You can 'click' the mousewheel. Acts as a perfect 3rd button if you change it in the IntelliPoint software. I'll agree with Taco as well -- MS Mice Rox0r!
Why is it that people say X holes here, or Y bugs there.
Bugs are given ratings on their priority, I assume security holes are as well.
I looked through some of those security listings and noticed that some are for applications that are bundled with the OS (so I'm not sure that they should be counted as an OS issue) and that don't result in actually compromising the system (perhaps crashing an application, or corrupting a file, yes). Not that I'm saying that is a 'good' thing but certainly crashing a little-used application which may not even be running on the default install isn't the same as gaining root access nor should they be treated as such; some form of 'validation' of the numbers is needed, e.g.:
Easily Exploited (278):
-- Root Access: 234
-- Crashes programs: 44
etc.
The only things I see that high are:
Aircraft radionavigation from 900MHz to 1350MHz(with a gap from 1215 to 1300MHz), then again from 2700 to 2900 (Aeronautical Radionavigation Meterological Aids).
I assume the latter would be weather reports which could be VERY important (think microbursts downing planes).
There's also 2900-3000 which is labeled "Maritime Radionavigation" which I'd assume wouldn't be terribly affected (not to many cell phones in the middle of the Atlantic.:D)
According to my frequency allocation chart, the 4.2 to 6GHz band is reserved (dually with some other things) for 'Experimental PCS'. Perhaps they're worried about people running amok in 'their' band?
I don't know entirely how WPA works, but I know with most games you *can* use a keygen for most of the codes. If they are 'well-formed' and comply with their format then the game will accept it. However, only a select number of the 'possible' working keyset is actually *valid*, meaning it exists in their large database.
I would suspect that would be the case here; the question is whether or not that false key once accepted by the program is transmitted back to Microsoft for validation.
I agree with you as well -- if I came across as 'QA should only be programmers' then I apologize; that was not my intent.
QA is more than just 'poking' at the program and seeing if it breaks. It's authoring test procedures, finding new and interesting ways to break the program, interacting with other developers and management, and a whole lot more. As a programmer I know I hated to write test procedures -- it is very very boring and as the complexity of what you are testing increases linearly the complexity of your test procedure increases exponentially.:D However, there were guys there who, although they didn't know much about programming, wrote EXCELLENT and in-depth test procedures and saved my butt many a time.:)
However, we'd write up bugs such as "Inserting 32 characters in field XYZ on form 123 causes program to crash" which, in the grand scheme of things, could be viewed as either a "Show Stopper" (highest priority) or a "Do We Care/When We Have Time" sort of a bug. Considering adding range checking to a form is trivial giving QA clearance to fix that would result in a much better program (again provided the QA developers are qualified) and give the regular developers more time (since we'd find 30 or so of these things on a single form) to fixing the hard-core bugs or developing new features.
Correct, I didn't want to type a whole lot of C++ or whatnot, so I stuck to type-independant PHP.:D
From talking to Zeev (author of Zend Engine) he said that there would be a slight performance hit to doing something like that (I assume it is as you said the reorg and such).
My style of programming is to keep excessive things like that to a minimum because 10ms more might not seem like much until your program (or in this case, web page) is hit 100 times a second.:D
Fallacy 9: Programming is About Date Structures and Algorithms
I'll agree here, although I see it most in database design. With the advent of such super-fast DBs such as MySQL there has been a FLOOD of horribly written applications that utilizes them. For instance, you'll see every column defined as CHAR( 255 ), or every table prepended with AUTO_INCREMENT columns even when they are not necessary. Indexing is poor or non-existent, and tables are horribly in need of normalization.
Some finer points in design; I see some stuff like this a lot as well:
function bob( varlist ) {
$var = $joe + 12345;
return $var;
}
You're wasting memory and such for the variable declaration and assignment, simply return $joe + 12345;.
Fallacy 12: We are Making Progress
- Progress in quality assurance has been remarkably slow
I used to work in QA for a software company and I wouldn't say that I was the worst programmer there, but I think the problem is that 90% of the QA staff WERE NOT PROGRAMMERS or didn't have access to the source. Basically, QA reports bugs, they go into the queue, and then a developer, if they have the time when compared to all their code development, meetings and such, may have a chance to get to the bug. It would be nice if the QA staff, who may have software programming skills, would be allowed to be developers as well (e.g. all the rights of a developer but QA is their main focus). They attend the same dev meetings and such which gives them the insight to the architecture to allow them to fix bugs which have been approved by management.
So in effect, have two programming teams.
I would expect the ~10kg or so chopper laden with 45kg of weaponry wouldn't be able to get off of the ground, let alone fly.:D
Why Sun will be preferable to Intel Clustering
on
Oracle Switching To Linux
·
· Score: 5, Informative
Couple reasons why Sun still will be preferable to off-the-shelf, commodity Linux boxes for many a year (with or without Oracle's blessing) - and how to change it! (Disclaimer, we run Linux on our web and DB boxen and do NOT use Oracle (Sybase ASE in fact) and were burned by Sun in a deal we wanted for some 280's).
Banks and others with lots of cash have traditionally enjoyed the "Let's buy a couple really really big boxes and replicate them everywhere" mindset and I don't think that will change. Clustering is way cool but I am not convinced the TCO is far less to cause large customers to switch their entire mission-critical, multi-billion dollar a day transactional systems to Linux.
They will stay with what works for a long, long time. Why Larry's pronouncement of 'support' is interesting is that Linux is, for the most part, unsupported. Sun has hundreds (if not more) of engineers around the world on standby -- if your E10K goes down at 4AM they probably know about it before you do (since they have all sorts of neat things built in) and are already on the scene. With Linux? Not so much -- but Oracle is going to try and push the fears of 'what if it goes down at 4am!' out of their minds by saying "That's ok, we can fix it!". Linux and Intel need to offer much of the same features - I know Compaq has neat little remote monitoring cards with their servers, something like that which hooks into Linux and is a commodity (like video cards, or RAID cards, etc.) would help a lot.
Yes, there is an inherent 'single point of failure' with big boxes. That is why they 'cluster' (in name only and not a special type of software) by replicating all their data from their master to several slaves. Currently Sun platform usually has MORE than ample room for growth and you buy 3 E15Ks simply to have warm-standby machines in case the first goes down (and you can always use the other two as readers).
From a TCO standpoint it is far easier, faster, and cheaper to replace a single machine (under warrantee) than it is to have 20 small ones go down at night. Yup - you need to have redundant supplies on hand for the 'worst' situation - and if you have 100 Linux boxes in a nice array and an earthquake hits you now have to order 100 new boxes to replace your destroyed ones. Sun can get you a replacement (or replacements) installed and configured long before the first truckload of new PCs arrives.
Further, you have to configure and maintain 100 boxes vs. a small cluster of Sun machines. I haven't had much experience in large-scale clustered Linux systems but I would surmise that making a kernel change on 100 Linux boxes would take more time and $$ than to 3 Sun machines.
Plus, Sun's 64 bit architecture beats the pants off of Intel -- and in a large DB app you NEED that extra I/O (which is why a 220R with 450MHz x 2 CPUs will spank any dual Intel system out there). I have yet to see any head-to-head comparisons of Itanium and UltraSparc III, so perhaps Intel can rip that from Sun someday.
Couldn't they have done a better photoshopping job on that 'logo' on the side of the building? Or even better, since this website (like everything in the government) cost around 10X more expensive than it should have been to make I bet they could've afforded a simple 'iron-on' banner to place on the side of the building.
I think I understand your point, but I think given all the security holes, downtime caused by them, and overall bad vibes caused by Outlook it is not an unreasonable request.
Word is quite another thing since, for the most part, their holes have not caused near as many problems as Outlook and IIS have (several very reputable entities have stated 'Do not use IIS until it stops sucking'). Plus the replacements for Word are not, in general, better or easier to use/obtain.
Excellent -- I'll be sure to add that to my headers (well when I find an appropriate link of course;)).
Use his power for good, not evil (or less good:))
on
Borking Outlook Express
·
· Score: 4, Interesting
I read the english e-mail and he explains his position (I don't quite understand the hack though) -- rather than blocking totally Microsoft's client, why not make it display "This message would be readable if you used any other email client than Microsoft's. For a list of good clients, some of which are free, visit *url to Download.com or something*."
Same thing for anti-Microsoft mailing lists which disalow Outlook -- kindly inform anything other than Outlook is ok (due to security concerns, etc.) and provide a list of free or not-too-expensive email clients (or again a link to download.com and the like).
Sounds like a much better (and beneficial) use of time.
Our boxen all run 2.4.6 and it runs fine (at least for our web and database use). I don't run X or any of that other crap -- it's a production system and I can't see why people are talking about "how fast my window renders" on a prod box. 2.4.* is certainly a whole lot better than 2.2.* (on our SMP systems) so I think it is worth the upgrade to those who haven't done it yet.
What is the accepted, 'stable as it is going to get' 2.4 kernel?
Prior to 1994, it was, yes. After then Microsoft took control and began turning it into their own product. It does offer many of the same features, language (TSQL), stored procedures, etc. as Sybase does. From what I understand either 7.0 or 2000 was a 'total rewrite' of the DB code (of course retaining backwards compatability with previous versions).
An Apology To Sybase Customers: Oracle Will Never Give You A Million Dollars
"Oracle has issued a bold offer. They'll give a million dollars to any DB2, WebLogic or SQL Server user who switches to Oracle technology and fails to triple the performance of their website. Pretty impressive talk."
http://www.sybase.com/detail/1,6904,1015763,00.htm l
Sounds like Sybase should have a "Sorry, we won't lie to you like Oracle did." campaign!:D
That is correct -- which is why I said I'd want a SunFire 280 if we could afford it.:D The I/O is simply astounding -- I wouldn't want Solaris on x86 anyway.:)
Slashdot Mirror
You can 'click' the mousewheel. Acts as a perfect 3rd button if you change it in the IntelliPoint software. I'll agree with Taco as well -- MS Mice Rox0r!
Why is it that people say X holes here, or Y bugs there.
Bugs are given ratings on their priority, I assume security holes are as well.
I looked through some of those security listings and noticed that some are for applications that are bundled with the OS (so I'm not sure that they should be counted as an OS issue) and that don't result in actually compromising the system (perhaps crashing an application, or corrupting a file, yes). Not that I'm saying that is a 'good' thing but certainly crashing a little-used application which may not even be running on the default install isn't the same as gaining root access nor should they be treated as such; some form of 'validation' of the numbers is needed, e.g.:
Easily Exploited (278):
-- Root Access: 234
-- Crashes programs: 44
etc.
Oh I see what you mean. I think it has to do with their band (High, Super, or Hyper) since there are a lot of overlaps in my chart.
Correct, 5725 to 5825MHz is allocated for Unlicenced National Information Infrastructure Devices.
The only things I see that high are:
:D)
Aircraft radionavigation from 900MHz to 1350MHz(with a gap from 1215 to 1300MHz), then again from 2700 to 2900 (Aeronautical Radionavigation Meterological Aids).
I assume the latter would be weather reports which could be VERY important (think microbursts downing planes).
There's also 2900-3000 which is labeled "Maritime Radionavigation" which I'd assume wouldn't be terribly affected (not to many cell phones in the middle of the Atlantic.
According to my frequency allocation chart, the 4.2 to 6GHz band is reserved (dually with some other things) for 'Experimental PCS'. Perhaps they're worried about people running amok in 'their' band?
I don't know entirely how WPA works, but I know with most games you *can* use a keygen for most of the codes. If they are 'well-formed' and comply with their format then the game will accept it. However, only a select number of the 'possible' working keyset is actually *valid*, meaning it exists in their large database.
I would suspect that would be the case here; the question is whether or not that false key once accepted by the program is transmitted back to Microsoft for validation.
You don't have to optimize (e.g. remove bad code) if you do it right in the first place. :D
Kris,
:D However, there were guys there who, although they didn't know much about programming, wrote EXCELLENT and in-depth test procedures and saved my butt many a time. :)
I agree with you as well -- if I came across as 'QA should only be programmers' then I apologize; that was not my intent.
QA is more than just 'poking' at the program and seeing if it breaks. It's authoring test procedures, finding new and interesting ways to break the program, interacting with other developers and management, and a whole lot more. As a programmer I know I hated to write test procedures -- it is very very boring and as the complexity of what you are testing increases linearly the complexity of your test procedure increases exponentially.
However, we'd write up bugs such as "Inserting 32 characters in field XYZ on form 123 causes program to crash" which, in the grand scheme of things, could be viewed as either a "Show Stopper" (highest priority) or a "Do We Care/When We Have Time" sort of a bug. Considering adding range checking to a form is trivial giving QA clearance to fix that would result in a much better program (again provided the QA developers are qualified) and give the regular developers more time (since we'd find 30 or so of these things on a single form) to fixing the hard-core bugs or developing new features.
Correct, I didn't want to type a whole lot of C++ or whatnot, so I stuck to type-independant PHP. :D
:D
From talking to Zeev (author of Zend Engine) he said that there would be a slight performance hit to doing something like that (I assume it is as you said the reorg and such).
My style of programming is to keep excessive things like that to a minimum because 10ms more might not seem like much until your program (or in this case, web page) is hit 100 times a second.
Fallacy 9: Programming is About Date Structures and Algorithms
I'll agree here, although I see it most in database design. With the advent of such super-fast DBs such as MySQL there has been a FLOOD of horribly written applications that utilizes them. For instance, you'll see every column defined as CHAR( 255 ), or every table prepended with AUTO_INCREMENT columns even when they are not necessary. Indexing is poor or non-existent, and tables are horribly in need of normalization.
Some finer points in design; I see some stuff like this a lot as well:
function bob( varlist ) { $var = $joe + 12345; return $var; }
You're wasting memory and such for the variable declaration and assignment, simply return $joe + 12345;.
Fallacy 12: We are Making Progress
- Progress in quality assurance has been remarkably slow
I used to work in QA for a software company and I wouldn't say that I was the worst programmer there, but I think the problem is that 90% of the QA staff WERE NOT PROGRAMMERS or didn't have access to the source. Basically, QA reports bugs, they go into the queue, and then a developer, if they have the time when compared to all their code development, meetings and such, may have a chance to get to the bug. It would be nice if the QA staff, who may have software programming skills, would be allowed to be developers as well (e.g. all the rights of a developer but QA is their main focus). They attend the same dev meetings and such which gives them the insight to the architecture to allow them to fix bugs which have been approved by management.
So in effect, have two programming teams.
I would expect the ~10kg or so chopper laden with 45kg of weaponry wouldn't be able to get off of the ground, let alone fly. :D
Couple reasons why Sun still will be preferable to off-the-shelf, commodity Linux boxes for many a year (with or without Oracle's blessing) - and how to change it! (Disclaimer, we run Linux on our web and DB boxen and do NOT use Oracle (Sybase ASE in fact) and were burned by Sun in a deal we wanted for some 280's).
Banks and others with lots of cash have traditionally enjoyed the "Let's buy a couple really really big boxes and replicate them everywhere" mindset and I don't think that will change. Clustering is way cool but I am not convinced the TCO is far less to cause large customers to switch their entire mission-critical, multi-billion dollar a day transactional systems to Linux.
They will stay with what works for a long, long time. Why Larry's pronouncement of 'support' is interesting is that Linux is, for the most part, unsupported. Sun has hundreds (if not more) of engineers around the world on standby -- if your E10K goes down at 4AM they probably know about it before you do (since they have all sorts of neat things built in) and are already on the scene. With Linux? Not so much -- but Oracle is going to try and push the fears of 'what if it goes down at 4am!' out of their minds by saying "That's ok, we can fix it!". Linux and Intel need to offer much of the same features - I know Compaq has neat little remote monitoring cards with their servers, something like that which hooks into Linux and is a commodity (like video cards, or RAID cards, etc.) would help a lot.
Yes, there is an inherent 'single point of failure' with big boxes. That is why they 'cluster' (in name only and not a special type of software) by replicating all their data from their master to several slaves. Currently Sun platform usually has MORE than ample room for growth and you buy 3 E15Ks simply to have warm-standby machines in case the first goes down (and you can always use the other two as readers).
From a TCO standpoint it is far easier, faster, and cheaper to replace a single machine (under warrantee) than it is to have 20 small ones go down at night. Yup - you need to have redundant supplies on hand for the 'worst' situation - and if you have 100 Linux boxes in a nice array and an earthquake hits you now have to order 100 new boxes to replace your destroyed ones. Sun can get you a replacement (or replacements) installed and configured long before the first truckload of new PCs arrives.
Further, you have to configure and maintain 100 boxes vs. a small cluster of Sun machines. I haven't had much experience in large-scale clustered Linux systems but I would surmise that making a kernel change on 100 Linux boxes would take more time and $$ than to 3 Sun machines.
Plus, Sun's 64 bit architecture beats the pants off of Intel -- and in a large DB app you NEED that extra I/O (which is why a 220R with 450MHz x 2 CPUs will spank any dual Intel system out there). I have yet to see any head-to-head comparisons of Itanium and UltraSparc III, so perhaps Intel can rip that from Sun someday.
http://mcwhortle.com/mcwbldg.jpg
Couldn't they have done a better photoshopping job on that 'logo' on the side of the building? Or even better, since this website (like everything in the government) cost around 10X more expensive than it should have been to make I bet they could've afforded a simple 'iron-on' banner to place on the side of the building.
Incredi-mail XE: (most popular email client):0 -8 145731.html?tag=pop
h tm l?tag=ft
http://download.cnet.com/downloads/0-3356720-10
I wonder if it is at the file-owner's request? e.g. automagically add them to their mailing list or something?
Here is their privacy policy:
http://www.cnet.com/aboutcnet/0-13611-7-811039.
I wonder if "..when you use certain products or services.." speaks to the 'certain download' phenominon we're noticing.
Here is a URL to a suitable category: http://download.cnet.com/downloads/0-10063.html?ta g=dir
I think I understand your point, but I think given all the security holes, downtime caused by them, and overall bad vibes caused by Outlook it is not an unreasonable request.
Word is quite another thing since, for the most part, their holes have not caused near as many problems as Outlook and IIS have (several very reputable entities have stated 'Do not use IIS until it stops sucking'). Plus the replacements for Word are not, in general, better or easier to use/obtain.
I also was able to download a file from Download.com without registration.
Excellent -- I'll be sure to add that to my headers (well when I find an appropriate link of course ;)).
I read the english e-mail and he explains his position (I don't quite understand the hack though) -- rather than blocking totally Microsoft's client, why not make it display "This message would be readable if you used any other email client than Microsoft's. For a list of good clients, some of which are free, visit *url to Download.com or something*."
Same thing for anti-Microsoft mailing lists which disalow Outlook -- kindly inform anything other than Outlook is ok (due to security concerns, etc.) and provide a list of free or not-too-expensive email clients (or again a link to download.com and the like).
Sounds like a much better (and beneficial) use of time.
Our boxen all run 2.4.6 and it runs fine (at least for our web and database use). I don't run X or any of that other crap -- it's a production system and I can't see why people are talking about "how fast my window renders" on a prod box. 2.4.* is certainly a whole lot better than 2.2.* (on our SMP systems) so I think it is worth the upgrade to those who haven't done it yet. What is the accepted, 'stable as it is going to get' 2.4 kernel?
Prior to 1994, it was, yes. After then Microsoft took control and began turning it into their own product. It does offer many of the same features, language (TSQL), stored procedures, etc. as Sybase does. From what I understand either 7.0 or 2000 was a 'total rewrite' of the DB code (of course retaining backwards compatability with previous versions).
An Apology To Sybase Customers: Oracle Will Never Give You A Million Dollars
m l
:D
"Oracle has issued a bold offer. They'll give a million dollars to any DB2, WebLogic or SQL Server user who switches to Oracle technology and fails to triple the performance of their website. Pretty impressive talk."
http://www.sybase.com/detail/1,6904,1015763,00.ht
Sounds like Sybase should have a "Sorry, we won't lie to you like Oracle did." campaign!
I mis-spoke -- I was referring to the hardware (and it is really expensive for a 2CPU system 280). How am I a troll?
That is correct -- which is why I said I'd want a SunFire 280 if we could afford it. :D The I/O is simply astounding -- I wouldn't want Solaris on x86 anyway. :)