I would not be surprised that there are a lot of programmers today who aren't necessarily people who got a formal education in development but grew into the position.
This isn't actually that different from how a lot of people ended up in COBOL development, which also refuses to die. I did it for a few years straight out of university and had studied Software Eng., but I was definitely in the minority.
The point is not to teach computer repair per se, but to ensure that users are able to repair their OLPC and thus save maintenance costs for the program as they don't have to sent someone out.
If it were as simple as just applying the RFC for generic URIs this would never have snowballed the way it has. The point is that 3rd party applications can still be and will continue to be vulnerable in this manner if they don't validate URI's from untrusted sources. I suspect the reason URIs were left unvalidated by ShellExec in the first place may have been that if you put generic validation there 3rd parties could well get lazy and fail to do their own further validation (with the additional context of whatever URI type they are specifically interested in), which as it turns out is what many fail to do anyway.
Even if ShellExec is extended to validate URIs under the generic spec (which from my read of the provided articles looks like what MS are doing) what is valid in a generic sense may still be just as invalid (or even in some cases dangerous) given the contect of a specific URI type.
Ok, say Microsoft did decide to handle that and validate the http protocol URI's. What about the umpteen other URI types that can be exploited in the same manner?
Would you expect Microsoft to work out what constitutes 'valid' for each of these too (many of which may well be wholely and solely products of 3rd party vendors)? Or would you expect that they just handle the common ones like http?
If the later then who gets to decide what is common or valid, and who is to blame later on when third party X changes what is 'valid' for a given URI type?
I agree, and think a lot of people follow this model. If an album I download is good enough that I keep listening to it then I have historically always done the right thing in the end and bought the CD (from the merch stands at gigs, where possible, but that is not always realistic).
True enough, but as pointed out by the other poster there is hardware that was supported by the 2.4 kernel and not 2.6. For many of these devices someone will have made a new or updated driver for it, but no doubt there are some that have slipped through the cracks (this, combined with speed concerns, is why some people oftem recommend using a 2.4 or even 2.2 kernel on older hardware).
As for the comment regarding RHEL. I would recommend using an unbranded release like CentOS to first test that your hardware is supported by the distribution. Then once you've ascertained that it fills your needs buy RHEL and the associated support contract if you intend to deploy in an environment where you need it.
People are paid to break things in Fedora? Like, someone is given money and told "break Fedora", and this happens, and no one does anything about it?
Where did I say anything about being paid to do it?
IMHO, disagreeing with the development goals of a distro is a fine complaint about that distro. "Another distro is based on it" is not a good complaint, especially when your favored distro is the base for many other distros.
Nobody is complaining that 'another distro is based on it', the complaint is that one is being developed solely as a testing ground for the other. This is always going to be a problem when you have large companies sponsoring a distro but also marketing an 'Enterprisey' one based off it. People using the former are always going to feel dirty because essentially a company is leveraging their bug reports etc. for a profit in support contracts.
I'm not saying I agree with that view on things, I was simply explaining the original viewpoint being offered by someone else, which is a fairly common one (at least in the Fedora community, I don't have much/any involvement with SuSE).
I do however keenly await finding out what my favored distro is, given I currently have Fedora Core 5 on my work machine and am running Debian inside the VMs I use on a daily basis.
So wait-- you seem to be saying that you like using Debian because there aren't any other organizations who are taking Debian, altering it, and using it as a base for their own distro...?
No, he's saying that he likes using Debian because unlike say Fedora the development team aren't under an active mandate to break things and test them on users with the sole purpose of refining them for upstreaming to another project (which people, in the case of Fedora, actually pay for).
P.S. Yes another full stop in there somewhere would have been great, apologies to the grammar nazi's;)
Indeed. For some reason multiple people in this thread appear to have missed this. Realistically if they didn't think there was a possibility for other prosecutions the police wouldn't have bothered looking at it at all.
It's not so much that it's using ram, as you say, if nothing else is using it who cares? But rather that when it is using a lot of ram it also seems to make the entire computer slow down, killing firefox and restarting it generally fixes this. On average I'd probably run into this a few times a week.
Like the GP I also need to kill it every few days because it is using abhorent amounts of RAM and generally running like shit. Luckily SessionSaver brings back any 'meaning to read...' pages for me.
Slashdot Mirror
I would not be surprised that there are a lot of programmers today who aren't necessarily people who got a formal education in development but grew into the position.
This isn't actually that different from how a lot of people ended up in COBOL development, which also refuses to die. I did it for a few years straight out of university and had studied Software Eng., but I was definitely in the minority.
Luckily "Spherical Cow", which is much more sensible. won the vote for Fedora 18. http://lists.fedoraproject.org/pipermail/announce/2012-April/003067.html
How many Superjet 100s crashed on the first few take offs? 0. There had been 90 successful flights as early as 2009, let alone now.
This wasn't the first flight of this aircraft either, that was ~2008, and even on the day in question it had already done one.
The point is not to teach computer repair per se, but to ensure that users are able to repair their OLPC and thus save maintenance costs for the program as they don't have to sent someone out.
You must have missed the browser wars then.
anyone?
If it were as simple as just applying the RFC for generic URIs this would never have snowballed the way it has. The point is that 3rd party applications can still be and will continue to be vulnerable in this manner if they don't validate URI's from untrusted sources. I suspect the reason URIs were left unvalidated by ShellExec in the first place may have been that if you put generic validation there 3rd parties could well get lazy and fail to do their own further validation (with the additional context of whatever URI type they are specifically interested in), which as it turns out is what many fail to do anyway.
Even if ShellExec is extended to validate URIs under the generic spec (which from my read of the provided articles looks like what MS are doing) what is valid in a generic sense may still be just as invalid (or even in some cases dangerous) given the contect of a specific URI type.
Indeed, many people seem to mistakenly believe the former though, which is my gripe.
Ok, say Microsoft did decide to handle that and validate the http protocol URI's. What about the umpteen other URI types that can be exploited in the same manner? Would you expect Microsoft to work out what constitutes 'valid' for each of these too (many of which may well be wholely and solely products of 3rd party vendors)? Or would you expect that they just handle the common ones like http? If the later then who gets to decide what is common or valid, and who is to blame later on when third party X changes what is 'valid' for a given URI type?
Being a monopoly is not, in itself, illegal.
I agree, and think a lot of people follow this model. If an album I download is good enough that I keep listening to it then I have historically always done the right thing in the end and bought the CD (from the merch stands at gigs, where possible, but that is not always realistic).
True enough, but as pointed out by the other poster there is hardware that was supported by the 2.4 kernel and not 2.6. For many of these devices someone will have made a new or updated driver for it, but no doubt there are some that have slipped through the cracks (this, combined with speed concerns, is why some people oftem recommend using a 2.4 or even 2.2 kernel on older hardware). As for the comment regarding RHEL. I would recommend using an unbranded release like CentOS to first test that your hardware is supported by the distribution. Then once you've ascertained that it fills your needs buy RHEL and the associated support contract if you intend to deploy in an environment where you need it.
Upgrading from Redhat 9 to Core 4 is hardly 'the next release'.
Keyword, major.
People are paid to break things in Fedora? Like, someone is given money and told "break Fedora", and this happens, and no one does anything about it?
Where did I say anything about being paid to do it?IMHO, disagreeing with the development goals of a distro is a fine complaint about that distro. "Another distro is based on it" is not a good complaint, especially when your favored distro is the base for many other distros.
Nobody is complaining that 'another distro is based on it', the complaint is that one is being developed solely as a testing ground for the other. This is always going to be a problem when you have large companies sponsoring a distro but also marketing an 'Enterprisey' one based off it. People using the former are always going to feel dirty because essentially a company is leveraging their bug reports etc. for a profit in support contracts.
I'm not saying I agree with that view on things, I was simply explaining the original viewpoint being offered by someone else, which is a fairly common one (at least in the Fedora community, I don't have much/any involvement with SuSE).
I do however keenly await finding out what my favored distro is, given I currently have Fedora Core 5 on my work machine and am running Debian inside the VMs I use on a daily basis.
So wait-- you seem to be saying that you like using Debian because there aren't any other organizations who are taking Debian, altering it, and using it as a base for their own distro...?
No, he's saying that he likes using Debian because unlike say Fedora the development team aren't under an active mandate to break things and test them on users with the sole purpose of refining them for upstreaming to another project (which people, in the case of Fedora, actually pay for).
P.S. Yes another full stop in there somewhere would have been great, apologies to the grammar nazi's ;)
You wouldn't call them smart just because they're hot, would you?
If it was going to get you laid.... :-p
Indeed. For some reason multiple people in this thread appear to have missed this. Realistically if they didn't think there was a possibility for other prosecutions the police wouldn't have bothered looking at it at all.
Yes, and many slashdot regulars hate them. How long until the anti-google backlash?
He did both. Python is an interpreted language.
Yeah, my bad, forgot I was posting on /. ;).
Didn't he just say that 1% of military spending and operations are evil? I think you read the post backwards.
It's hard to make a collaborative standard when one party (Xen) isn't interested in collaborating at all.
It's not so much that it's using ram, as you say, if nothing else is using it who cares? But rather that when it is using a lot of ram it also seems to make the entire computer slow down, killing firefox and restarting it generally fixes this. On average I'd probably run into this a few times a week.
Like the GP I also need to kill it every few days because it is using abhorent amounts of RAM and generally running like shit. Luckily SessionSaver brings back any 'meaning to read...' pages for me.