Slashdot Mirror

Well, FreeBSD can run linux binaries. Observe:

bash# uname -a
FreeBSD abox.some.dom 4.7-STABLE FreeBSD 4.7-STABLE: Sun Dec. 8 19:28:39 EDT 2002
root@abox.some.dom:/usr/obj/usr/src/sys/abox i386

bash-2.05b# chroot /compat/linux

%uname -a
Linux linuxbox.some.dom 2.4.2 FreeBSD 4.7-STABLE: Sun Dec. 8 19:28:39 EDT 2002
user@abox i386 unknown


So, does it run linux? Of course. It can also run SCO unix. "Does linux run FreeBSD or SCO?" is a better question. There's an effort to provide similar capabilities in linux, but it looks like they've just started. Help 'em out, ok?

Looks pretty loose to me...

there is only so many times in a day you can "go make coffee" or "check your email".

Geek Slack List

• http://www.subgenius.com/
• http://www.slackersguild.com/
• BBC News
• http://www.memepool.com/
• http://www.plastic.com/
• http://www.arstechnica.com/
• http://www.metafilter.com/
• http://www.techdirt.com/
• http://www.bottomquark.com/ (Science News)
• http://newsforge.com/
• http://www.theregister.co.uk/
• http://www.anandtech.com/
• http://www.bjorn3d.com/
• http://cellar.org - Image of the Day
• http://www.collegehumor.com/
• http://www.everything2.com/
• http://www.kuro5hin.org/
• http://www.theonion.com/
• NASA - Astronomy Picutre of the Day
• http://www.majorgeeks.com - Windows Shareware / Freeware
• http://www.advogato.org/
• http://www.sweetcode.org/
• http://www.disinfo.com/ - Disinformation
• http://www.somethingawful.com/
• http://www.astronomynow.com/ - Astronomy News
• http://www.aip.org/ - American Institue of Physics - News
• http://www.adequacy.org/

• The Effects of Moore's Law and Slacking 1 on Large Computations

Hope this helps =)

On the one hand, I think I would do a lot of good to the community if I copylefted my article. A lot of people might read it who otherwise would never come across it. On the other hand, allowing the only copy to be on my website generates a lot of valuable traffic that helps to advertise my consulting business. But on still another hand, maybe having the copylefted version in the wild would do even more to publicize my business.

John Levon suggested that that particular article is probably best where it is. I'm thinking now that he's probably right.

But I have other articles that I am thinking of copylefting. I have started writing a column on cross-platform software development. My thought now is that I will copyleft my articles, say, six months after they are published. The one article I have posted so far is older than that, so if I decide to do this I will copyleft it right away.

That way there will be traffic to my cross-platform site from people looking for new articles, but ultimately they will have the most positive effect if they are picked up by linux distros, for example.

I'm still undecided about it, I probably won't make a decision right away. Yes, I want to help people. But I'm sorry to say that it's been challenging to be a self-employed software consultant since the dot-com crash. My articles take a lot of work to write, and I don't get paid for writing them, in fact I take a lot of time off to write that I could spend doing billable work for my clients. They are an effective advertising medium. The decision of whether to copyleft them is going to have to be based in large part on what I think would be best for my business.

http://www.advogato.org/article/101.html

Are they sure that this isn't covered by a patent? I remember almost two years ago that VirtualDub had to remove support for ASF files because Microsoft had a patent on some part of it. The VirtualDub guys just removed support rather than fight MS. I hope this doesn't turn out to be the same situation.

I also posted an article about this on Advogato here. I got some replies on that, and one person attended me to here where you can find a copy of the 5dwm stuff.

About the functionality of this thing, it's not just a WM. It's a desktop environment. If you ever worked on a SGI machine, you'd agree it was (well, arguably) the best damn internet workstation out there. Sure, KDE and Gnome fill in a huge gap here, but there is much to be learned from how the IMD is put together.

I hope the people at SGI see this and decide to either opensource this thing, or to provide linux binaries. I know, it's idle hope, but a man can dream, can't he? I'd love to see this on my desktop at home.

Trust is not a human trait. www.dictionary.com lists the number one definition of trust as:

1. Firm reliance on the integrity, ability, or character of a person or thing.

It is possible to express reliability mathematically, and to build into machines that notion of trust. For example, when you do a computation on your PC you can be 99.997% sure that it works correctly. Also, have explored what it means to automatically extend trust outward to people you do not know.

I think moderation could work if it was done properly. It's just the slashdot implementation that is shit. And they can't really change it now (well they *could* but I don't see that happening). They could have used a network flow model, or even use pagerank. This is an idea that would work.

Winbind is an nss switch module to map Windows NT Domain databases to Unix.

In combination with Samba and pam_ntdom, a Unix box will be able to integrate straight into a full Windows NT Domain environment, without needing a Unix Account database.

Use of pam modules (pam_smb, pam_ntdom) also works (on pam systems like linux or solaris) very well.

a convicted warez dude setting up a "FREE SOFTWARE Mirror Project has to attract some attention

Attention != negative attention. The more attention Tresco attracts to FSMP, the less the free software community will get burned if OSDN's service happens to go under.

Welcome to Slashdot. This is stuff that matters.

Now shut the fuck up. If you want serious discussion all the time there are other options.

You can send out a bad copy once, but if well-known and trusted copies already exist on the network you are not going to be able to replace these with bad copies, the self-verification does not prevent the single-point attack you describe, it prevents the propogation of this attack throughout the network. If an attacker serves up bad files (ones that do not match the SHA1 hash advertised) then the downloader should treat the host as malfunctioning and query a more reliable source. The downloading agent does not need to unpack the file and see what is inside, it just checks the SHA1 hash and then can simple assume that there was a transmission error and try another source. Eventually the malicious node will be trimmed from everyone else's peer list and a new node identity will have to be generated and the game starts again.

This single attack costs the attacker as much as it does the downloader (and you can bet the RIAA is paying more per MB of data sent than someone downloading the data via a DSL or cable modem line) and a few simple changes to the system like favoring trusted peers (ones who have not given you mismatched hash/payload data) as the first nodes to query and only moving down the local reputation food chain if you need to expand your query or search for alternate sources. Unless an attacker can pretend to be a vast majority of the nodes in the system it is not going to be able to make this attack scale-up in the manner you suggest.

There is a difference between an attack that works on a single download and an attack that would be viable for a network-wide assault. The case you and Mr. Chen bring up here is clearly in the first category, an inconvenience for individual users but not something that will be a significant problem for the network as a whole.

Moderation and peer reputation require some method of recording "ratings" of users on the network. Something not present in the current Gnutella network. But if implemented, it would have to be distributed as well. This means that there, at some point, must be a blind trust between clients to complete these "ratings". That blind trust will lead to poisioning of the ratings system and make it worthless.

"Ring of trust" simply does not work in a distributed environment that is truly open to anyone. Closed distributed environments, or virtually closed environments within an open environment would be the only way. However new users would not be able to enter them and that is how Gnutella keeps itself alive.

Which is why I think that things like Raph Levien's work in reputation systems (and actually coding up working examples of such a system, see refs below) are rather attractive because they solve this specific problem in a rather elegant fashion and make such simplistic attacks much more difficult and expensive to pull off. [Here's a quick hint: Have you ever noticed that most people seem to care about Roger Ebert's opinion rather than yours when it comes to what movies to go see? This is because distributed trust system can deal with voter flooding attacks by limiting how much influence comes from untrusted sources.]

You seem to think, Mr. McCoy, that there are obvious solutions. Yet you really don't present any nor do you present any existing real-world examples.

One of the problems I addressed in the original paper was the fact that it was poorly researched in certain aspects. It seems that everyone is too lazy to actually do any research these days, but since spending five minutes doing google searches on various terms related to reputation systems seems to be too much work for either you or Mr. Chen, here is a quick summary of a few minutes work (although I selected papers that I am familiar with after google returned a hit).

1) For starters look at Google itself. Google is the single biggest distributed reputation system in the internet. That is what a pagerank is, the "repuation" of a particular link for a particular subject using link count as the voting mechanism. It can be attacked and subverted on a small scale as various Google-juicing experiments prove, but it is also very effective at filtering out these attacks (see some of the Scientology google-juicing wars to see how hard it is to really influence a massively distributed reputatioon system implemented my people who know how to pick the best ideas from current research and invent a few of their own.

2) EBay seller rankings. These can also be attacked and tweaked, but even when money is involved (making the incentive for dishonest behavior very high, much more so than any p2p system will ever have to deal with) EBay manages to keep fraud to a manageable level and recent research into seller/buyer identity-blinding and reputation cluster filtering can make the seller ranking system even more attack-resistant.

3) Amazon buyer ratings and recommendations. Yet another example of a real-world distributed trust management system.

4) Advogato is a community forum site that implements some of Raph's Ph.D. work in reputaitons and distrubted trust management to create a flow-constrained reputation system that has some very good attack-resistance characteristics. Raph has been running Advogato using his distrubted trust metric for several years now.

5) Pattie Maes' agents group at MIT, specifically the Yenta reputation clustering system but just about everything to come out of this group is a source of good ideas and practical research in this area.

6) Check out some of the available research bibliographies (like this) and places like citeseer for other research in the subject.

One thing you will notice about these real-world examples is that none of the systems tries to be "perfect", just good enough to get the job done.

To protect against charges of having simply (and illegally) copied IBM's BIOS, Phoenix reverse-engineered it using what's called a "clean room," or "Chinese wall," approach. First, a team of engineers studied the IBM BIOS--about 8KB of code--and described everything it did as completely as possible without using or referencing any actual code. Then Phoenix brought in a second team of programmers who had no prior knowledge of the IBM BIOS and had never seen its code. Working only from the first team's functional specifications, the second team wrote a new BIOS that operated as specified.

This is what Whitfield Diffie refers to as the "marijuanaization of crypto": a majority of interests think the law is dumb and it is widely flouted, but for various reasons it stays in place, partly because many police would need to find useful jobs if it were removed.

--
0x60a15ec5

Would this also work with email virus? I think it would since the virus would also have a defined patern to it and the program would pick it up after the first one.

I actually proposed this on Advogato many moons ago, in February of 2001.

-Waldo Jaquith

This person that we're talking about, takes advantage of this generously donated hardware and his position on the network, and advertises a donation space for his own private needs (somegeek.org, at one point, mentions various monetary needs that this donation effort has gone to, which includes gas bills, cell phone bills, and of course there's that business-class DSL line.

Aside from that, complaints that he is using his position on the network irresponsibly, quite possibly unethically, almost definitely illegally, are met with scorn and derision--those who bring the issue up are of the "vocal minority", those who try to reason are "trolls", and those who voice their opinions are silenced (this is the best one, if you don't read any of the other links, read this one at least).

I've had my fill.

I think peer based trust will rapidly become essential element of P2P. Digital signatures for identity authentication combined with some kind of peer based trust combined with some kind of network resource allocation based on trust seems like the way to go if the RIAA is going to start trying to infiltrate the networks.

The advogato trust metric and slashdot's moderation system are the most prominent implementations that try to solve the problem of peer based trust. It clearly needs more research.

I spent 18 months at an Open Source company, and never spent a single hour during company time in 18 months working on anything Open Source, including my own Open Source projects. I was certainly "expected" to put in 10+ hour days on the weekends though, without any additional compensation "for the good of the company".

Many Open Source developers are unemployed right now and still looking for work (259 days and counting for myself), and still contributing 100% of their time to their projects, while the "industry" at large continues to fire and lay off more and more qualified developers in the interest of "quarterly revenues". Trust me, nobody is getting more than half of their income from any company for working on projects that are given away gratis as the above slides lead you to believe.

I also reject the assertion that Sourceforge is leading the way in this regard. Sourceforge has been drifting for quite some time, and thousands of developers are leaving Sourceforge for want of better services every week. You don't see that on the surveys though, do you?

Enjoy :)

Michel

.net is simply recognizing the reality that the Internet is a dynamic medium, and it requires a new way of designing programs; a way that makes using the Web identical to using your computer locally. All of the examples I just gave can be done now with existing programming tools on any platform, but .net makes it much easier and more straightforward.

Am I the only one believes that things shouldn't be worked this way? We rely on the very same company who open up the opportunities of exploiting thousands security holes to bring the majority closer to the Web? If you makes web experience too transparent to users then more and more security problems would be surface. Do not expect all users know what they are doing.

If/when the time comes that Microsoft decides to cut off .net for Apache support, Mono will be ready to take its place.

If Microsoft chose to cut it off from Apache, then I don't think Mono could go on. What if the same thing happened to NTFS happen to any part of .NET? Apache and Mono will be screwed then.

Forgive me if I'm being too paranoid in this, but in view of the track record of MS in security and legalese, I don't have much confidence in the future of non-MS implementation of .NET.

Nevertheless .NET will shine in MS platform though, I must admit.

Here's some information about the VirtualDub case, for those who aren't familiar with it already.

(Unfortunately, it seems that the VirtualDub author has removed his really old news, so this isn't directly accessible at the VirtualDub web site anymore.)

One of the comments links to a article with a picture of the president and Bill Gates: PRESIDENTE TOLEDO SUSCRIBE CONVENIO CON BILL GATES

There's a good story on Advogato about just this thing, provides more info about the current state of play.
(Unfortunately the 3rd, and most informative, comment is by a guy miffed that /. didn't accept his story!)

• Playing with Linux RAID
• The physical layout of the ext2 filesystem

Also, the Open Source Development Lab's Japan Development Center was kind enough to recently translate a couple of my Linux kernel testing articles into Japanese:

• Why We Should All Test the New Linux Kernel - Japanese - English
• Using Test Suites to Validate the Linux Kernel - Japanese - English

I would personally be quite stoked if anyone translated any of the articles to other languages. There is also an article on web server application testing as well as one on C++ programming. I have more planned and invite others to contribute articles that have the general aim of improving the quality of Free Software.

• Playing with Linux RAID
• The physical layout of the ext2 filesystem

Also, the Open Source Development Lab's Japan Development Center was kind enough to recently translate a couple of my Linux kernel testing articles into Japanese:

• Why We Should All Test the New Linux Kernel - Japanese - English
• Using Test Suites to Validate the Linux Kernel - Japanese - English

I would personally be quite stoked if anyone translated any of the articles to other languages. There is also an article on web server application testing as well as one on C++ programming. I have more planned and invite others to contribute articles that have the general aim of improving the quality of Free Software.

For example: there could spring up various independent directories of MD5 checksums for songs known to be either good or bad. Various individuals could maintain these by hand, or P2P clients could allow the users to collaborate on such a shared directory by allowing users to simply click a button to associate a "trusted" or "untrusted" score for an individual file. File scores could then end up being aggregated into a reputation for a given person. Someone impugned a lot would get a bad reputation for sharing bad files, but allowing meta-level moderation (not unlike that in slashdot) could make this work both ways: someone who repeatedly impugns someone who actually deserves a good reputation would themselves lose reputation points.

An example of a trust metric can be found here.

check out distcc while you're at it. from Martin Pool.

It is worth pointing out here that, as mentioned in the linked yahoo story (also appeaing in news.com), Microsoft's corporate vice president in charge of the innards of Windows, Rob Short, has been questioned over the CIFS license issue by the states' lawyers. It is interesting to see what kind of impact will the anti-GPL CIFS license have in the outcome of the trial.

If (at least in some states) source code is free speech, and games are just the result of that code, I don't see how this is going to hold up under appeal. IANAL (obviously).

Gates claims today Microsoft's efforts to open its APIs and protocols to developers, so they can develop programs that interoperate with Windows, are enough.

Then the nine states should question Gates over the recently publicized CIFS license incident, asking him why are GPL developers excluded?

See related article/discussion on Advogato from a few days ago.

Of particular interest is that it discusses using trust-metrics, in a similar way to Advogato itself, so as to differentiate between good and not so good translators.

Of particular interest is that it discusses using trust-metrics, in a similar way to Advogato itself, so as to differentiate between good and not so good translators.

Heh, the PigeonRank page is definitely the best April Fools joke so far.

As part of my PhD research, I've been doing some analysis of the PageRank algorithm. A few weeks ago, I did some analysis of the attack-resistance properties, and found that it is one of two known instances of an attack resistant trust metric (the other being Advogato. To me, this is pretty exciting, as it would seem to support my belief that trust metrics have much wider use than the PKI-like applications that originally motivated my research.

The analysis of PageRank is in Chapter 6 of my thesis-in-progress. Also in the chapter is a discussion of how to apply the trust metric to more general metadata, as well as a distributed network model of the trust metric.

Serious hackers will also be interested in my spiffy research implementation of PageRank.

I'm very much interested in connecting with others who understand and appreciate these results. Lord knows why I'm posting to Slashdot... oh well, time to go back to feeding my pigeons.

• Marcelo Tosatti's homepage is here.
• There is also the Marcelo The Wonder Penguin site that has some info about him, but is currently down (Google cache).
• Advogato personal info
• Slashdot interview from December.
• Freshmeat has his comments on the kernel (scroll down a bit).

The mirror at http://www.linuxalpha.org seems to be online.

And, RedHat, hasn't given on the Alpha yet, RedHat 7.2 *will* be comming out. They've done a deal with Compaq: see Phillip Copeland (Bryce)'s diary

But, you're right, more Alpha hackers are always welcome.

• A sourceforge project with no files uploaded, no description, and a few messages asking, "What happened?"
• A glossary which describes SnapFS as "A defunct experimental filesystem". There's also a broken link to linuxcare.com.au/projects/snapfs .
• A diary entry from somebody named Martin Pool. On 18 August 2000 he writes,

  I wrote up some documentation for my snapfs filesystem, which has been shelved for some months now. I get mail every so often asking what happened to it, so it seemed good to answer it once and for all. Perhaps I'll get back to it eventually.

  
  
• And of course, Mountain View Data (or the equivalent snapfs.org), which now owns the project and seems to have renamed it "MVD Snap". But there is very little information here, and nothing to download.

Thanks to everyone for all the help!

Have you not seen my rants aboutSony blatently and knowingly being in direct violation of the GPL. You can be certain that they are not going to give you a single line of that source code.

After those stories were posted, and my comments made their way around the world, I received HUNDREDS of emails from people who worked with and for Sony, both as employees and contracted partners. They are doing this in a lot of places, not just with the PDA stuff I support and have consistantly called them on.

Here's an excerpt from one of those emails, sufficiently anonymized to protect the innocent:

For what it's worth I don't think that's the only GPL violation Sony is making. I work on [very high profile Sony gaming product] development tools here at [insert very well-known tool development company here] and I have several patches from Sony to [very well known GNU toolchain item here] for the [high-profile gaming product] but not their original sources to patch against. Plus some sources they compile/link into [same GNU toolchain item here] which they claim are proprietary and not provided.

I don't trust them as far as I can throw their Aibo, 43" flatscreen HDTV, and 200 of their PDAs, and I also would not pay them a single dime to help fund their further violating of a license I believe in strongly, and also to line the coffers of the RIAA (note how "proudly" the RIAA touts Sony on that page) and support more of their audio copy protection schemes.

Where do you think this $199.00 really goes?

Have you not seen my rants aboutSony blatently and knowingly being in direct violation of the GPL. You can be certain that they are not going to give you a single line of that source code.

After those stories were posted, and my comments made their way around the world, I received HUNDREDS of emails from people who worked with and for Sony, both as employees and contracted partners. They are doing this in a lot of places, not just with the PDA stuff I support and have consistantly called them on.

Here's an excerpt from one of those emails, sufficiently anonymized to protect the innocent:

For what it's worth I don't think that's the only GPL violation Sony is making. I work on [very high profile Sony gaming product] development tools here at [insert very well-known tool development company here] and I have several patches from Sony to [very well known GNU toolchain item here] for the [high-profile gaming product] but not their original sources to patch against. Plus some sources they compile/link into [same GNU toolchain item here] which they claim are proprietary and not provided.

I don't trust them as far as I can throw their Aibo, 43" flatscreen HDTV, and 200 of their PDAs, and I also would not pay them a single dime to help fund their further violating of a license I believe in strongly, and also to line the coffers of the RIAA (note how "proudly" the RIAA touts Sony on that page) and support more of their audio copy protection schemes.

Where do you think this $199.00 really goes?

Games are written in C++ these days. Portability is more
This is no more an issue in the latest dev tools Apple a rereleased a functional Objective-C++ compiler. This is the tool with which abiword is being ported to macosx.

Plucker uses a completely different, server-independant solution to gather content. It is de-centralized, and does not rely on a single point of failure. It is client-driven, not server driven. Here's some other reasons why Plucker exceeds AvantGo:

• Plucker has two forms of compression (zlib/doc), AvantGo does not.
• Plucker supports 12 languages, AvantGo does not.
• Plucker supports local files (file://tmp/foo.txt) and intranet (including https://) content, AvantGo does not.
• Plucker supports runtime image scaling, panning, zooming via the parser ([alt]maxwidth, [alt]maxheight), AvantGo does not.
• Plucker allows runtime bit-depth changes in the viewer. AvantGo does not.
• Plucker is an 85k footprint on the Palm, AvantGo 4.0 is 399k, without content.
• Plucker supports Gestures, Autoscroll, Tap Navigation, and Hardware button configuration options, AvantGo does not.
• Plucker is free and open source, under the GNU General Public License, AvantGo is not.
• Plucker does not require that you have your Palm with you in the cradle to gather, sync, and create content. AvantGo does.
• Plucker uses an openly-documented data structure format, and integrates with other parsers and gathering applications like SiteScooper. AvantGo does not.
• Plucker works on 11 platforms, 5 operating systems (with varying degrees of difficulty), AvantGo supports 1.5 OS' (Windows, and "almost" Macintosh).
• Plucker does not "restrict" what websites can do with their own content, AvantGo does.
• Plucker supports multiple instances of the same content (NYTimes with images, NYTimes with color, NYTimes without images) loaded at the same time, AvantGo does not.
• You can beam your Plucker content to another Plucker user, with AvantGo you cannot.
• Plucker offers 5 font choices, AvantGo offers 2.
• Plucker does not have a maximum file size limitation; spider 20 meg databases if you want, AvantGo limits you to 200-300k.
• Plucker does not "block" content. AvantGo does.
• Plucker does not "charge" for usage of Plucker, nor "fine" people for using it too much. AvantGo does (and steeply, at $6,000 per year if you exceed "contract" usage rates.

Also, if AvantGo was the leader in this space, why are dozens of other companies moving to using Plucker instead?

• Fling-It (geared for classroom settings, direct "fling" of webpages from browser to Palm)
• BrowserG!
• streetbeam (infrared "beaming kiosk" stations, now interested in moving to Plucker)
• And let's not forget our friends at Bluefish who are in clear violation of the GNU GPL by taking Plucker source, closing it off, and distributing binaries made from it, without source, with Plucker attribution removed, and their names replacing it.

• Plucker has two forms of compression (zlib/doc), AvantGo does not.
• Plucker supports 12 languages, AvantGo does not.
• Plucker supports local files (file://tmp/foo.txt) and intranet (including https://) content, AvantGo does not.
• Plucker supports runtime image scaling, panning, zooming via the parser ([alt]maxwidth, [alt]maxheight), AvantGo does not.
• Plucker allows runtime bit-depth changes in the viewer. AvantGo does not.
• Plucker is an 85k footprint on the Palm, AvantGo 4.0 is 399k, without content.
• Plucker supports Gestures, Autoscroll, Tap Navigation, and Hardware button configuration options, AvantGo does not.
• Plucker is free and open source, under the GNU General Public License, AvantGo is not.
• Plucker does not require that you have your Palm with you in the cradle to gather, sync, and create content. AvantGo does.
• Plucker uses an openly-documented data structure format, and integrates with other parsers and gathering applications like SiteScooper. AvantGo does not.
• Plucker works on 11 platforms, 5 operating systems (with varying degrees of difficulty), AvantGo supports 1.5 OS' (Windows, and "almost" Macintosh).
• Plucker does not "restrict" what websites can do with their own content, AvantGo does.
• Plucker supports multiple instances of the same content (NYTimes with images, NYTimes with color, NYTimes without images) loaded at the same time, AvantGo does not.
• You can beam your Plucker content to another Plucker user, with AvantGo you cannot.
• Plucker offers 5 font choices, AvantGo offers 2.
• Plucker does not have a maximum file size limitation; spider 20 meg databases if you want, AvantGo limits you to 200-300k.
• Plucker does not "block" content. AvantGo does.
• Plucker does not "charge" for usage of Plucker, nor "fine" people for using it too much. AvantGo does (and steeply, at $6,000 per year if you exceed "contract" usage rates.

Also, if AvantGo was the leader in this space, why are dozens of other companies moving to using Plucker instead?

• Fling-It (geared for classroom settings, direct "fling" of webpages from browser to Palm)
• BrowserG!
• streetbeam (infrared "beaming kiosk" stations, now interested in moving to Plucker)
• And let's not forget our friends at Bluefish who are in clear violation of the GNU GPL by taking Plucker source, closing it off, and distributing binaries made from it, without source, with Plucker attribution removed, and their names replacing it.

Microsoft claims they are - they patented the ASF file format, and forced the author of VirtualDub to remove ASF reading support from his program. See http://www.advogato.org/article/101.html.

A quote:

Today I received a polite phone call from a fellow at Microsoft who works in the Windows Media group. He informed me that Microsoft has intellectual property rights on the ASF format and told me that, although I had reverse engineered it, the implementation was still illegal since it infringed on Microsoft patents.

You're probably more interested in the sections about "Anti-Abuse" features. Comment filters are described, along with their failings, and the example of how to modify Slash code itself involves making the filters less strict to posters with karma above an administrator defined level. It also describes things like IP and Network blacklists.

I don't know why, but the idea of the rating system being open gives me the creeps. The problem I see is that if the implementor/developer/whatever is a "benevolent tyrant", everything is fine; otherwise you could very well participate in a slash-powered blog that springs a totalitarian trap on you, the unsuspecting reader, at any time. What I like of Advogato is that the rating system is tunable but very difficult to subvert without replacing it wholesale; after all, you can't change much Warshall's algorithm.

Of course I'm aware that this is not of your concern, and Open Source being what it is the possibility for subversion is no more and no less than with any other piece of software; my question is then whether there are more robust rating systems or not, in the sense that subverting them would radically alter the "look-and-feel" of the blog.

(So am I, and I don't know anyone who is capable of doing this. Raph may, though -- he's discussed it before.)

Microsoft did use its patents on the Active Streaming Format to block an open-source implementation. VirtualDub once supported editing ASF files but the author was forced to remove it. Granted this wasn't a patent Microsoft purchased, and in many cases Microsoft is using things other than patents to block rivals.

Perhaps I should have selected "Technology" rather than "Science". Anyway, I found it at robots.net, another mod_virgule site. Get your robot news there first!

The original divx (3.11) WAS the Microsoft MPEG4 codec used in their WMV/ASF files. The intrepid hackers ripped the codec so it could also be used to encode unprotected AVI files. There's nothing really wrong with the codec, it just has a lame copy-protected patented file format wrapped around it.

What you're saying is that you'd ilke to use Advogato. The term that you're looking for is a "distributed trust metric."

Actually, I think the poster got it on the nose. Affinity is a better term for this than trust. Just because I enjoy reading someone's posts doesn't mean I necessarily "trust" them. It's a whole different concept than that used in public-key cryptography. 10% affinity is meaningful; 10% trust is not.