I cannot answer scientifically. All I can say is that my computer is now useable under heavy compiling load. I used to suffer "lost mouse", type ahead and correct ahead for large lines of text, now I see only very small pauses.
Downside is that I had a looping process for about 24 hours and I did not notice it until my compile took 4 times longer than it should, I was using the GUI all this time. With power comes responsability, I guess.
Computer Bank: http://www.cbnsw.com.au will take old computers in NSW Australia. There are related groups in most Australian states.
Our objective is to refurbish old computers putting open source Software on them so that they work reasonably well and distribute them to the Australian bush where they are really needed. We have groups in centres throughout NSW.
There are commercial recyclers in Australia as well. Some of these put a cheap windows setup and resell them, some grind the boards up and truly recycle them. This is where computer Bank disposes of the non-working equipment.
It is important that we do not put computers in landfill. There are heaps of nasty chemcials in them so be very considerate.
I have read that there is a security issue with having a single person as the abministrator. thiss would imply redundancy not sacking. Is Australia there are extra payments for redundance like 1 week per year of service. It also is better than "sacked' (but still not great).
From the point of view of the sacking the company is legally obliged to tell you in detail what you did wrong so that you can study and correct those faults and not be doomed to repeat them. Ask for an "exit interview", this interview should discuss in detail the technical reasons why you failed to provide the service. You could ask for a copy of the security report under a non-disclosure agreement to supplement your knowledge of what went wrong. The company may (rightly) refuse to provide a copy of the report but you should ask.
Discuss with management that you were "outsourced" not fired and discuss with them that they should correctly reflect this to potential employers. Advise them that if you caan you are willing to assist them with problems or provide independant audits of their security at a reasonable consultant rate. It is better to leave them in a friendly frame of mind:
a) It will be reflected in your reference.
b) It gives you a slim chance of picking some extra consulting work.
c) Asking for details of security problems is a positive and should be reflected by you to your potential employers.
Don't under estimate the fact that you may have been a problem. You have given us no indication whether you followed security alerts, whether you configured your boundaries properly, etc. This may not be the case but we cannot judge your performance.
I had an application that printed a report after every execution. about 1,000 per night. No-one could find the reports and no-one really checked the output. Changed the application to on non-zeo return code and guess what the bug reports started rolling and we started solving the real problems.
Chatty is bad, conversely I would acl my harddisk format to confirm and give me a success message. I don't do this 1,000 times a night I do it maybe 1 time a year.
Storing terabytes of information is useless unless you can find it. Isn't the Internet starting towards becoming unsearchable because of the false hits.
Don't believe me try and find useful information on the interpress graphic format from Xerox. I am sure there is something out there, no idea where.
We must work on other people projects, not create our own. We must be able to locate that project if it exists.
I think that the comment about not throwing away code might be misconstrued somewhat. The text appears to be more about not working on a similar project and fixing that. The text talks about "yet another" IRC, text editor etc.
The biggest problem I see is being able to locate that project or even part of a project that you want. Take a look at perl CPAN for an idea of how it should work. I though SourceForge would help however this is only part of the FOSS base and it is very difficult to search. For example I am doing a perl course and I searched for notes, I could not locate spork project for searching, I found it by looking at a paper copy.
Take you ideas talk to those working on similar projects, see if your ideas meet and start working with a project. Fork if you have to, reference the original project in your documentation, track the original project. Above all be prepared to merge and become a single project with another, be humble shut yours down in favour of another egoless programming.
What I like about the AIX compiler is that it does actually pick this up as unused. I sometimes sweep my code with it to remove dead code.
If you are doing something like this why aren't you using #ifdef around it for the times where it is not used. Surely this is more obvious and solves the warning.
I read up on bake (make replacement) after a presentation at my Linux User group. I read the doco and I was left with the question 'Why?'.
I emailed the project and gave them a patch for typo's and English then outlined that I had no idea why I would bother with the project. I then worked with the owner of the project discussing with him and strengthening the doco.
It is always worthwhile forwarding the question you have and referencing the doco. You really have to prove that you did read it as well.
Firstly, don't write it reuse it. The hard thing is to find a framework that suits or is close to your needs. This is one of the problems he raises.
Secondly, over generalisation makes a project more complex and ultimately doomed to failure because you , as sole developer, just get sick of the project. Why do I say this for the same reasons sited you need a working prototype to bring in developers. I have learnt this to the death of one of my projects.
Certainly write your code according to the rules of good software development by defined interfaces. This should lead to frameworks that can be pulled out easily and reused later. This should not be your focus.
Extreme Programming calls this YAGNI - You aint gonna need it. I don't follow XP but I believe that we as developers should strive to understand all the major development concepts and pick the eyes out of them. Notice how test rigs are also mentioned. These are two concepts I use fairly regularly to stop myself gold plating solutions that do not need it. When the problem exists is when you shoudl solve it.
I have run Linux gnome on equivalent hardware to Windows and always found gnome faster than Windows. Also the recent improvements made to Gnome has improved speed and ease of use somewhat.
It provides for levels of security and automatically configures them.
Generally the default is to NOT install unnecessary software.
Under a standard sign-on a user is unable to overwrite the operating system or fundamental tools.
Programs installed generally install with a minimum set of options and you turn on additional options to enable them, rather than turn them off.
Now if you want to talk security tools, look to RACF and the mainframe for how to do it really well. However the USER/GROUP works well if you are willing to think about it. If this does not work then ACL's can provide that extra level. User/group security is certainly not a security "hole".
I have yet to see a system without an all powerful user (windows admin, root, mvs systems programmer,...). Like you said if the system is used badly it is insecure, for windows, for Unix, for anything. The trick is whether security was premise or bolt on, default or manually configured afterwards.
The issue with the RPM standard is not with the format of the RPM nor with the delivery of those files. As you have noted there are tools that work just like apt-get.
The fundamental problem with the RPM standard is the lack of rigour that the packages are built. This means that there are sometime missing parts to the implementation, yes this is getting better but there still is the problem. Secondly competing RPM based distros have slightly different packages at times compounding the problems.
Incidentally apt-get is not the recommended solution to installing, it is too fundamental. I prefer synaptic because it shows me the details of the package when I select it.
While I don't disagree with the sentiments there are some fundamental problems with your argument.
Linux/Unix is fundamentally secure, windows is fundamentally open designed as a disconnected workstation and slowly being secured. This is NOT Microsofts fault for marketting reasons they have to move the code base slowly or there are too many problems.
The value in breaking into Windows is a staging point for other attacks. Kind of like a window above a presidental convoy. You can bet those downtown lockless doors would be secured if the head of state of anything wanted to drive through it. The point is that Internet snipers can hide anywhere.
Gandma and gradpa will not compile the kernel. They will use the standard upgrade path of binary packages. They will trust the source computer has not been compromised as Microsoft users trust the Microsoft site is not compromised.
There will be more holes found in Linux / Unix as they become more known. The reason, simply is honesty, FOSS sites report it and commercial entities hide it. I am not pointing at any one company it is a general truth.
The line I like seeing with this breakin is that this was noted by a checking program. This is what we like to see, expect a break in and buy a burglar alarm. (Also remember a burgler alarm can be comprimised!)
From the original February discussion. This has even more relevance now....
"The Common Criteria,..., grades products based not only on their security and reliability, but also on the development and support processes that ensure quick responses to problems." Does that mean that the US Gov. will be officially saying that the Kernel development model is OK ?
If I patch a compiler warning out of code I may be fixing these problems without being aware of them. I could also have run Microsoft equivalent of valgrind over the code and eliminated a memory problem.
It may not be as sinister as it seems, we all should use secure practices to actively seek these potential problems in all code and remove them.
It took me 6 emails for Microsoft to stop requesting money from me to look that the issue that if you include 2 javascripts from separate files your ie goes to 100% CPU.
I ended up in the last note saying "I don't care anymore, take the bug report or not".
Compare this to the bug I had with gcc. I checked it on newsgroups, reported it to gcc, 24 hours later it was fixed. Similar experiences with evolution and gnome stuff.
I use computers at home for support out of hours but work is work and I have to be structured in my processes. I also like talking to people face to face about issues and resolving them directly face to face.
The fight for the file system years ago can be parralleled to this. The best ideas are "stolen" and integrated and one will rule them all as ext2 eventually did. It became stable for a while and now journalling is openning it up again.
Gnome and KDE have been working together for some time, this is nothing new. The hope is to integrate more of the backend of these (eg unified spell checking) and highlight the differences for what is important.
I have the time to put into my favourite project (OpenOffice.org) and the big three have the money (and hence developer time) to put into things they want.
The fact that things are being paid for will not degrade the level of support nor will it stop those people scratching their own particular issues.
What you say is true and when you claim the bounty you carefully document the standard interface that you defined for evolution (probably has one) and the plugin for gaim to that standard plugin (guessing but this is probably local now).
Slashdot Mirror
I cannot answer scientifically. All I can say is that my computer is now useable under heavy compiling load. I used to suffer "lost mouse", type ahead and correct ahead for large lines of text, now I see only very small pauses.
Downside is that I had a looping process for about 24 hours and I did not notice it until my compile took 4 times longer than it should, I was using the GUI all this time. With power comes responsability, I guess.
Computer Bank: http://www.cbnsw.com.au will take old computers in NSW Australia. There are related groups in most Australian states.
Our objective is to refurbish old computers putting open source Software on them so that they work reasonably well and distribute them to the Australian bush where they are really needed. We have groups in centres throughout NSW.
There are commercial recyclers in Australia as well. Some of these put a cheap windows setup and resell them, some grind the boards up and truly recycle them. This is where computer Bank disposes of the non-working equipment.
It is important that we do not put computers in landfill. There are heaps of nasty chemcials in them so be very considerate.
We are Asia Pacific. Struth...
I have read that there is a security issue with having a single person as the abministrator. thiss would imply redundancy not sacking. Is Australia there are extra payments for redundance like 1 week per year of service. It also is better than "sacked' (but still not great).
From the point of view of the sacking the company is legally obliged to tell you in detail what you did wrong so that you can study and correct those faults and not be doomed to repeat them. Ask for an "exit interview", this interview should discuss in detail the technical reasons why you failed to provide the service. You could ask for a copy of the security report under a non-disclosure agreement to supplement your knowledge of what went wrong. The company may (rightly) refuse to provide a copy of the report but you should ask.
Discuss with management that you were "outsourced" not fired and discuss with them that they should correctly reflect this to potential employers. Advise them that if you caan you are willing to assist them with problems or provide independant audits of their security at a reasonable consultant rate. It is better to leave them in a friendly frame of mind:
a) It will be reflected in your reference.
b) It gives you a slim chance of picking some extra consulting work.
c) Asking for details of security problems is a positive and should be reflected by you to your potential employers.
Don't under estimate the fact that you may have been a problem. You have given us no indication whether you followed security alerts, whether you configured your boundaries properly, etc. This may not be the case but we cannot judge your performance.
I had an application that printed a report after every execution. about 1,000 per night. No-one could find the reports and no-one really checked the output. Changed the application to on non-zeo return code and guess what the bug reports started rolling and we started solving the real problems.
Chatty is bad, conversely I would acl my harddisk format to confirm and give me a success message. I don't do this 1,000 times a night I do it maybe 1 time a year.
Storing terabytes of information is useless unless you can find it. Isn't the Internet starting towards becoming unsearchable because of the false hits.
Don't believe me try and find useful information on the interpress graphic format from Xerox. I am sure there is something out there, no idea where.
We must work on other people projects, not create our own. We must be able to locate that project if it exists.
I think that the comment about not throwing away code might be misconstrued somewhat. The text appears to be more about not working on a similar project and fixing that. The text talks about "yet another" IRC, text editor etc.
The biggest problem I see is being able to locate that project or even part of a project that you want. Take a look at perl CPAN for an idea of how it should work. I though SourceForge would help however this is only part of the FOSS base and it is very difficult to search. For example I am doing a perl course and I searched for notes, I could not locate spork project for searching, I found it by looking at a paper copy.
Take you ideas talk to those working on similar projects, see if your ideas meet and start working with a project. Fork if you have to, reference the original project in your documentation, track the original project. Above all be prepared to merge and become a single project with another, be humble shut yours down in favour of another egoless programming.
What I like about the AIX compiler is that it does actually pick this up as unused. I sometimes sweep my code with it to remove dead code.
If you are doing something like this why aren't you using #ifdef around it for the times where it is not used. Surely this is more obvious and solves the warning.
I read up on bake (make replacement) after a presentation at my Linux User group. I read the doco and I was left with the question 'Why?'.
I emailed the project and gave them a patch for typo's and English then outlined that I had no idea why I would bother with the project. I then worked with the owner of the project discussing with him and strengthening the doco.
It is always worthwhile forwarding the question you have and referencing the doco. You really have to prove that you did read it as well.
Isn't the point to not create "yet another" anything more than redeveloping bad code.
Firstly, don't write it reuse it. The hard thing is to find a framework that suits or is close to your needs. This is one of the problems he raises.
Secondly, over generalisation makes a project more complex and ultimately doomed to failure because you , as sole developer, just get sick of the project. Why do I say this for the same reasons sited you need a working prototype to bring in developers. I have learnt this to the death of one of my projects.
Certainly write your code according to the rules of good software development by defined interfaces. This should lead to frameworks that can be pulled out easily and reused later. This should not be your focus.
Extreme Programming calls this YAGNI - You aint gonna need it. I don't follow XP but I believe that we as developers should strive to understand all the major development concepts and pick the eyes out of them. Notice how test rigs are also mentioned. These are two concepts I use fairly regularly to stop myself gold plating solutions that do not need it. When the problem exists is when you shoudl solve it.
I have run Linux gnome on equivalent hardware to Windows and always found gnome faster than Windows. Also the recent improvements made to Gnome has improved speed and ease of use somewhat.
I do 100% agree with GPL. I strictly do not agree with getting rid of copyright.
If you wrote it you have a choice how it is used, ie copyright. Don't like it rewrite it.
Didn't I here Michael Douglas say that once?
Seriously this is what it reads like.
Fundamentally secure.
...). Like you said if the system is used badly it is insecure, for windows, for Unix, for anything. The trick is whether security was premise or bolt on, default or manually configured afterwards.
It requires sign on
It provides for levels of security and automatically configures them.
Generally the default is to NOT install unnecessary software.
Under a standard sign-on a user is unable to overwrite the operating system or fundamental tools.
Programs installed generally install with a minimum set of options and you turn on additional options to enable them, rather than turn them off.
Now if you want to talk security tools, look to RACF and the mainframe for how to do it really well. However the USER/GROUP works well if you are willing to think about it. If this does not work then ACL's can provide that extra level. User/group security is certainly not a security "hole".
I have yet to see a system without an all powerful user (windows admin, root, mvs systems programmer,
The issue with the RPM standard is not with the format of the RPM nor with the delivery of those files. As you have noted there are tools that work just like apt-get.
The fundamental problem with the RPM standard is the lack of rigour that the packages are built. This means that there are sometime missing parts to the implementation, yes this is getting better but there still is the problem. Secondly competing RPM based distros have slightly different packages at times compounding the problems.
Incidentally apt-get is not the recommended solution to installing, it is too fundamental. I prefer synaptic because it shows me the details of the package when I select it.
While I don't disagree with the sentiments there are some fundamental problems with your argument.
Linux/Unix is fundamentally secure, windows is fundamentally open designed as a disconnected workstation and slowly being secured. This is NOT Microsofts fault for marketting reasons they have to move the code base slowly or there are too many problems.
The value in breaking into Windows is a staging point for other attacks. Kind of like a window above a presidental convoy. You can bet those downtown lockless doors would be secured if the head of state of anything wanted to drive through it. The point is that Internet snipers can hide anywhere.
Gandma and gradpa will not compile the kernel. They will use the standard upgrade path of binary packages. They will trust the source computer has not been compromised as Microsoft users trust the Microsoft site is not compromised.
There will be more holes found in Linux / Unix as they become more known. The reason, simply is honesty, FOSS sites report it and commercial entities hide it. I am not pointing at any one company it is a general truth.
The line I like seeing with this breakin is that this was noted by a checking program. This is what we like to see, expect a break in and buy a burglar alarm. (Also remember a burgler alarm can be comprimised!)
From the original February discussion. This has even more relevance now. ...
..., grades products based not only on their security and reliability, but also on the development and support processes that ensure quick responses to problems."
"The Common Criteria,
Does that mean that the US Gov. will be officially saying that the Kernel development model is OK ?
If I patch a compiler warning out of code I may be fixing these problems without being aware of them. I could also have run Microsoft equivalent of valgrind over the code and eliminated a memory problem.
It may not be as sinister as it seems, we all should use secure practices to actively seek these potential problems in all code and remove them.
Where to?
It took me 6 emails for Microsoft to stop requesting money from me to look that the issue that if you include 2 javascripts from separate files your ie goes to 100% CPU.
I ended up in the last note saying "I don't care anymore, take the bug report or not".
Compare this to the bug I had with gcc. I checked it on newsgroups, reported it to gcc, 24 hours later it was fixed. Similar experiences with evolution and gnome stuff.
"Viewed from this perspective, I don't think we need to keep an eye on our boxen just the backup tapes / disks/ CDs."
But how will you know unless you monitor it? Being able to recover a problem is a long way from identification.
I cannot telecommute, my own choice.
I use computers at home for support out of hours but work is work and I have to be structured in my processes. I also like talking to people face to face about issues and resolving them directly face to face.
The fight for the file system years ago can be parralleled to this. The best ideas are "stolen" and integrated and one will rule them all as ext2 eventually did. It became stable for a while and now journalling is openning it up again.
Gnome and KDE have been working together for some time, this is nothing new. The hope is to integrate more of the backend of these (eg unified spell checking) and highlight the differences for what is important.
I run Gnome, my wife runs KDE, who cares.
It is all about time and money.
I have the time to put into my favourite project (OpenOffice.org) and the big three have the money (and hence developer time) to put into things they want.
The fact that things are being paid for will not degrade the level of support nor will it stop those people scratching their own particular issues.
What you say is true and when you claim the bounty you carefully document the standard interface that you defined for evolution (probably has one) and the plugin for gaim to that standard plugin (guessing but this is probably local now).