Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:GNU/Linux is made in the USA (Score 1) 332


Not really, most of each of thousands of projects have at most a few core developers and extraneous people who occasionally submit patches to fix specific itches. There is no "A team" scouring all open source for vulnerabilities from the simple fact such vulnerabilities most certainly do exist as innocent bugs and have not been reported by such teams.

To illustrate this point the linux kernel is developed by armies of smart people yet an automated tool found a laundry list of shit that has been around for years nobody noticed.

First, from the very report that you linked to:

The results show that the number of defects detected by the Coverity analysis system has decreased from over 2000 to less than 1000 while, during the same period of time, the source code has quadrupled in size and the power of Coverity's detection capabilities has increased markedly. We conclude using this data that the Linux kernel is a robust, secure system that has matured significantly.

You want a real eye opener? Check out Coverity's current press release:

Code quality for open source software continues to mirror that of proprietary softwareâ"and both continue to surpass the accepted industry standard for good software quality. Defect density (defects per 1,000 lines of software code) is a commonly used measurement for software quality. Coverityâ(TM)s analysis found an average defect density of .69 for open source software projects that leverage the Coverity Scan service, and an average defect density of .68 for proprietary code developed by Coverity enterprise customers. Both have better quality as compared to the accepted industry standard defect density for good quality software of 1.0. This marks the second, consecutive year that both open source code and proprietary code scanned by Coverity have achieved defect density below 1.0.


Linux remains a benchmark for quality. Since the original Coverity Scan report in 2008, scanned versions of Linux have consistently achieved a defect density of less than 1.0, and versions scanned in 2011 and 2012 demonstrated a defect density below .7. In 2011, Coverity scanned more than 6.8 million lines of Linux code and found a defect density of .62. In 2012, Coverity scanned more than 7.4 million lines of Linux code and found a defect density of .66. At the time of this report, Coverity scanned 7.6 million lines of code in Linux 3.8 and found a defect density of .59.


While static analysis has long been cited for its potential to improve code quality, there have been two significant barriers to its adoption by development organizations: high false positive rates and a lack of actionable guidance to help developers easily fix defects. Coverity has eliminated both of these obstacles. The 2012 Scan Report demonstrated a false positive rate for Coverity static analysis of just 9.7 percent in open source projects. Additionally, the 2012 report noted more than 21,000 defects were fixed in open source codeâ"more than the combined total of defects fixed from 2008-2011.

The real conclusion that you should draw is twofold. First, if you're relying on software that isn't doing static code analysis, you're probably relying upon insecure code.

Second, Every. Single. App. Has. Bugs. The difference is that open source lets anyone do the analysis and fix the bugs. The same can't be said when of any closed source package.

So, which is safer? The OSS app where everything is publicly discussed and bug fixes generally get acted upon fast, or the closed source app where the vendor may be handing the known vulnerabilities off to the NSA or its equivalent in the country of your choice? I know which way I choose. :-)

Comment Wrong, wrong, WRONG! Read the 9th and 10th! (Score 1) 622

From the Federal Archives' transcript of the Bill of Rights:

Amendment IX

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

Amendment X

The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.

How much more explicit does it have to get?!?

Comment Estimate is late by 4 years! (Score 1) 130

Tomi Ahonen pointed out in March that we already have 6.7 billion _active_ mobile accounts. This clearly means that we are already FAR past that point when you include all the devices not on telecomm networks.

BTW, in the same blog post Ahonen also estimated that the point at which active accounts would exceed the world's population would happen some time this summer.

Comment Sigh. Not this tired old meme again! (Score 1) 130

Can we drop this already?

As I mentioned in an earlier post, my wife and I spent 4 days poolside in the Dominican Republic with a Kindle Fire and a Nook Color. Conditions bright enough every day for both of us to need sunglasses.

Yet, strangely enough, neither one of us had any problem whatsoever using our tablets to read ebooks for hours on end.

Am I saying that tablets with color LED displays are _better_ than e-ink readers for long term reading and battery life? Absolutely not! But the days when reading from a bog standard tablet to be a pain outdoors are long gone.

Comment Re:True, but confused. Mature and beta open to you (Score 1) 97

Well, if stability is a major concern there's always the option of going to the grandaddy of any number of Linux distros. Install Debian stable for rock solid reliability, Debian testing for something a bit more up to date and pretty thoroughly debugged, Debian unstable for reasonably up to date and generally as stable as most distros, or experimental if you like the bleeding edge.

The really neat thing about Debian is that it's possible to build a system on stable and select individual applications to install as experimental. Works fine for packages that don't have version specific dependencies on libraries. That's how I'm currently running LyX on my main system, for example.

Comment Re:You mean like the Kindle Fire? (Score 2) 56

Trying to read a book on a backlit LCD screen in a pain in the ass on a good day...

While I will be the first to admit that e-ink is truly wonderful for direct sunlight condition, I still have to say, "Wow, hyperbole much?"

A month ago I spent four days' vacation in the Dominican Republic, most of which was spent lounging around the pool with my wife. She's got a Kindle Fire and I have a Nook Color. Neither one of us had any problem at all reading books in sunlight bright enough to require sunglasses.

Here's a tip: Don't forget to turn up the screen brightness all the way before going outside. That's all that's really required.

Comment Re:Let's not kid ourselves here (Score 1) 127

Oh, please. AD and Firefly's handling by Fox couldn't have been more different.

AD: All 3 seasons shown in a stable slot. All episodes shown in order.

Firefly: 1 season shown wherever Fox felt like shoving it. You never knew week by week where it was going to be. The episodes were shown so far out of order that it was impossible to understand what the backstory was.

Frankly, I think an executive at Fox wanted the show eliminated as fast as possible to make room for a pet project or two. It's a wonder that any of us stuck with the show long enough to figure out what a gem it truly was.

Now, I'm not saying that Firefly was a show that would appeal to everyone. However, I am certain that it would have had a much, MUCH larger audience if Fox had just given it a decent chance.

Comment Re:There is - it's called a Kindle Fire (Score 1) 312

Getting off topic here, but this is why I don't download directly from the B&N store to my Nook. I buy online through my PC, download it there, then read it on my Nook. I also tend to buy books that are DRM free or use tools that will let me read my ebooks however I want. Calibre's plug-in architecture makes this possible.

Comment Re:Is It Time To Enforce a Gamers' Bill of Rights? (Score 1) 469

"Sure, I can refuse to buy another game from the developer, but that doesn't really fix anything. They already have my money."

Sure, for that game. I haven't bought a game from EA in 5 years. Over that time period, I've probably spent a couple of hundred bucks or so on games from other publishers that I downloaded from Steam sales, GoG, and Stardock, or as physical media (Battlefront.Com, for example)

The point is, if you've been burned by a vendor, look twice or even three times before ever spending another nickel with that company again. All the info about Ubisoft and EA's shenanigans have been widely reported in the gaming trade rags, so it's easy enough to avoid buying into their very flawed business model.

Side note: If you like FPS games as part of your multiplayer fix, take a look at Bohemia Interactive's alpha release of ArmA 3 on Steam. It's already proving to be a platform as stable as and with about as much content as some AAA titles final release. There are already hundreds of servers up with all kinds of player content out there and it's only been out a week! Well worth looking into for any FPS player.

Slashdot Top Deals

C++ is the best example of second-system effect since OS/360.