Yes and no. Software can be better. The problem with viruses and worms is a fundamental trust issue. No matter how good the software is, if the users execute untrusted code and it contains something malicious then be it Linux, BSD, Windows, MacX or whatever they can cause problems.
We're entering a new era of the internet though. I'm in the security business and most of the more interesting attacks now are things that attack the fundamental trust model of the internet. Things that send faulty IP and TCP packets. Think about the algorithmic complexity attacks that were published a while back, simply by knowing the hashing algorithms you can create pathalogical cases where performance suffers; there isn't a software problem there it's a trust problem, the software works right and using more complex hashes doesn't exactly fix the problem it simply changes the worst case or reduces performance more uniformly. There is another attack where you twiddle TTLs on packets. With a 128KB line I can DoS a 10Mbit line simply by using good timing and sending packets with the right sequenced TTLs at the right time to create a pathalogical case for TCP where the server starts resending packets at a rate that can overflow their pipe; there isn't a fix for that, it's an attack against the very trust model of TCP/IP. You have to change the protocol, not the implementation but the actual protocol to fix it.
For computers to communicate that has to be an agreed upon protocol, if you attack that and do things outside of the protocol then problems occur and that's the trend for internet attacks anymore. Patch IE and Outlook, turn off DCOM and you'll still have an incredible amount of disruptive internet traffic.
There are two ways to approach this. We create some thick difficult to implement draconian protocol that will take 20 years to create and agree to and another 10 to get implemented correctly to replace TCP and IP. Think IPv6 only much more complex. Such a protocol may require verification and only trusted stacks may be allowed on the net (what does that mean for BSD and Linux? Or any other opensource? Only MS windows PCs on the internet because they have the only trusted protocol stack?) Or different internets will need to be responsible for policing themselves. They will need to install IDSes to monitor their traffic (rather than incoming traffic..) they will need to shut off inappropriate traffic, they will need to require licenses or special permission to do less chaste things like port scanning. And it creates an all together more big brothery feel and less trust in the actual technology because any particular activity could be seen as malicious and stopped at any time. People are already bitching about how many ISPs turned off some of the windows ports temporarily which people needed to do remote file sharing... (You could always establish a VPN...)
Personally, I'm starting to be more infavor of the ISPs monitoring their traffic and stopping it when it causes problems. I hate that but I think it's an easier problem to fix and deal with than fixing all of the bugs in software or fixing the protocols, that is assuming that there is an actual fix for the problems. The software needs to be better but it's an enormous problem space and it's foolish to think that the software producers aren't already working hard to make it better; software bugs have been a problem that has been studied and worked on since software has been around and we still produce buggy software even with the best and most costly software engineering methods. (The shuttle software has had bugs, the airbus flight control software in Ada has had major bugs, etc..) IDS technology on ther other hand is reaching a point where it can reliably recognize "odd" traffic and alert somebody to it.
I did time at IBM and in retrospect I can pretty much only praise the
operation. Didn't move as fast as I'd like in all respects but they
are a remarkable company. The biggest difference between IBM and the
mid-sized and small companies I've since worked for is that IBM
actually manages people. The management corps at IBM takes management
very seriously. In a Dilbert sort of way it sounds really funny and
it looks incredibly inefficient from time to time while you're working
in the trenches.
There are a lot of managers out there. A relatively few number of
them actually have any special training, most within IBM have special
training. An MBA alone doesn't turn you in to a good manager or
executive. IBM knows that and they have a process of creating good
managers and execs, just like the military has a process of creating
officers. People from the engineering career path decide to become
managers, they go through training than then they are managers. At
other companies it's an over night process, one day a guy is a senior
software engineer and the next he's a manager. Subsequently, the
MBAs I've had to deal with who weren't manager tended to be assholes
who thought of themselves in a completely different light that the
worker bees (just by virtue they should be paid more, drive a BMW and
give orders, not all of them but an alarming number of them were that
way) and those engineers come managers that I've worked with
desparately wanted a number to quantify employee performance without
actually knowing how the employees were doing. They either micro
managed and their employees could only ever fail because they "could
never do it as good as the boss" or they were left totally hands off
and the boss had no idea who did what, when or why. At IBM my bosses
trusted my judgement, they worked within that, they protected me, they
asked my advice on technical matters, they dealt with politics, they
were enablers and at the end of each year they had a pretty good idea
why I worked for them, what I brought to the table, how i needed to
improve and how I was of value; they knew the skill-set that I had and
at times they moved me to better match that or to grow those skills in
directions I desired. Also at IBM if you screw up, it goes to your
manager, you surf porn and it's your manager that hears about it and
sees the report, except for a few major offenses it's usually put in
to your boss' hands when you do something wrong. Who better knows
what the circumstances may be? Who better to judge your value to the
company when you screw up?
I think the classic example was a coworker who got caught drinking in
his car at lunch time. He was just sitting out there drinking from
the bottle, it was a flat violation of policy (I think booze is semi
okay at IBM now, they have beer at some functions) well as it turns
out his wife had left him the night before. He could have been fired,
HR at a midsized company may have just fired him. His manager had a
talk with him, gave him a repremand, explained that it can't happen
again and didn't fire him. Offered to get him enrolled in some
alchohol classes or rehab and at that point this person essentially
started to rebuild his life that had just been falling apart.
Now there are always problems, but IBM is a company that is built on
trust and when the right people are in the right places and the trust
is there they are a very very powerful company and a very difficult
company to compete with. They've been around nearly 100 years and I
expect them to be around another if they keep to these practices.
They are a company to emulate in many ways and the ways they manage
and trust their employees is one of them.
I think everyone would want that. It's good for IBM, it's good for
Apple and it's good for GCC. Problem is GCC has a lot of stuff to
support, hey move slowly. The last few years have been spent trying
to update the intermediate language so that they can do things like
SSA and IPO. It might be 2 or 3 years before GCC might have an
internal representation that could be used to perform some of the
optimizations that IBM's compiler does now. More to the point,
for marketing and what not it's important to realize the performance
of the G5 now rather than wait possibly years for GCC to integrate
IBM's work. Plus there isn't a done deal that the GCC team would even
integrate the work. Open64 has been public and nobody is boosting
stuff from it, it is also a very good compiler, there is just a lot
of religion in compiler writing circles.
CMU was worth it. Life is a piece o' cake. I don't remember so much as being challenged in the work place since then, it's always easier than school was.
I've wondered this for a while. There may be a kind of loop hole here. SCO has driven the cost of their stock up quite a bit with their recent actions. It essentially tripled in less than 3 months. That's what they are supposed to do for their shareholders. Of course they are also supposed to try to keep the company going and think long term.
At the same time SCO's cheifs are operating in a way that is almost certainly going to put the company out of business. Even if they have merrit, the way in which they are going about suing people and companies is pissing a lot of people off and IBM is an incredibly powerful company to make an enemy of. I'd think that if there are any serious or legitimate SCO shareholders left out there they would be putting together a law suit to change the company's actions for their own benefit. Even if they were to win they couldn't win a patent war with IBM.
If someone was running a blue chip fortune 500 company this way, they'd be fired, they'd have the SEC all over them and there would be an army of shareholders ready with hang them. Now someone above posted a link to a Salt Lake City newspaper that was bashing SCO, that's pretty much unheard of there, they take their local companies seriously and support them quite a bit. Maybe they are looking at those 300+ people that SCO is going to be putting out of a job here directly.
Oh it's better than that. So IBM who has I don't know how many patents, serveral thousand a year for as long as I can remember, decides to list off 4 patents which nicely cover SCO's most important products.
If they wanted an immediate injunction the thing to do would be to provide enough evidence that it looked really really likely that SCO violated a patent. IBM can win or lose these cases and then just list off some more, they can keep that up forever, or at least the part of forever that SCO will exist for.
Then they "open another front" as it is called in the legal biz. And they will start suing SCO in different jurisdictions. Funny thing here is IBM only needs to win in one place to gain immediate leverage. SCO has limited amount of money and should IBM shut their sales down it sends a dramatic shiver down the spines of their shareholders (the few that will still exist) and venture or whatever the fuck Canopy is. I believe that the military has spoke of these tactics in recent years. You cut off the air, cut off the food, confuse the hell out of your enemy, give them no where to run, and then you kill them.
There are a lot of things universities pay for and pass the bill on to you that you may never use. You may never go to the library, it's still there and it got paid for and it draws funds. You may never go to a football game, chances are the school has a team and the facilities for them and you pay for a chunk of that. The list goes on, deal.
I was just marvelling at the new Mandrake compiler RPMs and how they
now have C, C++, Objective-C, Ada(95), Fortran, Java and Pascal all
supported in there. Very cool. I don't know why, I haven't coded a
line of Pascal in over 10 years but it just feels right having a
pascal compiler sitting around. There are some programs that are
amazingly easy to read and write in pascal... I never seemed to have stack or buffer overflows in pascal..
I've thought about this a bunch over the last few years. IBM has the
PL series of languages. PL/S and PL/X were deamed "strategic" and as
such they were never standardized outside IBM, yet IBM continued and still continues to use them for different tasks. There are reams of
code written in them and REXX, another IBMism. Lucent has a dozen
languages for their own use. Modula-3 started as a DEC thing before
is was kind of opened to the world (damn beautiful language I might
add, if only more people used it and DECpaq-Hewlet relicensed the gcc
front-end code so we could integrate it..) MS has their BASICs and
now C#. And numerous other companies have found it either
advantageous or some engineer got it in his head that it was a good
idea for them to produce their own custom langauge and that they could
produce apps in it faster than by using off the shelf components. To
some degree I think it's true, you'd be surprised at some of the REXX
that holds the world together. I've kind of thought that it was time
for an OpenSource language of sorts, there is perl, python, ruby and
others but something that can be compiled in to real high performance
object code and something that helps us solve the problems we run in
to.
I'll tell you what I think would be killer, in my rambling sort of way. Syntax is key just
because people are picky about it, something java like would be
great. Make it a front-end to gcc, this gives it a sense of
credibility and support and a great optimizer and platform support. Build it so it can
easily link with C code. Give it bounds checking and type checking.
I thinking it will be very C like for the most part; have that light weight feel to it where you can see the opcodes that the compiler is going to produce as you write in it. Give it objects
and classes, but make it light weight on the syntax, building new classes in java requires a new file, doing it in C++ can be feel like lifting the titanic some times because it's proper to add headers as well as implementations. Then with the standard class library, it needs some
fundamental object classes like strings (I can't believe how long it
was for a standard C++ string class to exist, i've use about a dozen
different ones prior...) and sockets (make OpenSSL as close to a
boolean flag as you reasonably can...) probably some others I'm not
thinking of at the moment. Keep them lean and mean like they are in C
but beef up the areas of weekness. Some sort of regular expression
engine should be available also.
For example, strcpy shouldn't exist or there should be some kind of
type checking to verify that the inputs are indeed strings and it
allocates memory. memcpy is missing several arguments, notably the
source and destination sizes. I can probably list dozens of C and C++
problems are aren't language issues so much as library issues that
have realworld impact and cause real problems. Now the first class
objects that are passed in to strcpy or memcpy (whatever they get
called in this new language) could have the missing pieces of
information or the API can be built to support it. Basically, I'm
suggesting that we add the few instructions it takes to do bounds
checking, it's simple code to add to a c compiler. Let's get rid of
buffer overflows as much as we reasonably can with the under lying
language. Now if you want to do tricky shit with pointers then so be
it but if you use standard language constructs (functions will have in
and in-out parameters like the C++ & qualifier.) then you should be
pretty safe from buffer overflows. With good type checking and such w
I've wondered about this for years. In some circles they talk of the
near mystical powers the NSA must have and how they must be like 20
years more advanced than the private sector. Every time I've dealt
with the feds and IT stuff I'm amazed we're doing as well as we are
because it is such a cluster fuck.
Why should the NSA be any better? Why would the best of the best go
there when they can make a whole lot of money in the private sector?
I'm not just talking about the mathematicians, computer guys and
cryptographers either, you need the top notch managers to run those
groups and deal with the compartmentization that goes on while still
motivating and producing top quality results. I could see the
government rounding up geeks and math guys, I couldn't see them
cultivating that leadership or hiring much of it.
Honestly, I think their biggest thing is that they never get tired or
run out of resources. That's how the FBI caught the unabomber, they
just kept looking and looking and looking and then they got him.
There are textbook methods and approaches to security. Their ciphers
have looked like they simply follow them and are extremely
conservative and diligent.
Innovation hasn't stopped. Marc is just has some sour grapes... The
damning has been design oriented web with browser specific "coding,"
flash, and shockwave. It's stunted innvoation to an almost stand still but hasn't stopped it.
The beauty of HTML and the web is that is separated data from
presentation. Then the design community got involved and it's been
all down hill. They want to build the web as if it were a printed
document controlling everything. Result? A remarkable number of
sites that only handle IE and absolutely ugly html "code." Free Clue:
HTML ain't code, people.. I guess that's just a remnant from the care
free 1990's when life was good and you hired a bunch of psycology
majors and such to do "coding" because there weren't enough software
engineers to do the work.
I'm not even sure where to start with shock and flash... It would be
nice if there were some standards. I hold Netscape largely
responsible for "plugins" that have allowed this type of
bastardization of the web. I don't know if I'd go so far as too call
that shit innovation. The way I see it we had a beautiful and simple
way to make data accessable, then we started taking steps backward and
instead if making it easily accessable flash/shock/others made it
harder to access, less accessable and accessable to a smaller group of
people. Throw the security considerations in and it's reall
unacceptable to expect somebody to download a plugin to access your
data. In today's world I only accept shrink-wrapped binaries (since
I'm a linux user they also happen to be PGP/GPG signed by Redhat or
Mandrake) or source code. I'm sure as hell not downloading a fucking
"plugin" to watch your icons bounce on your webpage. Thanks netscape!
I agree to some degree innovation slowed down, because we've taken
steps backwards. I'm not saying the web needs to be plain and ugly,
and with HTML4+ and XHTML and SVG and the different standards
there are lot's of ways to make it more attractive looking. We've
taken huge steps backwards because we've placed look above function
and made the web a one vendor place where IE is king. It's just now
getting back to when mozilla and opera and mac and linux users have a
legitimate browser to view with.
Why settle? This is even more cut and dry, you downloaded or made available copyrighted materials you have no right to distribute. They could download it and have records of it.
The smartcard thing is a little more complex as there are legitimate uses for programming smartcards; "testing" directv just isn't one of them.
I think the RIAA goes guns-a-blazing at some schools and a few examples and get's the desired effect by throwing some pirates in jail or sued for for $100+k
If you're cheating in the carpool lane then you get a $1000 ticket.
If you pass on shoulders or exit ramps (you know as soon as there is
lane to the right, if for only 200feet, the people who use it to move
up a position or 2) you get a $1500 fine. If you drive in the left
lanes less than the speed limit, you get a $1200 fine. If you drive
aggressively you get a $2000 fine. If you cut across 3 lanes of
traffic you can get a $1000 fine. Then they need some kind of fair
warning merge law, it is completely unacceptable to speed by in the
other lane and then force your way in to the nicely organized line of
cars, it's like cutting in line and only slows everybody else down, I
tihnk that should be a $2500 offense. Just ratchet everything up a
couple notches and enforce the laws we have. Then maybe if they
invented a tent like device so they could block crashes from sight
then I think 90% of the problem would go away, people would still
have car problems but if the other million drivers on the road had
motivation to not drive and act like assholes then those problems
might not be so bad.
May sound draconian but it will solve the problem and make a shit load
more money than some stupid ebay cheaters pass.
There are a lot of reasons to be "unable" to find a job right now. He is clearly a very tallented individual, just like Theo de Raadt, and he is also a somewhat abusive, self-centered egomaniac.
You have to be willing to work with other people and do what someone else says to have a job, those aren't skills this guys has in great quantity.
At least it's GPLed, even though he didn't find a successor, someone else will take it over.
Re:Does anyone else think this plausible?
on
My Visit to SCO
·
· Score: 4, Interesting
Boies is in to testing legal limits these days. Lke the Florida
election stuff, I don't think he had an interest in Gore winning nor
did he think there was a bulletproof case, it was vague and he wanted
the law clarified.
Same thing here, SCO is taking a very loose and general definition of
derivative works. I doubt that any version of AIX is much of a
derivative of SysV, then to go above and beyond that and try to call
deriviatives of AIX technology SysV derivatives is legally
interesting. This is a company that has never shipped anything
remotely close to the technologies they are calling derivative. I
think the courts will rule as expected in this case and the matter
will be clear. I could understand if SCO was shipping something kind
of Solaris like and IBM was taking AIX code derived from that solaris
like platform and adding it to Linux. At best SCO owns something not
that much more advanced than the OS project I did in college; in all
seriousness it's closer to Yalnix and NachOS than it is to AIX. There
probably isn't even a common data structure in it anymore.
Let's take this a little further. NT/2000/XP has BSD code and SysV
code in it, both in the networking stack and in the POSIX layer. It
has been radically altered and shares very little in common with the
initial code but those were the starting points. Does that mean IE
and DirectX and derivative works that SCO could in turn prevent MS
from doing something like porting to MacOSX which is a product that
competes with UNIX.
Sometimes I read stuff I just type and submit and think I'm retarded or blasted on drugs or something. Other times I look back and can't believe the intelligent oratory I supposedly typed up.
Of course Linux is a bit big. Unless you have to make some hardware work, like USB or Firewire or something then Linux is way over kill.
I've built deployed embedded products from Linux, I've hacked the kernel to do it. It's a fabulous platform for a lot of that stuff. Do you want it in a cell phone? Probably not yet. It probably saved man years of time going with Linux to do the storage and networking rather than implement it outselves on some dime store RTOS and hundreds of thousands of dollars to not buy implementations from other parties. It's a kill embedded platform for the 21st century, "embedded" is changing in a lot of ways.
It does the same. In the hapck timeframe there were tar.Z files with compress but they had shoddy compression and zip and arj and lha were better, hpack kicked it up another notch with the unit compression that rar and jar (arj's son) and numerous other archivers use now.
Essentially the same as tar.gz though. You're right.
Any of you dogs ever use hpack? Peter Gutmann wrote it, he's also the guy who wrote most of PGP2.x. It has builtin PGP encryption. It was the first "archiver" to have the innovative "unit" compression where all of the files are compressed with the same dictionary or window, instead of compressing each file individually and then appending the compressed files together. Good stuff. It's been sort of dead though.
While this has nothing to do with the war.. It does have to do with the fact that the GPS system is property of the US DoD. They can turn it off if they want to.
They probably won't and it would cause a big headache if they did but they can. For things like avionics (you know how many planes you GPS as a secondary set of gauges now? All of them?) and consumer electronics it makes sense to have a secondary system in place.
I tend to believe the US system will be functioning and supported long passed the death or a Eurpoean one but for the interim it will be nice to have some choice and a secondary system.
Slashdot Mirror
We're entering a new era of the internet though. I'm in the security business and most of the more interesting attacks now are things that attack the fundamental trust model of the internet. Things that send faulty IP and TCP packets. Think about the algorithmic complexity attacks that were published a while back, simply by knowing the hashing algorithms you can create pathalogical cases where performance suffers; there isn't a software problem there it's a trust problem, the software works right and using more complex hashes doesn't exactly fix the problem it simply changes the worst case or reduces performance more uniformly. There is another attack where you twiddle TTLs on packets. With a 128KB line I can DoS a 10Mbit line simply by using good timing and sending packets with the right sequenced TTLs at the right time to create a pathalogical case for TCP where the server starts resending packets at a rate that can overflow their pipe; there isn't a fix for that, it's an attack against the very trust model of TCP/IP. You have to change the protocol, not the implementation but the actual protocol to fix it.
For computers to communicate that has to be an agreed upon protocol, if you attack that and do things outside of the protocol then problems occur and that's the trend for internet attacks anymore. Patch IE and Outlook, turn off DCOM and you'll still have an incredible amount of disruptive internet traffic.
There are two ways to approach this. We create some thick difficult to implement draconian protocol that will take 20 years to create and agree to and another 10 to get implemented correctly to replace TCP and IP. Think IPv6 only much more complex. Such a protocol may require verification and only trusted stacks may be allowed on the net (what does that mean for BSD and Linux? Or any other opensource? Only MS windows PCs on the internet because they have the only trusted protocol stack?) Or different internets will need to be responsible for policing themselves. They will need to install IDSes to monitor their traffic (rather than incoming traffic..) they will need to shut off inappropriate traffic, they will need to require licenses or special permission to do less chaste things like port scanning. And it creates an all together more big brothery feel and less trust in the actual technology because any particular activity could be seen as malicious and stopped at any time. People are already bitching about how many ISPs turned off some of the windows ports temporarily which people needed to do remote file sharing... (You could always establish a VPN...)
Personally, I'm starting to be more infavor of the ISPs monitoring their traffic and stopping it when it causes problems. I hate that but I think it's an easier problem to fix and deal with than fixing all of the bugs in software or fixing the protocols, that is assuming that there is an actual fix for the problems. The software needs to be better but it's an enormous problem space and it's foolish to think that the software producers aren't already working hard to make it better; software bugs have been a problem that has been studied and worked on since software has been around and we still produce buggy software even with the best and most costly software engineering methods. (The shuttle software has had bugs, the airbus flight control software in Ada has had major bugs, etc..) IDS technology on ther other hand is reaching a point where it can reliably recognize "odd" traffic and alert somebody to it.
There are a lot of managers out there. A relatively few number of them actually have any special training, most within IBM have special training. An MBA alone doesn't turn you in to a good manager or executive. IBM knows that and they have a process of creating good managers and execs, just like the military has a process of creating officers. People from the engineering career path decide to become managers, they go through training than then they are managers. At other companies it's an over night process, one day a guy is a senior software engineer and the next he's a manager. Subsequently, the MBAs I've had to deal with who weren't manager tended to be assholes who thought of themselves in a completely different light that the worker bees (just by virtue they should be paid more, drive a BMW and give orders, not all of them but an alarming number of them were that way) and those engineers come managers that I've worked with desparately wanted a number to quantify employee performance without actually knowing how the employees were doing. They either micro managed and their employees could only ever fail because they "could never do it as good as the boss" or they were left totally hands off and the boss had no idea who did what, when or why. At IBM my bosses trusted my judgement, they worked within that, they protected me, they asked my advice on technical matters, they dealt with politics, they were enablers and at the end of each year they had a pretty good idea why I worked for them, what I brought to the table, how i needed to improve and how I was of value; they knew the skill-set that I had and at times they moved me to better match that or to grow those skills in directions I desired. Also at IBM if you screw up, it goes to your manager, you surf porn and it's your manager that hears about it and sees the report, except for a few major offenses it's usually put in to your boss' hands when you do something wrong. Who better knows what the circumstances may be? Who better to judge your value to the company when you screw up?
I think the classic example was a coworker who got caught drinking in his car at lunch time. He was just sitting out there drinking from the bottle, it was a flat violation of policy (I think booze is semi okay at IBM now, they have beer at some functions) well as it turns out his wife had left him the night before. He could have been fired, HR at a midsized company may have just fired him. His manager had a talk with him, gave him a repremand, explained that it can't happen again and didn't fire him. Offered to get him enrolled in some alchohol classes or rehab and at that point this person essentially started to rebuild his life that had just been falling apart.
Now there are always problems, but IBM is a company that is built on trust and when the right people are in the right places and the trust is there they are a very very powerful company and a very difficult company to compete with. They've been around nearly 100 years and I expect them to be around another if they keep to these practices. They are a company to emulate in many ways and the ways they manage and trust their employees is one of them.
Amen. Nothing at all wrong with that. In fact it's how captialism is supposed to work. More importantly, you're not breaking laws and not stealing.
cough.. db2. cough
You watch, oracle will be looking at MSSQL and DB2 will bitch slap them silly.
I think everyone would want that. It's good for IBM, it's good for Apple and it's good for GCC. Problem is GCC has a lot of stuff to support, hey move slowly. The last few years have been spent trying to update the intermediate language so that they can do things like SSA and IPO. It might be 2 or 3 years before GCC might have an internal representation that could be used to perform some of the optimizations that IBM's compiler does now. More to the point, for marketing and what not it's important to realize the performance of the G5 now rather than wait possibly years for GCC to integrate IBM's work. Plus there isn't a done deal that the GCC team would even integrate the work. Open64 has been public and nobody is boosting stuff from it, it is also a very good compiler, there is just a lot of religion in compiler writing circles.
CMU was worth it. Life is a piece o' cake. I don't remember so much as being challenged in the work place since then, it's always easier than school was.
Isn't it? Texas longhorns are cows aren't they?
At the same time SCO's cheifs are operating in a way that is almost certainly going to put the company out of business. Even if they have merrit, the way in which they are going about suing people and companies is pissing a lot of people off and IBM is an incredibly powerful company to make an enemy of. I'd think that if there are any serious or legitimate SCO shareholders left out there they would be putting together a law suit to change the company's actions for their own benefit. Even if they were to win they couldn't win a patent war with IBM.
If someone was running a blue chip fortune 500 company this way, they'd be fired, they'd have the SEC all over them and there would be an army of shareholders ready with hang them. Now someone above posted a link to a Salt Lake City newspaper that was bashing SCO, that's pretty much unheard of there, they take their local companies seriously and support them quite a bit. Maybe they are looking at those 300+ people that SCO is going to be putting out of a job here directly.
If they wanted an immediate injunction the thing to do would be to provide enough evidence that it looked really really likely that SCO violated a patent. IBM can win or lose these cases and then just list off some more, they can keep that up forever, or at least the part of forever that SCO will exist for.
Then they "open another front" as it is called in the legal biz. And they will start suing SCO in different jurisdictions. Funny thing here is IBM only needs to win in one place to gain immediate leverage. SCO has limited amount of money and should IBM shut their sales down it sends a dramatic shiver down the spines of their shareholders (the few that will still exist) and venture or whatever the fuck Canopy is. I believe that the military has spoke of these tactics in recent years. You cut off the air, cut off the food, confuse the hell out of your enemy, give them no where to run, and then you kill them.
There are a lot of things universities pay for and pass the bill on to you that you may never use. You may never go to the library, it's still there and it got paid for and it draws funds. You may never go to a football game, chances are the school has a team and the facilities for them and you pay for a chunk of that. The list goes on, deal.
I've thought about this a bunch over the last few years. IBM has the PL series of languages. PL/S and PL/X were deamed "strategic" and as such they were never standardized outside IBM, yet IBM continued and still continues to use them for different tasks. There are reams of code written in them and REXX, another IBMism. Lucent has a dozen languages for their own use. Modula-3 started as a DEC thing before is was kind of opened to the world (damn beautiful language I might add, if only more people used it and DECpaq-Hewlet relicensed the gcc front-end code so we could integrate it..) MS has their BASICs and now C#. And numerous other companies have found it either advantageous or some engineer got it in his head that it was a good idea for them to produce their own custom langauge and that they could produce apps in it faster than by using off the shelf components. To some degree I think it's true, you'd be surprised at some of the REXX that holds the world together. I've kind of thought that it was time for an OpenSource language of sorts, there is perl, python, ruby and others but something that can be compiled in to real high performance object code and something that helps us solve the problems we run in to.
I'll tell you what I think would be killer, in my rambling sort of way. Syntax is key just because people are picky about it, something java like would be great. Make it a front-end to gcc, this gives it a sense of credibility and support and a great optimizer and platform support. Build it so it can easily link with C code. Give it bounds checking and type checking. I thinking it will be very C like for the most part; have that light weight feel to it where you can see the opcodes that the compiler is going to produce as you write in it. Give it objects and classes, but make it light weight on the syntax, building new classes in java requires a new file, doing it in C++ can be feel like lifting the titanic some times because it's proper to add headers as well as implementations. Then with the standard class library, it needs some fundamental object classes like strings (I can't believe how long it was for a standard C++ string class to exist, i've use about a dozen different ones prior...) and sockets (make OpenSSL as close to a boolean flag as you reasonably can...) probably some others I'm not thinking of at the moment. Keep them lean and mean like they are in C but beef up the areas of weekness. Some sort of regular expression engine should be available also.
For example, strcpy shouldn't exist or there should be some kind of type checking to verify that the inputs are indeed strings and it allocates memory. memcpy is missing several arguments, notably the source and destination sizes. I can probably list dozens of C and C++ problems are aren't language issues so much as library issues that have realworld impact and cause real problems. Now the first class objects that are passed in to strcpy or memcpy (whatever they get called in this new language) could have the missing pieces of information or the API can be built to support it. Basically, I'm suggesting that we add the few instructions it takes to do bounds checking, it's simple code to add to a c compiler. Let's get rid of buffer overflows as much as we reasonably can with the under lying language. Now if you want to do tricky shit with pointers then so be it but if you use standard language constructs (functions will have in and in-out parameters like the C++ & qualifier.) then you should be pretty safe from buffer overflows. With good type checking and such w
Surely you can't count the Mach based kernels as "BSD"
Why should the NSA be any better? Why would the best of the best go there when they can make a whole lot of money in the private sector? I'm not just talking about the mathematicians, computer guys and cryptographers either, you need the top notch managers to run those groups and deal with the compartmentization that goes on while still motivating and producing top quality results. I could see the government rounding up geeks and math guys, I couldn't see them cultivating that leadership or hiring much of it.
Honestly, I think their biggest thing is that they never get tired or run out of resources. That's how the FBI caught the unabomber, they just kept looking and looking and looking and then they got him. There are textbook methods and approaches to security. Their ciphers have looked like they simply follow them and are extremely conservative and diligent.
The beauty of HTML and the web is that is separated data from presentation. Then the design community got involved and it's been all down hill. They want to build the web as if it were a printed document controlling everything. Result? A remarkable number of sites that only handle IE and absolutely ugly html "code." Free Clue: HTML ain't code, people.. I guess that's just a remnant from the care free 1990's when life was good and you hired a bunch of psycology majors and such to do "coding" because there weren't enough software engineers to do the work.
I'm not even sure where to start with shock and flash... It would be nice if there were some standards. I hold Netscape largely responsible for "plugins" that have allowed this type of bastardization of the web. I don't know if I'd go so far as too call that shit innovation. The way I see it we had a beautiful and simple way to make data accessable, then we started taking steps backward and instead if making it easily accessable flash/shock/others made it harder to access, less accessable and accessable to a smaller group of people. Throw the security considerations in and it's reall unacceptable to expect somebody to download a plugin to access your data. In today's world I only accept shrink-wrapped binaries (since I'm a linux user they also happen to be PGP/GPG signed by Redhat or Mandrake) or source code. I'm sure as hell not downloading a fucking "plugin" to watch your icons bounce on your webpage. Thanks netscape!
I agree to some degree innovation slowed down, because we've taken steps backwards. I'm not saying the web needs to be plain and ugly, and with HTML4+ and XHTML and SVG and the different standards there are lot's of ways to make it more attractive looking. We've taken huge steps backwards because we've placed look above function and made the web a one vendor place where IE is king. It's just now getting back to when mozilla and opera and mac and linux users have a legitimate browser to view with.
The smartcard thing is a little more complex as there are legitimate uses for programming smartcards; "testing" directv just isn't one of them.
I think the RIAA goes guns-a-blazing at some schools and a few examples and get's the desired effect by throwing some pirates in jail or sued for for $100+k
May sound draconian but it will solve the problem and make a shit load more money than some stupid ebay cheaters pass.
You have to be willing to work with other people and do what someone else says to have a job, those aren't skills this guys has in great quantity.
At least it's GPLed, even though he didn't find a successor, someone else will take it over.
Same thing here, SCO is taking a very loose and general definition of derivative works. I doubt that any version of AIX is much of a derivative of SysV, then to go above and beyond that and try to call deriviatives of AIX technology SysV derivatives is legally interesting. This is a company that has never shipped anything remotely close to the technologies they are calling derivative. I think the courts will rule as expected in this case and the matter will be clear. I could understand if SCO was shipping something kind of Solaris like and IBM was taking AIX code derived from that solaris like platform and adding it to Linux. At best SCO owns something not that much more advanced than the OS project I did in college; in all seriousness it's closer to Yalnix and NachOS than it is to AIX. There probably isn't even a common data structure in it anymore.
Let's take this a little further. NT/2000/XP has BSD code and SysV code in it, both in the networking stack and in the POSIX layer. It has been radically altered and shares very little in common with the initial code but those were the starting points. Does that mean IE and DirectX and derivative works that SCO could in turn prevent MS from doing something like porting to MacOSX which is a product that competes with UNIX.
Sometimes I read stuff I just type and submit and think I'm retarded or blasted on drugs or something. Other times I look back and can't believe the intelligent oratory I supposedly typed up.
I've built deployed embedded products from Linux, I've hacked the kernel to do it. It's a fabulous platform for a lot of that stuff. Do you want it in a cell phone? Probably not yet. It probably saved man years of time going with Linux to do the storage and networking rather than implement it outselves on some dime store RTOS and hundreds of thousands of dollars to not buy implementations from other parties. It's a kill embedded platform for the 21st century, "embedded" is changing in a lot of ways.
Essentially the same as tar.gz though. You're right.
Any of you dogs ever use hpack? Peter Gutmann wrote it, he's also the guy who wrote most of PGP2.x. It has builtin PGP encryption. It was the first "archiver" to have the innovative "unit" compression where all of the files are compressed with the same dictionary or window, instead of compressing each file individually and then appending the compressed files together. Good stuff. It's been sort of dead though.
Your comment is the crux of the issue, some people don't care and others do care.
I'd argue that opting out of having email isn't an acceptable solution.
They probably won't and it would cause a big headache if they did but they can. For things like avionics (you know how many planes you GPS as a secondary set of gauges now? All of them?) and consumer electronics it makes sense to have a secondary system in place.
I tend to believe the US system will be functioning and supported long passed the death or a Eurpoean one but for the interim it will be nice to have some choice and a secondary system.
I'm not sure what their fiskle health is but it isn't great. This may be MS's way of making sure that the lawsuit happens.