The only thing to remember is that the Meridian phones are proprietary crap. So you can't just plug them into asterisk, but rather you'll have to plug your asterisk server between the phone lines that come from the phone company and your PBX.
Then, expand your system by either buying some Sipura 2000 boxes and regular telephones, or some IP phones.
What Apache options should be changed? If you have good ideas, you should tell the maintainers. Do a rpm -qa apache2, and e-mail both Oden and me (jmdault), so we can improve the package.
Eventually, Stallman is going to ask us to call it Gnu/OpenBSD;-)
Re:Unfortunately the SHA series seems to be suspec
on
SHA-1 Broken
·
· Score: 1
I said *append* the time to the SHA1.
Before: hash + zero-lenght string After: hash + sequential number
Sequential number is less predictable than the zero-length string;-)
Re:Unfortunately the SHA series seems to be suspec
on
SHA-1 Broken
·
· Score: 1
The problem with using SHA-1 for IDs is that you have a (very minimal) chance of collision: two users could have the same ID.
To get around this, append the time as a hexstring to the hash.
In php: $id=$hash.dechex(time());
This way, you would need to get a collision at the exact same second of creation of the ID, which is nearly impossible.
Re:Broken, but not for everything...
on
SHA-1 Broken
·
· Score: 2, Interesting
Even if the NSA could do it in a week...
Suppose you're signing a tar.gz file. If the NSA could find a collision, the collision will still need to fit: - filesize has to stay the same - you don't want to get errors with gzip - you don't want to get errors with tar - the files in the archive needs to make sense
What's the probability of all this happening?
Broken, but not for everything...
on
SHA-1 Broken
·
· Score: 4, Insightful
One collision in 2**69 operations... that's quite minimal...
Sure, for signatures, it means that you can't trust the algorithm 100% anymore.
But for storing passwords, and other operations where collisions are not important, it doesn't matter much, even if there's another password that can generate the same hash, you still need to brute-force it.
I used to run an ISP, built everything from source, but eventually it got to the point where it was un-manageable.
You end up with different versions, different compile options, upgrades are a mess, and it's hard to support.
Another problem is filesystem pollution. When you do your "make install", it's hard to track what files are installed, and when you upgrade to a new version, you can't be sure it's clean, since you might have configuration files or binaries anywhere on your system.
So, one day, I started to make RPM packages of stuff I needed, and modified existing RPMS, and sent all the patches to the community.
What happened is that Mandrake accepted all my packages, so all I had to do was to install the standard distro, and all I needed was there.
And eventually, I made so many packages that they hired me;-)
But even if I wouldn't work for Mandrake, I'm still sold on RPMs. You have a clean SPEC file that contains the pristine source code, plus the patches, and basically all the instructions to build the stuff. You can specify the requirements, you can easily rebuild on another machine, uninstall the old stuff, or upgrade, with a single rpm command.
This offers protection, for women, specially, but it also gives a nice way to get rid of telemarketers.
The telephone is at my girlfriend's name, "N.", so they have no way of knowing if it's "Mister" or "Mrs". And my girlfriend has a name different than me.
When a telemarketer calls for "Mister" with her last name, there's 99.999% it's a telemarketer.
So I say "He's in the bathroom, hold on a second", I press the "flash" buttonm, then I hang up.
Telemarketers don't call back, because the phone number is dialed for them by a computer from a list, so they get the next one in the phone book.
For this, I always keep in my wallet the business cards of insurance salespeople, telemarketing companies, or other people who have been very persistant in trying to sell me something.
Then I give then a card, saying "Here, take my information, and *please* register me for your catalogs";-)
I didn't know if this should be modded as troll or as funny. But it's so far away from my reality that I couldn't help but reply.
I'm 32 with short hair, don't drink Mountain Dew because here in Canada it doesn't have caffeine, I live with my girlfriend and 1 year old baby, and I write GPL/BSD code and get paid for it.
But you got it right on the lack of sleep part. I think *this* is the lowest common denominator of Linux users;-)
Watch out! Things aren't that simple, and you might get into troubles.
I live in Canada myself, and had major problems with the government because I started my business while unemployed.
OK, in some cases, you can get grants from the government, but to get these grants take as much time as finding a job or customers. You'll be required to write a business plan, present that plan to a board of advisors who might steal your idea, or, if they're not interested, will shuffle you from government agency to government agency.
But the major thing to check is that you *must* continue to be available 40 hours a week to search for a job, and you must be able to *prove* it.
In my case, I had to refund part of my benefits because of this.
But in the end, I managed to get a grant, and some financing, by using the "roundtable" trick.
If you have an office, announce a pre-opening, and invite every government people you can get.
When they're all at the same table, they cannot tell you to go see such and such person, because they're here. So you get everyone working together.
Re:[Slightly OT] QuickTime in your browser
on
MandrakeSoft Roundup
·
· Score: 2, Interesting
Xine can play Quicktime, but if you need support for the new trailers, you need the Qdesign sound codec, and that requires the win32 quicktime codecs.
But thanks for the link, I'll try that, since it looks very nice. There's a Mandrake RPM for it in the contribs.
Re:PCLinuxOS - Mandrake done right
on
MandrakeSoft Roundup
·
· Score: 4, Insightful
Do you know how they do it, both technically and legally?
Quicktime can run under wine, but not all versions, and it's not that stable.
On the legal side, you can't redistribute Quicktime on a download side, you can only put it on CD, if you agree to put the Windows executable in untouched binary form, and have a distribution agreement.
Even with Mplayer, you can't view most Quicktime videos without the win32 codecs, and they can't be splitted legally from the windows executable.
Maybe they have found another way. If true, I'd like to know, otherwise, I'd have some concerns over the legality of their distro...
JM, I don't know if you are idealistic or just a bit uninformed, but if you want to work for free, you could easily do so on your own instead of pulling down an entire company and its investors.
I may be *a bit* idealistic and I do not possess, nor pretend, to have all the knowledge in the world. But I know this: - Mandrakesoft has built a business model on stuff they get for free from other people, under the knowledge that they must allow redistribution of their improvements. That's their choice, and so far, they have been committed to that choice (releasing ISOs, GPL'ing their installer and tools, etc). - What they get in return is the opportunity to sell additional products and services around that. Over the last 3 years, I have helped Mandrake in many areas: e-commerce, consulting, packaging of both GPL and proprietary applications, technical proofreading of the Corporate Server 1.0, I even *walked* a from our headquarters to the UPS office a couple of blocks away with a cart containing 100 Mandrake boxes so customers would get their products in time. Now I spend days and nights on Apache and PHP so we have a solid server product to sell customers. My work is maybe a drop of water in the sea of profitability, but I did help generate some revenue, and I continue doing that.
However, I still think the ISOs should be released to the general public in a timely fashion. Even freeloaders will one day need support, manuals, commercial apps, training, they will need a box to give for christmas, they will want to wear a Mandrake Linux T-Shirt, a cap, they will want to vote for their favorite apps, will want Mandrake Online, support, or perhaps their company will want to sponsor the development of a feature. All this == $$$, which will help make the company profitable, and return a nice investment for the shareholders.
If they don't need any of that, then they don't need MandrakeSoft, and probably would have never paid for a boxed set. However, if they download the product for free, and like it, they may recommend it to someone else who would need this stuff instead of buying the products of a proprietary company.
[Quoting Deno] - ISOs aren't released to general public until packs are in the shop. This is almost certainly going to happen, because we have no choice anymore.
See my previous post about me suggesting this to Management and having it rejected for the reasons above.
- Club members get set of CDs or DVD with complete distribution for $30, and ahead of the crowd. This means burning CDs and/or DVDs in house as soon as we have finished the distribution, and sending them to you as soon as we have burned them.
I have pushed for this for more than two years now, so whenever it happens, IT'S ABOUT TIME!
- Club members get ISOs from our servers ahead of the crowd. This depends on two questions: 1) can we do it, i.e. can we put enough servers on this work to keep the download time reasonably short? 2) what will our marketing say about this.
Again, I have pushed for that, and whenever it happens, IT'S ABOUT TIME;-)
In conclusion: there is a big difference between giving priviledged access to the Club Members, and not releasing at all the ISOs. As well, there have been numerous discussions on that topic, but as far as I know, no formal decision has been taken.
> "The parent post is complete B.S." > That post was based on a "legitimate" post of Deno's.
Can you please post the exact URL?
>However, assuming JM is more in the know than >Deno (or more influential)
I don't say I'm more in the know or more influentual, but I haven't seen, read or heard about any policy of not releasing ISOs to the general public.
One thing to note is that, last year, I was really mad because Cheapbytes and others were selling cheap burned Mandrake copies before we even had the time to receive our boxes. I suggested to our CEO to wait a couple of weeks before releasing the ISOs, and that suggestion was declined. The argument: the more people download the ISOs, the more people will come to the Club, and buy additional services.
So I'm not against you, just stating that your post is not accurate.
>The GPL only specifies the source be available >to those who are distributed binaries.
Of course, but "if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have."
This means that there's nothing stopping any mirror from re-distributing the ISOs. If there is a demand for it, there will be, no matter Mandrakesoft's decision.
> And giving members priority as in servers and time was definitely discussed with Deno to the tone that "that is definitely something we will be aiming towards."
I discussed this fact with Deno as well, and even volunteered myself to help.
> There really is a need to give those who pay a priority. For instance, why can people download, for free, a release over a MONTH before it is available in stores?
I totally agree with you on this, and I agree that Club members should have priority. However, I do believe the ISOs should be available to the general public, but not, as you say "not until the first RC of the next distro is out". A couple of weeks is okay, not 6 months.
> I hate to inform you that you are on the wrong side.
I am on the same side as you, just not as extremist as you, that's the difference.
Apache 1.3 is still present, but it's in the Contribs (separate download or extra CD in PowerPack).
What's more, you can install *both* versions, and with a simple command (advxrun1.3 or advxrun2.0), change from one to the other.
PHP 4.3.1 has been tested a lot, and we fixed most major bugs. I use it on production on several servers, and I find it more stable than the 4.2 series.
Slashdot Mirror
So, when do we start testing every politician?
It's doable, and not that hard.
The only thing to remember is that the Meridian phones are proprietary crap. So you can't just plug them into asterisk, but rather you'll have to
plug your asterisk server between the phone lines that come from the phone company and your PBX.
Then, expand your system by either buying some Sipura 2000 boxes and regular telephones, or some IP phones.
What Apache options should be changed? If you have good ideas, you should tell the maintainers. Do a rpm -qa apache2, and e-mail both Oden and me (jmdault), so we can improve the package.
Eventually, Stallman is going to ask us to call it Gnu/OpenBSD ;-)
I said *append* the time to the SHA1.
;-)
Before:
hash + zero-lenght string
After:
hash + sequential number
Sequential number is less predictable than the zero-length string
The problem with using SHA-1 for IDs is that you have a (very minimal) chance of collision: two users could have the same ID.
To get around this, append the time as a hexstring to the hash.
In php:
$id=$hash.dechex(time());
This way, you would need to get a collision at the exact same second of creation of the ID, which is nearly impossible.
Even if the NSA could do it in a week...
Suppose you're signing a tar.gz file. If the NSA could find a collision, the collision will still need to fit:
- filesize has to stay the same
- you don't want to get errors with gzip
- you don't want to get errors with tar
- the files in the archive needs to make sense
What's the probability of all this happening?
One collision in 2**69 operations... that's quite minimal...
Sure, for signatures, it means that you can't trust the algorithm 100% anymore.
But for storing passwords, and other operations where collisions are not important, it doesn't matter much, even if there's another password that can generate the same hash, you still need to brute-force it.
I used to run an ISP, built everything from source, but eventually it got to the point where it was un-manageable.
;-)
You end up with different versions, different compile options, upgrades are a mess, and it's hard to support.
Another problem is filesystem pollution. When you do your "make install", it's hard to track what files are installed, and when you upgrade to a new version, you can't be sure it's clean, since you might have configuration files or binaries anywhere on your system.
So, one day, I started to make RPM packages of stuff I needed, and modified existing RPMS, and sent all the patches to the community.
What happened is that Mandrake accepted all my packages, so all I had to do was to install the standard distro, and all I needed was there.
And eventually, I made so many packages that they hired me
But even if I wouldn't work for Mandrake, I'm still sold on RPMs. You have a clean SPEC file that contains the pristine source code, plus the patches, and basically all the instructions to build the stuff. You can specify the requirements, you can easily rebuild on another machine, uninstall the old stuff, or upgrade, with a single rpm command.
You can put only your initial.
This offers protection, for women, specially, but it also gives a nice way to get rid of telemarketers.
The telephone is at my girlfriend's name, "N.", so they have no way of knowing if it's "Mister" or "Mrs". And my girlfriend has a name different than me.
When a telemarketer calls for "Mister" with her last name, there's 99.999% it's a telemarketer.
So I say "He's in the bathroom, hold on a second", I press the "flash" buttonm, then I hang up.
Telemarketers don't call back, because the phone number is dialed for them by a computer from a list, so they get the next one in the phone book.
For this, I always keep in my wallet the business cards of insurance salespeople, telemarketing companies, or other people who have been very persistant in trying to sell me something.
;-)
Then I give then a card, saying "Here, take my information, and *please* register me for your catalogs"
I didn't know if this should be modded as troll or as funny. But it's so far away from my reality that I couldn't help but reply.
;-)
I'm 32 with short hair, don't drink Mountain Dew because here in Canada it doesn't have caffeine, I live with my girlfriend and 1 year old baby, and I write GPL/BSD code and get paid for it.
But you got it right on the lack of sleep part.
I think *this* is the lowest common denominator of Linux users
Watch out! Things aren't that simple, and you might get into troubles.
I live in Canada myself, and had major problems with the government because I started my business while unemployed.
OK, in some cases, you can get grants from the government, but to get these grants take as much time as finding a job or customers. You'll be required to write a business plan, present that plan to a board of advisors who might steal your idea, or, if they're not interested, will shuffle you from government agency to government agency.
But the major thing to check is that you *must* continue to be available 40 hours a week to search for a job, and you must be able to *prove* it.
In my case, I had to refund part of my benefits because of this.
But in the end, I managed to get a grant, and some financing, by using the "roundtable" trick.
If you have an office, announce a pre-opening, and invite every government people you can get.
When they're all at the same table, they cannot tell you to go see such and such person, because they're here. So you get everyone working together.
Xine can play Quicktime, but if you need support for the new trailers, you need the Qdesign sound codec, and that requires the win32 quicktime codecs.
But thanks for the link, I'll try that, since it looks very nice. There's a Mandrake RPM for it in the contribs.
Do you know how they do it, both technically and legally?
Quicktime can run under wine, but not all versions, and it's not that stable.
On the legal side, you can't redistribute Quicktime on a download side, you can only put it on CD, if you agree to put the Windows executable in untouched binary form, and have a distribution agreement.
Even with Mplayer, you can't view most Quicktime videos without the win32 codecs, and they can't be splitted legally from the windows executable.
Maybe they have found another way. If true, I'd like to know, otherwise, I'd have some concerns over the legality of their distro...
For 9.2, there was one ad in the installer (DrWeb anti-virus).
After install, if you look very carefully, you'll see a link to Safari Online (computer books) in your bookmarks and startup browser page.
Definitely non-intrusive, and it helps a bit to pay the developers.
[Sorry, I hit Submit instead of Preview]
;-)
According to Netcraft, there are almost 100,000 web servers running Mandrake (look for Apache-AdvancedExtranetServer).
I thought their target market was educational users and the desktop...
Think again
According to , there are almost 100,000 web servers running Mandrake (look for Apache-AdvancedExtranetServer).
;-)
I thought their target market was educational users and the desktop...
Think again
JM, I don't know if you are idealistic or just a bit uninformed, but if you want to work for free, you could easily do so on your own instead of pulling down an entire company and its investors.
;-)
I may be *a bit* idealistic and I do not possess, nor pretend, to have all the knowledge in the world. But I know this:
- Mandrakesoft has built a business model on stuff they get for free from other people, under the knowledge that they must allow redistribution of their improvements. That's their choice, and so far, they have been committed to that choice (releasing ISOs, GPL'ing their installer and tools, etc).
- What they get in return is the opportunity to sell additional products and services around that. Over the last 3 years, I have helped Mandrake in many areas: e-commerce, consulting, packaging of both GPL and proprietary applications, technical proofreading of the Corporate Server 1.0, I even *walked* a from our headquarters to the UPS office a couple of blocks away with a cart containing 100 Mandrake boxes so customers would get their products in time. Now I spend days and nights on Apache and PHP so we have a solid server product to sell customers. My work is maybe a drop of water in the sea of profitability, but I did help generate some revenue, and I continue doing that.
However, I still think the ISOs should be released to the general public in a timely fashion. Even freeloaders will one day need support, manuals, commercial apps, training, they will need a box to give for christmas, they will want to wear a Mandrake Linux T-Shirt, a cap, they will want to vote for their favorite apps, will want Mandrake Online, support, or perhaps their company will want to sponsor the development of a feature. All this == $$$, which will help make the company profitable, and return a nice investment for the shareholders.
If they don't need any of that, then they don't need MandrakeSoft, and probably would have never paid for a boxed set. However, if they download the product for free, and like it, they may recommend it to someone else who would need this stuff instead of buying the products of a proprietary company.
[Quoting Deno]
- ISOs aren't released to general public until packs are in the shop. This is almost certainly going to happen, because we have no choice anymore.
See my previous post about me suggesting this to Management and having it rejected for the reasons above.
- Club members get set of CDs or DVD with complete distribution for $30, and ahead of the crowd. This means burning CDs and/or DVDs in house as soon as we have finished the distribution, and sending them to you as soon as we have burned them.
I have pushed for this for more than two years now, so whenever it happens, IT'S ABOUT TIME!
- Club members get ISOs from our servers ahead of the crowd. This depends on two questions:
1) can we do it, i.e. can we put enough servers on this work to keep the download time reasonably short?
2) what will our marketing say about this.
Again, I have pushed for that, and whenever it happens, IT'S ABOUT TIME
In conclusion: there is a big difference between giving priviledged access to the Club Members, and not releasing at all the ISOs. As well, there have been numerous discussions on that topic, but as far as I know, no formal decision has been taken.
> "The parent post is complete B.S."
> That post was based on a "legitimate" post of Deno's.
Can you please post the exact URL?
>However, assuming JM is more in the know than >Deno (or more influential)
I don't say I'm more in the know or more influentual, but I haven't seen, read or heard about any policy of not releasing ISOs to the general public.
One thing to note is that, last year, I was really mad because Cheapbytes and others were selling cheap burned Mandrake copies before we even had the time to receive our boxes. I suggested to our CEO to wait a couple of weeks before releasing the ISOs, and that suggestion was declined. The argument: the more people download the ISOs, the more people will come to the Club, and buy additional services.
So I'm not against you, just stating that your post is not accurate.
>The GPL only specifies the source be available >to those who are distributed binaries.
Of course, but "if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have."
This means that there's nothing stopping any mirror from re-distributing the ISOs. If there is a demand for it, there will be, no matter Mandrakesoft's decision.
> And giving members priority as in servers and time was definitely discussed with Deno to the tone that "that is definitely something we will be aiming towards."
I discussed this fact with Deno as well, and even volunteered myself to help.
> There really is a need to give those who pay a priority. For instance, why can people download, for free, a release over a MONTH before it is available in stores?
I totally agree with you on this, and I agree that Club members should have priority. However, I do believe the ISOs should be available to the general public, but not, as you say "not until the first RC of the next distro is out". A couple of weeks is okay, not 6 months.
> I hate to inform you that you are on the wrong side.
I am on the same side as you, just not as extremist as you, that's the difference.
The parent post is complete B.S.
Yes, the Club Members will have a more complete list of mirrors, possibly including Club-Only mirrors.
But as far as I know (and I am a Mandrake employee, so I should know), Mandrake Linux 9.1 will be available for everyone on public mirrors.
Don't forget that it's 100% open-source, most of the stuff is GPL, so it has to be distributable by everyone.
That said, I strongly suggest our users become members of the Club, it's the best way to support our work.
Apache 1.3 is still present, but it's in the Contribs (separate download or extra CD in PowerPack).
What's more, you can install *both* versions, and with a simple command (advxrun1.3 or advxrun2.0), change from one to the other.
PHP 4.3.1 has been tested a lot, and we fixed most major bugs. I use it on production on several servers, and I find it more stable than the 4.2 series.
Even worse, the latest news is from 1999...
Concrete proof noone's putting in the efforts...
Mergers are good for competition
That's good for a giant cubicle farm, or warehouse, but this won't work in other setups without repeaters.
This will become expensive.