Slashdot Mirror

PGP addresses the problem of transporting private data securely across a public medium. Traditional cryptography involved a private key, in which you and your correspondent both need to know the unique cryptographic key in order to read the encrypted method. The problem with this method was that, while easy to program and use, real-life applications were complicated. After all, if you have a secure medium to transfer the key, why not just transmit your entire message that way? PGP was a major breakthrough (or implementation of, rather) in public key cryptography. Using this system, no secure channel is ever needed. Both the recipients public key and the message can be transmitted (or even broadcast publicly) via an insecure network. Because of the way data is encrypted, PGP is also good at guaranteeing the authenticity of a message - the idea that while others may have looked at your encrypted message while in transport to the recipient, if they have changed so much as a space, the recipient will be aware.

PGP (or any other program for that matter) can do nothing (or very little) against user malice/stupidity/carelessness. That is beyond the scope of PGP. If you whispered a secret message to Ms. Muslim in a dark alley, there is still nothing preventing her from doing as she wishes with your (until-now) private message. For more on software controlling the users, check out what Microsoft is trying to do (albeit fairly unsuccessfully).

PGP will also do you no good for "traffic attacks" (Alice sends an encrypted message to Bob, Bob murders Alice's spouse, Bob sends an encrypted message to Alice. You guess cop's #1 suspect) and has never intended to. You may want to look into cryptography's little sister, steganography for message hiding.

I would highly recommend browsing to http://www.pgpi.org/doc/faq/ and doing some more reading. I also own O'Reilly's PGP: Pretty Good Privacy and have found it an excellent resource. It was published back when PGP was still Phil's, but applicable today nonetheless. Heavy on theory and application, there's also a very good appendix on the dirty math involved.

Also, O'Reilly's Building Cocoa Applications is excellent for the beginner, although I wish they would publish AppKit & Foundation in a Nutshell for a good off-line reference.

Some other good references:

• http://www.stepwise.com/
• http://macdevcenter.com/
• http://www.cocoadevcentral.com/

Revisionist history indeed. BSD (in the form of Unix patchkits) were available as "open source" when Linus was still in diapers.

WTF does Linus have to do with this? The claim was that the GPL spawned the open-source/free-software movement. RMS started writing GNU under the GPL in 1984. BSD wasn't freely redistributable until Networking Release 1 in 1989.

Look at me everybody. My name is fancy pants! Now all i need are some wearable computers.

Parrot is a new, dynamic programming language, intended to merge the indubitable strengths of the twin Open Source scripting giants, Perl and Python. Stemming from the Open Source conferences, and culminating in the unprecedented meeting of minds at the new ActiveState Technical Advisory Board, Parrot was conceived jointly by Larry Wall, the original creator of Perl, and Guido van Rossum, the inventor of Python. By uniting the unparalleled flexibility of Perl with the simplicity and maintainability of Python, Parrot is destined to become the premier application development language of the twenty-first century.

Some Books to look at:

The 1979 Hugo and Nebula Award winning novel, The Fountains of Paradise by Arthur C. Clarke.

AND...

The Web Between the Worlds, by Charles Sheffield, using the same idea, published about the same time Clarke published his book.

AND...

Of course, Kim Stanley Robinson's Mars trilogy.

Beat you to it!

It sounds like the book he really wanted to get was O'Reilly's Mac OS X for Unix Geeks. It includes a lot of his gripe topics like:

* A quick overview of the Terminal application

* Understanding Open Directory (LDAP) and NetInfo

* Issues related to using the GNU C Compiler 9GCC

* Library linking and porting Unix software

* An overview of Mac OS X?s filesystem and startup processes

* Creating and installing packages using Fink

* Building the Darwin kernel

* Running X Windows on top of Mac OS X

$10/month for 5 books/month. Lots of books. Searching. Bookmarks. Printing. Copy & Paste code examples. Errata. Public and private notes.

It looked like a great book and I had some free slots left, so I just added it to my bookshelf - very good so far.

This sort of book is exactly why I subscribed to Safari. It's very handy but I'm not sure I want a physical copy, I can read through the whole thing to decide that.

One warning though, I think the book was three points!! Safari subscriptions work by using a fixed set of points to put books on your "bookshelf", which then must sit there for about a month before you can replace it with another book. Very fair and ten points are $14.95 a month, most books are only one point.

BTW, you should be able to see for yourself what books are on Safari, it lets you browse and see excerpts I beieve. It's only when you try to read a book that you need the subscription.

A side note, I'm also evaluating the online book site "books24x7" for work and I like Safari quite a bit more,both in terms of site usability and quality of books.

I tend to use 'slimmer' solutions than a full-blown framework like EJB (yes, I like 2- and 2.5-tier applications). ;-) But I would like to caution those who strike out at Java/EJB/J2EE as though it's just marketing speak. It ain't all a crock, and like anything that achieves some popularity it will attract idiots who will give others a bad impression.

Just for the record, the author of Building Java Enterprise Applications isn't one of those idiots. I haven't read the book yet, but Brett McLaughlin is a smart guy, and I think it's unlikely he presents EJB's as a magic bullet. A few years ago he wrote in an article for O'Reilly's online Java thing:

I'd estimate 50% to 70% of the companies that have purchased or are purchasing J2EE solutions could easily get by with a simple servlet and a JDBC-based solution. Presentation logic housed in the servlet coupled with database access through JDBC would suffice for most types of applications, including many e-commerce solutions.

i.e., what you just said.

Minimum Advertised Price (MAP) has been around for a while, and not only in the music industry. When I first read this story I remember reading about this somewhere else, and it happens to be in the PC Hardware in a Nutshell book I'm reading from O'Reilly (Thompson & Thompson, 2002). It mentions that a good amount of PC hardware prices are held high due to this same MAP scheme. Fortunately we have pricewatch to help keep computer hardware prices down.

MAP just sounds like another scheme to keep prices up in what would otherwise be a competitive marketplace. Unfortunately, nobody seems to care enough to stop it.

I simply don't understand why you think this is relevent to anything.

Yes, it's obvious that you don't understand, so let me try one last time to see if I can explain it to you.

You spouted the standard line: "Monolithic kernels won and microkernels lost."

My point is that monolithic kernels only won in a revisionist sense of the word "monolithic" because monolithic kernels originally meant:

a) a single executable compiled for a specific target with specific hardware support, and

b) a memory model in which the device drivers, filesystem drivers, and so on are all run in kernel memory.

On the other hand, "microkernel" originally meant:

a) a small, platform dependent executable that runs in kernel memory, and

b) a memory model in which platform independent device drivers, filesystem drivers, and so on are all run in user memory.

In each case both of the criteria were, a decade ago, considered to be essential properties of the kernel. Portability, the ability to load device drivers and filesystem drivers, and so on, were considered to be essential aspects of a microkernel architecture, while those attributes were considered incompatible with a monolithic architecture.

There is plenty of evidence to support this in the link that I've pointed out to you twice already, but since you apparently were too lazy to read past the first paragraph, let me enlighten you by quoting some of those things here.

There is no idea in trying to make an operating system overly portable... (Linus Torvalds)

Minix is good because it is portable/Micro-Kernal/etc. Linux is not good because it is monolithic/tightly tied to Intel/etc. (Michael L. Kaufman)

The microkernel design has proven invaluable. Things like new file systems that are normally available only from the vendor are hobbyist products on the Amiga. Device drivers are simply shared libraries and tasks with specific entry points and message ports. So are file systems, the window system, and so on. It's a WONDERFUL design, and validates everything that people have been saying about microkernels. (peter da silva)

There are many, many more examples in this link, as well as in this extended version of the discussion that I found.

As for the definitions of microkernel and monolithic kernel that you listed above, they're not terribly helpful. You simply declare that your definitions are correct without anything to substantiate your claims. It's called a tautology, and it doesn't prove anything.

I don't know enough about it say definitively.

Well at least you admit that much. But really, it's not a matter of "figuring it out" for myself. I know the correct answer, and I know the answer that you would be forced to give if you used your own definitions. I wanted to see what you would answer.

I hope this helps to educate you. Given the fact that your dogma is of far greater magnitude than your ability to reason, however, I'm not optimistic.

Heck you don't have to go that far, just read The Top 10 SANs vs. NAS Decision Factors by the author of the ORA book. Or sign up and read the book online at Safari.

Sorry, but you don't know what you're talking about.

Saying so doesn't make it so. :)

Monolithic versus micro kernels have nothing to do with how things are linked, static or dynamic.

I don't think that you understand the historical context of the word. I refer you again to the "Linux is Obsolete" debate.

Andy Tannenbaum said:

Most older operating systems are monolithic, that is, the whole operating system is a single a.out file that runs in 'kernel mode.'

And Linus, in 1992, did not disagree with that assessment, because that was the commonly agreed upon definition. In fact, he went on to explain why portability is not important in a kernel. If you read the discussion, it is obvious that Linus' idea in 1992 of what a monolithic kernel was is drastically different from your definition.

If OS/X changed Mach to be link-based rather than message-based, then it's no longer a microkernel. It doesn't matter what it originally was.

And if Linux is not a single executable, then it is no longer monolithic. It doesn't matter what it originally was.

If you don't believe me, maybe you'll believe Linus himself.

Why would I? He's one of the revisionists! :)

Yes, micro-kernels are kind of cool but the downsides are pretty well understood at this point. Monolithic kernels won, microkernels lost. Gnu picked wrong. Get over it.

Riiiight...the Linux kernel is "monolithic". *wink* That's why my distribution comes with over 800 modules.

The fact is that, while the Linux kernel can be compiled as a monolithic kernel, it ususally isn't unless a very small footprint is required or some other specialized optimization is needed. For most uses, the kernel and loadable modules that come with the distribution work just fine.

The Linux kernel is neither a monolithic kernel nor a micro-kernel as those terms were understood ten years ago. The only reason that people continue to insist that the Linux kernel is monolithic is that they want to believe that Linus won the Linux is obsolete argument. In fact, the only reason that the Linux kernel isn't obsolete is that it isn't a purely monolithic kernel and has incorporated some of the features, such as loadable modules, that were originally considered to be micro-kernel features.

Wrong. There are many more at MozDev, as well as links to other Mozilla/XUL sites. Also Komodo , a commercial product was written with Mozilla. Activestate is actually making money with this.

O'reilly is taking this seriously. Maybe they know something you don't ;-)?

Javascript is a joke. It's for annoying web page junk.

False chargest that are later cancelled still show up on your credit record, with notes explaining the situations. As anyone who has worked with databases will understood, these records are then queried in credit checks with queries that do not have a human's ability to understand that the credit charge was bogus.

Therefore until the record has to be removed by law, your credit record can be hosed. And since nothing was actually stolen from you, if the credit card company chooses not to pursue (which from their point of view is a risk/reward issue involving the amount that a lawsuit would cost), you have no standing to sue about it.

The same thing happens with identity fraud, but tends to be larger because they can rack up quite the bill before anyone figures out that you don't live at the black hole that the bills are going to.

For more see Database Nation.

This book was reviewed here.

*

I have also given a 'quickie' review about this book months ago on out little site. You can also find the thread on signalnine by clicking on the 'reader reviews' link, on the book information page.

And to think... With the wonders of Safari I probably won't have to leave my cave to go look at it... Grin... Hopefully it turns up there...

There aren't really any out there for Mozilla.

"it's a simple matter to prove that any program could be reduced to a single line of code with a bug."
-- Randal L. Schwartz and Tom Phoenix (Learning Perl) --

-r

One option, since its one of those books you only need for a little while to select and set up your software, would be to "rent" the book online for a month from Safari at O'Reilly's website, then either unsubscribe from Safari or switch to a more interesting book later.

The numeric rating really seems disproportionate, as the reviewer did have some good things to say:

• "for a person who is determined to keep a daily journal available on the Internet, it would provide helpful reading material"
• "the depth of covered material is surprisingly large for such a narrow topic"

The primary audience for Essential Blogging is someone who is new to blogging. If you already use a blogging system like Movable Type, you'll learn something from the book (Ben and Mena, the authors of Movable Type, wrote a lot of new material for their chapters), but you are not the primary audience. We even say this in the preface, and the back cover pretty clearly states what's inside: "Essential Blogging helps you select the right blogging software for your needs and shows you how to get your blog up and running."

Someone new to blogging can read Chapter 1 to learn about the different aspects of a blogging system; the pros and cons of self-hosting vs hosted, desktop vs server; and ultimately decide which web journal system to use. Then they can read the chapters specific to their chosen system to get started, and return when they're ready to customize the appearance of their blog.

While working on the book, I kept my Dad in mind. He's technical, not stupid, and if he wanted to start a blog, what I want him to know about? The audience also explains the screenshots--if you're new to blogging, you don't to know what to expect nor what the possibilities are. Although it's hard for the reviewer to imagine there are people who haven't been hacking web sites and writing their own blogging systems since 1996, such people do exist.

But even people who already blog and are entrenched in a particular blogging system should check out the others. I'm a Movable Type user myself, but it was a real eye-opener to use Radio Userland for a while. The whole approach to software and blogging is different in Radio Userland, and it makes you look at your own setup in a new light. I'm not saying you need to buy Essential Blogging to do this, but such comparisons are a benefit of having multiple systems presented side-by-side in the one book.

About the only thing I agree with the reviewer wholeheartedly on is that it's a shame we don't cover LiveJournal more. When the book was being developed, I didn't see the geek interest in LiveJournal that I see now. Perhaps in the second edition we'll have chapters on LiveJournal.

So to conclude, I sure hope the old saying that there's no such thing as bad publicity is true. I hope the next book gets a real review (more than six paragraphs) by someone who reads the preface :-).

--Nat
(blogs on O'Reilly Network and use.perl, as well as several Movable Type installations for family, and a Blossom blog for work)

The O'Reilly contract is available here. It's a bit old, but the details look the same. (short answer: it depends on the advance)

Jabber Central (more pratical information on jabber)
Jabber Powered (an initiative to create products based on Jabber)
Jabber Studio (the development hub of the Jabber community)
Old Jabber documentation
Jabber FAQ
A nice overview of Jabber
Jogger (a jabber based weblog)
Jabber Python module
Unofficial Jabber user guide
Programming Perl(an O'Reilly book)

Gladly.

But just in case nobody gets it (and since the original post is still scored at 1, I assume that most don't), here's the W3C's SOAP Messaging Framework spec.

Maybe someone can cook up a version of lint that can be used with SOAP!

"History teaches us that as far as innovation is concerned, open beats proprietary every time. You have only to look at the history of the UNIX operating system to see this effect. Many of the innovations that were incorporated into commercial UNIX systems (as well as many of the foundational technologies for the Internet) were developed in universities as extensions to the original work at Bell Labs. Once AT&T took UNIX commercial, under a restrictive license, that work stopped, and didn't burst into flower again until Linux, a free implementation, took over leadership of UNIX operating system development."

When you close everything off, only enough innovation is done to perpetuate the monopoly, and no one else can share in the innovation to help further it.

Yeah, but I thought the hippo was for the javascript app cookbook.

Sure, it's better than nothing, but Dug Song's work on Dsniff (and the resulting controversy) clearly revealed that SSH is not a panacea to sniffing and/or session hijacking. In fact, with a compromised network host doing ARP spoofing it's probably nowhere near as secure as you think, especially if the clients and servers aren't set up with appropriate configurations. (i.e. only allow SSH2, don't allow log in as root, perhaps even use skey if necessary, etc.

Also, if you use Windows, don't let WinSCP save your password in the registry. (as it tends to want to do so by default). WinSCP (and perhaps PuTTY?) also saves copies (unencrypted!) of any files you transfer in plain sight, right in your Windows temp folder! argh!)

I'm not saying it's futile - SSH is a good step in the right direction, obviously miles ahead of Telnet or FTP, but it's not the cure-all some people seem to think it is. So, you might want to think twice about how "secure" your little SSH session is before bragging about it on /.

Otherwise, you're just drawing attention to yourself. (shh! the feds might hear us. ;-)

Even though Tim O'Reilly prefaces his "poll" with a statement about how these 15 responses do not "represent a significant sample" he still bases a large part of the story on it.

I don't think that those numbers are "suggestive" or "intriguing".

Now, his statements about David Pogue's book being bought in high quantities do raise an eyebrow, but i would still like to see more numbers.

interesting facts:

O'Rielly's vi books sell more than Emacs, approximate 2:1 ratio. Several years ago there was a vi vs. Emacs laser tag or something at an open-source conference - Team vi had a near 2:1 size advantage over Team Emacs, size meaning number of people, not physical measurements. Oh, and Tim O'Rielly is an Emacs defector, now uses vi.

see also: http://www.oreilly.com/ask_tim/unix_editor.html

Of all the things geeks fight about, it's always the text editor that draws the most blood. For an outsider it must sound rather petty. ;)

I've found vim to have extensive documentation, though sometimes, just finding the right information is incredibly difficult to do. (I just end up grep -r ing the documentation dirs)

If you're starting out, a cheaper hard copy alternative just to get you started (since one of the major roadblocks is the initial learning curve) is the vi quick reference from O'Reilly. Nice too that it points out vanilla commands vs implementation specific ones. Information is nicely arranged too. I think I've even seen printable posters with beautifully arranged command maps.

Myself, I only use the basic commands anyways, I don't need the full set of features. I work on so many systems that customization is not an option. And sometimes, all these extra options just get in the way. Magic indents are interesting, ability to execute perl is interesting, but I don't really need them, infact I find them annoying. (I end up undoing the formating that vim magically formats for me) For my personnal system, I usually end up remove all the xyzzy and stick with the basics.

I've found Ant to be like the "regex" of build tools. In the right hands, it can be an enormous time saver especially with repeatable tasks like build, deploy scenarios. It's not for everybody but if you are willing to meet it half way and put in some time reading the Oreilly book on Ant, then you will be rewarded ten fold.

A lot of this seems to be covered in Web Client Programming with Perl.

Along with the other comments listing many references for Perl & LWP, I don't think I'll be rushing out to spend the money quick-like...

You can read online their book Web Client Programming With Perl which has a chapter or two on LWP, which I've found very useful.
And on a related note, you can also read CGI Programming on the World Wide Web which covers the CGI side.

I may take a look at this LWP book, or I may juststick with what the first book I mentioned has. It's worked for me so far.

You can read online their book Web Client Programming With Perl which has a chapter or two on LWP, which I've found very useful.
And on a related note, you can also read CGI Programming on the World Wide Web which covers the CGI side.

I may take a look at this LWP book, or I may juststick with what the first book I mentioned has. It's worked for me so far.

It's actually not that often that I want to grep web pages with Perl, the slightly-more difficult stuff is when you want to pass cookies, etc, and that's where I always find the docs to be wanting. Yes, the docs tell you how, but to get the whole picture I remember having to flip back-and-forth between several module's docs.

How about reading Micheal Tiemann's essay here? It sounds more or less like you. It's an interesting read anyway.

the new o'really book coming out no really

Just another reason not to use Microsoft.

Tell Tim OReilly not to abandon opensource!

Linux on the wrist-watch and not the laptop means the problem is only half-solved!

Tell O'Reilly not to abandon open-source!

O'Reilly needs to hear from us on this. I think its terrible that he is giving up on open source software. Let him know what you think: tim@oreilly.com Don't let him be bought-off! Email him now!

I just picked up "Jython Essentials" from O'Reilly. It does a good job from the perspective that you already know some Java, and want to learn the basics of Python and how to integrate your Java classes.

As for the language itself, I think it would be extremely usefull for rapid prototyping of UIs if you're working with Swing (and aren't already using a GUI builder). It's nice to have the interactive interpreter so you can see your changes right away.

Btw, there is an O'Reilly book, Jython Essentials, on the market.

It happens that "Free as in Freedom" is published under the GFDL (of course), and is available online. Hence, I'm able to provide you with a direct reference, http://www.oreilly.com/openbook/freedom/ch11.html, starting with the paragraph: "Raymond put his observations on paper"

I didn't even notice that it was another ad from O'Reilly.

I can't get enough of those stealth ads!

Can someone fill me in?