"But the ones who show up the first day of class with a scuffed-up PowerBook loaded with [lots of high priced software] would be better off skipping the (IMHO) remedial education...and go right into a studio class that teaches them what to do with Photoshop, not how to use it."
Or into a class demonstrating why illegal software copying is wrong.
"When a major (potato) chip maker launched a multi-million dollar "taste-test" TV ad campaign against its biggest competitor, the competitor's sales went up because the campaign got people thinking about the chips and they bought more of the competitor's brand."
This was an early lesson in marketing. I think the two products were Bayer and Tylenol. One (I think it was Bayer) was advertised as being just as effective as the other (Tylenol). People bought they other because they were told it was just as good as what was supposed to have been the advertised medication.
The lesson that was supposed to have been learned was, "let the competition do its own advertising", meaning don't mention your competitor by name. If you do, people may start associating your competitor's product with the market you're trying to win.
"It's no bother to reinstall the OS and applications, but if all your files are gone, that's a huge PITA."
It's the exact opposite for me, and probably for your typical desktop user. Restoring my home directories (I have multiple users) from DVD takes about 10-15 minutes. Restoring my system directories (standard programs, downloaded programs, commercial games, databases, etc.) takes days.
UT2004, without the gigs of extra maps I've downloaded, takes 30-45 minutes to install all by itself. That's after the 15-30 minutes to install Mandrake. Just reinstalling the operating system to its default state takes longer than restoring my personal files.
Given the choice between my home directories get wiped and my system directories getting wiped, I'll choose my home directory any day.
"The arguments given in the article are inadequate IMHO, they are just as and mostly more applicable to closed source software."
In fact, they are only applicable to closed source. Let's review step by step.
Claim:
"That means that at some point in the future the market will consolidate and a number of these products will disappear."
Reality:
An Open Source product will never disappear so long as someone still needs it and is willing to pay for it. It will also remain if at least one developer retains an interest in it, even if no one wants to pay for it. Even if the above two fail, it will likely remain archived somewhere.
The same cannot be said of proprietary products. When the (usually sole) producing company goes out of business, or just decides on a whim to stop supporting it, the proprietary software is usually lost to the world forever. You're taking a huge risk using proprietary software for critical operations.
Claim:
"In other words, you need a shortlist of potential vendors that you are happy to deal with and you need to mandate that the company limits itself to these strategic choices when deploying solutions."
Reality:
This "put all your eggs into a very small basket" approach is a disaster waiting to happen. The more diverse your vendor pool, the less any one of them can hold your operations hostage. The more diverse your technology pool, the less the impact from a security problem being discovered in one (or more) products. The author's living in a dreamland.
Claim:
"Open source is just another licensing model: the more accepted it becomes, the more it is adopted at a strategic level, the more it plays back into the hands of the traditional behemoths that dominate the industry...."
Reality:
I'll not bother reminding the author that Open Source is a software development model rather than a licensing model. Licensing terms are just the necessary evil to keep proprietary software thieves from taking our work for their own. The rest of his claim doesn't follow from his (il)logic.
"It seems that p2p takes away rights out of those that create things and make them public. Be they songs or photos etc."
What you're talking about is illegally distributing copyrighted works, not P2P (which is a bad marketing term marketed excruciatingly well) connectivity itself.
I make this distinction solely because I see the real potential for the illegalization of many forms of networking just because people misunderstand the technology and misuse the terms.
All of our modern networks are peer to peer, and have been for the 20 years I've been in computing. P2P is a misnomer, presupposing itself to be somehow special and distinct from other forms of networking in common use. But it's not. The Internet, all Ethernet LANs (which is what you're using at work, school, and home), and even cross over cable conections are all P2P networks by their very nature.
Morpheus, Napster, Grokster, et. al. are a particular form of peer to peer networking, but it's the operators of those networks that make them dubious. Those networks consist primarily of individuals whose primary intent is to illegally distribute other people's copyrighted works.
Other P2P networks, such as the Internet, were created for more socially redeeming purposes, and shouldn't be thrown into the same pile of trash as the illegal music/movie sharing networks. It's the the same technology (from a big picture perspective), but the intent is completely different.
"What most people don't seem to realize is that this is a bad thing for commercial software on Linux. Nero's venture will fail, and other companies will be discouraged by it."
Don't get too worked up just yet. What people will see is that a proprietary company is releasing for Linux a proprietary Windows remake of a piece of software that had been obsoleted on Linux by a FOSS equilvilent years ago.
In other words, people will see Nero being a dollar short and years too late. If Nero had seen the light 3 to 5 years ago, it would have had a chance. But trying to horn in on established commodity Free and free spaces with a non-Free, non-free, commodity application is laughable at best.
Companies that provide their innovative software on Linux at the same time they provide it on Windows will be regarded as leaders forging new markets. ID Software and Epic Games are two good examples.
Companies that provide yesteryear's obsolesence on Linux, or provide a horribly mangled effort, will be viewed as struggling and desperate. Corel and Nero are two good examples.
This needs repeating more frequently, and is a good way to quiet freeloading complainers.
I spent an entire year creating a GPL'd application at the behest of a local company. They wanted features specific to their business, and I gave them those features in my spare time. I billed them (and they paid) close to $20K to get their needs put ahead of anyone else's (my own included).
I have a lot of people ask me to write custom software, but most of them aren't willing to pay for it. When I tell them to pay up or shut up, they shut up. Then I go back to writing the features I want.
That's the bottom line. If people really need features now, they'll pay for them. All other complaints are rightfully ignored.
"You just strengthened me in my idea that the majority of Americans have no idea about what is going on in the rest of the world."
Hey, I strenuously object to that ignorant stereotyping of Americans. I make a large effort to keep up to date on world events. While I can't possibly know everything, I am well aware of all major events in all parts of the word.
All of it.
Every single one of its (approximately) 3000 miles, from the world's west coast in California to its east coast in Maine.
A German court has already found someone guilty of infringing someone else's GPL rights (maybe someone here can link to the story). The GPL has had its day in German court, and was upheld.
The biggest reason movies won't be streamed through broadband is the ever lowering bandwidth caps ISPs are enforcing.
I have DirecWay satellite Internet, and I can't even download a single-CD Linux distribution without running afoul of my bandwidth cap. Even if a movie's quality were horribly degraded and the disk image highly compressed, I still couldn't watch the movie online without getting bitch-slapped by DirecWay for exceeded the cap.
DSL and cable Internet providers are increasingly moving to the same restrictions, so having consumer broadband is getting less and less meaningful.
DVD capacity will grow orders of magnitude faster than consumer Internet bandwidth, making them increasingly suitable for data backup more desirable as a movie transport medium (higher quality movies or more extra content).
DVDs aren't going away in the foreseeable future. If anything, their usage will expand into other areas.
I can't find the article, but I remember Slashdot reporting on a Supreme Court ruling (I think in 2004) saying journalistic protections extend to anyone exercising the role of a journalist. You don't have to do it full time; you just have to be doing what journalists do.
A blogger could easily be considered a journalist. I expect the lower court ruling to be overturned on appeal (if there is an appeal) if the blogger can show any socially redeeming intent.
I got my first career type job right after college six years ago. I was 30 (I did the college later later than many), and I was willing to take anything. I got hired on a temp-to-hire basis at Western Resources (a big utilities company) in Topeka, Kansas.
The work environment was fine (better than most corporate jobs, but I could definitely feel the corporation), my bosses were cool, and I was respected for my work. We were an all-Windows work place, which bugged me but not terribly so. After all, they were free to waste their money and my time any way they wanted as long as they paid me.
The tools we had to use, though, were insufferable. It was an old DOS program hacked to look like a Windows program called CableCad. It was the very definition of painful to work with, but that was my sole job.
When my temp. contract expired, Western Resources wanted to hire me full time with a $20K/year raise and extensive benefits. I told them thanks, but I couldn't see myself doing that job for long.
I had decided months prior that I hated the tools and was going to quit as soon as my contract expired. On the expiration day (actually, a week early since I still had unused vacation time), I quit, moved back home, and looked for another job for eleven months before finding one I loved (my current job, by the way).
I missed the money terribly during those eleven months, but it was the right decision. I had over $5,000 saved, and frugal spending coupled with free room and board (parents) saw me through until I got another job.
The bottom line is that you have to make that decision for yourself. There is no clear cut yes or no answer to your question. For me, working at a job I hated was worse than living on a shoestring for a year. I could afford to take the risk, though, because I'm single with no dependents. If you are the sole provider for someone other than yourself, the whole context changes.
He stayed in jail for 6 months waiting for his trial. Adobe can rot in Hell as far as I'm concerned.
Re:If it works it still may not
on
QA != Testing
·
· Score: 3, Interesting
"I think that all biz people need to take a basic programming course, and all coders need to take a business class."
That's simple, logical, and of no practical use. As part of my CIS degree, I was well over half way (close to three quarters) to a Business Management degree. It is absolutely useless for all of the business software I have to write.
My current project is to rewrite the entire county tax collection system. There is no business class that would have prepared me for that because each county collector does things differently.
I knew nothing about tax collection when I started this project, and the county collector knows nothing about software design (his belief that Fox Pro has exposed him to software development, and his need to micromanage notwithstanding).
He and I frequently meet to discuss the business rules his office currently uses, and the business rules he would like to be able to use. He tells me each feature he wants, and I create all the ends (front, middle, and back) to do it. Then we review the front ends and results from the backend.
This iterative process continues, on a feature by feature basis, until we are both satisfied that each feature works as it should and the user interface is streamlined for efficiency.
The bottom line is that detailed business understanding by the developers is both unnecessary and mostly useless. Software design knowledge by business people is also mostly useless (and in fact will likely be very detrimental) and unnecessary.
The common threads between business people and software developers to ensure success are good communication skill and patience. Without both of those, you may as well not even try.
Re:Capability Maturity Model
on
QA != Testing
·
· Score: 2, Insightful
"I mentioned it in another post, but my dad has a good web site that deals with quality issues (IE only, unfortunately)."
I'm sure the irony of that statement is not lost on anyone. A site, giving advice on good quality, is itself a quality disaster. You'll understand if I don't take his credentials to heart.
"You know there is difference between a flaw and a vunerability?"
Any flaw is a potential vulnerability. Not all flaws are vulnerabilities, but all vulnerabilities are flaws. It doesn't matter if any given flaw doesn't lead to an actual vulnerability, but you have to assume that all flaws may do so. All vulnerabilities start out as flaws.
That is why I used "flaw" instead of "vulnerability". I consider them to be equally dangerous, and is why I want to be informed of them all. I will them make my decision whether they will adversely affect my systems.
The vast majority of reported Linux flaws and vulnerabilities have no impact on my systems (the few that do adversely impact my systems in any way get the fixes applied immediately), while most Windows flaws and vulnerabilities will destroy them.
"There are some people who are sceptical [of the results]," said Dr Thompson. "We would encourage them to replicate this type of study. If you see flaws please tell us."
Are they joking? Their metric (reported vulnerabilities) is absurd for a number of reasons.
1) Microsoft reports only a fraction of its vulnerabilities. Remember when Win2000 had over 65000 known (to Microsoft) flaws? No more than a handful were ever reported. Microsoft reports flaws only after bearing enormous public humiliation. Of course Microsoft's flaw count is going to be low. Microsoft hides them all until forced to disclose.
2) Linux vendors report every hair out of place. It doesn't matter if the flaw causes a D to look like an O on the third day of the Summer Solstice, but only if that day matches the 4th digit of PI, and only if the computer has calculated the cure for cancer at exactly 15 milliseconds after the user's orgasm.
3) Seriousness of vulnerabilities. Due to the nature of full disclosure under Linux, it will -always- have higher reported flaw counts than Windows. The vast majority of reported Linux flaws, however, are relatively benign, while the vast majority of reported Windows flaws hand over complete control of your computer to some third party.
4) Widespread Propagation. Windows, by its intended design, makes propagating exploits to these vulnerabilities trivially easy (automatic, actually), while this has yet to be accomplished on Linux (and likely won't be).
"Microsoft is doing the Right Thing (tm) here, and all you have for them is more snide remarks?"
The right thing to do would be to fix or remove the entry points malicious software uses to compromise a system. Since I.E. and Active-X are the entry points for the vast majority of malicious programs, and Microsoft has been unable to fix them after many years, the right thing to do would be to remove Active-X and and to remove I.E.'s ability to automatically execute code.
"By deciding to embrace templated containers in their own proprietary way, vs. the standard, STL, way, they make it much harder for a programmer like me to convert to QT, both practically and morally."
Qt's source code is licensed under the GPL, making it diametrically opposed to lock-in (proprietary or otherwise). Trolltech is, and always has been, the good guy striking a respectable balance between freedom and profit maximization. This announcement just puts a strong emphasis on that.
I recently finished my first big custom project (a hair over a year of constant work), and learned a lot about customer relationships. The article was very good, but I also choked when I got to the part about copy rights.
I told my customer up front that I would retain all copy rights to the code. I would provide her company with full source code, and the company would have a license to modify the code for its own internal use.
I also told her that it was not practical for me to then support their modified program. This was (and is) not a problem for her since her only reason for wanting the code was to guard against my getting hit by the proverbial bus and leaving the company in a world of hurt.
As far as I was concerned, the company was paying for the privilege of having its needs take priority in my program's functions.
She told me how hard it was for her to find a developer with good terms and a willingless to communicate on a regular basis, and copy rights were not even a concern. She didn't even want to try finding someone else to maintain my work.
The software has been in production for three weeks now, and she (and more importantly, the owner of the company -- her hard-to-please father) is thrilled with it. I am now in maintenance mode, adding minor features and fixing bugs (bug fixes are always at no extra charge).
I'm tempted to toot my horn too much, giving away my competitive advantages, but I'm not going to give any details about my work.
I will say, though, that I did this as a side job in addition to my full time work, and that I cleared it with my employer (retaining ownership of my work, promising no conflict of interest, etc.). Most importantly, I made my position clear to my customer.
Now I have a strong reference (this company has major influence in my area) and another customer waiting in the wings -- in the same business as my first customer, achieved via recommendation from the same first customer.
My first customer is already planning for version 2 of the software.
"Much of what winders suffers from is incompetent users."
That's only partly true. The vast majority of the problem with Windows is that it demands that its users do stupid things, and frequently does stupid things automatically on the user's behalf -- usually without giving any indication that it's doing those stupid things.
Writing malware for Linux is no different from writing malware for Windows, except for one crucial detail: Windows will automatically install and run the malware, while Linux requires its users to go through multiple manual steps to run malware and will still protect users from a system meltdown even when that malware is finally installed and run (provided the user isn't running as root, but running non-root is the default Linux behavior).
Linux requires users, even the incompetent users, to explicitly authorize software to run. Windows just assumes it has that authorization, even when its so-called protections are supposed to prevent that.
Linux is great protection for the incompetent users, because those users are probably not bright enough to allow malware to be installed even if the malware presents step-by-step instructions.
Slashdot Mirror
"But the ones who show up the first day of class with a scuffed-up PowerBook loaded with [lots of high priced software] would be better off skipping the (IMHO) remedial education...and go right into a studio class that teaches them what to do with Photoshop, not how to use it."
Or into a class demonstrating why illegal software copying is wrong.
"When a major (potato) chip maker launched a multi-million dollar "taste-test" TV ad campaign against its biggest competitor, the competitor's sales went up because the campaign got people thinking about the chips and they bought more of the competitor's brand."
This was an early lesson in marketing. I think the two products were Bayer and Tylenol. One (I think it was Bayer) was advertised as being just as effective as the other (Tylenol). People bought they other because they were told it was just as good as what was supposed to have been the advertised medication.
The lesson that was supposed to have been learned was, "let the competition do its own advertising", meaning don't mention your competitor by name. If you do, people may start associating your competitor's product with the market you're trying to win.
"It's no bother to reinstall the OS and applications, but if all your files are gone, that's a huge PITA."
It's the exact opposite for me, and probably for your typical desktop user. Restoring my home directories (I have multiple users) from DVD takes about 10-15 minutes. Restoring my system directories (standard programs, downloaded programs, commercial games, databases, etc.) takes days.
UT2004, without the gigs of extra maps I've downloaded, takes 30-45 minutes to install all by itself. That's after the 15-30 minutes to install Mandrake. Just reinstalling the operating system to its default state takes longer than restoring my personal files.
Given the choice between my home directories get wiped and my system directories getting wiped, I'll choose my home directory any day.
"The arguments given in the article are inadequate IMHO, they are just as and mostly more applicable to closed source software."
In fact, they are only applicable to closed source. Let's review step by step.
Claim:
"That means that at some point in the future the market will consolidate and a number of these products will disappear."
Reality:
An Open Source product will never disappear so long as someone still needs it and is willing to pay for it. It will also remain if at least one developer retains an interest in it, even if no one wants to pay for it. Even if the above two fail, it will likely remain archived somewhere.
The same cannot be said of proprietary products. When the (usually sole) producing company goes out of business, or just decides on a whim to stop supporting it, the proprietary software is usually lost to the world forever. You're taking a huge risk using proprietary software for critical operations.
Claim:
"In other words, you need a shortlist of potential vendors that you are happy to deal with and you need to mandate that the company limits itself to these strategic choices when deploying solutions."
Reality:
This "put all your eggs into a very small basket" approach is a disaster waiting to happen. The more diverse your vendor pool, the less any one of them can hold your operations hostage. The more diverse your technology pool, the less the impact from a security problem being discovered in one (or more) products. The author's living in a dreamland.
Claim:
"Open source is just another licensing model: the more accepted it becomes, the more it is adopted at a strategic level, the more it plays back into the hands of the traditional behemoths that dominate the industry...."
Reality:
I'll not bother reminding the author that Open Source is a software development model rather than a licensing model. Licensing terms are just the necessary evil to keep proprietary software thieves from taking our work for their own. The rest of his claim doesn't follow from his (il)logic.
"If you don't do the registration, and someone violates the GPL, you can only sue them for actual damages."
However, the SCO suit strongly implies that you can file the registration after the infringement and still sue for punitive damages.
"...or else can't stand to see jibes at his favourite email client..."
Or realized that the quality of the email client has exactly zero relevance to the success of a phishing scheme.
"It seems that p2p takes away rights out of those that create things and make them public. Be they songs or photos etc."
What you're talking about is illegally distributing copyrighted works, not P2P (which is a bad marketing term marketed excruciatingly well) connectivity itself.
I make this distinction solely because I see the real potential for the illegalization of many forms of networking just because people misunderstand the technology and misuse the terms.
All of our modern networks are peer to peer, and have been for the 20 years I've been in computing. P2P is a misnomer, presupposing itself to be somehow special and distinct from other forms of networking in common use. But it's not. The Internet, all Ethernet LANs (which is what you're using at work, school, and home), and even cross over cable conections are all P2P networks by their very nature.
Morpheus, Napster, Grokster, et. al. are a particular form of peer to peer networking, but it's the operators of those networks that make them dubious. Those networks consist primarily of individuals whose primary intent is to illegally distribute other people's copyrighted works.
Other P2P networks, such as the Internet, were created for more socially redeeming purposes, and shouldn't be thrown into the same pile of trash as the illegal music/movie sharing networks. It's the the same technology (from a big picture perspective), but the intent is completely different.
"What most people don't seem to realize is that this is a bad thing for commercial software on Linux. Nero's venture will fail, and other companies will be discouraged by it."
Don't get too worked up just yet. What people will see is that a proprietary company is releasing for Linux a proprietary Windows remake of a piece of software that had been obsoleted on Linux by a FOSS equilvilent years ago.
In other words, people will see Nero being a dollar short and years too late. If Nero had seen the light 3 to 5 years ago, it would have had a chance. But trying to horn in on established commodity Free and free spaces with a non-Free, non-free, commodity application is laughable at best.
Companies that provide their innovative software on Linux at the same time they provide it on Windows will be regarded as leaders forging new markets. ID Software and Epic Games are two good examples.
Companies that provide yesteryear's obsolesence on Linux, or provide a horribly mangled effort, will be viewed as struggling and desperate. Corel and Nero are two good examples.
This needs repeating more frequently, and is a good way to quiet freeloading complainers.
I spent an entire year creating a GPL'd application at the behest of a local company. They wanted features specific to their business, and I gave them those features in my spare time. I billed them (and they paid) close to $20K to get their needs put ahead of anyone else's (my own included).
I have a lot of people ask me to write custom software, but most of them aren't willing to pay for it. When I tell them to pay up or shut up, they shut up. Then I go back to writing the features I want.
That's the bottom line. If people really need features now, they'll pay for them. All other complaints are rightfully ignored.
"You just strengthened me in my idea that the majority of Americans have no idea about what is going on in the rest of the world."
Hey, I strenuously object to that ignorant stereotyping of Americans. I make a large effort to keep up to date on world events. While I can't possibly know everything, I am well aware of all major events in all parts of the word.
All of it.
Every single one of its (approximately) 3000 miles, from the world's west coast in California to its east coast in Maine.
The GPL has yet to have its "day in court".
A German court has already found someone guilty of infringing someone else's GPL rights (maybe someone here can link to the story). The GPL has had its day in German court, and was upheld.
The biggest reason movies won't be streamed through broadband is the ever lowering bandwidth caps ISPs are enforcing.
I have DirecWay satellite Internet, and I can't even download a single-CD Linux distribution without running afoul of my bandwidth cap. Even if a movie's quality were horribly degraded and the disk image highly compressed, I still couldn't watch the movie online without getting bitch-slapped by DirecWay for exceeded the cap.
DSL and cable Internet providers are increasingly moving to the same restrictions, so having consumer broadband is getting less and less meaningful.
DVD capacity will grow orders of magnitude faster than consumer Internet bandwidth, making them increasingly suitable for data backup more desirable as a movie transport medium (higher quality movies or more extra content).
DVDs aren't going away in the foreseeable future. If anything, their usage will expand into other areas.
I can't find the article, but I remember Slashdot reporting on a Supreme Court ruling (I think in 2004) saying journalistic protections extend to anyone exercising the role of a journalist. You don't have to do it full time; you just have to be doing what journalists do.
A blogger could easily be considered a journalist. I expect the lower court ruling to be overturned on appeal (if there is an appeal) if the blogger can show any socially redeeming intent.
I got my first career type job right after college six years ago. I was 30 (I did the college later later than many), and I was willing to take anything. I got hired on a temp-to-hire basis at Western Resources (a big utilities company) in Topeka, Kansas.
The work environment was fine (better than most corporate jobs, but I could definitely feel the corporation), my bosses were cool, and I was respected for my work. We were an all-Windows work place, which bugged me but not terribly so. After all, they were free to waste their money and my time any way they wanted as long as they paid me.
The tools we had to use, though, were insufferable. It was an old DOS program hacked to look like a Windows program called CableCad. It was the very definition of painful to work with, but that was my sole job.
When my temp. contract expired, Western Resources wanted to hire me full time with a $20K/year raise and extensive benefits. I told them thanks, but I couldn't see myself doing that job for long.
I had decided months prior that I hated the tools and was going to quit as soon as my contract expired. On the expiration day (actually, a week early since I still had unused vacation time), I quit, moved back home, and looked for another job for eleven months before finding one I loved (my current job, by the way).
I missed the money terribly during those eleven months, but it was the right decision. I had over $5,000 saved, and frugal spending coupled with free room and board (parents) saw me through until I got another job.
The bottom line is that you have to make that decision for yourself. There is no clear cut yes or no answer to your question. For me, working at a job I hated was worse than living on a shoestring for a year. I could afford to take the risk, though, because I'm single with no dependents. If you are the sole provider for someone other than yourself, the whole context changes.
You have to weigh the pros and cons for yourself.
"He ended up not serving a sentence at all."
He stayed in jail for 6 months waiting for his trial. Adobe can rot in Hell as far as I'm concerned.
"I think that all biz people need to take a basic programming course, and all coders need to take a business class."
That's simple, logical, and of no practical use. As part of my CIS degree, I was well over half way (close to three quarters) to a Business Management degree. It is absolutely useless for all of the business software I have to write.
My current project is to rewrite the entire county tax collection system. There is no business class that would have prepared me for that because each county collector does things differently.
I knew nothing about tax collection when I started this project, and the county collector knows nothing about software design (his belief that Fox Pro has exposed him to software development, and his need to micromanage notwithstanding).
He and I frequently meet to discuss the business rules his office currently uses, and the business rules he would like to be able to use. He tells me each feature he wants, and I create all the ends (front, middle, and back) to do it. Then we review the front ends and results from the backend.
This iterative process continues, on a feature by feature basis, until we are both satisfied that each feature works as it should and the user interface is streamlined for efficiency.
The bottom line is that detailed business understanding by the developers is both unnecessary and mostly useless. Software design knowledge by business people is also mostly useless (and in fact will likely be very detrimental) and unnecessary.
The common threads between business people and software developers to ensure success are good communication skill and patience. Without both of those, you may as well not even try.
"I mentioned it in another post, but my dad has a good web site that deals with quality issues (IE only, unfortunately)."
I'm sure the irony of that statement is not lost on anyone. A site, giving advice on good quality, is itself a quality disaster. You'll understand if I don't take his credentials to heart.
"You know there is difference between a flaw and a vunerability?"
Any flaw is a potential vulnerability. Not all flaws are vulnerabilities, but all vulnerabilities are flaws. It doesn't matter if any given flaw doesn't lead to an actual vulnerability, but you have to assume that all flaws may do so. All vulnerabilities start out as flaws.
That is why I used "flaw" instead of "vulnerability". I consider them to be equally dangerous, and is why I want to be informed of them all. I will them make my decision whether they will adversely affect my systems.
The vast majority of reported Linux flaws and vulnerabilities have no impact on my systems (the few that do adversely impact my systems in any way get the fixes applied immediately), while most Windows flaws and vulnerabilities will destroy them.
"There are some people who are sceptical [of the results]," said Dr Thompson. "We would encourage them to replicate this type of study. If you see flaws please tell us."
Are they joking? Their metric (reported vulnerabilities) is absurd for a number of reasons.
1) Microsoft reports only a fraction of its vulnerabilities. Remember when Win2000 had over 65000 known (to Microsoft) flaws? No more than a handful were ever reported. Microsoft reports flaws only after bearing enormous public humiliation. Of course Microsoft's flaw count is going to be low. Microsoft hides them all until forced to disclose.
2) Linux vendors report every hair out of place. It doesn't matter if the flaw causes a D to look like an O on the third day of the Summer Solstice, but only if that day matches the 4th digit of PI, and only if the computer has calculated the cure for cancer at exactly 15 milliseconds after the user's orgasm.
3) Seriousness of vulnerabilities. Due to the nature of full disclosure under Linux, it will -always- have higher reported flaw counts than Windows. The vast majority of reported Linux flaws, however, are relatively benign, while the vast majority of reported Windows flaws hand over complete control of your computer to some third party.
4) Widespread Propagation. Windows, by its intended design, makes propagating exploits to these vulnerabilities trivially easy (automatic, actually), while this has yet to be accomplished on Linux (and likely won't be).
Sorry, but this "study" is complete nonsense.
"Microsoft is doing the Right Thing (tm) here, and all you have for them is more snide remarks?"
The right thing to do would be to fix or remove the entry points malicious software uses to compromise a system. Since I.E. and Active-X are the entry points for the vast majority of malicious programs, and Microsoft has been unable to fix them after many years, the right thing to do would be to remove Active-X and and to remove I.E.'s ability to automatically execute code.
"By deciding to embrace templated containers in their own proprietary way, vs. the standard, STL, way, they make it much harder for a programmer like me to convert to QT, both practically and morally."
Qt's source code is licensed under the GPL, making it diametrically opposed to lock-in (proprietary or otherwise). Trolltech is, and always has been, the good guy striking a respectable balance between freedom and profit maximization. This announcement just puts a strong emphasis on that.
"...which enabled him to execute the first software on HURD-L4."
And in another fifteen years, they'll finish the code that allows them to stop that program.
I recently finished my first big custom project (a hair over a year of constant work), and learned a lot about customer relationships. The article was very good, but I also choked when I got to the part about copy rights.
I told my customer up front that I would retain all copy rights to the code. I would provide her company with full source code, and the company would have a license to modify the code for its own internal use.
I also told her that it was not practical for me to then support their modified program. This was (and is) not a problem for her since her only reason for wanting the code was to guard against my getting hit by the proverbial bus and leaving the company in a world of hurt.
As far as I was concerned, the company was paying for the privilege of having its needs take priority in my program's functions.
She told me how hard it was for her to find a developer with good terms and a willingless to communicate on a regular basis, and copy rights were not even a concern. She didn't even want to try finding someone else to maintain my work.
The software has been in production for three weeks now, and she (and more importantly, the owner of the company -- her hard-to-please father) is thrilled with it. I am now in maintenance mode, adding minor features and fixing bugs (bug fixes are always at no extra charge).
I'm tempted to toot my horn too much, giving away my competitive advantages, but I'm not going to give any details about my work.
I will say, though, that I did this as a side job in addition to my full time work, and that I cleared it with my employer (retaining ownership of my work, promising no conflict of interest, etc.). Most importantly, I made my position clear to my customer.
Now I have a strong reference (this company has major influence in my area) and another customer waiting in the wings -- in the same business as my first customer, achieved via recommendation from the same first customer.
My first customer is already planning for version 2 of the software.
"Much of what winders suffers from is incompetent users."
That's only partly true. The vast majority of the problem with Windows is that it demands that its users do stupid things, and frequently does stupid things automatically on the user's behalf -- usually without giving any indication that it's doing those stupid things.
Writing malware for Linux is no different from writing malware for Windows, except for one crucial detail: Windows will automatically install and run the malware, while Linux requires its users to go through multiple manual steps to run malware and will still protect users from a system meltdown even when that malware is finally installed and run (provided the user isn't running as root, but running non-root is the default Linux behavior).
Linux requires users, even the incompetent users, to explicitly authorize software to run. Windows just assumes it has that authorization, even when its so-called protections are supposed to prevent that.
Linux is great protection for the incompetent users, because those users are probably not bright enough to allow malware to be installed even if the malware presents step-by-step instructions.
"But you can add Slony-1 to a running system and add slaves without ever taking the master down...."
I was under the impression that Slony was a patch to PostgreSQL that had to be specifically compiled into PostgreSQL. Is that not the case?