That's a great idea. The problem seems to be that legislators are unaware of the great things they are legislating away. Donating technology to increase awareness could be a better way to spend lobbying money than paying lawyers after the fact.
What about a variation of that idea: donating services? Imagine some open source app that helps senators get their job done better than proprietary software. Then imagine providing 24-hour support for it for free to.us.gov and including an "ad" for free software. What software would it be? It would have to be operating system independent and easy to install. It could make a major difference.
FYI: You still need to use the "mem=nopentium" kernel option if you're combining Mandrake, NVidia, and Athlon. My wife bought me Tux Racer for Christmas (yay!) but it crashed frequently at first, until I remembered to add that option to LILO. No crashes since. I learned about it from a Slashdot thread about a year ago.
If anyone knows of a real patch for this bug, a pointer would be much appreciated.
Unfortunately, zope.org has become a poor example of Zope. A replacement is in the works. I recommend checking out zopezen.org or the many sites on freezope.org.
I've been writing software for most of my life, so I've logged a lot of hours typing on a keyboard. The observation I've made is that my hands are a lot more comfortable if I only have to push one key at a time and if I move my hands (not just my fingers) a lot.
Jef is advocating the use of shift-space to enter a special mode, then entering commands while still holding the shift key. All this is designed to keep the hands on home row. This seems awfully uncomfortable.
Not long ago the "happy hacker" keyboard came out. My boss got one. At that time I realized I may be one of the few geeks who prefers the ten cursor keys over vi/emacs key sequences. Am I alone?:-)
That's a good point. Personally, I prefer bleeding edge over stability for my desktop boxes, so that must be why I choose Mandrake over Debian. It's generally pretty easy to fix the breakage.:-) If I were running a real server, I'd probably have a different mindset.
Ok, I see the usefulness of adherence to POSIX and support for multiple architectures. Thanks. Interestingly, no one has ever told me they preferred Debian for these reasons.
However, I don't understand why you added the Windows remark or the "Debian vs. everybody else" stereotype. You're making a lot of assumptions and undermining your own point.
Honest, I'm looking for an answer to this question.
I have a good deal of experience in Linux and software engineering (especially C, C++, Java, and Python). The sentiment I hear on Slashdot is that among the Linux distributions, I should use Debian, Slackware, or some other similar distribution that's "very stable" and "developer friendly".
But I don't understand why. I've learned how to do just about everything I need in Linux regardless of distribution. I don't see why one distribution should be more "stable" than another; what matters is the stability of the software itself. If there's a buffer overflow in the kernel, all distributions are affected.
So what I look for in a distribution is ease of installation and a breadth of precompiled software. In the words of MrOutlander, "Other than the sometimes daunting install process, Debian is one of the best linux distributions." To me, this seems contradictory. If it's hard to install, what gives Debian the edge that earns it the label "one of the best"? Other distributions have all the same software, and often more recent versions.
Mandrake's rpmdrake (graphical) and urpmi (text mode) utilities beat everything I've seen, especially "apt-get". (The only hurdle is getting your urpmi.cfg right.) Because Mandrake is the only distribution I know of that supplies these utilities, I choose Mandrake.
So I'm asking, sincerely, in what way is Debian superior to Mandrake?
I think you misunderstood. No one has to go through all those steps to set up KDE. These days you can pop in a CD and be running Linux, KDE, and hundreds of applications in a half hour without ever using the command line.
Those who want to squeeze more speed out of their system go through a process as described above. Eventually, the distribution makers figure out how to achieve the same extra performance, and everyone benefits.
If it were possible to do the same thing with Windows, lots of people would. I think it would make Bill G jealous, though. Maybe that's the real reason MS won't open their code.;-)
There are the right ways, then there is the easy, 99% effective way. The easy way is to search for very specific error message strings, which are sort of a fingerprint for most software. I compiled zlib then used "strings libz.a" to find these error messages:
too many length or distance symbols invalid literal/length code
A quick grep for one of those two strings reveals quite a number of statically linked versions of zlib in/usr/bin.
I realize that, but this particular attacker did not cover his tracks very well at all. And this advisory says it does not rule out the possibility of a root exploit.
All the clues point to this bug, but I have no scientific proof that this bug was the cause, so I can't say much more. Only that there was a chance.
According to the advisory, "Exploitability without an existing user account has not been proven but is not considered impossible."
I'm continuing my analysis and I'll reply to my original comment if and when I find out any more info.
FYI: my box may have been exploited by this
on
OpenSSH Local Root Hole
·
· Score: 4, Informative
Two weeks ago my Mandrake box, connected to a cable modem, was rooted. The only port open to eth0 was ssh (openssh-3.0.2p1). I analyzed the logs and they indicated someone had spent an hour trying to exploit various SSH bugs that have been fixed in the past. Then there was an 8 minute pause before "linsniffer" was installed and eth0 went into "promiscuous mode".
I haven't been able to verify openssh-3.0.2p1 was truly the cause, but it seems likely. This may have been the remote root exploit which the advisory "does not rule out".
Haha, you're right. In fact, the GPL is not on trial at all. If the court says "no, the GPL is not valid", then code sharks are still breaking the law because nothing else gives them the right to do what they're doing. The GPL has no bearing on copyright law. Code sharks are punished based on infringement of copyright law--regardless of software licenses.
The corporate control of Java has already lead to major problems. For instance, Sun's JDK 1.2.2 on RedHat and Mandrake Linux STILL has a bug that prevents all InstallAnywhere installers from working. In the open source world that would be inexcusable--ZeroG, Sun, or anyone who uses InstallAnywhere would get it fixed. And there are a lot of InstallAnywhere users.
I came to Java from Borland C++ 5.0 on Windows 95... it was an incredibly refreshing change. But after two years I started moving away because of the many bugs that never got fixed. Then I discovered Python.
Python has most of the advantages of Java, much greater flexibility, and only a couple of disadvantages. This isn't a Python article, so I won't go into too many details, but IMHO the Python way of programming leaves Java in the dust.
Cross-platform? You betcha. More platforms and better support than Java, in fact. Rich library? Even richer than what Java offers. Open? Yep. Extensible with C? That too. Fast? Well, it generates code very similar to Java bytecode, so if Java bytecode can be fast, Python can be fast too. GC? Yes. Type safety? For the most part. Better than C, not as strict as Java.
I suggested this in another article. I got marked down as a troll while you got marked up. Be grateful.:-)
However, since ATI and/or Creative Labs have produced a DVD decoder card that essentially makes a bridge between the player and the video out signal, it is a relatively simple thing to write a Linux DVD player without lawyer scare... as long as you have the extra hardware.
Now what I want to know is why it hasn't been done yet. Perhaps the community genuinely comprehends the magnitude of this fight and doesn't want to help the MPAA in any way.
Those looking for wisdom in the battle for better interfaces should take a look at Zope's management interface. I'm not saying that the interface is very good right now (some would say it's horrendous), but the approach taken by Digital Creations is very good.
Zope is a collection of objects and each object provides its own management user interface. Because everything is browser-based, interfaces to new classes of objects are relatively simple to create.
Zope's roles and permissions features are not easy to master. They are complex, and the user interface doesn't make them much easier to understand. But the user doesn't have to learn a set of keywords and read a HOWTO to set up the permissions. All of the instructions are onscreen.
Thus Zope does not try to present everything in such a way that the user instantly knows what to do in every situation, but it does reduce the need for a HOWTO or a help file. That is the goal we need to achieve: require no external references.
I know many of you are adept at configuring Apache, but I would bet there are very few of you who don't need to look at the reference manual each time you change httpd.conf with a text editor. (Yes, the embedded comments help, but they don't solve the problem.)
Both the Mac GUI and Zope (and to some extent Windows) have had a small advantage in the GUI department: developers are forced to provide a GUI interface for everything the program might do. Those who are working on improving the Linux GUI might try something drastic: rm -f/usr/X11R6/bin/xterm
Zope falls under the same category. Almost nothing in Zope is configured via text files. Every object has to provide its own management interface, or the user can't use it at all. It is a sound design philosophy.
Notably, the SWAT tool for Samba provides a very effective interface as well. Samba includes some extremely strange options. The interface hides the advanced options by default, but they are easy to turn on. Every option includes a link to its description in a help file. SWAT eliminates the need to break out a reference manual while providing access to every odd feature of Samba (AFAIK). So SWAT is another example of a tool that simplifies the interface without removing any advanced features.
Moderate "funkman"'s comment up... I see the light!:)
It's very simple: Microsoft finally decided that having all DLL's in the same place was a Bad Thing. So they found an alternate solution, and that's what this innovation is: a way to recover the *increase* in space that will be used up by multiple copies of the same DLL. That's how they came up with the 80-90% figure.
This actually makes a lot of sense and ought to be made integral to our favorite *nix. Hard links almost do it, but there is no copy-on-write functionality. How hard would it be to add?
Y2K has temporarily shut down my workplace
on
Apocalypse Not
·
· Score: 1
At Salt Lake Community College, none of the staff can do any work at the moment because all routers and servers are turned off. Okay, actually that was on purpose. So I'm experiencing the effects of a "Y2K bug bug", or hysteria over the predicted fallout.
We're solving several problems at once! This may come close to solving the entire problem. Assuming the Quake protocol has already taken care of "impossible" movements and actions, we could just add the following to make bots more difficult to write.
1. All players, bullets/rockets, and some objects should be indistinguishable in the network protocol. Only a human should be able to recognize the difference between a player and a scurrying rat or a flame because the server sends the 3D mesh to the client using a randomized ID.
2. The objects should be so numerous that a bot would be useless.
3. The server should not reveal the location of objects that are not within the user's field of view. This takes a little more processing by the server but also reduces network traffic, making the first point more possible and eliminating "X-Ray" views.
4. Here's the fun part. We could have an "apparition" mode which causes objects to appear in random but impossible places, or make impossible movements. The human would be able to see the images of their opponent rushing around at 1000 MPH and would be able to dismiss it as an apparition, but a bot would get confused.
5. A variation of apparition mode: a decoy mode! Sometimes a player is all alone and the server knows it but the client does not. At those times, and at random intervals, bring in the image of an opponent that's moving in such a way that makes it extremely difficult for a human to shoot at, but possible for a bot to hit. If the player is impossibly good at shooting these apparitions (which don't actually do any damage to the player), boot the player out.
Sorgenti has no idea what they've created! I want to buy one of these and then rewrite the software to my own liking. I would add an X-10 interface, a little recipe book, a kitchen timer, maybe even add SLIP so I could network to it. Why not make it part of a miniature home security system? Or use it as a calendar?
These kinds of applications take on a new meaning when they are available all the time and don't drain enough power to matter. I can't leave my PC on all the time--it's too noisy. But if I had basic computing functions available just by flipping a switch or touching a touchpad, well, that would be fun.
Slashdot Mirror
That's a great idea. The problem seems to be that legislators are unaware of the great things they are legislating away. Donating technology to increase awareness could be a better way to spend lobbying money than paying lawyers after the fact.
.us.gov and including an "ad" for free software. What software would it be? It would have to be operating system independent and easy to install. It could make a major difference.
What about a variation of that idea: donating services? Imagine some open source app that helps senators get their job done better than proprietary software. Then imagine providing 24-hour support for it for free to
FYI: You still need to use the "mem=nopentium" kernel option if you're combining Mandrake, NVidia, and Athlon. My wife bought me Tux Racer for Christmas (yay!) but it crashed frequently at first, until I remembered to add that option to LILO. No crashes since. I learned about it from a Slashdot thread about a year ago.
If anyone knows of a real patch for this bug, a pointer would be much appreciated.
Unfortunately, zope.org has become a poor example of Zope. A replacement is in the works. I recommend checking out zopezen.org or the many sites on freezope.org.
I've been writing software for most of my life, so I've logged a lot of hours typing on a keyboard. The observation I've made is that my hands are a lot more comfortable if I only have to push one key at a time and if I move my hands (not just my fingers) a lot.
:-)
Jef is advocating the use of shift-space to enter a special mode, then entering commands while still holding the shift key. All this is designed to keep the hands on home row. This seems awfully uncomfortable.
Not long ago the "happy hacker" keyboard came out. My boss got one. At that time I realized I may be one of the few geeks who prefers the ten cursor keys over vi/emacs key sequences. Am I alone?
That's a good point. Personally, I prefer bleeding edge over stability for my desktop boxes, so that must be why I choose Mandrake over Debian. It's generally pretty easy to fix the breakage. :-) If I were running a real server, I'd probably have a different mindset.
Ok, I see the usefulness of adherence to POSIX and support for multiple architectures. Thanks. Interestingly, no one has ever told me they preferred Debian for these reasons.
:-)
However, I don't understand why you added the Windows remark or the "Debian vs. everybody else" stereotype. You're making a lot of assumptions and undermining your own point.
Thanks for trying anyway.
Honest, I'm looking for an answer to this question.
I have a good deal of experience in Linux and software engineering (especially C, C++, Java, and Python). The sentiment I hear on Slashdot is that among the Linux distributions, I should use Debian, Slackware, or some other similar distribution that's "very stable" and "developer friendly".
But I don't understand why. I've learned how to do just about everything I need in Linux regardless of distribution. I don't see why one distribution should be more "stable" than another; what matters is the stability of the software itself. If there's a buffer overflow in the kernel, all distributions are affected.
So what I look for in a distribution is ease of installation and a breadth of precompiled software. In the words of MrOutlander, "Other than the sometimes daunting install process, Debian is one of the best linux distributions." To me, this seems contradictory. If it's hard to install, what gives Debian the edge that earns it the label "one of the best"? Other distributions have all the same software, and often more recent versions.
Mandrake's rpmdrake (graphical) and urpmi (text mode) utilities beat everything I've seen, especially "apt-get". (The only hurdle is getting your urpmi.cfg right.) Because Mandrake is the only distribution I know of that supplies these utilities, I choose Mandrake.
So I'm asking, sincerely, in what way is Debian superior to Mandrake?
I think you misunderstood. No one has to go through all those steps to set up KDE. These days you can pop in a CD and be running Linux, KDE, and hundreds of applications in a half hour without ever using the command line.
;-)
Those who want to squeeze more speed out of their system go through a process as described above. Eventually, the distribution makers figure out how to achieve the same extra performance, and everyone benefits.
If it were possible to do the same thing with Windows, lots of people would. I think it would make Bill G jealous, though. Maybe that's the real reason MS won't open their code.
There are the right ways, then there is the easy, 99% effective way. The easy way is to search for very specific error message strings, which are sort of a fingerprint for most software. I compiled zlib then used "strings libz.a" to find these error messages:
/usr/bin.
too many length or distance symbols
invalid literal/length code
A quick grep for one of those two strings reveals quite a number of statically linked versions of zlib in
I realize that, but this particular attacker did not cover his tracks very well at all. And this advisory says it does not rule out the possibility of a root exploit.
All the clues point to this bug, but I have no scientific proof that this bug was the cause, so I can't say much more. Only that there was a chance.
According to the advisory, "Exploitability without an existing user account has not been proven but is not considered impossible."
I'm continuing my analysis and I'll reply to my original comment if and when I find out any more info.
Two weeks ago my Mandrake box, connected to a cable modem, was rooted. The only port open to eth0 was ssh (openssh-3.0.2p1). I analyzed the logs and they indicated someone had spent an hour trying to exploit various SSH bugs that have been fixed in the past. Then there was an 8 minute pause before "linsniffer" was installed and eth0 went into "promiscuous mode".
I haven't been able to verify openssh-3.0.2p1 was truly the cause, but it seems likely. This may have been the remote root exploit which the advisory "does not rule out".
Haha, you're right. In fact, the GPL is not on trial at all. If the court says "no, the GPL is not valid", then code sharks are still breaking the law because nothing else gives them the right to do what they're doing. The GPL has no bearing on copyright law. Code sharks are punished based on infringement of copyright law--regardless of software licenses.
The corporate control of Java has already lead to major problems. For instance, Sun's JDK 1.2.2 on RedHat and Mandrake Linux STILL has a bug that prevents all InstallAnywhere installers from working. In the open source world that would be inexcusable--ZeroG, Sun, or anyone who uses InstallAnywhere would get it fixed. And there are a lot of InstallAnywhere users.
I came to Java from Borland C++ 5.0 on Windows 95... it was an incredibly refreshing change. But after two years I started moving away because of the many bugs that never got fixed. Then I discovered Python.
Python has most of the advantages of Java, much greater flexibility, and only a couple of disadvantages. This isn't a Python article, so I won't go into too many details, but IMHO the Python way of programming leaves Java in the dust.
Cross-platform? You betcha. More platforms and better support than Java, in fact. Rich library? Even richer than what Java offers. Open? Yep. Extensible with C? That too. Fast? Well, it generates code very similar to Java bytecode, so if Java bytecode can be fast, Python can be fast too. GC? Yes. Type safety? For the most part. Better than C, not as strict as Java.
You be the judge. But don't just ignore Python.
I've been looking for anime too. I came across Mangajuice a few months ago. Until I found it I didn't know how popular anime was!
Find anime at . A very comprehensive database.
I suggested this in another article. I got marked down as a troll while you got marked up. Be grateful. :-)
However, since ATI and/or Creative Labs have produced a DVD decoder card that essentially makes a bridge between the player and the video out signal, it is a relatively simple thing to write a Linux DVD player without lawyer scare... as long as you have the extra hardware.
Now what I want to know is why it hasn't been done yet. Perhaps the community genuinely comprehends the magnitude of this fight and doesn't want to help the MPAA in any way.
I am inclined to agree, though I wonder what other people think.
Hey folks, is "LCD Display" correct?
Those looking for wisdom in the battle for better interfaces should take a look at Zope's management interface. I'm not saying that the interface is very good right now (some would say it's horrendous), but the approach taken by Digital Creations is very good.
Zope is a collection of objects and each object provides its own management user interface. Because everything is browser-based, interfaces to new classes of objects are relatively simple to create.
Zope's roles and permissions features are not easy to master. They are complex, and the user interface doesn't make them much easier to understand. But the user doesn't have to learn a set of keywords and read a HOWTO to set up the permissions. All of the instructions are onscreen.
Thus Zope does not try to present everything in such a way that the user instantly knows what to do in every situation, but it does reduce the need for a HOWTO or a help file. That is the goal we need to achieve: require no external references.
I know many of you are adept at configuring Apache, but I would bet there are very few of you who don't need to look at the reference manual each time you change httpd.conf with a text editor. (Yes, the embedded comments help, but they don't solve the problem.)
Both the Mac GUI and Zope (and to some extent Windows) have had a small advantage in the GUI department: developers are forced to provide a GUI interface for everything the program might do. Those who are working on improving the Linux GUI might try something drastic: rm -f /usr/X11R6/bin/xterm
Zope falls under the same category. Almost nothing in Zope is configured via text files. Every object has to provide its own management interface, or the user can't use it at all. It is a sound design philosophy.
Notably, the SWAT tool for Samba provides a very effective interface as well. Samba includes some extremely strange options. The interface hides the advanced options by default, but they are easy to turn on. Every option includes a link to its description in a help file. SWAT eliminates the need to break out a reference manual while providing access to every odd feature of Samba (AFAIK). So SWAT is another example of a tool that simplifies the interface without removing any advanced features.
Moderate "funkman"'s comment up... I see the light! :)
It's very simple: Microsoft finally decided that having all DLL's in the same place was a Bad Thing. So they found an alternate solution, and that's what this innovation is: a way to recover the *increase* in space that will be used up by multiple copies of the same DLL. That's how they came up with the 80-90% figure.
This actually makes a lot of sense and ought to be made integral to our favorite *nix. Hard links almost do it, but there is no copy-on-write functionality. How hard would it be to add?
At Salt Lake Community College, none of the staff can do any work at the moment because all routers and servers are turned off. Okay, actually that was on purpose. So I'm experiencing the effects of a "Y2K bug bug", or hysteria over the predicted fallout.
Find hundreds of free web space providers using freewebspace.net.
We're solving several problems at once! This may come close to solving the entire problem. Assuming the Quake protocol has already taken care of "impossible" movements and actions, we could just add the following to make bots more difficult to write.
1. All players, bullets/rockets, and some objects should be indistinguishable in the network protocol. Only a human should be able to recognize the difference between a player and a scurrying rat or a flame because the server sends the 3D mesh to the client using a randomized ID.
2. The objects should be so numerous that a bot would be useless.
3. The server should not reveal the location of objects that are not within the user's field of view. This takes a little more processing by the server but also reduces network traffic, making the first point more possible and eliminating "X-Ray" views.
4. Here's the fun part. We could have an "apparition" mode which causes objects to appear in random but impossible places, or make impossible movements. The human would be able to see the images of their opponent rushing around at 1000 MPH and would be able to dismiss it as an apparition, but a bot would get confused.
5. A variation of apparition mode: a decoy mode! Sometimes a player is all alone and the server knows it but the client does not. At those times, and at random intervals, bring in the image of an opponent that's moving in such a way that makes it extremely difficult for a human to shoot at, but possible for a bot to hit. If the player is impossibly good at shooting these apparitions (which don't actually do any damage to the player), boot the player out.
What do you think?
Seems like a good idea. XML has lots of corporate backing, so getting the government to start using it may only be a matter of time.
I dislike "me-too" posts but... me too! ;-)
Sorgenti has no idea what they've created! I want to buy one of these and then rewrite the software to my own liking. I would add an X-10 interface, a little recipe book, a kitchen timer, maybe even add SLIP so I could network to it. Why not make it part of a miniature home security system? Or use it as a calendar?
These kinds of applications take on a new meaning when they are available all the time and don't drain enough power to matter. I can't leave my PC on all the time--it's too noisy. But if I had basic computing functions available just by flipping a switch or touching a touchpad, well, that would be fun.