Resonable surprised that postgres is missing. However, pine is most intentional. Pine is going by the wayside due to the licensing by Washington University (I think they wrong it). It's not free software, so RedHat won't ship it. That was explained in the RH 8 or 9 README.
Hmmm, there might be a few interesting things there. I know that on the one license I read, it was quite specific in saying which packages you had to ask the vendor for more license. Specifically, it was the IBM JRE. Everything else that was proprietary came on a seperate ISO that wasn't part of the distribution.
I've got no problem with the RedHat packages that are GPL'ed, but if they don't allow me to distribute the binaries with logos, and trademarks, they are in violation of the GPL, unless it is in a seperate package that isn't GPL'ed (if they aren't in a GPL'ed package, no problem, see later). I have to be able to distribute the built binaries. If they don't, it's a clear cut violation of the GPL.
Now, I definitely can't advertise it as a RedHat product. Also most of what you said, is why I said you need to be running rpm -qi, it will list the license for you. There aren't that many that aren't "source redistributable free". If they are required, to install another package, I can just build a dummy set. Either by putting in all white images, or doing something terribly clever like switching the red and blue bytes in the color scheme, and release "blue hat"....:-)
I'll have to go read your link, it looks interesting. I've rebuilt the entire thing from SRPMS before, my only problem was some packages (bash in particular), didn't rebuild in my local RPM build directory, instead, it build in/var/tmp, which ran out of space, and I was missing some of the development libraries to build some of odder ones. Either way, all of that should have been enough to get me going to get the full install done.
Hmmm, there exists more then one cat. However, people refer to "a cat", all the time. If someone was referring to "the universe", saying there is only a single universe, you might have a point. I have heard people refer to "the cat", and when there is only a single obvious meaning nobody is confused. Just like the implied you in the sentence "Sit down".
The term Universe from it's root is inherently singluar. There can't be two, because by definition, the two as a whole would then be considered the "Universe", and we'd lack the appropriate term for the two parts. I completely understand that science has subverted this, and decided to use the term multiverse to be unambigious.
About the only place I can even contemplate having more then one Universe, is in mathmatics where you have Universal Sets. There, you make the noun "set" plural.
First the "atom" (the root word means indivisible, guess the guys on the Manhatten project weren't paying attention), now the "universe" (its root means roughly all inclusive of everything). Can't we wait until we are sure of the properties before we name things. That's why multiverse, and sub-atomic particles are oxymorons.
Got me, I never use e-bay. I've known several people who only use e-bay with an escrow service. They'll happily pay the extra money to not have to worry about getting screwed.
I've "signed" a contract that says I won't have more "installed systems" then I pay for support. Installed Systems, interestingly enough is roughly "any CPU that the binaries run on", I personally think it should be any system which is hooked up to get the binary updates. I suppose I could cancel their support (or wait a year, and not re-up). Then I could easily do just that. However, the year following the purchase, you have a support contract (which isn't part of the license of the GPL, thus isn't an "additional restriction" to the GPL), that says if you do X, the other party gets to do Y. In this case, X is install too many copies. Y is RedHat gets to bill you extra. I'm kinda surprised nobody has just posted the GPL'ed binaries on a website for download. I never could find a copy when I went looking (I wanted to demo a copy before purchase, at the time RedHat didn't over a demo provision in their license).
That's really nice, however, the GPL gives me the right to make the install if I do it right. If they are distributing the source with additional condititions they are in violation of the GPL, according to the license, every piece of software on the disks is GPL'ed or otherwise free to be installed as many times as I like, with the exception of some specific IBM software for use with Java I believe (possibly some packages which have the RedHat trademark in them). Just make sure they are BSD/GPL'ed and life is good. rpm -q -i is your friend.
I can't sell myself into slavery, and I'm pretty sure RedHat can't force me to give up my right to use software I built from source I have a legal copy of. Build the packages from source using the proper build environment, put them on a web server, do a kickstart install via the web server using the GPL'ed installer. Extract the binaries, and ensure that modulo timestamps they are identical. Sign them with a private key, and replace the public key distributed on the install CD with yours.
About the only place they can nail me is the copyright on the structure of the layout of the ISO (which is publically available to mirror as a matter of fact). Lets disreguard the fact, that they give you instructions, and tools to build said ISO's via anaconda packages (or so I've read, I've never actually done it). I thought the structure was GPL'ed in previous versions, I can't remember why I think that now. The structure hasn't changed in a long, long time.
Now, I can never, ever ask them for support on those machines, that would be blantantly illegal, and in violation of the contract. I can never hook those servers up to the RHEN either.
All I really want is the ability to install Oracle without issue. I've never had an Oracle issue that was a problem because of RedHat. I've never called RedHat for support. I've never e-mailed them. I've reported a couple of bugs, and sent in a couple of patches. I have bought every CD they have sold since RedHat 4.X. I'd like to play with the AS/ES/WS stuff at home at some point. That's all.
For the record, I've paid for all of the RH ES server's we've installed, but I've read the license and documentation quite carefully. You can create your own binaries quite easily from the GPL'ed source.
I'm not saying it's ideal, I'm just saying, that's my take on how the product works. I don't think this product is a VPN. It sure looks like it's an SSL connection to a website, which serves up WebApps to you to run. That's all the product is from my reading. If that's what you want, it's great. However, that isn't a VPN. It's a VPAS (virtual private application server, and yes I just made that up). I don't think the product sounds very useful, I wouldn't pay money for it. That's my personal opinion.
I run SSH over a VPN, because I don't allow SSH connection from outside of my network. You've got to break the VPN, and then start attacking the network. Hopefully, I notice the VPN break in, and the it means when somebody scans port 22 on my network, I know I have a problem. Right now, out in the wild west that is the internet, port scans on port 22, are run of the mill. 0 day exploits of SSH are a serious problem, and I don't want to lose sleep of it.
I've considered at various times setting up a specific Apache configuration to allow connections from only my range of IP's at home, and a handful of others I use on a regular basis. Then SSL and password protect an SSH Java Applet that will run under Mozilla/IE with a stock JVM from Sun.
Then allow that to SSH into a specific internal machine, and then allow SSH connections from that machine to others. That way, I'd have several sets of logs, and several layers of network services that would have to be compromised to allow you to get onto my network.
Instead, I just carry a IPSec capable ISO image (IPSec is what our VPN solution uses), and a keychain USB drive with the secret key. I boot of it pull the secret key off the keychain, and login via my VPN client. For extra bonus, no swap partition (so the secret key never ends up on the hard disk platter inadvertantly), only needs about 32MB of ram to boot, and has an ssh client on it. It does dhcp by default, otherwise I hand configure the network. The default firewall rules that are applied before the first interface comes up, ensure the only thing that can connect to me is the public IP of our VPN solution. If I lose my keychain, I immediately pull that key from the list of trusted keys. I want to VPN into the machine, all I need is a machine that boots from the CD-ROM, or that I can make boot from the CD-ROM, and a working ethernet tap. I don't go many places that don't have a cable modem and a computer, so this is pretty handy.
Nope, there is a BSD compatibility layer. Which means, that if you are used to programming a UNIX machine, you'll feel right at home with the BSD compatibility layer. Truth be told, OS X, is the second coming of NeXT. It's very similar in adminstration. It's got plenty of NeXT software given that when I ran strings on the kernel on the last beta/developer release, it had plenty of NeXT copyrights in the binaries, and in a number of configuration files. I'm not a NeXT head, but I worked at a place that did ObjectiveC with the OpenStep run-time. I used to read the OS X documentation, because it was identical to the OpenStep runtime I was using, which was very similar if not identical to the NeXTStep runtime. My understanding is that netinfo is straight out of NeXT (what you use to do a bunch of admin work on the network). Some other NeXT'ism are there, just like the ObjectiveC being the native bindings.
Yeah, but it's really, really hard to develop software that will run on a platform 3 years before it was built.
My point being, that console games get tested to ensure they work on all the consoles revisions that are available when the game is made. They aren't designed and auditted to see if they will work on future platforms if the MS decides to switch GPU vendors.
Read up on what Carmack has said in the past. The Doom III game is oriented around being a single player game. The game engine is built assuming that there is not latency. He's been pretty clear, he wanted to make a game that was a great Single Player game. He wants it to be scary. He wants you to be on the edge of your seat.
He's talked about various design decisions he made to make the visuals impressive, and stunning that he knows directly contradict the goals of good game multi-player game play. He learned a lot about internet play, and dealing with latency, and multiple players resolving a situation in the same way when they have different information and different times. About dealing with somebody fragging you while never rendered while in that position, while making Quake. I get the impression he's tired of solving those problems, and would like to attack the problems of visually impressive. He wanted to make a visual stunning game. If you don't like it, send him the message by not buying it.
It's the game he wants to make. It's my understanding that the basics of the game engine will be tweaked for multi-player and used in Quake 4.
Yeah, but people who write games for Windows understand that releasing games for ATI and NVidia is a good idea. AFAIK, there are two revisions of the X-Box, the original release, and one that has some security fixes in it.
As long as Microsoft make sure that the X-Box acts the same when you use the same API, the games work. You really only need to test on the X-Box. The console market is much easier to develop for because the hardware is very, very well known, and very stable.
As long as you stay with the API's, and the new hardware has so much more power then the old hardware, it doesn't make much difference. About the only thing you could be worried about is if, the X-Box 2 GPU doesn't have some feature the original NVidia's does. Or if someone screwed up, and didn't code the game to account for the possibility of extra CPU power. I remember trying to play the original Wing Commander on my P100. It ran so fast I couldn't even deal with it, and I was an ace on the 386 it originally ran on.
Given the X-Box's weak title support, and the lack of penetration in a lot of markets, they'll really want to keep compatibility to help make the new product a lot more attractive.
From what I've read, it's billed as an extranet. It's not a VPN according to some of the PDF's. Or rather, VPN's are a second generation security solution, and this is a step better then what third generation extranet's provided.
This essentially looks like a custom security solution to deliver a specific set of protocols, via the web. So if you want to SSH, you connect over SSL to it, and then log into a Web application and run the SSH client. Possibly they have developed a wicked Java applet that runs on the local machine.
You want to browse the shares, you do it via a web interface. Maybe with IE, it presents the share to you as a webdav environment so you can mount the share directly.
I don't see anything there that leads me to believe I can run an arbitrary custom application over it. (ironically, this is one of the thinks they knock extranet's for). Call them up, ask if you can securely ship internal data over it.
It sure looks like they essentially provide you with a proxy server that you connect to over SSL, that will proxy you on, or just give you access to some form of applet on it. Granted a nifty interface is pretty cool. But if all they are doing is providing you a web interface into the services, and not actually extending the network to you (which I have no idea how they could over a browser in any secure way and portable way). I really want to see a portable way to implement security so that I can Samba mount something via a web brower. Then essentially, this is just off the shelf software, put into an embedded system. While it's pretty neato, I'm guessing using apache, webmail, webmin, and a Java based SSH client, I could do all this with free software off the net.
Ask to see a demonstration, where you get to run SSH on the command line. Ask to do secure copies over it. Ask to see port forwarding done over it.
Ask to see it run your custom contact manager that your sales people use (Okay, that's what I'd ask for our sales people).
Ask to see the configurations that allow arbitrary port forwarding. Ask to see how they can forward information from Quake securely, because you'd hate to get fraged by somebody snoping the net...:-)
The clustering, and failover, and the fact that it's load tested, and has good support, make it extremely valuable. The fact that it has it's security tested, is very good. The actual functionality would be easy to construct with free software off the net as a cool project for a good IT staff.
If your planning on spending real money with them, request a demo unit to test with for a month. If they won't give one up, I'd pass.
Maybe they just run a Web version of VNC and let you have access to a client desktop. That'd be pretty cool. Not sure. Maybe it's cooler then I think, but I'm guessing it's not a true VPN solution, and if you want to do anything that isn't on their list of services, you'll need another solution to address that.
Well, if you want real security. First off, don't trust just an MD5SUM. An MD5SUM is an integrity checker to ensure the file you got had no problems in transmission. It's not to tell you that the file you have is authentic, and secure.
You take the MD5SUM file, and you PGP sign it (sneaker net it to the machine which has the PGP key and has never been connected to a network), and sneaker net the signature back. Now, the original MD5SUM inside of a signature can be used as an authenticity check. PGP signing a bunch of large files is excessive (I suppose you could sign a digest, which is all MD5SUM really is). I believe kernel.org posts signatures for kernel images. The PGP signature tells you that the person who signed the MD5SUM believes that those are the pristine files, and their MD5SUM. You are placing your security in their hands, in how well you believe they have done their job.
If you want to get really secure, you've got to ensure the physical security of the machine with the key. You have to ensure the security of the original install media for the signature machine. Oh, and you have to wear a tinfoil hat and gloves while running PGP.
I have read a number of your posts in this thread. It sounds like you really want a RTT (Real Time Tactics). What you're talking about isn't strategic in the military sense. I do like the concept of having to maintain supply lines.
Kohan, is kind of a push in direction you describe. Essentially, you can't control minute details of the battle, in fact, once a battle starts you have 3 options, rout, retreat, and keep fighting. Once you get within range, you start to battle. You can control formation, and relative positions of the different companies.
Some of the things you might like about Kohan, and that I wish got included in more RTS games, is moral is important. If you have been fighting non-stop for extended periods of times, eventually your units will just rout, run away, and you'll have no control over the situation. Even if they are crushing the opponents, at some point they have to rest. I like the concept of experienced units. I like that as long as the entire company doesn't die, you get to keep the experience (possibly that should be modified).
The other game, I haven't seen mentioned is the Myth series of games. They are strictly tactics games. Here's the force you have, accomplish objectives X, Y, and Z.
Another game is Warlords Battlecry I & II, have some concept of supply, and having to hold ground to keep getting your resources.
I think there are several problems with the game you want. First, the game you describe, you'll either have no control over the details (like Kohan), or you won't have enough time to deal with everything at once, or there will only be a single battle. The games style you are talking about is relatively common in turn based games, where people have lots of time to deal contemplate things like the terrain.
However, I've used formation, terrain, and maneuver to my advantage in WarCraft III. It's easy to tell how much attacking, from uphill works out better. I've crushed a number opponents that outnumbered me by hitting their magic support from behind.
The one thing I really, really wish I could get my hands on, is a scripting language that was very powerful to write my own scripts to deal with priorities, and input things into it. The concept of trading scripts, and downloading scripts. The problem of course, it could completely ruin the performance of the game. I just wish I had more control over each individuals units reaction to certain events, (kinda like I was the general who laid out the training plan for them).
Right, all that counts with me. That's experince. "That's not I need 3 weeks, and I'll be an just as good as somebody else who has school based experience", that's project X is my day job, and at night I've written this other cool stuff. If you can talk shop with me, I think personal experience is just as good as work experience. I couldn't care less where someone learned the tools, but just as long as they know the tools well.
No, but he'll be a hell of a lot cheaper... Also, I know several people at the local University, so yes, I literally can hand pick very, very good people straight out of college. People who are just short the school of hard knocks lessons.
My argument, isn't really that a fresh college boy is a better hire, but that 3 weeks of time, does not make you anywhere near as valuable as a person who has the expertise I actually need. His claim of, well I've done a lot of web based programming, all I need is a couple of weeks to learn the syntax is bogus. I'm a real C++ programmer, I've got lots of experience. I've read all the books I can get my hands on. Sorry, it's a big language, with lots of litte twists and turns in it. Java has a lot of twists and turns, and it has a huge library. It's a lot longer lead time. Like a year or two, to become fully proficient, and that's somebody who spends a lot of time studing, and reading the literature, and wants to learn the tools.
A fresh college kid, with lots of energy, and lots of desire to learn, who has in fact written with a lot of the tools I want him to use, is a lot better to me then someone who has PHP/JavaScript/ColdFusion/Zope experince to me. It'll take me far, far longer to teach a Web Programmer, all the little pieces of the toolchain make/cvs/gcc/g++/gdb, how to track down errors he's never had before (SegFaults, dealing with signals, learning which set or C standard library calls are signal safe, shared memory, IPC, sockets, pipes), how to interact deal with pointers, memory allocation, and tracking all the other things one generally doesn't worry about in web based scripting/programming languages. At the local college it's easy to find someone with experince in all of the things listed in parathensis, and they are important to me. Not too many web programmers deal with those types of issues programatically before. It's my opinion, I'm entitled to mine, your entitled to yours.
Sure, that's the trick. It's the reason I left my original employer, I wanted better pay. There are plenty of opportunities to get reasonable pay, while you get experince, in this area. The funny part, is that I know probably 20-25 really, really good programmers who came out of the first two places I worked, who left solely because of money. They kept 3 really good people on staff, and paid them well, the other 8 to 10 of us weren't so well paid. I know the drill.
No, but not knowing the tools makes you a lot less effecient. Normally, I can have an error message read to me over the phone, without seeing the code, and can tell you the 2-5 common case errors you need to look for. That's on code I've never seen, on a code base I've never worked on, with only a cursory description of what it is your doing. I can do similar task for STL code. I can tell you what debugger settings you want to find the error. I can tell you which flags will help you track it down, and what keywords to google for because I know the vocabular of the documentation.
I wouldn't refuse to hire them, but I'd understand that in the first 6 months, I'd only get 1-2 months of productivity, and that probably the first 2 months of coding they did would have to be re-done. That in 2 years if they are very good, they will probably be 2-5 times as fast as they are. Which is why I wanted experience in the first damn place, or to pay 1/2 the going rate.
The places "throw away" programmers works best, is when you have lots of small projects. Where everyone is in charge of their own codebase for their own trees. It's sink or swim, and you find the swimmers real fast in that environment. You keep around a couple of big hitters to mentor everyone to save projects run by sinkers.
Besides, that's what CVS annotate is for, you use it to find all the code that needs to be re-written. I have no qualms about just throwing away poorly written code, and re-writting. Especially, when the code was cheap to aquire. It also means the people who stay, know more of the code base, and have experience with dealing with bad code (a very important skill).
There's nothing wrong with hiring experience programmers, however, implying 3 weeks of time, is enough to make you qualified as "good enough" to get full pay, and makes you as valuable as someone with experince in the language with the tools is just not true.
Oh, sure I'll agree with most of that. I think any good programmer has the ability to become highly productive programmer in nearly any language. I however, can see the extreme appeal of highering someone whose cheaper, and accepts they don't know it all.
Just because you know Java's OO, doesn't mean you be able to use templates in C++, or read templated code in 2 weeks. You might spend 6 months doing C++ programming to come across all the various idioms. C++ is a very large language with lots of nooks and crannies (I know, I own a copy of the ISO standards).
I'll say it again however, syntax isn't the hard part. Syntax is the easy part. Show me the BNF, and I should understand just about all of the syntax. It's idioms and semantics, plus the libraries (if there are any). Just because you know C++, doesn't mean that you'll remember that in Java all classes are references, and all atoms are copies. The semantics, and being true to them, is the hard part. You have to switch mindsets and be very aware of the code, the way the code gets generated, and what the actual assembler/byte code does and means. You need to be familiar with your tools. I'm a C++ programmer, and I wouldn't be nearly as productive if you made me do C++ programming in VC++ (disreguarding the fact that I don't know any of the Win32 API). I don't know the environment, and it'd take 6 months to get up to speed to be as good as I should be to pay me full time wages for it. I learn quickly, but I'm very demanding of my tools, and I want to be familiar with all the error messages. To have read all of the documentation for every switch the compiler and linker has. To have read up on every command and feature of the debugger. I'd like to have read everything I can find on the standard idioms, and the easy ways to do standard tasks. Sure I'll be productive, I'm just not sure I'll be cost effective.
I'd still rather hire 4 new programmers fresh out of college, and pay them grunt wages throwing 2 away every six months until I find a couple of good ones (of course, I've got a line on the good ones, as I teach part time, and am friends with the guy who teaches all of the intro C++ courses at the local college), then hire someone who is an expert in PHP and Java script and write me some C++, an pay him full time wages.
Hmmm, don't take this the wrong way... but C++ isn't something you pick up in a week or two, I've been coding in C/C++/ObjectiveC professionally for 6 or 7 years now. Sure you can use it to do everything you could so in say Pascal in a week no problem.
A couple of weeks of C++ experience won't teach you the nuances of the STL, how templates work, the strange rules about operator overloading. It won't teach you in's and out's of the pretty large C/C++ standard libraries. You won't know anything about the sublties of the multi-inheritance issues. You won't know about the nooks and cranies involved in overloaded function call parameter resolutions. That's the kind of expertise you need to be able to do serious C++ work. It's something that takes at least a year or two of experience, and dedication to learning the ins and outs of it all. They are better off paying some fresh out of college grad less money to learn in all likelyhood then they are you. They have the same degree you have, that you claim will make you competent in a couple of weeks. Why should they pay you extra?
You've got it all backwards, the semantics of the language are what are important. In fact, I'll go so far as to claim that your experience might make you a worse candidate for using C++ then your fresh out of college grad. You have knowledge and expectations about how you think things should work. You think you know what the semantics are. However, subtle differences in the semantics can lead to very poor code, where you end up fighting the language the tools to get the job done.
Java, which I don't know, I am told is really difficult to be very good at, if you aren't extensively familiar with the ins and outs of the areas. Simple stuff with J2EE, like certain containers can't deal with threads. Stuff like how overloading works, the difference between the object type Integer, and the base type int. The differences between the various JVM's. The sublties of hooking up the various intrumentation tools. There is an extremely large standard library, and knowing how it works, and which pieces are how old, and what is compatibile with with versions of the JRE's is very important. Just knowing the syntax, and that inner classes are a feature, and that there are no pointers, and there are no functions not attached to a class, doesn't make you Java programmer. Sure you can have a cursory knowledge of Java in a couple of weeks. Great, I'm not terrible interested in paying you experince programmer wages so you can learn the tool. There are entry level jobs out there for Java. They'll be thrilled to have someone with programming experince.
Just because you have a degree in Astro-areo dynamics, and have experience designing parts on for the Shuttle engine, doesn't mean you have the necessary skill to be a drop in replacement for a engine designer for Dodge trucks. A guy fresh from college who studied the Engineering methodologies of Dodge for the 6 months in a case study, is probably much more qualified then you are, for very similar reasons.
My first programming gig, was pretty much, we higher you for twice what McDondald's pays you, and we'll throw you in the deep end of the pool 3 months, if you still floating at the end of that, your a keeper. I got plenty of lessons at the school of hard knocks, they had a couple of very good senior programmers who kept the rookies on track, and bailed them out if things got out of control. I made good money for what I knew, and 2 years later, I did in fact know a lot about C/C++. My next job, I spent a bunch of time writting ObjC. Spent 18 months learning the ins and outs of the OpenStep Runtime making not much more the the first job, and I learned a lot about Oracle and being a DBA. I learned a lot about Solaris, Linux, and WindowsNT during all that too. Then, I finally got a good job, for someone who had experience in C++, and needed some expertise in doing SA work, and I had to build a schema, and pick a backend RDBMS system to run the company's core data on. I finally was considered worthy of the task.
I'm not a security expert, I'm just pointing out that it wasn't IBM software, the statement was related to the software released by Suse, and could possibly be linked to the hardware by IBM. I believe IBM footed the bill for the whol thing. I've got friends who would know the difference between all of this, and they might even understand acronyms you used. I just pickup on what they say periodically, and why I thought it might be related to IBM hardware.
No, it was actually Suse's Linux distribution (at least according the article I read). I know some of the security ratings are a software and hardware combination. That is, it's certified secure on hardware X, and software Y. I know that's what C2 security ratings are all about. However, I'm not sure if the common criteria includes the hardware or not.
That's a really nice thought, but Engineering is all about process. There should be a process, and guidelines, and a list of things that happen for code to be "good to ship". OSS does this informally, by the users using it, essentially out of appriciate for the scratching of the itch.
One of the more complicated things we ever did, involved sending a guy to the moon. That involved lots of Engineering. That's the closest thing I can think of to writing new software. First, they didn't have the tools to make the stuff they needed. They had to make tools, to make the final products they needed. Then they did testing, documentation, procedures, failure cases, procedures for handling all of the failure cases. Then they did training. Then they did more training.
They had to create materials, and process, and solve invent whole new areas of Engineering to do that. They had all kinds of problems they overcame, by letting the Engineer's imagination run rampant, and then having it, checked, re-checked, and double checked. They did it, by having redundant checks, and redundant design teams. They had fail-over systems in triplicate. They tested literally everything they could. When something failed, they investigated way, and change the procedure to mitgate the probability of that happening again.
It'd be wonderful to see some process be implemented. Right now, to get code into say the stock kernel, there is a process. You convince Linus it's good enough. You can do that a myriad of ways. If it's small you just send it to him. If it's larger, you send it to a large list of people who peer review it. You send it to a maintainer of a popular tree. They let is sit in their tree for a while. Nobody reports a bug, some people report success. Whoopie, it'll probably end up in a source tree. It's very, much a process. It's just not a process a single company can execute. They can't have the internal talent lying around to do it.
There are a lot of projects that have little to no internal review. They have only a handful of developers examining the code. Some of whom might not be the greatest coders in the world.
The reason Apache, Linux, FreeBSD, and other large projects are successful, is because they have an over abundance of people who care, who are extremely talented. They also tell people who are crappy who try and contribute to go fly a kite, until they can get up to snuff. It'd be nice to see a group of people, who care, precisely because they are paid to care. Right now, a lot of those people are paid by Linux distributors, or other distributers of OSS.
Personally, I'd rather see an open source static source checker developed so auditing could be streamlined and automated. You run the checker against your code, it analyses all of the possible cases, and emits warnings. You have a way to notated the code (preferrably, out of band of the source code) to say, I've checked this one, don't warn me any more. Have all that integrated with a SCM tool, that will identify when you have changed a section that has previously been human approved, and nullify the approval. So you reduce a lot of the grunt work of doing an audit.
Something even more sophisticated for the Linux kernel, that says, function call foo, can only be called if lock bar is held. Then having a compiler check to see if there might be a problem. Have rules about function bar can't call anything that can sleep. Then have a the tool check it. So for each project you can establish a ruleset, and enforce the rules in a relatively automated way. This function can't be called from interrupt context, and build the call tree to see if it ever can be called. I believe smatch is the beginnings of such a project.
I guess in the end, the gurus, execute their own personal process, and if you have really great guru's the project works. If you have guru's whose process sucks, it's a failed OSS project. The reason you don't see big catastrophic failures in OSS, is they die while they are
Right, but then I have to trust you to do the signing.... The build process is a one-time non-repeatable process. While you don't trust me, I don't trust you either (nothing personal, really in a metaphorical sense). That's the whole problem. The bank trusted you, so your process works. I specifically don't trust you to do a proper job of authenticating the source code, authenticating the build environment, or anything else. I have to trust you with your secret key, I have to trust you not to sell out. I've got all kinds of issues with that. Granted, you could have 100 people there watching you, all of whom sign it, which somewhat mitigates that risk.
Trust, would be thousands of individuals building the source, each independently of each other, and verifying that their copy is identical to yours, and sending you their signature of the file, so you can append it (or signing, the signed file). That would be security, distributed trust, and I've have more trust for that process then what is going on now. Right now, I trust the FEC to be as good as you are at doing the build, and I trust them with the physical security of the code to be transported to the site (they have to move voted ballots around, they have to have some good form of physical security, if they don't, we need to solve that before we even start discussing problems with the voting machines).
Because of the nature of building software, it's not repeatable down the the bits and bytes, if you include the time and date, or the name of the machine doing the build, or anything else. It's relatively common for people to do that to create an audit trail. Granted some of that could be mitigated but it's not some trival process that's well understood and done hundreds of times a day around the world (like PGP signing is).
In the case of the bank, they trusted you to do the build process, and to properly put the appropriate code on the appropriate machine. They trusted you with the process of securing a machine, and building software on it. Bully for you. I have absolutely no reason to trust you to do that process for voting machines. If we find a single entity that everyone trusts to do this process, that's wonderful, that entity should replace the FEC, and we are done.
You'd be surprised about what I could do to the guts of a voting machine. Inserting or inverting a line, wouldn't be too hard. Just tuning the machine of of spec (the linear speed of the ballot face by the sensors), or adjusting the sensor sensitivity would do the job. Making sure the board is the board it's supposed to be. I could re-wire the whole thing, stick a dummy board in there, that ignores the physical chip you insert with the code, and instead runs my hard-coded hidden away inside of some other part I've obsoleted. Ensuring that the actual board, is good, well operating board is very, very, very hard. Never, ever assume that just because it looks like the right thing, it is the right thing.
Right, verifing that the binary I have came from the source you gave me, is tricky. I've never seen anyone do it, ever. I've seen lots of people sign a binary, and I trust them enough to say that binary came from that source. I've never seen an automated way to build a binary that matches bit for bit, byte for byte (because most people include build times and dates for traceability). Now, I suppose your duplicate checker could account for such things.
In order for open source and security auditting to truly work, you have to
a) verify the build environment is absolutely secure (really, really difficult).
b) verify that source you are building is absolutely secure (really difficult).
c) verify that the hardware is configured exactly the way it should be, and verify that
the software it's running is the software that came out of the secure environment, using the auditted copy of the source (nearly impossible).
Furthermore, after doing all the that checking, you have to ensure that no one, and nothing you don't trust absolutely is allowed to interact with the machine. You can't build a scanner that is tamper proof. There are too many parts, and too many adjustments that have to be made.
I believe your are incorrect about a recount. I believe all counts are done at least twice (as a matter of procedure), and that any candidate can request a recount in a court, and by judical order, one must be done (and according to the law, the Judge must grant one to any official candidate, is my understanding of the law).
Open sourcing it, might help you with b. However, if the FEC is doing what it supposed to be doing, that should get covered. There might be a point at which you say, well we shouldn't have to trust them. However, at some point, you must trust them, as they are ones who do all of the verification. You can verify the source is correct. However, verifing, that particular copy of the source, is what's on the machine, is very, very difficult.
Slashdot Mirror
Kirby
I've got no problem with the RedHat packages that are GPL'ed, but if they don't allow me to distribute the binaries with logos, and trademarks, they are in violation of the GPL, unless it is in a seperate package that isn't GPL'ed (if they aren't in a GPL'ed package, no problem, see later). I have to be able to distribute the built binaries. If they don't, it's a clear cut violation of the GPL.
Now, I definitely can't advertise it as a RedHat product. Also most of what you said, is why I said you need to be running rpm -qi, it will list the license for you. There aren't that many that aren't "source redistributable free". If they are required, to install another package, I can just build a dummy set. Either by putting in all white images, or doing something terribly clever like switching the red and blue bytes in the color scheme, and release "blue hat".... :-)
I'll have to go read your link, it looks interesting. I've rebuilt the entire thing from SRPMS before, my only problem was some packages (bash in particular), didn't rebuild in my local RPM build directory, instead, it build in /var/tmp, which ran out of space, and I was missing some of the development libraries to build some of odder ones. Either way, all of that should have been enough to get me going to get the full install done.
Kirby
The term Universe from it's root is inherently singluar. There can't be two, because by definition, the two as a whole would then be considered the "Universe", and we'd lack the appropriate term for the two parts. I completely understand that science has subverted this, and decided to use the term multiverse to be unambigious.
About the only place I can even contemplate having more then one Universe, is in mathmatics where you have Universal Sets. There, you make the noun "set" plural.
First the "atom" (the root word means indivisible, guess the guys on the Manhatten project weren't paying attention), now the "universe" (its root means roughly all inclusive of everything). Can't we wait until we are sure of the properties before we name things. That's why multiverse, and sub-atomic particles are oxymorons.
Kirby
Kirby
Kirby
Kirby
I can't sell myself into slavery, and I'm pretty sure RedHat can't force me to give up my right to use software I built from source I have a legal copy of. Build the packages from source using the proper build environment, put them on a web server, do a kickstart install via the web server using the GPL'ed installer. Extract the binaries, and ensure that modulo timestamps they are identical. Sign them with a private key, and replace the public key distributed on the install CD with yours.
About the only place they can nail me is the copyright on the structure of the layout of the ISO (which is publically available to mirror as a matter of fact). Lets disreguard the fact, that they give you instructions, and tools to build said ISO's via anaconda packages (or so I've read, I've never actually done it). I thought the structure was GPL'ed in previous versions, I can't remember why I think that now. The structure hasn't changed in a long, long time.
Now, I can never, ever ask them for support on those machines, that would be blantantly illegal, and in violation of the contract. I can never hook those servers up to the RHEN either.
All I really want is the ability to install Oracle without issue. I've never had an Oracle issue that was a problem because of RedHat. I've never called RedHat for support. I've never e-mailed them. I've reported a couple of bugs, and sent in a couple of patches. I have bought every CD they have sold since RedHat 4.X. I'd like to play with the AS/ES/WS stuff at home at some point. That's all.
For the record, I've paid for all of the RH ES server's we've installed, but I've read the license and documentation quite carefully. You can create your own binaries quite easily from the GPL'ed source.
Kirby
I run SSH over a VPN, because I don't allow SSH connection from outside of my network. You've got to break the VPN, and then start attacking the network. Hopefully, I notice the VPN break in, and the it means when somebody scans port 22 on my network, I know I have a problem. Right now, out in the wild west that is the internet, port scans on port 22, are run of the mill. 0 day exploits of SSH are a serious problem, and I don't want to lose sleep of it.
I've considered at various times setting up a specific Apache configuration to allow connections from only my range of IP's at home, and a handful of others I use on a regular basis. Then SSL and password protect an SSH Java Applet that will run under Mozilla/IE with a stock JVM from Sun. Then allow that to SSH into a specific internal machine, and then allow SSH connections from that machine to others. That way, I'd have several sets of logs, and several layers of network services that would have to be compromised to allow you to get onto my network.
Instead, I just carry a IPSec capable ISO image (IPSec is what our VPN solution uses), and a keychain USB drive with the secret key. I boot of it pull the secret key off the keychain, and login via my VPN client. For extra bonus, no swap partition (so the secret key never ends up on the hard disk platter inadvertantly), only needs about 32MB of ram to boot, and has an ssh client on it. It does dhcp by default, otherwise I hand configure the network. The default firewall rules that are applied before the first interface comes up, ensure the only thing that can connect to me is the public IP of our VPN solution. If I lose my keychain, I immediately pull that key from the list of trusted keys. I want to VPN into the machine, all I need is a machine that boots from the CD-ROM, or that I can make boot from the CD-ROM, and a working ethernet tap. I don't go many places that don't have a cable modem and a computer, so this is pretty handy.
Kirby
Kirby
My point being, that console games get tested to ensure they work on all the consoles revisions that are available when the game is made. They aren't designed and auditted to see if they will work on future platforms if the MS decides to switch GPU vendors.
Kirby
He's talked about various design decisions he made to make the visuals impressive, and stunning that he knows directly contradict the goals of good game multi-player game play. He learned a lot about internet play, and dealing with latency, and multiple players resolving a situation in the same way when they have different information and different times. About dealing with somebody fragging you while never rendered while in that position, while making Quake. I get the impression he's tired of solving those problems, and would like to attack the problems of visually impressive. He wanted to make a visual stunning game. If you don't like it, send him the message by not buying it.
It's the game he wants to make. It's my understanding that the basics of the game engine will be tweaked for multi-player and used in Quake 4.
Kirby
As long as Microsoft make sure that the X-Box acts the same when you use the same API, the games work. You really only need to test on the X-Box. The console market is much easier to develop for because the hardware is very, very well known, and very stable.
As long as you stay with the API's, and the new hardware has so much more power then the old hardware, it doesn't make much difference. About the only thing you could be worried about is if, the X-Box 2 GPU doesn't have some feature the original NVidia's does. Or if someone screwed up, and didn't code the game to account for the possibility of extra CPU power. I remember trying to play the original Wing Commander on my P100. It ran so fast I couldn't even deal with it, and I was an ace on the 386 it originally ran on.
Given the X-Box's weak title support, and the lack of penetration in a lot of markets, they'll really want to keep compatibility to help make the new product a lot more attractive.
Kirby
This essentially looks like a custom security solution to deliver a specific set of protocols, via the web. So if you want to SSH, you connect over SSL to it, and then log into a Web application and run the SSH client. Possibly they have developed a wicked Java applet that runs on the local machine.
You want to browse the shares, you do it via a web interface. Maybe with IE, it presents the share to you as a webdav environment so you can mount the share directly.
I don't see anything there that leads me to believe I can run an arbitrary custom application over it. (ironically, this is one of the thinks they knock extranet's for). Call them up, ask if you can securely ship internal data over it.
It sure looks like they essentially provide you with a proxy server that you connect to over SSL, that will proxy you on, or just give you access to some form of applet on it. Granted a nifty interface is pretty cool. But if all they are doing is providing you a web interface into the services, and not actually extending the network to you (which I have no idea how they could over a browser in any secure way and portable way). I really want to see a portable way to implement security so that I can Samba mount something via a web brower. Then essentially, this is just off the shelf software, put into an embedded system. While it's pretty neato, I'm guessing using apache, webmail, webmin, and a Java based SSH client, I could do all this with free software off the net.
Ask to see a demonstration, where you get to run SSH on the command line. Ask to do secure copies over it. Ask to see port forwarding done over it.
Ask to see it run your custom contact manager that your sales people use (Okay, that's what I'd ask for our sales people).
Ask to see the configurations that allow arbitrary port forwarding. Ask to see how they can forward information from Quake securely, because you'd hate to get fraged by somebody snoping the net... :-)
The clustering, and failover, and the fact that it's load tested, and has good support, make it extremely valuable. The fact that it has it's security tested, is very good. The actual functionality would be easy to construct with free software off the net as a cool project for a good IT staff.
If your planning on spending real money with them, request a demo unit to test with for a month. If they won't give one up, I'd pass.
Maybe they just run a Web version of VNC and let you have access to a client desktop. That'd be pretty cool. Not sure. Maybe it's cooler then I think, but I'm guessing it's not a true VPN solution, and if you want to do anything that isn't on their list of services, you'll need another solution to address that.
Kirby
You take the MD5SUM file, and you PGP sign it (sneaker net it to the machine which has the PGP key and has never been connected to a network), and sneaker net the signature back. Now, the original MD5SUM inside of a signature can be used as an authenticity check. PGP signing a bunch of large files is excessive (I suppose you could sign a digest, which is all MD5SUM really is). I believe kernel.org posts signatures for kernel images. The PGP signature tells you that the person who signed the MD5SUM believes that those are the pristine files, and their MD5SUM. You are placing your security in their hands, in how well you believe they have done their job.
If you want to get really secure, you've got to ensure the physical security of the machine with the key. You have to ensure the security of the original install media for the signature machine. Oh, and you have to wear a tinfoil hat and gloves while running PGP.
Kirby
Kohan, is kind of a push in direction you describe. Essentially, you can't control minute details of the battle, in fact, once a battle starts you have 3 options, rout, retreat, and keep fighting. Once you get within range, you start to battle. You can control formation, and relative positions of the different companies.
Some of the things you might like about Kohan, and that I wish got included in more RTS games, is moral is important. If you have been fighting non-stop for extended periods of times, eventually your units will just rout, run away, and you'll have no control over the situation. Even if they are crushing the opponents, at some point they have to rest. I like the concept of experienced units. I like that as long as the entire company doesn't die, you get to keep the experience (possibly that should be modified).
The other game, I haven't seen mentioned is the Myth series of games. They are strictly tactics games. Here's the force you have, accomplish objectives X, Y, and Z.
Another game is Warlords Battlecry I & II, have some concept of supply, and having to hold ground to keep getting your resources.
I think there are several problems with the game you want. First, the game you describe, you'll either have no control over the details (like Kohan), or you won't have enough time to deal with everything at once, or there will only be a single battle. The games style you are talking about is relatively common in turn based games, where people have lots of time to deal contemplate things like the terrain.
However, I've used formation, terrain, and maneuver to my advantage in WarCraft III. It's easy to tell how much attacking, from uphill works out better. I've crushed a number opponents that outnumbered me by hitting their magic support from behind.
The one thing I really, really wish I could get my hands on, is a scripting language that was very powerful to write my own scripts to deal with priorities, and input things into it. The concept of trading scripts, and downloading scripts. The problem of course, it could completely ruin the performance of the game. I just wish I had more control over each individuals units reaction to certain events, (kinda like I was the general who laid out the training plan for them).
Kirby
Kirby
My argument, isn't really that a fresh college boy is a better hire, but that 3 weeks of time, does not make you anywhere near as valuable as a person who has the expertise I actually need. His claim of, well I've done a lot of web based programming, all I need is a couple of weeks to learn the syntax is bogus. I'm a real C++ programmer, I've got lots of experience. I've read all the books I can get my hands on. Sorry, it's a big language, with lots of litte twists and turns in it. Java has a lot of twists and turns, and it has a huge library. It's a lot longer lead time. Like a year or two, to become fully proficient, and that's somebody who spends a lot of time studing, and reading the literature, and wants to learn the tools.
A fresh college kid, with lots of energy, and lots of desire to learn, who has in fact written with a lot of the tools I want him to use, is a lot better to me then someone who has PHP/JavaScript/ColdFusion/Zope experince to me. It'll take me far, far longer to teach a Web Programmer, all the little pieces of the toolchain make/cvs/gcc/g++/gdb, how to track down errors he's never had before (SegFaults, dealing with signals, learning which set or C standard library calls are signal safe, shared memory, IPC, sockets, pipes), how to interact deal with pointers, memory allocation, and tracking all the other things one generally doesn't worry about in web based scripting/programming languages. At the local college it's easy to find someone with experince in all of the things listed in parathensis, and they are important to me. Not too many web programmers deal with those types of issues programatically before. It's my opinion, I'm entitled to mine, your entitled to yours.
Kirby
No, but not knowing the tools makes you a lot less effecient. Normally, I can have an error message read to me over the phone, without seeing the code, and can tell you the 2-5 common case errors you need to look for. That's on code I've never seen, on a code base I've never worked on, with only a cursory description of what it is your doing. I can do similar task for STL code. I can tell you what debugger settings you want to find the error. I can tell you which flags will help you track it down, and what keywords to google for because I know the vocabular of the documentation.
I wouldn't refuse to hire them, but I'd understand that in the first 6 months, I'd only get 1-2 months of productivity, and that probably the first 2 months of coding they did would have to be re-done. That in 2 years if they are very good, they will probably be 2-5 times as fast as they are. Which is why I wanted experience in the first damn place, or to pay 1/2 the going rate.
The places "throw away" programmers works best, is when you have lots of small projects. Where everyone is in charge of their own codebase for their own trees. It's sink or swim, and you find the swimmers real fast in that environment. You keep around a couple of big hitters to mentor everyone to save projects run by sinkers.
Besides, that's what CVS annotate is for, you use it to find all the code that needs to be re-written. I have no qualms about just throwing away poorly written code, and re-writting. Especially, when the code was cheap to aquire. It also means the people who stay, know more of the code base, and have experience with dealing with bad code (a very important skill).
There's nothing wrong with hiring experience programmers, however, implying 3 weeks of time, is enough to make you qualified as "good enough" to get full pay, and makes you as valuable as someone with experince in the language with the tools is just not true.
Kirby
Just because you know Java's OO, doesn't mean you be able to use templates in C++, or read templated code in 2 weeks. You might spend 6 months doing C++ programming to come across all the various idioms. C++ is a very large language with lots of nooks and crannies (I know, I own a copy of the ISO standards).
I'll say it again however, syntax isn't the hard part. Syntax is the easy part. Show me the BNF, and I should understand just about all of the syntax. It's idioms and semantics, plus the libraries (if there are any). Just because you know C++, doesn't mean that you'll remember that in Java all classes are references, and all atoms are copies. The semantics, and being true to them, is the hard part. You have to switch mindsets and be very aware of the code, the way the code gets generated, and what the actual assembler/byte code does and means. You need to be familiar with your tools. I'm a C++ programmer, and I wouldn't be nearly as productive if you made me do C++ programming in VC++ (disreguarding the fact that I don't know any of the Win32 API). I don't know the environment, and it'd take 6 months to get up to speed to be as good as I should be to pay me full time wages for it. I learn quickly, but I'm very demanding of my tools, and I want to be familiar with all the error messages. To have read all of the documentation for every switch the compiler and linker has. To have read up on every command and feature of the debugger. I'd like to have read everything I can find on the standard idioms, and the easy ways to do standard tasks. Sure I'll be productive, I'm just not sure I'll be cost effective.
I'd still rather hire 4 new programmers fresh out of college, and pay them grunt wages throwing 2 away every six months until I find a couple of good ones (of course, I've got a line on the good ones, as I teach part time, and am friends with the guy who teaches all of the intro C++ courses at the local college), then hire someone who is an expert in PHP and Java script and write me some C++, an pay him full time wages.
Kirby
A couple of weeks of C++ experience won't teach you the nuances of the STL, how templates work, the strange rules about operator overloading. It won't teach you in's and out's of the pretty large C/C++ standard libraries. You won't know anything about the sublties of the multi-inheritance issues. You won't know about the nooks and cranies involved in overloaded function call parameter resolutions. That's the kind of expertise you need to be able to do serious C++ work. It's something that takes at least a year or two of experience, and dedication to learning the ins and outs of it all. They are better off paying some fresh out of college grad less money to learn in all likelyhood then they are you. They have the same degree you have, that you claim will make you competent in a couple of weeks. Why should they pay you extra?
You've got it all backwards, the semantics of the language are what are important. In fact, I'll go so far as to claim that your experience might make you a worse candidate for using C++ then your fresh out of college grad. You have knowledge and expectations about how you think things should work. You think you know what the semantics are. However, subtle differences in the semantics can lead to very poor code, where you end up fighting the language the tools to get the job done.
Java, which I don't know, I am told is really difficult to be very good at, if you aren't extensively familiar with the ins and outs of the areas. Simple stuff with J2EE, like certain containers can't deal with threads. Stuff like how overloading works, the difference between the object type Integer, and the base type int. The differences between the various JVM's. The sublties of hooking up the various intrumentation tools. There is an extremely large standard library, and knowing how it works, and which pieces are how old, and what is compatibile with with versions of the JRE's is very important. Just knowing the syntax, and that inner classes are a feature, and that there are no pointers, and there are no functions not attached to a class, doesn't make you Java programmer. Sure you can have a cursory knowledge of Java in a couple of weeks. Great, I'm not terrible interested in paying you experince programmer wages so you can learn the tool. There are entry level jobs out there for Java. They'll be thrilled to have someone with programming experince.
Just because you have a degree in Astro-areo dynamics, and have experience designing parts on for the Shuttle engine, doesn't mean you have the necessary skill to be a drop in replacement for a engine designer for Dodge trucks. A guy fresh from college who studied the Engineering methodologies of Dodge for the 6 months in a case study, is probably much more qualified then you are, for very similar reasons.
My first programming gig, was pretty much, we higher you for twice what McDondald's pays you, and we'll throw you in the deep end of the pool 3 months, if you still floating at the end of that, your a keeper. I got plenty of lessons at the school of hard knocks, they had a couple of very good senior programmers who kept the rookies on track, and bailed them out if things got out of control. I made good money for what I knew, and 2 years later, I did in fact know a lot about C/C++. My next job, I spent a bunch of time writting ObjC. Spent 18 months learning the ins and outs of the OpenStep Runtime making not much more the the first job, and I learned a lot about Oracle and being a DBA. I learned a lot about Solaris, Linux, and WindowsNT during all that too. Then, I finally got a good job, for someone who had experience in C++, and needed some expertise in doing SA work, and I had to build a schema, and pick a backend RDBMS system to run the company's core data on. I finally was considered worthy of the task.
Kirby
Kirby
Kirby
One of the more complicated things we ever did, involved sending a guy to the moon. That involved lots of Engineering. That's the closest thing I can think of to writing new software. First, they didn't have the tools to make the stuff they needed. They had to make tools, to make the final products they needed. Then they did testing, documentation, procedures, failure cases, procedures for handling all of the failure cases. Then they did training. Then they did more training.
They had to create materials, and process, and solve invent whole new areas of Engineering to do that. They had all kinds of problems they overcame, by letting the Engineer's imagination run rampant, and then having it, checked, re-checked, and double checked. They did it, by having redundant checks, and redundant design teams. They had fail-over systems in triplicate. They tested literally everything they could. When something failed, they investigated way, and change the procedure to mitgate the probability of that happening again.
It'd be wonderful to see some process be implemented. Right now, to get code into say the stock kernel, there is a process. You convince Linus it's good enough. You can do that a myriad of ways. If it's small you just send it to him. If it's larger, you send it to a large list of people who peer review it. You send it to a maintainer of a popular tree. They let is sit in their tree for a while. Nobody reports a bug, some people report success. Whoopie, it'll probably end up in a source tree. It's very, much a process. It's just not a process a single company can execute. They can't have the internal talent lying around to do it.
There are a lot of projects that have little to no internal review. They have only a handful of developers examining the code. Some of whom might not be the greatest coders in the world.
The reason Apache, Linux, FreeBSD, and other large projects are successful, is because they have an over abundance of people who care, who are extremely talented. They also tell people who are crappy who try and contribute to go fly a kite, until they can get up to snuff. It'd be nice to see a group of people, who care, precisely because they are paid to care. Right now, a lot of those people are paid by Linux distributors, or other distributers of OSS.
Personally, I'd rather see an open source static source checker developed so auditing could be streamlined and automated. You run the checker against your code, it analyses all of the possible cases, and emits warnings. You have a way to notated the code (preferrably, out of band of the source code) to say, I've checked this one, don't warn me any more. Have all that integrated with a SCM tool, that will identify when you have changed a section that has previously been human approved, and nullify the approval. So you reduce a lot of the grunt work of doing an audit.
Something even more sophisticated for the Linux kernel, that says, function call foo, can only be called if lock bar is held. Then having a compiler check to see if there might be a problem. Have rules about function bar can't call anything that can sleep. Then have a the tool check it. So for each project you can establish a ruleset, and enforce the rules in a relatively automated way. This function can't be called from interrupt context, and build the call tree to see if it ever can be called. I believe smatch is the beginnings of such a project.
I guess in the end, the gurus, execute their own personal process, and if you have really great guru's the project works. If you have guru's whose process sucks, it's a failed OSS project. The reason you don't see big catastrophic failures in OSS, is they die while they are
Trust, would be thousands of individuals building the source, each independently of each other, and verifying that their copy is identical to yours, and sending you their signature of the file, so you can append it (or signing, the signed file). That would be security, distributed trust, and I've have more trust for that process then what is going on now. Right now, I trust the FEC to be as good as you are at doing the build, and I trust them with the physical security of the code to be transported to the site (they have to move voted ballots around, they have to have some good form of physical security, if they don't, we need to solve that before we even start discussing problems with the voting machines).
Because of the nature of building software, it's not repeatable down the the bits and bytes, if you include the time and date, or the name of the machine doing the build, or anything else. It's relatively common for people to do that to create an audit trail. Granted some of that could be mitigated but it's not some trival process that's well understood and done hundreds of times a day around the world (like PGP signing is).
In the case of the bank, they trusted you to do the build process, and to properly put the appropriate code on the appropriate machine. They trusted you with the process of securing a machine, and building software on it. Bully for you. I have absolutely no reason to trust you to do that process for voting machines. If we find a single entity that everyone trusts to do this process, that's wonderful, that entity should replace the FEC, and we are done.
You'd be surprised about what I could do to the guts of a voting machine. Inserting or inverting a line, wouldn't be too hard. Just tuning the machine of of spec (the linear speed of the ballot face by the sensors), or adjusting the sensor sensitivity would do the job. Making sure the board is the board it's supposed to be. I could re-wire the whole thing, stick a dummy board in there, that ignores the physical chip you insert with the code, and instead runs my hard-coded hidden away inside of some other part I've obsoleted. Ensuring that the actual board, is good, well operating board is very, very, very hard. Never, ever assume that just because it looks like the right thing, it is the right thing.
Kirby
In order for open source and security auditting to truly work, you have to
a) verify the build environment is absolutely secure (really, really difficult).
b) verify that source you are building is absolutely secure (really difficult).
c) verify that the hardware is configured exactly the way it should be, and verify that the software it's running is the software that came out of the secure environment, using the auditted copy of the source (nearly impossible).
Furthermore, after doing all the that checking, you have to ensure that no one, and nothing you don't trust absolutely is allowed to interact with the machine. You can't build a scanner that is tamper proof. There are too many parts, and too many adjustments that have to be made.
I believe your are incorrect about a recount. I believe all counts are done at least twice (as a matter of procedure), and that any candidate can request a recount in a court, and by judical order, one must be done (and according to the law, the Judge must grant one to any official candidate, is my understanding of the law).
Open sourcing it, might help you with b. However, if the FEC is doing what it supposed to be doing, that should get covered. There might be a point at which you say, well we shouldn't have to trust them. However, at some point, you must trust them, as they are ones who do all of the verification. You can verify the source is correct. However, verifing, that particular copy of the source, is what's on the machine, is very, very difficult.
Kirby