Slashdot Mirror

Bruce

Comment added here to get by the slashcode postcomment compression filter.

Step-by-step docs aren't worth dick. They exist, and they tell you how to get one specific task done (get Apache running / install PHP / get CGI to execute etc), but that is about it. You get the job done, but you will probably do it in an dumb/inefficient way. I bought Apache - The Definitive Guide when I found the the step-by-step manuals inadequate, and boy do I love that book. It took a couple of days to read and it was extremely informative and interesting. I ended up doing a complete overhaul on my site and things are a lot cleaner now.

Sorry, couldn't resist.

As an aside, Tim O'Reilly wrote a critical monograph about Frank Herbert and Dune in 1981 and has put it on the web here.

I wholeheartedly agree. Perl is easy to use (developed for programmers by programmers) and quite powerful. Go grab the Camel Book now!

Info here. It was going to be here in DC next week, and I imagine most of the attendees were flying into National Airport, which is closed indefinitely.

O'Reilly have just published an XSLT book. I've not read it yet, but will hopefully pick it up soon. It does include a chapter and an appendix on XPath.

I actually observed quite a huge performance loss when switching from Quake 3 Arena to Quake 3 Team Arena, I don't know yet if this is due to some changes in the AI engine or in the map engine (Q43TA maps are often much bigger) but still there are quite a lot of issue regarding the new game-related technologies: physical modelling, artificial intelligence, etc.

I doubt a GeForce25 could help improving this, except by lowering the CPU charge a little...

Now it would be also good to gain more power for productivity sake, the ones who read this book or this one or will understand me for sure.

I actually observed quite a huge performance loss when switching from Quake 3 Arena to Quake 3 Team Arena, I don't know yet if this is due to some changes in the AI engine or in the map engine (Q43TA maps are often much bigger) but still there are quite a lot of issue regarding the new game-related technologies: physical modelling, artificial intelligence, etc.

I doubt a GeForce25 could help improving this, except by lowering the CPU charge a little...

Now it would be also good to gain more power for productivity sake, the ones who read this book or this one or will understand me for sure.

As O'Reilly states, WinSock is more a specification, a set of APIs. Anyone could write an implementation. Several did. It just so happens that Peter Tattam wrote the best for Windows 3.1. Also he wrote a scriptable dialer which back in those days was what a lot of people needed to negotiate the hodgepodge of dial-in methods required by the much less consolidated ISP industry. And Tattam gave his package away as shareware so it could spread very fast.

It gets better though from the perspective of an argument against bundling. There were quite frequent warnings as you can see in the alt.winsock FAQ about having the "right" WINSOCK.DLL installed with all others removed. And with the change to Windows 95, I can remember the huge amount of hype over whether one should go "32-bit". Here's a sample from back then which includes advice to simply remove Trumpet Winsock under certain circumstances.

Unfortunately for the opponents of bundling, the problem with this otherwise perfect example is that it is inconceivable that a modern consumer OS would lack either a TCP/IP stack or a dialer. Trumpet Software had the clear market leader. Microsoft in Windows 95 bundled both its own TCP/IP stack and a dialer DUN. This bundling introduced potential incompatibilities that even led for some to advise uninstalling Trumpet's product. So should the government have had the right to force Microsoft to stop invading this software niche? Should it have mattered that Tattam wasn't the head of a much larger company such as Netscape? Should it have mattered that Tattam wasn't American?

By the way, Trumpet Software is currently developing a new 32 bit OS PETROS.

I often tell my students that Python and Perl are about equally capable, but philosophically incompatible: Perl is jam-packed with shortcuts, while Python has essentially none. That makes Python easier to learn, in general; Perl students have to learn many of its common defaults before they can follow along in someone else's program. But Perl is easier to use, even at the expense of being harder to learn. That's a good trade-off, since you learn it only once, then use it again and again.

At that point, a higher level graphics API will finally make good sense. There is debate over exactly what it is going to look like, but the model will be like C.

It seems odd to adopt C as a model for universality. I was working with a co-worker of mine who was having trouble compiling some good-old-fashioned ANSI-compliant C code on MSVC 6.0, because it isn't standards-compliant. While most architectures seem to be able to compile a dialect of C, I dunno if one can really say C is universal. While the rate of change for introduction of incompadabilities with C seems to be slowing, it acts very much like an organism continually mutating and diversifying itself.

An interpreted language like Python may be a better model, because it behaves transparently in spite of the underlying architecture. That and some folks are already using it as a high-level graphics language.

• The open-source approach is not a magic bullet for every type of software development project. Not only do the conditions have to be right for conducting such a project, but there is a tremendous amount of real work that has to go into launching a successful project that has a life of its own. In many ways you, as the advocate for a new project, have to act a little like Dr. Frankenstein, mixing chemicals here, applying voltage there, to bring your monster to life.

• The open-source approach is not a magic bullet for every type of software development project. Not only do the conditions have to be right for conducting such a project, but there is a tremendous amount of real work that has to go into launching a successful project that has a life of its own. In many ways you, as the advocate for a new project, have to act a little like Dr. Frankenstein, mixing chemicals here, applying voltage there, to bring your monster to life.

ahem... here, here, and here say different.
Or just look here.

Anything by O'Reilly is good, especially Running Linux and Linux in a nutshell. An excellent book aimed a competent users converting to unix is Jon Lassers' Think Unix.

Anything by O'Reilly is good, especially Running Linux and Linux in a nutshell. An excellent book aimed a competent users converting to unix is Jon Lassers' Think Unix.

Good places to start, get some general info about the OS and learn the shell.

Good places to start, get some general info about the OS and learn the shell.

http://www.oreilly.com/catalog/debian/chapter/inde x.html

ok, its a debian book (oooh, no debian is too hard...*shmach*); but its definately oriented towards newbies.
Plus its an O'Reilly and its free online - what more do u want?

Procmail is awesome for filtering spam.

O'Reilly's "Stopping Spam" features a Procmail recipe that institutes an "approved sender" list. In order to get through, a sender will need to send you just one email with your custom keyword on the subject line. Until that email is received, procmail replies to emails with instructions on becoming an "approved sender".

Spammers usually forge a return address, and also forge a different return address for each mass mailing. They never get your instructions, and their mail never gets through.

You can get it here. Also, you should check your full headers ('h' in pine) and see if your mail host is doing blacklist checking. You'll notice an X-Spam-Warning near the end of the headers if the email was delivered to your mail server from a machine known to not protect against spam. A procmail recipe to throw those out would be easy. Any takers?

Hmm. O'Reilly Press doesn't seem to have any issue with this.

He was an author on the third edition of Programming Perl and spoke at the Perl Conference a couple of weeks ago. Less visibility than normal, yes, but still around.

He was an author on the third edition of Programming Perl and spoke at the Perl Conference a couple of weeks ago. Less visibility than normal, yes, but still around.

User Friendly gets bashed for being too pro-geek (or whatever), which may or may not be a valid criticism.

Personally, I think that User Friendly rocks! AFAIK it is the only comic book that I know of published by O'Reilly

But Sluggy is just getting forgotten? What gives?

I have read Sluggy, and it is not very consistent. Sometimes it is hilarious, other times it was a total waste of bandwidth. But that's just my opinion.

When discussing E-Books, we should look at O'Reilly, and how they do E-Books. While true, it's just on a CD-ROM, it still very much applies. Yet O'Reilly doesnt encrypt it in any way. They make it very easy and portable to read the content, and they are successful. Then you look at why. They dont have to force stuff down our throat, or force us into submission, or tell us how we can read the book that we pay for. They just have good informative content, and give it at an acceptable price, and people respect them and buy the product. Now if all E-Books decided to work in this way, they would be much more successful.

NT's standard remote admin tools, like Event Viewer and Server Manager, require RPC using NetBIOS, which is difficult if not impossible to secure.

UNIX may have its problems, but secure remote administration using native tools is not one of them.

Helevius

It seems that everyone everyone wants to know HTML; let them learn it right with the following book: HTML: The Definitive Guide . I'm really surprosed I haven't seen this mentioned by anyone yet. This is one of the few books I've encountered that is fully understandable to a novice and is also very useful to the expert. Gives an historical background...; platform independent...; my hightest recommanation for the need. You'll need at least two!

this publisher who puts a different animal on the cover of each book. The name escapes me at the moment, but I'd try there genius.

As C++ has recently been standardized and is very widely used in application development a library should probably have some reference work for it. Personally I prefer the definitive guide: Bjarne Strousoup's "The C++ Programming Language". The Special Edition is even better since it has extra appendices and is a hardback, for only $10 more.

Since it's generally a very bad idea for a beginner to start with C++, you might want to get some beginner Java books instead. Java's a better beginner language because it doesn't have the C clutter of C++ and because you don't have to mess with pointers. Finally, Java's better than C++ for the beginner because it has a free, easy to use, compiler for all platforms (many beginners will /not/ be running Linux) and many beginners will appreciate the ability to use Java in their webpages (that's where many beginners get their start, in HTML).

Of course this is not to deprecate C at all (though I would still recommend Java over C for the beginner) it's just that K&R has already been mentioned, and what else do you need?

Then again, if you're worried about some fad like C or C++ getting outdated too quickly you might want to check this out.

The first inclination of /. readers will be to suggest manuals, or more generalized reference works such as are published by O'Reilly & Associates. This is an extremely bad idea. These works not only have a short shelf life, but are also of a nature which is not conducive to use in a library, in that people who refer to them will want to do so continually, and at a moments notice, rather than saying 'Gee. I have this problem with the syntax of this Perl function. Let me go to the library and check out the camel book', users will want to own such works durring the time in their lives when they are actively pursuing the subjects those works would relate to.

Instead, you should concentrate on aquiring for the library's collection, books which cover a broader scope of aspects of computer science and the history of computing. This would include such books as 'Alan Turing: The Enigma'.

--CTH

I'll probably get flamed for this, but I thought Learning Perl was the best intro to programming I've ever read. It gets your hands dirty immediately, programming from the very first chapter, and it's very accessible, especially for a non-techie like me.

Speaking of O'Reilly:

here is the website you'll want,

http://libraries.oreilly.com/

Unix Power Tools

Just a point to make about the O'reilly book that was mentioned to be out of print. It may be out of print but it isn't offline. And it's not PDF either :0

Personally, I'd think that learning a new OS would be worth the cost of a book (which I note is out of print - does that mean a new edition is on the way?), but if you're too cheap to buy a book, well, here's a pretty decent guide to getting started with GNU/Linux.

Actually, the link to the ORA debian gnu/linux book is one link away from the full text of that book, online & free, courtesy of O'Reilly.

--sean

Personally, I'd think that learning a new OS would be worth the cost of a book (which I note is out of print - does that mean a new edition is on the way?), but if you're too cheap to buy a book, well, here's a pretty decent guide to getting started with GNU/Linux.

Actually, the link to the ORA debian gnu/linux book is one link away from the full text of that book, online & free, courtesy of O'Reilly.

--sean

I don't think that the HOWTO pages are a good way to learn linux. I would recommend a 'learning' book from oreilly and/or web resources like rute. Both have been a big help to me.

Miguel Icaza have just post this at mono-list:

Hello guys!

I made a presetation at the O'Reilly Open Source conference on the Mono project, shortly after David Stutz talked about the Shared Source implementation of the ECMA C# and CLI that they will be releasing.

Interesting things from David's talk:

* The terms of that shared source license are still not ready, and will likely be different than those from Windows CE.

* They expect to have something by the middle of next year.

* He confirmed that it will just be the core of the system, and will contain a JIT.

He made my life easier by explaining to the audience what the CLI was, which was helpful as I did not have to go into too much detail on the remaining time.

We had a good talk about the CLI afterwards.

The slides for my talk are available on the Mono site (I believe I already sent a mail about this) but in case I didn't, just go to http://www.go-mono.com, and you will find the link to the talk slides.

There were some good questions, like how we will avoid patents if there are any on the ECMA specification. Our answer is that we will stick to use old technologies: things that have been documented or written about in the past in the various areas where the CLI and C# matter: intermediate languages, standards for type systems, traditional optimization, garbage collection in the ways that Java has done for multi-threaded operation, traditional compiler instruction selection.

For those cases where we incur in a speed penalty, we will research alternative ways to implement things to not infringe on their patents. This is particularly useful for those of you who are studying and need to write a thesis, as we have a research project you can work on.

I also got a chance to talk face to face to Sam, and we discussed a bit about possible ways of improving the runtime. One thing that came to mind is that it would be possible for someone to work on a number of projects: retargetting an existing Java compiler (I am familiar with Guavac, and seems good enough) to generate CIL instead of JVM byte codes.

I am now flying to Ottawa for the Linux Symposium. I will try to make releases of the runtime, the class libraries and the compiler on Sunday or Monday when I get back to Boston.

Best wishes,
Miguel.

useful links

• slide presentation
• mono home
• OSCON

• censorship-resistant publishing systems, why they are important
• Freenet, vs. Publius
• Gnutella, vs. Publius
• HTTP, Publius implemented over protocol
• Publius, documents, deleting/updating
• Publius, implemented over HTTP
• Publius, vs. Freenet
• Publius, vs. Gnutella
• Publius, why it is important
• Publius URL, tamper-check mechanism
• tamper-check mechanism (Publius URL)

There has been some recent public criticism of Gnutella because it might give child pornography a place to thrive. I am happy to report, however, that those who traffic in child porn will be no safer using Gnutella than they are anywhere else. That's because the users are not anonymous.

Gnutella requires IP addresses in order to make a connection between a site with a file and a site that wants a file. The host IP address is shown as part of the search results in Gnubile, and probably in other clones as well. Ergo, anyone offering files with names that identify the files as child porn is bound to attract the attention of the authorities

Check my (grendel drago, posting anonymously to sink to your modlevel) post above.

It's written in DocBook XML 2.1, and the source is available at

ftp://ftp.oreilly.com/pub/examples/linux/drivers2/ bookindex.xml

There was actually a link to it somewhere on the book's site.

-grendel drago

Well, egg on me.

They released the source, but I still say they should harness the power of the LDP and include a bunch of their books with every distribution. (The relevant ones, y'know. I suppose I'd be uninterested in this book if I hadn't installed the kernel sources, for instance...)

It's just rather frustrating to see all these fragmented documentation efforts. It can be so much more effective if we work together... [insert patriotic chord here]

-grendel drago

http://examples.oreilly.com/perlcdbs2/

Give a man a fish and he will eat for a day.

See my other post. In case you missed it, O'Reilly already has a service like this: Safari

--

If you don't want to carry a CD-ROM around with you back and forth to work, all of these books (except for Programming Perl?! What's the deal with that?) are also available at O'Reilly's Safari service. That way you can try these books out for a month (or as long as you want) and get as much out of them as you can/want.

I would highly recommend the "Perl Cookbook", as it gives very good examples on most things that you want to do with Perl. I find the camel books sort of annoying and not very useful, so I tend to stay away from them, but to each his own. I have heard that there are some problems with a few of the HTTP related examples, but I've never run into any...

One thing I'd love to see is a subscription based service to search and read the whole O'Reilly library online. That would make my life soo much easier...

One thing I'd love to see is a subscription based service to search and read the whole O'Reilly library online. That would make my life soo much easier...

I do own this set and I must say, it's nice to have but the best part was that it came with Perl In A Nutshell in paper format. I have just about worn out that book. As nice as it is having the text in a searchable format, it's refreshing to pick up a big book and thumb through the pages.

BTW: Has anyone checkout out Safari? It's an O'Reilly website that allows you to "subscribe" to a set of books each month and search them online. Now if I could only get my company to buy into this...

--

There are also bugs associated with straight DNS queries. Go, now, and shut down BIND.

You've never been responsible for administering a secure system have you? If you have, then you're miserable at it. Read some. I'd recommend "Firewalls & Internet Security" by Cheswick & Bellovin. Or "Building Internet Firewalls" by Chapman & Zwickey. Both of these books describe one of the primary security priniciples: "least privilege". In short it says, don't allow anything that you don't have to.

If you have to allow DNS queries, then you have to. But just because you have to allow those queries doesn't mean you should also allow zone xfer. It's quite simple arithmetic: the number of security holes in DNS queries is less than the number of security holes in DNS queries + the number of secrurity holes in DNS zone transfers.

This is like a store with a "closed, come back later" sign vs. a "open" sign. Are people made criminals for looking at a closed store in your world?

No, but when people come poking at my alarm system to see what happens, especially when they have no reason for doing it, I can't help but assume that they're trying to figure out my weaknesses for some other reason.

Your analogy is collosally bad. It assumes that you can look at my computer, without it impacting my computer. In the store analogy, you are of course correct, simply looking at the store to see if its closed is not criminal. But looking at my computer, requires that you actively use bandwidth that I PAID FOR, and make use of computing equipment that I PAID FOR. You are already impacting my expenses. You should have *no* expectation that I'm providing DNS zone transfers, therefore you should not go looking. You should also not probe my syslog ports, nor my printer ports, nor my RPC ports.

Looking to see if the store is closed is one thing. Peeking through the window to see where the safe is kept is another thing altogther.

The average Internet user has no idea that you are offended when they connect to port 31337 because they were trying to get to some high-port FTP site, but they can infer from the connection refusal that there is nothing there for them.

You are an id10t. 31337 is the TCP connect port for BackOriface. 27374 is the TCP connect port for SubSeven. These are remote controllable trojan horses that have been widely spread through email virii. Anyone connecting on those ports, should by default be seen as hostile.

If security for you includes worrying about incoming TCP SYN packets, fine. But don't make trouble for users because they had the nerve to use the Internet as it was intended, because I'm sure you use the Internet too.

The original intention of the Internet also included the idea that no for profit organizations should be on the internet. The original intention of the internet included bugs. So, according to you, we should simply drop all prudence because someone 30 years ago couldn't forsee everything that would be happening today?

No. I think the deal here is that you want to continue running your port scans and justify it under the heading of "well it's just the way the Internet is sposed to work". Maybe. But do that to my machines and I will make trouble for you. Don't like it? I don't care.
--

Why I'm looking for more info as I though that the openssh project was closely tied to openbsd. If I'm mistaken it still makes no sense. The openbsd project has been around much longer than that of openssh.

Anyone have more knowledge of this or some links? Thanks.