Thanks for pointing this out, and for bringing up the verb "to be." This is, by default, the oldest verb in any language (except perhaps Russian, which they tell me doesn't have it),
Lincoln Stein, the author of CGI.pm and GD.pm and a few books, and the co-author of the WWW Security FAQs, wrote a tool called sbox that is used for securely running untrusted CGI scripts. And sbox does use the chroot() system call (in addition to other security measures) to confine the process to the CGI script owner's home directory.
Also, from the aforementioned FAQ: "You can't make your server completely safe, but you can increase its security significantly in a Unix environment by running it in a chroot environment."
So, the words, "chroot is not and never has been a security tool" are simply wrong. Unless you are willing to argue that Lincoln Stein belongs to "incompetent people implementing security solutions" and that W3C publishes bullshit on their web site.
The parent's point is exactly true. Richard Stallman was selling copies of Emacs, using his own words "making a living" out of it, and proudly gives it as an example of a business model built around Free Software. Claims that MySQL AB violates the letter or the spirit of GNU GPL by charging money for the Enterprise version of its product are false and ignorant.
The problem is that MySQL has the lion's share of the market, despite being (relatively speaking) crap.
It is only crap if you assume some very detached notions of what features a database engine should support (like full transactions, enforced foreign keys etc.) Those features are strongly promoted by the academia, which is why all fresh grads cannot understand why everyone uses MySQL and hardly anyone PostgreSQL. They also make for great buzz words, and as we all know nobody ever got fired for choosing Oracle. However, where it matters, it turns out that the actual needs of real life applications are different. Google uses MySQL and so does Yahoo. Most services at Google use a storage system called Bigtable, which has been developed completely in-house. And, surprise, it is not a relational database. As you can read in the paper I linked to, initially there was a plan to support general-purpose transactions in Bigtable, but after carefully inspecting the real applications' needs they decided against it.
It's a lot like windows in that respect: if you want to ensure that a machine you sell can run random software for grannies, you (sadly) generally put windows on it.
This analogy is dead wrong. Oracle is like Windows. Government agencies and big non-technical corporations use Oracle. MySQL is like Linux. PostgreSQL is like... umm let's say like Plan 9 from Bell Labs.
People should fix the bug --- that some software doesn't have a database abstraction layer --- and then choose that best DB.
Most a database abstraction layer can give you is familiar API across all databases. It won't give you the ability to switch database engines, because they are very incompatible. Perl has DBI which doesn't make Perl applications any less tied to specific DBMSes.
(Oh, and this argument against scientific consensus could just as easily be made against evolution, general relativity, or even quantum mechanics.
Not really. I have read several Richard Dawkins' books and I don't remember him even once appealing to the notion of "scientific consensus" - instead he explains the theory of evolution over and over and over again presenting you with reasonings and examples and computer simulations. And I have studied theoretical physics for five years and haven't once heard anyone invoking consensus to defend general relativity or quantum mechanics.
There is one physics-related field, however, when you can hear about the consensus. It is every now and then invoked by the proponents of nuclear energy, for example when they want to convince you that less than forty people died as a result of the Chernobyl catastrophe. And who knows? Maybe it is true. But on the other hand, it's hard not to notice that, since the whole reason for existence of their field depends on the nuclear energy actually being a viable option, they might be somewhat biased. And, had there been no threat of climate change, probably the climate scientists would have to look for another occupation too? Which, of course, doesn't mean that the climate change couldn't be a real threat.
And I don't know about climate science, but of course with respect to the nuclear energy in reality there is no consensus among scientists. In stark contradistinction to evolution, general relativity and quantum mechanics.
Thanks, it was an interesting read. It seems very favorable for wxWidgets and maybe a little harsh on Qt: "If you're not an API purist, you can choose among the three huge toolkits, FOX, Qt, and wxWindows. I personally think Qt is made irrelevant by both of the others because they are not missing anything Qt offers."
I think one of the comments is worth noting. It says:
"Pretty good summary overall, although I feel compelled to point out a few things I've noticed about the toolkits and have heard from others:
- Qt is by most accounts the best designed, fullest featured, and fastest to work with C++ GUI toolkit out there.(...)"
Notice that the commenter honestly admits, that he's repeating things he heard from others. I have also many times heard that Qt is best designed, fullest featured etc (at a time I even used to repeat it myself, as something obvious). However, I haven't seen any actual facts to back up this statement, especially regarding the comparison with wxWidgets. So, I think -- maybe we all "know" that Qt is the best toolkit, simply because Trolltech PR guys made such statement printed so many times that everybody believed?
Is it really that much better than wxWidgets? I can't find it right now, but somewhere on the wxWidgets website there is a comparison presenting some basic GUI functionality in Qt, MVC and wxWidgets, and the wx code is by far the shortest and most readable.
Slashdot Mirror
Thanks for pointing this out, and for bringing up the verb "to be." This is, by default, the oldest verb in any language (except perhaps Russian, which they tell me doesn't have it),
You don't want to believe everything they tell you. http://translate.google.com/translate_dict?q=be&hl=en&langpair=en%7CruLincoln Stein, the author of CGI.pm and GD.pm and a few books, and the co-author of the WWW Security FAQs, wrote a tool called sbox that is used for securely running untrusted CGI scripts. And sbox does use the chroot() system call (in addition to other security measures) to confine the process to the CGI script owner's home directory.
Also, from the aforementioned FAQ: "You can't make your server completely safe, but you can increase its security significantly in a Unix environment by running it in a chroot environment."
So, the words, "chroot is not and never has been a security tool" are simply wrong. Unless you are willing to argue that Lincoln Stein belongs to "incompetent people implementing security solutions" and that W3C publishes bullshit on their web site.
The parent's point is exactly true. Richard Stallman was selling copies of Emacs, using his own words "making a living" out of it, and proudly gives it as an example of a business model built around Free Software. Claims that MySQL AB violates the letter or the spirit of GNU GPL by charging money for the Enterprise version of its product are false and ignorant.
The problem is that MySQL has the lion's share of the market, despite being (relatively speaking) crap.
It is only crap if you assume some very detached notions of what features a database engine should support (like full transactions, enforced foreign keys etc.) Those features are strongly promoted by the academia, which is why all fresh grads cannot understand why everyone uses MySQL and hardly anyone PostgreSQL. They also make for great buzz words, and as we all know nobody ever got fired for choosing Oracle. However, where it matters, it turns out that the actual needs of real life applications are different. Google uses MySQL and so does Yahoo. Most services at Google use a storage system called Bigtable, which has been developed completely in-house. And, surprise, it is not a relational database. As you can read in the paper I linked to, initially there was a plan to support general-purpose transactions in Bigtable, but after carefully inspecting the real applications' needs they decided against it.
It's a lot like windows in that respect: if you want to ensure that a machine you sell can run random software for grannies, you (sadly) generally put windows on it.
This analogy is dead wrong. Oracle is like Windows. Government agencies and big non-technical corporations use Oracle. MySQL is like Linux. PostgreSQL is like... umm let's say like Plan 9 from Bell Labs.
People should fix the bug --- that some software doesn't have a database abstraction layer --- and then choose that best DB.
Most a database abstraction layer can give you is familiar API across all databases. It won't give you the ability to switch database engines, because they are very incompatible. Perl has DBI which doesn't make Perl applications any less tied to specific DBMSes.
(Oh, and this argument against scientific consensus could just as easily be made against evolution, general relativity, or even quantum mechanics.
Not really. I have read several Richard Dawkins' books and I don't remember him even once appealing to the notion of "scientific consensus" - instead he explains the theory of evolution over and over and over again presenting you with reasonings and examples and computer simulations. And I have studied theoretical physics for five years and haven't once heard anyone invoking consensus to defend general relativity or quantum mechanics.
There is one physics-related field, however, when you can hear about the consensus. It is every now and then invoked by the proponents of nuclear energy, for example when they want to convince you that less than forty people died as a result of the Chernobyl catastrophe. And who knows? Maybe it is true. But on the other hand, it's hard not to notice that, since the whole reason for existence of their field depends on the nuclear energy actually being a viable option, they might be somewhat biased. And, had there been no threat of climate change, probably the climate scientists would have to look for another occupation too? Which, of course, doesn't mean that the climate change couldn't be a real threat.
And I don't know about climate science, but of course with respect to the nuclear energy in reality there is no consensus among scientists. In stark contradistinction to evolution, general relativity and quantum mechanics.
Related reading: "Aliens Cause Global Warming"
You can have one third of the zero-gravity time for two orders of magnitude cheaper: http://www.gozerog.com/
An alternative approach to garbage collection in C++ (precise as opposed to conservative): Smieciuch.
The tool created at Google and released as open-source: http://google-perftools.googlecode.com/svn/trunk/d oc/heap_checker.html
Thanks, it was an interesting read. It seems very favorable for wxWidgets and maybe a little harsh on Qt: "If you're not an API purist, you can choose among the three huge toolkits, FOX, Qt, and wxWindows. I personally think Qt is made irrelevant by both of the others because they are not missing anything Qt offers."
I think one of the comments is worth noting. It says:
"Pretty good summary overall, although I feel compelled to point out a few things I've noticed about the toolkits and have heard from others:
- Qt is by most accounts the best designed, fullest featured, and fastest to work with C++ GUI toolkit out there.(...)"
Notice that the commenter honestly admits, that he's repeating things he heard from others. I have also many times heard that Qt is best designed, fullest featured etc (at a time I even used to repeat it myself, as something obvious). However, I haven't seen any actual facts to back up this statement, especially regarding the comparison with wxWidgets. So, I think -- maybe we all "know" that Qt is the best toolkit, simply because Trolltech PR guys made such statement printed so many times that everybody believed?
1) QT doesn't suck
Is it really that much better than wxWidgets? I can't find it right now, but somewhere on the wxWidgets website there is a comparison presenting some basic GUI functionality in Qt, MVC and wxWidgets, and the wx code is by far the shortest and most readable.