"You know, I've been thinking about this kind of thing too. Just as we currently have Tax Havens, how much longer before we have the "Patent Haven"?"
How much longer? About 3 years ago. 8^)
I'm currently living in a small Pacific Island Nation (think: Cryptonomicon) which is selling itself as being conveniently free of certain obstacles to international, Internet-based commerce. I've often found myself thinking that it would be a great place to set up a software and services shop. Palm trees, hyper-affordable living, beautiful people and long evenings by the lagoon. Add to that the promise that no lawyer will ever tell you what you can or cannot do, and you'd have to call this place paradise.
I've looked over your list, and I found myself asking, 'fine, but how much of this is actually innovative?'
ASP 3.0 and the resulting aftermarket of extensions
mod_perl + CPAN, or PHP/Pear if you prefer.
SQLXML extensions for SQL Server beat all the major players with rich DB/XML interactions.
Could be. Haven't played with it since I realised that SQL Server was plain agony to use with web apps. I'll give you this one.
SQL Server is a very nice tool, especially the UI on things like its Query Builder, which IMHO is a work of genius. It supports the needs of expert users while simultanously training newbie developers.
If you had said that about Access, I might have given MS some credit, because it is more or less unique in its niche. SQL Server, though, is wrong is as many ways as it's right, and there are any number of decent db tools that it's hard to get excited about this, or to view it as innovative in any way. I've used interactive query builders that blow the socks off MSSQL, and which predate it by a long time.
ADO/ADO.NET is awesome: unifies structured data storage forms, supports persistant and disconnected data
What you're saying is arguably valid - there are many who would argue that there are better ways to do it. IMO, it comes down to liking vanilla or chocolate. I personally find ADO to be all right, but not exceptional. Call this one moot.
Visual Studio / the free "Visual Web Express" or whatever it's called (have you tried it?)
I worked with Visual Studio for three years, mostly because of the tight tie-in with MS programming languages and APIs. I have never been more relieved to leave a programming tool behind. I for one despise the cluttered interface, the straightjacketed approach to building components and mostly the utter lack of support if you stray even slightly from the beaten path. IMO, VS is a hammer, and what I want is a toolkit.
ASP.NET
Insecure, unoriginal
Mappoint as a subscribable web service, unique biz model
Subscribable web service a 'unique biz [sic] model'? Er, check your history. It might arguably be called a successful implementation, but it is hardly innovative.
"Streets and Trips" standalone routefinding/GPS utlility
Can't comment on this as I've never used it. Let's give you the benefit of the doubt that noone came up with this before MS. 8^)
Xbox is very cool, modded or not. Amped/Amped2 games are unique.
Perhaps. I've never liked game consoles much, so I'm in no position to argue one way or the other. Let's give this one to you as well.
PocketPC is very useful.
Er, useful doesn't even meet your arbitrary criterion of 'cool'. And I've seen nothing about PocketPC that made me think it was in any way interesting except in its consistency with full-blown Windows. From where I sit, that puts it in the same league as taking a standard poodle and breeding a toy poodle from it. 8^)
Latest implementation of Remote Desktop (ships with XP) is insanely great. Access local devices like disks and printers from remote sessions, or vice versa. I did usable remote desktop session from Instanbul - USA over 28.8k modem. That's pretty cool.
Look, I hate to break it to you, but Unices have been able to do this for ages. Yes, in low-bandwidth situations too. Encrypted. The fact that Windows is showing its first signs of being really-o truly-o multi-user is a matter of some amusement to those of us who have been doing this kind of thing for years and years. The Mac was 'insanely great'. Remote desktop is 'about bleeping time'. 8^)
"[F]or anyone to be surprised that an OS designed to be run for a single user in a non-networked environment loaded with legacy code to fully (and successfully) port to a multi-user, networked environment shows a lack of understanding about the increasing inertia software products have as they age."
Amen, brother!
I mean, when was the last time we heard of some dusty old professor writing a toy OS for the edification of his students, only to have some graduate student study it for a bit, then get together with a bunch of pals and create one of the best OSes in the world?
"The MSN Search Technology Preview is currently unavailable. The site may be down for a short while due to scheduled maintenance. Please try again later."
And for those of us who didn't get it the first time:
"Den foreløbige teknologiversion af MSN Søg er ikke tilgængelig i øjeblikket. Webstedet kan være nede i en kort periode på grund af planlagt vedligeholdelse. Prøv igen senere."
This is a proud moment, people. You've slashdotted Microsoft. 8^)
Okay, okay, it probably really is scheduled maintenance. I mean, what better time to take the service offline than mid-afternoon on a Thursday?
The issue here is not about jumping to conclusions. That happens all the time. There isn't a person alive who isn't victim of their own biases to some degree or other.
What impresses me is slashdot's ability to correct and refine its information and perspective in a completely transparent and participatory manner. No media organisation today comes close to having the same kind of manpower and expertise that can be brought to bear on tech-related issues.
"As you also rightly point out, the simple fact that voting discrepancies are being discovered is proof that the auditing trail works."
Holy circular logic, Batman!
Look, the story is this: Someone spotted statistical anomalies in the election results, but there's no way to verify them because - wait for it - there is no audit trail.
The audit trail emphatically does NOT work. There is no audit trail!
Moderators: PLEASE STOP BEING PARTISAN AND START THINKING. WITH YOUR BRAINS.
Some will be quick to decry how slashdot is quick to jump to conclusions. They'll draw fairly pointed comparisons between slashdot and 'real' journalism.
As far as they've reasoned it, they're right. But that's only because they haven't reasoned it quite far enough.
This is exactly the process that happens in the major news media. A journalist spots something unusual, thinks there might be a story there. An investigative team looks into the evidence, tries to get feedback from the source(s), and either corroborates or refines the initial hypothesis.
The difference that we're seeing here is that the story is not landing in our lap, fully formed and packaged according to the publisher's wont. In the past, we never saw the messy part of any story, just the finished product.
I happen to like being able to see the 'messy part' . I like it a lot. In fact, it's why I come to slashdot. If I trusted Big Media to properly digest and format my news, I'd have no need to come here at all.
The truth about slashdot is that, amid all the noise, the silliness, the kvetching and moaning, there is a great deal of solid fact-checking going on. Assumptions do get challenged, news is removed from its 'frame' and picked at. Opinions get challenged or supported by a large number of qualified peers[*].
[*] And admittedly, a smaller but significant number of unqualified peers. 8^)
How many media companies have the same resources available to them? Not many. Most don't even hire fact-checkers any more. And believe it or not, slashdot fact-checkers really are better than none at all. 8^)
"Being arrogant and right is a pretty quick way of making everyone hate you."
Good. At least you've got their attention.
For countless years, women fighting for equality have had to cope with being characterised as 'bitches' whenever they tried to be heard. Why? They were ignored until they shouted so loud that people were forced to take notice.
For countless years, African Americans were persecuted, beaten, murdered for being 'uppity'. Anyone who spoke out in even the mildest fashion was subject to extreme punishment.
These days, one of the most significant issues in electronic communication is its abuse by people who systematically spread disinformation and suppress truth. The motives for doing so are manifold. In Microsoft's case, it's likely because the truth is fatal to their way of doing business.
People in a position to know better first assumed that the problem was that others just didn't have access to the right information. They packaged up the data in the proper format, and presented it to the world. They were largely ignored.
Still believing that the word just wasn't getting out, they tried harder, spoke a little more forcefully, worked harder at discrediting the other sources.
At a certain point, the propagandists realised that they could not win the argument on merit. So they attacked the source. They ascribed their own dubious motives to others (Linus 'stole' Linux), they made baseless threats (SCO). And now, they try to kill the messenger, not because of the message, but because he was shouting when he delivered it.
Your post seems to say, 'You may be right, but you're a prick, so nobody's going to believe you.' Problem is: Nobody listened before. Sometimes, there's no option but to be pushy. This fact has given us arrogant pricks from Galileo to Patrick Henry to Martin Luther King.
"I think what you will never get over is your own arrogance."
It's not arrogance when you're right.
Now, before you write this off as a flame, hear me out. Throughout history, people with unpopular views have believed that if they could just get the information out, their message would be accepted and acted on.
Elsewhere in this thread, someone said that Ballmer was like a street preacher, spouting tales of Armageddon from his soapbox pulpit. That's not true. He is a cardinal in his robes, descending from on high with the Word.
For the agnostics in the audience, those who can see that prima facie his statements are false, their immediate urge is to point out the untruths. In their world, the right information is all that's required to correct false reason.
But there is a significant proportion of the population whose world is not ruled by that same empiricism. For those people, it's more important to follow the appropriate leader than to be right. There are really good reasons to act this way, not the least of which is that it keeps one from being singled out. The only trouble these people experience is shared by everyone. Nonetheless, this drives the empiricists crazy. Their world cannot permit behaviour like this.
Worse, being 'comfortably wrong' (i.e. following the dominant mantra) can prove extremely destructive at times. So the rationalists feel compelled to shout the truth loudly. Problem is, the truth is useless to those who don't operate in a world driven by logic. This is nothing new; the Iliad tells us about Cassandra, doomed to know the future, and never to be believed.
None of this is to excuse those who rant at the 'stupidity' of the majority. Nor is this an attempt to excuse people who will not be swayed by reason. All I'm trying to do is to point out that there are two languages being spoken most of the time. Both may sound like English, but their purposes and means of expression are only close enough to cause confusion.
Again: There is nothing arrogant about being right, and letting the world know it. Arrogance comes when you continue insisting that you're right long after you've been proven wrong.
"What's to stop them from taking one of the BSDs and adding on a Windows compatibility layer in addition to the Linux compatibility layer?"
A level playing field.
Creating a system like the one you describe would even the field by allowing FOSS applications to be recompiled to run on their BSD variant with little or no additional effort. This would represent a free ticket into the game for any player. This would leave Microsoft one criterion to compete with: quality.
Microsoft can't compete with FOSS on development cost. So in order to develop software of equal quality, they have to spend more money. Which means they have to charge more. This means they lose market share to competitors who are willing to accept razor-thin margins just to get on the same platform as Microsoft.
"Linus has often said that Linux on the desktop would be a long, tiring battle."
I agree with Linus' assessment, inasmuch as making Linux an ideal desktop environment is concerned. But I don't think it has any bearing on the tipping point argument.
The longest, most tiring battle of my 15 year career in IT has been supporting Windows under increasingly difficult conditions. I now refuse to recommend or administer Windows servers, and I provide my customers with compelling reasons for this stance. The vast majority of them are receptive to my reasoning and discover for themselves that Linux servers are more cost-effective.
The huge upsurge in Windows exploits and the daily onslaught of malware and spam gives consultants like me all the fodder we need to argue for FOSS on the desktop too. Note that I'm not saying 'Linux on the desktop'. This is a transitional game we're playing, and conversion to Linux-based desktop systems won't be immediate. It will happen, though, unless something comes along that's got more momentum and greater robustness than Linux.
It's critical to note that Microsoft has never written robust, secure software. Pronouncements to the contrary notwithstanding, it doesn't know how to do it. As software security becomes a dominant criterion for product selection, Microsoft's appeal diminishes. More and more frequently, organisations are willing to compromise on polish and integration in exchange for lower overall running costs.
This is precisely the wedge that Linux - and FOSS in general - need to break into the market. There will be a tipping point past which it becomes easier to move to FOSS than to remain with MS. The real question is when this will occur. You seem to be suggesting that this will be a long time in coming. I believe that rampant security problems will bring about the change much sooner than many suspect.
"Now, in this picture, http://www.goofalicious.com/squat/squat-arrested-1 -detail-a.jpg it certainly looks like the officer handcuffing the man in white has a weapon of some sort, but the pic is waaaaay too grainy to tell what it is. Could be a shotgun, or a carbine, or a subgun, or a tear gas launcher for all I can tell. Doesn't really look like an M16 (I think y'all call them C7s up there) whatever it is. BTW, do you know how to tell the difference, by looking, between a select-fire (automatic) M16 (C7) and a semi-automatic AR15?"
You're right that the weapon might have been a carbine; it might well have been a select-fire weapon. If you'll re-read my post, I never made the assertion that the photo did anything but suggest the possibility. What the photo does, though, is refute the police assertion that no special weapons were used during the assault.
And of course my point in the original post was not that photographic evidence is sufficient, but that it's usually not enough to provide adequate context. When you combine the eyewitness reports, available photographic evidence and various other sources of data, you can corroborate an account (rather than dismiss it as a lie), or refute an assertion such as that made by the police to the press.
I do apologise for the quality of the photographs. The assault happened at dawn, and the press were kept at a distance of 100m.
"His claims may be questionable, but they are serious and they do deserve a meaningful response."
I agree that the claims are questionable and that they do deserve a meaningful response.
Lipner uses the example of slack security policy in some older FOSS applications (BIND and WuFTPd) to illustrate how code review, a boring task, gets neglected in favour of feature creation. He also claims that peer review works on algorithms, but other processes are required to secure 'a 40 million line operating system'.
Let's examine some of the assertions:
Open source development does not magically make better software. BIND, sendmail and several other network daemons have proven notoriously insecure in the past. (A friend of mine used to have a tagline saying, 'BIND, the 21st century sendmail') They were designed and developed in a much more trusting time, and it shows.
Incidentally, Windows 95 was designed and developed in a much more trusting time, and that shows, too. And because of this legacy, recent versions of Windows still suffer from 'single-userisms' that are hopelessly behind the times. Even though the code base has completely changed and many enhancements have been made, sometimes software's history dictates its present.
So, with respect to the 'FOSS makes insecure software too' argument: Yep, FOSS is not a silver bullet. Of course, FOSS is verifiably insecure, and people can and do fix it, typically quickly.
Lipner's assertion that sysadmin's would be better off checking logs and applying patches than reading source is disingenuous. The implication that a sysadmin shouldn't need to know code is particularly wrong-headed. All the really good sysadmins I've met were expert coders who just preferred running systems. In my opinion, that's no accident.
While he doesn't say it in so many words, Lipner implies that one significant area of software security that gets neglected in FOSS projects is integration testing. While individual FOSS projects don't do always this, that hardly means the job is not being done. I worked for three years on a Linux distro where better than 80% of our workload was exactly this kind of work. I believe RedHat, Suse, IBM et alia do a little bit of this, too. 8^)
What's more, unlike Microsoft, it's most of what they do. They don't have to fund all of the design and coding, so they can focus their resources on exactly the kind of integration work that is often painfully truncated in deadline-bound proprietary software projects.
FOSS doesn't make good software. In my experience, the majority of software, proprietary and open, is substandard. But FOSS is verifiable and customisable to a vastly greater degree than proprietary software typically is. This doesn't guarantee greater security, but it does make it possible, indeed far more likely.
Pictures can provide compelling evidence, but you're absolutely right that they need to be presented in the right context. I would never advise against using them, however.
One of Indymedia's best traits is that they report on events that would otherwise be forgotten. In 2002, Ottawa police raided a squat by activists protesting lack of affordable housing in the city. I and several others took photos of police methods. The evidence is damning.
http://www.goofalicious.com/squat/squat-assault-9- detail-a.jpg shows police in a fire department cherry picker attacking the squatters with pepper spray. Also in evidence are automatic weapons (highlighted). It could be (and it was) argued that they were in a potentially dangerous situation and were proceeding accordingly.
But let's look at the photo in context. http://www.goofalicious.com/squat/squat-assault-on lookers-1b.jpg is a shot of the police immediately below the cherry picker. Their casual stance and lack of protective gear seem to suggest that the insertion team's methods are designed not so much to protect themselves as to intimidate and overwhelm the people inside the squat.
The police, by the way, denied that they were carrying 'special weapons' (i.e. non-standard issue for regular duty). These photos made them quickly forget that assertion.
I'm currently working in the tiny island nation of Vanuatu in the South Pacific. Here, the temperature is seldom less than 23-25, and frequently warmer. Everyone here at the office is extremely productive.
(Whoops, back in a second. There's someone selling green coconuts. Gotta get a drink....)
Sorry, what was I saying? Oh yeah, productivity, right. Yeah it's great here in Vanuatu because
Heh, sorry, got cut off by my boss. I'm heading out to the beach this afternoon, and he wants to know if I want to borrow his surf board.
So yeah, the level of productivity in the tropics is *way* higher than in colder places because... Man! That music is great! Sorry, all the windows are open here in the office, and there's a string band playing somewhere outside. Sounds of the islands. Love it, man. Love it.
Anyway, so I was saying that this study is right on the money, because the temperature here is usually in the high twenties. In fact, it's really comfortable. That means I remain alert and productive at all timezzzmmmmmmz,,
Heh, sorry. Dozed off for a second there. Listen, I'll finish this right after lunch. Here in Vanuatu we take a 2 hour lunch, because of the heat. Time zone differences mean that you'll probably be asleep by the time I get back, so how about I just finish this up tomorrow, huh?
Re:Except Animals are more likely to be right.
on
Good Bad Attitude
·
· Score: 1
"I'm not saying that there isn't trouble brewing or that hackers aren't necessarily better at seeing this than others, its just like all the hackers that predicted the death of the internet for the last few decades... They saw change and picked up a pattern that turned out not to be there."
One of the things that make good hackers better at spotting trends is that they rely on evidence rather than suspicion and speculation. One of my good friends used to LART people constantly in meetings with 'Don't speculate - profile!'
In the spirit of that statement, could you please provide some evidence of 'all the hackers that predicted the death of the internet for the last few decades...' I see the following problems with that statement:
1) 'All the hackers' is a hopelessly ambiguous modifier. Do you mean 'the majority'? I don't think so, based on context. Do you really mean 'many'? If so, how many? Who?
2) 'Predicted the death of the Internet' is another useless phrase. I can predict the death of the Internet with certainty. Watch: Some time before the heat death of the Universe, what we now know as the Internet will cease to exist. See? That was easy. 8^)
What you really seem to mean is 'predicted catastrophic problems' or 'predicted fundamental changes'. Until you provide evidence (i.e. $foo predicted $bar, but $bar hasn't happened yet) we can't give your statement any value until you define values for $foo and $bar.
It's probably clear by now that I'm being pedantic about a silly statement that would be best discarded, but it highlights one of the qualities that good hackers have - they quantify, specify and clarify the information they work with. It's their job, and it's often their passion.
... 90% of Personal Computers. And if he really wanted to be precise, he'd say 90% of PCs running Windows. After all, only PC owners running Windows are going to get Dell tech support, right?
Has anyone got any metrics on spyware levels on other platforms?
Re:They missed the most important question...
on
Linus Interviewed
·
· Score: 5, Funny
It also bears mentioning that Canada has one of the best political satire shows on television. The producers were smart enough to make sure the show runs right before CBC's evening news.
It got so popular, in fact, that politicians lined up to appear on it in mock news features that made fun of them. After looking at the polls, the found that a politician who could take a joke was way more popular than one who couldn't.
This will *never* happen in the US, of course.
It's sad though, because being able to laugh at yourself is a good way to stay sane.
"Very popular these days, but not so much in 1998 when this was filed."
I say the following with all due respect: Baloney.
I agree that the write-up for this article is pure fabrication, but it doesn't follow that Microsoft is making a claim that is even remotely valid.
This behaviour was blindingly obvious to web application developers well before 1998. The very first question you ask when you're developing a stateless, client-server application is, 'How do I divide the work?' Updating onscreen information without making another request to the server is what JavaScript was designed for.
How do I know? Because I wrote at least two applications that I can think of off the top of my head in 1996-7 that used exactly the kind of behaviour described in this patent.
"If OSX were #1 I'm sure the attacks would be just a fast and furious."
Amen, brother! That's why I tossed out that POS Apache web server and got me a brand new IIS. I mean what with all the security holes that come from being the number one piece of software and all, I just KNOW that IIS will never be a problem.
And besides, look at the name: Ah Pah Chee. Get it? It's a Patchy web server. It's gotta suck!
[Disclaimer. The above is one man's poor attempt at humour. If, while moderating, you find that this does not satisfy your personal criteria for 'funny', return this post in its original packaging to the sender and you will be receive a full refund.]
Slashdot Mirror
"You know, I've been thinking about this kind of thing too. Just as we currently have Tax Havens, how much longer before we have the "Patent Haven"?"
How much longer? About 3 years ago. 8^)
I'm currently living in a small Pacific Island Nation (think: Cryptonomicon) which is selling itself as being conveniently free of certain obstacles to international, Internet-based commerce. I've often found myself thinking that it would be a great place to set up a software and services shop. Palm trees, hyper-affordable living, beautiful people and long evenings by the lagoon. Add to that the promise that no lawyer will ever tell you what you can or cannot do, and you'd have to call this place paradise.
So: Anyone interested? 8^)
I've looked over your list, and I found myself asking, 'fine, but how much of this is actually innovative?'
ASP 3.0 and the resulting aftermarket of extensions
mod_perl + CPAN, or PHP/Pear if you prefer.
SQLXML extensions for SQL Server beat all the major players with rich DB/XML interactions.
Could be. Haven't played with it since I realised that SQL Server was plain agony to use with web apps. I'll give you this one.
SQL Server is a very nice tool, especially the UI on things like its Query Builder, which IMHO is a work of genius. It supports the needs of expert users while simultanously training newbie developers.
If you had said that about Access, I might have given MS some credit, because it is more or less unique in its niche. SQL Server, though, is wrong is as many ways as it's right, and there are any number of decent db tools that it's hard to get excited about this, or to view it as innovative in any way. I've used interactive query builders that blow the socks off MSSQL, and which predate it by a long time.
ADO/ADO.NET is awesome: unifies structured data storage forms, supports persistant and disconnected data
What you're saying is arguably valid - there are many who would argue that there are better ways to do it. IMO, it comes down to liking vanilla or chocolate. I personally find ADO to be all right, but not exceptional. Call this one moot.
Visual Studio / the free "Visual Web Express" or whatever it's called (have you tried it?)
I worked with Visual Studio for three years, mostly because of the tight tie-in with MS programming languages and APIs. I have never been more relieved to leave a programming tool behind. I for one despise the cluttered interface, the straightjacketed approach to building components and mostly the utter lack of support if you stray even slightly from the beaten path. IMO, VS is a hammer, and what I want is a toolkit.
ASP.NET
Insecure, unoriginal
Mappoint as a subscribable web service, unique biz model
Subscribable web service a 'unique biz [sic] model'? Er, check your history. It might arguably be called a successful implementation, but it is hardly innovative.
"Streets and Trips" standalone routefinding/GPS utlility
Can't comment on this as I've never used it. Let's give you the benefit of the doubt that noone came up with this before MS. 8^)
Xbox is very cool, modded or not. Amped/Amped2 games are unique.
Perhaps. I've never liked game consoles much, so I'm in no position to argue one way or the other. Let's give this one to you as well.
PocketPC is very useful.
Er, useful doesn't even meet your arbitrary criterion of 'cool'. And I've seen nothing about PocketPC that made me think it was in any way interesting except in its consistency with full-blown Windows. From where I sit, that puts it in the same league as taking a standard poodle and breeding a toy poodle from it. 8^)
Latest implementation of Remote Desktop (ships with XP) is insanely great. Access local devices like disks and printers from remote sessions, or vice versa. I did usable remote desktop session from Instanbul - USA over 28.8k modem. That's pretty cool.
Look, I hate to break it to you, but Unices have been able to do this for ages. Yes, in low-bandwidth situations too. Encrypted. The fact that Windows is showing its first signs of being really-o truly-o multi-user is a matter of some amusement to those of us who have been doing this kind of thing for years and years. The Mac was 'insanely great'. Remote desktop is 'about bleeping time'. 8^)
"[F]or anyone to be surprised that an OS designed to be run for a single user in a non-networked environment loaded with legacy code to fully (and successfully) port to a multi-user, networked environment shows a lack of understanding about the increasing inertia software products have as they age."
Amen, brother!
I mean, when was the last time we heard of some dusty old professor writing a toy OS for the edification of his students, only to have some graduate student study it for a bit, then get together with a bunch of pals and create one of the best OSes in the world?
*blink*
"The MSN Search Technology Preview is currently unavailable. The site may be down for a short while due to scheduled maintenance. Please try again later."
And for those of us who didn't get it the first time:
"Den foreløbige teknologiversion af MSN Søg er ikke tilgængelig i øjeblikket. Webstedet kan være nede i en kort periode på grund af planlagt vedligeholdelse. Prøv igen senere."
This is a proud moment, people. You've slashdotted Microsoft. 8^)
Okay, okay, it probably really is scheduled maintenance. I mean, what better time to take the service offline than mid-afternoon on a Thursday?
*blink*
The issue here is not about jumping to conclusions. That happens all the time. There isn't a person alive who isn't victim of their own biases to some degree or other. What impresses me is slashdot's ability to correct and refine its information and perspective in a completely transparent and participatory manner. No media organisation today comes close to having the same kind of manpower and expertise that can be brought to bear on tech-related issues.
"As you also rightly point out, the simple fact that voting discrepancies are being discovered is proof that the auditing trail works."
Holy circular logic, Batman!
Look, the story is this: Someone spotted statistical anomalies in the election results, but there's no way to verify them because - wait for it - there is no audit trail.
The audit trail emphatically does NOT work. There is no audit trail!
Moderators: PLEASE STOP BEING PARTISAN AND START THINKING. WITH YOUR BRAINS.
"WordPro is being phased out for MS Word across the entire company, it's just taking a lot longer than it should."
So... what you're saying is that there is a value for infinity plus one?
"How do you compile open source politics?"
Ask Diebold. 8^)
Some will be quick to decry how slashdot is quick to jump to conclusions. They'll draw fairly pointed comparisons between slashdot and 'real' journalism.
As far as they've reasoned it, they're right. But that's only because they haven't reasoned it quite far enough.
This is exactly the process that happens in the major news media. A journalist spots something unusual, thinks there might be a story there. An investigative team looks into the evidence, tries to get feedback from the source(s), and either corroborates or refines the initial hypothesis.
The difference that we're seeing here is that the story is not landing in our lap, fully formed and packaged according to the publisher's wont. In the past, we never saw the messy part of any story, just the finished product.
I happen to like being able to see the 'messy part' . I like it a lot. In fact, it's why I come to slashdot. If I trusted Big Media to properly digest and format my news, I'd have no need to come here at all.
The truth about slashdot is that, amid all the noise, the silliness, the kvetching and moaning, there is a great deal of solid fact-checking going on. Assumptions do get challenged, news is removed from its 'frame' and picked at. Opinions get challenged or supported by a large number of qualified peers[*].
[*] And admittedly, a smaller but significant number of unqualified peers. 8^)
How many media companies have the same resources available to them? Not many. Most don't even hire fact-checkers any more. And believe it or not, slashdot fact-checkers really are better than none at all. 8^)
"Being arrogant and right is a pretty quick way of making everyone hate you."
Good. At least you've got their attention.
For countless years, women fighting for equality have had to cope with being characterised as 'bitches' whenever they tried to be heard. Why? They were ignored until they shouted so loud that people were forced to take notice.
For countless years, African Americans were persecuted, beaten, murdered for being 'uppity'. Anyone who spoke out in even the mildest fashion was subject to extreme punishment.
These days, one of the most significant issues in electronic communication is its abuse by people who systematically spread disinformation and suppress truth. The motives for doing so are manifold. In Microsoft's case, it's likely because the truth is fatal to their way of doing business.
People in a position to know better first assumed that the problem was that others just didn't have access to the right information. They packaged up the data in the proper format, and presented it to the world. They were largely ignored.
Still believing that the word just wasn't getting out, they tried harder, spoke a little more forcefully, worked harder at discrediting the other sources.
At a certain point, the propagandists realised that they could not win the argument on merit. So they attacked the source. They ascribed their own dubious motives to others (Linus 'stole' Linux), they made baseless threats (SCO). And now, they try to kill the messenger, not because of the message, but because he was shouting when he delivered it.
Your post seems to say, 'You may be right, but you're a prick, so nobody's going to believe you.' Problem is: Nobody listened before. Sometimes, there's no option but to be pushy. This fact has given us arrogant pricks from Galileo to Patrick Henry to Martin Luther King.
'Nevertheless, it moves.'
"I think what you will never get over is your own arrogance."
It's not arrogance when you're right.
Now, before you write this off as a flame, hear me out. Throughout history, people with unpopular views have believed that if they could just get the information out, their message would be accepted and acted on.
Elsewhere in this thread, someone said that Ballmer was like a street preacher, spouting tales of Armageddon from his soapbox pulpit. That's not true. He is a cardinal in his robes, descending from on high with the Word.
For the agnostics in the audience, those who can see that prima facie his statements are false, their immediate urge is to point out the untruths. In their world, the right information is all that's required to correct false reason.
But there is a significant proportion of the population whose world is not ruled by that same empiricism. For those people, it's more important to follow the appropriate leader than to be right. There are really good reasons to act this way, not the least of which is that it keeps one from being singled out. The only trouble these people experience is shared by everyone. Nonetheless, this drives the empiricists crazy. Their world cannot permit behaviour like this.
Worse, being 'comfortably wrong' (i.e. following the dominant mantra) can prove extremely destructive at times. So the rationalists feel compelled to shout the truth loudly. Problem is, the truth is useless to those who don't operate in a world driven by logic. This is nothing new; the Iliad tells us about Cassandra, doomed to know the future, and never to be believed.
None of this is to excuse those who rant at the 'stupidity' of the majority. Nor is this an attempt to excuse people who will not be swayed by reason. All I'm trying to do is to point out that there are two languages being spoken most of the time. Both may sound like English, but their purposes and means of expression are only close enough to cause confusion.
Again: There is nothing arrogant about being right, and letting the world know it. Arrogance comes when you continue insisting that you're right long after you've been proven wrong.
"What's to stop them from taking one of the BSDs and adding on a Windows compatibility layer in addition to the Linux compatibility layer?"
A level playing field.
Creating a system like the one you describe would even the field by allowing FOSS applications to be recompiled to run on their BSD variant with little or no additional effort. This would represent a free ticket into the game for any player. This would leave Microsoft one criterion to compete with: quality.
Microsoft can't compete with FOSS on development cost. So in order to develop software of equal quality, they have to spend more money. Which means they have to charge more. This means they lose market share to competitors who are willing to accept razor-thin margins just to get on the same platform as Microsoft.
For Microsoft, compatibility is suicide.
"Linus has often said that Linux on the desktop would be a long, tiring battle."
I agree with Linus' assessment, inasmuch as making Linux an ideal desktop environment is concerned. But I don't think it has any bearing on the tipping point argument.
The longest, most tiring battle of my 15 year career in IT has been supporting Windows under increasingly difficult conditions. I now refuse to recommend or administer Windows servers, and I provide my customers with compelling reasons for this stance. The vast majority of them are receptive to my reasoning and discover for themselves that Linux servers are more cost-effective.
The huge upsurge in Windows exploits and the daily onslaught of malware and spam gives consultants like me all the fodder we need to argue for FOSS on the desktop too. Note that I'm not saying 'Linux on the desktop'. This is a transitional game we're playing, and conversion to Linux-based desktop systems won't be immediate. It will happen, though, unless something comes along that's got more momentum and greater robustness than Linux.
It's critical to note that Microsoft has never written robust, secure software. Pronouncements to the contrary notwithstanding, it doesn't know how to do it. As software security becomes a dominant criterion for product selection, Microsoft's appeal diminishes. More and more frequently, organisations are willing to compromise on polish and integration in exchange for lower overall running costs.
This is precisely the wedge that Linux - and FOSS in general - need to break into the market. There will be a tipping point past which it becomes easier to move to FOSS than to remain with MS. The real question is when this will occur. You seem to be suggesting that this will be a long time in coming. I believe that rampant security problems will bring about the change much sooner than many suspect.
"Note - first ever correct usage of the word "loose" in the history of slashdot."
I would mod you up just for that, if I could. 8^)
"Now, in this picture, http://www.goofalicious.com/squat/squat-arrested-1 -detail-a.jpg it certainly looks like the officer handcuffing the man in white has a weapon of some sort, but the pic is waaaaay too grainy to tell what it is. Could be a shotgun, or a carbine, or a subgun, or a tear gas launcher for all I can tell. Doesn't really look like an M16 (I think y'all call them C7s up there) whatever it is. BTW, do you know how to tell the difference, by looking, between a select-fire (automatic) M16 (C7) and a semi-automatic AR15?"
You're right that the weapon might have been a carbine; it might well have been a select-fire weapon. If you'll re-read my post, I never made the assertion that the photo did anything but suggest the possibility. What the photo does, though, is refute the police assertion that no special weapons were used during the assault.
And of course my point in the original post was not that photographic evidence is sufficient, but that it's usually not enough to provide adequate context. When you combine the eyewitness reports, available photographic evidence and various other sources of data, you can corroborate an account (rather than dismiss it as a lie), or refute an assertion such as that made by the police to the press.
I do apologise for the quality of the photographs. The assault happened at dawn, and the press were kept at a distance of 100m.
"His claims may be questionable, but they are serious and they do deserve a meaningful response."
I agree that the claims are questionable and that they do deserve a meaningful response.
Lipner uses the example of slack security policy in some older FOSS applications (BIND and WuFTPd) to illustrate how code review, a boring task, gets neglected in favour of feature creation. He also claims that peer review works on algorithms, but other processes are required to secure 'a 40 million line operating system'.
Let's examine some of the assertions:
Open source development does not magically make better software. BIND, sendmail and several other network daemons have proven notoriously insecure in the past. (A friend of mine used to have a tagline saying, 'BIND, the 21st century sendmail') They were designed and developed in a much more trusting time, and it shows.
Incidentally, Windows 95 was designed and developed in a much more trusting time, and that shows, too. And because of this legacy, recent versions of Windows still suffer from 'single-userisms' that are hopelessly behind the times. Even though the code base has completely changed and many enhancements have been made, sometimes software's history dictates its present.
So, with respect to the 'FOSS makes insecure software too' argument: Yep, FOSS is not a silver bullet. Of course, FOSS is verifiably insecure, and people can and do fix it, typically quickly.
Lipner's assertion that sysadmin's would be better off checking logs and applying patches than reading source is disingenuous. The implication that a sysadmin shouldn't need to know code is particularly wrong-headed. All the really good sysadmins I've met were expert coders who just preferred running systems. In my opinion, that's no accident.
While he doesn't say it in so many words, Lipner implies that one significant area of software security that gets neglected in FOSS projects is integration testing. While individual FOSS projects don't do always this, that hardly means the job is not being done. I worked for three years on a Linux distro where better than 80% of our workload was exactly this kind of work. I believe RedHat, Suse, IBM et alia do a little bit of this, too. 8^)
What's more, unlike Microsoft, it's most of what they do. They don't have to fund all of the design and coding, so they can focus their resources on exactly the kind of integration work that is often painfully truncated in deadline-bound proprietary software projects.
FOSS doesn't make good software. In my experience, the majority of software, proprietary and open, is substandard. But FOSS is verifiable and customisable to a vastly greater degree than proprietary software typically is. This doesn't guarantee greater security, but it does make it possible, indeed far more likely.
Pictures can provide compelling evidence, but you're absolutely right that they need to be presented in the right context. I would never advise against using them, however.
- detail-a.jpg shows police in a fire department cherry picker attacking the squatters with pepper spray. Also in evidence are automatic weapons (highlighted). It could be (and it was) argued that they were in a potentially dangerous situation and were proceeding accordingly.
n lookers-1b.jpg is a shot of the police immediately below the cherry picker. Their casual stance and lack of protective gear seem to suggest that the insertion team's methods are designed not so much to protect themselves as to intimidate and overwhelm the people inside the squat.
One of Indymedia's best traits is that they report on events that would otherwise be forgotten. In 2002, Ottawa police raided a squat by activists protesting lack of affordable housing in the city. I and several others took photos of police methods. The evidence is damning.
http://www.goofalicious.com/squat/squat-assault-9
But let's look at the photo in context. http://www.goofalicious.com/squat/squat-assault-o
The police, by the way, denied that they were carrying 'special weapons' (i.e. non-standard issue for regular duty). These photos made them quickly forget that assertion.
Wow, Antarctica, that's pretty wild.
I'm currently working in the tiny island nation of Vanuatu in the South Pacific. Here, the temperature is seldom less than 23-25, and frequently warmer. Everyone here at the office is extremely productive.
(Whoops, back in a second. There's someone selling green coconuts. Gotta get a drink....)
Sorry, what was I saying? Oh yeah, productivity, right. Yeah it's great here in Vanuatu because
Heh, sorry, got cut off by my boss. I'm heading out to the beach this afternoon, and he wants to know if I want to borrow his surf board.
So yeah, the level of productivity in the tropics is *way* higher than in colder places because... Man! That music is great! Sorry, all the windows are open here in the office, and there's a string band playing somewhere outside. Sounds of the islands. Love it, man. Love it.
Anyway, so I was saying that this study is right on the money, because the temperature here is usually in the high twenties. In fact, it's really comfortable. That means I remain alert and productive at all timezzzmmmmmmz,,
Heh, sorry. Dozed off for a second there. Listen, I'll finish this right after lunch. Here in Vanuatu we take a 2 hour lunch, because of the heat. Time zone differences mean that you'll probably be asleep by the time I get back, so how about I just finish this up tomorrow, huh?
"I'm not saying that there isn't trouble brewing or that hackers aren't necessarily better at seeing this than others, its just like all the hackers that predicted the death of the internet for the last few decades... They saw change and picked up a pattern that turned out not to be there."
One of the things that make good hackers better at spotting trends is that they rely on evidence rather than suspicion and speculation. One of my good friends used to LART people constantly in meetings with 'Don't speculate - profile!'
In the spirit of that statement, could you please provide some evidence of 'all the hackers that predicted the death of the internet for the last few decades...' I see the following problems with that statement:
1) 'All the hackers' is a hopelessly ambiguous modifier. Do you mean 'the majority'? I don't think so, based on context. Do you really mean 'many'? If so, how many? Who?
2) 'Predicted the death of the Internet' is another useless phrase. I can predict the death of the Internet with certainty. Watch: Some time before the heat death of the Universe, what we now know as the Internet will cease to exist. See? That was easy. 8^)
What you really seem to mean is 'predicted catastrophic problems' or 'predicted fundamental changes'. Until you provide evidence (i.e. $foo predicted $bar, but $bar hasn't happened yet) we can't give your statement any value until you define values for $foo and $bar.
It's probably clear by now that I'm being pedantic about a silly statement that would be best discarded, but it highlights one of the qualities that good hackers have - they quantify, specify and clarify the information they work with. It's their job, and it's often their passion.
I just read that as:
"Anticipation is only half the bottle."
Worse, I almost modded it Insightful.
... 90% of Personal Computers. And if he really wanted to be precise, he'd say 90% of PCs running Windows. After all, only PC owners running Windows are going to get Dell tech support, right?
Has anyone got any metrics on spyware levels on other platforms?
" ...whether or not he frequents Slashdot."
I do, but only for the goatse links.
Love,
Linus
It also bears mentioning that Canada has one of the best political satire shows on television. The producers were smart enough to make sure the show runs right before CBC's evening news.
It got so popular, in fact, that politicians lined up to appear on it in mock news features that made fun of them. After looking at the polls, the found that a politician who could take a joke was way more popular than one who couldn't.
This will *never* happen in the US, of course.
It's sad though, because being able to laugh at yourself is a good way to stay sane.
"Very popular these days, but not so much in 1998 when this was filed."
I say the following with all due respect: Baloney.
I agree that the write-up for this article is pure fabrication, but it doesn't follow that Microsoft is making a claim that is even remotely valid.
This behaviour was blindingly obvious to web application developers well before 1998. The very first question you ask when you're developing a stateless, client-server application is, 'How do I divide the work?' Updating onscreen information without making another request to the server is what JavaScript was designed for.
How do I know? Because I wrote at least two applications that I can think of off the top of my head in 1996-7 that used exactly the kind of behaviour described in this patent.
"If OSX were #1 I'm sure the attacks would be just a fast and furious."
Amen, brother! That's why I tossed out that POS Apache web server and got me a brand new IIS. I mean what with all the security holes that come from being the number one piece of software and all, I just KNOW that IIS will never be a problem.
And besides, look at the name: Ah Pah Chee. Get it? It's a Patchy web server. It's gotta suck!
[Disclaimer. The above is one man's poor attempt at humour. If, while moderating, you find that this does not satisfy your personal criteria for 'funny', return this post in its original packaging to the sender and you will be receive a full refund.]