The company I work for has around twenty licenses for RedHat Enterprise Linux, and I know they're not going to adopt RHEL 4.0 anytime soon. Half of their servers still run RedHat 7.1, due to in-house application stability problems with Apache 2.0 and Perl 5.8.
errr....
# rpm -q redhat-release-as apache perl redhat-release-as-2.1AS-4 apache-1.3.27-8.e nt perl-5.6.1-37.1.99ent
In your opinion, I write a lot of C and never write for() directly... most of the "for loops" in linux actually look like "foo_foreach(head, p) {".
for (ptr = head; ptr != NULL; ptr = ptr->next) {}
And then someone adds free(ptr); at the end of the loop (which is three pages down)... and once a month everything goes to hell (and it takes man months, at least, to fix it). Compare this to the "obvious" while() code...
but you can't honestly believe that going from HTML 2.0 to 4.0 would account for a program that uses an order of magnitude more resources
Well firefox uses XUL which isn't exactly cheap... but sure, going from simple HTML to the latest HTML+CSS2 (with copious do the right thing on crap input guesses) is certainly going to add a lot of overhead.
No, Linux isn't perfect. If I wanted real, super stability, I'd probably switch to BSD.
1996 called and they want their catch phrase back.
*BSD isn't perfect either, it's just different (unless someone you know has done a study:). That's no bad thing, in it's own way... but just because it's harder/different doesn't mean it's better (and you there in the back with the debian shirt on, you sit down too).
Let's say I've got my own law degree and I think I can handle the case myself, what other costs are there?
The problem is you are wrong if you think that. A large suit doesn't have one lawyer on the either side (buried in paperwork has a real connotation here) and the lawyers they do have don't work alone.
So if you had a bunch of lawyers and their staff, and computers, and somewhere to work, and technical experts, and travel, and Fedex services, and... all for free, then sure you'd be IB^H^H fine.
A normal web server could be limited to port 80/443... but a browser probably couldn't, unless your users didn't care about web server running on non-std. ports (there are more than a few). And I'm not sure how useful it would be (most of the DDOS attacks are against port 80 anyway).
And I'm also not positive that SELinux will easily let you limit the outbound ports (I'd assume it's possible, but...).
OK can you clarify how SELinux prevents spam bots? I understand you can block BSD socket connect() / sendto()/etc for a process but how do you run your web browser in that case?
In theory the web browser can be running in a "browser role", which allows network connections while the user doesn't have access to that privilage. However I doubt it would be useful in practice, as all the desktop apps. even down to gedit would most likely also need network access... so you'd just exploit one of them (Ie. you'd be turning X unprivilaged applications into privilaged ones).
There's also the problem of making the entire OS still usable at that level of lockdown and given that current SELinux "usable" modes have a lot of privilage problems (Ie. cp -a foo ~/public_html doesn't work anymore because httpd won't be able to open those files), it's going to be a long time getting there.
It's worse than that, the above code isn't std. C (Ie. portable). You can often get away with it, due to the way the compilers layout the arrays... but for C the only way you can do it is with:
. for (i = 0; i < 4; i++)/* skipping one */ . . for (j = 0; j < 10; j++) . . { . . . x[i][j] = '\n'; . . }
Anybody know why Linux went for the spin lock approach? What are the relative merits?
AIUI, the reason is that spinlocks are much faster for locking small pieces of code, when the locks aren't congested. While sleepinglocks are better when one or both of these isn't true.
So given that you want both of these to be not true anyway (so you can have more code running on more procs), using spinlocks isn't a problem.
The same idea is also shown where in *BSD you have a heirarchy of interupts, vs. the stop the world interupts in Linux.
A true free market has no regulation, no government imposed laws. Therefore Microsoft wouldn't have a monopoly because copyright wouldn't exist. So you seem to be arguing for some kind of "free" market where large corporations are protected, but the little guy can still be screwed... have fun with that.
Re:!Windows Emulator, Wine Is Not an Emulator.
on
Does Linux Have Game?
·
· Score: 1
Wine is as much a Windows emulator as Lesstif is a Motif emulator (it's not, it's a drop-in replacement.. just like Wine is a drop-in replacement for the actual Windows API).
You wouldn't call Mono a.NET emulator would you?
Actually I might with lesstif, it often doesn't work and almost noone develops things for it directly (is nedit it). The things that might make me think otherwise are that there is some kind of standard with Motif, so in theory compatibility could be very high... and there already were multiple implementations of Motif. And maybe the fact that you have to recompile your code to use lesstif.
Mono isn't because people are writting GTK# applications etc. directly for Mono, and AIUI without windows.forms it's very compliant.
In the same way I'm inclined to say Wine is an emulator, because noone writes applications for Wine. They write them for win32 and then hope that Wine emulates the binaries perfectly... which it often doesn't.
If a thread throws an exception or crashes in Windows, it is simply killed off without causing the application to crash.
In theory this is true in Unix as well, but if the thread crashed or got an exception it wasn't expecting how do you "know" that the memory space of the other threads aren't damaged. Also in theory even though you can allocate mutexes etc. in a way that they'll be released when this happens... you weren't expecting it to happen and in theory theory and practice are the same.
IE and Explorer (the Windows shell) is architecturally basically the same as khtml and KDE. WebCore is a bit less advanced and pervasive, mainly because it's a lot less mature.
That's not true, if konq/khtml dies the panel doesn't die... and you can remove khtml, certainly the mozilla KDE-part work shows that it's not that hard to replace it. You can also mix and match with GNOME, fvwm, etc.
Also as the Windows interface progressed they re-wrote large bits that worked perfectly well, seemingly just to require html rendering (I mean why did the login box and control panel need to be html rendered?)
You can maybe argue that some of it was just sloppy software eng. given insane time limits (they were years behind netscape, and had to catchup quickly). However more than a little of it smacks of forcing it down developers/users throats... I guess after you see/hear of so many obviously illegal things "Never ascribe to malice that which can be adequately explained by stupidity." starts to wear thin.
Redhat Enterprise ES, not sure about the IT/CRM/BZ number, this is our company account number with Redhat, right?
No, those are support system numbers. BZ == bugzilla.redhat.com (but you shouldn't be working with BZ directly, you probably use something off: https://www.redhat.com/apps/support/
Yes flat group file (the default/etc/groups and gshadow).
While still bad, that's a little more understandable. Most people use NIS or LDAP for any non-simple installation, so the flat file code isn't in production as much for "large" data sets like yours.
Apart from that nothing looks abnormal with your installation.
How about a non-primary group of a thousand users?
Redhat Enterprise 3 update 3 release; utilities segfault around 100 users. I have asked redhat and they don't have an answer (its been 4 months)
Are you trying to use a flat groups file for this? What level of support do you have? What is your IT/CRM/BZ number? What is your support person saying (people don't generally pay money for no responses... although obviously Red Hat can't fix everything).
Certainly utilities Segfaulting is bad, however as far as I know the only limitation is on the number of groups a uid can be in at once.
Re:If this were Trek...
on
Bayesian Tail
·
· Score: 1
I do this kind of thing all the time, allow me to share...
There are a few obvious things you can do, like avoiding unbounded reads, trimming down your strings, validating your input, etc., but who's going to think twice about calling fd_set()?
No, you'd just avoid using select() altogehter... because it's annoying as hell anyway, poll() is much easier to write with, and to optimize. As are the newer epoll/kqueue etc. which are also much faster, for most cases.
It's the same with other things, you don't "just validate your C style strings"... you have real ADTs that don't have major security problems if you read NIL bytes off the network, or need to add data to the end of the string.
He's probably a programmer or support engineer, in which case he likely makes a salary that comes out to around $40 to $80 per hour. After take-home, that's still half a dozen to a dozen paperbacks.
Sure a "programmer or support engineer" make 83,200 to 166,400 a year... of course they do. And of course, in this magic world, they don't pay: tax; healthcare; retirement; martgage... or indeed any debts. So obviously they can spend it all on those quite reasably priced books and DVDs.
Here's how it works:
The data is cached in advance (think of it as "buffering" only it does it hours in advance - while you're sleeping, maybe).
OR, they could just start seeding the bittorrent blocks as the show airs. And with the right tools on the user side you could start watching it within 5 to 10 minutes of the show starting... and ta da, no DRM needed.
If you're implying that DRM is so wonderful, and would never be used to do anti-consumer things that it'd be better to have it and get the show 10 minutes earlier, then I have a bridge to sell you.
Studies have shown that, with the exception of abusive situations, the break-up of an unhappy marriage usually leads to happier parents, but severely depressed children.
Which studies... the ones I've heard about generally involve mid to low level income families, with (mostly) two married parents on one side and single parents on the other. Income alone would be a major factor here (and I'm sure there are lots of samples of homosexual mutli-parent families in the US -- with adoption laws etc. against them). And again... if two parents are better than one, why not three or four... or an entire community? Christian morality is the only thing trying to argue for two heterosexual parents from where I'm standing.
The individual who benefits the most from a stable marriage is the child of said couple. People can survive with one parent, but there is no greater force for giving somebody a shot at a happy and rewarding life than two loving parents who have committed themselves to living, raising children, and growing old together.
I call bullshit christian retoric. There's certainly no greater force for three miserable people than two parents staying together "for the good of the child". You also assume that if they get divorced they will somehow love their children less? Or that one parent is obviously better than that same parent plus a fuckwit.
Also, if more is better, why is two the magic number? Apart from christian cult teachings, it would seem obvious that you'd want as many people from the community as possible involved in the childs development.
I think Linus is being a bit too dismissive towards Solaris.
With good reason though, IMO.
Sure it's not going to completely crush Linux like McNealy wants to believe, but if it ends up being good enough
First you have to define "it ends up being good enough", is it the "new" features, the community, the HW support or the willingness of customers to pay for something Sun has already discontinued once.
The new features mostly seem like bad design (yeh, throw LVM out the window, we'll just shoe horn it all into the FS). The community doesn't seem like it needs a 6th free Unix like OS, and if they did I doubt most of them would want it from Sun. I've heard nothing about better HW support, so I assume that's how many new people will be willing to pay for it.
it could slow down the growth of Linux and become a major competitor on x86.
Again, which growth? Slow down (and maybe reverse some) wall street convertion from Solaris to Linux... maybe. If they have 100% compatability (Ie. including bug compatability and undocumented corner cases) between Solaris 9 on sparc and Solaris 10 on x86, I could see some customers paying for that... in the short term.
But I can't see any real penetration outside of that. You've got a better brand, better marketing buzz, better ISV support, better IHV support, and multiple vendors selling you packages you can move between and about 1000% better usability on Linux.
In the long term Solaris is the new betamax and is going to suffer the same fate.
Assuming I'm billing myself out at my absolute rock-bottom rate of $25 per hour... a movie is half an hour's work for me.
Here's a free clue, you don't get to spend all of that $25. I'm guessing you get about $16... and then a non-trivial amount of that will be taken in essential bills (food, housing, etc.). So it's much more likely that you are working a couple of hours for that single movie.
Here's another free clue, not everyone get's paid as well as you do.
Not that I recommmend copying stuff, it's just helping the bad guys. However the current pricing of entertainment is certainly too high... and wouldn't be sustainable if it wasn't for illegal price fixing.
Blanket statements like this (and like "Goto is evil") do nothing to help improve the quality of software as we know it. strcat() is not evil. Using strcat on uncontrolled/unmonitored input on buffers whose memory allocation we are unsure of IS.
Blanket statements like "wheels should be round" do nothing to help improve the advancement of cars? Or maybe not so much.
Sure, often blanket statements stop people from doing good as well as bad things... but even that isn't such a bad thing. In the case of strcat() or say strncpy() it is easy to prove that something else is always better, even if it's just a simple wrapper around memcpy() or memmove().
But it's also fair to say that NIL terminated "C strings" are a terrible idea for humans. Too much information needs to be kept inside the programer's head, and a single mistake has too high a price.
Of course, being the huge Apache Runtime fan that I am, I would write something like this myself in most "real" cases: [snip poor usage of apr_pstrncat()]
Of course I, on the other hand, wrote my own web server which uses a string library and doesn't directly manage buffers, mainly because I was updating apache every few months from the latest remote exploit.
And while testing it saw a client die because it was using something like what you posted for each header that was returned by the server... return a lot of headers and exponential memory growth is a nice DOS remote exploit.
Feel free to read the thread, Red Hat removed "Alleged Content Scrambling System. It is believed to be interoperable with CSS of the DVD Copy Control Association." from the tarballs they ship... Ie. a known broken cypher, thrown in just to piss the MPAA off and get them to start suing people... unsuprisingly Red Hat has more money than OpenBSD.
Slashdot Mirror
errr....
In your opinion, I write a lot of C and never write for() directly ... most of the "for loops" in linux actually look like "foo_foreach(head, p) {".
And then someone adds free(ptr); at the end of the loop (which is three pages down) ... and once a month everything goes to hell (and it takes man months, at least, to fix it). Compare this to the "obvious" while() code...
...which is then changed and is much easier to spot (the ptr change is near the last usage), and can easily be changed to...
...and let's not forget someone putting a "continue" in, without checking what the for() loop does automatically.
Well firefox uses XUL which isn't exactly cheap ... but sure, going from simple HTML to the latest HTML+CSS2 (with copious do the right thing on crap input guesses) is certainly going to add a lot of overhead.
1996 called and they want their catch phrase back.
*BSD isn't perfect either, it's just different (unless someone you know has done a study :). That's no bad thing, in it's own way ... but just because it's harder/different doesn't mean it's better (and you there in the back with the debian shirt on, you sit down too).
The problem is you are wrong if you think that. A large suit doesn't have one lawyer on the either side (buried in paperwork has a real connotation here) and the lawyers they do have don't work alone.
So if you had a bunch of lawyers and their staff, and computers, and somewhere to work, and technical experts, and travel, and Fedex services, and... all for free, then sure you'd be IB^H^H fine.
A normal web server could be limited to port 80/443 ... but a browser probably couldn't, unless your users didn't care about web server running on non-std. ports (there are more than a few). And I'm not sure how useful it would be (most of the DDOS attacks are against port 80 anyway).
And I'm also not positive that SELinux will easily let you limit the outbound ports (I'd assume it's possible, but...).
In theory the web browser can be running in a "browser role", which allows network connections while the user doesn't have access to that privilage. However I doubt it would be useful in practice, as all the desktop apps. even down to gedit would most likely also need network access ... so you'd just exploit one of them (Ie. you'd be turning X unprivilaged applications into privilaged ones).
There's also the problem of making the entire OS still usable at that level of lockdown and given that current SELinux "usable" modes have a lot of privilage problems (Ie. cp -a foo ~/public_html doesn't work anymore because httpd won't be able to open those files), it's going to be a long time getting there.
AIUI, the reason is that spinlocks are much faster for locking small pieces of code, when the locks aren't congested. While sleepinglocks are better when one or both of these isn't true.
So given that you want both of these to be not true anyway (so you can have more code running on more procs), using spinlocks isn't a problem.
The same idea is also shown where in *BSD you have a heirarchy of interupts, vs. the stop the world interupts in Linux.
A true free market has no regulation, no government imposed laws. Therefore Microsoft wouldn't have a monopoly because copyright wouldn't exist. So you seem to be arguing for some kind of "free" market where large corporations are protected, but the little guy can still be screwed ... have fun with that.
Actually I might with lesstif, it often doesn't work and almost noone develops things for it directly (is nedit it). The things that might make me think otherwise are that there is some kind of standard with Motif, so in theory compatibility could be very high ... and there already were multiple implementations of Motif. And maybe the fact that you have to recompile your code to use lesstif.
Mono isn't because people are writting GTK# applications etc. directly for Mono, and AIUI without windows.forms it's very compliant.
In the same way I'm inclined to say Wine is an emulator, because noone writes applications for Wine. They write them for win32 and then hope that Wine emulates the binaries perfectly ... which it often doesn't.
In theory this is true in Unix as well, but if the thread crashed or got an exception it wasn't expecting how do you "know" that the memory space of the other threads aren't damaged. Also in theory even though you can allocate mutexes etc. in a way that they'll be released when this happens ... you weren't expecting it to happen and in theory theory and practice are the same.
That's not true, if konq/khtml dies the panel doesn't die ... and you can remove khtml, certainly the mozilla KDE-part work shows that it's not that hard to replace it. You can also mix and match with GNOME, fvwm, etc.
Also as the Windows interface progressed they re-wrote large bits that worked perfectly well, seemingly just to require html rendering (I mean why did the login box and control panel need to be html rendered?)
You can maybe argue that some of it was just sloppy software eng. given insane time limits (they were years behind netscape, and had to catchup quickly). However more than a little of it smacks of forcing it down developers/users throats ... I guess after you see/hear of so many obviously illegal things "Never ascribe to malice that which can be adequately explained by stupidity." starts to wear thin.
No, those are support system numbers. BZ == bugzilla.redhat.com (but you shouldn't be working with BZ directly, you probably use something off: https://www.redhat.com/apps/support/
While still bad, that's a little more understandable. Most people use NIS or LDAP for any non-simple installation, so the flat file code isn't in production as much for "large" data sets like yours.
Apart from that nothing looks abnormal with your installation.
Are you trying to use a flat groups file for this? What level of support do you have? What is your IT/CRM/BZ number? What is your support person saying (people don't generally pay money for no responses ... although obviously Red Hat can't fix everything).
Certainly utilities Segfaulting is bad, however as far as I know the only limitation is on the number of groups a uid can be in at once.
I do this kind of thing all the time, allow me to share...
No, you'd just avoid using select() altogehter ... because it's annoying as hell anyway, poll() is much easier to write with, and to optimize. As are the newer epoll/kqueue etc. which are also much faster, for most cases.
It's the same with other things, you don't "just validate your C style strings" ... you have real ADTs that don't have major security problems if you read NIL bytes off the network, or need to add data to the end of the string.
Sure a "programmer or support engineer" make 83,200 to 166,400 a year ... of course they do. And of course, in this magic world, they don't pay: tax; healthcare; retirement; martgage ... or indeed any debts. So obviously they can spend it all on those quite reasably priced books and DVDs.
OR, they could just start seeding the bittorrent blocks as the show airs. And with the right tools on the user side you could start watching it within 5 to 10 minutes of the show starting ... and ta da, no DRM needed.
If you're implying that DRM is so wonderful, and would never be used to do anti-consumer things that it'd be better to have it and get the show 10 minutes earlier, then I have a bridge to sell you.
Which studies ... the ones I've heard about generally involve mid to low level income families, with (mostly) two married parents on one side and single parents on the other. Income alone would be a major factor here (and I'm sure there are lots of samples of homosexual mutli-parent families in the US -- with adoption laws etc. against them). And again ... if two parents are better than one, why not three or four ... or an entire community? Christian morality is the only thing trying to argue for two heterosexual parents from where I'm standing.
I call bullshit christian retoric. There's certainly no greater force for three miserable people than two parents staying together "for the good of the child". You also assume that if they get divorced they will somehow love their children less? Or that one parent is obviously better than that same parent plus a fuckwit.
Also, if more is better, why is two the magic number? Apart from christian cult teachings, it would seem obvious that you'd want as many people from the community as possible involved in the childs development.
With good reason though, IMO.
First you have to define "it ends up being good enough", is it the "new" features, the community, the HW support or the willingness of customers to pay for something Sun has already discontinued once.
The new features mostly seem like bad design (yeh, throw LVM out the window, we'll just shoe horn it all into the FS). The community doesn't seem like it needs a 6th free Unix like OS, and if they did I doubt most of them would want it from Sun. I've heard nothing about better HW support, so I assume that's how many new people will be willing to pay for it.
Again, which growth? Slow down (and maybe reverse some) wall street convertion from Solaris to Linux ... maybe. If they have 100% compatability (Ie. including bug compatability and undocumented corner cases) between Solaris 9 on sparc and Solaris 10 on x86, I could see some customers paying for that ... in the short term.
But I can't see any real penetration outside of that. You've got a better brand, better marketing buzz, better ISV support, better IHV support, and multiple vendors selling you packages you can move between and about 1000% better usability on Linux.
In the long term Solaris is the new betamax and is going to suffer the same fate.
Here's a free clue, you don't get to spend all of that $25. I'm guessing you get about $16 ... and then a non-trivial amount of that will be taken in essential bills (food, housing, etc.). So it's much more likely that you are working a couple of hours for that single movie.
Here's another free clue, not everyone get's paid as well as you do.
Not that I recommmend copying stuff, it's just helping the bad guys. However the current pricing of entertainment is certainly too high ... and wouldn't be sustainable if it wasn't for illegal price fixing.
Blanket statements like "wheels should be round" do nothing to help improve the advancement of cars? Or maybe not so much.
Sure, often blanket statements stop people from doing good as well as bad things ... but even that isn't such a bad thing. In the case of strcat() or say strncpy() it is easy to prove that something else is always better, even if it's just a simple wrapper around memcpy() or memmove().
But it's also fair to say that NIL terminated "C strings" are a terrible idea for humans. Too much information needs to be kept inside the programer's head, and a single mistake has too high a price.
Of course I, on the other hand, wrote my own web server which uses a string library and doesn't directly manage buffers, mainly because I was updating apache every few months from the latest remote exploit.
And while testing it saw a client die because it was using something like what you posted for each header that was returned by the server ... return a lot of headers and exponential memory growth is a nice DOS remote exploit.
Feel free to read the thread, Red Hat removed "Alleged Content Scrambling System. It is believed to be interoperable with CSS of the DVD Copy Control Association." from the tarballs they ship ... Ie. a known broken cypher, thrown in just to piss the MPAA off and get them to start suing people ... unsuprisingly Red Hat has more money than OpenBSD.