OK, now I'll respond to the 2 vs. 7 post and i'll entitle it: "Lies, damn lies, and Statistics."
First off, you've got the kernel source, and anybody can look for bugs.
Second, you are encouraged to report bugs in linux so that they will be promptly fixed. Microsoft asks that you inform only them and if you tell the world, then Microsoft will likely get mad at you.
Third, what is the bug comparision total over the long term? A lot of the bugs you stated were similar and one was a vendor driver problem and only one gave the user root access.
In conclusion, bug count totals are meaningless when used in comparison, much like counting lines of code. They only speak of the quality of the code along with other factors.
The fact is linux is designed with security in mind, and windows is not. Even microsoft people say so. Linux is updated much more frequently than windows, and new kernel roll outs are simple. Windows is closed source and bugs reporting is discouraged and may be illegal under the DMCA.
I would then expect Linux to have more bugs reported, but that says nothing about the number of bugs present in windows. And as other posters have said the linux bugs are predominately unlikely to work remotely, and even if they did, only a couple are root cracks the rest are DOS bugs.
Those were all dead links. s/yro.slashdot.org/www.securityfocus.com
1.Linux Kernel 2.4 XDR handler routines for NFSv3 have been reported prone to a remote denial of service vulnerability.
The issue presents itself in the XDR handler routine contained in the nfs3xdr.c kernel source file. The issue is due to a signed/unsigned mismatch, when processing the size field of an XDR packet.
A remote attacker may exploit this issue to trigger a kernel panic and deny service to legitimate users of the system.
2.
A potential information disclosure vulnerability has been reported for the Linux/proc filesystem, specifically when invoking setuid applications. As a result, an unprivileged user may be able to read the contents of a setuid application's environment data. This could potentially, although unlikely, result in the disclosure of sensitive information, such as restricted file path information.
3.The Linux Kernel MXCSR handler code has been reported prone to an unspecified vulnerability.
The issue presents itself when low-level MXCSR kernel code encounters a malformed address. It has been reported that the MXCSR code fails to sufficiently handle malformed address data and will leave garbage in the CPU state registers.
Although speculative, it has been conjectured that this issue may allow an attacker to trigger a denial of service condition. Although unconfirmed other attacks may also be possible.
4.A vulnerability has been reported in the TTY layer that may result in a kernel panic.
The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.
5.
It has been reported that the Linux kernel does not properly handle a low volume flood of some types of traffic. Because of this, an attacker may be able to cause excessive consumption of resources and failure to route traffic.
6.
It has been reported that the Linux kernel does not properly handle some specific types of network traffic. Because of this, an attacker may be able to cause excessive consumption of resources with malicious TCP/IP packets, resulting in a denial of service.
7.
A vulnerability has been discovered in the ioperm system call for Linux. Due to a programming error, permissions may not be correctly configured on I/O ports used by a process. As a result, an unprivileged local user may be capable of reading and writing to I/O port addresses which they would not normally have access to.
8.
A vulnerability has been discovered in the Linux kernel which can be exploited using the ptrace() system call. By attaching to an incorrectly configured root process, during a specific time window, it may be possible for an attacker to gain superuser privileges.
The problem occurs due to the kernel failing to restrict trace permissions on specific root spawned processes.
This vulnerability affects both the 2.2 and 2.4 Linux kernel trees.
9.
Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers.
Frames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null (or other) bytes. Some device drivers do not do this adequately, leaving the data that was stored in the memory comprising the buffer prior to its use intact. Consequently, this data may be transmitted within frames across ethernet segments. As the ethernet frame buffer is allocated in kernel memory space, sensitive data may be leaked.
Cisco has state
"In Java, you'd have to define an interface and have all possible objects you're interested in registering with implement that interface."
Isn't this a good thing? Don't you want to think about everything that wants to use register()? What about the posibility of name-space clashing, i.e. that register() registers itself with an object that supports the register() but in a totally unexpected way, and was never intended to be used in this way?
I wouldn't say it's another level of abstraction, but rather a shortcut. One that is prone to unexpected behavoir. Java tends to not trust the programmer and forces the programmer to code in a standard fashion. This is why there isn't multiple inheritence and multiple parameter polymorphism. The java people consciously made this descision because they thought it would result in code that is cleaner, more readable, less prone to bugs. See here. Also java is getting templating, type-safe enums, and auto-boxing and a host of other features in version 1.5 "tiger" due out later this year.
If 2 languages have classes, inheritance, data-hiding, and polymorphism, I would say that they are at the same highness. Am I missing other features of python? I am not a python guru.
How is it higher than Java? What further levels of abstraction does Python offer that Java doesn't? Objection oriented languages are most often put at the same levels.
Furthermore, Python is more syntactically similar to Java than any other language (maybe perl). And the reason python takes less time is because it is an interpreter and not a virtual machive, unless you are using Jython, which is python inside the java vm. I do not think higher level means what you think it means. I suspect you are trying to make another point, or you don't know what you are talking about.
(heck, *I'm* using Win95 on my otherwise-just-a-terminal-to-the-Linux-server desktop because I need to run PageMaker)
Why don't you use win4lin or vmWare? I've tested both, and decided to go with win4lin because it worked as well as vmWare but cheaper. Dropping $90 bucks on win4lin still being able to run all of your windows apps makes linux migration that much easier.
This of course brings the cost of a linux install near the cost of a Windows upgrade, but the benefits of running linux while still having access to your legacy programs without reboot is worth it in my mind.
Ah, uploading, very good point. But that still does not affect the problem of figuring guilt behind the NAT. If my network has five people on it, who is guilty? What recourse do you have if you've narrowed it down to five people but have no physical or other hard evidence?
Also, many people never change the default passwords on their routers. There is security from the outside (remote administration not being turned on by default), but not from the inside. Simply http to 192.168.1.1, use nmap if it's not a common ip address and crack into the router. If you claim that your router, (or more likely your own computer) was hacked, it makes you look more guilty but if you are careful you may still throw enough doubt into the case.
The point is the ambiguity of ip addresses, (i mean someone could even hack routing tables and momentarily steal your ip address) will make it hard for the RIAA to win a lawsuit. Watch out with IPv6 when you have a collection of immutable personable registered addresses (quite possible down the line) and no real reason for NAT. Even so, how can you garuantee the path of a packet past your first hop router?
Mozilla is one of the biggest open source projects out there. Slashdot has lots of people that like open source stuff.
Mozilla is more than just a broswer, it's a runtime (Gecko Runtime Engine), GUI language (XUL),
bayesian mail client, html composer, etc.
People can actually contribute and test mozilla beta releases, as opposed to opera releases.
Mozilla is available on more platforms than opera, and is 7.2b2 even available on linux?
Mozilla has a 30% share of slashdot traffic, and thus is more directly popular with slashdot readers in general.
Re:alpha channel and transparency
on
Qt On DirectFB
·
· Score: 1
While transparency/translucentcy(TL) doesn't have much effect on single-document-interface programs, for me it does while using multiple programs, or conceptually MDI programs.
I know IDE's could use this to their advantage because there is so much on the screen in the first place. If done right, TL can increase the avaible information displayed on screen, especially if graphic indicators are used(as layering text windows becomes cluttered).
Also I find it usfull to check on the state of one windows (ie a console complilation) while using another and TL can do this almost unobtrusively.
It's true that it is mostly eye candy and features like virtual desktops and such actually do more, but I don't believe that is it totally useless.
Re:Before all the flamers get in.
on
Qt On DirectFB
·
· Score: 2, Interesting
Yes, I'd much rather have alpha channel transparency than remote display. I assume DirectFB has an alpha channel because it is so prominant on their screenshoot, but is it really or is it the fake freeX86 transparency?
This is the only piece of "eye candy" that I miss from XP/2000 and I find that it is actually useful. And why after all this time hasn't X gotten an alpha channel? It seems like a lot of poeple would like this feature. Plus it makes using a terminal soooo much easier on the eyes.
A lot of people I know who use linux, still dual boot with windows mainly for games and work/school networks. Connection with the latter is posibile in many cases, but not as easy as booting into windows and following simple directions.
In these cases people would buy stuff that worked for windows without checking if it worked for linux. By the time they know that linux wouldn't be supported, especially if they were mislead by the manufacturer for such support, the hardware in question was already in their hands.
These hardware components probably were past their return time and they are stuck with them. Rather than go out and buy new ones that have solid linux support, this guy writes his own and shares it so that others in his situation wouldn't have another "windows app" keeping them from linux.
If more people like this worked on hardware that had no solid linux drivers (whose numbers are dwindling steadily), linux becomes that much more of a "plug and play" system where everything "just works". Kudos to them.
Uhg... you're actually critiquing his post in comparision to an actual doctoral thesis? Come on now. He said it was an idea to pursue, not a fully structured and reviewed base of work. I though you were going to critique his idea and not the way in which he presented it. Christ, it's a post on freakin' Slashdot.
His wording is awkward, and has some misconceptions, but I think it would be an interesting topic to study bugs/user or study the relative stability of software used by lots of people as compared to few, or the actual cost of bugs when compared to the whole user population.
Maybe it's not enough content for a thesis, and certainly not the most elequent prose (i know my posts rarely are), and perhaps the idea is a little naive at first glance. But to say that he has no idea what he is talking about, just because it wasn't a formal presentation? That's why you got modded down.
Still baseless and [sic] dobious?
Yes, you still haven't directly contrasted any of his ideas other than that his statement didn't fit the guidelines of an actual PhD level thesis, which he probably had no intention of doing in the first place. That's why he called it an idea.
When stating that someone doesn't know what they are talking about, usually you point out which points were wrong and say why they were wrong instead of just putting up some bullshit and a sentence that states that, of course, you know what you are talking about.
Baseless acusations and dubious credibility will get you modded down quite quickly here. I suggest next time you back up your statement with some counterexamples or other evidence.
Are you by any chance a Microsoft certified systems engineer certified engineer?
Kinda like "K.I.S.S. stupid" or "GUI interface" or "
FSB bus" or "The XML Language" or "ROM memory" right? But a MCSECE?, I don't think I could've thought of a better one.
I resent that. I write good code. I only have two years of experience, but even before I graduated I was programming in an enterprise environment. I never had any critical bugs (those requiring immediate attention) and only one 'standard bug' to which there was a simple workaround.
My code was readible. I know, poeple told me it was after they had to pick it up when priorities were shuffled. I was never over a deadline and wrote automated test cases for each method in every class, in addition to UML/diagrams before and during development and documentation (java doc) during and after.
Don't feed me crap that says young people with work experience under five years can't write usable code. It's just not true. If I didn't write usable code, I would be fired. Plus, us entry level poeple are making 20k less than those with 7-10 years of experience. I am quite a bargin these days, and I see my friends taking salary jobs in the 35-45 range instead of the 45-65 range that those same jobs were giving just a few years ago.
Now, I'm not saying that young poeple are a little risky, because they are when compared to people with more experience. That's what contract-to-hire is. Give me three months of work and I'll show you that I can do everything those older guys can. If I can't, don't renew me.
There is a reverse agism for those just out of college these days and it's really starting to tick me off. I worked my ass off for my degree, and I know my shit. I didn't jump ship when the market crashed, and I'll be here ten years from now.
My work experience is in java, but most of my schooling was in C/C++ (i was a computer engineer and thus we did alot of systems programming) plus I've done some open source python and perl development. So don't tell me I'm another java cookie cut grad.
So get off your high horse because when the job market turns around and it becomes a job-seeker environment again, watch out because you'll have a lot of good cheap programmers waiting to take your position.
How about: A web browser that thinks its an irc client, email reader, etc, etc and the kitchen sink too.
Or: A completely bloated pile of horse shit.
<rant>I am tired of this comparision. Windows comes with IE and Outlook express tied closely together with the operating system. You wanna talk bloat? How about that IE is so bloated it has become unmaintainable and the next version will be a complete rewrite and will require the entire operating system. How's that for bloat? Windows pre-load most IE components so that it will "start" up faster, how's that for bloat when your browser is in memory and you can't easily take it out?
This is not a flame against IE and I am not a radical open source avenger, but the IE can be considered just as bloated as the bundled mozilla.
Now mozilla one the other hand, you can do a install that will just install the browser. Alternatively, use MozillaFirebird, which is a stripped down version of mozilla. And don't pull the "well firebird is only a.6 release" either. Firebird = cvs.mozilla.org. Mozilla trunk + mozilla/browser + mozilla/toolkit. Which means it is mostly comprised up of mature mozilla codebase.
The only thing that will hold explorer over mozilla is that some sites still design only to IE, when it would take just as much effort to design to W3C standards and be more acessable. If design towards standards and you test your design with both mozilla and IE, there is no reason your site/app will not work with any major graphical browswer out there (opera,khtml-based, etc.)</rant>
Um, take a closer read to the article. Like I posted here
Mircosoft was not only not mentioned, they were explicitly and exclusively not mentioned. There is a big difference. Instead of the reported saying that really only microsoft system are affected (like you would usually do), he stated the Mac's and *nixes are not.
Of course maybe the reporter wanted to stress the relative security of unix based systems, but I would still state that the windows crew took the brunt of the force of the attack. Anything less is mild and subtle disinformation, which I believe to me the most dangerous.
"The rogue program does not affect the Apple Macintosh line of computers or computers running variants of the Unix operating system."
Let's see, it doesn't affect Mac's or *nixes, what else is there? Why didn't they just say that it affected Windows systems only? The average person probably wouldn't put that together. It reminds me of that scene from the new austin powers movie when Dr. evil indirectly tells mini-me to go by telling everybody to get out, but then telling everybody but mini-me they can stay.
Really, I've never seen this before. Usually you report which systems were affected rather than the systems that weren't. What reason, other than ignorance, would the reporter have not to mention windows?
Well even intellegent PHBs may need some convincing that this lawsuit is crap and that adopting linux will not be a legal issue. Having people in the idustry come out and say that the suit is pretty much all about the bejamin's should do well to conter worries about the legal issues around linux.
This is a war of informed opinion against dis-information and FUD. I would like more idustry people come out and say what they think to allay the fears of those who only hear the FUD. Many have.
In the end though, you are right. This statement will be pretty meaningless to the lawsuit, but it is definately non-trival to linux advocates who are trying to damage control the SCO anti-linux fears.
Yeah, but it's like saying granite is soft compared to dimond. They wouldn't release it if it didn't have them same famous stability, but rather they're acknowledging that no recently released product is as stable as its tried and true predecesor.
Fortress America. Huh. Except that in every passing year economic realities and instant communication bring the world closer together. The US may be impregnable to force, but not to the Euro, Pound or Yen. It is ignorant to think our military allances even come close to helping us as much as our economic trading does.
As the world comes to depend more and more on each other for trade the monetary cost of severing this trade becomes prohibitively expensive. This is precisely the reason that we will probably never go to war with china. We buy too much of their stuff, and they buy alot of theirs too.
My prediction is that the US 'empire' won't collapse but it will rather 'emerge' into a world governing oganization much like the UN (only more powerful) along with Europe, and Asia and other first world countries. Already the economic state of most developed countries depend heavily on the economic well being of the US.(see great depression, 90's boom)
Also america is unmatched by other empires. After running the native americas and mexicans out, the US has not accuired much more land. It has not become (or has come out of) a territorial conquerer (Romans, Germans,France), colonial nation state (Britian), Ideological combatant and repressivist (USSR, China), or over extended itself beyond its capabilies.
Like it or not, but the world is now in an unparallel state of openness communication and interactivity. A large reason (but by no means all) is because of US influence.
Regular expressions dealing with escape characters are usually introduced in string literal example. Try matching
"something/"/n//like this"
I remeber doing this for my compiler design class and remember having it hurt my head at the time. If I was a teacher, or asking interviewees questions about regular expressions, the string literal question is about as hard as I would ask. I do belive this example is in this book, as it was in the first printing IIRC.
The thing with the string token is it's easier than comment because it's only one character. Besides, why would you need escape characters in comments?
Flawed? I suppose MS has a cleaner spec? MS created a browser that allowed developers to be lazy and use very convuluted code. MSIE trys to say, 'look, i think i know what this guy is trying to say, so I'll try to do it'. But languages shouldn't need to be guessed at. There has to be one spec and it should be consise and unequivicable. That's what the W3C gives us. Can the W3C improve on it's spec, yes. It will listen from imput across the industry.
And as oppose to developing for MS why not develop to the W3C? They are the maintainers of the HTML spec. Not microsoft.
Slashdot Mirror
OK, now I'll respond to the 2 vs. 7 post and i'll entitle it: "Lies, damn lies, and Statistics."
First off, you've got the kernel source, and anybody can look for bugs.
Second, you are encouraged to report bugs in linux so that they will be promptly fixed. Microsoft asks that you inform only them and if you tell the world, then Microsoft will likely get mad at you.
Third, what is the bug comparision total over the long term? A lot of the bugs you stated were similar and one was a vendor driver problem and only one gave the user root access.
In conclusion, bug count totals are meaningless when used in comparison, much like counting lines of code. They only speak of the quality of the code along with other factors.
The fact is linux is designed with security in mind, and windows is not. Even microsoft people say so. Linux is updated much more frequently than windows, and new kernel roll outs are simple. Windows is closed source and bugs reporting is discouraged and may be illegal under the DMCA.
I would then expect Linux to have more bugs reported, but that says nothing about the number of bugs present in windows. And as other posters have said the linux bugs are predominately unlikely to work remotely, and even if they did, only a couple are root cracks the rest are DOS bugs.
Those were all dead links.
/proc filesystem, specifically when invoking setuid applications. As a result, an unprivileged user may be able to read the contents of a setuid application's environment data. This could potentially, although unlikely, result in the disclosure of sensitive information, such as restricted file path information.
s/yro.slashdot.org/www.securityfocus.com
1.Linux Kernel 2.4 XDR handler routines for NFSv3 have been reported prone to a remote denial of service vulnerability.
The issue presents itself in the XDR handler routine contained in the nfs3xdr.c kernel source file. The issue is due to a signed/unsigned mismatch, when processing the size field of an XDR packet.
A remote attacker may exploit this issue to trigger a kernel panic and deny service to legitimate users of the system.
2. A potential information disclosure vulnerability has been reported for the Linux
3.The Linux Kernel MXCSR handler code has been reported prone to an unspecified vulnerability. The issue presents itself when low-level MXCSR kernel code encounters a malformed address. It has been reported that the MXCSR code fails to sufficiently handle malformed address data and will leave garbage in the CPU state registers. Although speculative, it has been conjectured that this issue may allow an attacker to trigger a denial of service condition. Although unconfirmed other attacks may also be possible.
4.A vulnerability has been reported in the TTY layer that may result in a kernel panic. The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.
5. It has been reported that the Linux kernel does not properly handle a low volume flood of some types of traffic. Because of this, an attacker may be able to cause excessive consumption of resources and failure to route traffic.
6. It has been reported that the Linux kernel does not properly handle some specific types of network traffic. Because of this, an attacker may be able to cause excessive consumption of resources with malicious TCP/IP packets, resulting in a denial of service.
7. A vulnerability has been discovered in the ioperm system call for Linux. Due to a programming error, permissions may not be correctly configured on I/O ports used by a process. As a result, an unprivileged local user may be capable of reading and writing to I/O port addresses which they would not normally have access to.
8. A vulnerability has been discovered in the Linux kernel which can be exploited using the ptrace() system call. By attaching to an incorrectly configured root process, during a specific time window, it may be possible for an attacker to gain superuser privileges. The problem occurs due to the kernel failing to restrict trace permissions on specific root spawned processes. This vulnerability affects both the 2.2 and 2.4 Linux kernel trees.
9. Network device drivers for several vendors have been reported to disclose potentially sensitive information to attackers. Frames that are smaller than the minimum frame size should have the unused portion of the frame buffer padded with null (or other) bytes. Some device drivers do not do this adequately, leaving the data that was stored in the memory comprising the buffer prior to its use intact. Consequently, this data may be transmitted within frames across ethernet segments. As the ethernet frame buffer is allocated in kernel memory space, sensitive data may be leaked. Cisco has state
"In Java, you'd have to define an interface and have all possible objects you're interested in registering with implement that interface."
Isn't this a good thing? Don't you want to think about everything that wants to use register()? What about the posibility of name-space clashing, i.e. that register() registers itself with an object that supports the register() but in a totally unexpected way, and was never intended to be used in this way?
I wouldn't say it's another level of abstraction, but rather a shortcut. One that is prone to unexpected behavoir. Java tends to not trust the programmer and forces the programmer to code in a standard fashion. This is why there isn't multiple inheritence and multiple parameter polymorphism. The java people consciously made this descision because they thought it would result in code that is cleaner, more readable, less prone to bugs. See here. Also java is getting templating, type-safe enums, and auto-boxing and a host of other features in version 1.5 "tiger" due out later this year.
If 2 languages have classes, inheritance, data-hiding, and polymorphism, I would say that they are at the same highness. Am I missing other features of python? I am not a python guru.
gcc and Visual Studio are very different with the libraries and enviroment, yet the same language. I guess you can't call them both C/C++.
How is it higher than Java? What further levels of abstraction does Python offer that Java doesn't? Objection oriented languages are most often put at the same levels.
Furthermore, Python is more syntactically similar to Java than any other language (maybe perl). And the reason python takes less time is because it is an interpreter and not a virtual machive, unless you are using Jython, which is python inside the java vm. I do not think higher level means what you think it means. I suspect you are trying to make another point, or you don't know what you are talking about.
(heck, *I'm* using Win95 on my otherwise-just-a-terminal-to-the-Linux-server desktop because I need to run PageMaker)
Why don't you use win4lin or vmWare? I've tested both, and decided to go with win4lin because it worked as well as vmWare but cheaper. Dropping $90 bucks on win4lin still being able to run all of your windows apps makes linux migration that much easier.
This of course brings the cost of a linux install near the cost of a Windows upgrade, but the benefits of running linux while still having access to your legacy programs without reboot is worth it in my mind.
Ah, uploading, very good point. But that still does not affect the problem of figuring guilt behind the NAT. If my network has five people on it, who is guilty? What recourse do you have if you've narrowed it down to five people but have no physical or other hard evidence?
Also, many people never change the default passwords on their routers. There is security from the outside (remote administration not being turned on by default), but not from the inside. Simply http to 192.168.1.1, use nmap if it's not a common ip address and crack into the router. If you claim that your router, (or more likely your own computer) was hacked, it makes you look more guilty but if you are careful you may still throw enough doubt into the case.
The point is the ambiguity of ip addresses, (i mean someone could even hack routing tables and momentarily steal your ip address) will make it hard for the RIAA to win a lawsuit. Watch out with IPv6 when you have a collection of immutable personable registered addresses (quite possible down the line) and no real reason for NAT. Even so, how can you garuantee the path of a packet past your first hop router?
Get a wireless router
Reformat and securely erase your harddrives
Claim that somebody taped into your wireless router and was using it routinely
How could they prove you were lying?
Sorry I was wrong and should've included a link.
It's really closer to 35%
[20:18:36] <Questions> theLinGer asks: What percent of website hits originate from Internet Explorer?
[20:18:58] <CmdrTaco> 50% MSIE ish.
[20:19:24] <CmdrTaco> 35% Moz, 2% Konq
Mozilla is one of the biggest open source projects out there. Slashdot has lots of people that like open source stuff.
Mozilla is more than just a broswer, it's a runtime (Gecko Runtime Engine), GUI language (XUL), bayesian mail client, html composer, etc.
People can actually contribute and test mozilla beta releases, as opposed to opera releases.
Mozilla is available on more platforms than opera, and is 7.2b2 even available on linux?
Mozilla has a 30% share of slashdot traffic, and thus is more directly popular with slashdot readers in general.
While transparency/translucentcy(TL) doesn't have much effect on single-document-interface programs, for me it does while using multiple programs, or conceptually MDI programs.
I know IDE's could use this to their advantage because there is so much on the screen in the first place. If done right, TL can increase the avaible information displayed on screen, especially if graphic indicators are used(as layering text windows becomes cluttered).
Also I find it usfull to check on the state of one windows (ie a console complilation) while using another and TL can do this almost unobtrusively.
It's true that it is mostly eye candy and features like virtual desktops and such actually do more, but I don't believe that is it totally useless.
Yes, I'd much rather have alpha channel transparency than remote display. I assume DirectFB has an alpha channel because it is so prominant on their screenshoot, but is it really or is it the fake freeX86 transparency?
This is the only piece of "eye candy" that I miss from XP/2000 and I find that it is actually useful. And why after all this time hasn't X gotten an alpha channel? It seems like a lot of poeple would like this feature. Plus it makes using a terminal soooo much easier on the eyes.
A lot of people I know who use linux, still dual boot with windows mainly for games and work/school networks. Connection with the latter is posibile in many cases, but not as easy as booting into windows and following simple directions.
In these cases people would buy stuff that worked for windows without checking if it worked for linux. By the time they know that linux wouldn't be supported, especially if they were mislead by the manufacturer for such support, the hardware in question was already in their hands.
These hardware components probably were past their return time and they are stuck with them. Rather than go out and buy new ones that have solid linux support, this guy writes his own and shares it so that others in his situation wouldn't have another "windows app" keeping them from linux.
If more people like this worked on hardware that had no solid linux drivers (whose numbers are dwindling steadily), linux becomes that much more of a "plug and play" system where everything "just works". Kudos to them.
Uhg... you're actually critiquing his post in comparision to an actual doctoral thesis? Come on now. He said it was an idea to pursue, not a fully structured and reviewed base of work. I though you were going to critique his idea and not the way in which he presented it. Christ, it's a post on freakin' Slashdot.
His wording is awkward, and has some misconceptions, but I think it would be an interesting topic to study bugs/user or study the relative stability of software used by lots of people as compared to few, or the actual cost of bugs when compared to the whole user population.
Maybe it's not enough content for a thesis, and certainly not the most elequent prose (i know my posts rarely are), and perhaps the idea is a little naive at first glance. But to say that he has no idea what he is talking about, just because it wasn't a formal presentation? That's why you got modded down.
Still baseless and [sic] dobious?
Yes, you still haven't directly contrasted any of his ideas other than that his statement didn't fit the guidelines of an actual PhD level thesis, which he probably had no intention of doing in the first place. That's why he called it an idea.
When stating that someone doesn't know what they are talking about, usually you point out which points were wrong and say why they were wrong instead of just putting up some bullshit and a sentence that states that, of course, you know what you are talking about.
Baseless acusations and dubious credibility will get you modded down quite quickly here. I suggest next time you back up your statement with some counterexamples or other evidence.
From the department of redundancy department:
Are you by any chance a Microsoft certified systems engineer certified engineer?
Kinda like "K.I.S.S. stupid" or "GUI interface" or " FSB bus" or "The XML Language" or "ROM memory" right? But a MCSECE?, I don't think I could've thought of a better one.
I resent that. I write good code. I only have two years of experience, but even before I graduated I was programming in an enterprise environment. I never had any critical bugs (those requiring immediate attention) and only one 'standard bug' to which there was a simple workaround.
My code was readible. I know, poeple told me it was after they had to pick it up when priorities were shuffled. I was never over a deadline and wrote automated test cases for each method in every class, in addition to UML/diagrams before and during development and documentation (java doc) during and after.
Don't feed me crap that says young people with work experience under five years can't write usable code. It's just not true. If I didn't write usable code, I would be fired. Plus, us entry level poeple are making 20k less than those with 7-10 years of experience. I am quite a bargin these days, and I see my friends taking salary jobs in the 35-45 range instead of the 45-65 range that those same jobs were giving just a few years ago.
Now, I'm not saying that young poeple are a little risky, because they are when compared to people with more experience. That's what contract-to-hire is. Give me three months of work and I'll show you that I can do everything those older guys can. If I can't, don't renew me.
There is a reverse agism for those just out of college these days and it's really starting to tick me off. I worked my ass off for my degree, and I know my shit. I didn't jump ship when the market crashed, and I'll be here ten years from now.
My work experience is in java, but most of my schooling was in C/C++ (i was a computer engineer and thus we did alot of systems programming) plus I've done some open source python and perl development. So don't tell me I'm another java cookie cut grad.
So get off your high horse because when the job market turns around and it becomes a job-seeker environment again, watch out because you'll have a lot of good cheap programmers waiting to take your position.
How about: A web browser that thinks its an irc client, email reader, etc, etc and the kitchen sink too.
.6 release" either. Firebird = cvs.mozilla.org. Mozilla trunk + mozilla/browser + mozilla/toolkit. Which means it is mostly comprised up of mature mozilla codebase.
Or: A completely bloated pile of horse shit.
<rant>I am tired of this comparision. Windows comes with IE and Outlook express tied closely together with the operating system. You wanna talk bloat? How about that IE is so bloated it has become unmaintainable and the next version will be a complete rewrite and will require the entire operating system. How's that for bloat? Windows pre-load most IE components so that it will "start" up faster, how's that for bloat when your browser is in memory and you can't easily take it out?
This is not a flame against IE and I am not a radical open source avenger, but the IE can be considered just as bloated as the bundled mozilla.
Now mozilla one the other hand, you can do a install that will just install the browser. Alternatively, use MozillaFirebird, which is a stripped down version of mozilla. And don't pull the "well firebird is only a
The only thing that will hold explorer over mozilla is that some sites still design only to IE, when it would take just as much effort to design to W3C standards and be more acessable. If design towards standards and you test your design with both mozilla and IE, there is no reason your site/app will not work with any major graphical browswer out there (opera,khtml-based, etc.)</rant>
Um, take a closer read to the article. Like I posted here Mircosoft was not only not mentioned, they were explicitly and exclusively not mentioned. There is a big difference. Instead of the reported saying that really only microsoft system are affected (like you would usually do), he stated the Mac's and *nixes are not.
Of course maybe the reporter wanted to stress the relative security of unix based systems, but I would still state that the windows crew took the brunt of the force of the attack. Anything less is mild and subtle disinformation, which I believe to me the most dangerous.
Yeah really, laugh. From the article:
"The rogue program does not affect the Apple Macintosh line of computers or computers running variants of the Unix operating system."
Let's see, it doesn't affect Mac's or *nixes, what else is there? Why didn't they just say that it affected Windows systems only? The average person probably wouldn't put that together. It reminds me of that scene from the new austin powers movie when Dr. evil indirectly tells mini-me to go by telling everybody to get out, but then telling everybody but mini-me they can stay.
Really, I've never seen this before. Usually you report which systems were affected rather than the systems that weren't. What reason, other than ignorance, would the reporter have not to mention windows?
Well even intellegent PHBs may need some convincing that this lawsuit is crap and that adopting linux will not be a legal issue. Having people in the idustry come out and say that the suit is pretty much all about the bejamin's should do well to conter worries about the legal issues around linux.
This is a war of informed opinion against dis-information and FUD. I would like more idustry people come out and say what they think to allay the fears of those who only hear the FUD. Many have.
In the end though, you are right. This statement will be pretty meaningless to the lawsuit, but it is definately non-trival to linux advocates who are trying to damage control the SCO anti-linux fears.
Yeah, but it's like saying granite is soft compared to dimond. They wouldn't release it if it didn't have them same famous stability, but rather they're acknowledging that no recently released product is as stable as its tried and true predecesor.
Fortress America. Huh. Except that in every passing year economic realities and instant communication bring the world closer together. The US may be impregnable to force, but not to the Euro, Pound or Yen. It is ignorant to think our military allances even come close to helping us as much as our economic trading does.
As the world comes to depend more and more on each other for trade the monetary cost of severing this trade becomes prohibitively expensive. This is precisely the reason that we will probably never go to war with china. We buy too much of their stuff, and they buy alot of theirs too.
My prediction is that the US 'empire' won't collapse but it will rather 'emerge' into a world governing oganization much like the UN (only more powerful) along with Europe, and Asia and other first world countries. Already the economic state of most developed countries depend heavily on the economic well being of the US.(see great depression, 90's boom)
Also america is unmatched by other empires. After running the native americas and mexicans out, the US has not accuired much more land. It has not become (or has come out of) a territorial conquerer (Romans, Germans,France), colonial nation state (Britian), Ideological combatant and repressivist (USSR, China), or over extended itself beyond its capabilies.
Like it or not, but the world is now in an unparallel state of openness communication and interactivity. A large reason (but by no means all) is because of US influence.
I remeber doing this for my compiler design class and remember having it hurt my head at the time. If I was a teacher, or asking interviewees questions about regular expressions, the string literal question is about as hard as I would ask. I do belive this example is in this book, as it was in the first printing IIRC.
The thing with the string token is it's easier than comment because it's only one character. Besides, why would you need escape characters in comments?
or they were following WC3s flawed spec.
Flawed? I suppose MS has a cleaner spec? MS created a browser that allowed developers to be lazy and use very convuluted code. MSIE trys to say, 'look, i think i know what this guy is trying to say, so I'll try to do it'. But languages shouldn't need to be guessed at. There has to be one spec and it should be consise and unequivicable. That's what the W3C gives us. Can the W3C improve on it's spec, yes. It will listen from imput across the industry.
And as oppose to developing for MS why not develop to the W3C? They are the maintainers of the HTML spec. Not microsoft.