Home » Daynotes Home » Week of 16 January 2006

Photograph of Robert Bruce Thompson
Daynotes Journal

Week of 16 January 2006

Latest Update: Friday, 20 January 2006 15:20 -0500
Free Speech Online - Blue Ribbon Campaign

Paying for this Place
Visit Barbara's Journal Page

Monday, 16 January 2006
[Daynotes Forums]    [Last Week]   [Mon]  [Tue]  [Wed]  [Thu]  [Fri]  [Sat]  [Sun]   [Next Week]    [HardwareGuys Forums]

08:33 - Saturday, Barbara and I went with our friends Mary Chervenak and Paul Jones to visit Friendship Sporting Clays, which describes the sport as "golf with a shotgun". That's not far wrong, either, including the aggravation.

It wasn't the best of days for shooting, with temperatures around 40°F and winds gusting to 40 MPH. We rented a 20-gauge autoloading shotgun and ended up going through six boxes of shells. Here's Mary at the line.

Barbara did very well, particularly since this was the first time she'd fired a shotgun. The rest of us didn't do as well. I knew I sucked at shooting clays, and said as much, but everyone insisted that I shoot as well. I fired a dozen or so rounds, and managed to hit about half. I'd probably have done about as well with my Colt Combat Commander .45 ACP autopistol.

But we all had fun, and we'll definitely go back again.

I keep hearing about how quickly Microsoft patched the WMF flaw. This C|Net article, for example, says:

"Microsoft's fix for the flaw was the quickest turnaround ever for a Microsoft patch, released only 10 days after the vulnerability was made public..."

Imagine that. A catastrophic security hole, and it took Microsoft only ten days to fix it. And that was an all-time speed record for Microsoft. Furthermore, the reports I've read say that Microsoft basically used the third-party patch that had been released days earlier as a template for creating their own patch. Maybe that's why it took them "only" ten days to get the patch out the door.

Steven J. Vaughan-Nichols wrote an interesting article about Microsoft's patch performance.

"Krebs analyzed Microsoft's patch data for the last three years. He found that, when very few people knew about a bug, "In 2003, Microsoft took an average of three months to issue patches for (critical) problems reported to them. In 2004, that time frame shot up to 134.5 days, a number that remained virtually unchanged in 2005."

But, if the problem was fully disclosed, if was an 'open' problem, "In 2003, it took an average of 71 days to release a fix for one of these flaws. In 2004 that time frame decreased to 55 days, and in 2005 shrank further to 46 days.""

On that basis, Microsoft's timeliness was extraordinary, little more than one fifth the time they require on average to patch a publicly-known critical security hole. But in this article, SJVN goes on to point out that Microsoft's patching performance is absolutely pathetic when compared to OSS companies. Red Hat RHEL experienced 17 critical vulnerabilities last year.

"Of those 17 critical vulnerabilities, Red Hat made fixes for every one of them available to customers via the Red Hat Network within two days of the vulnerabilities being known to the public, with 87 percent of them being available the first day."

So, Red Hat's worst performance was two days, or one fifth the time of Microsoft's best-ever-all-time-world record performance. And, on average, Microsoft took literally about fifty times longer to issue patches for critical, publicly-known flaws than did Red Hat. Other OSS companies have similar or even better performance. In many cases, a critical flaw is patched literally within hours of becoming known. Also, I don't remember a single case of a Linux patch breaking anything, which alas is far from true of Microsoft patches.

So, is Microsoft stupid, lazy, or just uncaring? None of the above, I think. I'm sure that Microsoft does its very best to patch problems quickly. The problem is the code base they're working with. Linux is all clean, modular, well-documented code. Windows is a gigantic, messy pile of spaghetti.

Furthermore, Linux was written with security always a high priority, while Windows was written without any consideration for security at all. Microsoft has struggled mightily to retro-fit security into their software. Unfortunately, that simply doesn't work, as has been proven time and time again.

Windows is insecure by design, and unsecurable. The only way to secure Windows would be literally to throw out the existing code base entirely and recode Windows from scratch. Obviously, that isn't going to happen. And that's why Windows will never be secure or safe to use.


Tuesday, 17 January 2006
[Daynotes Forums]    [Last Week]   [Mon]  [Tue]  [Wed]  [Thu]  [Fri]  [Sat]  [Sun]   [Next Week]    [HardwareGuys Forums]

08:35 - I had to write checks this morning for federal and state estimated taxes, which always puts me in a bad mood. Most people don't realize that withholding and estimated taxes were "temporary" measures, enacted during WWII for the duration of the emergency. Before that, people actually paid their taxes on April 15th, when they were due. But, as is so often the case with government, "temporary" really means "permanent".

If I could make just one small change to the system, I'd eliminate withholding and estimated taxes. Every April 15th, every taxpayer in America would have to sit down and write large checks to pay the taxes due. One sixth of their gross income would go off the top to pay their Social Security taxes. And that's before they've even begun to pay what's due in income taxes. When people realized that they were paying half or more of their income in direct taxes, there'd be a revolution. Not one incumbent would remain in office at the next election.


Wednesday, 18 January 2006
[Daynotes Forums]    [Last Week]   [Mon]  [Tue]  [Wed]  [Thu]  [Fri]  [Sat]  [Sun]   [Next Week]    [HardwareGuys Forums]

00:00 -


Thursday, 19 January 2006
[Daynotes Forums]    [Last Week]   [Mon]  [Tue]  [Wed]  [Thu]  [Fri]  [Sat]  [Sun]   [Next Week]    [HardwareGuys Forums]

11:02 - I took yesterday off. Barbara had to go in for some routine medical tests, and wasn't allowed to drive afterward. We spent the morning having the tests done, and Barbara napped and rested the remainder of the day while I read and took care of the dogs.

I'm of two minds about this Jill Carroll thing. On the one hand, I'd kill her captors as soon as look at them. On the other hand, this young woman had no business being there. She knew she had no business being there, and she was fully aware of the risks. She chose to put herself in that position, so I have little sympathy for her. I do hope she will be released, but I wouldn't count on it.

If her captors do murder her tomorrow, I'm sure they'll release video of the murder. If they do, I hope that the US television networks will run the video of her murder over and over, and without any editing. The people of the United States need to see what we're up against. We need to see it in graphic detail, with nothing spared. Watching these Islamic bastards behead an attractive young American woman would do as much to unite Americans against the atrocity that is Islam as anything else I can imagine.


Friday, 20 January 2006
[Daynotes Forums]    [Last Week]   [Mon]  [Tue]  [Wed]  [Thu]  [Fri]  [Sat]  [Sun]   [Next Week]    [HardwareGuys Forums]

08:50 - Fred does a bit of cherry-picking this week, attempting to prove that the technical departments in American universities are inhabited solely by Chinese and Indians. Americans, Fred says, are going to end up pulling rickshaws.

You think I exaggerate? Ha. Checking the staff of the University of Central Florida’s school of Mechanical, Materials, and Aerospace Engineering, I discover that most of Mumbai has already moved to America. Shanghai too. There follows an unedited list:

Ranganathan Kumar, Linan An, Quanfang Chen, Ruey-Hung Chen, Larry Chew, Hyoung Jin "Joe" Cho, Louis C. Chow, Kevin R. Coffey, Ted Conway, Vimal Desai, Jiyu Fang, A. Henry Hagedoorn, Olusegun Illegbusi, Roger Johnson, Samar Jyoti Kalita, Jayanta Kapat, Aravinda Kar, Alain Kassab, Christine Klemenz, Alexander Leonessa, Kuo-Chi "Kurt" Lin, Antonio Minardi, Faissal Moslehy, Jamal F. Nayfeh, David Nicholson, Eric L. Petersen, Sudipta Seal, Yongho Sohn, C. "Sury" Suryanarayana, Raj Vaidyanathan, Quan Wang, Fang Xu, Richard Zarda.

If that ain’t a hotbed of Anglo-Saxon achievement, I can’t imagine what might be. It’s probably just what ol’ Tom Jefferson had in mind. Who can doubt it?

The University of Central Florida? Why on earth would Fred choose that particular school? I decided to call Fred's bluff, so purely at random I chose a technical department from a somewhat better known university that happens to be right down the street from me. Here's the Wake Forest University Physics Department Faculty: Paul R. Anderson, Keith D. Bonin, Eric Carlson, Greg Cook, David Carroll, Jacquelyn Fetrow, Martin Guthold, Natalie A. W. Holzwarth, William C. Kerr, Daniel B. Kim-Shapiro, Jed C. Macosko, G. Eric Matthews, Fred Salsbury, Richard T. Williams.

I'm fortunate enough to be in regular contact with a lot of extremely bright people. Take my word for it. The shortage Fred seems to think exists, doesn't. And while I am in complete agreement with Fred in deploring the current state of our educational system, the fact is that while that system may be failing the 90% or even the 99% on the left of the bell curve, it has no effect on those on the far right of the bell curve. And, in terms of intellectual achievement, those are the ones who matter. Those are the only ones who've ever mattered.

15:20 - Netflix just sent me a disc (finally; they've been throttling me heavily all month) of a sort that I'd never seen before. It's double-sided. I've seen plenty of those, but they always had the same content on both sides, one side in 4:3 format and the other 16:9. This disc, The Adventures of Sherlock Holmes Volume 1, has two episodes on one side and two different episodes on the other.

As to the throttling, this week is typical. I returned my last three discs on Tuesday, which Netflix logged as received early Wednesday morning. At that point, my queue said they expected to ship my next three available discs that day, Wednesday. Late Wednesday afternoon, my queue changed to say they expected to ship all three discs the following day, Thursday. In the afternoon, I got three emails from Netflix. One said I'd be getting the Holmes disc today, which I did, one day later than I should have received it. But the other two discs were listed as shipped yesterday with ETAs not today, not tomorrow, but Monday. So, instead of getting my next three discs all yesterday as I should have, I've gotten one today and will have to wait until Monday for the next two. So much for the "unlimited rentals" and "next-day service" that Netflix promises.


Saturday, 21 January 2006
[Daynotes Forums]    [Last Week]   [Mon]  [Tue]  [Wed]  [Thu]  [Fri]  [Sat]  [Sun]   [Next Week]    [HardwareGuys Forums]

00:00 -


Sunday, 22 January 2006
[Daynotes Forums]    [Last Week]   [Mon]  [Tue]  [Wed]  [Thu]  [Fri]  [Sat]  [Sun]   [Next Week]    [HardwareGuys Forums]

00:00 -


Copyright © 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 by Robert Bruce Thompson. All Rights Reserved.