Original URL: https://www.theregister.com/2003/02/05/a_homage_to_catatonia/

A Homage to Catatonia

Dangerous Times, Improbable by Design, Super JpZr!

By Andrew Orlowski

Posted in Bootnotes, 5th February 2003 08:52 GMT

Letters "Your piece making fun of the New York Times put my Mom into a fit of giggles with extracts of like ''hallowed be its name, more incense please vicar...'," writes one reader.

Damn, I was simply trying to strike the appropriate, reverential tone for this great institution. However, I have one question that m'learned readers may be help to with.

Has anyone died of boredom while reading the Times? You know, it's not so far-fetched.

I'm sure there are cases where the body's metabolism can slow down to such a low rate of inactivity - similar to a coma or a persistent vegetative state - that death is a distinct possibility. I suspect that the Times' Letters Page is most likely to induce this - so please, in this cold season, be careful out there.

Now, many of you wrote to point out that Microsoft's latest advertising slogan "Secure By Design" does indeed echo an earlier U**X claim. We asked which one.

It's OpenBSD, the phrase is "Secure By Default" and the claim is made here. And thanks to Barry K Nathan for telling us that one of the special OpenBSD songs contains the phrase [MP3, Ogg Vorbis]. I haven't vetted this for RMS-style tuneness so caveat downloader.

Out of several hundred emails Jamie Bowden deserves a special mention, because he has the most entertaining sig:-

It was half way to Rivendell when the drugs began to take hold"
- Hunter S Tolkien "Fear and Loathing in Barad Dur"
[Iain Bowen]

Several of you have observations on the metrics of Microsoft's internal code review. The Beast claimed: "engineers spent several weeks reviewing many millions of lines of code in Windows."

"Let's assume that the oft quoted 35 million lines of code in Windows is still current, and that the "several" mentioned above is, say, seven. That's an average of five million lines of code a week. Let's say the review team was 100 strong (which may be on the small side, but if you're doing a review like that then you need a small enough team to keep communication overhead down) then that means that each engineer reviewed 50,000 lines of code a week, or 10,000 lines of code a day - something in excess of 1,000 lines an hour per person," writes Duncan Ellis.

"And that's ignoring the time required to cross check with the other team members."

On the other hand Erick Van Selst suggests that teams of 3-4 engineers reviewing about 500 LOC/hr have proven to be cost-effective.)

"It’s nice to see that they have started triage at least. In my experience, once the process in initiated, the cost-benefit ratio tends to justify implementing a full code review program."

Rudy de Haas - who never, ever disappoints - clocks this at 6.9 lines of code per second and offers the last word.

He encloses a splendid research paper entitled "Detection Of Large Woody Debris Accumulations In Old-Growth Forests Using Sonicwave Collection" by Indiana R. Jones And Ethan Allen ('ET AL'for short), published by the Department Of Philosophical Biology at the University of North Dakota, Hoople. (The corner bar to be precise).

(I'm on a wet-string dial-up connection in rural France now, but please allow Google to be your guide, it's well worth the trouble).

Ken Kashmarek adds:-

When I was a registered Apple developer, I wrote up a problem about a QuickDraw interface call. One value in a parameter list was incorrect, and the call would take down the computer (re-boot to recover). When I documented the call, I was told exactly the same thing by Apple Computer, even though the documentation did not specify that such a value might be wrong, or that the underlying code does not check the parameters for valid input before using them.

Even more striking was that one of the documented return codes was a number that indicated a parameter has a bad value.

Moral of the story: when you point out the mistakes of others, you immediately become subject to attack for committing the same or similar mistakes (avoidance of penalty by deflection).

Valued correspondent "A Lizard" has this advice for plugging security holes:-

Proper use of MS OS and IIS is quite easy. All one has to do is open a command window and execute the following command:

format c:

- followed by y at the next prompt.

Then install OpenBSD or whatever one's favorite *nix flavor is, being careful to make sure whatever unnecessary services the distro wants to install don't get in.

What could be simpler? OK, an MCSE might have trouble with the "open a command window" part, but so what else is new?

Glen Turner was reminded of Computer Associaties' slogan:

Software superior by design

— which always had us MVS sysadmins rolling on the floor, as CA bought in the almost all of its software.

So CA wouldn't know a software architecture if it fell over one (always a possibility in those days of walls of paper system documentation surrounding each system programmer's desk).

Karl Kropf adds this fascinating aside:-

It may not be that relevant and the tense of the verb is different but 'Secured by Design' is the label for an initiative run by Police in the UK to promote the reduction of crime in new residential development. Perhaps it is appropriate to your story that in some people's view (backed by research) some of the ideas promoted through 'Secured by Design' are rather outdated and ineffective.

I won't bore you with the details but you may be able to find out more here. See this for a counterpoint.

Finally, thanks to the author of "Super POLAND" Henry WM for getting in touch. Henry generously credits MuroBBS for assistance.

"It even quite amused my Polish wife,' writes John Presland. "Though friend Rutkowski's rant did have to be shown to her too to get her humour circuits working properly."

However this (anonymous reader) reminds us why we should declare this matter closed:-

"Being an ex-Nokian, and a once and future ex-resident of Finland and someone who has witnessed the maturity level of 'jpzr' in some of the Nokia newsgroups, all I can say is good riddance. I'm a bit shocked, and dismayed though that he has gotten so much notoriety for being, well, a jerk." Fair enough.

Move along now, folks. ®