Who said anything about Windows? Of course you can't legally fork Windows, because Microsoft has not licensed the Windows source code under its "Shared Source" initiative. You can't fix bugs in Windows, either. But that's irrelevant, because both the article and the post to which I responded talk specifically about source code which Microsoft releases under one of its "Shared Source" licenses. And for that source code, the answer is yes, you can fix bugs and release a competing product.
Can we do so in a manner that no longer requires anyone to pay Microsoft?
If you read the OSI's explanation of the shared source licenses, you'll see that Ms-PL and Ms-RL are more competition-friendly than most of the traditional open source licenses because they also indemnify all contributors against patent infringement. So you wouldn't be legally obliged to pay Microsoft anything if you wanted to rebrand their code and release a competing product.
If you download and use Fedora Core, aren't you a beta tester for Red Hat Enterprise Linux? And if you fix a bug in Fedora Core, something which Red Hat financially benefits from, do they pay you money?
For me, the answer is Yes and No, so I don't see a difference between the Open Source model and Microsoft's Shared Source model, in this respect.
Re:Hard to learn but worth it
on
The Birth of vi
·
· Score: 1
I stopped using VI when someone showed me that XEmacs had a VI emulation mode. (M-x viper-mode). XEmacs has some features that I haven't found in the VI clones, like good CVS integration. Once you're in viper mode, you can use XEmacs just like VI, but you also get some additional functionality.
You make the young kids feel the power of creation. Learn programming like they "learned" an Etch-a-Sketch.
Get them into a brand new technology -- one where their efforts don't differ enormously from a pro.
Exactly! I think Logo is one of the best kept secrets in education. I have seen six-year-old children (who can barely type) start programming in Logo after five minutes of instruction. I think a large part of this is that Logo (in particular Turtle Graphics) was designed to fit into the childhood world of drawing. But Logo does something that simply drawing on paper does not--it encourages you to think about what you're doing. And it leaves plenty of room for the thrill of discovery and experimentation (even for adults). And it's fun, especially for professional programmers. It's one of those special activities where learning and playing are indistinguishable from each other.
For example, at age 29, I wrote the following program by accident (I was trying to do something else) and it became one of my favorite programs. It was months before I figured out why it works the way it does.
REPEAT 750 [
RIGHT 90
REPEAT 4 [ FORWARD REPCOUNT * 3 RIGHT 72 ]
RIGHT REPCOUNT
]
And at age 39, a friend of mine taught his turtle to make fart noises.
I completely agree with the parent, but I want to add a few things.
Before you do your design, you should try understand all of the system's requirements.
Just how much reliability is really needed?
Are lives at stake?
Is a lot of money at stake?
Is a system failure just inconvenient?
Remember that each extra "9" in reliability multiplies the cost of the project by 10, so make sure you understand just how reliable your system must be before you start.
Once you understand the system's requirements, make sure that your fault-tolerant design is testable. Then design your tests (before you write a single line of code). Don't make the mistake of leaving testing until after implementation. Make sure all of your interfaces are specified and that the subsystems are decoupled enough such that you can test each unit individually and thoroughly. What happens if a subsystem receives bad input? What happens if a subsystem takes longer than expected to respond? How long is too long? What happens if a subsystem returns bad output? You should design your system such that you can replace any subsystem with a misbehaving (test) subsystem and that your overall system responds appropriately. In the process of designing your test, you should expect to find many design defects (or design glosses).
You should also get someone to peer-review your design (and your tests) with the mindset of making your system fail.
People with different backgrounds will have different experiences of what can go wrong; don't expect that you have thought of everything yourself.
By now you may be thinking "that's a lot of extra work". You're right, it is. But it's all necessary. You can scale back some of this depending on how much reliablility you actually need, which is why it's essential that you understand your requirements. You also don't have to do all the work yourself. In fact, you probably shouldn't. You should get someone else to work on the test side of things.
By the way, one essential subsystem to modularaize is the allocation of resources. You will find a lot of defects just by inserting a memory allocator that occassionally simulates out-of-resource conditions. There are tools to do this, but they don't seem to be portable to different operating systems.
and more over, these were not just *nix vulnerabilities, they were *nix apps. If we included every security flaw in every program that runs on windows this year I feel that ths list might grow a bit......
The list is supposed to include every security flaw in every program that runs on Windows. Check the Windows list; most of them are 3rd party apps and some are open source. Likewise, the UNIX/Linux list includes a lot of proprietary software. This study was examining which OS is more secure on the whole (apps and all), not if Microsoft writes more secure code than the Open Source community.
For example, take a look at Adobe's contributions to both lists.
A crash *is* a security vulnerability; it's a denial-of-service attack. My credit card numbers are safe and the attacker hasn't executed arbitrary code on my machine, but they did crash an application which I was using and potentially had unsaved data on. From what the article says, the exploit (if it exists) can continue to deny me the use of Firefox until the damage is repaired by manually deleting my history.dat file. The ability to deny someone the use of the Web is denial-of-service vulnerability. And the fact that the "fix" requires deleting user data is somewhat signficant.
As far as security vulnerabilities go, this one may be relatively benign, but that doesn't mean it's not a security vulnerability. Do you feel secure knowing that your browser could crash if you clicked on the wrong link? I don't.
And if this is a buffer overflow, as the article suggests, it may be possible to use it to execute arbitrary code, which would make this a critical vulnerability.
A few years ago, I would have agreed entirely with you, but now I'm convinced that technology is an essential part of the future of education. What change my mind is that, in the past year, I've read a lot of papers by Seymour Papert. He's the guy that invented the Logo programming language and LEGO Mindstorms. His latest project is to make a laptop that is inexpensive enough that every child can afford one (especially children in rural areas of developing regions).
The short version of Papert's philosophy goes like this. We must shift school's emphasis on teaching to an emphasis on learning. The most important skill a child can learn in today's world is the skill of learning. Children learn best when they create projects that are personally meaningful to them. Computers are so versitile that they can be used as a base for any project. Today's computers are friendly enough that they can be used by preschoolers. Even though computers are essential, you still need flesh-and-blood teachers to act as guides, because the best teacher is NOT a computer, it's someone with an empathic relationship with the student.
Math is hard? Good, tough up kid because the rest of the world is tough and isn't going to bend to your will.
How do you think a child would respond to this sort of attitude? Do you think they will buck up and learn math? Or do you think they will become even more resentful toward math (and possibly resentful of you)?
I think there are two things wrong with this attitute. First, people don't hate math because it's hard. People like challenges. When was the last time you heard someone play a computer game for days on end because it was easy? People hate math because they think it's impersonal. Second, if you want a child to learn math, the solution is not to force it, it's to show the child why math is interesting. Wanna motive a high-school student to learn trig? Show them how trig is the backbone of first person shooters. Better yet, get them to write their own 3D computer game using trig.
By the way, most of what school calls "math" is not that useful and has nothing to do with the kind of stuff that mathematicians do. Mathematicians engage in challening problems that may not have a clean-cut "right" answer. They experiment with different ways to solve problems and, most of the time, they get the wrong answer. They ask their friends for help. They try to understand similar problems and the relationship between problems. In short, real-world math is more like an exploration of patterns and relationships than the mechanical processes that they teach in school.
A $2,000 computer does not a better educated kid make.
No, but neither does a $50,000 library with a full-time librarian. The computer is a relatively inexpensive window into knowledge and a fantastic tool for knowledge exploration. And Web searching sure beats looking stuff up in encyclopedias and dictionaries. Children are innately curious and full of questions. If you can show a child a painless way to answer their own questions, you can make them into life-long learners.
My question is why should scripts be allowed to write anything?
Firefox extensions (and a lot of the browser) are written in JavaScript. Extensions (and the browser) are trusted. They can do things like manage cookies and cached files. I wrote a Firefox extension that opens a TCP connection on port 2628 to an arbitrary server. I don't know the full extent of what a trusted script can do, but it is probably as much as the OS allows your user account to do. The ability to do this is what makes Firefox attractive as an application development platform--you get access to lots of cross-platform utilities and you have more power than HTML.
On the other hand, scripts in a Web page are NOT trusted. These scripts are run in a sandbox. They can't create files or open up sockets. But sometimes an untrusted script can trick Firefox into trusting it, and that's a critical bug. By design, this should never happen. But if the implementation is flawed, you can end up executing code with more privileges you want.
Anyway, that's why scripts are allowed to write files. This doesn't say that scripts should be allowed to write files, but it is how Firefox was desiged to behave.
I'd also put Pat Lawlor on the same level as Shigeru Miyamoto (Zelda, Mario) for his innovative game designs and attention to the overall user experience.
Well, if [Microsoft would] make an OS that wasn't set up as to be easy to "zombie-fi" then I suspect a lot of spam wouldn't even be a worry as I read in wired(or a slashdot link to wired?) that a large minority of spam is sent from hijacked computers running MS OS.
A poorly maintained GNU/Linux box is just as easy to compromise as a poorly maintained Windows box.
The #1 security risk is not the OS, it's the user. There are the users that execute email attachments, run any piece of software they download from the Internet, choose weak passwords, and disable their firewall because its annoying. A lot of these users happen to run an MS OS.
There's also another class of sophisticated, but uninformed users that puts the Internet at risk. These are the Linux admins that think that they don't have to worry about security just because they run Linux. They leave their system untouched (unmonitored and unpatched) for months or years. They may also set up a test account (username=test, password=test) just to see if everything's working. Or they may set up a low privilege guest account (username=guest, no password), forgetting that even a guest can open an outgoing socket. A machine like this will be compromised within a month.
The SSH daemon on my Linux box gets probed by 2-3 different IP addresses every day. I expect that most of these attackers are zombies. And I doubt that any one of them are running an MS OS.
It's more than just a faulty presentation--the whole premise is innane:
Redhat found a vulnerability in fileutils (ls and mkdir), that could allow a remote attacker to execute arbitrary code with root privileges.
ls and mkdir are running as a network server with root privileges? How did that happen?
Besides, we all know RedHat systems configure ls and mkdir to change to low-privilege users (lsnobody and mkdirnobody) after accepting the connection (unless you modify/etc/ls.conf or/etc/mkdir.conf, that is).
The Xbox can't play DVDs out-of-the-box. To play DVDs, you have to modify it in some way: get a mod chip, install a different OS, or buy a "DVD Playback Kit".
Another often-cited surprise is that the copyrights for "Happy Birthday to You" are owned by Time Warner. This is why some family restaurants have made up their own songs to wish kids a happy birthday; it's just too expensive to sing the tradition song.
That was my first experience, too. I got on a server where the admin was a power-hungry bigot (or at least played the role). He'd kick people off that he accused of being minorities and he'd kick people off for not being racist enough. He'd also disrupt the game by enabling God mode for himself. Like you, I just assumed that's how all servers were.
Then I found a few servers that are run by people that do not tolerate swearing or bigotry. I also found people that took to the time to teach me how to play. My teammates still curse me out when I accidently (but thoroughly) fill them with bullets. And there are still plenty of momments of immaturty, but that's part of the on-line experience, whether its on-line gaming, chat rooms, or slashdot. In a strange way, it's also part of the fun.
So, if you like the game, keep hunting for a good server. You're bound to find one.
You might feel differently about a four-year-old laptop with a broken CD player if you did not own a computer and could never hope to afford one. You personally may have several computers and would understandably be unimpressed by such a donation. However, Uganda is very different from your world. It faces many challenges: AIDS, hunger, and war. I believe that education and economic stability can solve these problems and that a computer is a wonderful tool for the advancement of both. If donating a computer that people in one country consider "worthless junk" might substantially benifit someone in a less fortunate country, don't you think it's worth doing?
Take a look at the homepage for the Global Stewardship Foundation Africa, which runs a computer donation program for African nations. Read the success story that was written by a 23-year-old woman, and try to put yourself in her place. Then decide if you would be insulted by a four-year-old laptop and if you would just throw it out.
I think robots could win in the World Cup finals by playing very boring soccer. For example, the robots could (try to) force a 90 minute stale-mate if they always took the ball into the corner and then the other robots formed a wall around the first robot. The robots could then win the game in PKs.
I imagine that robots would be much better at PKs than at regulation time soccer because taking PKs rewards precision, not intelligence. Defending against PKs may be harder for robots than humans, but that doesn't matter if the robot kickers never miss. Humanity has plenty of Roberto Baggios just waiting for their chance to blow it.
I think Fox should outsource the voice talent to India. I hear the Bangalore is full of voice actors that will work for 1/3 the going salary in Americia.
And if an Indian Homer doesn't play out well, they could spin off a series about Apu, Manjula, and the octuplets. Could be as good as "Eight is Enough", or maybe even "Just the Ten of Us".
The U.S. Constitution does not gaurantee the right to peaceful assembly. It gaurantees that the US Congress shall not pass any laws that prevent peaceful assembly (without 3/4 approval). AFAIK, the first amendment doesn't prevent state governments from passing such laws (or cities from passing such ordinances).
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
Slashdot Mirror
Who said anything about Windows? Of course you can't legally fork Windows, because Microsoft has not licensed the Windows source code under its "Shared Source" initiative. You can't fix bugs in Windows, either. But that's irrelevant, because both the article and the post to which I responded talk specifically about source code which Microsoft releases under one of its "Shared Source" licenses. And for that source code, the answer is yes, you can fix bugs and release a competing product.
If you read the OSI's explanation of the shared source licenses, you'll see that Ms-PL and Ms-RL are more competition-friendly than most of the traditional open source licenses because they also indemnify all contributors against patent infringement. So you wouldn't be legally obliged to pay Microsoft anything if you wanted to rebrand their code and release a competing product.
If you download and use Fedora Core, aren't you a beta tester for Red Hat Enterprise Linux? And if you fix a bug in Fedora Core, something which Red Hat financially benefits from, do they pay you money? For me, the answer is Yes and No, so I don't see a difference between the Open Source model and Microsoft's Shared Source model, in this respect.
I stopped using VI when someone showed me that XEmacs had a VI emulation mode. (M-x viper-mode). XEmacs has some features that I haven't found in the VI clones, like good CVS integration. Once you're in viper mode, you can use XEmacs just like VI, but you also get some additional functionality.
Exactly! I think Logo is one of the best kept secrets in education. I have seen six-year-old children (who can barely type) start programming in Logo after five minutes of instruction. I think a large part of this is that Logo (in particular Turtle Graphics) was designed to fit into the childhood world of drawing. But Logo does something that simply drawing on paper does not--it encourages you to think about what you're doing. And it leaves plenty of room for the thrill of discovery and experimentation (even for adults). And it's fun, especially for professional programmers. It's one of those special activities where learning and playing are indistinguishable from each other.
For example, at age 29, I wrote the following program by accident (I was trying to do something else) and it became one of my favorite programs. It was months before I figured out why it works the way it does.
REPEAT 750 [ RIGHT 90 REPEAT 4 [ FORWARD REPCOUNT * 3 RIGHT 72 ] RIGHT REPCOUNT ]
And at age 39, a friend of mine taught his turtle to make fart noises.
I completely agree with the parent, but I want to add a few things.
Before you do your design, you should try understand all of the system's requirements. Just how much reliability is really needed? Are lives at stake? Is a lot of money at stake? Is a system failure just inconvenient? Remember that each extra "9" in reliability multiplies the cost of the project by 10, so make sure you understand just how reliable your system must be before you start.
Once you understand the system's requirements, make sure that your fault-tolerant design is testable. Then design your tests (before you write a single line of code). Don't make the mistake of leaving testing until after implementation. Make sure all of your interfaces are specified and that the subsystems are decoupled enough such that you can test each unit individually and thoroughly. What happens if a subsystem receives bad input? What happens if a subsystem takes longer than expected to respond? How long is too long? What happens if a subsystem returns bad output? You should design your system such that you can replace any subsystem with a misbehaving (test) subsystem and that your overall system responds appropriately. In the process of designing your test, you should expect to find many design defects (or design glosses).
You should also get someone to peer-review your design (and your tests) with the mindset of making your system fail. People with different backgrounds will have different experiences of what can go wrong; don't expect that you have thought of everything yourself.
By now you may be thinking "that's a lot of extra work". You're right, it is. But it's all necessary. You can scale back some of this depending on how much reliablility you actually need, which is why it's essential that you understand your requirements. You also don't have to do all the work yourself. In fact, you probably shouldn't. You should get someone else to work on the test side of things.
By the way, one essential subsystem to modularaize is the allocation of resources. You will find a lot of defects just by inserting a memory allocator that occassionally simulates out-of-resource conditions. There are tools to do this, but they don't seem to be portable to different operating systems.
The list is supposed to include every security flaw in every program that runs on Windows. Check the Windows list; most of them are 3rd party apps and some are open source. Likewise, the UNIX/Linux list includes a lot of proprietary software. This study was examining which OS is more secure on the whole (apps and all), not if Microsoft writes more secure code than the Open Source community.
For example, take a look at Adobe's contributions to both lists.
From Windows:
From UNIX/Linux:
A crash *is* a security vulnerability; it's a denial-of-service attack. My credit card numbers are safe and the attacker hasn't executed arbitrary code on my machine, but they did crash an application which I was using and potentially had unsaved data on. From what the article says, the exploit (if it exists) can continue to deny me the use of Firefox until the damage is repaired by manually deleting my history.dat file. The ability to deny someone the use of the Web is denial-of-service vulnerability. And the fact that the "fix" requires deleting user data is somewhat signficant.
As far as security vulnerabilities go, this one may be relatively benign, but that doesn't mean it's not a security vulnerability. Do you feel secure knowing that your browser could crash if you clicked on the wrong link? I don't.
And if this is a buffer overflow, as the article suggests, it may be possible to use it to execute arbitrary code, which would make this a critical vulnerability.
A few years ago, I would have agreed entirely with you, but now I'm convinced that technology is an essential part of the future of education. What change my mind is that, in the past year, I've read a lot of papers by Seymour Papert. He's the guy that invented the Logo programming language and LEGO Mindstorms. His latest project is to make a laptop that is inexpensive enough that every child can afford one (especially children in rural areas of developing regions).
The short version of Papert's philosophy goes like this. We must shift school's emphasis on teaching to an emphasis on learning. The most important skill a child can learn in today's world is the skill of learning. Children learn best when they create projects that are personally meaningful to them. Computers are so versitile that they can be used as a base for any project. Today's computers are friendly enough that they can be used by preschoolers. Even though computers are essential, you still need flesh-and-blood teachers to act as guides, because the best teacher is NOT a computer, it's someone with an empathic relationship with the student.
How do you think a child would respond to this sort of attitude? Do you think they will buck up and learn math? Or do you think they will become even more resentful toward math (and possibly resentful of you)?
I think there are two things wrong with this attitute. First, people don't hate math because it's hard. People like challenges. When was the last time you heard someone play a computer game for days on end because it was easy? People hate math because they think it's impersonal. Second, if you want a child to learn math, the solution is not to force it, it's to show the child why math is interesting. Wanna motive a high-school student to learn trig? Show them how trig is the backbone of first person shooters. Better yet, get them to write their own 3D computer game using trig.
By the way, most of what school calls "math" is not that useful and has nothing to do with the kind of stuff that mathematicians do. Mathematicians engage in challening problems that may not have a clean-cut "right" answer. They experiment with different ways to solve problems and, most of the time, they get the wrong answer. They ask their friends for help. They try to understand similar problems and the relationship between problems. In short, real-world math is more like an exploration of patterns and relationships than the mechanical processes that they teach in school.
No, but neither does a $50,000 library with a full-time librarian. The computer is a relatively inexpensive window into knowledge and a fantastic tool for knowledge exploration. And Web searching sure beats looking stuff up in encyclopedias and dictionaries. Children are innately curious and full of questions. If you can show a child a painless way to answer their own questions, you can make them into life-long learners.
Firefox extensions (and a lot of the browser) are written in JavaScript. Extensions (and the browser) are trusted. They can do things like manage cookies and cached files. I wrote a Firefox extension that opens a TCP connection on port 2628 to an arbitrary server. I don't know the full extent of what a trusted script can do, but it is probably as much as the OS allows your user account to do. The ability to do this is what makes Firefox attractive as an application development platform--you get access to lots of cross-platform utilities and you have more power than HTML.
On the other hand, scripts in a Web page are NOT trusted. These scripts are run in a sandbox. They can't create files or open up sockets. But sometimes an untrusted script can trick Firefox into trusting it, and that's a critical bug. By design, this should never happen. But if the implementation is flawed, you can end up executing code with more privileges you want.
Anyway, that's why scripts are allowed to write files. This doesn't say that scripts should be allowed to write files, but it is how Firefox was desiged to behave.
Now if IE could manage a 237% increase in marketshare that'd be impressive. It would disprove Norvig's 's Law.
While we're already off-topic...
I'd also put Pat Lawlor on the same level as Shigeru Miyamoto (Zelda, Mario) for his innovative game designs and attention to the overall user experience.
A poorly maintained GNU/Linux box is just as easy to compromise as a poorly maintained Windows box.
The #1 security risk is not the OS, it's the user. There are the users that execute email attachments, run any piece of software they download from the Internet, choose weak passwords, and disable their firewall because its annoying. A lot of these users happen to run an MS OS.
There's also another class of sophisticated, but uninformed users that puts the Internet at risk. These are the Linux admins that think that they don't have to worry about security just because they run Linux. They leave their system untouched (unmonitored and unpatched) for months or years. They may also set up a test account (username=test, password=test) just to see if everything's working. Or they may set up a low privilege guest account (username=guest, no password), forgetting that even a guest can open an outgoing socket. A machine like this will be compromised within a month.
The SSH daemon on my Linux box gets probed by 2-3 different IP addresses every day. I expect that most of these attackers are zombies. And I doubt that any one of them are running an MS OS.
And if there is blood/DNA on the Shroud of Turin, why isn't Science trying to clone Jesus? Think of the social benefits!
It's more than just a faulty presentation--the whole premise is innane:
ls and mkdir are running as a network server with root privileges? How did that happen?
Besides, we all know RedHat systems configure ls and mkdir to change to low-privilege users (lsnobody and mkdirnobody) after accepting the connection (unless you modify /etc/ls.conf or /etc/mkdir.conf, that is).
The Xbox can't play DVDs out-of-the-box. To play DVDs, you have to modify it in some way: get a mod chip, install a different OS, or buy a "DVD Playback Kit".
Another often-cited surprise is that the copyrights for "Happy Birthday to You" are owned by Time Warner. This is why some family restaurants have made up their own songs to wish kids a happy birthday; it's just too expensive to sing the tradition song.
See: Urban Legends Reference Pages: Music (Happy Birthday, We'll Sue)
That was my first experience, too. I got on a server where the admin was a power-hungry bigot (or at least played the role). He'd kick people off that he accused of being minorities and he'd kick people off for not being racist enough. He'd also disrupt the game by enabling God mode for himself. Like you, I just assumed that's how all servers were.
Then I found a few servers that are run by people that do not tolerate swearing or bigotry. I also found people that took to the time to teach me how to play. My teammates still curse me out when I accidently (but thoroughly) fill them with bullets. And there are still plenty of momments of immaturty, but that's part of the on-line experience, whether its on-line gaming, chat rooms, or slashdot. In a strange way, it's also part of the fun.
So, if you like the game, keep hunting for a good server. You're bound to find one.
You might feel differently about a four-year-old laptop with a broken CD player if you did not own a computer and could never hope to afford one. You personally may have several computers and would understandably be unimpressed by such a donation. However, Uganda is very different from your world. It faces many challenges: AIDS, hunger, and war. I believe that education and economic stability can solve these problems and that a computer is a wonderful tool for the advancement of both. If donating a computer that people in one country consider "worthless junk" might substantially benifit someone in a less fortunate country, don't you think it's worth doing?
Take a look at the homepage for the Global Stewardship Foundation Africa, which runs a computer donation program for African nations. Read the success story that was written by a 23-year-old woman, and try to put yourself in her place. Then decide if you would be insulted by a four-year-old laptop and if you would just throw it out.
I think robots could win in the World Cup finals by playing very boring soccer. For example, the robots could (try to) force a 90 minute stale-mate if they always took the ball into the corner and then the other robots formed a wall around the first robot. The robots could then win the game in PKs.
I imagine that robots would be much better at PKs than at regulation time soccer because taking PKs rewards precision, not intelligence. Defending against PKs may be harder for robots than humans, but that doesn't matter if the robot kickers never miss. Humanity has plenty of Roberto Baggios just waiting for their chance to blow it.
I think Fox should outsource the voice talent to India. I hear the Bangalore is full of voice actors that will work for 1/3 the going salary in Americia. And if an Indian Homer doesn't play out well, they could spin off a series about Apu, Manjula, and the octuplets. Could be as good as "Eight is Enough", or maybe even "Just the Ten of Us".