How often does Apple release patches and the like?
Pretty often. But as with some other large companies, sometimes they drag their feet if they don't feel that it is a priority.
Do they have some sort of web-interface like Windows-update, or is it a self-contained program
It's a self-contained program run from the System Preferences page. It downloads, installed, optimizes and then, if necessary reboots. It runs automatically by default so you really don't need to worry about it. It checks once a week for updates.
Are there lots of little patches all the time, or just big lumps of patches like this one?
Usually they are just smaller patches. The big list of changes usually come in the form of a point release upgrade (for instance, going from 10.3.8 to 10.3.9). Apple had 9 upgrades during the past 15 months or so. The best thing about those is that not only do they fix potential problems, they also usually have optimizations and new software from Apple.
init/inetd/cron are hardly "simple" tools, they have always seemed quite complex. And, since they all do basically the same thing (start programs) there is alot of duplication of effort, and possible security holes in each app.
One of my biggest irritations when I start up linux is how long it takes to do everything. It runs each service, in the order that is specified by the requirements one at a time. There are a lot of things that can be going on at once to get everything started. For example, while I'm waiting for my clock to sync with ntp (ubuntu does it on every boot) I could also be starting the webserver. Or, while I wait for my network card to be configured with DHCP, hotplug could be starting up, or some other service that doesn't need networking.
There is a lot of waiting that happens during the startup process that could be better spent actually starting something up!
Also, with regards to XML, I think it's a great idea. You don't have to worry about the config file being syntactically invalid because it can check it against the DTD.
The NTFS people claim that defragmentation on NTFS isn't strictly necessary, but it can make certain disks MUCH better and makes most disks "somewhat" better
I don't know what kind of benchmarks they've been running, but I notice speed improvements when loading many files (such as in a game) when the drive is unfragmented. Making sure my HL2 files were not fragmented sped load times by several seconds (and HL2 load times are already too long).
It seems that any large file that is fragmented across the disk would slow down loading and access from the drive. It doesn't matter for movie files, where a relatively slow speed is all that is necessary, but for applications where time is an issue it matters greatly.
Well, if that is the case, then they really haven't junked the concept of WinFS (database sitting on NTFS), since according to the article it sounds like they are still moving forward with Virtual Folders, which is basically a query to that database.
I still feel that they should bring their FS up to date. I don't think any of the file systems in Linux or MacOS fragment. I suppose there is overhead preventing that, but little bits of overhead are more acceptable than 4 hours of downtime as my drive sorts itself out.
I thought that they had pretty much junked what would have been good search. I was looking forward to WinFS, hoping it to be an improvement over NTFS (a modern FS, one with no fragmentation!). And on top of that, cool searching!
But instead, they are going to make a background process that just indexes things like Spotlight. I hope it is at least as flexible as Spotlight, to allow developers to make plugins for their indexing engine so that new filetypes can expose information to be searched.
I also hope they do a good job at making it transparent. I don't want my computer to be noticeably bogged down while it indexes a 4GB movie file (hopefully it won't index it in the first place!)
It's pretty easy to enforce this. Put the price you want on the box, make it big and bright, send it to the stores, and put a note on there that says if any customer had to pay more, report it to the manufacturer.
The customers will police it for you. Manufacturers and Vendors usually have contractual agreements, and there are usually fines that can be imposed upon one or the other for breaking agreements. They could use something like this to enforce the pricing.
I think there are enough people complaining about this that it might be a real phenomenon. Just because you haven't had problems yet doesn't mean that it doesn't happen and that all vendors and manufacturers are saints.
Just imagine how much money they would save if they "lost" 5% of the rebates. They increased their sales without having the penalty of actually lowering their prices.
I mean, if you are really going to offer a discount on a product, just sell it to the vendor at a reduced price, and make sure they sell it with that discount.
Then you have been lucky. I purchased a Tivo from Best Buy, that came with a $100 rebate. I sent in the rebate the next day, everything was in order. I even typed up my name and address so that they couldn't claim it was illegible.
They claimed that it was lost in the mail. I've *never* had mail lost except sending it to rebate places. I think it was probably "lost" after they received it. I went to Best Buy, where they reprinted the receipt for me, but they wouldn't give me the rebate form again. I called the rebate company, and they told me to get the form off of their website. I went there, and it didn't exist. They didn't have a single Tivo Rebate form. So I'm out $100.
Lessons learned:
Send your rebate via registered mail. And if that doesn't work, you're screwed.
I hope they implement instant rebates. Now that would be nice, and I'd probably go to Best Buy more often.
Funny you should mention this about being the ultimate mailserver distro.
I just set up a mailserver for an ISP up in Idaho using SuSE 9.2. Spamassassin and Postfix installed without a problem, but when I went to install courier-imap and sasl2, I discovered that they didn't include mysql or postrgres support. Luckily it wasn't hard to download the SRPMS and compile them myslef, but it was still a bit annoying.
I sent them an e-mail requesting that they build the rpms to support that, and we'll just have to wait to see if they do.
That said, one of the things I love most about SuSE is yast, which has a wonderful n-curses based tool for when you are logged in via SSH. It really is spectacular. The best thing about it is that people who aren't all that linux savvy can still use yast to configure the box without too much difficulty.
I used to have that problem as well. But I discovered that it was because I had turned on pipelining. Once I turned that off, slashdot rendered correctly again.
It usually manifested itself by drawing posts over the menu. Type about:config in your browser and make sure pipelining is off.
I also noticed that Google Maps has difficulty when pipelining is on as well.
Oh, I don't think the parent (or grandparent to this post) had any desire of calling it Java. Maybe he can come up with a witty name like B## or something.
I'm interested to see where this'll go-- will ISPs absolutely choke 'bulk data' packets and drive folks into using older or fringe BT clients to get faster downloads?
I don't think they'll choke "bulk data", because many other protocols mark their data bulk as well (ftp being one of them, if you have a modern client).
It is very helpful to ISPs to have the bulk classification, so that their more time-sensitive data (ie, VOIP) doesn't get clobbered when someone starts using bittorrent.
It's not like it's difficult to choke bittorrent traffic anyway, just look for communication on ports 6881 to 6888.
If they do, it'll just make everyone remove the bulk flag, and then there will be no easy quality of service queing.
Right, so the OS is called: OS Ten Ten point Three point Eight?
You're not supposed to pronounce the 'X', because it is the roman numeral for 10. If you ever listen to Steve Jobs, you will hear him refer to it as OS 10, not OS X.
DO NOT use this on a computer that you do not own or do not have permission to test on.
It is very serious though, and I am totally shocked that MS hasn't fixed this yet (or perhaps they did fix this, but then somehow reverted to old code).
I found some interesting things while playing around with this.
1st: The checksum code is always off by 3 in that file. Subtract 3 from the value before you take the complement and it'll be right. (this is a kludge, I haven't taken the time to actually figure out why it's wrong yet)
2nd: It causes 100% CPU usage on a WinXP SP2 box for about 3 seconds for each packet sent!!!
3rd: It can be blocked (and probably IS blocked) by most routers since the source and destination addresses are the same.
I got permission to send one of these packets to my friends Win2003 box and as far as we can tell, it didn't do anything. I don't know if the packet is getting through though.
4th: Also, I retested the Mac, and again, the malformed packet did nothing.
I googled around and found this article on Macworld:
According to several developers Macworld talked to who are currently working on OS X applications, anytime the OS can take advantage of the AltiVec engine, it does. This ensures that the parts of the OS that can utilize AltiVec, such as working in the new user interface, experience a significant increase in performance.
I don't know how much of OS X has AltiVec code, but there are many other apple apps that use it. iTunes uses it for encoding music. I'm sure the video codecs in Quicktime use it as well.
The Mac has a really nice optimization tool called shark which will help you find things that can be put into the AltiVec processor (it also helps with general optimization).
2. Virtual hosts often share a single IP among many websites. You can't just authorize a name; SSL requires (from my understanding) a unique IP. That would make the IPv4 system even more strained.
This is the case if you want to use the default HTTPS port (443) since the hostname is encrypted. However, you can use your certificate on other ports. Just have your webserver listen to port 4443, and then in your links, just put https://yourhost.com:4443/ and it works great.
When I was running a small webhost business, instead of getting a new IP for each cert, I'd just put them on different ports.
Also, the IPv4 system isn't as strained as it used to be. With NAT, and creative netmasks, they have been able to spread out the IPs more efficiently. I wish it *were* more strained, because then they might be forced to actually switch over to IPv6.
A better car analogy would be to ask the dealership for the cars without stereo systems. Because I have my own, good stereo system and I don't need a crappy factory installed one.
That is more like that OS than the engine (CPU).
There is a good article on AMDZone that talks about how AMD is doing it's dual-core. They have put 2 cpus each with their own cache but they share the on-chip memory controller and the hypertransport links. According to AMD, there is only a 10% loss in performance by using the shared components.
Not bad considering you only have to have one socket on your motherboard to accomodate a dual processor system now. And it will even work in current motherboards, using the same 939 socket.
Unfortunately, it appears that Enemy Territory never made it to the Mac. But RTCW did. The only game I really miss from my PC is HL2, which doesn't play in Linux either (at least, I can't get it to work):(.
5) An unproven design that may not work. They didn't design Hubble to be crippled intentially. And if this one doesn't work, it can't be fixed.
From the article, they said that the design would be the same as the Hubble. They have more experience now designing a space telescope, because they've already built one. This would could be fixed, but it'd be as expensive as fixing the new one.
6) A nice new satellite that might not make it to orbit or the wrong orbit or be damaged, etc. Putting payloads into orbit is a risk.
It's has significantly less risk than sending a shuttle to repair the Hubble though. Putting things in orbit is something that we're pretty good at now. For example, look at all of the communication satellites that are orbiting the earth now.
7) The cost estimates might be very wrong. Or maybe it gets dropped on the ground (happened before). Oops.
Yes, it could be damaged while it's being built. But it is sooo much easier to fix the thing while it's here on the ground. What happens if you accidentally ruin the Hubble as you try to fix it? There is no getting that spare part that you desperately need unless you brought it along with you.
I feel that building a new Hubble telescope would be the safest solution, and if they are planning on having a space telescope, a cost effective one.
Slashdot Mirror
How often does Apple release patches and the like?
Pretty often. But as with some other large companies, sometimes they drag their feet if they don't feel that it is a priority.
Do they have some sort of web-interface like Windows-update, or is it a self-contained program
It's a self-contained program run from the System Preferences page. It downloads, installed, optimizes and then, if necessary reboots. It runs automatically by default so you really don't need to worry about it. It checks once a week for updates.
Are there lots of little patches all the time, or just big lumps of patches like this one?
Usually they are just smaller patches. The big list of changes usually come in the form of a point release upgrade (for instance, going from 10.3.8 to 10.3.9). Apple had 9 upgrades during the past 15 months or so. The best thing about those is that not only do they fix potential problems, they also usually have optimizations and new software from Apple.
Two words:
Parallel Startup
init/inetd/cron are hardly "simple" tools, they have always seemed quite complex. And, since they all do basically the same thing (start programs) there is alot of duplication of effort, and possible security holes in each app.
One of my biggest irritations when I start up linux is how long it takes to do everything. It runs each service, in the order that is specified by the requirements one at a time. There are a lot of things that can be going on at once to get everything started. For example, while I'm waiting for my clock to sync with ntp (ubuntu does it on every boot) I could also be starting the webserver. Or, while I wait for my network card to be configured with DHCP, hotplug could be starting up, or some other service that doesn't need networking.
There is a lot of waiting that happens during the startup process that could be better spent actually starting something up!
Also, with regards to XML, I think it's a great idea. You don't have to worry about the config file being syntactically invalid because it can check it against the DTD.
Ahh.
Well, if that is the case, then they really haven't junked the concept of WinFS (database sitting on NTFS), since according to the article it sounds like they are still moving forward with Virtual Folders, which is basically a query to that database.
I still feel that they should bring their FS up to date. I don't think any of the file systems in Linux or MacOS fragment. I suppose there is overhead preventing that, but little bits of overhead are more acceptable than 4 hours of downtime as my drive sorts itself out.
I thought that they had pretty much junked what would have been good search. I was looking forward to WinFS, hoping it to be an improvement over NTFS (a modern FS, one with no fragmentation!). And on top of that, cool searching!
But instead, they are going to make a background process that just indexes things like Spotlight.
I hope it is at least as flexible as Spotlight, to allow developers to make plugins for their indexing engine so that new filetypes can expose information to be searched.
I also hope they do a good job at making it transparent. I don't want my computer to be noticeably bogged down while it indexes a 4GB movie file (hopefully it won't index it in the first place!)
It's pretty easy to enforce this. Put the price you want on the box, make it big and bright, send it to the stores, and put a note on there that says if any customer had to pay more, report it to the manufacturer.
The customers will police it for you. Manufacturers and Vendors usually have contractual agreements, and there are usually fines that can be imposed upon one or the other for breaking agreements. They could use something like this to enforce the pricing.
I think there are enough people complaining about this that it might be a real phenomenon. Just because you haven't had problems yet doesn't mean that it doesn't happen and that all vendors and manufacturers are saints.
Just imagine how much money they would save if they "lost" 5% of the rebates. They increased their sales without having the penalty of actually lowering their prices.
I mean, if you are really going to offer a discount on a product, just sell it to the vendor at a reduced price, and make sure they sell it with that discount.
Hi, my name is Ben. Pleased to have met you.
:)
Now you've met someone that has had problems with rebates.
Then you have been lucky. I purchased a Tivo from Best Buy, that came with a $100 rebate. I sent in the rebate the next day, everything was in order. I even typed up my name and address so that they couldn't claim it was illegible.
They claimed that it was lost in the mail. I've *never* had mail lost except sending it to rebate places. I think it was probably "lost" after they received it. I went to Best Buy, where they reprinted the receipt for me, but they wouldn't give me the rebate form again. I called the rebate company, and they told me to get the form off of their website. I went there, and it didn't exist. They didn't have a single Tivo Rebate form. So I'm out $100.
Lessons learned:
Send your rebate via registered mail. And if that doesn't work, you're screwed.
I hope they implement instant rebates. Now that would be nice, and I'd probably go to Best Buy more often.
Most good mail clients should provide both the nicely formatted html and the text in 2 different MIME blocks. I just tested gmail, and it does this.
So what are you really complaining about, the extra 1k that the e-mail has because it has good formatting?
Funny you should mention this about being the ultimate mailserver distro.
I just set up a mailserver for an ISP up in Idaho using SuSE 9.2. Spamassassin and Postfix installed without a problem, but when I went to install courier-imap and sasl2, I discovered that they didn't include mysql or postrgres support. Luckily it wasn't hard to download the SRPMS and compile them myslef, but it was still a bit annoying.
I sent them an e-mail requesting that they build the rpms to support that, and we'll just have to wait to see if they do.
That said, one of the things I love most about SuSE is yast, which has a wonderful n-curses based tool for when you are logged in via SSH. It really is spectacular. The best thing about it is that people who aren't all that linux savvy can still use yast to configure the box without too much difficulty.
SUSE 9.3 is almost ready. In fact, you can preorder it.
The SUSE name isn't dead, it's still around. NLD is a gnome based distribution based on SUSE with commercial fonts, and a tweaked office suite.
I used to have that problem as well. But I discovered that it was because I had turned on pipelining. Once I turned that off, slashdot rendered correctly again.
It usually manifested itself by drawing posts over the menu. Type about:config in your browser and make sure pipelining is off.
I also noticed that Google Maps has difficulty when pipelining is on as well.
Oh, I don't think the parent (or grandparent to this post) had any desire of calling it Java. Maybe he can come up with a witty name like B## or something.
I'm interested to see where this'll go-- will ISPs absolutely choke 'bulk data' packets and drive folks into using older or fringe BT clients to get faster downloads?
I don't think they'll choke "bulk data", because many other protocols mark their data bulk as well (ftp being one of them, if you have a modern client).
It is very helpful to ISPs to have the bulk classification, so that their more time-sensitive data (ie, VOIP) doesn't get clobbered when someone starts using bittorrent.
It's not like it's difficult to choke bittorrent traffic anyway, just look for communication on ports 6881 to 6888.
If they do, it'll just make everyone remove the bulk flag, and then there will be no easy quality of service queing.
Right, so the OS is called:
OS Ten Ten point Three point Eight?
You're not supposed to pronounce the 'X', because it is the roman numeral for 10. If you ever listen to Steve Jobs, you will hear him refer to it as OS 10, not OS X.
Make sure you remove the message that is at the top of the file before you try to compile it :). It's not commented out.
I uploaded the entire file, so here it is:
land.c It has the checksum kludge in it as well.
DO NOT use this on a computer that you do not own or do not have permission to test on.
It is very serious though, and I am totally shocked that MS hasn't fixed this yet (or perhaps they did fix this, but then somehow reverted to old code).
I found some interesting things while playing around with this.
1st: The checksum code is always off by 3 in that file. Subtract 3 from the value before you take the complement and it'll be right. (this is a kludge, I haven't taken the time to actually figure out why it's wrong yet)
2nd: It causes 100% CPU usage on a WinXP SP2 box for about 3 seconds for each packet sent!!!
3rd: It can be blocked (and probably IS blocked) by most routers since the source and destination addresses are the same.
I got permission to send one of these packets to my friends Win2003 box and as far as we can tell, it didn't do anything. I don't know if the packet is getting through though.
4th: Also, I retested the Mac, and again, the malformed packet did nothing.
I compiled land.c on linux and and then had it test my powerbook (OS X.3.8) on an open port. Nothing happened, thus it's not exploitable.
If anyone is interested, I had to modify the program to get it to work in linux (the structures have changed since this was originally written).
Here is a patch so you can test other OSes.
land.diff
Curse you slashcode! It won't let me inline the patch. Oh well. Download it if you want it.
I don't know how much of OS X has AltiVec code, but there are many other apple apps that use it. iTunes uses it for encoding music. I'm sure the video codecs in Quicktime use it as well.
The Mac has a really nice optimization tool called shark which will help you find things that can be put into the AltiVec processor (it also helps with general optimization).
2. Virtual hosts often share a single IP among many websites. You can't just authorize a name; SSL requires (from my understanding) a unique IP. That would make the IPv4 system even more strained.
This is the case if you want to use the default HTTPS port (443) since the hostname is encrypted. However, you can use your certificate on other ports. Just have your webserver listen to port 4443, and then in your links, just put https://yourhost.com:4443/ and it works great.
When I was running a small webhost business, instead of getting a new IP for each cert, I'd just put them on different ports.
Also, the IPv4 system isn't as strained as it used to be. With NAT, and creative netmasks, they have been able to spread out the IPs more efficiently. I wish it *were* more strained, because then they might be forced to actually switch over to IPv6.
A better car analogy would be to ask the dealership for the cars without stereo systems. Because I have my own, good stereo system and I don't need a crappy factory installed one. That is more like that OS than the engine (CPU).
There is a good article on AMDZone that talks about how AMD is doing it's dual-core. They have put 2 cpus each with their own cache but they share the on-chip memory controller and the hypertransport links. According to AMD, there is only a 10% loss in performance by using the shared components.
Not bad considering you only have to have one socket on your motherboard to accomodate a dual processor system now. And it will even work in current motherboards, using the same 939 socket.
It's a good thing that somebody has actually already listed a ton of games that you can play on the Mac.
:(.
Unfortunately, it appears that Enemy Territory never made it to the Mac. But RTCW did. The only game I really miss from my PC is HL2, which doesn't play in Linux either (at least, I can't get it to work)
5) An unproven design that may not work. They didn't design Hubble to be crippled intentially. And if this one doesn't work, it can't be fixed.
From the article, they said that the design would be the same as the Hubble. They have more experience now designing a space telescope, because they've already built one. This would could be fixed, but it'd be as expensive as fixing the new one.
6) A nice new satellite that might not make it to orbit or the wrong orbit or be damaged, etc. Putting payloads into orbit is a risk.
It's has significantly less risk than sending a shuttle to repair the Hubble though. Putting things in orbit is something that we're pretty good at now. For example, look at all of the communication satellites that are orbiting the earth now.
7) The cost estimates might be very wrong. Or maybe it gets dropped on the ground (happened before). Oops.
Yes, it could be damaged while it's being built. But it is sooo much easier to fix the thing while it's here on the ground. What happens if you accidentally ruin the Hubble as you try to fix it? There is no getting that spare part that you desperately need unless you brought it along with you.
I feel that building a new Hubble telescope would be the safest solution, and if they are planning on having a space telescope, a cost effective one.