It also annoyingly follows symlinks and replaces what you entered with their target. This means that for example, if you select gvim, mozilla calls vim instead. Vim doesn't work too well without a terminal...
I just wanted to point out that you seemed to be using a more narrow definition of input than the article, which slants things a little differently.
What do you propose? That software developers don't even trust the system calls of the OS they are running on?
You can certainly trust most system calls, but one of the things the article mentioned was an attacker closing the std{in,out,err} file descriptors before execve(2)'ing your program. So on some systems, when you open(2) a file, you'd get the same handle that refers to console I/O. That's probably unexpected, and possibly exploitable (don't ask me how though;-).
Library calls can be suspect on some systems, too.
However, the article seems to be mostly in the context of set-uid programs, while your example programs have little need to worry about security issues.
I'd agree that you can have useful programs even with no input of any sort; the programs true and false that you mentioned are trivial examples.
Your examples don't take user input, but most of them do take input of a different sort. The point of the article was that input can come from unexpected sources like environment variables, and that an attacker can sometimes subvert these inputs. The cpu meter, bg, fg, ps, top, logout, and clock programs all take input, in the form of system and library calls. Some of them also read input from configuration files.
++C++-- must be a real bitch to program in, what with all the undefined bahavior. I guess it's better than C+ at least, where all you get is syntax errors?
That's an interesting line of thought. So the windows or widgets would be ordered on the z-axis and the first one intersected for a given pixel would be displayed at that pixel? Wolfenstein 3d used ray-tracing to good effect, so I can certainly believe it might be fast enough. Some shapes are probably faster to draw with raytracing than with standard line-drawing too (especially with antialiasing!).
I wonder, do you hierarchically decompose windows and widgets, so you first try to intersect each window, and for those windows that intersect, try to intersect each of their subwindows/widgets? Some standard raytracing techniques would apply here as well, like BSP trees.
Bitmaps present a small problem for ray-tracing: if you want to scale them at all, they'll alias even when you super-sample and jitter. You would have to use interpolation or blur to prevent that from happening. Vector graphics would also be a problem, because usually to determine the color of a pixel, most of the drawing must be re-computed. So you'd probably want to draw scaled bitmaps and vectors the normal way, and cache those.
How would you know which pixels are dirty? It's easy for an app to tell the window system it's updating a window, but what about moving an entire window, and dealing with the borders of funny-shaped windows? If you're anti-aliasing, pixels next to the border become dirty too. I suppose an OK first approximation would be to re-trace the entire bounding-box plus a pixel-width or two around it.
Fonts shouldn't be too bad, although it might be faster to treat them as bitmaps. POV-Ray has some code to trace truetype fonts, and it could probably be adapted to type 1 too (truetype uses quadratic curves, type 1 uses cubics).
If [Linus] held all of the original copyright [to Linux]. He could literally sell it to the highest bidder under any licensing agreement they want (the FSF could do the same with Emacs or GCC).
The part about the FSF isn't true. The copyrights to all non-trivial contributions to GNU programs are assigned by contract to the FSF, with obligations on both parties. If the FSF closed the source to Emacs, all contributors could sue the FSF for breach of contract, since one of the conditions is that the FSF must license the program in question under GPL-like terms. I had a hard time finding a copy of this agreement (and there are apparently several variations depending on the situation), but here's one example.
That said, I like the multiple-owners model of Linux better.
Well, I feel that "useful" means that the work somehow advances the sophistication of the field it's in, or introduces new ideas, which I don't think pop blah really does. OTOH, neither does much of the music I do like, and I would still prefer those artists had some protection. So I would be happy with the laws that used to be in place for copyrights, although I think automatic copyright protection without having to register is still a good thing.
While I think the methods of enforcement of copyright are crude and harsh, that doesn't mean real police (not RIAA goons) shouldn't investigate cases. Copyright does exist for good reasons.
That reason being, "to promote the progress of science and useful arts," don't forget. Is "pop music regurgitation" a useful art?
Now, I don't use a whole heck of a lot of OSS software, but isn't there an OSS spellchecker in there somewhere?
There's nothing misspelled or the wrong word choice in his letter that I or ispell can detect (perhaps you think "bated" is incorrect?). Some of his grammar might be a bit questionable, but that's a different matter.
Linux and other OSS projects are looking more and more, well, childish by the day.
Hmm, I didn't think Perens and Raymond's letter was that well done; it didn't address a number of points that it could have. The best response I've seen yet is a comment by "ProgrammerMan" to Linuxworld's posting of McBride's letter. There are some other good rebuttals on that site as well.
That's a very nice, flawlessly formatted article. The PDF was generated by Acrobat Distiller, from a (presumably PS) document created by dvips.
Well, it does use ugly bitmapped fonts when it could use type1 fonts, but otherwise, yeah.
By all means this seems some kind of LaTeX document. Although Andrew Glassner works as a researcher for Microsoft, he is apparently not forced to use MS Word (which would be awful for this purpose).
That's nothing, did you know that Leslie Lamport (creator of LaTeX) works for them?
Oracle changed their logo sometime ago, too. It was the work of a commission with an enormous budget and after many, many manmonths the result was that the 'A' was mirrored.
Mirrored as in backwards? Sounds like a database glitch.
It's funny, my university offers TLS smtp, imap, and pop3, but their webmail service isn't encrypted. Really annoying when the imap server is down and I want to check my email.
I'm glad you brought this up, allowing me to mention a neat alternative to interval arithmetic, namely Affine Arithmetic.
Whereas interval arithmetic is a constant approximation to a function, affine arithmetic is sort of a linear approximation, which enables a much better error bound, especially for monotonic functions. Some cool properties:
Addition and substraction are exact: The identity x - x = 0 holds, unlike interval arithmetic.
The error in the output is quadratically related to the error in the input (instead of intervals' linear relation).
For every calculation, you can extract an estimate of the gradient, as a side effect.
The main drawback is that computations are slower. Depending on application, the improved accuracy may or may not make up for this. I've written an affine arithmetic library, which I plan to eventually release, along with a program to graph implicitly-defined functions. I plan to use the third property above to drastically improve the root-finding algorithm. Instead of a quad/octree, I'll be able to recurse on parallelograms that much better follow the function's contours.
Unfortunately, I've decided that it would be too much work for me to rigorously bound rounding errors, which would be necessary to get the "machine proof" of correctness you mention. I currently have my own interval library as part of the implementation, but I might use Boost's, if it works well enough.
Actually, the other reason I haven't tried to bound rounding errors is that rounding control is broken in GNU Libc on pretty much every architecture.
I'm pretty dubious both ways... for one thing,
we've only heard his side of it, but on another thing, it sounds pretty shady for him to have contributed all that, then having DR cut him out of the loop, seemingly wanting to keep the future money prospects to himself.
Emphasis mine. That's exactly what amazes (and repulses) me about this. His side is the only part I've heard, and it still gives me a really bad impression of him. In addition to the other poster's observation that he seems to overestimate the comparative worth of his contributions when expecting something in return, he seems to completely misunderstand the motivations of the community that he was interacting with. I doubt many of them have the profit motive that he does; they probably mostly work for fun. He only seems to be seeing things in business terms.
I also think he's being hypocritical, when he complains, "Every contribution made to Gentoo builds the brand of the distribution, value that is not being fairly shared with those members of the commnity that have helped build it." I wonder, does he intend to "share" the value that his company gains by using Gentoo? To share it with the authors and communities that produced Gentoo and the thousands of open source software packages he'll undoubtedly use?
Bug 2: I use a realtek ethernet card, which was enabled via a kernel module, which required me to change some text file so that the system would load the module on boot. In fact, every single time I upgrade the kernel, that file needs to be edited. I don't know if that's Debian's fault of Linux's fault, though.
I'm guessing you're talking about/etc/modules.conf. If so, then instead of editing that file, add your text to/etc/modutils/aliases, and run the command update-modules. Note the text at the top of/etc/modules.conf, and update-modules(8) for an explanation. I think this is Debian-specific, so you could say it's Debian's fault, but it's that way for a reason;-)
Slashdot Mirror
It also annoyingly follows symlinks and replaces what you entered with their target. This means that for example, if you select gvim, mozilla calls vim instead. Vim doesn't work too well without a terminal...
I'm disappointed. What happened to the subtlety and almost-plausibility of posts like "apt-get expose" and "Debian dselect iTunes implementation"?
Although you did get one idiot.
What do you propose? That software developers don't even trust the system calls of the OS they are running on?
You can certainly trust most system calls, but one of the things the article mentioned was an attacker closing the std{in,out,err} file descriptors before execve(2)'ing your program. So on some systems, when you open(2) a file, you'd get the same handle that refers to console I/O. That's probably unexpected, and possibly exploitable (don't ask me how though ;-).
Library calls can be suspect on some systems, too.
However, the article seems to be mostly in the context of set-uid programs, while your example programs have little need to worry about security issues.
I'd agree that you can have useful programs even with no input of any sort; the programs true and false that you mentioned are trivial examples.
Your examples don't take user input, but most of them do take input of a different sort. The point of the article was that input can come from unexpected sources like environment variables, and that an attacker can sometimes subvert these inputs. The cpu meter, bg, fg, ps, top, logout, and clock programs all take input, in the form of system and library calls. Some of them also read input from configuration files.
++C++-- must be a real bitch to program in, what with all the undefined bahavior. I guess it's better than C+ at least, where all you get is syntax errors?
Must have been playing with electricity again. Zzzt! Ow!
That's an interesting line of thought. So the windows or widgets would be ordered on the z-axis and the first one intersected for a given pixel would be displayed at that pixel? Wolfenstein 3d used ray-tracing to good effect, so I can certainly believe it might be fast enough. Some shapes are probably faster to draw with raytracing than with standard line-drawing too (especially with antialiasing!).
I wonder, do you hierarchically decompose windows and widgets, so you first try to intersect each window, and for those windows that intersect, try to intersect each of their subwindows/widgets? Some standard raytracing techniques would apply here as well, like BSP trees.
Bitmaps present a small problem for ray-tracing: if you want to scale them at all, they'll alias even when you super-sample and jitter. You would have to use interpolation or blur to prevent that from happening. Vector graphics would also be a problem, because usually to determine the color of a pixel, most of the drawing must be re-computed. So you'd probably want to draw scaled bitmaps and vectors the normal way, and cache those.
How would you know which pixels are dirty? It's easy for an app to tell the window system it's updating a window, but what about moving an entire window, and dealing with the borders of funny-shaped windows? If you're anti-aliasing, pixels next to the border become dirty too. I suppose an OK first approximation would be to re-trace the entire bounding-box plus a pixel-width or two around it.
Fonts shouldn't be too bad, although it might be faster to treat them as bitmaps. POV-Ray has some code to trace truetype fonts, and it could probably be adapted to type 1 too (truetype uses quadratic curves, type 1 uses cubics).
I'd love to hear of your thoughts or progress.
Well, I feel that "useful" means that the work somehow advances the sophistication of the field it's in, or introduces new ideas, which I don't think pop blah really does. OTOH, neither does much of the music I do like, and I would still prefer those artists had some protection. So I would be happy with the laws that used to be in place for copyrights, although I think automatic copyright protection without having to register is still a good thing.
Hmm, I didn't think Perens and Raymond's letter was that well done; it didn't address a number of points that it could have. The best response I've seen yet is a comment by "ProgrammerMan" to Linuxworld's posting of McBride's letter. There are some other good rebuttals on that site as well.
That would be the default dvips or distiller settings, not LaTeX.
You missed the fact that wc also prints a total when invoked with more than one file, so you're counting most lines twice.
And maybe I'll see you in AA.
It's funny, my university offers TLS smtp, imap, and pop3, but their webmail service isn't encrypted. Really annoying when the imap server is down and I want to check my email.
- Addition and substraction are exact: The identity x - x = 0 holds, unlike interval arithmetic.
- The error in the output is quadratically related to the error in the input (instead of intervals' linear relation).
- For every calculation, you can extract an estimate of the gradient, as a side effect.
The main drawback is that computations are slower. Depending on application, the improved accuracy may or may not make up for this. I've written an affine arithmetic library, which I plan to eventually release, along with a program to graph implicitly-defined functions. I plan to use the third property above to drastically improve the root-finding algorithm. Instead of a quad/octree, I'll be able to recurse on parallelograms that much better follow the function's contours.Unfortunately, I've decided that it would be too much work for me to rigorously bound rounding errors, which would be necessary to get the "machine proof" of correctness you mention. I currently have my own interval library as part of the implementation, but I might use Boost's, if it works well enough.
Actually, the other reason I haven't tried to bound rounding errors is that rounding control is broken in GNU Libc on pretty much every architecture.
Really? What's the perfectly accurate BCD representation of 1/3?
I also think he's being hypocritical, when he complains, "Every contribution made to Gentoo builds the brand of the distribution, value that is not being fairly shared with those members of the commnity that have helped build it." I wonder, does he intend to "share" the value that his company gains by using Gentoo? To share it with the authors and communities that produced Gentoo and the thousands of open source software packages he'll undoubtedly use?
What's the bitrate on that one? About 116bps (not kbps) I'd say