Slashdot Mirror
Domain: debian.org
Stories and comments across the archive that link to debian.org.
Comments · 7,134
-
Re:These have been around for a while
Frozen-bubble should be available for mipsel: http://packages.debian.org/etch/mipsel/frozen-bubble/download
-
Re:Might work ...
So was mine.
But that's probably because we are willing to spend the $129 in sweat equity to make our operating systems what we want. Most people don't have that option and are happy to pay $129. In other words: A carpenter wouldn't pay another carpenter to remodel his home... -
Re:A better sponsorship
Uhh.. what?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3747
"allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules."
That seems critical to me. Also, while a patch may appear in CVS/SVN within a week, it typically doesn't make it out to the distro users for several weeks afterwards. For instance, this flaw was published on July 6th, but it didn't make it to (for example) Debian until August 1st. http://www.debian.org/security/2006/dsa-1131
I don't really trust the way that apache categorizes their vulnerabilities as they list a DoS attack as critical, but a remote arbitrary code execution flaw as "important". So who knows.
-
Re:Freeze just now?
his link was wrong
-
Re:Oh, the fools...
I was referring to LowNMU. Not quite unrelated I would think.
Besides, the user's experience is what matters on a system, not the developer's. -
Re:Freeze just now?
You have confused me:
http://packages.debian.org/search?keywords=erlang
http://packages.debian.org/lenny/gfortran
http://packages.debian.org/lenny/atlas3-base
http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;dist=unstable;repeatmerged=1;src=hdf5 reports no bugs of any kind reported -- You should send bugmail requesting the new release of HDF5 if it really is stable.
(Mumps is missing, but I really wouldn't say I was missing it.)
Debian is renowned for its breadth of packaging; just how did you go about looking through all 16 thousand packages?
-
Re:Freeze just now?
You have confused me:
http://packages.debian.org/search?keywords=erlang
http://packages.debian.org/lenny/gfortran
http://packages.debian.org/lenny/atlas3-base
http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;dist=unstable;repeatmerged=1;src=hdf5 reports no bugs of any kind reported -- You should send bugmail requesting the new release of HDF5 if it really is stable.
(Mumps is missing, but I really wouldn't say I was missing it.)
Debian is renowned for its breadth of packaging; just how did you go about looking through all 16 thousand packages?
-
Re:Freeze just now?
You have confused me:
http://packages.debian.org/search?keywords=erlang
http://packages.debian.org/lenny/gfortran
http://packages.debian.org/lenny/atlas3-base
http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;dist=unstable;repeatmerged=1;src=hdf5 reports no bugs of any kind reported -- You should send bugmail requesting the new release of HDF5 if it really is stable.
(Mumps is missing, but I really wouldn't say I was missing it.)
Debian is renowned for its breadth of packaging; just how did you go about looking through all 16 thousand packages?
-
Re:Freeze just now?
You have confused me:
http://packages.debian.org/search?keywords=erlang
http://packages.debian.org/lenny/gfortran
http://packages.debian.org/lenny/atlas3-base
http://bugs.debian.org/cgi-bin/pkgreport.cgi?ordering=normal;archive=0;dist=unstable;repeatmerged=1;src=hdf5 reports no bugs of any kind reported -- You should send bugmail requesting the new release of HDF5 if it really is stable.
(Mumps is missing, but I really wouldn't say I was missing it.)
Debian is renowned for its breadth of packaging; just how did you go about looking through all 16 thousand packages?
-
Re:Why the name "Lenny"?
All Debian releases are named after Toy Story characters. Lenny is a pair of binoculars with feet.
-
Re:Freeze just now?
Put simply, no. See: http://lists.debian.org/debian-devel-announce/2008/01/msg00001.html
-
Re:I can't contact ftp.debian.org this last 2 days
for a bit more info:
http://wiki.debian.org/ftp.debian.org -
Re:I can't contact ftp.debian.org this last 2 days
for a bit more info:
http://wiki.debian.org/ftp.debian.org -
Suggestion: "offset 2000 dates", (y-2000).mm[.dd]
I propose Offset 2000 version numbers, i.e., "(y-2000).mm[.dd]". The first number is the year minus 2000, followed by "." and a two-digit month, optionally followed by "." and a two-digit day when there's more than one release in a month. So version 8.07 would be the first release in July 2008. If you made a later release on July 17, it'd be 8.07.17 (so if a project makes many releases in a month, you can again determine how old yours is).
Date-based version numbers have a lot going for them, because at a glance you know when it was released (and thus you can determine how old something is). If you choose the ISO order YYYY.MM.DD, the numbers sort very nicely; Debian packages often use YYYYMMDD for versioning. But there's a problem: full year numbers, or full dates in this format, are annoyingly large. For example, version numbers 2008.07.16 and 20080716 are painfully long version numbers to remember. That's not necessary.
So, use dates, but shorten then. Since nothing today can be released before 2000, shorten it by subtracting 2000. Note this is subtracting - there's no Y2K-like rollover problem, because the year 2100 becomes 100 and the year 3000 becomes 1000. The second number is the month; using a two-digit month means you don't have the ambiguity of determining if "2.2" is earlier or later than "2.10" (you would use "2.02" instead). If you need to disambiguate day releases (or you make additional releases in the same month), add "." and a two-digit day.
These version numbers are short, they're easy to compare, and they give you a clue about when it happened. Ubuntu already uses this scheme for the first two parts, so this scheme is already in use and familiar to many.
If you use a time-based release system, using this version numbering system is easy, and you can even talk about future releases the same way. But what if you release software based on when the features are ready, or want to talk about the system under development? You can't easily call it by the version number, since you don't know it yet, but that's not really a problem. In many cases, you can just talk about the "development" version or give a special name to the development version (e.g., "Rawhide" for Fedora). If you need to distinguish between multiple development versions, just give each of them a name (e.g., "Hardy Heron" for Ubuntu); on release you can announce the version number of a named branch (e.g., "Hardy Heron is 8.04"). This is more-or-less what many people do now, but if a lot of us used the same system, version numbers would have more meaning than they do now.
-
More stupidity
http://www.gnome.org/projects/outreach/women/
We're nerds and haven't seen enough boobs is it. When [Redacted] joined the [Redacted] team, I recall a couple months of visually frequent comments about her boobs in the devel channel. I'm sure this is exactly what chicks want in a community: eternal focus on their tits.
-
Re:Is Linux kernel 2.6.26 == Linux 2.6.26 ?
All these operating systems are often refered to as Linux, as that's what makes them all so very compatible (If an app runs in Ubuntu, it very probably also runs in Suse).
That's certainly not mainly the accomplishment of the kernel, but of libc and a million other userspace libraries and applications.
There's no such thing as GNU/Linux, because I've never ever seen an
-
It's simple
Data collection should be considered intrusive unless the user is warned beforehand and/or has the option to disable it.
A good example is popularity-contest in Debian and I think it was Winamp that also asked if you wanted to let it send anonymous statistics. -
Re:I heard...
I'm not quite sure, I couldn't get it to work out. I did figure out that if the mirror plasmoid is running a terminal, and you run vrms while saying goatse three times, Stallman's laughing face appears in the plasmid, and it runs apt-get remove on all non-free software on your machine.
So far, it seems to be preventing me from reinstalling everything. So excuse me, I need to go rebuild my entire music collection in vorbis.
-
Here you go.
As djbdns is now in the public domain, Debian provides dbndbs, which supports IPv6 out of the box.
-
Yes, how terrible.
I'm sure the half-dozen people who are actually using IPv6 right now are terribly devastated by that.
Wait, no, there's not even that excuse. There's a patched version--since djbdns is now public domain, you can just grab Debian's dbndns package, which includes IPv6 support.
-
Debian advisories.. glibc stub resolver effected!
Debian released 3 advisories:
bind9:
http://www.debian.org/security/2008/dsa-1603bind8:
http://www.debian.org/security/2008/dsa-1604glibc:
http://www.debian.org/security/2008/dsa-1605Bind9 now contains a port randomization, which can require firewall rule changes.
Bind8 is now considered deprecated and the advisory recommends upgrading to bind9. There is no patch for bind8.
The glibc stub resolver is also vulnerable, and there is no patch yet. The recommended workaround is to install bind9 as a caching resolver and point
In short, this is a big mess.
-molo
-
Debian advisories.. glibc stub resolver effected!
Debian released 3 advisories:
bind9:
http://www.debian.org/security/2008/dsa-1603bind8:
http://www.debian.org/security/2008/dsa-1604glibc:
http://www.debian.org/security/2008/dsa-1605Bind9 now contains a port randomization, which can require firewall rule changes.
Bind8 is now considered deprecated and the advisory recommends upgrading to bind9. There is no patch for bind8.
The glibc stub resolver is also vulnerable, and there is no patch yet. The recommended workaround is to install bind9 as a caching resolver and point
In short, this is a big mess.
-molo
-
Debian advisories.. glibc stub resolver effected!
Debian released 3 advisories:
bind9:
http://www.debian.org/security/2008/dsa-1603bind8:
http://www.debian.org/security/2008/dsa-1604glibc:
http://www.debian.org/security/2008/dsa-1605Bind9 now contains a port randomization, which can require firewall rule changes.
Bind8 is now considered deprecated and the advisory recommends upgrading to bind9. There is no patch for bind8.
The glibc stub resolver is also vulnerable, and there is no patch yet. The recommended workaround is to install bind9 as a caching resolver and point
In short, this is a big mess.
-molo
-
Re:Choice of file system
Actually I've chosen XFS over RaiserFS way before this case. It was his "craziness" and incisiveness on spamming users with copyright info every bloody time they use any tool drove me away from the entire FS. And on top of that, calling the FS after yourself, raised some flags for me regarding the ego and "need for attention" and overall metal health of the original author.
http://lists.debian.org/debian-devel/2003/04/msg01295.html
Calling removal of excessive copyright statements plagiarism is a little crazy to me.
There is a similar "aura" around the author of cdrecrord
http://cdrecord.berlios.de/private/cdrecord.html
Of course, I'm not implying that there is any comparison between the individuals, they just both seem "overbearing".
"Warning: do not use Debian binaries/sources as they include many Debian specific bugs and still do not run correctly on Linux-2.6" in bold red letters on the front page is a little confrontational.
But then I guess there are "crazies" in the proprietary world as well
-
Re:Don't expect any radical shift
Linux runs on more platforms and more CPU architectures needs citation? Are you stupid? Windows does what, Itanic, x86, x86-64 and if you stretch "Windows" (CE, AKA Mobile doesn't even use close to the same codebase as Windows proper, unlike Linux) maybe ARM? There are 11 alone supported by the Debian distribution, to say nothing of where the kernel actually runs. That's many more than Wind River or NetBSD actually support. They are embedded systems. Linux runs both embedded AND desktop AND big iron with the same kernel. No other OS can say that.
And for higher performance, identical software on identical machines runs faster under Linux than Windows.
BTW, NT only booted on Alpha and MIPS derivatives natively as a commercial product. SPARC support wasn't even done by Microsoft, it was done by Intergraph for a special contract. But guess what? They did that in 1995, and Linux had Alpha support in 1994. Guess you were wrong. And given that the first Linux kernel was very specifically x86 and was written in 1991, if you want to compare rates of development, I'd say that Linux is WAY ahead of Windows. Go troll your idiocy elsewhere.
-
Install encrypted
I just got myself my first laptop in 5 years. I need to compute on the rode again. Since I am a longtime Debian user the choice was easy. I got the current beta installer for Lenny:
http://www.debian.org/devel/debian-installer/And lo and behold: encrypting every partition was very easy to set up using it.
I imagine every current distro should have that feature build into the installer. Just look for it next time you install a laptop.
And if you have to use Windows there is always Truecrypt. So I don't see any reason why the data should not be encrypted.
-
Re:GREAT!
That's because no real GNU/Linux distro includes Flash
-
A Parting Gift
A set of Debian installation DVD's and an installation CD of OpenOffice.org, so he can see the worlds computing future! I think he has seen the writing on the wall, and is jumping ship.
Ironicly, he has done more to promote Linux, Open Source, and "Free" Software than anyone.
I don't see much change in the way Mickey$oft will do business in the future. They have never learned from their mistakes!
-
Re:(Troll) I hate java, why does /. love it?
Is Java faster? Yes. But the first dynamic language (AFAICT) in this benchmark is only 18% slower (SBCL). Not exactly compelling evidence that all those obsessive-compulsive type annotations buy you much
And if Lisps make your eyes glaze over, Python (+ Psycho) is only 3.4 times slower than the fastest Java in that benchmark. Hardly an order of magnitude.
And dynamic languages can get much faster.
-
Re:...am I missing something here?
See this bug report for ttf-liberation.
-
Re:MOD PARENT UP
By "from", I meant "starting with". It's still slow today, at least as of 12 hours ago. Yes, it's within a factor of two of C, but remember that we're only using it for the performance-critical stuff, so this really does matter.
As for CORBA, yes it's a monster, but I don't see how that's relevant. I'm talking about calling Java from (say) Python in a reasonably efficient way. -
Re:You know how you can help, Sun?
plus, even though the jython library version is out-of-date, it still makes c-python look like a snail - and i never thought i'd say that java is faster than c!
I'd like to see some benchmarks for this. From what I've seen, C-Python still beats both Jython and IronPython. -
Re:keep laughing
Not only that but there will be a Debian GNU/Hurd if Hurd ever becomes usable, as well as NetBSD and FreeBSD kernels. So specifying that you're using Debian with a Linux kernel isn't actually redundant. See: http://www.debian.org/ports/index
-
Everyone's heard of HAL,
but just wait until you see MegaHAL!
-
Re:Not available to everyoneWhether the software is modified or not is irrelevant.
IANAL. But I think you are wrong. If they (re)used somebody's else work verbatim, then they are users - they are not obliged to host somebody's else work.
There is no case of derivative work. People just used readily available software without modifying it.
Or to put it otherwise. They provide both BusyBox and Linux source code readily - you can also (immediately) access it: just go to BusyBox.net and Linux.org.
BTW, it works the same in Linux distributions in general and in Debian in particualr: they do not provide you with sources of the packages - they just (1) link to original URL of tarball package and (2, if applicable) give you a patch with changes. If there were no changes, then it can be said that Debian also violates GPL: it doesn't ship the sources - it just links to them. (Debian Archives)
Hum?
-
feeds
News feeds:
IE Blog - for keeping track of what MS is up to on the browser front
http://blogs.msdn.com/ie/atom.xmlStandards Blog - not as many posts now days, was very important during the height of the ooxml/odf war
http://www.consortiuminfo.org/standardsblog/backend/geeklog.rssI keep OSNews for completeness, but it is pretty useless - software news
http://osnews.com/files/recent.xmlAnandtech - hardware news and reviews
http://www.anandtech.com/rss/articlefeed.aspxArs Technica - tech news and commentary
http://arstechnica.com/index.rssxPhoronix - linux graphics news and info
http://www.phoronix.com/rss.phpLinux Weekly News
http://lwn.net/headlines/rssKDE announcements
http://www.kde.org/dotkdeorg.rdfOpen Source Software Planets:
http://planet.debian.org/rss20.xml
http://planet.fedoraproject.org/atom.xml
http://planet.ubuntu.com/rss20.xml
http://planet.gnome.org/atom.xml
http://planetkde.org/rss20.xml
http://planet.freedesktop.org/rss20.xml
http://planet.mozilla.org/atom.xml
http://planet.jabber.org/atom.xml
mostly software releases and XEP updates
http://planet.jabber.org/news/atom.xmlhttp://maemo.org/news/planet-maemo/atom.xml
environment feeds:
Good Pacific Northwest environmental news
http://www.sightline.org/daily_score/rssBest environmental news and discussion on the web
http://www.worldchanging.com/index.xmlI keep Treehugger for completeness, but I mark 90% of their posts as read without looking at them.
Really too "light green/consumer green" for me
http://www.treehugger.com/index.xmlother feeds:
Dive into Mark - not what once was, but good enough to keep around
http://diveintomark.org/feed/Loooong posts on software
http://steve-yegge.blogspot.com/atom.xmlBruce Scheier knows Alice and Bob's shared secret
http://www.schneier.com/blog/index.rdfThe intersection of Science (especially Evolution), Liberalism, Atheism, and Squid
http://scienceblogs.com/pharyngula/index.xml"Your comment has too few characters per line" - what a load of bull. Taco, I know this and the timer are supposed to cut down on spam, but I think they annoy legitimate posters more than they reduce spam. You should really reconsider these "features".
-
Re:Too complex
It's too complex for most.
No. They don't have an urgent need. They'd do it if there was an urgent reason for it.
sending my and all of their friends their public key
That's what a key server is for. http://packages.debian.org/etch/onak
If MS would simplify it...
Show me the business case for a company the size of MS to get involved in this. There isn't one. RSA was as big as they got and they weren't strong enough to stay out on their own.
Nevermind the fact that it is simple!!! Compared to all of the time and effort it took to learn how to use a computer, it's ridiculously simple. People just don't want to pay for it or even feel the need to get it. -
Funny you should mention package management
Package management is my biggest issue with OpenSuSE.
They started with YaST in the 9.x series. Then for a while, APT4RPM was the thing everyone used. Then the APT repositories disappeared and I had to switch to Yum, though the web site recommended switching to SMART. Now the official package manager is something I can't even remember the name of because nobody else uses it... *looks it up* Zypper.
I mean, WTF? Five different package managers in a couple of years, and they haven't done the intelligent thing and switched to a proven system that actually works? I mean, I understand why RedHat use RPM--they shat it out, so they feel obliged to keep using it. But why does SuSE keep using it, and why do they keep switching the front end? -
Re:FINALLY!
In that case though, there are packages that download the binary and package it properly (see http://packages.debian.org/testing/misc/googleearth-package).
-
Re:Anonymous Coward
If you want to upgrade the rest of the system, but leave some packages the same, there's the concept of pinning. There's very little reason to do so, but it's available.
The best part of Linux distros is that all your software is kept up-to-date without having to continually have each individual application check itself or have to go around personally checking for new versions of the programs that you use. Why would you NOT want that, except possibly for very specific cases like a version of the JVM that has a certain broken behavior your program depends on? There's no other good reason I can think of. -
Re:Make people realise the benefit of OSS
http://archive.debian.org/debian-archive/dists/bo/
binary archive of debian bo based on a 2.0.x series kernel.
get it while it's hot! -
C is easy - what about Java or Python?
Arrays, pointers and functions, no memory protection, dangerous strings. I would like to see the same contest with other 'safer' languages, say Java or Python.
What languages are best suited to underhanded tactics, that is, seemingly innocent but evil?. Notice that underhandedness is very different from plain old abuse -- anybody can write unreadable programs in their favorite language. But, can you make them "clearly read" something different from what is actually written?
Seems like an important question for people who use Open Source because of the difficulty for adding back doors. For many applications, security is at least as important as speed, and you already have The Shootout for that.
-
Re:Opera 9.5 released todayOpera support more platforms directly It depends on what you call "support". It makes more official builds, but FF runs on more architectures and platforms because you can compile it anywhere if the tools are available. See for example this page which says that Debian maintains a version of Firefox for 12 architectures (I omitted the kfreebsd ports), and that's only for Linux. There are also builds for OpenSolaris and all BSD variants maintained by their respective teams.
-
Re:Aptitude?
-
Re:Paid developers?
Debian does not have a commercial model. It's very foundation is exactly the opposite:
The Debian Manifesto -
Debian runs fine on eeePC
There are some Debian EeePC problems, but it's quite ok.
-
Re:Wake up! Domestic spying is bad news.Hey, is there any word if diffie hellman key generation was also weak? That could potentially be much much worse than the private key problem because that means ephemeral keys aren't ephemeral after all, and old tcpdump archives could be decrypted. Some captured OpenSSL sessions may be open to compromise due to faulty key exchange. From the Debian wiki (emphasis theirs):
In addition, any DSA key must be considered compromised if it has been used on a machine with a 'bad' OpenSSL. Simply using a 'strong' DSA key (i.e., generated with a 'good' OpenSSL) to make a connection from such a machine may have compromised it. This is due to an 'attack' on DSA that allows the secret key to be found if the nonce used in the signature is known or reused.
-
Re:Somebody update NoScript.
Port a language with better scalability and modularity, not more of the same.
But that's exactly the point, exactly the point. The wins for Microsoft are two-fold: keep developers busy with yet another language AND increase the need for beefier microprocessors by using a language whose implementation is known to be abysmally slow[1] (Intel likes this) -
Re:Anti-Malware Response
Uh, http://www.debian.org/security/2008/dsa-1571
"Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable." -
Re:EEEPC already does that. M$ is over.
OK, yeah, there's PalmOS too but I don't count it any more since it's painful and users/developers are leaving it in droves because it and the devices it runs on are obsolete.
(I'm a former Treo 650 owner. My Tilt is such a breath of fresh air after that limited and buggy POS.)Not that I'm going to switch, but I'll pose the same questions to you that I did to the iphone people: where are the apps that I use everyday on PalmOS? I have source to the vast majority of them, but that would still require I port them; will I have to use a windows desktop to do that? Or can I compile and test them on any platform I choose?
As for lockdown, I know of at least one phone that (unlike android) is not locked down, and it already exists and is available for purchase.