Of course some of these have conflicting goals. For example, i want my phone small so i can take it with me anywhere. For my calculator, i want a good sized keyboard (required for really high-speed input) and if it's graphing i want a big screen also. The size of my calculator matters less to me because i don't need to take it everywhere i go, and when i do take it somethere i usually have a backpack or briefcase or whatever. The input piece is important and i don't think it can be replaced by voice (imagine a test enviroment or a floor of actuaries) or stylus (drawing a "2" takes longer than just pushing the "2" button). On screen keyboards just don't provide the necessary tactile feedback and if your goal is to make them as small as possible then it becomes difficult to use both hands (when doing high-speed calculations with an hp32s2 you most certainly use both hands) and you increase the likelyhood that you'll either miss the key you were trying for or unintentionally hit others. This is what HP has always done right: their push buttons are the best. Convergence is neat, but it shouldn't sacrifice usability.
...because it is an eXtensible markup langauge. The obvious benefit of this is that extensive modifications can be made to the data persistance format without breaking existing implmentations or resorting to the hacky/tacked-on features that so many graphics formats suffer from. Most data formats start off simple, and in comparison having to use an xml parser or compressor seems like unnecessary complexity. But five or ten years from now, after the unavoidable feature creep turns the format into an overly complex nightmare, the other things (xml,gzip) pale in comparison. What we're doing here is trying to learn from our past mistakes - managing the complexity - maybe we can even call it "progress". Also, having a format that explicitly describes itself is more secure. In a world where soo much data is simply a stream of bytes, dropping a single byte might result in undesired and undefined results. With xml if a byte is dropped it is immediately detected and appropriate steps can be taken. Systems operate on this data and when the data can be verified against itself it makes the system more secure and safe. Lastly, SVG contains text as data to be draw. Along with all the things above that xml gives you, you also get internationalized text handling thrown in for free. Disclaimer: i haven't used svg or even looked at the svg xml dtd, but i have used xml quite a bit, and am routinely forced to work on projects that were designed and implemented poorly and that had absolutly no mitigation plan for the complexity that would eventually make my life a living hell. I think someone once said "any skilled fool can increase complexity, but it takes a genius to remove it." I tend to be more lazy than anything else, so I try not to put the complexity there in the first place.
i have family members (not primary) that are "stock brokers", and most of them were saying the dot-com thing was insanity. mostly they complained about all the problems internet trading was causing (sure, they weren't unbiased). namely, people who did't know anything were pushing stock prices up irrationally. in fact, i remember them complaining about losing clients because they gave out conservative advice that didn't mesh with what everyone else *wanted* to hear. but of course the bubble lasted long enough that the weary borkers at the beginning may have been the same guys toward the end still yelling "buy, buy!"...
there is a saying that goes something like "anyone can add complexity to a system, but it takes a genius to remove it." Now, I've worked in programming long enough to know that most programmers are much more interested in "just getting it to work" than "removing complexity". In just about every other engineering field, unnecessary complexity is immediatly viewed as dangerous. Systems that are unnecessarily difficult to understand are bad - if for no other reason than they have more points of failure than is necessary. The internal cumbustion engine has been redesigned and reimplemented thousands of times - new complexity may be added, but the old is always removed. In programming the old is seldom, if ever, removed - the new ability is just hacked on. This isn't engineering, this is, well, um, hacking. It is about revisiting original design assumptions ad seeing which ones still hold. Y, DirectFb, Quartz Extreme, etc, all challenge the assumption that we need exposure events. If we don't, then *a lot* of unnecessary complexity can be removed and a more sound piece of engineering can be implemented. The same goes for color model (eliminating the indirection of a palette can be a good thing). In the commercial world, market pressures typically make it very difficult for software developers to engineer a decent product(we end up hacking). I would love to see open source developers show the world that there really is something called "software engineering".
I've been watching the whole X thing a long time, and what I think we need (as opposed to another windowing system) is a standard GUI API. One that anyone can implement anyway they choose. The Qt people would have their implementation and the the GTK people can have theirs. Y could be just another implementation of the same API. Of course we'd need some sort of governing body to guide the design of the API. But people like to hack, and if one particular system became more popular, people would just attempt to be compatible by using the same wire protocol or whatever and tack on an API to their liking.
They're not blaming the problems on an OS - they're blaming them on a lack of diversity. Bruce talks about this in his latest book, Beyond Fear. The topic of interest is called a "class break". The idea is that anytime you have a bunch of system sharing common security pieces you're increasing the chances that it will be attacked indirectly. For example, no one may be immediately interested in your secrets, but they might be interested in someone else's - and when that other system is attacked, yours is by indirection (since you share a common infrastructure). If the other system is compromised so is yours. The article was not about replacing windows with linux. It was about standards that would allow for a diverse universe of OSs. The security concept here is known as compartmentalization. If one type of OS is compromised, the others hopefully will not share enough in common such that they'd be compromised as well. Again, this was a call for more and better standards...
i don't know about that. to me the combination of selfish politicians and selfish corporations is going to lead to unregulated monopies, the result of which would be lazy corporations that ship over-priced, shody products. but who knows, maybe they'll be really efficient bastards.
about your privacy. they want to keep selling you dsl. most people have few actual uses for broadband. if most of sbc's dsl customers were suddenly too scared to download music or were forced to actually purchase music, they would most likely go back to hit'n the malls with their friends and go back to a 56k modem. it seems like basic economics here: you always want your complimentary products cheap (or in this case free). E.g. hardware people are always pushing to keep the software cheap and software people are pushing to keep hardware cheap.
i agree with you on many counts. my original post was aimed at the guy suggesting that schneier would prefer everyone use c/c++ instead of wussy languages such as java or vb. i don't think java is the answer either, just that it is a step in the right direction. as for your comment above, a jvm could easily give you a new block of memory, but an OS can also swap your entire app to disk, and when your c++ app wipes its memory this may not affect the blocks on disk. so, yes, there's still all kinds of progress to be made in the industry wrt to security.
Impossible? Not at all. The trick is to use arrays of bytes and characters instead of, say, the native string object (which is difficult to control as you say). I agree that both require the programmer to be extra careful, but it is unlikely that a sloppy programmer mistakenly using string objects is going to result in the same type of exploits that buffer overflows do. The point is that in c/c++ the mistakes you are capable of are far worse (in general than with higher-level language). I use c++ everyday, and everyday I wish the industry would adopt something better - i spent a lot of time cleaning up after people who haven't a clue.
If you've read any of his security stuff you'd know that he says that security is the combination of protection, detection, and reaction. At each stage you have to weigh the costs versus benefits. Bruce has simply said that he has weighed the cost of the protection and decided that the limited benefit he gets from locking his back door is not worth it. He's decided that anything short of encasing his house in steel is only going to add limited protection, so why bother. This doesn't mean that he hasn't implemented security measures in the other areas. For example, sensors on the doors and windows and perhaps motion detectors. Maybe he sleeps with all his doors and windows open because he likes a nice breeze, but he's got motion detectors through out his house and the monitoring company and police station is just down the street. He talked about his car alarm on his keychain, maybe his house alarm is also (mine is). We just don't know enough to be commenting on how a security expert could say such things.
Have you read any of Schneier's work? I am guessing here, but if your suggesting that Bruce would prefer a language like C/C++ to java (esp. w.r.t security) you're absolutely nuts. He's got a long rant in Practical Cryptography where he goes off on the industry as a whole for continuing to use (for thirty years) compilers/langauges that don't automatically do bounds-checking. He interprets such things as gross negligence on the part of the computer industry. If I guessed wrong, then please ignore this comment:)
maybe the chinese gov't does have more leverage than ms, but does it have more leverage than the us gov't + ms. i don't know, but lets not forget that it is the us gov't's job to put pressure on foreign gov'ts so that us companies get due consideration. don't forget: a major reason for invading iraq was because they sold all their oil contracts off to europe, and refused to do business with american companies. this is also why several european companies opposed the war and why the us lets north korea go on their merry way(no multi-billion dollar contracts involved - yet). i am not saying that the us is going to invade china, but the us did just recently lift an embargo. i wouldn't be surprised if for some "unknown" reason the chinese gov't reverses this decision, but they *have* to protect their industries as well, so who knows...? i would imagine this could get real messy.
How is "throughput computing" different than Intel's hyper-threading? It sounds very similar and hyper-threading is available today - as opposed to two years from now. I'll read the whitepaper tomorrow, just wanted to see if someone had an opinion...
I don't think they were trying to setup a network, just get a linux box to coexist on an existing windows network. This should not require reading anything. I should be able to plug my linux machine into the network and mount a remote share by browsing the network, right-clicking and selecting "mount" (or something). Similarly, I should be able to right click on a local directory and select "share" (after which the appropriate dialog would appear). It has to be this easy...
Well, Americans voted for the politicians that made the laws. And the English voted for the politicians that signed the treaties with America...As an American I should make my politicians aware that I am not fond of out IP laws, you should make your politicians aware that you are not fond of the IP treaties they've signed with the US (of course the US will respond with either an embargo or invasion). What really sucks are the non-democratic countries with which the US has treaties - these people really have no say. The truth is that the US only cares about democracy to the extent with which it aids the US owned multinational corporations in their ability to enter new global markets.
For work I use both linux (dell with mandrake) and XP (corporate dell desktop) and neither OS has crashed on me (although my linux box's hd died). Sure I get the stupid "an app has unexpectedly quit - would you like to send a report to ms" nonsense(which i never send), but the OS has never crashed. For the record, I use them both for c/c++ development and debugging. My biggest complaint with MS currently is how it still requires a reboot after some config changes or after i install/uninstall a new app. This is why my linux box's uptime will always be better than my xp box.
No. The RIAA represents the copyright holders. The copyright holders agree to let the RIAA do whatever is necessary to protect their rights. Essentially you can probably just think of the RIAA as the copyright holders. Copyright holders can trade or do whatever else they want to do with their own music.
"Import" is syntactic sugar - nothing more
on
LGPL is Viral for Java
·
· Score: 2, Informative
Import is provided so you don't have type out whole package names. It is a common misconception that it has something to do with linking. Everyone keeps saying things like "if you use import then...blah blah", but you don't have to use import - ever. You can just always use the fully qualified name: like "foo.myclass". Or you can say "import foo;" and simply refer to "myclass". That's it - no magic - it is more like a preprocessor. What about using reflection? hehe...
One of the problems is that MS has conditioned their customers to tolerate crappy software. As a result other companies can also get away with releasing software of poorer and poorer quality. In capitalism, it is all about what the market will bare, and currently it will bare bug-ridden software. And all the MBAs have been trained to push the envelope on what the market will bare. If they can get away with shorter release cycles and buggy products then you'd better believe that's exactly what they'll do...and hey, my stock options keep going up, so what do I care;)
I didn't see anything about this in the article or on their website (i didn't look too hard). Did anyone else find anything? They infer better than three "9"s of accuracy (31 bugs in 60k), but how much better? If I run their product on a project with millions of lines am I going to be chasing false positives all month? Are they finding bugs, possible bugs, or what? Sounds fishy to me...
I guess it all depends where you work. I work at a software company, and like just about every software company we compete with MS in one form or another. As a result, we have to seriously consider each and every time we choose to purchase something from MS because it is in our best interest *not* to fund our competition. Forcing the workforce to learn a slightly different email/collaboration client is a far smaller price to pay, esp. if you consider that if you're hirering high enough quality people they should be able to easily pick up a new tool. In the past, it was much more difficult to avoid funding MS to compete against you because the alternatives weren't great. With open source we have a decent alternative, and I think a lot of companies are going to wake up ("wait a sec? why are we sending thousands of dollars to MS every year??"). Ironically, in my company this idea is coming from the management (c*o)!, and is actually facing more resistence from engineering because they're the ones stuck in their ways technically - the marketting and sales people couldn't care less (all they do is check email and set up appointments, and whatever vertical customer tracking software they use).
Anyway, as MS enters more markets, they force more and more companies to compete with them and sooner or later we're all going to wake up and say whaaa?!
If sun will not do VM sharing, you will never see decent client applications written in java.
Just because you've never seen decent java client apps doesn't mean they don't exist - it means you've never seen them. I uses eclipse (uses SWT) daily and I seriously forget that I am using a java application. I've also written several client applications that use SWT and the users typically can't tell the difference between them and native windows apps. That's because visually there is *no* difference, and performance wise there isn't any either (clients avg computer is ~500mhz).
Slashdot Mirror
Of course some of these have conflicting goals. For example, i want my phone small so i can take it with me anywhere. For my calculator, i want a good sized keyboard (required for really high-speed input) and if it's graphing i want a big screen also. The size of my calculator matters less to me because i don't need to take it everywhere i go, and when i do take it somethere i usually have a backpack or briefcase or whatever. The input piece is important and i don't think it can be replaced by voice (imagine a test enviroment or a floor of actuaries) or stylus (drawing a "2" takes longer than just pushing the "2" button). On screen keyboards just don't provide the necessary tactile feedback and if your goal is to make them as small as possible then it becomes difficult to use both hands (when doing high-speed calculations with an hp32s2 you most certainly use both hands) and you increase the likelyhood that you'll either miss the key you were trying for or unintentionally hit others. This is what HP has always done right: their push buttons are the best. Convergence is neat, but it shouldn't sacrifice usability.
my wife, reading over my shoulder chuckled and then replied, "says the 300lb man sitting at his computer..."
...because it is an eXtensible markup langauge. The obvious benefit of this is that extensive modifications can be made to the data persistance format without breaking existing implmentations or resorting to the hacky/tacked-on features that so many graphics formats suffer from. Most data formats start off simple, and in comparison having to use an xml parser or compressor seems like unnecessary complexity. But five or ten years from now, after the unavoidable feature creep turns the format into an overly complex nightmare, the other things (xml,gzip) pale in comparison. What we're doing here is trying to learn from our past mistakes - managing the complexity - maybe we can even call it "progress". Also, having a format that explicitly describes itself is more secure. In a world where soo much data is simply a stream of bytes, dropping a single byte might result in undesired and undefined results. With xml if a byte is dropped it is immediately detected and appropriate steps can be taken. Systems operate on this data and when the data can be verified against itself it makes the system more secure and safe. Lastly, SVG contains text as data to be draw. Along with all the things above that xml gives you, you also get internationalized text handling thrown in for free. Disclaimer: i haven't used svg or even looked at the svg xml dtd, but i have used xml quite a bit, and am routinely forced to work on projects that were designed and implemented poorly and that had absolutly no mitigation plan for the complexity that would eventually make my life a living hell. I think someone once said "any skilled fool can increase complexity, but it takes a genius to remove it." I tend to be more lazy than anything else, so I try not to put the complexity there in the first place.
Cheers.
i have family members (not primary) that are "stock brokers", and most of them were saying the dot-com thing was insanity. mostly they complained about all the problems internet trading was causing (sure, they weren't unbiased). namely, people who did't know anything were pushing stock prices up irrationally. in fact, i remember them complaining about losing clients because they gave out conservative advice that didn't mesh with what everyone else *wanted* to hear. but of course the bubble lasted long enough that the weary borkers at the beginning may have been the same guys toward the end still yelling "buy, buy!"...
there is a saying that goes something like "anyone can add complexity to a system, but it takes a genius to remove it." Now, I've worked in programming long enough to know that most programmers are much more interested in "just getting it to work" than "removing complexity". In just about every other engineering field, unnecessary complexity is immediatly viewed as dangerous. Systems that are unnecessarily difficult to understand are bad - if for no other reason than they have more points of failure than is necessary. The internal cumbustion engine has been redesigned and reimplemented thousands of times - new complexity may be added, but the old is always removed. In programming the old is seldom, if ever, removed - the new ability is just hacked on. This isn't engineering, this is, well, um, hacking. It is about revisiting original design assumptions ad seeing which ones still hold. Y, DirectFb, Quartz Extreme, etc, all challenge the assumption that we need exposure events. If we don't, then *a lot* of unnecessary complexity can be removed and a more sound piece of engineering can be implemented. The same goes for color model (eliminating the indirection of a palette can be a good thing). In the commercial world, market pressures typically make it very difficult for software developers to engineer a decent product(we end up hacking). I would love to see open source developers show the world that there really is something called "software engineering".
I've been watching the whole X thing a long time, and what I think we need (as opposed to another windowing system) is a standard GUI API. One that anyone can implement anyway they choose. The Qt people would have their implementation and the the GTK people can have theirs. Y could be just another implementation of the same API. Of course we'd need some sort of governing body to guide the design of the API. But people like to hack, and if one particular system became more popular, people would just attempt to be compatible by using the same wire protocol or whatever and tack on an API to their liking.
They're not blaming the problems on an OS - they're blaming them on a lack of diversity. Bruce talks about this in his latest book, Beyond Fear. The topic of interest is called a "class break". The idea is that anytime you have a bunch of system sharing common security pieces you're increasing the chances that it will be attacked indirectly. For example, no one may be immediately interested in your secrets, but they might be interested in someone else's - and when that other system is attacked, yours is by indirection (since you share a common infrastructure). If the other system is compromised so is yours. The article was not about replacing windows with linux. It was about standards that would allow for a diverse universe of OSs. The security concept here is known as compartmentalization. If one type of OS is compromised, the others hopefully will not share enough in common such that they'd be compromised as well. Again, this was a call for more and better standards...
i don't know about that. to me the combination of selfish politicians and selfish corporations is going to lead to unregulated monopies, the result of which would be lazy corporations that ship over-priced, shody products. but who knows, maybe they'll be really efficient bastards.
about your privacy. they want to keep selling you dsl. most people have few actual uses for broadband. if most of sbc's dsl customers were suddenly too scared to download music or were forced to actually purchase music, they would most likely go back to hit'n the malls with their friends and go back to a 56k modem. it seems like basic economics here: you always want your complimentary products cheap (or in this case free). E.g. hardware people are always pushing to keep the software cheap and software people are pushing to keep hardware cheap.
i agree with you on many counts. my original post was aimed at the guy suggesting that schneier would prefer everyone use c/c++ instead of wussy languages such as java or vb. i don't think java is the answer either, just that it is a step in the right direction. as for your comment above, a jvm could easily give you a new block of memory, but an OS can also swap your entire app to disk, and when your c++ app wipes its memory this may not affect the blocks on disk. so, yes, there's still all kinds of progress to be made in the industry wrt to security.
Impossible? Not at all. The trick is to use arrays of bytes and characters instead of, say, the native string object (which is difficult to control as you say). I agree that both require the programmer to be extra careful, but it is unlikely that a sloppy programmer mistakenly using string objects is going to result in the same type of exploits that buffer overflows do. The point is that in c/c++ the mistakes you are capable of are far worse (in general than with higher-level language). I use c++ everyday, and everyday I wish the industry would adopt something better - i spent a lot of time cleaning up after people who haven't a clue.
If you've read any of his security stuff you'd know that he says that security is the combination of protection, detection, and reaction. At each stage you have to weigh the costs versus benefits. Bruce has simply said that he has weighed the cost of the protection and decided that the limited benefit he gets from locking his back door is not worth it. He's decided that anything short of encasing his house in steel is only going to add limited protection, so why bother. This doesn't mean that he hasn't implemented security measures in the other areas. For example, sensors on the doors and windows and perhaps motion detectors. Maybe he sleeps with all his doors and windows open because he likes a nice breeze, but he's got motion detectors through out his house and the monitoring company and police station is just down the street. He talked about his car alarm on his keychain, maybe his house alarm is also (mine is). We just don't know enough to be commenting on how a security expert could say such things.
Have you read any of Schneier's work? I am guessing here, but if your suggesting that Bruce would prefer a language like C/C++ to java (esp. w.r.t security) you're absolutely nuts. He's got a long rant in Practical Cryptography where he goes off on the industry as a whole for continuing to use (for thirty years) compilers/langauges that don't automatically do bounds-checking. He interprets such things as gross negligence on the part of the computer industry. If I guessed wrong, then please ignore this comment :)
maybe the chinese gov't does have more leverage than ms, but does it have more leverage than the us gov't + ms. i don't know, but lets not forget that it is the us gov't's job to put pressure on foreign gov'ts so that us companies get due consideration. don't forget: a major reason for invading iraq was because they sold all their oil contracts off to europe, and refused to do business with american companies. this is also why several european companies opposed the war and why the us lets north korea go on their merry way(no multi-billion dollar contracts involved - yet). i am not saying that the us is going to invade china, but the us did just recently lift an embargo. i wouldn't be surprised if for some "unknown" reason the chinese gov't reverses this decision, but they *have* to protect their industries as well, so who knows...? i would imagine this could get real messy.
How is "throughput computing" different than Intel's hyper-threading? It sounds very similar and hyper-threading is available today - as opposed to two years from now. I'll read the whitepaper tomorrow, just wanted to see if someone had an opinion...
I don't think they were trying to setup a network, just get a linux box to coexist on an existing windows network. This should not require reading anything. I should be able to plug my linux machine into the network and mount a remote share by browsing the network, right-clicking and selecting "mount" (or something). Similarly, I should be able to right click on a local directory and select "share" (after which the appropriate dialog would appear). It has to be this easy...
This may be the dumbest thing I've ever read on Slashdot. :)
really? haven't been reading long, have you
Well, Americans voted for the politicians that made the laws. And the English voted for the politicians that signed the treaties with America...As an American I should make my politicians aware that I am not fond of out IP laws, you should make your politicians aware that you are not fond of the IP treaties they've signed with the US (of course the US will respond with either an embargo or invasion). What really sucks are the non-democratic countries with which the US has treaties - these people really have no say. The truth is that the US only cares about democracy to the extent with which it aids the US owned multinational corporations in their ability to enter new global markets.
For work I use both linux (dell with mandrake) and XP (corporate dell desktop) and neither OS has crashed on me (although my linux box's hd died). Sure I get the stupid "an app has unexpectedly quit - would you like to send a report to ms" nonsense(which i never send), but the OS has never crashed. For the record, I use them both for c/c++ development and debugging. My biggest complaint with MS currently is how it still requires a reboot after some config changes or after i install/uninstall a new app. This is why my linux box's uptime will always be better than my xp box.
No. The RIAA represents the copyright holders. The copyright holders agree to let the RIAA do whatever is necessary to protect their rights. Essentially you can probably just think of the RIAA as the copyright holders. Copyright holders can trade or do whatever else they want to do with their own music.
Import is provided so you don't have type out whole package names. It is a common misconception that it has something to do with linking. Everyone keeps saying things like "if you use import then...blah blah", but you don't have to use import - ever. You can just always use the fully qualified name: like "foo.myclass". Or you can say "import foo;" and simply refer to "myclass". That's it - no magic - it is more like a preprocessor. What about using reflection? hehe...
One of the problems is that MS has conditioned their customers to tolerate crappy software. As a result other companies can also get away with releasing software of poorer and poorer quality. In capitalism, it is all about what the market will bare, and currently it will bare bug-ridden software. And all the MBAs have been trained to push the envelope on what the market will bare. If they can get away with shorter release cycles and buggy products then you'd better believe that's exactly what they'll do...and hey, my stock options keep going up, so what do I care ;)
I didn't see anything about this in the article or on their website (i didn't look too hard). Did anyone else find anything? They infer better than three "9"s of accuracy (31 bugs in 60k), but how much better? If I run their product on a project with millions of lines am I going to be chasing false positives all month? Are they finding bugs, possible bugs, or what? Sounds fishy to me...
I guess it all depends where you work. I work at a software company, and like just about every software company we compete with MS in one form or another. As a result, we have to seriously consider each and every time we choose to purchase something from MS because it is in our best interest *not* to fund our competition. Forcing the workforce to learn a slightly different email/collaboration client is a far smaller price to pay, esp. if you consider that if you're hirering high enough quality people they should be able to easily pick up a new tool. In the past, it was much more difficult to avoid funding MS to compete against you because the alternatives weren't great. With open source we have a decent alternative, and I think a lot of companies are going to wake up ("wait a sec? why are we sending thousands of dollars to MS every year??"). Ironically, in my company this idea is coming from the management (c*o)!, and is actually facing more resistence from engineering because they're the ones stuck in their ways technically - the marketting and sales people couldn't care less (all they do is check email and set up appointments, and whatever vertical customer tracking software they use). Anyway, as MS enters more markets, they force more and more companies to compete with them and sooner or later we're all going to wake up and say whaaa?!
In other news, IBM stock closes up.
If sun will not do VM sharing, you will never see decent client applications written in java.
Just because you've never seen decent java client apps doesn't mean they don't exist - it means you've never seen them. I uses eclipse (uses SWT) daily and I seriously forget that I am using a java application. I've also written several client applications that use SWT and the users typically can't tell the difference between them and native windows apps. That's because visually there is *no* difference, and performance wise there isn't any either (clients avg computer is ~500mhz).