Feel free to write your own if that doesn't fit in with your plans
Your assertion that I'd have to suffer the "punishment" of writing my own is a false dichotomy that hinges on me either being able to "write my own" or use GPL code. This isn't the case.
GPL doesn't have a monopoly on open source. GPL has some real competition from alternative open source licenses. Unless your GPL code has a very compelling reason for me to use it, I'll pick the BSD code every time. If enough people do the same thing, the GPL will become a small player in the open source market. If GPL becomes a small player, the GPL backers lose all their leverage.
You are free to hold your world view, but don't think I have to conform to it when I can just pick up some BSD code down the block, use it, and contribute to that instead. The competition in the open source world is heating up, and to be frank, I dont see a bright future for GPL.
I and others would see as refusal to open up more of your work.
I disagree with this kind of world view, but fair enough. Just don't be surprised when your project doesn't get as much action as that hip new BSD one down the street.
They dont make much from us clicking on the ads either. People who bother do register accounts become blind to them.
Slashdot doesn't directly make money from us writing comments. The indirectly make money from us because our comments give a reason for people to visit. Without them, the website wouldn't be interesting and nobody would visit... thus making this place unattractive to advertisers.
I can definitively say my account is cooler than yours though. You people and your weird ass comment settings:-)
At least I can't seem to post as you. It wouldn't even moderate when my "account" had mod points. What a weird ass bug. I bet their damn cache code is trashed... memcached is a wicked evil mistress.
And I dont! That is the point of the article. Evidently I'm not alone and many more people avoid GPL codebases because it doesn't let them contribute back either!
And let me tell you, you have a weird comment threshold set, buddy. And some of you people and your minimalist mode... why do you guys turn off javascript-- this place is easier with it on!
that isn't this. I suspect what they ment that answer to be for people who get confused because other user profile pages look like there. In this case, the damn website thinks I'm logged in as somebody else! Hopefully this glitch doesn't extend further than the story pages and people can't reset the password on my real account. Who knows who this will post as!
(guess it posts as me, not whoever it things is logged into this page)
That is the catch (and this is actually becoming boring:-)...
I can't reciprocate when your code is GPL'd. Since I would linking to your code (say, a CPAN module), your code would put my own codebase in a legal gray area. Therefore, I can't give back the changes that are relevant to you without also potentially being required to give back the entire codebase that uses your library.
So yeah... I'd like to reciprocate, but your license won't let me!
i.e. you want to have your cake and eat it too. i.e. dual licenses schemes like MySQL's. i.e. you want to sell your GPL code.
then yes, the GPL or some derivative would seem to make the most sense
For you "owner" of the code, yeah--especially if you are extra weasely and require copyright assignment. For contributors, it is a scam. Why the hell should I contribute to your dual licensed garbage so you can turn around and profit from my work? I never understood why such companies aren't hassled more about this. It is really a great scam--you get a bunch of people contributing to your work for free and you get to sell it all. Course, I guess the same holds true for most things on the internet--flickr doesn't take pictures, its users do and flickr profits from that. Slashdot doesn't have a script to write comments, we write them and they profit from that. So I might be wrong on this... but the dual-license guys seem way more blatant, probably because I get a lot of satisfaction posting here, but dont really get much satisfaction contributing to some faceless corporations open source project.
The alternate model of giving the software away for free and charging for service instead adds an interesting wrinkle to the equation
A sucky one though. I doubt many programmers on this board want to be in a position that the work they produce for a company is essentially worthless and the way to move up is through the tech support department. I also doubt customers would benefit either since giving away the software and charging for support creates an incentive to make shoddy software that requires a lot of hand-holding.
Eric is basically right. I've been burned in the past, so I now pay attention to the license an application uses (something you should get into the habit of doing).
Here is my decision tree for deciding to use an application licensed under any FOSS license:
1) If I plan to modify the application in any way, or use it as a library, it has to be under a BSD derived license. This means BSD, MIT, Apache, MSPL, Perl's artistic license, or anything similar. GPL, or any "viral" license is out... I dont touch GPL code anymore (actually, this is a lie, see below).
1.1) There are exceptions to the "used as a library" rule. If everybody else is using said library in their application (eg: libmysql), nobody is gonna try to GPL-ize my whole application. And if they do go after me, it will only be because I'm so successful that I become a target for such nonsense. If your library is nothing more than a CPAN module and it is GPL, I can't use it, sorry.
2) If I don't plan to modify the application for use in my project, the license becomes less important. In these cases, I look at other factors such as how active the project is. I don't like depending on projects that haven't been touched since 2005.
3) If your application or code will become a non-linked dependency of my application (for example, a GPL'd version control system), I don't really care what the license is. Since it isn't linked into my application, I won't get "infected". In fact, I might even contribute to your GPL project provided my contributions are independent works and don't come out of my own "toolkit" so-to-speak.
4) If you require me to assign copyright to you before I can contribute, you are a scam and can piss up a rope. Granted, many of the big-boys require this (most GNU stuff, Firefox(?), MySQL) and so I might be willing to cave in an contribute anyway provide what I'm contributing is an important bugfix and doesn't erode ownership my personal toolkit (i.e. the good stuff). The scam guys are companies who want ownership so they can cook up dual license schemes and profit from your work (MySQL). Scammers can pay for their own bugfixes...
Bottom line, I won't touch GPL for anything that might make my mainline code become a derivative work and force it all to become GPL'd. BSD'sh licenses cannot do this to my mainline code, so I can use their stuff and contribute anything I think they will find useful. GPL doesn't let me cherry pick useful stuff out of my code, so they miss out on some pretty cool things. Since I dont like leeching from GPL stuff (using it, but having no way to give back), I just avoid it instead.
In other words, if you GPL your project, $SUPER_BIG_COMPANY can't lift your code and make $MILLIONS$ but only at a heavy cost--the pool of people who are able to work on your project becomes much, much smaller. BSD-style licenses are attractive to business precisely because business knows they can contribute changes without getting into trouble. If I use a BSD anything, I know that I have the option to deeply embed the code into my application, still be able to contribute back any changes, and retain control over my intellectual property. GPL reduces control over my IP and thus I can only depend on it in the loosest way possible. The second I want to make any contributions, depending on how I used the GPL code, my entire portfolio might be in legal jeopardy. Not cool.
Back in like 1998 or so when mp3's were just arriving on the scene, Winamp would peg the CPU at just about 25% -> 35% to play a 128kbps stream.
Rip/transcode CDs.
This took forever. Something like 5 minutes a song--at 128kbps.
The only thing that's reall changed in the last 10 years is that the tools have changed in appearance
No, actually that is false. See above. I could list more, but I wont bother as for some reason people like you seem to think green-screen consoles are all that we need. Everything else, after all, is "appearance".
"end user experience"
Your use of scare quotes seem to imply that this is not important. You are wrong. The end-user experience is the most important part. What actually happens under the hood, nobody but nerds like us care about. Forget this rule, and find yourself unmarketable and unemployable.
Prediction: In 5 years, lighttpd and nginx will have taken over at least 30 or 40% of Apache's market. Unless Apache does something about their config file, that is.
This is offtopic for this story, but I've always wondered about those "15 minutes to $CITY" signs. When there is no traffic, do they make their estimate using the speed limit, or using the actual speed of traffic? In other words, if the speed of traffic is 80 mph and the speed limit is 65 mph, which do they use?
At least, I think that is the way micropayments would pan out. The system would be distributed and would work closer to how you pay for games on your cell phone. As a consumer, your ISP would tack on all your transactions for the month and put it on your bill. I would imagine the ISP would do this using some kind of functionality built into their routers (and could offer it to their downstream clients, if needed). If your ISP does not offer this "micropayment on demand" service, you could use a consolidated service instead or defer to your upstream if they have it. As a provider that accepts micropayments, I have no clue--clearly you'd need SSL (and thus IPv6 to soak up the additional demand for IP's). You'd need a way to take $0.005 transactions and put them into your bank account. Your governments ministry of tax would probably want you to report this income.
Of course, the devil is in the details and in this case, there are a *lot* of details. Details like billing disputes, who takes liability for deadbeats who don't pay the ISP, or deadbeat ISP's who don't pay the content providers. How do deal with webhosting companies whose sysadmins are using lynx to download something quickly, how to deal with corporate internet connections, how to deal with multiple currencies. Where to put it on the protocol stack (I'd say, as protocol on top of TCP/IP and would be built into your Cisco router--not something on top of HTTP like OpenID* ). I mean fuck, lets not forget the most important bit--how to tax it! Who gets the tax on a micropayment sent by a visitor in Seattle using a ISP based in San Fransisco to pay for a website in France? Do I pay Seattle's rate, San Fransisco's, or France's?
There are enough technical and political issues with micropayments that the solution might cost more than the potential returns.
PS: I hear they decided to leave micropayments out of Web 3.0, so we might have to wait until at least Web 4.0.
* I think part of the reason OpenID is so slow to catch on is due to the fact it is layered on top of HTTP. Had it been a "real" protocol on top of TCP/IP, it could have been used for authentication of other services, not just web services--for example the authentication of IMAP sessions, IM services, or multiplayer games like WoW.
Well, how about I just steal your GPL code and embed it in my application without following it's terms? In fact, I plan to sell it and make a million bucks off your GPL code!
Does that make you hot and bothered? If it does, you now have a reason to be pissed about piracy too. Both are the *exact* same thing.
Yeah, right. If the UI was the easy part, why do almost all UI's suck?
skinning
If you think skins are gonna fix a UI, I've got news for you. Having the ability to add girls sitting on the hoods of of cars wearing tightly clad bikinis does not make a good UI.
Is there any reason you couldn't put an SSL accelerator on a USB device? Lots of servers have a ton of unused USB ports sitting around. If you could make it USB, you wouldn't have to rip open the web server/reverse proxy server to install it. Sure somebody might walk off with the device, but if you can mitigate that somehow, is there anything technically wrong with the idea?
First, JavaScript is a very nice language indeed. If you've never learned functional programming, JavaScript is a good language to learn in. Why? You can actually do real work while learning! As for the new language spec...
Getters and setters are nice, but I'm not sure they serve a purpose in javascript--javascript is more functional than it is OO and I think people learning the language should change mindsets rather than the langage get bastardized to something it is not. I dunno, somebody can challenge me on this.
Good to see they are thinking about adding a "use strict". You aren't an adult language until you have a way to force variable declaration. Hopefully "use strict" will apply to a module or block, not to the entire project. I want to "strictify" my own JavaScript, but I dont want the browser to choke on some sloppy copy-and-paste deal from AdSense or analytics.
Lastly, JSON. There are a couple "gotchas" with it... namely when you generate JSON using a loosely typed language like Perl and try to feed it into a strongly typed language like C# (i.e. silverlight). Depending on the serializer / deserializer used on the strongly-typed side, you'll run into things.
For example, the deserializer in C# just might choke on this: "themes": [// it will puke on this:
{
"theme_id": "34",// i am a string!
"last_mod": "2009-04-09 13:04:27.232-07"// I am a postgresql date, but I'd also barf on ISO8601
},// puke free:
{
"theme_id": 34,// I am an int!
"last_mod": new Date(3000, 00, 01, 00, 00, 00)// i am a legit Date()
}
]
Why? Perl serialized the integers as a string. Depending on the deseralizer, it might choke on those strings if it was expecting a number. YUI would also be pissed off about the date not being a javascript Date()--good luck finding a serializer that produces such a thing! My point? These are some surprise gotchas you have to worry about when dealing with JSON. Not sure who is to "blame"--perl for being loosely typed, the deserializers for being to strict. This would be a problem with XML as well though.
but that doesn't justify the existence of libraries
Until javascript can traverse the DOM with something as elegant as $('.cat').click(function(){});, I'll be using jQuery for just about ever. Otherwise, I hope you are right. All these wrapper libraries are getting out of hand.
Culture. Windows grew up on the desktop and moved into the server. Unix grew up on the server and is trying to make inroads on the desktop. "Normal users" will force unix systems to compromise some of their security to make life easier. Windows has had to compromise by removing the "everybody is an admin--free love for all" that existed all the way up to XP. By default, Vista users aren't running as root and the only way to become root is either a UAC dialog or a privilege escalation exploit.
That doesn't account for the server-end though. And why earlier versions of said products had so many holes I will attribute to culture.
Why GNU su does not support the wheel group (by Richard Stallman) Sometimes a few of the users try to hold total power over all the rest. For example, in 1984, a few users at the MIT AI lab decided to seize power by changing the operator password on the Twenex system and keep- ing it secret from everyone else. (I was able to thwart this coup and give power back to the users by patching the kernel, but I wouldn't know how to do that in Unix.)
However, occasionally the rulers do tell someone. Under the usual su mechanism, once someone learns the root password who sympathizes with the ordinary users, he can tell the rest. The "wheel group" feature would make this impossible, and thus cement the power of the rulers.
I'm on the side of the masses, not that of the rulers. If you are used to supporting the bosses and sysadmins in whatever they do, you might find this idea strange at first.
You dont need to stealth them that much really. The malware that runs on Linux uses the same techniques as the ones on windows. Yes, Linux does have malware of its own--usually in the form of some IRC bullshit for either botnet control or warez. Typically malware on either system will do one or more of the following:
1) Add themselves into Cron/Task Scheduler to ensure they get re-installed. 2) Use process names that look familiar-ish (though I've seen a couple on Windows that are just random filenames, which suspect might be to make them un-googleable) 3) Start up as a daemon/service 4) If they are any good, replace system executables with their own. Like replace ssh with their own version that sniffs your passwords or replace "explorer.exe" with some fancy new version that sends out spam. 5) Try to live in both hidden and "obvious" directories. On linux, I've seen shit get tucked into/dev or something like that *and* tuck into some random long hidden directory. On Windows... same thing. Bury yourself in C:\windows\system32 and also live in "C:\Program Files\C0rel Draw". 6) I did mention cron/task scheduler, right? Always watch for that... you'll forget and wonder why shit is still running on your machine.
Slashdot Mirror
Your assertion that I'd have to suffer the "punishment" of writing my own is a false dichotomy that hinges on me either being able to "write my own" or use GPL code. This isn't the case.
GPL doesn't have a monopoly on open source. GPL has some real competition from alternative open source licenses. Unless your GPL code has a very compelling reason for me to use it, I'll pick the BSD code every time. If enough people do the same thing, the GPL will become a small player in the open source market. If GPL becomes a small player, the GPL backers lose all their leverage.
You are free to hold your world view, but don't think I have to conform to it when I can just pick up some BSD code down the block, use it, and contribute to that instead. The competition in the open source world is heating up, and to be frank, I dont see a bright future for GPL.
I disagree with this kind of world view, but fair enough. Just don't be surprised when your project doesn't get as much action as that hip new BSD one down the street.
They dont make much from us clicking on the ads either. People who bother do register accounts become blind to them.
Slashdot doesn't directly make money from us writing comments. The indirectly make money from us because our comments give a reason for people to visit. Without them, the website wouldn't be interesting and nobody would visit... thus making this place unattractive to advertisers.
I can definitively say my account is cooler than yours though. You people and your weird ass comment settings :-)
At least I can't seem to post as you. It wouldn't even moderate when my "account" had mod points. What a weird ass bug. I bet their damn cache code is trashed... memcached is a wicked evil mistress.
And I dont! That is the point of the article. Evidently I'm not alone and many more people avoid GPL codebases because it doesn't let them contribute back either!
And let me tell you, you have a weird comment threshold set, buddy. And some of you people and your minimalist mode... why do you guys turn off javascript-- this place is easier with it on!
LOL, I think I've just been logged in as you :-) Mess with my account, I'll refresh until I go back to yours and will mess with you!
that isn't this. I suspect what they ment that answer to be for people who get confused because other user profile pages look like there. In this case, the damn website thinks I'm logged in as somebody else! Hopefully this glitch doesn't extend further than the story pages and people can't reset the password on my real account. Who knows who this will post as!
(guess it posts as me, not whoever it things is logged into this page)
That is the catch (and this is actually becoming boring :-)...
I can't reciprocate when your code is GPL'd. Since I would linking to your code (say, a CPAN module), your code would put my own codebase in a legal gray area. Therefore, I can't give back the changes that are relevant to you without also potentially being required to give back the entire codebase that uses your library.
So yeah... I'd like to reciprocate, but your license won't let me!
i.e. you want to have your cake and eat it too. i.e. dual licenses schemes like MySQL's. i.e. you want to sell your GPL code.
For you "owner" of the code, yeah--especially if you are extra weasely and require copyright assignment. For contributors, it is a scam. Why the hell should I contribute to your dual licensed garbage so you can turn around and profit from my work? I never understood why such companies aren't hassled more about this. It is really a great scam--you get a bunch of people contributing to your work for free and you get to sell it all. Course, I guess the same holds true for most things on the internet--flickr doesn't take pictures, its users do and flickr profits from that. Slashdot doesn't have a script to write comments, we write them and they profit from that. So I might be wrong on this... but the dual-license guys seem way more blatant, probably because I get a lot of satisfaction posting here, but dont really get much satisfaction contributing to some faceless corporations open source project.
A sucky one though. I doubt many programmers on this board want to be in a position that the work they produce for a company is essentially worthless and the way to move up is through the tech support department. I also doubt customers would benefit either since giving away the software and charging for support creates an incentive to make shoddy software that requires a lot of hand-holding.
Eric is basically right. I've been burned in the past, so I now pay attention to the license an application uses (something you should get into the habit of doing).
Here is my decision tree for deciding to use an application licensed under any FOSS license:
1) If I plan to modify the application in any way, or use it as a library, it has to be under a BSD derived license. This means BSD, MIT, Apache, MSPL, Perl's artistic license, or anything similar. GPL, or any "viral" license is out... I dont touch GPL code anymore (actually, this is a lie, see below).
1.1) There are exceptions to the "used as a library" rule. If everybody else is using said library in their application (eg: libmysql), nobody is gonna try to GPL-ize my whole application. And if they do go after me, it will only be because I'm so successful that I become a target for such nonsense. If your library is nothing more than a CPAN module and it is GPL, I can't use it, sorry.
2) If I don't plan to modify the application for use in my project, the license becomes less important. In these cases, I look at other factors such as how active the project is. I don't like depending on projects that haven't been touched since 2005.
3) If your application or code will become a non-linked dependency of my application (for example, a GPL'd version control system), I don't really care what the license is. Since it isn't linked into my application, I won't get "infected". In fact, I might even contribute to your GPL project provided my contributions are independent works and don't come out of my own "toolkit" so-to-speak.
4) If you require me to assign copyright to you before I can contribute, you are a scam and can piss up a rope. Granted, many of the big-boys require this (most GNU stuff, Firefox(?), MySQL) and so I might be willing to cave in an contribute anyway provide what I'm contributing is an important bugfix and doesn't erode ownership my personal toolkit (i.e. the good stuff). The scam guys are companies who want ownership so they can cook up dual license schemes and profit from your work (MySQL). Scammers can pay for their own bugfixes...
Bottom line, I won't touch GPL for anything that might make my mainline code become a derivative work and force it all to become GPL'd. BSD'sh licenses cannot do this to my mainline code, so I can use their stuff and contribute anything I think they will find useful. GPL doesn't let me cherry pick useful stuff out of my code, so they miss out on some pretty cool things. Since I dont like leeching from GPL stuff (using it, but having no way to give back), I just avoid it instead.
In other words, if you GPL your project, $SUPER_BIG_COMPANY can't lift your code and make $MILLIONS$ but only at a heavy cost--the pool of people who are able to work on your project becomes much, much smaller. BSD-style licenses are attractive to business precisely because business knows they can contribute changes without getting into trouble. If I use a BSD anything, I know that I have the option to deeply embed the code into my application, still be able to contribute back any changes, and retain control over my intellectual property. GPL reduces control over my IP and thus I can only depend on it in the loosest way possible. The second I want to make any contributions, depending on how I used the GPL code, my entire portfolio might be in legal jeopardy. Not cool.
PS: IANAL
Back in like 1998 or so when mp3's were just arriving on the scene, Winamp would peg the CPU at just about 25% -> 35% to play a 128kbps stream.
This took forever. Something like 5 minutes a song--at 128kbps.
No, actually that is false. See above. I could list more, but I wont bother as for some reason people like you seem to think green-screen consoles are all that we need. Everything else, after all, is "appearance".
Your use of scare quotes seem to imply that this is not important. You are wrong. The end-user experience is the most important part. What actually happens under the hood, nobody but nerds like us care about. Forget this rule, and find yourself unmarketable and unemployable.
Does that mean Debian wins?
Prediction: In 5 years, lighttpd and nginx will have taken over at least 30 or 40% of Apache's market. Unless Apache does something about their config file, that is.
When you start worrying if spammers are using open source licensing models.
Did you mean free as in Freedom(tm), or Free as in Beer?
I hate to break the news, but I somehow doubt spammers and mafia dudes are GPL'ing their code.
This is offtopic for this story, but I've always wondered about those "15 minutes to $CITY" signs. When there is no traffic, do they make their estimate using the speed limit, or using the actual speed of traffic? In other words, if the speed of traffic is 80 mph and the speed limit is 65 mph, which do they use?
At least, I think that is the way micropayments would pan out. The system would be distributed and would work closer to how you pay for games on your cell phone. As a consumer, your ISP would tack on all your transactions for the month and put it on your bill. I would imagine the ISP would do this using some kind of functionality built into their routers (and could offer it to their downstream clients, if needed). If your ISP does not offer this "micropayment on demand" service, you could use a consolidated service instead or defer to your upstream if they have it. As a provider that accepts micropayments, I have no clue--clearly you'd need SSL (and thus IPv6 to soak up the additional demand for IP's). You'd need a way to take $0.005 transactions and put them into your bank account. Your governments ministry of tax would probably want you to report this income.
Of course, the devil is in the details and in this case, there are a *lot* of details. Details like billing disputes, who takes liability for deadbeats who don't pay the ISP, or deadbeat ISP's who don't pay the content providers. How do deal with webhosting companies whose sysadmins are using lynx to download something quickly, how to deal with corporate internet connections, how to deal with multiple currencies. Where to put it on the protocol stack (I'd say, as protocol on top of TCP/IP and would be built into your Cisco router--not something on top of HTTP like OpenID* ). I mean fuck, lets not forget the most important bit--how to tax it! Who gets the tax on a micropayment sent by a visitor in Seattle using a ISP based in San Fransisco to pay for a website in France? Do I pay Seattle's rate, San Fransisco's, or France's?
There are enough technical and political issues with micropayments that the solution might cost more than the potential returns.
PS: I hear they decided to leave micropayments out of Web 3.0, so we might have to wait until at least Web 4.0.
* I think part of the reason OpenID is so slow to catch on is due to the fact it is layered on top of HTTP. Had it been a "real" protocol on top of TCP/IP, it could have been used for authentication of other services, not just web services--for example the authentication of IMAP sessions, IM services, or multiplayer games like WoW.
Well, how about I just steal your GPL code and embed it in my application without following it's terms? In fact, I plan to sell it and make a million bucks off your GPL code!
Does that make you hot and bothered? If it does, you now have a reason to be pissed about piracy too. Both are the *exact* same thing.
Yeah, right. If the UI was the easy part, why do almost all UI's suck?
If you think skins are gonna fix a UI, I've got news for you. Having the ability to add girls sitting on the hoods of of cars wearing tightly clad bikinis does not make a good UI.
You really think I was gonna fill in the guts of a sample function? .click() hooks the onclick event.
Is there any reason you couldn't put an SSL accelerator on a USB device? Lots of servers have a ton of unused USB ports sitting around. If you could make it USB, you wouldn't have to rip open the web server/reverse proxy server to install it. Sure somebody might walk off with the device, but if you can mitigate that somehow, is there anything technically wrong with the idea?
First, JavaScript is a very nice language indeed. If you've never learned functional programming, JavaScript is a good language to learn in. Why? You can actually do real work while learning! As for the new language spec...
Getters and setters are nice, but I'm not sure they serve a purpose in javascript--javascript is more functional than it is OO and I think people learning the language should change mindsets rather than the langage get bastardized to something it is not. I dunno, somebody can challenge me on this.
Good to see they are thinking about adding a "use strict". You aren't an adult language until you have a way to force variable declaration. Hopefully "use strict" will apply to a module or block, not to the entire project. I want to "strictify" my own JavaScript, but I dont want the browser to choke on some sloppy copy-and-paste deal from AdSense or analytics.
Lastly, JSON. There are a couple "gotchas" with it... namely when you generate JSON using a loosely typed language like Perl and try to feed it into a strongly typed language like C# (i.e. silverlight). Depending on the serializer / deserializer used on the strongly-typed side, you'll run into things.
For example, the deserializer in C# just might choke on this: // it will puke on this: // i am a string! // I am a postgresql date, but I'd also barf on ISO8601 // puke free: // I am an int! // i am a legit Date()
"themes": [
{
"theme_id": "34",
"last_mod": "2009-04-09 13:04:27.232-07"
},
{
"theme_id": 34,
"last_mod": new Date(3000, 00, 01, 00, 00, 00)
}
]
Why? Perl serialized the integers as a string. Depending on the deseralizer, it might choke on those strings if it was expecting a number. YUI would also be pissed off about the date not being a javascript Date()--good luck finding a serializer that produces such a thing! My point? These are some surprise gotchas you have to worry about when dealing with JSON. Not sure who is to "blame"--perl for being loosely typed, the deserializers for being to strict. This would be a problem with XML as well though.
Until javascript can traverse the DOM with something as elegant as $('.cat').click(function(){});, I'll be using jQuery for just about ever. Otherwise, I hope you are right. All these wrapper libraries are getting out of hand.
Hope you still have trumpet winsock!
Culture. Windows grew up on the desktop and moved into the server. Unix grew up on the server and is trying to make inroads on the desktop. "Normal users" will force unix systems to compromise some of their security to make life easier. Windows has had to compromise by removing the "everybody is an admin--free love for all" that existed all the way up to XP. By default, Vista users aren't running as root and the only way to become root is either a UAC dialog or a privilege escalation exploit.
That doesn't account for the server-end though. And why earlier versions of said products had so many holes I will attribute to culture.
Of course, Linux grew out of a culture that detested any kind of authority. Thus you find gems like this in early Linux documentation:
You dont need to stealth them that much really. The malware that runs on Linux uses the same techniques as the ones on windows. Yes, Linux does have malware of its own--usually in the form of some IRC bullshit for either botnet control or warez. Typically malware on either system will do one or more of the following:
1) Add themselves into Cron/Task Scheduler to ensure they get re-installed. /dev or something like that *and* tuck into some random long hidden directory. On Windows... same thing. Bury yourself in C:\windows\system32 and also live in "C:\Program Files\C0rel Draw".
2) Use process names that look familiar-ish (though I've seen a couple on Windows that are just random filenames, which suspect might be to make them un-googleable)
3) Start up as a daemon/service
4) If they are any good, replace system executables with their own. Like replace ssh with their own version that sniffs your passwords or replace "explorer.exe" with some fancy new version that sends out spam.
5) Try to live in both hidden and "obvious" directories. On linux, I've seen shit get tucked into
6) I did mention cron/task scheduler, right? Always watch for that... you'll forget and wonder why shit is still running on your machine.