Iceland has a population of roughly the size of Lincoln, Nebraska.
(200,000 people)
To be a resident of iceland, you must take on an icelandic name and learn the language.
The ring road around iceland has a perimeter of about 1000 miles. My fiances dad rode it on a bicycle.
Iceland is the poster child of geothermal energy consumption. The whole place is active and inactive volcanos. A massive percentage of non-motorvehicle energy in the country is from naturally reoccuring geothermal sources.
If theres any place that this scheme would work - its iceland.
So, you're right. Youv'e got a tiny homoegenous population, spectacular natural resources for the task at hand, and a geographically trivial area.
It's often said that it costs the phone company more to bill people for add-on features and what not than the money they make back from them.
I feel somewhat qualified to speak on this matter. You see, i redesigned and rewrote the billing system of a national ISP that used two carrier networks for dialup traffic and which was the first ISP to offer rebranding to buisinesses (you dont think Target has a datacenter handling Target Internet Services that you can get on a CD at the checkout stand, do you ?)
Now, i wasn't getting paid much, but even so, i basically spent 1 summer fulltime on billing system redesign and feature additions. We processed CDR information from two major carriers. One used SNMP traps on all their Ascend terminal servers to see who was connected. They had a state table that generated call initiate and call terminate events. They sent us this data nightly. The call time was recorded with 6 second accuracy.
Sometimes their state table would get corrupted. Sometimes we'd see conflicting events in the CDR
The other carrier had an entirely different CDR format, that was generated in an entirely different way. (carrier A used RADIUS proxies to auth to our servers, carrier B used TACACS and gave us a portal to their TACACS database)
Now, a given "customer" could have multiple "accounts", and each account could login to either carriers termservers. Additionally, each type of account had different rate plans, limits, promotions, and what not.
We also had the foolish concept of "prime time" and "non prime time". The prime-time hours were different to us based on our carrier. The hours we exposed to customers had to be the same regardless of which number they called. They also had to be correct for that users time zone. We didn't know that users time zone.
What the customer wanted was a Bill that was a charge for usage of the previous billperiod, and a pre-billing for service for the upcoming usage period.
Given that i've just described two of the sources of input for dialup / isdn accounts, i hope you begin to see the fucking ridiculous complexity of writing a billing system that has rate schedules, addons, and so forth.
The system was originally written by a contract programmer for a hefty sum of money. Later on i re-wrote it and expanded it to meet the demands of the aggressive sales/branding/marketing/bozo-in-a-suit staff.
The system required a few spendy machines to run in an acceptable amount of time (even after my rewrites caused a 1500% speedup). It required spendy database licenses.
So if i went back there now and played with the data some, i could probably do a calculation that told us how much additional revenue was coming in for rate schedule and add-on option accounts, versus flat accounts, per month. It is left to the reader to figure out how many man hours at hourly rate x are consumed to maintain and improve the system to support additional rate plans (even if you amortize all the work done to begin with to make any of it possible)
Keep in mind that when you're dealing with money, and bills.. and you're a business.. you have to be able to fully reconcile your books. Rounding errors ? No thanks. Getting customer bills wrong is the sort of thing that gets people in a lot of trouble. A lot.
You mean like DVDs that dont let you stop, eject, fast forward, or anything else while they display 5 minutes of fucking bullshit warnings ?
Sometimes i just shut the DVD player off, because thats the only permitted operation. Does _anyone_ make a DVD player that doesn't suffer from this complete bullshit ? It is _ridiculous_ that the DVD spec seems to include the ability to say "you cannot fast forward this".
Maybe Apex or someone lets me retain control of my own property. Anyone know ?
NT had security in mind from the onset. NT had a fleshed out security design before Linux was a gleam in Linus's eyes.
NT infact has a much more granular, flexible, and powerful security model than unix does.
So your claim that no microsoft OS was designed with security in mind doesn't have much to stand on.
That many applications and system services are _implemented_ poorly has no bearing on the "security design". Eg, yeah, if IIS has a service which runs with the same security context as some other service (say SYSTEM or LocalService) than an exploit in IIS will elevate you to that credential. However unlike linux, (and unix in general), it is possible to make absurdly granular ACLs and compartmentalize IIS from being able to wreak havoc on the system at large.. eg in the near future IIS will be running as "NetworkService" which is a physically distinct account from something like Admin or SYSTEM.
This is not possible on unix. YOu're either God or Shit, which no granularity inbetween. ((i realize patches exist that try to introduce various levels of granularity. They are not standard in any mainline unix distro)
Linux is not at all a champion of security. Not by any stretch. The NSA's work doesn't change that. Infact, most of the attacks against linux are utterly orthoganal to what the NSA patches do. They bring linux roughly within compliance of the pre-Common criteria scheme for either C2 or B1 (i haven't really looked at which).
Guess what. IRIX and Sun have had B1 IRIX and B1 Solaris for quite some time. The same irix that had multiple root vulns in everyday userland apps.
The NSAs work (and most other govt-security work in commercial OSes) is about adding accountability and recovery in the face of a break in, not preventing a breakin.
It _is_ a matter of personal opinion : Yours.
Allchin said that there are bad security bugs in windows. This isn't a surprise to anyone. It is also not unique to windows. If you think otherwise you are hopelessly delusional.
Did the OS fail or did the app fail ? The OS doesn't run the engines - the app does.
If you show me where it says that the application crashed the operating system, then you've got something.
Not that i'd be surprised -- we agree that if a userland app crashes the OS then there is work to be done, but i dont' think thats what happened here. The OS hosting the engine management software was NT4, and the software crashed, and i _dont_ think it took the OS with it, but its really academic since the engines stopped and the OS isn't even relevant when you're a sitting duck in the water.
The fuel injection on my 2nd car was a bosch L-Jetronic. It was an analog computer made with discrete components. You could vary its operation by changing resistor values. For instance, you could change a certain resistors value to acheive various Lambdas. I envisoned a modification that would be a three way lambda toggle, one for economy, one for maximum power, and one for a good balance. The three have different corresponding a/f ratios, and one resistor in the L-jet controlled that "desired ratio" parameter. Putting in a rotary switch and three properly valued resistors would have very likely done that for me:)
Now i have a Motronic, no eeprom burner, and nowhere near enough smarts to write my own ROM for it.
Im shocked to hear a slashdotter going on a huge tirade about how shitty programming under windows is, only to find hes not actually a windows programmer.
In some far of dream world, random assholes who are long on opinions and miserably short on facts will stop beleiving themselves to be beyond factual reproach.
Sun is no champion of providing timely security patches. The latency between bug submission on bug traq and time to patch release was something like 9 months for a specific remote-root rpc compromise.
Granted, thats not the norm, but thats a pretty poor showing.
The only mainstream unix with a non-utter-fucking-joke security story is OpenBSD. And its patch story is somewhat less than desireable (no binary patches, although projects to do that "unofficially" keep getting kicked around. sometimes, people arne't in the mood to make world just to put off script kiddies)
Microsoft never made the statement that "this product is bug free, and has no security concerns whatsoever".
The statement is, and always has been "we fix what we know about, if it wont break too much other stuff".
Incidentally, within some egregious time window (10 years ?) they fix it for free.
Thats the tradeoff the government willfully made when it wanted to use an off the shelf operating system, instead of doing it in house or submitting bids for a custom contract. (software that requires an ongoing support contract for security issues or _any_ issue at all)
What you're asking for would be something like an A1 system under the old pre-Common Criteria scheme... i.e. a provably correct system.
Guess how many products received A1 certs. Theres a list of some of them. It wouldn't take a long time to load the html. Even at 300bps.
I don't see how thats microsofts problem. The government decided they wanted to use off the shelf computer equipment and software. They got sick of developing a computer system and maintaining it for 30 years. You realize that in the 80s there were software engineers that were maintaining code for submarines that had ferrous-core memory systems.
The navy wanted to get away from that.
So, its nice that you're mad about the navy's choice of computing infrastructure. The fact that it happened to fail has nothing whatsoever to do with microsoft, and you're being irrational about being upset with them over this.
Not that there aren't other things to be upset with them about:)
Having source code can be a significant aid in finding implementation bugs that make software incorrect.
Windows and other Microsoft software is running on machines in security sensitive capacities, whos compromise would be bad.
If you beleive the first two statements, then a logical consequence follows: Theres no reason to hand the code to the people trying to own us, otherwise we're just making it easier to get people killed.
Now lets move on with the rest of your post:
Please name an operating system that is secure.
Thanks.
The judge asks about security problems. Microsoft says "yes, we've got them. some are so bad that we shouldn't let anyone know about them"
He's telling the truth. What are you upset about ?
You on the other hand, very much imply that the effective security of linux, osx or beos (!!! ?) are better.
When you have factual evidence of that, get back to me.
Liking linux doesn't make it better. Hating microsoft doesn't make windows worse.
Not liking a statements conclusion doesn't make it invalid.
Yeah, and what happened in ghostbusters, when pencil dick shut down the grid anyway ?
When you've looked through the code in question, when you've looked at how its being deployed, and when you look at what assets are at risk, and when you consider the likelihood of a patch fixing the problem without breaking the system, and even then, getting applied in all the places necessary..
Then feel free to take on the ghostbusters.
Until then, you're a pencil dick, and i hope to god nobody lets you near the grid.
I can't imagine wanting 4 or 8 way SMP systems in the embedded space. Talk about a great way to destroy any chance of deterministic response or bounded time operation.
I am irate with people harping on how "of course you can seperate the browser and the OS". They totally misunderstand the point.
Internet explorer implements MSHTML, a COM control that does HTML rendering and hyperlink navigation (and most of what IE does). The IE application installs and provides this control, and is the "source" for it in the "many components in one box" architecture behind windows.
Why is this relevant ?
Because nearly everything expects MSHTML to exist. HTML help obviously needs to be able to use COM to instantiate and HTML renderer. VS.NET uses HTML extensively. Microsoft Office has the ability to author and preview web pages.
You would be hard pressed to find _any_ windows app that does anything with HTML that doesn't use the IE COM component for HTML display. Not just microsoft apps - 3rd party apps as well. Microsoft apps _expect_ to be able to do something like
Foo = CreateObject("HTMLDocument")
and have it work out.
3rd party apps _expect_ to be able to do the same.
So, you can pull the IE icons and what not, but the GUTS of IE (the HTML control(s) implemented in COM DLLs) will need to remain.
So, the to _completely_ eradicate IE and replace it with mozilla is to look at the TLB for all the classes that IE exports, and create a new COM object that implements that interface, but does so with Mozilla. This is probably possible, but why should it be Microsoft's job to write mozilla code ? Hell, if mozilla were GPL it would be illegal for MS to do so, even if they wanted to. I dont know the intricacies of the MPL/NPL well enough to comment there..
Anyway, go to a w2k system, start removing HTML components, and stuff _will_ break, and break badly. Not because MS doesn't know how to design it around it, but because its not an objective. It is utterly and completely stupid to expect every software author to make their own mini-html-renderer when IE is already passably fast and ubiqoutous on the Windows platform.
So, for all practical purposes, an HTML rendering and navigation control is PART of the Windows Platform. Existing apps expect it to be there, If it isn't, they will break.
IE supplies this component. You remove every IE-supplied file from WIndows, and windows breaks. If you remove the IE icon -- which there is already an option to do--- then neophyte lawyers and linux zealots will complain that IE isn't really gone because IE-owned components remain.
Removing _those compoents_ DOES break windows and thus DOES make it inseperable from the OS.
Microsoft has dug themselves a hole with a history of misleading or flat out wrong comments in the media before. Unfortuneately, when they say the IE controls are utilized everywhere in the OS now and would miserably break lots of things if you fully removed them all, they're telling the truth. I wish slashdotters who on average have maybe written 10 or less programs of "hello.c" complexity would stop asserting that they understand completely the feasability of redesigning all Windows software to assume there is no HTML rendering component available.
I don't have any advocacy about what should happen in the drug industry.
Except that no company has more rights than I do. I figure Smart people ought to be compensated for working hard and doing good things. So maybe some of those drug "Designers" are due some credit. But should they ?
Honestly, i still dont care if patents are a good idea or not. A number shouldn't dictate that i cant build a molecule that does a certain thing. There are a finite number of naturally occuring elements. They can be combined in a finite number of ways. Those combinations can be mixed in other ways - all finite. What if i wrote a program to build a tree of all possible molecules, then all possible mixtures (there are an infinite number of mixtures, but lets say i only want 3 digits of significance in the resolution of mixing ratios.. i.e. 1000 parts hydroden and 1001 parts helium wont be distinct from 10000 parts hyrodgen and 10001 parts helium)
..then i had the "star trek machine" that turns goop into food. i fed that machine the molecule and mixture descriptions. Every thing it cranked out that hadn't been patented, i'd patent.
Then where would we be ? No new substance could ever be created with out my consent. Oops.
Let me ask you this. Reeses peanut butter cups have a recipe that is a guarded secret. What if i wanted to make peanut butter cups in my house. Should reeses prevent me from doing so ? If i happen to be a good cook, seems like I ought to be able to make my own damn peanut butter cups. Similarly, if i could make aspirin for less than what it costs to buy it, i ought to be able to. At least for my own use.
Theres a show on foodTV about a guy that reverse engineers candy recipees and shares them on the show. What if Discovery did that for drugs ?
I'm not a libertarian. I may fit most closely into that box, but..
I found myself saying "gosh, nothing i do in my own home should be any body elses business, that sounds a lot like those silly libertarians".
So i went and read about them a bit. I've seen them on tv before.
Near as I can tell, libertarianism is about smoking lots of pot, intellectual mastrubation, and being utterly disorganized and politically insignificant.
I liked their simplified characterization of democrats vs republicans though. That made me laugh.
We have all kinds of laws that have nothing to do with defining harm. In kentucky theres a law requiring citizens to bathe once per year.
What the hell!?
We have oodles and oodles of laws that apply to businesses, not citizens. If i started my own business, i woudln't be able to make hiring or firing decisions without being subject to numerous quotas and lawsuit possibilities. Why ? Who does that help ?
The next console I got was a dreamcast. I won it. I like it a bunch. The controllers are "right". The built-in online story is cool, but it never materialized. The graphics are good. The game quality was unsurpassed.
The vast majority of games for the PS1, IMO, are crap. Jaggies, no quality control, low resolution, etc etc. I liked FF7, because i liked FF1 on the NES. Look at something like GT or GT2, compare it to Sega GT. I'd pick Sega GT everytime. Look at Ferarri F355 challenge - it is the KING of driving simulations.
So when I was contemplating a new console purchase, I was excited about PS/2 because it looked cool. But on launch day, there wasn't a single title I wanted. Not a single one. Where was the launch-title racing game ? Non-existant.
No, I had to wait until GT3 came out before there was even one PS2 title that interested me. Luckily a friend bought one and i played GT3 a whole bunch, and while its fun, well, its pretty easy. I still prefer Sega GT on the dreamcast to it, playwise.
So the next game I cared about on PS2 was MGS2. Luckily, another friend had that, and we beat it one weekend. Boy am I glad i didn't pay for _that_ bullshit. I love the tanker level. By the end of the game i was ready to fucking kill that stupid bitch. There is no place for Kojima's political and social consequences bullshit in a game I want to play. And how plausible is it that your girlfriend is your weird military communicator person. If i wanted a fucking bitch that always bugged me every second with stupid emotional crap, well then i'd get a real life high-maintenance girlfriend.
Finally, there's GTA3. Now here is a game thats actually pretty damn fun. This was almost a system seller for me.
Luckily though, I had been paying close attention to XBox. In so many ways, it is like the dreamcast. The controllers are done right (it is such a farce that the "analog buttons" on the PS2 are analog buttons. How do you properly modulate the throttle and brakes with the butttons on the PS2 controller ? Compared to the dreamcast---and XBox-- analog triggers, racing games on the ps2 controller are a joke)
The built-in netowrk connection is _there_ on xbox. From day one, its ethernet baby. I only wished that more games had supported the dreamcast ethernet adaptor. I already have a home lan, i just dropped a ethernet jack to my a/v room in the house, and now i've got a networked xbox.
Look at the titles on XBOX today. Obviously, there's Halo, and everyone likes it. Theres DOA3 - the best looking fighter on any platform IMO (and the best playing.. but, i was a DOA2 lover on DC so theres my DC bias:) Next, theres Fusion Frenzy, which has to be about one of hte most accessible and fun party games there is (its one of hte only games i've seen un-interested non-gamer chicks play). Theres project gotham, which is one of the most frustrating and rewarding arcade racers ever (and a dreamcast holdover made right).
And finally, theres the king. Rallisport Challenge. All other rally games can go home. Now.
What about JSRF ? What about wreckless ? Gunvalkyrie ?
So when i look at xbox, the hardware is there, the gaming experience is there, and the games are there - today. When I consider the games coming around the corner (Sega GT 2002), and the imminent online story (that will actually _work_, because ethernet is in every xbox, from day one), and the wonderul experience of gaming with a hard drive...
xbox was an easy choice.
Hopefully, it will work out better than dreamcast. But even if it doesn't, if xbox went away tomorrow, i'd stil have a bunch of games that i love playing and that look better, sound better, and play better than anything else on any other platform.
Would it be so bad if our government, laws, and ethics, revolved around a simple principle ?
An individual can do anything they like such that it doesn't infringe on anyone elses rights.
Where there is no "right" to profit, and if you're doing something in the privacy of your own home, no one else is involved, so theres clearly no infringing of anyone elses rights going on.
I don't want anarchy. You shouldn't be allowed to shoot me, but you should be allowed to buy a gun. I shouldn't be allowed to steal a TV (or a copy of Windows), but i should certainly be able to build my own TV or my own windows.
If i dont feel like paying for aspirin, why shouldn't i just make it myself ?
When did our system get so unusable. When did it become "Acceptable" to pull this kind of shit ? I expect revolution at some point. I claim that our current system of laws is so complicated that it is not possible to spend even a single second of your life without breaking some law at some level of government. Is it any wonder why there are more people entering law school currently then ther are lawyers, and people have a utter malaise and disrespect for the law in general ?
I'm continually amused by the hordes of people that apparently know everything about microsoft but have never been inside any of the buildings, much less spoken with the employees or worked there. There are plenty of people that read slashdot, (and occasionally post to it) that could answer all the questions you have about MS and help clear up your reliably incorrect perceptions and statements regarding same. If you're interested in learning what goes on in MS, you could always just ask somebody, instead of speculating (incorrectly) and interjecting your cynicisms.
You're right about one thing though. MS never took security seriously until customers started complaining loudly. When customers complain, that affects the bottom line. The goal is to make money, and make money by giving customers what they ask for, as often as possible.
I expect a cheapshot from the peanut gallery about how MS screws customers and never gives them anything they want, etc etc, and "just look at feature XXX that nobody wants."
Well, People can and do vote with their dollars, and for whatever reasons, lots of customers don't think they're getting screwed, or see themselves getting screwed as the lesser of many alternate evils. There is no ministry of disinformation at Microsoft, and there is no over-reaching scheme to screw customers and lie to them until they beleive they arne't being screwed. Occasionally, something gets stuck in that NO customer would ever ask for, for some reason or another. I don't claim to agree with some microsoft decisions, but I don't necessarily claim to have a better answer or to even understand the problem domain better than those that made the decision(s).
To paraphrase another slashdotters signature, I would characterize many of the poor MS decisions as lack of insight as upposed to abundance of malice. Honestly, how malevolent would you _expect_ a bunch of rich dorks in North Face fleece vests drinking $4 coffees to really be ?
Slashdot Mirror
I went to college in nebraska.
Theres nothing in nebraska not worth irradiating.
Whats the big fucking problem ?
Iceland has a population of roughly the size of Lincoln, Nebraska.
(200,000 people)
To be a resident of iceland, you must take on an icelandic name and learn the language.
The ring road around iceland has a perimeter of about 1000 miles. My fiances dad rode it on a bicycle.
Iceland is the poster child of geothermal energy consumption. The whole place is active and inactive volcanos. A massive percentage of non-motorvehicle energy in the country is from naturally reoccuring geothermal sources.
If theres any place that this scheme would work - its iceland.
So, you're right. Youv'e got a tiny homoegenous population, spectacular natural resources for the task at hand, and a geographically trivial area.
Actually there is merit in his claim.
It's often said that it costs the phone company more to bill people for add-on features and what not than the money they make back from them.
I feel somewhat qualified to speak on this matter. You see, i redesigned and rewrote the billing system of a national ISP that used two carrier networks for dialup traffic and which was the first ISP to offer rebranding to buisinesses (you dont think Target has a datacenter handling Target Internet Services that you can get on a CD at the checkout stand, do you ?)
Now, i wasn't getting paid much, but even so, i basically spent 1 summer fulltime on billing system redesign and feature additions. We processed CDR information from two major carriers. One used SNMP traps on all their Ascend terminal servers to see who was connected. They had a state table that generated call initiate and call terminate events. They sent us this data nightly. The call time was recorded with 6 second accuracy.
Sometimes their state table would get corrupted. Sometimes we'd see conflicting events in the CDR
The other carrier had an entirely different CDR format, that was generated in an entirely different way. (carrier A used RADIUS proxies to auth to our servers, carrier B used TACACS and gave us a portal to their TACACS database)
Now, a given "customer" could have multiple "accounts", and each account could login to either carriers termservers. Additionally, each type of account had different rate plans, limits, promotions, and what not.
We also had the foolish concept of "prime time" and "non prime time". The prime-time hours were different to us based on our carrier. The hours we exposed to customers had to be the same regardless of which number they called. They also had to be correct for that users time zone. We didn't know that users time zone.
What the customer wanted was a Bill that was a charge for usage of the previous billperiod, and a pre-billing for service for the upcoming usage period.
Given that i've just described two of the sources of input for dialup / isdn accounts, i hope you begin to see the fucking ridiculous complexity of writing a billing system that has rate schedules, addons, and so forth.
The system was originally written by a contract programmer for a hefty sum of money. Later on i re-wrote it and expanded it to meet the demands of the aggressive sales/branding/marketing/bozo-in-a-suit staff.
The system required a few spendy machines to run in an acceptable amount of time (even after my rewrites caused a 1500% speedup). It required spendy database licenses.
So if i went back there now and played with the data some, i could probably do a calculation that told us how much additional revenue was coming in for rate schedule and add-on option accounts, versus flat accounts, per month. It is left to the reader to figure out how many man hours at hourly rate x are consumed to maintain and improve the system to support additional rate plans (even if you amortize all the work done to begin with to make any of it possible)
Keep in mind that when you're dealing with money, and bills.. and you're a business.. you have to be able to fully reconcile your books. Rounding errors ? No thanks. Getting customer bills wrong is the sort of thing that gets people in a lot of trouble. A lot.
You mean like DVDs that dont let you stop, eject, fast forward, or anything else while they display 5 minutes of fucking bullshit warnings ?
Sometimes i just shut the DVD player off, because thats the only permitted operation. Does _anyone_ make a DVD player that doesn't suffer from this complete bullshit ? It is _ridiculous_ that the DVD spec seems to include the ability to say "you cannot fast forward this".
Maybe Apex or someone lets me retain control of my own property. Anyone know ?
Win 9x was never designed with security in mind.
NT had security in mind from the onset. NT had a fleshed out security design before Linux was a gleam in Linus's eyes.
NT infact has a much more granular, flexible, and powerful security model than unix does.
So your claim that no microsoft OS was designed with security in mind doesn't have much to stand on.
That many applications and system services are _implemented_ poorly has no bearing on the "security design". Eg, yeah, if IIS has a service which runs with the same security context as some other service (say SYSTEM or LocalService) than an exploit in IIS will elevate you to that credential. However unlike linux, (and unix in general), it is possible to make absurdly granular ACLs and compartmentalize IIS from being able to wreak havoc on the system at large.. eg in the near future IIS will be running as "NetworkService" which is a physically distinct account from something like Admin or SYSTEM.
This is not possible on unix. YOu're either God or Shit, which no granularity inbetween. ((i realize patches exist that try to introduce various levels of granularity. They are not standard in any mainline unix distro)
Linux is not at all a champion of security. Not by any stretch. The NSA's work doesn't change that. Infact, most of the attacks against linux are utterly orthoganal to what the NSA patches do. They bring linux roughly within compliance of the pre-Common criteria scheme for either C2 or B1 (i haven't really looked at which).
Guess what. IRIX and Sun have had B1 IRIX and B1 Solaris for quite some time. The same irix that had multiple root vulns in everyday userland apps.
The NSAs work (and most other govt-security work in commercial OSes) is about adding accountability and recovery in the face of a break in, not preventing a breakin.
It _is_ a matter of personal opinion : Yours.
Allchin said that there are bad security bugs in windows. This isn't a surprise to anyone. It is also not unique to windows. If you think otherwise you are hopelessly delusional.
Did the OS fail or did the app fail ? The OS doesn't run the engines - the app does.
If you show me where it says that the application crashed the operating system, then you've got something.
Not that i'd be surprised -- we agree that if a userland app crashes the OS then there is work to be done, but i dont' think thats what happened here. The OS hosting the engine management software was NT4, and the software crashed, and i _dont_ think it took the OS with it, but its really academic since the engines stopped and the OS isn't even relevant when you're a sitting duck in the water.
None.
:)
The fuel injection on my 2nd car was a bosch L-Jetronic. It was an analog computer made with discrete components. You could vary its operation by changing resistor values. For instance, you could change a certain resistors value to acheive various Lambdas. I envisoned a modification that would be a three way lambda toggle, one for economy, one for maximum power, and one for a good balance. The three have different corresponding a/f ratios, and one resistor in the L-jet controlled that "desired ratio" parameter. Putting in a rotary switch and three properly valued resistors would have very likely done that for me
Now i have a Motronic, no eeprom burner, and nowhere near enough smarts to write my own ROM for it.
Im shocked to hear a slashdotter going on a huge tirade about how shitty programming under windows is, only to find hes not actually a windows programmer.
In some far of dream world, random assholes who are long on opinions and miserably short on facts will stop beleiving themselves to be beyond factual reproach.
But, this is slashdot.
Sun is no champion of providing timely security patches. The latency between bug submission on bug traq and time to patch release was something like 9 months for a specific remote-root rpc compromise.
Granted, thats not the norm, but thats a pretty poor showing.
The only mainstream unix with a non-utter-fucking-joke security story is OpenBSD. And its patch story is somewhat less than desireable (no binary patches, although projects to do that "unofficially" keep getting kicked around. sometimes, people arne't in the mood to make world just to put off script kiddies)
Microsoft never made the statement that "this product is bug free, and has no security concerns whatsoever".
The statement is, and always has been "we fix what we know about, if it wont break too much other stuff".
Incidentally, within some egregious time window (10 years ?) they fix it for free.
Thats the tradeoff the government willfully made when it wanted to use an off the shelf operating system, instead of doing it in house or submitting bids for a custom contract. (software that requires an ongoing support contract for security issues or _any_ issue at all)
What you're asking for would be something like an A1 system under the old pre-Common Criteria scheme... i.e. a provably correct system.
Guess how many products received A1 certs. Theres a list of some of them. It wouldn't take a long time to load the html. Even at 300bps.
I agree with you (code shouldn't kill people).
:)
I don't see how thats microsofts problem. The government decided they wanted to use off the shelf computer equipment and software. They got sick of developing a computer system and maintaining it for 30 years. You realize that in the 80s there were software engineers that were maintaining code for submarines that had ferrous-core memory systems.
The navy wanted to get away from that.
So, its nice that you're mad about the navy's choice of computing infrastructure. The fact that it happened to fail has nothing whatsoever to do with microsoft, and you're being irrational about being upset with them over this.
Not that there aren't other things to be upset with them about
I don't see what you're upset about.
Lets take two statements:
Having source code can be a significant aid in finding implementation bugs that make software incorrect.
Windows and other Microsoft software is running on machines in security sensitive capacities, whos compromise would be bad.
If you beleive the first two statements, then a logical consequence follows:
Theres no reason to hand the code to the people trying to own us, otherwise we're just making it easier to get people killed.
Now lets move on with the rest of your post:
Please name an operating system that is secure.
Thanks.
The judge asks about security problems. Microsoft says "yes, we've got them. some are so bad that we shouldn't let anyone know about them"
He's telling the truth. What are you upset about ?
You on the other hand, very much imply that the effective security of linux, osx or beos (!!! ?) are better.
When you have factual evidence of that, get back to me.
Liking linux doesn't make it better. Hating microsoft doesn't make windows worse.
Not liking a statements conclusion doesn't make it invalid.
Yeah, and what happened in ghostbusters, when pencil dick shut down the grid anyway ?
When you've looked through the code in question, when you've looked at how its being deployed, and when you look at what assets are at risk, and when you consider the likelihood of a patch fixing the problem without breaking the system, and even then, getting applied in all the places necessary..
Then feel free to take on the ghostbusters.
Until then, you're a pencil dick, and i hope to god nobody lets you near the grid.
I can't imagine wanting 4 or 8 way SMP systems in the embedded space. Talk about a great way to destroy any chance of deterministic response or bounded time operation.
Two Slit Experiment ?
:)
Anyone besides me think this was a pr0n movie they'd seen on Gnucleus ?
You are infact, _exactly_ right.
I am irate with people harping on how "of course you can seperate the browser and the OS". They totally misunderstand the point.
Internet explorer implements MSHTML, a COM control that does HTML rendering and hyperlink navigation (and most of what IE does). The IE application installs and provides this control, and is the "source" for it in the "many components in one box" architecture behind windows.
Why is this relevant ?
Because nearly everything expects MSHTML to exist. HTML help obviously needs to be able to use COM to instantiate and HTML renderer. VS.NET uses HTML extensively. Microsoft Office has the ability to author and preview web pages.
You would be hard pressed to find _any_ windows app that does anything with HTML that doesn't use the IE COM component for HTML display. Not just microsoft apps - 3rd party apps as well. Microsoft apps _expect_ to be able to do something like
Foo = CreateObject("HTMLDocument")
and have it work out.
3rd party apps _expect_ to be able to do the same.
So, you can pull the IE icons and what not, but the GUTS of IE (the HTML control(s) implemented in COM DLLs) will need to remain.
So, the to _completely_ eradicate IE and replace it with mozilla is to look at the TLB for all the classes that IE exports, and create a new COM object that implements that interface, but does so with Mozilla. This is probably possible, but why should it be Microsoft's job to write mozilla code ? Hell, if mozilla were GPL it would be illegal for MS to do so, even if they wanted to. I dont know the intricacies of the MPL/NPL well enough to comment there..
Anyway, go to a w2k system, start removing HTML components, and stuff _will_ break, and break badly. Not because MS doesn't know how to design it around it, but because its not an objective. It is utterly and completely stupid to expect every software author to make their own mini-html-renderer when IE is already passably fast and ubiqoutous on the Windows platform.
So, for all practical purposes, an HTML rendering and navigation control is PART of the Windows Platform. Existing apps expect it to be there, If it isn't, they will break.
IE supplies this component. You remove every IE-supplied file from WIndows, and windows breaks. If you remove the IE icon -- which there is already an option to do--- then neophyte lawyers and linux zealots will complain that IE isn't really gone because IE-owned components remain.
Removing _those compoents_ DOES break windows and thus DOES make it inseperable from the OS.
Microsoft has dug themselves a hole with a history of misleading or flat out wrong comments in the media before. Unfortuneately, when they say the IE controls are utilized everywhere in the OS now and would miserably break lots of things if you fully removed them all, they're telling the truth. I wish slashdotters who on average have maybe written 10 or less programs of "hello.c" complexity would stop asserting that they understand completely the feasability of redesigning all Windows software to assume there is no HTML rendering component available.
My favorite bit of dialogue in the whole movie was where Unicron confronts galvatron
Unicron: I have Summoned You Here for a Purpose
Megatron: NO ONE SUMMONS MEGATRON!!
Unicron: Then it pleases me to be the first
Actally:
Resistors and capacitors are both modelled with transistor(s) in most LSI/VLSI logic, because people are good at making transistors.
You'r eright though. A DRAM is using a transistor in a capacitive function.. and its only 1 transistor i beleive.
Where as a SRAM latch is something like 6 transistors per bit.
I don't have any advocacy about what should happen in the drug industry.
.. i.e. 1000 parts hydroden and 1001 parts helium wont be distinct from 10000 parts hyrodgen and 10001 parts helium)
Except that no company has more rights than I do. I figure Smart people ought to be compensated for working hard and doing good things. So maybe some of those drug "Designers" are due some credit. But should they ?
Honestly, i still dont care if patents are a good idea or not. A number shouldn't dictate that i cant build a molecule that does a certain thing. There are a finite number of naturally occuring elements. They can be combined in a finite number of ways. Those combinations can be mixed in other ways - all finite. What if i wrote a program to build a tree of all possible molecules, then all possible mixtures (there are an infinite number of mixtures, but lets say i only want 3 digits of significance in the resolution of mixing ratios
..then i had the "star trek machine" that turns goop into food. i fed that machine the molecule and mixture descriptions. Every thing it cranked out that hadn't been patented, i'd patent.
Then where would we be ? No new substance could ever be created with out my consent. Oops.
Let me ask you this. Reeses peanut butter cups have a recipe that is a guarded secret. What if i wanted to make peanut butter cups in my house. Should reeses prevent me from doing so ? If i happen to be a good cook, seems like I ought to be able to make my own damn peanut butter cups. Similarly, if i could make aspirin for less than what it costs to buy it, i ought to be able to. At least for my own use.
Theres a show on foodTV about a guy that reverse engineers candy recipees and shares them on the show. What if Discovery did that for drugs ?
Why is one wrong, and the other isn't ?
I'm not a libertarian. I may fit most closely into that box, but..
I found myself saying "gosh, nothing i do in my own home should be any body elses business, that sounds a lot like those silly libertarians".
So i went and read about them a bit. I've seen them on tv before.
Near as I can tell, libertarianism is about smoking lots of pot, intellectual mastrubation, and being utterly disorganized and politically insignificant.
I liked their simplified characterization of democrats vs republicans though. That made me laugh.
Heh.
I've never been accused of being wiccan before.
We have all kinds of laws that have nothing to do with defining harm. In kentucky theres a law requiring citizens to bathe once per year.
What the hell!?
We have oodles and oodles of laws that apply to businesses, not citizens. If i started my own business, i woudln't be able to make hiring or firing decisions without being subject to numerous quotas and lawsuit possibilities. Why ? Who does that help ?
I work on the testing harnesses and lab automation the developer tools division uses.
:)
Yeah. We actually test stuff before we ship it. Sometimes
The first console system I bought was a 8bit NES.
:)
The next console I got was a dreamcast. I won it. I like it a bunch. The controllers are "right". The built-in online story is cool, but it never materialized. The graphics are good. The game quality was unsurpassed.
The vast majority of games for the PS1, IMO, are crap. Jaggies, no quality control, low resolution, etc etc. I liked FF7, because i liked FF1 on the NES. Look at something like GT or GT2, compare it to Sega GT. I'd pick Sega GT everytime. Look at Ferarri F355 challenge - it is the KING of driving simulations.
So when I was contemplating a new console purchase, I was excited about PS/2 because it looked cool. But on launch day, there wasn't a single title I wanted. Not a single one. Where was the launch-title racing game ? Non-existant.
No, I had to wait until GT3 came out before there was even one PS2 title that interested me.
Luckily a friend bought one and i played GT3 a whole bunch, and while its fun, well, its pretty easy. I still prefer Sega GT on the dreamcast to it, playwise.
So the next game I cared about on PS2 was MGS2. Luckily, another friend had that, and we beat it one weekend. Boy am I glad i didn't pay for _that_ bullshit. I love the tanker level. By the end of the game i was ready to fucking kill that stupid bitch. There is no place for Kojima's political and social consequences bullshit in a game I want to play. And how plausible is it that your girlfriend is your weird military communicator person. If i wanted a fucking bitch that always bugged me every second with stupid emotional crap, well then i'd get a real life high-maintenance girlfriend.
Finally, there's GTA3. Now here is a game thats actually pretty damn fun. This was almost a system seller for me.
Luckily though, I had been paying close attention to XBox. In so many ways, it is like the dreamcast. The controllers are done right (it is such a farce that the "analog buttons" on the PS2 are analog buttons. How do you properly modulate the throttle and brakes with the butttons on the PS2 controller ? Compared to the dreamcast---and XBox-- analog triggers, racing games on the ps2 controller are a joke)
The built-in netowrk connection is _there_ on xbox. From day one, its ethernet baby. I only wished that more games had supported the dreamcast ethernet adaptor. I already have a home lan, i just dropped a ethernet jack to my a/v room in the house, and now i've got a networked xbox.
Look at the titles on XBOX today. Obviously, there's Halo, and everyone likes it. Theres DOA3 - the best looking fighter on any platform IMO (and the best playing.. but, i was a DOA2 lover on DC so theres my DC bias
Next, theres Fusion Frenzy, which has to be about one of hte most accessible and fun party games there is (its one of hte only games i've seen un-interested non-gamer chicks play). Theres project gotham, which is one of the most frustrating and rewarding arcade racers ever (and a dreamcast holdover made right).
And finally, theres the king. Rallisport Challenge. All other rally games can go home. Now.
What about JSRF ? What about wreckless ? Gunvalkyrie ?
So when i look at xbox, the hardware is there, the gaming experience is there, and the games are there - today. When I consider the games coming around the corner (Sega GT 2002), and the imminent online story (that will actually _work_, because ethernet is in every xbox, from day one), and the wonderul experience of gaming with a hard drive...
xbox was an easy choice.
Hopefully, it will work out better than dreamcast. But even if it doesn't, if xbox went away tomorrow, i'd stil have a bunch of games that i love playing and that look better, sound better, and play better than anything else on any other platform.
Would it be so bad if our government, laws, and ethics, revolved around a simple principle ?
An individual can do anything they like such that it doesn't infringe on anyone elses rights.
Where there is no "right" to profit, and if you're doing something in the privacy of your own home, no one else is involved, so theres clearly no infringing of anyone elses rights going on.
I don't want anarchy. You shouldn't be allowed to shoot me, but you should be allowed to buy a gun.
I shouldn't be allowed to steal a TV (or a copy of Windows), but i should certainly be able to build my own TV or my own windows.
If i dont feel like paying for aspirin, why shouldn't i just make it myself ?
When did our system get so unusable. When did it become "Acceptable" to pull this kind of shit ? I expect revolution at some point. I claim that our current system of laws is so complicated that it is not possible to spend even a single second of your life without breaking some law at some level of government. Is it any wonder why there are more people entering law school currently then ther are lawyers, and people have a utter malaise and disrespect for the law in general ?
The security push is not a PR announcement.
I'm continually amused by the hordes of people that apparently know everything about microsoft but have never been inside any of the buildings, much less spoken with the employees or worked there. There are plenty of people that read slashdot, (and occasionally post to it) that could answer all the questions you have about MS and help clear up your reliably incorrect perceptions and statements regarding same. If you're interested in learning what goes on in MS, you could always just ask somebody, instead of speculating (incorrectly) and interjecting your cynicisms.
You're right about one thing though. MS never took security seriously until customers started complaining loudly. When customers complain, that affects the bottom line. The goal is to make money, and make money by giving customers what they ask for, as often as possible.
I expect a cheapshot from the peanut gallery about how MS screws customers and never gives them anything they want, etc etc, and "just look at feature XXX that nobody wants."
Well, People can and do vote with their dollars, and for whatever reasons, lots of customers don't think they're getting screwed, or see themselves getting screwed as the lesser of many alternate evils. There is no ministry of disinformation at Microsoft, and there is no over-reaching scheme to screw customers and lie to them until they beleive they arne't being screwed. Occasionally, something gets stuck in that NO customer would ever ask for, for some reason or another. I don't claim to agree with some microsoft decisions, but I don't necessarily claim to have a better answer or to even understand the problem domain better than those that made the decision(s).
To paraphrase another slashdotters signature, I would characterize many of the poor MS decisions as lack of insight as upposed to abundance of malice. Honestly, how malevolent would you _expect_ a bunch of rich dorks in North Face fleece vests drinking $4 coffees to really be ?