Slashdot Mirror

There have already been a bunch of great ideas; here are mine.

Build community ties. By helping out with other projects, you get your own name out there. When people know who you are, especially when you have helped them with their projects, they will be more likely to use and advertise for your site. How can you help out others?

• Offer to code review projects you are interested in
• Offer to write content. Sites like osOpinion, OS Online, and Kuro5hin are always looking for content. themes.org has been advertising for help for a while, in a bunch of areas, inclusing webmastering, PHP development,and mysql management.
• The GNU project is always looking for help, and has a large tasks list; helping out the FSF is a great way to establish yourself.

Once you have content up on some of these sites, its easy to reference your own site, whether through direct links, author bios, or something similar. I'm not advocating using other sites for your own gain; I'm advocating reciprocation. You help them, they help you. You may even find that your site has a very natural tie-in with another site, and you can work together to share data, user info, stories, and the like.

Of course, you can always just stick some advertising in your /. sig.

darren

• ...that was just ASKING for trouble...

Yeah, I was kind of hoping it would be edited a bit before it got posted...

The only solution is to moderate everything else in this discussion up. :)

darren

But we are not the three-year-olds in this equation, we are the doctors, or at least we should be. The doctor understands the drug, the researched who discovered the drug understands it. What you are suggesting is more along the lines of: 3-year-old with terminal cancer finds a magic pill on the side of the road, eats it, and gets better. No one knows what the pill was, or where it came from, or how it cured her. Thoughtful analysis of the human condition is not the same as curing a terminal illness (well, some buddhists think it is, but you know what I mean).

I agree -- a cure for cancer is not useless. I think somewhere along the line we started discussing two different things. Expecting answers from a book, which was written by (effectively) a pundit (as far as I can tell, he is not a licensed metaphysician, a theologian, physicist, or anything like it), is a little like expecting your computer to start spitting out answers to all the important questions. Those answers come from interaction, intelligent reflection on the issues, and a variety of viewpoints, and definitely not from one single source.

darren

How you do it is going to depend a great deal on how you get your content.

For example, is your content mainly user-contributed, or does is come from professional writers? Where the stuff comes from is going to make a big difference as to how it gets translated. User submitted stuff could probably be run through the babelfish in pseudo-real time (a daemon which queues requests, uses wget or lwp-request to have them translated, and then sticks them into a database). On the other hand, professionally submitted content should probably be treated a little better than simply babelfish; hire some native speakers as translators.

The way I would do it is something like this (keep in mind that I am a Perl/C programmer specializing in Apache/mod_perl; some of the things I mention are inaccessible to PHP, like translation handlers):

• Back end daemon that takes queued requests and passes them to babelfish to be translated, then they get stuck into the database (spearate thread, running as a cron or daemon). This daemon could be fed through a web-based form, for example, for a site with user-contributed content, and the data would be put into a staging area, where the daemon would read it, translate it, and then enter it into the live database.
• Web pages would specify an initial two character language code (e.g., /en/foo/bar.html). When a page gets requested, a custom URI translation handler would strip out the initial two character name and keep that around (via r->notes) for future use. This could be done via a Perl module as a PerlTransHandler or a custom C translation handler, or, if you are/can not use perl or C, you could use mod_rewrite to splice off the initial 3 characters, strip off the leading '/', and stick the last 2 into the environment as, e.g., LANGUAGE (fetch them like you would and environment variable).
• Alternatively, if you are using user authentication, you could fetch the preferred langauge from the users profile after the Authentication stage.
• When the time comes to actually produce content, I would retrieve the langauge code from the notes table/environment and use it as part of a custom SQL statement. The database would be set up in such a way that content is broken up into as many different tables as possible, so that as much common (i.e., non langauge-specific) content could be used as possible. Using some sort of a multi-table join, I would bring the content all together before the templates are actually filled in, so that when the time comes to fill them in, you don't need to switch on the language; it's all already taken care of by the database.

Retrieving the data and putting it onto the page would be the easy part... once you have the information stored in your database in the appropriate languages, that is. Designing the database so that you have as little unnecessary redundancy as you can while still ensuring that all of your content is available in all the required languages will definitely be a challenge, but it's an architecture problem, not a programming problem.

Good luck. I, for one, would be interested in hearing how you make out and what track you decide to take.

darren

• Have there been any projects to build a completely secure OS?

Sure, OpenBSD. (Super simplified history coming up.) Several years ago, they took the FreeBSD source tree and began combing it for insecurities and weaknesses. It now ships very tightly closed up by default, with most daemons off, SSL and SSH included as part of the core OS, etc. They haven't gone to the lengths you describe (I don't think), mainly because they need to maintain POSIX compliance and source-level compatibility with other Unixes and *BSD's. Definitely worth looking into if security is your passion.

darren

Well, actually, I think you are missing Picasso's point -- the point that anything which presents only answers is useless. Real solutions and real knowledge only come from reflection, from the give and take of questions and answers going both ways. Yes, a computer can tell you the sine of 1, but it cannot explain it to you in a way you will understand (unless it has been specifically told how to do so).

And for the record I wasn't saying that the comment's poster (I don't even remember whoit was, sorry!) was getting it all wrong; I was just reminded of the quote upon initial reading of the comment. Of course we all want to hear other people's solutions. Chances are pretty good (almost 100%, in fact) that any solution to the problems discussed in the book is going to either come from someone who is not me, or someone else is going to contribute a great deal to the solution. Not seeing that is blindness, pure and simple. Well, blindness and a whole lot of egotism.

darren

All in all, I like it. I love the fact that this is a 365K download and only takes a fraction of a second to load and start running on my system (500 Mzh PIII, 128 Megs, kernel 2.2.14).

Well, it only does JPEG's (intentional, to keep the download size small), but it does them pretty well. I like especially the font select window: it creates a list of major fonts, then has a tree-type menu to see the subtypes (bold, italic, etc). I also like the color selection window, where the area under the mouse flashes across the screen while you go over it.

However, it doesn't seem to do anything that the GIMP doesn't do, but it would have the advantage of being familiar to people from other platforms.

darren

$ cd /home/ftp/mirrors
$ ls
DeCSS.tar.gz
pchack.exe
quakelives-2-19-00.zip
$ wget --no-parent -rqm -l1 http://cryptome.org/mi5-lis-uk.htm
$ ls
DeCSS.tar.gz
pchack.exe
quakelives-2-19-00.zip
mi5-lis-uk.htm
$

Everybody download the page and put it next to their deCSS and PCHack mirrors!

darren

Your comment reminded me of one of my favorite quotes, from Picasso: "Computers are useless. They only give you answers."

• The only downside (if there is one) is that it's all reflection and no solutions>

But would you want someone else's solutions? I think the author's point is, "Here's some stuff I've noticed." You need to take it from there, and create your own solutions.

Personally, I'd like to see more books like this. Isn't this the kind of thing that makes for really good standup comedians? Observations? Why did so many people like Seinfeld, a self-proclaimed "show about nothing"? Because it was all observation and reflection, albeit with a humorous bent.

I definitely think I'm going to grab this book, it sounds like a great read.

darren

Yeah, this article says nothing we don't already know.

• "Just because the source is available, doesn't mean anyone is reading it."

Yeah, no kidding. But when the source is closed, I guaranteeno one is reading it. Just because the author and many of the developers he knows are not over-conscientious and don't read the source doesn't mean that there aren't many of us out there who do. I personally review the code to almost every piece of software I use regularly, to the best of my ability. Yeah, I may not be "qualified" to "judge" something like Sendmail, but at least I can have the piece of mind that its developers are not trying to pull a fast one on me, as Microsoft did. If I don't feel "qualified" to judge some code, I reread it until I am. Maybe that's just me. No wait, that's not just me -- that's a lot of people out there, and that's why open source works.

• Open Source makes it easy for the bad guys to find vulnerabilities.

And leaving your car parked in a parking lot makes it easy for car thieves to find. What is that supposed to mean? The issue is not, and never was, the "bad guys" finding vulnerabilities. Last thing I heard, the bad guys find vulnerabilities in closed source stuff all the time. The issues are prevention and the ability to fix bugs as they are noticed. I can fix the bugs myself if I find them, I can apply patches myself, I don't have to wait for a new version or a binary patch to replace the compromised DLL's or shared library.

darren

• By default Canvas is set to use unmanaged windows (this means that desktop themes and services will be unavailable). You can enable managed windows by selecting the desired type of window behavior in the "Windows" menu under "Linux Window Manager" (from within Canvas)

Has anyone deciphered this line? It sounds like this says, "We let your window manager do what it's supposed to do and don't try to interfere", which is what it should do, but I've never heard it phrased this way.

darren

Well, since it requires Wine, and Wine requires Windows DLL's (I believe), I think non-Intel folk are out of luck. Does anyone know if the real (non-beta) version will be native Xlib or GTK or Qt, i.e., non-Wine?

darren

A lot of these ideas (a web site or daemon that keep and categories your bookmarks) are missing one important thing: Using the builtin bookmarking feature of your browser is convenient. The easy solution, of course, is, once you have a web-based interface for adding your bookmarks, you would write some javascript that hits that web site with the current location (document.location) as the query string. Put it in a button on your personal toolbar, or call it through your favorite window managers root menu (netscape --remoteURL(...)), or whatever, and you hit that button instead of the builtin bookmark feature. Or, if you aren't afraid of your .Xresources file, you can add it to your navigation tool bar with a custom icon and everything (isn't X wonderful?)

darren

Er, it looks like you submitted this one a while back (Linux 2.2.11), and there was the Andover sues Kuro5hin joke from April 1st, as well as a not so subtle Scoop plug (from the search page).

Don't mean to pick. Good work with Scoop, BTW (another free plug!).

darren

Have you considered using sudo to give selective root access to users? sudo stands for "superuser do", and allows selective superuser access. sudo lets the admin define, in a shared config file, individual executables and scripts (by full path), and who they run as. You can give a user access to /bin/rpm as root, for example, so they can install packages, without giving them access to any thing else as root. You can also define rights by group and by machine, in addition to by user. Users use their own password to perform the function, so there are no extra passwords to distribute and remember. As an added bonus, sudo logs to syslog not only that user jsmith used sudo, but the entire command line -- very useful for auditing (where su logs only that the user became root).

Technical info: sudo is developed and maintained by Courtesan Consulting; the homepage is at http://www.courtesan.com/sudo/; it is distributed under a BSD-style license; it is at version 1.6.3. It compiles easily on (at least) Linux and Solaris (using gcc and Sun's native crap-piler, er, compiler), and lets you optionally define error message (there are some included and adding your own is simple). Here's a nutshell intrioduction.

I highly recommend it. We use it all the time. It takes a little bit of planning, as well as trial and error, to setup correctly, but once it is set up, it is a huge time saver.

In your situation, you would have to set up the complete config file (called sudoers) on an shared filesystem, make sure sudo is in everyone's path, and then change the root passwords on everyone's machine. You'll get a lot of complaints at first, naturally, and then you'll get a lot of requests like "Why can't I run foobarbaz.pl anymore?", which you would either have to add to the sudoers file or beat down the request.

darren

You can get the first reading and third reading (the third is the one that passed). Looks like it took almost 3 months from initial presentation (on January 18) to it's passing, but the pass wasn't unanimous (37-8). The results of the vote are here (plus the votes from the first reading, when it was rejected). There were two amendments, also (one adopted, one rejected).

As an aside, this site is pretty well-organized... a lot of information here, easy to find, well cross-referenced.

darren

Anyone know why the bill is posted in Rich Text Format, and where I can get a reader for Linux? I don't want to have to strip the formatting manually...

darren

• Is it just my imagination, or does this scream "Buggy!" at the top of its voice?

Oh, come on. Can you honestly tell me that every major program (I mean big ones, like Netscape, or IE, or Apache, not stuff like 'ls' or 'chmod') doesn't crash occasionally? I think this is a great idea, although what I'm unsure about is what exactly are they going to do? Run the entire process in a big try/catch/finally or eval block?

• I'll stick to IE 5.5, which doesn't seem to crash at all

Of what use is a stable app on an unstable platform? You still lose IE when you lose Windows...

• Surely the coders could remove these bugs, unless the whole design is fundamentally flawed.

Hm... good point. See my comment on your "IE 5.5" statement.

darren

• It's called PerlScript.

... but you need a plug in for it, and as far ass I know, only works in IE.

darren

Ooops -- the extra 's' in 'as' was an accident, but I leave it there just in case this statement is wrong! ;)

I agree -- JavaScript is a broken language that really only makes sense in the context of a web page; using it for scripting of anything else is really pushing it. I've always thought that Microsoft's use of JavaScript in the Windows Scripting Host was pretty dumb (it's not a system scripting language, people! It's just not!) However, embedding Perl into Mozilla would add 1 Mb to the size of the runtime... is that what we want? Although it does sounds like a groovy idea. There would be no limit to what you could make Mozilla do.

Does/will Mozilla allow for things such as an embedded interpreter be loaded dynamically, or will it always load everything on startup?

darren

What I got from the article was that Mozilla is going to contain programming hooks and tons of modules and skins, of which Navigator 6 will be using the browser component. Mozilla will be much more than just the browser, and Navigator 6 won't.

darren

I admit that I haven't been following the Mozilla story as closely I as I probably should be over the last few months, but now I see the reason that there isn't a fully functional browser release. Since when has the Mozilla project been about a platform? It sounds like Mozilla is trying to be all things to all people, instead of just concentrating on one thing, and doing it well. While I appreciate that a platform is of more use overall than a single application, there are some of us that have been waiting patiently for the browser that Mozilla promised for a long time.

It sounds like the project has become a little too ambitious too quickly. I would love to see all these various projects come to fruition, but it sounds like all the projects are being delayed up by all the others.

This is probably too simplistic a view, of course; I don't mean this as flamebait, and I'm sure I will be corrected. Am I the only one who is frustrated from two years of waiting for Mozilla?

darren

Location is what most projects are lacking, whether it be co-location or project-hosting, or whatever. I like the idea of being able to bring in a box or two of my own, use your rack space, your network drop, and your power to power my box(en). In return, I pay for bandwidth, rack space, and power consumption; according to usage for bandwidth, and fixed rates for the latter two.

For this kind of service, basically you need a big fat pipe coming into your space (probably more than one is ideal, each attached to different backbones), a lot of power, and space. Co-location facilities often have cages or some other type of physical protection for the boxen themselves, but you could probably knock off some of the space charges if customers bring in their own cages.

I would say you will get mainly bigger setups as customers. Smaller businesses/projects tend to be OK with just web-hosting, rather than full-scale co-location (I may be wrong about this). Note than I mean big in terms of both number of boxen and amount of bandwidth.

Services such as DNS and the like are unrelated to co-location -- if you put your own boxen somewhere you should have one to handle DNS requests as well. I would concentrate on the power, space, and bandwidth issues and leave the extra services to the customers (or at least put off offering them for a long time).

Good luck!

darren

While I definitely understand Stephenson's point, and agree to a certain extent, the reason that I (for example) tend to be more focused on security and privacy issues is because that is something over which I have some control. There is only so much that I can do about stray bullets, sad to say, but I can definitely help people to understand why they need to use encryption software to protect themselves and their privacy. I can definitely help people install and configure PGP, and create key pairs and distribute them. Yeah, maybe it's not as noble a cause as some others, but it's what I can do. I'm a programmer, not a politician, or a police officer, or a lawyer. The same or similar probably goes for most of the readers on slashdot and most of the CFP attendees. People I know trust my judgement about computers and the Internet, so that's where I try to help.

Too often people try to get involved in what they don't adequately understand (such as politicians and lawyers trying to regulate the Internet), and this is the source of many many problems. I don't know how to help prevent random violence, or shootings, or kidnappings, or most of the other attrocities that take place in the modern world, so I do what I can. I try to help prevent things like privacy violations, to the best of my abilities.

It's not about hiding things from Big Brother, it's about personal privacy and personal freedom. This is how I can help, so this is what I do.

darren

Loki has a modified version of Bugzilla called Fenris which adds a little to Bugzilla. The code is available at http://fenris.lokigames.com/fenris-c ode.tar.gz, and it is running at http://fenris.lokigames.com/. It's pretty well suported and being actively developed by Michael Vance. darren
Cthulhu for President!

So, are there any CPHack mirrors out there, so I can add it to my deCSS mirror?

I'm wondering what took the ACLU so long to get in on the action. It seems like this is their kind of thing.

seems like they'll be creating an opportunity for smaller companies to sell 3.5... I'm sure many people are not sure about upgrading, or don't plan to right away. Someone with a cd burner and a fast connection could probably do pretty well selling 3.5. Just a thought...

darren

With a password policy like that, I have to ask: has your network been broken into lately? Do you work for a government contractor or something else that deals with sensitive data, like a bank? Otherwise, in normal, day-to-day use, this sounds like overkill. If the admin is that worried about passwords, get a strong firewall product to protect your network from the external world, so that you can lift some of the password restrictions for local users.

If your network has been broken into lately, it sounds like an overall security audit is called for -- most of the time the problem is not that passwords aren't strong enough, but that vital services are vulnerable (holes in FTP or Web servers, for instance, or Sendmail improperly configured, or SMB over the internet). The problem could could also be that the users are not careful with their passwords -- you can have the strongest password policy in the world, but if Joe in Marketing keeps giving his password to his brother every time he changes it, you will continue to have problems.

If you are working for an organization that has sensitive data and resources to protect, there are many methods of authentication that don't require passwords -- someone already mentioned biometrics. I prefer using encrypted connections, such as SSH with key exchanges, where passwords are not send (passphrase are maintained on the local machine only and not sent over the network). Many of these are transparent to the user (though of course totally different to the machine, often requiring installation of specialized clients or other software).

• It seems to me that if you make password policies too outrageous, users will find a way to circumvent the system

Like what, actually remember their passwords?

In the daemon's advocate column, Greg Lehey explains Microsoft's SIS (the symlink thing) and why they aren't really the same as symbolic links. Pretty informative.

darren

Anyone know what this statement means?

• Linux isn't really built around a single code base, although it is certainly more of a single code base than BSD is.

I was under the impression that the Linux code base was unified. Sure, the drivers are contributed and maintained by random folk, but Linus has the final say over what is part of Linux. This sounds like a single code base to me, as opposed to the *BSD's, where there are four code bases which have almost nothing in common except history.

Can anyone clarify this for me?

darren

That's the argument that Microsoft has been trying to sell you for a while now. Why take the time to put something else on this PC? It already has Windows. Why bother doing something else, something risky, or experimental, even if you stand to gain quite a bit from the experiment?

Sorry, don't mean to jump on you -- but this sort of thing (porting something from one platform to another) is exactly what advances the state of technology. Being able to take an OS and customize the shit out of it (which you only really do with source code access), to me, justifies bying a limited functionality box like this one and only building exactly what you need on it.

darren

Imagine how much they could charge for listing your company's name on the outside of their envelope, associated with the word porn. You know that every 14-year-old boy who saw this in the mailbox wrote down every URL, and probably visited them all. That's thousands, possibly more, of banner ads that will get served just to people looking for porn. Come to think of it, all those concerned parents are also going to look at all the sites listed, for similar reasons ("Gotta find out which site to block"). If I owned a company, and needed some sneaky ad money, I would jump at this chance.

Although it's not really the same thing, this reminds me of how search engines will prominently feature ads for certain companies based on search terms (Ford ads when you search for "cars", etc).

darren

I should probably state up front that, when it comes to organizing files and directories, I am a huge fan of hierarchies and namespaces. Nothing is more frustrating than a disorganized FTP site, and few things are harder to use.

The easiest way to layout your file system, for FTP, is by functionality. I don't know what you are putting in there (the final answer depends greatly on this, of course), but I am going to assume that your company makes software products and is making the source/binaries available via anonymous FTP.

Other than the standard subdirectories required for operation of the FTP server (/bin, /etc, /lib, /dev), create a directory called /pub. Create a sibdirectory called software (which will live next to your mirrors subdirectory, natually :) ). In /pub/software, create a subdirectory for each package name. So here is a sample /pub:

If you have multiple versions of your software available, and if you provide source as well as binaries, you can further subdivide each packages subdirectory with src and dist subdirectories, putting Foo-0.1.tar.gz into /pub/software/Foo/src and Foo-0.1-linux-gnu-pc.tar.gz into /pub/software/Foo/dist.

I think this makes for a well-organized FTP system where things are easy to find, even if a particular user isn't very familiar with your system. It maintains a clear distinction between version numbers and software packages. Using symbolic links, you can point to the correct versions of required libraries. This also makes your FTP site very easy for other sites to mirror. Did I mention that I like namespaces and organizational hierarchies?

darren

...Actually, the protocol specs are at http://capnbry.dyndns.org/gnutella /protocol.html

darren

• these versions are being produced by someone with access to the source code

When will this someone make the code available? If the source is not supposed to be out there, floating around, you would think that it benefit from being distributed. Stick it on a few anonymous servers, have a bunch of people archive it on their harddrives, and then eventually, distribute it on via gnutella.

I always wondered what this script would be...

#!/bin/sh

Or maybe

#!/bin/sh

while true ; do /usr/lib/netscape/netscape done

darren

Now here's a thought: what if there was a generic XML dialect (KML (Kernel Markup Language)?) that wasn't Linux specific -- if the maintainers of the Linux kernel, HURD, and the BSDs were able to come together, decide upon the standard feature set (without the specifics of implementations, i.e., modules as opposed to microkernel plugins) of modern kernels, and create an XML specification that would be valid across different kernels? Something where I could say, for instance, "give me PPP support, sound support, and ip masquerading, but not NFS or automounter support in my kernel", and have the same KML file be interpreted correctly whether I am compiling Linux, OpenBSD, or HURD. Now that would be groovy -- for those of us that need to run different platforms or different machine types.

Of course, I have no idea if this is feasable, it just seems like a pretty cool idea to me.

Over the last few months I've rebuiltmy kernel many times. often to try new features, or just to see what the differences were between stable and development, for example. I've found that the first few times are difficult (thank goodness I've had someone to give me a hand), but after that, I really haven't had a problem. Perhaps the kernel configs are getting a little complicated, but I don't think that means someone should write a markup language for it.

Besides, isn't the whole thing already managed by individual makefiles? Each developer adds a makefile to the subsection holding their module, and make calls the targets recursively? ls -R /usr/src/linux-2.3.51 | grep 'Makefile' | wc -l gives me 256 Makefiles, so that seems to be how it works.

darren

Wasn't the solution to this problem posted a few days ago? The Unmaintained Free Software Open Source project is your answer. It would help out UFO a lot too, to get such a high-profile site on there.

darren

At the last job I was at, we used to order HP monitors with every PC we bought (total of about 200 or so over 3 years), and every single one had a nicely folder cheetos bag in it (the single serving snack size one).

Weird.

darren

. . . here. They must have a lot of faith in it, huh?

darren

This caught my eye early this morning, and my first reaction was, "Are they going to raise the price of VMWare?" There's already a "Windows tax" on new PC's, is there going to be one on VMWare?

I have to wonder if this is the first step of Micro$oft's plan to move into Linux territory. Why port Office to Linux, if they can keep all the Windows-to-Linux converts using Office? Office is where their money comes from anyway.

I treat this in the same way that I treated the annoucement of Micro$oft's investment in Apple -- partly for the PR, partly to make it seem like they are playing nice in the business field, and partly to see if this can be a profitable outlet for Office and their other tools.

darren

Nah, don't be silly. If I want to bypass this, and I own a web site, I'll write a 3 line Perl script to proxy the page from my server, and set the referer appropriately. Child's play, if you're determined enough.

darren

Did a quick freshmeat search, and found a few. Hotbot returned "fewer than 1000" results for "web-based software management software" (exact phrase). Topclick has 61 results for "web-based project management software" (with quotes included); Google also returned 61 for the same query, although the order was different.

Sorry about just pasting in URLs -- I don't have any first hand experience with any of them.

oh yeah, er, um, first post.

darren

• being an AI sort of computer geek

So, has anyone written a Lisp interface for Mindstorms yet? I know about not-quite-c...

darren

I've been thinking about doing something similar for a while: create a "standard" personal distribution that can just be dropped into place on a new machine. It seems like the best plan would be to install a new machine exactly how you want it, and, on a spare partition, create one bigass tarball. Copy this tarball to a CD. Create a boot disk, minimal kernel with CD support. Boot off the boot disk, create the new partitions, and then untar the image from the CD. Is this an oversimplification? Maybe, but maybe not. There's really no reason why Linux has to be more difficult than this. Of course, this assumes that the machines have similar hardware, which is often the case when you get machines in batches. darren
Cthulhu for President!

Here's to hoping that Micro$oft releases their source code to the public.

I'm not sure if I'm in the minority here, or what, but I'm pretty anxious to see the source code for Windows. I think it'd probably be very instructive, even if (as a lot of nay-sayers say) it would be a lesson in what not to do.

But if this actually happened, what would be considered the source code for windows? Windows 2000 has a very different code base than, say, Windows 95 (which is DOS-based); would all the versions be released? I suppose the answer depends on whether they are forced by judicial mandate to release it, or if they release it based on a settlement of their own devising.

darren

The classes seem pretty PC/Mac oriented. This is not actually all that surprising -- I didn't expect Kernel Internals or anything -- and probably not all that bad. The intro courses (Introduction to Embedded Programming: DSP and the C, C++, and Java classes) look promising. The platform specific C++ classes (MFC, Mac) are probably a Godsend to someone who isn't me. All in all, it looks pretty promising. I registered, and am waiting to be notified of a bunch of classes...

darren

When I sign up for a user account at a particular site, I like to use a simple password at first (a variation on something obvious, like 'pa55w0rd') until I'm sure that I like the site and will continue visiting. If there is some information there that I consider worthwhile, I'll visit more often, and take the time to come up with a decent password. But often, strong passwords are unnecessary -- people who are forced to choose difficult passwords against their will tend to forget them, and often won't come back, whereas people who choose good passwords and are concerned with the integrity of their (insert site here) account will tend to be more conscientious.

Here are some suggestions:

• assign passwords. Choose a 10-character password with random alphanumerics and assign the password to that user (as Slashdot does when you create the account), and don't let them change it.
• Ensure that the length of the password is greater than 8 characters.
• ensure that no two characters next to each other are the same (to avoid passwords like '666' or 'fffffffff')
• good mix of uppercase, lowercase, and numbers, with at least one punctuation character.

The problem with password validation is that it tends to not be fast, and running it over the web on a busy site, where there may be dozens or even hundreds of simultaneous instances of this password validator running, can get extremely messy. Keep it simple, whatever you do.

Here's a thought -- have the user enter a "password suggestion," rather than an actual password. Then run it through some sort of standard filter(s) -- for example, rot13 it, then turn it into piglatin, and then transform it into k3wlt0k. (Perl's Text::Bastardize module will do all of these, and more). That way, their preferred password is (sort of) preserved, while you are ensured that they have a (somewhat) obfuscated password. Coupled with minimum password lengths (like 8 or 10 characters) means a password that, at the very least, is pretty silly, and not something like "MyDogFred".

True example: I have a friend who insists on using the name of the site the password is for as the password, so that he will not forget it. Dumb dumb dumb.

darren