Dakle, desio se jedan vrlo zanimljiv slučaj u kojemu je nešto napravljeno kako bi se korisnici zaštitili a korisnici su optužili krivu tvrtku. Istovremeno, Microsoft nije ništa napravio i u očima korisnika on je bolji, iako je te iste korisnike ostavio na cjedilu!? Zvuči zanimljivo, zar ne?
Dakle, da opišem malo konkretnije što se desilo, samo što ću naravno izbaciti iz priče konkretna imena kako bi zaštitio nedužne (tj. sebe :)).
Dakle, u Oracleovoj Java implementaciji otkriven je ozbiljan propust koji omogućava vrlo jednostavno kompromitiranje računala. Iz tog razloga Mozilla je odlučila onemogućiti Java podršku u Firefox pregledniku. Ako se pitati zašto, odgovor je zato što preglednik ne može forsirati korisnika da nadogradi Java okruženje. Ono što može je spriječiti korisnika da koristi Java Applete dok dotični ne nadogradi Javu.
Međutim, što korisnici znaju o Java programskom okruženju. To je retoričko pitanje jer odgovor je jasan kao dan i glasi: ništa! Ono što oni znaju je da koriste aplikaciju od Jedne tvrtke (TM) - primjetite veliko početno slovo. Ali ne znaju da ta aplikacija ovisi o Javi. U biti, još ljepše je što ti dijelovi koji ovise o Javi nisu nastali unutar Jedne tvrtke, već su kupljeni od Druge tvrtke (TM) - opet, primjetite veliko početno slovo. Uglavnom, aplikacija na Firefox pregledniku odjednom ne radi i eto hrpe gnjevnih korisnika koji optužuju Jednu tvrtku. Međutim, Druga tvrtka nije samo Jednoj tvrtki prodala svoje Java rješenje, prodala je i trećim tvrtkama. Pratite me? :) Ali tim trećim tvrtkama i dalje aplikacije rade, a rade zato što oni svojim klijentima kažu da koriste Internet Explorer koji bez ikakvih problema izvršava ranjivo Java okruženje.
Uglavnom, rezultat su gnjevni korisnici Jedne tvrtke koji su istovremeno zaštićeni, i sretni korisnici trećih tvrtki koje nije briga za vlastite korisnike i koji su ranjivi, a vjerojatno dobar dio njih i zaražen na neki način. Zanimljivo, zar ne. :)
A naravno, tu je i Druga tvrtka koja da iole malo drži do svojih korisnika, direktnih i indirektnih, dobro bi razmislila može li eliminirati Java programski jezik iz svojih proizvoda. U biti ne samo to, ta tvrtka bi obavijestila svoje klijente o navedenom propustu. Ali Drugu tvrtku brine samo profit, moguće i da je nekompetentna (u to neću ulaziti sada) i rezultat je jedan veliki krš i lom!
Showing posts with label Microsoft. Show all posts
Showing posts with label Microsoft. Show all posts
Saturday, April 28, 2012
Wednesday, November 2, 2011
New developments in CentOS world...
Suddenly, there is a flurry of news about CentOS. First, there was some lengthy discussion on CentOS user's mailing list about the current state of the 6.1 release and about the RedHat versus CentOS. Also, on a development mailing list there is discussion about moving CR repository back to main repository. Finally, there was a question on Slashdot about why would someone use RedHat when there is CentOS. So, let me give you a digest of some of the topics that were discussed.
RedHat Company vs. CentOS Project
Relationship between CentOS and RedHat often comes under discussion and suspicion. And with recent changes that RedHat made, some of which made harder for CentOS to follow RedHat, discussions become even more energetic.
It is true that it bacome hard for CentOS project to follow RedHat releases. The reason is that RedHat on purpose made this process more complicated than necessary. That's why people are bashing RedHat assuming that it is complicating things because of a CentOS. But, there is high probability that RedHat is doing this because of Oracle and Novel. Oracle is building it's own distribution based on RHEL and then it is selling services for it. Both, Novel and Oracle, are selling services for RHEL too, and with lower prices than RedHat itself. And Novel and Oracle have much more resources on their disposal than CentOS will ever have. So it seems logical that RadHat is not concerned with CentOS, but with Oracle and Novel. If it were concerned with CentOS than it would be a major tactical error.
Not only that, but CentOS developers are repeatedly stressing that CentOS without RHEL, and RedHat, wouldn't exist, and if you need, or can, that you should buy support from RedHat. This is not done by either Oracle nor Novell. It turnes out that buying RHEL service isn't so expensive, after all, as I'm going to discuss shortly a bit later.
Also, there is information that someone from the core team said that RedHat helped them, but these claims are unverifiable, i.e. I can not find mails where this is written, or anything that could be used as a proof. But, one member of the core team told on a mailing list that they were contacted by RedHat to verify that they (the CentOS team) are aware of Acceptable Use Policy (AUP). It is interesting to follow the tone of this particular discussion. It started as an information that RedHat contacted them and they asked CentOS if they are aware of new AUP. Quickly, this tread turns into bashing RedHat. Finally, the developer in question responded himself. And the conclusion was that it was not hostile neither there was any threatening! The developer again explicitly states that CentOS tries to obey AUP as much as possible.
Finally, from some informal discussions that some users had it turns out that RedHat is looking at CentOS beneficially. But I somehow doubt that RedHat can or will help CentOS, at least not publicly. And may I say that whoever expects from RedHat to do so, isn't expecting the right thing to happen. Instead, those should expect CentOS project to change itself.
As a side note, I didn't know that Microsoft officially supports CentOS, but only as a virtual guest. This is quite interesting.
CentOS Project
It seems to me that the main problem to CentOS is CentOS itself. First, for such a large project more people should be included in the core development team. Second, the lack of communication from core team is also very seriously hurting CentOS. At the time this post was written there was an announcement from Sempember, 1st that only 16 packages have to be built and 6.1 will be released. But it was two months ago, and in the mean time there wasn't any announcement or status update. People that use CentOS are those that need some stability and predictability, and both of those seems to be missed by CentOS. All this makes people look for alternatives, and more frequently than not Debian and Ubuntu popup. I hope that I don't have to explain how this hurts RedHat in longer term.
And while I'm at alternatives, it was rather interesting to find out that there is also additional alternative to CentOS and Scientific Linux based on RHEL, the distribution neatly named PUIAS.
RHEL Pricing model
Part of the discussion were concerned about licensing models. Someone wrongly calculated that you have to pay for a RHEL license $2000/year for 2 sockets (two places for CPU). But then it turned out that there are cheaper options, namely, buy only OS without support services. In that case you are paying $50 for a workstation per year, and 350$ for a server per year. These options are actually very attractive for people that use CentOS for a simple reason that in both cases you don't have support, BUT you do have latest security updates.
Also, there is an option of paying $2000/year for virtualization platform with unlimited number of guests. Furthermore, this options covers RHEL licences in all guests. Obviously, in case you plan to virtualize some other OS, then you'll have to buy licenses for that OS separately.
CR Repository
Apparently, there are also discussion to change how transitions between point releases is done. CR (or Continuous Repository) has been introduced with the idea that security updates are faster released. Even though some are happy with CR, while others are not, it seems that it isn't good enough (TM) solution. First, there are many older installations that don't have installed CR repository. They do have installed updates repository, and they require manual install. This is definitely problematic. Second, constantly some question or something like that pops out in some mailing list. The new idea is that point releases are fixed (e.g. 6.1) while generic release (e.g. 6) is a moving target. All in all, it seems that the change is inevitable but we'll see what exactly is going to happen.
RedHat Company vs. CentOS Project
Relationship between CentOS and RedHat often comes under discussion and suspicion. And with recent changes that RedHat made, some of which made harder for CentOS to follow RedHat, discussions become even more energetic.
It is true that it bacome hard for CentOS project to follow RedHat releases. The reason is that RedHat on purpose made this process more complicated than necessary. That's why people are bashing RedHat assuming that it is complicating things because of a CentOS. But, there is high probability that RedHat is doing this because of Oracle and Novel. Oracle is building it's own distribution based on RHEL and then it is selling services for it. Both, Novel and Oracle, are selling services for RHEL too, and with lower prices than RedHat itself. And Novel and Oracle have much more resources on their disposal than CentOS will ever have. So it seems logical that RadHat is not concerned with CentOS, but with Oracle and Novel. If it were concerned with CentOS than it would be a major tactical error.
Not only that, but CentOS developers are repeatedly stressing that CentOS without RHEL, and RedHat, wouldn't exist, and if you need, or can, that you should buy support from RedHat. This is not done by either Oracle nor Novell. It turnes out that buying RHEL service isn't so expensive, after all, as I'm going to discuss shortly a bit later.
Also, there is information that someone from the core team said that RedHat helped them, but these claims are unverifiable, i.e. I can not find mails where this is written, or anything that could be used as a proof. But, one member of the core team told on a mailing list that they were contacted by RedHat to verify that they (the CentOS team) are aware of Acceptable Use Policy (AUP). It is interesting to follow the tone of this particular discussion. It started as an information that RedHat contacted them and they asked CentOS if they are aware of new AUP. Quickly, this tread turns into bashing RedHat. Finally, the developer in question responded himself. And the conclusion was that it was not hostile neither there was any threatening! The developer again explicitly states that CentOS tries to obey AUP as much as possible.
Finally, from some informal discussions that some users had it turns out that RedHat is looking at CentOS beneficially. But I somehow doubt that RedHat can or will help CentOS, at least not publicly. And may I say that whoever expects from RedHat to do so, isn't expecting the right thing to happen. Instead, those should expect CentOS project to change itself.
As a side note, I didn't know that Microsoft officially supports CentOS, but only as a virtual guest. This is quite interesting.
CentOS Project
It seems to me that the main problem to CentOS is CentOS itself. First, for such a large project more people should be included in the core development team. Second, the lack of communication from core team is also very seriously hurting CentOS. At the time this post was written there was an announcement from Sempember, 1st that only 16 packages have to be built and 6.1 will be released. But it was two months ago, and in the mean time there wasn't any announcement or status update. People that use CentOS are those that need some stability and predictability, and both of those seems to be missed by CentOS. All this makes people look for alternatives, and more frequently than not Debian and Ubuntu popup. I hope that I don't have to explain how this hurts RedHat in longer term.
And while I'm at alternatives, it was rather interesting to find out that there is also additional alternative to CentOS and Scientific Linux based on RHEL, the distribution neatly named PUIAS.
RHEL Pricing model
Part of the discussion were concerned about licensing models. Someone wrongly calculated that you have to pay for a RHEL license $2000/year for 2 sockets (two places for CPU). But then it turned out that there are cheaper options, namely, buy only OS without support services. In that case you are paying $50 for a workstation per year, and 350$ for a server per year. These options are actually very attractive for people that use CentOS for a simple reason that in both cases you don't have support, BUT you do have latest security updates.
Also, there is an option of paying $2000/year for virtualization platform with unlimited number of guests. Furthermore, this options covers RHEL licences in all guests. Obviously, in case you plan to virtualize some other OS, then you'll have to buy licenses for that OS separately.
CR Repository
Apparently, there are also discussion to change how transitions between point releases is done. CR (or Continuous Repository) has been introduced with the idea that security updates are faster released. Even though some are happy with CR, while others are not, it seems that it isn't good enough (TM) solution. First, there are many older installations that don't have installed CR repository. They do have installed updates repository, and they require manual install. This is definitely problematic. Second, constantly some question or something like that pops out in some mailing list. The new idea is that point releases are fixed (e.g. 6.1) while generic release (e.g. 6) is a moving target. All in all, it seems that the change is inevitable but we'll see what exactly is going to happen.
Sunday, October 30, 2011
The rise and fall of the great companies...
It is very interesting to read news about Apple's and ARM's successes on the market on the one hand, and the fall and strugle of some of the undisputed rulers of computing and consumer markets of the not so distant past. Actually, I first think about computing markets, but since it seems that computing market penetrated consumer market and it's hard to distinguish the two, I'll treat them combined.
The main premise of this post is that it seems to me that company's long term success depends on the ability of the top management to anticipate future trends. Let me try to explain that in some more details.
I could start with the illustrations from many time points. For example, DEC. DEC rose from the change cause by the invention of minicomputers. But DEC, as later IBM too, failed to anticipate the rise of personal computers and it costed it its existence (probably along with other management failures).
Then, there was IBM too. In 70-ties it was said that no one has been fired because of buying IBM equipment. IBM's mistake was also that it didn't foresaw personal computers. True, it did make PC and it also make it possible for others to produce PC clones. But that's all, and when they saw their mistake, they tried with PS/2 series, which was failure! Anyway, two giants emerged riding on the wave of PC revolution, Intel and Microsoft, frequently called Wintel. Transition period was 80-ties, and the world domination came in 90-ties. In those times, there were many players, among others HP, Compaq, AMD, Dell. All of them, more or less, managed to profit from PC sales. There was also Apple. Apple succeeded during 80-ties to position itself as a producer of successful workstations with GUI, but because it was expensive it was always niche, and because it was niche, it fall down during 90-ties. Possibly, it was also a lack of vision, but I think that somehow the main reason is that at that time computers were used by people that know something about computers and which wanted something cheap and rarely they were thinking about the design.
So, at the end of the 90-ties Microsoft was on a height of its power along with Intel. And very few people, including myself, saw anything that would change that any time soon. But then, something happened that triggered the change. Actually, we can see two different things that caused two different effects. Basically, two changes happened that damaged existing companies and allowed new ones to appear and/or rise.
The first one was the fusion of mobile phones and computers, and penetration of computers into consumer markets! Intel and, especially Microsoft, were caught unprepared. They didn't have adequate products for that segment of market, and what they had wasn't marketed appropriately. In a way they were prisoners of desktop mentality. Apple on the other hand had Steve Jobs that not only foresaw this coming, but in a way was the initiator of this change! This change cause damage to Intel and Microsoft. Intel was producing desktop and server processors, and had no product for mobile phone. Here ARM benefited. And not only that ARM dominates mobile phone markets (by mobile phones I also mean tablets and such) but this momentum is allowing them to slowly enter the server markets too (e.g. read this)! Now both, Intel and Microsoft, are trying to catch that wave.
The second wave is the shift from computer production to services. Mass computer production become less and less profitable, and notebook market is rising. The exemption here are high end Unix servers (and partially Windows server). That change was foreseen by Samuel Palmisano. He oriented IBM from mainly computer production company to services company. One of the notable steps he did is when he sold Thinkpad brand to Lenovo. Of course, IBM still produces high end Unix servers and mainframes. Anyway, that brought IBM from its knees to become stronger than Microsoft, something unimaginable 10 years ago.
It's very interesting to watch what's happening because it seems to me that this is in a way comparable to a fall of great empires of the past, and USA of lately. :) It's also interesting to find out how to predict those changes, because who manages to predicts the changes that will come, will have a chance to rule the global market of the future.
The main premise of this post is that it seems to me that company's long term success depends on the ability of the top management to anticipate future trends. Let me try to explain that in some more details.
I could start with the illustrations from many time points. For example, DEC. DEC rose from the change cause by the invention of minicomputers. But DEC, as later IBM too, failed to anticipate the rise of personal computers and it costed it its existence (probably along with other management failures).
Then, there was IBM too. In 70-ties it was said that no one has been fired because of buying IBM equipment. IBM's mistake was also that it didn't foresaw personal computers. True, it did make PC and it also make it possible for others to produce PC clones. But that's all, and when they saw their mistake, they tried with PS/2 series, which was failure! Anyway, two giants emerged riding on the wave of PC revolution, Intel and Microsoft, frequently called Wintel. Transition period was 80-ties, and the world domination came in 90-ties. In those times, there were many players, among others HP, Compaq, AMD, Dell. All of them, more or less, managed to profit from PC sales. There was also Apple. Apple succeeded during 80-ties to position itself as a producer of successful workstations with GUI, but because it was expensive it was always niche, and because it was niche, it fall down during 90-ties. Possibly, it was also a lack of vision, but I think that somehow the main reason is that at that time computers were used by people that know something about computers and which wanted something cheap and rarely they were thinking about the design.
So, at the end of the 90-ties Microsoft was on a height of its power along with Intel. And very few people, including myself, saw anything that would change that any time soon. But then, something happened that triggered the change. Actually, we can see two different things that caused two different effects. Basically, two changes happened that damaged existing companies and allowed new ones to appear and/or rise.
The first one was the fusion of mobile phones and computers, and penetration of computers into consumer markets! Intel and, especially Microsoft, were caught unprepared. They didn't have adequate products for that segment of market, and what they had wasn't marketed appropriately. In a way they were prisoners of desktop mentality. Apple on the other hand had Steve Jobs that not only foresaw this coming, but in a way was the initiator of this change! This change cause damage to Intel and Microsoft. Intel was producing desktop and server processors, and had no product for mobile phone. Here ARM benefited. And not only that ARM dominates mobile phone markets (by mobile phones I also mean tablets and such) but this momentum is allowing them to slowly enter the server markets too (e.g. read this)! Now both, Intel and Microsoft, are trying to catch that wave.
The second wave is the shift from computer production to services. Mass computer production become less and less profitable, and notebook market is rising. The exemption here are high end Unix servers (and partially Windows server). That change was foreseen by Samuel Palmisano. He oriented IBM from mainly computer production company to services company. One of the notable steps he did is when he sold Thinkpad brand to Lenovo. Of course, IBM still produces high end Unix servers and mainframes. Anyway, that brought IBM from its knees to become stronger than Microsoft, something unimaginable 10 years ago.
It's very interesting to watch what's happening because it seems to me that this is in a way comparable to a fall of great empires of the past, and USA of lately. :) It's also interesting to find out how to predict those changes, because who manages to predicts the changes that will come, will have a chance to rule the global market of the future.
Thursday, October 13, 2011
Dennis Ritchie died...
Well, another great figure of computing has prematurely left us, according to reports on the Internet. This one isn't so well known like Steve Jobs, but his work certainly matches the one done by Jobs, and in my humble opinion, even exceeds it. His "problem", sort to speak, is that he did everything in the core area of computer science, not in the consumer part, and he did majority of his work during the years when most people even didn't know that computers exists.
The guy is Dennis Ritchie, and he invented C programming language and also took important part in the development of Unix operating system. His influence was and is great. For example, Android smart phones today all run on top of Linux, which itself started as a Unix derivative. MS DOS was a very poor copy of Unix, and it was evident that it tried to copy Unix. Windows NT in part was also influenced by Unix. Not to mention MacOS X which, in its core, is Unix! And today's biggest businesses run their core services on Unix machines, not Windows.
The C programming language was, and still is, extremely influential. First, majority of today's operating systems are written in C, and all the other languages have ability to link with libraries written in C. There are numerous applications and libraries written in C. C is, in essence, lowest common denominator. Furthermore, we have today many languages which directly or indirectly borrow features from C. For a start C++ started as an extension to C. Which itself influenced many other object-oriented programming languages. C's influence can be traced also in all other non-OO languages.
All in all, I'm very sad that he passed away. RIP Dennis Ritchie.
The guy is Dennis Ritchie, and he invented C programming language and also took important part in the development of Unix operating system. His influence was and is great. For example, Android smart phones today all run on top of Linux, which itself started as a Unix derivative. MS DOS was a very poor copy of Unix, and it was evident that it tried to copy Unix. Windows NT in part was also influenced by Unix. Not to mention MacOS X which, in its core, is Unix! And today's biggest businesses run their core services on Unix machines, not Windows.
The C programming language was, and still is, extremely influential. First, majority of today's operating systems are written in C, and all the other languages have ability to link with libraries written in C. There are numerous applications and libraries written in C. C is, in essence, lowest common denominator. Furthermore, we have today many languages which directly or indirectly borrow features from C. For a start C++ started as an extension to C. Which itself influenced many other object-oriented programming languages. C's influence can be traced also in all other non-OO languages.
All in all, I'm very sad that he passed away. RIP Dennis Ritchie.
Thursday, October 6, 2011
Steve Jobs...
Internet is full of news about the premature death of Steve Jobs, after all he was only 56 years old! And no matter what we think about Apple, or maybe even Steve Jobs, we have to agree that he, and the company he founded, made a significant mark on many lives, actually even more than that, in a way, he changed our culture.
I was reading what others have said about Jobs, most notably Bill Gates, and it occured to me that Jobs but also Bill Gates, Steve Wozniak, and many others represent one period of computer industry development in which individuals were the main driving force! This was the period of invention and popularization of microcomputers. And this period was actually over by 2000, or something like that. Of course, there is other one, newer and equally important and popular event, and that is popularization (not invention!) of the Internet. But that's another story, since the people that took part in it are on average younger and will be with us for a much longer, actually, some of them probably even after us (me!).
Now, it is also true that even though the computing industry is quite young many pioneers have already died. Still, Jobs is specific for two reasons. The first one is that he created Apple, and lived within a time period when I was growing up and learning about microcomputers. I read and heard so much about Apple and NeXT, about Apple II and Macintosh, but also about him during majority of my life. All this means that, in a way, he was a part of a world I was used to live in. The second reason why Jobs death is so important is that he was known by many people, he made computer and other "computerized" gadgets status symbol and commodity in the same time. So many people are actually aware of him.
I have to mention Google. Google is the only company that payed tribute to Steve Jobs by placing a link beneath search box on their main page, which will take you to Apple's pages. I looked what Microsoft and IBM did, and they did nothing. Now, I know they are the businesses and as such can not and should not pay tribute to someone not from the company, and not highly positioned within the company. Still, because of this I admire Google's action even more.
For the end, I'll just say R.I.P. Steve Jobs, the computing industry, even the world, will not be the same without you.
Here are two links I recommend: Apple's logo variation and Steve Jobs' great speech given to Stanford University students.
I was reading what others have said about Jobs, most notably Bill Gates, and it occured to me that Jobs but also Bill Gates, Steve Wozniak, and many others represent one period of computer industry development in which individuals were the main driving force! This was the period of invention and popularization of microcomputers. And this period was actually over by 2000, or something like that. Of course, there is other one, newer and equally important and popular event, and that is popularization (not invention!) of the Internet. But that's another story, since the people that took part in it are on average younger and will be with us for a much longer, actually, some of them probably even after us (me!).
Now, it is also true that even though the computing industry is quite young many pioneers have already died. Still, Jobs is specific for two reasons. The first one is that he created Apple, and lived within a time period when I was growing up and learning about microcomputers. I read and heard so much about Apple and NeXT, about Apple II and Macintosh, but also about him during majority of my life. All this means that, in a way, he was a part of a world I was used to live in. The second reason why Jobs death is so important is that he was known by many people, he made computer and other "computerized" gadgets status symbol and commodity in the same time. So many people are actually aware of him.
I have to mention Google. Google is the only company that payed tribute to Steve Jobs by placing a link beneath search box on their main page, which will take you to Apple's pages. I looked what Microsoft and IBM did, and they did nothing. Now, I know they are the businesses and as such can not and should not pay tribute to someone not from the company, and not highly positioned within the company. Still, because of this I admire Google's action even more.
For the end, I'll just say R.I.P. Steve Jobs, the computing industry, even the world, will not be the same without you.
Here are two links I recommend: Apple's logo variation and Steve Jobs' great speech given to Stanford University students.
Subscribe to:
Comments (Atom)