I don't sign the back of my card because if somebody steals my card with the signature, they now not only have my card, but they also have my signature.
That's silly. Why would you put your real signature on the back of your card?
If you're going to "sign" it, just put some swoops and squiggles--then make more (similar) swoops and squiggles when you're asked to sign a slip. Those cashiers trying to stick to the rules wouldn't mind. They've just been trained to ensure the swoops and squiggles are roughly similar, anyway (and of course, the vast majority don't even do that).
That said, for many years I've had "Please ask for ID" in place of the signature.
I did have someone refuse to accept that once. I was incredulous. I forget the details--where it was, if I left, or just paid cash (as I prefer to do anyway, for small amounts).
I do have maybe half a dozen people a year apologetically ask for my ID, and I always commend their diligence. Seriously, I don't want them comparing swoops and squiggles. I want them to look at the face on my ID, make sure it's at least roughly similar to the one attached to my goddamned head, and make sure the names are the same. That's what matters.
The site is meant to have stories submitted by its readers so readers direct the type of content. So maybe the authors job is just to write interesting stories and some reader would submit it?
Aside from the notion of "news for nerds", does it say anywhere what Slashdot is "meant" to be or have?
But honestly, even if I actually thought it went against everything Slashdot was "meant" to be, I still couldn't get too worked up about it. I've been seeing stories submitted by their authors (or else the same person always submitting stories from the same site, but perhaps the authors were different) as long as I can remember, and I've been around a bit longer than I've had this user id.
Why is/. letting authors post their own clickbait?
Um well, to be fair, I'm pretty sure/. doesn't let article authors do any such thing. They can and do submit their own articles, very frequently--as can you.
If you don't like what ends up on the front page, blame the/. editors, not the authors.
If I wrote an article I thought might be interesting to the/. crowd, I'd sure as hell submit it myself.
What, are authors supposed to hire shills to do it for them? Apparently, if they just used a fake name it'd make some people happy.
Your calculation is also misleading. It's quite possible that a Windows CVE spans a number of Windows versions which would lead to counting the same CVE by up to 5 times. I'm willing to bet that the number of unique Windows CVEs is about a third the number that you arrived at.
Very true, but the premise of my argument was in the previous sentence. So sorry I included that last line. My argument required no calculations.
To return the point of discussion, I suggest you scroll to the bottom of https://www.cvedetails.com/top... where you'll see the list of Total Number Of Vulnerabilities Of Top 50 Products By Vendor for 2017. I don't know how cvedetails.com does its math (nor do I know why they break down Windows by version, but not Android, etc.). Maybe they're also double-counting CVEs that span multiple Windows versions. Maybe they're doing the same with Android, macOS, etc. It's still an interesting set of data to discuss.
Anyway, if I wanted to make a serious argument about this I'd do some real research into the data, the methodology of the data source(s), and clearly document my own methodology. I sure as hell wouldn't use data from a single web site whose reliability is a complete unknown to me.
No, I'm not missing the point. You're totally right.
But there is no run-down of patched-vs-unpatched status listed on that site, the source of a ridiculous argument that I was rebutting. My only point was that his (?) argument was ridiculous. Sorry to have provided a red herring by doing any dubious math.
Why would you add them up across Windows7, 8, etc.? Just to get a bigger number by counting the same vulnerability multiple times? With that logic, you'd be counting each Android vulnerability once for each Android build it occurs in.
Um, gee... where do I start? I mean really, do you see Android (or any non-Microsoft product) broken down by version in that list? It seems to me that for a (lowercase) apples-to-apples comparison, adding up the counts for every version of Windows would be the only fair way to compare it to any OS (or Kernel) which isn't listed with a similar version-by-version breakdown.
In any case, the total number of CVEs for Windows in the top 10 had little to do with the premise of my post, which was a rebuttal to an intentionally misleading post that tried to back up the ridiculous claim that "[a]t the moment, the security of Microsoft products is vastly superior to that of Google and Apple" by posting a part of an all-time list of vulnerabilities (which conveniently only includes one Microsoft product in the top 10). Well, the moment that I'm living in resides firmly in 2017. Once again, the 2017 list is here: https://www.cvedetails.com/top...
I have no idea if cvedetails.com's numbers are in any way reliable. lucm cited them as "proof" of how fuckin'A-awesome Microsoft is these days, so it seemed fair to turn their source around to disprove the original, ridiculous, premise.
But hey, since the OP's bon mot was obliquely attacking a specific vendor, not a product... let's assume cvedetails.com's numbers are somewhat accurate, and scroll to the bottom of https://www.cvedetails.com/top... that lucm originally linked to, where you'll see this juicy heading:
Total Number Of Vulnerabilities Of Top 50 Products By Vendor
There's a pretty bar chart there, but here is the sorted data list:
#1 Microsoft 8528 #2 Apple 5135 #3 Adobe 4167 #4 Mozilla 3279 #5 Google 2708 #6 2279 Oracle #7 1930 Linux #8 1373 SUN #9 1022 Debian #10 855 Canonical #11 784 Novell #12 560 PHP #13 466 Wireshark #14 452 Cisco #15 430 Fedoraproject #16 426 Redhat #17 364 Imagemagick
Okay, since we're talking about recent history ("at the moment", as you said), how about we have a look at recent CVE "scores", not the all-time list that you pasted in?
Here's the top of the "winners" list for 2017:
1 Android Google OS 564 2 Linux Kernel Linux OS 366 3 Imagemagick Imagemagick Application 303 4 Iphone Os Apple OS 290 5 Mac Os X Apple OS 210 6 Windows 10 Microsoft OS 195 7 Windows Server 2008 Microsoft OS 187 8 Windows Server 2016 Microsoft OS 183 9 Windows Server 2012 Microsoft OS 176 10 Windows 7 Microsoft OS 174
But just for fun let's see #11: 11 Windows 8.1 Microsoft OS 167 (on the "all-time" list you pasted in, #11 would have been Internet Explorer)
Aha! You're right, "it's not 1999" any more (in 1999, Microsoft occupied only 4 of the top 10 spots).
So let's see now... if you add up all the CVEs for all Microsoft products in the top 10 (everyone else seems to want to pretend Windows 8.1 never existed, so let's go with that), Microsoft scores a dazzling 915 CVEs so far 2017.
I never called you an opponent (are you?), and I certainly am not seeking to silence you.
I just called you out on your ridiculous "citations". If they're real, let's see some naked links. You didn't even try to excerpt more than a couple of them.
Bitly links are roughly equivalent to silence, because smart people aren't going to click them, and even most fools will simply assume there's something insightful there. But that's you, silencing yourself. I've seen insightful and/or comments from you many times before, so I'd expect better than that.
I see some knuckle-draggers have been modding you up--who else would ever click a bitly link from a stranger? Although I'm guessing they didn't, either...
Sorry, obfuscated links do not count as citations.
> Only reason to get a Mac anything is to run OS X. If you're running Ubuntu, you could get a more heavily configured PC for the same money
The machine belongs to my employer. I would never buy a Mac desktop.
I also cleaned OSX off my company-supplied MacBook Pro, and I have to say that with the addition of a decent OS (Ubuntu), it's the nicest laptop I've ever used, and with the best battery life. That said, I probably still wouldn't buy one of those, either...
I've recently done a project where our (new) Angular2 front-end was supposed to get data from (somewhat oldish) SOAP web services. (For those not up to date, SOAP came from the era when XML was all the rage, so guess what the requests and responses contain - yes XML.)
So sorry! SOAP is dirty, disgusting and should be flushed down the drain.;-)
Unfortunately SOAP and XML are part of my current day job--but as you say, it puts bread (etc.) on the table.
And it would be a lot easier for humans to read if it had goddamn linebreaks.
I mean, it has goddamn linebreaks but nobody seems to be outputting them.
Who wants to read a 1000-byte nested hash on a single line, with no spaces anywhere?
Well, given the choice of XML with no linebreaks, or JSON with no linebreaks, which one would you pick--honestly?
But of course, linebreaks are allowed in JSON, and (IMHO) should be included in almost any JSON written to any file. But with data serialized over the wire (i.e. to/from a web browser), linebreaks add bytes but no real value. I don't know of any web browser that doesn't have tools that allow you to easily browse the entire data structure.
The only coders using JSON now are java coders. They made a mistake selecting their flat file, hierarchical data format. Should have just build a good XML library in java to start.
Point of order: I've read several messages in this thread where you misassociate JSON with Java, but JSON didn't come from Java.
Its source is right there in the name: Javascript Object Notation.
Now on to subjective matters: XML is a disgusting standard which should die a fiery death. And I say this as someone who works with XML on a daily basis (but more and more JSON these days, thankfully). The fact that good libraries exist to work with it doesn't make it any more palatable to me. JSON is vastly simpler, maps easily to the most common data types, and is (get this...) usually easy (for humans) to read.
Java and XML were stuck together at an early age, and their forced marriage was unfortunately very fecund... but even many Java developers have seen fit to move on, if they're lucky enough to have the chance.
Also, if the UK ever needed an emergency tactic to prevent economic collapse, they can let their currency float.
Greece, a member of the EU, was not allowed to do that (even though it would have helped them).
But the UK was never a member of the Eurozone. Are suggesting that EU membership has somehow restricted their control over their own independent currency?
Jay Z was of course talking about commercial radio, and he's totally right. Or so I believe... I can't remember the last time I willingly listened to commercial radio.
There are commercial-free radio stations that actually care about music (and the musicians, and the listeners), and aren't beholden to advertisers.
Of course, as has been the case for decades, there are still lots of good low-power college radio stations, with their ever-changing formats. The downside there is that you never know sort of music you're going to hear without looking at the schedule, and the format's going to change within a few hours when the next DJ comes on.
But I know of at least two commercial-free music radio stations in the US which play an amazing variety of music, new, old, popular and--most importantly--the unknown and/or obscure... and with a similar mix of music throughout the day on most weekdays.
I'm proud to be a founding member of Minnesota Public Radio's KCMP "The Current", going strong after over a decade. I no longer live in Minnesota but still listen. However, the station I now listen most often to is KEXP "Where the Music Matters". Aside from the fact that their proximity to Redmond means they're to cause things like their online playlist being crippled (relies on Azure I guess)
I've discovered SO much new music (and some old) from both of those stations, both of which stream their broadcasts 24/7.
Even in my city the local NPR affiliate has a commercial-free music channel, though currently it's only available on HD radio (or the web). Similar mix of music to the others, but with more emphasis on local artists.
Slashdot Mirror
I don't sign the back of my card because if somebody steals my card with the signature, they now not only have my card, but they also have my signature.
That's silly. Why would you put your real signature on the back of your card?
If you're going to "sign" it, just put some swoops and squiggles--then make more (similar) swoops and squiggles when you're asked to sign a slip. Those cashiers trying to stick to the rules wouldn't mind. They've just been trained to ensure the swoops and squiggles are roughly similar, anyway (and of course, the vast majority don't even do that).
That said, for many years I've had "Please ask for ID" in place of the signature.
I did have someone refuse to accept that once. I was incredulous. I forget the details--where it was, if I left, or just paid cash (as I prefer to do anyway, for small amounts).
I do have maybe half a dozen people a year apologetically ask for my ID, and I always commend their diligence. Seriously, I don't want them comparing swoops and squiggles. I want them to look at the face on my ID, make sure it's at least roughly similar to the one attached to my goddamned head, and make sure the names are the same. That's what matters.
All one needs to do is... ask Betteridge.
The site is meant to have stories submitted by its readers so readers direct the type of content. So maybe the authors job is just to write interesting stories and some reader would submit it?
Aside from the notion of "news for nerds", does it say anywhere what Slashdot is "meant" to be or have?
But honestly, even if I actually thought it went against everything Slashdot was "meant" to be, I still couldn't get too worked up about it. I've been seeing stories submitted by their authors (or else the same person always submitting stories from the same site, but perhaps the authors were different) as long as I can remember, and I've been around a bit longer than I've had this user id.
I swear some of them were decent articles, too.
Joking! Who reads the articles?
Why is /. letting authors post their own clickbait?
Um well, to be fair, I'm pretty sure /. doesn't let article authors do any such thing. They can and do submit their own articles, very frequently--as can you.
If you don't like what ends up on the front page, blame the /. editors, not the authors.
If I wrote an article I thought might be interesting to the /. crowd, I'd sure as hell submit it myself.
What, are authors supposed to hire shills to do it for them? Apparently, if they just used a fake name it'd make some people happy.
Your calculation is also misleading. It's quite possible that a Windows CVE spans a number of Windows versions which would lead to counting the same CVE by up to 5 times. I'm willing to bet that the number of unique Windows CVEs is about a third the number that you arrived at.
Very true, but the premise of my argument was in the previous sentence. So sorry I included that last line. My argument required no calculations.
To return the point of discussion, I suggest you scroll to the bottom of https://www.cvedetails.com/top... where you'll see the list of Total Number Of Vulnerabilities Of Top 50 Products By Vendor for 2017. I don't know how cvedetails.com does its math (nor do I know why they break down Windows by version, but not Android, etc.). Maybe they're also double-counting CVEs that span multiple Windows versions. Maybe they're doing the same with Android, macOS, etc. It's still an interesting set of data to discuss.
Anyway, if I wanted to make a serious argument about this I'd do some real research into the data, the methodology of the data source(s), and clearly document my own methodology. I sure as hell wouldn't use data from a single web site whose reliability is a complete unknown to me.
No, I'm not missing the point. You're totally right.
But there is no run-down of patched-vs-unpatched status listed on that site, the source of a ridiculous argument that I was rebutting. My only point was that his (?) argument was ridiculous. Sorry to have provided a red herring by doing any dubious math.
Why would you add them up across Windows7, 8, etc.? Just to get a bigger number by counting the same vulnerability multiple times?
With that logic, you'd be counting each Android vulnerability once for each Android build it occurs in.
Um, gee... where do I start? I mean really, do you see Android (or any non-Microsoft product) broken down by version in that list? It seems to me that for a (lowercase) apples-to-apples comparison, adding up the counts for every version of Windows would be the only fair way to compare it to any OS (or Kernel) which isn't listed with a similar version-by-version breakdown.
In any case, the total number of CVEs for Windows in the top 10 had little to do with the premise of my post, which was a rebuttal to an intentionally misleading post that tried to back up the ridiculous claim that "[a]t the moment, the security of Microsoft products is vastly superior to that of Google and Apple" by posting a part of an all-time list of vulnerabilities (which conveniently only includes one Microsoft product in the top 10). Well, the moment that I'm living in resides firmly in 2017. Once again, the 2017 list is here: https://www.cvedetails.com/top...
I have no idea if cvedetails.com's numbers are in any way reliable. lucm cited them as "proof" of how fuckin'A-awesome Microsoft is these days, so it seemed fair to turn their source around to disprove the original, ridiculous, premise.
But hey, since the OP's bon mot was obliquely attacking a specific vendor, not a product... let's assume cvedetails.com's numbers are somewhat accurate, and scroll to the bottom of https://www.cvedetails.com/top... that lucm originally linked to, where you'll see this juicy heading:
Total Number Of Vulnerabilities Of Top 50 Products By Vendor
There's a pretty bar chart there, but here is the sorted data list:
#1 Microsoft 8528
#2 Apple 5135
#3 Adobe 4167
#4 Mozilla 3279
#5 Google 2708
#6 2279 Oracle
#7 1930 Linux
#8 1373 SUN
#9 1022 Debian
#10 855 Canonical
#11 784 Novell
#12 560 PHP
#13 466 Wireshark
#14 452 Cisco
#15 430 Fedoraproject
#16 426 Redhat
#17 364 Imagemagick
Hahaha! Nice job with your selective editing.
Gee, in a comparison to the all-time top 10, why would you list only the top 5 for 2017?
I think we both know the answer. The hell you didn't see 'em, indeed.
Okay, since we're talking about recent history ("at the moment", as you said), how about we have a look at recent CVE "scores", not the all-time list that you pasted in?
Here's the top of the "winners" list for 2017:
1 Android Google OS 564
2 Linux Kernel Linux OS 366
3 Imagemagick Imagemagick Application 303
4 Iphone Os Apple OS 290
5 Mac Os X Apple OS 210
6 Windows 10 Microsoft OS 195
7 Windows Server 2008 Microsoft OS 187
8 Windows Server 2016 Microsoft OS 183
9 Windows Server 2012 Microsoft OS 176
10 Windows 7 Microsoft OS 174
But just for fun let's see #11:
11 Windows 8.1 Microsoft OS 167
(on the "all-time" list you pasted in, #11 would have been Internet Explorer)
source:
https://www.cvedetails.com/top...
Aha! You're right, "it's not 1999" any more (in 1999, Microsoft occupied only 4 of the top 10 spots).
So let's see now... if you add up all the CVEs for all Microsoft products in the top 10 (everyone else seems to want to pretend Windows 8.1 never existed, so let's go with that), Microsoft scores a dazzling 915 CVEs so far 2017.
...when starting a new project:
Unless "three months of work" only means a few days' of actual work, there should have been dozens if not hundreds of commits by then. No excuses.
Never blame the tool for losing more than a day's worth of work--or it's you who ends up looking like the real tool.
insightful and/or informative comments, that is.
Hopefully this hasn't been posted three times. Whenever I click "No karma bonus", slashdot closes the comment box.
I never called you an opponent (are you?), and I certainly am not seeking to silence you.
I just called you out on your ridiculous "citations". If they're real, let's see some naked links. You didn't even try to excerpt more than a couple of them.
Bitly links are roughly equivalent to silence, because smart people aren't going to click them, and even most fools will simply assume there's something insightful there. But that's you, silencing yourself. I've seen insightful and/or comments from you many times before, so I'd expect better than that.
I see some knuckle-draggers have been modding you up--who else would ever click a bitly link from a stranger? Although I'm guessing they didn't, either...
Sorry, obfuscated links do not count as citations.
> Only reason to get a Mac anything is to run OS X. If you're running Ubuntu, you could get a more heavily configured PC for the same money
The machine belongs to my employer. I would never buy a Mac desktop.
I also cleaned OSX off my company-supplied MacBook Pro, and I have to say that with the addition of a decent OS (Ubuntu), it's the nicest laptop I've ever used, and with the best battery life. That said, I probably still wouldn't buy one of those, either...
Ubuntu works fantastic on the Mac Mini I'm using to write this...
Replying to un-do my accidental down-mod. Sorry, I meant to mod 'Insightful'
I've recently done a project where our (new) Angular2 front-end was supposed to get data from (somewhat oldish) SOAP web services. (For those not up to date, SOAP came from the era when XML was all the rage, so guess what the requests and responses contain - yes XML.)
So sorry! SOAP is dirty, disgusting and should be flushed down the drain. ;-)
Unfortunately SOAP and XML are part of my current day job--but as you say, it puts bread (etc.) on the table.
And it would be a lot easier for humans to read if it had goddamn linebreaks.
I mean, it has goddamn linebreaks but nobody seems to be outputting them.
Who wants to read a 1000-byte nested hash on a single line, with no spaces anywhere?
Well, given the choice of XML with no linebreaks, or JSON with no linebreaks, which one would you pick--honestly?
But of course, linebreaks are allowed in JSON, and (IMHO) should be included in almost any JSON written to any file. But with data serialized over the wire (i.e. to/from a web browser), linebreaks add bytes but no real value. I don't know of any web browser that doesn't have tools that allow you to easily browse the entire data structure.
We shouldn't let this come between us. I don't need more enemies.
Though we're not from the same pod, I couldn't agree more.
The only coders using JSON now are java coders. They made a mistake selecting their flat file, hierarchical data format. Should have just build a good XML library in java to start.
Point of order: I've read several messages in this thread where you misassociate JSON with Java, but JSON didn't come from Java.
Its source is right there in the name: Javascript Object Notation.
Now on to subjective matters: XML is a disgusting standard which should die a fiery death. And I say this as someone who works with XML on a daily basis (but more and more JSON these days, thankfully). The fact that good libraries exist to work with it doesn't make it any more palatable to me. JSON is vastly simpler, maps easily to the most common data types, and is (get this...) usually easy (for humans) to read.
Java and XML were stuck together at an early age, and their forced marriage was unfortunately very fecund... but even many Java developers have seen fit to move on, if they're lucky enough to have the chance.
Whirled Peas are the answer.
Yes, exactly!
(this message may have been filtered by the Grammar Police).
Wow. Usually "duplicate story" isn't meant quite so literally around here....
Also, if the UK ever needed an emergency tactic to prevent economic collapse, they can let their currency float.
Greece, a member of the EU, was not allowed to do that (even though it would have helped them).
But the UK was never a member of the Eurozone. Are suggesting that EU membership has somehow restricted their control over their own independent currency?
Good point, but you don't have to go far... Los Altos Hills, Saratoga...
Jay Z was of course talking about commercial radio, and he's totally right. Or so I believe... I can't remember the last time I willingly listened to commercial radio.
There are commercial-free radio stations that actually care about music (and the musicians, and the listeners), and aren't beholden to advertisers.
Of course, as has been the case for decades, there are still lots of good low-power college radio stations, with their ever-changing formats. The downside there is that you never know sort of music you're going to hear without looking at the schedule, and the format's going to change within a few hours when the next DJ comes on.
But I know of at least two commercial-free music radio stations in the US which play an amazing variety of music, new, old, popular and--most importantly--the unknown and/or obscure... and with a similar mix of music throughout the day on most weekdays.
I'm proud to be a founding member of Minnesota Public Radio's KCMP "The Current", going strong after over a decade. I no longer live in Minnesota but still listen. However, the station I now listen most often to is KEXP "Where the Music Matters". Aside from the fact that their proximity to Redmond means they're to cause things like their online playlist being crippled (relies on Azure I guess)
I've discovered SO much new music (and some old) from both of those stations, both of which stream their broadcasts 24/7.
Even in my city the local NPR affiliate has a commercial-free music channel, though currently it's only available on HD radio (or the web). Similar mix of music to the others, but with more emphasis on local artists.