Funny how you mentioned janitor. Most people don't hire a full-time janitor on-site. Janitors are called when there is a problem. However, large organizations do have their own paid full-time buildings and grounds unit. If computing should (and it seems to) become commodity one day, it will be like that.
I don't here people bitching when someone refers to a medical doctor as "doc".
It's actually more like calling a medical doctor "the stethoscope/syringe guy," a hair stylist "the scissors/hair gel guy," a chef "the kitchen guy," an artist "the painter/chisel guy," a teacher "the chalk and blackboard guy," an automobile repair technician "the grease monkey," and so on. What's disrespectful is the practice of calling someone by the tools of their trade without acknowledging that their profession requires finesse beyond the tools being used.
When you call someone "the computer guy," it is insinuated that anyone who has a computer (and who doesn't nowadays?) can do anything can a computer, as if anyone with a stethoscope and syringe can be a medical doctor, anyone with a pair of scissors and some hair gel can be a hair stylist, anyone with a kitchen can be a chef, anyone with some paint and chisel can be an artist, anyone with a chalk and blackboard can be a teacher, and anyone with some motor lubricant can repair cars. Such assumptions are childish.
Both yum and deb based distributions have the ability to bootstrap the whole system under a mount point other than root. This is for the benefit of their installer, as you can imagine. Simply apt-get/yum install the one package you need, say apache httpd, and the package management figures out all the dependencies. After installation, you chroot to the mount point (don't forget to mount/proc and/sys there too) and run the service you want.
Instructions on how to build Amazon EC2 AMI is very similar to this, so you might find that helpful.
Of course, for the purpose of chroot, you don't need to install any new kernel. If you already know about cryptsetup and LUKS, you can then mount an encrypted disk image, install the packages, and chroot into it for the service to run.
After saying all this, I think you really should switch provider, given how unhappy you are with them. Even if you manage to get the whole Slashdot to side with you, your provider will not likely change the way they do things.
One of the key assumption of the Chinese Room thought experiment is that programs do not have semantics. I would argue this is wrong.
Sure, programs do have semantics. How do you suppose the program to be interpreted to behave on a computer? A program is a reduction from one semantics to another, higher level to lower level. If we succeed in AI, that means we now have a program that reduces human semantics down to machine semantics, the instruction set for von Neumann architecture. Or if you will, operational semantics of lambda calculus.
The OS intercedes not by issuing out of memory and crash. The OS intercedes by making the stack and heap memory non-executable, and the code section read-only. However, vulnerability does not limit itself to arbitrary code execution. A crash means there is an opportunity to corrupt memory, and memory corruption can bring you where your creativity flies. For example, if the program manages your bank account, memory corruption could mean setting your account balance to -2^31. This is still a security vulnerability.
Furthermore, in a web browser, executable code does not limit itself to native machine code that resides in read-only memory pages. It can come in the form of Javascript code in the heap. Memory corruption can still inject executable code, and that code can do cross-site scripting. I'm too busy to give you a proof of concept, but you can easily imagine this being possible.
Except most OSes are extremely obedient to memory requests, and rarely issues OOM kill. You'd notice a lot of thrashing before (for swapping out) and well after (for swapping in) OOM killer is triggered. It is extremely unlikely that your browser crashes as a result of using too much memory.
In other words, your counter-example has no practical importance.
Every time your browser crashes, there is an opportunity to exploit that as a security vulnerability. There is no such thing as "my browser is the least vulnerable, but it crashes all the times."
If I were Yahoo's management, I'd reassign or fire whomever was responsible for it. They shouldn't be calling shots for events.
I too think the lap dancing is distasteful, but this is a fine example how corporate culture is heavily distorted by the country's own culture as well. I think Yahoo! Taiwan organized the event autonomously without any collaboration with the US head quarter, and that the US head quarter really has nothing to do with this.
In Taiwan, hiring scanty show girls for any event like trade show, religious celebration, new year, and funeral is very common. You even see that in weddings (especially in the country-side). Imagine how the bride feels about that!
I want to know which motherfucking moderator has been stalking me and mod me down with overrated each time I post. I hope you're happy, loser.
And no, I'm not trying to justify Strategic Vision by any means. I have not even heard of them before reading this story; consider that I've been living under a rock. The problem I'm trying to point out is that arguing against statistics by meta-statistics is not going to fly. Please people do some critical thinking!
Even in the alleged truthful poll, the percentage difference between highest tally and lowest tally is 20%. So what if the Pollster tallies have 57% difference? I feel that their threshold between "random" and "totally not random" is simply arbitrary. Who says that 20% is okay, and 57% isn't?
Code reuse is a great thing, but it's also easier said then done. You saw that someone wrote X and you thought X ought to be useful, but your problem is slightly different, so you need to generalize X. In order to make X more general, you either have to submit a patch for X or ask the developer to do that. You might run into some issues:
The other person is protective of his code, and he does not want anyone touching it. He gives you a hard time trying to modify X in any way. You get in a lot of political discussions trying to get people on the mailing list to side with you, eventually give up, and then write Y that suits your purpose. Meanwhile, the next person sees Y and thought if they could change it a little, it could be useful for them; but you're protective of your code and give them a hard time.
The other person just doesn't have the time or the incentive to look at your patch. It takes too long to communicate with them, and you're losing steam. So you just re-implement X. After all, it's only a few hundred lines of code. But a few hundred lines of code build up over time. While you're busy rewriting X, another person tries to get hold of you regarding Z that you wrote, and you're too busy to respond to them.
Any software project suffers this problem. It has to do with the fact that it takes effort to work with another person if you want to share reusable code. In the case of one-person project, you may find it difficult that, once you make change to X, you have to change numerous places that use X, so you just fork it to avoid the hard work. You thought you'd go back and clean it up later, but you forget or just don't have the time. Sometimes generalizing is just a very difficult problem, and your language doesn't provide you a good way to do it. The C language certainly doesn't offer much to abstract a problem; C++ at least offers something usable.
I do believe that Linus has the authority and the knowledge to do the editorial work that enforces code reuse. It will just take him a while to trim down all the fats every here and there.
Actually, you're the one who doesn't know what you're talking about. The NTOSKRNL.EXE (you misspelled it) and HAL.DLL you mentioned are relics of the old hardware abstraction, and these are no indicators of well-structured code.
When you write code, scattering #ifdef throughout your code is not a good abstraction. If I were Microsoft, and the number of platforms I need to support are miniscule, I could get away with #ifdefs everywhere else because it's the path to least resistance to get a product out. Also, some the device drivers that have no business being platform dependent (e.g. USB stack, network stack, etc) might still be just because I could get away with it. Again, without access to Windows source code, I can't really tell if that's the case with them. Didn't I make it clear that the key point is, it depends on your software engineering? What part don't you understand?
You can defend Microsoft from the cost perspective as much as you want, and you must acknowledge that this is no more than a speculation than what I said about their source code. I think it's pretty clear to anyone that the trend is to have one operating system to run on multiple classes of devices like Linux and Mac OS X, which both run on any device from mobile phones through servers. It's not about porting anymore. It's about engineering software that can easily adapt to different requirements, and this must be done as a continuous effort, not only when you need it.
Being profit driven as Microsoft is, this might actually be their grave.
It depends on how the original code is written. In a well-structured OS like Linux and NetBSD, they isolated the idiosyncrasies of the CPU and focused on using common high-level features across most CPUs (memory paging and interrupt handling among the chief of them), and can optionally adapt when a particular feature is not available on some architecture (e.g. high resolution timer, atomic instructions). In such case, porting to a new architecture just entails writing the assembly language glue that bridges high-level hardware feature with the machine instructions that does the real work.
But among the worst things you can do is to hard-code low-level hardware handling and scatter that throughout the source code. Or some important code may be overly dependent on CPU specific feature (e.g. task gate for intel x86) which makes it essentially non-portable. I've never seen the source code of Windows, but I suspect this is the case with them. According to some Windows NT Internals book I read many years ago, it started out well-structured, with a nice hardware abstraction layer and all that. But since Windows dropped Alpha processor support, I think the abstraction started to suffer bit-rot and made things much worse than if they had no abstraction at all.
The Fast Flip format actually contains less information than RSS reader, which also displays just the headline and possibly a summary and a picture. A lot of the times, you can't even make out the headline in the Fast Flip thumbnail (they ought to make it bigger), and RSS reader wins in text legibility. But I think the reason why Fast Flip is such a pleasure to use is because they prove to cause less visual stress.
Compare a "tag cloud" that makes a tag bigger in font size if it's more popular, and a tagging system that makes all tags the same size but prints an integer next to the tag to indicate popularity. The tag cloud format is much more visually accessible.
What the online news publishers ought to do is to provide snippets of popular news stories, but make snippets of popular stories bigger in font size, and less popular ones smaller.
Ergo, et sum: you were a "#2." "Try this alternative." I *guarantee* that the original poster will try it and find what I've said -- that there's something else that it won't do.
This really is a fact of life, not specific to F/OSS at all. You just have to keep trying until you find out what works for you. At some point you either get what you want, or just give up and move on.
Since the whole OS-App stack is made of too many components with different stake-holders, and these components interactive in non-trivial ways, it's hard to place blame on the OS or the app. In my case, Firefox 3.5 since beta 2 has been crashing my X server with intel i810 driver that came with rhel5. Nowadays, I essentially have a different Windows machine that I rdesktop from Linux that run Google Chrome. This is the path of the least resistance for me to get something that works. In the future, the physical Windows machine may simply be replaced by a virtual machine.
The article speculated that, since the iframe code was injected to legitimate webpages using stolen FTP credentials, it may be that a few "root" credentials are obtained the same way. FTP credentials can be stolen by malware running on the client computer, for example a computer an admin uses to control the server, from well-known FTP client software.
NX is compressed X11 protocol with reduced number of round trips, so it's fairly responsive even over slow connection. You can create full-desktop sessions like VNC, floating window sessions like SSH with X11 forwarding, and also connect to existing full-screen sessions running on the remote computer like RDP. The server installation creates an "nx" user with a special NX shell. The NX client simply SSH to the server and manipulates the session with the NX shell, as opposed to listening on a TCP port.
No Machine is proprietary, but they let you use the NX client for free (as in beer). The NX free server (running on the remote computer) restricts the number of connections, but Google has released open source NeatX for the server replacement. It's probably easier to install the NX server first, then replace the NX shell with that implemented by NeatX. For me, I just stick with the proprietary NX free server because the restriction is not a problem for me.
NX does have a free open source server and client implementation, FreeNX. I haven't tried it, but you could.
By your standard, Shakespeare is so old that his work cannot compare to the gibberish of an infant that was born yesterday.
Actually the recent activities are done by a spin-off company called CilkArts. And the lack of public activity does not mean the product is not good. It simply means it has matured and did not require much improvement to be made. And how does using a different compiler ever stopped people from being productive? Apple is making you use its own fork of the GCC compiler.
Slashdot Mirror
Funny how you mentioned janitor. Most people don't hire a full-time janitor on-site. Janitors are called when there is a problem. However, large organizations do have their own paid full-time buildings and grounds unit. If computing should (and it seems to) become commodity one day, it will be like that.
It's actually more like calling a medical doctor "the stethoscope/syringe guy," a hair stylist "the scissors/hair gel guy," a chef "the kitchen guy," an artist "the painter/chisel guy," a teacher "the chalk and blackboard guy," an automobile repair technician "the grease monkey," and so on. What's disrespectful is the practice of calling someone by the tools of their trade without acknowledging that their profession requires finesse beyond the tools being used.
When you call someone "the computer guy," it is insinuated that anyone who has a computer (and who doesn't nowadays?) can do anything can a computer, as if anyone with a stethoscope and syringe can be a medical doctor, anyone with a pair of scissors and some hair gel can be a hair stylist, anyone with a kitchen can be a chef, anyone with some paint and chisel can be an artist, anyone with a chalk and blackboard can be a teacher, and anyone with some motor lubricant can repair cars. Such assumptions are childish.
Both yum and deb based distributions have the ability to bootstrap the whole system under a mount point other than root. This is for the benefit of their installer, as you can imagine. Simply apt-get/yum install the one package you need, say apache httpd, and the package management figures out all the dependencies. After installation, you chroot to the mount point (don't forget to mount /proc and /sys there too) and run the service you want.
Instructions on how to build Amazon EC2 AMI is very similar to this, so you might find that helpful.
Of course, for the purpose of chroot, you don't need to install any new kernel. If you already know about cryptsetup and LUKS, you can then mount an encrypted disk image, install the packages, and chroot into it for the service to run.
After saying all this, I think you really should switch provider, given how unhappy you are with them. Even if you manage to get the whole Slashdot to side with you, your provider will not likely change the way they do things.
If you do this, your Nook will be openly accessible to anyone who port-scanned your Nook and found that port 5555 is open.
One of the key assumption of the Chinese Room thought experiment is that programs do not have semantics. I would argue this is wrong.
Sure, programs do have semantics. How do you suppose the program to be interpreted to behave on a computer? A program is a reduction from one semantics to another, higher level to lower level. If we succeed in AI, that means we now have a program that reduces human semantics down to machine semantics, the instruction set for von Neumann architecture. Or if you will, operational semantics of lambda calculus.
The OS intercedes not by issuing out of memory and crash. The OS intercedes by making the stack and heap memory non-executable, and the code section read-only. However, vulnerability does not limit itself to arbitrary code execution. A crash means there is an opportunity to corrupt memory, and memory corruption can bring you where your creativity flies. For example, if the program manages your bank account, memory corruption could mean setting your account balance to -2^31. This is still a security vulnerability.
Furthermore, in a web browser, executable code does not limit itself to native machine code that resides in read-only memory pages. It can come in the form of Javascript code in the heap. Memory corruption can still inject executable code, and that code can do cross-site scripting. I'm too busy to give you a proof of concept, but you can easily imagine this being possible.
Except most OSes are extremely obedient to memory requests, and rarely issues OOM kill. You'd notice a lot of thrashing before (for swapping out) and well after (for swapping in) OOM killer is triggered. It is extremely unlikely that your browser crashes as a result of using too much memory.
In other words, your counter-example has no practical importance.
Every time your browser crashes, there is an opportunity to exploit that as a security vulnerability. There is no such thing as "my browser is the least vulnerable, but it crashes all the times."
I don't see how the other person can be condescending to you if you ask them what you can do in order to serve them better.
I too think the lap dancing is distasteful, but this is a fine example how corporate culture is heavily distorted by the country's own culture as well. I think Yahoo! Taiwan organized the event autonomously without any collaboration with the US head quarter, and that the US head quarter really has nothing to do with this.
In Taiwan, hiring scanty show girls for any event like trade show, religious celebration, new year, and funeral is very common. You even see that in weddings (especially in the country-side). Imagine how the bride feels about that!
Bingo. I like your explanation.
I want to know which motherfucking moderator has been stalking me and mod me down with overrated each time I post. I hope you're happy, loser.
And no, I'm not trying to justify Strategic Vision by any means. I have not even heard of them before reading this story; consider that I've been living under a rock. The problem I'm trying to point out is that arguing against statistics by meta-statistics is not going to fly. Please people do some critical thinking!
Even in the alleged truthful poll, the percentage difference between highest tally and lowest tally is 20%. So what if the Pollster tallies have 57% difference? I feel that their threshold between "random" and "totally not random" is simply arbitrary. Who says that 20% is okay, and 57% isn't?
Code reuse is a great thing, but it's also easier said then done. You saw that someone wrote X and you thought X ought to be useful, but your problem is slightly different, so you need to generalize X. In order to make X more general, you either have to submit a patch for X or ask the developer to do that. You might run into some issues:
Any software project suffers this problem. It has to do with the fact that it takes effort to work with another person if you want to share reusable code. In the case of one-person project, you may find it difficult that, once you make change to X, you have to change numerous places that use X, so you just fork it to avoid the hard work. You thought you'd go back and clean it up later, but you forget or just don't have the time. Sometimes generalizing is just a very difficult problem, and your language doesn't provide you a good way to do it. The C language certainly doesn't offer much to abstract a problem; C++ at least offers something usable.
I do believe that Linus has the authority and the knowledge to do the editorial work that enforces code reuse. It will just take him a while to trim down all the fats every here and there.
Or he could start Linux 3.0, written in C++. :-p
Actually, you're the one who doesn't know what you're talking about. The NTOSKRNL.EXE (you misspelled it) and HAL.DLL you mentioned are relics of the old hardware abstraction, and these are no indicators of well-structured code.
When you write code, scattering #ifdef throughout your code is not a good abstraction. If I were Microsoft, and the number of platforms I need to support are miniscule, I could get away with #ifdefs everywhere else because it's the path to least resistance to get a product out. Also, some the device drivers that have no business being platform dependent (e.g. USB stack, network stack, etc) might still be just because I could get away with it. Again, without access to Windows source code, I can't really tell if that's the case with them. Didn't I make it clear that the key point is, it depends on your software engineering? What part don't you understand?
You can defend Microsoft from the cost perspective as much as you want, and you must acknowledge that this is no more than a speculation than what I said about their source code. I think it's pretty clear to anyone that the trend is to have one operating system to run on multiple classes of devices like Linux and Mac OS X, which both run on any device from mobile phones through servers. It's not about porting anymore. It's about engineering software that can easily adapt to different requirements, and this must be done as a continuous effort, not only when you need it.
Being profit driven as Microsoft is, this might actually be their grave.
It depends on how the original code is written. In a well-structured OS like Linux and NetBSD, they isolated the idiosyncrasies of the CPU and focused on using common high-level features across most CPUs (memory paging and interrupt handling among the chief of them), and can optionally adapt when a particular feature is not available on some architecture (e.g. high resolution timer, atomic instructions). In such case, porting to a new architecture just entails writing the assembly language glue that bridges high-level hardware feature with the machine instructions that does the real work.
But among the worst things you can do is to hard-code low-level hardware handling and scatter that throughout the source code. Or some important code may be overly dependent on CPU specific feature (e.g. task gate for intel x86) which makes it essentially non-portable. I've never seen the source code of Windows, but I suspect this is the case with them. According to some Windows NT Internals book I read many years ago, it started out well-structured, with a nice hardware abstraction layer and all that. But since Windows dropped Alpha processor support, I think the abstraction started to suffer bit-rot and made things much worse than if they had no abstraction at all.
Then you tell me that?! *cough*
The Fast Flip format actually contains less information than RSS reader, which also displays just the headline and possibly a summary and a picture. A lot of the times, you can't even make out the headline in the Fast Flip thumbnail (they ought to make it bigger), and RSS reader wins in text legibility. But I think the reason why Fast Flip is such a pleasure to use is because they prove to cause less visual stress.
Compare a "tag cloud" that makes a tag bigger in font size if it's more popular, and a tagging system that makes all tags the same size but prints an integer next to the tag to indicate popularity. The tag cloud format is much more visually accessible.
What the online news publishers ought to do is to provide snippets of popular news stories, but make snippets of popular stories bigger in font size, and less popular ones smaller.
This really is a fact of life, not specific to F/OSS at all. You just have to keep trying until you find out what works for you. At some point you either get what you want, or just give up and move on.
Since the whole OS-App stack is made of too many components with different stake-holders, and these components interactive in non-trivial ways, it's hard to place blame on the OS or the app. In my case, Firefox 3.5 since beta 2 has been crashing my X server with intel i810 driver that came with rhel5. Nowadays, I essentially have a different Windows machine that I rdesktop from Linux that run Google Chrome. This is the path of the least resistance for me to get something that works. In the future, the physical Windows machine may simply be replaced by a virtual machine.
The article speculated that, since the iframe code was injected to legitimate webpages using stolen FTP credentials, it may be that a few "root" credentials are obtained the same way. FTP credentials can be stolen by malware running on the client computer, for example a computer an admin uses to control the server, from well-known FTP client software.
NX is compressed X11 protocol with reduced number of round trips, so it's fairly responsive even over slow connection. You can create full-desktop sessions like VNC, floating window sessions like SSH with X11 forwarding, and also connect to existing full-screen sessions running on the remote computer like RDP. The server installation creates an "nx" user with a special NX shell. The NX client simply SSH to the server and manipulates the session with the NX shell, as opposed to listening on a TCP port.
No Machine is proprietary, but they let you use the NX client for free (as in beer). The NX free server (running on the remote computer) restricts the number of connections, but Google has released open source NeatX for the server replacement. It's probably easier to install the NX server first, then replace the NX shell with that implemented by NeatX. For me, I just stick with the proprietary NX free server because the restriction is not a problem for me.
NX does have a free open source server and client implementation, FreeNX. I haven't tried it, but you could.
Apparently in the example, it is neater to show short code as opposed to long code, but it doesn't mean it is designed to run short code.
Obviously you have no respect for prior research done by respectable scholars, and you think everything under the sun (made by Apple) is new.
By your standard, Shakespeare is so old that his work cannot compare to the gibberish of an infant that was born yesterday.
Actually the recent activities are done by a spin-off company called CilkArts. And the lack of public activity does not mean the product is not good. It simply means it has matured and did not require much improvement to be made. And how does using a different compiler ever stopped people from being productive? Apple is making you use its own fork of the GCC compiler.