Hey! Do you know the first rule of secure programming? DO NOT trust input data. If browser gets data and blindly passes it to the OS, well.. that's a bad browser. I don't see MS fault at all.
Mark Russinovich is well-known NT kernel expert and I respect him. Summary posted here is just plain misleading and is a flamebait for zealots from both camps. It's just disgusting.
He doesn't say a thing about user-mode software, usability etc. The article is about kernel differences, so saying "Linux is becoming more and more like Windows" is plain wrong. He doesn't even mention API.
What article actually's talking about is how various successful ideas in kernel co-relate in windows kernel and linux kernel and how windowing is handled. He talks about pros(good remoting) and cons(all calls are actually messages) of X Windows.
And he says "Security was also another area where there significant differences remain between the two operating systems. But ultimately, said Russinovich, the gap between the two operating systems will continue to narrow to a point where their underlying kernel becomes irrelevant."
WTF the article poster pulled that "He says the only current difference is 'how windowing is handled.'"
Well... I cannot really express how I feel about such misleading posts slip. Especially if it's about GOOD people and experienced coders like Mark is.
First of all, well done Miguel, the amount of work you did is just amazing. What's really interesting - will there be bindings for perl modules for instance, like ActiveState's Perl.NET (thay can convert existing CPAN modules to.net classess using embedded perl interpreter (I don't really know how it works, but it seems to be so)). Is there any chance to get CPAN functionality (no one ever can beat CPAN in terms of module availability). That would be great. Thousands of ready components. How do you think - is it ever mossible (with Parrot or maybe embedded perl interpreter) in mono?
> or relatively new "requirements" (such as stdafx.h in C++ programs in Visual Studio. That really pisses me off.)
You can easily switch off this stdafx.h thing. Just switch off precompiled headers. Precompiled header is being build through stdafx.h file. You put your rarely modified headers there, such as windows.h, stl headers, mfc/atl headers, you got the idea. Every time you build project, stdafx.h and all contained headers aren't parsed, compiler restores the state it last parsed stdafx.h. That's why putting includes and defines etc at the beginning of file before stdafx.h won't work. Did it enlighten you a bit? Turn off precompiled headers and you won't need stdafx.h, but your compilation times will skyrocket. Morale: don't judge something as stupid before you really know why it's done this way.
Re:Developers, Developers, Developers
on
Mono Beta 2 Released
·
· Score: 3, Informative
That's FUD. VB6 apps would run just fine. Just use old VB6 for development. Hell.. some companies still use Visual Studio 5.0 for development (I worked for such a company). Don't want.net? OK, write your apps in VB6 as you always did. vb6 and vb.net use different technologies and even syntax in some parts is different. It's different product, that's all. They didn't break any API.
It's the function of app programmer to resize controls accordingly. Borland Delphi and C++ Builder had this functionality (some kind of layout manager). Anyway, auto-layout is a great thing when prototyping the app to show to customer, but may and will be a bitch when application grows. All serious developers have own layout managers anyway: user sees what developer wants him to see - not what some stupid layout engive version xxx decided.
I don't know about space suits, but Jennifer Marcy becomes current slashdot playmate of the month. Right, after Natalie Portman and that chernobyl girl. She's pretty! * Dear God, would you please let me marry one of these girls? Ah... nevermind.
What's that Arch thing the guy is talking about ?
on
Fedora Core 2 Review
·
· Score: 3, Interesting
What's that Arch distribution the guy is talking about ? He says you can get any package easy in the Article. I'm intrigued.
What parent post suggested is to block at application level, so essentially there should be some kind of ISP-wide IDS that will deny traffic based on some known virtulent patterns. That idea is good of course, but won't happen anytime soon, because too costly.
Do you understand what processing power ISP should have in order to filer the traffic at app-level? The cost will skyrocket. Who gonna pay for that? Subscriber of course.
That's something astonishingly exciting in this book, it extends 1.4 refernce manuals and it will last forever as... well.. 1.4 opengl reference manual.
I'm kind of historian and keeping the count of varios books published.
Here's my summary of hits:
"How To Become 3d Artist/Programmer With OpenGL And Be Just Cool As John Carmack", published n/0 times.
"How To Become 3d Artist/Programmer With Direct3D And Be Just Cool As Bill Gates", published (n-10000)/0 times.
"Request For Comments Refernce Manual - All You Wanted To Know About Networking Protocols". Is published (n-1)/0 times. Pretty common. But still very popular, get your copy today.
"Manual Pages Of Unix" That was used hard to find... People would kill each other for that, or sue... (n-1000000)/0 times.
In other news (n-(-1))/0's "Windows Help Reference Manual For Dummies" is soon to hit bookshelves.
Look at this math isn't it nice?
Hm... what were we all talking about?... Nevermind.
I, personally use and recommend Linux products for the same job security reason.
Don't underestimate what your boss can do when you deploy few custom openldap schemes here and there, few not so obvious backups that wipe data entirely if the you didn't give the special sequence on the other hand of pipe.
Ah.. not enough... few perl scripts I do can do even better.
:) You're actually confusing Fedora Legacy & Fedora Core. They had to choose the better name to distingush them easier!
Fedora Core is community-supported distribution, much like RHx.x was.
Fedora Legacy is a community-supported bugfixes/updates effort for old redhat systems currently not supported by redhat itself (for RedHat distributions from 7.2 to 9.0).
They usually take old packages, native to these old systems and apply back-ported security patches to them. That's for people that cannot/don't want to upgrade their main distribution, while being able to maintain "old" distribution to be secure. apt-get can be used on these "old" distributions as well too.
You can install apt-rpm or yum and update every version of RH starting from 7.2 It's just a matter of typing apt-get update && apt-get dist-upgrade with repositiories pointing at download.fedoralegacy.org. I use this for about a year already and didn't get a single problem.
They have ALL security patches backported by redhat itself or comunity.
I don't beg you to stay on redhat, use everything you want. I myself have to support a dozen of 7.2, 8.0, 9.0 boxes. Fedora legacy is well suited for it. Period. Standard redhat's up2date & bare rpm doesn't even go close to what apt-rpm can do on these systems.
Slashdot Mirror
Let's don't forget Counter-Strike here? ;-)
It got its popularity while being the game with 3-4 programmers/artists.
Never say never
I'll be building DRBD clusters in a blink of an eye.
Actually I already do on 1gbps
Redundancy is good.
Hey!
Do you know the first rule of secure programming?
DO NOT trust input data.
If browser gets data and blindly passes it to the OS, well.. that's a bad browser. I don't see MS fault at all.
Mark Russinovich is well-known NT kernel expert and I respect him. Summary posted here is just plain misleading and is a flamebait for zealots from both camps. It's just disgusting.
He doesn't say a thing about user-mode software, usability etc. The article is about kernel differences, so saying "Linux is becoming more and more like Windows" is plain wrong. He doesn't even mention API.
What article actually's talking about is how various successful ideas in kernel co-relate in windows kernel and linux kernel and how windowing is handled. He talks about pros(good remoting) and cons(all calls are actually messages) of X Windows.
And he says "Security was also another area where there significant differences remain between the two operating systems. But ultimately, said Russinovich, the gap between the two operating systems will continue to narrow to a point where their underlying kernel becomes irrelevant."
WTF the article poster pulled that "He says the only current difference is 'how windowing is handled.'"
Well... I cannot really express how I feel about such misleading posts slip. Especially if it's about GOOD people and experienced coders like Mark is.
First of all, well done Miguel, the amount of work you did is just amazing. .net classess using embedded perl interpreter (I don't really know how it works, but it seems to be so)).
What's really interesting - will there be bindings for perl modules for instance, like ActiveState's Perl.NET (thay can convert existing CPAN modules to
Is there any chance to get CPAN functionality (no one ever can beat CPAN in terms of module availability). That would be great. Thousands of ready components.
How do you think - is it ever mossible (with Parrot or maybe embedded perl interpreter) in mono?
Where exactly IE has access to ring0? Any facts?
Just curios.
> or relatively new "requirements" (such as stdafx.h in C++ programs in Visual Studio. That really pisses me off.)
You can easily switch off this stdafx.h thing.
Just switch off precompiled headers.
Precompiled header is being build through stdafx.h file. You put your rarely modified headers there, such as windows.h, stl headers, mfc/atl headers, you got the idea. Every time you build project, stdafx.h and all contained headers aren't parsed, compiler restores the state it last parsed stdafx.h. That's why putting includes and defines etc at the beginning of file before stdafx.h won't work.
Did it enlighten you a bit?
Turn off precompiled headers and you won't need stdafx.h, but your compilation times will skyrocket.
Morale: don't judge something as stupid before you really know why it's done this way.
That's FUD. .net? OK, write your apps in VB6 as you always did.
VB6 apps would run just fine. Just use old VB6 for development. Hell.. some companies still use Visual Studio 5.0 for development (I worked for such a company).
Don't want
vb6 and vb.net use different technologies and even syntax in some parts is different. It's different product, that's all. They didn't break any API.
It's the function of app programmer to resize controls accordingly.
Borland Delphi and C++ Builder had this functionality (some kind of layout manager).
Anyway, auto-layout is a great thing when prototyping the app to show to customer, but may and will be a bitch when application grows.
All serious developers have own layout managers anyway: user sees what developer wants him to see - not what some stupid layout engive version xxx decided.
Nope, it's rather :P~(|) ;-)
Well...
;-)?
You don't want to name your site bluesmoke.net and post a link to slashdot, don't you
> Book Reviews: Hardcore Java
:)
I'm personally waiting for "Hardcore sex in diving suit" book review. Would be fun to read.
Are you living on Earth, 2004?
I'm sure I am, what about you?
I don't know about space suits, but Jennifer Marcy becomes current slashdot playmate of the month. Right, after Natalie Portman and that chernobyl girl.
She's pretty!
* Dear God, would you please let me marry one of these girls?
Ah... nevermind.
What's that Arch distribution the guy is talking about ?
He says you can get any package easy in the Article. I'm intrigued.
Anybody ever used it?
My girlfriend will beat me in any game for sure with such "controller".
No single man gonna beat eye-tongue coordination of a blonde.
What parent post suggested is to block at application level, so essentially there should be some kind of ISP-wide IDS that will deny traffic based on some known virtulent patterns.
That idea is good of course, but won't happen anytime soon, because too costly.
Do you understand what processing power ISP should have in order to filer the traffic at app-level?
The cost will skyrocket. Who gonna pay for that? Subscriber of course.
That's something astonishingly exciting in this book, it extends 1.4 refernce manuals and it will last forever as... well.. 1.4 opengl reference manual.
I'm kind of historian and keeping the count of varios books published.
Here's my summary of hits:
"How To Become 3d Artist/Programmer With OpenGL And Be Just Cool As John Carmack", published n/0 times.
"How To Become 3d Artist/Programmer With Direct3D And Be Just Cool As Bill Gates", published (n-10000)/0 times.
"Request For Comments Refernce Manual - All You Wanted To Know About Networking Protocols". Is published (n-1)/0 times. Pretty common. But still very popular, get your copy today.
"Manual Pages Of Unix"
That was used hard to find... People would kill each other for that, or sue... (n-1000000)/0 times.
In other news (n-(-1))/0's "Windows Help Reference Manual For Dummies" is soon to hit bookshelves.
Look at this math isn't it nice?
Hm... what were we all talking about?... Nevermind.
Good idea, but isn't unit testing + standard assertions do the same thing but in more automatic way ?
You feed some data to functions, you expect some sane pre-calculated output from them. Simple yet powerful.
And more important it's automatic. So you can integrate it into build process.
I, personally use and recommend Linux products for the same job security reason.
:)
Don't underestimate what your boss can do when you deploy few custom openldap schemes here and there, few not so obvious backups that wipe data entirely if the you didn't give the special sequence on the other hand of pipe.
Ah.. not enough... few perl scripts I do can do even better.
Yes, I'm BOFH, muahaha
Very interesting about version upgrades.
:). Obviosly it will give many advantages.
Wondering if it's possible to do the same with apt.
If not, I'll be installing yum in no time
:) You're actually confusing Fedora Legacy & Fedora Core. They had to choose the better name to distingush them easier!
Fedora Core is community-supported distribution, much like RHx.x was.
Fedora Legacy is a community-supported bugfixes/updates effort for old redhat systems currently not supported by redhat itself (for RedHat distributions from 7.2 to 9.0).
They usually take old packages, native to these old systems and apply back-ported security patches to them.
That's for people that cannot/don't want to upgrade their main distribution, while being able to maintain "old" distribution to be secure.
apt-get can be used on these "old" distributions as well too.
Hope this shed a light a little.
What are you talking about ?
You can install apt-rpm or yum and update every version of RH starting from 7.2
It's just a matter of typing apt-get update && apt-get dist-upgrade with repositiories pointing at download.fedoralegacy.org. I use this for about a year already and didn't get a single problem.
They have ALL security patches backported by redhat itself or comunity.
I don't beg you to stay on redhat, use everything you want. I myself have to support a dozen of 7.2, 8.0, 9.0 boxes. Fedora legacy is well suited for it. Period.
Standard redhat's up2date & bare rpm doesn't even go close to what apt-rpm can do on these systems.
I'm already using fedora legacy to update rh8.0 and 7.2 boxes (only four fortunately).
No complains.
apt-get update && apt-get dist-upgrade from fedora legacy work flawlessly.