Slashdot Mirror

Ask yourself this as well: when was the last time an open-source project you help out with surveyed its users to find out what was most important to THEM?

About 24 hours ago.

http://article.gmane.org/gmane.linux.gentoo.releng /375

I also did it about 36 weeks ago.

http://article.gmane.org/gmane.linux.gentoo.releng /174

In fact, it is very common for us to do this between all of our releases. We take these feature requests, along with the bug reports generated between the release, and try to work towards resolving every last one that we can before we release.

Ask yourself this as well: when was the last time an open-source project you help out with surveyed its users to find out what was most important to THEM?

About 24 hours ago.

http://article.gmane.org/gmane.linux.gentoo.releng /375

I also did it about 36 weeks ago.

http://article.gmane.org/gmane.linux.gentoo.releng /174

In fact, it is very common for us to do this between all of our releases. We take these feature requests, along with the bug reports generated between the release, and try to work towards resolving every last one that we can before we release.

It seems to me that a newsgroup reader (e.g.,rtin) would be even better for reading RSS feeds. Is there any service analogous to gmane that does this for RSS feeds?

Theres another version which has been posted on the linux networking mailinglist on August 5. (Search for "atheros driver" at http://news.gmane.org/gmane.linux.network )
One of the madwifi developers told me about it and said that he thought that it was more promising then the "openhal" version. I bet that if it works out it'll hopefully be easier to merge since the madwifi(+openhal) code would need some serious cleanup (removing wrapper/compability macros) before it'll get anywhere near merge-ready. //fatal

There are some interesting sites. Note Epson Developers. You might find this note about a large medical application interesting. I also noted a Rails project being developed in a department of the New York City government.

Bruce

Who told you RoR doesn't scale? Take a look at http://basecamphq.com/ and http://article.gmane.org/gmane.comp.lang.ruby.rail s/24863 . Basecamp is being "used by tens of thousands of people in over 40 countries!" . And it doesn't scale? C'mon, java-boy. All we know that 90% of projects doesn't need to be done in Java. Actually, if you need a *really* huge web-application, java isn't your choice too. Examples? Amazon, eBay, Google...

It seems that they don't have access to the specifications.
There have been some discussions already about it on the alsa-devel ML:
http://search.gmane.org/search.php?group=gmane.lin ux.alsa.devel&query=x-fi

GLI Roadmap

RSS can be quite useful for IT and other administrative notifications. My ISP, Pair, for example, uses RSS maintenance feeds to notify customers about about outages, maintenance, or other known problems.

RSS is serving as a vehicle for other communication mediums as well, like mailing lists and newsgroups. Gmane, another service that I use quite frequently, provides RSS feeds for their technical newsgroups.

And finally, RSS is already used by most major news agencies, such as Yahoo, the BBC, New Scientist, New York Times, and so on.

I'm more in favor of the Xgl method of modern linux desktop rendering. Currently a lot of work is being done on Xegl. Which is an extension of Xgl with the EGL API. There was a lengthy discussion over Xegl vs KAA on the freedesktop mailing-list. My impression is KAA is good for all basic hardware while Xgl/Xegl takes advantage of modern hardware.

You may be interested in another point of view on this:

To: spf-announce@v2.listbox.com
From: wayne@schlitt.net
Date: Fri, 24 Jun 2005 17:15:33 -0500
Subject: The IETF has accepted the SPF specification for RFC status!

Sender Policy Framework (SPF) News
by Wayne Schlitt, June 24, 2005

Greetings!

The IETF has accepted the SPF specification for RFC status!

A little over a month ago, we restarted this spf-announce mailing list
with a few updates of what had happened in the last year. Since
then, we have been hard at work on several things, and the first to
bear fruit is the SPF specification.

This SPF specification aims to clearly define the semantics of SPF,
based on the older SPF specifications from late 2003 and early 2004,
taking into account the state of SPF implementations and making
adjustments that have been requested by the IETF. This latest SPF
specification has undergone considerable review, not only by the SPF
community, but also by various IETF groups.

On June 6th, we submitted the completed draft for consideration by the
IETF, and today, the IETF has voted to accept the SPF specification as an
"Experimental" RFC[1]. The SPF specification still needs to go through the
RFC Editor, and this can take weeks or even months to complete.
(There are currently around 300 draft RFCs in the editor queue.)

We had asked for consideration as a "Standards Track" RFC rather than
"Experimental", but the IETF has informed us that they would only
consider "Experimental" status[2]. This was not a big surprise, but we
were surprised at some of the other actions that they took.

The IETF has decided that the SPF specification can not be made into
an RFC until the Sender ID specification is also ready. This appears
to be in order to be 'fair' to Microsoft[3]. Moreover, the IETF has
declared that the last 1.5 years of SPF deployment will not count
toward the two year requirement for experimental testing that they
have set. Again, this is to be 'fair' to Microsoft since their
testing has barely begun.

The Sender ID specifications call for the reuse of SPF version 1
records in incompatible ways in conflict with the SPF specification.[4]
We have made our objections clear to the IETF, but so far, the IETF
appears to be ready to bless this abuse of SPF records.[5] We will
continue to work to try and make SPF as reliable as possible.
__________________

[1] https://datatracker.ietf.org/public/pidtracker.cgi ?command=view_id&dTag=12662&rfc_flag=0

[2] http://thread.gmane.org/gmane.mail.spam.spf.counci l/312

[3] http://thread.gmane.org/gmane.mail.spam.spf.counci l/314

[4] http://www.schlitt.net/spf/spf_classic/draft-schli tt-spf-classic-02.html#anchor6

[5] http://thread.gmane.org/gmane.mail.spam.spf.counci l/333

You may be interested in another point of view on this:

To: spf-announce@v2.listbox.com
From: wayne@schlitt.net
Date: Fri, 24 Jun 2005 17:15:33 -0500
Subject: The IETF has accepted the SPF specification for RFC status!

Sender Policy Framework (SPF) News
by Wayne Schlitt, June 24, 2005

Greetings!

The IETF has accepted the SPF specification for RFC status!

A little over a month ago, we restarted this spf-announce mailing list
with a few updates of what had happened in the last year. Since
then, we have been hard at work on several things, and the first to
bear fruit is the SPF specification.

This SPF specification aims to clearly define the semantics of SPF,
based on the older SPF specifications from late 2003 and early 2004,
taking into account the state of SPF implementations and making
adjustments that have been requested by the IETF. This latest SPF
specification has undergone considerable review, not only by the SPF
community, but also by various IETF groups.

On June 6th, we submitted the completed draft for consideration by the
IETF, and today, the IETF has voted to accept the SPF specification as an
"Experimental" RFC[1]. The SPF specification still needs to go through the
RFC Editor, and this can take weeks or even months to complete.
(There are currently around 300 draft RFCs in the editor queue.)

We had asked for consideration as a "Standards Track" RFC rather than
"Experimental", but the IETF has informed us that they would only
consider "Experimental" status[2]. This was not a big surprise, but we
were surprised at some of the other actions that they took.

The IETF has decided that the SPF specification can not be made into
an RFC until the Sender ID specification is also ready. This appears
to be in order to be 'fair' to Microsoft[3]. Moreover, the IETF has
declared that the last 1.5 years of SPF deployment will not count
toward the two year requirement for experimental testing that they
have set. Again, this is to be 'fair' to Microsoft since their
testing has barely begun.

The Sender ID specifications call for the reuse of SPF version 1
records in incompatible ways in conflict with the SPF specification.[4]
We have made our objections clear to the IETF, but so far, the IETF
appears to be ready to bless this abuse of SPF records.[5] We will
continue to work to try and make SPF as reliable as possible.
__________________

[1] https://datatracker.ietf.org/public/pidtracker.cgi ?command=view_id&dTag=12662&rfc_flag=0

[2] http://thread.gmane.org/gmane.mail.spam.spf.counci l/312

[3] http://thread.gmane.org/gmane.mail.spam.spf.counci l/314

[4] http://www.schlitt.net/spf/spf_classic/draft-schli tt-spf-classic-02.html#anchor6

[5] http://thread.gmane.org/gmane.mail.spam.spf.counci l/333

You may be interested in another point of view on this:

To: spf-announce@v2.listbox.com
From: wayne@schlitt.net
Date: Fri, 24 Jun 2005 17:15:33 -0500
Subject: The IETF has accepted the SPF specification for RFC status!

Sender Policy Framework (SPF) News
by Wayne Schlitt, June 24, 2005

Greetings!

The IETF has accepted the SPF specification for RFC status!

A little over a month ago, we restarted this spf-announce mailing list
with a few updates of what had happened in the last year. Since
then, we have been hard at work on several things, and the first to
bear fruit is the SPF specification.

This SPF specification aims to clearly define the semantics of SPF,
based on the older SPF specifications from late 2003 and early 2004,
taking into account the state of SPF implementations and making
adjustments that have been requested by the IETF. This latest SPF
specification has undergone considerable review, not only by the SPF
community, but also by various IETF groups.

On June 6th, we submitted the completed draft for consideration by the
IETF, and today, the IETF has voted to accept the SPF specification as an
"Experimental" RFC[1]. The SPF specification still needs to go through the
RFC Editor, and this can take weeks or even months to complete.
(There are currently around 300 draft RFCs in the editor queue.)

We had asked for consideration as a "Standards Track" RFC rather than
"Experimental", but the IETF has informed us that they would only
consider "Experimental" status[2]. This was not a big surprise, but we
were surprised at some of the other actions that they took.

The IETF has decided that the SPF specification can not be made into
an RFC until the Sender ID specification is also ready. This appears
to be in order to be 'fair' to Microsoft[3]. Moreover, the IETF has
declared that the last 1.5 years of SPF deployment will not count
toward the two year requirement for experimental testing that they
have set. Again, this is to be 'fair' to Microsoft since their
testing has barely begun.

The Sender ID specifications call for the reuse of SPF version 1
records in incompatible ways in conflict with the SPF specification.[4]
We have made our objections clear to the IETF, but so far, the IETF
appears to be ready to bless this abuse of SPF records.[5] We will
continue to work to try and make SPF as reliable as possible.
__________________

[1] https://datatracker.ietf.org/public/pidtracker.cgi ?command=view_id&dTag=12662&rfc_flag=0

[2] http://thread.gmane.org/gmane.mail.spam.spf.counci l/312

[3] http://thread.gmane.org/gmane.mail.spam.spf.counci l/314

[4] http://www.schlitt.net/spf/spf_classic/draft-schli tt-spf-classic-02.html#anchor6

[5] http://thread.gmane.org/gmane.mail.spam.spf.counci l/333

No, thats the trustees archive which has not been updated to show the latest advancements. Try some "live" archives of the not-for-profit list and you'll find threads such as this one: http://thread.gmane.org/gmane.linux.gentoo.nfp/265 The transfer is complete.

IBM doesn't tend to release code to the public until it's been through a long approval process ;-)

FYI - there is a short response to this article on the Freenet website.

How about using this opportunity of discussion on Slashdot to bring up some of your own thoughts on Freenet?

With pleasure. Freenet has indeed had its fair share of problems, including an increasingly complex codebase that suffers from a lot of legacy code and abandoned ideas. That is why Freenet 0.7, the next major release, will be quite a significant rewrite.

Here is a recent email I sent describing the plan for 0.7:

People could be forgiven for thinking that the project had somewhat
stagnated given the lack of activity on these mailing lists, so I
wanted to provide an update because this could hardly be further from
the truth.

Oskar Sandberg, Matthew, and I have been developing some ideas for 0.7
which represent an even more fundamental architectural shift than have
been proposed to-date, and which should address one of the most
fundamental shortcomings of Freenet as it relates to Freenet's usage in
a hostile environment, and which I believe represents a significant new
innovation in the P2P-space.

As most people will be aware, Oskar was one of the core Freenet
developers in the first few years of the project. He is now working on
a PhD in Mathematics. Over the past few months he and I have been
collaborating on gaining a much deeper mathematical understanding of
how Freenet does what it does. While this work is far from complete,
it has given us some extremely useful insights and much more confidence
in determining what aspects of Freenet's design work well, which don't,
and why.

To understand the new idea, I should start with some theoretical
background. Consider a simple "graph". A graph in the mathematical
sense consists of a set of nodes, some of which are connected to
each-other. At this stage nodes don't have a position in space, all we
know or care about them is which nodes are connected to each-other. We
can assume that connections are bi-directional.

The "diameter" of a graph is the minimum number of nodes you must go
through to get from any one particular node to any other particular
node in the graph. Note that it may not be easy to find this path, but
the important thing is that it exists.

There is a mathematical result which tells us what kind of graphs have
a small diameter. Basically imagine we have three nodes, A is
connected to B, and A is also connected to C. The mathematical result
says that if, given that both are connected to A, there is an increased
probability that B is connected to C, then the graph will have a small
diameter.

So, if we have a graph that has this property then we know that we
*can* get from any one node to another in a small number of steps, but
we don't necessarily know *how*.

Now imagine that each node in the graph has a position in space, this
can be 1 dimensional, 2 dimensional, 20 dimensional space, it doesn't
matter too much. Imagine that we want to get from one particular node
in this graph to another particular node. A simple approach is, from
our starting node, go to whichever node we are connected to is closest
to the node we want to get to. This approach will work quickly in a
graph that is a "small world". In essence, a small world graph is
where there is a higher probability that nodes which are close together
are connected than nodes which are far apart.

In the ideal case, the probability that two nodes are connected is
proportional to 1/(d^n) where d is the distance between them, and n is
the number of dimensions in the space in which our nodes reside. This
mathematical result is due to Kleinberg.

A small-world graph therefore not only has a small diameter, but
provides an efficient means to find it.

Anyway, back to the story. One of Freenet's weaknesses in terms of its
usefulness in a hostile environment, is tha

Spin it however you like -- but read this.

OpenVPN's security model is quite strong -- as documented in the FAQ, it borrows heavily from preexisting (time-tested, heavily reviewed) protocols (not just SSL but ESP as well), and supports multiple layers of security (ie. "tls-auth", a pre-shared key authenticating all traffic; support for running unprivileged and within a chroot jail to prevent OS-level security breaches; etc). Further, the (limited region of) code which handles pre-authentication network traffic is heavily audited.

There has been analysis resulting in security vulnerabilities found; these have exclusively been related to misconfiguration, and even in those cases the daemon now spits out a warning when it detects such misuse. Certainly, OpenVPN hasn't garnered the level of direct review (as opposed to inderect review of components it borrows) that IPsec has -- but I'm confident in its security. Certainly, the other homegrown userspace VPNs all have serious issues -- but notably, those issues have by and large been pointed out, whereas OpenVPN's security model has had no serious flaws documented despite significant popularity.

OpenVPN has a number of other advantages as well -- plays nice with NAT, tunnels over almost any network, no interop issues (since there's just one implementation that runs anywhere), etc.

yup, Greasemonkey rocks.
I'm stuck behind a dump proxy that allows *.gmane.org but forbids gmane.org. Sadly all urls used in http://www.gmane.org/ link to http://gmane.org/

Clearly writing an extension for this is an overkill.

Here's the greasemonkey code for it:
// ==UserScript==
// @name WWW.gmane
// @namespace www_gmane
// @description Rewrites http://gmane.org/ -> http://www.gmane.org/
// @include http://gmane.org/*
// ==/UserScript==

(function() {
var scriptBefore = 'http:\/\/gmane.org'
var scriptAfter = 'http:\/\/www.gmane.org'
var xpath_a = "//a[contains(@href, scriptBefore)]";
var xpath_img = "//img[contains(@src, scriptBefore)]";
var xpath_link = "//link[contains(@href, scriptBefore)]";
var res_a = document.evaluate(xpath_a, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var res_img = document.evaluate(xpath_img, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var res_link = document.evaluate(xpath_link, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var i, link;
for (i = 0; link = res_a.snapshotItem(i); i++) {
link.href = link.href.replace(scriptBefore, scriptAfter);
}
var img;
for (i = 0; img = res_img.snapshotItem(i); i++) {
img.src = img.src.replace(scriptBefore, scriptAfter);
}
for (i = 0; link = res_link.snapshotItem(i); i++) {
link.href = link.href.replace(scriptBefore, scriptAfter);
}
})();

lam elessfilterlameles sfilter
lamelessfilter lamelessfilter
lameles sfilter ameless filter

yup, Greasemonkey rocks.
I'm stuck behind a dump proxy that allows *.gmane.org but forbids gmane.org. Sadly all urls used in http://www.gmane.org/ link to http://gmane.org/

Clearly writing an extension for this is an overkill.

Here's the greasemonkey code for it:
// ==UserScript==
// @name WWW.gmane
// @namespace www_gmane
// @description Rewrites http://gmane.org/ -> http://www.gmane.org/
// @include http://gmane.org/*
// ==/UserScript==

(function() {
var scriptBefore = 'http:\/\/gmane.org'
var scriptAfter = 'http:\/\/www.gmane.org'
var xpath_a = "//a[contains(@href, scriptBefore)]";
var xpath_img = "//img[contains(@src, scriptBefore)]";
var xpath_link = "//link[contains(@href, scriptBefore)]";
var res_a = document.evaluate(xpath_a, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var res_img = document.evaluate(xpath_img, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var res_link = document.evaluate(xpath_link, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var i, link;
for (i = 0; link = res_a.snapshotItem(i); i++) {
link.href = link.href.replace(scriptBefore, scriptAfter);
}
var img;
for (i = 0; img = res_img.snapshotItem(i); i++) {
img.src = img.src.replace(scriptBefore, scriptAfter);
}
for (i = 0; link = res_link.snapshotItem(i); i++) {
link.href = link.href.replace(scriptBefore, scriptAfter);
}
})();

lam elessfilterlameles sfilter
lamelessfilter lamelessfilter
lameles sfilter ameless filter

yup, Greasemonkey rocks.
I'm stuck behind a dump proxy that allows *.gmane.org but forbids gmane.org. Sadly all urls used in http://www.gmane.org/ link to http://gmane.org/

Clearly writing an extension for this is an overkill.

Here's the greasemonkey code for it:
// ==UserScript==
// @name WWW.gmane
// @namespace www_gmane
// @description Rewrites http://gmane.org/ -> http://www.gmane.org/
// @include http://gmane.org/*
// ==/UserScript==

(function() {
var scriptBefore = 'http:\/\/gmane.org'
var scriptAfter = 'http:\/\/www.gmane.org'
var xpath_a = "//a[contains(@href, scriptBefore)]";
var xpath_img = "//img[contains(@src, scriptBefore)]";
var xpath_link = "//link[contains(@href, scriptBefore)]";
var res_a = document.evaluate(xpath_a, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var res_img = document.evaluate(xpath_img, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var res_link = document.evaluate(xpath_link, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var i, link;
for (i = 0; link = res_a.snapshotItem(i); i++) {
link.href = link.href.replace(scriptBefore, scriptAfter);
}
var img;
for (i = 0; img = res_img.snapshotItem(i); i++) {
img.src = img.src.replace(scriptBefore, scriptAfter);
}
for (i = 0; link = res_link.snapshotItem(i); i++) {
link.href = link.href.replace(scriptBefore, scriptAfter);
}
})();

lam elessfilterlameles sfilter
lamelessfilter lamelessfilter
lameles sfilter ameless filter

yup, Greasemonkey rocks.
I'm stuck behind a dump proxy that allows *.gmane.org but forbids gmane.org. Sadly all urls used in http://www.gmane.org/ link to http://gmane.org/

Clearly writing an extension for this is an overkill.

Here's the greasemonkey code for it:
// ==UserScript==
// @name WWW.gmane
// @namespace www_gmane
// @description Rewrites http://gmane.org/ -> http://www.gmane.org/
// @include http://gmane.org/*
// ==/UserScript==

(function() {
var scriptBefore = 'http:\/\/gmane.org'
var scriptAfter = 'http:\/\/www.gmane.org'
var xpath_a = "//a[contains(@href, scriptBefore)]";
var xpath_img = "//img[contains(@src, scriptBefore)]";
var xpath_link = "//link[contains(@href, scriptBefore)]";
var res_a = document.evaluate(xpath_a, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var res_img = document.evaluate(xpath_img, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var res_link = document.evaluate(xpath_link, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var i, link;
for (i = 0; link = res_a.snapshotItem(i); i++) {
link.href = link.href.replace(scriptBefore, scriptAfter);
}
var img;
for (i = 0; img = res_img.snapshotItem(i); i++) {
img.src = img.src.replace(scriptBefore, scriptAfter);
}
for (i = 0; link = res_link.snapshotItem(i); i++) {
link.href = link.href.replace(scriptBefore, scriptAfter);
}
})();

lam elessfilterlameles sfilter
lamelessfilter lamelessfilter
lameles sfilter ameless filter

yup, Greasemonkey rocks.
I'm stuck behind a dump proxy that allows *.gmane.org but forbids gmane.org. Sadly all urls used in http://www.gmane.org/ link to http://gmane.org/

Clearly writing an extension for this is an overkill.

Here's the greasemonkey code for it:
// ==UserScript==
// @name WWW.gmane
// @namespace www_gmane
// @description Rewrites http://gmane.org/ -> http://www.gmane.org/
// @include http://gmane.org/*
// ==/UserScript==

(function() {
var scriptBefore = 'http:\/\/gmane.org'
var scriptAfter = 'http:\/\/www.gmane.org'
var xpath_a = "//a[contains(@href, scriptBefore)]";
var xpath_img = "//img[contains(@src, scriptBefore)]";
var xpath_link = "//link[contains(@href, scriptBefore)]";
var res_a = document.evaluate(xpath_a, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var res_img = document.evaluate(xpath_img, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var res_link = document.evaluate(xpath_link, document, null,
XPathResult.UNORDERED_NODE_SNAPSHOT_TYPE, null);
var i, link;
for (i = 0; link = res_a.snapshotItem(i); i++) {
link.href = link.href.replace(scriptBefore, scriptAfter);
}
var img;
for (i = 0; img = res_img.snapshotItem(i); i++) {
img.src = img.src.replace(scriptBefore, scriptAfter);
}
for (i = 0; link = res_link.snapshotItem(i); i++) {
link.href = link.href.replace(scriptBefore, scriptAfter);
}
})();

lam elessfilterlameles sfilter
lamelessfilter lamelessfilter
lameles sfilter ameless filter

I probably should have included a link to the post I made to the git mailing list with some more details.

Check out handhelds.org and the Familiar project. Most of the new stuff is on the wiki, and on the mailing lists (recent archives of which can be viewed through gmane.org).

We think Familiar provides a base operating system and application set that seriously rivals (if not outdoes) other mobile offerings. The only major issue we have on devices such as the iPAQ that don't run Linux out of the box is that getting all of the hardware supported is a difficult job. However, this situation is improving - commercially-sponsored projects to port Linux to specific handheld devices are currently going on, as are others driven by developers working individually.

Companies taking Familiar and using it as a base for something to be used in commercial products would be a good thing (provided that the GPL is followed, of course). We'd definitely like to see more of that happening.

Everybody knows Adobe as the inventor of PDF, but unfortunately the company was nowhere on the servermarket. MacroMedia on the other hand has a more than interesting server product: Cold Fusion. The combination of both technologies looks very promising to me.
But wait a minute! Weren't you able to produce PDF documents with Cold Fusion? Of course you were: ColdFusion MX 7.0 is shipped with the iText.jar (iText, a free Java-PDF library, hosted on SourceForge, originally developped by yours truly).
And now comes the funny part: due to some regulations I don't fully understand, MM can't use any Adobe technology (or vice versa) till the end of the year. This means that the new company Adobe Systems will be shipping iText in their products for PDF generation.
The company that invented PDF, shipping my F/OS library hosted at SourceForge! What a weird way things work out some times.

Everybody knows Adobe as the inventor of PDF, but unfortunately the company was nowhere on the servermarket. MacroMedia on the other hand has a more than interesting server product: Cold Fusion. The combination of both technologies looks very promising to me.
But wait a minute! Weren't you able to produce PDF documents with Cold Fusion? Of course you were: ColdFusion MX 7.0 is shipped with the iText.jar (iText, a free Java-PDF library, hosted on SourceForge, originally developped by yours truly).
And now comes the funny part: due to some regulations I don't fully understand, MM can't use any Adobe technology (or vice versa) till the end of the year. This means that the new company Adobe Systems will be shipping iText in their products for PDF generation.
The company that invented PDF, shipping my F/OS library hosted at SourceForge! What a weird way things work out some times.

As always, if anyone would like to support our development effort, please feel free to donate.

In the postscript to his announcement on moving away from BitKeeper, Linus rules out Subversion and states that Monotone "seems to be the most viable alternative".

Until I read that I had never heard of Monotone.

He asked what sucks about it. I told him. Seriously, nothing is perfect, including your precious rails, get over it. The list is only three items long, you should be proud, not trying to make up excuses.

I think I formed my opinions before the 0.10.0 release too. I tried what was being hyped as the greatest thing ever. These were the problems. Sorry you don't like it, but that's what I found. There has been no indication of a change in attitude with regards to security:
http://article.gmane.org/gmane.comp.lang.ruby.rail s/749/match=sql+injection
and a simple scaffolding blows up with the current version of rails for me, so I think clearly the mysql specific issue has not been dealt with sufficiently.

As for speed, benchmark ruby yourself, its recursion is an order of magnitude slower than other languages, PHP being the other language sharing this undesirable trait. And benchmarking rails vs some mess in tomcat doesn't mean anything about rubys performance. Benchmark ruby and java, java is WAY faster. I don't think this is that big of a deal, but you can't deny that this is one of the weaknesses rails has in it, which is what the poster specfically asked for. Everything has its downsides, and wanting to know about them from the start is a pretty smart move.

This has nothing to do with letting people use arbitrary statements. I don't know how you could think that after me already saying repeatedly that I am not talking about users running their own SQL queries. Thanks to the poster above for the search link, this is what I am talking about:

http://article.gmane.org/gmane.comp.lang.ruby.rail s/749/match=sql+injection

That is a bad attitude for a developer, and I do not use software written by people with that attitude. I'm not sure why this was such a big deal for you guys to understand, but some people care about security, not just when its convenient.

The other posts in this thread have nothing to do with this. I am not talking about any tutorial that was exploited, and I know nothing about that case, never heard about it before now. I am talking about a patch David refused. Thanks for the search link though, didn't realize the newsgroup and mailing list were the same. Here's the link for you:

http://article.gmane.org/gmane.comp.lang.ruby.rail s/749/match=sql+injection

As you can see, David refuses to make things secure for people who didn't magically guess to do it the "right" way, because it might inconvenience people. This is the wrong attitude, and I do not trust software written by people who feel convenience trumps security.

No search? http://news.gmane.org/gmane.comp.lang.ruby.rails

You are confused and the other posts in this thread do confirm it. Feel free to take a couple seconds to search the archives and prove yourself wrong though.

Thanks for the plug ;-) By far the biggest problem with Zero Install is simply that it requires a virtual filesystem, and POSIX doesn't provide a way to do this, so we have a Linux-only kernel module. And Linux has a really unstable module API, so we can't ship binaries, which makes it hard to install the system in the first place. But this is not a theoretical problem with app dirs, just a limitation of Linux.

For both Zero Install and the injector, the situation I want to support is:

• Multiple users.
• Sys admin doesn't trust users with root permission.
• Users don't trust each other.
• Two users want to run the same software. This must be efficient.

Current systems make you choose either:

• Inefficient (two copies downloaded and installed), or
• Insecure (second user must trust first user to get and install a good copy).

Readers might like to see the full discussion.

C++ via Boost::Python

Emacs via PyMacs

PostgreSQL via Pl/Python

...embarrassment of web tools...
I don't know about list hits on Gmane and usenet, but my SWAG says comp.lang.python is about twice as lively as comp.lang.c++.moderated.
I think that newsgroup postings, projects on sourceforge, and jobs on monster could probably give a less qualitative response...
Now, this asymptote you approach: are you by chance (or design) targeting Parrot for the Arc?

Still, looks like a nice box.

--
Does MSN censor search results?

Forrest J. Cavalier III | 9 Feb 19:54
Re: [OT] Russ Nelson's public relations
From: Forrest J. Cavalier III <mibsoft <at> mibsoftware.com>
Subject: Re: [OT] Russ Nelson's public relations
Newsgroups: gmane.comp.licenses.open-source.general
Date: Wed, 09 Feb 2005 13:54:39 -0500
Expires: This article expires on 2005-02-23

Ian Lance Taylor wrote:

> But since squiggleslash apparently did not understand Russ's short
> essay, it's hard to see how it matters.

I find the short essay is racist, but probably not for the reason most people would think. I think it is racist because it conjectures the motives of all blacks are explained by the motives of former black slaves.
The phrase "when their forbears were slaves" is an incredibly sloppy generalization, so anything which follows is intellectually unsupportable.

I highly doubt that the essay was written by Russ Nelson.

If it was, he was not in his right mind, and will correct it.

Hope you are OK, Russ.

... and ...

Mike Wattier | 9 Feb 21:24
Re: [OT] Russ Nelson's public relations
From: Mike Wattier <geek <at> devcompany.com>
Subject: Re: [OT] Russ Nelson's public relations
Newsgroups: gmane.comp.licenses.open-source.general
Date: Wed, 09 Feb 2005 13:24:19 -0700
Expires: This article expires on 2005-02-23

Hi,
> As a rule, I don't feel it is my place to pass moral judgements on others.
> I also am a strong believer in innocence until proven guilt, free speech,
> and Voltaire's contention. I most certainly do not believe in pre-emptive
> condemnation based on opinion.

Yet, you would not let michael jackson babysit your child nor would you let scott peterson take your wife fishing now would you?

There is a huge difference between "innocense until proven guilt" and "hold on, wtf did you say?" Anyone who thinks free speach should be without consequence is off his rocker. Take this list for example.. if something is not viewed as proper, several members on the list will let you know about it .. sans any type of compassion to the writer.. should we have seperate
rules for "leadership" ?

Personally.. the article was a feeble attempt to attack several groups. Mindless dribble from yet another ivory tower dweller.

Mr. Nelson's attempt to justify the perception that black people are lazy is evidence of his own ignorance to what the modern problems of racisim are.

my 0.02

Contrast this with Nelson's reply to them on the same list

Russell Nelson | 10 Feb 08:55
Re: [OT] Russ Nelson's public relations
From: Russell Nelson <nelson <at> crynwr.com>
Subject: Re: [OT] Russ Nelson's public relations
Newsgroups: gmane.comp.licenses.open-source.general
Date: Thu, 10 Feb 2005 02:55:48 -0500
Expires: This article expires on 2005-02-24

You're right, this is off topic.

Stephen Pollei writes:
> http://slashdot.org/~squiggleslash/journal/97860 has complaints about
> what Russ wrote at
> http://angry-economist.russnelson.com/blacks-are-l azy.html . It might
> make the news and reflect poorly on OSI.

Best way to calm a tempest in a teapot is to get rid of the teapot.
No teapot, no tempest.

He fails to realize that, if we're looking at a teapot analogy, the teapot is him, not the article, and the teapot is already showing cracks. He

Contributed back their full patchset, no. But a quick search reveals 1736 CVS commits to the WINE tree by Transgaming employees. Also note that ReWind is maintained by a Transgaming employee. Finally, remember that WINE's license at the time expressly permitted this behavior (and ReWind's still does).

IBM is going to drop the J-Bomb next week, an open-sourced Java SDK, at which point a whole lot of people are going to say, "Huh? Sun who?". I've got a dollar bet that that SDK is going on the ISO track which makes a whole other group of people happy.

Sun is trying to appease the open-source 'freaks' here but they just don't know how. Some almost-at-the-top people have been singing the open source song for a couple years but a few people actually at the top at Sun don't get it and so you get half-assed crap like this. This is a cry from the mountain to tell people they get it but they so don't get it they don't realize it's worse than nothing at all.

Not getting it is a great way to put a company out of business. It's too bad - I used to be a Sun cheer-leader and shareholder but that was a different Sun.

from: http://article.gmane.org/gmane.org.operators.nanog /28565

From: David M. Besonen panix.com>
Subject: Re: Registrars serve no useful purpose
Newsgroups: gmane.org.operators.nanog
Date: Wed, 19 Jan 2005 09:06:31 -0800

[a dated, biased (what isn't?), insightful, and
relevant interview]

Published on Policy DevCenter
(http://www.oreillynet.com/policy/)
http://www.oreillynet.com/pub/a/policy/2002/12/05/ karl.html

Karl Auerbach: ICANN "Out of Control"
by Richard Koman
12/05/2002

Editor's note: Strong forces are reshaping the Internet these days. To understand these forces--governmental, business, and technical--Richard Koman interviews the people in the midst of the changes.

This month, Richard talks to Karl Auerbach, a public board member of ICANN and one of the Internet governing body's strongest critics.

October's distributed, denial-of-service attack against the domain name system--the most serious yet, in which seven of the thirteen DNS roots were cut off from the Internet--put a spotlight on ICANN, the nongovernmental corporation responsible for Internet addressing and DNS. The security of DNS is on ICANN's watch. Why is it so susceptible to attack, when the Internet as a whole is touted as being able to withstand nuclear Armageddon?

It's religious dogma, says Karl Auerbach, a public representative to ICANN's board. There's no reason DNS shouldn't be decentralized, except that ICANN wants to maintain central control over this critical function. Worse, Auerbach said in a telephone interview with O'Reilly Network, ICANN uses its domain name dispute resolution process to expand the rights of trademark holders, routinely taking away domains from people with legitimate rights to them, only to reward them to multinational corporations with similar names.

Auerbach--who successfully sued ICANN over access to corporate documents (ICANN wanted him to sign a nondisclosure agreement before he could see the documents)--will only be an ICANN director for a few more weeks. As part of ICANN's "reform" process, the ICANN board voted last month to end public representation on the board. As of December 15, there will be zero public representatives on the ICANN board.

How does ICANN justify banishing the public from its decision-making process? Stuart Lynn, president and CEO of ICANN, said the change was needed to make ICANN's process more "efficient." In a Washington Post online discussion, Lynn said: "The board decided that at this time [online elections] are too open to fraud and capture to be practical, and we have to look for other ways to represent the public interest. It was also not clear that enough people were really interested in voting in these elections to create a large enough body of voters that could be reflective of the public interest. This decision could always be reexamined in the future. In the meantime, we are encouraging other forms of at-large organizations to self-organize and create and encourage a body of individuals who could provide the user input and public interest input into the ICANN process."

Former ICANN president Esther Dyson is also supporting the move away from public representation on the board. "I did believe that it was a good idea to have a globally elected executive board, [but] you can't have a global democracy without a globally informed electorate," Dyson told the Post. "What you really need [in order] to have effective end-user representation is to have them in the bowels (of the organization) rather than on the board."

Auerbach isn't buying. "ICANN is pursuing various spin stories to pretend that they haven't abandoned the public interest," he says in this interview. "ICANN is trying to create a situation where individuals are not allowed in and the only organizations that are allowed in are those that hew to ICANN's party line."

from: http://article.gmane.org/gmane.org.operators.nanog /28482

From: panix.com>
Subject: Re: Registrar and registry backend processes.
Newsgroups: gmane.org.operators.nanog
Date: Mon, 17 Jan 2005 18:16:25 -0800

[second posting attempt, apologies if the first identical post ever arrives]

On Mon, 17 Jan 2005 15:47:50 -0700, Michael Loftis
wgops.com> wrote:

>It's clearly broken, and needs to be put up for
>public review by 'the powers that be' so that it can
>be fixed. What's happening now feels close to a
>boiler room poker game, noone seems to know all the
>players, and even fewer know all the rules, so in the
>end everyone is a loser.

i suspect part of the reason for it feeling this way is because of the large amounts of money that are made specifically off of the .com and the .net registries. ~$1.2 _billion_ for .com and ~$30 million for .net annually (numbers from the following article). for what? the actual costs involved in administering these databases can't be anywhere near the revenue generated. the public is being bled for the greed of a few (as usual), imho.

anyhow, it also makes me wonder about the motivations behind this incident coming so close to the application deadline for administration of the .net registry ($30 million/year x 6 years minimum = $180,000,000). i dislike conspiracy theories but i'm also a realpolitiker.

david
--
P.S.
can anyone comment on the reputations of the .net registry administration contenders (no need to comment on verisign)?

VeriSign Has Challengers to Run .Net, the Domain
By ELIZABETH OLSON
The New York Times

Published: January 17, 2005

WASHINGTON, Jan. 16 - As long as the Internet runs smoothly, few people think too much about its workings. But later this month, the system's underpinnings will become a topic of debate when rival companies publicly bid to run .net, one of the Internet's most popular domains.

This will be the first time that VeriSign's .net franchise will be challenged. While .net is not as ubiquitous as .com, it has more than five million registered domain names, which translates daily into millions of page views, 155 billion e-mail messages and some $1.4 million in commercial transactions, according to VeriSign, the company in Mountain View, Calif., that manages .com, as well as .net.

About 40 percent of government domains allow access through .net, including the White House, the United States Senate, Homeland Security agencies and the Social Security Administration, making it a vital Internet transportation layer, said Tom Galvin, a spokesman for VeriSign.

So far, at least three companies in addition to VeriSign have indicated that they plan to vie for the franchise, which expires June 30. They are NeuStar, a Sterling, Va., company that runs .biz, and Afilias, which manages .info. A nonprofit firm in Frankfurt, Denic eG, which manages Germany's eight million registered .de domain names, has also indicated that it is planning to bid.

Selecting the domain manager is the job of the Internet Corporation for Assigned Names and Numbers. But Icann finds itself in a ticklish position because it has publicly clashed with VeriSign over the company's proposed Site Finder service, which would redirect queries from inactive or defunct Web addresses to a search engine supported by advertisers signed up by VeriSign.

When Icann concluded that was an unacceptable diversion and refused to allow the service, VeriSign accused the group

With a push system (SMTP), sending is simple (just connect to a server and dump the message); receiving is complex (run/rent a server with permanent internet connection). In a pull system, sending is complex (run/rent a server with permanent internet connection); receiving however, still requires a server to receive notes. Once these notes are collected, receiving is simple, with no guarantee of robustness (connect to remote message stores and download message).

Surely there are many projects to reinvent email? Most discussions here are about modifying SMTP for reasons of its sheer momentum, but I'd also like to see what the ideal system would look like. Links anyone? I suppose I could start by reading the article... but who does that?

While I'm at it, are there any projects or interesting discussions about distributed trust webs (a la gnupg/pgp)? Some way to quickly determine the trustworthiness/legitimacy of an ID you've never met given that you trust or don't trust a few IDs you have met before.

The code was finished (at least from our perspective, we couldn't think of any way to improve upon it) and now it looks like a failed project, even though it's finished, stable and documented.

But on Sourceforge you list it as "Status: Alpha/Beta", your last release was 0.2 half a year ago and the mailing list is inactive. You web site has no documentation, no references to projects using your code, and, again, no mailing lists. It has all the tell-tale signs of a failed project.

So my recommendations:

• Put the documentation online.
• Given that there's a second developer, communicate over the mailing list. Don't use private mail or IM. That way other people can comment too, and, well, participate in development. Or just see that the developers are still active.
• Even if there are no other developers, even if you know nobody is subscribed, still send at least announcements of new versions to the list.
• Put your own mailing list archive online, or use GMane. SF's mailing list archives suck.
• If you believe your code is stable, don't advertise it as "alpha". Just go ahead and call it 1.0. If it turns out you want to make some large changes, call it 2.0.
• Back to your website. Get rid of that stupid contact form. Who even uses those things? Advertise your mailing list instead.
• Get rid of PHP. Your site is slow and has ugly URL's. It's much easier to refer somebody to http://pobs.sf.net/download.html than to http://pobs.sf.net/index.php?section=9&page=25.

See my other post with links on how to setup TLS for your mail server, more info on building the web-of-trust, and GPG downloads for your windows friends.

http://yro.slashdot.org/comments.pl?sid=132181&cid =11046941

Also note that the ======== http://link ======== at the end of the parent post has been mangled by Slashdot Submissions Co. and should be fixed before forwarding it on to your friends, or posting anywhere. Broken links have never impressed anybody.

WTF - Here are some links from the link above again. Sorry about the bandwidth wastage but I think it's worth people seeing as practices contained within are sure to benefit us all (in Utopia - yay!)

[--snip-- (abridged) ]

WinPT :: Windows Privacy Tray [sf.net] is a good place to direct your friends still using windows.

I think a resource for mail administrators on how to add TLS capabilities to their SMTP handlers could be healthy for the net as well. On there would be step by steps on how to TLS-enable sendmail, postfix, qmail, proprietary-this, and proprietary-gateway-that.
:: Sendmail
:: Exim
:: Qmail

If you're running Postfix you've got little excuse to not be running TLS.
http://article.gmane.org/gmane.comp.encryption.gen eral/979

My SMTP traffic is opportunisticly TransportLayerSecure. Is yours?

Get a free server certificate from cacert.org If you haven't already you should add their Root Certificate to the list your browser accepts. They will also remotely sign your PGP/GPG keys and issue free S/MIME certificates as well. Very cool, totally free, and a distributed trust model rather than a top-down, it'll-cost-you-$199.00-for-an-SSL-cert model.

For more keysigning fun DO NOT MISS http://biglumber.com/! Find people nearby and extend your web-o-trust.

Host a keysigning party at] your next LUG [debian.org] meeting .

You can get a email-address-verified signature at http://www.imperialviolet.org/keyverify.html

Learn about using subkeys .

- - - - - - GPG keys -- The new web. - - - - - - -

[--snip-- (abridged) ]

Does anybody know of a good clearinghouse with information on plugins for a variety of mailers I could send my dad, high school friends, or grandmother to?

Anybody know of a list out there that collects information on how to secure your email, what's it's all about, and general key maintainence issues (for "the everyday net user")?

WinPT :: Windows Privacy Tray is a good place to direct your friends still using windows.

I'd like to be able to say to a friend: "Here's my key. Go to keepitprivate.com and find a plugin for the email software you use. Then next time you send me some email, just be sure to put it in an "envelope" (it just takes one extra click or can be set to happen automatically). You don't even need to lick a stamp! I value your privacy as much as I hope you value mine!"

I think a resource for mail administrators on how to add TLS capabilities to their SMTP handlers could be healthy for the net as well. On there would be step by steps on how to TLS-enable sendmail, postfix, qmail, proprietary-this, and proprietary-gateway-that. My SMTP traffic is opportunisticly TransportLayerSecure. Is yours?
Red Hat :: Sendmail
:: Exim
:: Qmail

If you're running Postfix you've got little excuse to not be running TLS.
http://article.gmane.org/gmane.comp.encryption.gen eral/979

Get a free server certificate from cacert.org If you haven't already you should add their Root Certificate to the list your browser accepts. They will also remotely sign your PGP/GPG keys and issue free S/MIME certificates as well. Very cool, totally free, and a distributed trust model rather than a top-down, it'll-cost-you-$199.00-for-an-SSL-cert model.

For more keysigning fun DO NOT MISS http://biglumber.com/! Find people nearby and extend your web-o-trust.

Host a keysigning party at your next LUG meeting.

You can get a email-address-verified signature at http://www.imperialviolet.org/keyverify.html

Learn about using subkeys.

- - - - - - GPG keys -- The new web. - - - - - - -

How the fcsk can some something that has .1% of the most common desktop be considered a standard?

I don't understand why people want a browser that has a POP and NEWS client built in? If I want to use POP I use my POP client (not outhouse). If I want to use NNTP I use a NEWS client.

I, for one use gmane with thunderbird. It funnels mailing lists into news groups. It is a bidirectional mail-to-news gateway. That way I never run out of limited space provided by my mail server. And I dont have to download the ml messages.

It is the ultimate way to manage mailing lists.

If Borland are being stinky, and poeople are starting to suffer from being "locked in" (even thought it was nice while it lasted) then its time to look at:

wxPython
and
Boa Constructor, a python IDE and RAD style designer. Its a bit harder than Delphi (or am I getting mentally stale) but at least its fully cross platform GUI and open source, so you get to increase your target market and never get locked in again.

No point in continuing with Delphi.net, it may only happen again in a few years when the fashions change.

I learned this lessen a few years ago when a nameless search engine salesman witheld some updates and we (Ananova/Orange) switched to the open source Xapian search engine and paid one of the original developers to do some more work on it for us. Xapian is now being trialed as the search engine behind gmane

Its the same lesson Richard Stallman learned years ago. Don't get locked in.

There's no need to learn that lesson twice. And, you may as well join the FSF while you are at it. You know it makes more sense than most political donations, and for less than the price of a night out each month! I got a copy of Lessigs "Free Culture" in the post today as part of my FSF membership.

Sam

If Borland are being stinky, and poeople are starting to suffer from being "locked in" (even thought it was nice while it lasted) then its time to look at:

wxPython
and
Boa Constructor, a python IDE and RAD style designer. Its a bit harder than Delphi (or am I getting mentally stale) but at least its fully cross platform GUI and open source, so you get to increase your target market and never get locked in again.

No point in continuing with Delphi.net, it may only happen again in a few years when the fashions change.

I learned this lessen a few years ago when a nameless search engine salesman witheld some updates and we (Ananova/Orange) switched to the open source Xapian search engine and paid one of the original developers to do some more work on it for us. Xapian is now being trialed as the search engine behind gmane

Its the same lesson Richard Stallman learned years ago. Don't get locked in.

There's no need to learn that lesson twice. And, you may as well join the FSF while you are at it. You know it makes more sense than most political donations, and for less than the price of a night out each month! I got a copy of Lessigs "Free Culture" in the post today as part of my FSF membership.

Sam

http://news.gmane.org/gmane.comp.multimedia.matros ka.devel

http://news.gmane.org/gmane.comp.multimedia.gstrea mer.devel