Yes. Cynicism and complacence will get us all very far in our American democracy.
Democracy? Since when?
Also I hope that you didn't get the impression that I'm complacent. It's quite the opposite. I'm very sick of government and I jump at every opportunity to change things. I just don't think anything's going to change as long as the current system is intact.
Part of changing the system is realizing that we're all lied to on a regular basis. It's not a democracy. It's a corporate republic. Until your vote (and not your billions of dollars that you don't have) actually makes the slightest bit of difference then stop hiding it's real identity and please stop believing all the lies that your government and media spoon feed you every second.
If you're running 270000 copies of Linux, it would be more ethical to donate some sizeable amount to a nonprofit foundation that contributed / is contributing a lot, like the FSF - as well as paying the distributor.
Um... don't forget that this is the government we're talking about. I mean, "ethics", is that some kind of joke?
My point was that since I don't have the resources to spend testing my code in Netscape, Opera, Mozilla, Konquerer etc. I should at least follow the standards so that those browsers stand a good chance of being able to render my page correctly.
If I use all the extra IE features and completely forget about those standards I will be alienating the users that use those other browsers.
And many people say "it's not worth supporting the other browsers because only 3% of my user base uses those and so it will cost more to support them than it will to lose them".
That's a logical way of looking at it, but if you follow standards then you can not support them and still be sure that at least they stand a chance of being able to render your page.
So you tell your customers "We only support IE but it should work with other browsers because we try to be standards compliant."
1. use the -Xint flag to disable the runtime compilation into native code, 2. use non-buffered IO, 3. stick to really old releases of the JRE, or runtimes with known bugs (like running GUI apps on 1.2.0)
all of which brand you an IDIOT!
Maybe I am an idiot but I've done one of the above. I'm a programmer but not a java programmer. I've played with a little bit of java just for fun and to see if has gotten any better and I haven't had much luck.
All I know is that as a user (not a programmer) I find java programs to be very slow. Oracle's universal installer (for 9i even!) is very slow to respond to events. All I know is that it's written in java and in my experience java programs tend to be slow. Period.
I was very excited when gcc came out with gjc because I thought that finally with the VM out of the way we'd see some really fast java apps. I was wrong. I was very dissapointed when a simple "Hello, world" program compiled natively to ELF took a good 3 seconds to load.
So it's not the VM obviously it's the fucking library. Just like C++'s STL java's own library is slow as tar in implementation. It can probably be fixed but I have yet to an implementation where a java app wran just as fast as a c program.
And maybe I'm a litte too old school but I really think that matters. It's not good practice to say that newer hardware will compensate. In my experience users tend to prefer speed over stability.
If you want proof just look at windows 98. It's very sad to see people think that it's okay for it to crash on a regular basis. But if it ran slow you can bet anything that they'd have really bitched - and they do. I'm a sysadmin and a lady that I work with came to me complaining because her win98 laptop started running really slow all of a sudden. It crashes on a regular basis and she doesn't care but when it becomes unresponsive she needs to fix it.
Anyway I'm ranting now so I'll stop. My point is that Java is slow. The language is very nice but I've seen few practical applications written in it. To be fair I will list one. There's a server side application that I work with a lot that uses Enhydra. It runs very fast and we can thank Enhydra for that because all of the libraries, vm etc. are always loaded 100% of the time. That definitely makes java applications more accepatable but when you add in the extra resources required on the system (and not to mention that these java apps are pretty much non-interactive - they just do backend interfacing).
I'd mention the name of the application but I work for the company that makes it and so I don't want to come across as advertising for them.
So you are completely unaware of things like Swing (though based on Netscape code), J2EE, the Java2D graphics API, and a host of other new stuff added over the years?
No I'm not unaware of them. I just don't think that swing is something of vaule. It's the worst thing to come out of sun since solaris. Nice toolkit but so unresponsive that I may as well be running mozilla on a 386.
I don't know much about the other things that you listed but what I do know is that I don't like java based on my experience with it. I always hear java fans raving about how great it is and they always seem to come down to the language and how it makes it pretty much impossible to make dumb erros like memory leaks, buffer overflows etc. I agree with them that it's a wonderful language. But the implementation has proven time and time again that it's just not working from a practical stand point.
I really don't like MS more than anyone else but my limited knowledge of c# vs. java really seems to tell me that java programmers who decide for whatever reason to give c# an honest shot are going to love it.
I really like Java as a language but I never use it because it gives me no practical advanatage. I'm quite willing to spend lots of resources porting my c/c++ code to a million different platforms and testing it on those platforms if it means it's going to be really fast and my user's won't have to worry about installing and configuring Java and then having a program that runs slow as tar.
I'm really starting to hate Sun lately actually. I don't see them as any better than MS. They're just a big corporation trying to make their big cheif richer than he already is.
Java is an excellent language but since the actually design Sun has yet to produce anything of value.
They haven't done anything to help open source or any communities. They announced that Solaris was going to be open source (big deal. It's widely used but I don't know anyone who actually likes it). But they dropped that plan anyway.
They sure seem to be making good use of gnome but AFAIK they haven't made any contributions to the code (please correct me if I'm wrong).
And as you stated Java is getting more and more proprietary.
What we need is an open language that matches up to java and c#. Something free of patents and IP.
So hopefully MS will cause Sun to smarten up and loosen up Java a little. Then we may actually be able to see what it's really capable of.
I know I'm a little late for this discussion but I thought I'd post this anyway.
The whole ideal behind standards is so that you (theoretically) shouldn't have to care about all the browsers.
From my point of view, if I design a web page and follow the standards to the "t" and verify it for compliance after every single minor change, then if a browser doesn't render my page properly the browser is at fault and I don't give a shit. It's not my problem.
Now from a more practical standpoint. If my web page is going to be making me money and 90%+ of my users are IE users then I better make sure it renders properly in IE. However, that's still no reason not to follow standards. Because if I make a concerted effort to follow the standards then I can be reasonably sure that any other browsers (that I haven't tested it with) stand a good chance of rendering it properly.
With the above stated there's absolutely no reason not to verify your pages for standards compliance with the exception of pure lazyness.
First of all, lkaos made some great points and I almost didn't reply because he said something very similar to what I was going to say. But I do have a few things to add.
If I were you I would concentrate on school and do all the OSS stuff you want on your spare time. I know I know, you hate to hear this, but I'm talking from experience not just repeating what everyone else said to me.
I started programming at probably the same age as you. I was good at 13. Not great but competent enough to hack out some working code.
By the time I was 17 I was offered a full time job at the company I work for now and I dropped out of school to accept it.
My situation was a little more complex than yours (at least I'm assuming it was) because my girlfriend was pregnant with our first child and I wanted to provide for them rather than having them live with her parents whom I hate (but that's a different story;^).
Anyway needless to say that now when I look back I wish I had stayed in school, worked part time to provide support and just lived with my mother until I finished high school and got the University degree.
I wouldn't have been any happier but I would have been much better off now. I won't go into what it's like to be a parent or whatever because it's not relevant to your situation, but even if I didn't have a child on the way I know how tempting it was to want to just get school over and done with and be an adult once and for all.
But the fact of the matter is, once you start working and experience a little taste of what you get after growing up it's very hard to concentrate on being a kid and staying in school. The ironic part is that once you've been there for a year or two you wish you could go back:O)
I want very badly to go back to high school and get my diploma. I am doing it from home via "distance learning" but it's very slow and very hard to stay focused and motivated. Although high school was probably one of the hardest parts of my entire life it would have been a hell of a lot easier to get that diploma if I had just sayed no to my temptation to work full time and live with my kid and stayed in school full time.
My only point is that at 13 years old you should not be worrying about work and life. I know growing up sucks. It's hard. But let me tell you something. When you hit adult hood and you're out on your own and especially if you have a family to support it makes growing up look like kindergarden.
But I never listened to any of this when I was younger so I don't expect you to listen to me. I'm just saying it to hopefully give you a bit of perspective. The world is not a nice place to live in. It doesn't matter where you are in life you always want to be somewhere else. In this case the grass is not greener on the other side. Your just not going to believe me until you get there and see it for yourself.
Sure. I completely agree but it still doesn't really matter who's liable. The fact is that it happened in the first place.
I mean let's say my house were broken into. I would definitely want the sob who did it to be thrown in jail, but even after he were it would still suck that it happened in the first place.
And to solidify your point let's say the house wasn't mine but it was a friend of mine and I was house sitting. I should have some sort of obligation to my friend to keep the house locked. I mean that is why I'm house sitting isn't it? To make sure it's locked up and safe and that the cats are fed.
So play it safe. Don't use the same password for everything.
It's the "lost password" feature./. may have changed it since the "incident" but when that happened they were just plain text.
The solution that most places use is to change your password to some radomly generated string and e-mail it to you rather than to e-mail you your old password. As I said/. may do that now I don't know because I haven't needed to use it.
You said, and I quote: "There's a damn good reasons why you're told not to reuse passwords." Show me why? 15 years and it's never been hacked. I'd say that's a damn good track record for a single password. I don't see a damn good reason to change it. Until it gets hacked, I probably won't.
I'm going to actually give you a real life example to help you understand why this is important.
Some time last year (you may remember if you've been around/. that long) someone cracked/.'s backup server where they got full access to the database including Rob's password. So they got everyone's password.
Now if you use that same password for/. then they got your password for everything. They didn't crack or guess your password instead they cracked something completely different and your password happened to be stored there.
So imagine if you use that password for your online banking, e-mail, work account etc. It's pretty serious.
The point is that it doesn't matter how secure or insecure your password is. You just don't use the same password for everything plain and simple.
The same could happen with hotmail. Your work's network etc.
I agree completely. I thought we were talking about features not stability.
But even if we are talking about stability: if I write a piece of code that I plan on maintaining and there's a big known bug that's actually a flaw in the design that I overlooked and is going to take a considerable ammount of time to fix and I just don't have time to fix it, well, tough.
My only point was that I don't believe that free software developers have a responsibility to their users. I respond to feature requests and take the users of my software very seriously but I certainly don't feel that I have some sort of obligation to do that.
Now obviously "average computer users" would not be expected to interpret their e-mail's header to decide for themselves if the e-mail is authentic or not but I have thought of one possible solution.
The government could set up some sort of automated authenticity system. You receive an e-mail claiming to be from the U.S gov., you forward that e-mail to a designated U.S gov. address and upon being received by the server it parses the headers and sends a reply confirming it's authenticity.
Pretty much the same idea with online sign-ups requesting a reply to confirm that you did actually intend to sign-up.
If I was a selfish prick then I wouldn't give my software away for free.
The way I see it is that when a free software developer creates something he is essentially generating an "agreement" with his users. He is saying "Here, use this if you want. It's free. I won't ask for anything in return. However, the same is true for you. You must not ask anything in return of me."
Now I agree with you with regards to hardware. But as a software developer I have nothing to do with that so don't bother me about it. I try my best to optimise my code (after it's working, simple and to my liking) but that's only because I want it to be as useful as possible, not because you do.
If my program is not working on your machine because it's too bloated then either use something else, fix it yourself or feed my family so I can work on it full time until it's to your likings.
My whole point is that I release free software in hopes that someone will find it useful. If you do great. If you don't that's fine. Just don't bother me about it because it's not your "right" to demand that my software works for you.
Now if people are thinking, based on my posts in this thread, that I don't care if my software works for people and that the users want more features then you're mistaken. It's not that I don't care it's just that I'm not going to take what the users are saying as #1 priority because the free software that I develop is not a priority to me. It's just a hobby.
So if you think my programs would be 10 x more cool if they had this or that feature than great. But don't expect me to implement it unless I feel like it.
As I've been saying all along, if it's something that absolutely must be done in your opinion then feel free to do it yourself. It's not my responsibility. The code that I write on my free time is my hobby. The code that I'm payed to write for my employer is my responsiblity.
This is why so many companies that depend on free software have started to employ free software developers to work on them. Free software developers only do what they do out of the goodness of their hearts. If they have better things to do than to make a program that you use work better for you then they're going to it. You can't expect any more of them.
Actually I am employed I'm just looking for something better.
And I don't that I have a negative attitude.At least I didn't mean to come across as negative and I don't think that I did.
All I'm saying is that I disagree with the parent poster and I offered an explanation to back up my point. How is that being negative?
If you think it's because I don't feel that I owe anything to the users of my software that's certainly not negative, it's just my opinion. Users of free software are using someone elses work for free. So if anyone owes anything to anyone it's the users who owe the developers. Not the other way around.
First of all, if I'm a free software developer I owe nothing to the users of my software. This is because I'm not being payed for my work. I'm doing it out of love for what I'm doing. If you want something added then do it yourself.
Now if I'm being payed for my work than that's a different story but I still disagree with you. Yes it is my responsibility to meet the demands of the customers because they are the one's that are putting the cash in my pocket when you get down to it. However, it is also my responsibility to ensure that what they get for their money works properly. That means testing, optimising and fixing bugs the "right way":O) Not just getting it to work and "moving on to the next thing at hand".
-- Garett
Re:I still don't like their packaging
on
Mandrake 8.2 Available
·
· Score: 5, Insightful
The reason Mandrake does it that way is to be 100% compatible with Redhat. The idea is that you can install any redhat rpm on a mandrake machine.
I don't agree with this but that's their explanation anyway.
I really wish they would drop this whole redhat compatibility thing and just follow the LSB.IMO the more distros that follow the LSB the better. It's the best way that I can see to be "compatible" with other distros.
In the beginning Mandrake was RH with bug fixes, toys and compiled specifically for i586. But it has since grown in to much more than that. Ever since 7.0 they've broken away from that whole "redhat++" thing and I think it's time for them to break this compatibility issue and start following a standards base rather than acheiving compatibility by following another non-standard distro.
It just doesn't make much sense to me especially if the idea is to make Linux more consistent which seems to be part of what Mandrake is about.
It's really quite ironic.
P.S: And you know what the worst part about it is? Mandrake still installs a/etc/redhat-release file.
I could be completely off my rocker here but wasn't it ALWAYS possible to use swap files instead of partitions?
Now I don't necessarily mean swap files directly supported by the kernel, but if you _really_ wanted to use a swap file instead couldn't you create a file, format it as a linux swap and then mount it as a loopback device?
Something like:
# dd if=/dev/zero of=/swap... # mkswap/swap
Then put an entry in/etc/fstab like:
/swapfile swap swap defaults,loop 0 0
And finally:
# swapon/swap
I just tried this on slackware 8.0 with kernel 2.4.18 and it works. I don't know if this is a "new feature" or anything but I'm pretty sure that as long as your kernel supports loopback devices then this would work.
Maybe someone with better kernel knowledge could provide some better insight.
P.S I still don't see why you would want to do this. Espcially considering that in any good install program geared towards end-users they would not have to worry about partitioning (and even if they did it seems to me like paritioning would still be easier than doing what I described above). At least I know that I would still prefer a swap partition as opposed to a file anyway...
I always hear people saying how they loved OS/2 and think everyone would be better off if it had "won" instead of windows.
However, I believe that it would be no different. It would still be open source v.s the big giant. The big giant would just be IBM instead of Microsoft. Don't forget they too are a huge gigantic corporation with no interest except profit just like MS.
Everyone would instead say "geez I miss windows. I wish it had won on the desktop instead of OS/2. Sure the application support wasn't as good. And OS/2 compatibility in win9x got a lot worse over time but it was still a far better OS IMO."
Moments before I made the post I was reading about gzip's current buffer overflow in which you can pass a path on the command line that's more than 1020 characters and you will cause the overflow.
I confused this with zlib's problem and hence my claiming that zlib had an overflow.
I was wrong and I realized this a few minutes after posting. D'OH!
Anyway I still hope that my post helped someone to understand what buffer overflow's are about, even if it doesn't apply to zlib at present:O)
The current version of gzip has a buffer overflow and I confused that with zlib's double-free.
Sorry about.
Anyway zlib's issue can be used to cause denial-of-service attacks etc. These are also worse than your system crashing. Imagine not being able to use either your computer or the network etc. You reboot and still you can't do your banking, check your e-mail and quite possibly not even able to use your computer because the DOS is just re-instated minutes after your computer reboots.
The problem is a buffer overflow which is a lot more serious than a crash.
I apologize in advance if I'm being a little too trivial but I'm assuming that you are 100% non-technical just incase this post appeals to someone or some people who are.
When a program needs to temporarily store an ammount of data it uses what's called a buffer. This is just a segment of memory where it can store it's data.
A buffer overflow occurs when the buffer get's filled past it's allocated regions. So in other words let's say the programmer has set up a buffer that's 1024 bytes. An overflow is when the user fills that 1024 byte buffer with more than 1024 bytes.
What happens? Well ideally the extra data wouldn't get stored in memory at all but unfortunately computers don't work that way. Instead whatever is stored in memory AFTER the 1024 bytes gets overwritten.
So let's say the programmer had the following code in his buggy program.
buffer[1024]// set up a buffer that's 1024 bytes read data, buffer// read data into buffer do something
What the hacker has to do is input 1024 of garbage and then overwrite the memory with some other computer instruction. Like the instructions necessary to execute a shell.
You see when the buffer is overflown the "do something" instruction will get overwritten with whatever data the hacker puts into the buffer. If the program is running as root then when the "do something" instruction is overwritten with the instructions to execute a shell the hacker will have himself root access!
But it's even more serious than that becuase let's say the program is a web server running as nobody. Before the hacker exploits the buffer overflow he has no access. But he knows about this overflow so he overflow's it by sending apache a very long request containing the instructions to execute a shell. He has just gained "nobody" access to the system and from there he can figure out how to get root access.
The solution is for the programmer to make sure that the user is only entering in 1024 bytes of data at the most. Unfortunately many programs weren't written to do this.
I hope this explains to people why these bugs are more serious than "my system will crash".
I don't see it as the zlib author's responsibility to notify everyone that uses their library.
I do feel that they should (but are not obligated to) send out a few public notices that will be spread around so that people who's programs use the library can update it and that's exactly what they did.
Also the big problem with this security issue isn't programs that dynamically link to libz.so. Those are easy to fix because all you have to do is upgrade your zlib and they're automagically fixed.
It's the programs that statically link the zlib library (meaning it gets copied right into the actual binary at compile time) that you have to worry about because an ldd won't show you that.
Also many people use their own modified version of zlib (XFree86, rpm, rsync, the linux kernel etc.) and so those are very hard to catch as well.
Florian Weimer wrote a perl script which will check for binaries on your system that are statically linked. You can read his post to Bugtraq here.
Slashdot Mirror
Yes. Cynicism and complacence will get us all very far in our American democracy.
Democracy? Since when?
Also I hope that you didn't get the impression that I'm complacent. It's quite the opposite. I'm very sick of government and I jump at every opportunity to change things. I just don't think anything's going to change as long as the current system is intact.
Part of changing the system is realizing that we're all lied to on a regular basis. It's not a democracy. It's a corporate republic. Until your vote (and not your billions of dollars that you don't have) actually makes the slightest bit of difference then stop hiding it's real identity and please stop believing all the lies that your government and media spoon feed you every second.
--
Garett
But about videotaping... I should be allowed to tape my babysitter in my own house.
Tell me about it! Mine is so hot! As long as the wife doesn't find out...
Oh wait. You were talking about something different.
(on a serious note I completely agree. If it's your house you should be able to do whatever you want).
--
Garett
If you're running 270000 copies of Linux, it would be more ethical to donate some sizeable amount to a nonprofit foundation that contributed / is contributing a lot, like the FSF - as well as paying the distributor.
Um... don't forget that this is the government we're talking about. I mean, "ethics", is that some kind of joke?
--
Garett
IMO standards are about the users.
My point was that since I don't have the resources to spend testing my code in Netscape, Opera, Mozilla, Konquerer etc. I should at least follow the standards so that those browsers stand a good chance of being able to render my page correctly.
If I use all the extra IE features and completely forget about those standards I will be alienating the users that use those other browsers.
And many people say "it's not worth supporting the other browsers because only 3% of my user base uses those and so it will cost more to support them than it will to lose them".
That's a logical way of looking at it, but if you follow standards then you can not support them and still be sure that at least they stand a chance of being able to render your page.
So you tell your customers "We only support IE but it should work with other browsers because we try to be standards compliant."
That's all.
--
Garett
Maybe I am an idiot but I've done one of the above.
Yup, you're right. I'm definitely an idiot. That should be none of the above. Not one.
Oops.
--
Garett
1. use the -Xint flag to disable the runtime compilation into native code,
2. use non-buffered IO,
3. stick to really old releases of the JRE, or runtimes with known bugs (like running GUI apps on 1.2.0)
all of which brand you an IDIOT!
Maybe I am an idiot but I've done one of the above. I'm a programmer but not a java programmer. I've played with a little bit of java just for fun and to see if has gotten any better and I haven't had much luck.
All I know is that as a user (not a programmer) I find java programs to be very slow. Oracle's universal installer (for 9i even!) is very slow to respond to events. All I know is that it's written in java and in my experience java programs tend to be slow. Period.
I was very excited when gcc came out with gjc because I thought that finally with the VM out of the way we'd see some really fast java apps. I was wrong. I was very dissapointed when a simple "Hello, world" program compiled natively to ELF took a good 3 seconds to load.
So it's not the VM obviously it's the fucking library. Just like C++'s STL java's own library is slow as tar in implementation. It can probably be fixed but I have yet to an implementation where a java app wran just as fast as a c program.
And maybe I'm a litte too old school but I really think that matters. It's not good practice to say that newer hardware will compensate. In my experience users tend to prefer speed over stability.
If you want proof just look at windows 98. It's very sad to see people think that it's okay for it to crash on a regular basis. But if it ran slow you can bet anything that they'd have really bitched - and they do. I'm a sysadmin and a lady that I work with came to me complaining because her win98 laptop started running really slow all of a sudden. It crashes on a regular basis and she doesn't care but when it becomes unresponsive she needs to fix it.
Anyway I'm ranting now so I'll stop. My point is that Java is slow. The language is very nice but I've seen few practical applications written in it. To be fair I will list one. There's a server side application that I work with a lot that uses Enhydra. It runs very fast and we can thank Enhydra for that because all of the libraries, vm etc. are always loaded 100% of the time. That definitely makes java applications more accepatable but when you add in the extra resources required on the system (and not to mention that these java apps are pretty much non-interactive - they just do backend interfacing).
I'd mention the name of the application but I work for the company that makes it and so I don't want to come across as advertising for them.
So you are completely unaware of things like Swing (though based on Netscape code), J2EE, the Java2D graphics API, and a host of other new stuff added over the years?
No I'm not unaware of them. I just don't think that swing is something of vaule. It's the worst thing to come out of sun since solaris. Nice toolkit but so unresponsive that I may as well be running mozilla on a 386.
I don't know much about the other things that you listed but what I do know is that I don't like java based on my experience with it. I always hear java fans raving about how great it is and they always seem to come down to the language and how it makes it pretty much impossible to make dumb erros like memory leaks, buffer overflows etc. I agree with them that it's a wonderful language. But the implementation has proven time and time again that it's just not working from a practical stand point.
--
Garett
Same here.
I really don't like MS more than anyone else but my limited knowledge of c# vs. java really seems to tell me that java programmers who decide for whatever reason to give c# an honest shot are going to love it.
I really like Java as a language but I never use it because it gives me no practical advanatage. I'm quite willing to spend lots of resources porting my c/c++ code to a million different platforms and testing it on those platforms if it means it's going to be really fast and my user's won't have to worry about installing and configuring Java and then having a program that runs slow as tar.
I'm really starting to hate Sun lately actually. I don't see them as any better than MS. They're just a big corporation trying to make their big cheif richer than he already is.
Java is an excellent language but since the actually design Sun has yet to produce anything of value.
They haven't done anything to help open source or any communities. They announced that Solaris was going to be open source (big deal. It's widely used but I don't know anyone who actually likes it). But they dropped that plan anyway.
They sure seem to be making good use of gnome but AFAIK they haven't made any contributions to the code (please correct me if I'm wrong).
And as you stated Java is getting more and more proprietary.
What we need is an open language that matches up to java and c#. Something free of patents and IP.
So hopefully MS will cause Sun to smarten up and loosen up Java a little. Then we may actually be able to see what it's really capable of.
--
Garett
I know I'm a little late for this discussion but I thought I'd post this anyway.
The whole ideal behind standards is so that you (theoretically) shouldn't have to care about all the browsers.
From my point of view, if I design a web page and follow the standards to the "t" and verify it for compliance after every single minor change, then if a browser doesn't render my page properly the browser is at fault and I don't give a shit. It's not my problem.
Now from a more practical standpoint. If my web page is going to be making me money and 90%+ of my users are IE users then I better make sure it renders properly in IE. However, that's still no reason not to follow standards. Because if I make a concerted effort to follow the standards then I can be reasonably sure that any other browsers (that I haven't tested it with) stand a good chance of rendering it properly.
With the above stated there's absolutely no reason not to verify your pages for standards compliance with the exception of pure lazyness.
--
Garett
First of all, lkaos made some great points and I almost didn't reply because he said something very similar to what I was going to say. But I do have a few things to add.
;^).
:O)
If I were you I would concentrate on school and do all the OSS stuff you want on your spare time. I know I know, you hate to hear this, but I'm talking from experience not just repeating what everyone else said to me.
I started programming at probably the same age as you. I was good at 13. Not great but competent enough to hack out some working code.
By the time I was 17 I was offered a full time job at the company I work for now and I dropped out of school to accept it.
My situation was a little more complex than yours (at least I'm assuming it was) because my girlfriend was pregnant with our first child and I wanted to provide for them rather than having them live with her parents whom I hate (but that's a different story
Anyway needless to say that now when I look back I wish I had stayed in school, worked part time to provide support and just lived with my mother until I finished high school and got the University degree.
I wouldn't have been any happier but I would have been much better off now. I won't go into what it's like to be a parent or whatever because it's not relevant to your situation, but even if I didn't have a child on the way I know how tempting it was to want to just get school over and done with and be an adult once and for all.
But the fact of the matter is, once you start working and experience a little taste of what you get after growing up it's very hard to concentrate on being a kid and staying in school. The ironic part is that once you've been there for a year or two you wish you could go back
I want very badly to go back to high school and get my diploma. I am doing it from home via "distance learning" but it's very slow and very hard to stay focused and motivated. Although high school was probably one of the hardest parts of my entire life it would have been a hell of a lot easier to get that diploma if I had just sayed no to my temptation to work full time and live with my kid and stayed in school full time.
My only point is that at 13 years old you should not be worrying about work and life. I know growing up sucks. It's hard. But let me tell you something. When you hit adult hood and you're out on your own and especially if you have a family to support it makes growing up look like kindergarden.
But I never listened to any of this when I was younger so I don't expect you to listen to me. I'm just saying it to hopefully give you a bit of perspective. The world is not a nice place to live in. It doesn't matter where you are in life you always want to be somewhere else. In this case the grass is not greener on the other side. Your just not going to believe me until you get there and see it for yourself.
--
Garett
Sure. I completely agree but it still doesn't really matter who's liable. The fact is that it happened in the first place.
I mean let's say my house were broken into. I would definitely want the sob who did it to be thrown in jail, but even after he were it would still suck that it happened in the first place.
And to solidify your point let's say the house wasn't mine but it was a friend of mine and I was house sitting. I should have some sort of obligation to my friend to keep the house locked. I mean that is why I'm house sitting isn't it? To make sure it's locked up and safe and that the cats are fed.
So play it safe. Don't use the same password for everything.
--
Garett
It's the "lost password" feature. /. may have changed it since the "incident" but when that happened they were just plain text.
/. may do that now I don't know because I haven't needed to use it.
The solution that most places use is to change your password to some radomly generated string and e-mail it to you rather than to e-mail you your old password. As I said
--
Garett
You said, and I quote: "There's a damn good reasons why you're told not to reuse passwords." Show me why? 15 years and it's never been hacked. I'd say that's a damn good track record for a single password. I don't see a damn good reason to change it. Until it gets hacked, I probably won't.
/. that long) someone cracked /.'s backup server where they got full access to the database including Rob's password. So they got everyone's password.
/. then they got your password for everything. They didn't crack or guess your password instead they cracked something completely different and your password happened to be stored there.
I'm going to actually give you a real life example to help you understand why this is important.
Some time last year (you may remember if you've been around
Now if you use that same password for
So imagine if you use that password for your online banking, e-mail, work account etc. It's pretty serious.
The point is that it doesn't matter how secure or insecure your password is. You just don't use the same password for everything plain and simple.
The same could happen with hotmail. Your work's network etc.
--
Garett
I agree completely. I thought we were talking about features not stability.
But even if we are talking about stability: if I write a piece of code that I plan on maintaining and there's a big known bug that's actually a flaw in the design that I overlooked and is going to take a considerable ammount of time to fix and I just don't have time to fix it, well, tough.
My only point was that I don't believe that free software developers have a responsibility to their users. I respond to feature requests and take the users of my software very seriously but I certainly don't feel that I have some sort of obligation to do that.
--
Garett
One thing to consider:
Headers never lie.
Now obviously "average computer users" would not be expected to interpret their e-mail's header to decide for themselves if the e-mail is authentic or not but I have thought of one possible solution.
The government could set up some sort of automated authenticity system. You receive an e-mail claiming to be from the U.S gov., you forward that e-mail to a designated U.S gov. address and upon being received by the server it parses the headers and sends a reply confirming it's authenticity.
Pretty much the same idea with online sign-ups requesting a reply to confirm that you did actually intend to sign-up.
Just a thought.
--
Garett
No no no no no. You've got it all wrong.
If I was a selfish prick then I wouldn't give my software away for free.
The way I see it is that when a free software developer creates something he is essentially generating an "agreement" with his users. He is saying "Here, use this if you want. It's free. I won't ask for anything in return. However, the same is true for you. You must not ask anything in return of me."
Now I agree with you with regards to hardware. But as a software developer I have nothing to do with that so don't bother me about it. I try my best to optimise my code (after it's working, simple and to my liking) but that's only because I want it to be as useful as possible, not because you do.
If my program is not working on your machine because it's too bloated then either use something else, fix it yourself or feed my family so I can work on it full time until it's to your likings.
My whole point is that I release free software in hopes that someone will find it useful. If you do great. If you don't that's fine. Just don't bother me about it because it's not your "right" to demand that my software works for you.
Now if people are thinking, based on my posts in this thread, that I don't care if my software works for people and that the users want more features then you're mistaken. It's not that I don't care it's just that I'm not going to take what the users are saying as #1 priority because the free software that I develop is not a priority to me. It's just a hobby.
So if you think my programs would be 10 x more cool if they had this or that feature than great. But don't expect me to implement it unless I feel like it.
As I've been saying all along, if it's something that absolutely must be done in your opinion then feel free to do it yourself. It's not my responsibility. The code that I write on my free time is my hobby. The code that I'm payed to write for my employer is my responsiblity.
This is why so many companies that depend on free software have started to employ free software developers to work on them. Free software developers only do what they do out of the goodness of their hearts. If they have better things to do than to make a program that you use work better for you then they're going to it. You can't expect any more of them.
</rant>
--
Garett
Actually I am employed I'm just looking for something better.
And I don't that I have a negative attitude.At least I didn't mean to come across as negative and I don't think that I did.
All I'm saying is that I disagree with the parent poster and I offered an explanation to back up my point. How is that being negative?
If you think it's because I don't feel that I owe anything to the users of my software that's certainly not negative, it's just my opinion. Users of free software are using someone elses work for free. So if anyone owes anything to anyone it's the users who owe the developers. Not the other way around.
--
Garett
I completely disagree.
:O) Not just getting it to work and "moving on to the next thing at hand".
First of all, if I'm a free software developer I owe nothing to the users of my software. This is because I'm not being payed for my work. I'm doing it out of love for what I'm doing. If you want something added then do it yourself.
Now if I'm being payed for my work than that's a different story but I still disagree with you. Yes it is my responsibility to meet the demands of the customers because they are the one's that are putting the cash in my pocket when you get down to it. However, it is also my responsibility to ensure that what they get for their money works properly. That means testing, optimising and fixing bugs the "right way"
--
Garett
The reason Mandrake does it that way is to be 100% compatible with Redhat. The idea is that you can install any redhat rpm on a mandrake machine.
/etc/redhat-release file.
I don't agree with this but that's their explanation anyway.
I really wish they would drop this whole redhat compatibility thing and just follow the LSB.IMO the more distros that follow the LSB the better. It's the best way that I can see to be "compatible" with other distros.
In the beginning Mandrake was RH with bug fixes, toys and compiled specifically for i586. But it has since grown in to much more than that. Ever since 7.0 they've broken away from that whole "redhat++" thing and I think it's time for them to break this compatibility issue and start following a standards base rather than acheiving compatibility by following another non-standard distro.
It just doesn't make much sense to me especially if the idea is to make Linux more consistent which seems to be part of what Mandrake is about.
It's really quite ironic.
P.S: And you know what the worst part about it is? Mandrake still installs a
--
Garett
I could be completely off my rocker here but wasn't it ALWAYS possible to use swap files instead of partitions?
... /swap
/etc/fstab like:
/swap
Now I don't necessarily mean swap files directly supported by the kernel, but if you _really_ wanted to use a swap file instead couldn't you create a file, format it as a linux swap and then mount it as a loopback device?
Something like:
# dd if=/dev/zero of=/swap
# mkswap
Then put an entry in
/swapfile swap swap defaults,loop 0 0
And finally:
# swapon
I just tried this on slackware 8.0 with kernel 2.4.18 and it works. I don't know if this is a "new feature" or anything but I'm pretty sure that as long as your kernel supports loopback devices then this would work.
Maybe someone with better kernel knowledge could provide some better insight.
P.S I still don't see why you would want to do this. Espcially considering that in any good install program geared towards end-users they would not have to worry about partitioning (and even if they did it seems to me like paritioning would still be easier than doing what I described above). At least I know that I would still prefer a swap partition as opposed to a file anyway...
--
Garett
I always hear people saying how they loved OS/2 and think everyone would be better off if it had "won" instead of windows.
However, I believe that it would be no different. It would still be open source v.s the big giant. The big giant would just be IBM instead of Microsoft. Don't forget they too are a huge gigantic corporation with no interest except profit just like MS.
Everyone would instead say "geez I miss windows. I wish it had won on the desktop instead of OS/2. Sure the application support wasn't as good. And OS/2 compatibility in win9x got a lot worse over time but it was still a far better OS IMO."
Think about it.
--
Garett
Moments before I made the post I was reading about gzip's current buffer overflow in which you can pass a path on the command line that's more than 1020 characters and you will cause the overflow.
:O)
I confused this with zlib's problem and hence my claiming that zlib had an overflow.
I was wrong and I realized this a few minutes after posting. D'OH!
Anyway I still hope that my post helped someone to understand what buffer overflow's are about, even if it doesn't apply to zlib at present
--
Garett
You're right I'm sorry I got confused.
The current version of gzip has a buffer overflow and I confused that with zlib's double-free.
Sorry about.
Anyway zlib's issue can be used to cause denial-of-service attacks etc. These are also worse than your system crashing. Imagine not being able to use either your computer or the network etc. You reboot and still you can't do your banking, check your e-mail and quite possibly not even able to use your computer because the DOS is just re-instated minutes after your computer reboots.
--
Garett
The problem is a buffer overflow which is a lot more serious than a crash.
// set up a buffer that's 1024 bytes // read data into buffer
I apologize in advance if I'm being a little too trivial but I'm assuming that you are 100% non-technical just incase this post appeals to someone or some people who are.
When a program needs to temporarily store an ammount of data it uses what's called a buffer. This is just a segment of memory where it can store it's data.
A buffer overflow occurs when the buffer get's filled past it's allocated regions. So in other words let's say the programmer has set up a buffer that's 1024 bytes. An overflow is when the user fills that 1024 byte buffer with more than 1024 bytes.
What happens? Well ideally the extra data wouldn't get stored in memory at all but unfortunately computers don't work that way. Instead whatever is stored in memory AFTER the 1024 bytes gets overwritten.
So let's say the programmer had the following code in his buggy program.
buffer[1024]
read data, buffer
do something
What the hacker has to do is input 1024 of garbage and then overwrite the memory with some other computer instruction. Like the instructions necessary to execute a shell.
You see when the buffer is overflown the "do something" instruction will get overwritten with whatever data the hacker puts into the buffer. If the program is running as root then when the "do something" instruction is overwritten with the instructions to execute a shell the hacker will have himself root access!
But it's even more serious than that becuase let's say the program is a web server running as nobody. Before the hacker exploits the buffer overflow he has no access. But he knows about this overflow so he overflow's it by sending apache a very long request containing the instructions to execute a shell. He has just gained "nobody" access to the system and from there he can figure out how to get root access.
The solution is for the programmer to make sure that the user is only entering in 1024 bytes of data at the most. Unfortunately many programs weren't written to do this.
I hope this explains to people why these bugs are more serious than "my system will crash".
--
Garett
I don't see it as the zlib author's responsibility to notify everyone that uses their library.
I do feel that they should (but are not obligated to) send out a few public notices that will be spread around so that people who's programs use the library can update it and that's exactly what they did.
Also the big problem with this security issue isn't programs that dynamically link to libz.so. Those are easy to fix because all you have to do is upgrade your zlib and they're automagically fixed.
It's the programs that statically link the zlib library (meaning it gets copied right into the actual binary at compile time) that you have to worry about because an ldd won't show you that.
Also many people use their own modified version of zlib (XFree86, rpm, rsync, the linux kernel etc.) and so those are very hard to catch as well.
Florian Weimer wrote a perl script which will check for binaries on your system that are statically linked. You can read his post to Bugtraq here.
--
Garett
Reminds me of the Simpsons Episode:
"Hi I'm Troy McLure. You may remeber me from such films as 'Man vs. Nature: The Road to Victory!".
--
Garett