Slashdot Mirror

SUN created cutting edge hardware. Invented new technologies. Actually added value to society, the economy and science.

Sun ripped off open source software and made it proprietary. They lied about making Java an open standard. They threatened open source.

I can't think of a single good technology that originated at Sun. Neither can Scott McNealy apparently when you look at his ridiculous list:

http://www.zdnet.com/blog/btl/...

Facebook may be a vapid pusher of advertising, but at least they haven't produced crap like NFS or Java.

They have, were caught, and sued for doing it. I'm sure that other companies thought of doing it, but realize that it's not in their best interests. Unless of course they wanted to go out of business.

I'm pretty sure another company did the same thing a few months back with a "free" download version. It was done with disclosure, so did not result in a lawsuit. I can't find that article however.

VP8 is a royalty-free video codec whose rate/distortion performance is in the same league as the royalty-bearing MPEG-4 AVC.

VP8 is not in the same league as AVC. Technologically it is largely a subset of AVC with quality somewhere between ASP and AVC. It is royalty-free now, but it wasn't always. When Google announced VP8 as a grand royalty-free codec, it was actually very obviously encumbered by patents that Google had no rights to and unfortunately thus offered literally no benefits.

It was only a year ago that Google and MPEG LA settled the issue, with Google getting a full license to those patents and the ability to sub-license to anyone they want.

What you have is Google very targetedly marketing VP8 to web devs as a Free/Open/Next-Gen to have them jump on a bandwagon to "splinter the internet". It was only thanks to Google's mammoth weight being able to negotiate with MPEG LA that all the traction it gained wasn't for naught.

I love how you pretend that China is the only place where Windows is pirated

Umm...no, OP did not imply that at all.

OP implied that all Windows in China is pirated.* This is not the same as implying that all Windows pirates are Chinese. Logic does not work that way.

(* Of course, not all Windows in China is pirated, but it's close enough that the joke stands.)

Here is the story. Sony puts malware on CDs, how can anyone trust them to tell the truth? They will just put their spin on it and make a hero out to be a traiter. http://www.zdnet.com/blog/btl/...

http://www.zdnet.com/the-poste...

So yes, I think their safeguards and failsafes extend beyond Windows Update and Norton. Open sourcing their code reduces the black-box vulnerabilities well beyond that level to begin with.

If all you want to do is use Java, or implement a compatible version, the license is good and you will have no problem.

This is completely false. Oracle changed the rules around for what it means to be "compatible" so that only projects that Oracle likes will be deemed compatible. Apache is being forced into a Java Fork:

The problem's core is that first Sun, and now Oracle, won't give Apache a chance to certify Apache's Project Harmony as being Java Platform, Standard Edition (Java SE) compliant.

Apache: I know my rights. I want my compatibility certification!

Oracle: How can you get a certification if you can't take the test?

Of course stop using any part of Java that Oracle is claiming a copyright on. Heck I thought it was 9 lines of code, now it might be 37 APIs, come on now...enough already.

If this really pisses you off, especially if you are in a decision making position for IT in your company, seriously look at mariaDB and if possible switch out Oracle's SQL database for mariaDB. If you are considering Atlassian (JIRA, Confluence, Fisheye, Crucible, Bamboo) than use MariaDB instead. The first thing they did when they wrote MariaDB is get rid of all the things wrong with MySQL.

Many Linux distros have finally begun moving away from MySQL and to MariaDB for LAMP. Redhat recently started shipping their Enterprise version with MariaDB over MySQL

If you are the CEO of a company, did your VP of IT even consider the savings to the company that maridb would mean vs Oracle's SQL database solution? If not, perhaps its time to find a VP of IT that will put your company first.

Do you buy stock in companies? Do they use SQL databases? Do they use Oracle? Perhaps its not the best solution. Any company that does not control its cost effectively will take a hit one day, not a matter of if, only when.

Java is a PITA for overhead anyway, ask yourself, can I accomplish my goal without Java when developing applications...you might be surprised at how much faster and customer responsive your app is if you can 86 Java.

If its the entire API and not just 9 lines of code, everyone needs to re-evaluate their use of Java in development and especially in Cloud applications. No more Service As A Dis-service (SAAD vs SAAS)!

If you are reading this, you are a developer, time to think outside the Java / Oracle box!

They're supporting an OS people use, and not one that people don't even like.

http://www.zdnet.com/just-how-...

Gah, and now /. ate my link! Government coverup! OK, that one might have been operator error.

http://www.zdnet.com/chip-and-...

If Android tablet sales are so far ahead, why are Android tablet use figures so far behind?

You shouldn't blindly rely on statistics just because they are on the internet, these guys have a pretty spotty record and they provide no methodology nor do they seem to be very consistent or believable in terms of their statistics:

For example, last May Chitika breathlessly reported that OS X usage was up 2.58% month over month (from 11.44% to 14.02%), while Windows usage was down 2.99%. There was no reason for the dramatic shift; it just happened. But one month later Windows usage increased dramatically while Mac usage was down significantly. Meanwhile, in the month of July, Chitika reported that half of all Linux users abruptly stopped using their preferred operating system, with Linux share dropping from 2.05% to 1.12%.
http://www.zdnet.com/why-you-should-be-skeptical-of-chitikas-market-share-reports-7000009363/

It's all well and good to post a link to a pretty picture that supports your argument but there needs to be something to back that up.

If Android tablet sales are so far ahead, why are Android tablet use figures so far behind?

You shouldn't blindly rely on statistics just because they are on the internet, these guys have a pretty spotty record and they provide no methodology nor do they seem to be very consistent or believable in terms of their statistics:

For example, last May Chitika breathlessly reported that OS X usage was up 2.58% month over month (from 11.44% to 14.02%), while Windows usage was down 2.99%. There was no reason for the dramatic shift; it just happened. But one month later Windows usage increased dramatically while Mac usage was down significantly. Meanwhile, in the month of July, Chitika reported that half of all Linux users abruptly stopped using their preferred operating system, with Linux share dropping from 2.05% to 1.12%.
http://www.zdnet.com/why-you-should-be-skeptical-of-chitikas-market-share-reports-7000009363/

It's all well and good to post a link to a pretty picture that supports your argument but there needs to be something to back that up.

With Ara, a dead battery in the middle of a day trip doesn’t set off a frantic search for someone with a charger. Instead, you pop in a spare.

Revolutionary.

French Revolutionary
Industrial Revolutionary
Sliced Bread Revolutionary
Apple Revolutionary
Swappable Batteries

It is not related to Heartbleed.

I'm not sure where all the frenetic press came from. Surely there have been other vulns that are more severe? Like maybe one of these?

Ha ha ha ; Royal Bank of Scotland let's cut costs by outsourcing.

CAPTCHA: didactic; who says the NSA isn't interfering with our Slashdot experience ;-)

I'm assuming you're too lazy to google

http://www.pcmag.com/article2/...
http://usabilitygeek.com/windo...
http://www.techspot.com/review...
http://www.zdnet.com/windows-8...

If you're lazy, you can just read the conclusions. It's not necessarily enough to make me upgrade to 8 (already have 8 on one laptop and 7 on some other devices), but it measurably better in a few areas.

"Intractable" is a word. Two or three successful forks (depending on how you count Unity) and the main employer of most GNOME developers ships their pay OS with classic mode enabled over shell. GNOME limits options (settings kill kittens) to make life easier. Except we have gone from two dominant desktops w/ Gnome 2 and KDE 3, to one dominant desktop with the move to KDE 4 ,to no dominant desktop with GNOME 3. Now to use Linux I have to consider: Unity, Cinnamon, MATE, XFCE, LXDE and E. Two more if you are new to Linux and haven't experienced GNOME and KDE. How many GNOME devs have linked to the tired saw about how "Linux isn't about choice." Apparently it is all about choice now, starting with your DE.

It is all academic at this point. GNOME could make a 180 reversal but I don't see users coming back. I haven't tried KDE since 4.4 or so; at some point you just permanently lose most of your former users. You could make life easier for your users who do muddle though with extension by adding a couple of dozen options, and it isn't hard to see what those options would be. But even if I could convince you, Day, McCann, Bassi, etc. would never go for it.

It really is an epic fail. GNOME is suppose to be for inexperienced users but ZDNET today suggests migrating from XP to Cinnamon. http://www.zdnet.com/why-linux... At one point I helped an uncle install KDE 3 on his computer. Now no one in the family runs Linux. Linux wasn't even a fleeting thought a couple of years ago when my grandmothers computer died. Windows 8 was out and we paid extra to put her on Windows 7. Maybe MATE or XFCE could fill the gap, but GNOME would be out of the question for her. I doubt she is alone, is your family running GNOME?

I guess I just don't get the mentality. I loved KDE 3 because it was easy to customize and had great choices. Kasbar was the killer app (especially combined with configuring panel behavior). I could control the behavior of windows with a quick right click on the appropriate task. I dislike KDE because of the lack of choice. I can't easily remove what I don't want, I don't have the options I do want. When GNOME devs hold up KDE as too customizable I am staggered because in the ways I care about, it isn't customizable enough.

Yes. Drop POTS. Drop it and make it Public Domain. See what happens when you give us a little infra to build on.

The meth-heads already started the POTS == public domain movement years ago. I think that is a glimpse of what a true public domain POTS future would look like.

Microsoft's servers have to still answer to requests from XP machines; if they don't, the software is unusable.

Only during install/after hardware replacement.

And not to worry, but Micky$oft is too scared to pull the trigger on that one.

Doesn't seem that way:

Make no mistake about it: These three apps are feature-rich, powerful tools for creating and editing Office documents. They look and act like their Office 2013 counterparts on Windows. And although these iPad apps obviously can't replicate every feature of the full desktop programs, they deliver an impressive subset of those features. Anyone who was expecting Office Lite or a rehash of the underwhelming Office for iPhone will be pleasantly surprised.

(Thanks to DaringFireball for the link and summary).

I will download them for sure, but it really puts me off having to use a subscription to use them for editing.

http://www.zdnet.com/robbing-atms-by-sms-not-in-the-real-world-7000027689/

That there is a light showing when recording is fairly obviously a light for others to see

By the way it is not a light but a display of activity in the viewing prism. Such activity could be sluffed off as a text message. How is an observer to know if they are telling the truth. They also say that the light can be turned off by the recording app. If the light is not hard wired it is of no use.

why would there be a distracting light for the glass user only anyway?

Because Glass users have the capability of recording picture, video and/or sound any time Glass is on.

Also I don't see why it should be anyones business to know if the person wearing glass is currently using it or not

Because it could be used at any time to take a picture or record sound which would be unacceptable to me if I was near them.

separate light for recording,

This could be done easily with an led that is green when on and red when recording.

You don't seem to understand that many people do not want to be surreptitious photographed or recorded. Google Glass just makes it too easy and that makes people uneasy. There is a huge difference between taking out a camera or phone and recording and saying a couple of words to Glass. Do you think it insane that people do not want their lives recorded? Get enough Glasses out there and that is what you get.

the consideration of adding or changing the light to indicating the device is on becomes hugely an ethical question, not just commercial.

I agree. The ethical question is the balance between the freedom of Glass wearers to do what they want and the privacy of the people around the Glass wearers. As of now there is no guarantee that a Glass wearer is not recording. I see that as a problem.

Remind me again how did Linux come into existance?

Came into existence? Sure there's the romanticized thought of Linus single handedly pounding away code at home. However there's a lot of paid Linux development going on. Here's a random cite:
http://www.zdnet.com/blog/open...

1. No company affiliation:17.9% 2. Red Hat: 11.9% 3. Novell/SUSE: 6.4% 4. Intel: 6.2% 5. IBM: 6.1% 6. Unknown: 5.1% 7. Consultant: 3.0% 8. Oracle: 2.1% 9. Academia: 1.3% 10. Nokia: 1.2%

While The top ten contributors, including the groups "unknown" and "none" make up over 60% of the total contributions to the kernel, the Foundation points out that even if you assume that "all of the 'unknown' contributors were working on their own time, over 75% of all kernel development is demonstrably done by developers who are being paid for their work."

More like the NSA did not want kit on the open market that was not as easy as US and EU products for next gen DISCOROUTE, QUANTUM like options.
"NSA targets sysadmin personal accounts to exploit networks" (March 21, 2014)
http://www.zdnet.com/nsa-targe...
i.e. a long list of ways in shared with 5+ other nations, their contractors, ex staff, former staff.
Anyone able to afford contractors, ex staff, former staff for the methods gets in too :)
Thats the problem with weak global security in any networking product - too many people know too much via gov and contracting work over the installed lifetime of any telco product.

XP Embedded goes EOL in early 2016

Most ATMs don't run XP Embedded (which seems counter-intuitive) - they actually run a heavily-customized version of XP Pro.

http://www.zdnet.com/windows-x...

Oh the irony

History, not irony.

Microsoft took over OASIS in 2006 as part of their campaign to scuttle open document formats. They're still running the show there.

http://www.zdnet.com/microsoft...

Yes, a paltry 5% of the one billion cell phones sold in 2013.

5% of 1B...let's see...carry the knot...I make it a truly pathetic 50,000,000 units sold. Insignificant indeed. Especially when you compare it to the gargantuan sales of personal computers in 2013 (82M units). No comparison at all.

My last three laptops cost about $300 each. Last cell phone (Nexus 5) cost $400. No comparison there either.

2.7 million.

70 TB tape backup; http://www.zdnet.com/blog/stor...

I knew there were people to come to complain that Linux/Android was insecure

It is insecure and there is a huge list of vulnerabilities.
Drive-by malware
EZ2Use exploit of another drive-by vulnerability
Here is a list of 30 other serious vulnerabilities many of which do not require authentication and provide remote access.

And that is before you even take a look at all the trojan malware out there that breaks from the application sandbox to take control of the system.

So instead of just pretending it is secure and sticking your head ignorantly in the sand why don't you wake up and actually take notice. Stop being a denier just because you love the platform, it's just a computing platform you don't have to defend it like it's a person.

Market share? Linux enjoys half the market share of Microsoft Vista...

Half of *what* ?
Which *market* are you talking about ?

If you define the market as in "we will only consider high-end gaming machines", yes indeed, that is almost twice the numbers of gaming machines reported by steam (Linux is in the 1-point-something range).

If you define the market as in "the fraction among all operating system, no matter what" you'll see an overwhelming amount of opensource Unixes (Linux or *BSD).

In the average household, you'll probably see 2 or 3 machines running Windows (laptop and workstation), but next to them, there will be a plethora of hardware running an opensource OS:
- including things like modem / wireless router
- non-Apple smartphones
- playstation 4 (some *BSD derivative)
- SOHO NAS server, home media player, etc.

Linux will also very likely be the OS running on the web server hosting the pages you're browsing.

Linux will also be found in your University's cluster.

etc.

SSL/TLS communications are just as secure as they always were.

No, it is not.

CA model is much more important than the public CA "trust". There is nothing stopping an application designer from using private CAs for their application. This bug breaks the trust to any CAs, including the private ones.

Let's think about it (as a thought experiment) what is required for this to be an effective attack.

SSL spoofing is already a common attack. Not just France and the NSA but also regular old password-sniffers. This vulnerability falls under the same class of attack as SSL spoofing; a trusted certificate is secretly replaced by an untrusted certificate.

There were some common examples right after unicode was allowed in domain names and people came up with similar-looking links for major companies with unicode symbols that look identical to the ascii glyphs. That will be one comparison. The other comparison will be for a government-style ssl spoof attack.

First, the attacker must redirect you from the legitimate site to their illegitimate site. This is equally difficult with or without the TLS attack. The government-style attack could intercept the traffic over the wire and redirect you to the bad MitM manually. The fake link version could use bad links in phishing emails or spamming the internet with the fake link to the MitM server. Other options include host entries and software secretly installed on the machine. In any event, the bug does not affect this most difficult step.

Second, they need to appear as a valid connection. For the TLS bug, the attacker must create a false certificate that will test as valid. With the bug being known, that is pretty easy. Then they must use this when the certificate is requested during TLS handshaking. Now contrast this with a traditional attacker who must get their certificate signed by a CA for the fake domain; this is also fairly easy to do in practice. Many fake-name certs have been issued over the years and successfully used in news-reported attacks. Sometimes certificates have been forged in other ways, such as the Flame virus. Similarly the spy agencies have no difficulty getting their fake certificates signed by a CA.

Finally, the attacker needs to make a connection with the legitimate host. This is the same in all conditions, and has been successfully been used in SSL spoof attacks for years. When there is secondary authentication required the MitM just requests the data from the client. Complex attacks can sometimes permit a second connection directly to the victim where two-factor authentication across servers is required in such a way that the authentication passes. Nothing new here.

So really, the only thing the bug makes easier is the task of getting a fake certificate. Since this was arguably the EASIEST step in SSL Spoofing to begin with, and because SSL Spoofing is long-established as an easy attack that is difficult for lay people to detect, it means the attack really is a relatively small issue.

Gartner has a terrible track record. If you see any article citing Gartner statistics or predictions, you are best served by ignoring and moving along.

http://www.zdnet.com/why-does-...
http://seekingalpha.com/instab...

IBMer here posting as AC, yeah I know but. (I do have 5 digit Slashdot ID.)

So I didn't get RA'd today but would eventually if I stayed, which I will not.

The real issue here is the boneheaded "Road to 2015" where Ginny Rometti and her predecessor Sam Palmisano pulled one of the most Kafkaesque things I've ever seen at IBM. To net it out, they promised Wall Street that they would reach $20 EPS by 2015, through a combination of profits and stock buybacks. They also promised $20B in revenue growth. That drove the share price immediately from ~$120 to >$200, although it's down to $180 now. But needless to say, all the execs with compensation tied to share price were sweetly remunerated for this. In a true irony, the decision to do this in the first place was because they had successfully done it with a prior $10/EPS goal a few years before, mostly via cost reductions, not value delivery.... so essentially they were doubling down on behavior that was arguably stupid the first time.

Now it's 2014 and revenue has actually been flat or DOWN since that Road to 2015 proclamation. What does IBM do? Do they say, "Well, we didn't make the revenue number so we can't achieve the EPS target"? Hell no -- they reaffirm the EPS target as though the revenue doesn't matter. So to get there, the whole organization is now run like a hedge fund, comparing numbers on a spreadsheet to define strategy. Naturally that dictates a decision to raise all your prices and slash your expenses. And that means screwing over the customers AND the employees, including the good ones -- which are still the vast majority. Wages are flat, annual bonuses have gone from 15% to 8% to nothing this year. Expense reimbursements (phone, home office, Internet) have been discontinued, and they even changed 401k matching from per-paycheck to year-end, so they get to play with the money all year, and deny it to anyone not actively employed on December 15. (Of course this makes layoffs all the more attractive.)

The result is the quality of stuff from IBM has gone to complete shit. I am not exaggerating. There simply aren't enough qualified people to deliver on the brand promise that created the "You'll never get fired for buying IBM" mantra. Honestly our technical debt in every important area scares the hell out of me, and customers are catching on. Every decision is based on, "Is there a contract that needs this?" rather than, "Is this the right way to develop product/services?"

Look, I'm no armchair quarterback and I don't expect any organization to be perfect. Criticizing execs is the classic lazy crutch of the worker. But this is simply the complete raping of an historic American company. We stood for something. Yes the international part was central to it, and we embraced it -- I've been to every part of the planet and met people so talented it is humbling. But now it's just geo-arbitrage and, as some have mentioned, not the top quality talent pursuit that used to be our hallmark. Make it cheap, do just enough to barely keep the customers from fleeing, and dammit MAKE THAT $20 EPS NUMBER IN 2015.

IBM has too much clout and too many government contracts to crater completely... but the crisis is coming and it's not going to be pretty. Ginny and her clique are going to oversee the hollowing out of IBM, and that's not good for anyone, even them. They'll get rich and move on like Palmisano did, but their legacy will be the destruction of IBM.

They spend all their time and money on ways to keep people locked into their products.

How are you 'locked in'? That's just an excuse not to change. I use Windows, OSX and Linux and don't find myself 'locked in' to Windows at all. I also use MS Office and Google Docs and don't find myself 'locked in' to MS Office.

If that weren't the case Microsoft Office would support ODF.

It does, and ODF has been supported in it through 3rd party plugins for years.

The Linux distros continue to make significant headway, by any measure you care to apply, except dollar measures. So long as they stay healthy, which looks like a very long time, there will be no duopoly.

Market share? Linux enjoys half the market share of Microsoft Vista...

Linux has a lot more of the market than that, of course. It like it, it just doesn't really enjoy it.

The Linux distros continue to make significant headway, by any measure you care to apply, except dollar measures. So long as they stay healthy, which looks like a very long time, there will be no duopoly.

Market share? Linux enjoys half the market share of Microsoft Vista...

The Linux distros continue to make significant headway, by any measure you care to apply, except dollar measures. So long as they stay healthy, which looks like a very long time, there will be no duopoly.

Market share? Linux enjoys half the market share of Microsoft Vista...

http://www.guillermito2.net/ar...

http://www.zdnet.com/harvard-u...

Backdoors in this case of the edge network for this administrator are well know.

http://gigaom.com/2013/12/29/n...

Governments don't like the internet. They want it changed.

http://www.zdnet.com/surprise-...

So far one man, worth millions, with a great future ahead of him "decided to hang himself" over that same legislation.

http://www.globalresearch.ca/i...

People are seeing the connections through whistle blowers and alternative media.

http://www.infowars.com/hillar...
http://www.theguardian.com/wor...

French Invade Mali after Fed refusal of Gold...

I am sure it is JUST a cooincidence Gold is the only major export of MALI:

http://www.silverdoctors.com/j...

Troll.

So be it.

Sounds great! Who do you recommend. Maybe Amazon or perhaps Softlayer/The Planet?

'IE is the most prevalent browser on the systems that attackers want to compromise' IE on Windows is the easiest system for attackers to compromise ..

For a number of years Safari on OSX has been the easiest system for hackers to compromise in Pwn2Own.

http://www.zdnet.com/blog/secu...
http://arstechnica.com/apple/2...

Conspiracy theories about how Apple "leaks" things again? Do you not know of the Apple product cycle. Especially given Jobs' devotion to secrecy?

Linus is currently using Gnome 3 again.

US software 'blew up Russian gas pipeline' in 1982 is I believe the first instance of what can be considered cyber war (or sabotage).

But Android is not meant for the desktop

Android heads to desktops
http://www.pcworld.com/article...

Could an Android desktop replace your Windows PC?
http://www.zdnet.com/could-an-...

Android vs Windows: Now the battle for the desktop really begins
http://www.zdnet.com/android-v...

Android PCs and other Windows-alternative desktops are for real
http://www.zdnet.com/android-p...

Android desktops arrive as Lenovo eyes your living room
http://www.zdnet.com/android-d...

And, coincidentally...

https://play.google.com/store/...

But Android is not meant for the desktop

Android heads to desktops
http://www.pcworld.com/article...

Could an Android desktop replace your Windows PC?
http://www.zdnet.com/could-an-...

Android vs Windows: Now the battle for the desktop really begins
http://www.zdnet.com/android-v...

Android PCs and other Windows-alternative desktops are for real
http://www.zdnet.com/android-p...

Android desktops arrive as Lenovo eyes your living room
http://www.zdnet.com/android-d...

And, coincidentally...

https://play.google.com/store/...

But Android is not meant for the desktop

Android heads to desktops
http://www.pcworld.com/article...

Could an Android desktop replace your Windows PC?
http://www.zdnet.com/could-an-...

Android vs Windows: Now the battle for the desktop really begins
http://www.zdnet.com/android-v...

Android PCs and other Windows-alternative desktops are for real
http://www.zdnet.com/android-p...

Android desktops arrive as Lenovo eyes your living room
http://www.zdnet.com/android-d...

And, coincidentally...

https://play.google.com/store/...

But Android is not meant for the desktop

Android heads to desktops
http://www.pcworld.com/article...

Could an Android desktop replace your Windows PC?
http://www.zdnet.com/could-an-...

Android vs Windows: Now the battle for the desktop really begins
http://www.zdnet.com/android-v...

Android PCs and other Windows-alternative desktops are for real
http://www.zdnet.com/android-p...

Android desktops arrive as Lenovo eyes your living room
http://www.zdnet.com/android-d...

And, coincidentally...

https://play.google.com/store/...