Oh, and I forgot to mention... the GUI is just awful.
Which makes it even more astonishing that it is so hard to get out of it. No Ctrl-Alt-Backspace to zap the X-server, no Ctrl-Alt-F1 to switch virtual consoles, etc. The only straightforward way is the "console login" drop down menu, which is kind of useless in the case the screen is so messed-up that you don't see it...
Fortunately there is another way: if you are a fast typer, and manage to log in on the console before X would start, you stay in text mode.
but dyed in the wool DBA's still tend to stick with Solaris.
Hey, wouldn't they tend to stick with DB/2 on IBM mainframes? At least in the financial sector they do. They wouldn't touch such newfangled technology as Solaris and Oracle with a ten-foot pole;-)
On my AMD64 laptop the whole install was graphical, but for some reason, on the old (AMD 32) laptop, most of it was handled by a curses (?) base program running in a dtterm.
The author of the review critices the reboot that happens after the first CD. This is not that bad, some Linux distributions, such as SuSE do that too. However, it could at least pop out CD 1 after the reboot, or else, it'll just start over from scratch (which is a pain if you are not near your PC when the reboot happens). And yes, I did chose the option "automatically pop out CD" at the beginning of the install, but somehow it just doesn't happen...
There is no easy (GUI) way to install packages "after the fact" if you see that you need them. You have to manually rifle through your 5 CD's, copy the package files to/var/spool/pkg, and run pkgadd manually (or did I just miss something here?).
The drop-down menu to chose console login is nice, except for the case where you would need it the most: what do you do if the X installation is so messed-up that you don't see the lower half of your screen, including that menu? Oh, and telneting in from another machine is not an option, if your network card is one of the many that aren't supported out of the box...
How do you mount an USB keyfob, or similar device?
but what kinds of uses does Solaris still find itself filling?
I recently installed Solaris on my 2 Laptops. Reason: testing Solaris compatibility of software that I maintain!;-)
It has been an interesting experience anyways, because I ended up not only testing (and fixing...) my own software, but also testing Solaris' usability (or rather: lack thereof...):
Very fragile install process (pop in the wrong CD just once, and start over from scratch...)
Refuses to create a Solaris partition if a Linux Swap partition is present (... because both share the same partition id 82, but other OS'es at least give you the option of "ignore this partition, and create a new one instead!"
Poor dependancy management in the installer (the Solaris installer does flag broken dependancies, but unlike most Linux distros does not have a button to "resolve" these automatically)
No straightforward way to configure a Swiss-German keyboard
On one of my two laptops, X Display was all messed up after install. Fortunately, there was still an xf86config-like script lying around.
poor hardware support (on both laptops, I had to download extra drivers from the net to get Ethernet... and the only way to get these drivers on the Laptop in the first place was to burn a CD.... One of the two Ethernet cards was a via-rhine, not exactly uncommon hardware!)
Unobvious paths for some sundry utils/usr/ccs/bin/make,/usr/sfw/bin/gcc. Find is your friend, but locate has left you stranded...
Remember that the world does NOT subscribe to the American idea of freedom and democracy.
Tooooot! Toooot! And it's a good thing too! We prefer real freedom (rather than all expenses-paid-holidays in Guantamo Bay), and real democracy (with more than two indistinguishable parties to chose among).
There are rights we have in the US that you do not in other free countries,...
What's next: "The cat catches mice" "The pope is catholic" "There were no weapons of mass destruction in Iraq" "Water wets"?
I have news for you: 1 password-protected ASP application out of 3 can be accessed using the username ' or ''='' or ''=' and the empty password (the first and last single quote are part of the username).
Reason: SQL injection.
Supposedly these apps verify the password via a construct equivalent to the following (pseudo-syntax, I don't know enough VB to write real code):
answer = query_execute("SELECT account_id FROM users WHERE username=' "+username+" ' AND password=' "+password+" '");
Yes, they use string concatenation to build the query, rather than using wildcards (bind variables)! Not sure ASP even supports wildcards...
What happens with the magic username above, is that a query such as the following is executed against the database:
SELECT account_id FROM users WHERE username='' or ''='' or ''='' AND password=''
(the part of the query coming from the user-entered data is bold, the rest is what came from the program). This is a query that matches for all rows, so you'll usually get connected using the credentials from the first account in the table (often administrator, he!). Try it out! Go to google, seach for login asp username password and pick one of the sites from "the middle of the stack" (i.e. not from the first few pages returned, because those are mostly either ASP tutorials, or the rare "secure" ASP sites). Saying username and password in another language (Benutzername/Passwort) helps too as you'll get a "fresher" less overfished list;-)
If the simplistic approach doesn't work, try entering a lone single quote as the username and/or password. You'll often get an error message that shows you part of the query used, and from there you can find how to word your username so that you still get access. For instance, some sites do not use the password in the WHERE clause, but instead return it. In that case, use something such as the following as your username, and zozo as the password:
' union select 0,'zozo' from users where ''='
The query obviously neads some tweaking, as the number of columns, position of password in select clause, and names of table obviously varies among sites. But fortunately, error messages are often verbose enough that with a little bit of trial and error you can figure out a "magic" username that opens the door to the kingdom.
If you are a site administrator whose app is vulnerable: rewriting your app is indeed a solution... preferably in PHP!
Yes, indeed. You pay more taxes on bigger (stronger) cars. But strangely enough, tax administration uses a different definition of horsepower than anybody else...
Some newer cars don't have a neutral gear. You can only select forward, backward or park and that's it.
So what do you at the car wash? (the kind of car wash where some chain grabs the left wheel to pull you through the washing mechanism, and which only works if you put the car in neutral...)
But you cannot use it as an energy source because unlike coal, oil, natural gas and uranium, it isn't freely available: you have to make it.
Yeah, but having at your disposal a powerful weapons of mass destruction, as this antimatter bomb would be, helps to make sure that said oil stays freely available to you, ha!
Q: What is the difference between a landmine and a software patent?
A: If you step on a landmine, at least that landmine is no longer dangerous to anyone else...
Last I checked, and feel free to correct me, antimatter is not radioactive. Antiparticles are viable ground-state particles that do not spontenously decay, which is what radioactivity is.
True, antimatter alone is as stable as normal matter. However, problems arise if you bring anti- and normal matter together. And in our world made up of normal matter, this is almost unavoidable unless some elaborate containment devices are used...
Was at JAOO today, and on the closing panel discussion for the Test-Driven Development track, Mr Kevlin Henney was praising NASA's rigorous software testing procedures. He was so proud of them that he let out a "and in both space shuttle crashes, software was not to blame". Well, this may be correct if he was thinking only about the flight software... but
there
is other
software than what rides in the shuttle itself...
In the Council, a negative vote and an abstention count the same. Indeed, only yes votes are counted; and both an abstention and a negative are a missing yes.
Note for the non-Luxembourgers: yes, we did have a general election in the meantime, and the guy in the picture's party lost big time, hehe. Our new government is not yet formed, but probability is quite high that this guy won't be butchering any penguins anytime soon!
If this is fundamentally true, then why bother with peer review?
Because nowadays, scientists are judged by the number of their publications. Quality only plays a indirect role (publication in more "selective" journals or conferences are valued higher).
Which means that in order to survive a "good" scientist has to crank out tens of publications per year. Of course, his actual research cannot become faster (on the contrary...): which means an ever repeating rehash of the same basic ideas couched in different wordings in order to keep up the pace.
Of course, such a high rate of publication creates an equally high load on the reviewers, who no longer can read and check papers in depth, but can only quickly skim them. In such a situation, poor language style has a much stronger impact than poor research. You get the expected result, even in the supposedly "good" journals and conferences...
A thesis where someone proved sin(x)+cos(x)=1, and the committee didn't notice?
This was obviously not the main subject of the thesis, but occurred in one of the examples that he used.
It was a computer science thesis, presenting a new kind of automatic theorem prover. The sin(x)+cos(x)=1 was used as one example to illustrate his program... and lo and behold, the program managed to "prove" the theorem! [Obviously, the candidate had to fudge it to make it work... Probably he believed he had an error in his program, and didn't considering the possibility that maybe the error was in the example he used...!]
Yeah right.
The reviewers weren't mathematicians, but computer scientists (which doesn't really excuse them, the error is not university subject matter, but highschool!)
His thesis would have
demanded more critical examination than a research paper.
Which is not much. Nowadays, there is such a number of research papers (most of which don't actually contain earth-shattering results) that they are not actually examined with that much detailed attention. Reviewers pay more attention to stylistic aspects (is it readable? understandable without too much efforts? are my buddies, who did research in the same field appropriately credited in the bibliography?) than to contents.
Same thing goes for thesis, and I've heard of a thesis where the candidate "managed" to prove that sin(x)+cos(x)=1. Which is obviously false (... it lacks the square...), but this error escaped the attention of the doctorand's of his adviser and of his reviewers!
Thesis are rather large (> 100 pages), and reviewers have to read them in a limited amount of time (in France, it's just 2 or 3 weeks in bad cases, and some reviewers may be on the boards of more than one thesis!), so it's entirely plausible that even relatively gross errors go unnoticed.
And probably the only reason why this guy got caught was that his papers were of the rare kind that did indeed contain earth-shattering results (high temperature superconductors) which drew the attention of the crowd. If "exposed" papers contain such errors, how much worse must be the situation with the many dull and uninteresting papers?
ObOntopic: software patents lead to Outsourcing. Indeed, rather than run the risk of being sued for patent infringment, software companies will prefer to outsource their actual development to places (such as India) where there are no software patents yet, rather than do it in their homecountry, and expose themselves to potentially expensive patent litigiation.
That being said, if you happen to be Danish, please carefully watch the following clip:
Ok, no matter what the issue is: please consider your national pride, your national dignity! Do you really value representatives that let themselves be shoved around, and give an easy yes, rather than defending your country's best interests?
But the good news is, there is still a way out. Yes, changing your vote now may be viewed as an admission that you (you're representative) screwed up, or didn't know the subject matter. But it also shows courage and the willingness to correct errors once they become known.
Ok, as a Luxembourg I must admit that I sit in a
glasshouse here. I hereby encourage my countrypeople to do something about it, and contact our ministry of economy about the matter, and encourage them to review their vote.
Remember: we are only two votes short of winning, and every country, no matter how small can make a difference, be it Denmark, Luxembourg, or even Malta!
Slashdot Mirror
Yes, indeed, it is. Glad you caught it. I guess that's why I put that winky smiley after that sentence...
And I don't mean to make fun of Solaris :)
Well I do. Given the hard time it gave me during the install, I gladly seized the opportunity...
Which makes it even more astonishing that it is so hard to get out of it. No Ctrl-Alt-Backspace to zap the X-server, no Ctrl-Alt-F1 to switch virtual consoles, etc. The only straightforward way is the "console login" drop down menu, which is kind of useless in the case the screen is so messed-up that you don't see it...
Fortunately there is another way: if you are a fast typer, and manage to log in on the console before X would start, you stay in text mode.
Hey, wouldn't they tend to stick with DB/2 on IBM mainframes? At least in the financial sector they do. They wouldn't touch such newfangled technology as Solaris and Oracle with a ten-foot pole ;-)
I recently installed Solaris on my 2 Laptops. Reason: testing Solaris compatibility of software that I maintain! ;-)
It has been an interesting experience anyways, because I ended up not only testing (and fixing...) my own software, but also testing Solaris' usability (or rather: lack thereof...):
Sure, here is one example: Banque Générale du Luxembourg. Click on the Web Banking link, chose a language, and weep :-(
If you read French (or German), click FR or DE, and look at their slogan (top left of page), and snicker ;-) (The English version is less funny).
Actually, most banks in Luxembourg are MSIE only (or do need some trickery and/or alternative login pages to get access).
Tooooot! Toooot! And it's a good thing too! We prefer real freedom (rather than all expenses-paid-holidays in Guantamo Bay), and real democracy (with more than two indistinguishable parties to chose among).
There are rights we have in the US that you do not in other free countries,...
That must be the French use of "other"...
I have news for you: 1 password-protected ASP application out of 3 can be accessed using the username ' or ''='' or ''=' and the empty password (the first and last single quote are part of the username).
Reason: SQL injection.
Supposedly these apps verify the password via a construct equivalent to the following (pseudo-syntax, I don't know enough VB to write real code):
answer = query_execute("SELECT account_id FROM users WHERE username=' "+username+" ' AND password=' "+password+" '");
Yes, they use string concatenation to build the query, rather than using wildcards (bind variables)! Not sure ASP even supports wildcards...
What happens with the magic username above, is that a query such as the following is executed against the database:
SELECT account_id FROM users WHERE username='' or ''='' or ''='' AND password=''
(the part of the query coming from the user-entered data is bold, the rest is what came from the program). This is a query that matches for all rows, so you'll usually get connected using the credentials from the first account in the table (often administrator, he!). Try it out! Go to google, seach for login asp username password and pick one of the sites from "the middle of the stack" (i.e. not from the first few pages returned, because those are mostly either ASP tutorials, or the rare "secure" ASP sites). Saying username and password in another language (Benutzername/Passwort) helps too as you'll get a "fresher" less overfished list ;-)
If the simplistic approach doesn't work, try entering a lone single quote as the username and/or password. You'll often get an error message that shows you part of the query used, and from there you can find how to word your username so that you still get access. For instance, some sites do not use the password in the WHERE clause, but instead return it. In that case, use something such as the following as your username, and zozo as the password:
' union select 0,'zozo' from users where ''='
The query obviously neads some tweaking, as the number of columns, position of password in select clause, and names of table obviously varies among sites. But fortunately, error messages are often verbose enough that with a little bit of trial and error you can figure out a "magic" username that opens the door to the kingdom.
If you are a site administrator whose app is vulnerable: rewriting your app is indeed a solution... preferably in PHP!
Yes, indeed. You pay more taxes on bigger (stronger) cars. But strangely enough, tax administration uses a different definition of horsepower than anybody else...
A Renault? I.e. a French car? So he was actually going backwards at 120 mph?
Yes, but that's two fiscal horsepower, not actual engine power (which is more powerful than that, obviously).
So what do you at the car wash? (the kind of car wash where some chain grabs the left wheel to pull you through the washing mechanism, and which only works if you put the car in neutral...)
Yeah, but having at your disposal a powerful weapons of mass destruction, as this antimatter bomb would be, helps to make sure that said oil stays freely available to you, ha!
So at least it will be very easy to win that part of the war...
Which reminds me of an old joke:
Q: What is the difference between a landmine and a software patent?
A: If you step on a landmine, at least that landmine is no longer dangerous to anyone else...
But will they shatter?
True, antimatter alone is as stable as normal matter. However, problems arise if you bring anti- and normal matter together. And in our world made up of normal matter, this is almost unavoidable unless some elaborate containment devices are used...
The difference is mostly psychological/politcal.
Note for the non-Luxembourgers: yes, we did have a general election in the meantime, and the guy in the picture's party lost big time, hehe. Our new government is not yet formed, but probability is quite high that this guy won't be butchering any penguins anytime soon!
Because nowadays, scientists are judged by the number of their publications. Quality only plays a indirect role (publication in more "selective" journals or conferences are valued higher).
Which means that in order to survive a "good" scientist has to crank out tens of publications per year. Of course, his actual research cannot become faster (on the contrary...): which means an ever repeating rehash of the same basic ideas couched in different wordings in order to keep up the pace.
Of course, such a high rate of publication creates an equally high load on the reviewers, who no longer can read and check papers in depth, but can only quickly skim them. In such a situation, poor language style has a much stronger impact than poor research. You get the expected result, even in the supposedly "good" journals and conferences...
This was obviously not the main subject of the thesis, but occurred in one of the examples that he used.
It was a computer science thesis, presenting a new kind of automatic theorem prover. The sin(x)+cos(x)=1 was used as one example to illustrate his program... and lo and behold, the program managed to "prove" the theorem! [Obviously, the candidate had to fudge it to make it work... Probably he believed he had an error in his program, and didn't considering the possibility that maybe the error was in the example he used...!]
Yeah right.
The reviewers weren't mathematicians, but computer scientists (which doesn't really excuse them, the error is not university subject matter, but highschool!)
It's not just the young kids who think this. Some waste recycling companies share this opinion too
Which is not much. Nowadays, there is such a number of research papers (most of which don't actually contain earth-shattering results) that they are not actually examined with that much detailed attention. Reviewers pay more attention to stylistic aspects (is it readable? understandable without too much efforts? are my buddies, who did research in the same field appropriately credited in the bibliography?) than to contents.
Same thing goes for thesis, and I've heard of a thesis where the candidate "managed" to prove that sin(x)+cos(x)=1. Which is obviously false (... it lacks the square...), but this error escaped the attention of the doctorand's of his adviser and of his reviewers!
Thesis are rather large (> 100 pages), and reviewers have to read them in a limited amount of time (in France, it's just 2 or 3 weeks in bad cases, and some reviewers may be on the boards of more than one thesis!), so it's entirely plausible that even relatively gross errors go unnoticed.
And probably the only reason why this guy got caught was that his papers were of the rare kind that did indeed contain earth-shattering results (high temperature superconductors) which drew the attention of the crowd. If "exposed" papers contain such errors, how much worse must be the situation with the many dull and uninteresting papers?
There is something rotten in the State of Denmark
Ok, no matter what the issue is: please consider your national pride, your national dignity! Do you really value representatives that let themselves be shoved around, and give an easy yes, rather than defending your country's best interests?
But the good news is, there is still a way out. Yes, changing your vote now may be viewed as an admission that you (you're representative) screwed up, or didn't know the subject matter. But it also shows courage and the willingness to correct errors once they become known.
Ok, as a Luxembourg I must admit that I sit in a glasshouse here. I hereby encourage my countrypeople to do something about it, and contact our ministry of economy about the matter, and encourage them to review their vote.
Remember: we are only two votes short of winning, and every country, no matter how small can make a difference, be it Denmark, Luxembourg, or even Malta!