Follow Slashdot stories on Twitter


Forgot your password?

PC software so bad, BugNet refuses to post award 145

For the first time since 1994, BugNet will not be issuing an award this year. BugNet's awards go to those Windows-software companies that have debugged their software the best during the year. Apparently bug fix rates have declined with every new mass market version of Windows. The article also mentions that BugNet discovered a bug in FrontPage which allows users to delete their entire hard drives -- including Windows itself -- without a clear warning. Apparently they were told this was a feature, not a bug. In related news, NT 4.0 has failed FIPS 140-1 testing, meaning it cannot be sold to the US or Canadian governments.
This discussion has been archived. No new comments can be posted.

PC software so bad, BugNet refuses to post award

Comments Filter:
  • I'm not sure what you think was acrimonious. The interviewer kept baiting RMS to bash Linus, and RMS gave Linus the credit he deserves and explained what his differences with Linus were.

    RMS seemed remarkably unruffled considering the antagonistic nature of the questions, IMHO.

  • Who said anything about giving (l)users rights to compile/install software?
  • Anyone got any information on Linux's compliance?
  • Besides, back in 1989, I don't believe that Office had nearly the popularity (stranglehold?) that it does today.

  • Posted by antivert:

    is failing. They're getting tired of fixing bugs on the new systems. As long as one programmer doesn't like a bug in open source software, it will be fixed. Of course.. this went without saying.

    And the PC bug problem is getting worse. BugNet's data indicates that bug fix
    rates have declined with every new mass market version of Windows. The bug fix
    rate for Windows 3.x (OS and apps) was/is higher than for Windows 95, and
    Windows 95's bug/fix rate was/is higher than Windows 98.
  • Posted by wraith-q:

    Wasn't it just a short while ago we heard that the stock exchange or some other big national financial institution wanted to run on NT? This should hopefully make them reconsider...
  • Posted by antivert:

    First of all, it's "whore". Secondly, what on earth are you talking about?
  • Posted by Ken Keenan:

    I was going to do the decent thing and register but the idiots who designed the registration form are apparently unaware that there are countries in the world that have different address formats than the US...

  • Posted by Mephie:

    I can see it now:
    US Bombers plunged into the sea today when Iraqi hacker 2l337.4U mounted a huge teardrop attack. The bombers, running NT4, had incompatable hardware and were forced to run Service Pack 2.
  • Really, it isn't a bug in Frontpage. I'm serious. Would this sort of bug ever appear in Linux? No, because it has a logical file system organization and a protected file system. You wouldn't give Frontpage root permissions, so even if it tried to delete everything, it couldn't. Fundamentally, it's a design flaw in Windows.
  • >many an EXPERIENCED root user has accidently slipped up and typed rm -rf /* instead of rm -rf ./* or got clobbered by a history mistake.

    It makes me wonder if there shouldn't be consideration given to having more than just a root/regular user distinction. The ultimate permission level would be the ability to delete or change OS files, while the most restrictive permission level would be only to change files in one's own directory, or maybe not even that directly. However, without thinking about it for a while, I'm not sure how easy it is to classify things like access to the serial ports, etc.
  • Well, gosh, the State Library system in my state (Alaska) hates MicroSoft products so they use OS/2 and WordPErfect office suites for OS/2. Send them word files? Tough luck, pal.

    There are choices. Too bad the Pointy-Haired idiots who makes these purchasing choices can't be held responcible for the lost productivity their lack of integrety causes. :(
  • i have actually been seeing alot of buggy poorly suported software showing up for linux.

    Well, then, you should write a letter to the publisher of the software and cancel the terms of your licensing agreement and request a full refund of the purchase price.
  • This little bug cost one unnamed company that is Not siemens, (wink) half a million. Thats not good.

  • What's amazing is how in the hell can an APPLICATION wipe out the OS it's running under

    $ su
    # rm -rf /
    # ls
    bash: ls: No such file or directory

    Linux (and Unices in general, AFAIK) is probably better than Windows at letting you delete the OS out from under you, due to its filesystem design. I have actually done the above (on a box that was going to be wiped out anyway) and it works. Everything that was running stays running (until they go looking for more files, that is). If a file in Windows is in use, Windows won't let you do anything with the file. (In some cases, you can't even read it. I've never seen the backup utility that comes with NT do a sucessful system restore, because it never manages to back up files in use.)

    --Phil (In the Unix world, "the user is always right". In Windows, "Microsoft is always right". I know which one I like.)
  • Despite my efforts to drag this subthread off topic, you insist on trying to make it relevant. :) (I wasn't really trying to defend anything. I just wanted to point out that Linux can do a pretty good job of letting you delete the OS out from under yourself.)

    As far as the FrontPage "bug", I don't consider it to be a bug. That's probably because I'm used to my computer doing exactly what I tell it to (and not always what I want it to do). If you tell it, "this is my web directory," and then, "delete everything in my web directory," guess what it does? The problem's really more with the OS that doesn't implement multiple users and file restrictions.

    --Phil (As usual, this is my point of view. Yours probably differs.)

  • from

    What documentation is required for certification?

    Documentation can be in many formats, but must include the following:

    Non-Proprietary Security Policy
    Finite State Machine
    Master Components List
    Software/Firmware Module Descriptions
    Source code listing for all software & firmware within cryptographic boundary
    Description of module roles and services
    Description of lifecycle key management
    Algorithm Conformance Certificates
    FCC certificates for EMI/EMC compliance


    This alone puts Linux in a good head start to FIPS compliance. I liked the words "Non-Proprietary" and "Source Code listing" best.

    They look to be more general specifications for good security. The NSA did a lot of work in coming up with them and they really would be a good idea for just about everyone who is doing anything half way sensitive.
    ^~~^~^^~~^~^~^~^^~^^~^~^~~^^^~^^~~^~~~ ^~~^~
    ABORTED effort:
    Close all that you have.
  • Actually, on my system, even as root, I cannot destroy my system with rm -rf / though that would damage it. Reason? critical filesystems are mounted ro. I would at least have enough system left to boot, and restore from tape.

    Remember, Windows is supposed to be friendly and easy to use. Thus, things like that are to be considered bugs.

    It's not a bug in Unix because Unix has allways been: run as root and you're on your own.

  • I'm not so sure there will be a lot of drifting back.

    So far, the proprietary crowd is mostly ignoring their problem. I think that once businesses (especially busineses) try free (as in speach) software, they will find many reasons not to go back.

    One big issue that is often ignored is the actual cost of licensing. The license itself is just the start, add to that lost productivity when dongles malfunction (or cause other hardware to malfunction), or keys are lost, or the hardware gets upgraded, and the license management refuses to recognise it as the same machine. Now, add the cost of software tracking and auditing to assure compliance with licensing (a huge issue for a large corperation).

    In addition, the y2k debacle is now teaching the value of having the source. Part of the problems being faced now is legacy programs with no source code, and the vendor is long gone or has decided that this is a great way to force upgrades and gouge.

    In spite of that, there will be some drifting back, because bad management decisions are everywhere, but I don't think this djin can be shoved back into the bottle.

  • Notice that the major problem isn't so much that the software is incredibly buggy, but the fact that the _developers don't seem to care_. This is EXACTLY the greatest advantage of open source software -- if the original developer doesn't care about your bug, you can fix it yourself, or hire somebody to fix it. With cathedral software, if M$ doesn't have time to fix your bugs while they're adding twenty-seven thousand new Wizards to Word 2000, you're screwed.

    Somebody oughta point this out to BugNet.
  • I hate Microsoft Operating Systems for two primary reasons, which are based on the same thing:

    1. Instability.
    2. Refusal to address the problem properly (fix the damned crashing/security holes BEFORE adding features that YOU think we need, BEFORE adding on/developing your own proprietary 'protocols', and BEFORE you fsck over the little companies that have a great idea that you think would be nice in the next version of windows)

    Note I said MS.OS's, and not MS themselves. I think BG is the greatest marketer of all time, and there are actually some MS products I like, and wish I could use in linux. I wish a product similar to Outlook could be developed, where the same database is used for all actions (ContactsEmail clientCalander). There are definately shortcomings to Outlook, but the whole idea is quite nice.

    I think that Linux has the potential to overtake Microsoft on the desktop. I am almost certain that Linux will overtake MS on the server front. Period. I think you are talking about an entire distribution of Linux, not the kernel (this loose collaboration of developers just hasnt worked for the stability of the Linux kernel. A MS kernel with "a single company to take control, and focus the development of the OS" has been proven it works.).

    I agree that any look (I personally dont like the windows look, not to say everyone has to) that is constant, is better than the mix of GTK/QT/Motif/et al. I wish we did have a single look, but on the other hand, thats the fun of Linux: CUSTOMIZATION. My box looks NOTHING like those of my friends', and its good that way: much more productive.

    Linux has a LONG way to go to overtake the desktop monopoly MS has created. THIS, I believe is in the hands of BOTH the companies that distribute (Redhat's installs of hardware components is quite nice...sndconfig helps. we need something like that for PnP stuff), and for the developers of their programs (make things as easy as possible - thats why I like RPM [havent tried other packages/managers] - its the way a binary was *supposed* to be distributed).

    anyways...just my $0.02
  • If you hadn't actually had some real, on-topic and/or relevant content in your post, it would have disappeared already.

    I see no huge reason why your post should be moderated down, even though half of it is junk.
  • If the original author put out the work under the Gnu GPL, then they've explicitly granted any and all permission to fork development if they so wish.

    The truth of the matter is that there are many, many classes of free software, from the mature and well supported (Linux, Apache etc) through to early alpha code (cicq, anyone?).

    It would be *really* interesting to see statistics on the ratio of bug reports to fixes, mean time between report and fix, etc etc

    I bet the "non-beta" free products will look better than proprietary software in these tables.
  • I am currently reading Tog on Software by the software design guru Bruce Tognazzini. As well as impressing me with his picture of how computers and information systems may be used in a few years time, Tog has made me really mad at much of the software I use every day.

    Here are some examples:

    • Microsoft Outlook has lots of great features that I like to use - but it is veeerrry slow
    • Internet Explorer and Netscape do excellent jobs at rendering HTML but every so often they hang, locking up my computer completely
    • Windows 95 cannot keep track of shortcuts properly if you move the destination file, even though the OS has an adequate searching tool
    • Yeah Write, the editor I am currently typing this in doesn't let you turn off smart quotes completely, instead I have to do a replace all or type each quote twice to prevent squiggly quotation marks

    These problems are caused by poor design. And the fixes/patches to the programs and the new releases don't fix this basic problem.

    Let's take Outlook as an example. In the movie Hotshots part Deux, Charlie Sheen is a member of a commando team going into to: "get the boys who went in to get the boys". Outlook 98 is a program designed to fix the faults in a program designed to fix the faults in Inbox/Schedule+.

    It has a Web-based UI on top of a buggy amalgam of components that would make more sense to be used as separate applets.

    Tog suggests a document-centric approach with software applets as the tools that people use to create these documents. At the moment this kind of technology is in it's infancy - hands up who use OLE objects in the documents often?

    The small applet approach is already used in the UNIX world every day. But tools such as grep, find, ispell, awk and sed are for geeks and the odd curious user. Not the likes of my mother, or even the Excel jockey in accounting. Once again, design is the key.

    Tog is a proponent of assuring quality by involving all parties at all stages of the software development process. He makes several comparisons to the automobile industry, particularly the influence Japanese attention to quality had on American car manufacturers. He points out several lessons that can be learned from this industry.

    IMHO, it will take a revolution in thinking to prevent PC software from becoming more and more buggy.

    • We need to pay more attention to the design of the software - right from the beginning.
    • We need to fix bugs when they are found and better still prevent them from happening in the first place with strict attention to quality. As Tog points out: Quality is free
    • If it helps, we need to start all over and design the thing again from the ground up - look at the latest version of MS Office for the Mac, it's bigger and slower than the previous version but people love it because it works the way they expect.
  • ...the link to the interview with RMS?

    It's dated 1/11/99 and I know that I have not seen it before. It's a pretty good q&a session.
  • You know, I had these files I was trying to delete. So I go and "rm -rf" the directory, and all of a sudden, all these .html and .gif files appear. Out of curiosity, I checked it out with a browser. Gosh! My files had all been automatically converted into a DHTML-enabled Web site, complete with ActiveX(tm)(r)(etc) applets! Gee, I thought rm was for deleting files! Well, duh!

    :-) :-) :-)

    Here's a hint, oh clueless one: If I want to delete files, I'll use Windows Explorer. If I want to write Web pages, I'll use FrontPage (err... maybe not). I (should) no more expect FrontPage to delete my hard disk than I should expect Windows Explorer to write my Web site for me.

    Who needs software with "features" like that? Is this an example of Microsoft "innovation"? "FrontPage 2000, now with disk partitioning software and the revolutionary ActiveFormat(tm)(r)(etc) control built in!"

    Oh, and before you reply, mentally count out a list of popular development tools that give you the "convenience" of project deletion from the hard disk besides FrontPage. I'm sure even you can count that high.
  • The ideal computer just didn't fly. It had apps, support, ease-of-use, and a great and stable multi-tasking OS, in 1989.

    It was the NeXT.

    Neat, Linux also fails FIPS 140-1 since it does not meet a requirement of Security Level 1 for OS design:

    "- All cryptographic software shall be installed only as executable code in order to discourage scrutiny and modification by users. "

    Heh :-)

  • The URL I posted is correct.

    I think you misunderstand the source code requirement. I suspect having the source code easily available to the end-user, i.e. Opensource, would tend to violate the intent of the requirement, even if it is not installed.

  • by dew ( 3680 )
    Great, so Windows is widely supported with hardware drivers, but has buggy programs, Macintosh has a clumsy OS but excellent programs, and Linux has an excellent OS with few user apps, minimal hardware support, and less-than-ideal UIs.

    *sigh*...Fact is, I don't think that anyone has made anything near "the ideal computer" yet. Everything should just work, like a good toaster. Sun probably came the closest of anyone: I remember in 1991 seeing a sysadmin unpack a new Sparc, plug it into the network & power and turn it on. It found a server with its operating system on the LAN, loaded it, discovered its identity, started all of its network services, configured itself, and was ready to be logged into. Just like that, no questions asked.
    David E. Weekly (dew)

  • Not so bad anymore, but x86 2.5.1 was a nightmare and their hardware lists were horribly tight.
  • It was nice, but a-la the Mac was a niche product. It really didn't have a chance to evolve into a great machine that everybody could use.
  • I would have thought that the FIPS thing would have made a separate story from the entirely different bugnet story.

    The fact is that unless you have a specific need for a trusted computer base (TCB) OS, you don't need to comply with the FIPS standard. The vendors who will sell you these emasculated products do so because they will only guarantee them as FIPS compliant on:

    • a particular hardware combo
    • only one type of OS install (if you don't need feature X, tough. If you require feature Y, but that's not in the standard install, tough. You add Y by yourself, and it's no longer FIPS compliant).

    It's not surprising that NT (or any PC based OS) has failed the initial testing round of this tough standard. But unlike the way it's been mentioned in the original post or the many many replies so far, NT can still be purchased by the US/Can government, just not for FIPS/TCB certified work.

    Part of the problem is the US government and the No Such Agency are busy foisting crippled crypto on consumers. Microsoft always target 95% of the market when making new products. They do this to make money. They're not truly interested in directly marketing towards that last 5%, such as supercomputers, TCB, or PGP users. The crippled crypto brought about by the same agencies that require TCB platforms for their work have directly influenced MS in making comprimised choices about CryptoAPI that satisfy their paranoid world view. I'm glad that they've managed to screw themselves in this way.

    TCB installations are big dollar items, and good for the ole rod length check (yep, mine's just as big^Wsecure), but the reality is that it will probably make MS less than 1% of their total net revenues for NT Server sales if they make FIPS certification. That is terrible ROI for the shareholders. And expensive every time new hardware is released. I doubt that Digital, Sun or HP make much from their TCB products, but they do target that last 5% of the market.

    So, Linux (and all PC based general purpose OS's) will have a tough time being certified without completely specifying the hardware and installation combo. Redhat might be able to make a combo that works and passes on certain specified hardware, but you'd be surprised at the sheer lack of anything usuable left on the installation and the pain of actually using and modifying that setup.

    Digital's TCB support, which I looked at implementing, to get shadow password support, made Digital Unix 4.0D so paranoid that it made life very difficult to actually do anything once it was implemented. It made su practically useless (well, okay, so it has some benefits ;-) Just remember these things when you say you want Linux certified. You'd have to be certifiably insane to actually use it.

  • If you're stashing unclassified files on a file server, but do not need to encrypt them, why buy a FIPS level 1 or 2 compliant system?

    If you're setting up a print server to print social security checks, I fail to see how FIPS is useful there, especially as none of the known print server protocols (lpd, etc) have in built encryption.

    There are so many different, non encrypting services that I can't see the point unless you have a specific requirement to do it. Don't get me wrong, I think that some form of achievable and modern practice security is necessary (coupled with high level crypto), but it's going to be so long before people realise that just because a software package has a FIPS-140.1-Level 1 or 2 sticker that their environment is not necessarily secure. It's not a panacea.

    To give an example, you have a Digital 8200 loaded with DU 4.0D and TCB extensions turned on. You have your program written to use 128 bit encryption when it stores data. But you let your users use X-terms and telnet sessions to access the data, which travels in clear text. Few people take the time to learn the proper strategies, and treat security seriously as a wholistic exercise.

    There's no point if you have a water tight server if you're clients are telnetting in using PPP over a POTS line to that secure box. You may as well use Windows 95 for the server and saved the money.

    Don't get me wrong, I use PGP and ssh, but as a security consultant, I try not to waste my client's money if they're not prepared to spend time securing their entire system.

  • If this is all for real, I wanna know... be really interesting conversation.
  • why MS says their products are "feature-rich."

    Customer: "I was just working, and it wiped my whole hard drive."

    MS: "That's not a bug, sir, it's a feature!"

    Customer: "I can't get anything done, though... maybe I'll try another OS."

    MS: "But sir, our OS has a LOT more features, doubling every release! Wait until you see the features in our NEW version."

  • If this gets confirmed, I wonder if it'll affect the trial. The quote at the bottom by the government guy seems a pretty damning statement. Soemthing about the government not doing anything about it because there are so few choices in the marketplace. A monopoly so deep, it's got the US government strapped.
  • Anyone can put money into Linux. Redhat does. Corel does. All of that money gets used to develop the operating system even further.

    Direction? You know where Linux should go? Make it go there yourself and reap the profits. Or let RedHat do it, with all that money from Intel and Netscape coming in, and every other company that would like to see Microsoft's power be dropped a notch or two.

    Microsoft has nothing on Linux.
  • Does failing the FIPS 140-1 test mean that the US Navy can't use NT on its ships? That would *rule*.
  • There's no law that says any part of the login procedure on a Linux machine has to be open-source.. somebody could easily write a closed-source system with crypto code in it that'd get around this particular element of FIPS.
  • Good grief you're a bitter little turd, ain'tcha?

    Now, do *you* have anything important to contribute to this thread, or are you going to generate some more irrelevant insults? Who, for example, gives a flying rat's ass about whether you stole someone's girlfriend? I certainly don't.

    The fox smells his own hole ... look who's ranting, monkey :) This post of yours is *NOT* on-topic. You seem to be the one experiencing some post-relationship anxiety (try dating outside the family ... works wonders :P (since you love tossing stupid insults around :)). Mebbe you should see a good therapist about that.

    Note, folks, that Zico here is using a account -- owned by Micro$oft of course.

    And to answer the question posed in the subject: Yes, Anonymous Cowards are much more human than you are acting.
  • I'd rather shell out some cash for software that does work than have to deal with free software that doesn't. I'm not referring to any real-life examples, and I'm not trying to say that anything Microsoft makes is good (hell no!) I'm just pointing out that the at-least-you-didn't-have-to-pay-for-it excuse doesn't work in RL. Especially in large corporations. And large corporations is who you have to aim at if you want Linux to become popular, because it will cause them to bitch at the hardware manufacturers to write drivers, etc etc. Am I right?

  • by pen ( 7191 )
    I sense a very mature and intelligent person. He must be very elite.

    This reminds me of this one time some kid wondered why noone just "writes a proggie that will winnuke every ip from to" I don't know why, it just does.

  • I sense a very mature and intelligent person. He must be very elite.

    This reminds me of this one time some kid wondered why noone just "writes a proggie that will winnuke every ip from to and bring down the whole internet" I don't know why, it just does.

  • Seriously, what would it take?

    If Linux was certified to be sold to the government, and NT was not, we would be in an interesting situation (to say the least).

    Ben Tilly
  • "Why bother producing fault-tolerant software when you have managed to create fault-tolerant users?"

    Ben Tilly
  • NeXT did have a limited range of apps, but the apps it had were works of art. SuperDraw was a real pleasure to use.

    The version of NeXT (v3) I used was running on a P90 using a normal HD (Perhaps Magneto Optical was only compulsory on NeXT hardware?).
  • the only glitch is, that it doesn't ask
    which distribution you would like to install...


  • Product vendors must sell features in order to avoid a major legal issue of making people pay again for a working version of what they already bought.

    There is also the cost of issuing parallel maintenance releases for old code (of course, this is the right thing to do, I hate upgrading for bug fixes!).

    Also, over-leveraged products end up only working for the least common denominator of customer, the sweet-spot in the marketing dept's product matrix.
    The customer only realizes that the product won't meet their needs when they try to deal with their non-common requirements, which they assume the vendor though of.

    The mass market product paradigm is totally broken for custom solution providers, because there are very few customers who don't have needs outside the product matrix sweet-spot. Only open source code can allow custom solution providers to add and improve features where they are needed for customers.

    The software isn't buggy, but the process and business model around the development of software is. Customers are getting shafted while vendors make billions. This is only tolerated because customers have not seen better quality. Customers have not seen better quality because good software companies get bought or predated before they can upset the status quo.

    Upsetting the status quo will take many good open source developers building quality software and providing quality services that allow their informed customers to out-compete their rivals in both technology and non-technology markets. Those who succeed at this task must then make the very hard sacrifice of not accepting a wad of cash to stop the good work they're doing, once they realize the truth behind a buyout offer from a large software company. After that, they must be prepared to show off their successful projects in the face of massive negative P.R. Their customers must so satisfied that they reject the anticompetitive free services offer from the large software company.

    I for one would rather go through the fight than get paid off. Hopefully there are others who feel the same way. It is up to us to make this a better place to work and live.


  • No lawyer can take 90% of of a class action. I've heard of 50%, but that is rare, more like 33% max. There are laws that limit a lawyer's share of class actions. The lawyer bashing on this site is ridiculous for a readership that is largely educated. Act like it.
  • A bug of unrivalled destructive power has been unearthed in the Unix rm command, industry sources revealed. Apparently, this bug has the potential to completely wipe a filesystem without alerting the user to the consequences of their actions. Simply by gaining root access and typing rm -rf /*, a life's work can be gutted like the salmon that nobody loved. One industry professional was quoted as saying: "Fsck me, I knew the CLI was powerful, but this is terrifying!".

    Unix experts claim that the chances of accidentally issuing this catastrophic command by mashing your fist against the keyboard is quite low. One expert was heard to mutter that "if you're that much of an idiot you deserve what you get", but refused to be named.

    Work on solving the "rm *" problem is proceeding. One group, the GNOME project, is developing a Unix GUI that they expect will block access to the CLI's more destructive features. Meanwhile, paranoid sysadmins are implementing safety precautions, such as not allowing all users to su to root, and global aliasing of the rm command to rm -i. Only time will tell if these measures are successful, or if they're too little, too late.

    K. -

  • I don't know about air, but water's definitely
    a viable alternative.

  • " ... the company contracted to design the system for the navy has accepted full responsibility ..."

    Reference, please?

  • --what a nitwit answer. Other than disk-formating/partitioning--obviously--apps, I have never heard of any app on any damned platform that allowed the user/admin to DELETE the entire root directory of a hard-disk/disk-partition! You would think that Microsoft's engineers would have had the brains to have FrontPage automatically detect when a directory is the FUCKING ROOT DIRECTORY!

    You'd also think that the damned OS would somehow provide some protection from this kind of thing. What's amazing is how in the hell can an APPLICATION wipe out the OS it's running under--Windoze won't let me drag its folder to the
    Recycle Bin or simply right-click>"Delete"--I just tried and still no luck damnit!--bit it WILL let FrontPage? Such brilliance and innovation comes only from Microsoft!

  • Seven some responses to this post, and not one person can get around to mentioning that FIPS (if you'd bother to look at the link) is a cryptographic standard, and that '"FIPS 140-1 is very important, but there aren't enough products to buy," says the Defense Department's Schaeffer'.

    Instead we get a bunch of moronic posts discussing how Linux is a better web server and how NT Admins are point-and-click. And one guy who's so mad at Microsoft, that he sounds like he's about to cry.

    My guess is that FIPS is some sort of artificial standard that will only be in certain very specialized applications. No, the federal government is not going to dump NT and install Linux on all of the Bureau of Agriculture's 486-50s! In fact, odds are that Linux will never be FIPS-certified, nor will anyone really even care.

    Why is this place reminding me of an Amiga BBS?

  • I don't know what the Navy's attitude was towards it. The guy I talked to was more a mac and unix person so he thought it was as stupid as I did (though a mac on a navy ship would probably be just as bad) Anyways according to him they basically scrapped the idea till microsoft can fix it
  • It's a bug.

    It's perfectly reasonable to want to put a web
    in an existing directory that may have other things in it. There's no explanation at the
    time of creation or deletion of a web that
    the web consists of all files in this directory.
    It's also something that could happen very easily
    by accident.

    Their admins are only idiots for using a
    POS like FrontPage.
  • We all know about the rampant bugs in the M$ world already. Personally, I think the FIPS article is more interesting (even if they do make you tell them stuff before letting you see it... grr... ) In any case, if nobody is supposed to be using uncertified software, maybe someone (RedHat? Caldera? Or even Debian!) should submit Linux for testing. If Linux or one of the other OSS OSes were certified and WinNT wasn't... well, that might prove interesting, don't you think?
  • "Microsoft has raised issues with our original story. Pending an investigation into its claims, we have pulled the original story offline."

    of course microsoft raised issues ...
    ... who would like a story like that about one of your of apps/os:es to be out in the free ...

    // Cthu
  • I never used Word6 for Mac, but I heard it was like waiting for paint to dry. I heard stories like 3 to 6 minutes just to start up. Word 97 in VirtualPC [] ran as fast as Word 6 native. Word 98 is much faster than that, although still not as fast as Word 97 on Pentium or Word 5.1a running emulated. :-P
  • Anyone notice that the netscape security module is
    rated as FIPS-140 Level 2 with Level 2 with Sun Sparc 5 w/ Sun Solaris version 2.4SE

    and only level 1 with NT workstation in single user mode?

    Maybe there is an alternative.

    p.s. isn't fips the tool we use to shrink our windoze partition down to 50 MB before we install linux. ;-)


    Overall Level: 2

    They have a list of certification products and levels at
  • We'd love to. We've been pressing our management for the past 6 months to allow us to try and evaluate Linux to C2. They dont think there would be enough interest in the results. I'm sorely tempted to insert their email addresses here, but I'm not _that_ cruel.

    So far as FIPS 140 is concerned, the UK government (and I assume the US is the same) would require their own algorithms to be ported to Linux (and no, they will not release the source to them). What would be evaluated would be the interface to them. There would need to be some level of assurance that the algorithms were actually used and could not be bypassed, disabled etc.

    Personally I think certifying Linux would be a very good thing. It might actually turn in the first really useful certified platform, one which would actually allow applications to be resident and not invalidate the certificate. But what do I know, I don't count beans for a living.
  • This is probably apocryphal, but someone told me about a Solaris patch that accidentally caused "rm -rf /" to be run as root. If this is true, though, it looks like Microsoft was just emulating the Unix community. :-)
  • Yes, but the difference is, if you got it for free, and you've got the source, you don't really have any right to bitch about the bugs, do you?

    If you paid money for something, it creates a reasonable expectation that it will perform as promised, without paying additional money in the HOPE that the next release will fix the problem. If vendors are charging money for buggy Linux software, or not releasing the source to you so that you can fix your own problems, then yes, that is very sad...

  • Is anyone working on getting Linux to pass FIPS 1-140 certification? Is this something else we all need to chip in for? It seems to me that RedHat is fairly cash-rich right now, and could afford to carry the ball on this one for us... How 'bout it guys, at least get one of your own distributions certified (Red Hat 6.0 would be an ideal one to start with)
  • Uh, Chris... next time you see BillG, say hi to him for me, ok?

    I'm responding to an obvious troll, but here goes: Microsoft is to be admired for their success. They do not, however, in the eyes of myself and most others on here, have "focus and a commitment to a great OS." Their focus and commmitment to maximizing shareholder ROI seems to invariably take precedence over any commitment provide value to their customers. Ultimately this short-sighted corporate mindset will backfire, as it has already alienated much of their customer base, who are ready to jump ship as soon as they perceive a viable alternative.

    Linux has already overtaken Microsoft as a web server platform. It will soon overtake Microsoft as a general server. It will probably never overtake Microsoft in the shrink-wrapped software or desktop client markets -- but these markets will soon be as obsolete as the mainframe market -- e.g. people will still be using them, but all the exciting new development and profit will be on a different architecture.

    Contrary to popular opinion, the vast majority of computers are not running any M$ software. They're called "embedded processors", and are usually invisible to their owners. But there are 10 times as many of them as there are desktops! 90% of the computers out there have NO M$ software running on them!

    Oh sure, having a single entity control all production of a comodity works just great -- just look at what it did for the Soviet Union!

  • Um, could you cite some specific examples?

    My point was, that if you pay alot of money for a product whose producers have spent billions of dollars in advertising to tell you it IS suitable for a specific purpose, there SHOULD be an implied waranty. Software seems a consicous exception to the rule of implied waranty; would you by a car with a sticker over the ignition that said "We don't waranty this product to be good for anything, in fact it may (literally) crash and burn the first time you use it. By inserting the key in the ignition, you accept the terms of this agreement."

    My experience has been that the people who charge the big bucks for their software HAVE to make big claims for it; otherwise no one will buy it! The people who do open source have more of a "this may be helpful to you, or it may not" attitude. Sure, if someone is making big claims for their free software, and the claims turn out to be false, go ahead and bitch. Again, can you cite ANY specific examples of open source software that do this.

    Also, complaining about a bug when you have the source is like standing outside in a blizzard complaining about the cold -- you ain't gonna get any sympathy from me -- come inside, you idiot! What, you don't know HOW to build a fire? Ask a friend for help... What, you don't have any friends? Well, that's what happens when you work for Micro$oft...

  • The U.S. government has also issued guidelines mandating the use of Ada as a computer language and GOSIP compliance (does this imply POSIX?)... both of which were promptly ignored. Simply put, the government usually buys it's software from whomever is offering the biggest kickbacks...
  • NeXT had a gosh-awful slow optical disk! But is was a good machine for geeks, good development environment, it WASN'T beige... yes, I'm sad it didn't take off too...
  • anything that cleans a windows partition without warning sounds like a pretty nice feature to me.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling