Slashdot Mirror

So the choice will be between a GPL'd Java backed by Sun and an Apache (2.0) Licensed Java backed by IBM, Ericsson, RedHat, the Apache Software Foundation and others. I think I'll probably go with option two...

Yeah, but does this include the libraries? There are tons of open source implementations of the Java tool chain (VM/compiler). No one cares about Sun open sourcing the Java tools. It's the libraries that has everyone excited, since it's the libraries that Sun continuously bloats that makes being 100% compatible with Sun's Java practically impossible.

Of course, if they are GPLing the libraries, then as a Java developer, that means I'll have to start learning C#. Sorry, but I have to make a living, and if I can't make it off of creating Java software, then I'll move to the competitor. GPLing the libraries would be a certain way to kill Java dead.

So - which is it? The Java VM/compiler, which is useless, or libraries, which will kill all commercial Java development?

Ironically, if they do GPL the libraries, it will also kill off all the open source work I do with Java, since all of that is under the Apache 2.0 license, which is incompatible with the GPL. So this isn't just a commercial versus free thing, GPLing the libraries will also kill off a LOT of open source Java work.

Open Source doesn't mean better, Open Source simply means that it's worked on by the comunity and it's content can be verified by an individual outside of those that prdouced it. I've no intention of looking at the code of my drivers, so why do I care if they are open or closed source?

Because others can, and (hopefully) will, find and fix the bugs. Closed source doesn't allow that opportunity. You don't have to be the bug fixer to benefit from a bug being fixed.

Now if my Apache bugs would get fixed! (39940, 40146, 40301).

http://issues.apache.org/bugzilla/show_bug.cgi?id= 39940
http://issues.apache.org/bugzilla/show_bug.cgi?id= 40146
http://issues.apache.org/bugzilla/show_bug.cgi?id= 40301

Open Source doesn't mean better, Open Source simply means that it's worked on by the comunity and it's content can be verified by an individual outside of those that prdouced it. I've no intention of looking at the code of my drivers, so why do I care if they are open or closed source?

Because others can, and (hopefully) will, find and fix the bugs. Closed source doesn't allow that opportunity. You don't have to be the bug fixer to benefit from a bug being fixed.

Now if my Apache bugs would get fixed! (39940, 40146, 40301).

http://issues.apache.org/bugzilla/show_bug.cgi?id= 39940
http://issues.apache.org/bugzilla/show_bug.cgi?id= 40146
http://issues.apache.org/bugzilla/show_bug.cgi?id= 40301

Open Source doesn't mean better, Open Source simply means that it's worked on by the comunity and it's content can be verified by an individual outside of those that prdouced it. I've no intention of looking at the code of my drivers, so why do I care if they are open or closed source?

Because others can, and (hopefully) will, find and fix the bugs. Closed source doesn't allow that opportunity. You don't have to be the bug fixer to benefit from a bug being fixed.

Now if my Apache bugs would get fixed! (39940, 40146, 40301).

http://issues.apache.org/bugzilla/show_bug.cgi?id= 39940
http://issues.apache.org/bugzilla/show_bug.cgi?id= 40146
http://issues.apache.org/bugzilla/show_bug.cgi?id= 40301

There is a spamassassin plugin against this type of spam:
http://wiki.apache.org/spamassassin/OcrPlugin

I'm not using it myself but have seen some funny false positives (screenshots of directory listings by windows morons), so you might want to lower the score.

snip Can you have a nuke? A tank? An Apache Tomcat with a belly full of Sidewinders snip

Are you talking about tools like Apache Forrest or Cocoon?

Are you talking about tools like Apache Forrest or Cocoon?

Just a technically, but Apache is not released under the GPL. Apache is released under the Apache License, which is, as far as I understand, closer to the BSD license than from the GPL license.

I am surprised nobody mentioned Apache Harmony - http://incubator.apache.org/harmony/ - that's an open-source Java SE implementation.

Apache added support for RFC 2817 to mod_ssl about a year ago, in Apache HTTPD 2.2. Admittedly, not many people are using 2.2 yet; a lot of servers are still running 1.3.

I could not find any indication that Mozilla/Firefox support RFC 2817. (I read one email archive that said it did, but bugzilla says it has not been implemented.)

I found the answer to my question regarding IE7 support: it will not support RFC 2817. It will however, support RFC 3546 (SNI) in the Vista version, which is apparently a better method of getting the same functionality. (The reply to the above Slashdot comment includes some info and links on SNI.) Mozilla does not yet support SNI. Apache does not support SNI out of the box; the mod_gnutls module does, but it's not included with Apache, and is not yet production quality. There is a patch for Apache mod_ssl.

Summary: It appears that SNI will be the way forward, but consensus and implementations still need to catch up. IE7/Vista is the second browser implementation after Opera. Apache and Mozilla do not yet support it, but are working on it. Here's a decent write-up about the situation.

Some of what you write is debatable, but some isn't.

The original patent license terms were not unusual or unreasonable. It was just that a number of persons decided to make an objection in this case to a practice that nobody had objected to for over a decade.

Saying that is ignoring the facts. Both the ASF and the Debian project classified the Microsoft's license for their patent as inherently incompatible with free software. And patents on e-mail standards, unlike patents on many other IT technologies, are a very particular problem because a very large (if not the larger) part of the e-mail server world runs on free software. Go read the ASF's and Debian's explanations, they certainly did do their homework.

Sender-ID is not incompatible with SPF as alleged. The only difference is at the recipient side and the recipient cannot be forced to interpret SPF or Sender-ID in any particular way.

(To be explicit about my motives: I am the one who appealed to the IESG/IAB on behalf of the SPF project about the reuse of "v=spf1" records for the PRA algorithm in the Sender ID specification.)

You correctly point out that a communication standard is little more than a silent agreement between senders and receivers that only works if the receiving party tries their best not to misinterpret what the sending party meant. But then you simply quit the subject, assuming that communication standards will work even with everyone interpreting stuff their way, because, after all, there is no protocol police, thank you. Sorry, but "compatible" means something else to me.

We had agreement in the WG to proceed on a common spec and nobody found any problems until the patent issue was raised.

Again you are missing the facts. Quoting from my appeal to the IESG:

It is also worth noting that at the time the MARID WG was closed [in September 2004], the then-current Sender ID specification draft-ietf-marid-protocol-03 did not include the re-use of "v=spf1" records for PRA checking. This was only introduced in [Microsoft's] individual submission draft-lyon-senderid-core-00 in October 2004. Also did Microsoft's record generation wizards generate only "v=spf2.0/pra" records until the end of October, when they began generating only "v=spf1" records.

Read the appeal. It connects a lot of dots that many do not like to remember.

"It's unreasonably hard to generate quality PDF programmatically."

It's fairly easy. I've done in the past in a couple of projects at work.
You get your document in a nice XML tree, write a couple of stylesheets, run it through Apache FOP et voilá. Check it out, it's pretty neat, and powerful.

You could try the FuzzyOcrPlugin for SpamAssassin
http://wiki.apache.org/spamassassin/FuzzyOcrPlugin

If you must follow a questionable URL of dubious provenance, consider actually using an OLDER browser version.

What on earth are you talking about? What debian is shipping is just firefox minus branding plus debian-specific patches. Why would anyone else have an interest in adopting that?

Your idea about a full fork shows a complete lack of understanding about how the Mozilla project works. Why would you want to fork Gecko or XULRunner just because of disagreements over a front-end that makes up 10% of the code, tops? Because that's all Firefox is. At least learn the basics about Mozilla before calling for a fork of it, otherwise you won't get far.

And for your "corporate governance" argument... Mozilla Corp. is just a subsidiary(sp?) the Mozilla Foundation created for administrative purposes. GNOME has the GNOME Foundation, Apache has the Apache Software Foundation, Python has the Python Software Foundation, GNU has the FSF. Are you calling for a fork of those projects too, to rid them of their evil governing entities?

Spamassassin is a really fun game. You see, there is this world-wide bot net run by the bad guys, and they try to send you "messages". You get to defend against their attacks. 1 points for every blocked spam, -1 points for each spam that makes a successful attack, -10 points for every blocked good mail. Lots of fun, and you really get to know your regular expressions as a bonus. The game never gets old because there is always a new twist to what is being sent. Send me your email address, and I'll sign you up to play.

The more I read Linus soapboxing over the GPL3, the more he rubs me the wrong way. Not that this is really a big shock: he's quite well-known for being stubborn and opinionated, it's just that he's usually on the side that makes the most sense. Lately, though, he's been sounding less like a firebrand for good code and more like an old coot with a sign reading "No Trespassing - Violators Will Be Shot".

Now, I'm hardly one to claim that the GPL3 is all hugs and puppies, and RMS has always rubbed me the wrong way far more than Linus. However, I do think that the FSF's Four Freedoms are a solid foundation, and I do think that the current GPL2 leaves too many pitfalls WRT submarine patents and, to a lesser extent, Tivoization -- both of which the GPL3 is tackling.

That being said, I also agree with Linus that the GPL3 design process is flawed, and that the current GPL3-as-drafted isn't nearly as elegant as the GPL2. (Not that the GPL2 was perfect -- the parts that redefine "derived work" to cover dynamic linking are clunky.) I think a lot of this owes to the fact that the "benevolent dictator" model that works so well in FS/OS was replaced with "design by committee", resulting in the classic problem: too many cooks spoil the broth. After all, if "benevolent dictator" works for computer code, shouldn't the same approach work for legal code?

One last gripe: Linus complains about 3/4 down that the GPL3 explicitly aims for compatibility with the Apache license. In the case of the 1.0 and 1.1 licenses, they're clearly BSD-derived and implicitly allow anyone anywhere to relicense them, including to create closed source products or to irreversibly convert an entire fork to another FS/OS license, like GPL2 or GPL3. In the case of the new 2.0 license, a cursory glance suggests that it's largely based on the GPL2 model, except that it does the exact same jig over software patents that the GPL3 does. In fact, it's got more similarity to GPL3 than GPL2.

In a nutshell, Linus is basically complaining that the GPL3 will meet the demands of the developers who use the Apache licenses, without giving back to those developers. However, this is the exact same situation that Linux is already in WRT the various BSDs, and a situation which Linux itself has previously taken advantage of on a rare handful of occasions. He's being a rank hypocrite on that point.

The more I read Linus soapboxing over the GPL3, the more he rubs me the wrong way. Not that this is really a big shock: he's quite well-known for being stubborn and opinionated, it's just that he's usually on the side that makes the most sense. Lately, though, he's been sounding less like a firebrand for good code and more like an old coot with a sign reading "No Trespassing - Violators Will Be Shot".

Now, I'm hardly one to claim that the GPL3 is all hugs and puppies, and RMS has always rubbed me the wrong way far more than Linus. However, I do think that the FSF's Four Freedoms are a solid foundation, and I do think that the current GPL2 leaves too many pitfalls WRT submarine patents and, to a lesser extent, Tivoization -- both of which the GPL3 is tackling.

That being said, I also agree with Linus that the GPL3 design process is flawed, and that the current GPL3-as-drafted isn't nearly as elegant as the GPL2. (Not that the GPL2 was perfect -- the parts that redefine "derived work" to cover dynamic linking are clunky.) I think a lot of this owes to the fact that the "benevolent dictator" model that works so well in FS/OS was replaced with "design by committee", resulting in the classic problem: too many cooks spoil the broth. After all, if "benevolent dictator" works for computer code, shouldn't the same approach work for legal code?

One last gripe: Linus complains about 3/4 down that the GPL3 explicitly aims for compatibility with the Apache license. In the case of the 1.0 and 1.1 licenses, they're clearly BSD-derived and implicitly allow anyone anywhere to relicense them, including to create closed source products or to irreversibly convert an entire fork to another FS/OS license, like GPL2 or GPL3. In the case of the new 2.0 license, a cursory glance suggests that it's largely based on the GPL2 model, except that it does the exact same jig over software patents that the GPL3 does. In fact, it's got more similarity to GPL3 than GPL2.

In a nutshell, Linus is basically complaining that the GPL3 will meet the demands of the developers who use the Apache licenses, without giving back to those developers. However, this is the exact same situation that Linux is already in WRT the various BSDs, and a situation which Linux itself has previously taken advantage of on a rare handful of occasions. He's being a rank hypocrite on that point.

The more I read Linus soapboxing over the GPL3, the more he rubs me the wrong way. Not that this is really a big shock: he's quite well-known for being stubborn and opinionated, it's just that he's usually on the side that makes the most sense. Lately, though, he's been sounding less like a firebrand for good code and more like an old coot with a sign reading "No Trespassing - Violators Will Be Shot".

Now, I'm hardly one to claim that the GPL3 is all hugs and puppies, and RMS has always rubbed me the wrong way far more than Linus. However, I do think that the FSF's Four Freedoms are a solid foundation, and I do think that the current GPL2 leaves too many pitfalls WRT submarine patents and, to a lesser extent, Tivoization -- both of which the GPL3 is tackling.

That being said, I also agree with Linus that the GPL3 design process is flawed, and that the current GPL3-as-drafted isn't nearly as elegant as the GPL2. (Not that the GPL2 was perfect -- the parts that redefine "derived work" to cover dynamic linking are clunky.) I think a lot of this owes to the fact that the "benevolent dictator" model that works so well in FS/OS was replaced with "design by committee", resulting in the classic problem: too many cooks spoil the broth. After all, if "benevolent dictator" works for computer code, shouldn't the same approach work for legal code?

One last gripe: Linus complains about 3/4 down that the GPL3 explicitly aims for compatibility with the Apache license. In the case of the 1.0 and 1.1 licenses, they're clearly BSD-derived and implicitly allow anyone anywhere to relicense them, including to create closed source products or to irreversibly convert an entire fork to another FS/OS license, like GPL2 or GPL3. In the case of the new 2.0 license, a cursory glance suggests that it's largely based on the GPL2 model, except that it does the exact same jig over software patents that the GPL3 does. In fact, it's got more similarity to GPL3 than GPL2.

In a nutshell, Linus is basically complaining that the GPL3 will meet the demands of the developers who use the Apache licenses, without giving back to those developers. However, this is the exact same situation that Linux is already in WRT the various BSDs, and a situation which Linux itself has previously taken advantage of on a rare handful of occasions. He's being a rank hypocrite on that point.

you can see how well BSD did with that.

Yeah, no kidding... I mean, there definitely aren't any successful BSD variants available and widely deployed. And there certainly aren't any other successful non-GPL projects out there. Yup, the GPL is definitely *the* only way to go if you want to make a successful open source project... assuming, that is, you're a single-minded zealot (or troll?).

At first I thought the Navy was dumping Apache Tomcat! :) http://tomcat.apache.org/

I never made the jump to trying PHP because perl already meets all of my needs. Specifically, check out embedded perl. Very powerful stuff: http://perl.apache.org/embperl/pod/doc/Embperl.htm

I've been using html::embperl for about 6 years now, and it works great. It's trivial to modularize (just write your own supporting perl modules). And it takes advantage of mod_perl (pre-load your perl modules as part of the apache process. Good stuff!). Of course, you also have all of CPAN at your disposal this way too.

embperl does some nice escaping and such by default, adding some security benefits.

I think you're trolling, but I'll bite. There are other, easier guides to follow for the installation of MythTV. The Wiki on MythTV is helpful, and so are the numerous forums for each distribution of linux. (At least, the ones where I've searched have been helpful).

I don't see how you can predict the death of OSS based on the documentation. The documentation for other OSS projects is just as convoluted (see MySQL or Apache's HTTP server) and they're not going away anytime soon.

I tend to do basically what MPlayer does nowadays, and that includes using Subversion for SCM, Bugzilla for bugs, Mailman for mailing lists, and Apache HTTPD for serving it all. I like to maintain a Debian Sid package (you can't directly upload to stable or testing anyhow, so the Debian maintainers will take care of adapting the package for those distros), and if someone else on the team knows anything about RPM, we also maintain the .spec file as well. I also like to keep an emerge script in there as well, but even if I didn't, someone would write one faster than you can bootstrap a Gentoo Mac Pro, so there's nothing to worry about there.

This package contains the Tesseract Open Source OCR Engine.
Orignally developed at Hewlett Packard Laboratories Bristol and
at Hewlett Packard Co, Greeley Colorado, the majority of the code
in this distribution is now licensed under the Apache License:

** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
** http://www.apache.org/licenses/LICENSE-2.0
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.


Other Dependencies and Licenses:

The Aspirin/MIGRAINES system in the aspirin directory is separately
licensed thus:
#

NO WARRANTY

Since the Aspirin/MIGRAINES system is licensed free of charge,
Russell Leighton and the MITRE Corporation provide absolutley
no warranty. Should the Aspirin/MIGRAINES system prove defective,
you must assume the cost of all necessary servicing, repair or correction.
In no way will Russell Leighton or the MITRE Corporation be liable to you for
damages, including any lost profits, lost monies, or other
special, incidental or consequential damages arising out of
the use or inability to use the Aspirin/MIGRAINES system.

COPYRIGHT

This software is the copyright of Russell Leighton and the MITRE Corporation.
It may be freely used and modified for research and development
purposes. We require a brief acknowledgement in any research
paper or other publication where this software has made a significant
contribution. If you wish to use it for commercial gain you must contact
The MITRE Corporation for conditions of use. Russell Leighton and
the MITRE Corporation provide absolutely NO WARRANTY for this software.

August, 1992
Russell Leighton
The MITRE Corporation
7525 Colshire Dr.
McLean, Va. 22102-3481

Tesseract can also make use of the libtiff library. (www.libtiff.org)
Without libtiff, Tesseract can only read uncompressed and G3 compressed
TIFF files.

it would be great if tesseract could augment the gocr-based FuzzyOCR and OCR plugins for SpamAssassin.

it would be great if tesseract could augment the gocr-based FuzzyOCR and OCR plugins for SpamAssassin.

it would be great if tesseract could augment the gocr-based FuzzyOCR and OCR plugins for SpamAssassin.

in that situation, server side includes are just as useful, but faster and more secure.

If what you need is very simple (including footers would count as simple), here's more information about server side includes (SSI). Either rename your pages .shtml, or keep the .html name but set the files as executable (chmod a+x *.html) using the XBitHack.

If you want something more complex, you can use SSI to include a mini-CGI script into the middle of your HTML. CGI scripts can be written in any language, even a shell script:

#!/bin/sh
echo Content-type: text/html
echo
echo (insert HTML here)

The article uses OpenLDAP as the LDAP server. Has anyone got this to work using the Apache Directory Server?

I've just set up a SpamAssassin plugin called FuzzyOcr, which is designed for exactly this purpose. It converts the image into a bitmap format in multiple ways (including analyzing individual frames of an animated GIF, since spammers sometimes use that trick), as well as various color filters, then uses gocr to convert the results to text, which is matched against a (customizable) word list with Perl's String::Approx module.

The OCR is terrible. I suggest using the latest developer release of gocr, as it seems to work a lot better than the previous versions. Fuzzy matching helps to match words even when the OCR doesn't work well... but it also finds false positives, which can be a problem if you receive e-mailed screen shots that include any text at all.

What this doesn't handle is image-based spam where the image (of the text) has been split into multiple images, which are pieced back together with HTML.

Erm, about the fella that thinks he's already got R2...

R2 is a somewhat confusing new Microsoft-ism, it appears to me to be an upgrade of sorts to get new features for a variety of software "created" by MS, amongst them:

Windows Small Business Server 2003 R2

Windows Server 2003 R2

Windows Storage Server 2003 R2

Microsoft Systems Management Server 2003 R2

Microsoft Virtual Server 2005 R2

My guess would be he's running Windows 2003 Server R2 (I think it's been available for some time now)

I'd expect the "non-final core components" is a PR term for a bug, maybe one that was patched this month & was deemed important enough to stop shipment of the software? More likely just some crappy code coming from a MS developer (who'd guess huh??)

We should say well done to whoever made this decision, SBS is a key product for MS now & the fact that they didn't want to send out second rate code out to the front line of organisations who are most likely to leave open relays/become part of a botnet/whatever should be applauded.

I'd hazard a guess that the effected software didn't make it past the MS partners, if the code was checked on the production line it should have been found within a week or so of the first copies of the media being sent out. I doubt any organisation can figure out a way to neatly package & sell an update piece of Microsoft software that quickly!!

Although installing SBS on a server, downloading & installing Apache, the Sysinternals utilities, the Google Pack, running Windows Update & finally sysprep doesn't take too long I suppose?? (-;

Seriously, someone has to start an open-source project to write a super-duper search engine code so that websites can use it to search themselves.

Seriously, someone has to start an open-source project to write a super-duper search engine code so that websites can use it to search themselves.

Yes, HTML and browsers already use a standardized language, but there needs to be one further step. UI and behind the scenes computation are much more closely linked on computers than in Web interfaces. As a result, HTML is a standard language in browsers, but rarely anywhere else. That's why we see something like XAP popping up, an XML protocol that ties in UI, basic programming with macros, events, and server queries into one, allowing web applications to bridge that gap with as much ease as writing HTML. Additionally, XAP can be used with a client (check out demos at Nexaweb (Nexaweb is Coach Wei's company), meaning we can get real applications running on multiple platforms and operating systems, including AJAX.

SetEnvIfNoCase User-Agent "^BlackBerry" blackberry

BrowserMatch ^Mozilla netscape
BrowserMatch MSIE !netscape
BrowserMatch ^BlackBerry blackberry

# mod_ext_filter directive to define a filter which
# replaces text in the response
#
ExtFilterDefine fix_bb_css mode=output intype=text/html \
cmd="/usr/local/bin/bb-css"
 
<Location />
# core directive to cause the fix_bb_css filter to
# be run on output
SetOutputFilter fix_bb_css
</Location>

<Directory "/home/evolt/public_html/users/">
        Order Allow,Deny
        Allow from all
        Deny from env=bad_bot
</Directory>

<Directory />
RewriteCond %{HTTP_USER_AGENT} ^BlackBerry
RewriteRule ...some special stuff for any of these hosts...
RewriteMap examplemap prg:/pusr/local/bin/bb-css

#!/usr/bin/perl
$| = 1;
while (<STDIN>) {
    # ...put here any transformations or lookups...
    print $_;
}

|Oh, really?

Both Eclipse and Derby are the result of previous shopping sprees by IBM.

Eclipse was developed by the IBM Ottawa Software Lab. This lab started life as OTI, a company which developed Smalltalk technology, that IBM bought in 1996.

Derby is the open-source version of the Cloudscape DB. Cloudscape was a Java DB company which was acquired by Informix in 1999, which was in turn acquired by IBM in 2005.

And seeing what the products look like when IBM builds them in-house, we are probably better off that way.

Oh, really?

The official announcement by Ernie Prabhakar of Apple is here:

From: Ernest Prabhakar prabhaka@apple.com
Date: August 7, 2006 4:15:51 PM PDT
To: darwin-dev@lists.apple.com, fed-talk@lists.apple.com
Subject: Apple Opens Up: Kernel, Mac OS Forge, iCal Server, Bonjour, Launchd

Hi all,

In conjunction with this week's Developer Conference, we have four great pieces of news for Open Source developers:

A. Intel Kernel Sources

As of today, we are posting buildable kernel sources for Intel-based Macs alongside the usual PowerPC (and other Intel) sources, starting with Mac OS X 10.4.7. We regret the delay in readying the new kernel for release, and thank you for your patience.

http://www.opensource.apple.com/darwinsource/tarba lls/apsl/xnu-792.10.96.tar.gz

B. New "Mac OS Forge" for Community Projects

Mac OS Forge, a new community site hosted by Apple, is being created to support WebKit and other open source projects focused on Mac OS X, especially those looking to transition from OpenDarwin.org.

http://www.macosforge.org/

C. New Open Source Calendaring Server

In order to encourage community participation, source code to the new iCal Server in Leopard Server is now available on Mac OS Forge under the Apache License.*

http://collaboration.macosforge.org/

D. Apache-Licensed Bonjour and Launchd sources

To further enable and encourage cross-platform adoption, the APSL** sources for Bonjour service discovery and Launchd process management are being re-released under the Apache License and hosted on Mac OS Forge:

http://bonjour.macosforge.org/
http://launchd.macosforge.org/

Apple is more excited than ever about the power of Open Source development to create value for our (and your) products and customers. I'll be offline much of this week due to WWDC, but I look forward to working with all of you as we move forward to Leopard.

Sincerely,
Ernest Prabhakar
Open Source Product Manager, Apple
WWDC 2006, Aug 7-11, San Francisco
http://developer.apple.com/wwdc

* Apache License, Version 2.0
http://www.apache.org/licenses/LICENSE-2.0.html

** Apple Public Source License 2.0
http://www.opensource.apple.com/apsl/2.0.txt

And as always, Darwin and Darwin component sources are available here:

http://www.opensource.apple.com/darwinsource/

<foo>
    <bar>
        <regex>...</regex>
    </bar>
</foo>

It may be helpful, I haven't tried it. Would be particularly interesting to see if it'll correctly convert, say "\t" into "\\t" instead of a TAB. If it does, then you could use it to wrap the strings for the regexp pattern methods.

It may be helpful, I haven't tried it. Would be particularly interesting to see if it'll correctly convert, say "\t" into "\\t" instead of a TAB. If it does, then you could use it to wrap the strings for the regexp pattern methods.

This was mentioned in Rich Bowen's excellent lightning talk and is listed as "experimental" in the Apache 2.0 docs but as an "extension" in the Apache 2.2 docs. Anyone have experience with this? Seems very tweakable...

Ah, so BSD-style licenses explain why Apache, the various Mozilla projects, and Python have been total flops that nobody uses for anything.

None of the examples you cite are developed under the BSD license.

Further, Mozilla is GPL'd (the MPL is also available, which is also copyleft), Apache is also under a copyleft license (see 4. Redistribution) which is effectively viral as any licensing must not conflict with the APL. Only Python has a non-copyleft license.

Generics has made Java ugly. Here's an example.

First:
        System.out
        System.err
They work just fine, and exactly like you'd expect. Now whether the developers used System.err is a different story. Personally, these two items should never be used in production code. (There are exceptions, but start with saying never, and then they'll hopefully only be used when they should be used)

As for logging in general, does anyone use anything but Log4J? Yes, I know a lot use commons-logging, why still boggles my mind. When's the last time you moved a logging system from log4j to anything else? You may have moved from something else (Sun's implementation, cough cough) to log4j however. And log4j can easily be configured to radically pinpoint whatever logging you actually want, provided it was properly implemented in the code, and not hacked by some "I read Learn Java in 24 Hours" architect who wrapped it because it seemed easier to code logs to a single static "Logger" class.

As it turns out, you don't need a full J2EE environment to run JSP pages. You just need a servlet engine and a JSP engine that runs on top of it. Apache offers an implementation of just those parts called Tomcat. (It also implements a bunch of other J2EE features, but not the entire system.)

How the hell are you supposed to figure this out? Beats me. The best way to do it appears to be to complain on a forum about how complicated J2EE is and how stupid it is to require all this complexity just to run something that could be done in 5 lines of PHP code and then get flamed to death because JSPs don't require the rest of J2EE to work.

Note that JSPs and servlets are both part of J2EE, but they don't require it. (This fits in with Sun's general plan of bundling way the hell too much crap within individual technologies. This is why your rack-mounted server that serves JSP pages will include Java libraries to play MIDI files, two GUI toolkits (one built around the other), two I/O libraries, and two systems for calling methods on remote Java objects. All those are included with J2SE (Standard Edition), and aren't even part of J2EE (Enterprise Edition).)

Now, because JSP pages are Java source code with HTML embedded directly in them, you do need to make sure you install a JDK and not a JRE. Unless your servlet environment contains a compiler (newer versions of Tomcat do), then you don't. And, while LAMP and .Net use proven server technologies (Apache and IIS), your JSP engine will likely come with its own HTTP server complete with its own vulnerabilities and security flaws. Plus, with the proven performance of Java, you can expect to have half the throughput with twice the resource usage!

Avoiding Java like the plague probably is the best choice any enterprise can make.

Arms race.

This is exactly what happens in email. You say "Oh! I can filter 99% of my spam by grabbing anything with 'Viagra' in the subject line!"

The spammers, noticing this, start using subject lines like "Urgent! Read now!"

You adjust your filter to watch for anything with "Urgent" in the subject line and "Viagra" in the body.

They send you Vi.ag.ra instead. You catch that, they send you Vlagra.

They send "Penis pills". You filter anything with "Penis". Then your freind changes their signature to "The Pen is Mightier than the Sword". Since your filter is smart enough to catch "Vi ag ra", it's also dumb enough to think "Pen is" means "Penis".

You adjust your filter to assign a score based on how many bad things it notices, and you add a few good things to even the score -- like whitelisting a few close friends, and anything coming in with "I AM NOT SPAM" in the subject line. Of course, you realize it won't work entirely -- the spammers will eventually use "I AM NOT SPAM", and sooner or later you'll get an email from someone you never heard of, who wants to talk to you about a business proposition, who got your email from somewhere like a forwarded message or somewhere else on the Internet, and they don't add the "I AM NOT SPAM" flag. But for awhile, it works.

Then the spammers start sending messages that contain no text at all, just a few large images.

You filter that, meaning you completely miss your grandmother's email -- family photos -- or your girlfriend's birthday surprise email -- you fill in the blanks.

Before you know it, you're spending all your spare time tweaking your spam filtering settings, and it's still not enough. You thought it would be so easy -- just a Perl one-liner used to block 99% of your spam, with 0 false positives! But things are changing too fast now. At some point, you get the genius idea to make it open source. Hundreds of like-minded people flock to it, desparate. Every day, your spamfilter downloads a new copy of the rules database, a collection of Perl one-liners used to catch spam. But you're getting hundreds of spams a day now, which means as soon as the spammers switch tactics, you could have a thousand spams in your inbox before you get the daily database update -- and that's assuming the daily update has a rule that blocks these.

Basically, you've created Spam Assassin. Works like an anti-virus program. It also means that someone has to get hit with a new virus (type of spam) before the filter can block it, but even when it's at its best, it's still nowhere near good enough. Remember, 95% accuracy on 500 spams a day means you still get 25 spams in your inbox.

This is why its best to automate this kind of thing. Use a statistical filter such as dspam, bogofilter, or crm114. They are actually more accurate, when trained by humans, than a hand-coded filter.

So yes, you do need humans to train your web filter, but you also need your humans to continue to train and retrain a statistical filter. You can't just pick an arbitrary five websites and either assume that's all there is, or remove everything like those five, because that just starts the exact same arms race I've just described.