The only reason that it really bothers me (I haven't had much trouble other than the network service being down from the starts), is that their update strategy really kills dial-up users.
Night one: Update CS, play for a while Night two: Update CS, play for a while Night three: Update CS, play for a while
Having to download a patch seemingly everytime you want to play is a real deterrent to guys who are just out there to have fun (I mean, you can't really play CAL matches with a ping of 200 or better).
It's nice to think they *should* have broadband but there was no such requirement when they bought the game, do they really need to worry about it now?
I'm going to make some assumptions here, but your solution was part of the problem.
Anyone who uses SA for high-volume traffic knows that it is slow and a hog - perl, while being useful, is not known for it's speed.
DNSBL + Caching DNS server (such as dnscache, but if you're an ISP you probably have better solutions) will block a heckuva lot of email. Solutions like messagewall take this even further - filtering on headers, attachment extensions, content types and virus checking *while the message is in transit*, did I mention it's lightning fast?
In other words, keeping your guaranteed spam from SA solves a *lot* of your processing issues. I've been a target of "spam bombs" in the past and watched my mail server shoot from < 1 load to > 100 in minutes (I also use FreeBSD). Installing and properly configuring messagewall dropped that processing with a similar bomb kept it around 3. messagewall is truly an amazing piece of software and works with any SMTP server (although you'll get much better performance if your server supports pipelining).
Probably my only beef with messagewall is that it will not work with multiple interfaces on the same system accepting SMTP - I imagine this is fairly rare, but certainly not out of the question. However, a properly configured sendmail installation can do almost everything that messagewall can at the cost of speed and possibly security (messagewall instantly chroots itself and also does all of it's DNS async - it's also very, very small).
The result is that only negatives make it to the content analyzer, that being SA, which after relieving itself of all that processing time analyzing content becomes a much more trivial task. If you're using white/blacklists, moving your databases off to a remote server will also save you load on that server.
Keep in mind that if you're using qmail, running the perl version of qmail-scanner slows things down considerably. I believe magic-smtpd will do what you want, and I've also heard of a C replacement for qmail-scanner. The perl version is remarkably flexible however, and ditching it is definitely something to think about long and hard before committing to.
Not criticism of your work, I'm sure you are well-qualified and justified in your actions, but there's a lot of mail software out there and most of it sucks, so learning about new, good tools can be hard.
Now, there are legitimate uses for these ports (I use a commercial ISP myself and I like to send mail through my TLS-enabled SMTP server).
There's a solution to this problem that's much easier than any major tech solution.
Block anything at the border in and out destined for ports under 1024, except tcp/ftp, tcp/http-ssl and tcp/http. If the user wants other ports open, they can CALL and elevate their account - no web-based ordering.
This solves a few problems:
1) Open relays cannot be used, at least without a tunnel.
2) Lovely phone tech like ANI gives an awesome paper trail for fraudulent accounts.
3) Detecting and stopping is a heck of a lot easier if your group is severely minimized - I might have missed one or two, but most users will never touch anything else under 1024 outside the ISP's network. Heck, with an aggressive, well-configured HTTP proxy none of these ports except for SSL (for privacy concerns) are even required to be outside.
4) E-Mail Viruses that talk straight to MX's will be stopped in their tracks or be forced to communicate with proxies, which can be shut down easily and defeat the whole advantage of using vulnerable hosts.
Yeah, it's draconian, but in reality it only effects a small percentage of users and those users are generally more aware of the consequences - grandma who likes to "surf the web" will probably never even notice.
Having worked on a program that was sending (legitimate, opt-in with the ability to cancel - I'm serious!:)) bulk mail, earthlink, yahoo, AOL and hotmail are not only proactive, but super-anal.
Failing to honor any SMTP code (and sometimes then some more, as the case was with AOL) as intended will get you a temporary ban. I can't remember if it's 2 or 3 strikes, but after that your only recourse generally is a call to their headquarters.
I too am familiar with the UDP escapades - but what I am describing was a year ago (we had a bug (serious!) which was not properly honoring 550's which caused us to learn about their policies), and I doubt it's gotten any more lenient.
Does anyone remember mICQ? They were the first people to reverse engineer the ICQ protocol. Until then, you were forced to use the seriously crappy Java ICQ client if you wanted to use it on anything but windows.
micq however, IMO of course, was a crappy text-based program that had a horrific interface. Really, I would much rather use my IRC client for ICQ than stick with this thing.
And now I can. See, the micq guys caught on and released libicq or libmicq, I can't remember at this point. I imagine a good portion of this code is still in libgaim.
The point is though, that others took libicq and applied their UI design skills and made very useful programs out of it.
And this is what I get in libgaim.
I'm not a fan of how you have to contort gaim or work on a specific system with specific plugins to keep windows from popping up on you while you're typing. (I will admit it's been a while since I used gaim, so this climate may have changed)
However, if you wanted the best support for the various networks out there, GAIM is the way to go.
libgaim allows me to get rid of the (IMO again) clunky interface and replace it with something else. On the mac, my workstation, I use AdiumX, but before I used Fire (no link, sorry). Both are libgaim-based which means that the advances in this library (especially recently as YIM and MSN seem to change their protocols hourly) are almost instantly integrated into the front-end of my choice. The 'hive mind' mentality here is very effective.
I *really* wish that more people working on protocols would do this - right now, several HTTP libraries are available but developers refuse to settle on one - I hope apr solves this once and for all. I don't want to worry as a developer about the idiosyncracies of apr, libwww, and others when developing a web app.
Object brokers are another example. If I install GNOME, KDE, and any other app that uses an ORB, chances are I have many ORBs on my system - for what reason? Those "extra" features that the developer can't live without. I know GNOME and KDE are finally working on making it cross-platform (in the GUI sense), but this provides another good example.
Do what you like at the GUI or application level - but normalize the libraries (and make MORE of them that meet specific, unique needs so they can be chained together). This gives the developer a reasonable notion of stability at the library and API layer, and the user a reasonable notion of functionality. Also portability, security, and enhancements come quicker and cheaper because more eyes are looking at the same code. Fix a buffer overflow? Well, you've fixed it in 20 programs instead of one. Doesn't that make everyone happy?
Sorry for the rant. I just feel the need to talk about important topics on my mind that no one will listen to or care about because they're buried at the bottom of a slashdot forum.:)
Apache has had it's fair share of exploits. It's also a program with no implied warranty for a reason - the developers who work on it offer no service or support, no guarantee that it will be available next week. Also, they hold no sublety in the fact that they release development versions. In reality, apache could stop development or turn into a mail server tomorrow, and that would just be a fact of life, which was my point with free programs. 'Fix it yourself' is a way of life for free programs - not just a silly mantra people spout when they have no better answer.
A vendor is a business with an expectation of professionalism. Just like the airline pilot or the mechanic, they should be expected to be proficient in their trade and deliver.
Of course, there's nothing stopping a commercial company to provide support and development for apache, and IIRC many companies do. Buying apache from these vendors provides the expectation to the customer that they are recieving a quality product.
Who allowed you or the virus to infect the program? Viruses don't just appear out of thin air. Chances are, you allowed the virus to infect the program, or a vendor with insecure code did, or a combination of both. Being a person that has used DOS and Windows for around 14 years and only being infected (and nothing stopping it from happening) once, I know this is much easier to prevent than people make it out to be. Besides, if a vendor is releasing virus-laden code, they should be punished. OTOH, if you run "virtualstripper.exe" and it infects your copy of MS Office, perhaps you're looking at the wrong vendor. Make sense now?
My point is, they do have control how the program is used. They did write it after all, they know what it's capable of, and it's their own damned fault if it's broken.
For the most part I agree with you. However, if you attach that spare tire poorly and go on the freeway with it, your insurance is going to laugh at you, and you might have worse happen if you hurt anyone else.
That's why there's this trade called an automobile mechanic.
Short answer: if people install or write software on their computer that allows holes that allow these types of compromises possible, they should be bludgeoned for it. If the vendor fucks up, they should be liable. Of course, I think it's important to differentiate between free and commercial programs, as a free program would fall into the first category.
Installing new software creates a situation of more complexity. Users who install their own software take their computers into their own hands - and vendors who are feature-oriented but not security-minded are careless. I would give anything to see less features and more existing code audits.
Deluding yourself into thinking that a computer is "easy to use" at this point is senseless. Cars are "easy to use", but most governments require licenses to use them - it takes a certain amount of skill to operate them properly, and well-defined rules are kept to insure that everyone is on a common ground with what is acceptable and unacceptable. When these rules are discovered broken, the offender has his license yanked. Even a 4 year old with a lower-than-average IQ can figure out how to push the gas and move the steering wheel.
It would be another thing entirely if everyone was using thin clients and some professional was doing all of the system maintenance, but no, that's not how it is. People still continue to connect very broken windows and unix machines directly to the internet, a practice that's practically encouraged by some ISP's.
Your airline argument is flawed - the airline comps quite a bit of change when an accident happens, because there is a notion of professionalism, qualification, and security.
Just like when the auto mechanic fucks up, if you can prove it.
It's more like what work it's keeping me from being able to do.
Let's say I want to evaluate several large programs.
I can emerge/use ports for all of them, or I can pkg_add -r and play with them now. All the builds in the package repository are well-tested and I can be sure if the program is going to work at all, it's going to work with pkg_add installation.
I can't recall a time where I've been prompted for interaction with pkg_add, but I'm sure it's possible.
OTOH, with a minimal freebsd install I can configure the machine with a base system already installed and pre-configured while I'm adding any other software.
Another good example:
Shit has hit the fan/boss is hanging over my neck/whatever. I need to install program X to get my work done, money is being lost, customers are frustrated, whatever.
Do I want my program 2 hours from now? No. I want it yesterday. pkg_add/apt/yast/any other binary package installer that resolves dependencies gives me that power, and it's guaranteed to work.
And like I said, twiddling every bit to get your whopping 5% performance increase or less really means jack squat when you're doing a server build. Heck, for all the time your boss spent paying you to tweak gentoo to get that performance boost, he could have spent a 1/4 of that on more ram, faster drives/processor, whatever. Besides, real performance comes from properly architecting your farm, if you're relying on that 5% boost to serve more pages/process more mail/whatever, you're going to be surprised when it really hits the fan.
A binary/source based distro (I know of no package format these days that is binary-only, unless slackware still uses pkgtool and tar.gz packages) has more benefits than just quick installation, as well.
Need to roll out a custom version of package X? Compile once/package/distribute.
So tell me again how this causes YOU anymore work? It doesn't it simply takes advantage of your (probably) mostly idle system, and does a little more than copying files from a CD/ftp mirror to your hard disk.
I apologize for my laughter.
You do know that compiles take processor time, right? Generally they peg the processor for a good deal of time and in many cases, use a good deal of memory. Hope you're not doing anything important when that's going on.
Really though, if gentoo is good for you, great. Enjoy playing with use flags with experimental compilers on your overpriced workstation while I get real work done.:)
3D acceleration is quite different from a simple 2D setup. Sax2 comes from SuSE and I have never had a problem configuring my ATI cards with it - of course, as soon as I started tinkering with the proprietary ATI drivers to get the 3D acceleration, things started going sour very quickly.
Ugh. I've done the gentoo install several times, then I found this great routine to make it faster:
1) Download 2 floppies containing the FreeBSD install 2) FTP install "minimal" distribution - on a nice cable connection this whole process takes about 10 minutes. 3) Reboot 4) pkg_add -r cvsup 5) Copy and edit/usr/share/examples/stable-supfile (if you want ports, ports-supfile as well) 6) cvsup stable-supfile 7) configure kernel and world 8) shutdown now (single user mode) 9) edit/etc/defaults/make.conf 10) mergemaster -p, make installworld, mergemaster 11) Reboot
No partition bullshit, full install available WHILE you're "tricking out your system" (read: the system can be configured WHILE you're doing all that compile B.S.), and 90% of the real work is done for you. You need 2 floppies to start. And I'll take ports over portage any day of the week, because when I want gnome, I type this:
pkg_add -r gnome (or something similar)
and it doesn't take 3 weeks to install it.
(I apologize for sounding so rude - it's just beyond me why people actually put so much work into getting that whopping 5% speed increase or whatever - all that time lost compiling crap could be used getting actual work done on the system.)
Not to be the boring pedantic geek here, but Windows 3.1 didn't have a blue screen, when it crashed you got a dos prompt or a screen that didn't do anything.
I'd rather have a system designed for experts when I need it, and a system that's easy to use when I need it, rather than an all in one system where I have to be an expert when it's easy and trick the system into letting me be an expert when I want to.
Different systems for different purposes. I don't use UNIX to play games, I use it to run servers and workstations.
The PVR idea is neat because it seems when it's setup it's done and you don't have to touch it anymore, unless you want to make additions or upgrade. This fits more of a "server" role for me.
I just don't get the "violent games are bad" argument.
Is anyone getting hurt? Perhaps they are hurting themselves buying better and faster computers and internet connections, but that's about it. I'd rather have my friends and family play violent video games than go to war anytime. I don't think I've seen anyone physically hurt playing violent video games, but I have seen people hurt gambling - yet that's more popular than video games by a large margin.
Please spare me the "0.001% of all video gamers dress in black trenchcoats and assualt high schools" argument, thanks.
Re:Microsoft. Software patents. Mono
on
Ballmer on Linux
·
· Score: 2, Insightful
You know, normally I would agree with you - then I did some research.
C# is ECMA standard - really, you don't need a C# book, just download the damned standard - it's not that hard of a read for anyone who's a seasoned programmer.
Don't like the.NET architecture (for whatever reason) but want to keep your C# code around? Rework the compiler. If you don't think the mono guys don't already know this can be done, think again.
CLR and friends are microsoft standards, not unlike JCP for Java (and sun by proxy)..NET's class library, microsoft pulls no punches with - they are very clear that it is proprietary, but you can't even copyright (much less patent) a library API, so that was easy to defeat - which means that mono for the most part has a very, very similar replica of the MS-supplied.NET architecture. dotGNU and Portable.NET are hard at work filling in the cracks that mono hasn't addressed.
Realistically, if microsoft pulled out the lawyer card, they would not only lose, but if mono gained mass acceptance due to being a superior cross-platform product, the mono guys merely have to change the CLR spec and Microsoft would be the ones left with their dicks in their hands.
C#, CLR and.NET, from a purely technical view, are very sound and I relish at the idea that I can program my libraries in Managed C++ or C# and give that solid code that benefits from my experience to someone in a more junior role with less experience writing the glue in VB or whatever. I hate writing glue.
The interference issue was the reason I brought up safety. It may be overblown, but your chances of surviving a airplane crash are pretty slim at best, I'd rather not take the chance.
As for the other places, it's annoying.
It's very annoying when my co-worker has the polyphonic knight-rider theme at full volume and gets calls repeatedly because his cell phone drops calls. He talks quiet, sure, but I've already been distracted. Repeated requests to put it on vibrate are ignored, but that's the least of my problems with him - he obviously has no interest in doing anything that doesn't benefit him directly, the same attitude that I see with a lot of people who use cell phones at all in the places you reference: nothing like having to wait in line for an extra 5 minutes at your fast food restaurant because some jackass is taking a call and not placing his order and holding up everyone else's lunch break. Loud or not, that's annoying.
I could care less - what I'm saying is that making a stink has not ever nor ever will change the way articles are chosen.
Posting here to complain gives them ad impressions from your post and the posts that follow it - are you really doing anything but lining their wallets?
Not really.
Don't like it, vote with your wallet by not paying AND not reading.
One night I was with my wife, driver her mother's car, and it was foggy in the willamette valley, which is a very long stretch of road not unlike I-5 in the central valley area of California. I was pretty much all by myself.
Anyways, my eyes were glued to the road and not to the speedometer, the fog was so dense. Little did I know I went from my trusty 65-70 MPH to to around 110 MPH because I had trouble seeing things pass me, and the car was pretty silent.
My guess is that the fog helped cause the accident, but there was a car broken down right in the middle of my 2 lanes of the 4 lane highway. I got lucky and didn't kill myself, my sleeping wife, or anyone involved in that accident.
Reaction time is more of a concern with speeding than any car safety issue if you get in a wreck. We have a 55 MPH zone near my place on the freeway and it's a noticable step down - I feel like I'm driving in a residential area relatively, and that's a 10 MPH decrease in speed. And you're talking about nearly double the speed limit?
You are a fool, and the reason that if my rates aren't high enough now, an accident with some jerk like you will make them higher.
Pilots go to school to be trained to fly a plane. In oregon where I live, such "training" to drive is voluntary, and it's obvious anytime you get on the freeway.
Also, pilots lose more than just their license when they send 200 people to their potential deaths - they can lose their job before they even make it off the runway.
All sorts of instrumentation is required to run an airplane. This, and the chassis and other portions of the airplane that control the flight must be diagnosed and maintained/repaired on a frequent basis. There is no equivalent law for motorists, unless you count the DEQ as somehow affecting the "safety" of your vehicle. Sure, there are street legal rules, but any off the lot car is pretty much guaranteed legal (without aftermarket mods) these days.
Long flights require that multiple pilots be at the helm. How many times have we seen accidents because people were too tired to drive and continued anyways? Even with "break" regulations (for truckers and bus drivers, for instance), time constraints and pressure from passengers or authority can waive these rules with little resistance.
Really, this argument is a joke. If it didn't have to do with the fact that when the pilot eventually does fuck up that my chances are living were slim to none, I would never drive.
Hah - I've been on/. since before accounts, when you had to type in your name each time you wanted to post - has it really been 6 years?
Either way, this is nothing new, not likely to change, deal with it. Dupe comments/frustration/articles are the "circle of slashdot" and should just be dealt with in one of two ways - accept it or ignore it.
As for slashcode, 3 months of downtime is hardly something to complain about.
And I do believe they'll make sure you pay for it.
Car Insurance is mandatory in my state - which means I don't have the opt-out option - either my freedom or my wallet (and by proxy, my freedom) is compromised.
I know sendmail is ubiquitous and popular and all that, but the sites that send a lot of email do not rely on it. AOL/Earthlink/PeoplePC etc, I don't know what they use as I don't get email from anoyne that uses these services.
Really, I think this "standards war" is going to revolve around what the big email box sites are going to be using - MS and Yahoo already have their own, proprietary "standards" in place (for the people checking out domain keys, keep in mind that Yahoo retains all rights to control future revisions) - realistically, SPF has the best chance because neither will want to invest in the other's system, fearing lock-in.
Slashdot Mirror
The only reason that it really bothers me (I haven't had much trouble other than the network service being down from the starts), is that their update strategy really kills dial-up users.
Night one: Update CS, play for a while
Night two: Update CS, play for a while
Night three: Update CS, play for a while
Having to download a patch seemingly everytime you want to play is a real deterrent to guys who are just out there to have fun (I mean, you can't really play CAL matches with a ping of 200 or better).
It's nice to think they *should* have broadband but there was no such requirement when they bought the game, do they really need to worry about it now?
I'm going to make some assumptions here, but your solution was part of the problem.
Anyone who uses SA for high-volume traffic knows that it is slow and a hog - perl, while being useful, is not known for it's speed.
DNSBL + Caching DNS server (such as dnscache, but if you're an ISP you probably have better solutions) will block a heckuva lot of email. Solutions like messagewall take this even further - filtering on headers, attachment extensions, content types and virus checking *while the message is in transit*, did I mention it's lightning fast?
In other words, keeping your guaranteed spam from SA solves a *lot* of your processing issues. I've been a target of "spam bombs" in the past and watched my mail server shoot from < 1 load to > 100 in minutes (I also use FreeBSD). Installing and properly configuring messagewall dropped that processing with a similar bomb kept it around 3. messagewall is truly an amazing piece of software and works with any SMTP server (although you'll get much better performance if your server supports pipelining).
Probably my only beef with messagewall is that it will not work with multiple interfaces on the same system accepting SMTP - I imagine this is fairly rare, but certainly not out of the question. However, a properly configured sendmail installation can do almost everything that messagewall can at the cost of speed and possibly security (messagewall instantly chroots itself and also does all of it's DNS async - it's also very, very small).
The result is that only negatives make it to the content analyzer, that being SA, which after relieving itself of all that processing time analyzing content becomes a much more trivial task. If you're using white/blacklists, moving your databases off to a remote server will also save you load on that server.
Keep in mind that if you're using qmail, running the perl version of qmail-scanner slows things down considerably. I believe magic-smtpd will do what you want, and I've also heard of a C replacement for qmail-scanner. The perl version is remarkably flexible however, and ditching it is definitely something to think about long and hard before committing to.
Not criticism of your work, I'm sure you are well-qualified and justified in your actions, but there's a lot of mail software out there and most of it sucks, so learning about new, good tools can be hard.
ISP accounts are cheap.
Now, there are legitimate uses for these ports (I use a commercial ISP myself and I like to send mail through my TLS-enabled SMTP server).
There's a solution to this problem that's much easier than any major tech solution.
Block anything at the border in and out destined for ports under 1024, except tcp/ftp, tcp/http-ssl and tcp/http. If the user wants other ports open, they can CALL and elevate their account - no web-based ordering.
This solves a few problems:
1) Open relays cannot be used, at least without a tunnel.
2) Lovely phone tech like ANI gives an awesome paper trail for fraudulent accounts.
3) Detecting and stopping is a heck of a lot easier if your group is severely minimized - I might have missed one or two, but most users will never touch anything else under 1024 outside the ISP's network. Heck, with an aggressive, well-configured HTTP proxy none of these ports except for SSL (for privacy concerns) are even required to be outside.
4) E-Mail Viruses that talk straight to MX's will be stopped in their tracks or be forced to communicate with proxies, which can be shut down easily and defeat the whole advantage of using vulnerable hosts.
Yeah, it's draconian, but in reality it only effects a small percentage of users and those users are generally more aware of the consequences - grandma who likes to "surf the web" will probably never even notice.
Having worked on a program that was sending (legitimate, opt-in with the ability to cancel - I'm serious! :)) bulk mail, earthlink, yahoo, AOL and hotmail are not only proactive, but super-anal.
Failing to honor any SMTP code (and sometimes then some more, as the case was with AOL) as intended will get you a temporary ban. I can't remember if it's 2 or 3 strikes, but after that your only recourse generally is a call to their headquarters.
I too am familiar with the UDP escapades - but what I am describing was a year ago (we had a bug (serious!) which was not properly honoring 550's which caused us to learn about their policies), and I doubt it's gotten any more lenient.
Just some food for thought.
Ah!
I swear I remember programs using it for HTTP access, but I must have been confused.
Thanks for the clarification.
I'm not a big fan of GAIM the client.
:)
However, I'm a huge fan of libgaim.
Does anyone remember mICQ? They were the first people to reverse engineer the ICQ protocol. Until then, you were forced to use the seriously crappy Java ICQ client if you wanted to use it on anything but windows.
micq however, IMO of course, was a crappy text-based program that had a horrific interface. Really, I would much rather use my IRC client for ICQ than stick with this thing.
And now I can. See, the micq guys caught on and released libicq or libmicq, I can't remember at this point. I imagine a good portion of this code is still in libgaim.
The point is though, that others took libicq and applied their UI design skills and made very useful programs out of it.
And this is what I get in libgaim.
I'm not a fan of how you have to contort gaim or work on a specific system with specific plugins to keep windows from popping up on you while you're typing. (I will admit it's been a while since I used gaim, so this climate may have changed)
However, if you wanted the best support for the various networks out there, GAIM is the way to go.
libgaim allows me to get rid of the (IMO again) clunky interface and replace it with something else. On the mac, my workstation, I use AdiumX, but before I used Fire (no link, sorry). Both are libgaim-based which means that the advances in this library (especially recently as YIM and MSN seem to change their protocols hourly) are almost instantly integrated into the front-end of my choice. The 'hive mind' mentality here is very effective.
I *really* wish that more people working on protocols would do this - right now, several HTTP libraries are available but developers refuse to settle on one - I hope apr solves this once and for all. I don't want to worry as a developer about the idiosyncracies of apr, libwww, and others when developing a web app.
Object brokers are another example. If I install GNOME, KDE, and any other app that uses an ORB, chances are I have many ORBs on my system - for what reason? Those "extra" features that the developer can't live without. I know GNOME and KDE are finally working on making it cross-platform (in the GUI sense), but this provides another good example.
Do what you like at the GUI or application level - but normalize the libraries (and make MORE of them that meet specific, unique needs so they can be chained together). This gives the developer a reasonable notion of stability at the library and API layer, and the user a reasonable notion of functionality. Also portability, security, and enhancements come quicker and cheaper because more eyes are looking at the same code. Fix a buffer overflow? Well, you've fixed it in 20 programs instead of one. Doesn't that make everyone happy?
Sorry for the rant. I just feel the need to talk about important topics on my mind that no one will listen to or care about because they're buried at the bottom of a slashdot forum.
Not trying to be rude, but they're still in business. The article you posted is from 2001. And it looks like they actually have product.
What is the point here?
Phantom website
Infinium Labs, Inc. was founded by a management team...
That's all I need to hear.
Uh, ok, I'll say this one more time:
Viruses don't get there by themselves.
Vendors who did not facilitate distribution of the virus are not responsible.
If a user runs a executable that contains a virus, they have facilitated it themselves.
Capice?
Strangely, I remember a world where people actually had to RUN PROGRAMS to get viruses on their systems.
Apache has had it's fair share of exploits. It's also a program with no implied warranty for a reason - the developers who work on it offer no service or support, no guarantee that it will be available next week. Also, they hold no sublety in the fact that they release development versions. In reality, apache could stop development or turn into a mail server tomorrow, and that would just be a fact of life, which was my point with free programs. 'Fix it yourself' is a way of life for free programs - not just a silly mantra people spout when they have no better answer.
A vendor is a business with an expectation of professionalism. Just like the airline pilot or the mechanic, they should be expected to be proficient in their trade and deliver.
Of course, there's nothing stopping a commercial company to provide support and development for apache, and IIRC many companies do. Buying apache from these vendors provides the expectation to the customer that they are recieving a quality product.
Who allowed you or the virus to infect the program? Viruses don't just appear out of thin air. Chances are, you allowed the virus to infect the program, or a vendor with insecure code did, or a combination of both. Being a person that has used DOS and Windows for around 14 years and only being infected (and nothing stopping it from happening) once, I know this is much easier to prevent than people make it out to be. Besides, if a vendor is releasing virus-laden code, they should be punished. OTOH, if you run "virtualstripper.exe" and it infects your copy of MS Office, perhaps you're looking at the wrong vendor. Make sense now?
My point is, they do have control how the program is used. They did write it after all, they know what it's capable of, and it's their own damned fault if it's broken.
For the most part I agree with you. However, if you attach that spare tire poorly and go on the freeway with it, your insurance is going to laugh at you, and you might have worse happen if you hurt anyone else.
That's why there's this trade called an automobile mechanic.
Short answer: if people install or write software on their computer that allows holes that allow these types of compromises possible, they should be bludgeoned for it. If the vendor fucks up, they should be liable. Of course, I think it's important to differentiate between free and commercial programs, as a free program would fall into the first category.
Installing new software creates a situation of more complexity. Users who install their own software take their computers into their own hands - and vendors who are feature-oriented but not security-minded are careless. I would give anything to see less features and more existing code audits.
Deluding yourself into thinking that a computer is "easy to use" at this point is senseless. Cars are "easy to use", but most governments require licenses to use them - it takes a certain amount of skill to operate them properly, and well-defined rules are kept to insure that everyone is on a common ground with what is acceptable and unacceptable. When these rules are discovered broken, the offender has his license yanked. Even a 4 year old with a lower-than-average IQ can figure out how to push the gas and move the steering wheel.
It would be another thing entirely if everyone was using thin clients and some professional was doing all of the system maintenance, but no, that's not how it is. People still continue to connect very broken windows and unix machines directly to the internet, a practice that's practically encouraged by some ISP's.
Your airline argument is flawed - the airline comps quite a bit of change when an accident happens, because there is a notion of professionalism, qualification, and security.
Just like when the auto mechanic fucks up, if you can prove it.
It's more like what work it's keeping me from being able to do.
:)
Let's say I want to evaluate several large programs.
I can emerge/use ports for all of them, or I can pkg_add -r and play with them now. All the builds in the package repository are well-tested and I can be sure if the program is going to work at all, it's going to work with pkg_add installation.
I can't recall a time where I've been prompted for interaction with pkg_add, but I'm sure it's possible.
OTOH, with a minimal freebsd install I can configure the machine with a base system already installed and pre-configured while I'm adding any other software.
Another good example:
Shit has hit the fan/boss is hanging over my neck/whatever. I need to install program X to get my work done, money is being lost, customers are frustrated, whatever.
Do I want my program 2 hours from now? No. I want it yesterday. pkg_add/apt/yast/any other binary package installer that resolves dependencies gives me that power, and it's guaranteed to work.
And like I said, twiddling every bit to get your whopping 5% performance increase or less really means jack squat when you're doing a server build. Heck, for all the time your boss spent paying you to tweak gentoo to get that performance boost, he could have spent a 1/4 of that on more ram, faster drives/processor, whatever. Besides, real performance comes from properly architecting your farm, if you're relying on that 5% boost to serve more pages/process more mail/whatever, you're going to be surprised when it really hits the fan.
A binary/source based distro (I know of no package format these days that is binary-only, unless slackware still uses pkgtool and tar.gz packages) has more benefits than just quick installation, as well.
Need to roll out a custom version of package X? Compile once/package/distribute.
So tell me again how this causes YOU anymore work? It doesn't it simply takes advantage of your (probably) mostly idle system, and does a little more than copying files from a CD/ftp mirror to your hard disk.
I apologize for my laughter.
You do know that compiles take processor time, right? Generally they peg the processor for a good deal of time and in many cases, use a good deal of memory. Hope you're not doing anything important when that's going on.
Really though, if gentoo is good for you, great. Enjoy playing with use flags with experimental compilers on your overpriced workstation while I get real work done.
3D acceleration is quite different from a simple 2D setup. Sax2 comes from SuSE and I have never had a problem configuring my ATI cards with it - of course, as soon as I started tinkering with the proprietary ATI drivers to get the 3D acceleration, things started going sour very quickly.
Ugh. I've done the gentoo install several times, then I found this great routine to make it faster:
/usr/share/examples/stable-supfile (if you want ports, ports-supfile as well) /etc/defaults/make.conf
1) Download 2 floppies containing the FreeBSD install
2) FTP install "minimal" distribution - on a nice cable connection this whole process takes about 10 minutes.
3) Reboot
4) pkg_add -r cvsup
5) Copy and edit
6) cvsup stable-supfile
7) configure kernel and world
8) shutdown now (single user mode)
9) edit
10) mergemaster -p, make installworld, mergemaster
11) Reboot
No partition bullshit, full install available WHILE you're "tricking out your system" (read: the system can be configured WHILE you're doing all that compile B.S.), and 90% of the real work is done for you. You need 2 floppies to start. And I'll take ports over portage any day of the week, because when I want gnome, I type this:
pkg_add -r gnome (or something similar)
and it doesn't take 3 weeks to install it.
(I apologize for sounding so rude - it's just beyond me why people actually put so much work into getting that whopping 5% speed increase or whatever - all that time lost compiling crap could be used getting actual work done on the system.)
Not to be the boring pedantic geek here, but Windows 3.1 didn't have a blue screen, when it crashed you got a dos prompt or a screen that didn't do anything.
Or the lovely "GPF".
I'd rather have a system designed for experts when I need it, and a system that's easy to use when I need it, rather than an all in one system where I have to be an expert when it's easy and trick the system into letting me be an expert when I want to.
Different systems for different purposes. I don't use UNIX to play games, I use it to run servers and workstations.
The PVR idea is neat because it seems when it's setup it's done and you don't have to touch it anymore, unless you want to make additions or upgrade. This fits more of a "server" role for me.
I just don't get the "violent games are bad" argument.
Is anyone getting hurt? Perhaps they are hurting themselves buying better and faster computers and internet connections, but that's about it. I'd rather have my friends and family play violent video games than go to war anytime. I don't think I've seen anyone physically hurt playing violent video games, but I have seen people hurt gambling - yet that's more popular than video games by a large margin.
Please spare me the "0.001% of all video gamers dress in black trenchcoats and assualt high schools" argument, thanks.
You know, normally I would agree with you - then I did some research.
.NET architecture (for whatever reason) but want to keep your C# code around? Rework the compiler. If you don't think the mono guys don't already know this can be done, think again.
.NET's class library, microsoft pulls no punches with - they are very clear that it is proprietary, but you can't even copyright (much less patent) a library API, so that was easy to defeat - which means that mono for the most part has a very, very similar replica of the MS-supplied .NET architecture. dotGNU and Portable.NET are hard at work filling in the cracks that mono hasn't addressed.
.NET, from a purely technical view, are very sound and I relish at the idea that I can program my libraries in Managed C++ or C# and give that solid code that benefits from my experience to someone in a more junior role with less experience writing the glue in VB or whatever. I hate writing glue.
C# is ECMA standard - really, you don't need a C# book, just download the damned standard - it's not that hard of a read for anyone who's a seasoned programmer.
Don't like the
CLR and friends are microsoft standards, not unlike JCP for Java (and sun by proxy).
Realistically, if microsoft pulled out the lawyer card, they would not only lose, but if mono gained mass acceptance due to being a superior cross-platform product, the mono guys merely have to change the CLR spec and Microsoft would be the ones left with their dicks in their hands.
C#, CLR and
The interference issue was the reason I brought up safety. It may be overblown, but your chances of surviving a airplane crash are pretty slim at best, I'd rather not take the chance.
As for the other places, it's annoying.
It's very annoying when my co-worker has the polyphonic knight-rider theme at full volume and gets calls repeatedly because his cell phone drops calls. He talks quiet, sure, but I've already been distracted. Repeated requests to put it on vibrate are ignored, but that's the least of my problems with him - he obviously has no interest in doing anything that doesn't benefit him directly, the same attitude that I see with a lot of people who use cell phones at all in the places you reference: nothing like having to wait in line for an extra 5 minutes at your fast food restaurant because some jackass is taking a call and not placing his order and holding up everyone else's lunch break. Loud or not, that's annoying.
Yes, I want a cookie.
I could care less - what I'm saying is that making a stink has not ever nor ever will change the way articles are chosen.
Posting here to complain gives them ad impressions from your post and the posts that follow it - are you really doing anything but lining their wallets?
Not really.
Don't like it, vote with your wallet by not paying AND not reading.
Here's a great example of why that's bad.
One night I was with my wife, driver her mother's car, and it was foggy in the willamette valley, which is a very long stretch of road not unlike I-5 in the central valley area of California. I was pretty much all by myself.
Anyways, my eyes were glued to the road and not to the speedometer, the fog was so dense. Little did I know I went from my trusty 65-70 MPH to to around 110 MPH because I had trouble seeing things pass me, and the car was pretty silent.
My guess is that the fog helped cause the accident, but there was a car broken down right in the middle of my 2 lanes of the 4 lane highway. I got lucky and didn't kill myself, my sleeping wife, or anyone involved in that accident.
Reaction time is more of a concern with speeding than any car safety issue if you get in a wreck. We have a 55 MPH zone near my place on the freeway and it's a noticable step down - I feel like I'm driving in a residential area relatively, and that's a 10 MPH decrease in speed. And you're talking about nearly double the speed limit?
You are a fool, and the reason that if my rates aren't high enough now, an accident with some jerk like you will make them higher.
Pilots go to school to be trained to fly a plane. In oregon where I live, such "training" to drive is voluntary, and it's obvious anytime you get on the freeway.
Also, pilots lose more than just their license when they send 200 people to their potential deaths - they can lose their job before they even make it off the runway.
All sorts of instrumentation is required to run an airplane. This, and the chassis and other portions of the airplane that control the flight must be diagnosed and maintained/repaired on a frequent basis. There is no equivalent law for motorists, unless you count the DEQ as somehow affecting the "safety" of your vehicle. Sure, there are street legal rules, but any off the lot car is pretty much guaranteed legal (without aftermarket mods) these days.
Long flights require that multiple pilots be at the helm. How many times have we seen accidents because people were too tired to drive and continued anyways? Even with "break" regulations (for truckers and bus drivers, for instance), time constraints and pressure from passengers or authority can waive these rules with little resistance.
Really, this argument is a joke. If it didn't have to do with the fact that when the pilot eventually does fuck up that my chances are living were slim to none, I would never drive.
Hah - I've been on /. since before accounts, when you had to type in your name each time you wanted to post - has it really been 6 years?
Either way, this is nothing new, not likely to change, deal with it. Dupe comments/frustration/articles are the "circle of slashdot" and should just be dealt with in one of two ways - accept it or ignore it.
As for slashcode, 3 months of downtime is hardly something to complain about.
And I do believe they'll make sure you pay for it.
Car Insurance is mandatory in my state - which means I don't have the opt-out option - either my freedom or my wallet (and by proxy, my freedom) is compromised.
Hotmail runs it's own proprietary SMTP server.
Yahoo! uses qmail (heavily modified, I believe).
I don't know what GMail uses.
I know sendmail is ubiquitous and popular and all that, but the sites that send a lot of email do not rely on it. AOL/Earthlink/PeoplePC etc, I don't know what they use as I don't get email from anoyne that uses these services.
Really, I think this "standards war" is going to revolve around what the big email box sites are going to be using - MS and Yahoo already have their own, proprietary "standards" in place (for the people checking out domain keys, keep in mind that Yahoo retains all rights to control future revisions) - realistically, SPF has the best chance because neither will want to invest in the other's system, fearing lock-in.