Slashdot Mirror

"As soon as a patch is released (day 1) neither the exploit nor the vulnerability are "zero-day" anymore."

That's neither common sense nor INFOSEC slang. Try that:
"As soon as a *day* has passed (day 1) neither the exploit nor the vulnerability are "zero-day" anymore."

*That* is common sense.

And regarding InfoSec, as old as 2003 you will find definitions like this*1:

"FYI, I define zero-day exploits as exploits that were used to actually
compromise a system ("in the wild") before the vulnerability was known
to exist by most security professionals (not published on public
security mailing lists - CERT, Bugtraq, Full Disclosure, Vendors,
etc.)."

See? No reference about patching and, by inference, once the vulnerability is "published on public
security mailing lists - CERT, Bugtraq, Full Disclosure, Vendors, etc.", once the vulnerability is publicly known, in other words, it can't be a zero-day exploit (it's day zero anymore!).

Of course, software vendors try to stretch the definition to their convenience: "everybody knows" that's impossible to cover from a zero-day exploit directly at the application level so if an attact is the result of a "zero-day exploit" instead of "a bug that went unpatched for weeks" they appear as less guilty.

As I already said, PR in action.

*1 http://www.mail-archive.com/isn%40attrition.org/msg02376.html

I sync my mail (~ 2GB) from the server (courier) to my laptop with offlineimap. A number of years ago I used mairix and later nmzmail to index and search the Maildirs, but then I settled on mu. I find mu to be very fast, both when indexing and when searching.

Also, with mu I can integrate Emacs, org-mode, remember and mutt, which is the perfect combination for my needs. I use org-mode as a GTD-like task manager, and from within mutt I can create a new entry in my org file with a reference to the message in the Maildir.

It's actually closer than it looks like from their website, per some recent activity on the mailing list:

http://www.mail-archive.com/linux-btrfs@vger.kernel.org/msg05749.html

      While Btrfs is stable on a stable machine, it is currently possible
      to corrupt a filesystem irrecoverably if your machine crashes or
      loses power. This will be fixed when the fsck tool is ready.

And
http://www.mail-archive.com/linux-btrfs@vger.kernel.org/msg05882.html

      We're still actively developing (btrfsck). I don't have a release date planned
      yet but we should have betas coming out over the next few months.

Note both threads are from the last two weeks. Things are still happening rapidly; just not, for whatever reason, on the project web site.

It's actually closer than it looks like from their website, per some recent activity on the mailing list:

http://www.mail-archive.com/linux-btrfs@vger.kernel.org/msg05749.html

      While Btrfs is stable on a stable machine, it is currently possible
      to corrupt a filesystem irrecoverably if your machine crashes or
      loses power. This will be fixed when the fsck tool is ready.

And
http://www.mail-archive.com/linux-btrfs@vger.kernel.org/msg05882.html

      We're still actively developing (btrfsck). I don't have a release date planned
      yet but we should have betas coming out over the next few months.

Note both threads are from the last two weeks. Things are still happening rapidly; just not, for whatever reason, on the project web site.

ZFS is used in production on FreeBSD by some people and I generally like the ZFS features, but I don't view ZFS as really production ready on any OS.

This is because ZFS on any OS does sometimes lose all access to the zpool (i.e. you lose the entire set of RAID volumes and filesystems on them, all at once) due to ZFS bugs, and there is no fsck. I can't think of another filesystem where you can (a) lose all access to your files and (b) there is no fsck. Same goes for RAID - even if you use RAID-1 with ZFS you can still lose your entire zpool due to a ZFS bug.

Given that the "no data loss by design" (can't find the reference for this, perhaps Sun/Oracle has stopped saying this) hasn't really worked out for ZFS on Solaris or FreeBSD, there is still a need to have a complete backup of any ZFS zpool (as with any other RAID / filesystem). The checksumming, COW, snapshots, and self-healing data (for RAID) are very nice, but losing your whole pool due to a ZFS bug means it isn't really a high availability solution. On the plus side, it does make it very easy to snapshot in order to take a backup, and makes incremental backups easy with zfs send.

Here are a few samples of complete zpool loss:

http://opensolaris.org/jive/thread.jspa?threadID=132089&tstart=120

http://superuser.com/posts/130822/revisions - FreeBSD

http://www.mail-archive.com/zfs-discuss@opensolaris.org/msg39578.html

My point is not that ZFS is a bad idea, but it really needs an fsck (see http://www.osnews.com/story/22423/Should_ZFS_Have_a_fsck_Tool_ ) and anyone using ZFS must have full backups onto another server of the whole zpool, perhaps into a non-ZFS filesystem to avoid software bugs that hit both the main and backup zpool. The need for backups isn't unique to ZFS but I haven't seen other filesystems/RAID implementations promising "no data loss by design"

http://breden.org.uk/2009/05/01/home-fileserver-a-year-in-zfs/ has some good info on using ZFS for a home NAS, with a separate backup server also using ZFS.

btrfs isn't mature yet, but its designer has said he will always make fsck a priority over new features: http://lkml.indiana.edu/hypermail/linux/kernel/0706.2/1284.html

Let's just say it, the war would be a cakewalk and the invading American army will be hailed as liberators! We'll be showered with rose-petals and sweets.

However, for an alternate point of view (in the interest of fairness to obviously uninformed peaceniks....)

Super War Preview

"Everybody's asking me what'll happen if we attack Iran. To get a quick
preview, just do what this guy in my eighth-grade class did: put a
firecracker in your mouth, hold it between your front teeth, and light the
fuse."

As a FOSS geek I'm not interested in apple and have identified a bunch of really nice looking alternatives to the iPad. It's just a shame none of them seem to quite make it to market!

Eh, there were several `iPad alternatives' on the market before the iPad even existed.

Archos was selling their Android tablets 7 months before the iPad, and Archos first published an `actual Linux' firmware (using OpenEmbedded) and started contributing to upstream some 4 months before the iPad hit the market.

AlwaysInnovating started selling Touchbook beta units a month before Archos introduced their tablets--8 months before the iPad came to market.

And there were/are numerous others, too. I'm not sure whether it makes sense to compare the Nokia N-series tablets, since they're smaller, but they've been on the market for *years*, and they're not the end of the list.

Of course, that's not even counting the `iPad alternatives' that came to market *after* the iPad.

I'm having trouble understanding your "shame none of them seem to quite make it to market" comment--and even more trouble making sense out of others' comments to the effect of `if only there were any other tablet computers other than the iPad'....

It looks like they were working on GCJ support a long time ago. This mailing list post from 2005 says it was working with some minor issues. I would suspect the current version would also compile under GCJ... if it doesn't, submit a bug report. I agree that relying on the Java runtime complicates installation and might make it slower (it certainly means that the start time is slower, but i2p is intended to be a long-running application and JITs sometimes do better with those overall).

Yes it's btree based. The special cleanup process is due to HammerFS's automatic snapshots. The fs takes a snapshot every 30 seconds, so a periodic reblocking is needed. The reblocking is trivial to implement and not much overhead either. Because of the way HammerFS is designed, it's left to the administrator of the FS to decide on the details. Reblocking is also for other things. HammerFS is also able to stream to slave computer which rocks. On the todo list is multi-master.

http://www.mail-archive.com/kernel@crater.dragonflybsd.org/msg04235.html

FFS/UFS2 snapshots are extremely similar to WAFL and ZFS, they are all copy-on-write block pointer implementations. To be clear though as it was pointed out earlier to me, NetApp implemented snapshot before FFS did.

Sure, but approval voting is poorly suited for use in multiple seat elections.

The single seat version still encourages a two party system. (Although much less strongly than FPTP since it does show if a third party candidate had any significant support, while FPTP makes the third party candidate appear to have less support than they really do.)

However it has some issues. For example, it is possible if all voters vote honestly for the candidate who is the absolute last choice of a majority of the voters to still win the election. James Green-Armytage shows how this is possible.

Range reduces to Approval, since you want to give every candidate either maximum if you support him or minimum if you don't so your chance of affecting the outcome is as great as possible. Approval, in turn, requires polling and strategy so you can know where to put the cutoff.

Say the three candidate for President is Bush, Gore, and Nader. You like Nader but don't want Bush. If Nader has negligible support, you would vote for Gore and Nader, so that your vote still helps Gore keep Bush away. However, if Nader has substantial support, any vote for both will help Gore win at the expense of Nader, so you might want to reconsider and put the cutoff after Nader rather than after Gore.

I can see no reason why we should burden voters with having to vote tactically in such a manner. If you absolutely have to have Range or Approval, make a computer find out the poll and vote tactically according to the voter's sincere wishes given on a ranked (or rated) ballot. This idea is called Declared Strategy Voting. Warren himself claims that his DSV version of Range does better than Range.

Furthermore, while IRV behaves badly here, that's just a blemish (among a million others) on IRV, not on ranked voting as a whole. Condorcet methods would do the right thing: if 50% rank A above B above C and 50% rank C above B above A, then B beats A, then B ties both A and C one-on-one. A single voter preferring the broad support candidate B, would then be enough to make B win against both A and C, and so be the victor.

Aircraft headsets have separate mic and headset connectors and seem to require power from the aircraft intercom system. They do not work standalone as far as I know. I am a pilot and own three different headsets. I would love to be able to use one in the datacenter. I have asked this very question on the lopsa mailing list here:

http://www.mail-archive.com/tech@lopsa.org/msg01673.html

And we never came up with a decent answer. This was also asked on the kernel-panic mailing list and we found nothing through that discussion either.

You are implicitly assuming that the wear leveling algorithm spans the whole device.

That is - a write to block 407 will have the wear evenly distributed.

There are several issues here.

Firstly - eraseblocks are typically around 150K or so.

Secondly - http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg170028.html - many flash devices may wear level only on 'zones'. So a write to block 407 may only wear level across .5% of the device.

Doing the wear leveling this way drastically reduces the amount of CPU and other data storage you need to keep track of where the blocks are.

The OLPC project http://wiki.laptop.org/go/NAND_Testing#SD_Cards - did some interesting tests, writing and rewriting two 20M files.
This failed in one SD of 6 tested, at 16terabytes written.

The wear leveling algorithms of 99.9% of flash devices are not public. You don't know what the wear leveling span was in the above test. It may reasonably have been a thousand eraseblocks - 130M or so.
This will mean that the actual writes per block were on the order of 12 million.
This is not a completely surprising number to me for the ~5% of the spare blocks in the wear leveling block to have been used.

Unfortunately, the secrecy means that the chip you order next week may perform differently.

Wait for GNOME 3. Although you won't be able to use GNOME 3 + compiz anytime soon, there are many preview videos of the new GNOME that I find really interesting. (The second one is annotated in some slavic language but it shows many aspects of the menu and other interfaces)

Run into a problem already, the GlassFish admin console in NetBeans 6.8... does not work with OpenJDK.
http://www.mail-archive.com/openjdk@lists.launchpad.net/msg03437.html

Tom...

After many years[1] there finally seems to be some signs of progress being made on features that will help websites make things safer for their users:

http://www.infoq.com/news/2010/01/HTML-5-Sandbox-IFrame
http://people.mozilla.org/~bsterne/content-security-policy/

[1] I actually tried to get people to do something about a similar problem 8 years ago:

http://lists.w3.org/Archives/Public/www-html/2002May/0021.html
http://www.mail-archive.com/mozilla-security@mozilla.org/msg01448.html

For years the browser and W3 have been focusing on adding "gas pedals", and their idea of brakes was "just make sure none of the hundreds of gas pedals we created are pressed", which is a bit trickier in the real world.

If they had added working "brake pedals" back then, stuff like the MySpace worm might not have happened. And ads and other 3rd party content might be more easily secured.

Um. Then get something like RHEL and be done with it. They specialize in keeping everything as stable as possible (and yes you pay for it.) It sounds like you are using the wrong product for your needs.

- automatic save and restore of multi-workspace sessions

Works for me in Lucid, and I think it's for the first time that it also works for Firefox.

- handy window operations like maximize-vertically and maximize-horizontally

Middleclick or rightclick the maximize button, and IIRC it's been like this for a long time (I use Compiz though, so YMMV)

- easy to change settings like which app to handle movies, etc.

I don't know what's your problem there, rightclick file -> Properties -> Open With works fine for me, and for disk media it's even simple because it asks on insertion, else go to Edit -> Preferences -> Media in a file manager window in Ubuntu; IIRC stock Gnome has a settings entry in the desktop-wide menu System -> Preferences, too.

I remember when clicking on a menu button gave an instant response,
not a several second delay for the first time in a session.

I don't try to be an ass, but works for me, I think. At least I never noticed anything annoying. And I think that your nostalgia clouds your judgement, because on the topic of delays, I remember that opening the application menu in earlier Gnome 1.x took several seconds for the first time in a session due to scanning for menu icons. And I'm sure about this because I was the one who filed the bug. It's almost instantaneous now.

I don't know about your mh trouble, but there are at least two workarounds that took 1 sec to google: http://www.mail-archive.com/evolution@lists.ximian.com/msg13503.html
Anyway, I think it's a bit unreasonable that all apps will forever support data formats for edge cases just because you are too lazy to convert them. And if you find that evo is missing features that you need, well, what about using a mail client that fits your requirements?

Umm. What is so great about a very large smart phone that can not make a phone call?

Um, because it isn't a very large smart phone? For example, can you run something as sophisticated as Keynote, Pages, or Numbers on any phone, large or small?

I believe that I covered that fact that the Lady looks good and dresses well. That I believe is what all the fanboys are paying for. Right?

So, every single person who purchases an iPad is a "fanboy"? I think you need to up your meds.

You already know Apple is all about the looks and the UI. They do not innovate. They build what has been built before, dumb it down so the stupid can be as useful as the capable then put forth the greatest marketing machine ever built to sell it.

Really? I guess there was no innovation in this, or this, or this, or this, or this. Why are there no examples of those hardware and software products PRIOR to Apple releasing them?. And why oh why do they keep winning industry awards year after year?

Are all those people fanboys, too?

Have fun fuming over this post and try not to spit out your "Half-Caf, No Foam, Soy Latte".

Sorry to disappoint you; but I'm strictly a Folgers/Walmart Half&Half/Splenda (I'm diabetic) sorta guy. Only been in a Starbucks once in my entire life. Don't even get the fake cappuccino at the fast food joints.

Not really. It's been possible to get them throughout this time, up until about mid last month. See:

• [pca] No more free patches, Martin Paul, 12 Feb 2010
• PCA web site news item - 2010/02/24

I agree, Scala is a great step forward, as are many other JVM languages, Jython, JRuby, Kawa, Clojure, and so on...
http://www.is-research.de/info/vmlanguages/
http://en.wikipedia.org/wiki/List_of_JVM_languages
It's too bad Sun did not focus on making a universal VM from the start... Or that the Smalltalk people did not embrace other languages...

More more comments by me on that general issue:
"[Edu-sig] Freedom: some Smalltalk history and Python implications"
http://www.mail-archive.com/edu-sig@python.org/msg02717.html

And that references my post from 12/28/96 (I'll put here since it is only at archive.org probably):
"Squeak and the Babel of programming languages"
http://web.archive.org/web/19980121002624/http://www.create.ucsb.edu/squeak/9612.html#Letter94
"""
Date: 96 Dec 27 8:13:49 pm
From: Paul Fernhout [old email snipped]
To: squeak@create.ucsb.edu
Subject: Squeak and the Babel of programming languages

Here are some things that could be done with Squeak. Will I do any of them myself? I don't know. At this point, I'm still figuring out what use I want to make of Squeak, and more generally, what Squeak could be all about.

* The main idea

In general, I'd say the world has too many programming languages (and development systems) and too few standard comprehensive libraries (along with their accompanying architectures and program interfaces). So how can Squeak fit into this Babel of programming languages?

* Squeak as a repository of algorithms

One thing I'd like to see in Squeak is a complete set of algorithms and patterns drawn from the published literature. That would possibly encourage Squeak's use in programming education, in rapid prototyping, and as a repository of programming knowledge. Even if people didn't deliver in Squeak, they could begin to rely on it as a source of inspiration and algorithm templates.

* Squeak as the interpreter of choice

The world also has too few tools (like LEX & YACC) for supporting developing application specific languages. I=92d also like to see Squeak with good tools for parsing, interpreting, compiling, and translating - like a TGEN port. If Squeak had such tools, one could consider doing the following.

* Squeak emulating & being emulated in other languages

Squeak is one of only a very few well done, reasonably stable, and completely open development environments in a language that appears to have a strong future (maybe it is the only one?). The fact that Squeak is implemented in Smalltalk is important, because Smalltalk is a self-reflective system. However, this does not mean the Squeak tools (debugger, inspector, class browser) might not be useful for developing in other languages (NewtonScript, Lisp, Basic, C++, Forth, Python, Object Cobol) since languages are something other than their most efficient implementation.

Two Smalltalk companies have moved a bit in this direction. OTI has a product that lets one use their ENVY tools to browse, modify, and recompile C++. ParcPlace has a language parser in its advanced tools kit that lets you create classes which have their methods parsed in another language you define using a simple language specification grammar.

The other side of this language coin is that Squeak has an open VM that does not have to be tied to C. It could theoretically generate a VM in Lisp, Delphi, Forth, NewtonScript, or Assembler.

C is a very common language. So having Squeak make C development easier through browsers, as well as allowing methods with embedded C (like SmalltalkX) is one place to start.

Ideally, one could imagine Sque

See http://www.mail-archive.com/gnupg-users@gnupg.org/msg10827.html.

The original paperkey software takes out the redundant key material for a smaller amount of data. You can restore the original key by combining the output with the public key.

To encode:

gpg --export-secret-key (thekey) | paperkey --output-type raw | dmtxwrite -e8 -f pdf > my_pdf_file.pdf

You can pass pdf, eps, svg, etc, to the -f option. Use 'dmtxwrite -l' to get a list of all supported image formats.

To decode:

dmtxread -N1 my_pdf_file.pdf | paperkey --pubring ~/.gnupg/pubring.gpg > my_new_secret_key.gpg

But keep in mind that FreeBSD is a slowest OS. And probably the most conservative and really old at ecosystem. And also has completely f*cked up release time schedule (even Warner Losh himself agreed on that). As well as quality is quite shitty for other things than just a network router. And threads there are mostly crap.

I'm not sure how relevant that Phoronix comparison is because the filesystem used was UFS, not ZFS. However, unless we are talking about Gcrypt (which I have never used), the slow performance of FreeBSD is acceptable for my purposes. For my purposes, data integrity trumps speed. If I were the type to prioritize raw speed over correctness I would have flunked out of engineering school through not double checking my figures, chosen MySQL over PostgreSQL, etc. Conservative for an ecosystem is good too. Maybe old goes along with that, though for example PostgreSQL has 8.4 in ports from what I understand, which is recent. Maybe the release schedule will bug me, maybe not. Release schedule? It's not something that really worries me, as long as the operating system does what I want and the ports (or repos, or whatever) are comprehensive and up to date. What exact quality is bad about FreeBSD? To me, that sounds like FUD. ;)

OpenSolaris has *valid* open source license, so your statement "I want fully free and opensource, hence FreeBSD" -- is sounds more like a FUD. :-)

Maybe you are right. Other people from Sun have said that, and maybe it is valid (maybe the FSF is the source of the FUD, though I trust them well enough, anecdotes from Theo about RMS holding up an airplane notwithstanding). e.g. http://www.mail-archive.com/opensolaris-discuss@opensolaris.org/msg13877.html I would like to see what direction Larry Ellison takes things before extending full trust to Oracle and what Sun is now that Oracle holds the whip hand.

At the same time, since something like ZFS is so groundbreaking, I would like to support the creation of it financially once whatever I do with it has some financial returns. It seems wrong that Sun develop something like ZFS, release it FOSS, and not benefit financially when there were certainly costs involved.

Well if API compatibility is all it takes, then I can say *any* piece of GPL code is an API, therefore I can re-use it as a library. That's a very, very slippery slope. The only piece that makes it strange is that the GPL has specific and explicit exceptions for OS and system libraries, which Linux obviously is the OS, so it is not extremely clear to me how that would apply. However, you can see the same type of care is taken by the FSF with respect to various supporting libraries they ship with GCC, you'll find that the libgcc_s.so.1 library that is linked via GCC are "GPL + exceptions". See this e-mail about the topic, that includes the special exception.

If it is the API nature of the Linux kernel that makes it okay to link with the kernel and not be GPL'ed, that's very, very bad. All I'd have to do is make an API out of any old GPL'ed software I feel like, and then I would appear to be free of any GPL terms. I believe that to be wrong. If it is the fact that it's an Operating System, that's just a flaw in the wording of the license that for the most part doesn't hurt anything. If it is because there's an explicit exception, that's a very good thing.

Kirby

column-mode editing

OK, I didn't know what that was called, but it's pretty damn awesome.

vim can do that with visual block mode (^V), though it doesn't quite work the same way (you can't create a zero-width column, but you can Insert text at the left edge of all rows of a block

You're misunderstanding the point of Planet Gnome. It's not for distributing information about GNOME, as David Schlesinger points out in the discussion, Planet Gnome is "for getting a window into the lives of other folks in the community, just as it says, and many of those lives involve working with both free and proprietary software." If you don't want to read about what former GNOME devs bought at the grocery store, you shouldn't be reading Planet Gnome.

Philip Van Hoof
Fri, 11 Dec 2009 08:21:53 -0800

On Fri, 2009-12-11 at 10:12 -0500, Richard Stallman wrote:

> But GNOME is part of the GNU Project, and it ought to support the free
> software movement. The most minimal support for the free software movement
> is to refrain from going directly against it; that is, to avoid presenting
> proprietary software as legitimate.

I understand your position. I think you might not understand the
position of a lot of GNOME foundation members and contributors.

Their position isn't necessarily compatible with your position that
GNOME should "avoid presenting proprietary software as legitimate".

The way I see it is that most members want GNOME to stay out of that
philosophic discussion. Although GNOME usually advises to "work
upstream" and to "do things opensource when possible, as much as
possible". This is just a personal point of view, of course.

You, as one of the key FSF people, appear to be keen[1] on enforcing a
strict policy on how GNU's member-projects should behave. So ...

I propose to have a vote on GNOME's membership to the GNU project.

> I think Planet GNOME should have a rule to this effect.

I think it's clear that I disagree. Philosophically.

> There are many ways to implement such a rule, of which "block the
> whole blog" is about the toughest one we might consider. I'd suggest
> rather to try a mild approach; I'm sure that can do the job.

Let's first get a consensus from our members on GNOME's status as being
or not being a well-behaving GNU project, or having its own identity.

Original thread, alternative link: http://www.mail-archive.com/foundation-list@gnome.org/msg04068.html

And that's why it needs a recent bugfix to stop it from crashing and corrupting filesystems on fragmented files?

That's not an exception to the rule. NTFS-3G doesn't have a comparable track record to Linux ext3 and Windows native NTFS implementations.

I disagree.

*BSD is so much behind the current state, that it's almost useless as a modern desktop system. No inotify support in the kernel, etc.

I think *BSD doesn't have any developers left which can rewrite the kernel to support a modern desktop environment. Bugs like http://www.mail-archive.com/freebsd-net@freebsd.org/msg28806.html don't get fixed for more than three years, even though this ack delay can be fixed easily (see John Nagle's comment here on slashdot: http://developers.slashdot.org/comments.pl?sid=174457&cid=14515105).

The BSD licence is the root of this problem. Look at how much code RedHat, Oracle, etc *must* contribute to linux and compare that with the code contributed to *BSD (by Apple for example)

NoNPlusKPatterns... Seems that they're finally banned.

http://www.mail-archive.com/haskell@haskell.org/msg01261.html

It doesn't necessarily, mean that the packages are unstable, but they are "virtually untested" (quote) when they are first uploaded, so the probability of having bugs is much higher. Stuff like this can happen...

It's modern-day McCarthyism, it's just that no one senator has stepped up to bat and get his name attached to this whole racket.

Senator Ted Kennedy did end up on the DHS list of known terrorists.

Yep.

two Jordanians were evacuated home with injured penises after attempting sexual intercourse with goats.

"Yay! I think people were beginning to dislike me a little when I'd ask them to convert and resend an attachment that I couldn't open. Looks like I'll have to hunt around for some other subtle way to annoy my co-workers :)"

Why not point them to where they can download Open Office?

'Import of password protected Microsoft Office XML documents has been implemented in CWS dr72'

I'm also slightly disturbed by his attitude to other operating systems than just Linux. For example, this post on the OpenSolaris mailing list.

Comments such as the following:

Then, "Unix Admin" asked mumbled something about whether we might want to install Solaris on my machines. Thanks, but no thanks. I already got a good operating system, which is called "Fedora", and its audio system is what I am payed to work on by Red Hat.

As mentioned above, we have been adopted by all relevant Linux distributions. There's not much left we could win in Free Software land, except maybe that little OS that starts with "Slow" and ends with "aris". ;-)

appear somewhat unprofessional for someone who is being paid for the development he is doing, and for someone on whom the future of Unix/Linux audio has been entrusted.

Weeelll... you can't just nuke it and install anything yet. I tried to install only Linux on the Macbook I have only to find it uses EFI only, so until grub2 makes it into distros and it fully supports the Macbook EFI, you're stuck with having OS X around just to setup bootcamp (and emulate the regular BIOS, I guess)

I have read they don't have all the bugs nailed out in grub2/EFI/Macbooks yet, and this post: http://www.mail-archive.com/grub-devel@gnu.org/msg12901.html looks like it agrees with what I read. His test was done September 22nd...

That's been my experience, anyway. YMMV

No idea, but here's a couple I found after a quick google:

http://lists.freebsd.org/pipermail/freebsd-i386/2007-March/005177.html

http://www.mail-archive.com/freebsd-questions@freebsd.org/msg95551.html

I didn't look closely, so might be worthless. Good luck.

- T

Maybe that's a more sensible proposal.

But what's not so sensible is it's taken about 7 years since I tried to get people to do something about it:

http://markmail.org/message/pgcka6wlxgbfyep7
http://www.mail-archive.com/mozilla-security@mozilla.org/msg01448.html

That's a pretty long time. Oh well, maybe we'll see a brake pedal eventually. Like I said, I don't care how it looks as long as it works and is easy to use.

Heh at least I'm not a patent troll. In my experience ideas are easy - getting stuff implemented is the hard part. I'm happy if people just improved stuff faster.

p.s. Maybe it'll be another 7 years before someone actually implements something like this: https://bugs.launchpad.net/ubuntu/+bug/156693
Too bad after all the years and alleged billions all we got was UAC from Microsoft, and maybe a few sandboxed browsers.

What program/suite was it? In all seriousness, I get the impression that you're talking about Cyrus software, quite possibly SASL/SASL2 (of which the design flaws trickle down into the rest of their software, e.g. imap, etc.). Ever looked through it? Nothing but hack after hack. Yet there's no alternative in the open source world for providing SMTP authentication as a client (in English: your SMTP server needs to speak SMTP AUTH to a remote SMTP server). postfix, sendmail, qmail, and exim all *require* Cyrus SASL. I repeat: there is no alternative.

Otherwise, my second guess would be Busybox -- another pile of open source crap. The bug count is in the thousands, and the code is barely commented and consists of questionable design every step of the way... yet it's being used in embedded commercial products all over the world (Linksys/Cisco and even some commercial load balancer products use it). To date, their most famous and detrimental bug is not calling close(2) on file descriptors in their DHCP client. Since the client runs as a daemon, it doesn't take long for the system to run out of fds. "Oops" doesn't cut it.

Well, yes there is: http://www.mail-archive.com/meteorite-list@meteoritecentral.com/msg77530.html So, a meteorite, or if you read the BBC papers, a "space rock." Let's at least pretend we care about the news, not being our usual, fitful selves.

I would love to see somebody tell me what's wrong with X without referencing the UNIX Haters Handbook or anything else more than ten years old.

Well, how about my experience as of a few weeks ago.

After playing Warcraft II via DOSBOX for with the kids for many months, I thought it'd sure be nice if there were a similar game I could find, something that would run in a resolution greater than 640x480 and which had a map editor that would run in Linux. (Warcraft II's editor fails to work correctly in Wine.)

So I had a look around Gentoo's Portage directories, to see what games were available. The first few I tried were masked, and so I didn't try them, since it's been my experience that if there isn't an unmasked version, then it's totally disfunctional. Eventually I had to write a Perl script to look through all of the ebuilds and list the ones which weren't masked, since they were so few and far between.

The first game I tried worked for a little while, until it crashed X11, requiring me to reboot my computer.

The second game I tried worked for a little while, until it crashed X11, requiring me to reboot my computer.

The third game I tried worked for a little while, until it crashed X11, requiting me to reboot my computer.

At that point, I decided to just stick with DOSBOX. It's crazy that Linux's best graphics API is DOSBOX.

...but really, that almost isn't X11's fault. If I'm allowed to reference something from years and years ago, I'll reference myself trying to explain to the people of the Open Graphics Project exactly why they're wasting their time: http://www.mail-archive.com/open-graphics@duskglow.com/msg05679.html

Thankfully Linux is moving in the right direction, as some of the problems I point out in that post are slowly being eliminated, for example, video mode setting is being moved into the kernel, allowing X11 to avoid direct hardware access.

However, there's a lot in there that I'd be surprised to see in less than ten years, for example, a stable and well documented kernel ABI for video drivers. I can hear people now saying "but our constant insistace that everything be open source resulted in so-and-so open-sourcing their video drivers recently!" Yes, but just how many fucking years did we have to wait for that to happen, and just how many more are we willing to fuck ourselves over waiting for all of the other video manufacturers to play our game? Wouldn't it be nice to just make shit work for once? ...but I guess the Linux slogan is "One of these days it'll be awesome!"

I did some digging around and found an e-mail to a google group from a guy settings up RockMelts site:
http://www.mail-archive.com/scalr-discuss@googlegroups.com/msg02866.html
The same guy asked questions on the Chromium mailing list, "helping a co-worker get the chromium src".
http://groups.google.com/group/chromium-dev/browse_thread/thread/105e19e8d4f6c650?pli=1
Probably nothing, but could be something...

Oh no! People are being CRITICIZED!
...
That doesn't change the fact that their choice in this case is foolish

Responses of the form: "Duh, your stuuupid!" might technically be "criticism", but that doesn't go very far here, at least not for readers for which content actually matters.

Hint: You've yet to make any rational argument for why they're being "foolish", especially since you already admit:

software authors DO have the LEGAL right to decide what license to release their code under

This is especially weird here, as the software is an implementation of (AFAIK) an open specification, and can be reimplemented by anyone else if they want it under a different license. Can't stand GCC because of its license? No problem, use another C compiler.

So, don't like the license? Fine, then attack that, but just calling its users "foolish" only makes you sound like a troll. Or was that what you intended all along?

Its also a little amusing, given that the people you are calling "foolish" are actually employees of Oracle, IBM, Hitachi, and the usual Linux suspects, e.g. RedHat, SUSE, et. al. Best of all, the originators of BTRFS are the people that now significantly control ZFS's destiny, e.g. Oracle, and they were the ones who gave it the GPL license. Do you really want to continue calling the new masters of ZFS/Solaris/OpenSolaris "foolish"?

Maybe whats really got you irked is that the audience for BTRFS (the Linux ecosystem) will be more than large enough to ensure its long term success, whereas ZFS's future depends a lot on whether Oracle chooses to continue it into the long term. Its not clear yet what they're going to do with ZFS, but the Oracle dev who created BTRFS, Chris Mason (who BTW, was one of the ZFS devs too), and who is still leading its development (along with the others mentioned above) told its dev ml recently that everything was still a go with BTRFS as far as Oracle was concerned. So do you *still* want to continue calling Oracle "foolish"? :)

Does this make it even worse?

Whether it does or not, I think it's still a fun read. "Double-plus-ungood" indeed :)

Allow me, if I may, to open the can of worms here.

Why is it that in 2009 we can't get a filesystem that allows easy undeletion? It all happened to us one time or another: You typed that 'rm' command you shouldn't have, and now your work of the past few hours is gone. If only there was a simple way to undelete those few recent removed files...
We all know that the data is not zeroed on deletion, so why can't we have a File System that (preferably after fs umount) can scan the blocks and retrieve any file whose data blocks have not been overwritten yet, even if it takes a lengthy whole disk surface scan.
Hell, in 1989, I could do just what I described above very easily on the Amiga (granted, it was floppy based, but still...), and I never lost a single file apart from disk errors. I can even do that fairly easily with external tools on NTFS. So Why are all the UNIX filesystems I know (and btrfs is apparently not going to be an exception) such a pain in the butt for undeletion?

Chris Mason said that this should be the last unmaintained binary format change http://www.mail-archive.com/linux-btrfs@vger.kernel.org/msg02502.html

From what I've heard EVERYTHING is a bit slow and buggy on Fedora these days. *duck*

You'd be surprisingly glad with more testing, and less listening. As a side note, there was recently an interesting FESCo meeting in which, among other things, they decided whether to make gnome the default desktop live spin, or if the choice had to be left to the "ignorant masses". Obviously, the decision degenerated in the following fedora-devel-list thread, in which the never ending flamewar we are reading about here returns, in yet another flavour

This BTW reminds me of this comment from the Old New Thing: http://blogs.msdn.com/oldnewthing/archive/2009/07/09/9825126.aspx#9828703 And I also dug out this on FreeDOS 1.0 compatiblity with XT clones: http://www.mail-archive.com/freedos-devel@lists.sourceforge.net/msg05434.html

So repeat after me: GPS is still GPS, even though it's in my phone.

It is, but the selection criteria for a GPS chip (and associated GPS software) for a phone GPS are different to a standalone one. There are some damn-awful phone GPSs, where it looks like the manufacturer has spent the minimum possible to be able to write "GPS" on the side of the box. I've never used one myself, but the Nokia N95 has/had a bit of a dodgy reputation:

http://www.mail-archive.com/newbies@openstreetmap.org/msg02209.html

There are also some good ones, such as (in my limited experience) some HTCs and some Blackberries.

The most important GPL software in Mac OS X is arguably the GNU compiler, gcc.

Not anymore. GCC on Apple is a Dead Man Walking, because Apple won't work with the GPLv3, which the FSF's GCC project has already upgraded to.

Apple is a major contributor to the LLVM project

Of course, because this is what they intend to replace GCC with, and when this happens GCC-on-Apple and ObjC-in-GCC both go into a slow death spiral. Apple has already ceased providing any significant patches to the FSF GCC project. For example, GCC still doesn't support ObjC v2, two years after its release. There just doesn't appear to be enough developer interest outside of Apple to keep FSF GCC updated.

Apple's implementation of the Cocoa Framework is not an open source framework, but it is based on an open specification, although it has evolved past the specification.

If it has evolved *past* an open specification, and is not open source, then its not open... anything. So your point is?

There is an alternative, open source implementation

Not Exactly:

there is no hope of GNUstep guaranteeing that we shall maintain compatibility with an Apple API that is constantly changing

Cocoa is full-on, closed-source, proprietary... full-stop. GNUSTEP would have the same problem Mono has (always playing catchup to MS's changes), only worse: they can't even look at the code. So they don't even try. Ergo:

GnuStep != Cocoa

There. Fixed it for you.

Not Exactly.