Slashdot Mirror

For those who might be interested about ZK versus Echo2, OFBiz forum Hot or not hot: Visit Alexa and compare zkoss.org and nextap.com. ZK are twice, if not triple, popular than Echo2.

According to Nathaniel Smith Linus only provided the test cases to help
them find a speed bug:
http://www.mail-archive.com/monotone-devel@nongnu. org/msg08143.html

- Peder

Monotone's inode prints (which, incidentially, Linus was a major contributor of) can speed up some things, but the initial pull of a large repository is still unacceptably slow. The Pidgin developers have worked around this performance bottleneck by supplying bzip2'd Monotone databases via http, which the developer then can sync with the latest repository on pidgin.im to obtain an up-to-date database with the latest changes. Partial pulls should partially fix this problem in a future release of Monotone, or so I hear.

For what it's worth, I use Monotone daily and find the performance acceptable. For the record, Linus used Monotone at a particularly bad time it its development cycle, when it was very slow and the main designer was on vacation. Nonetheless, the Monotone developers emphasize correctness and integrity over speed, and Mercurial and Git were direct responses to the performance of Monotone. Still, the performance of Monotone is always improving.

Monotone's inode prints (which, incidentially, Linus was a major contributor of) can speed up some things, but the initial pull of a large repository is still unacceptably slow. The Pidgin developers have worked around this performance bottleneck by supplying bzip2'd Monotone databases via http, which the developer then can sync with the latest repository on pidgin.im to obtain an up-to-date database with the latest changes. Partial pulls should partially fix this problem in a future release of Monotone, or so I hear.

For what it's worth, I use Monotone daily and find the performance acceptable. For the record, Linus used Monotone at a particularly bad time it its development cycle, when it was very slow and the main designer was on vacation. Nonetheless, the Monotone developers emphasize correctness and integrity over speed, and Mercurial and Git were direct responses to the performance of Monotone. Still, the performance of Monotone is always improving.

Oh, you do not want to go there.

I posted something about this on the last thread - SMB/CIFS has a couple of obsolete Microsoft patents that Samba implements, but not as documented in the patents themselves (they would not work in a UNIX-like OS). The main part of Samba is based on specs designed by the Storage Industry Network Association, which MS used more as a guideline than how they implemented it. Here's an article about it, and also see Samba's web site.

The only other patent I know of on CIFS is not owned by Microsoft, it's a Cisco patent

MS probably still argues that those two patents are being violated and MS even spread some FUD by issuing a license for using CIFS on other OS's but excludes the GPL (Samba's license).

Things that are obvious, but Microsoft has patents on, that I'm aware of (thank you, bookmark file):
patent on RSS feeds
FAT patent 5579517 (which I believe has now been rejected as obvious after appeal and my ref was link-dead)
Spam filtering
IsNot in BASIC
or how about this one, which is basically sudo
or this one which would be violated as far as I can tell by a Linux OS module updated over an https connection, though I think it would also need to include verification like an md5 checksum to fall under that patent.

and a couple that I don't think would affect Linux:
a patent that is basically the same as XUL, but for Windows only.
a patent on this one on learning, which is broad and vague - see this guy's response I found in a search which explains the stupidity better than I could (my original link is again dead - I need some housecleaning).

Ok, so here goes.

Big Freaking Disclaimer, I work for IBM in support...

That being said, I use Linux as my primary desktop both at work(thank you IBM) and at home. Debian on both, though I do have to say, I just built a MythTV box and used Ubuntu(faster updates/multimedia/interface acceptable to the female counterpart) and I am VERY impressed with Fiesty Fawn 7.0.4. I have been running Linux since the pre-1.0 kernels and it has been my desktop of choice since 98 and my ./ account number is 5 digits(as well as my ICN number, yeah who cares). I am also in school working with HPC(High performance computing) building, programming and maintaining beowulf clusters. My point is this, I have more experience with Linux than most.

Being that I work at IBM, I also have alot of experience with AIX. While personally, I hate AIX(any UNIX that cannot be administered via vi is shit in my book, take that any way you like), AIX is EXTREMELY stable, and IBM makes sure of it. I have seen the testing they do to both the hardware and software(OS level at least) and it is centered around stability/reliability first and foremost, followed closely by serviceability(tracing facilities, error reporting/recording), performance and then ease of use. Now, this order is not true of all commercial UNIXs, Solaris is used more in scientific applications/number crunching and tends to focus a bit more on performance over serviceability(surely) and possibly even stability. I have seen more Solaris machines bite it than AIX machines, but this is more likely hardware related that OS related. In either case, they are inherently more stable than Linux.

Yeah, I said it, and its true. While Linux is a WONDERFUL and EXCITING desktop OS, and makes a damn fine department server, the OS itself, and not even so much the OS, the kernel is pretty darn stable(dont believe me, boot up a Linux machine and dont do anything, it will run until something harware/power related dies). It is the surrounding libraries and applications that are not quite up to snuff. We in support see this a number of times. Here is an example:

Currently today, right now, PDKSH that is available on http://web.cs.mun.ca/~michael/pdksh/ is completely broken when it comes to job control. Now most of you have no clue what I mean by that, but a quick explanation is placing jobs into the background with a '&' at the end of the command line. Now programmatically, there are a number of way to do this from the shell and on PDKSH, they are completely broken. I tracked this down back in 2002 and a bug report was submitted to the developer of PDKSH. Every major Linux disribution shipped this binary in 2002, so we actually had to package and ship our own version of pdksh to make things work. Redhat later switched to AT&T's ksh, because pdksh was too broken to fix for the most part. Roll forward to 2004, we ran into a really strange problem with one of the products I support(Tivoli) and worked it for 2 months, tracing calls/checking stack traces/and general debugging and in the end, it worked right back around to this bug in pdksh. The customer had installed our pdksh, but later, had replaced it with SuSE's, which at that time was still broken. A colleague of mine finally sat down, on IBM's dime mind you, and took the time to report this bug to all the major distributions, here is the one from Debian:

http://www.mail-archive.com/debian-bugs-dist@lists .debian.org/msg17434.html

This is just one package. There are a thousand stories out there that are the same. I know we regularly submit libc patches as well because we find stuff that is borked in there.

So all in all, its not really the kernel, so much as it is the rest of the building blocks that one must use within Linux. You could use your own compiler and libraries, but then are you really using

The main developer of FreeType decided to disable the filter in September. The Novell deal was later and had nothing to do with this.

According to http://www.mail-archive.com/dev@spamassassin.apach e.org/msg19513.html
Rules to block unsigned eBay/Paypal mail should be in place by version 3.3.0

I understand GEGL will be the new backend for GIMP, supporting deeper color among other things. A friend closer to GIMP development mentioned to me that it may be ready for GIMP sometime this year, but neither the GEGL website or quick searches turn up anything on that topic. A 2003 thread stated that a move to GEGL would be very gradual so as not to necessitate major rewrites.

can you really gain dramatically

See here for a little experiment that illustrates the point and that you can reproduce easily.

Doesn't work very well. Read this:

http://www.mail-archive.com/cryptography@metzdowd. com/msg02611.html

Ubuntu is a distro. It does not need to make money. Canonical is the
company which funds most of the development on that distro. Canonical
needs to make money. Is Canonical profitable? AFAIK, currently no.
However, as a private company, their finances are not available for
public scrutiny. How does Canonical make money? Support and services.
Will Ubuntu be around if Canonical goes under? Yes. The Ubuntu
Foundation is sitting on $10 million for that very reason.

Answer your question?

It was pointed out in the questions that another reason for concatenating
hashes is not to try to increase the theoretical security, but for
practical considerations in case one of them gets broken. This is
probably why SSL, for example, used MD5 along with SHA1. That is still
a valid reason.

Actually, you don't know what you're talking about. Go read "Multicollisions in Iterated Hash Functions. Application to Cascaded Constructions" by Antoine Joux. Unfortunately, it's not generally available online, but Hal Finney wrote a nice explanation of the problem here.

Seems you might be criticising him for lack of research when you haven't done any yourself. I suggest you read this thread that recently occurred on the NANOG mailing list -

Network end users to pull down 2 gigabytes a day, continuously?

I guess I just imagined it then. Sorry for the inconvenience.

A Lockheed-Martin R6000, evidently. 120MB ram, 256MB flash. Perhaps this? According to that page, it was about 60mhz, if I'm reading correctly.

As of a few weeks ago, the OLPC project isn't using LinuxBIOS anymore, they have moved to OpenFirmware from Sun, which was recently open sourced. Sorry to burst the bubble.

When's the last time you heard of a bug in Linux forcing a reinstall?

Hey Bright Boy, you must not pay attention to Linux news nor how many different distributions there are. Allow me to enlighten you a bit.

Mandrake 9.2 may kill LG CD-ROM drives | Fedora Core 6 release date pushed back | Kernel Newsflash (Do a quick search for this section of the page and the old production kernels) | ReiserFS and filesystem corruption issues -- how to fix them, etc (Has to do with an old known issue between Gentoo and ReiserFS | ext3 corruption issue in 2.6.18 found by RedHat

Also try running something like Rawhide, Gentoo unstable branch (Which I do), Debian unstable, or any plethora of other systems out there which include software that's not extensively tested. While it is true that it is rare to find incredible bugs that create a big headache for end-users in a Linux distribution release, it's not impossible and there have been many occurrences of these bugs in release Linux kernels themselves. Let's not kid ourselves, shit happens on both sides of the fence, and it's not only unfair but naive to hold Microsoft to some golden standard because they have a large bankroll. Throwing money at a problem is the worst way to solve it, especially when it comes to QA.

P.S. -- Even in the stable branches of distros breakage can happen and it can be difficult or impossible to recover vital data from the system. I'm running reiser4 on my ~amd64 Gentoo and I keep hoping I don't end up with filesystem corruption that would hit me quite often in the past when I was pretty much forced to use a vanilla kernel with reiser4 or the -mm patchset, which is about as unstable as they come. Plenty of other people get hit by random difficult to reproduce bugs for any filesystem, daily. ext3, jfs, xfs, reiserfs, you name it. I dunno about ext2 though, but since they're so closely related (ext2/3), I'd figure most things that ail one ail the other. Also, you were speaking directly on a bug forcing a reinstall of the system, which usually means a gross configuration error or some other form of data loss. The Mandrake link is the only one which diverts from this train of thought, but it most certainly was a big hitter if you can remember when the story hit, as I do.

Another P.S. -- You say they've had all this time to iron Vista out as if they started out with "This is what Vista is going to be, period. Get there and release it." Sorry buddy, that's not how development goes, especially when competitors are around introducing new ideas all the time, never mind your own R&D department.

Based on reading the Apache Geronimo dev mailing lists, it seems like Geronimo is looking to have some JEE5 preview features in their 1.2 release (maybe later this year?), with full JEE5 support likely coming in 2007.

From the Geronimo dev mailing list:

To me the main open question about 1.2 is whether we can certify on j2ee 1.4 with jee5 spec libraries. If so it is fairly simple to include jee5 preview features.

That line may not mean what you think it means.

Umm, you do realize the "current, ongoing project" got the name from... the Debian-legal mailing list?

Sorry, but the name duplication is FSF's fault (or rather, whoever decided to name that project).

This particular change has been in the pipeline for over a month

No, wbren is right. The actual performance numbers for the current F@H ps3 build should be similar to late model PPC mac since the Pande group has simply recompiled the gromacs core to run on the Cell PPE (that is the general purpose core of CELL). NONE of the 8 vector processors are being utilized, which are the source for the speculative performance ratios in TFA. When there is sufficient coding expertise in Cell to optimize for all the processors, then it might be significantly faster than a PC, but not before. . . I'm sure the Pande group has this in the works but it won't be ready for the PS3 launch. I think the upstream gromacs developers are working on Cell optimizations but they've mentioned its very, very difficult compared to programming for any other architecture they have come across (these are people who wrote ASSEMBLY inner loops for every major workstation architecture). see http://www.mail-archive.com/gmx-users@gromacs.org/ msg03335.html robotkid

Note that Klocwork, while definitely a good tool, does tend to produce a fair number of false positives, so it's not possible to try to compare an automated report of potential problems to a list of problems actually agreed to be a problem and actually fixed by an organization.

OK, I found this on rolling out firefox using unattended. It's cumbersome, but, for the current time, works.

Cheers,

Michael

I tried installing xgl yesterday on ubuntu 6.06 with ATI drivers fglrx 8.25.18. on Radeon 9700pro. I havn't seen any of the issues reported from earlier versions like crashes,and have tried all the stuff from the demos, like semi-opaque DVD running while spinning the desktop cube, with few stalls.

Apart from the ATI issues trying to replace mesa with fglrx solved using
http://www.mail-archive.com/debian-user@lists.debi an.org/msg440319.html
there were no issues other than that the blobby shaking xgl dialogs will do my eyes in.

It's working fine, at least until the next kernel upgrade.

Mind Streams of Information Security Knowledge will fill you in on the clear and present danger lurking not in robots but in human beings.

A recent breakthrough in Artificial Intelligence means that robots will soon surpass homo sapiens in brain-power, reliability and security.

An AI Security Module is built into intelligent robots, not as an afterthought but as a preconditiion for their emergence as legally recognized persons having full civil rights on a par with humans.

The most advanced artificial intelligence on the Open-Source AI market has always had a Security Module to protect humans from robots and robots from humans.

The Joint Stewardship of Earth under human and robot control will usher in either a time of peace and security, or a hellish nighmare of the final destruction of Earth by the evil homo sapiens.

The Singularity Timetable predicts robot superintelligence and a Technological Singularity within six years -- by 2012.

For software, that is. Building codes and electrical codes have worked pretty well.

If we could measure software quality well enough to regulate it, how much need would there be for regulation? Companies would just specify in their purchase orders "must have 685 mill-pf of quality" or "not less than 3 kilo-Sendmails of security" and the market would sort things out in its usual inconsistent but unbeatable way.

I'm nervous about government regulation partly from spending too much time studying the HIPAA regulations. For one thing there's a requirement that you write down procedures. Then there's "thou shalt have a procedure for updating the procedures". and "thou shalt have a procedure for making the procedures available to those who follow the procedures". After that narrow escape from infinite recursion there's a clause that, after multiple readings, I swear boils down to "thou shalt do what this clause says to do". HIPAA compliance does close some common security holes but at a price that seems excessive even when I'm the one getting paid to do it.

Citing a November 1997 story in the Swedish newspaper, Svenska Dagbladet, the report said that "Lotus built in an NSA 'help information' trapdoor to its Notes system, as the Swedish government discovered to its embarrassment."

http://cryptome.org/echelon-ep.htm

*Lotus built in an NSA "help information" trapdoor to its Notes system, as the Swedish government discovered to its embarrassment in 1997. By then, the system was in daily use for confidential mail by Swedish MPs, 15,000 tax agency staff and 400,000 to 500,000 citizens. Lotus Notes incorporates a "workfactor reduction field" (WRF) into all e-mails sent by non US users of the system. Like its predecessor the Crypto AG "help information field" this device reduces NSA's difficulty in reading European and other e-mail from an almost intractable problem to a few seconds work. The WRF broadcasts 24 of the 64 bits of the key used for each communication. The WRF is encoded, using a "public key" system which can only be read by NSA. Lotus, a subsidiary of IBM, admits this. The company told Svenska Dagbladet:

"The difference between the American Notes version and the export version lies in degrees of encryption. We deliver 64 bit keys to all customers, but 24 bits of those in the version that we deliver outside of the United States are deposited with the American government".(94) 44. Similar arrangements are built into all export versions of the web "browsers" manufactured by Microsoft and Netscape. Each uses a standard 128 bit key. In the export version, this key is not reduced in length. Instead, 88 bits of the key are broadcast with each message; 40 bits remain secret. It follows that almost every computer in Europe has, as a built-in standard feature, an NSA workfactor reduction system to enable NSA (alone) to break the user's code and read secure messages.

Mule, Donkey:
Usa\ -\ Echelon\ Le\ Pouvoir\ Secret\ -\ Documentaire\ -\ Parties1\&2\ -\ \(Alterdivx\ Free\ Fr\)\ -\ Hanthala\ -\ Doc\ Arte\ Fr.avi

As some of you may remember, there was a scandal in Greece back in February 2006 involving the interception of mobile phones belonging to high-level government officials, including the Prime Minister. The CALEA software on the Ericsson switches used by Vodafone was blamed; it had apparently been surrepticiously turned on and was copying traffic to an equal number of "shadow" phones.

An thorny point in the investigation was the revelation that the "shadow" phones had also been used to make phone calls to Laurel, MD.

An interview with James Bamford on the possible role of the NSA in the "Mavili-gate" was published in last Sunday's (5/8) "To Vima", one of the major Athens newspapers. I contacted the journalist, Alexis Papahelas, asking for permission to forward the article to this list, and he was kind enough to send me the original raw transcript.

http://www.mail-archive.com/cryptography%40metzdow d.com/msg06141.html

But there has been major changes in the company behind Trustix as of lately. It was originally developed and maintained by several hard working people in the Comodo branch in Trondheim, Norway (E.Midttun, O.Viggen, C.H.Toldnes).
Then not so long ago, I saw one of the workers at Comodo carrying several computers from their office. Turned out that everyone had been laid off and the Norwegian branch was closed down.
At the same time this happened and for some time there was no information given about the status of Trustix:
http://www.mail-archive.com/tsl-discuss@lists.trus tix.org/msg03396.html

We still have a few servers running Trustix, but are currently moving over to other distributions.

I only have five computers (one Athlon 1400GHz, one dual Xeon 2.8GHz, and one Pentium 4 3.0GHz, all running Fedora Core 3 or 4, plus one iBook G4 800MHz and one Infrant ReadyNAS 600) plus a gigabit Ethernet switch. Two things, however, cause my setup to stand out from the crowd:

* Between the dual Xeon and ReadyNAS, I have 4.8TB of RAID storage. That Pentium 4 is a MythTV box with three HDTV feeds, and given the massive sizes of HD recordings, I need all the space I can get.
* Kerberos 5 single-signon authentication. One username and password gets me on to any machine on the network.

HDCP is destined to fail anyway. It is fundamentally a cryptographic protocol which does a handshake between video card and monitor that sets up a cryptographic key, then encrypts the data. This handshake portion was created without public crypto review, and as is often the case, is done very badly. As Niels Ferguson said when he examined the HDCP spec, "I was just reading it and it broke"!

See this posting to Perry Metzger's cryptography mailing list for a summary of known cryptographic attacks on HDCP. It is only a matter of time until the HDCP master key is reverse-engineered, and at that point it will become easy to create devices that mimic HDCP functionality, making HDCP essentially useless.

Yes, but doesn't all of this kind of make sense for Sun? I mean if they die as a company, all of their IP becomes abandonware, and thus not helpful to anyone anymore.

They already do this, and ever since Build 23, they've cemented that proof wrt Solaris 10 and the further defense of that in Opensolaris.

The question is will they continue to honor the Open Source way by continuing their commitment, or will they simply abandon what they've open sourced and move on with the new capital?

Given by their treatment of the sun4m platform and hardware past version 6, I'd say they'll abandon it before it's really too slow to work with it.

...but this does not make for an excuse to keep sun4m off OpenSolaris, no matter what mutterings your kernel devs might have to justify it. Now if you made it possible
to rig up an ultrasparc over mbus somehow with this, you might get somewhere. However, that still does not justify including sbus, but cutting out the architecture that primarily used it from source code (even if it was an early build).
At the very least, it'd be a fitting end to see a source/binary (for drivers if impossible to source) release of OpenSolaris fit to sun4m. That would get people still with Quad Ross SS/20's, Ross SS10's, SS5/170's, and the others out there that definitely could take advantage of some of the features as well as have the ability to fix some of the major offenders (since I guess Bart Smaalders seems to have forgotten about the numerous bugs, and just wants to shove sun4m under the "closed hierarchy" carpet).

It's not about the cost, it's about having the ability to fix the bugs on these machines. Distraction with an open Ultrasparc core isnt a good idea.

The best I can see out of it is Sun trying to follow in the paths of OpenPOWER. At least the company behind OpenPOWER is the same one that at least did one last release (AIX 5L 5.1) that allowed some sort of openness that Sun would drop at the fall of a hat.

Artificial intelligence is the prime example of a Golden Age for outside-the-box developers.

The AI User Manual tells how to get started in Outside-the-Box Artificial Intelligence.

The Mind.Forth AI Engineshows that you can work on Artificial General Intelligence (AGI) without perpetuating the colossal failures of the traditional AI Establishment.

The AGI Mail Archive is a community forum of AI Outside-the-Boxers.

A Web site on PC-based robots sports an outside-the-box A.I. Zone where you may think outside the box about putting artificial intelligence into hi-tech robots.

Which is fine and dandy, and points out the usefulness of anonymous communication, not free software. And now that ONE person in each village has a phone, how easy is it for the people committing human rights violations to find him? Now they just torture a bunch of people until they find out who has the phone. And they might not have electricity to charge the phone when needed! So while he has good intentions, at what cost? The root problem of having a corrupt government is not fixed by this, and may even cause reprisals.

I found the following reply from Taran Rampersad (is he your friend you were speaking of? He went to the same conference.) interesting and still validates some of the points I have been trying to make. Should we not do anything at all? Of course not. But complaining about MS making their software free or having Linux on a bunch of computers is not going to do anything useful in the current situation that most underdeveloped countries are in. And I hate to say underdeveloped. There are some countries/cultures which operate fine the way they are. It is the ones which operate in anarchy and where people live in constant fear of their lives we need to worry about (which at this current moment just happens to be a lot of countries in Africa).

Apparently, KOffice supports Open Document. And, according to this Abiword and Gnumeric soon will. Presumably other minority (i.e. no MS) products will jump on the bandwagon as well, once it becomes obvious that Open Document has a decent mindshare.

"I though 16bit support was due in GIMP about now?"

Yes, for any given meaning of "now". :-)

GIMP 1.4 (later renamed to 2.0) was going to a reorganization of the code, with a better separation of core functionality and interface. Then the GEGL library was going to replace the graphics processing functions. Except that by 2.0, GEGL wasn't nearly ready yet.

In the meantime it had been decided that because of the many ideas for new features that had been on hold while waiting for 2.0, a version 2.2 would be brought out first that incorporated all these new features (better previews, live transformations, better dialogs, &c.).

GEGL was going to happen in 2.4, IIRC, but that plan also seems to have been given up. A mail on the developer list from June 5, 2005, titled "The GUADEC meeting", detailing a meeting of several developers, reads:

        "We would like to get GIMP 2.4 out soon. The plan is to finish what has been started in the development branch. This should be doable over the summer. This means that 2.4 will have color management but we aren't going to try larger changes such as adding support for higher bit depths."

        "We agreed though that 8bit is not going to get us much further and that we need to pick up on GEGL again. The GEGL source tree had been abandoned for a while, the last commit dating back to March 2004. We found that in order to make further plans, we first need to get an overview on the current state of the code."

There is also mention of reworked menus.

It doesn't say so in the e-mail message, but the colour management Sven is referring to probably does not entail true CMYK, because that was also planned for (and put off for) GEGL.

"There's always cinepaint, the new version sounds promising."

Last time I checked, Cinepaint was a one man show and fairly buggy. (Granted, that was a while ago.)

20 Questions is not where it's really at in artificial intelligence.

Mind.Forth is the True AI you're not supposed to know about.

Stumble upon Forbidden Knowledge in artificial intelligence and you could be in danger because you Know Too Much.

Slashdot readers figure out the Hidden Truth for themselves.

914pcbots.com is the Forbidden A.I. Zone where techies discuss installing secret AI Minds in PC-based robots but: Hush! (It's a big secret -- Forbidden Knowledge).

Novamente is another truth-will-out story of Artificial General Intelligence (AGI).

AGI Mail List is where the l33t heavyweights talk about Artificial General Intelligence.

AGI Secret Archive is where you may eat of the fruit of the tree of the Forbidden Knowledge about artificial general intelligence.

Lasciate ogni esperanza, voi che entrate .

I also gave a presentation of leap second issues in distributed
computing, presented the UTS proposal and argued that something like it,
together with more carefully implemented NTP software, would in practice
eliminate computer worries about leap seconds, without a need to change UTC
arising from this area. I also argued that the message formats of
pre-GPS time broadcast services such as the various LF and HF time
stations leave much to be desired and that work on a globally
standardized state-of-the-art signal format would be a timely and
important project.

http://www.cl.cam.ac.uk/~mgk25/c-time/torino2003/u tc-torino-slides.pdf

Finally, on the afternoon of the second day (Thursday, 29 May), the
agenda moved to writing up a draft conclusion of the colloquium, which
was then to be refined and phrased out more carefully by the
invitation-only SRG meeting on Friday.

Ron Beard with William Klepczynski drafted in PowerPoint on the
presentation laptop a list of objectives and conclusions for the
meeting. They started out with a few very pro-change statements, that
quickly attracted criticism from the audience as perhaps not being a
quite adequate reflection of the discussion at the colloquium.
Throughout the subsequent discussion, I had the impression that they
were rather happy to include pro-change arguments and statements that
were proposed by participants into the draft, but were very reluctant to
include any of the more sceptical/conservative statements that were, as
far as I could tell, proposed equally often. In the following coffee
break, a number of participants noted on their impression that the
organizers of the colloquium probably had already made up their mind on
the death of UTC and would push this through ITU in any case.

A good number of attacks have already been found:

http://www.mail-archive.com/cypherpunks-moderated@ minder.net/msg11705.html

http://apache.dataloss.nl/~fred/www.nunce.org/hdcp /hdcp111901.htm

You just need to be able to stream the raw data to storage fast enough (or simply pass it on to your display device of choice).

That is part of the leaf code of the mod, not an exported API. Assuming that CS:S uses the same code that we ship in the SDK is wrong (because they won't match). Injecting network messages and assuming the same implementation in a binary you don't control is not going to work. We have provided a stable, consistent (across all mods) API for plugins to message users. We have already added new functionality to this interface at the request of plugin authors, a quick email discussion with us and I am sure we can find a middle ground. Also note that plugins already use the exported API for HL2MP (and other 3rd party mods I suspect).

We are not going to be held hostage to 3rd party programmers using triggering out of date and unused game code that isn't part of a published API (i.e part of an exported interface function).

Given that Sun Microsystems is a large part of the "OSS community" (see the "share" marketing campaign going on atm), that you accuse of pissing off Sun, you make it sound as if that they have done a lot of bad things to themselves. Have they, really? I'd find that odd.

Hardly. Sun has attempted to *enter* the OSS community time and time again, but they are consistently rebuffed and have to work on their own. They are even persecuted for their kindness! In general, IBM has done far less, but they get a free ride. Why is that?

Yes, I've looked at the new JRL, and unfortunately it's not as simple as the FAQs say. See http://www.mail-archive.com/classpath@gnu.org/msg0 9825.html for details.

Yes, I've seen your analysis. I find it overly critical, but I'm afraid I can do nothing to change that. Sun could probably sue you for hundreds of little infractions that the law may or may provide them with relief for. But they don't, because they are attempting to play nice. Sun may not have the motto, "do no evil", but their actions generally speak to it.

For how bad things can go with Sun and open source projects not paying respect to Sun's licenses, see Lutris' Enhydra (open source application server from a few years ago, killed by its authors because of alleged SCSL violations),

As I remember the situation, Sun never threatened legal action. Rather, Enhydra felt that they needed the Java Logo, and was going through the long process of obtaining the logo. Nor did that kill Enhydra. After the release of J2EE, lack of interest in their existing platform managed that. (Anyone remember ExoOffice?)

JBoss (open source application server, had to fork over a certain, large amount of dollars to reach license peace with Sun)

Sun made the TCK available to OSS projects, but JBoss is a commercial entity. In any case, things were always complicated there. (Never did get the full story behind why Rickard left.)

On a side note, I plan to work with Sun's legal to see if their standard tainting clause could not be clarified, eventually, but don't count on it: I don't write Sun's licenses, Sun does.

That's good news. :-)

Regarding missing documentation, well here is one for you: javax.swing.text.html.HTMLEditorKit: can you tell which HTML 4.0 tags are supported and which are not supported, precisely, from the API specification alone? :)

No, but I would take one of two tacks:

1. Just support common tags and hope you're compatible enough. (This isn't as bad of an option as it may seem at first. Even if you get a few details wrong, bug reports will help you sort things out later.)

2. Test the existing Java binaries for what they are and are not compatible for.

"effectively declared themselves an enemy", oh my goodness, that's a really odd phrase. Where did you get that sort of weird, martial language from? What makes you think it fits software development, or what Sun thinks of Free Runtimes?

There had been almost no contact between Sun and the Free Runtimes for the first 9 years, until a few folks (including me) started building bridges last year, and working together with progressive people inside Sun Microsystems on finding ways for Sun to learn to know the amazing stuff happening out there. There were no bridges to burn since Sun has never, afaik, tried talking to Free Runtime developers in the past. Sun has been largely non-existant in Free Runtime community, other then as a potential legal boogeyman, and that's certainly not because Sun didn't know where we're hiding. They probably simply didn't think much about it all. :)

See, no Classpath devs care about begging Sun for favours, like asking for opening up their implementation. It's never going to happen, so why bother?

What we're interested in is creating an ecosystem of great, mutually compatible runtimes for programs written in the Java programming language. In oder to fulfill the promise of the platform independance, and truely make programs written in the Java programming languiage run everywhere, we need to be fully compatible with the non-free implementations. It is in the interest of the non-free implementation vendors to be compatible with GNU Classpath.

So mutual compatiblity is definitely an area that we can work on together. Where we differ is that at GNU Classpath, people are interested in verifiable compatiblity claims, rather than cute coffee cup logos, so Mauve, the GNU Classpath compatibility test suite is Free Software, that anyone, including Sun, can freely use to verify the compatiblity of their implementation with GNU Classpath. Sun has so far not returned the favour, they have instead chosen to release their test suites under non-free software licenses. It's their code, it's their choice, it's their loss.

I keep saying that Sun is cordially invited to participate in GNU Classpath, whenever they are ready for it. I sincerely hope that Apache Harmony will be a good venue for them to become a part of the Free Runtime family, and collaborate with Free Runtime developers on shaping the future of the platform.

Yes, I've looked at the new JRL, and unfortunately it's not as simple as the FAQs say. See http://www.mail-archive.com/classpath@gnu.org/msg0 9825.html for details. In particular, let me quote from Larry Rosen's book on open source licensing, regarding an almost word for word equivalent provision in Microsoft's Shared Source license:

""If you are a software developer who intends to write software that might potentially compete with Microsoft's copyrights or patents, there is great risk in looking at Microsoft's source code. Under the copyright law in the United States, if Microsoft proves that there is "substantial similarity" between your commercial software and theirs, you may be an infringer. You may have to prove that you saw and read Microsoft's source code but that you relied only on intangibles and only on your memory when you wrote your own software.

That's a difficult evidentiary burden. I'm not sure how even an experienced programmer can walk that fine line. Perhaps the best way is simply not to look at Microsoft's source code at all."

For another lawyer's optinion why you should stay away from Shared Source licenses like the JRL even if they may have been written with best intentions regarding tainting, see

I help run The Mail Archive which is one of the larger mailing list archive sites, covering several thousand lists. What specifically would you like to see improved about navigation?

This type of spam (showing a page to the crawler and another to the user) is called cloaking. Cloakers have anticipated this sort of move and can detect a search engine's crawler by not just the user agent but also the IP address range it comes from and other heuristics. In order to beat them, search engines would have to crawl from unpredictable IP addresses and behave like regular users.

A while back I proposed a distributed approach like this in the Nutch mailing list. The problem is that it would be hard to implement and it may not be worth the effort, since there are cheaper ways to fight spam.

Scalia and Thomas are both pathetic shills for their politics, one loudmouthed, the other introverted, but they are equally bad.

here. Effects of filesystem/RAM/CPU/SCSI on the results are discussed.