No. This is not a correct argument against the GPL-ing of student programs. In general, copying is prohibited by the school's rules and regulations. It is an infraction against the university to plagarize in class, not (always) against the original author. In the case of the GPL, the original author would have no claim in the case of plagarism (asusming the copier followed all the terms required therein), but the school would. So it would be okay. -- // mlc, user 16290
It's true that it is mathematically impossible to ensure that a piece of fairly complex piece of code is bug-free...
Not impossible in an absolute sense, but merely extremely difficult. It is possible (though unlikely) that someone will come up with some process for quickly proving the correctness of code or that a very large number of mathematicians banging at a very large number of whiteboards would prove OpenBSD (or any other piece of software) correct.
Memory copies and buffer length checks are not the hardest thing in the world to find. You would think that a full audit would have uncovered them all.
Yes, but my understanding is that this is neither a memcpy or buffer length check but rather a race condition, which is something completely different.
Call me crazy, but this is the paranoid world in which we live. Nothing can be taken for granted anymore. This exploit should have easily been found. The fact that it wasn't suggests foul play.
OK: You're crazy. Well, maybe not crazy but certainly overzealously assuming foul play despite absence of any evidence. If "this exploit should have easily been found", then why didn't you find it? The answer is that security is a very complicated thing and that even well-intentioned, talented people occasionally make mistakes.
Perhaps. You may be interested to know that, in the paper edition of the NY Times, the article was in a special (read: ad-filled) section on "e-commerce."
This shows that the Times, at least, is interested in the same thing it always has been: money (and the power that comes from that). So, I disagree with your reading that the Iimes is interested in tech not as a means to an end but in itself. I think they are interested in it purely as a means to the end of business and money. -- // mlc, user 16290
I've a Roland UA-30. It's rather pricey, but very nifty. It's worked fine with Linux since 2.4.0, but previous versions (even the last of the 2.4.0-preN releases) would cut out for a little bit whenever there was video activity. 2.4.x has been just super, though.
If you don't need any inputs or digital connectors, there's also the Xitel An-1, which I've not tried but is only $40. Ignore all the minidisc talk if you like; it's just a USB-to-analog audio converter. I don't have one myself, but the linux-usb database says it works. -- // mlc, user 16290
The union (and, in many cases, even the threat of union) helps distribute the inherently unequal power in the employee-employer relationship towards the employee. One would probably not bother forming a union simply to overturn a dress code, but my point is that we see similar questions on Ask Slashdot all the time, yet there seems to be some ingrained fear of unions for some reason. -- // mlc, user 16290
Of course, GPG signed tarballs are what you would normally use to verify the files and protect against this, but how many people actually bother
with that?
And how would this help? If a backdoor has been inserted into the CVS version of a project, then the maintainer of the project would inadvertantly include the backdoor (assuming s/he didn't notice it already) in the tarball. S/he would then sign it, and you would assume it to be safe.
GPG-signatures can (at best) only prove that the package you downloaded is the same one that some known user uploaded -- they can't prove that there are no backdoors in the code, planted by either the gpg-signer or a third-party before the code was signed.
s/gpg/pgp/ if you like; they're the same. -- // mlc, user 16290
We have similar questions on Ask Slashdot every couple of weeks:
I love my employer, but they recently started doing xyz, which really pisses me off. Since I have no real grievence procedure, and not xyz isn't written down anywhere but has been a kind of informal agreement I knew they could break at any time, what ever can I do?
An answer (not always the answer) to these sorts of questions may be to form a union. I know, I know,/. types (and tech types in general) often think unions are some kind of big evil thing that is just out to beat you up, make money off you, and/or force you to go on strike. However, unions are specifically designed to give employees power with their employers. A democratically-run union (and I know that some aren't, but many are) can be the solution to the problem discussed in this issue of Ask/., as well as many others. -- // mlc, user 16290
I think things like these could be a great idea for places like public schools and libraries.
Indeed. This summer, I'm working for AmeriCorps and the Oakland Public Schools and one of the things we're doing is installing these NICs into all of the elementary schools. The ones we're putting in are slightly different, as they have all their system software one a CD-ROM rather than loading it by NFS, but they're otherwise the same thing. They're pretty nifty -- they can browse the web (Netscape 4.7), do word processing (AbiWord) storing files on a central server by Samba, and even have a few games. They're being donated by Oracle, but even if the school district were to buy them, they'd be able to get a lot more NICs at $200 than PCs at $1000, and the NICs do nearly everything that most people would want to do with a computer. -- // mlc, user 16290
Only problem is, from the website, it's too big to replace the conventional UPS that most places have. It has to be put underground, and it stores 2kWh of energy. -- // mlc, user 16290
Sorry if I wasn't adequetly clear above. "Tough-on-crime" politicians certainly disgust me, and I didn't mean to sound like one.
I don't think sidewalk-spraying is a terrible crime, and I would probably get over it if it were made legal (as long as individuals got the same freedom as corporations.) However, my point is that if society has decided that sidewalk-painting is illegal, then the given punishment is clearly far less of deterrent to a corporation than an individual and is therefore unjust as it makes it "easier" for corporations to break the law. It doesn't make sense to me that corporations (or rich people, for that matter) should have more rights than the rest of us simply because the punishment meted out upon them de facto has a lesser effect due to their great ability to pay.
I'm not going to get into a whole corporations-are-not-people rant here, but look up AdBusters or the Student Alliance to Reform Corporations or any one of a large number of other organizations if you'd like to see one. -- // mlc, user 16290
So, IBM has to pay $18k, probably + the guy's salary while's he's serving the community. This is peanuts for a marketing campaign of the scale they did. (I've personally seen the stupid ads in NYC and SF, and I'm sure they got at least a few more cities).
Some sneaker company (I forget which one) did a similar thing a couple years ago where they spraypainted ~ 200 ads on the sidewalk. Of course this was found to be illegal and they were forced to pay to clean it up. However, the cost of cleanup was more than an order of magnitude less than it would have cost them to buy 200 payphone ads or whatever! They prefigured in legal penalties as simply a cost of doing the campaign, and still decided it would be cost-effective to violate the law!
Clearly, stiffer penalties are needed when corporations violate the law -- the fines that are sufficient when individuals do bad things are peanuts to large corporations such as IBM.
(And, you'll have a hard time getting me to believe that IBM is about peace or love. Please! The co-opting of '60s imagery is disgusting in and of itself.) -- // mlc, user 16290
As someone who was in the courtoom, I didn't see the problem of lack of respect that you describe. Sometimes transcripts are not entirely able to convey what was going on. -- // mlc, user 16290
There is no court reporter official transcript for the 2nd Circuit Court of Appeals. (Really! Try calling them up and trying to get a transcript. You can't do it. You can only get an audio recording. As it says on the page, this is an unofficial transcript made by an EFF volunteer, OCR'd in by cryptome. So, there was a mistake in the volunteer transcription or the OCR. People are providing a free service, give them a little leeway! -- // mlc, user 16290
I think we should consider what it means that the justices gave her a lot of extra time to answer questions about her brief.
Certainly! It's important to note that the judges gave both sides a lot of extra time. I don't think we can interpret this to show how they'll decide, but I think it does show that the judges are willing to take this case seriously, and not just one of the string of sometimes-silly cases that they take every week. (The first case that morning was some woman who appeared to already have the thing she was suing for.) -- // mlc, user 16290
not the last-modified date, but rather an Expires: header will (hopefully) do the trick.
Cache-control: private is probably the best solution, as it lets the browser cache the page but tells the proxy not to. Not sure if this always works or not, though. -- // mlc, user 16290
"Standard" union dues are 2.6% of your salary. So, if they could negotiate a 10% raise for you, you'd still come up ahead of the game. -- // mlc, user 16290
If every [insert visible minority here] with [insert
specific features here] you deal with turns out to be trafficing a certain type of drug, you'll begin to be able to predict that [visible
minorities] with [features] will be carrying that same drug.
Yes, but then the problem becomes that many individuals of [visible minority] do not have that type of drug and they are then held up simply for their racial/ethnic/whatever status. Hardly seems like they kind of society I'd like to live in. -- // mlc, user 16290
Can you find the
Journal of the American Chemical Society online? (And I mean the real thing, not just a few tasty sample articles on the ACS website.)
My school has a number of online journal subscriptions accessible to anyone on the campus subnet (or authenticated to their proxy), including many of the ACS journals. Yes, this is full-text and complete. Indeed, one can often find journals online through this service that they don't even have in paper form in the physical library. -- // mlc, user 16290
Sadly, though, my guess is that there aren't too many accademic reasons for putting a server in your dorm room instead of using a university managed server - other
than to try to put up a server which doesn't fall under the normal AUP. Sure, it's a fun project and teaches a lot about administration - but it provides little academic
gain that setting up a university-wide-only server would not.
Certainly there are useful reasons. For example, I've got PHP and MySQL on my personal machine, whereas the standard university servers that I have access to do not. I was thus able to develop and demo a web application for a volunteer cause, show it to them, and make changes before obtaining the permanent box (outside of the university) that it'll run on. -- // mlc, user 16290
no GNU tool, or anything that goes with a regular Linux distro should be coded in
assembly.
I fear the day when this poster's "painfully obvious" statement comes true and distributions are afraid to ship the kernel, because parts of it are in assembly. I await the day (soon, hopefully) when distros can ship with a DVD player program which has some ASM optimizations so that it can work on a system that mere mortals can own. -- // mlc, user 16290
No, it's becasue our tax laws are so obfuscated that you need to either hire an accountant or buy the advice of one (via TurboTax or whatever) in order that you don't pay more taxes than you might be able to get away with otherwise. -- // mlc, user 16290
Where in the US is there a Post Office that is open past 5:00pm, except for special dates (like
April 15th)?
I live in NYC. The closest PO to me is open till 6, there is one a little farther away open until 8, and the big huge postoffice by Penn Station is open 24 hours. -- // mlc, user 16290
Right. He was indeed questioned, as the article you link to points out. I heard him speak a H2K this summer, and he said that the government had dropped all criminal charges. I'm fairly confident that I would've heard about it if he'd been tried or convicted of anything. // mlc, user 16290
Slashdot Mirror
No. This is not a correct argument against the GPL-ing of student programs. In general, copying is prohibited by the school's rules and regulations. It is an infraction against the university to plagarize in class, not (always) against the original author. In the case of the GPL, the original author would have no claim in the case of plagarism (asusming the copier followed all the terms required therein), but the school would. So it would be okay.
// mlc, user 16290
--
Not impossible in an absolute sense, but merely extremely difficult. It is possible (though unlikely) that someone will come up with some process for quickly proving the correctness of code or that a very large number of mathematicians banging at a very large number of whiteboards would prove OpenBSD (or any other piece of software) correct.
Yes, but my understanding is that this is neither a memcpy or buffer length check but rather a race condition, which is something completely different.
OK: You're crazy. Well, maybe not crazy but certainly overzealously assuming foul play despite absence of any evidence. If "this exploit should have easily been found", then why didn't you find it? The answer is that security is a very complicated thing and that even well-intentioned, talented people occasionally make mistakes.
--
This shows that the Times, at least, is interested in the same thing it always has been: money (and the power that comes from that). So, I disagree with your reading that the Iimes is interested in tech not as a means to an end but in itself. I think they are interested in it purely as a means to the end of business and money.
// mlc, user 16290
--
For those that can't/don't want to play .ogg files, the New York IndyMedia Center (whose webserver is actually called stallman) has an MP3 available at http://clients.loudeye.com/imc/nyc/stallman.mp3. File size is "only" ~34MB, instead of 49MB or 113MB for the .ogg
// mlc, user 16290
--
If you don't need any inputs or digital connectors, there's also the Xitel An-1, which I've not tried but is only $40. Ignore all the minidisc talk if you like; it's just a USB-to-analog audio converter. I don't have one myself, but the linux-usb database says it works.
// mlc, user 16290
--
The union (and, in many cases, even the threat of union) helps distribute the inherently unequal power in the employee-employer relationship towards the employee. One would probably not bother forming a union simply to overturn a dress code, but my point is that we see similar questions on Ask Slashdot all the time, yet there seems to be some ingrained fear of unions for some reason.
// mlc, user 16290
--
And how would this help? If a backdoor has been inserted into the CVS version of a project, then the maintainer of the project would inadvertantly include the backdoor (assuming s/he didn't notice it already) in the tarball. S/he would then sign it, and you would assume it to be safe.
GPG-signatures can (at best) only prove that the package you downloaded is the same one that some known user uploaded -- they can't prove that there are no backdoors in the code, planted by either the gpg-signer or a third-party before the code was signed.
s/gpg/pgp/ if you like; they're the same.
// mlc, user 16290
--
I love my employer, but they recently started doing xyz, which really pisses me off. Since I have no real grievence procedure, and not xyz isn't written down anywhere but has been a kind of informal agreement I knew they could break at any time, what ever can I do?
An answer (not always the answer) to these sorts of questions may be to form a union. I know, I know, /. types (and tech types in general) often think unions are some kind of big evil thing that is just out to beat you up, make money off you, and/or force you to go on strike. However, unions are specifically designed to give employees power with their employers. A democratically-run union (and I know that some aren't, but many are) can be the solution to the problem discussed in this issue of Ask /., as well as many others.
// mlc, user 16290
--
Indeed. This summer, I'm working for AmeriCorps and the Oakland Public Schools and one of the things we're doing is installing these NICs into all of the elementary schools. The ones we're putting in are slightly different, as they have all their system software one a CD-ROM rather than loading it by NFS, but they're otherwise the same thing. They're pretty nifty -- they can browse the web (Netscape 4.7), do word processing (AbiWord) storing files on a central server by Samba, and even have a few games. They're being donated by Oracle, but even if the school district were to buy them, they'd be able to get a lot more NICs at $200 than PCs at $1000, and the NICs do nearly everything that most people would want to do with a computer.
// mlc, user 16290
--
Only problem is, from the website, it's too big to replace the conventional UPS that most places have. It has to be put underground, and it stores 2kWh of energy.
// mlc, user 16290
--
I don't think sidewalk-spraying is a terrible crime, and I would probably get over it if it were made legal (as long as individuals got the same freedom as corporations.) However, my point is that if society has decided that sidewalk-painting is illegal, then the given punishment is clearly far less of deterrent to a corporation than an individual and is therefore unjust as it makes it "easier" for corporations to break the law. It doesn't make sense to me that corporations (or rich people, for that matter) should have more rights than the rest of us simply because the punishment meted out upon them de facto has a lesser effect due to their great ability to pay.
I'm not going to get into a whole corporations-are-not-people rant here, but look up AdBusters or the Student Alliance to Reform Corporations or any one of a large number of other organizations if you'd like to see one.
// mlc, user 16290
--
Some sneaker company (I forget which one) did a similar thing a couple years ago where they spraypainted ~ 200 ads on the sidewalk. Of course this was found to be illegal and they were forced to pay to clean it up. However, the cost of cleanup was more than an order of magnitude less than it would have cost them to buy 200 payphone ads or whatever! They prefigured in legal penalties as simply a cost of doing the campaign, and still decided it would be cost-effective to violate the law!
Clearly, stiffer penalties are needed when corporations violate the law -- the fines that are sufficient when individuals do bad things are peanuts to large corporations such as IBM.
(And, you'll have a hard time getting me to believe that IBM is about peace or love. Please! The co-opting of '60s imagery is disgusting in and of itself.)
// mlc, user 16290
--
As someone who was in the courtoom, I didn't see the problem of lack of respect that you describe. Sometimes transcripts are not entirely able to convey what was going on.
// mlc, user 16290
--
There is no court reporter official transcript for the 2nd Circuit Court of Appeals. (Really! Try calling them up and trying to get a transcript. You can't do it. You can only get an audio recording. As it says on the page, this is an unofficial transcript made by an EFF volunteer, OCR'd in by cryptome. So, there was a mistake in the volunteer transcription or the OCR. People are providing a free service, give them a little leeway!
// mlc, user 16290
--
Certainly! It's important to note that the judges gave both sides a lot of extra time. I don't think we can interpret this to show how they'll decide, but I think it does show that the judges are willing to take this case seriously, and not just one of the string of sometimes-silly cases that they take every week. (The first case that morning was some woman who appeared to already have the thing she was suing for.)
// mlc, user 16290
--
Cache-control: private is probably the best solution, as it lets the browser cache the page but tells the proxy not to. Not sure if this always works or not, though.
// mlc, user 16290
--
The reviewer cannot reasonably be expected to help you if you don't bother to read his review fully.
// mlc, user 16290
--
"Standard" union dues are 2.6% of your salary. So, if they could negotiate a 10% raise for you, you'd still come up ahead of the game.
// mlc, user 16290
--
Yes, but then the problem becomes that many individuals of [visible minority] do not have that type of drug and they are then held up simply for their racial/ethnic/whatever status. Hardly seems like they kind of society I'd like to live in.
// mlc, user 16290
--
My school has a number of online journal subscriptions accessible to anyone on the campus subnet (or authenticated to their proxy), including many of the ACS journals. Yes, this is full-text and complete. Indeed, one can often find journals online through this service that they don't even have in paper form in the physical library.
// mlc, user 16290
--
Certainly there are useful reasons. For example, I've got PHP and MySQL on my personal machine, whereas the standard university servers that I have access to do not. I was thus able to develop and demo a web application for a volunteer cause, show it to them, and make changes before obtaining the permanent box (outside of the university) that it'll run on.
// mlc, user 16290
--
I fear the day when this poster's "painfully obvious" statement comes true and distributions are afraid to ship the kernel, because parts of it are in assembly. I await the day (soon, hopefully) when distros can ship with a DVD player program which has some ASM optimizations so that it can work on a system that mere mortals can own.
// mlc, user 16290
--
No, it's becasue our tax laws are so obfuscated that you need to either hire an accountant or buy the advice of one (via TurboTax or whatever) in order that you don't pay more taxes than you might be able to get away with otherwise.
// mlc, user 16290
--
I live in NYC. The closest PO to me is open till 6, there is one a little farther away open until 8, and the big huge postoffice by Penn Station is open 24 hours.
// mlc, user 16290
--
Right. He was indeed questioned, as the article you link to points out. I heard him speak a H2K this summer, and he said that the government had dropped all criminal charges. I'm fairly confident that I would've heard about it if he'd been tried or convicted of anything.
// mlc, user 16290