No you won't. The only way to get modded down in this discussion is to profess to be a follower of a religion (in particular Catholic).
In all the years spent as an Atheist (really more agnostic, at least while intoxicated), never had any problems BECAUSE of my non-beliefs...
I find it humorous to listen to people bitch about being persecuted for being atheist. Why? Most of the time that "persecution" revolves around the fact that someone at some point have the NERVE to say they followed some religion and maybe ask if they did or had heard of it. That's not persecution that's conversation. Tell'm to shutup and they typically will. Other complaints about persecution revolve around those fundies of all religions (be they Krishna's or whatever) who seem determined to bug them at airport/subway or ring the bell on weekends with junk. Annoying? Yes. Persecution no.
There is little, if no, persecution for being an atheist in the USA. Think I'm wrong? Prove it. Show me the facts and figures where people are losing their jobs, houses or being treated like second-class citizens because they don't profess some faith.
I see a crap load more persecution these days of anyone who professes some sort of faith, be it Wiccan, Christian, Moslem or whatever, than I see of atheists. Maybe it's just because I've lived places where Christians and the like would get eaten for lunch.
BTW Whadda want to bet this winds up at a -1 Flamebait because I dared to not to the party line...
> Personally, I think the laws should be written (interpreted?) as > being "a fine against the owner of the vehicle for allowing it to > be used to run a red light."
There are sooo many holes in this... So I leave my car in the shop and the mechanic takes it out for a test test drive and speeds...now I'm responsible? Car is stolen.. (but you say, there'd be exceptions for that, sure but what kind of redtape would you have to wade through to get it?) Valet at your local eating establishment gets a bit crazy with your beamer parking it... again, your responsible?.
To take your example, your buddy doesn't just speed in the the car, but does in excess of 100MPH (the limit in my area), which means jail time+loss of license+classes...your saying that the cops coming to haul you off because your car was "caught" is kosher?
> But owning and operating a car is a privilege, not a right
Actually incorrect. Operating a car on public roads (requiring a license) is a privilege. Owning a car requires no privileges, ditto for operating a car on non-public roads
This is a pretty big deal since it's pretty tough to figure out what's going on on computer controlled engines otherwise.
This is a bigger deal because it means that people publishing the codes will no longer face the prospect of being sued for posting it and means that, in this case at least, the auto makers (with pressure from congress) decided that public good out weighed copyright law.
Re:Why do people use ximian?
on
Inside Ximian
·
· Score: 2
> In any case, I agree that upgrading the distribution after a Ximian > install is harder than it should be. Unfortunately I think the > problem transcends Ximian alone. If you install any third party > package that overlaps with what Red Hat provides, there is a distinct chance of clashes
I totally agree, it's not any diff with any other distro I've used. I think that until it's gets as easy to create and use some distro's package format as opposed to tar.gz that won't change:-( Some day in the future when "everybody" packages source in source.superpackageformat that will get easier, but I don't know if I'll live that long:-)
>If I gave the impression that I thought apt-get was difficult, I apologize
No need, my Debian experience is limited to servers (with no GUI so I can't really comment, since It's not really a "end users" enviroment). For "newbies" I'd agree that Ximian and the like are much more friendly (when they work:-) )
Re:Why do people use ximian?
on
Inside Ximian
·
· Score: 2
To Moderate or post...oh what the hell.
>>.... And if you install it then your >>installation seems to be not quite compatible >>with a standard gnome install.
> What's not compatible? I've never had issues running either > binaries or source I've compiled myself, and I've been running > Ximian since they were Helix.
I think what the orig poster may have been talking about is what happens when you Install Ximian and then try to use anything *other* than Redcarpet to update...up2date doesn't play well with Ximian packages, and it makes upgrading your distro a PITA (first have to force rpm to remove all the Ximian packages, then upgrade, then reinstall Ximian...and hope it works).
I'd disagree with you on the apt-get being hard comment, but I don't use debian on desktops.
"Yes, but *they* have the right to distribute it."
Your point being? (sorry, not trying to troll, but I don't see what your point is, granted I write specific apps for specific customers that would be pretty hard to give away without giving away business logic that they would rather not give away)
"Hey, why not use the 90% figure that ESR quotes in CatB? I severely doubt you have facts to back that up. My guess is that includes "software" such as web pages, scripts[...]"
my quote came from "Occupational Outlook Handbook" (1994 edition, your library should have a newer copy). Look under "Computer Programmer". 2nd from last paragraph (soft cover edition of my 1994 copy) where they talk about job break down. I have no clue where ESR got his figures from, but I *do* know where my came from, and while I don't know where the OOLH got them from, I'd be surprised if they just made them up.
"don't exactly see how you can try to have an intelligent discussion with regards to the software industry if you are unfamiliar with the industry. Perhaps you could enlighten me on that?"
I find it quite amusing you recycle the same "you don't understand" Argument anytime some points out the errors in your arguments. How about a cluepon, try and debate on the facts, not "you disagree so you can't understand" cyclical arguments.
"Apparently you also don't know how to read, as you misquoted me when I said exactly that."
Nope, no misquote, you were bitching about the effect of the GPL on university research, my response was to point out that University research should be disconnected from corporate control. You pointedly say that there has to be a balance between corporate sponsorship and university research. I pointed out that there should be no balance; the two should not be connected.
"Now they could extend your GPLed software, incorporate these new ideas and then re-release everything to the world as required"
Nope, step away from polishing the beamer, and put down the ASP.NET book for a second and actually read the GPL. They are only required to release it if they distribute it. Granted that could be construed, as splitting hairs in this case, but you really need to understand that point. If I use GPL'd code to create internal code for one of my clients, I am under NO obligation to release it unless I distribute it.
"On the other side, if the software had been released under the BSD. You, and everybody else would have access to the basic software [...]"
Yup, but unfortunately, the second M$ or Smith or anyone else decides they want to make a version that is incompatible with the rest of the world and distribute it they can and, if they have the push of a monopoly (like M$), they can (and will) in fact co-opt the de-facto standard set by the orig BSD licensed software. Suddenly the BSD version of the product loses much of it's value because in order to continue to work with the rest of the software world, other companies (who were until now on a level playing field, with everyone having access to the code) have to invest in R&D to enable their versions of the software to work with the new "extended" version This duplication of R&D hardly makes economic sense. In case you miss the math here, that means that everyone has to invest in R&D not to make the software/product better, but just to keep up with the monopolist. This is in fact what happened with Krb. In that case, the OSS community (and a few others I might add) did the R&D necessary to enable interoperation with the "extended" version of Krb. The same is happening (somewhat) with WINE. The WINE license has changed because of this.
With the GPL or LGPL, or PAL (or a host of other Free as in Speech licenses) if the monopolist wants to extend the orig software they are *free* to do so, but they cannot use the extension to create an artificial barrier to the rest of the software community.
"[...][With the GPL you can't extend] it with their new cool idea, and then sell this on the market and recoup their R&D"
I really like this comment Sheldon. The problem is you fail to understand (despite the fact you seem to write M$ software for a living) that you can still sell and distribute the software under the GPL, you just can't use the extensions to block your competition. Under the GPL you must make the extensions or additions available for the rest of the world to see, and if they wish, use. The average lifespan (on the shelf) for shrink-wrap software is less than 18 months. (source: an ACM article from two years ago, I'll be happy to try and dig it up if you don't have a subscription to find it). Even given the raw patches to the source, you are *not* going to move from source to market before the first company recoups thier cost, unless they have a very slow turnaround. With the GPL you can still recoup your R&D costs and make your profit, since you don't have to release your changes UNTIL you distribute (open beta, or actually ship).
"The GPL really just acts as an anti-corporate license, that's it. Exactly how this is better for the economy at large is questionable."
How is the GPL an anti-corporate license? Quickie question, where is 80% of the software in the U.S written and why... time up. Internal corporate apps. That's right, it's not large shrink wrap companies that write most of the software in use in your Fortune 500, it's the grunts in-house writing reporting software, or POS code, or a million other apps that write most of the code that the corporate world uses. The only corporations that the GPL could hurt would be the patent lawyers and certain monoplistic companies that think that proprietary file formats and hidden API's are somehow "fair" to the rest of the world.
"The fundamental flaw in your argument is your belief that somehow tax dollars just magically exist. They don't. Tax dollars exist solely because of there are companies in this country who are paying employees to do work for them. Without the companies, no tax dollars."
Your mistake is assuming that the majority of those are software companies making money from selling proprietary software.
"So by trying to discourage corporate investment, you are only hurting university research"
You miss the boat here. University research is not (in most cases) and should not be driven by corporations. Universities are not a extension to Microsoft Research or Oracle R&D. University research is academic, not corporate. With the exception of the ITT's of the world, Universities are not job training schools. Neither should my tax dollars (nor any of my clients) be used to develop software they will have to buy down the road.
I found your proprietary shrink-wrap software point of view interesting to say the least.
This is one topic I've studied a bit (I did a comparision of the OSS db's a few months back (http://mordikyn.com)
1. Sap-DB is GPL with one restriction. If you are a current Sap Customer, forget using Sap-DB (GPL edition) the license forbids it (actually it's more complicated than that, but that's what it boils down to)
2. Horrible install. (a pretty good story about installing SAP that I've pointed out before http://groups.yahoo.com/group/sapdb-general/messag e/909). The install instructions at sap (http://www.sapdb.org/develop/dev_linux.htm) are incorrect (and have been so for a long freakin time).
3. No Dev enviroment. Same thing that (to a lesser degree) holds people back from some of the other OSS databases. Mysql, PGSQL, Interbase all have some sort of dev enviroment avaliable. And no the WebDB/WebSQL interface don't constitute a dev enviroment.
4. Crappy (but getting much better) doc's.
5. Lack of third party support. I think the PHP support is now sorta there (I see mentions of it, but I also see mentions of probs with it). Until it becomes as common for app support as Pgsql or MySQL..
6. Lack of Admin tools. Gimme an admin tool as good as any of the many Mysql Interfaces, or the PGadmin tool or MMC for MSSQL.
"It's amazing to me how many people in the open source community continually try to force mySQL into doing jobs it's clearly not up to"
It's amazing to me how often people who make this sort of comment miss the boat so to speak. People stick with MySQL as opposed to switching to PostgreSQL, SapDB,Firebird and the like for the same reason that VB programmers tend to stick with VB, the same reason that Susie Homeuser has stuck with Windows all these years. It has very very little to do with mySQL being "better" than the others. People stick with Mysql because it's quick to learn, easy to setup and reasonably scalable for many applications. People are staying with mySQL because they are comfortable with it, it's already installed and they know how to use it.
Want people to switch to PostgreSQL or (Heaven forbid) *SapDB, then give Joe Admin or Derek Programmer a UI to them that works like Mysql, then make them as easy to install/backup/restore as Mysql.
At the risk of being labled a troll, realize that mySQL will continue to be the OSS DB of choice for the hoards so long as it continues to be the quickest, easiest way to setup a (semi) RDBMS.
*SapDB is a (IMHO) a pile of steaming speghetti code that I would not wish on my worst enemy. Try taking a look at the code (www.sapdb.org) or if you lazy, just read some of the messages on the SapDB Yahoo group (http://groups.yahoo.com/group/sapdb-general/messa ge/909) for instance.
But it was *not* where Comp Sci was first developed into a discpline...to quote you..."look it up". Hint: take a look at Stanford's comp sci history...or shit, just google for it.
I do. and I agree with at least one of your points (the NSF one). But my point was really to point out that people need to *think* about what the so called "experts" (did you know that Spafford once said that taking a lead pipe to somones knees was worse than hacking thier systems (he was referring to Bank and the like I would add in all fairness) but I still find that amazing. Again though. my point was really not to diss Spafford, but rather to get people to ask if the people telling them the sky is falling (or that the 'Net the end to all human suffering (not that the Spaz has said that), and consider what they are saying and critically evaluate it.
I'm sorry, but how can I take a "study" seriously when there not even citations of sources.
Spafford is the master at soundbytes, but I'm still not convienced he knows what he's talking about.
We could talk about the scare tactic scenario (page 4) he presents about 50% of the phones going down along with the internet (ok, anyone with half a cluepon, tell me how "the internet" can go down...portions of it yet (we saw it effectively "down" on 911) but it's pretty well impossible to take down the public 'net unless you nuked the entire planet. Ditto for the phone systems (even the legandary Blotto Box (assuming it would work) could only take down a NPA.)) but suspending reality for a moment and living in the the Spaff's world....
His basic math does not add up (another poster has already pointed this out already) and does not agree with the data avaliable (talking about his virii numbers). even the virii whores at Mcafee don't claim there are new worms/virii ever 75-90 mins (page 4.2)
Consider such statments he makes, such as...
"[...] on average over 1 million each year from computer misuses and computer crime [lost each year]. Worldwide, as much as 1 trillion may be lost in downtime and damages each year. Not only is poor security costing us real money, it is also harming our national competiveness."
The FBI study is not cited only mentioned. The numbers he mentions are not backed up with facts, neither are there facts to back up the "national competiveness" loss he cites (surely it's not because our economy is in the tanker no?).
He goes on to say that only "100 (maybe 60)". people in higher Ed have training in Security (as he defines it I might add). But again, no facts to back that up, only conjecture.
I loved the paragraph. "As best I as I can tell, the total amount of money available this most recent fiscal year for *basic* research in information security was about $2 million (through the National Science Foundation); a great dealof the money is being spent on acquisition and development of technology for security, but rather that is money spent on extentions of known methods rather than basic reasearch"
Ok, from a basic logical thinking point of view...either the 2 mill was avaliable for basic research or not (he says both, he says at the begining it is, but then says that most of the money was spent on "extentions of known methods")
after this he goes on to say that comp sci as a discpline was created at Purdue (where he works).
Finally for some WorldCom quotes... "The amount of traffic that we see on the backbones of the networks has been doubling ever 90 to 120 days" That's pretty much a direct quote from some of the FUD that the WorldCom guys were pitching back in 99-2000.
He goes on to bitch about people intering the Comp Sec field without a degree and tries to pitch those folks as having no real level of depth or expertise. I can only point out that the great and powerful Spaff has been personally hacked by those selfsame people....
My point being in this that you gentle reader, need to take Spafford with a very large grain. Always ask for the proof.
If you wish to learn more about spafford simply browse some of his old Usenet posts. in particular you may find such threads as "CERT as told by Spafford" entertaining. Spafford used to be one of the honchos that kept general security info from the hands of the unwashed masses....
You can also read his "the sky is falling" report to the Whitehouse a few years ago, again it makes interesting reading.
Mark this as a troll if you must, but don't accept every blind statment by somone with a PHD as gospel.
Re:Now begins the hardest part...
on
Ogg Vorbis 1.0
·
· Score: 2
> We can hope (and prey for the religeous among us)
Contrary to popular belief on/. and some of the popular media, the Religious amoung you really don't prey on you, we might however (depending on one's ethos) Pray for you...
I submitted a story about this,but as usual... rejected in record time (2 minutes). Nice to know that staplers are more important than one of the best and brightest blowing his brains out at 25... but I digress......
My point there being that we (in this case Debian users) are pretty much being forced for either jump ship or *trust* a fix that neither we the users, nor the Debian team can verify does what is intended. I'm pretty sure that Theo knows what he's doing, but, I'll not upgrade at "gunpoint" because a vendor won't give me any idea as to what's up. I'm not asking for exploit code, but a decent "this is what's wrong and here's what we are doing to fix it" would go a long way...
Read the announce ment. (Again to quote from the Debian security list)
"Theo de Raadt announced that the OpenBSD team is working with ISS on a remote exploit for OpenSSH"
I believe the part of ISS (and them being a large security vendor) pretty much validates the claim about "We won't tell you what the problem is, unless you're a big distributor."
I love SSH. It's been installed on my boxen (regardless of OS) since it was stable enough to kill off telnet. My problem with both the announcement as well as the patch is thus.
1. Theo nor any of the posters I've seen are willing to tell us what the hell is broken. Only that we must upgrade. That just don't cut it, I won't blindly patch without an idea of what is broken. The Debian security release summed it up best.
"Theo de Raadt announced that the OpenBSD team is working with ISS on a remote exploit for OpenSSH (a free implementation of the Secure SHell protocol). They are refusing to provide any details on the vulnerability but instead are advising everyone to upgrade to the latest release, version 3.3.
This version was released 3 days ago and introduced a new feature to reduce the effect of exploits in the network handling code called privilege separation. Unfortunately this release has a few known problems: compression does not work on all operating systems since the code relies on specific mmap features, and the PAM support has not been completed. There may be other problems as well."
2. Sudden, lack of belief in Full disclosure. Am I the only guy who remembers the days before full disclosure? The OpenBSD Security policy ( http://www.openbsd.org/security.html ) is pretty point blank (to quote) "we believe in full disclosure of security problems. In the operating system arena, we were probably the first to embrace the concept. Many vendors, even of free software, still try to hide issues from their users" I think posting a "fix" (ok, workaround) and not telling anyone *why* they should use it is "try[ing] to hide issues from their users"
I'll be firing up R.A.T.S and checking out LSH ( http://www.net.lut.ac.uk/psst/ ) (GNU'd SSH2ish) for my needs from here own out.
and yes, this needs a rant tag and yes I know the OSSH and OBSD teams are seperate, but they share enough philosophy and team members that I gather they have the same opinion on security.
Slashdot Mirror
> I'll most likely be modded as flame bait
No you won't. The only way to get modded down in this discussion is to profess to be a follower of a religion (in particular Catholic).
In all the years spent as an Atheist (really more agnostic, at least while intoxicated), never had any problems BECAUSE of my non-beliefs...
I find it humorous to listen to people bitch about being persecuted for being atheist. Why? Most of the time that "persecution" revolves around the fact that someone at some point have the NERVE to say they followed some religion and maybe ask if they did or had heard of it. That's not persecution that's conversation. Tell'm to shutup and they typically will. Other complaints about persecution revolve around those fundies of all religions (be they Krishna's or whatever) who seem determined to bug them at airport/subway or ring the bell on weekends with junk. Annoying? Yes. Persecution no.
There is little, if no, persecution for being an atheist in the USA. Think I'm wrong? Prove it. Show me the facts and figures where people are losing their jobs, houses or being treated like second-class citizens because they don't profess some faith.
I see a crap load more persecution these days of anyone who professes some sort of faith, be it Wiccan, Christian, Moslem or whatever, than I see of atheists. Maybe it's just because I've lived places where Christians and the like would get eaten for lunch.
BTW Whadda want to bet this winds up at a -1 Flamebait because I dared to not to the party line...
> No I will NOT post my personal website on slashdot... I'm not about > to get a huge bandwidth bill because of you guys!)
:-)
Chicken.
A few corrections.
...your saying that the cops coming to haul you off because your car was "caught" is kosher?
> Personally, I think the laws should be written (interpreted?) as
> being "a fine against the owner of the vehicle for allowing it to
> be used to run a red light."
There are sooo many holes in this... So I leave my car in the shop and the mechanic takes it out for a test test drive and speeds...now I'm responsible? Car is stolen.. (but you say, there'd be exceptions for that, sure but what kind of redtape would you have to wade through to get it?) Valet at your local eating establishment gets a bit crazy with your beamer parking it... again, your responsible?.
To take your example, your buddy doesn't just speed in the the car, but does in excess of 100MPH (the limit in my area), which means jail time+loss of license+classes
> But owning and operating a car is a privilege, not a right
Actually incorrect. Operating a car on public roads (requiring a license) is a privilege. Owning a car requires no privileges, ditto for operating a car on non-public roads
May I ask what the hell this has to do with the Automakers making Diagnostic codes avaliable?
This is a pretty big deal since it's pretty tough to figure out what's going on on computer controlled engines otherwise.
This is a bigger deal because it means that people publishing the codes will no longer face the prospect of being sued for posting it and means that, in this case at least, the auto makers (with pressure from congress) decided that public good out weighed copyright law.
> In any case, I agree that upgrading the distribution after a Ximian
:-( Some day in the future when "everybody" packages source in source.superpackageformat that will get easier, but I don't know if I'll live that long :-)
:-) )
> install is harder than it should be. Unfortunately I think the
> problem transcends Ximian alone. If you install any third party
> package that overlaps with what Red Hat provides, there is a distinct chance of clashes
I totally agree, it's not any diff with any other distro I've used. I think that until it's gets as easy to create and use some distro's package format as opposed to tar.gz that won't change
>If I gave the impression that I thought apt-get was difficult, I apologize
No need, my Debian experience is limited to servers (with no GUI so I can't really comment, since It's not really a "end users" enviroment). For "newbies" I'd agree that Ximian and the like are much more friendly (when they work
To Moderate or post...oh what the hell.
>>.... And if you install it then your
>>installation seems to be not quite compatible
>>with a standard gnome install.
> What's not compatible? I've never had issues running either
> binaries or source I've compiled myself, and I've been running
> Ximian since they were Helix.
I think what the orig poster may have been talking about is what happens when you Install Ximian and then try to use anything *other* than Redcarpet to update...up2date doesn't play well with Ximian packages, and it makes upgrading your distro a PITA (first have to force rpm to remove all the Ximian packages, then upgrade, then reinstall Ximian...and hope it works).
I'd disagree with you on the apt-get being hard comment, but I don't use debian on desktops.
Why am I reminded of the saying
"You can't shake hands with the devil and say you were only kidding"
dunno....maybe it's just me
"Yes, but *they* have the right to distribute it."
Your point being? (sorry, not trying to troll, but I don't see what your point is, granted I write specific apps for specific customers that would be pretty hard to give away without giving away business logic that they would rather not give away)
"Hey, why not use the 90% figure that ESR quotes in CatB? I severely doubt you have facts to back that up. My guess is that includes "software" such as web pages, scripts[...]"
my quote came from "Occupational Outlook Handbook" (1994 edition, your library should have a newer copy). Look under "Computer Programmer". 2nd from last paragraph (soft cover edition of my 1994 copy) where they talk about job break down. I have no clue where ESR got his figures from, but I *do* know where my came from, and while I don't know where the OOLH got them from, I'd be surprised if they just made them up.
"don't exactly see how you can try to have an intelligent discussion with regards to the software industry if you are unfamiliar with the industry. Perhaps you could enlighten me on that?"
I find it quite amusing you recycle the same "you don't understand"
Argument anytime some points out the errors in your arguments. How about a cluepon, try and debate on the facts, not "you disagree so you can't understand" cyclical arguments.
"Apparently you also don't know how to read, as you misquoted me when I said exactly that."
Nope, no misquote, you were bitching about the effect of the GPL on university research, my response was to point out that University research should be disconnected from corporate control. You pointedly say that there has to be a balance between corporate sponsorship and university research. I pointed out that there should be no balance; the two should not be connected.
"It is impolite to imply Sheldon read ASP.NET book and write M$ software. If you don't like his arguments, please don't try to insult your opponent ;)"
I did not imply, I read his web page. Do the same sodablue.org IIRC. He's pretty up front about it.
"Do you have an example of succesfull company, selling GPLed or LGPLed software? Or at least profitable company?"
Redhat, NuSphere, IBM, Mandrake (although the've gone both ways, being profitable and unprofitable), shall I go on?
I won't reply to the stawman argument you present last, it's not worth it.
A few points.
"Now they could extend your GPLed software, incorporate these new ideas and then re-release everything to the world as required"
Nope, step away from polishing the beamer, and put down the ASP.NET book for a second and actually read the GPL. They are only required to release it if they distribute it. Granted that could be construed, as splitting hairs in this case, but you really need to understand that point. If I use GPL'd code to create internal code for one of my clients, I am under NO obligation to release it unless I distribute it.
"On the other side, if the software had been released under the BSD. You, and everybody else would have access to the basic software [...]"
Yup, but unfortunately, the second M$ or Smith or anyone else decides they want to make a version that is incompatible with the rest of the world and distribute it they can and, if they have the push of a monopoly (like M$), they can (and will) in fact co-opt the de-facto standard set by the orig BSD licensed software. Suddenly the BSD version of the product loses much of it's value because in order to continue to work with the rest of the software world, other companies (who were until now on a level playing field, with everyone having access to the code) have to invest in R&D to enable their versions of the software to work with the new "extended" version This duplication of R&D hardly makes economic sense. In case you miss the math here, that means that everyone has to invest in R&D not to make the software/product better, but just to keep up with the monopolist. This is in fact what happened with Krb. In that case, the OSS community (and a few others I might add) did the R&D necessary to enable interoperation with the "extended" version of Krb. The same is happening (somewhat) with WINE. The WINE license has changed because of this.
With the GPL or LGPL, or PAL (or a host of other Free as in Speech licenses) if the monopolist wants to extend the orig software they are *free* to do so, but they cannot use the extension to create an artificial barrier to the rest of the software community.
"[...][With the GPL you can't extend] it with their new cool idea, and then sell this on the market and recoup their R&D"
I really like this comment Sheldon. The problem is you fail to understand (despite the fact you seem to write M$ software for a living) that you can still sell and distribute the software under the GPL, you just can't use the extensions to block your competition. Under the GPL you must make the extensions or additions available for the rest of the world to see, and if they wish, use. The average lifespan (on the shelf) for shrink-wrap software is less than 18 months. (source: an ACM article from two years ago, I'll be happy to try and dig it up if you don't have a subscription to find it). Even given the raw patches to the source, you are *not* going to move from source to market before the first company recoups thier cost, unless they have a very slow turnaround.
With the GPL you can still recoup your R&D costs and make your profit, since you don't have to release your changes UNTIL you distribute (open beta, or actually ship).
"The GPL really just acts as an anti-corporate license, that's it. Exactly how this is better for the economy at large is questionable."
How is the GPL an anti-corporate license? Quickie question, where is 80% of the software in the U.S written and why... time up. Internal corporate apps. That's right, it's not large shrink wrap companies that write most of the software in use in your Fortune 500, it's the grunts in-house writing reporting software, or POS code, or a million other apps that write most of the code that the corporate world uses. The only corporations that the GPL could hurt would be the patent lawyers and certain monoplistic companies that think that proprietary file formats and hidden API's are somehow "fair" to the rest of the world.
"The fundamental flaw in your argument is your belief that somehow tax dollars just magically exist. They don't. Tax dollars exist solely because of there are companies in this country who are paying employees to do work for them. Without the companies, no tax dollars."
Your mistake is assuming that the majority of those are software companies making money from selling proprietary software.
"So by trying to discourage corporate investment, you are only hurting university research"
You miss the boat here. University research is not (in most cases) and should not be driven by corporations. Universities are not a extension to Microsoft Research or Oracle R&D. University research is academic, not corporate. With the exception of the ITT's of the world, Universities are not job training schools. Neither should my tax dollars (nor any of my clients) be used to develop software they will have to buy down the road.
I found your proprietary shrink-wrap software point of view interesting to say the least.
This is one topic I've studied a bit (I did a comparision of the OSS db's a few months back (http://mordikyn.com)
g e/909). The install instructions at sap (http://www.sapdb.org/develop/dev_linux.htm) are incorrect (and have been so for a long freakin time).
1. Sap-DB is GPL with one restriction. If you are a current Sap Customer, forget using Sap-DB (GPL edition) the license forbids it (actually it's more complicated than that, but that's what it boils down to)
2. Horrible install. (a pretty good story about installing SAP that I've pointed out before http://groups.yahoo.com/group/sapdb-general/messa
3. No Dev enviroment. Same thing that (to a lesser degree) holds people back from some of the other OSS databases. Mysql, PGSQL, Interbase all have some sort of dev enviroment avaliable.
And no the WebDB/WebSQL interface don't constitute a dev enviroment.
4. Crappy (but getting much better) doc's.
5. Lack of third party support. I think the PHP support is now sorta there (I see mentions of it, but I also see mentions of probs with it). Until it becomes as common for app support as Pgsql or MySQL..
6. Lack of Admin tools. Gimme an admin tool as good as any of the many Mysql Interfaces, or the PGadmin tool or MMC for MSSQL.
"It's amazing to me how many people in the open source community continually try to force mySQL into doing jobs it's clearly not up to"
a ge/909) for instance.
It's amazing to me how often people who make this sort of comment miss the boat so to speak. People stick with MySQL as opposed to switching to PostgreSQL, SapDB,Firebird and the like for the same reason that VB programmers tend to stick with VB, the same reason that Susie Homeuser has stuck with Windows all these years. It has very very little to do with mySQL being "better" than the others. People stick with Mysql because it's quick to learn, easy to setup and reasonably scalable for many applications. People are staying with mySQL because they are comfortable with it, it's already installed and they know how to use it.
Want people to switch to PostgreSQL or (Heaven forbid) *SapDB, then give Joe Admin or Derek Programmer a UI to them that works like Mysql, then make them as easy to install/backup/restore as Mysql.
At the risk of being labled a troll, realize that mySQL will continue to be the OSS DB of choice for the hoards so long as it continues to be the quickest, easiest way to setup a (semi) RDBMS.
*SapDB is a (IMHO) a pile of steaming speghetti code that I would not wish on my worst enemy. Try taking a look at the code (www.sapdb.org) or if you lazy, just read some of the messages on the SapDB Yahoo group (http://groups.yahoo.com/group/sapdb-general/mess
Sid package is also on incominig.debian.org or you can grab it from3 86.deb
http://mordikyn.dynu.com/openssl_0.9.6e-1_i
But it was *not* where Comp Sci was first developed into a discpline...to quote you..."look it up". Hint: take a look at Stanford's comp sci history...or shit, just google for it.
"not that anyone read the AC."
I do. and I agree with at least one of your points (the NSF one). But my point was really to point out that people need to *think* about what the so called "experts" (did you know that Spafford once said that taking a lead pipe to somones knees was worse than hacking thier systems (he was referring to Bank and the like I would add in all fairness) but I still find that amazing. Again though. my point was really not to diss Spafford, but rather to get people to ask if the people telling them the sky is falling (or that the 'Net the end to all human suffering (not that the Spaz has said that), and consider what they are saying and critically evaluate it.
I'm sorry, but how can I take a "study" seriously when there not even citations of sources.
Spafford is the master at soundbytes, but I'm still not convienced he knows what he's talking about.
We could talk about the scare tactic scenario (page 4) he presents about 50% of the phones going down along with the internet (ok, anyone with half a cluepon, tell me how "the internet" can go down...portions of it yet (we saw it effectively "down" on 911) but it's pretty well impossible to take down the public 'net unless you nuked the entire planet. Ditto for the phone systems (even the legandary Blotto Box (assuming it would work) could only take down a NPA.)) but suspending reality for a moment and living in the the Spaff's world....
His basic math does not add up (another poster has already pointed this out already) and does not agree with the data avaliable (talking about his virii numbers). even the virii whores at Mcafee don't claim there are new worms/virii ever 75-90 mins (page 4.2)
Consider such statments he makes, such as...
"[...] on average over 1 million each year from computer misuses and computer crime [lost each year]. Worldwide, as much as 1 trillion may be lost in downtime and damages each year. Not only is poor security costing us real money, it is also harming our national competiveness."
The FBI study is not cited only mentioned. The numbers he mentions are not backed up with facts, neither are there facts to back up the "national competiveness" loss he cites (surely it's not because our economy is in the tanker no?).
He goes on to say that only "100 (maybe 60)". people in higher Ed have training in Security (as he defines it I might add). But again, no facts to back that up, only conjecture.
I loved the paragraph.
"As best I as I can tell, the total amount of money available this most recent fiscal year for *basic* research in information security was about $2 million (through the National Science Foundation); a great dealof the money is being spent on acquisition and development of technology for security, but rather that is money spent on extentions of known methods rather than basic reasearch"
Ok, from a basic logical thinking point of view...either the 2 mill was avaliable for basic research or not (he says both, he says at the begining it is, but then says that most of the money was spent on "extentions of known methods")
after this he goes on to say that comp sci as a discpline was created at Purdue (where he works).
Finally for some WorldCom quotes...
"The amount of traffic that we see on the backbones of the networks has been doubling ever 90 to 120 days" That's pretty much a direct quote from some of the FUD that the WorldCom guys were pitching back in 99-2000.
He goes on to bitch about people intering the Comp Sec field without a degree and tries to pitch those folks as having no real level of depth or expertise. I can only point out that the great and powerful Spaff has been personally hacked by those selfsame people....
My point being in this that you gentle reader, need to take Spafford with a very large grain. Always ask for the proof.
If you wish to learn more about spafford simply browse some of his old Usenet posts.
in particular you may find such threads as "CERT as told by Spafford" entertaining. Spafford used to be one of the honchos that kept general security info from the hands of the unwashed masses....
You can also read his "the sky is falling" report to the Whitehouse a few years ago, again it makes interesting reading.
Mark this as a troll if you must, but don't accept every blind statment by somone with a PHD as gospel.
> We can hope (and prey for the religeous among us)
/. and some of the popular media, the Religious amoung you really don't prey on you, we might however (depending on one's ethos) Pray for you...
Contrary to popular belief on
I submitted a story about this,but as usual...
rejected in record time (2 minutes). Nice to know
that staplers are more important than one of the
best and brightest blowing his brains out at 25...
but I digress......
Instead we're asked to apply a untested upgrade? sorry, I don't buy it.
My point there being that we (in this case Debian users) are pretty much being forced for either jump ship or *trust* a fix that neither we the users, nor the Debian team can verify does what is intended. I'm pretty sure that Theo knows what he's doing, but, I'll not upgrade at "gunpoint" because a vendor won't give me any idea as to what's up. I'm not asking for exploit code, but a decent "this is what's wrong and here's what we are doing to fix it" would go a long way...
Flamebait?
I *really* fail to see how this is flamebait... For that I would (IMHO) had to add in a few comments like *BSD is dead (not as far as I can tell)....
Read the announce ment. (Again to quote from the Debian security list)
"Theo de Raadt announced that the OpenBSD team is working with ISS
on a remote exploit for OpenSSH"
I believe the part of ISS (and them being a large security vendor) pretty much validates the claim about
"We won't tell you what the problem is, unless you're a big distributor."
LSH (http://www.net.lut.ac.uk/psst/)
I love SSH. It's been installed on my boxen (regardless of OS) since it was stable enough to kill off telnet.
My problem with both the announcement as well as the patch is thus.
1. Theo nor any of the posters I've seen are willing to tell us what the hell is broken. Only that we must upgrade. That just don't cut it, I won't blindly patch without an idea of what is broken. The Debian security release summed it up best.
"Theo de Raadt announced that the OpenBSD team is working with ISS
on a remote exploit for OpenSSH (a free implementation of the
Secure SHell protocol). They are refusing to provide any details on
the vulnerability but instead are advising everyone to upgrade to
the latest release, version 3.3.
This version was released 3 days ago and introduced a new feature
to reduce the effect of exploits in the network handling code
called privilege separation. Unfortunately this release has a few
known problems: compression does not work on all operating systems
since the code relies on specific mmap features, and the PAM
support has not been completed. There may be other problems as
well."
2. Sudden, lack of belief in Full disclosure. Am I the only guy who remembers the days before full disclosure? The OpenBSD Security policy ( http://www.openbsd.org/security.html ) is pretty point blank (to quote)
"we believe in full disclosure of security problems. In the operating system arena, we were probably the first to embrace the concept. Many vendors, even of free software, still try to hide issues from their users"
I think posting a "fix" (ok, workaround) and not telling anyone *why* they should use it is "try[ing] to hide issues from their users"
I'll be firing up R.A.T.S and checking out LSH ( http://www.net.lut.ac.uk/psst/ ) (GNU'd SSH2ish) for my needs from here own out.
and yes, this needs a rant tag and yes I know the OSSH and OBSD teams are seperate, but they share enough philosophy and team members that I gather they have the same opinion on security.