Just a reminder

[CougTek]

In late July, researchers found several flaws in the OpenSSL tool kit, which is commonly used for secure transmissions on Apache servers. About six weeks later, someone released a worm called Slapper that exploited the vulnerability and not only installed a back door on each infected server but also turned machines using OpenSSL into a waiting army of zombies by dropping in a DDoS (distributed-denial-of-service) tool kit as well.

Source : E-Week.

Updading your softwares is of capital importance. 6 weeks later the vulnerabitilty was identified AND patches were released, the worm still had plenty of vulnerable systems to infect. I feel no sympathy for the victims. Would they have done their job, they wouldn't have been affected.

BTW, I don't agree with the guy named Gene Spafford who was quoted in the above article. What he said can be applied to Winblows just as well, so I don't see it as a weak point for Linux.

 

[Mercutio]

Spaf was theoretically one of my professors at Purdue. He literally wrote the book on Internet Security. The first one. I'm not kidding. He's an old Unix hand at a school where CS students don't touch Windows machines at all. If he says something isn't right security-wise, it isn't.

 

[timwhit]

Why theoretically? Didn't make it to class much?

 

[Mercutio]

It's OK to skip anything that starts 100, 200 and even 300, but one does one's best to attend 400-level classes within one's major field of study.

He's a bit of a celebrity. When I was taking his class, the internet had just caught on as a popular subject and he was off doing other things (giving expensive seminars at large corporations and such). He let his PhD-candidate lackeys handlean awful lot the semester I took his class.

I had a friend get a Physics degree from Cornell. He said that in the time he was there, he could never prove or disprove that Carl Sagan did, in fact, teach there.

 

[CougTek]

Linux is awful. There are no design specs. Everybody and their half-brother who knows some [C code] writes code for it, and they all have the same lack of knowledge...

Now tell me that the same cannot be applied to Windows. On Windows, it's even worst, "everybody and their half-brother who knows some [VB code] writes code for it, ...

And between you and I, programming in VB needs far less skills than programming in C (note that I didn't write "programming well") so chances are high that most programmers for Windows are far more clueless than the hobbyist who programs for Linux.

I don't question the knowledge of your old prof, I contest his comparison of the security level of Winblows and Linux applications. Besides, no matter what's written on his C.V., last time I checked, no one is always right on everything.

 

[Cliptin]

Coug, there is a small but very real difference between programming and coding.

 

[time]

Do tell?

 

[P5-133XL]

And the answer to the difference between programming and coding is:

programming
- .......coding
____________
progqwxi...



Sorry, it take a literal computer type person, like me, to think dumb stuff like this as an answer to your question; convering the letters to numbers, subtracing them, and converting the numbers back to letters.

 

[Prof.Wizard]

eh?

 

[P5-133XL]

g - g = 0
n - n = 0
i - i = 0
m - d = 13 - 4 = 9 = i
m - o = 13 - 15 + 26 (carry) = 24 = x
a - c = 1 - 3 -1 (carry) + 26 (carry) = 23 = w
.
.
.

 

[Prof.Wizard]

I knew you were subtracting but I didn't understand why you were saying there's a difference: Writing code (high-level not machine) is a synonym to programming AFAIK.

 

[Fushigi]

Linux is awful. There are no design specs. Everybody and their half-brother who knows some [C code] writes code for it, and they all have the same lack of knowledge...

Now tell me that the same cannot be applied to Windows. On Windows, it's even worst, "everybody and their half-brother who knows some [VB code] writes code for it, ...

I think you're missing the context. Windows development by MS does have carefully thought out specs; features & functions are added as part of a grand scheme. That the scheme is inherently evil is besides the fact.

The VBers you mention are not OS developers. They are app developers. I'm pretty sure Spaf's comments are only related to the OS side of things.

Linux, on the other hand, has no such grand plan (that I'm aware of, anyway). Anyone who believes themselves to be capable can pitch in with the OS development effort. Is there a documented overall design goal with a project plan for implementation?

I'm not bashing Linux & favoring MS. I'm just calling the shots as I see them. MS, like every other OS developer, makes plans for their OS products and then executes those plans using the appropriate resources. I've not heard of anything similar from the Linux camp.

- Fushigi

 

[Will Rickards WT]

Coug, there is a small but very real difference between programming and coding.

Most people can learn a language, like french or C. When you are new in a foreign language you do literal translations using a translation dictionary. This results in phrases that may get across the meaning and actually work but are not preferred. Someone who is immersed in the foreign language will become fluent and even use phrases that are language specific. Same is true of programming. Coding is making code that probably works. Programming involves a higher understanding of the language and usually results in better code. When you become fluent in many foreign languages, people will call you a master of those languages. For a programmer, you begin to understand the influences behind design and such like. Then you are called a software engineer.

 

[Mercutio]

Without knowing for sure, I'd guess Spaf was slamming Linux in favor of a more organized development by a team of system programmers with a real design document and clearly defined roles. This is the model favored by *BSD and all commercial operating systems and was a primary resistance to Linux even in Purdue's all-Unix CS and CompE departments while I was there.

It would bug me too, thinking that someone could slip a trojan into my operating system at the source code level, if I were a security guru.

 

[Cliptin]

I knew you were subtracting but I didn't understand why you were saying there's a difference: Writing code (high-level not machine) is a synonym to programming AFAIK.

In english subracting is also called taking the difference between two numbers. It's counterpart for addition is called a sum.

 

[Cliptin]

Do tell?

All of what Will said plus program design. Such as knowing you are writing convoluted code (slow) for a quick project vs. writing slow code because you don't know how to make it better.

Coding in VB might very well be easier due to the power of the VB development environment; and the sheer flexibility of C makes coding more tedious.

But, programming starts with a design criteria and you aren't finished until the criteria are met.