Anyhow, it's important to point out that security bugs aren't exactly like typical bugs. You can't test for security using unit tests
Security in general is hard, but we're seeing a lot of basic errors that shouldn't be happening. In some cases, if Google had merely read the warning output from the compiler, they would have found bugs.
Once people start even thinking about security, then we can move onto higher techniques, like proofs and contracts, to remove even more bugs.
Do you think anyone actually tried to fuzz-test this library? I wonder.
I seriously doubt it originally, but it looks like Google has some people trying that sort of thing now.
Science, math, and logic just don't work on the dumb and the greedy. You gotta bribe politicians with campaign money (or lack of) to get action in our society.
The bigger question is figuring out what action should be taken. If we're going to get our CO2 levels back to 350ppm, we're going to need to get all the (non-electric) cars off the road. We're going to need to shut down all coal and natural gas power plants (getting rid of natural gas means also getting rid of wind, because natural gas provides the backup).
Who is going to agree to that? Nobody, and that's the real reason nothing gets done about AGW (apart from subsidizing alternative energy, and other smaller actions).
b) I disagree with the form of communication and that is an area where I am competent
OK, so here's a serious question. The reason Linus communicated in such a rude way was to prevent people from using those functions ever again in his codebase, and I think it will probably work. What would you have done to reach that same goal?
Knowing about dbus, makes me shudder about the concept of kdbus, but folks assure me I don't understand kdbus, which I confess could be true.
Interprocess communication has been an area of research for a long, long time. I don't understand why the kdbus people want to re-invent the wheel, instead of using a method that's been tried and tested.
Yes, that's exactly what I came to say. You have a brand that represents one thing, and GoDaddy spend millions to get that idea in the head of consumers. Create another brand to sell the other product.
This is how Disney makes R movies with nudity and violence.
One suggested correction to the above - this should not be "The Unix Way", but just "The Way".
Yeah lol, lately I've been thinking that "The Unix Way" can be easily summarized as, "Write Good Code."
I wonder if thsi topic would have been as controversial or toxic if the systemd people had tried to agree a new set of interfaces first with the community.
I don't think it would be as controversial, because if they had been thinking in terms of interfaces their code would have been drastically better.
As far as failure cases the people pushing systemd the most strongly are the people who run the most sophisticated date centers and cloud OS installations that run the internet.
I don't think that's true lol.....you are the only person in that category I've ever seen who favored systemd. And from what I gathered discussing it with you previously, you only like it because of features you hope will eventually make it into systemd (features which I think will never make it, but that's predicting the future so who knows).
Well I agree with your point that anyone who is afraid to learn to use systemd needs to have some sense knocked into him. Learning how to use it isn't that hard, and I don't think you can make valid arguments against systemd until you learn to use it.
Since the company is selling the exploit to the highest bidder, I'm sure it will be used to develop malware that is undetectable.
It might have been bought by the NSA, or other country's spy group.
Seriously, you can find this stuff out. Do a Google search or something next time.
Anyhow, it's important to point out that security bugs aren't exactly like typical bugs. You can't test for security using unit tests
Security in general is hard, but we're seeing a lot of basic errors that shouldn't be happening. In some cases, if Google had merely read the warning output from the compiler, they would have found bugs.
Once people start even thinking about security, then we can move onto higher techniques, like proofs and contracts, to remove even more bugs.
Do you think anyone actually tried to fuzz-test this library? I wonder.
I seriously doubt it originally, but it looks like Google has some people trying that sort of thing now.
Seriously? That's your point? That I don't understand the "Regression to the mean?" You need to get a few more hours of sleep.
Yeah, you're right, I must not have had enough sleep last night.
Here's another set of Android vulns that I believe were not mentioned here on Slashdot earlier.....
Google programmers should read this book.
They can do much better at avoiding bugs than they are now.
Here's the paper, if you want to see it.
If it becomes that bad, you can just rebuild the dock. Ocean level rise is so slow that it shouldn't be a big problem.
Science, math, and logic just don't work on the dumb and the greedy. You gotta bribe politicians with campaign money (or lack of) to get action in our society.
The bigger question is figuring out what action should be taken. If we're going to get our CO2 levels back to 350ppm, we're going to need to get all the (non-electric) cars off the road. We're going to need to shut down all coal and natural gas power plants (getting rid of natural gas means also getting rid of wind, because natural gas provides the backup).
Who is going to agree to that? Nobody, and that's the real reason nothing gets done about AGW (apart from subsidizing alternative energy, and other smaller actions).
Why do you think it would probably work?
Mainly because of the empirical evidence of it having worked for Linux in the past.
Nah, I said it wrong. I should have said, "Systemd makes things easier for people who write init scripts for distros."
b) I disagree with the form of communication and that is an area where I am competent
OK, so here's a serious question. The reason Linus communicated in such a rude way was to prevent people from using those functions ever again in his codebase, and I think it will probably work. What would you have done to reach that same goal?
Knowing about dbus, makes me shudder about the concept of kdbus, but folks assure me I don't understand kdbus, which I confess could be true.
Interprocess communication has been an area of research for a long, long time. I don't understand why the kdbus people want to re-invent the wheel, instead of using a method that's been tried and tested.
Yes, that's exactly what I came to say. You have a brand that represents one thing, and GoDaddy spend millions to get that idea in the head of consumers. Create another brand to sell the other product.
This is how Disney makes R movies with nudity and violence.
That is a good blog post.
Maybe the greatest legacy of systemd will be to spark a world-wide discussion about what a proper startup manager should look like.
Yes lol. I don't know why the ggp used that as an example. Maybe he was being sarcastic.
Thanks ^^
There is some good discussion in the links of this journal entry.
The cons are mostly architectural, for example, Gnome shouldn't depend on any particular init system........tying them in like that is too brittle.
One suggested correction to the above - this should not be "The Unix Way", but just "The Way".
Yeah lol, lately I've been thinking that "The Unix Way" can be easily summarized as, "Write Good Code."
I wonder if thsi topic would have been as controversial or toxic if the systemd people had tried to agree a new set of interfaces first with the community.
I don't think it would be as controversial, because if they had been thinking in terms of interfaces their code would have been drastically better.
As far as failure cases the people pushing systemd the most strongly are the people who run the most sophisticated date centers and cloud OS installations that run the internet.
I don't think that's true lol.....you are the only person in that category I've ever seen who favored systemd. And from what I gathered discussing it with you previously, you only like it because of features you hope will eventually make it into systemd (features which I think will never make it, but that's predicting the future so who knows).
I'm sorry, I don't understand how that would be helpful in my review. Can you explain please?
I've been publishing it section by section in my Slashdot journal. Feel free to read it, I'd be interested if you have any comments.
Well I agree with your point that anyone who is afraid to learn to use systemd needs to have some sense knocked into him.
Learning how to use it isn't that hard, and I don't think you can make valid arguments against systemd until you learn to use it.
I think I have good, carefully thought out reasons that systemd is bad, but I am open to other people's ideas.