TeX is already long in the tooth, and will become obsolete soon.
Says who? Last I checked, Microsoft word, for example, still did a pretty ugly job of typesetting even very simple equations. TeX isn't that hard to use (though of course you can get as complicated as you want), and produces great output.
TeX still has pretty much a monopoly on academic mathematics, as far as I know. Go to a good technical bookstore and look at the TeX section--there's still a lot of work being done around it.
--Bruce Fields
Re:I think he came off as having OCD
on
Donald Knuth On NPR
·
· Score: 2, Informative
The fact of our society is that if you sent them to the funnny farm, you'd have very few people left who were good at math.
OK, I know this is just a joke, but I can't let it be. I got both my undergraduate and graduate degrees in mathematics, so I've been around tons of people who are extremely good at math. There were some who had trouble getting along with other people, and some who did very well. Overall I don't know that the mix was all that different from any other group of people. As for "the funny farm"? In my 10 years of studying I think I may have run across 1 or 2 that it wouldn't surprise me to learn actually had serious mental problems. None so incapacitated that they couldn't function at some level--that's why they were in school and not institutionalized....
I like the BBC, but they don't cover local US politics. They cover lots of important stuff, but I also think it's important to have someone putting my mayor on the spot occasionally....
Seems to me that if they don't want their computer to be compatible with PCI cards, they shouldn't advertise it as being compatible with PCI cards.
These aren't PCI cards, they're mini-PCI--tiny little cards you have to open the case to replace. They're not that hard for a user to replace, but still I doubt this is a bullet point in the laptop advertisement in the way compatibility with PCI cards would be.
Conference of Presidents, Council, Commission, Parliament.... For the poor confused Americans among us, could somebody draw us the European equivalent of the "how a bill becomes law" flow chart? I'm completely lost.
NO corperation on this planet goes to Dell's website and configures up a computer, and presses the "order 10,000" button. you call a personal Sales Associate.
I had the same thought. But then looking at the prices on the website does have the advantage that it's easier to make a strict side-by-side comparison, and that any random slashdotter can check his results....
If you call them up then there's a chance the price might depend on what day you call, who you talk to, etc. To do it completely right you might want to have several people call several times and do some statistics on the results.
I believe that any company that is too ignorant to install protections on their systems, or too stupid to find someone to do it for them, deserves to lose their money.
These are some of the ways spam has wasted me money. Perhaps it's just because I'm stupid, how would I know?:
I have to install, configure, and maintain spam filters.
I have to manually handle the spam that gets through the filters. Usually this is trivial, though occasionally I have to actually read the stuff to figure out it's spam.
I still have to manually handle the spam that is identified as such, because my current filter (spamassassin) still does very occasionally produce false positives.
It takes more time to contact people since in practice the reliability of email has decreased due to all the spam filtering going on.
It's just an arms race between the spammers and the spam-filterers, and the filter that works now will probably stop working eventually. I don't see anyone deploying any technological solutions that aren't just a bandaids.
Bingo! If no one made money at it, it would soon go away.
I'm not convinced by that. The fact is, it's so cheap and easy to send mass email, that people can do it just on a whim, or by mistake.
Anyone get that spam about the lost time-traveller looking for exotic equipment to replace his time machine? And what about all those viruses? Many of them I suppose had the purpose of creating zombies that could later be exploited as spam-senders. But many of them seem to have been done for other reasons, or just for fun.
Some of us would be quite willing to take the 2% pay cut for some increased security.
Then if you're under 35 you're a fool. That 2% would be far better invested in the stock market for thirty years--you'd earn a much better rate of return.
I didn't say I expected a higher return from social security, I said I expected to reduce my risk--or at least expose myself to a different *kind* of risk than the risk I'm already exposed to through my stock investments. I can believe the stock market will probably do better over the next 30 years (that's why I have a bunch of money in it too), but if it doesn't I like having something else to fall back on.
I'm not against some kind of safety net which guarantees a truly minimal standard of living for the poor elderly (enough to live, that's it: no luxuries);
A "truly minimal standard of living" presumably includes housing, food, and medical care. That's expensive.
what I'm against is the theft of 12.5% of my income, esp. given that I'll never see it again, and that even if I did see it again I'd have done better investing.
Right. So we're giving the elderly a minimal safety net in return for the difference between what you get from social security and what you would have gotten from investing the money yourself. Sounds OK to me.
Solving the social security budget gap by adding 2% to the payroll tax sounds great... Tax the corporations! Well, it would be great, but corporations take the payroll tax into account when they determin how much you cost them as an employee.
Of course. But "social security may require a 2% increase in payroll tax" is a far cry from "social security is about to collapse". Some of us would be quite willing to take the 2% pay cut for some increased security.
I invest in the stock market, and a bunch of other stuff, too, but it doesn't bother me to be putting some into social security too. None of them are a sure thing, so spread out the risk as much as you can, I say....
According to the BBC, The difference in male vs. female brain size (about 10%) in humans and higher order primates is directly attributable to in increase is the size of the areas of the brain responsible for geo-spatial mapping and visualization.....
When you think about it, (and be honest now) in your experience, exactly what is the ratio of male to female Unix admins?
What does Unix administration have to do with "geo-spatial mapping and visualization"?
There was a much higher female/male ratio in the math PhD program I was in than there is now in my software development job. And, really, mathematics research is about as technical as it gets--anyone that can figure out sheaf cohomology should be able to deal with sendmail configuration....
So the only explanation I can see is a social one--the computer science and engineering departments seem much more like "boys' clubs" compared to the math department. Simple things, like the jokes people make, the ways people talk, seem to make more assumptions about gender. If I was a woman who was really interested in engineering maybe it wouldn't be a big deal, I don't know, but if I was a little on the fence about it I might be tempted to find some other field rather than have colleagues who were constantly making my eyes roll up into my head....
That's what I'd always assumed too, so I ran it for several months or a year. But it didn't really seem any more reliable than unstable, it lagged a bit behind, and of course had the major disadvantage of not getting timely security updates. So I don't recommend it any more.
That's a bad idea. You'll pull in things that aren't necessarily security updates, e.g. if a new stable release is made. I use cron-apt and have it daily install only patches from security.debian.org. That way I don't have to intervene, and my system is guaranteed not to break because of a security update.
For a machine that's used by a whole lot of people that probably makes sense. I keep my personal machines on unstable, and dist-upgrade daily. Surprisingly, I can't remember this ever breaking anything. (I seem to remember there was some major PAM screwup a few years ago that prevented logins, but that happened just before I switched to unstable.) Instead things just get steadily better--bugs are fixed, new features show up. I'm increasingly convinced that unstable is the best choice for any single-user system with a moderately experienced user and a broadband connection.
Of course for a system with lots of users and some possibly rather fragile local software what you described probably makes more sense. But, to get back to the original point, something like that absolutely has to be set up for any machine connected to the internet. To do so requires both a) a reliable stream of minimal security updates, and b) an understanding on the part of administrators that the risk of being compromised outweighs the (hopefully very small) risk of breaking some application. The sophistication of attacks is only going to increase, and the window between vulnerability and exploitation is only going to narrow....
Just like Microsoft Windows, the majority of installed Linux systems are not being hovered over by people who read every security advisory.
I don't usually read security advisories--I just run "apt-get update && apt-get dist-upgrade" once a day. Takes a few seconds. Windows update can do the same, right?
And why on earth would it be reasonable to take 90 days to produce what is usually something like an obvious 5-line kernel patch?
(1) the patch is probably more than "5 lines", because otherwise it would have been found earler.
Not true. To quote Linus, "In the case of "uselib()", it was literally four lines of obvious code - all the rest was just to make sure that there weren't any other cases like that lurking around." From other patches I've seen, this is typical. Often it's just a small oversight that needs fixing.
(2) security patches almost always IME have substantial side-effects and must be tested carefully
Again, look at the uselib patch: http://www.grsecurity.net/linux-2.6.10-secfix-2005 01071130.patch.
It's pretty trivial--as far as I can tell, all it really does is take a certain kernel semaphore in a few places where it didn't before. Of course, nothing's certain--*any* modification could throw off the timing of some critical application just enough to trigger some race condition you hadn't seen before. But these things should be pretty safe.
(3) it takes longer than 5 days to QC, prepare, and release a patch for an enterprise-class system. I hope.
I understand that deploying patches faster than that is considered by many adminstrators of such systems to be a hard problem, but it's a problem that they will have no choice but to solve. People *are* going to figure out how to exploit vulnerabilities in under 5 days.
While I agree that full disclosure in a reasonable period of time (say 90 days) is best, immediate disclosure can leave thousands of systems vulnerable with no patches and no reasonable way to get them patched immediately even if a fix is available.
Those systems are *already* vulnerable, it's just that not everyone knows it yet.
And I especially don't believe that a vulnerability is still a secret after it's been disclosed to a mailing list (even a "closed" one). That just means all a black hat has to do is compromise the email system of one of the list subscribers to get advance notice of all vulnerabilities.
And why on earth would it be reasonable to take 90 days to produce what is usually something like an obvious 5-line kernel patch?
the cdrecord thing has been an absolute nightmare to me. It's basically stopping me upgrading to 2.6 full-time even if I found it stable enough, because my CD burner simply *will not work*
Hm. I remember several different discussions there: command filtering, which meant that cdrecord may not be runnable as a regular user any more (should still be runable as root); some sort of device naming or enumeration issue that I didn't follow; and then weren't ide cd burner drivers changed so they no longer needed to the scsi emulation layer?
In any case the reasons for these changes were all hashed out pretty thoroughly on lkml and elsewhere. So while I sympathize with your problems, I don't see them as resulting from anything more "political" than any decision involving multiple opinionated people.
Reiser4 as I understand it only had problems in that it required putting a lot of stuff in the VFS layer, and there was some idea that this layer should be "above" filesystems and there shouldn't be any driver-specific code there.
Partly it was this sort of design issue (actually I think the issue was that the stuff in reiser4 that wasn't really reiser4-specific--e.g. the ability to associate named "streams" with files, as if the files were themselves also directories--should really be in the generic VFS layer), but partly there were also just some unquestionable bugs (locking rules for the file-as-directory changes, maybe?) that looked hard to fix.
But again, the point is that the decision to reject Reiser4 in its current state was made for solid reasons. I'm not sure what you mean by calling the process "too political".
With 2.6 there seems to be a bad trend towards far too much politics in the kernel. The cdrecord problems and reiser4 business (did that ever get sorted out?) together with the IMO stupid policy of putting new features in the stable branch (making deciding whether a feature can be added much harder, since it needs to be that much more stable and necessary before it can be added, but often you can't prove it's necessary without having some kernel branch running with it in) all smack of too much politics. Why can't people just concentrate on making the best kernel possible?
That's exactly what they're doing. Take a few hundred extremely opinionated people, all with a passion to make "the best kernel possible", put them all together on the same project, and guess what you get? It's non-stop politics. That's a fact of life, and it's been that way for years, so if you didn't notice it before then you just weren't paying attention.
As for the specific cases you mention: the cdrecord stuff I've paid no attention to. Reiser4 was rejected due to some serious technical problems, which the reiserfs people are still working on. The 2.6 development model changes were made for a lot of good reasons: focusing developer resources on a single branch instead of making them to maintain highly divergent stable and unstable branches; giving distributors kernels they can use without having to apply tons of extra patches to give their customers the features they're asking for; getting better testing of new features sooner; etc. Overall I think it's great.
But there are also people who think some of those decisions have been mistakes, and have said so. And that's a *good* thing. Difficult questions sometimes have multiple attractive answers, and criticism and argument is a necessary part of ensuring the quality of the decisions made.
I also was a little put off by his discussion of that class--it sounded to me like he didn't really have a good understanding of how proofs work, and, more generally, theoretical mathematics and computer science work.
What about those of us with a BA who work in the IT industry?
Individual schools may make some distinction between BA and BS degrees, but as far as I know there's no generally accepted distinction. I got a BA in math from reed college, which (percentage wise) has been one of the most succesful producers of future PhDs in a number of technical subjects. (See http://web.reed.edu/ir/phd.html. Whether future production of PhD's is really a sensible measure of quality is a separate question; the point is that they're giving out BA's to people specializing in math and science, and those people are clearly getting a background in their subjects sufficient to be succesful in further graduate study.)
> We've heard this how many times so far? The > ideas been spinning around since the early 90s > at least. > > Repeat after me. As long as there are laptop > computers there will be a strong demand for > locally-installed software. > > Repeat after me #2. Laptop sales have been > steadily rising and will probably continue to > do so.
This many not be what people mean when they talk about "application service providers", but I think of the administration of my machines as being mostly outsourced to the Debian developers. They help me install and remove applications, they manage configuration files, they respond to security alerts, etc., etc. There's still a lot more they could do for me, but by far most of the work required to maintain a linux machine is done by them, not me. This wouldn't work well without my broadband connection. It would also be harder to make work without very liberally licensed software. But maybe a large company could charge users subscriptions and use their money to pay for licenses that allowed them to install software on demand on their machines. So essentially it would be like a proprietary Debian service.
couldn't find any figures for even a rough total of US private donations, but, as of 12/29, American donations to the Red Cross *alone* stood at USD18 million. That does not count donations to other charities or the last day and a half of donations. Pfizer alone (corporations count as private to me) donated 10 million, plus an additional 25 million in medical supplies.
It's always a bit difficult for me to judge numbers like that, since I'm more used to budgets on the scale of a single household than on the scale of governments....
From googling around a bit, it looks like current estimates of the economic damage are in the low 10's of billions, and expected cost of the aid effort is in the billions. (Sounds about right for emergency food, shelter, and medical care to millions of people.)
So donations in the 10's of millions are significant but not huge. Given a relatively wealthy population of about 300 million, they also don't seem to me like that high an expense.
Keeping warm in the snow is no difficult than, say, keeping warm while skiing. Easier, in fact--people skiing (downhill skiing, anyway), spend more time waiting around (which means less time generating body heat) than the average bike commuter will.
For rain, you'll want good full-coverage fenders and some kind of decent rain gear; there are a variety of ways to do this.
Think Minneapolis. Think Denver.
I've bike-commuted year-round in Ann Arbor, Michigan. You learn to dress for it quickly enough. There's some specialized equipment and clothing that can help but isn't really necessary.
I'm not saying a bicycle is the solution for every commute, or that it doesn't have drawbacks, but the weather mostly turns out not to be such a big deal.
Slashdot Mirror
Says who? Last I checked, Microsoft word, for example, still did a pretty ugly job of typesetting even very simple equations. TeX isn't that hard to use (though of course you can get as complicated as you want), and produces great output.
TeX still has pretty much a monopoly on academic mathematics, as far as I know. Go to a good technical bookstore and look at the TeX section--there's still a lot of work being done around it.
--Bruce Fields
OK, I know this is just a joke, but I can't let it be. I got both my undergraduate and graduate degrees in mathematics, so I've been around tons of people who are extremely good at math. There were some who had trouble getting along with other people, and some who did very well. Overall I don't know that the mix was all that different from any other group of people. As for "the funny farm"? In my 10 years of studying I think I may have run across 1 or 2 that it wouldn't surprise me to learn actually had serious mental problems. None so incapacitated that they couldn't function at some level--that's why they were in school and not institutionalized....
--b.
I like the BBC, but they don't cover local US politics. They cover lots of important stuff, but I also think it's important to have someone putting my mayor on the spot occasionally....
--Bruce Fields
Or, just as likely, doesn't know it isn't a scam and doesn't see any incentive to actually investigate.
Which amounts to the same thing in the end.
--Bruce Fields
These aren't PCI cards, they're mini-PCI--tiny little cards you have to open the case to replace. They're not that hard for a user to replace, but still I doubt this is a bullet point in the laptop advertisement in the way compatibility with PCI cards would be.
--Bruce Fields
Conference of Presidents, Council, Commission, Parliament.... For the poor confused Americans among us, could somebody draw us the European equivalent of the "how a bill becomes law" flow chart? I'm completely lost.
--Bruce Fields
I had the same thought. But then looking at the prices on the website does have the advantage that it's easier to make a strict side-by-side comparison, and that any random slashdotter can check his results....
If you call them up then there's a chance the price might depend on what day you call, who you talk to, etc. To do it completely right you might want to have several people call several times and do some statistics on the results.
--Bruce Fields
These are some of the ways spam has wasted me money. Perhaps it's just because I'm stupid, how would I know?:
It's just an arms race between the spammers and the spam-filterers, and the filter that works now will probably stop working eventually. I don't see anyone deploying any technological solutions that aren't just a bandaids.
--Bruce Fields
I'm not convinced by that. The fact is, it's so cheap and easy to send mass email, that people can do it just on a whim, or by mistake.
Anyone get that spam about the lost time-traveller looking for exotic equipment to replace his time machine? And what about all those viruses? Many of them I suppose had the purpose of creating zombies that could later be exploited as spam-senders. But many of them seem to have been done for other reasons, or just for fun.
--Bruce Fields
I didn't say I expected a higher return from social security, I said I expected to reduce my risk--or at least expose myself to a different *kind* of risk than the risk I'm already exposed to through my stock investments. I can believe the stock market will probably do better over the next 30 years (that's why I have a bunch of money in it too), but if it doesn't I like having something else to fall back on.
A "truly minimal standard of living" presumably includes housing, food, and medical care. That's expensive.
Right. So we're giving the elderly a minimal safety net in return for the difference between what you get from social security and what you would have gotten from investing the money yourself. Sounds OK to me.
--Bruce Fields
Of course. But "social security may require a 2% increase in payroll tax" is a far cry from "social security is about to collapse". Some of us would be quite willing to take the 2% pay cut for some increased security.
I invest in the stock market, and a bunch of other stuff, too, but it doesn't bother me to be putting some into social security too. None of them are a sure thing, so spread out the risk as much as you can, I say....
--Bruce Fields
What does Unix administration have to do with "geo-spatial mapping and visualization"?
There was a much higher female/male ratio in the math PhD program I was in than there is now in my software development job. And, really, mathematics research is about as technical as it gets--anyone that can figure out sheaf cohomology should be able to deal with sendmail configuration....
So the only explanation I can see is a social one--the computer science and engineering departments seem much more like "boys' clubs" compared to the math department. Simple things, like the jokes people make, the ways people talk, seem to make more assumptions about gender. If I was a woman who was really interested in engineering maybe it wouldn't be a big deal, I don't know, but if I was a little on the fence about it I might be tempted to find some other field rather than have colleagues who were constantly making my eyes roll up into my head....
--Bruce Fields
That's what I'd always assumed too, so I ran it for several months or a year. But it didn't really seem any more reliable than unstable, it lagged a bit behind, and of course had the major disadvantage of not getting timely security updates. So I don't recommend it any more.
--Bruce Fields
For a machine that's used by a whole lot of people that probably makes sense. I keep my personal machines on unstable, and dist-upgrade daily. Surprisingly, I can't remember this ever breaking anything. (I seem to remember there was some major PAM screwup a few years ago that prevented logins, but that happened just before I switched to unstable.) Instead things just get steadily better--bugs are fixed, new features show up. I'm increasingly convinced that unstable is the best choice for any single-user system with a moderately experienced user and a broadband connection.
Of course for a system with lots of users and some possibly rather fragile local software what you described probably makes more sense. But, to get back to the original point, something like that absolutely has to be set up for any machine connected to the internet. To do so requires both a) a reliable stream of minimal security updates, and b) an understanding on the part of administrators that the risk of being compromised outweighs the (hopefully very small) risk of breaking some application. The sophistication of attacks is only going to increase, and the window between vulnerability and exploitation is only going to narrow....
--Bruce Fields
I don't usually read security advisories--I just run "apt-get update && apt-get dist-upgrade" once a day. Takes a few seconds. Windows update can do the same, right?
--Bruce Fields
Not true. To quote Linus, "In the case of "uselib()", it was literally four lines of obvious code - all the rest was just to make sure that there weren't any other cases like that lurking around." From other patches I've seen, this is typical. Often it's just a small oversight that needs fixing.
Again, look at the uselib patch: http://www.grsecurity.net/linux-2.6.10-secfix-2005 01071130.patch.
It's pretty trivial--as far as I can tell, all it really does is take a certain kernel semaphore in a few places where it didn't before. Of course, nothing's certain--*any* modification could throw off the timing of some critical application just enough to trigger some race condition you hadn't seen before. But these things should be pretty safe.
I understand that deploying patches faster than that is considered by many adminstrators of such systems to be a hard problem, but it's a problem that they will have no choice but to solve. People *are* going to figure out how to exploit vulnerabilities in under 5 days.
--Bruce Fields
Those systems are *already* vulnerable, it's just that not everyone knows it yet.
And I especially don't believe that a vulnerability is still a secret after it's been disclosed to a mailing list (even a "closed" one). That just means all a black hat has to do is compromise the email system of one of the list subscribers to get advance notice of all vulnerabilities.
And why on earth would it be reasonable to take 90 days to produce what is usually something like an obvious 5-line kernel patch?
--Bruce Fields
Agreed--I keep mine open too. But I do change my password from the default....
--Bruce Fields
Hm. I remember several different discussions there: command filtering, which meant that cdrecord may not be runnable as a regular user any more (should still be runable as root); some sort of device naming or enumeration issue that I didn't follow; and then weren't ide cd burner drivers changed so they no longer needed to the scsi emulation layer?
In any case the reasons for these changes were all hashed out pretty thoroughly on lkml and elsewhere. So while I sympathize with your problems, I don't see them as resulting from anything more "political" than any decision involving multiple opinionated people.
Partly it was this sort of design issue (actually I think the issue was that the stuff in reiser4 that wasn't really reiser4-specific--e.g. the ability to associate named "streams" with files, as if the files were themselves also directories--should really be in the generic VFS layer), but partly there were also just some unquestionable bugs (locking rules for the file-as-directory changes, maybe?) that looked hard to fix.
But again, the point is that the decision to reject Reiser4 in its current state was made for solid reasons. I'm not sure what you mean by calling the process "too political".
--Bruce Fields
That's exactly what they're doing. Take a few hundred extremely opinionated people, all with a passion to make "the best kernel possible", put them all together on the same project, and guess what you get? It's non-stop politics. That's a fact of life, and it's been that way for years, so if you didn't notice it before then you just weren't paying attention.
As for the specific cases you mention: the cdrecord stuff I've paid no attention to. Reiser4 was rejected due to some serious technical problems, which the reiserfs people are still working on. The 2.6 development model changes were made for a lot of good reasons: focusing developer resources on a single branch instead of making them to maintain highly divergent stable and unstable branches; giving distributors kernels they can use without having to apply tons of extra patches to give their customers the features they're asking for; getting better testing of new features sooner; etc. Overall I think it's great.
But there are also people who think some of those decisions have been mistakes, and have said so. And that's a *good* thing. Difficult questions sometimes have multiple attractive answers, and criticism and argument is a necessary part of ensuring the quality of the decisions made.
--Bruce Fields
I also was a little put off by his discussion of that class--it sounded to me like he didn't really have a good understanding of how proofs work, and, more generally, theoretical mathematics and computer science work.
Individual schools may make some distinction between BA and BS degrees, but as far as I know there's no generally accepted distinction. I got a BA in math from reed college, which (percentage wise) has been one of the most succesful producers of future PhDs in a number of technical subjects. (See http://web.reed.edu/ir/phd.html. Whether future production of PhD's is really a sensible measure of quality is a separate question; the point is that they're giving out BA's to people specializing in math and science, and those people are clearly getting a background in their subjects sufficient to be succesful in further graduate study.)
--Bruce Fields
> We've heard this how many times so far? The
> ideas been spinning around since the early 90s
> at least.
>
> Repeat after me. As long as there are laptop
> computers there will be a strong demand for
> locally-installed software.
>
> Repeat after me #2. Laptop sales have been
> steadily rising and will probably continue to
> do so.
This many not be what people mean when they
talk about "application service providers", but
I think of the administration of my machines as
being mostly outsourced to the Debian developers.
They help me install and remove applications, they
manage configuration files, they respond to
security alerts, etc., etc. There's still a lot
more they could do for me, but by far most of the
work required to maintain a linux machine is done
by them, not me. This wouldn't work well without
my broadband connection. It would also be harder
to make work without very liberally licensed
software. But maybe a large company could charge
users subscriptions and use their money to pay
for licenses that allowed them to install software
on demand on their machines. So essentially it
would be like a proprietary Debian service.
--Bruce Fields
It's always a bit difficult for me to judge numbers like that, since I'm more used to budgets on the scale of a single household than on the scale of governments....
From googling around a bit, it looks like current estimates of the economic damage are in the low 10's of billions, and expected cost of the aid effort is in the billions. (Sounds about right for emergency food, shelter, and medical care to millions of people.)
So donations in the 10's of millions are significant but not huge. Given a relatively wealthy population of about 300 million, they also don't seem to me like that high an expense.
--Bruce Fields
Keeping warm in the snow is no difficult than, say, keeping warm while skiing. Easier, in fact--people skiing (downhill skiing, anyway), spend more time waiting around (which means less time generating body heat) than the average bike commuter will.
For rain, you'll want good full-coverage fenders and some kind of decent rain gear; there are a variety of ways to do this.
I've bike-commuted year-round in Ann Arbor, Michigan. You learn to dress for it quickly enough. There's some specialized equipment and clothing that can help but isn't really necessary.
I'm not saying a bicycle is the solution for every commute, or that it doesn't have drawbacks, but the weather mostly turns out not to be such a big deal.
Some links:
--Bruce Fields