My understanding is that Alan and the other key ha-linux developers were already quite familiar with most of the proprietary systems on the market when they created the original design. I don't know if you consider that "a direct rip-off" or if you are implying something more sinister, but since Alan works on ha-linux with the full support of IBM I doubt that any actual code theft took place.
Your amazing powers of persuasion have convinced me to give up contributing to OSS projects. I must have been dreaming that I got all those pay raises by writing useful snippets of code, your logic is irrefutable.
I understand now that I've been devalued, and I will go sacrifice my cat to Ayn Rand as penance. How could I have been so blind!
If your company does not produce software for sale, then using OSS and contributing to the OSS you use decreases costs and support burdens for your employer.
Decreasing costs and support load is generally how I earn my bonuses. I reduced our corporate IT costs by over $600,000 per annum with OSS over the course of six years. With the promotions and correspondingly larger salary I recieve, I've been able to buy two new cars, a house, and build a gaming network in my basement. All from what you claim is "working for free".
Your greed has blinded you to the enormous benefits of giving stuff away. To answer your question, who is getting the real value from Open Source? I reply: Everybody involved! Except greedy proprietary software vendors, of course. And they've never done anything for me that I didn't have to pay for, so I owe them nothing. I donate code and money to OSS, because it is to my benefit to do so.
Plus, it gives you piles, cirrohsis of the liver, bad breath, ring-around-the-collar, and worms.
Stick with raw greed as your motivator. Greed makes you taller, cleaner, healthier and more sexually attractive!
In the "unlimited greed" model, it doesn't matter if contributing to OSS makes your world better, because you must NEVER EVER EVER give anything away -- even if you don't need it, and can't profit from it -- because charity by definition is bad!
SO, to be truly greedy, don't help OSS projects make better code that can make your company more profitable - hug your tiny, uninspired code changes to your fat little chest and WHINE!
Remember, if greed is good then UNLIMITED GREED IS UNLIMITED GOODNESS FOR YOU!!!
Alan does not accept patches to the heartbeat code that were developed on company time unless he receives a disclaimer from somebody at the company.
This is obviously spoofable, but it's probably a good way to legally protect the code -- Alan can honestly say he received it in good faith, which keeps IBM's lawyers' from breathing down his neck. It's kind of weird for me, though, I have to send a disclaimer giving myself permission to send in a patch....
So, to answer your question: explain to your CEO why helping the OSS community helps you to help your company, and get her/him to sign off on a policy that allows you to do so. Ask for legal authority to be delegated to yourself (or your boss) to license or assign corporate intellectual property to open-source projects. Then have HR propagate the policy to your co-workers.
"Sarge, the boys in the first squadron are planning to roll a grenade into your tent tonight." "Right, thanks, activate all their tourniquets!"
"Sarge, we don't want to burn down the village - there are only old women and babies here!" "Right, follow my orders or I activate your tourniquets!"
"Sarge, the Americans are just over the hill, but I found a backdoor in their software - should I trigger all their tournequets?" "Right, do it when I say 'charge'!"
FUD! It seems that people don't realize that sendmail 8.12 now has an excellent security model and very advanced queuing features.
True. Sendmail is very mature, and I find it integrates nicely with LDAP, SpamAssassin, MailScanner, etc. etc. etc.. I've never had a security problem in the eight years or so I've had it running here. I do load patches immediately, of course... but there have been more *nix kernel vulnerabilities than sendmail vulnerabilities during that time.
In fact, in comparison qmail in particular looks very outdated.
I don't know about that because I would never run qmail- I don't like the licensing restrictions. If I wanted a more secure architecture than sendmail's (did I mention I run sendmail chrooted as an unprivileged user?) I would use Wietse Venema's Postfix, which also has a segmented architecture and more congenial licensing. If I wanted maildirs instead of mbox, and I didn't feel competent to hack them into my sendmail.mc, I'd run Courier.
I personally have no need for qmail, or Exim either, but software diversity is good, especially in key infrastructure roles.
So, come on. What's an example of "un-pulp", or "professional", or "graduate-level" philosophy?
I'd recommend Meditations on First Philosophy by Descartes; that and Abbot's Flatland ought to be required reading somewhere around fifth grade. Once those have been digested, Godel, Escher, Bach: an eternal golden braid is an interesting read.
If you find GEB too insipid or "pulpy" you can try Heidegger and Hegel, Leibneiz.vs. Voltaire, and Hume.vs. Kant.
If you still find yourself unchallenged there is always Wittgenstein....
Oh, incidentally, the brain-in-a-vat/dark dream concept from The Matrix is actually covered rather well in Descartes and Kant. The cool thing about Matrix is the excellent use of modern special effects to illustrate this old but still fascinating idea.
Re:Blacklist AOL on your mailserver!!!
on
I, Spammer
·
· Score: 1
The word you're looking for is "viruses".
I used the word I wanted. I don't call computer disks "discs" and I don't call eight-bit data entities "bites", either.
"Virii" is what the people who write malicious self-progagating code call their creations.
"Viruses" are biological entities, not computer code.
The etymology is quite clear - it's modern technical slang - and it is an offshoot of normal english usage just like "hard disk" or "spammer".
I can't believe I'm replying to an AC! I hope you are actually Tom Christiansen.
Blacklist AOL on your mailserver!!!
on
I, Spammer
·
· Score: 4, Interesting
After dozens of attempts to get AOL to implement the most rudimentary outgoing filters on their Email system, and getting ZERO response, I have regretfully informed our user base that we will no longer accept any Email emanating from any machine with an AOL.COM IP address.
They are breaking the rules of the Internet (see: SMTP RFCs) by improperly implementing postmaster@aol.com (see rfc-ignorant.orgfor details) and their mail relays have sent hundreds of viruses into my domain.
I have asked all AOL users at my site who wish to continue emailing their home addresses from work to get a new service provider and given them two months to do so. I have recommended several small local ISPs to them that I know provide good service and never allow easily detected virii like Yaha, Klez and SoBig to transit their mail hubs.
We, fellow slashdotters, can use our enormous power as administrators of email hubs to get AOL's attention - since it seems more civilized methods are useless. The social contract of the Internet is simple; play by the rules (i.e. implement the required RFCs) or you are not part of the community.
Actually, I think that wind tunnel was made to burn villages. As I recall, it was specifically built to debug warbirds and not for the advancement of aeronautic science as you imply. There is plenty of documentation... so you don't have to take my word for it, maybe I'm misremembering the details.
Try this excellent wind tunnel site clicky and see if I am wrong.
If a registry (meaning: the actual database, used by the registrar to generate name/number correspondences that are loaded into the root DNS) is down there is a problem... if users don't find whois information where they expect it, that is not necessarily a problem and certainly does not warrant major concern.
You understand, clearly, but the majority of people posting to this/. story have fallen completely off the cluetrain.
My.org domain ran fine all weekend. I do not believe there is any issue of real importance behind all this fooferaw.
You can't "whois" a.org domain without specifying a valid.org whois server. THE SKY IS FALLING! Guess what, you can't whois a.mil domain without specifying a valid.mil whois server. Nothing to report here, system works as advertised.
The important function of a registrar is to feed names into the root nameservers. I don't see any indication of any flaws in that process. All the.org names seem to resolve fine, and I got a total of ZERO problem reports over the weekend from our 24x7.org site. Did anyone else have a real DNS problem, or is this all a case of the Register placing too much value on the compiled-in defaults for the whois client?
Why doesn't DirectX v7 (presumably you are referring to the DirectPlay NetCode) NAT properly? I found some answers on DXport, which claims to be able to force DX7 and 8 games to work with NATs. Seems the protocol isn't that broken with regards to NATing.
Let me give you an example: If you are playing SMACX (Sid Meier's Alpha Centauri, Alien Crossfire expansion, which is a typical v7 multiplayer game) with players on both the inside (RFC1918 10.xxx addressing) and the outside (IANA Internet unique numbers) of a NATting firewall (let's say, an OpenBSD or Smoothwall box) you will have to set the NAT engine to point incoming directX to the game host's box inside the firewall. Now, all players will be able to contact the primary host, so map synchro and such will work OK. But, multiplayer chat will *NOT* work, because the nodes on the outside can ONLY talk to the primary host on the inside. Several game functions depend on peer-to-peer connections between client nodes without primary host intervention - these functions simply will not work, as the external nodes have all their traffic NATted to the primary host, which discards the unsolicited packets instead of forwarding them to the intended recipient. The basic problem is that the DirectX design uses the old IBM-mainframe "100% reliable network" paradigm, and not the Internet-style "completely unreliable network" paradigm. If a packet can't get through one way... oops, there is only one way. Or at least that's how it plays out in real life (I have considerable experience with this). I imagine a DX-masq module that tracked incoming and outgoing connections, along the lines of the quake and IRC masq modules, could be run to get around this problem. But I haven't written it (yet!) and I haven't found any indication that anyone else has. You'd have to packet-sniff quite a bit to get the necessary information out of the DX traffic I think.
Why must certain types of ICMP be allowed? Is "port unreachable" really necessary, or can connections to unreachable ports simply time out? Echo certainly isn't necessary.
ICMP is required for PMTU discovery. If you have ICMP blocked, you will experience lots of apparently random TCP failures, and much of the Internet will not be able to talk to you. MTU dicovery protocols are a good and desirable thing, and it is rare that a site would have legitimate reason to break them.
As for FTP, passive mode is preferred as it allows connections to be initiated by the client rather than the server (or maybe the other way around, I'm tired, and its late), so I fail to see how its relevant.
It's only relevant (and barely) as an example of an oddball protocol; I was pointing out that problems will certainly result from an overly restrictive firewall being put in place on an existing network. For FTP, sure, you can reconfigure most clients to use more modern defaults. Do you know for a fact that all the end-users (who may be transferring vitally important files daily) know this? You shouldn't be implementing a firewall unless you know what machines on your site are using FTP, and what they use it for, and etc. etc. etc... FTP and telnet are legacy protocols, and should be eliminated when possible and accomodated when necessary. Too often a firewall is dropped in place, with the FTP control port open and the data port blocked, and the site experiences major disruption of profit-generating activities because the users suddenly can't do their jobs (and they will of course report it to the help desk as "my PC is broken" not "the firewall dropped my FTP packets").
But I'm willing to be enlightened.
Aha, you hold the key to great wisdom. I recommend the Platform Sutra. My apologies for the excessively wordy post.
I deal with a lot of sites that are implementing security for the first time due to HIPAA regulation.
If you are a stone-cold IP expert, that is, you can name at least thirty ports and their uses off the top of your head, you know exactly why DirectX v7 doesn't NAT properly, you are intimate with the ICMP packet structure, you know why FTP uses more than one channel (and how to proxy that) you are qualified to do this.
If you aren't an expert, and you set up a firewall for an existing site using the philosophy of "everything that is not mandatory is forbidden" you might cause more trouble than you'd have from not using a firewall at all.
If you want to become an expert, set up a NEW network with a firewall, or do it at home, or something. Don't break business processes for 10,000 users because you don't understand that certain types of ICMP must be allowed, or because you don't understand FTP port negotiation.
If you want the security, and you are too cheap to hire an expert and too proud to take training, at least run some serious packet logging on all your outbound links for a month or more (business runs on monthly, quarterly and yearly cycles) so you know what is going on before you break it.
And don't forget IP-addressed ingress and egress filters - i.e. don't let people send packets IN to your domain using your source addresses, and don't let people send packets OUT of your domain unless they ARE using your source addresses.
As I understand it, Phoenix was just the browser heartwood split out of the Mozilla suite, and thus it really always was "the Mozilla Browser"; Netscape's "Navigator" component but without the AOL/Netscape bloat and advertising... sounds good, doesn't it?
The Mozilla custom install in the current suite calls the browser piece navigator, incidentally (At least in 1.3.1 it does). But a phoenix/firebird install gives you an even leaner, faster Mozilla browser than a custom Mozilla install that includes only navigator.
I applaud the Phoenix, er, Firebird, er, Mozilla browser team's initiative to properly modularize the web browsing code and chop out the unneeded IRC client, Email client, usenet agent, etc. etc. etc. all of which deserve their own software (that I can choose NOT to run!).
I'm afraid you recall incorrectly; both Marconi and Tesla used spark gaps as well as coil antennas for various purposes.
Marconi's title of "Inventor of Radio" was given in error, as evidenced by the supreme court decision awarding the discovery to Tesla; however, it's pretty likely that both men "invented" radio independently and are equally deserving of credit.
I'm not aware of Tesla using any "50ft tall tower" - are you referring to the Wardenclyffe installation or the Colorado Springs coil? The Wardenclyffe tower was well over 100ft, and projected more than 100ft below the ground as well.
More inflammatory, ridiculous rhetoric from the drooling nerd crowd.
What on earth are you talking about? Are you an idiot? They haven't ever been 'convicted' of a criminal offense. The only thing they're guilty of is aggravating a bunch of dirty, hypocritical ("I'm a libertarian... Up with big government, down with Microsoft!") dweebs.
The 1996 decision in re: Stac Electronics doesn't count? Microsoft was fined $120,000,000 USD and had a court-ordered worldwide recall of their operating system, because they blatantly stole source code from a competitor.
Slashdot Mirror
My understanding is that Alan and the other key ha-linux developers were already quite familiar with most of the proprietary systems on the market when they created the original design. I don't know if you consider that "a direct rip-off" or if you are implying something more sinister, but since Alan works on ha-linux with the full support of IBM I doubt that any actual code theft took place.
Your amazing powers of persuasion have convinced me to give up contributing to OSS projects. I must have been dreaming that I got all those pay raises by writing useful snippets of code, your logic is irrefutable.
I understand now that I've been devalued, and I will go sacrifice my cat to Ayn Rand as penance. How could I have been so blind!
Apparently you haven't noticed that I AM the OSS developer. In a small way, certainly; I don't actually run any OSS projects.
So, for the last time, I'll answer your question: Who is making th emoney off of the OSS? The answer is me.
Linus Torvalds makes a pretty nice salary, too.
If your company does not produce software for sale, then using OSS and contributing to the OSS you use decreases costs and support burdens for your employer.
Decreasing costs and support load is generally how I earn my bonuses. I reduced our corporate IT costs by over $600,000 per annum with OSS over the course of six years. With the promotions and correspondingly larger salary I recieve, I've been able to buy two new cars, a house, and build a gaming network in my basement. All from what you claim is "working for free".
Your greed has blinded you to the enormous benefits of giving stuff away. To answer your question, who is getting the real value from Open Source? I reply: Everybody involved! Except greedy proprietary software vendors, of course. And they've never done anything for me that I didn't have to pay for, so I owe them nothing. I donate code and money to OSS, because it is to my benefit to do so.
Plus, it gives you piles, cirrohsis of the liver, bad breath, ring-around-the-collar, and worms.
Stick with raw greed as your motivator. Greed makes you taller, cleaner, healthier and more sexually attractive!
In the "unlimited greed" model, it doesn't matter if contributing to OSS makes your world better, because you must NEVER EVER EVER give anything away -- even if you don't need it, and can't profit from it -- because charity by definition is bad!
SO, to be truly greedy, don't help OSS projects make better code that can make your company more profitable - hug your tiny, uninspired code changes to your fat little chest and WHINE!
Remember, if greed is good then UNLIMITED GREED IS UNLIMITED GOODNESS FOR YOU!!!
Alan Robertson, who maintains the heartbeat package and works for IBM, recently posted to the ha-linux list on this subject.
Alan does not accept patches to the heartbeat code that were developed on company time unless he receives a disclaimer from somebody at the company.
This is obviously spoofable, but it's probably a good way to legally protect the code -- Alan can honestly say he received it in good faith, which keeps IBM's lawyers' from breathing down his neck. It's kind of weird for me, though, I have to send a disclaimer giving myself permission to send in a patch....
So, to answer your question: explain to your CEO why helping the OSS community helps you to help your company, and get her/him to sign off on a policy that allows you to do so. Ask for legal authority to be delegated to yourself (or your boss) to license or assign corporate intellectual property to open-source projects. Then have HR propagate the policy to your co-workers.
Some of the uses for these are pretty obvious....
"Sarge, the boys in the first squadron are planning to roll a grenade into your tent tonight."
"Right, thanks, activate all their tourniquets!"
"Sarge, we don't want to burn down the village - there are only old women and babies here!"
"Right, follow my orders or I activate your tourniquets!"
"Sarge, the Americans are just over the hill, but I found a backdoor in their software - should I trigger all their tournequets?"
"Right, do it when I say 'charge'!"
True. Sendmail is very mature, and I find it integrates nicely with LDAP, SpamAssassin, MailScanner, etc. etc. etc.. I've never had a security problem in the eight years or so I've had it running here. I do load patches immediately, of course... but there have been more *nix kernel vulnerabilities than sendmail vulnerabilities during that time.
I don't know about that because I would never run qmail- I don't like the licensing restrictions. If I wanted a more secure architecture than sendmail's (did I mention I run sendmail chrooted as an unprivileged user?) I would use Wietse Venema's Postfix, which also has a segmented architecture and more congenial licensing. If I wanted maildirs instead of mbox, and I didn't feel competent to hack them into my sendmail.mc, I'd run Courier.
I personally have no need for qmail, or Exim either, but software diversity is good, especially in key infrastructure roles.
Girls: Taser.
Guys: Personal faraday cage.
Both: Cell phone with non-metallic case.
Hrmh, glad I missed the movie. The book is rather good, but the technology in it is so dated that younger readers might find it laughable.
Machiavelli's "Art of War", though usually overshadowed by Sun Tzu's pithier volume of the same name, is also worth reading.
If you find GEB too insipid or "pulpy" you can try Heidegger and Hegel, Leibneiz
If you still find yourself unchallenged there is always Wittgenstein....
Oh, incidentally, the brain-in-a-vat/dark dream concept from The Matrix is actually covered rather well in Descartes and Kant. The cool thing about Matrix is the excellent use of modern special effects to illustrate this old but still fascinating idea.
"Virii" is what the people who write malicious self-progagating code call their creations.
"Viruses" are biological entities, not computer code.
The etymology is quite clear - it's modern technical slang - and it is an offshoot of normal english usage just like "hard disk" or "spammer".
I can't believe I'm replying to an AC! I hope you are actually Tom Christiansen.
No prob. Glad to hear you're back online.
After dozens of attempts to get AOL to implement the most rudimentary outgoing filters on their Email system, and getting ZERO response, I have regretfully informed our user base that we will no longer accept any Email emanating from any machine with an AOL.COM IP address.
.orgfor details) and their mail relays have sent hundreds of viruses into my domain.
They are breaking the rules of the Internet (see: SMTP RFCs) by improperly implementing postmaster@aol.com (see rfc-ignorant
I have asked all AOL users at my site who wish to continue emailing their home addresses from work to get a new service provider and given them two months to do so. I have recommended several small local ISPs to them that I know provide good service and never allow easily detected virii like Yaha, Klez and SoBig to transit their mail hubs.
We, fellow slashdotters, can use our enormous power as administrators of email hubs to get AOL's attention - since it seems more civilized methods are useless. The social contract of the Internet is simple; play by the rules (i.e. implement the required RFCs) or you are not part of the community.
Your real name is not Fyodor.
Why did you choose this particular pseudonym?
Actually, I think that wind tunnel was made to burn villages. As I recall, it was specifically built to debug warbirds and not for the advancement of aeronautic science as you imply. There is plenty of documentation... so you don't have to take my word for it, maybe I'm misremembering the details.
Try this excellent wind tunnel site clicky and see if I am wrong.
Right, what we have is an unsupported report that a trivial database, loosely linked to the registry, was down for some period.
/. story have fallen completely off the cluetrain.
See the PIR FAQ, "What is a domain name registry".
If a registry (meaning: the actual database, used by the registrar to generate name/number correspondences that are loaded into the root DNS) is down there is a problem... if users don't find whois information where they expect it, that is not necessarily a problem and certainly does not warrant major concern.
You understand, clearly, but the majority of people posting to this
My .org domain ran fine all weekend. I do not believe there is any issue of real importance behind all this fooferaw.
.org domain without specifying a valid .org whois server. THE SKY IS FALLING! Guess what, you can't whois a .mil domain without specifying a valid .mil whois server. Nothing to report here, system works as advertised.
.org names seem to resolve fine, and I got a total of ZERO problem reports over the weekend from our 24x7 .org site. Did anyone else have a real DNS problem, or is this all a case of the Register placing too much value on the compiled-in defaults for the whois client?
You can't "whois" a
The important function of a registrar is to feed names into the root nameservers. I don't see any indication of any flaws in that process. All the
Anyone?
The basic problem is that the DirectX design uses the old IBM-mainframe "100% reliable network" paradigm, and not the Internet-style "completely unreliable network" paradigm. If a packet can't get through one way... oops, there is only one way. Or at least that's how it plays out in real life (I have considerable experience with this).
I imagine a DX-masq module that tracked incoming and outgoing connections, along the lines of the quake and IRC masq modules, could be run to get around this problem. But I haven't written it (yet!) and I haven't found any indication that anyone else has. You'd have to packet-sniff quite a bit to get the necessary information out of the DX traffic I think.
ICMP is required for PMTU discovery. If you have ICMP blocked, you will experience lots of apparently random TCP failures, and much of the Internet will not be able to talk to you. MTU dicovery protocols are a good and desirable thing, and it is rare that a site would have legitimate reason to break them. It's only relevant (and barely) as an example of an oddball protocol; I was pointing out that problems will certainly result from an overly restrictive firewall being put in place on an existing network. For FTP, sure, you can reconfigure most clients to use more modern defaults. Do you know for a fact that all the end-users (who may be transferring vitally important files daily) know this? You shouldn't be implementing a firewall unless you know what machines on your site are using FTP, and what they use it for, and etc. etc. etc... FTP and telnet are legacy protocols, and should be eliminated when possible and accomodated when necessary. Too often a firewall is dropped in place, with the FTP control port open and the data port blocked, and the site experiences major disruption of profit-generating activities because the users suddenly can't do their jobs (and they will of course report it to the help desk as "my PC is broken" not "the firewall dropped my FTP packets").
Aha, you hold the key to great wisdom. I recommend the Platform Sutra. My apologies for the excessively wordy post.
--Charlie
I deal with a lot of sites that are implementing security for the first time due to HIPAA regulation.
If you are a stone-cold IP expert, that is, you can name at least thirty ports and their uses off the top of your head, you know exactly why DirectX v7 doesn't NAT properly, you are intimate with the ICMP packet structure, you know why FTP uses more than one channel (and how to proxy that) you are qualified to do this.
If you aren't an expert, and you set up a firewall for an existing site using the philosophy of "everything that is not mandatory is forbidden" you might cause more trouble than you'd have from not using a firewall at all.
If you want to become an expert, set up a NEW network with a firewall, or do it at home, or something. Don't break business processes for 10,000 users because you don't understand that certain types of ICMP must be allowed, or because you don't understand FTP port negotiation.
If you want the security, and you are too cheap to hire an expert and too proud to take training, at least run some serious packet logging on all your outbound links for a month or more (business runs on monthly, quarterly and yearly cycles) so you know what is going on before you break it.
And don't forget IP-addressed ingress and egress filters - i.e. don't let people send packets IN to your domain using your source addresses, and don't let people send packets OUT of your domain unless they ARE using your source addresses.
--Charlie
I think you got it right, actually.
As I understand it, Phoenix was just the browser heartwood split out of the Mozilla suite, and thus it really always was "the Mozilla Browser"; Netscape's "Navigator" component but without the AOL/Netscape bloat and advertising... sounds good, doesn't it?
The Mozilla custom install in the current suite calls the browser piece navigator, incidentally (At least in 1.3.1 it does). But a phoenix/firebird install gives you an even leaner, faster Mozilla browser than a custom Mozilla install that includes only navigator.
I applaud the Phoenix, er, Firebird, er, Mozilla browser team's initiative to properly modularize the web browsing code and chop out the unneeded IRC client, Email client, usenet agent, etc. etc. etc. all of which deserve their own software (that I can choose NOT to run!).
/.
I'm not a lawyer, so this sort of semantic chicanery is lost on me.
Microsoft stole intellectual and physical properties, they got caught, they got punished by the court system.
And incidentally, it's scientist not surgeon- I don't practice medicine professionally.
--Charlie
/.
I'm afraid you recall incorrectly; both Marconi and Tesla used spark gaps as well as coil antennas for various purposes.
Marconi's title of "Inventor of Radio" was given in error, as evidenced by the supreme court decision awarding the discovery to Tesla; however, it's pretty likely that both men "invented" radio independently and are equally deserving of credit.
I'm not aware of Tesla using any "50ft tall tower" - are you referring to the Wardenclyffe installation or the Colorado Springs coil? The Wardenclyffe tower was well over 100ft, and projected more than 100ft below the ground as well.
--Charlie
That doesn't count as a conviction? Why not?
--Charlie