- Saturday, Barbara and I went with our friends Mary
Chervenak and Paul Jones to visit Friendship Sporting
Clays, which describes the sport as "golf with a shotgun". That's
not far wrong, either, including the aggravation.
It wasn't the best of days for shooting, with temperatures around
40°F and winds gusting to 40 MPH. We rented a 20-gauge autoloading
shotgun and ended up going through six boxes of shells. Here's Mary at
Barbara did very well, particularly since this was the first time she'd
fired a shotgun. The rest of us didn't do as well. I knew I sucked at
shooting clays, and said as much, but everyone insisted that I shoot as
well. I fired a dozen or so rounds, and managed to hit about half. I'd
probably have done about as well with my Colt Combat Commander .45 ACP
But we all had fun, and we'll definitely go back again.
I keep hearing about how quickly Microsoft patched the WMF
flaw. This C|Net
article, for example, says:
fix for the flaw
was the quickest turnaround ever for a Microsoft patch, released only
10 days after the vulnerability was made public..."
Imagine that. A catastrophic security hole, and it took Microsoft
only ten days
it. And that was an all-time speed record for Microsoft. Furthermore,
the reports I've read say that Microsoft basically used the third-party
patch that had been released days earlier as a template for creating
their own patch. Maybe that's why it took them "only" ten days to get
the patch out the door.
Steven J. Vaughan-Nichols wrote an interesting
article about Microsoft's patch performance.
"Krebs analyzed Microsoft's
data for the last three years. He found that, when very few people knew
about a bug, "In 2003, Microsoft took an average of three months to
issue patches for (critical) problems reported to them. In 2004, that
time frame shot up to 134.5 days, a number that remained virtually
unchanged in 2005."
On that basis, Microsoft's timeliness was extraordinary, little more
than one fifth the time they require on average to patch a
publicly-known critical security hole. But in this article,
SJVN goes on to point out that Microsoft's patching performance is
absolutely pathetic when compared to OSS companies. Red Hat RHEL
experienced 17 critical vulnerabilities last year.
But, if the problem was
fully disclosed, if
was an 'open' problem, "In 2003, it took an average of 71 days to
release a fix for one of these flaws. In 2004 that time frame decreased
to 55 days, and in 2005 shrank further to 46 days.""
"Of those 17 critical
vulnerabilities, Red Hat made fixes for every one of them available to
customers via the Red Hat Network within two days of the
vulnerabilities being known to the public, with 87 percent of them
being available the first day."
So, Red Hat's worst
performance was two days, or one fifth the time of Microsoft's
best-ever-all-time-world record performance. And, on average, Microsoft
took literally about fifty times longer to issue patches for critical,
publicly-known flaws than did Red Hat. Other OSS companies have similar
or even better performance. In many cases, a critical flaw is patched
literally within hours of becoming known. Also, I don't remember a
single case of a Linux patch breaking anything, which alas is far from
true of Microsoft patches.
So, is Microsoft stupid, lazy, or just uncaring? None of the above, I
think. I'm sure that Microsoft does its very best to patch problems
quickly. The problem is the code base they're working with. Linux is
all clean, modular, well-documented code. Windows is a gigantic, messy
pile of spaghetti.
Furthermore, Linux was written with security always a high priority,
while Windows was written without any consideration for security at
all. Microsoft has struggled mightily to retro-fit security into their
software. Unfortunately, that simply doesn't work, as has been proven
time and time again.
Windows is insecure by design, and unsecurable. The only way to secure
Windows would be literally to throw out the existing code base entirely
and recode Windows from scratch. Obviously, that isn't going to happen.
And that's why Windows will never be secure or safe to use.
- I had to write checks this morning for federal and state
estimated taxes, which always puts me in a bad mood. Most people don't
realize that withholding and estimated taxes were "temporary"
measures, enacted during WWII for the duration of the emergency. Before
that, people actually paid their taxes on April 15th, when they were
due. But, as is so often the case with government, "temporary" really
If I could make just one small change to the system, I'd eliminate
withholding and estimated taxes. Every April 15th, every taxpayer in
America would have to sit down and write large checks to pay the taxes
due. One sixth of their gross income would go off the top to pay their
Social Security taxes. And that's before they've even begun to pay
what's due in income taxes. When people realized that they were paying
half or more of their income in direct taxes, there'd be a revolution.
Not one incumbent would remain in office at the next election.
18 January 2006
- I took yesterday off. Barbara had to go in for some routine
medical tests, and wasn't allowed to drive afterward. We spent the
morning having the tests done, and Barbara napped and rested the
remainder of the day while I read and took care of the dogs.
I'm of two minds about this Jill Carroll thing. On the one hand, I'd
kill her captors as soon as look at them. On the other hand, this young
woman had no business being there. She knew she had no business being
there, and she was fully aware of the risks. She chose to put herself
in that position, so I have little sympathy for her. I do hope she will
be released, but I wouldn't count on it.
If her captors do murder her tomorrow, I'm sure they'll release video
of the murder. If they do, I hope that the US television networks will
run the video of her murder over and over, and without any editing. The
people of the United States need to see what we're up against. We need
to see it in graphic detail, with nothing spared. Watching these
Islamic bastards behead an attractive young American woman would do as
much to unite Americans against the atrocity that is Islam as
anything else I can imagine.
does a bit of cherry-picking this week, attempting to prove that
the technical departments in American universities are inhabited solely
by Chinese and Indians. Americans, Fred says, are going to end up
You think I
exaggerate? Ha. Checking the staff of the University of Central
Florida’s school of Mechanical, Materials, and Aerospace
Engineering, I discover that most of Mumbai has already moved to
America. Shanghai too. There follows an unedited list:
Kumar, Linan An, Quanfang Chen, Ruey-Hung Chen, Larry Chew, Hyoung Jin
"Joe" Cho, Louis C. Chow, Kevin R. Coffey, Ted Conway, Vimal Desai,
Jiyu Fang, A. Henry Hagedoorn, Olusegun Illegbusi, Roger Johnson, Samar
Jyoti Kalita, Jayanta Kapat, Aravinda Kar, Alain Kassab, Christine
Klemenz, Alexander Leonessa, Kuo-Chi "Kurt" Lin, Antonio Minardi,
Faissal Moslehy, Jamal F. Nayfeh, David Nicholson, Eric L. Petersen,
Sudipta Seal, Yongho Sohn, C. "Sury" Suryanarayana, Raj Vaidyanathan,
Quan Wang, Fang Xu, Richard Zarda.
ain’t a hotbed of Anglo-Saxon achievement, I can’t imagine
what might be. It’s probably just what ol’ Tom Jefferson
had in mind. Who can doubt it?
The University of Central Florida? Why on earth would Fred choose that
particular school? I decided to call Fred's bluff, so purely at random
I chose a technical department from a somewhat better known university
that happens to be right down the street from me. Here's the Wake Forest University
Physics Department Faculty: Paul R. Anderson, Keith D. Bonin, Eric
Carlson, Greg Cook, David Carroll, Jacquelyn Fetrow, Martin Guthold,
Natalie A. W. Holzwarth, William C. Kerr, Daniel B. Kim-Shapiro, Jed C.
Macosko, G. Eric Matthews, Fred Salsbury, Richard T. Williams.
I'm fortunate enough to be in regular contact with a lot of extremely
bright people. Take my word for it. The shortage Fred seems to think
exists, doesn't. And while I am in complete agreement with Fred in
deploring the current state of our educational system, the fact is that
while that system may be failing the 90% or even the 99% on the left of
the bell curve, it has no effect on those on the far right of the bell
curve. And, in terms of intellectual achievement, those are the
ones who matter. Those are the only ones who've ever mattered.
- Netflix just sent me a disc (finally; they've been
throttling me heavily all month) of a sort that I'd never seen before.
It's double-sided. I've seen plenty of those, but they always had the
same content on both sides, one side in 4:3 format and the other 16:9.
This disc, The Adventures of Sherlock Holmes Volume 1, has two episodes
on one side and two different episodes on the other.
As to the throttling, this week is typical. I returned my last three
discs on Tuesday, which Netflix logged as received early Wednesday
morning. At that point, my queue said they expected to ship my next
three available discs that day, Wednesday. Late Wednesday afternoon, my
queue changed to say they expected to ship all three discs the
following day, Thursday. In the afternoon, I got three emails from
Netflix. One said I'd be getting the Holmes disc today, which I did,
one day later than I should have received it. But the other two discs
were listed as shipped yesterday with ETAs not today, not tomorrow, but
Monday. So, instead of getting my next three discs all yesterday as I
should have, I've gotten one today and will have to wait until Monday
for the next two. So much for the "unlimited rentals" and "next-day
service" that Netflix promises.
1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 by Robert Bruce