I completely agree with your point about vendor independence. Universities should protect their curricula from commercial distortion and bias. But this part is weird:
I also strongly suspect that day one will *not* feature a lecture on the benefits of UNIX, how to uninstall Outlook Express or the security features built into Sun Java.
I would not expect a good course on secure programming to cover these topics, especially the first two. That comment, and others like it, make me think that slashdot readers generally have a bit to learn about secure programming, and might benefit from a course like this.
Just to take a rough stab, here are some of the things I'd expect to see in a course on secure programming. Note that none of them have to do with the installation, operation or removal of specific applications, or the benefits of specific OS's:
Common design mistakes: security through obscurity, trusting the client, homemade crypto, overly complex security model that doesn't match real world.
Untrusted user input - semantic attacks and stack smashing. Enforcing clear separation of trusted and untrusted data. Typical attacks.
Applications of cryptography - confidentiality, authentication, licensing. Key distribution, key escrow, key revocation. Know where to find more advanced crypto protocols. Know where to find the current best crypto primitives within a given category (symmetric, message digest, public key).
Intersection of security with human and organizational behavior. The more complex the security model, the less likely to be understood. How to reduce the risk of social engineering attacks by making security actions more intuitive to the user. Adjusting the threat model from "interesting" to "real" threats.
Unexpected feature interactions - how they break security. How to prevent.
Reactions to perceived security breach: alarms and monitoring, defense in depth, denial of service.
Again, this is really rough but it points in the approximate direction such a course should take.
It's wrong to blame X for slowness. The real problem is the incredibly bloated and slow GUI apps and window managers, and possibly the modern GUI toolkits. Blackbox/Fluxbox/IceWM are very fast. Properly made X applications like xfig are very fast. The Mozilla family of apps has something pathologically wrong with it - nothing should be that slow. The Gnome/KDE stuff seems to me just barely acceptable on a fast machine, but clearly it's bloated and inefficient.
Quit blaming X. That's not where the speed problem is. As for difficult and complicated - your right. But mature technologies that properly handle a wide variety of cases tend to be that way.
Microsoft software is carefully designed to keep your company's valuable information in, and unauthorised people and viruses out.
This message may appeal to naive purchasers, but does not address real-world threats. Most corporate fraud is committed by insiders. Microsoft is proposing an overly simplistic threat model: the villains are outside the wall. In reality, villains inside the wall account for greater damage.
Hi, Brian. I think what you're doing is very cool. Too many businesses are distorted by the need to please investors - in fact, I think the most potentially successful businesses are prematurely killed by pandering to investors' ideas of what's profitable. This is especially tragic in creative fields.
I didn't like Candy Cruncher at all, but it shows a high level of professionalism and polish. I probably don't have a very clear picture of what "puzzle game" means - I loved Crystal Caves and to some extent that's a puzzle game. If you made that type of game for $15, I would probably buy it.
I sense that CC may be a trial balloon, testing the channels of development, distribution, support etc. and that therefore you may have wisely chosen to bite off the smallest possible chunk, rather than get mired neck-deep building something too ambitious. I hope it succeeds and spurs you on to more interesting stuff.
I've read all the comments, and the bottom line seems to be: don't offer free tech support to relatives. It will go unappreciated both because it's free and because as a child/relative you don't seem as impressive as an outsider.
I have had to learn in other contexts that working for free does not pay off. There are exceptions of course - when the requestor clearly understands the value of the services requested. In general, you merely cheapen yourself by undertaking such tasks.
Some posters praised the give-and-take of a helpful extended family, citing relatives who fixed cars or furnished plumbing supplies. Surely, they say, it's reasonable to delouse the spyware-infested PC of such a relative. I don't find this idea attractive. I'd rather buy my own food than have Uncle JoeBob bringing over free Pizzas from his Pizzeria since I reinstalled Windows XP for him. I work for a living and buy what I need with money. I prefer it that way. I can spend my pay on almost anything, not some limited range of available relative-favors. And I can shop for vendors on a level playing field, and hold them accountable.
The worst aspect of this free tech-support is the assumption of responsibility for the host of ills that plague Windows PCs. Once you've laid your hands on the accursed box your fingerprints last forever. And your carefully-considered advice, which you've cheapened by giving for free, is weighed against the babblings of some local "expert".
I'm suprised that so many slashdotters are caught in this particular trap. I went through it very briefly before closing the support valve forever. If you lack the hardness of heart to say no, then I suspect life has some education in store for you.
I disagree with the idea that small projects should use flat files or XML in place of MySQL. First of all, the flat file only looks good while there seems to be a single entity in the system - let's say person. It rapidly turns into a convoluted mess when a second entity rears it's head - let's say a person can have multiple cars. Second, many applications end up developing reporting requirements that were not envisioned in the original design. That's what makes relational databses great - ad hoc reporting.
Another way to put it - as the application grows in complexity, more functionality will be added to the data store as the programmers painfully rediscover all the challenges which real databases have already conquered. Of course MySQL doesn't cover all of those, like ACID, but it covers most. Look at the amount of effort that went into MySQL, Postgres and Oracle - it's huge.
Of course, you may be thinking of simpler applications than I am. If the data can legitimately be represented by one table, with no denormalization, then I agree a database may be overkill.
We're talking about two different kinds of tags. I was talking about the very popular Knogo tag which has an asymmetrical head and a hole in the side for inserting a the unlock wire. I guess you were talking about the kind with no keyhole at all. In fact, I had forgotten about the existence of that type.
By the way, I'm not a shoplifter. I just find small mechanisms interesting.
I saw the same thing. Two Electrical Contracting firms, A and B were working on the same site. A was an army of cheap, nonunion workers in rapid motion. The average age was probably 26. B was a bunch of mostly overweight middle-aged union electricians. I rarely saw B do any work - they were usually clustered around their plan table taking notes on yellow legal pads. When they did move, it was at the rate of divers on the ocean's floor. And yet, week by week their project progressed rapidly. "A", meanwhile had numerous cases of ripping out work that was not code compliant or was based on a misreading of the plans.
I don't think you understand. In fact, the strength of Trolltech's position stems from your lack of understanding.
Publishing a GUI library under the GPL sounds innocent superficially. If KDE/Qt gain critical mass and become THE linux desktop, publishers of commercial software will have to buy licenses from Trolltech. They cannot link their proprietary software against a GPL'd library, but Trolltech will sell them that right. Trolltech will enjoy a gatekeeper position similar to Microsoft's.
'Turning the screw' would mean increasing the fee (currently $3000 per developer, IIRC) and/or adding increasingly onerous conditions to the license. The screw would not be pointed at authors or users of GPL software, who would continue to enjoy free use of Qt.
If you want a wide open, level playing field on the desktop, you want the GUI toolkits licensed under X/BSD/LGPL. If they are GPL'd with a side tollbooth for commercial developers, there is a nasty concentration of power in the making.
If SCO could mention real, specific pieces of code or techniques that were stolen from their OS (it galls me to call it UNIX) and inserted into the Linux kernel, the kernel maintainers would remove it and humbly apologize. However, I read the entire complaint and did not see one specific allegation of stolen IP. Rather, they argue that Linux is so good that it must be based on their stolen IP.
If the SCO execs were Slashmonkeys, they would claim that Windows 2000 must have stolen pieces of Linux in it because it's so stable. The difference is that the Linux code is out in the open for SCO to inspect; indeed, they were a Linux distributor. They've had every opportunity of finding the specific parts of the Linux kernel that violate their IP, and yet they've failed to do so.
It's as if your neighbor, Bob, brought the police to your place and claimed it was full of his stolen property. When the police ask Bob what things are his, he says, "When sql*kitten first moved in, this place was bare. But now it's all gussied up with furniture, plants and art - he must have stolen it from me!"
Let's say the shares have a market value of X. But Canopy isn't interested in selling. So you offer them X+D, where D is a delta that makes the sale attractive. You and your fellow ducks dig deep into your nests and come up with N(X+D), where N is the number of shares. You buy out Canopy. Hooray!
Next day you realize that Canopy repurchased the same number of shares for NX, and made a profit of ND. See the problem?
Bull. How do you model a one to one relationship that maintains integrity?
If the relationship is one to one, why not merge the two entities into one? And where do you see these 1-1 relationships in the real world? I suspect that what looks like 1-1 at first glance is better expressed as something else. For example, if a tenant rents an apartment you might see a 1-1 relationship between the tenant and the apartment. But in fact, the tenant is linked to the apartment by a lease. So, tenant has many leases and apartment has many leases.
In general, organizations (business/government/other) work with repeated processes, which are inherently 1-many.
You don't use an RDBMS because it's fast. You use it because it's reliable.
And because it's flexible. I can write a Perl/Oracle application - a year later someone else may add a Java app on top of that same store. In between, people will write ad hoc SQL queries to pull out data. Someone may point Crystal Reports at the database and pull out reports without even knowing the Perl and Java apps exist.
As long as we correctly document and share the data model, we interoperate successfully.
Contrast that flexibility with the confinement of storing "objects".
Do you really think one of Laurie's recipients would have done that? The article specifically addresses the erosion of ethical boundaries caused by the ease of forwarding a message. We would not have a chance to read Laurie's message if we depended on one of her friends manually transcribing it.
No, Palladium will probably be quite successful in drying up such leaks.
The author mentions Palladium in passing, but I'm not sure he realized it will put an end to such leakages. The average slashdotter is apparently still under the impression that any such scheme will be cracked within weeks of its release. But Palladium appears carefully designed. I expect it to bring email into compliance with the expectations of normal people - no more effortless forwarding of confidential documents.
Also, no more Pentagon Papers, embarassing Microsoft email, etc.
Palladium will be a huge and sharp wedge severing the geeks from the rest of society. On the technical level, we will no longer be able to read email from our friends, customers and bosses unless we use Microsoft products. On a personal level, the normal folk will breathe a sigh of relief that the "information wants to be free" era is over, while the geeks will rage and protest against the new regime.
Your discussion of green-screen applications is a complete tangent, and does not address the inadequacies of which the original poster complained. Yes, banks have many people interacting with centralized computers via terminal apps. But they also have many knowledge workers using Windows and Office. Those are the ones who could be transitioned to Linux if it were ready. Therefore, the reason the bank executive would laugh is not because you propose a GUI in place of a green-screen, but because you propose a less functional GUI in place of the existing GUI.
To be clear: it doesn't matter what kind of terminal the drones at the counter are using. The decision-makers all run Windows and use Office. That's not just executives; it's a whole pyramid of workers that starts immediately above the terminal-using drones.
Check out this thread. Apparently realdpk harbored spammers for about a month, and then SPEWS took an additional 6 months to delist him. I'll refrain from repeating what I wrote in that thread.
I thought I dealt with that. It couldn't be the case, as Saruon wasn't defeated by Aragorn. Heck, he wasn't even defeated by Frodo!
Perhaps Sauron is like Osama bin Laden? The US ostensibly attacked Afghanistan because they were harboring him. And now he's gone. Now the US has a kind of vested interest in maintaining the image of OBL as a master terrorist planner. If he were a dispensable blowhard who makes videotapes while others do the actual work, the motivations for the US attack become more questionable.
Maybe the point of the war in LOTR was to seize land for Gondor and Rohan. And to break Mordor as a commercial entity so folks in the wild lands would trade more with Gondor.
Chesterton defended the telling of fairy tales similarly:
Fairy-tales do not give a child his first idea of bogy. What fairy-tales give the child is his first clear idea of the possible defeat of bogy. The baby has known the dragon intimately ever since he had an imagination. What the fairy-tale provides for him is a St. George to kill the dragon.
Which is true. But LOTR appeals more to adults than to kids. Adults who (can) vote and shape the future. Every time geeks come up against "the evil guys", for example Microsoft, I'm struck by how forward-looking the latter are. I think Brin could be right, at least about geeks.
It's a story, and a good one. And I don't think everything must be "forward-thinking" to have value.
Brin doesn't deny that it's a good story, or claim that everything must be forward-thinking. He claims that we are currently too fixated on this mythical past. And while his essay has holes, I'm glad he brought some skepticism to bear on the "deplorable cultus", as Tolkien himself called the adulatory bubble surrounding LOTR.
In other words - "If you don't like it, read something else." The point is not whether he "likes it". Brin claims that our culture is swinging towards fedual-romanticism and that the popularity of LOTR is a symptom.
I can't help wondering what the other side of the story is. Maybe the "stalker" is merely a persistent on-line critic who points out flaws in her ideas. Authors can take criticism of their work very hard, and online anonymity encourages critics to express negative opinions forcefully. That's the weird thing about someone asking "advise me on how to handle this difficult person." The chances are at least 50% that the querent is the source of the problem. I wonder if Len Tillum pointed that out.
Certainly, if you are going to base your standard on the "greatest good" then that would be served better by giving the URL to the car company which (very likely) employs and affects a far larger number of people.
But why do you think Nissan's employees would benefit if the corporation gets the URL? If the URL makes the corporation more profitable, which is quite dubious in itself, the stockholders benefit, not employees as employees. Besides, even if we substitute stockholders for employees, the utilitarian calculus is "the greatest good for the greatest number", not just "some good for the greatest number". So the death of a single person might outweigh a once cent gain for a million people.
Slashdot Mirror
I would not expect a good course on secure programming to cover these topics, especially the first two. That comment, and others like it, make me think that slashdot readers generally have a bit to learn about secure programming, and might benefit from a course like this.
Just to take a rough stab, here are some of the things I'd expect to see in a course on secure programming. Note that none of them have to do with the installation, operation or removal of specific applications, or the benefits of specific OS's:
Again, this is really rough but it points in the approximate direction such a course should take.
It's wrong to blame X for slowness. The real problem is the incredibly bloated and slow GUI apps and window managers, and possibly the modern GUI toolkits. Blackbox/Fluxbox/IceWM are very fast. Properly made X applications like xfig are very fast. The Mozilla family of apps has something pathologically wrong with it - nothing should be that slow. The Gnome/KDE stuff seems to me just barely acceptable on a fast machine, but clearly it's bloated and inefficient.
Quit blaming X. That's not where the speed problem is. As for difficult and complicated - your right. But mature technologies that properly handle a wide variety of cases tend to be that way.
This message may appeal to naive purchasers, but does not address real-world threats. Most corporate fraud is committed by insiders. Microsoft is proposing an overly simplistic threat model: the villains are outside the wall. In reality, villains inside the wall account for greater damage.
Hi, Brian. I think what you're doing is very cool. Too many businesses are distorted by the need to please investors - in fact, I think the most potentially successful businesses are prematurely killed by pandering to investors' ideas of what's profitable. This is especially tragic in creative fields.
I didn't like Candy Cruncher at all, but it shows a high level of professionalism and polish. I probably don't have a very clear picture of what "puzzle game" means - I loved Crystal Caves and to some extent that's a puzzle game. If you made that type of game for $15, I would probably buy it.
I sense that CC may be a trial balloon, testing the channels of development, distribution, support etc. and that therefore you may have wisely chosen to bite off the smallest possible chunk, rather than get mired neck-deep building something too ambitious. I hope it succeeds and spurs you on to more interesting stuff.
Good luck!
I've read all the comments, and the bottom line seems to be: don't offer free tech support to relatives. It will go unappreciated both because it's free and because as a child/relative you don't seem as impressive as an outsider.
I have had to learn in other contexts that working for free does not pay off. There are exceptions of course - when the requestor clearly understands the value of the services requested. In general, you merely cheapen yourself by undertaking such tasks.
Some posters praised the give-and-take of a helpful extended family, citing relatives who fixed cars or furnished plumbing supplies. Surely, they say, it's reasonable to delouse the spyware-infested PC of such a relative. I don't find this idea attractive. I'd rather buy my own food than have Uncle JoeBob bringing over free Pizzas from his Pizzeria since I reinstalled Windows XP for him. I work for a living and buy what I need with money. I prefer it that way. I can spend my pay on almost anything, not some limited range of available relative-favors. And I can shop for vendors on a level playing field, and hold them accountable.
The worst aspect of this free tech-support is the assumption of responsibility for the host of ills that plague Windows PCs. Once you've laid your hands on the accursed box your fingerprints last forever. And your carefully-considered advice, which you've cheapened by giving for free, is weighed against the babblings of some local "expert".
I'm suprised that so many slashdotters are caught in this particular trap. I went through it very briefly before closing the support valve forever. If you lack the hardness of heart to say no, then I suspect life has some education in store for you.
I disagree with the idea that small projects should use flat files or XML in place of MySQL. First of all, the flat file only looks good while there seems to be a single entity in the system - let's say person. It rapidly turns into a convoluted mess when a second entity rears it's head - let's say a person can have multiple cars. Second, many applications end up developing reporting requirements that were not envisioned in the original design. That's what makes relational databses great - ad hoc reporting.
Another way to put it - as the application grows in complexity, more functionality will be added to the data store as the programmers painfully rediscover all the challenges which real databases have already conquered. Of course MySQL doesn't cover all of those, like ACID, but it covers most. Look at the amount of effort that went into MySQL, Postgres and Oracle - it's huge.
Of course, you may be thinking of simpler applications than I am. If the data can legitimately be represented by one table, with no denormalization, then I agree a database may be overkill.
We're talking about two different kinds of tags. I was talking about the very popular Knogo tag which has an asymmetrical head and a hole in the side for inserting a the unlock wire. I guess you were talking about the kind with no keyhole at all. In fact, I had forgotten about the existence of that type.
By the way, I'm not a shoplifter. I just find small mechanisms interesting.
I saw the same thing. Two Electrical Contracting firms, A and B were working on the same site. A was an army of cheap, nonunion workers in rapid motion. The average age was probably 26. B was a bunch of mostly overweight middle-aged union electricians. I rarely saw B do any work - they were usually clustered around their plan table taking notes on yellow legal pads. When they did move, it was at the rate of divers on the ocean's floor. And yet, week by week their project progressed rapidly. "A", meanwhile had numerous cases of ripping out work that was not code compliant or was based on a misreading of the plans.
Except that the magical tool is just a piece of steel wire bent to a certain curve. The rest of the detaching fixture is just misdirection.
I don't think you understand. In fact, the strength of Trolltech's position stems from your lack of understanding.
Publishing a GUI library under the GPL sounds innocent superficially. If KDE/Qt gain critical mass and become THE linux desktop, publishers of commercial software will have to buy licenses from Trolltech. They cannot link their proprietary software against a GPL'd library, but Trolltech will sell them that right. Trolltech will enjoy a gatekeeper position similar to Microsoft's.
'Turning the screw' would mean increasing the fee (currently $3000 per developer, IIRC) and/or adding increasingly onerous conditions to the license. The screw would not be pointed at authors or users of GPL software, who would continue to enjoy free use of Qt.
If you want a wide open, level playing field on the desktop, you want the GUI toolkits licensed under X/BSD/LGPL. If they are GPL'd with a side tollbooth for commercial developers, there is a nasty concentration of power in the making.
If SCO could mention real, specific pieces of code or techniques that were stolen from their OS (it galls me to call it UNIX) and inserted into the Linux kernel, the kernel maintainers would remove it and humbly apologize. However, I read the entire complaint and did not see one specific allegation of stolen IP. Rather, they argue that Linux is so good that it must be based on their stolen IP.
If the SCO execs were Slashmonkeys, they would claim that Windows 2000 must have stolen pieces of Linux in it because it's so stable. The difference is that the Linux code is out in the open for SCO to inspect; indeed, they were a Linux distributor. They've had every opportunity of finding the specific parts of the Linux kernel that violate their IP, and yet they've failed to do so.
It's as if your neighbor, Bob, brought the police to your place and claimed it was full of his stolen property. When the police ask Bob what things are his, he says, "When sql*kitten first moved in, this place was bare. But now it's all gussied up with furniture, plants and art - he must have stolen it from me!"
Let's say the shares have a market value of X. But Canopy isn't interested in selling. So you offer them X+D, where D is a delta that makes the sale attractive. You and your fellow ducks dig deep into your nests and come up with N(X+D), where N is the number of shares. You buy out Canopy. Hooray!
Next day you realize that Canopy repurchased the same number of shares for NX, and made a profit of ND. See the problem?
If the relationship is one to one, why not merge the two entities into one? And where do you see these 1-1 relationships in the real world? I suspect that what looks like 1-1 at first glance is better expressed as something else. For example, if a tenant rents an apartment you might see a 1-1 relationship between the tenant and the apartment. But in fact, the tenant is linked to the apartment by a lease. So, tenant has many leases and apartment has many leases.
In general, organizations (business/government/other) work with repeated processes, which are inherently 1-many.
And because it's flexible. I can write a Perl/Oracle application - a year later someone else may add a Java app on top of that same store. In between, people will write ad hoc SQL queries to pull out data. Someone may point Crystal Reports at the database and pull out reports without even knowing the Perl and Java apps exist.
As long as we correctly document and share the data model, we interoperate successfully.
Contrast that flexibility with the confinement of storing "objects".
Do you really think one of Laurie's recipients would have done that? The article specifically addresses the erosion of ethical boundaries caused by the ease of forwarding a message. We would not have a chance to read Laurie's message if we depended on one of her friends manually transcribing it.
No, Palladium will probably be quite successful in drying up such leaks.
The author mentions Palladium in passing, but I'm not sure he realized it will put an end to such leakages. The average slashdotter is apparently still under the impression that any such scheme will be cracked within weeks of its release. But Palladium appears carefully designed. I expect it to bring email into compliance with the expectations of normal people - no more effortless forwarding of confidential documents.
Also, no more Pentagon Papers, embarassing Microsoft email, etc.
Palladium will be a huge and sharp wedge severing the geeks from the rest of society. On the technical level, we will no longer be able to read email from our friends, customers and bosses unless we use Microsoft products. On a personal level, the normal folk will breathe a sigh of relief that the "information wants to be free" era is over, while the geeks will rage and protest against the new regime.
I wouldn't say "enamored". In fact, based on the few pages I read in the bookstore, I think Bronson rather agrees with you.
Your discussion of green-screen applications is a complete tangent, and does not address the inadequacies of which the original poster complained. Yes, banks have many people interacting with centralized computers via terminal apps. But they also have many knowledge workers using Windows and Office. Those are the ones who could be transitioned to Linux if it were ready. Therefore, the reason the bank executive would laugh is not because you propose a GUI in place of a green-screen, but because you propose a less functional GUI in place of the existing GUI.
To be clear: it doesn't matter what kind of terminal the drones at the counter are using. The decision-makers all run Windows and use Office. That's not just executives; it's a whole pyramid of workers that starts immediately above the terminal-using drones.
Check out this thread. Apparently realdpk harbored spammers for about a month, and then SPEWS took an additional 6 months to delist him. I'll refrain from repeating what I wrote in that thread.
Does ^U work? Works in Netscape/Moz/Galeon.
Perhaps Sauron is like Osama bin Laden? The US ostensibly attacked Afghanistan because they were harboring him. And now he's gone. Now the US has a kind of vested interest in maintaining the image of OBL as a master terrorist planner. If he were a dispensable blowhard who makes videotapes while others do the actual work, the motivations for the US attack become more questionable.
Maybe the point of the war in LOTR was to seize land for Gondor and Rohan. And to break Mordor as a commercial entity so folks in the wild lands would trade more with Gondor.
Which is true. But LOTR appeals more to adults than to kids. Adults who (can) vote and shape the future. Every time geeks come up against "the evil guys", for example Microsoft, I'm struck by how forward-looking the latter are. I think Brin could be right, at least about geeks.
Brin doesn't deny that it's a good story, or claim that everything must be forward-thinking. He claims that we are currently too fixated on this mythical past. And while his essay has holes, I'm glad he brought some skepticism to bear on the "deplorable cultus", as Tolkien himself called the adulatory bubble surrounding LOTR.
In other words - "If you don't like it, read something else." The point is not whether he "likes it". Brin claims that our culture is swinging towards fedual-romanticism and that the popularity of LOTR is a symptom.
I can't help wondering what the other side of the story is. Maybe the "stalker" is merely a persistent on-line critic who points out flaws in her ideas. Authors can take criticism of their work very hard, and online anonymity encourages critics to express negative opinions forcefully. That's the weird thing about someone asking "advise me on how to handle this difficult person." The chances are at least 50% that the querent is the source of the problem. I wonder if Len Tillum pointed that out.
But why do you think Nissan's employees would benefit if the corporation gets the URL? If the URL makes the corporation more profitable, which is quite dubious in itself, the stockholders benefit, not employees as employees. Besides, even if we substitute stockholders for employees, the utilitarian calculus is "the greatest good for the greatest number", not just "some good for the greatest number". So the death of a single person might outweigh a once cent gain for a million people.