I think the reference was specifically to the newer CDs that incorporate the anti-ripping technologies, and also include an ISO9660 filesystem with the audio tracks encoded in WMA format.
wu-ftp has had SO many bugs over the years, no one in their right mind would actually use it. I think there was a long stretch where it sat completely unmaintained, also. I hate to say it, but in the case of wu-ftpd, if you're still running it, it's your own fault for not looking at its track record and saying "hm, there sure have been a lot of bugs... maybe I should use something else".
Same with Sendmail (there are other, more-secure MTAs which are mostly compatible with Sendmail, not to mention being much easier to configure - Exim, Postfix, even *shiver* qmail). And as far as BIND goes, it should be run chroot()'d, set to a non-root UID and GID, on a box with little else on it Or maybe djbdns would be a better choice.
I can only suggest you read some of ESR's words, or Larry Wall's words, or words of other OSS developers and proponents, and their explanation of why people write open-source software. Why would a person write an open-source software package, if not for their own use? Releasing it, then, is saying, in effect, "I've written this, I find it useful. I hope you do too. I welcome improvements, but I don't guarantee it will do everything you want or need, fulfill your greatest desires, cook your meals, etc."
It's a fundamentally different mindset from commercial software development. I think you're still trying to make a straight-across comparison between the two, when the fact is, as I've been saying, they're fundamentally different ways of looking at and developing software. The entire driving reason is different - making money, versus writing something useful for yourself, and hopefully others (and maybe improving your own reputation at the same time).
Profit? What profit is that? Other than one's reputation, you're not generally making money from your open-source software. That's sort of part and parcel of the whole open-source ideal, that you're not really gaining any quantifiable profit by writing it, other than having a useful tool for yourself, and hopefully others as well. What's useful to me may not be useful to everyone, but to say that it's either useful to the entire world or it's only useful to you is kind of a big step.
Your one example, WinAmp, is a poor one. For a long time, WinAmp was nagware - yeah, you could use it for free, but they (Nullsoft) wanted money for it. Now, Nullsoft is owned by AOL - you think those guys aren't getting paid to write WinAmp? Trust me, they are. The money just comes from somewhere else now, so they don't have to sell WinAmp to make money - they give it away standalone, and as part of most Netscape installs for Windows.
Saying that's even close to open-source is just wrong. I still say open-source coding is a very different matter than writing ANY commercial app - even one given away as a loss leader, like WinAmp is now.
So tell me what you're saying - it's bad for people to write tools that are useful to them and provide them for others to use - they should either (a) keep it to themselves, or (b) develop it as a full-out end-user application, even after they've written something that's reasonably bug-free and useful to them? You're basically saying look the gift horse in the mouth. That even though it's free, these people should write software like they're getting paid to do it?
If I'm wrong, please correct me. It just sounds like you're saying it's completely reasonable to expect people to do things for you, for free, just because you say you should have what you want.
Oh, and if someone chooses to make a Linux distro that competes with Windows, they can do that (and RedHat and some of their progeny are certainly trying to do that), but that doesn't mean that every Linux user wants that - for example, I'm quite happy with Linux. Yes, I have to put some effort to set it up, but once I set it up, I can make it do what I want it to do. I don't want a straitjacket, I want a platform for doing things.
Why would open-source developers write something that they themselves DON'T WANT? It's one thing for someone to get paid to write software - then, even if it's not something they themselves would use, it is their job, and they have to write it, regardless of whether it'd be useful to them. Open-source coders want to write something that's USEFUL FOR THEM.
That's the fundamental misunderstanding with open-source vs. the "common computer user" - open-source software is written to scratch the programmer's itch, not to make money, or to satisfy market X. Just try telling an open-source project developer that they must implement some feature, or else. They'll laugh at you - you're not paying them, or giving them any good reason why they should do what you say.
I have a feeling your coworker subscribes to the "give a man a fish, feed him for a day" theory. If he gave you the answer, sure, you'd have the answer you sought, but you wouldn't have learned anything - next time you didn't know something, you'd have had to ask him again. Many Linux/UNIX people subscribe to this theory, but most people who are more Windows/Mac-oriented don't like that. They just want their questions answered
Just keep that in mind - self-sufficiency is undervalued, IMO, in today's society. Being self-sufficient - being able to do things and find answers on your own - is, in a certain way, better than having someone just answer your questions (then leave you stranded when he's not there to answer you anymore). It is the way to build a community - a community of independent people who actually know things, instead of a community of codependents who can't actually do anything without someone being there to help them.
Nice idea, but the people who write the components of Linux are developing what THEY want to use - they're not getting paid, they're not doing feasability studies, interface-design studies, andd such before writing their software. Do you really think anyone would bother writing an open-source application if they had to? No, I don't think they would...
That would be fair, if these people had made a conscious decision, and were aware that something else was available to them. Most aren't. If you told them you could run another OS on their PC (after explaining to them what an OS is), they'd probably be like "really? I thought Microsoft was the only company that did this computer stuff."
Amen. I don't see how people see this whole process as acceptable - Microsoft sells them a product, which they (theoretically) expect to perform some task. It does the task - more or less. Except for the crashes, the incompatibility, and some assorted flakiness. But it doesn't have some specific feature. So then, Microsoft comes out with a new product, which you must then pay for again. And people do it - shelling out hundreds of dollars for the latest Microsoft bloatware, to get what they thought they had already - a system that would meet their needs.
How is it that some people are so eager to spend perfectly good money re-buying what they're supposed to already have, anyway? What a racket.
Or if they at least used a text format - INI style, XML hierarchical, or SOMETHING. Something besides a binary format that tends to get corrupted (and sufficient corruption still will make a Windows box unbootable, registry fixer or no - even with systems with the registry fixing tools, it STILL happens.
At least with a text file, if it got fucked up, you could go in with any old text editor and fix the problem.
"But doesn't Microsoft mean 'Internet'? I thought they were the same thing."
This is funny, yet horrifying at the same time. Microsoft has managed to insert themselves into the public consciousness to such a degree that most people associate "computer" (as well as "Internet") with "Microsoft". How can anyone fight that?
They didn't even actually buy it - they stole it. They licensed it on a royalty basis, under the assumption they were going to sell it, then gave it away. What a way to screw your "business partner", eh?
Do you agree with me that a number of companies that "lost" to Microsoft lost because they made bad business decisions?
I think that risks are taken, some bad decisions are made, shit happens. That's the way it always works. Yes, some companies that have fallen to Microsoft did, at least in part, because they made stupid mistakes. However, if it weren't for Microsoft being there to stomp on them and squish them out of existence, they might've picked themselves up and carried on, learning from their experience, and maybe becoming better for it. Would they have succeeded? Maybe, maybe not. We'll never know, but at least they'd have had a fair shot.
So you want a monopolistic company (proven monopoly, proved in a court of law) to be able to extend their monopoly in perpetuity, giving away something that costs them practically nothing, whose only purpose is to get them out of hot water, imprinting kids further with the "buy buy buy" mentality, convincing them to keep pouring endless amounts of money into Microsoft's pockets to keep getting what they supposedly already bought?
Drones are bad, mm'kay? And that's what Microsoft wants - more mindless drones to keep buying their crappy products, practically begging Unca Bill for the opportunity to pay again, and again, and again. Through some hollow gesture, they get to keep their monopoly, keep doing business as they always have, and continue to have guaranteed suckers^Wcustomers for their products. Yay.
Do you really think their gesture has anything to do with education? Hell no. It's all about MONEY. Spending as little as possible, to get the maximum results. I guess it's true - being Microsoft means never having to say you're sorry.
If the deal went through, Microsoft would be really getting a sweet deal. Consider that the majority of that 1.1 billion dollars, somewhere around 80% - nearly 900 million - would be to supposedly "pay" for their own software. But how much does it cost them to produce that package, the CDs, and the (ever shrinking) enclosed printed documentation? Have you ever seen the prices for products in their company store? $50, $60 for even their highest-dollar packages, and you can bet that's well more than the materials cost.
So, they lose (let's be generous) around $300 million (around $200 million in PCs, somewhere about $100 million in materials costs on the software and its packaging), to get themselves absolved of any wrongdoing. For a company that has supposedly billions of dollars in cash on-hand, that's chump change.
MoL sets up a full virtual machine, using the PPC's self-virtualization capability. AFAIK Win4Lin is the same sort of situation. Classic, OTOH, shares filesystem and display (and other device) access so that everything can run together, I'm guessing using some sort of QuickDraw trickery.
So MoL is much more similar to VMWare. VMWare does use the host CPU to run what it can natively, like MoL does, unlike say, Bochs, where everything is emulated.
MkLinux was aimed mostly at pre-PCI systems, where a native kernel wasn't available. There is an alternative now, and with the fact that (to my knowledge) MkLinux is unfathomably outdated, there's really no excuse to use it at this point. Certainly not on a PCI PowerMac, but even on the NuBus systems, you may as well use native kernels.
No one bothers to use MkLinux anymore - it's old and out of date, and you can always run a native kernel on the pre-PCI systems now (it's a little old, but it works, I have 3 PowerMac 6100s running Linux, running the distributed.net client - yeah, yeah, I know:). What's the point of converting a monolithic kernel to run on top of a microkernel anyway?
Um. WTF. People are just providing this guy with what they believe to be the best answer long-term, which is, in many people's opinion (one which I agree with, BTW) to get as far away from Verisign/NSI as possible. There are many registrars (as well as OpenSRS resellers, like Tucows) who (a) charge less per year, (b) give FAR better service, and (c) give you much less runaround.
At my work, we've found that GKG is an excellent, responsive registrar, with extremely low yearly fees. We had tried, prior to moving our domain to GKG, to get our billing info corrected. The guy who is in charge of taking care of the domain issues (not me, but a coworker) tried over and over, calling NSI and using their online forms, and faxing them too IIRC, to get the billing info corrected, but it never got fixed, and no real explanation as to what the problem was was ever given. On the other hand, getting domain information modified has been a joy with GKG - immediate changes, none of the constant submit-reject-resubmit cycle that happened over and over with NSI.
Feel free to make up your own mind, but the people who are saying "switch registrars" are saying so because they've probably had similar frustration in the past with NSI, which triggered the move to switch in the first place. In other words, they're speaking from experience.
I guess there is some truth to that. Of course, losing the soul of the business is par for the course when it goes from something done for the love of it to something that people have to do, and when maximum profit and maximum market take precedence over maximum quality.
Sure, if you're smoking enough crack to run the old-ass RedHat releases that are vulnerable to it without updating anything. Go Debian, and don't worry about manual updating.
that may well be true, although it could also be argued that there may actually be a diminished threat due to less widespread knowledge.
But what makes you think it'll stay that way? And that the "bad guys" don't already know about it? And if the "bad guys" know about it, and the "good guys" are in the dark, the "good guys" are already screwed.
Simply, we need full disclosure not only to get the vendors to patch their software (the primary reason), but so that people can then make informed decisions about what's going on wrt vulnerabilities in the software - if they wish to continue using it, given the frequency of vulnerabilities, or at least to know that something must be done and have a chance to do it. As others have said, forewarned is forearmed. Having the information allows people to make educated choices.
Slashdot Mirror
I think the reference was specifically to the newer CDs that incorporate the anti-ripping technologies, and also include an ISO9660 filesystem with the audio tracks encoded in WMA format.
wu-ftp has had SO many bugs over the years, no one in their right mind would actually use it. I think there was a long stretch where it sat completely unmaintained, also. I hate to say it, but in the case of wu-ftpd, if you're still running it, it's your own fault for not looking at its track record and saying "hm, there sure have been a lot of bugs... maybe I should use something else".
Same with Sendmail (there are other, more-secure MTAs which are mostly compatible with Sendmail, not to mention being much easier to configure - Exim, Postfix, even *shiver* qmail). And as far as BIND goes, it should be run chroot()'d, set to a non-root UID and GID, on a box with little else on it Or maybe djbdns would be a better choice.
I can only suggest you read some of ESR's words, or Larry Wall's words, or words of other OSS developers and proponents, and their explanation of why people write open-source software. Why would a person write an open-source software package, if not for their own use? Releasing it, then, is saying, in effect, "I've written this, I find it useful. I hope you do too. I welcome improvements, but I don't guarantee it will do everything you want or need, fulfill your greatest desires, cook your meals, etc."
It's a fundamentally different mindset from commercial software development. I think you're still trying to make a straight-across comparison between the two, when the fact is, as I've been saying, they're fundamentally different ways of looking at and developing software. The entire driving reason is different - making money, versus writing something useful for yourself, and hopefully others (and maybe improving your own reputation at the same time).
Profit? What profit is that? Other than one's reputation, you're not generally making money from your open-source software. That's sort of part and parcel of the whole open-source ideal, that you're not really gaining any quantifiable profit by writing it, other than having a useful tool for yourself, and hopefully others as well. What's useful to me may not be useful to everyone, but to say that it's either useful to the entire world or it's only useful to you is kind of a big step.
Your one example, WinAmp, is a poor one. For a long time, WinAmp was nagware - yeah, you could use it for free, but they (Nullsoft) wanted money for it. Now, Nullsoft is owned by AOL - you think those guys aren't getting paid to write WinAmp? Trust me, they are. The money just comes from somewhere else now, so they don't have to sell WinAmp to make money - they give it away standalone, and as part of most Netscape installs for Windows.
Saying that's even close to open-source is just wrong. I still say open-source coding is a very different matter than writing ANY commercial app - even one given away as a loss leader, like WinAmp is now.
So tell me what you're saying - it's bad for people to write tools that are useful to them and provide them for others to use - they should either (a) keep it to themselves, or (b) develop it as a full-out end-user application, even after they've written something that's reasonably bug-free and useful to them? You're basically saying look the gift horse in the mouth. That even though it's free, these people should write software like they're getting paid to do it?
If I'm wrong, please correct me. It just sounds like you're saying it's completely reasonable to expect people to do things for you, for free, just because you say you should have what you want.
Oh, and if someone chooses to make a Linux distro that competes with Windows, they can do that (and RedHat and some of their progeny are certainly trying to do that), but that doesn't mean that every Linux user wants that - for example, I'm quite happy with Linux. Yes, I have to put some effort to set it up, but once I set it up, I can make it do what I want it to do. I don't want a straitjacket, I want a platform for doing things.
Why would open-source developers write something that they themselves DON'T WANT? It's one thing for someone to get paid to write software - then, even if it's not something they themselves would use, it is their job, and they have to write it, regardless of whether it'd be useful to them. Open-source coders want to write something that's USEFUL FOR THEM.
That's the fundamental misunderstanding with open-source vs. the "common computer user" - open-source software is written to scratch the programmer's itch, not to make money, or to satisfy market X. Just try telling an open-source project developer that they must implement some feature, or else. They'll laugh at you - you're not paying them, or giving them any good reason why they should do what you say.
I have a feeling your coworker subscribes to the "give a man a fish, feed him for a day" theory. If he gave you the answer, sure, you'd have the answer you sought, but you wouldn't have learned anything - next time you didn't know something, you'd have had to ask him again. Many Linux/UNIX people subscribe to this theory, but most people who are more Windows/Mac-oriented don't like that. They just want their questions answered
Just keep that in mind - self-sufficiency is undervalued, IMO, in today's society. Being self-sufficient - being able to do things and find answers on your own - is, in a certain way, better than having someone just answer your questions (then leave you stranded when he's not there to answer you anymore). It is the way to build a community - a community of independent people who actually know things, instead of a community of codependents who can't actually do anything without someone being there to help them.
Nice idea, but the people who write the components of Linux are developing what THEY want to use - they're not getting paid, they're not doing feasability studies, interface-design studies, andd such before writing their software. Do you really think anyone would bother writing an open-source application if they had to? No, I don't think they would...
That would be fair, if these people had made a conscious decision, and were aware that something else was available to them. Most aren't. If you told them you could run another OS on their PC (after explaining to them what an OS is), they'd probably be like "really? I thought Microsoft was the only company that did this computer stuff."
Amen. I don't see how people see this whole process as acceptable - Microsoft sells them a product, which they (theoretically) expect to perform some task. It does the task - more or less. Except for the crashes, the incompatibility, and some assorted flakiness. But it doesn't have some specific feature. So then, Microsoft comes out with a new product, which you must then pay for again. And people do it - shelling out hundreds of dollars for the latest Microsoft bloatware, to get what they thought they had already - a system that would meet their needs.
How is it that some people are so eager to spend perfectly good money re-buying what they're supposed to already have, anyway? What a racket.
Or if they at least used a text format - INI style, XML hierarchical, or SOMETHING. Something besides a binary format that tends to get corrupted (and sufficient corruption still will make a Windows box unbootable, registry fixer or no - even with systems with the registry fixing tools, it STILL happens.
At least with a text file, if it got fucked up, you could go in with any old text editor and fix the problem.
"But doesn't Microsoft mean 'Internet'? I thought they were the same thing."
This is funny, yet horrifying at the same time. Microsoft has managed to insert themselves into the public consciousness to such a degree that most people associate "computer" (as well as "Internet") with "Microsoft". How can anyone fight that?
They didn't even actually buy it - they stole it. They licensed it on a royalty basis, under the assumption they were going to sell it, then gave it away. What a way to screw your "business partner", eh?
Do you agree with me that a number of companies that "lost" to Microsoft lost because they made bad business decisions?
I think that risks are taken, some bad decisions are made, shit happens. That's the way it always works. Yes, some companies that have fallen to Microsoft did, at least in part, because they made stupid mistakes. However, if it weren't for Microsoft being there to stomp on them and squish them out of existence, they might've picked themselves up and carried on, learning from their experience, and maybe becoming better for it. Would they have succeeded? Maybe, maybe not. We'll never know, but at least they'd have had a fair shot.
There was no NT 3.0. 3.1 was the first version of NT - it came out while Windows 3.1 was Microsoft's flagship platform.
So you want a monopolistic company (proven monopoly, proved in a court of law) to be able to extend their monopoly in perpetuity, giving away something that costs them practically nothing, whose only purpose is to get them out of hot water, imprinting kids further with the "buy buy buy" mentality, convincing them to keep pouring endless amounts of money into Microsoft's pockets to keep getting what they supposedly already bought?
Drones are bad, mm'kay? And that's what Microsoft wants - more mindless drones to keep buying their crappy products, practically begging Unca Bill for the opportunity to pay again, and again, and again. Through some hollow gesture, they get to keep their monopoly, keep doing business as they always have, and continue to have guaranteed suckers^Wcustomers for their products. Yay.
Do you really think their gesture has anything to do with education? Hell no. It's all about MONEY. Spending as little as possible, to get the maximum results. I guess it's true - being Microsoft means never having to say you're sorry.
If the deal went through, Microsoft would be really getting a sweet deal. Consider that the majority of that 1.1 billion dollars, somewhere around 80% - nearly 900 million - would be to supposedly "pay" for their own software. But how much does it cost them to produce that package, the CDs, and the (ever shrinking) enclosed printed documentation? Have you ever seen the prices for products in their company store? $50, $60 for even their highest-dollar packages, and you can bet that's well more than the materials cost.
So, they lose (let's be generous) around $300 million (around $200 million in PCs, somewhere about $100 million in materials costs on the software and its packaging), to get themselves absolved of any wrongdoing. For a company that has supposedly billions of dollars in cash on-hand, that's chump change.
MoL sets up a full virtual machine, using the PPC's self-virtualization capability. AFAIK Win4Lin is the same sort of situation. Classic, OTOH, shares filesystem and display (and other device) access so that everything can run together, I'm guessing using some sort of QuickDraw trickery.
So MoL is much more similar to VMWare. VMWare does use the host CPU to run what it can natively, like MoL does, unlike say, Bochs, where everything is emulated.
MkLinux was aimed mostly at pre-PCI systems, where a native kernel wasn't available. There is an alternative now, and with the fact that (to my knowledge) MkLinux is unfathomably outdated, there's really no excuse to use it at this point. Certainly not on a PCI PowerMac, but even on the NuBus systems, you may as well use native kernels.
No one bothers to use MkLinux anymore - it's old and out of date, and you can always run a native kernel on the pre-PCI systems now (it's a little old, but it works, I have 3 PowerMac 6100s running Linux, running the distributed.net client - yeah, yeah, I know :). What's the point of converting a monolithic kernel to run on top of a microkernel anyway?
Um. WTF. People are just providing this guy with what they believe to be the best answer long-term, which is, in many people's opinion (one which I agree with, BTW) to get as far away from Verisign/NSI as possible. There are many registrars (as well as OpenSRS resellers, like Tucows) who (a) charge less per year, (b) give FAR better service, and (c) give you much less runaround.
At my work, we've found that GKG is an excellent, responsive registrar, with extremely low yearly fees. We had tried, prior to moving our domain to GKG, to get our billing info corrected. The guy who is in charge of taking care of the domain issues (not me, but a coworker) tried over and over, calling NSI and using their online forms, and faxing them too IIRC, to get the billing info corrected, but it never got fixed, and no real explanation as to what the problem was was ever given. On the other hand, getting domain information modified has been a joy with GKG - immediate changes, none of the constant submit-reject-resubmit cycle that happened over and over with NSI.
Feel free to make up your own mind, but the people who are saying "switch registrars" are saying so because they've probably had similar frustration in the past with NSI, which triggered the move to switch in the first place. In other words, they're speaking from experience.
I guess there is some truth to that. Of course, losing the soul of the business is par for the course when it goes from something done for the love of it to something that people have to do, and when maximum profit and maximum market take precedence over maximum quality.
Well, it is running Windows 2000 (a stripped-down version of it) - you have to be able to get service packs, right? :)
Sure, if you're smoking enough crack to run the old-ass RedHat releases that are vulnerable to it without updating anything. Go Debian, and don't worry about manual updating.
that may well be true, although it could also be argued that there may actually be a diminished threat due to less widespread knowledge.
But what makes you think it'll stay that way? And that the "bad guys" don't already know about it? And if the "bad guys" know about it, and the "good guys" are in the dark, the "good guys" are already screwed.
Simply, we need full disclosure not only to get the vendors to patch their software (the primary reason), but so that people can then make informed decisions about what's going on wrt vulnerabilities in the software - if they wish to continue using it, given the frequency of vulnerabilities, or at least to know that something must be done and have a chance to do it. As others have said, forewarned is forearmed. Having the information allows people to make educated choices.