Slashdot Mirror

Somehow, they could hack JavaScript to THINK there was a mouse click

If so, that would at least be a genuine "bug" in JS, not a Broken As Designed "feature". What I had in mind was simply that as soon as you do click (on anything), there's an entry point for JavaScript code to run in an environment with "window.open()" enabled. I can think of at least two ways that this could be used, one that's more overtly nasty and one that's more insidious:

1. Haven't you ever clicked a link that appeared to be to something you wanted to see, but that in fact took you to something completely different? (Don't view much pr0n, do you?)

2. Even if the link does go to the apparent (desired) target, the page could be set up so that it would also open a pop-up (or pop-under) window as a side-effect. What makes this so insidious is that it is an action that you really, legitimately want to do that enables it, so how can you stop it?

If you take a look at the README file, you'll see that he prototyped comparator in Python, but the production code is in C.

As I learned it, a byte is the smallest directly addressable unit of memory.

The PDP-10 supported variable byte sizes, anywhere from 1 to 36 bits. The Jargon File says that the term goes back to 1956.

8-bit bytes are almost, but not quite, universal today.

In the context of the C programming language standard, a byte is by definition the number of bits in a character; it must be at least 8 bits, but can be more.

An interesting sidenote to this, 'bug' was actually in usage before the bug was found; it was an acronym for Byte Under Guard, used when an if/then block failed to test the byte properly.

The term "bug" was in use long before 1945, but the term "byte" only goes back to 1959 (according to www.m-w.com). The acronym for "Byte Under Guard" sounds like a back-formation.

Also, according to The Jargon File, the log entry with the moth is from September 9, 1947, not 1945. See here.

The term "bug" in the technical sense was used long before that. That's just a famous episode of an actual bug causing a bug. Look at the history of the bug for more information.

Sorry to reply to myself, but here's a link to the history of the term 'bug'.

The The Jargon File covers this and includes a picture of the bug in the entry on "bug" and states:

Indeed, the use of bug to mean an industrial defect was already established in Thomas Edison's time, and a more specific and rather modern use can be found in an electrical handbook from 1896 (Hawkin's New Catechism of Electricity, Theo. Audel & Co.) which says: "The term 'bug' is used to a limited extent to designate any fault or trouble in the connections or working of electric apparatus." It further notes that the term is "said to have originated in quadruplex telegraphy and have been transferred to all electric apparatus."

I call bullshit. You need to go RTFWebsite

ESR has already stated how he feels about being the guidon holder for open source.

1. Take my job, please.

2. Understand my job, please.

Further, if you can find someone who will do all of that, and perhaps more, you need to send him an e-mail, because he wants to know about it. Why not use this as a starting point when you're looking.

As for what ESR has done for the Open Source Community-at-large, ponder this, batman: You need the idealists, the pragmatists, and yes, even the more wild. Why? Because the community they're speaking in the name of, and the communities they're speaking to are just as diverse. It will be these men, and the relevant foundations that write the amici curiae in support of Linux, the GPL, or Open Source in general, when the time is necessary.

When was the last time you said thanks?

I call bullshit. You need to go RTFWebsite

ESR has already stated how he feels about being the guidon holder for open source.

1. Take my job, please.

2. Understand my job, please.

Further, if you can find someone who will do all of that, and perhaps more, you need to send him an e-mail, because he wants to know about it. Why not use this as a starting point when you're looking.

As for what ESR has done for the Open Source Community-at-large, ponder this, batman: You need the idealists, the pragmatists, and yes, even the more wild. Why? Because the community they're speaking in the name of, and the communities they're speaking to are just as diverse. It will be these men, and the relevant foundations that write the amici curiae in support of Linux, the GPL, or Open Source in general, when the time is necessary.

When was the last time you said thanks?

I call bullshit. You need to go RTFWebsite

ESR has already stated how he feels about being the guidon holder for open source.

1. Take my job, please.

2. Understand my job, please.

Further, if you can find someone who will do all of that, and perhaps more, you need to send him an e-mail, because he wants to know about it. Why not use this as a starting point when you're looking.

As for what ESR has done for the Open Source Community-at-large, ponder this, batman: You need the idealists, the pragmatists, and yes, even the more wild. Why? Because the community they're speaking in the name of, and the communities they're speaking to are just as diverse. It will be these men, and the relevant foundations that write the amici curiae in support of Linux, the GPL, or Open Source in general, when the time is necessary.

When was the last time you said thanks?

I call bullshit. You need to go RTFWebsite

ESR has already stated how he feels about being the guidon holder for open source.

1. Take my job, please.

2. Understand my job, please.

Further, if you can find someone who will do all of that, and perhaps more, you need to send him an e-mail, because he wants to know about it. Why not use this as a starting point when you're looking.

As for what ESR has done for the Open Source Community-at-large, ponder this, batman: You need the idealists, the pragmatists, and yes, even the more wild. Why? Because the community they're speaking in the name of, and the communities they're speaking to are just as diverse. It will be these men, and the relevant foundations that write the amici curiae in support of Linux, the GPL, or Open Source in general, when the time is necessary.

When was the last time you said thanks?

I call bullshit. You need to go RTFWebsite

ESR has already stated how he feels about being the guidon holder for open source.

1. Take my job, please.

2. Understand my job, please.

Further, if you can find someone who will do all of that, and perhaps more, you need to send him an e-mail, because he wants to know about it. Why not use this as a starting point when you're looking.

As for what ESR has done for the Open Source Community-at-large, ponder this, batman: You need the idealists, the pragmatists, and yes, even the more wild. Why? Because the community they're speaking in the name of, and the communities they're speaking to are just as diverse. It will be these men, and the relevant foundations that write the amici curiae in support of Linux, the GPL, or Open Source in general, when the time is necessary.

When was the last time you said thanks?

I call bullshit. You need to go RTFWebsite

ESR has already stated how he feels about being the guidon holder for open source.

1. Take my job, please.

2. Understand my job, please.

Further, if you can find someone who will do all of that, and perhaps more, you need to send him an e-mail, because he wants to know about it. Why not use this as a starting point when you're looking.

As for what ESR has done for the Open Source Community-at-large, ponder this, batman: You need the idealists, the pragmatists, and yes, even the more wild. Why? Because the community they're speaking in the name of, and the communities they're speaking to are just as diverse. It will be these men, and the relevant foundations that write the amici curiae in support of Linux, the GPL, or Open Source in general, when the time is necessary.

When was the last time you said thanks?

I thought ERS was contacted by an "associate" of the alleged perpetrator?

He wasn't that specific. He said "SCO/Caldera's site is being hit by a massive denial-of-service attack today. The timing, the scuttlebutt on Slashdot and elsewhere, and the contents of my mailbox all suggest strongly that the DOS attack was triggered by Darl McBride's slanderous interview[2] accusing the community of being IBM's sock puppets, and my response[3] to it."

Did Perens, in fact, say that? I don't remember reading it.

No, not at all. The code is clearly not protected by SysV copyright, it goes back much further, to an ancient public domain version of Unix. He did say it shouldn't have been there to begin with, which is true of course, that file was a hack in the negative sense of the word and had been removed from the tree for being 'too ugly to live' long before anyone knew that this was one of SCOs examples. You can read the full analysis if you want the details.

Darl crossed the line between deceptive and manipulative misuse of quotes to flat out verifiable lying there.

(It's ESR - Eric S. Raymond)

I've played half-life and it's mods alot - I don't like the current system of a unique identifier and like the prospect of steam even less. I will either avoid this update (When they switch off the WONID servers I'll roll my own) or stop playing. Of course I won't buy a valve game again as a consequence. Maybe I should spend all that gaming time writing something better...

And thankyou valve for YET ANOTHER proprietry instant messaging system. Even though I dislike this push to steam it is still a great opportunity to do something positive about the current IM mess (by using an open protocol such as jabber) This stupidity/greed really gets to me. (If you didn't know steam has a built in proprietry im system)

Lastly, think of the likely consequences if steam gets cracked. It's so going to happen...

Has anyone else noticed this? I am not talking about Stranger In A Strange Land; I am talking about stuff before this.

http://www.catb.org/~esr/jargon/html/P/PHB.html

I think you're right - they've reached the point where they now realize the importance of good security practices, but they've got so much insecure legacy code to deal with that they can't just fix it, they have to start over and rebuild it from scratch, while maintaining bug-for-bug compatibility (minus the security holes) with their legacy code so that everything still works.

I think if I were Microsoft I'd try really hard to just buy the entire WINE project, port it to NT, and start from there, using their expertise combined with Microsoft's access to the original code and staggering resources. Of course, if Microsoft did that, the entire open source community would probably feel about the same way some Mac users feel about VirtualPC....

and -gosh- MS Access

Wow. That took a lot of guts to admit. I'm proud of you.

Now that you've done so, please move out of the way and let some *real* programmers write things up in SQL. Mel will be over shortly.

Seriously though. If (when?) you decide to rewrite that Acess stuff and hop platforms, it probably wouldn't be tough to write in something that would work on Windows and Linux. Java/JDBC/JSP (or similar) is certainly one current possibility.

I like Raymond's solution to Windows problems:

Q:.

I'm having problems with my Windows software. Will you help me?

A:.

Yes. Go to a DOS prompt and type format c:. Any problems you are experiencing will cease within a few minutes.

It may not be a nice solution (to some) but it will be a permanent solution to a very anoying operating system.

Read this, kid. http://www.catb.org/~esr/jargon/html/H/hacker.html

Understanding the mentality of the open-source communities might be of some help. Eric Raymond's essay titled "Homesteading the Noosphere" talks a bit about the hacker cultures surrounding Linux and other open-source projects. I'd also suggest reading his essay titled "The Cathedral and the Bazaar". Both essays are mostly Eric's own observations, experiences, and opinions relating to open-source communities, and the CATB in particular has some insightful reflections on software engineering in general.

-Nick

That was an excellent post. I posted my own rant, but you summarized the situation better than I did. Every time there is one of these articles about what Linux "needs" to do to survive or win, it really bothers me that the author doesn't understand what Free Software is really about.

Such arguments for standardization and ease of use make sense for specific distributions and products based on GNU/Linux, but not GNU/Linux as a whole. That's why there are a number of distributions that attempt to address the stated concerns. Every time someone states what Linux needs to do, I feel like applying the clue-by-four and screaming, "do it yourself!"

There was *no* problem with "hanging chads". The voter's selection had a stick pointed in it. The stick made an indentation, or a partial hole, or a complete hole, or no impression whatsoever. The chad may or may not have been detached. Big woof if not.

Have you ever read the original version of Murphy's Law ? I didn't know this until just recently myself. Instead of "If anything can possibly go wrong, it will." it was actually "If there are two or more ways to do something, and one of those ways can result in a catastrophe, then someone will do it."

Murphy was an Engineer, and the real moral of his law was to if at all possible to engineer whatever it is you are designing to have only one way of doing things. For instance, if there is a part that if you put it on backwards would FUBAR the machine you make that part asymetrical so that there is only one way to put it on.

Now which is easier to read, a punchcard with a chad poked out, or a scantron with a bubble filled in? With chads accidents will happen, but a filled in bubble is unambiguous. At worst someone will change their mind, erase one bubble and fill in another. But if the manual counters in a recount do not have a pencil then there can be no aligations of cheating. With a scantron it is possible to poke out a chad with your fingernail.

Is this paranoid? Maybe. But if otherwise the mechanics of both systems are equal, why not go with the one that is both computer friendly and more human friedly?

I think scantron type ballots are the way to go. I live in Oregon where the ballots vary by county but most of the counties have scantron type ballots, including the one I live in and I like them. They are easy to fill out, easy for computers to read, and easy for humans to read.

And as most /. readers should know, computers can have a myriad of problems. A physical paper trail is neccessary if we want to have true accountability. Not just for cheating but the reality that computers crash and lose data.

...is defined here.

"Robert Metcalf [the inventor of Ethernet] says that if something comes along to replace Ethernet, it will be called "Ethernet", so therefore Ethernet will never die. Unix has already undergone several such transformations."

-- Ken Thompson

"Robert Metcalf [the inventor of Ethernet] says that if something comes along to replace Ethernet, it will be called "Ethernet", so therefore Ethernet will never die. Unix has already undergone several such transformations."

-- Ken Thompson

Since it doesn't take most people very long to notice that I am not in fact crazy, this maneuver has the effect of discrediting the idiots. -- ESR

ESR is, in fact, as mad as a hatter, and I'm not just talking about his love of guns or inflexible political views.

If you go to his site, you will find this article hidden away in a list of his writings. It details how he learned to channel the ancient gods Pan and Thor, and formed his own Wiccan cult. ESR actually believes this stuff, it is not a work of fiction.

Here's an extract from this article:

That day I was reborn; from a skinny lame kid with a flute into a shaman and a vessel of the Goat-Foot God, the Piper at the Gates of Dawn, the Horned Lord. And the music was my first power, but not my last.

...

I knew I wasn't crazy, even by my own rather strict definition of sanity. I was coping pretty well -- in fact, I was becoming a whole human being for the first time in my life. Opening up emotionally. Playing beautiful music. And ... um ... getting laid. (Well, what do you think happens when you start channelling the freaking God of Sex Himself? :-))

As long as he doesn't resort to this, I think we'll be alright. I would place money on Eric vs. Darl in a fight even without Eric's .45 Eric's pretty skilled in martial arts.

Kind of nice to have an Open Source leader who isn't long haired and unkempt that will also go shooting with you and your LUG :)

Why isn't Stallman doing anything about SCO? Is he too busy criticizing Debian and other Linux distros for not following his beliefs?

Seriously. His rhetoric is weak. This whole screed could have been summed up in the phrase, "there is no conspiracy against SCO, merely a group of people with a demonstrable common interest in overturning its policies."

But instead, it's a thousand-word, sophomoric rant accusing Darl McBride of being not as "smart" as people at IBM, boasting that he (Raymond) isn't afraid of lawyers, and topping it all off with that non sequitor about Utah.

It's just inflammatory. It takes a kernel of well-reasoned argument and wraps it up in several layers of immature hubris and bravado. I can't imagine this having any positive effect on anyone with a degree of pertinence in the case at hand; like much of his work, I suspect its real purpose is to inspire populist support and reinforcement for ESR's own ego.

I think the only thing I want to read by ESR from now on is fetchmail.

Yes, I cheerfully refer to myself as a gun nut. Because after I've done that myself, idiots can't bash me with the phrase. Since it doesn't take most people very long to notice that I am not in fact crazy, this maneuver has the effect of discrediting the idiots.
- Eric S. Raymond

Woah... the last thing I'd want after me is a pissed-off hacker with an AK-47.

That is quite a good round-up of the multiple issues here.

The one true judgement according to amcguinn follows:

My incoming mail provider is entitled to employ a spam-filtering system that produces false positives, (provided they are not doing it maliciously or in order to harm their competitors,) but I think it is a mistake for them to do so, and I will see it as a reason to look for a new provider.

The only reasonable argument for legal actions against AOL would be on monopoly grounds. I am personally suspicious of anti-trust legislation, but then I am a bit of a Raymondite and therefore patently insane.

...a processor that can has the probabilty necessary to support a DWIM (Do What I Mean) instruction!

"As a Usenet discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one."

Q: How Objective Is Microsoft's Search?
A: Mu! Microsoft's Search is not a Search Engine.

Eric Raymond has posted an analysis of the malloc code that discuss at length the origin of the code and its implications on the licensing issues.

Because ESR is a bigot... The entire letter is nothing but childish taunts. Torvalds just says what's on his mind and moves on. ESR goes on...and on...and on...and on... I can't think of any major contribution he's made...ummm, ncurses..............I think that's it. I really don't think anybody likes him much anymore...too self centered and puts himself on a pedestal with Torvalds and Stallman(His personal profile)...anyone who disagrees, go ahead and flame me, I'd like to see if he still has many supporters.

I realize this is a bit off topic but, Eric Raymond does a thoughtful analysis of the "smoking gun SCO Code. It is well worth the read.

Executive summary:

There are three pieces of good news for SCO about the evidence they revealed on 18 August 2003. One is that the evidence does support a claim of code-copying; the second is that GPL is not in this case a usable defense; and the third is that BSD probably doesn't save us either. But the rest of the news is all bad for SCO: most of the supposedly infringing code was (a) released as open source by SCO/Caldera in 2002, (b) didn't come through IBM or Sequent, (c) isn't present in 90% of all running Linux distributions, and (d) was removed from Linux 2.5 in June 2003 on grounds of being too ugly to live. If this is representative of the quality of SCO's evidence, their case is dead on arrival.

With the advent of spam most people I know abandonned their first email address years ago. I have one for each service I use (including slashdot).

I have always been curious about the more politcal side of GNU/Linux and your answers would be much appreciated.

The structure of Linux development and the GNU project are two totally different things. I'd recommend that you read The Cathedral and the Bazaar to get an idea. Essentially the GNU project is nothing to do with Linux.

A worm is a program that propagates itself over a network, reproducing itself as it goes. While this worm may require user intervention, there exist plenty of worms that do not (the most infamous being the Morris Worm.) A malicious program that masquerades as a legitimate application is a Trojan horse.

SoBig.F appears to be a Trojan with some worm-like qualities. Of course, in the world of Microsoft mail exploits, the lines are blurred, but a worm is generally not a user-launched process.

Pedantic, I know, but worms are a special interest of mine, and they generally take a fair bit more skill to create than your average Trojan horse.

A worm is a program that propagates itself over a network, reproducing itself as it goes. While this worm may require user intervention, there exist plenty of worms that do not (the most infamous being the Morris Worm.) A malicious program that masquerades as a legitimate application is a Trojan horse.

SoBig.F appears to be a Trojan with some worm-like qualities. Of course, in the world of Microsoft mail exploits, the lines are blurred, but a worm is generally not a user-launched process.

Pedantic, I know, but worms are a special interest of mine, and they generally take a fair bit more skill to create than your average Trojan horse.

In my mind, there is "real" competition if the existence of some competitors (and their products) constrain the behavior of the lead competitor(s). By constrain, I mean reduce prices, innovate new features that they think customers really want, and so on. Is Microsoft reducing their general prices, or creating real innovations, because Open Office exists? Not yet in the general case. This pricing differentiation is already happening in specific cases, such as in Munich, but as of yet it's not trying to compete for Joe Average. By the way, I think their new DRM features don't count as innovation - they appear to me to be a new way to lock in users and constrain competition, not to really help end users.

As a practical matter, for "real" competition, there should be a significant fragment (say 30%+) of the potential users who will seriously consider using it, and some number of users (say 20-30%) who actually use something else. The exact numbers aren't as critical as the fact that the existance of a competitor changes the behavior of the lead competitor.

Oh, to answer your question, I've used many different office-related products, including Microsoft Office, Star Office, Open Office, Abiword, Gnumeric, KOffice, Word Perfect (I've also used WordStar, Apple Writer I and ][, and Lotus 1-2-3, but those are only historical now). So yes, I've used a number of products.

The biggest trouble with many of the open source programs cannot properly open common Microsoft Office files. This is an absolute bare MINIMUM requirement for real use. Eric Raymond's DRAG.NET gets this right on:

We booked KWord on a 305: being kind of pointless. Even if you only read in the text and lose all the formatting, the ability to at least view the file format in which 95% of all business documents are currently being produced (ugly or not) is essential to any serious word processor.

A second problem with many of the open source programs is that they don't run on all the major platforms. No one will want to risk running an office suite if they can't trade data with their cohorts. If the application runs on everything, their risk is reduced.

This is why I'm particularly impressed with Open Office: it seems to import/export Microsoft Office files better than anyone else, including more of its sophisticated features, and it runs on LOTS of different platforms. I like Abiword's speedy startup and clean approach, but it just doesn't have the functionality and import/export capability. Last I saw, KOffice didn't run everywhere.

Anyway, I hope that helps.

... for stuff like this. The annual Totally worthless, 100% hack value, too-much-geek-time-to-spare prize. And the 6502 BASIC TCP/IP stack-based web server should be the first winner.

> it's all just a SNAFU

Please do not support the hijackers Stephen Jazdzewski (Steve@Jazd.com) and Charles Jazdzewski (Chuck@Jazd.com) who stole the domain name, claim responsibility for ESR's work ("Serving Hacker Jargon to the Internet since Jan 1995." indeed. Yeah, the domain was doing it, but you weren't.) and sprinkle their front page with ads.

The REAL Jargon File [updated yesterday!] is at ESR's home page. Support him.

Example: the infamous `write click' problem. It's quite understandable that new users might not have heard the term `right-click' before, or needed to do it. Tech supporters should understand this; after all, even they had to learn it at some point. However, when the user needs to be told twice, or can't follow simple instructions, then they've crossed the borderline from ignorance to stupidity, and are fair game.

And yes, this idea is blatantly pinched from the introduction to ESR's How To Ask Questions The Smart Way FAQ, where he says "it's simply not efficient for us to try to help people who are not willing to help themselves. It's OK to be ignorant; it's not OK to play stupid."

who thought of this while I was reading the article?

What would be fun to see, though, is a virus that encrypts your entire hard drive, and only if the virus is run at boot is you system able to decrypt it.

There's been a few that scramble the boot sector in just such a fashion. They infect the MBR and then rewrite the boot sector. If you boot from a clean disk and do an "fdisk /mbr" then you still have the scrambled boot sector, and you've pretty much lost your data (unless you know how to fix it).

Also, there are a few nasty hardware things they could do as well.

Been a few viruses-- such as Turkey-- that would trash the monitor. Also, look at the bit in the Jargon File about The Meaning of Hack for some cute hardware tricks employed by some, er, unauthorized software.