Language:
switch to room list switch to menu My folders
Go to page: First ... 58 59 60 61 [62] 63 64 65 66
[#] Fri Sep 26 2014 01:27:59 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Not bitten (that I can tell yet).  Patched with the second round of bash package updates.  Good to see that Slackware released patches back to 13.0 were released around 2 pm CST.  That would have saved me a bit of time fussing if Debian / Ubuntu was that fast :-)  They did come in a close second at around 4:50 pm CST, but a one man shop should probably come in second.  Just kidding, I realize he has minions dedicated to testing.  I appreciate all the folks doing the heavy lifting and discussions today as well.  Hated that the mess existed, but loved the response and frank discussions of the patches - all in the open !!!.

Thu Sep 25 19:55:13 UTC 2014
a/bash-4.3.025-i486-2.txz:  Rebuilt.
  Patched an additional trailing string processing vulnerability discovered
  by Tavis Ormandy.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
  (* Security fix *)
ap/lxc-1.0.6-i486-1.txz:  Upgraded.
  Fixed bash completion file.  Thanks to dunric.

------------------------------------------------------------------------------------------------------------------------
Ubuntu notice:
Thu Sep 25 21:50:16 UTC 2014

bash (4.1-2ubuntu3.2) lucid-security; urgency=medium * SECURITY UPDATE: incomplete fix for CVE-2014-6271...



[#] Fri Sep 26 2014 10:41:14 EDT from Sig @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Best explanation (i.e. detailed enough but not ridiculously technical, explained for normal human beings, and not "OMG your IoT lightbulb will h4xx0r you!") I have found so far: http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

[#] Fri Jan 23 2015 04:32:05 EST from the_mgt @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

A Generation Lost in the Bazaar

Quality happens only when someone is responsible for it.

Thirteen years ago, Eric Raymond's book The Cathedral and the Bazaar (O'Reilly Media, 2001) redefined our vocabulary and all but promised an end to the waterfall model and big software companies, thanks to the new grass-roots open source software development movement. I found the book thought provoking, but it did not convince me. On the other hand, being deeply involved in open source, I couldn't help but think that it would be nice if he was right.

The book I brought to the beach house this summer is also thought provoking, much more so than Raymond's (which it even mentions rather positively): Frederick P. Brooks's The Design of Design (Addison-Wesley Professional, 2010). As much as I find myself nodding in agreement and as much as I enjoy Brooks's command of language and subject matter, the book also makes me sad and disappointed. ...

 


[#] Fri Jan 23 2015 16:04:15 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


"there is no escaping that the entire dot-com era was a disaster for IT/CS in general and for software quality and Unix in particular."

Bold words. I'm not sure I would go that far. Except if I were talking about PHP. >:-P

[#] Fri Jan 23 2015 16:11:24 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Ford ][ would be eating that article up.

[#] Mon Feb 02 2015 10:36:41 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Wow, what a carefully selected subset of data chosen towards a very faulty conclusion.

As examples of "lost in the bazaar" he cites:

* All of the baristas-turned-web-developers during the Dot Com Boom

* The FreeBSD ports tree

He conveniently leaves out all of the places where quality is present because someone is paying attention to it, or even better, because there are customers paying for it (Red Hat, Oracle, etc).

[#] Mon Feb 02 2015 23:48:58 EST from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

The comments were more fun than the "get off my lawn" article.



[#] Mon Feb 09 2015 21:30:06 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Definitely that was a lot of "get off my lawn", but he might as well have been talking about Red Hat or Ubutu or Debian instead of the freebsd ports, because the Linux userland is *exactly the same source base as* the FreeBSD ports tree. And it has many of the same dependency hell problems.

From the outside looking in ( I haven't written Windows code since toy projects in high school ) it actually looks like Windows might have ended up getting more things right (except for their appalling filesystem semantics) than Linux did, because Linux grew by accretion and Windows was kinda sorta architected.

[#] Mon Feb 09 2015 21:32:04 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

He conveniently leaves out all of the places where quality is present

because someone is paying attention to it, or even better, because
there are customers paying for it (Red Hat, Oracle, etc).

But see he wasn't talking about the freebsd ports tree, he was talking about the upstream sources that feed into that. And now you're coming along and saying "don't worry, Red Hat will put lipstick on it."

[#] Fri Feb 13 2015 10:41:53 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

That sounds like "no one is worrying about quality control except for the people who are paid to be responsible for quality control."



[#] Fri Feb 13 2015 12:51:44 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


The QA toons are paid to find bugs (can we pay them by the bug? I digress.) They are not paid to ensure quality in the sense he was talking about.

[#] Sat Feb 14 2015 15:27:28 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Sounds good in theory but Exchange is still a buggy pile of crap, easily exceeded by "sloppy" software, no matter how many "real QA people" are thrown at it.

[#] Mon Feb 16 2015 15:27:43 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


It is very good at what it was designed for, which is to pad salaries of ops.

[#] Wed Feb 18 2015 08:22:48 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Well yes, there is that.  It pains me to see a bunch of paper tigers insisting that you need half a dozen servers to provide email to a group of 100 people, because that's what they were told was "best practice."  And then it has regular outages and they all blame each other.

This is not an exaggeration; I speak from direct experience.  The environment in question ran Citadel for nearly seven years without a single outage.  So you have a system built by hobbyists in our spare time, with quality that greatly exceeds an expensive system built by thousands of highly paid developers and QA people.

So I'm going to come to a different conclusion.  Quality happens when someone is thinking about quality.  It happens when delivering something that works properly is held as a higher priority than delivering something that has an ever-growing feature set.  I believe that this can happen in the cathedral or in the bazaar.



[#] Wed Feb 18 2015 11:44:50 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Wearing my pointy-haired toupee for the moment... part of my responsibilities are tending toward team lead these days. So I think: quality happens if you lecture the junior devs until their ears bleed. ( I try to be a bit nicer about this than it sounds. ) That's more cathedral than bazaar though.

Imagine that... me, responsible.

[#] Wed Feb 18 2015 12:43:57 EST from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Heh... team lead... lead developer... we're all growing up.

[#] Wed Mar 04 2015 08:01:32 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Yeah, careful about that. A bit further down that road is a group of assholes committed to your failure.

[#] Thu Mar 05 2015 12:18:34 EST from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


As long as they're legitimate competition, I'm okay.

If their supposed to be on the same team, I need to find a smaller team.

[#] Thu Mar 05 2015 14:28:37 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

They are ostensibly on the same team, but each one of them is actually a team of one, and that team has a zero tolerance for competition.

[#] Fri Mar 06 2015 16:48:28 EST from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Meh... I haven't had too many dealings with those types, because I don't get hired to work in environments like that. Possibly because I'm viewed as a threat.

Go to page: First ... 58 59 60 61 [62] 63 64 65 66