Re: French Gov handing out Linux in schools
From: Hairy One Kenobi (abuse_at_[127.0.0.1)
Date: 08/19/05
- Next message: Hairy One Kenobi: "Re: US Gov looking for input about IE ONLY pre-patient web site..."
- Previous message: dave o: "pay rate"
- In reply to: Imhotep: "Re: French Gov handing out Linux in schools"
- Next in thread: Phil: "Re: French Gov handing out Linux in schools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Aug 2005 23:26:18 GMT
"Imhotep" <Imhotep@nospam.com> wrote in message
news:5KSMe.20388$Yx1.17568@tornado.tampabay.rr.com...
> Hairy One Kenobi wrote:
>
> > "Imhotep" <Imhotep@nospam.com> wrote in message
> > news:NFpMe.34749$dJ5.4455@tornado.tampabay.rr.com...
> >> Hairy One Kenobi wrote:
> >> > "Imhotep" <Imhotep@nospam.com> wrote in message
> >> > news:fzSLe.15697$Oy2.5608@tornado.tampabay.rr.com...
> >
> > <snip>
> >
> >> > Take a look at Gartner.com, or one of the mainstream IT news sites -
> >> > you'll soon get the idea.
> >>
> >> I have used Gartner over the years. Yes, I am very famalar with them.
> >> However, I am asking you to restate your point, that is what I do not
> >> understand.
> >
> > Hmm. maybe it's a language thing? Time to quote...
> >
> > "Hairy One Kenobi" <abuse@[127.0.0.1]> wrote in message
> > news:h%KLe.8368$Mf6.7813@newsfe2-gui.ntli.net...
<snip; seen it al before>
> First, Gartner is not the Gospel. I used to have an account with the for
> many years. They do have some good people and info but, they are not
> perfect. When researching I take their point of view into account, but I
> also take it "with a grain of sand".
In that case (he asks rethorically), then why the misunderstanding about
what an analyse is, and does? Subject closed, methinks.
> > From my own POV, I keep hearing how much better it is that people
inspect
> > other people's code, and fix it. But I've never met anyone that did
that.
> > Or anyone that knew someone that did that. Or anyone who had a friend
who
> > know someone...
>
> Not true. You should have been taught from college about peer code review.
I
> personally have been all over the BSD IP protocol stack not just looking
> for bugs but also to better understand socket/server programming.
Well done! That makes /two/ such people that I've met (the other had a party
piece about the Solaris kernel, and the bit that says "you aren't supposed
to understand the next 20 lines of code". Or somesuch. It's been a while.
> Many theoretical security holes have been patched, BEFORE ANY CODE WAS
> WRITTEN, by code review.
Approximately none. Or are you one of those "true believers" that think that
Pseudo code is executable..? Hate to break it to you, but...
<snip examples; Sendmail has been patched any number of times - just like
IE, and for exactly the same reasons.
Seem to remember that OpenSSL [in particular] was cracked rather widely
open, rather than the theoretical and obscure multi-thread thang. Memory
affected by consumption of Merlot at this point, I'm afraid, but I also seem
to remember that my particular OpenSSL implementation "just stopped working"
at some point. Got reminded of that yesterday, when Indy returned a vague
"invalid handle" exception. A naked exception, I might add (shudder)>
> 3) Other open source applications have benefited from code review also,
but
> I will leave that for the readers homework. :-)
Well, if you're /that/ stuck for examples, you might consider the Open
Source SMTP server object on my own web site... as I (think) I said, I'm not
anti-OS, just anti-Not Thinking. Hell, noone's even thought about asking me
about my own preferred development platform... ;o)
> ...the point is that open source works in many ways. First, it allows
anyone
> who is writting application code to view how the code (underneath the API
> level) is structured. Resulting in tighter and more secure code. Second,
> there are people who do review the code looking for possible problems
Cite! Cite! Cite!
Millions of lines of code out there, and all we can come up between us is
(what?) three examples?
> Sure sometimes people find a problem when writting code for a particular
> application. There again, they can verify that it is really a security
hole
> by looking at the code below.
>
> > With literally millions of downloads, how could even 0.01% (hundreds of
> > dedicated techies) have missed the holes in OpenSSL and the Linux
kernel?
>
> Be more specific. Which holes?
IIRC, attitudes to the security-oriented Debian and SUSE platforms were the
most dented. (Again) IIRC, it was a suspected Apache flaw that allowed
uncontrolled access to source code, which basically permitted a root exploit
to be included and - oops - distrinuted both as source and binary to the
world at large.
It was a while ago, and not my core area of interest: anyone should be able
to Google a result within a few minutes. Unfortunately, like so often, I'm
relying on wetware storage technology for the details :o)
> > Assuming, of course, that these people actually exist, as opposed to the
> > couple of people involved in the development of specific aspects or
> > products. Or developers breaking that precise aspect of the code?
>
> Yes, these people really exist...
Name a couple... ;o)
Better yet, put up a significant stake on (say) PayPal, name an OS package
of your choice with at least a thousand lines of 3GL code, and I'll have a
go at finding a bug. There's *always* one more bug, no matter what the
platform ;o) My own code very much included.
> Ah....why all the coughing, gota cold? You patch is included in Red Hat FC
> 4...
Excellent. Now, about that precise link for my vague problem statement...?
I'm particularly interested, as it looked like a fundamental problem with
Gnome in general - anything that I could use to tweak my existing config
would be welcome.
H1K
P.S. Nothing personal in all this - software evolution makes us stronger..
and you have good arguments.
- Next message: Hairy One Kenobi: "Re: US Gov looking for input about IE ONLY pre-patient web site..."
- Previous message: dave o: "pay rate"
- In reply to: Imhotep: "Re: French Gov handing out Linux in schools"
- Next in thread: Phil: "Re: French Gov handing out Linux in schools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
