Right-o, and while we're at it, we should ban pipe bombs. Oops, they're already illegal. The prisons can't keep prisoners from smuggling or building guns, what makes you think "gun control" can actually have any positive effect?
Our state has had concealed carry permits for several years now. There have been no shoot outs in the streets, no crimes committed by concealed carry permit holders.
More hype for the clueless. These "digital Sherlock Holmeses" are the alchemists of the digital age. They promise gold from lead, but all they're doing is relying on the gullibility of law enforcement and the courts. Their signature parlor trick is examining the swap file entrails of the suspect computer system--they rely on a security hole to work their magic. The forensic text search software that the courts recognize is awful (I've used one of the two--a DOS app compiled with Turbo C++) and can't even do regexs. Try finding the string "John Smith" without a regex when it was written into 16-bit integers or some other non-char scalar. The best I could testify to, based on the results produced by the program I used, was that I didn't find the string I was looking for--fortunately, the case didn't go to trial and I didn't have to sit in the box and sound like a moron. (No, I didn't have access to grep or Perl at the time, I had to use the DOS app).
As for a hacker "wiping out a disk" to cover his tracks, there is some real magic available there if you have the dough to pay for it. Last time I read, it was possible to get a decent read of data that had been written over as many as nine times.
These guys couldn't catch a real (cr|h)acker if their lives depended on it. They rely on the holes in unsecure Operating Systems and other widely-known and easily circumvented clues, like IP trails, to produce evidence. Bah, humbug.
The last time I checked, the owner of the parking lot still has the right to determine who can park where, if at all, the feds' misguided efforts to the contrary notwithstanding.
No one wants to keep disabled people from reading their web site, they're just steamed at everyone trying to tell them how they are to use their property.
So Red Hat, et al aren't really making money on Linux? The assumption is that when software is Free, no one will pay for a distribution disc and docs. The fact is, most users will run down to Best Buy (or their local IBM rep, depending on the context) and plunk down their change for the software, caring not a wit about source code or openness. This is fine, and shrink-wrap is probably the optimal way to get software to the majority of users who want "plug and play" and hand-holding. If tomorrow morning every package on the shelves at the local software stores included the source, I doubt most users would even know the difference.
It seems clear from the Apache docs that inted is sub-optimal and no longer supported:
From the Apache docs:
Invoking Apache On Unix, the httpd program is usually run as a daemon which executes continuously, handling requests. It is possible to invoke Apache by the Internet daemon inetd each time a connection to the HTTP service is made (use the [1]ServerType directive) but this is not recommended.
Also:
ServerType inetd has been deprecated. It still exists, but bugs are unlikely to be fixed.
Most importantly:
Inetd is the lesser used of the two options. For each http connection received, a new copy of the server is started from scratch; after the connection is complete, this program exits. There is a high price to pay per connection, but for security reasons, some admins prefer this option. Inetd mode is no longer recommended and does not always work properly. Avoid it if at all possible.
Well, how did you know of this? Were you there when the perform the tests?
The Mindcruft report does a pretty good job of explaining what they did and didn't do, although it implies that they posted requests for help from one end of Usenet to the other and received no responses. Their request for help was vague and not really very helpful. The only response said as much and advised the poster that their hardware was overkill. Experts on SAMBA, Apache and Linux administration have posted well substantiated critiques of the tests with specifics, if you search previous./ articles on this subject you'll find links to most of them.
The problem with the Mindcraft tests is that they didn't do their homework--this is clear. IMO, the best way to refute these test results would be for Mindcraft to take all the free advice they've received and run the them again, but I somehow doubt that will happen. Second best would be for VAR, Red Hat or some other Linux vendor to duplicate the tests and do everything the correct way, giving NT and Linux both the benefit of the best possible optimizations.
FWIW, what chaps my hide about the Mindcraft tests is that they didn't make it clear that they had no Linux experience and implied that the Usenet and Red Hat refused to help. Real world benchmarks aside, I've used Windows and I've used Linux--I know which one is expensive, hell to install, crashes constantly and is a pain to use. I have a strong suspicion that had Mindcraft done their homework, their test results would never have seen the light of day in the first place.
I don't see why Bountyware can't be made to work for desktop applications and the like. If the ISV lays the proper groundwork and makes some working code available from day one, a working GUI for a word processor for instance, it can spend its development resources at a higher level, reviewing submissions, supporting developers who are working on the project, etc.
As for product quality and correctness, I see no reason why the process would be any different with outside hackers. If an ISV thinks it can pay less attention to code developed in-house than it would to code developed by hackers, it's inviting trouble to begin with. Hackers would be driven by the same interests as employees or contractors; it would be in their best interest to produce quality work. One might argue that the incentive to produce innovative, tight, quality code would be greater with folks who are competing for a prize.
Granted, there are problems that will have to be worked out before Bountyware will work for larger, more demanding projects, but this is just a lack or tools and plain old experience.
Don't forget "bountyware." Sooner or later, I think this concept is going to catch on. Why waste millions developing a package when you can hang the requirements, basic design goals, and some stub code on your web site and let the hackers duke it out for the money?
What concerns me is not the government wanting to make their sites work for the disabled, it's Miss Simpson's assertion that "it's a basic right." It isn't. Do the government have a right to demand that companies doing business with them make their web sites conform to their standards? I don't know, I don't recall any legislation on this.
This whole thing may seem innocuous on its face, but the zealous do-gooders in the District of Corruption never stop with "good enough" and tend to take things to the extreme. I imagine this sillyness will be extended to the entire Internet in one way or another.
According to half-wit Simpson, quoted in this article,"this is...a civil rights issue." Since when did anyone have a "right" to the work of another person, or to force another to make his work meet their needs?
I can't help but think that this is just the beginning of federal meddling with the net.
The most important benefit of allowing slashdot readers to block authors who's material they dislike is the very pleasant side effect of the absence of their whining flames. Some folks feel obliged to spend ten minutes composing a tirade complaining that a feature editorial isn't worth the ten minutes spent reading it, rather than moving on and spending the time reading something they're interested in. This is a waste of the respondents' time, and other readers' time.
Since blocking was implemented, there have been fewer complaints overall, and that's a good thing, IMO.
I worked on a COBOL-to-C conversion several years ago, using Microport 286, of all things. There were two of us, the other programmer consistently wrote about five pages of code a day, I usually delivered about 1.5 to 2 pages. After about one week there was a confrontation about the disparity. I replied that my code compiled, ran, and worked as well as could be expected with stubs substituting for missing functionality. I asked the other programmer if she could make the same claims for her code--she couldn't. Did this make any difference? No, I was outta there.
About four years later I learned that one of the best C coders in our part of the world came in right behind me and met the same fate--last I heard, he was working for the Deathstar Company in Jersey--now I don't feel so bad, but at the time I was really pissed.
"Lines Of Code" ignores issues of efficiency, complexity, suitability for purpose, and stability. If LOC were any measure of quality, Windows would be the best code known to man. LOC is a bad metric that should die an excrutiatingly painful death.
The link to the WINE project provided in the article points to http://www.wine.com/, a site about fermented grape juice. More top-notch reporting. It also refers to WINE as an emulator. Ye Gods! Can't these reporters be bothered to do at least five minutes of research?!
Mr. Reilly forgot to incude his bio and email address with his article, so I'm posting them for your convenience:
Patrick Reilly, Research Associate and Editor, Foundation Watch, Organization Trends PReilly@capitalresearch.org Before joining CRC in 1997, Reilly was the executive director of Citizens for Educational Freedom, a national school choice advocacy group. He has bachelor's degrees in print journalism and political science from Fordham University and a master's in public administration from American University.
Microsoft are considering license and royalty fees
on
Open Source Windows
·
· Score: 3
This article at the SJ Mecury site gives a little more insight into Microsoft's thinking on the licensing issue, in short, licensing and royalty payments are being considered. Methinks BP and ESR should fire up their text editors and get busy firing off some preemptive letters warning about the use of the term "Open Source."
From the article: `There would be all kinds of issues that we would need to address first,'' noted David Cole, vice president of Microsoft's Web Client and Consumer Experience Division. ``We would have to find out how willing companies would be to give us the code they developed, how we would incorporate that code into our products, and what the licensing and royalty payments might be.''
Real journalists do their homework and wouldn't make such silly errors as referring to a "person" named AC.
Since there seem to be so few real journalists left in the world, why not put together a FAQ list for the press? Explain what slashdot is about, whatever is known of the user demographic (I think we know occupation and age, don't we?). Fill the clueless in on the identity of this mysterious, hyperkinetic "Anonymous Coward" person who seems to suffer from Attention Deficit Disorder and Tourette Syndrome, but sometimes shows signs of brilliance.
The FAQ could also direct writers to various sources of information on Linux, the BSDs, BeOS, etc.
My favorite has to be the under dash record player for 45 RPMs. The article complained about the lack of a changer--the more things change, the more they stay the same.
Thanks for the "Open Source" web page Al, but how about "open source" government?
No more back room deals in congress.
Everything above board, all campaign contributions and their sources must be fully reported.
No more lobbyists.
It really chaps my hide when these political weasels think we're supposed to kiss their rings because they throw around a buzzword or two. Does this guy have a clue? Doesn't he realize that only a relative handful of people even understand what "Open Source" is, and that we few see right through the blatant misuse of the term? Has this guy ever touched a keyboard outside of a few grade school photo ops?
You're missing the point, which is to encourage corporate ISVs to adopt Open Source or some variant concept as their model for the development, distribution and licensing of software.
Not all ISVs are going to adopt Open Source, but most probably will when it becomes clear that market pressures make it a risk not to. If you don't think Open Source is putting pressure on the Microsofts of the world, you haven't been paying attention in class.
I wonder if it wouldn't be better to establish a smaller group (500-1000) of moderators who knew that abuses would be more noticeable and that they were accountable for the way they used the privilege, rather than a larger group who felt less restricted or weren't as clear on what should and shouldn't be moderated up or down?
It seems to me that the latter would invite "piling on" in some cases, while the former would encourage more judicious moderation.
Maybe judgments of appropriateness should be separated from ratings based on popularity. For example, allow all users to score posts they like but allow only moderators to down posts that are "bad."
Wouldn't the "post or moderate" concept work better if moderators were simply restricted from moderating replies to their comments, rather than all comments? If a user is considered worthy of moderator status based upon the overall value of his comments, shouldn't slashdot encourage his input as well as his moderation, limiting moderation only when he might be most inclined to abuse it to subvert dissenting opinions?
I wouldn't want to see those with a proven track record forced to choose between moderation and input except where it makes sense.
* An embargo will make Serbia poorer, but won't by itself remove Milosevic. You can be a dictator in a poor country as well; in fact, it's easier.
Exactly. Look at the effect of trade restrictions against Cuba. Cubans have suffered terrible economic decline since the 60s. Castro owns the media, so he plays this up as evil U.S. imperialism and makes himself the hero. No matter what a Cuban thinks of Castro, how could he not resent the U.S. to some degree for making him, his family and friends suffer? As the old saying goes, "The devil ya' know is better than the devil ya' don't know."
I thought perhaps at least someone would catch the irony. (Almost) unlimited power, wielded remotely without consequence or risk of personal harm is a very dangerous thing. Got a problem? Fire a cruise missle. Bad headlines? Blow up an aspirin factory.
Ok, maybe I was being a bit of a smartass, but it's a valid point.
Does Pres. Clinton remind anyone else of the evil, Klingonish Captain Kirk from the parallel universe who had the cool viewer/zapper installed in his quarters so he could remotely observe his crew members and/or zap them into oblivion with a push of a button (he even has the concubine, 'cept the one in the STTFG episode was much better looking)?
Slashdot Mirror
Right-o, and while we're at it, we should ban pipe bombs. Oops, they're already illegal. The prisons can't keep prisoners from smuggling or building guns, what makes you think "gun control" can actually have any positive effect?
Our state has had concealed carry permits for several years now. There have been no shoot outs in the streets, no crimes committed by concealed carry permit holders.
More hype for the clueless. These "digital Sherlock Holmeses" are the alchemists of the digital age. They promise gold from lead, but all they're doing is relying on the gullibility of law enforcement and the courts. Their signature parlor trick is examining the swap file entrails of the suspect computer system--they rely on a security hole to work their magic. The forensic text search software that the courts recognize is awful (I've used one of the two--a DOS app compiled with Turbo C++) and can't even do regexs. Try finding the string "John Smith" without a regex when it was written into 16-bit integers or some other non-char scalar. The best I could testify to, based on the results produced by the program I used, was that I didn't find the string I was looking for--fortunately, the case didn't go to trial and I didn't have to sit in the box and sound like a moron. (No, I didn't have access to grep or Perl at the time, I had to use the DOS app).
As for a hacker "wiping out a disk" to cover his tracks, there is some real magic available there if you have the dough to pay for it. Last time I read, it was possible to get a decent read of data that had been written over as many as nine times.
These guys couldn't catch a real (cr|h)acker if their lives depended on it. They rely on the holes in unsecure Operating Systems and other widely-known and easily circumvented clues, like IP trails, to produce evidence. Bah, humbug.
The last time I checked, the owner of the parking lot still has the right to determine who can park where, if at all, the feds' misguided efforts to the contrary notwithstanding.
No one wants to keep disabled people from reading their web site, they're just steamed at everyone trying to tell them how they are to use their property.
So Red Hat, et al aren't really making money on Linux? The assumption is that when software is Free, no one will pay for a distribution disc and docs. The fact is, most users will run down to Best Buy (or their local IBM rep, depending on the context) and plunk down their change for the software, caring not a wit about source code or openness. This is fine, and shrink-wrap is probably the optimal way to get software to the majority of users who want "plug and play" and hand-holding. If tomorrow morning every package on the shelves at the local software stores included the source, I doubt most users would even know the difference.
Putting it in inetd allows the use of tcpd.
It seems clear from the Apache docs that inted is sub-optimal and no longer supported:
From the Apache docs:
Invoking Apache On Unix, the httpd program is usually run as a daemon which executes continuously, handling requests. It is possible to invoke Apache by the Internet daemon inetd each time a connection to the HTTP service is made (use the [1]ServerType directive) but this is not recommended.
Also:
ServerType inetd has been deprecated. It still exists, but bugs are unlikely to be fixed.
Most importantly:
Inetd is the lesser used of the two options. For each http connection received, a new copy of the server is started from scratch; after the connection is complete, this program exits. There is a high price to pay per connection, but for security reasons, some admins prefer this option. Inetd mode is no longer recommended and does not always work properly. Avoid it if at all possible.
Well, how did you know of this?
Were you there when the perform the tests?
The Mindcruft report does a pretty good job of explaining what they did and didn't do, although it implies that they posted requests for help from one end of Usenet to the other and received no responses. Their request for help was vague and not really very helpful. The only response said as much and advised the poster that their hardware was overkill. Experts on SAMBA, Apache and Linux administration have posted well substantiated critiques of the tests with specifics, if you search previous ./ articles on this subject you'll find links to most of them.
The problem with the Mindcraft tests is that they didn't do their homework--this is clear. IMO, the best way to refute these test results would be for Mindcraft to take all the free advice they've received and run the them again, but I somehow doubt that will happen. Second best would be for VAR, Red Hat or some other Linux vendor to duplicate the tests and do everything the correct way, giving NT and Linux both the benefit of the best possible optimizations.
FWIW, what chaps my hide about the Mindcraft tests is that they didn't make it clear that they had no Linux experience and implied that the Usenet and Red Hat refused to help. Real world benchmarks aside, I've used Windows and I've used Linux--I know which one is expensive, hell to install, crashes constantly and is a pain to use. I have a strong suspicion that had Mindcraft done their homework, their test results would never have seen the light of day in the first place.
I don't see why Bountyware can't be made to work for desktop applications and the like. If the ISV lays the proper groundwork and makes some working code available from day one, a working GUI for a word processor for instance, it can spend its development resources at a higher level, reviewing submissions, supporting developers who are working on the project, etc.
As for product quality and correctness, I see no reason why the process would be any different with outside hackers. If an ISV thinks it can pay less attention to code developed in-house than it would to code developed by hackers, it's inviting trouble to begin with. Hackers would be driven by the same interests as employees or contractors; it would be in their best interest to produce quality work. One might argue that the incentive to produce innovative, tight, quality code would be greater with folks who are competing for a prize.
Granted, there are problems that will have to be worked out before Bountyware will work for larger, more demanding projects, but this is just a lack or tools and plain old experience.
Don't forget "bountyware." Sooner or later, I think this concept is going to catch on. Why waste millions developing a package when you can hang the requirements, basic design goals, and some stub code on your web site and let the hackers duke it out for the money?
What concerns me is not the government wanting to make their sites work for the disabled, it's Miss Simpson's assertion that "it's a basic right." It isn't. Do the government have a right to demand that companies doing business with them make their web sites conform to their standards? I don't know, I don't recall any legislation on this.
This whole thing may seem innocuous on its face, but the zealous do-gooders in the District of Corruption never stop with "good enough" and tend to take things to the extreme. I imagine this sillyness will be extended to the entire Internet in one way or another.
According to half-wit Simpson, quoted in this article,"this is...a civil rights issue." Since when did anyone have a "right" to the work of another person, or to force another to make his work meet their needs?
I can't help but think that this is just the beginning of federal meddling with the net.
God save us from clueless bureaucrats.
The most important benefit of allowing slashdot readers to block authors who's material they dislike is the very pleasant side effect of the absence of their whining flames. Some folks feel obliged to spend ten minutes composing a tirade complaining that a feature editorial isn't worth the ten minutes spent reading it, rather than moving on and spending the time reading something they're interested in. This is a waste of the respondents' time, and other readers' time.
Since blocking was implemented, there have been fewer complaints overall, and that's a good thing, IMO.
I worked on a COBOL-to-C conversion several years ago, using Microport 286, of all things. There were two of us, the other programmer consistently wrote about five pages of code a day, I usually delivered about 1.5 to 2 pages. After about one week there was a confrontation about the disparity. I replied that my code compiled, ran, and worked as well as could be expected with stubs substituting for missing functionality. I asked the other programmer if she could make the same claims for her code--she couldn't. Did this make any difference? No, I was outta there.
About four years later I learned that one of the best C coders in our part of the world came in right behind me and met the same fate--last I heard, he was working for the Deathstar Company in Jersey--now I don't feel so bad, but at the time I was really pissed.
"Lines Of Code" ignores issues of efficiency, complexity, suitability for purpose, and stability. If LOC were any measure of quality, Windows would be the best code known to man. LOC is a bad metric that should die an excrutiatingly painful death.
The link to the WINE project provided in the article points to http://www.wine.com/, a site about fermented grape juice. More top-notch reporting. It also refers to WINE as an emulator. Ye Gods! Can't these reporters be bothered to do at least five minutes of research?!
Mr. Reilly forgot to incude his bio and email address with his article, so I'm posting them for your convenience:
Patrick Reilly, Research Associate and Editor, Foundation Watch, Organization Trends
PReilly@capitalresearch.org
Before joining CRC in 1997, Reilly was the executive director of Citizens for Educational Freedom, a national school choice advocacy group. He has bachelor's degrees in print journalism and political science from Fordham University and a master's in public administration from American University.
This article at the SJ Mecury site gives a little more insight into Microsoft's thinking on the licensing issue, in short, licensing and royalty payments are being considered. Methinks BP and ESR should fire up their text editors and get busy firing off some preemptive letters warning about the use of the term "Open Source."
From the article:
`There would be all kinds of issues that we would need to address first,'' noted David Cole, vice president of Microsoft's Web Client and Consumer Experience Division. ``We would have to find out how willing companies would be to give us the code they developed, how we would incorporate that code into our products, and what the licensing and royalty payments might be.''
Real journalists do their homework and wouldn't make such silly errors as referring to a "person" named AC.
Since there seem to be so few real journalists left in the world, why not put together a FAQ list for the press? Explain what slashdot is about, whatever is known of the user demographic (I think we know occupation and age, don't we?). Fill the clueless in on the identity of this mysterious, hyperkinetic "Anonymous Coward" person who seems to suffer from Attention Deficit Disorder and Tourette Syndrome, but sometimes shows signs of brilliance.
The FAQ could also direct writers to various sources of information on Linux, the BSDs, BeOS, etc.
My favorite has to be the under dash record player for 45 RPMs. The article complained about the lack of a changer--the more things change, the more they stay the same.
Thanks for the "Open Source" web page Al, but how about "open source" government?
It really chaps my hide when these political weasels think we're supposed to kiss their rings because they throw around a buzzword or two. Does this guy have a clue? Doesn't he realize that only a relative handful of people even understand what "Open Source" is, and that we few see right through the blatant misuse of the term? Has this guy ever touched a keyboard outside of a few grade school photo ops?
You're missing the point, which is to encourage corporate ISVs to adopt Open Source or some variant concept as their model for the development, distribution and licensing of software.
Not all ISVs are going to adopt Open Source, but most probably will when it becomes clear that market pressures make it a risk not to. If you don't think Open Source is putting pressure on the Microsofts of the world, you haven't been paying attention in class.
I wonder if it wouldn't be better to establish a smaller group (500-1000) of moderators who knew that abuses would be more noticeable and that they were accountable for the way they used the privilege, rather than a larger group who felt less restricted or weren't as clear on what should and shouldn't be moderated up or down?
It seems to me that the latter would invite "piling on" in some cases, while the former would encourage more judicious moderation.
Maybe judgments of appropriateness should be separated from ratings based on popularity. For example, allow all users to score posts they like but allow only moderators to down posts that are "bad."
Wouldn't the "post or moderate" concept work better if moderators were simply restricted from moderating replies to their comments, rather than all comments? If a user is considered worthy of moderator status based upon the overall value of his comments, shouldn't slashdot encourage his input as well as his moderation, limiting moderation only when he might be most inclined to abuse it to subvert dissenting opinions?
I wouldn't want to see those with a proven track record forced to choose between moderation and input except where it makes sense.
* An embargo will make Serbia poorer, but won't by itself remove Milosevic. You can be a dictator in a poor country as well; in fact, it's easier.
Exactly. Look at the effect of trade restrictions against Cuba. Cubans have suffered terrible economic decline since the 60s. Castro owns the media, so he plays this up as evil U.S. imperialism and makes himself the hero. No matter what a Cuban thinks of Castro, how could he not resent the U.S. to some degree for making him, his family and friends suffer? As the old saying goes, "The devil ya' know is better than the devil ya' don't know."
I thought perhaps at least someone would catch the irony. (Almost) unlimited power, wielded remotely without consequence or risk of personal harm is a very dangerous thing. Got a problem? Fire a cruise missle. Bad headlines? Blow up an aspirin factory.
Ok, maybe I was being a bit of a smartass, but it's a valid point.
Does Pres. Clinton remind anyone else of the evil, Klingonish Captain Kirk from the parallel universe who had the cool viewer/zapper installed in his quarters so he could remotely observe his crew members and/or zap them into oblivion with a push of a button (he even has the concubine, 'cept the one in the STTFG episode was much better looking)?