c-net is reporting that Microsoft's own servers were successfully attacked. It also includes this perfect quote:

“Seems like every time I install a system patch, something else goes wrong with my system,” said Frank Beier, president of Web design firm Dynamic Webs. The designer said many system administrators won’t patch for many months, because they don’t trust Microsoft to fix the problem without breaking some other function of the software.

“In most cases, I'm better off just playing Russian roulette with the hackers until our servers are broken into,” he said.

Which makes me think. Every time there's a large-scale attack, folks come out with a number like the attack cost businesses $35 million. How much would it have cost businesses, though, if everyone had installed the security patch on the same day last summer, and had all of their systems break due to the patch itself? Admins across the country applying the patch, applying other patches, fixing conflicts, re-installing, etc, for several days. Sure, I'd call that $35 million also, probably. But, since admins tend to not all patch on the day a patch is released, we don't see the big balloon cost to business of the patches.

Instead, lots of businesses lost a few thousand here and there as their admins are waylayed attempting to make the patches and all other software on the machine happy.

So, I'd like to see a study to determine how much applying wonky patches costs business each year.

The quote above may have it right on the money. If you patch a system that never gets broken into, you've spent time (and thus money) for nothing. A guaranteed loss. If you don't patch a system that never gets broken into, you've spent no time (thus no money). If you don't patch a system that does eventually get broken into, you'll spent time (thus money) fixing it. So, I think these guys are typically playing the probability game. An uncertain cost later is better than a certain cost now, monetarily speaking.

ANTLR 2.7.2 has been released.

Time for me to update the maven plugin, it seems.

The ANTLR 2.7.2 release is a feature enhancement and bug fix release, partially brought to you by those hip cats at jGuru.com. It has been about 2 years since the last release so expect lots of stuff to have been fixed and improved.

Kung Pow: Enter the Fist is a must see. It follows in the lines of What's Up, Tiger Lilly? by Woody Allen, in that it's a redub (and in Kung Pow's case, a resplice) of an older Japanese movie.

Kung Pow: Enter the Fist is a movie within a movie, created to spoof the martial arts genre. Writer/director Steve Oedekerk uses contemporary characters and splices them into a 1970s kung-fu film, weaving the new and old together. As the main character, The Chosen One, Oedekerk sets off to avenge the deaths of his parents at the hands of kung-fu legend Master Pain. Along the way, he encounters some strange characters, one of which is a cow trained in the martial arts.

Water lang.org presents a commercial (yet free?) XML-based language not unlike Jelly, but then again, completely unlike Jelly.

Water™ is a new all-purpose Web programming language that delivers both power and simplicity.

A quick-ref sheet is available.

drools 2.0-beta-10 has been released. Big thanks to Matt Ho who volunteered as our release manager and ushered this release out the door.

The latest official build is 2.0-beta-10 .

A few more issues and I think we'll be pushing 2.0-final out the door in a few weeks.

tangent: Canada is fargin' cold. Glad to be back in Georgia. A lot of work on werkflow did get done while up there though. Good things.

Well, howdy from my newly functional laptop.

Anyone in #maven knows my perils but maybe this'll help other random folks attempting to do what I did.

After getting an HP laptop with bad hardware (random reboots), I procured a Toshiba 5205-703s, which has the radically cool 1600x1400 resolution. It also has the radically uncool legacy-free BIOS, which means you can only frob the bios from Win32. No F1 or whatnot to get into it before loading an OS.

Redhat 8.0 didn't support this machine very well out of the box. The biggest key to getting a legacy-free Toshiba machine working is the ACPI patch to that linux can learn your IRQs from the BIOS.

You can't simply patch RedHat's 2.4.18 kernel sources, since they're mutated from the main tree. I attempted a 2.4.20 kernel with the ACPI patch, which worked, but kept my load average at 1.8 when idle.

This morning, I went back to a 2.4.19 kernel, applied the ACPI patch immediately, and then added my network modules.

Internal WIFI now works and load is a nice fat 0 when idle.

The cPad mousepad works, but only as a PS/2 device. Once I enable USB, it goes wonky and disappears. I've played with the Input-Core stuff and the *HCI modules, to no avail. Some other week I'll attack that. Sound works beautifully also.

One note: when booting up the initial RedHat install, it freezes when kudzu does a probe. Just do a manual boot sequence and prevent kudzu from running. Once you have an ACPI kernel, kudzu causes no problems.

Back to work...

I know many folks think operator overloading is evil, but to a person who likes nice semantics and has created more than his fair share of little languages (ANTLR rocks!), not being able to overload operators restricts the richness of an API.

Back in the C++ days, I could, thoough conversion methods and operator overloading, make an API as simple as this for en end-user:

transition.addFiringRule( Foo.RULE && Bar.RULE )

Without, I have to do this in java:

transition.addFiringRule( new AndRule( Foo.RULE, Bar.RULE ) )

To many humans (ie, developers), infix notation is notably easier to read than prefix or postfix. Operator overloading allows us to use existing infix symbols instead of having to create a semantically similar prefix symbol set implemented as objects.

Somewhat related, I think folks who are creating expression languages should take the time and effort to create a real parser for it, instead of using ostenbily a prefix/postfix XML syntax.

This makes me feel dirty:

<and>
  <or>
    <term>...</term>
    <term>...</term>
  </or>
  <term>...</term>
</and>

FVWM is my window-manager of choice. I have it configured fairly spartanly, but with 10 virtual screens mapped to my F-keys and various combinations for cycling, raising and lowering windows. I never iconify anything (I do have 10 virtual screens), I never dock anything, and I seldomly reconfigure my system.

FVWM is an extremely powerful ICCCM-compliant multiple virtual desktop window manager for the X Window system. Development is active, and support is excellent. Check it out!

I just bought a new laptop (HP ze5185) and burned some RedHat 8.0 CDs and did the big install. No longer is fvwm2 included in the distribution it seems. My only choices are gnome or kde, neither of which do I like. I've been used to scp'ing over my .xinitrc, fvwm2rc, and my .emacs and feeling at home.

Now, I have to go find an rpm or compile from source. That's just silly. And I would've thought that enough folks were using the linksys wireless devices to include support for them in the distribution also. Alas, nope. More downloading and compiling of pcmcia-cs and linux-wlan-ng.

No wonder my dad doesn't use linux.

drools 2.0-beta-9 has been released.

The latest official build is 2.0-beta-9 .

Notable in this release includes:

....Better ant-based build, for the maven-impaired
....Cleaned up gratuitous (non-used) dependencies
....A few bugfixes only fleetingly seen in beta-8
....More stuff I've probably forgotten