And, it's only free on UNIX, if you're free on UNIX. That is the QPL only allows you to use Qt in free software without paying the license of $1,000+ US. If you want to write, closed source, commercial software, then you gots to pony up the bucks. Your project might not even have to be closed source, either, for you to pay the license fee. It may just have to be "commercial," a word I take to mean "for money."
My mother thought she was giving me a unique name when she named me Jason, in 1970. She swears that she didn't know anyone named Jason back then.
I've done an Internet search and found references to fifteen other people with the same first and last name as myself in the United States. One of them lives in the same town I do. I recently (last year) got a call from his employer, the local fire department. There was also a little mix up back in the lates 80s with medical records involving the two of us, though he may or may not know about it.
If you think about it, with all these folks being named Shamiqua and what have you, those names won't be so unique in a few years and they'll be in the same boat that I'm in with Jason.
All the more reason to just have a 128-bit integer tattooed to our foreheads. (No, I'm not serious.)
There has been discussion lately on the KDE developer mailing lists about how to avoid script-based worms, trojan horses, and viruses. Thankfully, you already have the Unix security model to protect you, so don't run things as root.
Among the options proposed include a sandbox for running scripts to see what they do, before running them for real, and not allowing certain operations from untrusted scripts.
Really, though, the scripting in KDE does not raise any additional security issues than just running scripts/binaries that were sent to you in email or that you downloaded off the net.
It has also been unofficially decided that the default for automatically running scripts/macros will be set to "off" so the user will have to set it to on for scripts to run automatically.
Anyone else who has been reading the mailing lists care to comment?
You compile it. You run it. If it works, great. If not, you find the bugs and fix them. It's just like testing any other other software project.
When Bob submits a fix for BeOs, Carol submits a fix for AIX, Ted submits a fix for VxWorks, and Alice submits one for the Mac, well, how do you test it all prior to release?
This question is redundant. The answer is the same as the above.
Can you trust your alpha and beta testers to find enough bugs to release?
Your question sounds like you're saying you want to release bugs, but I think I know what you mean. The answer is, "you can't." You don't worry about it, because you're Open Source. You just assume that someone, somewhere is going to catch a bug, fix it, and then be benevolent enough to share that fix with you and the rest of that software's users.
And what can you do when your outside community of testers is still small and you know they really aren't sufficient for the job?
Nothing, really.
Must your company get testers for all of these platforms?
No. That's the point of Open Source. You save money 'cause you don't have to test on all those platforms yourself. If companies had testers for all those platforms, don't you think they'd still be writing code for all those platforms. I mean, you'd still see commercial products that have versions for MacOS, Windows, Amiga, AIX, BeOS, and so on all the way down the line. Corps don't do this because it is too expensive.
When you free the code, you let others write and test the Amiga version and they become (more or less) responsible for the Amiga version. Open Source really allows a product to proliferate onto multiple platforms more than anything else will. As evidence of this assertion, I give you NetBSD, which runs on more hardware platforms than any other. Though, IINM, Linux is quickly catching up.
When Paul submits a new feature for the Amiga, does that mean someone needs to provide code for Linux before you can release?
Not unless you absolutely insist on having the Linux version match the Amiga version feature for feature. This is more a management issue than anything else. You shouldn't have rogue developers adding new features that are platform specific without having those features first discussed on the mailing list. Off hand, I can't think of anything that would be platform specific enough to warrant inclusion in the Amiga code and not the Linux code. If Paul has written a new feature for the app and done it in a way that only works on the Amiga, then Paul should be asked to reimplement it in a way that works on all the supported platforms. If he can't, then perhaps that functionality doesn't go in, or someone else gets to implement in a platform-independent way. I would not ever allow something like that to hold up a release. You can always exclude that feature from the release, or just choose not to document it.
<flamebait>Anyway, I wouldn't be worried about features on the Amiga, myself. If igure anyone who still uses the Amiga would be eccentric enough not to notice that their version has additional features. If they did, then yippee for them. They have cool features no one else does.</flamebait>
According to previous reports, the trojan was posted in an adult chat room. You had to download it from a web site. It was called something like MySissy.mpg.exe. It is an executable file.
If, like most Windoze users, you don't change the default settings on your file viewer and you open most files by double clicking on document files, then once you had downloaded this file it would appear to be an ordinary file with the name MySissy. When you double-clicked on it, it would executre. I've not actually seen it in operation, but if the hackers were smart, they would have made it look like an MPG movie viewer and actually had it play a few minutes of a porn flick while it also did its dirty work.
Who wants a fscking phone in their head? I don't even answer the phones I have now unless someone tells me they're going to call at a certain time. If a call is unexpected, I let the voice mail get it. I hate telephone calls. They are annoying intruders into an already chaotic life. You want to communicate with me, try email.
I don't think that I'd want to have my body "enhanced," though I am not opposed to getting cybernetic replacements for failing, damaged or destroyed body parts. Frankly, I'd prefer having organic replacements grown (cloned?) from my own cells. There have been some interesting strides made in that area recently. (Sorry, no references handy.):-(
I must say, my partnership moved to Linux last week
Moving to Linux isn't the sort of thing that you do in a week. Also, you work at a law firm, right? You aren't supposed to "get it." You're lawyers, and you're actually paid not to "get it.":-) The less you understand of the technological details, the better for your clients. They pay you to understand the law, not technology.
Seriously, though the phrase is "There's no Security through Obscurity." It is generally thought in the Free Software community that having the source code open and available exposes the security holes to the prying eyes of many more developers, and therefore reduces the risk that such things will continue undetected for long. This one took longer to catch than some of the others. It's also more subtle and harder to exploit, as has been pointed out by others. Which is the opposite of what you're saying is the commonly held belief.
BTW, "the BSD thing" is ready for release. Has been since at least 1978. In many ways the BSD kernels are superior to the Linux kernel. In some other ways Linux has BSD beat.
You're a lawyer, so I expect you to see a lawsuit in every utterance. I wonder, though, if you're not just trolling here.
Patents are *so* old economy! Who cares! In the time it takes to get a patent on something related to the Internet, it becomes irrelevant. If it is still relevant, then chances are damn good that the patent is invalid, or the patented "technology" is already in such widespread use that the patent is practically unenforceable. What is C|Net going to do? Sue every single web site that has banner ads?
Ok, thanks for correcting my analogy. I had a suspicion that I migh have had it backwards.
You said, "If they are wet and grounded."
Yeah, if you're grounded you're in deep trouble. A guy I used to work with has this bumper sticker: "Electricians' kids are never grounded." Yeah, I did electrical work to pay my way through college. I don't have a degree in physics but I know enough about electricity to be safe.
As for the wet part, isn't it the salt(s) in water that conducts electricity? I recall doing some labs in high school physics class that showed that distilled water makes a lousy conductor. Of course, water loves to dissolve salts, so your distilled water quickly becomes "contaminated" and a good conductor if you do something silly, like stick your hand in it. Again, correct me if I'm wrong.
Remember, it's not the volts, nor the amps that kill you. It's the two together. It's basically the wattage, or the amount or work (ie heat) done by the current. You can survive quite a lot of volts if the amperage is extremely low, just as a relatively small number of volts would kill if the amperage is really high. Compare it to water, and think of volts as volume and amps as velocity. That's generally how I visualize it.
Other than clearing up something that might be a bit confusing, I agree with pretty much everything the previous poster said.
According to the Sealand Government web site, Havenco "will now take over operations of the government of Sealand." As I understand the other text on the same page, it is generally believed that the government of the UK would not interfere in any acts of piracy, terrorism, or assault on your "territory." Since you are now within the limits of the territorial waters claimed by the UK, you probably won't have to worry about a full-out assault from a sovereign nation, but another attack like that of 1978 could happen again. Of course, there is nothing but a few court rulings to protect you from Her Majesty's Armed Forces.
Given the precarious nature of the "sovereignty" of Sealand, will you be seeking international recognition and treaties to guarantee your physical security from such attacks? Will you be joining any of the international protocols for cooperation in law enforcement or other areas? I would think that joining these would go a long way to cementing your viability.
Thanks for sharing that croaker. I'm not doing exactly what you say, but I am checking for empty or missing From: and To: headers. I'll have to set up my filters the way you describe when I get home.
Rather than just trashing the spam, I think I'll save it to a special mailbox. At some point in the future, I think I'd like to come up with some effective (and intelligent) spam blocking software.
Well, yes it is, but you still bear some of the responsibility in an existential manner if you choose to leave your house unlocked. Given the conditions under which we live, only a fool would deliberately leave their house unlocked. For the ignorant, this would hopefully be a "learning experience" and they would then know not to do this in the future.
Leaving the house unlocked does not excuse the behavior of the person who has broken the law by entering/trespassing. It does, however, lessen the amount of responsibility shown by the homeowner and, in fact, increases their existential responsibility in the outcome of someone breaking and entering.
I suggest reading some Sartre and Camus if you want to know where I am coming from.
I'm not arguing "blame the victim". That is so often used to excuse the perpetrator of evil. It is disingenuous to say your woman walking, while intoxicated, down a dark alley in a high crime area [I added the high crime area], is asking to get raped.
People make choices and they are responsible for the outcomes of those choices. The woman in our example is responsible for choosing to get drunk, for choosing to walk alone, and perhaps unarmed, down that alley at that hour of the night. She is existentially responsible if she is assaulted, just as I would be existentially responsible if I were assaulted under the same conditions.
The folks at Market Vision *chose* not to properly secure their email server, whether they made the choice from ignorance or with full knowledge of the consequences, they still made that choice. They therefore bear some responsibility for what happened.
A quote from a RUSH song would be appropriate here: "If you choose not to decide, you still have made a choice."
PAY ATTENTION! I AM NOT talking about LEGAL responsibility. I AM talking about MORAL and EXISTENTIAL responsibility. Legally, they can sue the guy, but ethically they are still at fault and are not deserving of a dime. Anyway, I don't see how it could cost $18,000 for a mail server to be down for a few hours, unless they lost an $18,000 contract that hinged on one lost email, highly unlikely.
Lately, I've been getting SPAM that starts out by telling me that I had a great chat/conversation with the person sending me the Spam, a person I've never chatted with online or in person for that matter.
There's another class of spam, that isn't really spam, but that's those damned annoying messages that people I know keep sending me with subjects of Read this--Funny or some such. I don't have time to wade through that crap, so I generally I just hit the delete key and go on to the next message. I'll have to add a filter to check for that junk, too.
I've already got my MUA set to automatically delete messages with empty or missing From: and To: headers. I think I'll add code to delete messages with forged addresses.
After that, I'm going to start saving all the Spam that I receive in a special file and run some dictionary/statistics generating software on it to see if I can come up with an algorithm to detect spam. Once that's in place, I'll live Spam free!
Hmm, you could even say that they ought to be brought up on charges for enabling this guy to commit his crime. They did not exercise appropriate caution in securing their server. It's kinda like leaving a loaded firearm just sitting on the front porch and then acting surprised when a neighbor kid blows his head off with it. (Well, not exactly, but something like that anyway.)
The dorks at Market Visions should have had their mail server properly configured so that it would not forward messages. I don't think they deserve any compensation for the $18,000 they allegedly suffered in damages. It's their own fault that they were abused in this way.
Most spammers who try to forge where the message is coming from (including this guy) are not very good at it. The forgeries are easy to spot when you look at the complete message headers. Why doesn't someone (me?) write a MUA that automatically deletes this junk?
I know what OpenDoc is. I have the OpenDoc programmer's reference and the example book with CDs on my shelf. Since Apple basically stopped supporting it, it is basically dead. Since OS/2 is practically dead, OpenDoc is practically buried.
BTW, KParts are intended to work like OpenDoc parts. May even be compatible, I'd have to check the docs again.
Actually, all of KDE is heading that way with embeddable KParts. You really need to check it out.
if, say, the open source world got together and built an openDoc office suite, then that would be worth talking about
I don't guess you've heard of KOffice? Check out www.kde.org and bring your C++ skills. Hackers are needed. If you don't want to hack on it, then use it. Try it out and submit bug reports.
Slashdot Mirror
And, it's only free on UNIX, if you're free on UNIX. That is the QPL only allows you to use Qt in free software without paying the license of $1,000+ US. If you want to write, closed source, commercial software, then you gots to pony up the bucks. Your project might not even have to be closed source, either, for you to pay the license fee. It may just have to be "commercial," a word I take to mean "for money."
My mother thought she was giving me a unique name when she named me Jason, in 1970. She swears that she didn't know anyone named Jason back then.
I've done an Internet search and found references to fifteen other people with the same first and last name as myself in the United States. One of them lives in the same town I do. I recently (last year) got a call from his employer, the local fire department. There was also a little mix up back in the lates 80s with medical records involving the two of us, though he may or may not know about it.
If you think about it, with all these folks being named Shamiqua and what have you, those names won't be so unique in a few years and they'll be in the same boat that I'm in with Jason.
All the more reason to just have a 128-bit integer tattooed to our foreheads. (No, I'm not serious.)
There has been discussion lately on the KDE developer mailing lists about how to avoid script-based worms, trojan horses, and viruses. Thankfully, you already have the Unix security model to protect you, so don't run things as root.
Among the options proposed include a sandbox for running scripts to see what they do, before running them for real, and not allowing certain operations from untrusted scripts.
Really, though, the scripting in KDE does not raise any additional security issues than just running scripts/binaries that were sent to you in email or that you downloaded off the net.
It has also been unofficially decided that the default for automatically running scripts/macros will be set to "off" so the user will have to set it to on for scripts to run automatically.
Anyone else who has been reading the mailing lists care to comment?
How do you test an open source project?
You compile it. You run it. If it works, great. If not, you find the bugs and fix them. It's just like testing any other other software project.
When Bob submits a fix for BeOs, Carol submits a fix for AIX, Ted submits a fix for VxWorks, and Alice submits one for the Mac, well, how do you test it all prior to release?
This question is redundant. The answer is the same as the above.
Can you trust your alpha and beta testers to find enough bugs to release?
Your question sounds like you're saying you want to release bugs, but I think I know what you mean. The answer is, "you can't." You don't worry about it, because you're Open Source. You just assume that someone, somewhere is going to catch a bug, fix it, and then be benevolent enough to share that fix with you and the rest of that software's users.
And what can you do when your outside community of testers is still small and you know they really aren't sufficient for the job?
Nothing, really.
Must your company get testers for all of these platforms?
No. That's the point of Open Source. You save money 'cause you don't have to test on all those platforms yourself. If companies had testers for all those platforms, don't you think they'd still be writing code for all those platforms. I mean, you'd still see commercial products that have versions for MacOS, Windows, Amiga, AIX, BeOS, and so on all the way down the line. Corps don't do this because it is too expensive.
When you free the code, you let others write and test the Amiga version and they become (more or less) responsible for the Amiga version. Open Source really allows a product to proliferate onto multiple platforms more than anything else will. As evidence of this assertion, I give you NetBSD, which runs on more hardware platforms than any other. Though, IINM, Linux is quickly catching up.
When Paul submits a new feature for the Amiga, does that mean someone needs to provide code for Linux before you can release?
Not unless you absolutely insist on having the Linux version match the Amiga version feature for feature. This is more a management issue than anything else. You shouldn't have rogue developers adding new features that are platform specific without having those features first discussed on the mailing list. Off hand, I can't think of anything that would be platform specific enough to warrant inclusion in the Amiga code and not the Linux code. If Paul has written a new feature for the app and done it in a way that only works on the Amiga, then Paul should be asked to reimplement it in a way that works on all the supported platforms. If he can't, then perhaps that functionality doesn't go in, or someone else gets to implement in a platform-independent way. I would not ever allow something like that to hold up a release. You can always exclude that feature from the release, or just choose not to document it.
<flamebait>Anyway, I wouldn't be worried about features on the Amiga, myself. If igure anyone who still uses the Amiga would be eccentric enough not to notice that their version has additional features. If they did, then yippee for them. They have cool features no one else does.</flamebait>
'Cause computer == Intel-compatible PC running Windoze. That's why.
:-)
Anything else isn't a computer.
According to previous reports, the trojan was posted in an adult chat room. You had to download it from a web site. It was called something like MySissy.mpg.exe. It is an executable file.
If, like most Windoze users, you don't change the default settings on your file viewer and you open most files by double clicking on document files, then once you had downloaded this file it would appear to be an ordinary file with the name MySissy. When you double-clicked on it, it would executre. I've not actually seen it in operation, but if the hackers were smart, they would have made it look like an MPG movie viewer and actually had it play a few minutes of a porn flick while it also did its dirty work.
Something like this is trivial to implement.
Exactly!!!
:-(
Who wants a fscking phone in their head? I don't even answer the phones I have now unless someone tells me they're going to call at a certain time. If a call is unexpected, I let the voice mail get it. I hate telephone calls. They are annoying intruders into an already chaotic life. You want to communicate with me, try email.
I don't think that I'd want to have my body "enhanced," though I am not opposed to getting cybernetic replacements for failing, damaged or destroyed body parts. Frankly, I'd prefer having organic replacements grown (cloned?) from my own cells. There have been some interesting strides made in that area recently. (Sorry, no references handy.)
And tax-happy European gov'ts wonder why their unemployment is so high...!
I think they need some basic classes in economics.
Who said that anything posted to Slashdot was going to be objective, ever?
:-)
I must say, my partnership moved to Linux last week
Moving to Linux isn't the sort of thing that you do in a week. Also, you work at a law firm, right? You aren't supposed to "get it." You're lawyers, and you're actually paid not to "get it." :-) The less you understand of the technological details, the better for your clients. They pay you to understand the law, not technology.
Seriously, though the phrase is "There's no Security through Obscurity." It is generally thought in the Free Software community that having the source code open and available exposes the security holes to the prying eyes of many more developers, and therefore reduces the risk that such things will continue undetected for long. This one took longer to catch than some of the others. It's also more subtle and harder to exploit, as has been pointed out by others. Which is the opposite of what you're saying is the commonly held belief.
BTW, "the BSD thing" is ready for release. Has been since at least 1978. In many ways the BSD kernels are superior to the Linux kernel. In some other ways Linux has BSD beat.
You're a lawyer, so I expect you to see a lawsuit in every utterance. I wonder, though, if you're not just trolling here.
Patents are *so* old economy! Who cares! In the time it takes to get a patent on something related to the Internet, it becomes irrelevant.
If it is still relevant, then chances are damn good that the patent is invalid, or the patented "technology" is already in such widespread use that the patent is practically unenforceable. What is C|Net going to do? Sue every single web site that has banner ads?
Ok, thanks for correcting my analogy. I had a suspicion that I migh have had it backwards.
You said, "If they are wet and grounded."
Yeah, if you're grounded you're in deep trouble. A guy I used to work with has this bumper sticker: "Electricians' kids are never grounded."
Yeah, I did electrical work to pay my way through college. I don't have a degree in physics but I know enough about electricity to be safe.
As for the wet part, isn't it the salt(s) in water that conducts electricity? I recall doing some labs in high school physics class that showed that distilled water makes a lousy conductor. Of course, water loves to dissolve salts, so your distilled water quickly becomes "contaminated" and a good conductor if you do something silly, like stick your hand in it. Again, correct me if I'm wrong.
Remember, it's not the volts, nor the amps that kill you. It's the two together. It's basically the wattage, or the amount or work (ie heat) done by the current. You can survive quite a lot of volts if the amperage is extremely low, just as a relatively small number of volts would kill if the amperage is really high. Compare it to water, and think of volts as volume and amps as velocity. That's generally how I visualize it.
Other than clearing up something that might be a bit confusing, I agree with pretty much everything the previous poster said.
According to the Sealand Government web site, Havenco "will now take over operations of the government of Sealand." As I understand the other text on the same page, it is generally believed that the government of the UK would not interfere in any acts of piracy, terrorism, or assault on your "territory." Since you are now within the limits of the territorial waters claimed by the UK, you probably won't have to worry about a full-out assault from a sovereign nation, but another attack like that of 1978 could happen again. Of course, there is nothing but a few court rulings to protect you from Her Majesty's Armed Forces.
Given the precarious nature of the "sovereignty" of Sealand, will you be seeking international recognition and treaties to guarantee your physical security from such attacks? Will you be joining any of the international protocols for cooperation in law enforcement or other areas? I would think that joining these would go a long way to cementing your viability.
Thanks for sharing that croaker. I'm not doing exactly what you say, but I am checking for empty or missing From: and To: headers. I'll have to set up my filters the way you describe when I get home.
Rather than just trashing the spam, I think I'll save it to a special mailbox. At some point in the future, I think I'd like to come up with some effective (and intelligent) spam blocking software.
Well, yes it is, but you still bear some of the responsibility in an existential manner if you choose to leave your house unlocked. Given the conditions under which we live, only a fool would deliberately leave their house unlocked. For the ignorant, this would hopefully be a "learning experience" and they would then know not to do this in the future.
Leaving the house unlocked does not excuse the behavior of the person who has broken the law by entering/trespassing. It does, however, lessen the amount of responsibility shown by the homeowner and, in fact, increases their existential responsibility in the outcome of someone breaking and entering.
I suggest reading some Sartre and Camus if you want to know where I am coming from.
I'm not arguing "blame the victim". That is so often used to excuse the perpetrator of evil. It is disingenuous to say your woman walking, while intoxicated, down a dark alley in a high crime area [I added the high crime area], is asking to get raped.
People make choices and they are responsible for the outcomes of those choices. The woman in our example is responsible for choosing to get drunk, for choosing to walk alone, and perhaps unarmed, down that alley at that hour of the night. She is existentially responsible if she is assaulted, just as I would be existentially responsible if I were assaulted under the same conditions.
The folks at Market Vision *chose* not to properly secure their email server, whether they made the choice from ignorance or with full knowledge of the consequences, they still made that choice. They therefore bear some responsibility for what happened.
A quote from a RUSH song would be appropriate here: "If you choose not to decide, you still have made a choice."
PAY ATTENTION! I AM NOT talking about LEGAL responsibility. I AM talking about MORAL and EXISTENTIAL responsibility. Legally, they can sue the guy, but ethically they are still at fault and are not deserving of a dime. Anyway, I don't see how it could cost $18,000 for a mail server to be down for a few hours, unless they lost an $18,000 contract that hinged on one lost email, highly unlikely.
Lately, I've been getting SPAM that starts out by telling me that I had a great chat/conversation with the person sending me the Spam, a person I've never chatted with online or in person for that matter.
There's another class of spam, that isn't really spam, but that's those damned annoying messages that people I know keep sending me with subjects of Read this--Funny or some such. I don't have time to wade through that crap, so I generally I just hit the delete key and go on to the next message. I'll have to add a filter to check for that junk, too.
I've already got my MUA set to automatically delete messages with empty or missing From: and To: headers. I think I'll add code to delete messages with forged addresses.
After that, I'm going to start saving all the Spam that I receive in a special file and run some dictionary/statistics generating software on it to see if I can come up with an algorithm to detect spam. Once that's in place, I'll live Spam free!
Hmm, you could even say that they ought to be brought up on charges for enabling this guy to commit his crime. They did not exercise appropriate caution in securing their server. It's kinda like leaving a loaded firearm just sitting on the front porch and then acting surprised when a neighbor kid blows his head off with it. (Well, not exactly, but something like that anyway.)
The dorks at Market Visions should have had their mail server properly configured so that it would not forward messages. I don't think they deserve any compensation for the $18,000 they allegedly suffered in damages. It's their own fault that they were abused in this way.
Most spammers who try to forge where the message is coming from (including this guy) are not very good at it. The forgeries are easy to spot when you look at the complete message headers. Why doesn't someone (me?) write a MUA that automatically deletes this junk?
Yeah, Download This should have been a vinyl-only release. You know, 33-1/3 RPM LP format. Of course, no one could play it.
I know what OpenDoc is. I have the OpenDoc programmer's reference and the example book with CDs on my shelf. Since Apple basically stopped supporting it, it is basically dead. Since OS/2 is practically dead, OpenDoc is practically buried.
BTW, KParts are intended to work like OpenDoc parts. May even be compatible, I'd have to check the docs again.
Actually, all of KDE is heading that way with embeddable KParts. You really need to check it out.
if, say, the open source world got together and built an openDoc office suite, then that would be worth talking about
I don't guess you've heard of KOffice? Check out www.kde.org and bring your C++ skills. Hackers are needed. If you don't want to hack on it, then use it. Try it out and submit bug reports.
Zoinks!! Put on that asbestos jumper!!
You are exactly right, Bridgette!!!