Slashdot Mirror

I've been fairly pleased with Redhat initiatives like The Center for the Public Domain which funds ibiblio (was Metalab, was Sunsite) and other groups working for freedom of information. We know that free software is political and having a representative in various political processes can be helpful. So, what standards bodies is Redhat on, what kind of political lobbying does it do and what issues does it advocate in those fora?

http://www.microsoft.com&item=q209355@http://32863 01978/Q2%3093%35%35%2e%61%73%70

http://www.ibiblio.org/dbarberi/dict/, hier valt naast de befaamde "lam3rizer" iets vinden dat claimt Engels in Nederlands om te zetten en vice versa. De implementatie laat nog wat aan zich te wensen over, maar Nederlands is nu eenmaal een moelijke taal :/

you mean like this ?

I've been studying art history and composition (as a way of figuring out how to make my web pages suck less). I think you can date the original pretty accurately this way: after the discovery of perspective, but before the devleopment of advanced methods of composition. Probably mid 15th c to early 16th c.

Medeival artists followed the classical Roman practice of strict symmetry. Ancient mosaics look like stiffly posed group photos -- the most important figure is placed in the center and larger, flanked by other figures carefully balanced on each size by number, size and importance. This scheme was so engrained that even the greatest artists always followed it slavishly. Leonardo's Last Supper (ca 1495) used the science of perspective, but followed the careful convention of balancing every element on one side with a nearly identical element on another. At the end of the Rennaisance artists began to try alleviate the monotony of exact symmetry by replacing it with symmetrical balance -- several persons on one side might be balanced by a horse on the other.

By one hundred years later, symmetry was entirely out of the window as artists used perspective, value, and advanced composition techniques subtly draw the eye to the main subject obliquely. Compare a rennaisance painting by Michelangelo or Titian to a baroque painting by Carvaggio.

This illustration is too symmetrical to be late 16th c (although it might have been done in an antique style), but must be at least 15th c due to the use of perspective (although subtle) and the attempt to avoid exact duplication while keeping strict symmetry.

I've been studying art history and composition (as a way of figuring out how to make my web pages suck less). I think you can date the original pretty accurately this way: after the discovery of perspective, but before the devleopment of advanced methods of composition. Probably mid 15th c to early 16th c.

Medeival artists followed the classical Roman practice of strict symmetry. Ancient mosaics look like stiffly posed group photos -- the most important figure is placed in the center and larger, flanked by other figures carefully balanced on each size by number, size and importance. This scheme was so engrained that even the greatest artists always followed it slavishly. Leonardo's Last Supper (ca 1495) used the science of perspective, but followed the careful convention of balancing every element on one side with a nearly identical element on another. At the end of the Rennaisance artists began to try alleviate the monotony of exact symmetry by replacing it with symmetrical balance -- several persons on one side might be balanced by a horse on the other.

By one hundred years later, symmetry was entirely out of the window as artists used perspective, value, and advanced composition techniques subtly draw the eye to the main subject obliquely. Compare a rennaisance painting by Michelangelo or Titian to a baroque painting by Carvaggio.

This illustration is too symmetrical to be late 16th c (although it might have been done in an antique style), but must be at least 15th c due to the use of perspective (although subtle) and the attempt to avoid exact duplication while keeping strict symmetry.

I've been studying art history and composition (as a way of figuring out how to make my web pages suck less). I think you can date the original pretty accurately this way: after the discovery of perspective, but before the devleopment of advanced methods of composition. Probably mid 15th c to early 16th c.

Medeival artists followed the classical Roman practice of strict symmetry. Ancient mosaics look like stiffly posed group photos -- the most important figure is placed in the center and larger, flanked by other figures carefully balanced on each size by number, size and importance. This scheme was so engrained that even the greatest artists always followed it slavishly. Leonardo's Last Supper (ca 1495) used the science of perspective, but followed the careful convention of balancing every element on one side with a nearly identical element on another. At the end of the Rennaisance artists began to try alleviate the monotony of exact symmetry by replacing it with symmetrical balance -- several persons on one side might be balanced by a horse on the other.

By one hundred years later, symmetry was entirely out of the window as artists used perspective, value, and advanced composition techniques subtly draw the eye to the main subject obliquely. Compare a rennaisance painting by Michelangelo or Titian to a baroque painting by Carvaggio.

This illustration is too symmetrical to be late 16th c (although it might have been done in an antique style), but must be at least 15th c due to the use of perspective (although subtle) and the attempt to avoid exact duplication while keeping strict symmetry.

I could make that list even longer with many more projects that Red Hat either funds, maintains, develops or contributes to, but I think I've already proven my point.

not entirely but very heavily so. see http://ibiblio.org/osrt/develpro.html aka A Quantitative Profile of a Community of Open Source Linux Developers. European e-mail endings of LSM identified authors account for 37% of the software we counted. German or .de endings identified the largest number other than .com some of which we know are also Germans.

Learning Python is not hard (remember how long it took you to learn Perl?) -- you can do it in an evening by reading any one of these free (and Free) online books:

• Dive Into Python - written for the Slashdot crowd, it assumes you know one real language (like Perl, Java, or C++) and takes you from there. Steps through real code to teach you the language basics (and not-so-basics), and makes frequent comparisons to the language(s) you already know.
• How To Think Like A Computer Scientist (Python version) - better for those with less programming experience. Not as detailed, but gentler.
• Learning To Program - for those with no programming experience whatsoever who want to learn Python as their first programming language.

Once you've read any or those, you'll want to dig into some real code, so head over to the Python Knowledge Base for tons of real code examples, and Vaults of Parnassus for tons of free third-party modules and libraries.

-M

How about PI to 1 million places? or in a zip. Gotta love Project Gutenburg

How about PI to 1 million places? or in a zip. Gotta love Project Gutenburg

A good point. A fun example I like to use is the fact that nowadays (love that word) people have to study Shakespeare for a while before they get his sex jokes fart jokes and really bad puns. Look at the Sampson and Gregory conversation that kicks off Romeo and Juliet (after the prologue). It's funny as heck, but you really have to know what colliars, a cholers, and a collars are. It's art, but only to those who understand. To everybody else, it's Elizabethan gibberish... or Perl, depending.

--

Doctor Fun 010306

-S

• tn3270-5.2.0-glibc and
• tn3270-1.0.linux.ELF

• tn3270-5.2.0-glibc and
• tn3270-1.0.linux.ELF

I then searched on Google and found at this place:

Happy Birthday to You was copyrighted in 1935 and renewed in 1963.
The song was apparently written in 1893, but first copyrighted in 1935
after a lawsuit (reported in the New York Times of August 15, 1934, p.19
col. 6)
In 1988, Birch Tree Group,
Ltd. sold the rights of the song to Warner Communications (along with all
other assets) for an estimated $25 million (considerably more than a song).
(reported in Time, Jan 2, 1989 v133 n1 p88(1)

So even though I got a couple of the details wrong, the essential background is UNCHANGED. Why is someone making money hand over fist off of the rights to this item when the authors are most certainly dead and in a hole in the ground, and of what possible benefit is this to the original authors, when both patent and copyright are meant to encourage and promote the arts? What are we encouraging and promoting with this charade?

Thank you.

also note this article which discusses happy birthday in your favorite restaurant.

Dr. Fun, Goats, Bob the Angry Flower and Too Much Coffee Man.

In other news, Bowie J. Poag, outspoken and self-appointed nemesis of VA Linux Systems spontaneously combusted immediately following 2.8 minutes of furious masturbation. The masturbation episode has been directly attributed to today's news regarding layoffs at VA Linux Systems.

A good archive on the web is Ibiblio:

"Ibiblio is a diverse and expansive collection of information on the Internet, created and maintained by the public, for the public. It is the ultimate collection of freely available information, the future of Internet librarianship, and a collaboration between the former MetaLab.unc.edu (formerly known as SunSITE.unc.edu) and the Red Hat Center for Development."

Along with a huge Linux FTP archive, it hosts a few hundred 'collections' of information off the web.

Disclaimer: I'm not entirely impartial here because I'm currently moving my website, Astrobiology: The Living Universe, to the Ibiblio servers. At the moment we're still setting it up at its new home (www.ibiblio.org/astrobiology) and implementing a new interface. The working version is at http://library.thinkquest.org/C003763.

A good archive on the web is Ibiblio:

"Ibiblio is a diverse and expansive collection of information on the Internet, created and maintained by the public, for the public. It is the ultimate collection of freely available information, the future of Internet librarianship, and a collaboration between the former MetaLab.unc.edu (formerly known as SunSITE.unc.edu) and the Red Hat Center for Development."

Along with a huge Linux FTP archive, it hosts a few hundred 'collections' of information off the web.

Disclaimer: I'm not entirely impartial here because I'm currently moving my website, Astrobiology: The Living Universe, to the Ibiblio servers. At the moment we're still setting it up at its new home (www.ibiblio.org/astrobiology) and implementing a new interface. The working version is at http://library.thinkquest.org/C003763.

Honestly, do you really think that everyone has 20G+ harddrives? Sorry I think not: I still use my 5 year old laptop regularly which has only 1.3 Gig harddisk.
When I started to play around with Linux (that was on my laptop), I coudn't get any usable install for Linux because SuSE, Redhat and Corel (the CD's I got hand on) filled the disk up so much that there was barely place to install any programs. Guess, what I found a nice sleek distro (150Meg installed, 90Meg iso-download, with KDE) and now this "too old to be used" laptop had a second life as a surfstation that does dual-boot W95-OSR2 and Peanut Linux 8.2 .
Small size and elegance should go and hand in hand.

i can't reply to you (sorry everyone else) since there is no mail link in your message nor is there a url.
but do contact me about the various possibilities. we might be able to help you out is several ways including co-location.

This is one of the things that I feel we should be doing.

Such pictoral messages are unlikely to be very effective, if ever encountered by an alien intelligence; they are too human-centric and require way too many assumptions about visual acuity and pattern recognition and the ability to understand letters. Even people used to some languages on Earth would have great difficulty understand it. What's more, the actual transmission that was actually sent had typos in it! Nice job.

Raw transmissions such as Lincos like languages are largely mathematical, have no required geometrical interpretation to be understood, and are much more straightforward to decipher.

For an example of a Lincos-like language that was easily deciphered by amateurs, see The Contact Project. For an example of what Lincos "looks like" (it is actually a radio transmission, see Excerpts from Lincos. For more information on extraterrestrial intelligence and contact, see my Extraterrestrial intelligence links.

Try the iBiblio archive for the latest Wine source releases. If you really want binary builds, check out WineHQ. They have a page with a list of different packages linked off the main page.
_____

Ashleigh Brilliant is a "professional epigrammatist." He creates and copyrights thousands of short sayings, such as "Fundamentally, there may be no basis for anything." When he finds someone who has "used" one of his epigrams, he contacts them demanding a payment for breach of copyright. Television journalist David Brinkley wrote a book, Everyone is Entitled to My Opinion, the title of which he attributed to a friend of his daughter. Brilliant contacted Brinkley about copyright violation. Random House, Brinkley's publisher, paid Brilliant $1000 without contesting the issue, perhaps because it would have cost more than this to contest it.

A full text of this article, from Wall Street Journal, 27 January 1997, is available here

From it, you will note that "Random House, which published Mr. Brinkley's book, paid him $1,000 for the rights without agreeing to or contesting Mr. Brilliant's claims.

Copyright subsists - exists within, and does not have to be claimed by any author, of an original artistic or literary work. In UK and US code, titles, epithets and bon mots do *not* gain protection as they are not of themselves considered artistic works.

You cannot copyright things as simple as this. But you can, apparently get the occasional (stupid)publisher to pay up to stop you wasting their time.

Personally, I would have contested in court if necessary this man's claims over ownership of title to a book with which he had no connection. (his this sort of claim which might easily be thown out, or at least loose quickly on case law)

Moreover, in the UK there is the concept of a "vexatious claim" in which it can in certain cases become a criminal offence to attempt in bad faith to extract payment not due by means of coercion, including by means of jumped up legal threat. Also in the UK I could apply to the court that any claimant post bond for costs (including mine) in the event he looses and this application usually scares the harassers away :-)

The author of "Information liberation" uses this example as supposedly one of the more egregious happenings in copyright abuse. Awww, come on Mr Brian Martin, it was a simple thing for the publisher to work out that their lawyer's time even in typing a proper response could cost more than the thousand bucks they paid. But I find, from experience, that people who make claims such as Mr Brilliant did do not usually press these in court, as they _know_ how weak they are. I would have acted differently from Random House, especially how you see now how these decisions become grist to the misinformed mill of people working against fair rights in works (Mr Martin)

Try Peanut. 50 megs ready to go with KDE. Very compact and easy to install. Will even go inside top of a Windoze partition. - Computerareevil "I've always found profanity to be refuge of the inarticulate motherfucker." - Lord Byron as paraphrased by ry4an-slashdot@ry4an.org

1. The real PG etext of Alice is available at ibiblio, as well as other places.
2. All PG etexts include an extensive license at the top of the file. This is not the GPL, though it was written at about the same time. It basically says that you can do what you want with the book, but must also provide plain text copies. AND, if you want to use the Project Gutenberg trademark, the whole header needs to stay intact.
3. The "Alice" that Adobe distributes appears to be in violation of the license. However, the book seems to have been produced by a separate party in Chicago. I didn't see other Project Gutenberg books at the Adobe site, but under the license they could use the text (which is public domain) and discard the header/license legitimately.
4. To the guy who offered a Perl script: I don't recall seeing this, and I'm the guy it should have gone to. Contact me if you're still interested.
5. Donations are a very slight problem because we just got a trust foundation started with 501(c)(3) (tax exempt) status in the US. The problem is that not all states are officially tax exempt yet. See the license in one of today's books (like Short Stories by G. de Maupassant) for a list of states and where to donate. (We have a Web form for credit cards that's waiting for all states before going live. Sorry 'bout that).
6. XML for Project Gutenberg: I hope this will be in place by mid-2001. I am working with someone on a DTD, and my goal is to do conversion on the fly from XML to text, HTML & other formats. Ideas? Pls. get in touch.
7. For front-ends: the challenge is the irregular structure of documents (including the ever-changing header & lack of structured metadata). That's the main reason we don't distribute any on the official Web page: none seem to work properly (including header display) for the entire collection. I hope this is a problem that XML will solve.

• Greg

1. The real PG etext of Alice is available at ibiblio, as well as other places.
2. All PG etexts include an extensive license at the top of the file. This is not the GPL, though it was written at about the same time. It basically says that you can do what you want with the book, but must also provide plain text copies. AND, if you want to use the Project Gutenberg trademark, the whole header needs to stay intact.
3. The "Alice" that Adobe distributes appears to be in violation of the license. However, the book seems to have been produced by a separate party in Chicago. I didn't see other Project Gutenberg books at the Adobe site, but under the license they could use the text (which is public domain) and discard the header/license legitimately.
4. To the guy who offered a Perl script: I don't recall seeing this, and I'm the guy it should have gone to. Contact me if you're still interested.
5. Donations are a very slight problem because we just got a trust foundation started with 501(c)(3) (tax exempt) status in the US. The problem is that not all states are officially tax exempt yet. See the license in one of today's books (like Short Stories by G. de Maupassant) for a list of states and where to donate. (We have a Web form for credit cards that's waiting for all states before going live. Sorry 'bout that).
6. XML for Project Gutenberg: I hope this will be in place by mid-2001. I am working with someone on a DTD, and my goal is to do conversion on the fly from XML to text, HTML & other formats. Ideas? Pls. get in touch.
7. For front-ends: the challenge is the irregular structure of documents (including the ever-changing header & lack of structured metadata). That's the main reason we don't distribute any on the official Web page: none seem to work properly (including header display) for the entire collection. I hope this is a problem that XML will solve.

• Greg

It wholly depends on your vision of "Personal", if it is like mine: lightweight, easy to install, handy, complete. On my quest for small GUI-enabled Linux Distro's I stumbeled over Peanut Linux and I think it rocks. Since it is downloadable easily over slow connections it fitted perfectly to my needs. Yes, it comes with sendmail, a websever and a telnetserver, which I immediately kicked out of inetd. The installation is a bit awkward at first but doable if not a complete moron (read: I just a moderate moron).
I think it will be this kind of distributions that have a chance to move towards the desktop.

I don't really know the guy. I talked with him briefly in San Jose this summer. I understand that people think he's arrogant and pretentious. However, don't forget that he's contributed a lot to open source and I seriously doubt linux would be where it is today without him. It would get there eventually, but not today.

NOW, a lot of what ESR said doesn't really make much sense to me, especially in reference to Microsoft, etc. While that comment about them going out of business was one small aspect of the article, ti seems kinda off kilter. First of all, MS has moved far beyond just software. Their OEM partnerships are not what make it a multi-multi billion dollar company. Additionally, MS is one of the largest "service" providers in the tech business (I had to put service in quotes because I don't really see MS software as a service, more like a DIS-service...) I would make the humble prediction that MS is going to move even more to the service side of the industry, with their software as a single component of that. Who would your boss rather buy that email server from, the company that wrote it or some third party Microsoft certified technician? There's huge business in that, and they're already exploiting it.

Something that did kind of annoy me about that article was how the interviewer seemed to pander to ESR. As a journalism student, I've learned not to let the subject take control of the interview. I also know that this is incredibly difficult sometimes, especially dealing with smart people and people who think a lot of themselves, but the whole thing seemed kind of in praise of Raymond and not much else.

- A wm2xmcd utility is now included in the xmcd distribution that converts WorkMan CD database files to xmcd format.

Remember The Hornet Archive? It was a place where module music makers (remember those formats?) could post their music online. There was no profit made for the musicians, but it was a chance to be widely heard for free. Users of the Hornet Archive could either get the music online, or purchase CD-ROMs full of the songs, all without the registration mumbo-jumbo that too many modern sites have.

The closest thing I can think of to the Hornet Archive is Trax in Space. They also are a source of module music. Unfortunately, they have also gone the way of MP3.com and require registration.

We need a site that simply lets users upload and download their music, with a quick check done to make sure the works are original. It's as simple as that.

I would petition ibiblio or a similar site with lots of mirrors to do the task, but such a system with MP3s requires lots of bandwidth. I wish the Internet was back to the good old days again where everyone didn't want to know everything about you.

You can add true-type support to any X installation with xfstt.

"Free your mind and your ass will follow"

Second, I'd like to meet Paula Jones, too. If anyone can get her to join the webcast, please do what you can. BTW I was Paul Jones before she was Paul Jones.

Lastly, please do send me questions. I am not "a commercial figure" and I have been involved with Linux and several Linux projects since we took over the US mirror of Linus' distro from banjo.concert.net in 1992 (as sunsite.unc.edu).

Not a question., I just wanted to say thanks for hosting the funniest cartoon on the net. For anyone who hasn't seen them here's a sample.

We've done something a bit like this. It's based on Tk rather than gtk, but other than that it's more or less what you want: a simple canvas to draw on and a bunch of worksheets for beginners to programming. It was done for LiveWires, a Christian computer camp. You can get our old (1999) stuff here. We did some extra things for the 2000 holiday this summer which we've not released yet. They'll be released under a BSD-ish licence soon: I'm in the middle of writing a mail to our webmaster to get him to put them up. Keep watching the LiveWires site or mail me if you can't wait for us to sort it out.

OK, I tried to resist, but now I just have to respond. If you're sensitive to plugs, stop reading now. ;^) In a rather nifty GTK+ filemanager I happen to know about (avail abl en here, not at the address given in my user block above), selecting all files of a type is as easy as holding down the left alt key while clicking on any file of the desired type. Of course, you can also use the more classic approach of sorting by type and then selecting a sequence of files by clicking the first one, then shift-clicking the last one. Or, you could use the built-in SelectRE command to select using a shell glob pattern or a straight regular expression. OK, and of plug.

I have had the same experience as you when it comes to the reliability of floppies. I.e. I can't use them on the machine in my office and take them home an hour later and expect them to work. Both of my machines have clean drives even (in fact both are relatively new).

When I am working under Linux (and I am), I use a little program called fdecc to improve my odds. It uses the secondary FAT to record error correcting data. On a 1.44M floppy I can have several bad sectors and the disk is still recoverable. This has been a real convenience many, many times.

You really have to check it out for yourself if you use floppies:

http://w ww. ibiblio.org/pub/Linux/utils/disk-management/fdecc- 1.0.tar.gz

err. as the guy who started sunsite^Wmetalab^Wibiblio, I should pipe up. the project which preceded sunsite was an internet bulletin board server called laUNChpad. it was our goal, as it is now, to help make information sharing possible world-wide. Sun was nice enough to help foster that project for a number of years as was Cisco, Real, and others. Red Hat was a sponsor to some extent from early in that company's life. And we will be announcing some other sponsors soon.

UNC has one of the best CS departments in the country, but it is a very research focused department. NCSU, where i went to school in the late 60s, has a different focus for their department of CS which is also a fine program. But the information sharing work is not in CS but at UNC in the School of Journalism and Mass Communication and in the School of Information and Library Science where I hold joint appointments.

The UNC computer support folks, called ATN, run AIX, Solaris, Linux and other OSs as they feel is appropriate.

ibiblio is most certainly a part of UNC

err. as the guy who started sunsite^Wmetalab^Wibiblio, I should pipe up. the project which preceded sunsite was an internet bulletin board server called laUNChpad. it was our goal, as it is now, to help make information sharing possible world-wide. Sun was nice enough to help foster that project for a number of years as was Cisco, Real, and others. Red Hat was a sponsor to some extent from early in that company's life. And we will be announcing some other sponsors soon.

UNC has one of the best CS departments in the country, but it is a very research focused department. NCSU, where i went to school in the late 60s, has a different focus for their department of CS which is also a fine program. But the information sharing work is not in CS but at UNC in the School of Journalism and Mass Communication and in the School of Information and Library Science where I hold joint appointments.

The UNC computer support folks, called ATN, run AIX, Solaris, Linux and other OSs as they feel is appropriate.

ibiblio is most certainly a part of UNC

I doubt very much that biological humans will exist by the end of the century, given that computation capacity is growing at the current pace. We should reach human capacity in a computer in a couple of decades, and it's a short trip from there to everybody being uploaded. See Mind uploading home page

Are any of us going to go out and buy an aircraft carrier? Of course not. So then why post it to Slashdot? Because it's the technology at use and it's application that is of interest.

Also, the fact that a MP3/DVD/CD/Video media server is being mass marketed shows the migration of technologies that was once the sole purvey of the computer savvy into the general arena. As someone once said "I find the most amazing thing about computers is that they are no longer amazing" meaning their commonplace nature is striking given their role only a few years ago.

The techno-eliteism shown on Slashdot is very short-sighted; just because *we* can do better with our own skills does not mean that we should look down our noses at those who cannot. I imagine Seamus Heaney (nobel laureate poet) couldn't configure a Linux box to do this, but this does not reflect ill upon him. The fact that he can now have the same functionality in a device is striking.

So yes, this is news for nerds; we get to see the fruits of our labors shared with the general public. Imitation is the sincerest form of flattery, and that a company has decided to build a public product based on our private hacks should be something to feel good about, not to scoff at.

• X howto -- mentions W
• /. post Turns out "W" was the successor to "V". So, the successor to "X" should by "Y", which makes perfect sense on several levels (unfortunately, there's no letter that's pronounced "please god let it die").
• "Kay" has some W links.
• here is an interesting story about IBM, W, X, CMU and AFS.

I'm currently living in almost this exact setup. There are four of us living in a 4 bedroom apartment (although only 2 of us qualify as geeks) 3 guys and a girl. Beautiful Chapel Hill, NC, home of the TarHeels and iBiblio. CAT5 running throughout the apartment. DSL connection, squid proxy, junkbuster to get rid of ads (sorry slashdot) a central cd-burner and mp3 server so that we get some true file sharing going on. It's a pretty mixed environment--PPC Linux, macOS9, Windows 98, Windows 95, RedHat 6.2. Using NFS, netatalk and SMB, we all talk pretty well together. I'd recommend a dedicated firewall and a dedicated "media" server if you're going to run a similar setup--the one linux firewall box that we have pulls double duty and it hurts.
The important thing to remember is, people gotta get along before you introduce things like dedicated, high speed internet.

Argh.... Please forgive the above premature post. This is my first post to Slashdot; I meant to hit Preview, but missed.

sequence_man, you appear (to my eyes) to be as foolishly idealistic as Schneier now says he was when he wrote Applied Cryptography. Where Schneier was moved by his faith in the theoretical perfection of the mathematics, you seem to be standing on the rock of software engineering. This is indeed a dubious foundation.

I think you have missed the vast bulk of what Schneier was trying to say with Secrets and Lies. You've focused entirely on the idea that 1) because code is very complex and constantly growing morseso, therefore 2) there will always be bugs, and therefore 3) we can't have security. I think Schneier did make a point somewhat like that, but that's really one of his minor points: a bit of shrubbery in the forest you have overlooked.

If I had to summarize the book's main points in one sentence, it would be this: Security in the real world is hard, because it deals with many things, most of them complex, few of them subject to the kinds of precision or rules that you would hope for or expect from things like mathematics or programming languages.

Schneier spends several pages (a good part of one chapter, actually) talking about programming, the size and complexity of programs, bugs, and the resulting security loopholes. But this is hardly his main thrust; he simply uses it to underscore what he repeats and emphasizes all along: security is hard, harder than most people think, and must deal with many things, more than most people have thought about.

Good software engineering can in fact result in more secure software. Principles such as you alluded to (modular design, isolation of security-related functions, etc) are great, and we need more software designers and writers following such principles. Software should be designed with security in mind and written following good security practices. The shameful fact is that very often it is not.

However, even if the world were to wake up tomorrow and begin writing software that properly integrates with system security facilities, checks results for boundary conditions and general sanity, eliminates buffer overruns and race conditions, and the hundred other things you can find in various guides to writing secure code (see David Wheeler's Secure Programming for Linux and Unix HOWTO at http://www.ibiblio.org/pub/Linux/docs/HOWTO/other- formats/html_single/Secure-P rograms-HOWTO.html , the best reference on the subject I've found online so far, in part because of his well-commented list of other sources), that still doesn't buy us any real security. Not by itself, at least.

You see, security isn't about secure software any more than it's about secure cryptographic protocols. It's about those, and more. Security in the real world has to consider the following: physical security of computers; strength of passwords; correct installation of secure software; correct use of secure software and secure systems; correct administration of secure software and secure systems; proper permissions on files; power outages; backups; secure backup storage; bugged phones; bugged offices; bribed secretaries; bribed system administrators; bribed CEOs; people with guns; people with bombs; people with rubber hoses and brass knuckles; people with the key to your server room; users that don't understand security; managers and financial backers that don't understand security; system administrators that don't understand security; and finally (although there are many more things I could include in this list) programmers that don't understand security.

If you think that any of the above aren't really important, and that all we need is good, solid code that comes from good, solid coding practices, then you are thinking of security in a very limited context. This context may apply to your circumstances, but it is much smaller than the real security needs of a great many people.

Granted, most people don't need to worry about everything I mentioned... probably we can knock "men with guns/bombs/rubber hoses" off the list for the majority, right off the bat. But every secure computer system needs to be administered properly or it may well have no security whatsoever. Note that I'm not necessarily saying it needs to be actively administered, in the sense of being constantly monitored by Schneier's new company or some such; simply that a computer system needs to be, at a bare minimum, installed and configured securely at the outset. You may be thinking: "Well, duh, that's such an obvious notion that I didn't mention it." But this is precisely the kind of administration that is so lacking in so many computer systems today. If it's not explicitly considered, it will be overlooked, and if it's overlooked, there will be no security. And it gets overlooked all the time, time and time again, often even when someone does take the time to explicitly consider it.

Proper system administration (or even simply proper system setup) is only one more thing to consider when evaluating or constructing some kind of secure system. And it is only one of the other things that Schneier discusses in the rest of his book.

Schneier discusses and explains much more than poorly written code. He covers pretty much every facet of information security that I've yet encountered, including fundamental concepts like security in depth, risk analysis, threat modeling, and other phrases that Highly Paid Security Consultants like to toss around (but please note that just because the phrases are overused and under-understood by people with too-large hourly rates and too-small reading lists doesn't make the concepts themselves useless). He provides practical insight into things like passwords (what they are good for, what they are not good for, how they can be chosen and stored and used and the limitations of different ways of doing so), cryptographic algorithms (ditto), smart cards (ditto), and various kinds of security software (firewalls, scanners, IDS, and so forth (ditto)). He talks about end-users and how their behavior can compromise security. He talks about similar issues with system administrators, bureaucrats, police, and criminals.

Anyone contemplating buying or reading Secrets and Lies should be aware of a few things. First, it is not a hard-core technical book. There's no code, no algorithms, no configuration step-by-steps... there's not even any math! It's not written for a technical audience. Actually, that's not quite right: it's written to be accessible to a non-technical audience; there's a difference. Speaking as a techie, I eagerly devoured the book and was left quite satisfied. It covers my favorite subject (computer security) broadly and thoroughly even while omitting details that are only of interest to someone doing implementation (writing code, configuring systems, etc). It's a book that you could give to management if they wanted to know more about this "security stuff" you keep going on about. If they weren't inclined to read it, reading it yourself would make a good preparation for giving a presentation to management. While non-technical, it is not dumbed down in any respect.

Second, if (like me) you've read almost everything Schneier has written on his website, or have been working in or studying computer security for a couple of years, you won't really learn anything from reading the book. There's nothing ground-breaking, nothing revolutionary. But it is an excellent compliation and presentation of the things we all know, or should know. It may help you gain some focus on your current security problems, or put a large security project in perspective, or inspire you to do something specific you weren't considering before. If nothing else, Schneier's writing style is enough to make the book an entertaining read.

Third, you might get the impression that Schneier is writing this book simply to get customers for his new security monitoring business. I'm going to suggest that both his book and his business spring from the same source: his interest, research, and work in the field of both cryptography and, more and more as time has passed, security in general. Schneier is certainly qualified to write a book like this, and the book stands on its own as both informative and (for us computer security wonks) entertaining. If you are concerned that the book is nothing more than a protracted pitch for his new company, simply tear out the last few pages of the last chapter of the book, as that is the only place he mentions it.

You might legitimately be worried that with his new business, Schneier has an interest in overstating the security risks of computer systems. That may be so. But I don't believe that any of the risks he discusses are overstated in the least. In fact, several times he talks about the importance of not overstating security risks. Proper security stances, he argues (and I agree), result from understanding what threats you are actually facing, the importance of what you are protecting, the expense (in time, effort, and money) you are willing to incurr in protecting it, and the loss you are willing to take in failing to protect it. Schneier is firmly on the side of reason, not hysteria, and makes that clear many times throughout the book.

If you are interested in learning more about computer security, I would wholeheartedly recommend Secrets and Lies for foundation and philosophy, along with Practical Unix and Internet Security by Garfinkle and Spafford for practical advice and instructions. But I would urge you to read more than just the chapter about programs and bugs in code, lest you end up thinking, like sequence_man, that "security is a solvable software engineering problem". If you truly believe that, you will end up writing code in isolation with no consideration of other aspects of security. You will write code that has no practical use and makes no meaningful contribution to security in the real world.

Eddie Maise

I'd check out the Linux Software Maps, hosted at metalab (now ibiblio). Mor interesting is probably the Dublin Core Project. Although It's not set up specifically for software, it's extinsible. You could create an XML DTD (which many have suggested) using the Dublin Core standard for sucha purpose.

links:
iBiblio Linux archives
Dublin Core homepage

Anyone but me notice that the FAQ page bears the title:

'The Official MetaLab FAQ'

:)

Can you show us the link to the webpage you refer to, please? The ibiblio FAQ I find on their site contains neither the word "Christian" nor the word "morals".