Read DocBook XSL: The Complete Guide, a pretty good (and free, unless you want dead trees) book on how to use and customize the DocBook XSL stylesheets for web and print. Knowing both DocBook and a little XSLT before you start doesn't harm, though.
Ever hear of VMS?
Before my time. Heck, before my birth
So, when do you plan to get born? Are we invited to your first birthday?
You can still buy brand new OpenVMS systems. If you want to play with one, sign up for the free test drive program. Lots of fun toys to play with (not only VMS, also stuff like Red Hat on Itanium, HP-UX etc.).
The existence of the wayback machine pretty much proves that it can be done, doesn't it? Of course, it is inclomplete, but it doesn't restrict itself to the UK either.
Well, so what? Why would I care if Linux lags behind windows on the desktop of Joe Sixpack, if it is a better system for me? When did geeks get the impression that building systems for geeks would be somehow immoral?
There are already plenty desktop systems oriented to the stupid user. It's not neccessary that all other systems go that way, too.
That's certainly a good thing, but it raises the question of why they were there in the first place. I mean, everyone's known for ages that these are unsecure, and the manpage lists it a bug etc.
You realize that OpenBSD is not a clean-room reimplementation of Unix? Most of the code is probably simply ages old, probably older than strlcpy and friends, or the OpenBSD project itself. Obviously, there was a time where programmers thought gets would be a useful function...
Why should the customers pay the price (specifically in Microsoft's case)?
Why is Microsofts case any different than anybody elses? Note that I wrote about code that is proved correct, not about code with comparatively few bugs. You don't get that from Sun, IBM, OpenBSD or Dan Bernstein either.
Proving programs correct is difficult, you need programmers that are actually capable of it (not a commonly trained skill today), the development process is usually not exactly agile (you can, after all, only prove a program correct according to some complete and consistent spec, so you need that first - and "user stories" won't cut it) with all the well-known resulting problems etc. And you have to write your programs in a way that makes it possible to begin with (lest the halting problem bite you), so you can basically throw all your existing code away. Thus, producing it costs more money, and usually things become more expensive if they cost more to produce.
And I don't think that spending money will help Microsoft a lot. Their code base is just to big, non-modular and in huge parts written for the long gone world of single-user or "workgroup" lan computing where you can trust your peers - they would basically have to start all over from the beginning, and if they would do that, their problem would be time, not money. Even with nine women, you can't make a baby in one month.
By saying that security should fall to firewalls, etc., he is trying to shift responsibility from his company to the end user.
That would be true if that was all he said. He also talked about them making their code more secure. (I won't judge about this statements relation to reality here...)
Of course, even with bug-free code, you are not guaranteed to have a secure system. Your system may ship without any vulnerabilites whatsoever, but if you configure it to serve the password database via HTTP, you will be rooted. If lusers explicitly allow malicious code to execute (like they tend to do today), this code will do bad things. Security does need effort on both ends.
Perfect code is possible, but most customers are not willing to pay the price. You can write code that is provably correct, and this is regularly done in some fields (aviation, military and medicine come to mind). Just don't expect to be able to buy a provably correct operating system or word processor for a few hundred bucks anytime soon.
any time a BSD project achieves execllence we'll just see a proprietary vendor take the software, add three features, and start selling it. If they become established they start messing with the code to break compatibility with the free project, and the free project dies.
Actually no, the project doesn't die. At least this has never happened with any BSD-licensed project before, even though their code is reused in proprietary projects that are sometimes incompatible.
Of course, many developers that now use the GPL won't like their code ending up in a potentially incompatible proprietary product anyway, even without this aspect. Which is their good right, nobody is forced to like non-copyleft free software - but at least, they should dislike it for the right reason, not FUD.
Still doesn't help with online banking and encrypted IM. Transporting photons without changing their quantum states over a routable protocol could be tricky (and the "Qantum state over TCP/IP" RFC will probably not be ready for at least 5 months and a day.)
Not to defend Microsoft or anything, but try finding any huge IT company that doesn't hold any patents. AFAIK, the biggest patent portfolio is that of IBM, who don't seem to get a lot of flak for it, probably only because they realized that using code written by others under the GPL is good for them. Hell, even Donald Knuth held a software patent (which has expired), and he is the first to tell you how ridiculous they are.
The whole patent system is insane, especially regarding software patents. Companies have to live with that situation, and the only way to survive for them is to grab as many patens as they can, until sanity is restored on a broader scale. This really isn't something to bash Microsoft for.
This should work, but is trivial to remove if you have the source. Might be less trivial if you don't, but have decompiled something, which is what the linked article discuss.
Trivial even when compiled, just have to care more about the lengths of strings.
$ sed -e 's/Free Software Foundation/SCO Group. All rights reserved/'/usr/local/bin/bash >/usr/local/bin/scosh
$ chmod +x/usr/local/bin/scosh
$ scosh --version
GNU bash, version 2.05b.0(1)-release (i386-portbld-freebsd5.1)
Copyright (C) 2002 SCO Group. All rights reserved
Is that semi-analogous to a catch/throw statement?
It is more general. You can implement catch/throw with continuations (quite easily).
In many ways, continuations are the GOTO of functional programming - you can do just everything with it, but it's not guaranteed to improve readability.
It's a little like the odd/even minor number branches of the Linux kernel being developed in parallel. FreeBSD 5 is the development branch. While more stable than many other OSes, it is not recommended for production use yet - there is a lot of new functionality that has to thoroughly tested, and some things still change. AFAIK, the current plans are to declare the 5.x series the "stable" one is with the release of 5.3, ealier plans had 5.2 in that role (the current release is 5.1).
While FreeBSD 5.x is still maturing, the stable 4.x series continues to be actively developed (not only bugfixed). Hence the new 4.9 release. It's successor was released after 5.0 came out as well.
I somehow agree with the Apache/Samba argument. (I would perhaps even add the Gimp, although it obviously isn't too useful in a "data center") At least in my experience, these two have been more closely connected with Free Software/Linux in the mid/late 1990ies - stuff like Sendmail and Bind just happened to be Free as well, and run on Linux among other systems.
This has not much to do with technical issues, licenses, or importance for the net infrastructure. It was a cultural thing, these projects were flagships of something like a geek pride movement. Imagine geeks proudly proclaiming that they can write better software in their spare time, just because they freely choose to, than all corporate drones together could before. (Of course, these proclamations happend exclusivly in dark, dusty server rooms, so no non-geek ever heard of them;-)
It was a pretty cool time. Unfortunatly much of the spirit is lost. But the world is definitly a better place 10 years after that than it was 10 years before.
So if this software is belly up, why not find some 0 day elite hacker crooks to figure it out for a fee.
Maybe because it's illegal? Somebody does own the rights to the software (there basically is no way that nobody does). Granted, if this somebody would show up, he would have to stand in for the fake escrow, but would you buy software that depends on a cracked version of end-of-lifed software because the developer tells you that if you are sued because of this, the legal battle will be long and complicated?
As I understand it, Fujitsu develops their own chip compatable with the SPARC architecture.
Yep. Or, to be pedantic, Fujitsu has another implementation of the SPARC. There is nothing magic about Sun's one except that they invented the whole architecture. The SPARC is actually an open specification available to, and used by, others as well (for money, it's not that open...)
It would be a useful defense if spammers would routinely try to impersonate legitimate hosts by IP spoofing or something, but alas, they don't.
However, spammers routinely do try to turn ordinary personal broadband-connected PC's into spam-transmitting SMTP clients, and these would be machines that would not normally have a valid "SMTP Certificate" assigned to a static IP (if they have a static IP at all), and thus would not pass even the most basic trusted client certificate check.
They would either have one, or be otherwise trusted by their smarthost that has a valid certificate. If they wouldn't, they could not send legitimate mail either, and requiring $$ for a certificate for everyone that would want to use SMTP-talking tools like, say, Outlook, Evolution or mail-sending web forms would not be a very popular move (and would not help once everybody has paid). If you can send legitimate mail from a host, you can send spam from it once you have broken into it.
It might make it slightly easier to find the dork that had its box taken over to spammers, but simply using the IP address in the first Recieved-header usually works just as well.
The problem with this approach, and many others, seems to be that the goal is stated as "make life harder for spammers". That is easy. But the real goal should be "make e-mail usable again", without harming innocent users just as bad as spammers.
Sorry, I still don't get how certificates would make anything better. It is either the same kind of capitulation like this whitelisting is if you manage the certificates you trust yourself, or mostly useless if you depend on some root CAs - given that about 85% of the spam I get comes from machines that are technically allowed to send mail to me, but are an open proxy or relay or simply cracked, certificate validation buys you nothing.
It would be a useful defense if spammers would routinely try to impersonate legitimate hosts by IP spoofing or something, but alas, they don't.
Well, you apply other kinds of patches then, hopefully. Which also can break things and should be tested (even if both massively exploited holes and broken patches tend to be rarer).
I certainly didn't like patching OpenSSH on a machine I can only reach via SSH.
Slashdot Mirror
Read DocBook XSL: The Complete Guide, a pretty good (and free, unless you want dead trees) book on how to use and customize the DocBook XSL stylesheets for web and print. Knowing both DocBook and a little XSLT before you start doesn't harm, though.
This isn't the community of thousands of coders acting, its the companies that make money off their free work, and want to continue doing so.
You can still buy brand new OpenVMS systems. If you want to play with one, sign up for the free test drive program. Lots of fun toys to play with (not only VMS, also stuff like Red Hat on Itanium, HP-UX etc.).
But russian roulette is safe. And the chances to win are very high, too. I've never met anyone who lost, or was harmed in any way!
The existence of the wayback machine pretty much proves that it can be done, doesn't it? Of course, it is inclomplete, but it doesn't restrict itself to the UK either.
Maybe they were busy with their "security by repeated assertion" strategy before.
There are already plenty desktop systems oriented to the stupid user. It's not neccessary that all other systems go that way, too.
Proving programs correct is difficult, you need programmers that are actually capable of it (not a commonly trained skill today), the development process is usually not exactly agile (you can, after all, only prove a program correct according to some complete and consistent spec, so you need that first - and "user stories" won't cut it) with all the well-known resulting problems etc. And you have to write your programs in a way that makes it possible to begin with (lest the halting problem bite you), so you can basically throw all your existing code away. Thus, producing it costs more money, and usually things become more expensive if they cost more to produce.
And I don't think that spending money will help Microsoft a lot. Their code base is just to big, non-modular and in huge parts written for the long gone world of single-user or "workgroup" lan computing where you can trust your peers - they would basically have to start all over from the beginning, and if they would do that, their problem would be time, not money. Even with nine women, you can't make a baby in one month.
Of course, even with bug-free code, you are not guaranteed to have a secure system. Your system may ship without any vulnerabilites whatsoever, but if you configure it to serve the password database via HTTP, you will be rooted. If lusers explicitly allow malicious code to execute (like they tend to do today), this code will do bad things. Security does need effort on both ends.
Of course, many developers that now use the GPL won't like their code ending up in a potentially incompatible proprietary product anyway, even without this aspect. Which is their good right, nobody is forced to like non-copyleft free software - but at least, they should dislike it for the right reason, not FUD.
Still doesn't help with online banking and encrypted IM. Transporting photons without changing their quantum states over a routable protocol could be tricky (and the "Qantum state over TCP/IP" RFC will probably not be ready for at least 5 months and a day.)
The whole patent system is insane, especially regarding software patents. Companies have to live with that situation, and the only way to survive for them is to grab as many patens as they can, until sanity is restored on a broader scale. This really isn't something to bash Microsoft for.
Maybe he meant the first stable version of the 2.6 kernel, which should be around the 2.6.20 release.
$ sed -e 's/Free Software Foundation/SCO Group. All rights reserved/' /usr/local/bin/bash > /usr/local/bin/scosh /usr/local/bin/scosh
$ chmod +x
$ scosh --version
GNU bash, version 2.05b.0(1)-release (i386-portbld-freebsd5.1)
Copyright (C) 2002 SCO Group. All rights reserved
In many ways, continuations are the GOTO of functional programming - you can do just everything with it, but it's not guaranteed to improve readability.
While FreeBSD 5.x is still maturing, the stable 4.x series continues to be actively developed (not only bugfixed). Hence the new 4.9 release. It's successor was released after 5.0 came out as well.
Especially on a Mac, I guess?
This has not much to do with technical issues, licenses, or importance for the net infrastructure. It was a cultural thing, these projects were flagships of something like a geek pride movement. Imagine geeks proudly proclaiming that they can write better software in their spare time, just because they freely choose to, than all corporate drones together could before. (Of course, these proclamations happend exclusivly in dark, dusty server rooms, so no non-geek ever heard of them ;-)
It was a pretty cool time. Unfortunatly much of the spirit is lost. But the world is definitly a better place 10 years after that than it was 10 years before.
It might make it slightly easier to find the dork that had its box taken over to spammers, but simply using the IP address in the first Recieved-header usually works just as well.
The problem with this approach, and many others, seems to be that the goal is stated as "make life harder for spammers". That is easy. But the real goal should be "make e-mail usable again", without harming innocent users just as bad as spammers.
It would be a useful defense if spammers would routinely try to impersonate legitimate hosts by IP spoofing or something, but alas, they don't.
I certainly didn't like patching OpenSSH on a machine I can only reach via SSH.