I've never had the honour (pain?) of being directly slashdotted, but I seem to be getting an indirect slashdotting. From the link in the middle of the article (to a very handy utility in development for performing binary security updates) I'm seeing a couple visitors per second.
I think what he was trying to say is "Keeping a FreeBSD system up to date takes several steps (cvsup, buildworld, buildkernel, installkernel, mergemaster, installworld), but none of the steps are difficult".
Of course, that is somewhat contradicted by the mention, three paragraphs later, of a binary update system which is simple, easy, fast, secure, and uses less bandwidth than cvsup.
For the record, FreeBSD Update does work on 5.1-RELEASE; but there aren't any binary patches being distributed because I don't have any hardware with which to build them. Donations will be gratefully received.:)
IBM/SGI's licenses are "fully paid up and irrevokable". That's specific legal language which means "SCO can't demand more licensing fees, and it can't pull the license on a whim". That in no way restricts the ability of SCO to revoke a license which has already been invalidated by IBM or SGI violating its terms.
I'm not saying that IBM or SGI has violated the terms of their UNIX licenses; but if they have, that "fully paid up and irrevokable" language is irrelevant in this case.
I assume you're talking about a buildworld/installworld here.
Can you give me details of how you did this? I'm looking to get a buildbox soon, so I'm interested in any tips (at least, those backed up by benchmarks) people have on the issue.
Are you using the ports tree, or are you using packages? If you want to just install binary packages, `pkg_add -r foo` will do the job for you, including fetching any necessary dependencies.
Find some really good (and trustworthy) students. Ask them to do you a favour: Have them write the exam early, and then go in and "write" the exam again with everyone else -- except writing bogus answers.
It won't stop people from bringing notes into the exam with them -- you should have other ways of stopping that -- but it will have a good chance of catching people who "casually cheat", i.e., look over someone's shoulder and copy answers.
Note that the C spec says that there is a sequence point after each conditional however, the order in which conditionals in an || are evaluated is not defined in the standard, as in, there is no sequence point there.
You must have a different copy of the C standard. My copy reads "Unlike the bitwise | operator, the || operator guarantees left-to-right evaluation; there is a sequence point after the evaluation of the first operand. If the first operand compares unequal to 0, the second operand is not evaluated."
There is a fifth type of programmer, not covered by the categorization mentioned above: Those who really understand the language, the machine architecture, software engineering, and the application area, and who write code which is absolutely antithetical to anything you'd find in a textbook.
I, for example, severely abuse short-circuit evaluation -- I'll often put five or more function calls into an if() conditional, ||ing their error conditions together -- but there's nothing wrong with that; you'll never find it in a textbook, but once you're used to reading that sort of code, it is more compact, easy to understand, and easy to maintain than the alternatives.
Yes, upgrade -- to a point release. Win2K is Windows NT version 5.0; WinXP is Windows NT version 5.1. (Yes, those are Microsoft's own numbers.)
Re:IRC Needs Improvements-but you missed security
on
IRC in the Dog House?
·
· Score: 2, Interesting
what does a public key give you on IRC that a nick doesn't ???
Absolutely nothing without a trust relationship beyond knowing that the same key is used to log in
That alone would be useful: If someone needs to prove that they hold a private key in order to sign on with a gievn name, you dramatically reduce the risk of DDoS wars caused by people fighting over a name.
No, you don't apply. People don't apply for Nobel prizes either.
A bunch of people are invited to send in nominations; a selection committee looks at the nominations and decides to whom the prizes should be awarded.
Generally speaking, the people at the top of their respective fields will be sufficiently well known that they will be recognized by one of the nominators; in the case of Nobel prizes, people are often nominated every year for five years or more before they are given the prize.
HDs are usually 80GB plus, how do we back them up?
With these disks, 8 GB at a time.
In all seriousness, if you're doing incremental backups with any sort of reasonable frequency, you're not likely to be backing up more than 8 GB of data at once.
These disks cannot store 4 hours of video. Definitely not. In fact, it's absolutely impossible to store compressed video onto DVDs.
We need these larger disks for backup purposes. Not just that, but we need these disks for backup purposes so that we can evil catch terrorists and corporate criminals.
Remember, these aren't on the market yet. And if they could be used for storing video, they might never reach the market.
If the manager is looking to sign off on a checklist (position foo needs a masters or higher degree in bar), then online "universities" are wonderful -- they'll give you a piece of paper which allows you to claim that qualification.
If the manager -- or anyone else -- is actually looking for the degree as a sign that you are qualified for a position, having a "degree" from such an institution is only going to hurt you, because it shows that you look for the cheapest and easiest way of getting a piece of paper rather than looking to obtain a real qualification.
You know what people say about MSCEs? This is the academic equivalent.
Sure, there are lots of languages in Europe. But do you really need to have half a dozen of them in a project which only has a hundred people?
Any company which was running a project like this would have picked one location, hired a bunch of people, and had them all working in the same building, speaking the same language. It's only because of EU politics -- the requirement that the EU Datagrid be a multinational consortium -- that there are so many languages and locations involved.
I'd go further than that. I've heard the EU DataGrid described as a perfect example of how not to run a large software project.
People working in half a dozen different languages (natural languages, that is, not programming languages!), a complete lack of chain-of-command, software being signed off on because a document detailing critical bugs had been produced (even though the critical bugs weren't fixed!), progress reports being sent back for revision because "they weren't positive enough"...
Take the worst elements of decentralized open-source programming, combine them with the worst elements of government beaurocracy -- and then replace half of the programmers with physicists who have less programming experience than most second year CS majors -- and you'll get somewhere close to what I've been told about the EU Datagrid.
Of course, this is all second-hand information. Maybe the person who was telling me all of this is just a burnt-out coder who would be unhappy with whatever project he was working on. But I doubt it.
SCO users throughout the U.S. and Canada can get their chance to go show Darl just how much they "love" SCO. But of course, Linux users are free to attend.
Well, of course Linux users are free to attend. Linux is full of SCO code, so Linux users are really just SCO users who obtained the code through unauthorized means.
All these recent failures have been the fault of transmission systems, not the fault of generation systems. Electrical grids are carrying ever-increasing amounts of power around, but haven't been upgraded for many years; it was inevitable that we would start to see problems with the grid becoming overloaded.
The problem is simply one of NIMBY. We need to build more transmission lines, but nobody wants the lines in *their* backyard. It's going to give them brain cancer; give their children leukemia; impede their views; reduce the value of their homes; destroy the last known habitat of the seven-toed porcupine.
Sometimes I really wonder if democracy is a good idea.
Not necessarily. I've seen lots of instances where a bug fix works for people running a standard installation of an operating system, but breaks horribly for people using some non-standard patches.
Microsoft has a big advantage here -- it is actually possible for them to test their patches with some sense of completeness. (They don't always do so, but that's a different matter.) With open source software, a security officer can release a patch and say "well, this patch works for me", but it's impossible for him to test it on all possible configurations, because other users might have made all sorts of other changes.
Sure, in the long term, many eyes/bug hunters/coders will probably have an advantage, but when you want to make sure you get the patches out ASAP, knowing exactly what your customers are running provides a major advantage.
Why do you think we're all still running TCP/IP instead of the ISO/OSI protocol stack?
We're running TCP/IP because the CSRG decided to release BSD under a free license.
TCP/IP might be better than OSI, but we're not using TCP/IP for any technical reasons; we're using TCP/IP because it is the standard, it is the standard because everyone supports it, and everyone supports it because there was a free TCP/IP stack available for anyone who wanted it.
No, cases like this illustrate that allowing "stealth IP" is a bad idea.
If ISO had said from the start "we own these country code standards, you'll have to pay if you want to use them", we wouldn't have a problem -- nobody would be using them. The problem arose only because ISO waited until after their standard had been widely adopted before mentioning the issue.
Slashdot Mirror
I've never had the honour (pain?) of being directly slashdotted, but I seem to be getting an indirect slashdotting. From the link in the middle of the article (to a very handy utility in development for performing binary security updates) I'm seeing a couple visitors per second.
I think what he was trying to say is "Keeping a FreeBSD system up to date takes several steps (cvsup, buildworld, buildkernel, installkernel, mergemaster, installworld), but none of the steps are difficult".
:)
Of course, that is somewhat contradicted by the mention, three paragraphs later, of a binary update system which is simple, easy, fast, secure, and uses less bandwidth than cvsup.
For the record, FreeBSD Update does work on 5.1-RELEASE; but there aren't any binary patches being distributed because I don't have any hardware with which to build them. Donations will be gratefully received.
As a happy and satisfied user, I say 'Happy Birthday' with vigor and gusto.
Has someone ported Vigor to OpenOffice now? I thought it was only available on vi ports.
Two months is the amount of time which they are required to allow for IBM/SGI/whomever to correct violations of the license. SCO gave them that time.
IBM/SGI's licenses are "fully paid up and irrevokable". That's specific legal language which means "SCO can't demand more licensing fees, and it can't pull the license on a whim". That in no way restricts the ability of SCO to revoke a license which has already been invalidated by IBM or SGI violating its terms.
I'm not saying that IBM or SGI has violated the terms of their UNIX licenses; but if they have, that "fully paid up and irrevokable" language is irrelevant in this case.
I assume you're talking about a buildworld/installworld here.
Can you give me details of how you did this? I'm looking to get a buildbox soon, so I'm interested in any tips (at least, those backed up by benchmarks) people have on the issue.
Are you using the ports tree, or are you using packages? If you want to just install binary packages, `pkg_add -r foo` will do the job for you, including fetching any necessary dependencies.
Find some really good (and trustworthy) students. Ask them to do you a favour: Have them write the exam early, and then go in and "write" the exam again with everyone else -- except writing bogus answers.
It won't stop people from bringing notes into the exam with them -- you should have other ways of stopping that -- but it will have a good chance of catching people who "casually cheat", i.e., look over someone's shoulder and copy answers.
Note that the C spec says that there is a sequence point after each conditional however,
the order in which conditionals in an || are evaluated is not defined in the standard, as in, there is no sequence point there.
You must have a different copy of the C standard. My copy reads "Unlike the bitwise | operator, the || operator guarantees left-to-right evaluation; there is a sequence point after the evaluation of the first operand. If the first operand compares unequal to 0, the second operand is not evaluated."
There is a fifth type of programmer, not covered by the categorization mentioned above: Those who really understand the language, the machine architecture, software engineering, and the application area, and who write code which is absolutely antithetical to anything you'd find in a textbook.
I, for example, severely abuse short-circuit evaluation -- I'll often put five or more function calls into an if() conditional, ||ing their error conditions together -- but there's nothing wrong with that; you'll never find it in a textbook, but once you're used to reading that sort of code, it is more compact, easy to understand, and easy to maintain than the alternatives.
Yes, upgrade -- to a point release. Win2K is Windows NT version 5.0; WinXP is Windows NT version 5.1. (Yes, those are Microsoft's own numbers.)
what does a public key give you on IRC that a nick doesn't ???
Absolutely nothing without a trust relationship beyond knowing that the same key is used to log in
That alone would be useful: If someone needs to prove that they hold a private key in order to sign on with a gievn name, you dramatically reduce the risk of DDoS wars caused by people fighting over a name.
No, you don't apply. People don't apply for Nobel prizes either.
A bunch of people are invited to send in nominations; a selection committee looks at the nominations and decides to whom the prizes should be awarded.
Generally speaking, the people at the top of their respective fields will be sufficiently well known that they will be recognized by one of the nominators; in the case of Nobel prizes, people are often nominated every year for five years or more before they are given the prize.
HDs are usually 80GB plus, how do we back them up?
With these disks, 8 GB at a time.
In all seriousness, if you're doing incremental backups with any sort of reasonable frequency, you're not likely to be backing up more than 8 GB of data at once.
These disks cannot store 4 hours of video. Definitely not. In fact, it's absolutely impossible to store compressed video onto DVDs.
We need these larger disks for backup purposes. Not just that, but we need these disks for backup purposes so that we can evil catch terrorists and corporate criminals.
Remember, these aren't on the market yet. And if they could be used for storing video, they might never reach the market.
UoP *is* cheap, when you compare it to taking several years off work so that you can get a real degree.
If the manager is looking to sign off on a checklist (position foo needs a masters or higher degree in bar), then online "universities" are wonderful -- they'll give you a piece of paper which allows you to claim that qualification.
If the manager -- or anyone else -- is actually looking for the degree as a sign that you are qualified for a position, having a "degree" from such an institution is only going to hurt you, because it shows that you look for the cheapest and easiest way of getting a piece of paper rather than looking to obtain a real qualification.
You know what people say about MSCEs? This is the academic equivalent.
Sure, there are lots of languages in Europe. But do you really need to have half a dozen of them in a project which only has a hundred people?
Any company which was running a project like this would have picked one location, hired a bunch of people, and had them all working in the same building, speaking the same language. It's only because of EU politics -- the requirement that the EU Datagrid be a multinational consortium -- that there are so many languages and locations involved.
I'd go further than that. I've heard the EU DataGrid described as a perfect example of how not to run a large software project.
People working in half a dozen different languages (natural languages, that is, not programming languages!), a complete lack of chain-of-command, software being signed off on because a document detailing critical bugs had been produced (even though the critical bugs weren't fixed!), progress reports being sent back for revision because "they weren't positive enough"...
Take the worst elements of decentralized open-source programming, combine them with the worst elements of government beaurocracy -- and then replace half of the programmers with physicists who have less programming experience than most second year CS majors -- and you'll get somewhere close to what I've been told about the EU Datagrid.
Of course, this is all second-hand information. Maybe the person who was telling me all of this is just a burnt-out coder who would be unhappy with whatever project he was working on. But I doubt it.
SCO users throughout the U.S. and Canada can get their chance to go show Darl just how much they "love" SCO. But of course, Linux users are free to attend.
Well, of course Linux users are free to attend. Linux is full of SCO code, so Linux users are really just SCO users who obtained the code through unauthorized means.
All these recent failures have been the fault of transmission systems, not the fault of generation systems. Electrical grids are carrying ever-increasing amounts of power around, but haven't been upgraded for many years; it was inevitable that we would start to see problems with the grid becoming overloaded.
The problem is simply one of NIMBY. We need to build more transmission lines, but nobody wants the lines in *their* backyard. It's going to give them brain cancer; give their children leukemia; impede their views; reduce the value of their homes; destroy the last known habitat of the seven-toed porcupine.
Sometimes I really wonder if democracy is a good idea.
My couch is going to have an RFID tag? But... that would allow people to track me everywhere I go -- I never leave home without my couch.
Not necessarily. I've seen lots of instances where a bug fix works for people running a standard installation of an operating system, but breaks horribly for people using some non-standard patches.
Microsoft has a big advantage here -- it is actually possible for them to test their patches with some sense of completeness. (They don't always do so, but that's a different matter.) With open source software, a security officer can release a patch and say "well, this patch works for me", but it's impossible for him to test it on all possible configurations, because other users might have made all sorts of other changes.
Sure, in the long term, many eyes/bug hunters/coders will probably have an advantage, but when you want to make sure you get the patches out ASAP, knowing exactly what your customers are running provides a major advantage.
Why do you think we're all still running TCP/IP instead of the ISO/OSI protocol stack?
We're running TCP/IP because the CSRG decided to release BSD under a free license.
TCP/IP might be better than OSI, but we're not using TCP/IP for any technical reasons; we're using TCP/IP because it is the standard, it is the standard because everyone supports it, and everyone supports it because there was a free TCP/IP stack available for anyone who wanted it.
No, cases like this illustrate that allowing "stealth IP" is a bad idea.
If ISO had said from the start "we own these country code standards, you'll have to pay if you want to use them", we wouldn't have a problem -- nobody would be using them. The problem arose only because ISO waited until after their standard had been widely adopted before mentioning the issue.