But I was taking for granted that projects with many eyes on them are as rigorous as you describe.
It's the OTHER class of bugs/exploits, the REALLY non-obvious ones, the ones that don't directly descend from a bad coding practice, the ones that are the product of factors that can't be seen until they're in use. I guess more specifically, the ones that result from timing issues, or even the million-monkey ones.
And as far as following your three simple rules, with open-source projects, those things CAN be checked and enforced.
Typically, if your company sells a software development project to another company, the client company can rightfully request and execute code-reviews.
How many companies can request that from an entity like Microsoft?
In Microsoft's case, you have to take their word for it that everything is jake.
And of course Microsoft would never lie, cut corners or ignore fundamental security consepts in their code, would they? Wait...
MOST bugs or flaws that lead to exploits are things that CANNOT be found by using a "structured" method.
Otherwise, you could write a tool that probes for those.
The effect would be that that class of exploit would disappear.
Usually, exploits are much trickier (chaotic, even) than that to find and are usually found "in the field" by actually using the software under a variety of conditions when all the "eyeballs" have failed.
But trying to be controversial to sell a book never hurt...
> [...] his realization that customers generally adopt Linux to get a better TCO than Unix, not Windows.
Of everyone that I know personally that has switched, not a single one did it to "get away from Unix", rather all of them were Windows users and totally ignorant of Unix until they tried Linux.
Once again Microsoft is getting its version of reality from somewhere unknown to most of us and once again they believe they can dictate the reasons users do what they do.
>This really needs to be sorted out. [...] when we know how powerful [Linux] is. [...] open source [...] doesn't lead to efficient, clean and elegantly-written code. Otherwise we'd have the speed advantage, and Linux's flagship products wouldn't be heavier and slower than Microsoft's.
Not trying to troll here, but is that possible?
Windows (95, 98, ME) were coded specifically for the low-end x86 PC architecture, and consequently use a bunch of tricks to streamline their performance.
Windows (NT, 2000, XP) were an attempt to go and get the *nix market by using sound architectural design, and consequently a lot of old apps wouldn't work anymore, Windows would require more CPU power, etc... But that doesn't seemed to have precluded MS still using some tricks to optimize performance.
I agree with your statements; the result is that Windows is a very buggy, unsecure operating system, of course.
Whereas Linux seems a lot less compromising, because being cheap is not allowable.
So how are we going to get Linux optimized if we don't cheat a bit?
Pre-linking seems like one good possibility, but there must be others.
The thing about that is, it's no guarantee that the user's experience with Windows will be MORE positive as a result; A lot of software fixes break other things, and Microsoft has its share of those.
>Because people disagree what is the right way of doing it. [...] linux makes some things more complicated than on a windows machine.
That's what makes growth. And more people every day are choosing Linux over Windows. Face it, Windows is NO picnic either, especially when you consider the quality of Microsoft's software!
>[...] it just generate more competition, [...] it's the consumers who are getting shafted.
Consumers do not get shafted by having choice, that is illogical. Choice is to the consumer's advantage.
Let's say a major news event occurs, one where there can be loss of life, and that knowing about it earlier rather than sooner might save additional lives...
Like Sept 11th, 2001
If I remember correctly, Slashdot rose to the challenge and put all news updates out the moment they were available to ALL Slashdot visitors.
You might argue that since Slashdot was getting hit so hard during that day, that they did NOT have a choice, it was either strip-down the served pages or go offline.
Maybe, but you could also make the argument that Slashdot could have restricted first-glance of the the news to their subscribers anyway...
If I'm wrong about this, then I am wrong, but I would EXPECT that kind of behaviour in an emergency.
>Don't excoriate M$ft, just use this as more ammo for Open Source.
You're damned right! A move like this is only another example of Microsoft getting a backfire when they think they're about to score.
It's more than funny, really. The only people I feel sorry for are the college-students, grandmothers, and other poor shmucks (as Microsoft seems to think of them) that won't be able to afford premium service and will end up with all the problems because of it.
Of course Microsoft couldn't care less about them, they don't have any money INDIVIDUALLY.
The other funny thing is that there'll be a lot of takers for the premium service, you know it; Microsoft is now like IBM WAS before, with everyone saying "You can't get fired for buying Microsoft" like they used to say about Big Blue.
But like Big Blue, they've lost the "little people" and like Big Blue, by the time they realize it, it'll be way too late.
Now who's going to sell some off-the-shelf software to Microsoft for a cool bundle of cash and then unroot them everywhere with it? LOL
>Microsoft is like Islam. It should be abandoned because of its manifest defects, not reformed.
>But just maybe, this might be logical, if you have to update everyone about a glitch in your software then that would take time*. If everyone starts to download patches at the same time you just might get slow downloads
Not if you used something like BitTorrent to distribute your fix. All else is apologizing for Microsoft's bad distribution methods.
Agreed Imake is very difficult to understand and use.
But it IS brilliant.
If your environment files are set properly, you can install packages MUCH faster than using Auto*
The reason is that for EVERY package you install with the auto-tools, the SAME checks will be performed each time: Does the compiler support yadda yadda yadda and other tests that are already processed and stored in your local Imake configuration files.
The cool thing about Imake is that you are able to specify targets very simply, and in a portable way. when you move to a different machine, no need to change the Imakefiles.
Once you've got the hang of it, it makes for an uncluttered development environment.
Of course, the best solution would be to use Imake for its strengths and Auto* for ITS strengths, together, even!
Imake was necessary because X became so big and got ported to so many different computing platforms. The X development team really tried to solve the problems of moving source from machine to machine without it being to much of a hassle. Kudos.
A long time ago, when Windows 3.1 was new, I appreciated RealPlayer for it's cutting edge technology and highly-optimized video/audio codecs. But as time went on, Real became a company I distrusted due to their spyware-like behaviour and the fact they tried to hide options to disable said behaviour in their software.
It has gotten to the point where MANY computer users I know simply refuse to install ANY Real products on their computers anymore and even boycott web sites that offer content in Real-only format.
So, why should I trust your company now? How has any of that changed?
Thanks.
Disclaimer - The preceding may have resembled a flame or troll to those who cannot tell the difference between an honset question and a troll.
Slashdot Mirror
>Buffer Overruns are as old as C
.NET, VB, or any other language you care to name, almost any developer could.
Oh no; MUCH older.
As old as assembler, as old as microcode.
Let's not pin this on any one language.
It's all about how you manage resources when you code.
Hell, I could write an app that would bust Windows in
I thought Microsoft was lobbying aggresively AGAINST open-source.
They claim it stifles economic growth and prevents innovation...
How can anyone trust a company like this?
Liars.
I'll NEVER buy another Microsoft product.
Well, you're right, obviously.
But I was taking for granted that projects with many eyes on them are as rigorous as you describe.
It's the OTHER class of bugs/exploits, the REALLY non-obvious ones, the ones that don't directly descend from a bad coding practice, the ones that are the product of factors that can't be seen until they're in use. I guess more specifically, the ones that result from timing issues, or even the million-monkey ones.
And as far as following your three simple rules, with open-source projects, those things CAN be checked and enforced.
Typically, if your company sells a software development project to another company, the client company can rightfully request and execute code-reviews.
How many companies can request that from an entity like Microsoft?
In Microsoft's case, you have to take their word for it that everything is jake.
And of course Microsoft would never lie, cut corners or ignore fundamental security consepts in their code, would they? Wait...
MOST bugs or flaws that lead to exploits are things that CANNOT be found by using a "structured" method.
Otherwise, you could write a tool that probes for those.
The effect would be that that class of exploit would disappear.
Usually, exploits are much trickier (chaotic, even) than that to find and are usually found "in the field" by actually using the software under a variety of conditions when all the "eyeballs" have failed.
But trying to be controversial to sell a book never hurt...
Move along, nothing to see here.
> [...] his realization that customers generally adopt Linux to get a better TCO than Unix, not Windows.
Of everyone that I know personally that has switched, not a single one did it to "get away from Unix", rather all of them were Windows users and totally ignorant of Unix until they tried Linux.
Once again Microsoft is getting its version of reality from somewhere unknown to most of us and once again they believe they can dictate the reasons users do what they do.
Wise up Microsoft, YOU'RE NOT LISTENING.
THAT'S why people are fleeing in droves.
>What really mystifies me is the low percentage of Windows NT4 sessions that require reboots... WTF.
NT4 is older, has been debugged more and MOST importantly, DOESN'T contain any new features.
Since it is called to do less, it is more stable.
>This really needs to be sorted out. [...] when we know how powerful [Linux] is. [...] open source [...] doesn't lead to efficient, clean and elegantly-written code. Otherwise we'd have the speed advantage, and Linux's flagship products wouldn't be heavier and slower than Microsoft's.
Not trying to troll here, but is that possible?
Windows (95, 98, ME) were coded specifically for the low-end x86 PC architecture, and consequently use a bunch of tricks to streamline their performance.
Windows (NT, 2000, XP) were an attempt to go and get the *nix market by using sound architectural design, and consequently a lot of old apps wouldn't work anymore, Windows would require more CPU power, etc... But that doesn't seemed to have precluded MS still using some tricks to optimize performance.
I agree with your statements; the result is that Windows is a very buggy, unsecure operating system, of course.
Whereas Linux seems a lot less compromising, because being cheap is not allowable.
So how are we going to get Linux optimized if we don't cheat a bit?
Pre-linking seems like one good possibility, but there must be others.
The thing about that is, it's no guarantee that the user's experience with Windows will be MORE positive as a result; A lot of software fixes break other things, and Microsoft has its share of those.
>Because people disagree what is the right way of doing it. [...] linux makes some things more complicated than on a windows machine.
That's what makes growth. And more people every day are choosing Linux over Windows. Face it, Windows is NO picnic either, especially when you consider the quality of Microsoft's software!
>[...] it just generate more competition, [...] it's the consumers who are getting shafted.
Consumers do not get shafted by having choice, that is illogical. Choice is to the consumer's advantage.
how-come no one has made any sexual jokes with "hardened" ?
Is a hardened version more or less stable?
I have no first-hand experience, so... Anyone?
Debian's team can implement it a certain way and whatever amazing thing they cook-up can be re-used by the Gentoo team!
The goal is not a religious war, the goal is for you and I to get ahead.
I s'pose you'd put some code in there that would look for stack overwrites and such and such...
You're missing the point:
I wrote that sharing critical information with EVERYONE during an emergency is the right thing to do.
Let's take your comparison all the way:
Let's say a major news event occurs, one where there can be loss of life, and that knowing about it earlier rather than sooner might save additional lives...
Like Sept 11th, 2001
If I remember correctly, Slashdot rose to the challenge and put all news updates out the moment they were available to ALL Slashdot visitors.
You might argue that since Slashdot was getting hit so hard during that day, that they did NOT have a choice, it was either strip-down the served pages or go offline.
Maybe, but you could also make the argument that Slashdot could have restricted first-glance of the the news to their subscribers anyway...
If I'm wrong about this, then I am wrong, but I would EXPECT that kind of behaviour in an emergency.
China announces massive adoption of Linux.
A short time later, China emerges as a research-leader...
Of course you CAN do research with closed-source operating systems like Windows, but you have to wait until Microsoft ALLOWS you to.
*chuckle*
>Don't excoriate M$ft, just use this as more ammo for Open Source.
You're damned right!
A move like this is only another example of Microsoft getting a backfire when they think they're about to score.
It's more than funny, really. The only people I feel sorry for are the college-students, grandmothers, and other poor shmucks (as Microsoft seems to think of them) that won't be able to afford premium service and will end up with all the problems because of it.
Of course Microsoft couldn't care less about them, they don't have any money INDIVIDUALLY.
The other funny thing is that there'll be a lot of takers for the premium service, you know it; Microsoft is now like IBM WAS before, with everyone saying "You can't get fired for buying Microsoft" like they used to say about Big Blue.
But like Big Blue, they've lost the "little people" and like Big Blue, by the time they realize it, it'll be way too late.
Now who's going to sell some off-the-shelf software to Microsoft for a cool bundle of cash and then unroot them everywhere with it? LOL
>Microsoft is like Islam. It should be abandoned because of its manifest defects, not reformed.
Now THAT'S a troll. Well done, well done.
>But just maybe, this might be logical, if you have to update everyone about a glitch in your software then that would take time*. If everyone starts to download patches at the same time you just might get slow downloads
Not if you used something like BitTorrent to distribute your fix. All else is apologizing for Microsoft's bad distribution methods.
>Any situation where it could cause a life or death issue is already backed by some serious security.
/05/04/2354241&tid=172&tid=128&tid=201
Sure, like the Coast-Gaurd, right?
http://it.slashdot.org/article.pl?sid=04
And anyway, anyone not able to AFFORD security should be taken out at dawn and shot.
/sarcasm, if you weren't able to tell.
Pay us or we WON'T tell you about the next worm/vulnerability.
Wait, that's not terrorism, that's extorsion.
I don't mind them witholding premium services as long as there are no safety issues with doing that.
For example, a hospital that ISN'T paying Microsoft through the nose for these "heads-ups" can have it's medical data destroyed because of it.
For SHAME, Microsoft, for shame.
Others were able to access the source and port it. Beautiful.
Agreed Imake is very difficult to understand and use.
But it IS brilliant.
If your environment files are set properly, you can install packages MUCH faster than using Auto*
The reason is that for EVERY package you install with the auto-tools, the SAME checks will be performed each time: Does the compiler support yadda yadda yadda and other tests that are already processed and stored in your local Imake configuration files.
The cool thing about Imake is that you are able to specify targets very simply, and in a portable way. when you move to a different machine, no need to change the Imakefiles.
Once you've got the hang of it, it makes for an uncluttered development environment.
Of course, the best solution would be to use Imake for its strengths and Auto* for ITS strengths, together, even!
Imake was necessary because X became so big and got ported to so many different computing platforms. The X development team really tried to solve the problems of moving source from machine to machine without it being to much of a hassle. Kudos.
I think it's brilliant.
A long time ago, when Windows 3.1 was new, I appreciated RealPlayer for it's cutting edge technology and highly-optimized video/audio codecs.
But as time went on, Real became a company I distrusted due to their spyware-like behaviour and the fact they tried to hide options to disable said behaviour in their software.
It has gotten to the point where MANY computer users I know simply refuse to install ANY Real products on their computers anymore and even boycott web sites that offer content in Real-only format.
So, why should I trust your company now? How has any of that changed?
Thanks.
Disclaimer - The preceding may have resembled a flame or troll to those who cannot tell the difference between an honset question and a troll.
Wouldn't Mozilla predate their claim, rendering it worthless?
Does this reactor produce any waste?