I'm glad you asked. I am not always "sure" (the perpetual "the grass is always greener _somewhere else_" problem), but I think I am happy where I am and this is a good fit.
Before you stop reading - something to be aware of is that MS has a position called "SDE/T" - Software Design Engineer in Test. They've been phasing out the traditional "STE" (software test engineer) role. I've been an SDE/T since my hire date.
I originally interviewed for an SDE role with a couple teams, one of them being NT, and those didn't go well. It was the beginning of the reality check for me about what I knew and what I didn't. There were coding problems they asked me to solve in SDE interviews that I didn't solve acceptably. The recruiter would ask a quesiton like "rate your understanding of C++ on a scale of 1 to 10". Me being the hotshot college jerkoff I was said "9". Then she was like "ok, what do you need to do to become a 10?". Then I thought about it a bit and said something like "write a C++ compiler, hang out in comp.lang.*, etc". Then she asked "so why haven't you done that?"
Oh.
In these developer interviews, they were asking very hardcore questions about programming, sometimes for programming's sake. I don't code for coding's sake. I started coding back in 5th grade on an apple ][. I cut my teeth with turbo pascal and TASM. I graduated to C in 9th grade (via summer camps and stuff). I had plenty of exposure to programming, a good bit of exposure to languages, etc. But i still can't tell you what all of the bitwise operators do in C without looking at a manual. I can't tell you _anything_ about MFC (except that I am glad we have.NET and Winforms now;). I only view coding as a means to solve a problem.
I don't write code for the sake of coding, and I don't like memorizing the details of uninteresting things (even though I like trivia).
So, when you're interviewing with someone that writes a C optimizer for a living, how can you say that you're a solid "10" at C programming. Compared to who? them? Not unless you've also written a commercially shipping C compiler. When you're talking to the guys that shuffle bits in binary headers in the guts of the kernel, how can you say with a straight face that you get shift-right and shift-left confused because you never use them ? That was me.
That was the perspective I never got until i started at MS. I was used to being at the top of my classes in school and I rarely ran across someone that had the same problem solving skills I had. That's what I came to my MS interviews with.
For an SDE position, they're after someone that is passionte about coding. Someone that lives and breathes it. They want to write code when they're not at work. That's not me. I do some coding at home, but only when there's some especially irksome problem at hand that nobody has a good solution to, and that I think i can pull off. When I'm not at work, I'm more inclined to want to work on my car. The car could be better, and I can't afford to pay a garage to work on it, so I've learned to do it myself. I'll never get ASE certified, but I'll learn how to do what I need to do to a car to accomplish my goals. Nothing more.
The position I have actually has a fair bit of design and coding. But it's not shipping code - it's code that tests or optimizes the testing of the actual shipping product. Automated testing is the name of the game at Microsoft. I was the guy behind the the automated testing system that ran all of the developer tools tests for a couple years. There's a lot of moving parts in that system. It worked in spite of itself (it was all written in VB, ran against a single SQL box, but served thousands of 24/7 automation execution machines.. with hundreds of thousands of automated tests). I knew the code to that thing well.. but not because I liked the code (i didn't), but because I liked what it did. I liked the power it gave our test org, and the quality we could drive into
I was going to comment that I thought it was interesting that this guy was mentioned as being from a mixed UNIX, Apple, Caltech, and JPL background. I thought about why that might be relevant.
In any case, this guy is just one data point in trying to get a picture of "life on the inside" of Microsoft. You might find other pictures by reading my (and other MSFTies here - there are many) slashdot posts on the subject, or by reading the minimsft blog, or by trying to decipher the publicly-made statements by our PR people (or by PR agencies working on our behalf). All will paint slightly different pictures.
Unfortuneately i haven't been able to read the article - thanks slashdot effect - but I'm always curious to see MSFT people talking about "life on the inside", to see how their experiences compare to my own.
As far as my own background - as recently as college, i was saying things like "I will never work for a company that expects me to use NT - it's shit", as I coded away infront of my work provided SGI Indy. I gave up Windows after 3.1 and used OS/2, linux, and Solaris at home until college, when I switched to exclusively solaris and irix.
When I joined MS about 6 years ago i was still very anti-MS. I was joining to light a fire under the people that had burdened the world with so many bad things. I figured that peoeple just didn't have the unix expertise and outside world view that i brought to the table. If they only knew, I thought.
I probably made a lot of enemies those first few years, especially people on the outlook and exchange teams. But I also got a few private emails from product support guys saying "i loved reading that.. thank you for flaming person blah...our customers run into this all the time.. somebody should have said this sooner"
I was fond of pointing out that i used Pine against exchange-IMAP because at least Pine knew how to not block its UI threads while trying to access a message. (This is fixed in Outlook XP, Outlook 2003, and works pretty well in Outlook 12 betas, btw)
For a while, it seemed, my strategy of badgering MSFT people about how great *nix was and how much MS sucked was working. I was involved in some of the "how do we compete with {linux,solaris,apache} conversations even though I was some lowly tester off in Visual Studio. I was obnoxious, antagonistic, and I claimed big street cred working in the unix side of the industry. We were struggling at first to get dedicated, experienced people in place to understand the unix-competitive landscape, so much so that it made sense for "them" to talk to a bozo like me about it. Things are better now - there are smart people that work on understanding the *nix landscape full time.
The culture change I've observed here has been pretty satisfying. When I first complained that VB6 didn't work for debugging DLLs if you didn't have admin rights, a PM for VB told me "the NT security model is too hard, we're not going to bother figuring it out". That kind of crap doesn't fly _at all_ any more. We've really "got religion" around non-admin, secure-by-default, etc. That stuff keeps getting better and we're chipping away at the debt of design and code deficienies we have in the face of an always-on, hostile internet that nobody expected years and years ago [historians will note that the _first_ internet worm worked on unix machines.. and unix collectively has had a spotty and evolving approach to practical security.. ]
Naturally, MSFT has changed me as well. I used to come into discussions with the "UNIX roolz, MS suxx0rz" point of view. I was interviewing with a guy in NT and he was trying to ask me technical questions and I was trying to tell him how the NT design sucked because i read it in BYTE magazine. (i flunked that interview)
I've since learned that, actually, when I used to make those sorts of generalizations, I actually didn't know enough about anything to be running my big mouth. I was having an argument with some guy where I was talking about how the S
Yep. In 2005 we released SQL 2005 and VS 2005, with.NET 2.0. VS2k5 and.net 2 are really nice improvements over VS 7.0 and 7.1. The TDD/Refactoring tools built-into VS2005 are really fantastic.. right click "generate unit tests" and right click "refactor" are huge in day to day productivity. This is especially true for shops that don't have proper test automation processes in place (which is most of them, if software testing conference participants are any indication).
I am using IE7 to post this, from a 2 week old Vista build, and I'm connected to my exchange server with an Outlook 12 build from last week. For all i know, the exchange server is running beta exchange bits and i don't even know about it (they do that to us from time to time;)
I'm doing 95% of my RSS reading with start.com, although the RSS integration in IE7/Vista/Outlook12 is starting to grow on me a bit.
Late last year began a wave of releases that are pretty cool. Vista is coming along nicely, even on my older hardware. Someone mentinoed that there are no improvements from Office 2000 - that is ridiculous. Outlook features alone are worth upgrading from 2k to xp, and from xp to 2k3, and based on what i am seeing, from 2k3 to office12. If you are someone that spends a lot of time in Outlook then some of the O12 features will help you spend either less time in outlook or get better use of that time (or hopefully, both).
Don't forget the Xbox 360 lauch that just happened, either:)
I've read many of the comments and feel that part of what's going on is a munging of issues.
I consider Software Development and IT distinct entities. Comments about one do not necessarily hold true for the other.
Furthermore, a "CS Degree" has no real implications for professional life.
The worst combination I see are people that expect that completing a CS degree program will give them an IT job (such as UNIX admin) that will have a good salary and good job stability.
Computer Science is mostly irrelevant for Admin style IT careers. You know, the ones that revolve around babysitting hardware thats currently too stupid to babysit itself (sorry UNIX guys - I used to be in your shoes and I got out. The writing is on the wall. Self-managing systems are coming).
Computer Science, _the science_, is about learning how to use computers to solve problems. Programming is a side effect of this because for the last 40 years that's been how we tell computers to do what we want. Knuth is a computer scientist. What Knuth does is computer science. Writing ASP pages for a 9-5 job is generally not computer science.
Another poster remarked that what he learned in CS was not relevant today - I am not sure what he thought CS was supposed to teach him, but I must disagree.
Algorithmic complexity is a timeless subject. Numerical analysis is a timeless subject. These may not be relevant for your job, but job training is not the point of computer science. Algorithmic complexity is as important today as it was 40 years ago. Accuracy of numerical computing is as important today as it was 40 years ago - especially with software controlling more and more of the physical world.
A related discipline to computer science is "software engineering". That's an unfortuneate name since there's little engineered about software, and software engineers don't take PE exams or anything of the sort. But even so, someone finally figured out that creating software is not the same thing as computer science. People that are interested in the development of software for commercial entities would be best served with a software-engineering style curriculum. I'm not necessarily convinced that software engineering belongs at the university, but I suppose most still have an "English" department, so we shouldn't be too choosy.
Someone opined that they need a course to teach them about todays enterprise applications (whatever that means). That's professional training. That's not necessarily the university system, and it's definitely not Computer Science.
I've been employed with the same software development company since 2000. I have personally interviewed tens of candidates for multiple positions, most of them not qualified for the "entry-level" positions we were hiring for. We paid no attention to what school or what degree they had - they either impressed us or they didn't. Most didn't.
Someone suggested that Microsoft is only hiring overseas now, and its US jobs are flat or in decline. Not true. I happen to work for Microsoft, and the positions I just described were for that company, for the US.
We have over 1000 open positions in the US alone in the software development field..spanning coding, testing, and product design. We are hiring in India, in Seattle, in China, in Japan, in Germany, and even in North Dakota, where I now work. We're looking for the right people, because heaven knows our software could always be better. We're finding that there aren't enough qualified software development people (at least that are willing to work for us;) to fill our positions, so they remain open for months or years.
We are, by and large, not hiring UNIX administrators. Infact, we don't hire that many NT administrators. We have more deployed NT systems than probably any other single managed entity, but our job growth is not in the IT sector (we have some, but my impression is that it's nothing like the software development side).
I am not sure. I can't speak for the office team (or any team, for that matter;)), and if I was one of the people that could, I am not sure how much legal whitewashing my answer would need:)
If I were going to speculate, I'd suggest that ODF isn't the "right" format. I'd think that MS would be more likely to "open" the Word XML document format in Office 12 than to adopt someone elses standard.
One thing that can suck about an open format is that it's hard to understand when it's frozen. People really hate it when you rev file formats - Office had the same document format from Office97 to Office 2003, and it's still 100% back compat in the Office 12 builds I've been using. We're just getting ready to introduce our XML based Office formats (which btw, are smaller than word97 format for the types of design documents I write). A 180 degree turn towards ODF would be kind of awkward at this point.
I wonder if the Office XML formats will satisfy the governments that are interested in this type of legislation.
Failing that, perhaps in a few more years when the ODF format is realistically frozen, or at least the change and versioning process is well understood (they may be now, but I have no exposure to that information), we'll see MS supporting it natively in all it's office apps, and a group-policy setting that makes it the default format. That way govt agencies that want to mandate its use can deploy Office 15, deploy the GPO to make the Govt-compatible formats the default (only allowable?), and thing's just start working.
I would be curious to know what people consider truly open file formats - I outlined some of my requirements in my original posting. To be realistically useful, you need more than just openness.. you also need a defined change control process, some sort of "owning body" etc. Fragmentation in the file format space makes everybody lose.
I certainly support the idea that Govt and public-domain agencies should use file formats that are royalty free, published, and ideally, with a source-code reference implementation for reading them (assuming they aren't self-describing) and a bunch of sample documents to use as test data for said reference implementation.
What might be surprising is that I hold this view inspite of being a Microsoft Employee. While I certainly want as many people as possible using MS software, I want them doing so because it's the best choice for their situation. I'd like to think that Word can deliver more value to its users than the ability to open Word files, so if govt agencies want to mandate that documents be created, shared, stored, etc in published, royalty-free formats, that's fine with me. Government agencies are a large customer of ours, so hopefully government action around requiring open file formats will push us to make our tools best-of-breed for dealing with those formats, or may even push us to open some of our own.
I don't use WMA for my music files, even though I could just email the guy that designed it if I have a problem. Just because I can today, doesn't mean I can 5 years from now. And there won't ever be a supported WMA player for something like OpenBSD, which might otherwise be a perfectly good audio appliance.
Now here's where I explain the title. As much as I am for the idealistic POV that open formats should be used where possible, I also beleive that govt is amazingly effective at turning a good idea into a bad law. (See also: 99% of current US laws). Another comment suggested that this story is more about Sun/IBM fighting MS via legislation, as opposed to some ideological position that is being done for the best interests of the people. If that's true, it's unfortuneate that our govt is continuing to do these sorts of things that are allegedly in the best intersts of "the people" but no one can explain exactly how, and ultimately, other businesses or politicians seem to derive the most benefit.
I seem to recall the Canadian anti-hate speech laws being used to prohibit fundamentalist christians from saying that they felt the bible said homosexuality was sinful if it was in a public setting.
I think later on that ruling might have been reversed, but there's a fantastic example of a hate speech law supressing free speech and free religion.
As fun as it is to be pejorative, what makes VB.NET "still a toy"? Are you aware of its functional overlap with C#? You know that you can more or less do automated code conversion between the two, right?
I have a soft spot for Pascal - that's where i really cut my teeth programming, with borland 5.5, 6.0, and 7.0. Hell, i wrote a multi-threaded OS/2 program in BP 7.0 with some secret compiler from germany. I wrote a _lot_ of borland pascal code for DOS back in the day.
However, none of that compared to the rapidity with which you could crank out working code in VB6. IIRC, VB6 was Microsoft's biggest money-making developer product. VB6 turned all BASIC programmers into Windows COM programmers, and if you've ever done COM in C/C++ you know that you really want to be using something like VB instead:)
VB helped bring non-expert app development to the Windows platform in a way Delphi never did. Not because Delphi is necessarily bad, it just didn't work out that way.
VB is beautiful because it works in the real world. Somebody really smart must have thought "everyone learns BASIC as their first programming language.. let's make an environment where you can write real GUI programs that do real useful work in the language even school children can learn" (i started writing applesoft 3.3 basic programs as a 5th grader.. it wasn't until jr high that i got into pascal on a 486)
When I hear people being snobby about VB they're usually pushing something where someone else will be snobby about _that_ (that person is probably pushing "haskell" or "eiffel" (sp?) as the "one true faith". Yet I'd speculate that VB has made more people more money (and i dont just mean microsoft - i mean the computer industry) than all other languages/environments combined.
"It's a fact that Internet Explorer is inferior to Firefox..."
I'll only believe that IE is inferior to Firefox for end user applications if lots and lots of end users agree.
Right. The original statement bothered me also. The story author's claim is pretty dubious. In consideration of the word used ("inferior"), which has derogotory connotations, it's hard to beleive that this statement is the result of some factual, objective analysis.
What people need to understand about complex systems like software, automobiles, governments, or musical preference is that there is rarely a black and white concept of "inferior".
No, for some defined set of criteria, a given candidate either satisfies them to the satisfaction of the evaluator or it doesn't. Even then, criteria are typically weighted and the weights aren't always known (even by the person that developed the criteria.. who can say that they care 3x more about the gender of the vocalist in a band than the speed of the drummer? some people probably have such an unwritten preference but couldn't articulate it).
So, if the statement had read "for a majority of home users who do casual web surfing, Firefox has numerous advantages over IE6", with some definitions around "home user" and "casual web surfing", then it's not necessarily an objectionable statement.
But since it wasn't said that way, it's easy to dismiss as fanboyism, and an uninspired consideration of the products and factors involved.
More concretely, if your web browser scenarios include
out-of-box integration with NTLM authentication
running ActiveX controls, and sandboxing / restricting use of same
then firefox probably isn't "superior" to IE6, and probably not even a better choice. Then there are other more subjective critiera - Firefox seems to crash more than IE6 for me, and its memory usage is also much higher. It takes longer to repaint its windows when i wake the laptop from hibernate, and also longer to start accepting input events. Those may not be reproducible for other people, but they are for me, so in consideration of the listed requirements above, and the subjective ones below, it's hard to swallow a "IE is factually inferior to Firefox" argument. It's a twsited definition of "inferior" when it in practice translates to "works better than for the scenarios that are important to me"
I only read a tiny bit of your post, but your claim that the Renesis can do HCE and piston engines cant or do so badly is totally cracked.
BMW has been building dual-fuel hydrogen cars for over 20 years. The early ones didn't have variable valve timing, although the new ones do,just like the rest of BMWs engines.
BMW has been leading the way for decades on HCE research.. the whole picture.. HCE deployment, fueling stations, nozzle/tank technology, etc etc.
I love the Rotary engine, but don't discount the other excellent acheivements in the HCE field.
I can certainly see things ending up that way, but i don't think they are that way now.
There are lots of websites and bulletin boards out there that are dedicated to militant islam.. where people are trading information on "targets", posting pictures of infidel decapitations...etc. There are activities going on there that in any police department would be "leads".
So while it is always possible that "the best of the best" organizations will resort to military grade encryption, 1 time use cell phones, etc etc, there is certainly a lot of knuckle-dragging activity by 3rd rate curmudgeons. I think the number of trouble makers that are curbed from shutting down those sorts of operations will be larger than the number that are driven to more advanced concealment techniques.
Remember, a terror regime that is effectively suppressed into non-activity, and non-communication-at-the-public, is no longer conducting terror. When terror is everpresent in peoples minds.. when they issue statements every week that say "we're going to strike again, you wont know where".. then they're terrorists. When they stay silent for years at a time.. they're not especially effective.
Shutting up these dingbats seems easy enough that I wonder why it hsan't been done yet. I am normally conspiracy-theory-adverse, but lately I can't help but feel like _somebody_ want's me to hate muslims, and to hate terrorists, so i don't pay so much attention to something else. I have that "senator palpatine is in the room" feeling but I can't put my finger on it:)
Not all linux users are on gentoo. When was the last time you recompiled your entire system because of glibc fixes? I haven't had to do that once in 9 years of using GNU/linux.
Never.
I stopped using linux for anything meaningful prior to glibc being widely used - my last linux machine still had libc.4.so and libc5.so on it. I "survived" the a.out->elf transition, etc. That is of course an exceptional case, but it illustrates the "either rebuild world, or take an entire new binary set (from a new version of) your favorite distro" dichotemy. Although I couldn't tell you from memory which, there have certainly been library patches for freeware unix systems that have required significant rebuilding-from-sources, or installing-over your machine with a newer vendor supplied binary set. Do you disagree and suggest that there are no pain points around patch management and excessive rebuilding/redeploying on linux, or are you arguing just for arguments sake?
In any case, a much better example of linux shared library hell would be the earlier GTK libraries, where apps often required mutually incompatible versions of GTK source distributions. The distribute-as-source model really sucks unless you want to be in the business of recompiling a lot of software _all the time_.
The problem is that the regression testbed for IE is "everything". every website ever, and almost every windows app that uses HTML rendering (which is about all of them). What you define as "welded to the OS" is irrelevant - IE's "welding" to the OS is more or less "the HTML renderer and transport layers are available as shared libraries, and are used in a few spots".
It's no more severe than a fix being made to glibc - except that windows users expect software to keep running no matter what, and linux users put up with recompiling everyhing if the fix "requires" it (where "requires" means "author chose to do it that way")
FTA: In recognition that 2004 was most likely the first year in which a significant share of the company's new user base was coming from Windows users, Security Fix based each of "date patch issued" date for 2004 and 2005 on the release date of the next product update that incorporated the fix for that critical security vulnerability -- not the date on which a fix was available to developers. For 2003 critical Mozilla flaws, Security Fix relied on the times listed in the "date fixed" field for each critical flaw listed on the "Older Vulnerabilities in Mozilla Products" page.
So if you cut the days-to-fix time up by year, for 2004, the avg is 65 days. In 2003 they used the "fixed" date in the bug DB. For 2005, its 37 days, and for 2004/2005 combined, its 42 days.
The 2004/2005 # is the interesting one, because that measures how long until the patch actually makes it into a shipping build. The availability date of source-code patches is irrelevant because most organizations are not equipped to deal with them; this is especially the case with firefox!
None of this is an excuse, however. As an MS employee, the data on our speed of patch delivery is pretty upsetting - the numbers are much worse than I would have expected. They're so bad that I am suspicious and wonder if there isn't some deeper story somewhere, but in any case, I'd like to think the maximum time anyone would have to wait would be ~1 month (flaw reported on the wednesday after "patch tuesday"), but according to this data we're not hitting that at all. I can't speak for the IE or the MSRC teams but those numbers really appear to suck. Sorry about that, everyone:)
"ferry troops and heavy equipment to distant battlefields" without even mentioning the moral implications.
I am primarily concerned with the "not getting my house blown up and my wife killed" implications, and from that angle, i want our armed forces blowing up someone else's backyard instead of waiting for someone else to blow up mine.
There is no morality, only law, and law is a malleable thing. The West has tried really hard at making sure that "morality" has become subjective to the point of irrelevance, and now that they've succeeded, don't whine about the result.
I would bet that in 50 years we have wars with no human casualties, but staggering industrial/economic damage done by intelligent or remote controlled artificial agents, if not pure software.
No, and for good reason. The groups you mention both advocate the hurting others. Aryans advocate violence against others based on skin tone or religious affiliation, while "pedo's" prey on children. GLBT would just like to do their thing without being attacked for it. Huge difference.
I am going to play devils advocate here. My statements are not representative of my feelings.
while "pedo's" prey on children.
I have problems establishing the "intrinsic wrongness" of "pedophelia". Pedophelia is a legal concept. It doesn't necessarily exist as a moral one. For instance, if you're 19 and you have consensual sex with a 16 year old, in most states that makes you a sex offender.
It wasn't so long ago that girls were getting married at the age of 12 and were having reasonably productive lives as wives and mothers. I wasn't there but there wasn't a lot of literature written on the emotional damage caused to women due to marrying young.
The "intrinsic wrongness" of pedophelia is slippery enough that all we can really go on is what is legal or illegal. You cannot with a straight face say that a 15 year old girl can never have consensual sex with an adult due to immaturity, but an 18 year old can. The law, and thus the definition, is deficient for a a variety of different situations.
So, while we can certainly agree that there are things going on that are called pedophelia that are damaging to others, there are also things going on being labelled pedophelia that i think are perfectly fine.
I am assuming here, but i beleive pedophelia wasn't a separate crime until people saw that rape laws weren't effective in stopping this behavior. Yes, there are laws to stamp out non-consentual intercourse irrespective of age, but when its "consentual", we had to go and make laws that said "you are not old/smart/wise/whatever enough to give consent over your own well being".
IOW, "somebody" (society/the legal system) has decided that individual choice here should be overridden because even though the subject thinks they like the behavior (the consenting child), it's ultimately harmful to them and to society.
Now, next point: GLBT would just like to do their thing without being attacked for it. Huge difference.
It is not a foregone conclusion that GLBT behavior doesn't do society intrinsic harm [just like it's not a forgone conclusion that puppies don't do intrinsic harm. I'm laboring towards a point, so please excuse me]. It is also not a forgone conclusion that GLBT relationships are free of harm for either party.
Suppose that you happen to beleive that homosexuality is ultimately harmful to those involved. You respect the right of individuals to make their own choices, but in this situation, you beleive that they are choosing a behavior that ultimately harms them.
In the case of pedophelia, "we" decided that the individual choice of a child was invalid and the behavior they were consentually participating in was ultiamtely harmful to them and thus should be illegal.
This, as a legal position, has a lot more to do with societal views and a lot less to do with science, certainly once you're talking about the teenage years.
So my point here is that what is or isn't "harmful" or "legal" has a lot more to do with the aggregate viewpoint of the society in context than it does with anything objective. To be more concrete about it, many fundamentalist christians beleive that practicing homosexuality is absolutely a sin (and it's well documented in the bible). They'd tell you that helping or enabling another to commit habitual sin is ultiamtely bad for that person. They'd tell you that that person is making choices for themselves that are ultimately harmful.
So i guess i am saying that the distinction between consentual pedophelia and consentual homosexuality isn't as cut and dry as you suggest. In one case, "society" has said "we're stepping in for the good of all" and in the other, it hasn't (not to
Ok, this doesn't buy the customer much, but is it really all that big of a pain? Do you just conceptually object to Microsoft asking "is that a valid Windows you're using?"
Requires a reboot
I am not thrilled about this but given the wedding of the browser rendering component and the rest of the user experience ("OS"), i can't say i am surprised. You have to reboot after uninstalling it also, by the way:)
Actually attempts to pass off things like tabbed browsing and a search bar as innovative (really, take a look at the "demo" they bring you to when you first install it).
Consider part of the target market for IE7: People that are happy enough with the features of IE6 that they haven't bothered looking at Firefox yet. For them, tabbed browsing and a search bar are new and innovative. These are things that everyone will potentially benefit from but not all people will seek out and discover by themselves.
Part of the reason my grandfather uses a computer at a public library to do web surfing and write email is because Microsoft brings "cool stuff" away from the realm of the early adopter and puts it in the hands of everyone.
from Wikipedia The series is extremely popular in Japan. Following the release of Dragon Quest III in 1988, the Japanese Diet requested that Enix only release new installments of the Dragon Quest series on Sundays or holidays, to prevent children from skipping school to wait in line for the latest Dragon Quest title.
Dragon Quest is such a cultural phenomenon in Japan that there are live-action ballets, musical concerts, and audio CDs based on the Dragon Quest universe.[3] The London Philharmonic Orchestra has performed for several Dragon Quest music albums.[4]
Still seem ridiculous for one game to have that big of an effect on profits? If it does badly, that represents a significant cultural shift for the country of Japan
You know perfectly well that what I am saying is accurate. There are posters on slashdot that will, seperately, both agree with Mitnick and disagree with Allchin. I am trying to point out how ridiculous that is.
Obviously i am not making a statement that speaks for every slashdot poster, as I am clearly a slashdot poster and I wouldn't make both of those statements.
If "you" don't happen to be one of those people, then my message doesn't apply to "you".
I stand by my original message. I am having trouble parsing your rebuttal - what is it exactly that you disagree with me on? You've written a lot of text but I can't tell that you've said anything.
And I can't believe there are idiots who modded you +5 Insightful.
Hey, there are idiots that will agree with Mitnick and disagree with Allchin, and there are plenty of them that post and moderate on slashdot. You shouldn't be so surprised at how things get moderated at times.
right click on any icon and click "run as". Problem with running older software solved. If it happens more often "Set Program Access and Defaults" works wonders.
This is a good start, but it doesn't work for everything. Afterall, often you want to retain your domain network credentials but elevate yourself to local admin. I dont think this situation is handled correctly by right click->Run As (but i'd be happy to be wronng).
Another situation where this gets cranky is trying to debug DLLs using something like VB6. VB6 has a nice debugger that lets you break right into COM DLLs and single step through them. This, however, requires admin rights and i dont think Run As makes this as painless as a right click launch of devenv.
Seriously, if Microsoft thought everything would work peachy with "Run As" they would have made a "Run As Admin" directly on the right click menu. I've suggested two situations off hand where i think you're wrong, and I am sure the appcompat guys working on XP had a much longer list. Bottom line, your scenarios are neither exhaustive nor necessarily representative.
C) Specialty software wasn't written for only one OS and/or using proprietary crap like MS SQL.
What's crappy about MS SQL? Have you ever been a DBA? (mySQL doesn't count - it is not a feature complete database, its backup/restore story has historically been awful, and it's performance seems to tail off badly once you start loading it with hundreds or thousands of user connections).
I've found SQL significantly easier to install, manage, and tune than Oracle, and its functionally light years ahead of mySQL, the darling of people that don't know what they're doing w.r.t. mission critical databases. And the performance of SQL is "sufficient" - look at the TPC/C scores it posts.
I regret that I haven't invested much effort into learning about Postgres, which i see as the only credible competitor to SQL server. [Today's DB/2 announcement notwithstanding].
Doublespeak ?
on
Mitnick on OSS
·
· Score: 4, Insightful
So when Mitnick says it is easier to hack OSS software, people say "duh"
When Microsoft says "making our stuff open source will make it easier to find vulnerabilities", people say "Stop FUDing, Microsoft"
I dont see how can you beleive it when Mitnick says it and how you can refute it when Allchin says the same thing.
I don't think your position makes any sense..
on
Buy Vista or Else
·
· Score: 3, Interesting
Is security a binary thing? Is something secure or insecure ?
I don't think so.
I think "security" is a blend of many things.. the _correctness_ of non-security features, the selection and depth of security-focused features, the process around resolving defects (because there will be defects), and the conditions under which a user can use the machine.
Even if Microsoft had done everything they knew how to do to make XP "secure" when they had made it, would it be secure today? No. Because today new threats are understood and being used that weren't in existance when XP was designed and shipped. Is XP retroactively insecure? Or it just less secure than something newer, all things otherwise equal, that was developed with the context of the threats that have emerged since XP was released?
In the specific case of Vista vs XP, some of the things that are "better" this time around are - more credible run-as-non-admin story - better sandboxing and least-priviledge stuff, even within a normal user account (i.e. its not necessarily true that IE running as you can do anything you can)
The run-as-non-admin thing "worked" in XP, but with enough caveats that it was hard to credibly say "everyone, do it that way". The POR for XP was to ship with non-admin-by-default until very, very late in the ship cycle, where there was just too much stuff that didn't work as non-admin. They made the hard decisino to make users=admin by default, and nobody was happy about it. This is a problem that Microsoft has been chipping away at for a while now, because the goal is "let everyone run with as few permissions as possible" and it often conflicts with the other goal of "20 year old software written by 3rd party people needs to keep running"
I have no problem buying that Vista has more security-focused features than XP. I have no problem buying that Vista has better code correctness in non-security features than XP. I don't think the security response process will be any worse in vista, infact, i know of at least one technology that makes it better (but im not sure if its public yet?).
Will Vista be "more secure" than XP? I think so. Will it be "as secure" as OpenBSD? Probably not. Will it do more things that more users want than OpenBSD? Definiately. Will Vista have a better intersection of practical security vs functionality than OpenBSD?
Microsoft thinks so, and I think I agree with them.
We've had an unusually mild winter here this year.
Last January, we spent a few days below -30F (i.e. it was never warmer than -30F anytime in 72 hrs).
This year I dont think we've gotten below zero yet. It's been a very very pleasant 25F most of January. I have only worn my winter coat once or twice, because honestly, that coat is for when it gets 50-60F COLDER, like it did last winter.
The perfect winter in my mind is bucketloads of snow from Nov-March, and temps right in the 20-35F range the whole time. The January dip into the -30 zone is something i can do without just fine.
A few more winters like this and the city council will shut off the 3-acre Aerosol can we've been holding open the last few years. And we'll change city parking rules so vehicles will no longer be required to idle the entire time they're parked.
My understanding is that previous disclosures of Windows Source typically had "no develop" and "no commercial spinoff" clauses. I.e. you couldn't necessarily use the Windows source to try and make your pay-ware version of $whatever work better.
I think this changes that. Now software companies working on plugsin/whatever for windows will be able to continue working on those things, even after looking at the windows code.
That is a pretty significant change, I think. Previous source offerings were primarily for academic institutions, govt code/assurance audits.
I suppose there have been a few previous Windows source licenses that allowed for product development. Sysinternals, Mainwin, and OpenNT come to mind.. but perhaps these were all US based entities?
Note - i have no specific knowledge of these issues, i am just stating my impression.
Slashdot Mirror
I'm glad you asked. I am not always "sure" (the perpetual "the grass is always greener _somewhere else_" problem), but I think I am happy where I am and this is a good fit.
.NET and Winforms now ;). I only view coding as a means to solve a problem.
Before you stop reading - something to be aware of is that MS has a position called "SDE/T" - Software Design Engineer in Test. They've been phasing out the traditional "STE" (software test engineer) role. I've been an SDE/T since my hire date.
I originally interviewed for an SDE role with a couple teams, one of them being NT, and those didn't go well. It was the beginning of the reality check for me about what I knew and what I didn't. There were coding problems they asked me to solve in SDE interviews that I didn't solve acceptably. The recruiter would ask a quesiton like "rate your understanding of C++ on a scale of 1 to 10". Me being the hotshot college jerkoff I was said "9". Then she was like "ok, what do you need to do to become a 10?". Then I thought about it a bit and said something like "write a C++ compiler, hang out in comp.lang.*, etc". Then she asked "so why haven't you done that?"
Oh.
In these developer interviews, they were asking very hardcore questions about programming, sometimes for programming's sake. I don't code for coding's sake. I started coding back in 5th grade on an apple ][. I cut my teeth with turbo pascal and TASM. I graduated to C in 9th grade (via summer camps and stuff). I had plenty of exposure to programming, a good bit of exposure to languages, etc. But i still can't tell you what all of the bitwise operators do in C without looking at a manual. I can't tell you _anything_ about MFC (except that I am glad we have
I don't write code for the sake of coding, and I don't like memorizing the details of uninteresting things (even though I like trivia).
So, when you're interviewing with someone that writes a C optimizer for a living, how can you say that you're a solid "10" at C programming. Compared to who? them? Not unless you've also written a commercially shipping C compiler. When you're talking to the guys that shuffle bits in binary headers in the guts of the kernel, how can you say with a straight face that you get shift-right and shift-left confused because you never use them ? That was me.
That was the perspective I never got until i started at MS. I was used to being at the top of my classes in school and I rarely ran across someone that had the same problem solving skills I had. That's what I came to my MS interviews with.
For an SDE position, they're after someone that is passionte about coding. Someone that lives and breathes it. They want to write code when they're not at work. That's not me. I do some coding at home, but only when there's some especially irksome problem at hand that nobody has a good solution to, and that I think i can pull off. When I'm not at work, I'm more inclined to want to work on my car. The car could be better, and I can't afford to pay a garage to work on it, so I've learned to do it myself. I'll never get ASE certified, but I'll learn how to do what I need to do to a car to accomplish my goals. Nothing more.
The position I have actually has a fair bit of design and coding. But it's not shipping code - it's code that tests or optimizes the testing of the actual shipping product. Automated testing is the name of the game at Microsoft. I was the guy behind the the automated testing system that ran all of the developer tools tests for a couple years. There's a lot of moving parts in that system. It worked in spite of itself (it was all written in VB, ran against a single SQL box, but served thousands of 24/7 automation execution machines.. with hundreds of thousands of automated tests). I knew the code to that thing well.. but not because I liked the code (i didn't), but because I liked what it did. I liked the power it gave our test org, and the quality we could drive into
I was going to comment that I thought it was interesting that this guy was mentioned as being from a mixed UNIX, Apple, Caltech, and JPL background. I thought about why that might be relevant.
In any case, this guy is just one data point in trying to get a picture of "life on the inside" of Microsoft. You might find other pictures by reading my (and other MSFTies here - there are many) slashdot posts on the subject, or by reading the minimsft blog, or by trying to decipher the publicly-made statements by our PR people (or by PR agencies working on our behalf). All will paint slightly different pictures.
Unfortuneately i haven't been able to read the article - thanks slashdot effect - but I'm always curious to see MSFT people talking about "life on the inside", to see how their experiences compare to my own.
As far as my own background - as recently as college, i was saying things like "I will never work for a company that expects me to use NT - it's shit", as I coded away infront of my work provided SGI Indy. I gave up Windows after 3.1 and used OS/2, linux, and Solaris at home until college, when I switched to exclusively solaris and irix.
When I joined MS about 6 years ago i was still very anti-MS. I was joining to light a fire under the people that had burdened the world with so many bad things. I figured that peoeple just didn't have the unix expertise and outside world view that i brought to the table. If they only knew, I thought.
I probably made a lot of enemies those first few years, especially people on the outlook and exchange teams. But I also got a few private emails from product support guys saying "i loved reading that.. thank you for flaming person blah...our customers run into this all the time.. somebody should have said this sooner"
I was fond of pointing out that i used Pine against exchange-IMAP because at least Pine knew how to not block its UI threads while trying to access a message. (This is fixed in Outlook XP, Outlook 2003, and works pretty well in Outlook 12 betas, btw)
For a while, it seemed, my strategy of badgering MSFT people about how great *nix was and how much MS sucked was working. I was involved in some of the "how do we compete with {linux,solaris,apache} conversations even though I was some lowly tester off in Visual Studio. I was obnoxious, antagonistic, and I claimed big street cred working in the unix side of the industry. We were struggling at first to get dedicated, experienced people in place to understand the unix-competitive landscape, so much so that it made sense for "them" to talk to a bozo like me about it. Things are better now - there are smart people that work on understanding the *nix landscape full time.
The culture change I've observed here has been pretty satisfying. When I first complained that VB6 didn't work for debugging DLLs if you didn't have admin rights, a PM for VB told me "the NT security model is too hard, we're not going to bother figuring it out". That kind of crap doesn't fly _at all_ any more. We've really "got religion" around non-admin, secure-by-default, etc. That stuff keeps getting better and we're chipping away at the debt of design and code deficienies we have in the face of an always-on, hostile internet that nobody expected years and years ago [historians will note that the _first_ internet worm worked on unix machines.. and unix collectively has had a spotty and evolving approach to practical security.. ]
Naturally, MSFT has changed me as well. I used to come into discussions with the "UNIX roolz, MS suxx0rz" point of view. I was interviewing with a guy in NT and he was trying to ask me technical questions and I was trying to tell him how the NT design sucked because i read it in BYTE magazine. (i flunked that interview)
I've since learned that, actually, when I used to make those sorts of generalizations, I actually didn't know enough about anything to be running my big mouth. I was having an argument with some guy where I was talking about how the S
Yep. In 2005 we released SQL 2005 and VS 2005, with .NET 2.0. VS2k5 and .net 2 are really nice improvements over VS 7.0 and 7.1. The TDD/Refactoring tools built-into VS2005 are really fantastic.. right click "generate unit tests" and right click "refactor" are huge in day to day productivity. This is especially true for shops that don't have proper test automation processes in place (which is most of them, if software testing conference participants are any indication).
;)
:)
I am using IE7 to post this, from a 2 week old Vista build, and I'm connected to my exchange server with an Outlook 12 build from last week. For all i know, the exchange server is running beta exchange bits and i don't even know about it (they do that to us from time to time
I'm doing 95% of my RSS reading with start.com, although the RSS integration in IE7/Vista/Outlook12 is starting to grow on me a bit.
Late last year began a wave of releases that are pretty cool. Vista is coming along nicely, even on my older hardware. Someone mentinoed that there are no improvements from Office 2000 - that is ridiculous. Outlook features alone are worth upgrading from 2k to xp, and from xp to 2k3, and based on what i am seeing, from 2k3 to office12. If you are someone that spends a lot of time in Outlook then some of the O12 features will help you spend either less time in outlook or get better use of that time (or hopefully, both).
Don't forget the Xbox 360 lauch that just happened, either
I've read many of the comments and feel that part of what's going on is a munging of issues.
;) to fill our positions, so they remain open for months or years.
I consider Software Development and IT distinct entities. Comments about one do not necessarily hold true for the other.
Furthermore, a "CS Degree" has no real implications for professional life.
The worst combination I see are people that expect that completing a CS degree program will give them an IT job (such as UNIX admin) that will have a good salary and good job stability.
Computer Science is mostly irrelevant for Admin style IT careers. You know, the ones that revolve around babysitting hardware thats currently too stupid to babysit itself (sorry UNIX guys - I used to be in your shoes and I got out. The writing is on the wall. Self-managing systems are coming).
Computer Science, _the science_, is about learning how to use computers to solve problems. Programming is a side effect of this because for the last 40 years that's been how we tell computers to do what we want. Knuth is a computer scientist. What Knuth does is computer science. Writing ASP pages for a 9-5 job is generally not computer science.
Another poster remarked that what he learned in CS was not relevant today - I am not sure what he thought CS was supposed to teach him, but I must disagree.
Algorithmic complexity is a timeless subject. Numerical analysis is a timeless subject. These may not be relevant for your job, but job training is not the point of computer science. Algorithmic complexity is as important today as it was 40 years ago. Accuracy of numerical computing is as important today as it was 40 years ago - especially with software controlling more and more of the physical world.
A related discipline to computer science is "software engineering". That's an unfortuneate name since there's little engineered about software, and software engineers don't take PE exams or anything of the sort. But even so, someone finally figured out that creating software is not the same thing as computer science. People that are interested in the development of software for commercial entities would be best served with a software-engineering style curriculum. I'm not necessarily convinced that software engineering belongs at the university, but I suppose most still have an "English" department, so we shouldn't be too choosy.
Someone opined that they need a course to teach them about todays enterprise applications (whatever that means). That's professional training. That's not necessarily the university system, and it's definitely not Computer Science.
I've been employed with the same software development company since 2000. I have personally interviewed tens of candidates for multiple positions, most of them not qualified for the "entry-level" positions we were hiring for. We paid no attention to what school or what degree they had - they either impressed us or they didn't. Most didn't.
Someone suggested that Microsoft is only hiring overseas now, and its US jobs are flat or in decline. Not true. I happen to work for Microsoft, and the positions I just described were for that company, for the US.
We have over 1000 open positions in the US alone in the software development field..spanning coding, testing, and product design. We are hiring in India, in Seattle, in China, in Japan, in Germany, and even in North Dakota, where I now work. We're looking for the right people, because heaven knows our software could always be better. We're finding that there aren't enough qualified software development people (at least that are willing to work for us
We are, by and large, not hiring UNIX administrators. Infact, we don't hire that many NT administrators. We have more deployed NT systems than probably any other single managed entity, but our job growth is not in the IT sector (we have some, but my impression is that it's nothing like the software development side).
People n
I am not sure. I can't speak for the office team (or any team, for that matter ;)), and if I was one of the people that could, I am not sure how much legal whitewashing my answer would need :)
If I were going to speculate, I'd suggest that ODF isn't the "right" format. I'd think that MS would be more likely to "open" the Word XML document format in Office 12 than to adopt someone elses standard.
One thing that can suck about an open format is that it's hard to understand when it's frozen. People really hate it when you rev file formats - Office had the same document format from Office97 to Office 2003, and it's still 100% back compat in the Office 12 builds I've been using. We're just getting ready to introduce our XML based Office formats (which btw, are smaller than word97 format for the types of design documents I write). A 180 degree turn towards ODF would be kind of awkward at this point.
I wonder if the Office XML formats will satisfy the governments that are interested in this type of legislation.
Failing that, perhaps in a few more years when the ODF format is realistically frozen, or at least the change and versioning process is well understood (they may be now, but I have no exposure to that information), we'll see MS supporting it natively in all it's office apps, and a group-policy setting that makes it the default format. That way govt agencies that want to mandate its use can deploy Office 15, deploy the GPO to make the Govt-compatible formats the default (only allowable?), and thing's just start working.
I would be curious to know what people consider truly open file formats - I outlined some of my requirements in my original posting. To be realistically useful, you need more than just openness.. you also need a defined change control process, some sort of "owning body" etc. Fragmentation in the file format space makes everybody lose.
I certainly support the idea that Govt and public-domain agencies should use file formats that are royalty free, published, and ideally, with a source-code reference implementation for reading them (assuming they aren't self-describing) and a bunch of sample documents to use as test data for said reference implementation.
What might be surprising is that I hold this view inspite of being a Microsoft Employee. While I certainly want as many people as possible using MS software, I want them doing so because it's the best choice for their situation. I'd like to think that Word can deliver more value to its users than the ability to open Word files, so if govt agencies want to mandate that documents be created, shared, stored, etc in published, royalty-free formats, that's fine with me. Government agencies are a large customer of ours, so hopefully government action around requiring open file formats will push us to make our tools best-of-breed for dealing with those formats, or may even push us to open some of our own.
I don't use WMA for my music files, even though I could just email the guy that designed it if I have a problem. Just because I can today, doesn't mean I can 5 years from now. And there won't ever be a supported WMA player for something like OpenBSD, which might otherwise be a perfectly good audio appliance.
Now here's where I explain the title. As much as I am for the idealistic POV that open formats should be used where possible, I also beleive that govt is amazingly effective at turning a good idea into a bad law. (See also: 99% of current US laws). Another comment suggested that this story is more about Sun/IBM fighting MS via legislation, as opposed to some ideological position that is being done for the best interests of the people. If that's true, it's unfortuneate that our govt is continuing to do these sorts of things that are allegedly in the best intersts of "the people" but no one can explain exactly how, and ultimately, other businesses or politicians seem to derive the most benefit.
I seem to recall the Canadian anti-hate speech laws being used to prohibit fundamentalist christians from saying that they felt the bible said homosexuality was sinful if it was in a public setting.
I think later on that ruling might have been reversed, but there's a fantastic example of a hate speech law supressing free speech and free religion.
"hate speech" is a legally defective concept.
As fun as it is to be pejorative, what makes VB.NET "still a toy"? Are you aware of its functional overlap with C#? You know that you can more or less do automated code conversion between the two, right?
:)
I have a soft spot for Pascal - that's where i really cut my teeth programming, with borland 5.5, 6.0, and 7.0. Hell, i wrote a multi-threaded OS/2 program in BP 7.0 with some secret compiler from germany. I wrote a _lot_ of borland pascal code for DOS back in the day.
However, none of that compared to the rapidity with which you could crank out working code in VB6. IIRC, VB6 was Microsoft's biggest money-making developer product. VB6 turned all BASIC programmers into Windows COM programmers, and if you've ever done COM in C/C++ you know that you really want to be using something like VB instead
VB helped bring non-expert app development to the Windows platform in a way Delphi never did. Not because Delphi is necessarily bad, it just didn't work out that way.
VB is beautiful because it works in the real world. Somebody really smart must have thought "everyone learns BASIC as their first programming language.. let's make an environment where you can write real GUI programs that do real useful work in the language even school children can learn" (i started writing applesoft 3.3 basic programs as a 5th grader.. it wasn't until jr high that i got into pascal on a 486)
When I hear people being snobby about VB they're usually pushing something where someone else will be snobby about _that_ (that person is probably pushing "haskell" or "eiffel" (sp?) as the "one true faith". Yet I'd speculate that VB has made more people more money (and i dont just mean microsoft - i mean the computer industry) than all other languages/environments combined.
"It's a fact that Internet Explorer is inferior to Firefox..."
I'll only believe that IE is inferior to Firefox for end user applications if lots and lots of end users agree.
Right. The original statement bothered me also. The story author's claim is pretty dubious. In consideration of the word used ("inferior"), which has derogotory connotations, it's hard to beleive that this statement is the result of some factual, objective analysis.
What people need to understand about complex systems like software, automobiles, governments, or musical preference is that there is rarely a black and white concept of "inferior".
No, for some defined set of criteria, a given candidate either satisfies them to the satisfaction of the evaluator or it doesn't. Even then, criteria are typically weighted and the weights aren't always known (even by the person that developed the criteria.. who can say that they care 3x more about the gender of the vocalist in a band than the speed of the drummer? some people probably have such an unwritten preference but couldn't articulate it).
So, if the statement had read "for a majority of home users who do casual web surfing, Firefox has numerous advantages over IE6", with some definitions around "home user" and "casual web surfing", then it's not necessarily an objectionable statement.
But since it wasn't said that way, it's easy to dismiss as fanboyism, and an uninspired consideration of the products and factors involved.
More concretely, if your web browser scenarios include
then firefox probably isn't "superior" to IE6, and probably not even a better choice. Then there are other more subjective critiera - Firefox seems to crash more than IE6 for me, and its memory usage is also much higher. It takes longer to repaint its windows when i wake the laptop from hibernate, and also longer to start accepting input events. Those may not be reproducible for other people, but they are for me, so in consideration of the listed requirements above, and the subjective ones below, it's hard to swallow a "IE is factually inferior to Firefox" argument. It's a twsited definition of "inferior" when it in practice translates to "works better than for the scenarios that are important to me"
I only read a tiny bit of your post, but your claim that the Renesis can do HCE and piston engines cant or do so badly is totally cracked.
BMW has been building dual-fuel hydrogen cars for over 20 years. The early ones didn't have variable valve timing, although the new ones do,just like the rest of BMWs engines.
BMW has been leading the way for decades on HCE research.. the whole picture.. HCE deployment, fueling stations, nozzle/tank technology, etc etc.
I love the Rotary engine, but don't discount the other excellent acheivements in the HCE field.
I can certainly see things ending up that way, but i don't think they are that way now.
:)
There are lots of websites and bulletin boards out there that are dedicated to militant islam.. where people are trading information on "targets", posting pictures of infidel decapitations...etc. There are activities going on there that in any police department would be "leads".
So while it is always possible that "the best of the best" organizations will resort to military grade encryption, 1 time use cell phones, etc etc, there is certainly a lot of knuckle-dragging activity by 3rd rate curmudgeons. I think the number of trouble makers that are curbed from shutting down those sorts of operations will be larger than the number that are driven to more advanced concealment techniques.
Remember, a terror regime that is effectively suppressed into non-activity, and non-communication-at-the-public, is no longer conducting terror. When terror is everpresent in peoples minds.. when they issue statements every week that say "we're going to strike again, you wont know where".. then they're terrorists. When they stay silent for years at a time.. they're not especially effective.
Shutting up these dingbats seems easy enough that I wonder why it hsan't been done yet. I am normally conspiracy-theory-adverse, but lately I can't help but feel like _somebody_ want's me to hate muslims, and to hate terrorists, so i don't pay so much attention to something else. I have that "senator palpatine is in the room" feeling but I can't put my finger on it
Not all linux users are on gentoo. When was the last time you recompiled your entire system because of glibc fixes? I haven't had to do that once in 9 years of using GNU/linux.
Never.
I stopped using linux for anything meaningful prior to glibc being widely used - my last linux machine still had libc.4.so and libc5.so on it. I "survived" the a.out->elf transition, etc. That is of course an exceptional case, but it illustrates the "either rebuild world, or take an entire new binary set (from a new version of) your favorite distro" dichotemy. Although I couldn't tell you from memory which, there have certainly been library patches for freeware unix systems that have required significant rebuilding-from-sources, or installing-over your machine with a newer vendor supplied binary set. Do you disagree and suggest that there are no pain points around patch management and excessive rebuilding/redeploying on linux, or are you arguing just for arguments sake?
In any case, a much better example of linux shared library hell would be the earlier GTK libraries, where apps often required mutually incompatible versions of GTK source distributions. The distribute-as-source model really sucks unless you want to be in the business of recompiling a lot of software _all the time_.
Can you explain/justify this?
The problem is that the regression testbed for IE is "everything". every website ever, and almost every windows app that uses HTML rendering (which is about all of them). What you define as "welded to the OS" is irrelevant - IE's "welding" to the OS is more or less "the HTML renderer and transport layers are available as shared libraries, and are used in a few spots".
It's no more severe than a fix being made to glibc - except that windows users expect software to keep running no matter what, and linux users put up with recompiling everyhing if the fix "requires" it (where "requires" means "author chose to do it that way")
FTA: In recognition that 2004 was most likely the first year in which a significant share of the company's new user base was coming from Windows users, Security Fix based each of "date patch issued" date for 2004 and 2005 on the release date of the next product update that incorporated the fix for that critical security vulnerability -- not the date on which a fix was available to developers. For 2003 critical Mozilla flaws, Security Fix relied on the times listed in the "date fixed" field for each critical flaw listed on the "Older Vulnerabilities in Mozilla Products" page.
:)
So if you cut the days-to-fix time up by year, for 2004, the avg is 65 days. In 2003 they used the "fixed" date in the bug DB. For 2005, its 37 days, and for 2004/2005 combined, its 42 days.
The 2004/2005 # is the interesting one, because that measures how long until the patch actually makes it into a shipping build. The availability date of source-code patches is irrelevant because most organizations are not equipped to deal with them; this is especially the case with firefox!
None of this is an excuse, however. As an MS employee, the data on our speed of patch delivery is pretty upsetting - the numbers are much worse than I would have expected. They're so bad that I am suspicious and wonder if there isn't some deeper story somewhere, but in any case, I'd like to think the maximum time anyone would have to wait would be ~1 month (flaw reported on the wednesday after "patch tuesday"), but according to this data we're not hitting that at all. I can't speak for the IE or the MSRC teams but those numbers really appear to suck. Sorry about that, everyone
"ferry troops and heavy equipment to distant battlefields" without even mentioning the moral implications.
I am primarily concerned with the "not getting my house blown up and my wife killed" implications, and from that angle, i want our armed forces blowing up someone else's backyard instead of waiting for someone else to blow up mine.
There is no morality, only law, and law is a malleable thing. The West has tried really hard at making sure that "morality" has become subjective to the point of irrelevance, and now that they've succeeded, don't whine about the result.
I would bet that in 50 years we have wars with no human casualties, but staggering industrial/economic damage done by intelligent or remote controlled artificial agents, if not pure software.
There have been actual studies showing P2P traffic represents over 50% of consumer ISP traffic. An ISP would have to be stupid not to shape P2P.
Excellent. Last time i heard some number thrown out, it was 90% of net traffic is SPAM.
I'd much rather that the net be 50% piracy than 90% SPAM.
No, and for good reason. The groups you mention both advocate the hurting others. Aryans advocate violence against others based on skin tone or religious affiliation, while "pedo's" prey on children. GLBT would just like to do their thing without being attacked for it. Huge difference.
I am going to play devils advocate here. My statements are not representative of my feelings.
while "pedo's" prey on children.
I have problems establishing the "intrinsic wrongness" of "pedophelia". Pedophelia is a legal concept. It doesn't necessarily exist as a moral one. For instance, if you're 19 and you have consensual sex with a 16 year old, in most states that makes you a sex offender.
It wasn't so long ago that girls were getting married at the age of 12 and were having reasonably productive lives as wives and mothers. I wasn't there but there wasn't a lot of literature written on the emotional damage caused to women due to marrying young.
The "intrinsic wrongness" of pedophelia is slippery enough that all we can really go on is what is legal or illegal. You cannot with a straight face say that a 15 year old girl can never have consensual sex with an adult due to immaturity, but an 18 year old can. The law, and thus the definition, is deficient for a a variety of different situations.
So, while we can certainly agree that there are things going on that are called pedophelia that are damaging to others, there are also things going on being labelled pedophelia that i think are perfectly fine.
I am assuming here, but i beleive pedophelia wasn't a separate crime until people saw that rape laws weren't effective in stopping this behavior. Yes, there are laws to stamp out non-consentual intercourse irrespective of age, but when its "consentual", we had to go and make laws that said "you are not old/smart/wise/whatever enough to give consent over your own well being".
IOW, "somebody" (society/the legal system) has decided that individual choice here should be overridden because even though the subject thinks they like the behavior (the consenting child), it's ultimately harmful to them and to society.
Now, next point:
GLBT would just like to do their thing without being attacked for it. Huge difference.
It is not a foregone conclusion that GLBT behavior doesn't do society intrinsic harm [just like it's not a forgone conclusion that puppies don't do intrinsic harm. I'm laboring towards a point, so please excuse me].
It is also not a forgone conclusion that GLBT relationships are free of harm for either party.
Suppose that you happen to beleive that homosexuality is ultimately harmful to those involved. You respect the right of individuals to make their own choices, but in this situation, you beleive that they are choosing a behavior that ultimately harms them.
In the case of pedophelia, "we" decided that the individual choice of a child was invalid and the behavior they were consentually participating in was ultiamtely harmful to them and thus should be illegal.
This, as a legal position, has a lot more to do with societal views and a lot less to do with science, certainly once you're talking about the teenage years.
So my point here is that what is or isn't "harmful" or "legal" has a lot more to do with the aggregate viewpoint of the society in context than it does with anything objective. To be more concrete about it, many fundamentalist christians beleive that practicing homosexuality is absolutely a sin (and it's well documented in the bible). They'd tell you that helping or enabling another to commit habitual sin is ultiamtely bad for that person. They'd tell you that that person is making choices for themselves that are ultimately harmful.
So i guess i am saying that the distinction between consentual pedophelia and consentual homosexuality isn't as cut and dry as you suggest. In one case, "society" has said "we're stepping in for the good of all" and in the other, it hasn't (not to
Requires you to validate windows to install
:)
Ok, this doesn't buy the customer much, but is it really all that big of a pain? Do you just conceptually object to Microsoft asking "is that a valid Windows you're using?"
Requires a reboot
I am not thrilled about this but given the wedding of the browser rendering component and the rest of the user experience ("OS"), i can't say i am surprised. You have to reboot after uninstalling it also, by the way
Actually attempts to pass off things like tabbed browsing and a search bar as innovative (really, take a look at the "demo" they bring you to when you first install it).
Consider part of the target market for IE7: People that are happy enough with the features of IE6 that they haven't bothered looking at Firefox yet. For them, tabbed browsing and a search bar are new and innovative. These are things that everyone will potentially benefit from but not all people will seek out and discover by themselves.
Part of the reason my grandfather uses a computer at a public library to do web surfing and write email is because Microsoft brings "cool stuff" away from the realm of the early adopter and puts it in the hands of everyone.
from Wikipedia
The series is extremely popular in Japan. Following the release of Dragon Quest III in 1988, the Japanese Diet requested that Enix only release new installments of the Dragon Quest series on Sundays or holidays, to prevent children from skipping school to wait in line for the latest Dragon Quest title.
Dragon Quest is such a cultural phenomenon in Japan that there are live-action ballets, musical concerts, and audio CDs based on the Dragon Quest universe.[3] The London Philharmonic Orchestra has performed for several Dragon Quest music albums.[4]
Still seem ridiculous for one game to have that big of an effect on profits? If it does badly, that represents a significant cultural shift for the country of Japan
You know perfectly well that what I am saying is accurate. There are posters on slashdot that will, seperately, both agree with Mitnick and disagree with Allchin. I am trying to point out how ridiculous that is.
Obviously i am not making a statement that speaks for every slashdot poster, as I am clearly a slashdot poster and I wouldn't make both of those statements.
If "you" don't happen to be one of those people, then my message doesn't apply to "you".
I stand by my original message. I am having trouble parsing your rebuttal - what is it exactly that you disagree with me on? You've written a lot of text but I can't tell that you've said anything.
And I can't believe there are idiots who modded you +5 Insightful.
Hey, there are idiots that will agree with Mitnick and disagree with Allchin, and there are plenty of them that post and moderate on slashdot. You shouldn't be so surprised at how things get moderated at times.
right click on any icon and click "run as". Problem with running older software solved. If it happens more often "Set Program Access and Defaults" works wonders.
This is a good start, but it doesn't work for everything. Afterall, often you want to retain your domain network credentials but elevate yourself to local admin. I dont think this situation is handled correctly by right click->Run As (but i'd be happy to be wronng).
Another situation where this gets cranky is trying to debug DLLs using something like VB6. VB6 has a nice debugger that lets you break right into COM DLLs and single step through them. This, however, requires admin rights and i dont think Run As makes this as painless as a right click launch of devenv.
Seriously, if Microsoft thought everything would work peachy with "Run As" they would have made a "Run As Admin" directly on the right click menu. I've suggested two situations off hand where i think you're wrong, and I am sure the appcompat guys working on XP had a much longer list. Bottom line, your scenarios are neither exhaustive nor necessarily representative.
C) Specialty software wasn't written for only one OS and/or using proprietary crap like MS SQL.
What's crappy about MS SQL? Have you ever been a DBA? (mySQL doesn't count - it is not a feature complete database, its backup/restore story has historically been awful, and it's performance seems to tail off badly once you start loading it with hundreds or thousands of user connections).
I've found SQL significantly easier to install, manage, and tune than Oracle, and its functionally light years ahead of mySQL, the darling of people that don't know what they're doing w.r.t. mission critical databases. And the performance of SQL is "sufficient" - look at the TPC/C scores it posts.
I regret that I haven't invested much effort into learning about Postgres, which i see as the only credible competitor to SQL server. [Today's DB/2 announcement notwithstanding].
So when Mitnick says it is easier to hack OSS software, people say "duh"
When Microsoft says "making our stuff open source will make it easier to find vulnerabilities", people say "Stop FUDing, Microsoft"
I dont see how can you beleive it when Mitnick says it and how you can refute it when Allchin says the same thing.
Is security a binary thing? Is something secure or insecure ?
I don't think so.
I think "security" is a blend of many things.. the _correctness_ of non-security features, the selection and depth of security-focused features, the process around resolving defects (because there will be defects), and the conditions under which a user can use the machine.
Even if Microsoft had done everything they knew how to do to make XP "secure" when they had made it, would it be secure today? No. Because today new threats are understood and being used that weren't in existance when XP was designed and shipped. Is XP retroactively insecure? Or it just less secure than something newer, all things otherwise equal, that was developed with the context of the threats that have emerged since XP was released?
In the specific case of Vista vs XP, some of the things that are "better" this time around are
- more credible run-as-non-admin story
- better sandboxing and least-priviledge stuff, even within a normal user account (i.e. its not necessarily true that IE running as you can do anything you can)
The run-as-non-admin thing "worked" in XP, but with enough caveats that it was hard to credibly say "everyone, do it that way". The POR for XP was to ship with non-admin-by-default until very, very late in the ship cycle, where there was just too much stuff that didn't work as non-admin. They made the hard decisino to make users=admin by default, and nobody was happy about it. This is a problem that Microsoft has been chipping away at for a while now, because the goal is "let everyone run with as few permissions as possible" and it often conflicts with the other goal of "20 year old software written by 3rd party people needs to keep running"
I have no problem buying that Vista has more security-focused features than XP. I have no problem buying that Vista has better code correctness in non-security features than XP. I don't think the security response process will be any worse in vista, infact, i know of at least one technology that makes it better (but im not sure if its public yet?).
Will Vista be "more secure" than XP? I think so. Will it be "as secure" as OpenBSD? Probably not. Will it do more things that more users want than OpenBSD? Definiately. Will Vista have a better intersection of practical security vs functionality than OpenBSD?
Microsoft thinks so, and I think I agree with them.
We've had an unusually mild winter here this year.
Last January, we spent a few days below -30F (i.e. it was never warmer than -30F anytime in 72 hrs).
This year I dont think we've gotten below zero yet. It's been a very very pleasant 25F most of January. I have only worn my winter coat once or twice, because honestly, that coat is for when it gets 50-60F COLDER, like it did last winter.
The perfect winter in my mind is bucketloads of snow from Nov-March, and temps right in the 20-35F range the whole time. The January dip into the -30 zone is something i can do without just fine.
A few more winters like this and the city council will shut off the 3-acre Aerosol can we've been holding open the last few years. And we'll change city parking rules so vehicles will no longer be required to idle the entire time they're parked.
My understanding is that previous disclosures of Windows Source typically had "no develop" and "no commercial spinoff" clauses. I.e. you couldn't necessarily use the Windows source to try and make your pay-ware version of $whatever work better.
I think this changes that. Now software companies working on plugsin/whatever for windows will be able to continue working on those things, even after looking at the windows code.
That is a pretty significant change, I think. Previous source offerings were primarily for academic institutions, govt code/assurance audits.
I suppose there have been a few previous Windows source licenses that allowed for product development. Sysinternals, Mainwin, and OpenNT come to mind.. but perhaps these were all US based entities?
Note - i have no specific knowledge of these issues, i am just stating my impression.