As far as I know neither no one at Gnome has gotten paid by Novell or Redhat or whatever (Have they giving grants? That is slightly different...). If you talking about "paid" in the sense they are contributing patches maybe it is because their patches are far more redily accepted in Gnome than KDE. Less we forget that unfortunate stuff with the original Bluecurve project some KDE people pooh-pooh-ed.
I'm not surprised at all projects turned their back on KDE or are far more willing to contribute to Gnome to me. And it looks like KDE gives outsiders (those not directly involved in core KDE) little reason too.
Although OSX is pretty slick and throught out top to bottom and better than current Gnome and KDE configurations, I'm perpetually perplexed by why anyone thinks the Windows Graphical Shell is "ready for the desktop"? The thing is a crude, inflexible and has some crazy inconsistent behaviors. And yet people claim this thing is better than Gnome or KDE?!
People are continually mistaking "familiarity" with "ease of use". Windows is definitely familar: it hasn't changed much since Win95. The problem is it isn't easy to use. Try explaining the quirks of Windows to someone who has never touched a computer. I can't predict what dialogs and messages are going to popup, what messages are going to be on buttons, etc. All of these things make for a strnage newbie experience on Windows.
The scary thing is that I see systems trying to emulate Windows more. I would rather they emulate Mac or come up with something original rather than use Window's incosistent patterns.
Make a system consistent and uniform across and you get easy to access, repeatable behavior in any application that utilizes it. However if the system is comprised now every application that utilizes it is now flawed in exactly the same way. In short, the advantages an application writer can utilize a hacker can utilized too.
Make a system hetorgenious where each system "rolls their own" security setup means that if one part is comprised doesn't automatically mean your system is comprised. However this is a nightmare to code through where some systems simply aren't talking the same permission objects.
I believe vendors should strive to blend both: a flexible system that behaves the same way reguardless of actual underlying system. A true enterprise solution has many layers of abstraction anyway. Hide away the parts that are different and expose the parts that are common. Do this any your SMB system will behave like your Kerbrose system and yet won't be weakened when one or the other is comprised.
Forget agreeing on the "one true system" becuase no system will satisfy everyone. What vendors should agree upon is interface API and build upon that. I really want a system where I can swap out SMB or Kerbrose or files with MD5 password hashes or whatever to all function. Diversity is key but behavior should be consistent.
Too many who say this behavior is right will not acknowledge they are changing the rules of the game. This might not be cheating per se but as the "ref" I can see how Bliz, SOE, etc. are perturbed by having their rules changed out from under them.
Another anology that works better than the Monopoly one is that these MMOGs have constructed rules much like the line at McD's. Everyone gets in line and waits for their turn. The problem with IGE and their bunch is that they cater to the people who don't want to stand in line for any length of time. IGE sells a "service" where they will stand in line for you instead.
I don't think Bliz, SOE, etc. care if anyone makes money playing their games (beyond trying to make the profits their profit too) but it seems to really irritate designers and developers to have their carefully crafted situations governed by carefully crafted rules ignored.
Has anyone considered the case where both CVS and SVN need to be supported in parallel?
The biggest problem in changing source control is the fact you must block all dev work while the transition happens. If your software moves fast enough there might never be a window of opportunity to lock the archive, move the code and open the new archive.
What would make any transition easier is somehow maintianing both. Knowing the basics of how both CVS and SVN work and only giving in a few minutes of thought (because work won't let me have the time to plan things) it seems almost possible with shell script-fu. The goal is of course that during a given transition time window you can do either a "cvs update" or a "svn update" and get the same code. At some later date you can turn off one archive and move forward. Of course there is the quirk about exactly how revision history is maintained in this situation but something is always lost in the transition unless you use or build tools to carry the data with you.
Books like this are great but I would rather seem some hardcore information on transition scenarios. Learning a new revision control system can be tough (although I don't think SVN is that daunting) but not as scary trying to switch revision control systems.
What will it take for Microsoft to actually get into the fundementals of Windows to fix the design flaws?
I've worked with Windows NT 3.1/3.5/3.51 and onwards and still find the same problems with permissions today as I did 10 years ago. You can not change your permission set "on the fly". It is still hard to write applications to take advantage of such a rich permission set (the correlary to this is that it is so hard that many avoid dealing with any security at all). Permission "tools" are still confusing. The security in Windows NT and its children *is* rock solid. The problem is most of the tools surrounding it are still as clumsy today as they were years ago.
I've seen Microsoft introduce and refuse to deal with questionable technology of their own design. The first and foremost in my mind is Active X. The design deficiencies in Active X have been known for many years yet it is still here. And as dangerous as ever. Microsoft pushed the OLE idea that "data runs the program" when it turned out that it was a poor idea due to security concerns yet Office still seems to want to do this. Along with this, Outlook Express appears to have *many* issues. The whole application appears to be in a revolving door.
I've always wondered why a 4 machine DB cluster that does nothing in its existence except service SQL Server constantly asking me if I want to install updates for Direct X and Windows Media Player 10. I can't fathom why these are necessary for the operation of a DB cluster. It just makes my life doing maintaince on them harder. Making highly specialized servers that are lean, mean, and exacting in function reduces maintaince. Throwing all of this extra software into the server is not the right thing to do.
In BSD and Linux, if an idea or piece of technology turns out to function poorly or is just plain bad, no one seems to have any qualms about dropping it or rewriting it. What in the world will it take to get Microsoft to either fix or drop these long standing issues? Does Microsoft realize how much time and money is being spent by IT on work arounds for these issues?
Longhorn will not be the answer. Managed code will not fix users from breaking their machine. One of the first and foremost reasons why computers get messed up is because of user mistakes. Using social engineering a virus tricks them into running something they shouldn't. No amount of "managed code" will protect the user from pressing the wrong buttons.
The answer has been staring at us for 20 years now. Many of the security problems in Windows are born of legacy. And ironically they were problems born from not learning lessons learned by other Operating Systems.
But in typical fashion, Microsoft is throwing more software at the flaws instead of fixing the fundemental design which created the issue in the first place. The whole chain about any virus using IE as an vector should show you this.
There are fundemental issues that were learned by other systems along time ago that MS continues to ignore and throw more software upon in an attempt to obscure the problems. So many things would go away if users never had the previliage to screw up their system easily. So many things would go away if the web browser was treated as a viewer instead of a platform for execution. So many tools could be simplified and made less confusing if they fixed the underlying problems...but they won't.
I'm sorry to sound like flamebait but I'm sick of it. Longhorn will get released and people will harass me on what in the world "code group permissions" are. People can't figure out IE's "zones" and they want me to explain to users how "code groups" work?! Thanks Microsoft...thanks for completely avoiding the problem.
The basic problem is the classic "Human-Machine Interface". Machines can't tell the difference from a page exploiting the scoring rules from one that is an honest web page playing by normal rules.
Google does honestly try to avoid this crap. The problem is in the end even with the cleverest scoring algorithm is still an algorithm. Knowing what Google programatically emphizes shows how to build web pages to take advantage of their rating which isn't necessarily a good web page or any more meaningful than anothers web page that doesn't take advantage of the information.
It is a constant tug of war between these guys and Google. Google is constantly trying to invent the best pattern matching to promote real information in web pages and not this fake stuff. These SEOs are constantly trying to find weak points in the rules that they can capitalize on.
ps. If MSN Search targets "trying to beat Google" instead trying to beat web pages and SEOs then they have already lost...
Media Factory should have been less blunt since as mentioned the "dirty little secret" about digisubs is that companies actively use this as a marketing tool to know what is hot and what is not. They get a lot more feedback through watching fan activity than they ever did in those "reader response cards" and web site mechanisms. Even so, I can't blame Media Factory for wanting to protect their investments. They took the time and money to create shows to market in the Japan and the US and are irked to see their work handed out freely. Although they could have handled in a more friendly fashion the fact is that they asked these groups to stop and it is in their right to do so. They should have handled it with a gentle handle instead of the blunt instrument of psuedo-legal issuing of offical letters.
The fansubing groups need to get off their high horse and honor the request. In the past, "fansub ethics" have always said "honor the request of the creators" reguardless of reason. As much as these guys think they are "promoting the show by sharing" they continue to ignore the reason they are asked to stop which is that there is a seedy element in fandom that just wants cheap shows to watch.
Both sides should just acknowledg each other and walk away from this situation cleanly instead of fuming and dwelling on it. The system works best when it runs silent not when red flags and warning bells go off.
Halo 2 is the reason why their "Home Entertainment" division is in the black but they won't be that way later this year. And in the end it is a small portion of their revenue stream. There bread and butter is still Office and OEM Windows deals.
Microsoft ran some cut costs (including cutting R&D funding which IMHO is dangerous for a technology company) and had a confluence of good timing (servers from the pre-bubble era need replacing about now) leads to this. The real question I have in my mind is how they will be at the end of the year. I'm not seaying they will be bankrupt but I suspect the picture for MS Q4 2005 isn't as rosey.
The next "killer app" for MMOGs is advanced, learning AI. Right now games are trying to cover up the simplistic behavior of NPCs by creating complex scripts around them.
Example: - Between 100%-75% health, Dragon will fight as normal. - At 75% health, the dragon will breath fire in attempt to kill as many players nearby, fly over to the west part of the chamber. - Between 75%-50% health, Dragon will fight as normal and start using its tail. - At 50% health, Dragon will fly to the east part of the chamber, breath fire onto the players as they run from the west part of the room to the east.
So on and so forth. The problem is that humans easily can see paterns like this. This "event driven" behavior only works when players are "surprised" and becomes a serious liability when players discover the pattern. If the pattern is "discovered", players will scatter around 75% to avoid the fire. At 50% they will run to the eastern part of the room before the dragon gets there to avoid it breathing fire onto the western half.
To avoid some of this predictability, some monsters appear to have "randomized behavior". A monster has 5 different "actions" where a programer weights the choices and generates a random number. This makes the monster appear to have some tactics trying different attacks but just as much as it succeeds in throwing the player off they will often randomly chose the poor action.
I believe advanced AI techniques like nueral nets will be the next "killer app" for MMOGs. Learning AI is not impractical for a single player stand alone game but it is not as "exciting" nor do single player system have enough computing power and "experience" to really put a nueral net through its paces.
The Dragon in the example starts out like the players in that neither side knows exactly how to win. Reguardless of the outcome both the sever/Dragon and the players should learn something from the encounter. Have enough players run against The Dragon and it might start to learn things like "fire seems to be more effective against melee". When it sees a raid comprised of mostly melee and very few casters it choses its fire attack far more than its melee. This is a far better option than "randomizing attacks" or scripting their behavior. The Dragon is now actually using tactics and reacting to the players in a psuedo-intelegent manner.
If we really want to go far fetched, it would be great if each server instance of The Dragon "learned" on its own and developed personality and behavior unique unto itself. One server's Dragon might like to fly around compared to another that likes to walk when moving around. Of course one of the tricks is keeping the game engaging. No one wants to fight The Dragon if they know it will beat them 9/10 times.
Some NPCs should be designed simplistically because that is their nature. Some NPCs are highly intelegent and should act occordingly. I await the day when you can do true tactical attacks against the computer instead of having to resort to a scirpted monster or just filling the other side with other human players.
Most of the mini-apps aren't applicable in the enterprise. If you need a cluster DB setup, why do you need the Windows Media API let alone the client bits installed on the machine? It simply isn't applicable and worse it is unremovable.
But that is an extreme case. In a more practical setup, why does Microsoft get the say on installing any software like WMP on my grandmother's machine? As you noted, because the way Microsoft has developed the technology installing one piece of technology to solve a problem often means you install many more pieces of software none of which solve the problem (let alone you maybe interested in). Why? Because they want to sell server technology solutions to some other unrelated vendor? Something is fishy about that.
I guess the grand question is how fair or legal is this? I don't know if the EU is doing the right or wrong things for the right reasons but I can tell you it sure stinks from an IT perspective. Being forced to solved problems on software you didn't want installed in the first place but because of some dependance you have to stinks.
If a closed vendor is "slow" on fixing an issue guess what happens? You wait. Hopefully there is disclosure so you know what to protect "from the outside" while you patiently wait for the vendor to release a fix.
On the other hand, if the maintainer responsible for an errant kernel module is "slow" then guess what happens? Someone else fixes it. Most importantly, you can fix it if you chose to do so. If you know there is a problem, you have the source, and ultimately you can fix it. You don't have to wait for the kernel maintainers to get going. You can get started on correcting it today. This is why full and open disclosures on security issues are important for Linux and BSD.
Ultimately, this is the strength of OSS projects. No one is beholdened to any programmer or entity. You are given more options on what to do than wait for the vendor.
To avoid "the sharks" in the world that would sue on the behalf of whom ever. It isn't necessarily a move to protect themselves from RIAA...it is more to protect themselves from being charged by the group that owns the MP3 encoding standard.
The good news is it is easy to get MP3 support back into your RH or Fedora install. It is just RH nor the Fedora crew are going to help you do it. Given the nature of some litegation happy parts of the tech world I'm more than happy with Fedora's decision leave out this questionable piece of technology by default.
Back when radio was new, many companies all trying to capitalize on frequencies created all sorts of different headaches because there was no regulatory body governing behavior. Every broadcaster tried to make their own standard so to listen to their signal you had to buy their radio and create their own custom broadcast array. Every broadcaster was under no obligation to honor another's usage of another frequency. The only time it mattered to them was when it dropped their quality. Then of course none of this was cheap for the consumer either....
It was an unregulated, unmitigated disaster and hence the reason why the FRC (predicessor to the FCC) was created. They standardized radio broadcasting practices. They organized bandwidth usage so overlaping wouldn't be a problem. They made the system at least approachable.
Now we can argue if the FCC is to ridgid in their regulation but the idea of making a regulatory body for spectrum usage is a good idea.
...you can always hire someone to maintain it. Once you are sure a version is stable and conforms there is rarely anything you need to do beyond hardware failures. With Windows, you need much more because everything is out of your hands because they have all of the source.
I think NT4 was a fine Desktop system. NT4 Server turned out to be NT4 Desktop with a few DLLs changed around and turned out to be a fairly robust system as well. All systems have to pass into legacy.
The mass is still the same. The last time I checked the mass of Earth did not change reguardless of shape:
L = r x p
L is the angular momentum; r is the radius; p is the point measured.
Take something from one side of a planet and put it another the other. Angular moment has stayed the same so where is the speedup? Moving stuff around on earth does not change the angular momentum. Earth can speed up if you either "add energy" or "remove stuff" from the closed system.
Since it appears all of the stuff on Earth is still on Earth, where did the extra energy come from? Or did pieces of Earth disappear during the quake?
First, I believe the Sun and Moon perturb the Earth's rotations at perigee and appogee in terms of miliseconds. Wouldn't the effect of these two bodies "wash" the any microsecond change in the rotation of Earth?
Second, what about the conservation of energy? If the angular moment of Earth changed (according to the article earth speed up) where did the energy come from? For the Earth to speed up, energy has to be added to the angular moment of Earth. Even if a chunk of the Earth's mass shifted somewhere the energy is still conserved because it came from somewhere else.
Everything on Earth is still on Earth although with a quake this big they aren't in the same places. Where did the extra energy come from to speed up the planet? Moving things around on Earth does not change the angular momentum of the planet.
I've worked on projects where inclusion of features is more important than design. That isn't to say design was completely ignored but the team lead was definately more interested in having all of the agreed features in the product before a certain date.
The Linux Kernel is much the same way. The people driving "head" are more interested in getting stuff into the kernel than it being secured. This isn't automatically bad. Now whether or not this bites them in the ass later is a different disucssion. Getting things into the kernel for others to look at is how the code matures in the Linux kernel. Having a developer sit on a piece of code because he isn't sure it is 99.9997% correct does no one any good.
Thankfully, there are others who aren't sitting at the "head" of the source correcting things as they go along. This is one of the strengths of the Open Source model of development. The person who originally wrote the feature doesn't have to be involved at all in debugging or fixing the feature. Ultimately, if you don't like the code that the LKD team is "blessing" then you can always exclude it. These are wonderful things about the Open Source Development model. You aren't beholdened to any vendor or developer.
I see this problem as neither here nor there. It would be awesome if every bit of code that went into the kernel was super robust but that is a pipedream because everyone has access to the kernel source and can change it at whim. And because of the way OSS works, you don't need to behave like closed vendors in that it has to be 100% correct or it doesn't get released.
It would be nice if the source "head" was a bit more "cooked" but that would involve changing their development pattern which I have no illusions could be rough. In the future the kernel team might change their focus from "adding things" to "securing things" but that is future speculation.
ps. For the historical perspective, isn't this "security" vs "features" the thing that caused the schism in BSD?
"Auto-run" Features Are a Security Risk
on
CES Tidbits
·
· Score: 2, Insightful
I don't care how "nifty" it is but from an IT point of view having any "hot-plug" device used on a computer in the enterprise automatically running things an unvalidated source (the hot-plug device itself) is a security risk. Where did the USB device come from? What does the USB device really do? If a user can't answer some simple questions about this they sure aren't added it to a machine on the network. I will not allow users pluging strange PCI cards into their machines that aren't quite sure what they do. Why should I allow USB to do the same thing?!?
Why are these guys pushing to make this "standard"?? Thanks for more tracking and security headaches guys for the sake of "convience".
Also, it's hard to keep people from clicking "yes".
I've complained about this in many of/. post: The problem MS has is that they are constantly presenting the user with the options they shouldn't be able to do an expecting them to not select them. I can't tell which is more dumb: Is it this stuff about investing time and R&D in AV software instead of fixing the bugs and pulling the plug on fundementally flawed software? Or is it presenting the user with this dialog?
Do you wish to run the unsigned Active X control?
Yes No
Instead, MS should change the message to:
Do you wish to ruin your computer and go through a lengthy reinstall?
Yes No
No one should select "Yes" but the fact that MS allows the "Yes" button to appear allows for the event to happen. Simply put, MS designers violate a primary UI Design rule: never present the user with an option that is entirely and every way undesirable.
IE should never run unsigned Active X! In fact I say no one should be using Active X at all because it is an antiquated technology but that is another thread. Don't bother asking the user if they want to run it if it violates security. You can alert the user that you've rejected the Active X but never, ever give them the option to just click it away.
This is just more evidence of MS design problems which they won't fix because it messes with their desktop dominance but are more than happy to sell you more software to shore it up. The problem is that IE continually allows sidesteping of simple (and effective) security principles found in IE and the OS. Instead of fixing this they'll bolt more software ontop of it which will come as a cost to the consumer sometime down the road. It might not be in the form of higher MS software prices (*snort*) but at the cost of killing off various "security ISVs" that do good work bringing attention the problems in Windows.
The main reason why grief exists in these games mostly hinges on human nature. The aspect of humanity that really resents being on the short end of the domination chain. This was explored in Lord of the Flies. When the kids come to realize that there is no authority to enforce the cordial rules things go south.
Players who realize that the only real thing at risk is their free time and money will feel a rush from doing questionable things. Their computer becomes their cloak of anonomity. Without some sort of "penality" for being a jerk there is little incentive for some to avoid being jerks. Often times the administrators are overwhelmed or powerless to make rulings let alone enforce penalities so players are left to police themselves.
Games that have large social structures like "guilds" tend to gravitate towards a more stable setup because "player enforced penalities" start to come into play. When leaders start worrying about their group being left out (everyone agrees GuildA55 are jerks and therefore will not share events with them) they are far more likely to be nice and seek comprise than to try and grief and punish everyone against them. Situations like these probably mimic some early human societies and social structures.
Once again technology and MMOGs have shown an interesting side of humanity. I'm sure that there are socialogy majors who could make some interesting thesis out of observed behavior in these virtual worlds.
The GPL is only a license on the program not your works and creations. The code you write belongs to you can be compiled by GCC, a GPL-ed suite of tools. This does not mean the binaries produced are suddenly GPLed nor do you need to distribute the GCC compiler with your code or binaries.
This is one of the big misconceptions of the GPL. That some how everything it touches makes it GPL. If you are an end user and aren't looking at modifying the code then the GPL has no impact on your activities.
That WMP is an application framework completely with an SDK and extentions while Notepad is not. You can build products for WMP that are tightly integrated while Notepad you will have to rely on loosely tied interfaces to drive it.
At its core, Notepad is a tool meant to stand alone while WMP is an application that was meant to be extended. Is it Microsoft that is trying to muddy the waters? If Microsoft is allowed to claim anything they make is a tool for Windows and necessary for the OS then, ironically, it makes being an ISV less attractive for selling product on an open market (but more attractive if you want to be bought out by MS).
This is why WMP is dicey for Windows. If MS has a monopoly then they can leverage that into killing all other media players. If WMP is necessary for Windows to function and therefore a tool then why not the entire Office suite?
I am struck by the audacity of Torr to suggest that you can trust Microsoft install packages but not Mozilla's simply because of signing.
Signing just indicates that the source validates what is packaged. Simply, signed Microsoft install packages come from Microsoft. However this does not indicate anything about the quality of the package. This is the heart of MS's problems since it was never a question of the package source but the quality of content. They've burned so many not by fake IE packaging but by the fact IE is "junk" in the first place. Anything beyond this (all of the malware, hacks, and bugs) is just a side effect of design and code in IE not of the fact IE is a hacked install.
There are legit complaints about the Moz distribution and install proceedure. I would like to see a "self validating" install to insure the package is legit however alone signing isn't the solution. Signing is only useful for indicating the install package has not been tampered. It never indicates whether or not the software installed works. No amount of code signing from MS will fix IE's damaged reputation for misbehaving.
ps. I'm loathe to think Mozilla needs to fork out money to anyone to prove anything. They should be seeking free (beer and freedom) ways of package authentication.
Slashdot Mirror
As far as I know neither no one at Gnome has gotten paid by Novell or Redhat or whatever (Have they giving grants? That is slightly different...). If you talking about "paid" in the sense they are contributing patches maybe it is because their patches are far more redily accepted in Gnome than KDE. Less we forget that unfortunate stuff with the original Bluecurve project some KDE people pooh-pooh-ed.
I'm not surprised at all projects turned their back on KDE or are far more willing to contribute to Gnome to me. And it looks like KDE gives outsiders (those not directly involved in core KDE) little reason too.
Although OSX is pretty slick and throught out top to bottom and better than current Gnome and KDE configurations, I'm perpetually perplexed by why anyone thinks the Windows Graphical Shell is "ready for the desktop"? The thing is a crude, inflexible and has some crazy inconsistent behaviors. And yet people claim this thing is better than Gnome or KDE?!
People are continually mistaking "familiarity" with "ease of use". Windows is definitely familar: it hasn't changed much since Win95. The problem is it isn't easy to use. Try explaining the quirks of Windows to someone who has never touched a computer. I can't predict what dialogs and messages are going to popup, what messages are going to be on buttons, etc. All of these things make for a strnage newbie experience on Windows.
The scary thing is that I see systems trying to emulate Windows more. I would rather they emulate Mac or come up with something original rather than use Window's incosistent patterns.
Make a system consistent and uniform across and you get easy to access, repeatable behavior in any application that utilizes it. However if the system is comprised now every application that utilizes it is now flawed in exactly the same way. In short, the advantages an application writer can utilize a hacker can utilized too.
Make a system hetorgenious where each system "rolls their own" security setup means that if one part is comprised doesn't automatically mean your system is comprised. However this is a nightmare to code through where some systems simply aren't talking the same permission objects.
I believe vendors should strive to blend both: a flexible system that behaves the same way reguardless of actual underlying system. A true enterprise solution has many layers of abstraction anyway. Hide away the parts that are different and expose the parts that are common. Do this any your SMB system will behave like your Kerbrose system and yet won't be weakened when one or the other is comprised.
Forget agreeing on the "one true system" becuase no system will satisfy everyone. What vendors should agree upon is interface API and build upon that. I really want a system where I can swap out SMB or Kerbrose or files with MD5 password hashes or whatever to all function. Diversity is key but behavior should be consistent.
Too many who say this behavior is right will not acknowledge they are changing the rules of the game. This might not be cheating per se but as the "ref" I can see how Bliz, SOE, etc. are perturbed by having their rules changed out from under them.
Another anology that works better than the Monopoly one is that these MMOGs have constructed rules much like the line at McD's. Everyone gets in line and waits for their turn. The problem with IGE and their bunch is that they cater to the people who don't want to stand in line for any length of time. IGE sells a "service" where they will stand in line for you instead.
I don't think Bliz, SOE, etc. care if anyone makes money playing their games (beyond trying to make the profits their profit too) but it seems to really irritate designers and developers to have their carefully crafted situations governed by carefully crafted rules ignored.
Has anyone considered the case where both CVS and SVN need to be supported in parallel?
The biggest problem in changing source control is the fact you must block all dev work while the transition happens. If your software moves fast enough there might never be a window of opportunity to lock the archive, move the code and open the new archive.
What would make any transition easier is somehow maintianing both. Knowing the basics of how both CVS and SVN work and only giving in a few minutes of thought (because work won't let me have the time to plan things) it seems almost possible with shell script-fu. The goal is of course that during a given transition time window you can do either a "cvs update" or a "svn update" and get the same code. At some later date you can turn off one archive and move forward. Of course there is the quirk about exactly how revision history is maintained in this situation but something is always lost in the transition unless you use or build tools to carry the data with you.
Books like this are great but I would rather seem some hardcore information on transition scenarios. Learning a new revision control system can be tough (although I don't think SVN is that daunting) but not as scary trying to switch revision control systems.
What will it take for Microsoft to actually get into the fundementals of Windows to fix the design flaws?
I've worked with Windows NT 3.1/3.5/3.51 and onwards and still find the same problems with permissions today as I did 10 years ago. You can not change your permission set "on the fly". It is still hard to write applications to take advantage of such a rich permission set (the correlary to this is that it is so hard that many avoid dealing with any security at all). Permission "tools" are still confusing. The security in Windows NT and its children *is* rock solid. The problem is most of the tools surrounding it are still as clumsy today as they were years ago.
I've seen Microsoft introduce and refuse to deal with questionable technology of their own design. The first and foremost in my mind is Active X. The design deficiencies in Active X have been known for many years yet it is still here. And as dangerous as ever. Microsoft pushed the OLE idea that "data runs the program" when it turned out that it was a poor idea due to security concerns yet Office still seems to want to do this. Along with this, Outlook Express appears to have *many* issues. The whole application appears to be in a revolving door.
I've always wondered why a 4 machine DB cluster that does nothing in its existence except service SQL Server constantly asking me if I want to install updates for Direct X and Windows Media Player 10. I can't fathom why these are necessary for the operation of a DB cluster. It just makes my life doing maintaince on them harder. Making highly specialized servers that are lean, mean, and exacting in function reduces maintaince. Throwing all of this extra software into the server is not the right thing to do.
In BSD and Linux, if an idea or piece of technology turns out to function poorly or is just plain bad, no one seems to have any qualms about dropping it or rewriting it. What in the world will it take to get Microsoft to either fix or drop these long standing issues? Does Microsoft realize how much time and money is being spent by IT on work arounds for these issues?
Longhorn will not be the answer. Managed code will not fix users from breaking their machine. One of the first and foremost reasons why computers get messed up is because of user mistakes. Using social engineering a virus tricks them into running something they shouldn't. No amount of "managed code" will protect the user from pressing the wrong buttons.
The answer has been staring at us for 20 years now. Many of the security problems in Windows are born of legacy. And ironically they were problems born from not learning lessons learned by other Operating Systems.
But in typical fashion, Microsoft is throwing more software at the flaws instead of fixing the fundemental design which created the issue in the first place. The whole chain about any virus using IE as an vector should show you this.
There are fundemental issues that were learned by other systems along time ago that MS continues to ignore and throw more software upon in an attempt to obscure the problems. So many things would go away if users never had the previliage to screw up their system easily. So many things would go away if the web browser was treated as a viewer instead of a platform for execution. So many tools could be simplified and made less confusing if they fixed the underlying problems...but they won't.
I'm sorry to sound like flamebait but I'm sick of it. Longhorn will get released and people will harass me on what in the world "code group permissions" are. People can't figure out IE's "zones" and they want me to explain to users how "code groups" work?! Thanks Microsoft...thanks for completely avoiding the problem.
The basic problem is the classic "Human-Machine Interface". Machines can't tell the difference from a page exploiting the scoring rules from one that is an honest web page playing by normal rules.
Google does honestly try to avoid this crap. The problem is in the end even with the cleverest scoring algorithm is still an algorithm. Knowing what Google programatically emphizes shows how to build web pages to take advantage of their rating which isn't necessarily a good web page or any more meaningful than anothers web page that doesn't take advantage of the information.
It is a constant tug of war between these guys and Google. Google is constantly trying to invent the best pattern matching to promote real information in web pages and not this fake stuff. These SEOs are constantly trying to find weak points in the rules that they can capitalize on.
ps. If MSN Search targets "trying to beat Google" instead trying to beat web pages and SEOs then they have already lost...
Media Factory should have been less blunt since as mentioned the "dirty little secret" about digisubs is that companies actively use this as a marketing tool to know what is hot and what is not. They get a lot more feedback through watching fan activity than they ever did in those "reader response cards" and web site mechanisms. Even so, I can't blame Media Factory for wanting to protect their investments. They took the time and money to create shows to market in the Japan and the US and are irked to see their work handed out freely. Although they could have handled in a more friendly fashion the fact is that they asked these groups to stop and it is in their right to do so. They should have handled it with a gentle handle instead of the blunt instrument of psuedo-legal issuing of offical letters.
The fansubing groups need to get off their high horse and honor the request. In the past, "fansub ethics" have always said "honor the request of the creators" reguardless of reason. As much as these guys think they are "promoting the show by sharing" they continue to ignore the reason they are asked to stop which is that there is a seedy element in fandom that just wants cheap shows to watch.
Both sides should just acknowledg each other and walk away from this situation cleanly instead of fuming and dwelling on it. The system works best when it runs silent not when red flags and warning bells go off.
Halo 2 is the reason why their "Home Entertainment" division is in the black but they won't be that way later this year. And in the end it is a small portion of their revenue stream. There bread and butter is still Office and OEM Windows deals.
Microsoft ran some cut costs (including cutting R&D funding which IMHO is dangerous for a technology company) and had a confluence of good timing (servers from the pre-bubble era need replacing about now) leads to this. The real question I have in my mind is how they will be at the end of the year. I'm not seaying they will be bankrupt but I suspect the picture for MS Q4 2005 isn't as rosey.
The next "killer app" for MMOGs is advanced, learning AI. Right now games are trying to cover up the simplistic behavior of NPCs by creating complex scripts around them.
Example:
- Between 100%-75% health, Dragon will fight as normal.
- At 75% health, the dragon will breath fire in attempt to kill as many players nearby, fly over to the west part of the chamber.
- Between 75%-50% health, Dragon will fight as normal and start using its tail.
- At 50% health, Dragon will fly to the east part of the chamber, breath fire onto the players as they run from the west part of the room to the east.
So on and so forth. The problem is that humans easily can see paterns like this. This "event driven" behavior only works when players are "surprised" and becomes a serious liability when players discover the pattern. If the pattern is "discovered", players will scatter around 75% to avoid the fire. At 50% they will run to the eastern part of the room before the dragon gets there to avoid it breathing fire onto the western half.
To avoid some of this predictability, some monsters appear to have "randomized behavior". A monster has 5 different "actions" where a programer weights the choices and generates a random number. This makes the monster appear to have some tactics trying different attacks but just as much as it succeeds in throwing the player off they will often randomly chose the poor action.
I believe advanced AI techniques like nueral nets will be the next "killer app" for MMOGs. Learning AI is not impractical for a single player stand alone game but it is not as "exciting" nor do single player system have enough computing power and "experience" to really put a nueral net through its paces.
The Dragon in the example starts out like the players in that neither side knows exactly how to win. Reguardless of the outcome both the sever/Dragon and the players should learn something from the encounter. Have enough players run against The Dragon and it might start to learn things like "fire seems to be more effective against melee". When it sees a raid comprised of mostly melee and very few casters it choses its fire attack far more than its melee. This is a far better option than "randomizing attacks" or scripting their behavior. The Dragon is now actually using tactics and reacting to the players in a psuedo-intelegent manner.
If we really want to go far fetched, it would be great if each server instance of The Dragon "learned" on its own and developed personality and behavior unique unto itself. One server's Dragon might like to fly around compared to another that likes to walk when moving around. Of course one of the tricks is keeping the game engaging. No one wants to fight The Dragon if they know it will beat them 9/10 times.
Some NPCs should be designed simplistically because that is their nature. Some NPCs are highly intelegent and should act occordingly. I await the day when you can do true tactical attacks against the computer instead of having to resort to a scirpted monster or just filling the other side with other human players.
Most of the mini-apps aren't applicable in the enterprise. If you need a cluster DB setup, why do you need the Windows Media API let alone the client bits installed on the machine? It simply isn't applicable and worse it is unremovable.
But that is an extreme case. In a more practical setup, why does Microsoft get the say on installing any software like WMP on my grandmother's machine? As you noted, because the way Microsoft has developed the technology installing one piece of technology to solve a problem often means you install many more pieces of software none of which solve the problem (let alone you maybe interested in). Why? Because they want to sell server technology solutions to some other unrelated vendor? Something is fishy about that.
I guess the grand question is how fair or legal is this? I don't know if the EU is doing the right or wrong things for the right reasons but I can tell you it sure stinks from an IT perspective. Being forced to solved problems on software you didn't want installed in the first place but because of some dependance you have to stinks.
If a closed vendor is "slow" on fixing an issue guess what happens? You wait. Hopefully there is disclosure so you know what to protect "from the outside" while you patiently wait for the vendor to release a fix.
On the other hand, if the maintainer responsible for an errant kernel module is "slow" then guess what happens? Someone else fixes it. Most importantly, you can fix it if you chose to do so. If you know there is a problem, you have the source, and ultimately you can fix it. You don't have to wait for the kernel maintainers to get going. You can get started on correcting it today. This is why full and open disclosures on security issues are important for Linux and BSD.
Ultimately, this is the strength of OSS projects. No one is beholdened to any programmer or entity. You are given more options on what to do than wait for the vendor.
To avoid "the sharks" in the world that would sue on the behalf of whom ever. It isn't necessarily a move to protect themselves from RIAA...it is more to protect themselves from being charged by the group that owns the MP3 encoding standard.
The good news is it is easy to get MP3 support back into your RH or Fedora install. It is just RH nor the Fedora crew are going to help you do it. Given the nature of some litegation happy parts of the tech world I'm more than happy with Fedora's decision leave out this questionable piece of technology by default.
Back when radio was new, many companies all trying to capitalize on frequencies created all sorts of different headaches because there was no regulatory body governing behavior. Every broadcaster tried to make their own standard so to listen to their signal you had to buy their radio and create their own custom broadcast array. Every broadcaster was under no obligation to honor another's usage of another frequency. The only time it mattered to them was when it dropped their quality. Then of course none of this was cheap for the consumer either....
It was an unregulated, unmitigated disaster and hence the reason why the FRC (predicessor to the FCC) was created. They standardized radio broadcasting practices. They organized bandwidth usage so overlaping wouldn't be a problem. They made the system at least approachable.
Now we can argue if the FCC is to ridgid in their regulation but the idea of making a regulatory body for spectrum usage is a good idea.
...you can always hire someone to maintain it. Once you are sure a version is stable and conforms there is rarely anything you need to do beyond hardware failures. With Windows, you need much more because everything is out of your hands because they have all of the source.
I think NT4 was a fine Desktop system. NT4 Server turned out to be NT4 Desktop with a few DLLs changed around and turned out to be a fairly robust system as well. All systems have to pass into legacy.
The mass is still the same. The last time I checked the mass of Earth did not change reguardless of shape:
L = r x p
L is the angular momentum; r is the radius; p is the point measured.
Take something from one side of a planet and put it another the other. Angular moment has stayed the same so where is the speedup? Moving stuff around on earth does not change the angular momentum. Earth can speed up if you either "add energy" or "remove stuff" from the closed system.
Since it appears all of the stuff on Earth is still on Earth, where did the extra energy come from? Or did pieces of Earth disappear during the quake?
First, I believe the Sun and Moon perturb the Earth's rotations at perigee and appogee in terms of miliseconds. Wouldn't the effect of these two bodies "wash" the any microsecond change in the rotation of Earth?
Second, what about the conservation of energy? If the angular moment of Earth changed (according to the article earth speed up) where did the energy come from? For the Earth to speed up, energy has to be added to the angular moment of Earth. Even if a chunk of the Earth's mass shifted somewhere the energy is still conserved because it came from somewhere else.
Everything on Earth is still on Earth although with a quake this big they aren't in the same places. Where did the extra energy come from to speed up the planet? Moving things around on Earth does not change the angular momentum of the planet.
I've worked on projects where inclusion of features is more important than design. That isn't to say design was completely ignored but the team lead was definately more interested in having all of the agreed features in the product before a certain date.
The Linux Kernel is much the same way. The people driving "head" are more interested in getting stuff into the kernel than it being secured. This isn't automatically bad. Now whether or not this bites them in the ass later is a different disucssion. Getting things into the kernel for others to look at is how the code matures in the Linux kernel. Having a developer sit on a piece of code because he isn't sure it is 99.9997% correct does no one any good.
Thankfully, there are others who aren't sitting at the "head" of the source correcting things as they go along. This is one of the strengths of the Open Source model of development. The person who originally wrote the feature doesn't have to be involved at all in debugging or fixing the feature. Ultimately, if you don't like the code that the LKD team is "blessing" then you can always exclude it. These are wonderful things about the Open Source Development model. You aren't beholdened to any vendor or developer.
I see this problem as neither here nor there. It would be awesome if every bit of code that went into the kernel was super robust but that is a pipedream because everyone has access to the kernel source and can change it at whim. And because of the way OSS works, you don't need to behave like closed vendors in that it has to be 100% correct or it doesn't get released.
It would be nice if the source "head" was a bit more "cooked" but that would involve changing their development pattern which I have no illusions could be rough. In the future the kernel team might change their focus from "adding things" to "securing things" but that is future speculation.
ps. For the historical perspective, isn't this "security" vs "features" the thing that caused the schism in BSD?
I don't care how "nifty" it is but from an IT point of view having any "hot-plug" device used on a computer in the enterprise automatically running things an unvalidated source (the hot-plug device itself) is a security risk. Where did the USB device come from? What does the USB device really do? If a user can't answer some simple questions about this they sure aren't added it to a machine on the network. I will not allow users pluging strange PCI cards into their machines that aren't quite sure what they do. Why should I allow USB to do the same thing?!?
Why are these guys pushing to make this "standard"?? Thanks for more tracking and security headaches guys for the sake of "convience".
I've complained about this in many of
IE should never run unsigned Active X! In fact I say no one should be using Active X at all because it is an antiquated technology but that is another thread. Don't bother asking the user if they want to run it if it violates security. You can alert the user that you've rejected the Active X but never, ever give them the option to just click it away.
This is just more evidence of MS design problems which they won't fix because it messes with their desktop dominance but are more than happy to sell you more software to shore it up. The problem is that IE continually allows sidesteping of simple (and effective) security principles found in IE and the OS. Instead of fixing this they'll bolt more software ontop of it which will come as a cost to the consumer sometime down the road. It might not be in the form of higher MS software prices (*snort*) but at the cost of killing off various "security ISVs" that do good work bringing attention the problems in Windows.
The main reason why grief exists in these games mostly hinges on human nature. The aspect of humanity that really resents being on the short end of the domination chain. This was explored in Lord of the Flies. When the kids come to realize that there is no authority to enforce the cordial rules things go south.
Players who realize that the only real thing at risk is their free time and money will feel a rush from doing questionable things. Their computer becomes their cloak of anonomity. Without some sort of "penality" for being a jerk there is little incentive for some to avoid being jerks. Often times the administrators are overwhelmed or powerless to make rulings let alone enforce penalities so players are left to police themselves.
Games that have large social structures like "guilds" tend to gravitate towards a more stable setup because "player enforced penalities" start to come into play. When leaders start worrying about their group being left out (everyone agrees GuildA55 are jerks and therefore will not share events with them) they are far more likely to be nice and seek comprise than to try and grief and punish everyone against them. Situations like these probably mimic some early human societies and social structures.
Once again technology and MMOGs have shown an interesting side of humanity. I'm sure that there are socialogy majors who could make some interesting thesis out of observed behavior in these virtual worlds.
The GPL is only a license on the program not your works and creations. The code you write belongs to you can be compiled by GCC, a GPL-ed suite of tools. This does not mean the binaries produced are suddenly GPLed nor do you need to distribute the GCC compiler with your code or binaries.
This is one of the big misconceptions of the GPL. That some how everything it touches makes it GPL. If you are an end user and aren't looking at modifying the code then the GPL has no impact on your activities.
That WMP is an application framework completely with an SDK and extentions while Notepad is not. You can build products for WMP that are tightly integrated while Notepad you will have to rely on loosely tied interfaces to drive it.
At its core, Notepad is a tool meant to stand alone while WMP is an application that was meant to be extended. Is it Microsoft that is trying to muddy the waters? If Microsoft is allowed to claim anything they make is a tool for Windows and necessary for the OS then, ironically, it makes being an ISV less attractive for selling product on an open market (but more attractive if you want to be bought out by MS).
This is why WMP is dicey for Windows. If MS has a monopoly then they can leverage that into killing all other media players. If WMP is necessary for Windows to function and therefore a tool then why not the entire Office suite?
I am struck by the audacity of Torr to suggest that you can trust Microsoft install packages but not Mozilla's simply because of signing.
Signing just indicates that the source validates what is packaged. Simply, signed Microsoft install packages come from Microsoft. However this does not indicate anything about the quality of the package. This is the heart of MS's problems since it was never a question of the package source but the quality of content. They've burned so many not by fake IE packaging but by the fact IE is "junk" in the first place. Anything beyond this (all of the malware, hacks, and bugs) is just a side effect of design and code in IE not of the fact IE is a hacked install.
There are legit complaints about the Moz distribution and install proceedure. I would like to see a "self validating" install to insure the package is legit however alone signing isn't the solution. Signing is only useful for indicating the install package has not been tampered. It never indicates whether or not the software installed works. No amount of code signing from MS will fix IE's damaged reputation for misbehaving.
ps. I'm loathe to think Mozilla needs to fork out money to anyone to prove anything. They should be seeking free (beer and freedom) ways of package authentication.