the Daily Irrelevant

Amazon wishlist
February 2008

M T W T F S S

« Jan Mar »

1 2 3

4 5 6 7 8 9 10

11 12 13 14 15 16 17

18 19 20 21 22 23 24

25 26 27 28 29
Recent Comments
- Roland Hesz on Cartoons The iCar is cool :)) Never crashes :) But runs only on GM approved fuel, runs with GM approved tires, and only on roads in GM approved countries and states. And everywhere differently. :)
- Roland Hesz on Consider This…The Stupidest Exercise Machine You’ll Ever See Yep, the Flinstone mobile :) One advantage: you can walk and not get mud and snow on your shoes.
- Roland Hesz on Yang’s Exit Opens Door for Fresh Microsoft Bid, Investors Say If I remember correctly Steve Ballmer answered Jerry Yang's plea with a "sorry, that train has left the station".
- John Sinteur on AIG to Pay Millions To Top Workers Don't sweat it - that will likely happen again :-)
- Roland Hesz on Phil Gramm, Unswayed Champion of Deregulation Funny thing that several studies concluded that those banks that lent under the Community Reinvestment Act has "practiced a stricter control over loans, than those who did not participate in the CRA". So banks lending under CRA made way better and more secure loans than those who just lent as a daily business.
- Roland Hesz on AIG to Pay Millions To Top Workers Yes, I heard it a few times too - no christmas bonus. Most of the time the question of bonus never arose in the first place. On the other hand the bonus for me is above my salary. For sales people it is not. Their base salary is pretty low to motivate them. I get your argument, we have a difference of opinions in this case I'm afraid :)
- John Sinteur on AIG to Pay Millions To Top Workers If I had a dollar for every time I heard a company say "the past year has been very bad, there will be no christmas bonus this year" I could buy you enough beer to discuss this all evening long. Why would these guys be any different? Their company is so close to bankruptcy, they have to borrow billions. I stand by my statement.
- Roland Hesz on AIG to Pay Millions To Top Workers I guess if you got part of your salary as bonus, you would say it now: oh, sure, I worked hard, turned out profit, delivered a couple succesful projects, but as others did not, I don't want all of my salary. Don't forget that a big part of the salary of sales people is counted as a performance bonus, and these are the people who can pull the company out of the shit it's in. They are "rewarding" - i.e. giving the agreed upon salary - to the people who actually turned in some profit. If you divide the sum of the bonuses ($503 million) with the number of receivers (6000+) it turns out that they will get $83833.33 on average. That is not a "luxurious" bonus. If you say that's equivalent of 6 months basic salary, then you end up with around $240k per year. You can say it's a lot, but it's not a huge salary at this level. Of course, there will be those who got $50k as a bonus, and those who got $300k. Thing is "performance" bonus is like the tip for the waiters here. It is part of their salary. And not a small part. And this defence comes from a guy who never had any bonuses so far.
- John Sinteur on Big Three CEOs Flew Private Jets to Plead for Public Funds Gates didn't make his $40b as "compensation in the form of wages or options". He's co-founder, and he saw his initial stock package explode in value. So yes, I'm counting stock grants and stock options - here in the NL stock options are already taxed as income, so there's no problem counting them as income. What I'm not counting is capital gains on stuff people already own, like stock. Just count the stock options at the moment of issue as income, and if converted to stock you never look at it again. I don't think Bill Gates made all that much in salary, and it's not fair to count a rise in stock price against him.
- Maarten on Big Three CEOs Flew Private Jets to Plead for Public Funds Presumably you're counting stock grants and stock options in that 12X? How do you work with stock that's awarded now but vests and attains its value later? How do you deal with someone like Gates, making billions as the part-owner of a very successful company? Note that Msft actually shared a lot of wealth down the ranks, even if they denied it to some (the "permatemps"), but few made 1/12th of Gates' one-time $40bln.
- John Sinteur on UK citizens ready for biometrics The only thing the average banking industry executive has not trouble grasping is bailout money... or should that be "grabbing"?
- Bankman on UK citizens ready for biometrics As long as the average banking industry executive has trouble grasping the concept, I have little hope for the general public.
- John Z on Consider This…The Stupidest Exercise Machine You’ll Ever See This reminds me of Fred Flintstone and his car.
- Sue W on Once upon a time… er...lovely child, but what sensible person would put makeup on someone that age?
- Sue W on Sine Wave speech Amazing!
Syndication
Spam Blocked

28,252 spam comments

blocked by
Akismet
Last 100 visits are from:
Domains for sale:
- niet.com
- younited.nl

Open Source Code Contains Security Holes

Open source code, much like its commercial counterpart, tends to contain one security exposure for every 1,000 lines of code, according to a program launched by the Department of Homeland Security to review and tighten up open source code’s security.

Popular open source projects, such as Samba, the PHP, Perl, and Tcl dynamic languages used to bind together elements of Web sites, and Amanda, the popular open source backup and recovery software running on half a million servers, were all found to have dozens or hundreds of security exposures and quality defects.

A total of 7,826 open source project defects have been fixed through the Homeland Security review, or one every two hours since it was launched in 2006, according to David Maxwell, open source strategist for Coverity, maker of the source code checking system, the Prevent Software Quality System, that’s being used in the review.

At the same time, projects like Samba have been adept at correcting the vulnerabilities, once they were identified. Samba was found to have a total of 236 defects, a far lower rate than average for 450,000 lines of code. Of the 236 defects, 228 have been corrected, said Maxwell in an interview.

And as a result everyone’s security improves.

Except Windows users. Will somebody please think of the Windows users?

No? Okay.

This entry was posted on Tuesday, February 5th, 2008 at 18:17 and is filed under Free Software, Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

3 Responses to “Open Source Code Contains Security Holes”

Roland Hesz Says:
February 9th, 2008 at 23:02
You mean, that non-OS related softwares are listed up there and you try to connect it to the OS?
Hmm.. Then please, will someone think of the Ferrari users? It’s not listed up there.
Apples and oranges.

And yes, I think that Windows is not totally secure, and not the best OS out there.
Unfortunately the same goes for the rest.

But please, don’t mix things.
John Sinteur Says:
February 9th, 2008 at 23:17
I’m not mixing things. There’s a huge subsidy to find bugs in software, and not all software is tested equally. I think the same amount of external effort should be taken to make windows better.
Roland Hesz Says:
February 9th, 2008 at 23:33
Ah, then I agree. Then I should write “Except users of commercial softwares. Will somebody please think of the users of commercrial softwares?”

And that include AS400, Mac OSX, Photoshop, Adobe Acrobat, etc., softwares we buy and use daily.
Now, I just have to find a way to convince my boss that the software we sell should be opened up to people so everyone can see how we solved the business problems and fix our bugs :))

You have to decide between selling softwares or having a ton of people working on your code around the world. People, who usually make their living with writing softwares that are not bugfixed by thousands all around the world.

Recent Comments

Syndication

Spam Blocked

Last 100 visits are from:

Domains for sale:

Open Source Code Contains Security Holes

3 Responses to “Open Source Code Contains Security Holes”