[...] Clever names that don't give a clue as to the nature of the program don't enhance the software. [...]
Apple -> System Update
Microsoft -> Automatic Update
Open Source Community -> apt-get
Nice troll... I suppose that you never took the time to use Ubuntu or any other Linux distribution running Gnome.
The name of the program that you use for performing a given task does not matter much, except if you want to run it from the command line. But most users will access these programs from the menu. So what do I see on my desktop? In the sub-menu "Administration", I see an entry "Synaptic Package Manager". If I leave the mouse pointer for one second over this menu entry, I see the description "Install, remove and upgrade software packages". This is easy to understand, and this is what the users care about.
If you want to run programs from the command line, then you may be interested in knowing that the package manager is called "synaptic". To compare this with Windows, you would have to know that the control panel is called "control.exe" and know the name of the specific control panel applet that you want to start. This is not very different.
A day after re-reading this essay on unmaintainable code, I was hit by a nice example of what is described as "Code That Masquerades As Comments and Vice Versa" in the chapter "Camouflage". Here is the code (sorry for the missing indentation - blame Slashdot):
<%
String submit = request.getParameter("submit"); // if (submit == null) { ///* if the user did not confirm, go to the exit page */ // %><jsp:forward page="./SomeExitPage.jsp"/><% // }
do.something(useful);
%>
Guess what? The scope of the "//" comments is probably not what you expect. I have written a blog entry about this funny case.
you can just browse through the discussions around the times when Robin posted something on the developers lists (check mail-archive for search, or manual browse through the old XCF lists).
Browsing through these archives is not so easy, given their limited search features. But anyway, as I was (unfortunately) involved in some of these discussions, I can confirm that the story is very different from what is presented on the CinePaint home page. My opinion may be biased in this case, but I think that it is unfair to blame the GIMP developers for the CinePaint fork (or more exactly, for the lack of a merge between Film Gimp and GIMP).
Maybe from the CinePaint home page, as mentioned in the AC comment below? Quoted from that comment:
Also, this statement on the CinePaint home page is just a (bad) joke: "Later the film industry was told no, that GIMP wasn't interested in meeting the film industry's requirements because it wasn't what existing GIMP users cared about."
This statement is indeed present on the CinePaint home page: section "Where CinePaint Came From", middle of third paragraph. If the CinePaint home page propagates this rumor, then it is not surprising that people think that this is how it happened.
If you think that GIMP is looking old, perhaps you should really consider to replace that old copy of GIMP 1.2 you are using.
Yes, also I think that the grandparent poster should have a look at the latest stable version (2.2.9) or even take a look at the development version that contains many interesting improvements.
You are right about the attacks on the user environment and the fact that phishers have easier targets to play with (for the moment, at least). However, the problems in SSLv2 are not only in the weak encryption algorithms used, but also in the protocol itself. Basically, SSLv2 allows a man-in-the-middle attack, in which an attacker could fool both parties during the connection setup and therefore get everything in clear text without having to perform a brute force attack on the encrypted content.
It may be possible to combine this weakness of SSLv2 with various DNS poisoning attacks. This would allow an attacker to masquerade as the real web site while getting a copy of the passwords, account numbers used, etc. Of course it takes a bit more effort to set up such an SSL proxy and to perform the DNS attacks, but the results may be worth the effort. Especially if the current phishing tactics become increasingly inefficient due to the various anti-phishing solutions implemented in the newer browsers. With this kind of attack, the users would not even know that their confidential data has been stolen.
Even the official rules start with "VOID WHERE PROHIBITED".
I assume that the Mozilla guys are not sure about the legal status of such a contest in countries other than US, Canada and members of the EU. They probably limit the contest to those countries to cover their own backs.
This isn't to say that their DRM code isn't destructive crapware. You appear to have simply confused the names of the different evil components.
Well, the grandparent poster confused them and I should have been more careful in my reply. Also, some reports appear to be contradictory about whether or not the rootkit part is disabled or completely removed. On the F-Secure weblog, they write that the hiding part of the rootkit (the aries.sys) is removed by the update. I suppose that I should believe them, but the information available from various sources is a bit confusing and I do not want to cripple my own system by installing that rootkit+DRM and checking what is left after I run the "service pack". I hope that this whole mess will be clearer in a couple of days and that some reliable information will be available from other places than just some blogs and their comments.
Anyway, the grandparent was hoping that the software that cripples your system (the daemon that checks what programs are running and modifies your CD driver) would be removed after the update. This is clearly not the case. It appears that the programs that consume resources and may break your system if you attempt to uninstall them are part of the DRM system, not part of the additional rootkit.
Re:Interesting Questions About The Sony Service Pa
on
Slashback: DRM, MPAA, ADSL
·
· Score: 2, Informative
1. The service pack "removes" the rootkit software.
No, it doesn't. It just makes the files visible again, but leaves everything in place. It just removes the opportunity for virus writers to hide files by naming them $sys$foo. So you could consider that it removes the most dangerous part of the rootkit, but it still cripples your system (scanning active processes periodically) and cannot be uninstalled easily.
2. If you only install the service pack once, then presumably there must be a service/daemon running to detect the insertion of future corrupt CDs to stop the rootkit being installed. In which case, the service pack will need to use continual PC resources to be constantly running.
It does not have to do that, as the original DRM software ("rootkit") is still in place. That one consumes resources already, so there is no need to consume even more resources with another daemon. As the DRM software is still running, re-inserting the CD will not change anything because the software will detect that it is already installed. The only difference is that the files are visible instead of being hidden.
3. If the format of the corrupt CDs is such that the rootkit needed to be in place to allow three rips of the CD to be made, what happens once the rootkit is disabled? Can you no longer exercise your fair usage rights to rip the CD for personal use?
This is irrelevant, as they do not uninstall the DRM software. So it still counts the number of copies that you make. If you have already made your three copies before applying the "service pack", then you will have none left afterwards. Guess why they do not make it easy to uninstall the software?
Also related, and a bit more on-topic for this story, is the law passed two years later requiring all of the country's 1,300 FM radio stations to play at least 40 percent French songs.
Even France has admited already that English is the lingua franca[1] of the EU bureaucracy.
Yes, that's probably why France passed a law ten years ago requiring all documentation related to conferences held in France to be written in French and only optionally translated to other languages, including if all speakers and participants in the conference speak English and if only a few of them are French or understand French. Depending on who organizes the conference, it may also be required to provide translations in French during the presentations, if the presentations are in English or some other language.
Doxygen is a good tool for many languages. It works best for C++, but it also has some limited support for PHP, which is in your list of requirements. There is also a fork of Doxygen called DoxyS. It generates prettier output for C++ but may not support the other languages as well as Doxygen. Another tool inspired by Javadoc is PHPDoc for PHP code. However, it does not seem to be actively developed anymore.
For plain C code, I prefer gtk-doc, which generates better output than Doxygen (IMHO, and for C only). You can see an example of the gtk-doc output by browsing the GTK+ API documentation.
Since you also mention Visual Basic, you could have a look at VBDOX. I haven't tried it myself so I don't know if it works well. There are some screenshots on their site, so maybe you should have a look and decide if you like the results.
My employer blocks access to the coral cache and to some other public proxies that can be used as anonymizers.
Then perhaps you shouldn't be reading slashdot on company time.
My employer doesn't mind people reading slashdot as long as it is only a few minutes per day. However, they do mind when some employees use anonymizers to secretly download gigabytes of porn using the company's bandwidth or use them to perform other kinds of online activities that are not business-related.
I don't like these filters that prevent me from accessing some sites. However, they are a lesser evil and they reduce the potential abuses of the resources offered by the company. It is possible (and even relatively easy) to bypass them, but at least this extra step makes people think twice about whether they really want to access some blocked sites.
Makes the site admins happy, makes the readers happy.
That may make some readers happy, but not all of them. My employer blocks access to the coral cache and to some other public proxies that can be used as anonymizers. If all links were automatically coralized, reading slashdot would become painful because I would have to edit every link in order to be able to view it, including links to sites that are not slashdotted. So for those who have similar "no anonymizers" policies at work or at school, the problem would be worse than it is currently because all links would be blocked, not just a few.
Keep in mind that most "big" sites linked from Slashdot do want direct links to them, so that they can benefit from their ads, etc. So linking unconditionally to a cached version would not make everybody happy, even if it would certainly help many smaller sites that can be badly hurt by slashdot..
What would be great is to include both links (original and coralized) for every link included in an article. Just like logged in users can choose in their preferences to display the domain name next to each link posted in a comment, it could be possible to hide the "(cache)" links that would appear by default next to each link on the home page. With this solution, it would be trivial for readers to switch to the cache if a site gets slashdotted.
Thus typists were taught to use caps lock for something like three or more capitalised letters in a row.
How often does that happen? In the last millenium, some texts had headlines typed in all caps. But nowadays, any word processor allows you to define a style for all your headlines and among the options you can select "all caps". Even HTML+CSS2 allows you to do that. So why would a typist have to use caps lock? Except for some trademarks or acronyms that can appear in the middle of a text, there is little need today to type more than a few capitalized letters in a text. I don't think that the caps lock key deserves the valuable space that it takes on our keyboards.
[...] you never hear people telling the victims of Theives that they should have had three deadbolts on the door [...]
It depends on where you live. In some cities/countries/parts of the world, you are expected to have three deadbolts on the door, or some other security features. Otherwise you end up paying very high insurance fees.
Thieves get serious jailtime and the police work to find them and they are considered the only ones to blame. In the PC realm, hackers go largely uncaught and unpersued by the athorities, and the user gets told its their fault.
There is one thing that you forgot to mention in your analogy: collateral damage. If a thief breaks into your house and steals stuff, then you may have lost something but your neighbors should still be relatively safe. But with the Internet, if some cracker breaks into your PC and adds it to his botnet, your PC will soon be inflicting significant damage on your neighbors. Although the cracker is the one to blame for starting it, the lack of security on your PC will have contributed to the collateral damage.
Let's take another analogy and replace thieves with fire: let's imagine that because it is cheaper or easier, you decide to build your house using highly flamable materials. You live in a densely populated area and several of your neighbors decide to build their houses from highgly flamable materials for the same reasons (or some company starts selling prefab houses made of flamable materials and even gets a near-monopoly on that). Now comes a pyromaniac who sets your house on fire. Bad luck, in a few hours the whole city is destroyed or damaged. Now do you really think that the only one who will be blamed is the one who started the fire? I expect that some people will also complain about the damage caused indirectly by their neighbors.
You could think about other analogies in the same vein, for example if houses could be built easily without solid foundations and if they could start falling down on each other like dominoes. I expect that some people would not be happy to have their neighbor's house falling on their own house, regardless of who pushed the first domino.
I'm waiting for a project like Familiar and/or GPE (famous for their iPAQ system) to port their stuff to the device
That should not be necessary. I am a big fan of Familiar and GPE, having installed them on several iPAQs. You will recognize that Maemo and GPE have a lot of things in common such as GTK+, Matchbox and many other parts of their respective platforms (check the Maemo SDK for more info about the platform).
With Maemo, Nokia has done a great job in polishing the user interface and cleaning up several libraries. I don't think that replacing it with GPE would make much sense, as it would be a step backwards. On the other hand, I think that both projects can benefit from each other.
Encrypt the local files with a random symmetric key, encrypt the key with a public key and present it to the user. The user has to email the encrypted symmetric key to the virus writer for decryption.
Minor variation to make things even worse: keep on generating random symetric keys every few seconds and encrypt them with the public key. This ensures that someone who manages to dump the memory while the worm is running has no chance to find the key that was used for encrypting some previous files. This also reduces the opportunities for a brute force attack on the symetric key (we have a large amount of known plain text in this case). Sending dozens or even hundreds of these encrypted keys by e-mail should not be a big deal.
Also, it may be better (or worse, if you take the right point of view) to give a set of public keys to the worm, instead of a single one. This ensures that if one public/private key pair is compromised through brute force (on the key or on its owner), there would still be other opportunities for extorsion.
Things are likely to get more interesting now that some moron has started to use this extorsion technique (even if he did not do it in the "right" way).
The fine mentioned by the EU is up to 5% of Microsoft's worldwide sales (the absolute maximum according to EU law is 10%). As they currently make about 100 million a day, that translates to about 5 million. I expect that more than 5% of their worldwide sales come from the EU, so they probably make more than 5 million a day in Europe.
On the curiosity side, would someone care to outline exactly what it is the EU is demanding that MSFT do to 'comply'?
This is mentioned briefly in the article. Compliance requires basically two things: distribute Windows without the Media Player and document the API or protocols used in some server products so that competitors can create products that can talk to Microsoft's products.
Personally, I am more interested in the second requirement as it could be beneficial to Linux and free/open source software. I also heard that the EU is not happy with the way Microsoft handled that part (restrictive licensing for the documentation) so there is hope that they will force Microsoft to be more open.
BTW, patents are kind of designed to stifle competition... why else would they exist? They give the patent holder rights to something and time to attempt to make money off the ideas. That is kind of the definition of stifling competition.
The idea of patents sounds nice in theory but does not work well in practice, especially for software patents. In exchange of publication of a new, non-obvious solution to a problem, the patent gives the inventor a temporary monopoly, protecting him/her against blatant copying by others. That's the theory.
However, it can easily be shown that for most of the software patents granted today, the threshold for novelty and inventive step are much too low, for claims that are much too broad. As a result, there is a lot of independent innovation that ends up being threatened because someone else happened to have filed a patent application for something similar a few months earlier.
Besides, with all the hypocracy over copyrights - you MUST obey the GPL copyright agreement but MUST NOT obey the RIAA/MPAA/Software copyright agreements - pretty much most of the F/OSS folks aren't worth the time to talk to about it.
This looks very much like a troll, but I will bite anyway: personally, I try to respect copyrights. This applies for the GPL as well as for the works that are protected by the RIAA, MPAA and others (i.e., movies, music, software, etc.).
If I disagree with the inflated prices of some items, then I just ignore them instead of trying to get an illegal copy. However, I disagree with the RIAA, MPAA and others when the methods that they use for protecting their copyrights interfere with my fair use rights. If I have purchased a CD or DVD, I want to be able to enjoy its contents on any of the devices that I own and I also want to be sure that I will be able to enjoy these contents in the future. So I prefer to buy CDs and DVDs that are not crippled by some annoying copy protection mechanism. I also buy some copy-protected things from time to time when the contents are worth it (so I'm not a zealot), but I tend to avoid them whenever I can. Not because I want to copy them but because I want to be able to listen to music, watch movies and use programs without having to get around the copy protection mechanism.
If you would pay a bit more attention to the people who post here, you would find that there are some people who respect copyrights without being hypocrites. This applies to the GPL as well as other things.
They do. 20:15 | 2003 Jun 02 17:45:00 | Mars Express. This was rated as a success although Beagle 2 failed, just like several other missions that sent data or images back even if they sent less than planned due to a malfunction in one of the instruments or probes.
The MIME type for SVG is "image/svg+xml" (always). And the extension for gzip compressed SVG files is ".svgz". And gzip is the only compression type which the spec allows for.
In this case, I think that the SVG spec is incomplete. It should have mentioned that serving gzipped SVG over HTTP should use "Content-Type: image/svg+xml" and also "Content-Encoding: gzip". See section 14.11 in RFC 2616 (HTTP/1.1) for details. While the information about the MIME type is correct and is not affected by the compression used, the information about encoding should have been mentioned in the spec.
The problem with the SVG image linked here is that the server is sending the compressed SVG file without specifying the Content-Encoding. Because of that, most browsers will not be able to read the file. That's why they recommend using Opera 8 for viewing it. I suppose that Opera 8 uses file sniffing as a fallback method and is able to detect that the file has been gzipped (just like most browsers can open a JPEG file even if it was sent with the MIME type image/gif).
Sun did exactly this type of dual-licensing with OpenOffice and there's a lot of code, which wasn't contributed back to OOo.
The OOo case is a bit different because it uses the SISSL, not the CDDL. I vaguely remember that there were some problems with a previous version of the SISSL that kept people from using it. I'm not sure, though.
[...] So he could license his drivers under a less restrictive and problematic BSD-style license.
Less restrictive, yes. Less problematic, no. Both Sun and the GPL proponents are avoiding BSD-style licenses because they allow unscrupulous developers to grab the code and not give anything back. Even in the OOo case that you mentioned, the code for all modifications is still available. These modifications may not be re-licensed under the SISSL, but at least it is possible for anybody to look at how things were done and eventually re-implement that code if it is really useful. That would not have been possible with a BSD-style license.
Slashdot Mirror
Nice troll... I suppose that you never took the time to use Ubuntu or any other Linux distribution running Gnome.
The name of the program that you use for performing a given task does not matter much, except if you want to run it from the command line. But most users will access these programs from the menu. So what do I see on my desktop? In the sub-menu "Administration", I see an entry "Synaptic Package Manager". If I leave the mouse pointer for one second over this menu entry, I see the description "Install, remove and upgrade software packages". This is easy to understand, and this is what the users care about.
If you want to run programs from the command line, then you may be interested in knowing that the package manager is called "synaptic". To compare this with Windows, you would have to know that the control panel is called "control.exe" and know the name of the specific control panel applet that you want to start. This is not very different.
A day after re-reading this essay on unmaintainable code, I was hit by a nice example of what is described as "Code That Masquerades As Comments and Vice Versa" in the chapter "Camouflage". Here is the code (sorry for the missing indentation - blame Slashdot):
Guess what? The scope of the "//" comments is probably not what you expect. I have written a blog entry about this funny case.
Browsing through these archives is not so easy, given their limited search features. But anyway, as I was (unfortunately) involved in some of these discussions, I can confirm that the story is very different from what is presented on the CinePaint home page. My opinion may be biased in this case, but I think that it is unfair to blame the GIMP developers for the CinePaint fork (or more exactly, for the lack of a merge between Film Gimp and GIMP).
Maybe from the CinePaint home page, as mentioned in the AC comment below? Quoted from that comment:
This statement is indeed present on the CinePaint home page: section "Where CinePaint Came From", middle of third paragraph. If the CinePaint home page propagates this rumor, then it is not surprising that people think that this is how it happened.
Yes, also I think that the grandparent poster should have a look at the latest stable version (2.2.9) or even take a look at the development version that contains many interesting improvements.
You are right about the attacks on the user environment and the fact that phishers have easier targets to play with (for the moment, at least). However, the problems in SSLv2 are not only in the weak encryption algorithms used, but also in the protocol itself. Basically, SSLv2 allows a man-in-the-middle attack, in which an attacker could fool both parties during the connection setup and therefore get everything in clear text without having to perform a brute force attack on the encrypted content.
It may be possible to combine this weakness of SSLv2 with various DNS poisoning attacks. This would allow an attacker to masquerade as the real web site while getting a copy of the passwords, account numbers used, etc. Of course it takes a bit more effort to set up such an SSL proxy and to perform the DNS attacks, but the results may be worth the effort. Especially if the current phishing tactics become increasingly inefficient due to the various anti-phishing solutions implemented in the newer browsers. With this kind of attack, the users would not even know that their confidential data has been stolen.
Even the official rules start with "VOID WHERE PROHIBITED".
I assume that the Mozilla guys are not sure about the legal status of such a contest in countries other than US, Canada and members of the EU. They probably limit the contest to those countries to cover their own backs.
Well, the grandparent poster confused them and I should have been more careful in my reply. Also, some reports appear to be contradictory about whether or not the rootkit part is disabled or completely removed. On the F-Secure weblog, they write that the hiding part of the rootkit (the aries.sys) is removed by the update. I suppose that I should believe them, but the information available from various sources is a bit confusing and I do not want to cripple my own system by installing that rootkit+DRM and checking what is left after I run the "service pack". I hope that this whole mess will be clearer in a couple of days and that some reliable information will be available from other places than just some blogs and their comments.
Anyway, the grandparent was hoping that the software that cripples your system (the daemon that checks what programs are running and modifies your CD driver) would be removed after the update. This is clearly not the case. It appears that the programs that consume resources and may break your system if you attempt to uninstall them are part of the DRM system, not part of the additional rootkit.
No, it doesn't. It just makes the files visible again, but leaves everything in place. It just removes the opportunity for virus writers to hide files by naming them $sys$foo. So you could consider that it removes the most dangerous part of the rootkit, but it still cripples your system (scanning active processes periodically) and cannot be uninstalled easily.
It does not have to do that, as the original DRM software ("rootkit") is still in place. That one consumes resources already, so there is no need to consume even more resources with another daemon. As the DRM software is still running, re-inserting the CD will not change anything because the software will detect that it is already installed. The only difference is that the files are visible instead of being hidden.
This is irrelevant, as they do not uninstall the DRM software. So it still counts the number of copies that you make. If you have already made your three copies before applying the "service pack", then you will have none left afterwards. Guess why they do not make it easy to uninstall the software?
By the way, here is a translation of that law in English: Law No. 94-665 of 4 August 1994 relative to the use of the French language.
Also related, and a bit more on-topic for this story, is the law passed two years later requiring all of the country's 1,300 FM radio stations to play at least 40 percent French songs.
Yes, that's probably why France passed a law ten years ago requiring all documentation related to conferences held in France to be written in French and only optionally translated to other languages, including if all speakers and participants in the conference speak English and if only a few of them are French or understand French. Depending on who organizes the conference, it may also be required to provide translations in French during the presentations, if the presentations are in English or some other language.
See article 6 of the (in)famous "Loi Toubon", Loi n 94-665 du 4 août 1994 Relative à l'emploi de la langue française (in French, of course).
Doxygen is a good tool for many languages. It works best for C++, but it also has some limited support for PHP, which is in your list of requirements. There is also a fork of Doxygen called DoxyS. It generates prettier output for C++ but may not support the other languages as well as Doxygen. Another tool inspired by Javadoc is PHPDoc for PHP code. However, it does not seem to be actively developed anymore.
For plain C code, I prefer gtk-doc, which generates better output than Doxygen (IMHO, and for C only). You can see an example of the gtk-doc output by browsing the GTK+ API documentation.
Since you also mention Visual Basic, you could have a look at VBDOX. I haven't tried it myself so I don't know if it works well. There are some screenshots on their site, so maybe you should have a look and decide if you like the results.
My employer doesn't mind people reading slashdot as long as it is only a few minutes per day. However, they do mind when some employees use anonymizers to secretly download gigabytes of porn using the company's bandwidth or use them to perform other kinds of online activities that are not business-related.
I don't like these filters that prevent me from accessing some sites. However, they are a lesser evil and they reduce the potential abuses of the resources offered by the company. It is possible (and even relatively easy) to bypass them, but at least this extra step makes people think twice about whether they really want to access some blocked sites.
That may make some readers happy, but not all of them. My employer blocks access to the coral cache and to some other public proxies that can be used as anonymizers. If all links were automatically coralized, reading slashdot would become painful because I would have to edit every link in order to be able to view it, including links to sites that are not slashdotted. So for those who have similar "no anonymizers" policies at work or at school, the problem would be worse than it is currently because all links would be blocked, not just a few.
Keep in mind that most "big" sites linked from Slashdot do want direct links to them, so that they can benefit from their ads, etc. So linking unconditionally to a cached version would not make everybody happy, even if it would certainly help many smaller sites that can be badly hurt by slashdot..
What would be great is to include both links (original and coralized) for every link included in an article. Just like logged in users can choose in their preferences to display the domain name next to each link posted in a comment, it could be possible to hide the "(cache)" links that would appear by default next to each link on the home page. With this solution, it would be trivial for readers to switch to the cache if a site gets slashdotted.
How often does that happen? In the last millenium, some texts had headlines typed in all caps. But nowadays, any word processor allows you to define a style for all your headlines and among the options you can select "all caps". Even HTML+CSS2 allows you to do that. So why would a typist have to use caps lock? Except for some trademarks or acronyms that can appear in the middle of a text, there is little need today to type more than a few capitalized letters in a text. I don't think that the caps lock key deserves the valuable space that it takes on our keyboards.
It depends on where you live. In some cities/countries/parts of the world, you are expected to have three deadbolts on the door, or some other security features. Otherwise you end up paying very high insurance fees.
There is one thing that you forgot to mention in your analogy: collateral damage. If a thief breaks into your house and steals stuff, then you may have lost something but your neighbors should still be relatively safe. But with the Internet, if some cracker breaks into your PC and adds it to his botnet, your PC will soon be inflicting significant damage on your neighbors. Although the cracker is the one to blame for starting it, the lack of security on your PC will have contributed to the collateral damage.
Let's take another analogy and replace thieves with fire: let's imagine that because it is cheaper or easier, you decide to build your house using highly flamable materials. You live in a densely populated area and several of your neighbors decide to build their houses from highgly flamable materials for the same reasons (or some company starts selling prefab houses made of flamable materials and even gets a near-monopoly on that). Now comes a pyromaniac who sets your house on fire. Bad luck, in a few hours the whole city is destroyed or damaged. Now do you really think that the only one who will be blamed is the one who started the fire? I expect that some people will also complain about the damage caused indirectly by their neighbors.
You could think about other analogies in the same vein, for example if houses could be built easily without solid foundations and if they could start falling down on each other like dominoes. I expect that some people would not be happy to have their neighbor's house falling on their own house, regardless of who pushed the first domino.
Hmmm... Did you check Gtk+ WebCore, sponsored by Nokia?
They also contributed a bit to Minimo although they probably do not consider it to be fully usable yet.
Yes, ipkg is nice. It is derived from Debian's dpkg. The good news for you is that maemo uses dpkg directly.
See for example the sections "Creating debian/ directory" and "Creating package" near the end of the howto for creating a new application. Another example can be found in the howto for porting an existing application.
Maemo is probably more open than you think...
That should not be necessary. I am a big fan of Familiar and GPE, having installed them on several iPAQs. You will recognize that Maemo and GPE have a lot of things in common such as GTK+, Matchbox and many other parts of their respective platforms (check the Maemo SDK for more info about the platform).
With Maemo, Nokia has done a great job in polishing the user interface and cleaning up several libraries. I don't think that replacing it with GPE would make much sense, as it would be a step backwards. On the other hand, I think that both projects can benefit from each other.
Minor variation to make things even worse: keep on generating random symetric keys every few seconds and encrypt them with the public key. This ensures that someone who manages to dump the memory while the worm is running has no chance to find the key that was used for encrypting some previous files. This also reduces the opportunities for a brute force attack on the symetric key (we have a large amount of known plain text in this case). Sending dozens or even hundreds of these encrypted keys by e-mail should not be a big deal.
Also, it may be better (or worse, if you take the right point of view) to give a set of public keys to the worm, instead of a single one. This ensures that if one public/private key pair is compromised through brute force (on the key or on its owner), there would still be other opportunities for extorsion.
Things are likely to get more interesting now that some moron has started to use this extorsion technique (even if he did not do it in the "right" way).
The fine mentioned by the EU is up to 5% of Microsoft's worldwide sales (the absolute maximum according to EU law is 10%). As they currently make about 100 million a day, that translates to about 5 million. I expect that more than 5% of their worldwide sales come from the EU, so they probably make more than 5 million a day in Europe.
This is mentioned briefly in the article. Compliance requires basically two things: distribute Windows without the Media Player and document the API or protocols used in some server products so that competitors can create products that can talk to Microsoft's products.
Personally, I am more interested in the second requirement as it could be beneficial to Linux and free/open source software. I also heard that the EU is not happy with the way Microsoft handled that part (restrictive licensing for the documentation) so there is hope that they will force Microsoft to be more open.
The idea of patents sounds nice in theory but does not work well in practice, especially for software patents. In exchange of publication of a new, non-obvious solution to a problem, the patent gives the inventor a temporary monopoly, protecting him/her against blatant copying by others. That's the theory.
However, it can easily be shown that for most of the software patents granted today, the threshold for novelty and inventive step are much too low, for claims that are much too broad. As a result, there is a lot of independent innovation that ends up being threatened because someone else happened to have filed a patent application for something similar a few months earlier.
This looks very much like a troll, but I will bite anyway: personally, I try to respect copyrights. This applies for the GPL as well as for the works that are protected by the RIAA, MPAA and others (i.e., movies, music, software, etc.).
If I disagree with the inflated prices of some items, then I just ignore them instead of trying to get an illegal copy. However, I disagree with the RIAA, MPAA and others when the methods that they use for protecting their copyrights interfere with my fair use rights. If I have purchased a CD or DVD, I want to be able to enjoy its contents on any of the devices that I own and I also want to be sure that I will be able to enjoy these contents in the future. So I prefer to buy CDs and DVDs that are not crippled by some annoying copy protection mechanism. I also buy some copy-protected things from time to time when the contents are worth it (so I'm not a zealot), but I tend to avoid them whenever I can. Not because I want to copy them but because I want to be able to listen to music, watch movies and use programs without having to get around the copy protection mechanism.
If you would pay a bit more attention to the people who post here, you would find that there are some people who respect copyrights without being hypocrites. This applies to the GPL as well as other things.
They do. 20:15 | 2003 Jun 02 17:45:00 | Mars Express. This was rated as a success although Beagle 2 failed, just like several other missions that sent data or images back even if they sent less than planned due to a malfunction in one of the instruments or probes.
Try a Google search for something like "C" and "obfuscator".
In this case, I think that the SVG spec is incomplete. It should have mentioned that serving gzipped SVG over HTTP should use "Content-Type: image/svg+xml" and also "Content-Encoding: gzip". See section 14.11 in RFC 2616 (HTTP/1.1) for details. While the information about the MIME type is correct and is not affected by the compression used, the information about encoding should have been mentioned in the spec.
The problem with the SVG image linked here is that the server is sending the compressed SVG file without specifying the Content-Encoding. Because of that, most browsers will not be able to read the file. That's why they recommend using Opera 8 for viewing it. I suppose that Opera 8 uses file sniffing as a fallback method and is able to detect that the file has been gzipped (just like most browsers can open a JPEG file even if it was sent with the MIME type image/gif).
The OOo case is a bit different because it uses the SISSL, not the CDDL. I vaguely remember that there were some problems with a previous version of the SISSL that kept people from using it. I'm not sure, though.
Less restrictive, yes. Less problematic, no. Both Sun and the GPL proponents are avoiding BSD-style licenses because they allow unscrupulous developers to grab the code and not give anything back. Even in the OOo case that you mentioned, the code for all modifications is still available. These modifications may not be re-licensed under the SISSL, but at least it is possible for anybody to look at how things were done and eventually re-implement that code if it is really useful. That would not have been possible with a BSD-style license.