security problem', it's a 'stupid programmer problem' - i.e., competent programmers check memory boundaries.
As far as grepping around the code, fine - write some shell scripts and have a party. If you are so worried about it, why didn't you read the Interbase code from 'start to finish'. Or better yet, write a parser that will examine C code for security problems. This would be a hell of a lot more useful to perform security audits, compared to reading the code from 'start to finish'.
Later
"Fat, drunk, and stupid is no way to go through life."
You must not be a programmer, because reading a program from 'start to finish' is an assinine way to understand it. In addition, it is impractical because the source for Interbase is probably several hundred thousand (million?) lines of code. Finally, reading it from start to finish would not cause a 'backdoor' bug to be found. It is unlikely that there is a function called login_backdoor(), so finding such a security hole is a subtle process.
For a program as complex as Interbase I am not surprized that it took a year for someone (outside Borland) to understand it enough to find the 'back door'.
Later
"Fat, drunk, and stupid is no way to go through life."
Regarding point 1: Without going into a long philosophical or psychological explanation of the Human Psyche (tm), suffice it to say that we are victims of our own free will. Our free will allows people, not 'organized' religions to inflict harm on others. The religion itself is not imperfect (so its followers believe), but the execution of a religion, because it is carried out by fallible humans, is definitely imperfect. Therefore, all religious organizations are human creations and therefore are subject to human mistakes in judgement. Can you make perfect decisions? Of course not, so to expect that a group of humans will make perfect decisions is too much to ask.
On Creationism. As a trained biologist (with a BS and MS) I can tell you that any cosmological (i.e., 'start of the universe') hypotheses contain little empirical evidence. This means that unlike the law of entropy, cosmological phenomenon cannot be repeated or observed and therefore not predicted. Sure, cosmologists sound convincing, but after teaching the Big Bang theory for several years to college freshmen, I believe it less and less because it is so full of conjecture. An objective scientist must reject it as almost pure speculation.
The scientific method is used to make observations and draw conclusions within our physical world. The Universe is already created and any objective biologist or physicist will admit that we cannot re-test the creation of the Universe. So, anyone can purport his theory of the Big Bang, but the fact is that we'll probably never know how the Universe was created (maybe it was never created, maybe it has 'just existed' for eternity).
What isn't a priority for you (e.g., 'organized' religion) is a definite priority for the majority of everyone else on the planet. There are countless religious individuals who have changed the world for the better. To generalize that organized religion and creationism have been the largest setbacks to human development is naive at best and idiotic at worst. Some of the greatest thinkers and innovators were deeply religious individuals. One example that immediately comes to mind is Thomas Aquinas.
Later
"Fat, drunk, and stupid is no way to go through life."
Uhh...
By your logic, the atomic bomb is German.
Read this for a quick bio on your beloved Canadian hero. Like most Canadians, he headed for the greener pasters of the U.S. -- graduated from the University of Colorado Medical School, served in the First Kansas Infantry in 1916.
Here is another bit of info that describes how, when and where Basketball was invented...
Later, eh?
"Fat, drunk, and stupid is no way to go through life."
Not.
"Fat, drunk, and stupid is no way to go through life."
The posting population of Slashdot shuns control, regardless of the source (Government or Corporation). Posting opinions is one form of anti-control. Another is the lively discussions about the apparent constant erosion of U.S. civil rights.
Although it seems that Things (tm) are getting worse in the good old USA, I suggest you take a step back (from Slashdot) and read some other opinions. Do they confirm or contradict the sentiment here?
. . .
The most interesting part of the debate is the fact that Corporations seem to want to us to exchange our liberties for capitalism. I am not sure why there is a dichotomy between liberty and capitalism. Further, it is laughable that Corporations seek to impose liberty limitations on the purchasing Americans at the expense of their own personal liberties.
People like to complain about how their privacy has been invaded, yet continue to work for and purchase from the Corporations that try to erode their libery. Maybe it's me and my arrogant attitude, but the majority of folks that I know do not care that their liberties probably are eroding. They only seem to care about how much money they can make while doing as little work as possible. Are these people legitimately stupid? or just not clued in?
"Fat, drunk, and stupid is no way to go through life."
Whose priorities? The VCs gave money to every assinine idea so they could get rich, not so they could advance society. To the VCs, it is 'clear thinking' to bank on 1 of 10 ventures paying off. Maybe you disagree, and thus the large impasse is created.
IMHO - The biggest impediment to human progress is our free will. Things that are important to 'socially minded' folks are not important to others. Once our basic needs are met, the importance and allocation of resources becomes complicated. Such complications are fodder for wars, famine, and any other Bad Things (tm) that have occurred since humans became 'civilized'.
OTH - I do not want to give up my free will so we can become like the 'humans' in THX 1138 .
Later.
"Fat, drunk, and stupid is no way to go through life."
You are way out of line.
"Fat, drunk, and stupid is no way to go through life."
Maybe at 29 I am out of the loop, but this fellow at 15 is way more coherent and thoughtful than the majority of my pin-head software engineer colleagues. Good show.
"Fat, drunk, and stupid is no way to go through life."
Is this why so many people cannot form complete sentences, particularly when writing? The grammar of most of my CS colleagues is terrible. Often they cannot spell simple words. Take these same CS grads and ask them to write a design document. The result is a document that is virtually useless because it is written so poorly. Then consider what a well-rounded education may cost in later work.
IMHO, there is no excuse for mastering the grammar of your native tongue, particularly if you earned your college degree.
"Fat, drunk, and stupid is no way to go through life."
So does a major in any science like Chemistry, Biology, Geology. Some of the best software engineers I know were trained (earned a degree) in Biology, Physics, or Geology. My hypothesis is that the scientific method fits well into computer problem-solving.
"Fat, drunk, and stupid is no way to go through life."
Uhh. Have you looked at Konqueror by KDE? It includes 'networking enhancements' and 'groovy' document handling via component programs and 'impressive' customization. Check out the links in the above page and please explain how 'Eazel does it better'? Only reading about Eazel, it does not appear that it does more than Konqueror. Except that Konqueror has been shipping for 3 months and Eazel is still in development.
"Fat, drunk, and stupid is no way to go through life."
My two points (mangled the HTML) 1. There is more than one way to define a package system. 2. There is more than one way to define a dependancy.
"Fat, drunk, and stupid is no way to go through life."
Two points:
For example, the Slackware installpkg utility can warn you if you are going to over-write existing files. Some (presumably not you) would argue that this is a dependancy check.
Similarly, the man page from the removepkg utility states:
Personally, as a Slack user for the past 6 years, I have not had a need or desire to remove a package and all of its dependant libraries. Furthermore, I have been able to upgrade my system using only the package tools provided. For example, I removed KDE1 and installed KDE2 - without a hitch and only using the pkgtool utilities. It would seem that this means Slackware's package system is at least effective enough for me to do such things as upgrade a major part of my system, no?
One could argue that if a package uses the System C libraries, then are not those libraries a dependancy? Clearly, you would not want your package system to remove all dependancies. In this example, your system would be useless without the glibc libraries.
My point is that there is more than one way to define a package and its uses. Slackware is slightly different, but IMHO, the main functions are available for the Slackware user. Slackware is not about holding the user's hand. This is reflected in its package system. If you want hand-holding, use RHAT.
Finally, if packages were so simple and definable, why are there so many package systems available? Food for thought, indeed.
"Fat, drunk, and stupid is no way to go through life."
Err, How about some facts to back up your assertions?
Contrary to popular mis-information, Slackware packages are not just archives. They do contain rules for installation, version information, and meta-information. This is why Slackware users know that you just cannot 'unzip and untar' a Slackware package -- you need to run 'installpkg' to install something correctly. (BTW - You can use installpkg to install 'simple tarballs', but these do not contain the additional package information used by the Slackware package system).
In the UserLocal interview, they discuss that 'autopkg' and 'protopkg' are the next generation of tools for the Slackware packaging system. For example, here's what the UserLocal interviewer wrote about 'protopkg':
I don't know whether protopkg is revolutionary, but it is certainly not primative.
Later
"Fat, drunk, and stupid is no way to go through life."
In Denver, we have been on 10 digit dialing for 2.5 years. Everyone bitched until the change over. Like most things, no one cares anymore.
"Fat, drunk, and stupid is no way to go through life."
Could someone explain what 'Home Office' refers to?
"Fat, drunk, and stupid is no way to go through life."
KOffice.
"Fat, drunk, and stupid is no way to go through life."
From my perspective, it is great. I can take my dogs to the vet or go to the dentist on my Friday off, so I do not schedule these things during my week. It also is nice to have extra days off because the US typically does not give enough time off to workers (I have 2 weeks vacation / year, but 3 next year). 9/80 means ~20 3 day weekends.
From a company perspective, it can be inconvenient if you need to talk to an employee who is off. I have also noticed that employees have a tendency to abuse the system, The most common abuse is not working 9 full hours M-Th. Finally, if we are busy with a beta release, we sometimes need to work on our scheduled day off. Some employees tend to bitch when this happens.
Although I work for a large company, the 9/80 program is discretionary by department. Some managers refuse to allow the 9/80 schedule. Personally, I think this is because these managers have lazy employees and the 9/80 would exacerbate the problem. However, if you are in a department that has 9/80 your friends or colleagues from other departments may harbor jealous feelings.
I have noticed that the management style dictates the success of the 9/80 schedule. Micromanagers and anal-retentive managers do not like losing the perceived control on work hours. This is a valid point, given the common abuse of slacking on hours. OTH-Managers that worry only about results (which != hours) tend to be happy. This is cool because if you get your work done asap, then managers tend to leave you alone (isn't this true without flextime?)
"Fat, drunk, and stupid is no way to go through life."
I had not considered the cygwin option and I concluded that PG does not run on NT natively when I went to download a binary distribution. Have you tried it under cygwin? Is there a performance hit because PG would run in the cygwin emulation, rather than native?
I was unaware of the MVCC of PG because the NT part was the first issue, so I did not explore use of PG after I didn't find a binary NT version.
Thanks for the corrections!
"Fat, drunk, and stupid is no way to go through life."
Your comment minimizes the performance issues. You can create a beautiful, 3rd normal form database and find that it is slow as hell when you try to read or write to the schema.
Most real-world databases require a whole lot more {tables}.
For a web site, pages need to return in 1-2 seconds, but if your 16 table join takes 1-2 seconds, you're in trouble because your response time now depends entirely on the network conditions.
Theoretical ideals of relational theory applied to databases are fun to talk about and design, but the real-world dictates some compromizes. Often, denormalization is the first compromize. This reduces the number of joins required to read read the database. It also speeds up writes because you have to issue fewer SQL statements.
Later.
"Fat, drunk, and stupid is no way to go through life."
Here's the specifications for Interbase: http://www.interbase.com/open/research/tech_specs. html
Maximum size of database: 32TB using multiple files; largest recorded InterBase database in production is over 200GB
Maximum size of one file: 4GB on most platforms; 2GB on some platforms
Maximum number of tables: 64K Tables
Maximum size of one table: 32TB
Maximum number of rows per table: 4G Rows
Maximum row size: 64KB
Maximum number of columns per table: Depends on the datatypes you use. (Example: 16,384 INTEGER (4 byte) values per row.)
Maximum number of indexes per table: 64K indexes
Maximum number of indexes per database: 4G indexes
"Fat, drunk, and stupid is no way to go through life."
You can compile postgres yourself and the compiler will optimize for your processor.
"Fat, drunk, and stupid is no way to go through life."
I could not use PostGreSQL because it does not run on NT (client only has NT server and does not want a Linux box for this system). I don't know much about PG, so I don't know how good it is.
I did not use MySQL even though I have run it on Linux and NT for these reasons:
Interbase may not have industrial strength for massive number of concurrent users, but this particular implementation is a data entry, low volume system. I cannot personally attest to the viability of Interbase in a large number of users.
Concerning the 'opennes' of Interbase, the source is released, there are no restrictions and this database is not going anywhere soon. The main problem is that Inprise's release of the source left a bad taste in the mouths of free software advocates. This issues have been remedied and they have delivered on their promise to release the source.
Check Interbase out, you'll be surprized.
"Fat, drunk, and stupid is no way to go through life."