The dev owns code, including wether or not it does what its supposed to.
The point i was trying to make was one about shared responsibility for what happens. If a BO is found, is it the devs fault, for having a buggy implementation, the testers fault, for not checking boundary/size cases sufficiently, the PM's fault, for not having a proper threat model of the feature, or some mix of all three ?
1a) irregardless isn't a word:) ok, i'll bite a little. I have a hard time beleiving that everything in linux is a 100% clean room implementation, when the point of linux and the GNU toolchain was to make a freeware clone of UNIX. So, im predisposed to thinking there's some lifted code or designs in linux. On the issue of who that was lifted from (was it sco ?) or if that actually matters (there are only so many ways to write a VFS layer, or grep) i don't really have an opinion, and im not really qualified to have one. in general i think our society is too litigous and there are lots of frivilous lawsuits. On the other hand, the open source phenomenon presents a big challenge for commmercial software vendors in the following sense: according to the Fredrick Brooks classic "the mythical man month", dev time is 1/6th of the wall-clock time in a software engineering effort. The rest comes from design and testing.
Alot of what's happening in the linux space is wholesale cloning of existing software/features, with careful picking and choosing of whats great and what sucks about the peice being cloned. The design is apparent in the functionality of the system to be cloned - so thats time and expense that some proprietary company went through that the linux project is avoiding (potentially). The "testing effort" is simply "does it work as good as the original?" so significant time is saved there as well. In effect, the linux clone/improve effort can clone functionality faster than it can be created originally in many cases, and of course free software has the "side effect" of pulling the market out of commercial software if it truly is an acceptible feature parity clone of the commercial offerings.
So i think part of what SCO is doing is reactionary - they're saying "this can't keep happening - these people are cloning our designs, cloning our interfaces, and we think they're just flat out stealing code in some cases. then they give it away for free and we of course suffer as a result"
i think this is a hard problem that really comes down to wether or not you think intellectual property is a real thing or not. the classic problem with IP is the following:
company X spends 10b over 20 years to develop a drug that effectively treats a human ailment. Once discovered, manufacture of this drug is essentially zero cost per part. The 10b research cost has to be amortized over a certain volume of pills for a reasonable time period to allow return on investment, otherwise the company goes under and brilliant people dont figure out new ways to cure ailments.
at the same time, the drug is just a molecule and may even be easy to produce in your kitchen. why can company X stop you from mixing water, baking soda, and maybe 3 other things in your own home ? what about if you sell your concoction more cheaply than they do ? should they be allowed to stop you ?
Now to throw in a twist - what if company X's molecule is too expensive to buy in 3rd world countries, but those people need this medicine as well?
precisely the same problem exists in software. Someone does all the hard work, then its cloned cheaply by others, and given away for free, typically because people want to 1) do it themselves or 2) are in developing countries and cant afford US prices for things
(we see lots of linux adoption in developing countries, actually)
anyway, back to the specific SCO issue: the biggest thing that irritates me is that most slashdot posters beleive 110% that the whole case is completely BS and that SCO is making a frivolous lawsuit. i think there may be something to their case (see above - i have a hard time beleive linux is 100% clean room), but i also don't know what SCO is hoping to get out of all of this.. the cat is out of the bag, so to speak.. linux and other free unixes are "good enough" for many problems.. at least as good as SCO probably ever was.
"what color should our PCWorld ad be ?" is a marketing decision. "whats the best way to position windows server 2003 against linux for situation x?" is a marketing question.
"what is the line of importance below which features get cut for this release" is a product decision, based on business realities of shipping software, and is mostly a PM thing. i view decisions which affect the design of the product as distinct from decisions that affect how the product is sold. To me, one is marketing, one is not.
Oh, and im not an OS/2 expert, but I loved OS/2 2.1 and don't understand why it didn't do better. Windows sucked so badly, comparatively. My guess is that part of OS/2's problem was the dearth of software for it, but really, it was a superior in all ways product, so i dont know why it failed. The _design_ of OS/2 was brilliant and effectively flawless, IMO. (PM jobs). The buzz around OS/2 didn't exist, nor did the advertising, sales, etc (marketing job)
ok. so let me clarify. I'm not saying that developers make all decisions about MS product design - far from it. however, someone who's title is "marketing", or "sales", or is in the sales/marketing organization is not making product decisions (although they do make valuable suggestions/feature requests, as they're the front lines in dealing with real-life customers)
the PM will solict feedback from various sources and that drives what does and doesn't go into the product. It may very well be that the target "market" of a product is a novice, and thus the settings would be all wrong for someone who was a power user. That is not a decision made by a "marketing" person - that is a PM decision, based on feedback/research/whatever that the PM has put together.
i dont work on the office team, so i cant tell you who the word experts are or aren't, so i dont want to argue about stuff you've heard vs stuff i've heard:)
re: ui guidelines:
do you think marketing people have access to dropoff.jpg files into the build servers ? or, in the case of Win32 controls - do you think that the title bars in windows are just GIFs that get scaled ? They're programmatically drawn - marketing people aren't checking in code changes to the windows sources!! The security on the windows source code from even a read-only perspective is so tight (following some publicized breakins a while back) that there is no chance that someone in the sales/marketing org could change some content even if they wanted to or knew how..
because microsoft has a lot of money, they should produce bug free software ?
whats the threshhold of company worth where its ok to have bugs in your code ? if MS had 1b dollars, how many security vulns could they have ?
if microsoft were going to pay you 30b dollars, how would you instruct them to produce code with no security defects at all. Think carefully, i'll give you a day or two to come up with the answer.
your profit margin number is also incorrect. a cursory examination of, well, anything public domain would tell you this... i.e. SEC filings. I beleive quarterly profits are on the order of perhaps 1b, so perhaps theres 4b of income in a year. ~8b is dumped into just R&D every year. then you consider costs associated with production, channel, marketing, etc. IOW, the 75% margin figure is totally bogus.
not that i know of, although i think being the code/test owner of a feature that has a BO in it is looked upon pretty poorly (they're going to ask why you didn't find it, i think)
Let me ask this question:
If your employment was contingent on you writing 100% bug free code, would you have a job ?
i know you're being funny but i thought i'd chime in:
there is now (and has been for at least 3 years) the policy at MS that if you put an easter egg in MS software you should expect to be fired upon its discovery.
also, no one in marketing at MS is in a position to fire anyone working in a product group. i have never actually even met any marketing people at MS. I think i see them from time to time -- i'll see a bunch of dorks in nice looking clothes having a meeting, often with catered lunch, all staring blankly at a.ppt presentation -- but i've never dealt with any of them. Infact, the only real impact marketing has on product teams that i can tell is for naming stuff. I.e. longhorn is the code name for the future windows client. At some point, it will get renamed to something. Thats a decision that marketing is in on. Once the new name is decided, an email will go out to everyone that more or less says "marketing has said that the new name is x, please update all string resources to use the new name". For instance, late in the game Windows Server 2003 was changed to not include the ".NET" branding. Going over every place in the product (docs included) where someone had written down "Windows.NET Server" was required.
Also, product developers are not strictly/solely responsible for finding bugs. If a developer works 32 straight hours on a peice of code, its not up to that developer to own the correctness of the code - its up to the tester(s) assigned to that feature area. I've met at least one tester that would ask each of the developers he worked with (conversationally) how late they'd worked, and then would prioritize his testing for the day partially based on who had stayed up the latest or worked the longest hours. Finding a bug less then 12 hours old is incredibly helpful.
Finally, marketing has little to do with the UI in windows. Nobody in marketing (that i am aware of, anyway) has the right know how, much less access and tools, to modify the code that draws UI's in Windows. They may have input into how stuff works, but thats really more of a PM issue (program manager). PM's are typically very technically savvy (although often not with the depth you'd see from test or development), so they're closer to the JRH side then the Marketing side (usually)
the only way to drive like a sane person is to not drive at all.
see, in the USA you've got soccer moms drugged up on paxil sipping their $5 coffee-based beverages while they do the makeup that doesn't make them look any better while they drive their leased hummer H2s over perfectly paved roads to their husbands co-workers house (which has a double mortgage) to go fuck the guys brains out. Never mind that she's on the phone telling him how much she hates her husband for the whole drive.
these devices do nothing to capture the real factors relating to car accidents.
the speed limits (and much of the traffic law) in the US is 100% an issue of revenue generation. this is borne out time and time again. If anyone at all in the US were serious about safety, things would be different, and not different in the sense that everyone would be coasting at 55mph.
you void your BMW E46 M3's warranty if you don't use the specified oil, Castrol 10W60 Full synthetic, which is only available at BMW and porsche dealers, at outrageous expense.
there is absolutely nothing intereting or novel about Sun's SMP hardware, except perhaps the UPA interconnect that is matched or exceeded by AMD hypertransport.
you go on to say that "it doesn't matter how fast the cpu is, its disks that matter" and then you conclude with "so buy slow sun cpus".
Why not just add more disks to the x86 machines ? The disks are cheaper for a compaq box then they are for a sun box (even though they're the same spindle, you get to pay the proprietary unix tax when you buy disks from sun)
the 64 bit argument doesn't really hold much water either, currently, unless you've got lots of 64 bit apps you depend on, in which case, for many of those apps they've been built for wintel with/3gb and/PAE (i.e. SQL server, analysis services, SAP,... )
what i want to know is how much you pay your admin people.. you bought more CPU's even though you were 60% iowait ?
slow 64 bit cpus in the datacenter primarily has to do with Sun's hedgemony in that sector, VC's making technical decisions for companies (nobody ever loses with Sun+Oracle! Oh Look, Shiny!), and sparc-only apps (very small percent here)
wintel has been outperforming all sparc hardware for the last few years... it really all started going down hill for sun when the PPro came out.
i sort of agree with you that adding faster procs is a stupid game, but this point doesn't support your assessment that 64 bit sparcs are the way to go. the "way to go" depends on what apps you need to run, what they run on, and your budget. if there's app parity between wintel and sun, wintel will be faster and cheaper.
in general, 64bit computing is a waste of time and performance, unless you need a 64 bit address space. you can fit half the instructions in cache, half the pointers in your data structures, load half as many addresses per cycle, etc. We've got a couple of 8 and 16GB SQL server boxes so when Win64 and SQL64 have baked a bit longer we may migrate those databases to 64bit platforms..
sending that zero day exploit to bugtraq with detailed code attached is grossly irresponsible.
the current arrangement is far and away the correct approach for the overall well being of the network as a whole.
there is absolutely no reason to post valid exploit code until 1) the vendor has had time to understand it 2) the vendor has issued a patch 3) it can be reasonably expected that the patch has been widely applied
any time exploit code is posted prior to that, the person doing it is being grossly irresponsible. it doesn't matter that you beleive in "full disclosre" or "peer review" or whatever pseudo-intellectualism you're trying to push, the fact of the matter is that it takes security experts to find these issues and it takes time to fix them, but any moron can exploit them once the exploit is released.
the goal of security research is to do two things 1) improve the quality of software 2) protect people's systems
the deferred release plan delivers excellently on those. the full-disclosure-on-day-zero blatantly crushes goal #2, and arguably doesn't help goal #1, as now the vendor is absolutely frantic trying to rush out a patch without the ability to really think about how to fix it properly (not that they always get it right under the current scheme..)
this is incorrect. The.NET runtime version 1.1 comes with Windows Server 2003.
I am probably wrong on this, but i think the.NET Runtime version 1 comes with certain packagines of Windows XP (tablet PC, perhaps ? Media Center ?)
the runtime is getting out there. More and more things will start to require it..net is seeing admirable deployment on the server side. However, unlike java, it is also seeing some real-world apps on the client as well.
there is nothing we can do to please everybody. for groups who have already resorted to terrorism against the civilian population, pleasing them isn't realistic. meeting them halfway isn't realistic. that leaves extermination.
there seem to be two vocal camps w.r.t the "obscurity" issue..
1) security through obscurity is no security at all (you) 2) security through obscurity is all you need (most people, especially in meat space)
both camps of people are idiots. the problem is that camp #1 is especially loud mouthed.
the real answer lies somewhere in between. Security comes from understanding attack vectors, then presenting a layered defense against vectors you do and do not anticipate.
I'll tell you how much high tech it took to fly the planes into the buildings - it took commercial jet liner training, training that is not general knowledge, not generally available, yet was given to these people without the proper amount of background checking and suspicion.
The obscurity of knowing how to fly a 767 or 777 is sufficient that nobody has tried an attack like thsi before, and that in order to try it, people had to get specialized training in order to know how to do it. They had to deobscure the knowledge by paying for commercial specialized training.
Had there been tighter access on training, this may have prevented the attack. Had there been fingerprint scanners on the cockpit door, that may have prevented the attack. Had the planes had remote-destruct systems that ground controllers could have used, that may have prevented the attack.
None of these solutions are more than one layer, nor are any of them adequate. All help, somewhat. Taken together, the attack may have been mitigated or even avoided completely.
Speaking as someone that had to explain to a municipal prosecuter where i learned how to mix certain chemicals in a certain way to cause... teenage amusement, people really do feel threatened by informatino being "out there for anyone". Obviously security-through-obscurity is a very poor thing to lean on in break-once, break-anywhere situations (i.e. once i know how to fly one 767 i can fly all of them), but it DOES raise the barrier to entry, and that is critically important. We can all agree that the obscurity presented in knowing how to steal/fly commercial aircraft is good - this can be demonstrated by the fact that 3 airplanes were taken over, not 30, not 3 per week, not any other number before or after..
now, how all of this relates to the scientific research issue is where you were realy going. i just wanted to point out that your hardline anti-obscurity stance if fundamentally flawed, and does not play well with experimental results..
we are already in a situation where not all science is public domain. you (hopefully!) are not in posession of the latest particile physics research as related to weapons design. theres nothing stopping you from finding this information out on your own, but it is important that you getting that knowledge without the associated, understood barrier to entry of a lifetime of research and specialized equipment, is in place. that obscurity is significant enough that the world feels a little safer, for the very short-term time being. technology wise, there probably isn't lots keeping you from developing your own nuclear device. it's an issue of time, expertise, and money, i suspect.
we now understand the significance of new attack vectors. we know understand that germ/bio warfare can now be executed on a small scale with devastating results. where we once didn't care about biological research, we now must. Once upon a time, nobody cared about atomic physics research either..
I drive a 1988 BMW M5, which was the worlds fastest 4 door car when it was new.
I get roughly 11mpg in typical driving, out of a fuel injected 3.5L 24v 6-throttle slant-six.
This car is lots and lots of fun to drive. It holds 4 people comfortably, 5 if you need to. There still aren't many sedans that get to 60 in the ~6 second range, and this car only comes in black with black trim.
You may think it's impractical. It is. I got my car because I love driving, not to make an environmental or political statement. When I am not in the mood to _drive_, or when my only one-of-2100-total-units BMW needs some parts, i take the bus. If all you want to do is get from point A to point B in a boring appliance vehicle that is cost sensitive and environmentally responsible, take a bus.
If you actually want to buy a car, buy a miata. It's the best car you can buy to actually learn how to drive. I'm not referring to learning how to drive in order to get a license. I'm talking about really learning how to drive - controlling oversteer, knowing when the car will understeer, basic drifting, threshhold braking, double-clutching, etc. THe miata is great for all of these, the prius/insight are terrible at all of them:)
A miata is also cheap to operate.
Finally, you'd be making an informed decision instead of a soft-facts based one.
(i promise a miata will in all ways outperform any of the current hybrid vehicles)
All things considered, _you_ are better off running windows update. Your "safe route" is a terrible idea. How does your firewall protect against an IE vuln, where your unaptched machine uses IE to request a page with malicious code in it ?
Ooops.
Patch your machines, or, let automatic updates do it for you.
Re:VS sucks
on
Java vs .NET
·
· Score: 2, Informative
Hi.
I work in the developer tools division at Microsoft. Current plans say that my team will be supporting VB6 until the year 2012, longer than any other Microsoft product, and a notable rare exception to the stanard 7years-post-FCS policy that we just adopted.
VB is the most widely sold microsoft development product. AFAIK, It's got more users than the rest of Visual Studio combined. It is the bread and butter of millions of programmers out there.
VB6 isn't going anywhere because there is lots of legacy code out there, and lots of satisfied customers.
I have written several new applications with VB6, even though I was using VB.NET since before you had any idea it would ever exist and prefer it in generally all ways to VB6. I decided to use VB6 because the component would only be called via cscript.exe using COM latebinding. Making a COM DLL in VB6 is free, doing it in Managed code requires checking a box in your project, but the deployment scenario requires the.NET runtime, and the user needs to regasm your managed dll for COM interop.
My team internally developed a major peice of VB6 code over the period of several years. It was re-written from scratch in VB.NET in several months, and roughly 1/3rd to 1/2 the lines of code. It's certainly faster and less awkward to refactor, as well.
In summary 1) VB6 was great, but VB.NET is better for almost everything 2) VB6 has a huge installed base and is incredibly critical to microsoft's target development audience. As much as we sometimes want to, we cant just "shut it off". 3) As someone who ported over 500 small VB programs to VB.NET _before_ there was the in-box migration tool, I feel qualified to speak on the portability and learning curve issues. Yes, there are issues, but going from VB6 -> VB.NET is less obtuse than going from say, VB -> Java. 4) As long as windows executes native Win32 PE executables (even via WOW64), VB6 isn't "dead". Apps will continue to work, and the same VB6 compiler will continue to run. 6) VB6 first shipped in 1998 on NT4. It has been tested against every subsequent Microsoft OS. I am friends with the people that do this testing. W2k3 wasn't allowed to ship until we verified that thousands of scenarios ran on it identically to how they ran in 1998.
Re:Java's not exactly pining for the fields just n
on
Java vs .NET
·
· Score: 1
you're wrong. There is the.NET Compact Framework, and the current release of Windows CE includes it.
Additionally, with VS 7.1 you can build managed apps for CE devices right inside VS.
Apple Sues SCO for unlicensed use of Jobs RDF (Reality-Distortion-Field)
Apple spokesperson Marsha Lile explains the basis behind the suit:
"SCO has been generating an awful lot of press lately while not contributing anything to the industry or the state of the art. As a company, they're irrelevant, as a technology player, they're a has-been, but the most damning evidence comes from their ridiculous outbursts of pure, unwavering, shitfaced, insanity. It is therefore the opinion of Apple Computer -- and we feel confident -- the State of California District Court System, that SCO is illegally using our technology and must cease and desist immediately."
Lile also added that the new PowerMac G5 would beat up SCO in a fight, wirelessly.
everyone has read the reports that microsoft will be shipping a database based filesystem with extensive metadata tracking in a future operating system. this has been essentially public knowledge for > 1 year.
some open source project comes along saying they're going to make a database based filesystem with extensive meta data. slashdot bozos call it "innovative"
the same slashdot bozos that say microsoft has _never_ innovated and has only "stolen" ideas from other sources.
so which is it ? is making the filesystem an rdbms with pervasive metadata innovative, or just a stolen idea ?
I have. I know for instance that copy/paste into the clipboard from a restricted document does not work. Printing doesn't either, unless they've allowed that, iirc.
I didn't try an image screenshot. Faxing would not be allowed as there would be no conduit to the fax software (since you cant fowrard or print, nor use cut and paste)
I'm not saying that the Office DRM solution is foolproof, or even that there isn't a gaping hole somewhere. I'm saying it defeated a casual, non-motivated attacker - me.
Slashdot Mirror
you're absolutely right, and i misspoke.
The dev owns code, including wether or not it does what its supposed to.
The point i was trying to make was one about shared responsibility for what happens. If a BO is found, is it the devs fault, for having a buggy implementation, the testers fault, for not checking boundary/size cases sufficiently, the PM's fault, for not having a proper threat model of the feature, or some mix of all three ?
1) i'm not touching that at all :)
:)
1a) irregardless isn't a word
ok, i'll bite a little. I have a hard time beleiving that everything in linux is a 100% clean room implementation, when the point of linux and the GNU toolchain was to make a freeware clone of UNIX. So, im predisposed to thinking there's some lifted code or designs in linux. On the issue of who that was lifted from (was it sco ?) or if that actually matters (there are only so many ways to write a VFS layer, or grep) i don't really have an opinion, and im not really qualified to have one. in general i think our society is too litigous and there are lots of frivilous lawsuits. On the other hand, the open source phenomenon presents a big challenge for commmercial software vendors in the following sense: according to the Fredrick Brooks classic "the mythical man month", dev time is 1/6th of the wall-clock time in a software engineering effort. The rest comes from design and testing.
Alot of what's happening in the linux space is wholesale cloning of existing software/features, with careful picking and choosing of whats great and what sucks about the peice being cloned. The design is apparent in the functionality of the system to be cloned - so thats time and expense that some proprietary company went through that the linux project is avoiding (potentially). The "testing effort" is simply "does it work as good as the original?" so significant time is saved there as well. In effect, the linux clone/improve effort can clone functionality faster than it can be created originally in many cases, and of course free software has the "side effect" of pulling the market out of commercial software if it truly is an acceptible feature parity clone of the commercial offerings.
So i think part of what SCO is doing is reactionary - they're saying "this can't keep happening - these people are cloning our designs, cloning our interfaces, and we think they're just flat out stealing code in some cases. then they give it away for free and we of course suffer as a result"
i think this is a hard problem that really comes down to wether or not you think intellectual property is a real thing or not. the classic problem with IP is the following:
company X spends 10b over 20 years to develop a drug that effectively treats a human ailment. Once discovered, manufacture of this drug is essentially zero cost per part. The 10b research cost has to be amortized over a certain volume of pills for a reasonable time period to allow return on investment, otherwise the company goes under and brilliant people dont figure out new ways to cure ailments.
at the same time, the drug is just a molecule and may even be easy to produce in your kitchen. why can company X stop you from mixing water, baking soda, and maybe 3 other things in your own home ? what about if you sell your concoction more cheaply than they do ? should they be allowed to stop you ?
Now to throw in a twist - what if company X's molecule is too expensive to buy in 3rd world countries, but those people need this medicine as well?
precisely the same problem exists in software. Someone does all the hard work, then its cloned cheaply by others, and given away for free, typically because people want to
1) do it themselves
or
2) are in developing countries and cant afford US prices for things
(we see lots of linux adoption in developing countries, actually)
anyway, back to the specific SCO issue:
the biggest thing that irritates me is that most slashdot posters beleive 110% that the whole case is completely BS and that SCO is making a frivolous lawsuit. i think there may be something to their case (see above - i have a hard time beleive linux is 100% clean room), but i also don't know what SCO is hoping to get out of all of this.. the cat is out of the bag, so to speak.. linux and other free unixes are "good enough" for many problems.. at least as good as SCO probably ever was.
2) i
i disagree.
"what color should our PCWorld ad be ?" is a marketing decision. "whats the best way to position windows server 2003 against linux for situation x?" is a marketing question.
"what is the line of importance below which features get cut for this release" is a product decision, based on business realities of shipping software, and is mostly a PM thing. i view decisions which affect the design of the product as distinct from decisions that affect how the product is sold. To me, one is marketing, one is not.
Oh, and im not an OS/2 expert, but I loved OS/2 2.1 and don't understand why it didn't do better. Windows sucked so badly, comparatively. My guess is that part of OS/2's problem was the dearth of software for it, but really, it was a superior in all ways product, so i dont know why it failed. The _design_ of OS/2 was brilliant and effectively flawless, IMO. (PM jobs). The buzz around OS/2 didn't exist, nor did the advertising, sales, etc (marketing job)
So,I chalk up OS/2 2.1 as a marketing failure.
ok. so let me clarify. I'm not saying that developers make all decisions about MS product design - far from it. however, someone who's title is "marketing", or "sales", or is in the sales/marketing organization is not making product decisions (although they do make valuable suggestions/feature requests, as they're the front lines in dealing with real-life customers)
:)
.jpg files into the build servers ? or, in the case of Win32 controls - do you think that the title bars in windows are just GIFs that get scaled ? They're programmatically drawn - marketing people aren't checking in code changes to the windows sources!! The security on the windows source code from even a read-only perspective is so tight (following some publicized breakins a while back) that there is no chance that someone in the sales/marketing org could change some content even if they wanted to or knew how..
the PM will solict feedback from various sources and that drives what does and doesn't go into the product. It may very well be that the target "market" of a product is a novice, and thus the settings would be all wrong for someone who was a power user. That is not a decision made by a "marketing" person - that is a PM decision, based on feedback/research/whatever that the PM has put together.
i dont work on the office team, so i cant tell you who the word experts are or aren't, so i dont want to argue about stuff you've heard vs stuff i've heard
re: ui guidelines:
do you think marketing people have access to dropoff
i think you're taking in indefensible position.
because microsoft has a lot of money, they should produce bug free software ?
whats the threshhold of company worth where its ok to have bugs in your code ? if MS had 1b dollars, how many security vulns could they have ?
if microsoft were going to pay you 30b dollars, how would you instruct them to produce code with no security defects at all. Think carefully, i'll give you a day or two to come up with the answer.
your profit margin number is also incorrect. a cursory examination of, well, anything public domain would tell you this... i.e. SEC filings. I beleive quarterly profits are on the order of perhaps 1b, so perhaps theres 4b of income in a year. ~8b is dumped into just R&D every year. then you consider costs associated with production, channel, marketing, etc. IOW, the 75% margin figure is totally bogus.
not that i know of, although i think being the code/test owner of a feature that has a BO in it is looked upon pretty poorly (they're going to ask why you didn't find it, i think)
Let me ask this question:
If your employment was contingent on you writing 100% bug free code, would you have a job ?
Yes
i know you're being funny but i thought i'd chime in:
.ppt presentation -- but i've never dealt with any of them. Infact, the only real impact marketing has on product teams that i can tell is for naming stuff. I.e. longhorn is the code name for the future windows client. At some point, it will get renamed to something. Thats a decision that marketing is in on. Once the new name is decided, an email will go out to everyone that more or less says "marketing has said that the new name is x, please update all string resources to use the new name". For instance, late in the game Windows Server 2003 was changed to not include the ".NET" branding. Going over every place in the product (docs included) where someone had written down "Windows .NET Server" was required.
there is now (and has been for at least 3 years) the policy at MS that if you put an easter egg in MS software you should expect to be fired upon its discovery.
also, no one in marketing at MS is in a position to fire anyone working in a product group. i have never actually even met any marketing people at MS. I think i see them from time to time -- i'll see a bunch of dorks in nice looking clothes having a meeting, often with catered lunch, all staring blankly at a
Also, product developers are not strictly/solely responsible for finding bugs. If a developer works 32 straight hours on a peice of code, its not up to that developer to own the correctness of the code - its up to the tester(s) assigned to that feature area. I've met at least one tester that would ask each of the developers he worked with (conversationally) how late they'd worked, and then would prioritize his testing for the day partially based on who had stayed up the latest or worked the longest hours. Finding a bug less then 12 hours old is incredibly helpful.
Finally, marketing has little to do with the UI in windows. Nobody in marketing (that i am aware of, anyway) has the right know how, much less access and tools, to modify the code that draws UI's in Windows. They may have input into how stuff works, but thats really more of a PM issue (program manager). PM's are typically very technically savvy (although often not with the depth you'd see from test or development), so they're closer to the JRH side then the Marketing side (usually)
drive like a sane person ?
the only way to drive like a sane person is to not drive at all.
see, in the USA you've got soccer moms drugged up on paxil sipping their $5 coffee-based beverages while they do the makeup that doesn't make them look any better while they drive their leased hummer H2s over perfectly paved roads to their husbands co-workers house (which has a double mortgage) to go fuck the guys brains out. Never mind that she's on the phone telling him how much she hates her husband for the whole drive.
these devices do nothing to capture the real factors relating to car accidents.
the speed limits (and much of the traffic law) in the US is 100% an issue of revenue generation. this is borne out time and time again. If anyone at all in the US were serious about safety, things would be different, and not different in the sense that everyone would be coasting at 55mph.
you void your BMW E46 M3's warranty if you don't use the specified oil, Castrol 10W60 Full synthetic, which is only available at BMW and porsche dealers, at outrageous expense.
Nobody else makes a 10W60 full synthetic oil.
Next Story: NAZI Party Officials Blast SS Deathtroops for human rights violations
im not sure what the problem is. is it that the teacher is marginalizing the student and ostracizing him from the class ?
that issue has nothing to do with the pledge and everything to do with the teacher.
if your concern is that kids might not like bobby's version of the pledge - that's bobby's problem.
this is bunk.
/3gb and /PAE (i.e. SQL server, analysis services, SAP, ... )
there is absolutely nothing intereting or novel about Sun's SMP hardware, except perhaps the UPA interconnect that is matched or exceeded by AMD hypertransport.
you go on to say that "it doesn't matter how fast the cpu is, its disks that matter" and then you conclude with "so buy slow sun cpus".
Why not just add more disks to the x86 machines ? The disks are cheaper for a compaq box then they are for a sun box (even though they're the same spindle, you get to pay the proprietary unix tax when you buy disks from sun)
the 64 bit argument doesn't really hold much water either, currently, unless you've got lots of 64 bit apps you depend on, in which case, for many of those apps they've been built for wintel with
what i want to know is how much you pay your admin people.. you bought more CPU's even though you were 60% iowait ?
slow 64 bit cpus in the datacenter primarily has to do with Sun's hedgemony in that sector, VC's making technical decisions for companies (nobody ever loses with Sun+Oracle! Oh Look, Shiny!), and sparc-only apps (very small percent here)
wintel has been outperforming all sparc hardware for the last few years... it really all started going down hill for sun when the PPro came out.
i sort of agree with you that adding faster procs is a stupid game, but this point doesn't support your assessment that 64 bit sparcs are the way to go. the "way to go" depends on what apps you need to run, what they run on, and your budget. if there's app parity between wintel and sun, wintel will be faster and cheaper.
in general, 64bit computing is a waste of time and performance, unless you need a 64 bit address space. you can fit half the instructions in cache, half the pointers in your data structures, load half as many addresses per cycle, etc. We've got a couple of 8 and 16GB SQL server boxes so when Win64 and SQL64 have baked a bit longer we may migrate those databases to 64bit platforms..
this is bollocks.
sending that zero day exploit to bugtraq with detailed code attached is grossly irresponsible.
the current arrangement is far and away the correct approach for the overall well being of the network as a whole.
there is absolutely no reason to post valid exploit code until
1) the vendor has had time to understand it
2) the vendor has issued a patch
3) it can be reasonably expected that the patch has been widely applied
any time exploit code is posted prior to that, the person doing it is being grossly irresponsible. it doesn't matter that you beleive in "full disclosre" or "peer review" or whatever pseudo-intellectualism you're trying to push, the fact of the matter is that it takes security experts to find these issues and it takes time to fix them, but any moron can exploit them once the exploit is released.
the goal of security research is to do two things
1) improve the quality of software
2) protect people's systems
the deferred release plan delivers excellently on those. the full-disclosure-on-day-zero blatantly crushes goal #2, and arguably doesn't help goal #1, as now the vendor is absolutely frantic trying to rush out a patch without the ability to really think about how to fix it properly (not that they always get it right under the current scheme..)
uh, all the other cars that it already beat are faster than the E55 AMG.
Mercedes doesn't make performance vehicles. AMG modified mercedes make them acceptable.
For every car that mercedes makes - even the AMG specials, BMW makes one that is faster, cheaper, and handles better.
this is incorrect. The .NET runtime version 1.1 comes with Windows Server 2003.
.NET Runtime version 1 comes with certain packagines of Windows XP (tablet PC, perhaps ? Media Center ?)
.net is seeing admirable deployment on the server side. However, unlike java, it is also seeing some real-world apps on the client as well.
I am probably wrong on this, but i think the
the runtime is getting out there. More and more things will start to require it.
bs.
there is nothing we can do to please everybody. for groups who have already resorted to terrorism against the civilian population, pleasing them isn't realistic. meeting them halfway isn't realistic. that leaves extermination.
you're wrong.
... teenage amusement, people really do feel threatened by informatino being "out there for anyone". Obviously security-through-obscurity is a very poor thing to lean on in break-once, break-anywhere situations (i.e. once i know how to fly one 767 i can fly all of them), but it DOES raise the barrier to entry, and that is critically important. We can all agree that the obscurity presented in knowing how to steal/fly commercial aircraft is good - this can be demonstrated by the fact that 3 airplanes were taken over, not 30, not 3 per week, not any other number before or after..
there seem to be two vocal camps w.r.t the "obscurity" issue..
1) security through obscurity is no security at all (you)
2) security through obscurity is all you need (most people, especially in meat space)
both camps of people are idiots. the problem is that camp #1 is especially loud mouthed.
the real answer lies somewhere in between. Security comes from understanding attack vectors, then presenting a layered defense against vectors you do and do not anticipate.
I'll tell you how much high tech it took to fly the planes into the buildings - it took commercial jet liner training, training that is not general knowledge, not generally available, yet was given to these people without the proper amount of background checking and suspicion.
The obscurity of knowing how to fly a 767 or 777 is sufficient that nobody has tried an attack like thsi before, and that in order to try it, people had to get specialized training in order to know how to do it. They had to deobscure the knowledge by paying for commercial specialized training.
Had there been tighter access on training, this may have prevented the attack. Had there been fingerprint scanners on the cockpit door, that may have prevented the attack. Had the planes had remote-destruct systems that ground controllers could have used, that may have prevented the attack.
None of these solutions are more than one layer, nor are any of them adequate. All help, somewhat. Taken together, the attack may have been mitigated or even avoided completely.
Speaking as someone that had to explain to a municipal prosecuter where i learned how to mix certain chemicals in a certain way to cause
now, how all of this relates to the scientific research issue is where you were realy going. i just wanted to point out that your hardline anti-obscurity stance if fundamentally flawed, and does not play well with experimental results..
we are already in a situation where not all science is public domain. you (hopefully!) are not in posession of the latest particile physics research as related to weapons design. theres nothing stopping you from finding this information out on your own, but it is important that you getting that knowledge without the associated, understood barrier to entry of a lifetime of research and specialized equipment, is in place. that obscurity is significant enough that the world feels a little safer, for the very short-term time being. technology wise, there probably isn't lots keeping you from developing your own nuclear device. it's an issue of time, expertise, and money, i suspect.
we now understand the significance of new attack vectors. we know understand that germ/bio warfare can now be executed on a small scale with devastating results. where we once didn't care about biological research, we now must. Once upon a time, nobody cared about atomic physics research either..
I drive a 1988 BMW M5, which was the worlds fastest 4 door car when it was new.
:)
I get roughly 11mpg in typical driving, out of a fuel injected 3.5L 24v 6-throttle slant-six.
This car is lots and lots of fun to drive. It holds 4 people comfortably, 5 if you need to. There still aren't many sedans that get to 60 in the ~6 second range, and this car only comes in black with black trim.
You may think it's impractical. It is. I got my car because I love driving, not to make an environmental or political statement. When I am not in the mood to _drive_, or when my only one-of-2100-total-units BMW needs some parts, i take the bus. If all you want to do is get from point A to point B in a boring appliance vehicle that is cost sensitive and environmentally responsible, take a bus.
If you actually want to buy a car, buy a miata. It's the best car you can buy to actually learn how to drive. I'm not referring to learning how to drive in order to get a license. I'm talking about really learning how to drive - controlling oversteer, knowing when the car will understeer, basic drifting, threshhold braking, double-clutching, etc. THe miata is great for all of these, the prius/insight are terrible at all of them
A miata is also cheap to operate.
Finally, you'd be making an informed decision instead of a soft-facts based one.
(i promise a miata will in all ways outperform any of the current hybrid vehicles)
All things considered, _you_ are better off running windows update. Your "safe route" is a terrible idea. How does your firewall protect against an IE vuln, where your unaptched machine uses IE to request a page with malicious code in it ?
Ooops.
Patch your machines, or, let automatic updates do it for you.
Hi.
.NET runtime, and the user needs to regasm your managed dll for COM interop.
I work in the developer tools division at Microsoft. Current plans say that my team will be supporting VB6 until the year 2012, longer than any other Microsoft product, and a notable rare exception to the stanard 7years-post-FCS policy that we just adopted.
VB is the most widely sold microsoft development product. AFAIK, It's got more users than the rest of Visual Studio combined. It is the bread and butter of millions of programmers out there.
VB6 isn't going anywhere because there is lots of legacy code out there, and lots of satisfied customers.
I have written several new applications with VB6, even though I was using VB.NET since before you had any idea it would ever exist and prefer it in generally all ways to VB6. I decided to use VB6 because the component would only be called via cscript.exe using COM latebinding. Making a COM DLL in VB6 is free, doing it in Managed code requires checking a box in your project, but the deployment scenario requires the
My team internally developed a major peice of VB6 code over the period of several years. It was re-written from scratch in VB.NET in several months, and roughly 1/3rd to 1/2 the lines of code. It's certainly faster and less awkward to refactor, as well.
In summary
1) VB6 was great, but VB.NET is better for almost everything
2) VB6 has a huge installed base and is incredibly critical to microsoft's target development audience. As much as we sometimes want to, we cant just "shut it off".
3) As someone who ported over 500 small VB programs to VB.NET _before_ there was the in-box migration tool, I feel qualified to speak on the portability and learning curve issues. Yes, there are issues, but going from VB6 -> VB.NET is less obtuse than going from say, VB -> Java.
4) As long as windows executes native Win32 PE executables (even via WOW64), VB6 isn't "dead". Apps will continue to work, and the same VB6 compiler will continue to run.
6) VB6 first shipped in 1998 on NT4. It has been tested against every subsequent Microsoft OS. I am friends with the people that do this testing. W2k3 wasn't allowed to ship until we verified that thousands of scenarios ran on it identically to how they ran in 1998.
you're wrong. There is the .NET Compact Framework, and the current release of Windows CE includes it.
Additionally, with VS 7.1 you can build managed apps for CE devices right inside VS.
Apple Sues SCO for unlicensed use of Jobs RDF (Reality-Distortion-Field)
Apple spokesperson Marsha Lile explains the basis behind the suit:
"SCO has been generating an awful lot of press lately while not contributing anything to the industry or the state of the art. As a company, they're irrelevant, as a technology player, they're a has-been, but the most damning evidence comes from their ridiculous outbursts of pure, unwavering, shitfaced, insanity. It is therefore the opinion of Apple Computer -- and we feel confident -- the State of California District Court System, that SCO is illegally using our technology and must cease and desist immediately."
Lile also added that the new PowerMac G5 would beat up SCO in a fight, wirelessly.
everyone has read the reports that microsoft will be shipping a database based filesystem with extensive metadata tracking in a future operating system. this has been essentially public knowledge for > 1 year.
some open source project comes along saying they're going to make a database based filesystem with extensive meta data. slashdot bozos call it "innovative"
the same slashdot bozos that say microsoft has _never_ innovated and has only "stolen" ideas from other sources.
so which is it ? is making the filesystem an rdbms with pervasive metadata innovative, or just a stolen idea ?
i bet you haven't used it before.
I have. I know for instance that copy/paste into the clipboard from a restricted document does not work. Printing doesn't either, unless they've allowed that, iirc.
I didn't try an image screenshot. Faxing would not be allowed as there would be no conduit to the fax software (since you cant fowrard or print, nor use cut and paste)
I'm not saying that the Office DRM solution is foolproof, or even that there isn't a gaping hole somewhere. I'm saying it defeated a casual, non-motivated attacker - me.