15 posts • joined Saturday 19th May 2012 18:27 GMT
Re: Is this innovation, or just diversity?
I do indeed think that commercial vendors have not managed to create a proper webserver, a proper version control system, a proper web browser with fast JS and good sandbox, a nice GUI toolkit during the last 10 years on their own. All the "good" stuff has been full or partial open source. Yes, Chrome is innovation - try IE 8 if you don't believe me. Check the list of exploitable bugs in Chrome and FF if you don't believe me. SVN and CVS are much, much better than all the commercialware contraptions, because they simply work instead of presenting stupid metaphors and half-broken tools. That's innovative.
Ubuntu is innovative because patching is a single-click affair. Linux invented this, everybody else followed.
Apache plugins are innovative and it's stability and robustness is innovative. Just check IIS.
Gcc is innovative because it generates for everybody's and their dog's instruction set.
HTML is innovative because it is not a property of Adobe, Microsoft or Quark.
Re: Matt Asay's bias is showing.
Linux, BSD, XML, HTML, Qt, wxWidgets, Apache,SVN, WebKit, TeX, rsync, Android, Eclipse. It can indeed be argued that most of the innovations of the last ten years have been driven by open source.
Commercialware vendors haven't done much innovative recently. Their contraptions are just nicely polished Balls Of Shit. Scratch the surface and you will smell it. Also, these balls are 100 times larger than technically required.
Just take Chrome, iOS and Android - they would have never happened if Google and Apple would have had to develop all from scratch. Meanwhile M$ is struggling under the load of their own contraptions - just fixing the bugs is too much for them. What they manage is to polish their stuff in randomly new ways and rearrange everything like a department store. But there is precious little innovation.
Windows 7 still has the same old stinking pile of SMB (they now call if CIFS ?) under the hood and it is still making the same difficult-to-reproduce error we already had in NT 4. They still don't understand the difference between root and normal user - UAC is a big fat abomination. IE 8 is a fat snail while Chrome drives the innovation. M$ was forced by Chrome into standard JS/HTML5 and to abandon Silverlight.
So, yes the economics of open source are very well visible if you look at Google, Apple, Redhat, Facebook and many others. And yes, the economics make room for innovation, while the proprietary vendors are stuck in their legacy stuff (IE, NT kernel, Office etc).
@Robert Long 1
I am far from being an academics person - I see myself as a software/systems engineer. I am working for businesses who have real money to lose if their valuable data gets corrupted. I feel really shitty if I have to run "repair table" on a MyISAM table filled with expensively generated data. And I feel even shittier if the number of rows is smaller than before the "repair" action.
In one of my last jobs we had a 60GB MyISAM DB and I felt like being very smelly and brown in that job. We did nothing exotic and had only minimal query load (less than 10 queries/s).
I assume all your consulting jobs are department-level DBs which can basically be burned down without much damage. Or worse, you don't realise the problem.
So from an engineering point of view, Postgres is in many (integrity, query optimization, feature set) ways superior to MySQL. And that translates in much better economics on the long run, as your trousers won't be pulled because MySQL fscked up your mission-critical data. There is a reason some people even spend lots of money for the Ora RDBMS. They want insurance against Business Destruction.
Let me educate you, boy. An "employee device" is by definition under the control of the employee and 99,5% of corporate workers (let's simply call them Drones) have absolutely no clue about security risks. They will download Skype from Softonic, which is a peddler of malware - not from the official Skype site, because softonic might be quite high in the Google hitlist. They will use dubious Android appstores and equally download malware via this route. They will install "cracked" versions of payware (because M$ office is "cooler" than Abiword/Gnumeric). This stolen software will certainly contain some high-quality russkie virus.
And now you are saying that these virus-infected devices should "connect to internal data storage ". You fancy that the corpo is safe because the data won't be saved locally by the legitimate (!) client software. What makes you think the virus will give a rat's ass about that ? The virus will happily make screenshots of the confidential data, will store it locally if it so choses and certainly will siphon off the data via SSL to a set if Google Mail accounts under the control of the virus creator. It will also nicely index all the mounted confidential data sources, so that the attacker doesn't have to download all the crap he is not interested in.
And then, China Competitor Corporation will have the Corporate Secrets on a Gold Plate. Yeah - Bring Your Own Shit !
"70 per cent are running on the Windows platform and about 30 per cent are running Linux."
Most data still resides on MVS mainframes, especially the important stuff. An yes, there is HPUX, AIX, Solaris and a lot more which host huge databases.
MyISAM WILL shove a rod into your anus
It is just a matter of time until MyISAM will destroy a sizable portion of some critical data if you are so stupid to use it.
Innodb might be better, but the very fact that they promoted MyISAM means the MySQL people are simply Marketing Muppets.
Real developers chose Postgres or OpenIngres. Or the slavery of Larry, which is still better than MyISAM.
"(the drone THINKS s/he is protected by the virus scannor"
Re: awesome quote from Horan.
The Average Corporate Drone has the full range of Virus APIs readily installed:
* XP running as Administrator (the drone this s/he is protected by the virus scannor)
* Java Web Start
* Acrobat Reader
* MS Office
* comprehensive, up-to-date LinkedIn profile
* SSL connections allowed to basically anywhere. No SSL-MITM in the browser. Blind Firewall.
So all you need to do is to build a Java/Flash/Office exploit, write a nice spearphishing email and then lob the spear. Extract gigabytes of data via Google mail/SSL. Index all connected drives and incrementally discover all the juciy stuff. Conceal your traffic by observing the drones traffic and blending in. Put your malware on shared drives to infect even more drone computers.
Bring Your Own Security Risk. That's the proper term.
But from my experience, it does not matter much. China and the Russian Mafia already hosed all the secretos of the corpos, which isn't particularly difficult when the Drone Computer has all the Adobe and M$ crap installed, ready for exploitation.
See RSA "Security" and their Paying Victims at Lockheed Porkworks, Marietta, GA.
First They Abuse Children Sexually
I am sure Office365-Molester will have a Pope API to spy on all the vicitims.
Kids, here is the free stuff, without Pope Snooping Function:
Also, your computer will be free of Russian Mafia Molestation (i.e. viruses). Finally, you will save a lot of CO2 by using the Raspberry as compared to Wintel Bloat.
Now, Do Something Useful With the R3,1415
First priority: Code and run your own Search Engine. The 3,1414 will allow you to run your own crawler all day long at about 5W energy consumption.
A) Use AdBlock Plus
B) Use NoScript
C) Take control of your own data: http://friendica.com/
Und jetzt wie man es richtig macht
..some real advice on how to properly secure a password-based system:
A) Store all usernames and passwords on an entirely different machine and an entirely different database. The "credentials" server will only handle authentication requests through a well-defined (proper grammar), simple TCP interface. All other services including X11, ping and so on will be disabled on this server. The server will be completely firewalled except for that specific port.
Application code will query this server for authentication purposes via a TCP socket and will then proceed to do the usual SQL against the "app" database.
B) Store a "retry counter" along with the password hash and lock the account for half an hour after five bad attempts. Lock for a day after 15 wrong attempts.
Then even passwords such as "apple15" will be quite secure.
Bring It On
We already expect this and we prepare against it. We already have detailed plans for making
<li>Low-observable telecom links</li>
<li>Anonymous Signals Intelligence</li>
<li>Anonymous Acoustics Monitoring</li>
<li>A Liberty Search Engine</li>
<li>Free As Speech replacements for FB, Twitter</li>
<li>Wholly new types of anonymizers</li>
<li>Wholly new types of cryptography</li>
Of course, these plans are most useful when release in an emergency. Otherwise the MIC could prepare their countermeasures. I suggest everybody gets hold of some amateur radio literature so that you will be prepared to create your own gear as soon as the need will arise. Also, don't throw away devices which contain
<li>high-speed Digital-Analog and Analog-Digital Converters</li>
<li>HF Power Transistors (CB radios !)</li>
<li>Microwave transistors and diodes</li>
so that you can actually build your liberty internet components.