Slashdot Mirror

If this feature takes off, I'd like to see a "distributed affinity" system implemented, similar to Google's PageRank system [google.com]. If I call a particular poster a friend, then anyone whom they call a friend gets an X% boost in my ranking, anyone they call a friend gets an X©/100 boost, and so on.

What you're saying is that you'd ilke to use Advogato. The term that you're looking for is a "distributed trust metric."

-Waldo Jaquith

Interesting links, but they still leave open the device profiling cost, and their web pages smack of amateurism. Have there been any comparisons between their print quality and the quality of commercial color management systems? The field is littered with color management systems that never produced consistently good prints, and lacking any comparative data I'm skeptical that these two amateur projects have beat the trend.

A Google search did not turn up comparative or review information on either project, except for this negative user review of Argyll. I did turn up this page of free color management links, but no feedback from publishers or designers on how well any of them work.

Tim

Wilfredo Sanchez, Darwin developer:

28 may 2001 [...]But there were some cool things about the keynote. One is that Apple has truly come about on the Unix front. There was a time when I had lunch with Jason Thorpe of NetBSD, and we were talking about Apple and NetBSD working together. Jason was very helpful, and NetBSD played a key role in getting the BSD subsystem in Rhapsody (which fed into Darwin/OS X) updated. (That work is by no means complete, but it got a lot better.)[...]
Diary + other info on Sanchez

Currently FreeBSD is the BSD reference platform for Darwin (the core of MacOS X).

I wonder about a 'trust metric'. Not so different from Advogato or the way PGP trusts keys. You start with a list of public keys you trust and their individual levels of trustworthiness. You can then calculate the relative level of trustworthiness based upon the signatures attached to a resource (software package, etc.) and your cumulative level of trust in those sigs. Trust can also be indirect. For example, if a package is not signed directly by someone you trust, but signed by many people they trust, you may calculate some fractional trust based upon that fact. There is no central authority, which makes it much more difficult for a third party to compromise.

As with all trust systems, you must completely trust your private key and the software used to calculate the trust metric. Given that, though, you can then extend that trust to many unfamiliar resources. The best thing about this is that the academic and technical know-how to implement this system is well understood and reasonable to implement. The worst thing, of course, is that it requires each individual to be vigilant about who they trust and not just blindly believe an authoritative third party (aka Verisign).

For an interesting discussion, please see Advogato's explanation of their trust metric.

I wonder about a 'trust metric'. Not so different from Advogato or the way PGP trusts keys. You start with a list of public keys you trust and their individual levels of trustworthiness. You can then calculate the relative level of trustworthiness based upon the signatures attached to a resource (software package, etc.) and your cumulative level of trust in those sigs. Trust can also be indirect. For example, if a package is not signed directly by someone you trust, but signed by many people they trust, you may calculate some fractional trust based upon that fact. There is no central authority, which makes it much more difficult for a third party to compromise.

As with all trust systems, you must completely trust your private key and the software used to calculate the trust metric. Given that, though, you can then extend that trust to many unfamiliar resources. The best thing about this is that the academic and technical know-how to implement this system is well understood and reasonable to implement. The worst thing, of course, is that it requires each individual to be vigilant about who they trust and not just blindly believe an authoritative third party (aka Verisign).

For an interesting discussion, please see Advogato's explanation of their trust metric.

Thanks to Rob Levin (lilo) of openprojects for inspiring the formation of several new irc networks. With masters like lilo to guide the IRC world to new levels of hospitality and `niceness' as well as governmental legitimacy through incorporation, and in turn, solving the age old problem of how to pay for all the necessary expenses incurred in day to day operations, the IRC world has truely never been in a better state. Sure a few servers will always be de-linking, but there's always someone ready to pick up the torch and keep on.

What makes the difference in a distro is the set of policies and procedures that make the distro something recognizable. If those are comprehensive, enforced, and automated enough, it becomes possible to trust the distro from release to release.

The infrastructure of the Debian distro has flowered as the "apt-get" tool and its related GUI applications (gnome-apt, aptitude, deity). Apt-get makes a Debian system far easier to maintain, and keep up to date and secure, than any other. Debian policies and package tools make it possible to use safely. Apt-get without all the infrastructure beneath would be too dangerous to trust.

For more detail on the topic, see the Advogato posting.

If DeCSS is ruled illegal under the Digital Millenium Copyright Act and ruled as free speech under other laws, see here. Isn't this just evidence that the Digital Millenium Copyright Act limits free speech?

I know that the Bunner case is not a complete victory, it's just the preliminary injunction against him was overturned but still.

The Sistina way does work. Aladdin (the Ghostscript people) have been using it for years. The only difference is that they didn't behave in a sneaky way.

Raph Levien, the current Ghostscript maintainer, has a variety of rants and rambles about this very topic in his diary.

7 Nov 2001 (updated 7 Nov 2001)

Bash bashing

Let me state that I have nothing against bash itself. I know it's a very fine, full featured shell with many interesting improvements over other shells. Most, if not all, Linux distributions use it as the system's /bin/sh, which is also fine, but it's the fact that it leaks bash-isms when invoked as sh that is somewhat disturbing. First of all, it allows the creation of a multitude of /bin/sh scripts that are not compatible with the Bourne shell -- replace /bin/sh by ash in your system to see the extension of the damage. Now take your bash-contaminated /bin/sh scripts and try to run them in other, erm, Linux-like systems such as commercial SysV or even BSDs. You can try /bin/ksh, but it won't work in all cases, and you'll be forced to use bash. That's, IMHO, very Microsoftian in nature. It's embrace and extend.

What I advocate here is that bash scripts must use #!/bin/bash, not #!/bin/sh. Let Bourne shell scripts use #!/bin/sh, Korn shell scripts use #!/bin/ksh, C shell scripts use #!/bin/csh and so on. Let's stick on standards. It just makes sense!

this might be useful. hasnt been updated in a long time though

Like other major distributions, the brazilian Connectiva employs many people closely related to Linux development.

Marcelo Tosatti was recently announced as the new head mantainer over the 2.4 stable kernel tree. Rik Van Riel is known for his work in the memory management subsystem and Arnaldo Carvalho de Melo works with IPX.

The point here is not to praise Connectiva (or Red Hat or anyone), but to notice that it is perfectly possible to run a profitable company and care for the development community at the
same time.

You may want to link the original article posted in Advogato: here.

FSFE is providing also French and German versions with other translations (Spanish/Portugese/Italian) in the way.

You may want to link the original article posted in Advogato: here.

FSFE is providing also French and German versions with other translations (Spanish/Portugese/Italian) in the way.

Chris DiBona

It also says that Alan Cox will take over 2.4 once 2. 5 is opened which is wrong...

Just in case somebody doesn't believe you, here's the proof.

Since you asked, and everyone else will want to know..

Here is some info on our new maintainer..

Marcelo works for Connectiva. He lives with "Rik". He looks like this.

His weblog is here.
His "homepage" area is here

And I gotta say.. impressive to get that level of responsibility at his age..

Apparently not. The director of Sourceforge responded on Advogato about this rumour.

To be a lot more effective such announce should be spread a little bit more.

Mozilla will be the browser for many alternative OSes (read OS/2, BeOS, Linux, Qnx, Aix ....). Some of these OS already back up the mozilla project , and donate engeeniring forces to the project thats good but for other OSes, distro etc it's not the case So i sugest this announce to be publihed on sites like :

advogato

Beunited

QnxStart

I don't know any windows related sites, but adnantech should do it.

This announce should also be mailed on developing mailing lists like apple's darwin developement list
.

Anyway a lot of great doc are available here and are good sartup point. Sometimes ago some video detailling how to dig in the code where available on mozilla's web site (but I can't find them right now).

However they do not habitually go in for some of the stoopid lawsuits beloved by other CEOs, possibly because they are often the subject of stoopid suits themselves.

I think the reason MS has been subject of those lawsuits, because they have been the ones that have been stealing markets by bundling and undercutting prices. Now that OSS is doing the same and MS is the victim, the tables are turning

If it were done as a trust network it would be much more meaningful.

Weight the trust passed on to people you certify (via feedback) using both the value of the item and the trust of the certifier.

A more useful metric of how trust worthy someone is would then be based on a combination of:

1. the number of items sold
2. the cost of the items sold
3. the trustworthiness of those who certified you

Do this and keep seperate ratings for buying and selling and enjoy the results!

Remember the old articale about the dude who grants use of certain patents for GPL:ed projects? Wink, wink!

(Or alternatively Bradley Kuhn, as they seem to be the persons on slashdot that might have some insight)

How does the RTLinux case differ from Raph Levien's patent grant discussed on Advogato. On a quick look they seem to be identical, and Bruce Perens wrote at the aforementioned discussion:

Decklin: RMS and I discussed this a long time ago. If a patent grant allows free use of the patented principle in GPL software, that is sufficient to satisfy the restriction that the patent must be licensed for everyone's free use. GPL code is free for everyone to use.

I read a good comment on this quote on advogato today:

"An eye for an eye" does not mean that if someone takes your eye, you should take their eye... it means that if you take someone's eye, yours will be taken.

Worth some thought, in my opinion... of course, I'm in the UK and therefore not quite so inclined to be thinking about blowing up the middle east right now.

My sincere and heartfelt sympathies to all touched by the events of this week.
Denny

The question is, will they be enforced? .NET has certainly those too, and it is feared that MS will enforce them against open source implementations (which cannot license them). Microsoft isn't known for enforcing its patents offensively, but in the one known occasion it has, it was against an opensource project.

What about all the patents related to jpeg2000 and mpeg4 ?
It seems most (or at least some) of them were requested and granted just when the relevant technology/algorithms got accepted into the standard. (See also this article)
As the article on advogato mentions : why can't ISO/ANSI/whatever enforce policy stating that no patented work should be included in standards released by it ?

Suppose you are using some Free Software in your business. You find a bug or discover you need a new feature, so you take care of it (or hire it done) yourself. Then you have what you need, and you don't really have to do anything else.

However, a new version of the program will soon be released. You must decide whether you want to use the new version, and if so you must integrate your changes into it. This happens each time a new version comes out. If you were to send in your changes and get them integrated into the mainline code, each new version would already have your changes.

As long as you keep your changes private, nobody else is using them. Once your changes get integrated into the mainline code, other people start using them, and improving them. As a result, each new release of the program not only has your changes integrated, it may have improvements on your changes.

Thus, publishing your changes (1) cuts your own workload and (2) attracts free assistance from others with similar needs. The process doesn't depend on altruism or a sense of community, although many people are also motivated that way. It doesn't depend on people working to establish a reputation, although many are. It doesn't depend on proprietary alternatives being intolerably restricted, expensive, or buggy, although they often are.

well i specifically mention ms a lot because the number of ms platforms out there with well-established and really quite important dce/rpc applications far exceeds those available on unix (most likely because dce/rpc has not been available up until now as open source...)

you are right: DCE/RPC was originally developed for Unix, although it includes support for ECBDIC, VMS and IBM floating-point representations as well as ASCII and IEEE fp.

it was developed by Apollo/HP as NCA 1.0. see http://advogato.org/article/333.html for a little more of the history and details, including comments from one of the people who worked on dce/rpc for the OSF. [Sun were *not* involved: they _really_ didn't want DCE/RPC to take off :) :)]

TOG's license of $100,000 is for an unlimited distribution binary-only license, i believe: the top rate you ever have to pay.

[but _why_ pay, when freedce is there? :)]

yes, The Open Group have considered releasing their code - under the LGPL. however, their charter, written by the people who _gave_ them the code, doesn't allow them to release under alternative licenses without permission.

so, it's with the lawyers. basically, the dce 1.22 codebase is stagnating, they've lost the plot [all of the programmers and most of the documentation except that which is on-line, already] and so are having a hard time :)

i wish them well, because i want that code out there and to be taken up again!

http://www.advogato.org/article/101.html

I knew something this would happen. Y'all can bitch about Dell all you want (no, I didn't know that you could get Red Hat desktops or laptops, either), or about people being able to install it themselves, or whatever, but the fact is that this is a minor PR disaster for Linux and for Open Source.

I think the worse part is that the comments from Dell ("the productivity suites just aren't there"..."the biggest growth is on the server") are totally true. Sure, we all think that KOffice and Star Office are just grand, but the average consumer sure doesn't think so.

Hooray to Sun for their recent Gnome recent UI testing, and kudos to KDE and Jono Bacon for their new (less-formalized) UI testing via the KDE Usability Project. Let's hope that the result of this is Dell picking up Linux again in six months.

But in the meantime, let's not fool ourselves: this is bad.

-Waldo

I knew something this would happen. Y'all can bitch about Dell all you want (no, I didn't know that you could get Red Hat desktops or laptops, either), or about people being able to install it themselves, or whatever, but the fact is that this is a minor PR disaster for Linux and for Open Source.

I think the worse part is that the comments from Dell ("the productivity suites just aren't there"..."the biggest growth is on the server") are totally true. Sure, we all think that KOffice and Star Office are just grand, but the average consumer sure doesn't think so.

Hooray to Sun for their recent Gnome recent UI testing, and kudos to KDE and Jono Bacon for their new (less-formalized) UI testing via the KDE Usability Project. Let's hope that the result of this is Dell picking up Linux again in six months.

But in the meantime, let's not fool ourselves: this is bad.

-Waldo

This certainly looks familiar.

;)

No, I did propose something along these lines on Advogato back in February in a piece entitled "Realtime Worm Filtering System," but I'm not accusing the author of ripping off my blatently-obvious and not-uncommon idea. That system is intended to stop worms, obviously, and not spam. Worms tend to be easier to stop because they're seldom wholly polymorphic, often retaining enough similarities that collaborative filtering is quite feasible.

-Waldo

A crisis such as this one is an important test case for Slashdot as an organizing medium for the tech community. In this instance, Slashdot has completely failed. Even just reporting about the protests would not have been enough, you need to motivate people to take part in such a protest shortly before it. Show images, link to videos, post a permanent story on the front page -- that singals importance. You have to reach people's emotions to get them off their asses (and for that, you have to get off your own ass, Hemos). Do you think CmdrTaco and Hemos will understand that? Or will anyone who points out their failure simply be moderated down? Slashdot is a site with great political potential -- but in spite of years in the making, it has failed to realize its potential so far.

Visitors only have a limited viewtime per day. Do you really want to give that all to Slashdot, if it degenerates into a fake community site primarily giving you a highly filtered digest of CNN, ZDNet, Wired News and press releases? If this is not a test case -- an unjust arrest, an unconstitutional law, rallies all over the nation --, then what is?

You may want to check out some alternatives:

• Kuro5hin is a user-moderated community with a wide scope of topics (specific issue-related stories are usually voted up by the users if well-presented, stories are not typically one-liners like on Slashdot. I've never seen a really good story voted down on K5)
• Advogato is a very open community with trust-based moderation that has often discussed issues related to information freedom
• Indymedia is a leftist general community news outlet that sometimes has tech stories as well
• infoAnarchy is a Scoop-based weblog discussing issues of copyright and information freedom which I edit (here's my summary of Dmitry's case)
• Wes Felter's weblog is a pretty good digest of current tech-related events
• Radio Userland allows you to automatically compile a personal digest from many web news-sources using RSS (Windows and MacOS) -- if Slashdot is only mainstream news, you might as well use a tool like this one

Others?

--

Advogato creator Raph Levien is working on this for his thesis.

... Reading through these posts, though, I get the feeling that you all appear to be VERY unorganized and are making me wonder if this is the correct place to be.

I hope you aren't seriously taking Slashdot readers as somehow representative of Linux developers. Most of the people here are just a bunch of wanking 14-year-olds mouthing off from their parents' basements (with an occasional post by Bruce Perens thrown in). Wait until the formal announcement next week from Ximian for a sound, rational proposal from the actual GNU/Linux development community.

Nothing could help bring Linux to the backend for corporations more so than this... OpenMail and Mailone are costly, and OpenMail is also now dead. This is a needed project!

You think that's bad?

I started reading Advogato..
--

Minor correction (probably a typo): the link to Advogato should point to www.advogato.org. The direct link to the article is correct.

You can find more information about this at Advogato where one of the guys involved in this posts about his experiences.

It also contains some technical evidence as to which functions were lifted and how they know.

They similarly hold patents on TrueType fonts, which are a blatant obvious extension of SOME aspects of TeX's Metafont.

Yes: they both describe fonts, they both have rasterizing hints... so what? Is Airbus blatantly obviously extending on Boeing's work by designing planes that happen to fly and use the same number of wings?

First of all Metafont existed at least 10 years before TrueType fonts existed.

Second, TrueType uses quadratic splines, compared to Metafont's cubic splines.

That about sums up the improvements. Metafont was never patented. Knuth has talked a little bit about technical comparisons of the two. Apple took something made freely available to all, made a trivial improvement, and locked away the intellectual property for 17 years. Now, if Knuth had done the same with Metafont, there is little doubt that TrueType NEVER WOULD HAVE EXISTED.

link to Knuth interview

Its just deceptive that they are passing themselves on as nice-guy open-source type of people when they have no intention of giving back to the community.

Apple has contributed a complete microkernel-based Unix operating system, with source. Their paid engineers donated bug fixes to the NetBSD code base. They gave support to inter-BSD groups working on cooperative development. While he worked at Apple as chief Darwin engineer, Wilfredo Sanchez was also a member of the core development groups of Apache, FreeBSD and NetBSD, as well as contributing to countless other projects (MIT Kerberos 5, Perl, Sendmail...). Though he's changed companies, Sanchez is still active in Darwin development as well as other community projects.

Darwin is a pretty big deal for some of us. I have powermac hardware that is currently running Linux, but Darwin adds another option and sometimes supports devices that Linux doesn't. It is also among the only modern microkernel operating systems available to the Open Source community. But lest you think a complete Unix OS is too little to "give back to the community," Apple has also released an Open Source (admittedly not Free) streaming media server (!), network game development library, and some development tools.

Only a handful of profitable companies have done more for the community. I think your criticism was misplaced.

I tried to address this in a recent article on Advogato. I've gotten some great feedback on the system, but I'm yet to hear of an implementation of this system. If I had the know-how, I'm implement it myself, but that's not my bag.

-Waldo

I tried to address this in a recent article on Advogato. I've gotten some great feedback on the system, but I'm yet to hear of an implementation of this system. If I had the know-how, I'm implement it myself, but that's not my bag.

-Waldo

Sorry to spoil your Illusions but most /. readers are the Digerati.

Most /. readers are trolls, newbies, wannabes, larval stage or just plain linux fashion victims. The digerati are elsewhere, believe me...

Burris

You are quite right about trust. The term is "Distributed Trust Metrics" ... At the O'Reilley P2P conference, Zooko of Mojo Nation and Raph of Advogato gave a presentation on "Attack Resistant Metadata." Presumably a system of that sort will be integrated into Mojo Nation in the near future. For it to work your system needs hash based identification of data and signed metadata.

Burris

Check out Ludwig van on Advogato and also developer Cody Russel's page there.

Michael D. Crawford
GoingWare Inc

Check out Ludwig van on Advogato and also developer Cody Russel's page there.

Michael D. Crawford
GoingWare Inc

Check out Ludwig van on Advogato and also developer Cody Russel's page there.

Michael D. Crawford
GoingWare Inc