Ummm... emmett? Maybe you need to read slashdot a little more? This was posted just over a month ago by CmdrTaco under the title Open Source's Achilles Heel. (Originally submitted by Tony Shepp).
How do I know they won't take my signature and append it to some order for 200 computers? I don't know, it seems like there are a lot of problems with this idea.
You're wrong, because digital signatures don't work that way. The way to use digital signatures would be to have you sign your order. A digital signature is different from your meatspace signature: it relates to what is being signed. Don't forget, that digital signatures do two things: they authenticate the sender (yes, it was you who signed this) and they authenticate the message (yes, this is what you signed). So if outpost asked you to sign your order for 17 mousepads and then took that signature and put it on an order for 200 computers, the signature would not check out.
This is something people keep saying. The GPL DOES NOT in ANY WAY *FORCE* you to release your code.
What it does say is that if you *DO* want to release your code that includes GPL code, that you MUST abide by the GPL. IF you cannot or will not, you simply cannot release it. IF you had already released it, and realize that it wasn't legal, you must stop releasing it. Period. Nothing will put you in a position of forcing you to release your code.
Just to make sure this perfectly clear, what you say is correct, as long as your definition of "release" includes binary distributions. Simply put, if you use GPL code, if you would like to share the fruits of your labor with the world, in an open source way. The GPL has no provisions for binary only releases.
I think that Sun (which few people know stands for Stanford University Networks.) is one of the coolest names/acronyms, not to mention logos out there.
There was a company known as RDI in Virginia. They were/are a software consulting house. They payed half-a-million bucks for an image overhaul. They firm they hired came up with "Gineer", short for engineer. One of my former bosses told me this story (he used to work there), saying that the management thought that market leaders didn't have TLA's anymore. Ummm... hello??? IBM, AT&T, MCI, Sun?
I think that regardless of fault or motive in this case, it underscores an essential point that has been lost in all the new economy, "all services will be free and subsidized by advertising", hype: trust.
As email becomes an increasingly important tool of the masses (this is your dad's email!), we're going to see more issues like this. When someone signs up with Juno or Hotmail or Email.com or Yahoo! mail or any of 200 other free email services, they are putting all that personal, private data in someone else's hands. I argue this point with many people, and they say, "I don't care... there's nothing important in my email, anyway." They are, of course, missing the point. What if you're emailing your doctor about your HIV infection and your email provider (or an employee within them... the company doesn't have to be the culprit necessarily) turns you in for a bounty to your insurance company. I mean, really, it's like using a company phone... you're personal correspondence is on resources that you do not control. Needless to say, this doesn't surprise me in the least and I think this is only the tip of the iceberg. As we have seen in the excellent accounts of the failures of Truste, these companies are willing to go to great lengths to collect this data, and I wouldn't put it past to change their "privacy" policy to include the fact that they can use the content of your messages for whatever they choose; they would take this step and not bother to inform their users.
I don't want to get off on a rant here... so I won't. I was beginning to get a little too lunatic fringe there.
The point is that people need to made aware they need to have trust in their providers. Call me a little paranoid, but my email ends up on a box sitting on one end of DSL line in a friend's apartment. The box runs OpenBSD and is tighter than a frog's ass. I know who runs the box. I know who has accounts on the box. I trust them.
I'm not advocating an "everything must be encrypted" stance (but I wouldn't call it a bad idea). This is not a security issue so much as it is an issue of understanding the nature and motives behind the relationships this new age is birthing.
Back in '97, Wired did a feature on PG. The original Gutenberg ftp site was hosted on a UIUC machine. I have some friends who were there at the time, and have regaled me with stories of what a pain in the ass the guy was. The FTP site that is alluded in this article by one Mark Zinzow was on a machine, mrcnext (which no longer exists but still has a DNS entry) adminned by a friend of mine at one point. Anyway, the point is, this article has a lot of interesting things to say about the Project and especially Michael Hart. Check it out.
See this post for the original BugTraq notification. Here are the two responses so far:
Date: Tue, 16 Nov 1999 09:36:44 +0000 From: "Alan J. Wylie" Subject: Re: Windows NT update carries bug To: BUGTRAQ@SECURITYFOCUS.COM
>>>>> "Ken" == Williams, Ken writes:
[snip] Ken> A software update for Microsoft's Windows NT operating system Ken> introduced a bug that could potentially cripple Lotus Notes Ken> unless companies compromise network security.
Ken> The bug in Windows NT Service Pack 6 prevents users from Ken> accessing Lotus Notes without administrator rights--the Ken> highest and broadest level of access typically reserved for Ken> network managers. [snip]
SP6 also stops VNC[1] from working unless run with administrator privileges. The error message is something like "error disabling Nagle's algorithm". This is apparently a result of a _tightening_ of security in the TCP/IP code.
For more discussion, see: http://www.uk.research.att.com/vnc/archives/1999 -11/0087.html
[1] an open source cross platform remote display system, http://www.uk.research.att.com/vnc/
-- Alan J. Wylie (Cyrano UK Ltd.) | mailto:alanw@cyrano.com http://www.cyrano.com | http://www.glaramara.freeserve.co.uk/
and
Date: Tue, 16 Nov 1999 11:32:46 -0500 From: Peter Kane Subject: Re: Windows NT update carries bug To: BUGTRAQ@SECURITYFOCUS.COM
This is not just a problem with Lotus notes. I found this problem also exists with Wall Data's "Rumba"
Also, Windows NT clustering is limited to failover ONLY. Linux is capable of distributed clustering ("Beowulf" technology 12), which can enhance system performance dramatically. Several of the world's 500 fastest supercomputers are in actuality Linux Beowulf clusters.
*sigh* "Clustering" in the context of the "Enterprise", the perspective that this article is written in does not mean Beowulf cluster. It means load balancing. It's not many machines working on the same problem in parallel, but many machines doing the same types of tasks at the same time, and making sure that load of these tasks is evenly distributed so that the overall throughput can be raised. Granted, it is conceptually similar to parallel supercomputing but in practice no one is putting together a Beowulf to use as a middle-tier application server.
This isn't what Microsoft told the Department of Justice. In court and under oath Microsoft officials maintain that Linux is a threat to Windows dominance. Today the claims are different.
Of course they said that! Cornered animals do all kinds of crazy shit! However, the judge didn't buy it, if Leigh had taken the time to actually read the Find ings of Fact, he would know this. (Start reading around item 50 for the relevant items).
For internet access, my server runs Netscape Communicator 4.51, Realplayer G2, ICQ Chat, IRC, AOL Instant Messenger, and various FTP clients and other tools
Come on! Be honest, there is no way that you're running the Real Player G2 for Linux... it doesn't exist! Take a look at the Minimum Requirements for the G2. You're stuck with RealPlayer 5.0 for Linux like the rest of us who don't like using Windows or Macintosh.
It makes me nuts. People who can't speak well would do better to remain silent than represent a group of people... badly.
It would be nice if people who knew what they were talking about would write these articles. This guy is way out of his league, and his ignorance of both Linux and the "Enterprise" computing space shines through like a cutting laser through Glad[tm] wrap.
To whit:
Also, Microsoft, when charting throughput of Internet Information Server vs. Linux+Apache carefully refrains from mentioning that it would take at least 5 incoming T1 lines attached to your Linux server before this scalability becomes a factor. How many "common customers" have 5 dedicated T1 lines feeding into a 4-processor server? I'm not sure I know of any.
Perhaps he has never heard of Dell? Or Barnes & Noble's? Those are two large IIS installations that I'm sure are using at least "5 incoming T-1 line". Which is not to say that there aren't Linux installations that are of the same scope (although they escape my mind in this moment). The point is saying that the Mindcraft benchmark is totally meaningless because most people don't need to scale that high is tantamount to saying, "Well, ummm, we do better on the low-end," which is true, but I wouldn't advertise it.
While the largest swap file size is 128 MB, you can mount as many as you need. However, most users do not use swap files at all; they use the more stable swap partition, and this is not limited in size.
This is flat out WRONG. Swap partitions, at least in 2.0.x could only be 128 MB. Yes, you could have multiple swap partitions.
Anyway... it just irks me, since this kind of sloppy advocacy just makes us all look like a bunch of idiots.
Yes, communists are not intrinsically evil in that joining the Communist Party does not make horns grow out of your head. But if you look at history, you'll see that communism turned out to be a particularly bad idea
Shame on you! Every coder knows that there is a difference between the idea and the implementation. It's been implemented rather badly... but that does not mean that the idea is a bad one.
Here's an idea: rather than use the GPL for all the components, use a BSD/Artistic style license. Why? The GPL prohibits the code from being used in classic "cathedral" closed source projects. Why is that important, you ask? Well, if there were enough free (speech and beer) libraries do, oh, say, anything on Linux or *BSD, they suddenly become a much more attractive development platform than they already are. Time to market and cost of development drop through the floor. Linux and BSDs market share shoot through the roof as they become the preferred developer platform... since it's so damn easy to write code for a platform with extensive libraries.
And the upshot of it all is that it means less messing around with Microsoft products and more jobs working in the environments we love!
Notice that I said, in my orginal comment, that I doubted its existence. I thought perhaps he was using literary exageration and longer, yet smaller than 300-some-odd page manuscript existed.
Does it really seem all that unlikely that someone who really hated Microsoft would not take the time to write something like this, albeit > 300 pages being a little long? I'll bet that there the original "script" to TBWP was not even that long.
In the story, he mentions: What follows is an edited transcript of that footage. Fortunately, I was able to cut the transcript, which was 385 pages, down to a half page by removing the profanity.
Is this thing really out there? Does anyone know where to find it if so? I would love to have this whole thing. It seems unlikely, given the tongue-in-cheek numbers, but I wonder if Petreley wrote it himself or got it from somwhere else.
Plenty of comapnies rue the day when they lose such important brand identification.
Yeah, but they should be happy, too. It gives them incredible brand recognition. I think that every company's dream should be losing their trademark from dilution.
But wasn't Freeside in Gibson's Neuromancer (1984 if I'm correct) a data haven, among other things?
Couldn't tell you... it's been years since I read Neuromancer. My point was not that Sterling was the first to come up with it, but that he was using it before Stephenson. Perhaps I should I have stated that better... but I was going for a little controversy in the post title.:)
While this interesting (but not surprising) move by the major OEMs does spell some trouble for Microsoft (which sounds like some good news to me... maybe they'll fix some bugs now to gain market share), it's still not what I would really like: to be able to buy a Gateway or Dell (I really don't like Compaqs) with NO OS installed. I like some of the systems that said companies produce, I like the warranties and support that they have on their hardware (much easier than having to deal with 8 different vendors when things break... you can just call Gateway and say, "it's broken," and they send you new one). I just hate having to pay for software that I'm not going to use.
I understand why they don't support other OSes. Most people who are calling with problems are completely clueless, so their support techs have to walk them through troubleshooting. (They have to do this so that they're not replacing hardware when it's just software configuration problems). Now imagine if you're (well, not you... you wouldn't be this dumb) running the latest version of, say, OpenBSD on your new Dell, and you can't get sound to work. You call them up, the tech says, "Uh... click on start." And you say, "Uh... no." You actually don't know if the card is broken (unless you've confirmed this in an OS that is officially supported by the hardware vendor). Gateway doesn't know if you're right, lying, or stupid. Are they going to ship you a $110 piece of hardware because you think it's broken? Heh, no.
So as much as it would be nice, I don't see the OEMs spending money to support other OSes that represent microscopic market share.
Not to in any way diminish Mr. Stephenson, who is one hell of an author, he was not the first to come up with the concept of the "Data haven". As early as 1988, Bruce Sterling imagined the concept with his Jamaican "Data Pirates" in Islands in the Net.
However, Neil does get points for predicting the right hemisphere.:)
As much as how every article on/. has a comment saying "Man, I'd like a Beowulf of these babies," most of the people saying that never will have a Beowulf or a need for a clustered system. (I mean, come ON, what would you, personally, use all that computing power for?)
Oh, I don't know... say, a Beowulf and a CD-ROM jukebox that could take in 200 CDs and spit out CDs filled with MP3s of the CDs in under an hour.
I hope that the reason that this article isn't showing up for me (but the comments are) is not some three-letter agency's new filtering software installed on all routers, but just a bug in./
Some very interesting discussion about AntiSniff took place on the bugtraq mailing list; here are the relevant threads (and yes, there is already an AntiAntiSniff Sniffer:) :
"I'm afraid to close my eyes, I'm afraid to open my eyes"*rapid-nostril-flare*
--
Re:Problems I've had with RH 6 (mostly gnome relat
on
Red Hat Growing Pains
·
· Score: 1
Go to a shell somewhere. su to root. Edit the file/etc/inittab. You will find a section that looks like this:
# Default runlevel. The runlevels used by RHS are: # 0 - halt (Do NOT set initdefault to this) # 1 - Single user mode # 2 - Multiuser, without NFS (The same as 3, if you do not have networking) # 3 - Full multiuser mode # 4 - unused # 5 - X11 # 6 - reboot (Do NOT set initdefault to this) # id:5:initdefault:
Change id:5:initdefault: to id:3:initdefault:
Save the file. Next time you reboot, you will be in text only mode, and should type 'startx' to bring up x.
Slashdot Mirror
Ummm... emmett? Maybe you need to read slashdot a little more? This was posted just over a month ago by CmdrTaco under the title Open Source's Achilles Heel. (Originally submitted by Tony Shepp).
--
You're wrong, because digital signatures don't work that way. The way to use digital signatures would be to have you sign your order. A digital signature is different from your meatspace signature: it relates to what is being signed. Don't forget, that digital signatures do two things: they authenticate the sender (yes, it was you who signed this) and they authenticate the message (yes, this is what you signed). So if outpost asked you to sign your order for 17 mousepads and then took that signature and put it on an order for 200 computers, the signature would not check out.
--
*FORCE* you to release your code.
What it does say is that if you *DO* want to release your code that includes GPL
code, that you MUST abide by the GPL. IF you cannot or will not, you simply cannot
release it. IF you had already released it, and realize that it wasn't legal, you must
stop releasing it. Period.
Nothing will put you in a position of forcing you to release your code.
Just to make sure this perfectly clear, what you say is correct, as long as your definition of "release" includes binary distributions . Simply put, if you use GPL code, if you would like to share the fruits of your labor with the world, in an open source way. The GPL has no provisions for binary only releases.
--
Half-a-hundred... that would be, umm, 50?
--
I think that Sun (which few people know stands for S tanford U niversity N etworks.) is one of the coolest names/acronyms, not to mention logos out there.
--
NT (which, officially doesn't stand for anything) has always struck me as kind of silly.
--
There was a company known as RDI in Virginia. They were/are a software consulting house. They payed half-a-million bucks for an image overhaul. They firm they hired came up with "Gineer", short for engineer. One of my former bosses told me this story (he used to work there), saying that the management thought that market leaders didn't have TLA's anymore. Ummm... hello??? IBM, AT&T, MCI, Sun?
--
I think that regardless of fault or motive in this case, it underscores an essential point that has been lost in all the new economy, "all services will be free and subsidized by advertising", hype: trust.
As email becomes an increasingly important tool of the masses (this is your dad's email!), we're going to see more issues like this. When someone signs up with Juno or Hotmail or Email.com or Yahoo! mail or any of 200 other free email services, they are putting all that personal, private data in someone else's hands. I argue this point with many people, and they say, "I don't care... there's nothing important in my email, anyway." They are, of course, missing the point. What if you're emailing your doctor about your HIV infection and your email provider (or an employee within them... the company doesn't have to be the culprit necessarily) turns you in for a bounty to your insurance company. I mean, really, it's like using a company phone... you're personal correspondence is on resources that you do not control. Needless to say, this doesn't surprise me in the least and I think this is only the tip of the iceberg. As we have seen in the excellent accounts of the failures of Truste, these companies are willing to go to great lengths to collect this data, and I wouldn't put it past to change their "privacy" policy to include the fact that they can use the content of your messages for whatever they choose; they would take this step and not bother to inform their users.
I don't want to get off on a rant here... so I won't. I was beginning to get a little too lunatic fringe there.
The point is that people need to made aware they need to have trust in their providers. Call me a little paranoid, but my email ends up on a box sitting on one end of DSL line in a friend's apartment. The box runs OpenBSD and is tighter than a frog's ass. I know who runs the box. I know who has accounts on the box. I trust them.
I'm not advocating an "everything must be encrypted" stance (but I wouldn't call it a bad idea). This is not a security issue so much as it is an issue of understanding the nature and motives behind the relationships this new age is birthing.
--
Back in '97, Wired did a feature on PG. The original Gutenberg ftp site was hosted on a UIUC machine. I have some friends who were there at the time, and have regaled me with stories of what a pain in the ass the guy was. The FTP site that is alluded in this article by one Mark Zinzow was on a machine, mrcnext (which no longer exists but still has a DNS entry) adminned by a friend of mine at one point. Anyway, the point is, this article has a lot of interesting things to say about the Project and especially Michael Hart. Check it out.
--
and
--
*sigh* "Clustering" in the context of the "Enterprise", the perspective that this article is written in does not mean Beowulf cluster. It means load balancing. It's not many machines working on the same problem in parallel, but many machines doing the same types of tasks at the same time, and making sure that load of these tasks is evenly distributed so that the overall throughput can be raised. Granted, it is conceptually similar to parallel supercomputing but in practice no one is putting together a Beowulf to use as a middle-tier application server.
Of course they said that! Cornered animals do all kinds of crazy shit! However, the judge didn't buy it, if Leigh had taken the time to actually read the Find ings of Fact, he would know this. (Start reading around item 50 for the relevant items).
Come on! Be honest, there is no way that you're running the Real Player G2 for Linux... it doesn't exist! Take a look at the Minimum Requirements for the G2. You're stuck with RealPlayer 5.0 for Linux like the rest of us who don't like using Windows or Macintosh.
It makes me nuts. People who can't speak well would do better to remain silent than represent a group of people... badly.
--
It would be nice if people who knew what they were talking about would write these articles. This guy is way out of his league, and his ignorance of both Linux and the "Enterprise" computing space shines through like a cutting laser through Glad[tm] wrap.
To whit:
Also, Microsoft, when charting throughput of Internet Information Server vs. Linux+Apache carefully refrains from mentioning that it would take at least 5 incoming T1 lines attached to your Linux server before this scalability becomes a factor. How many "common customers" have 5 dedicated T1 lines feeding into a 4-processor server? I'm not sure I know of any.
Perhaps he has never heard of Dell? Or Barnes & Noble's? Those are two large IIS installations that I'm sure are using at least "5 incoming T-1 line". Which is not to say that there aren't Linux installations that are of the same scope (although they escape my mind in this moment). The point is saying that the Mindcraft benchmark is totally meaningless because most people don't need to scale that high is tantamount to saying, "Well, ummm, we do better on the low-end," which is true, but I wouldn't advertise it.
While the largest swap file size is 128 MB, you can mount as many as you need. However, most users do not use swap files at all; they use the more stable swap partition, and this is not limited in size.
This is flat out WRONG. Swap partitions, at least in 2.0.x could only be 128 MB. Yes, you could have multiple swap partitions.
Anyway... it just irks me, since this kind of sloppy advocacy just makes us all look like a bunch of idiots.
--
Yes, communists are not intrinsically evil in that joining the Communist Party does not make horns grow out of your head. But if you look at history, you'll see that communism turned out to be a particularly bad idea
Shame on you! Every coder knows that there is a difference between the idea and the implementation. It's been implemented rather badly... but that does not mean that the idea is a bad one.
--
Here's an idea: rather than use the GPL for all the components, use a BSD/Artistic style license. Why? The GPL prohibits the code from being used in classic "cathedral" closed source projects. Why is that important, you ask? Well, if there were enough free (speech and beer) libraries do, oh, say, anything on Linux or *BSD, they suddenly become a much more attractive development platform than they already are. Time to market and cost of development drop through the floor. Linux and BSDs market share shoot through the roof as they become the preferred developer platform... since it's so damn easy to write code for a platform with extensive libraries.
And the upshot of it all is that it means less messing around with Microsoft products and more jobs working in the environments we love!
--
Notice that I said, in my orginal comment, that I doubted its existence. I thought perhaps he was using literary exageration and longer, yet smaller than 300-some-odd page manuscript existed.
Does it really seem all that unlikely that someone who really hated Microsoft would not take the time to write something like this, albeit > 300 pages being a little long? I'll bet that there the original "script" to TBWP was not even that long.
Anyway...
--
In the story, he mentions:
What follows is an edited transcript of that footage. Fortunately, I was able to cut the
transcript, which was 385 pages, down to a half page by removing the profanity.
Is this thing really out there? Does anyone know where to find it if so? I would love to have this whole thing. It seems unlikely, given the tongue-in-cheek numbers, but I wonder if Petreley wrote it himself or got it from somwhere else.
--
Plenty of comapnies rue the day when they lose such important brand identification.
Yeah, but they should be happy, too. It gives them incredible brand recognition. I think that every company's dream should be losing their trademark from dilution.
--
Couldn't tell you... it's been years since I read Neuromancer. My point was not that Sterling was the first to come up with it, but that he was using it before Stephenson. Perhaps I should I have stated that better... but I was going for a little controversy in the post title. :)
--
While this interesting (but not surprising) move by the major OEMs does spell some trouble for Microsoft (which sounds like some good news to me... maybe they'll fix some bugs now to gain market share), it's still not what I would really like: to be able to buy a Gateway or Dell (I really don't like Compaqs) with NO OS installed. I like some of the systems that said companies produce, I like the warranties and support that they have on their hardware (much easier than having to deal with 8 different vendors when things break... you can just call Gateway and say, "it's broken," and they send you new one). I just hate having to pay for software that I'm not going to use.
I understand why they don't support other OSes. Most people who are calling with problems are completely clueless, so their support techs have to walk them through troubleshooting. (They have to do this so that they're not replacing hardware when it's just software configuration problems). Now imagine if you're (well, not you... you wouldn't be this dumb) running the latest version of, say, OpenBSD on your new Dell, and you can't get sound to work. You call them up, the tech says, "Uh... click on start." And you say, "Uh... no." You actually don't know if the card is broken (unless you've confirmed this in an OS that is officially supported by the hardware vendor). Gateway doesn't know if you're right, lying, or stupid. Are they going to ship you a $110 piece of hardware because you think it's broken? Heh, no.
So as much as it would be nice, I don't see the OEMs spending money to support other OSes that represent microscopic market share.
*sigh*
--
Not to in any way diminish Mr. Stephenson, who is one hell of an author, he was not the first to come up with the concept of the "Data haven". As early as 1988, Bruce Sterling imagined the concept with his Jamaican "Data Pirates" in Islands in the Net.
However, Neil does get points for predicting the right hemisphere.
--
As much as how every article on /. has a comment saying "Man, I'd like a Beowulf of these babies," most of the people saying that never will have a Beowulf or a need for a clustered system. (I mean, come ON, what would you, personally, use all that computing power for?)
Oh, I don't know... say, a Beowulf and a CD-ROM jukebox that could take in 200 CDs and spit out CDs filled with MP3s of the CDs in under an hour.
--
I hope that the reason that this article isn't showing up for me (but the comments are) is not some three-letter agency's new filtering software installed on all routers, but just a bug in ./
--
Some very interesting discussion about AntiSniff took place on the bugtraq mailing list; here are the relevant threads (and yes, there is already an AntiAntiSniff Sniffer :) :
07/25/1999 - People start trying to figure out workarounds
07/25/1999 - Another discussion thread on AntiSniff and how it works.
07/25/1999 - The AntiAntiSniffer Sniffer is released: "All Hail The AntiAntiSniffer Sniffer!"
--
"Josh?" "Josh??" "JOSH!!!"
"I'm so, so, so, so, sorry."
"I'm afraid to close my eyes, I'm afraid to open my eyes"*rapid-nostril-flare*
--
Save the file. Next time you reboot, you will be in text only mode, and should type 'startx' to bring up x.
--