While AMD and Intel have been picking their asses, coming up with 500 different CPU types, families and versions, 80 different types of memory and speed, Mac has stuck to G3-4-5... And the G5 KICKS ass.
I've never really liked mac hardware, but they've finally outdone themselves here. So much so that I would actually now consider using a mac.
After today's releases, I was actually asking myself if OS X could actually start threatening Windows.
I've always been a PC user (because of flexibility, price, and just openess of the whole thing), and I do use Windows, and for the first time ever today (looking at the G5 specs and the MacOS stuff) I was actually tempted.
Sorry wishful thinkers... linux ain't gonna do nothin' to OS X. In any case, it'll have much less effect on OS X than it could have on Windows.
Your sig barks loud but doesn't bite so much: ACs might reply something insightful that might climb up into your view.
DMCA, shme-ehm-see-ayy... your attitude is exactly what you would vehemently argue against Microsoft if the situation were proper: show your name (and be subject to 'persecution' - karma), or be censored.
two points to clear up about this post:
it's quite sad that 'persecution' on this site is based on this karma crap and the idiotic moderators deciding it... it's sad, but it's actually also ironically a microcosmic representation of the state of the current world.
I browse at +1 too. But I don't advertise it in my sig as a way to intimidate people. In fact, I think you doing this is almost as much a defensive attitude as posting AC is: you are just hiding behind the crowd mentality of slashdot... A defense against anyone who'd be reluctant (for whatever reasons) to post with a name because they had something not in line with pro-/. (i.e. pro-linux/OSS/etc), and most probably your point of views. Way to go for hypocrisy.
PS. I hesitated long between posting this AC or not. It's a catch 22, both would make my point.
That's the whole danger of GEng... it's not the glowing that's dangerous. It's the side effects that you *don't* see. Maybe the glow gene also creates secretions which normally are quite harmless, but combined with some special enzyme in a tuna fish's stomach turn deadly...
Maybe these fish become resistant to an otherwise instantly lethal virus that zebra fish have... effectively acting as reservoirs of this virus, and spreading it along to all other zebra fish and whiping out normal zebra fish populations.
Think of it this way: why hasn't ebola wiped out the world population? because it's *too* fast for its own good. It doesn't have time to spread around because its host dies too quickly. AIDS on the other hand takes waaaay longer kill, and that's why it's more widespread...
Now imagine some humans were genetically engineered to have glowing eyes, and as a side-effect, they became immune to Ebola. Pretty soon, glowing eyed people would be the only people remaining on the planet, because they would act as reservoirs for a virus which otherwise would rapidly kill its host...
Genetics is like a very very poorly maintainable 90 billion line of code piece of software... with most of the variables declared at the global scope... and named x1, x2, x3 and static buffers all over the place. You wouldn't want to just say, "hey, I'll just use buffer z32 for a second to do this string operation" now would you.
I didn't say that. What I did say was the GEng. isn't bad because it creates creatures dependant on humans... we've already done that.
GEng is bad because it may have side-effects that we can not see now... and for maybe generations to come.
But then again, that stuff happens in the wild too... Chernobyl and the area surrounding it is a breeding ground of such animals. I don't see anyone making a fuss about that.
I think the previous EULA was worded that way so people were forced (by law) to update their machines, and not leave them unpatched for months. I think it was made that way so that Moft didn't end up with lawsuits (or bad rep) saying their machines weren't safe.
(I think ideally, they wanted all of the machines on the net to get patches as soon as they came out, so that once a bug was announced on a full disclosure list or the such, if they deemed it dangerous, they could get around to avoiding it).
But in the end, it comes down to an 'I think' versus 'you think' situation. And I think you are watching too many x-files.
(your argument of closed sourcedness is bs... have you read each and every line of source in your linux kernel? - trojan's are very easily detectable without source code, in fact they are more detectable without source code: via network analysis... if Moft were to put trojans in their updates, you would get 42 stories a day on/. about it - plus their respective duplicates)
That's not amazingly bad advice given what I've cited: if you decide you're leaving. Don't just leave, make an attempt to do something about it. I never told him to make this bargain if he hadn't fully commited to leaving.
Take it as you will, mister manager. I've done exactly this, and I've got references because I have integrity. I never insulted anyone, I was very kurt and upfront. *Some* people appreciate that, those are the people I ask for references... not the managers that are actually causing me to quit in the first place.
My team lead for example would give the best references of me because he knows I had integrity. The integrity of doing my job while I was doing it, and the integrity of saying "no" when I decided not to do it anymore (as opposed to hang around and just be a bitchy whinny person who's productivity is 30% of normal, and on whom other people just can't depend).
Like I said, the advice is for IF he decides he wants to go.
I was in a similar situation. I did walk out. But not before making sure I had a 6 month parachute in my bank account, and some damn near certain contract work lined up.
That being said, I thank god I had the parachute, because I've been self employed for close to 10 months now, and some of the projects I was supposed to get right after I quit my job are only now starting to come in.
The thing you don't want to do, and I agree with parent poster here, is starve to the point that your breath smells... then you have no bargaining power anywhere, and you'll end up being a janitor. If you have enough money to float for at least a few months, you can play 'aggressive' (read not let yourself get raped) by the market.
On a side note, quiting my job after the exact same scenario was the best thing I've ever done in my life. I used to be bitter, jaded, pessimistic, and always ready to snap into a bad mood. Now I'm jaded and pessimistic, but I enjoy life SO much more. Even more satisfying is watching the people who *didn't* quit back then, who are still complaining about the SAME things, 10 months after... not because I'm enjoying their pain, but because I can see exactly how much energy I was wasting in being that way back then.
My moral: if things don't look good now, they will most likely not look good in 6 months unless something is done. Staying at your current place is not "something".
Also, I would keep in mind that mass exodus will freak your managers out, hiring is the most expensive thing a company can do, so keep that in mind. You are in a company, in the business world... this is not favors in the school yard. IF you finally decide you will walk out - don't. First threaten walking out. Lay it on the table. Say "either we work a compromise of some sort, or we're out of here, chose". If you are determined to survive in the wild, then right now you are the most valuable selves you'll be ever. This is the moment when you can cash in on your skills - not when everything is peachy and all is running smooth. But always remember that you might end up staying there, so don't make ridiculous demands which will hurt the company and you ultimately either. Fine balance ain't it! =)
To answer your question: the exploit is suposedly about a piece of code executing code from a different source. It's a violation of the same-origin policy in java/javascript.
Now, I don't know whether or not the bug was legit or not (I must admit the guy's english was very 3733T looking to me), but the issue is a rather crucial one, and shouldn't be dismissed.
A quick example, if I were able to 'inject' code into an already opened browser of yours (say your online banking website), log your keystrokes and then submit them (via an html form) to my site. Don't quote me on this though, I'm not an expert when it comes to browser vulnerabilities/exploits (I'm a C++ monkey) - I just know the same-origin policy is important.
Why have you been moderated Insightful, it beats me... but let me tell you one thing: you are no security expert. It shows by the way you said
The first exploit doesn't seem like much of an exploit either. Instead, it seems to that the script opens a popup, and then at some later time, changes its content. What is wrong with that?
Now, young grasshoppah... tell me by just starring at your screen what applications are running on your box. no 'ps' no taskmngr... Unless you are the oracle, a virus is pretty much invisible.
I think you are too caught up watching movies like Swordfish or the like, where viruses actually 'freeze' your computer by drawing frost marks over your my computer icon.
On another note: if you've read any of the other posts on/. today, it seems to be a java vuln. triggered by using some basic javascript.
Yeah, unrelated they are, but in tandem they can be used.
But so long as noone can check (because of the NDA)
Have you considered the following: regardless of what was done, the judge's words are final. It doesn't matter if there were to be 10 million linux protesters each with a print out of the code in their hand chanting in front of the court, the judge's words are final. And generally speaking, judges are unimpressed by chanting.
On another note, have you considered that the fact that nobody knows where this code is is actually a way of keeping it somewhat hidden? As meager an argument that is, it's still an argument.
Their contradicting themselves is just sloppy work on the behalf of their legal/PR team.
As for the "how can Linux users be guilty if IBM" comment, two things: a) they aren't suing users, they are suing companies (for now), b) isn't OSS the crowd of people who pride themselves of having 'all the people' supporting their code?
You cannot enjoy the priviledges of a group without taking on it's responsabilities. If someone screwed up in your system, you must all bear that burden... in whatever shape or form. I'm thinking, all linux will suffer from this is a temporary rollback of the source tree... or just emergency hacks to remove the code from current distributions. The shit flying through the fan really is for IBM at this point.
On a side note, if this code has been in the tree for a long time, there's a good chance that big companies like Redhat might migrate to the new clean version of the tree and be forced to discontinue support for the older versions... which would be a nightmare for some.
The sense is this: there is source code, and there is binary code. Binary Code reuse is nothing special. It's inevitable.
Source code reuse, that's a whole different ball game, because the source code needs to be flexible enough to do whatever is asked from it. The original poster said it was difficult to reuse source code because it was either too generic, or too specific.
Binary code, interfaces and the such, *have* to be reused (nobody in their sane mind would think it normal to write an OS each and every time you wrote a program). In fact, one of the goals of reuse of binary code is that it is rigid/enforcing (e.g. security). Binary code reuse to me, is not code reuse, it's just environment/platform.
Source code reuse, back to the original thread of thought, *is* difficult. Very few libraries have pulled it off, STL is one of them, and that thanks to templates. (Again, let me point out that just calling a function in a Perl module called "makeHash" is not real source code reuse. Deriving your CMyCompanyMeetingRoom object from an stl::vector, sorting it using templated sort functions, and injecting it anywhere another vector would work is source code reuse - being able to take the source file of CMyCompanyMeetingRoom and putting it in a completely different 500k line piece of software and having it work *without modifications* is source code reuse).
On a side note, you should just stop making rim shots at Win32. It just makes you sound ignorant and provokes people (me included) to respond inappropriately (by either flaming, or cheerleading for the OSS/Linux crowd). Win32 has it's merits, and it's issues... So does linux system APIs. You don't see me appending "oh, btw linux apis suck" at the end of each of my posts. Don't think just because nobody responds bad to your Microsoft bashing that it makes you right - you are after all on a pro-linux site.
I personally use WinNT as a platform (as I develop server software), and I always compile UNICODE.
As far as I'm concerned, the only type I use is TCHAR (bless Microsoft for making that type), and the underlying wchar_t that it maps to.
This makes me be able to use all strings regardless of where they come (COM runtime, or Win32) using the same wrappers. The *only* issue that I *have* to deal with is memory managment, and quite frankly that is *not* an issue to me... I have chosen to stick with C++, I will accept the responsability of managing my own memory.
Memory managment is easy too: normal heap for just about anything, SysAllocString/CoTaskMalloc - ie. memory via IMalloc for any COM business, and the *very* occasional shared memory allocations for Shell work.
I personally don't find it to be too much to ask that memory being shared in the COM runtime be allocated via IMalloc. For your information, you can override your new/delete operators (as I've done in several projects) so that they use IMalloc internally... and there you go, new/delete does all your work ever.
Just to clear it up, in case my previous post wasn't clear: the API itself is orders of magnitude simpler than any program you wish to make using it.
I never said anything about the implementation of the API. A whole different ballgame.
An API has to be by design as simple and straightforward as possible.
And for those of you who don't know what an API is, read the acronym out loud (Application Programming *Interface*). I said it in another post, I'll say it again: Interfaces are not implementations. Interfaces are not code.
You are the biggest troller I've ever seen. The windows registry is as much a mess as a file system is. You open a handle, you read a value, you close a handle.
TCHAR = char or wchar_t (depending on your target)
WCHAR = typdef wchar_t
char = char
CComBSTR and STL strings are the only two things that you talk about which aren't intrinsic types and are actual classes (I don't know what TString is)...
If you are afraid of handling strings in C++ my friend, you really shouldn't be using C++. You should even less be complaining about how "Windows strings" are a mess... because these strings are as Windows as flour is Nabisco.
Templates rule, and C++ will never die. (unless people stop understanding the usage of templates).
I personally am firmly against object reuse. Unless it's really plain simple objects like smart pointers.
Unfortunately, I am working right now, and can't go in depth about what I think of this... if you wanna flame me, go ahead, maybe it'll summon up the courage in me to explain better. If on the other hand you know what I'm talking about, please explain to the rest of the world on my behalf... =)
APIs aren't code. They are entry points into an existing system. The system API is generally speaking orders of magnitude less complexe than the programs running on it. (take for example File IO... it's just bytes... no sorting hashing or btree algorithms in there)
Who ever told you I went to a cheap university? I went to University of Toronto. That's one of Canada's most reputed universities (and spare me the "then Canada sucks" replies). And I sure as hell paid loads of tuition.
Slashdot Mirror
It's called humour, and it's quite sad to see you can't take it...
While AMD and Intel have been picking their asses, coming up with 500 different CPU types, families and versions, 80 different types of memory and speed, Mac has stuck to G3-4-5... And the G5 KICKS ass.
I've never really liked mac hardware, but they've finally outdone themselves here. So much so that I would actually now consider using a mac.
After today's releases, I was actually asking myself if OS X could actually start threatening Windows.
I've always been a PC user (because of flexibility, price, and just openess of the whole thing), and I do use Windows, and for the first time ever today (looking at the G5 specs and the MacOS stuff) I was actually tempted.
Sorry wishful thinkers... linux ain't gonna do nothin' to OS X. In any case, it'll have much less effect on OS X than it could have on Windows.
DMCA, shme-ehm-see-ayy... your attitude is exactly what you would vehemently argue against Microsoft if the situation were proper: show your name (and be subject to 'persecution' - karma), or be censored.
two points to clear up about this post:
it's quite sad that 'persecution' on this site is based on this karma crap and the idiotic moderators deciding it... it's sad, but it's actually also ironically a microcosmic representation of the state of the current world.
I browse at +1 too. But I don't advertise it in my sig as a way to intimidate people. In fact, I think you doing this is almost as much a defensive attitude as posting AC is: you are just hiding behind the crowd mentality of slashdot... A defense against anyone who'd be reluctant (for whatever reasons) to post with a name because they had something not in line with pro-/. (i.e. pro-linux/OSS/etc), and most probably your point of views. Way to go for hypocrisy.
PS. I hesitated long between posting this AC or not. It's a catch 22, both would make my point.
As Larry Wall had put it, there are a lot of cheerleaders on /.
You proved that you can have a winbox be just as secure as any other so long as you properly use it and know how your software works.
Cheers.
HeelToe you rock.
Maybe these fish become resistant to an otherwise instantly lethal virus that zebra fish have... effectively acting as reservoirs of this virus, and spreading it along to all other zebra fish and whiping out normal zebra fish populations.
Think of it this way: why hasn't ebola wiped out the world population? because it's *too* fast for its own good. It doesn't have time to spread around because its host dies too quickly. AIDS on the other hand takes waaaay longer kill, and that's why it's more widespread...
Now imagine some humans were genetically engineered to have glowing eyes, and as a side-effect, they became immune to Ebola. Pretty soon, glowing eyed people would be the only people remaining on the planet, because they would act as reservoirs for a virus which otherwise would rapidly kill its host...
Genetics is like a very very poorly maintainable 90 billion line of code piece of software... with most of the variables declared at the global scope... and named x1, x2, x3 and static buffers all over the place. You wouldn't want to just say, "hey, I'll just use buffer z32 for a second to do this string operation" now would you.
GEng is bad because it may have side-effects that we can not see now... and for maybe generations to come.
But then again, that stuff happens in the wild too... Chernobyl and the area surrounding it is a breeding ground of such animals. I don't see anyone making a fuss about that.
Why? Tomatoes don't grow in the wild. They are purely man made.
Pugs have faces too squished in... Doberman's brains outgrow their skulls... all because of selective breeding. Without any use of needles.
This trend is nothing new... it's been around forever.
I think the previous EULA was worded that way so people were forced (by law) to update their machines, and not leave them unpatched for months. I think it was made that way so that Moft didn't end up with lawsuits (or bad rep) saying their machines weren't safe.
(I think ideally, they wanted all of the machines on the net to get patches as soon as they came out, so that once a bug was announced on a full disclosure list or the such, if they deemed it dangerous, they could get around to avoiding it).
But in the end, it comes down to an 'I think' versus 'you think' situation. And I think you are watching too many x-files.
(your argument of closed sourcedness is bs... have you read each and every line of source in your linux kernel? - trojan's are very easily detectable without source code, in fact they are more detectable without source code: via network analysis... if Moft were to put trojans in their updates, you would get 42 stories a day on /. about it - plus their respective duplicates)
That's not amazingly bad advice given what I've cited: if you decide you're leaving. Don't just leave, make an attempt to do something about it. I never told him to make this bargain if he hadn't fully commited to leaving.
Take it as you will, mister manager. I've done exactly this, and I've got references because I have integrity. I never insulted anyone, I was very kurt and upfront. *Some* people appreciate that, those are the people I ask for references... not the managers that are actually causing me to quit in the first place.
My team lead for example would give the best references of me because he knows I had integrity. The integrity of doing my job while I was doing it, and the integrity of saying "no" when I decided not to do it anymore (as opposed to hang around and just be a bitchy whinny person who's productivity is 30% of normal, and on whom other people just can't depend).
Like I said, the advice is for IF he decides he wants to go.
That being said, I thank god I had the parachute, because I've been self employed for close to 10 months now, and some of the projects I was supposed to get right after I quit my job are only now starting to come in.
The thing you don't want to do, and I agree with parent poster here, is starve to the point that your breath smells... then you have no bargaining power anywhere, and you'll end up being a janitor. If you have enough money to float for at least a few months, you can play 'aggressive' (read not let yourself get raped) by the market.
On a side note, quiting my job after the exact same scenario was the best thing I've ever done in my life. I used to be bitter, jaded, pessimistic, and always ready to snap into a bad mood. Now I'm jaded and pessimistic, but I enjoy life SO much more. Even more satisfying is watching the people who *didn't* quit back then, who are still complaining about the SAME things, 10 months after... not because I'm enjoying their pain, but because I can see exactly how much energy I was wasting in being that way back then.
My moral: if things don't look good now, they will most likely not look good in 6 months unless something is done. Staying at your current place is not "something".
Also, I would keep in mind that mass exodus will freak your managers out, hiring is the most expensive thing a company can do, so keep that in mind. You are in a company, in the business world... this is not favors in the school yard. IF you finally decide you will walk out - don't. First threaten walking out. Lay it on the table. Say "either we work a compromise of some sort, or we're out of here, chose". If you are determined to survive in the wild, then right now you are the most valuable selves you'll be ever. This is the moment when you can cash in on your skills - not when everything is peachy and all is running smooth. But always remember that you might end up staying there, so don't make ridiculous demands which will hurt the company and you ultimately either. Fine balance ain't it! =)
Now, I don't know whether or not the bug was legit or not (I must admit the guy's english was very 3733T looking to me), but the issue is a rather crucial one, and shouldn't be dismissed.
A quick example, if I were able to 'inject' code into an already opened browser of yours (say your online banking website), log your keystrokes and then submit them (via an html form) to my site. Don't quote me on this though, I'm not an expert when it comes to browser vulnerabilities/exploits (I'm a C++ monkey) - I just know the same-origin policy is important.
The first exploit doesn't seem like much of an exploit either. Instead, it seems to that the script opens a popup, and then at some later time, changes its content. What is wrong with that?
Now, young grasshoppah... tell me by just starring at your screen what applications are running on your box. no 'ps' no taskmngr... Unless you are the oracle, a virus is pretty much invisible.
I think you are too caught up watching movies like Swordfish or the like, where viruses actually 'freeze' your computer by drawing frost marks over your my computer icon.
On another note: if you've read any of the other posts on /. today, it seems to be a java vuln. triggered by using some basic javascript.
Yeah, unrelated they are, but in tandem they can be used.
At which point: the (appeals) judge's words will be final.
Have you considered the following: regardless of what was done, the judge's words are final. It doesn't matter if there were to be 10 million linux protesters each with a print out of the code in their hand chanting in front of the court, the judge's words are final. And generally speaking, judges are unimpressed by chanting.
On another note, have you considered that the fact that nobody knows where this code is is actually a way of keeping it somewhat hidden? As meager an argument that is, it's still an argument.
Their contradicting themselves is just sloppy work on the behalf of their legal/PR team.
As for the "how can Linux users be guilty if IBM" comment, two things: a) they aren't suing users, they are suing companies (for now), b) isn't OSS the crowd of people who pride themselves of having 'all the people' supporting their code?
You cannot enjoy the priviledges of a group without taking on it's responsabilities. If someone screwed up in your system, you must all bear that burden... in whatever shape or form. I'm thinking, all linux will suffer from this is a temporary rollback of the source tree... or just emergency hacks to remove the code from current distributions. The shit flying through the fan really is for IBM at this point.
On a side note, if this code has been in the tree for a long time, there's a good chance that big companies like Redhat might migrate to the new clean version of the tree and be forced to discontinue support for the older versions... which would be a nightmare for some.
Source code reuse, that's a whole different ball game, because the source code needs to be flexible enough to do whatever is asked from it. The original poster said it was difficult to reuse source code because it was either too generic, or too specific.
Binary code, interfaces and the such, *have* to be reused (nobody in their sane mind would think it normal to write an OS each and every time you wrote a program). In fact, one of the goals of reuse of binary code is that it is rigid/enforcing (e.g. security). Binary code reuse to me, is not code reuse, it's just environment/platform.
Source code reuse, back to the original thread of thought, *is* difficult. Very few libraries have pulled it off, STL is one of them, and that thanks to templates. (Again, let me point out that just calling a function in a Perl module called "makeHash" is not real source code reuse. Deriving your CMyCompanyMeetingRoom object from an stl::vector, sorting it using templated sort functions, and injecting it anywhere another vector would work is source code reuse - being able to take the source file of CMyCompanyMeetingRoom and putting it in a completely different 500k line piece of software and having it work *without modifications* is source code reuse).
On a side note, you should just stop making rim shots at Win32. It just makes you sound ignorant and provokes people (me included) to respond inappropriately (by either flaming, or cheerleading for the OSS/Linux crowd). Win32 has it's merits, and it's issues... So does linux system APIs. You don't see me appending "oh, btw linux apis suck" at the end of each of my posts. Don't think just because nobody responds bad to your Microsoft bashing that it makes you right - you are after all on a pro-linux site.
As far as I'm concerned, the only type I use is TCHAR (bless Microsoft for making that type), and the underlying wchar_t that it maps to.
This makes me be able to use all strings regardless of where they come (COM runtime, or Win32) using the same wrappers. The *only* issue that I *have* to deal with is memory managment, and quite frankly that is *not* an issue to me... I have chosen to stick with C++, I will accept the responsability of managing my own memory.
Memory managment is easy too: normal heap for just about anything, SysAllocString/CoTaskMalloc - ie. memory via IMalloc for any COM business, and the *very* occasional shared memory allocations for Shell work.
I personally don't find it to be too much to ask that memory being shared in the COM runtime be allocated via IMalloc. For your information, you can override your new/delete operators (as I've done in several projects) so that they use IMalloc internally... and there you go, new/delete does all your work ever.
I think you guys are just bitchy, that's all.
I never said anything about the implementation of the API. A whole different ballgame.
An API has to be by design as simple and straightforward as possible.
And for those of you who don't know what an API is, read the acronym out loud (Application Programming *Interface* ). I said it in another post, I'll say it again: Interfaces are not implementations. Interfaces are not code.
You are the biggest troller I've ever seen. The windows registry is as much a mess as a file system is. You open a handle, you read a value, you close a handle.
The C++ string mess in Windows...
BSTR, TCHAR, WCHAR, char, CComBSTR, TString, STL string
BSTR = typdef OLECHAR = typedef wchar_t
TCHAR = char or wchar_t (depending on your target)
WCHAR = typdef wchar_t
char = char
CComBSTR and STL strings are the only two things that you talk about which aren't intrinsic types and are actual classes (I don't know what TString is)...
If you are afraid of handling strings in C++ my friend, you really shouldn't be using C++. You should even less be complaining about how "Windows strings" are a mess... because these strings are as Windows as flour is Nabisco.
Now. Do you know what an interface is?
I'll give you a hint: in C++, it's defined using pure virtual functions, that is:
void myFunction() = 0;
If you say C++ is for 'st00p1d' people... then try and instantiate an 'interface' (with no supporting class) in java. Tell me when it works.
Interfaces are not implementations. Interfaces are not code.
I personally am firmly against object reuse. Unless it's really plain simple objects like smart pointers.
Unfortunately, I am working right now, and can't go in depth about what I think of this... if you wanna flame me, go ahead, maybe it'll summon up the courage in me to explain better. If on the other hand you know what I'm talking about, please explain to the rest of the world on my behalf... =)
Very different thing.
I think you just got lucky.