I'm not convinced that software actually grows that fast. Sure, it keeps growing, but it doesn't really get that big. On the other hand, there's always more data to get, like icons, sounds, animations, etc., that comes with software, not to mention that it keeps getting easier to generate or acquire larger files. I personally feel that the age of program size mattering is over; any computer without so much memory or disk space that program size doesn't matter can't hold any data that you might want to put on it.
Of course, this means that it's getting to the point where it would be useful to have a separate file system for the big files with very different characteristics from your main filesystem.
I'm not a lawyer; this isn't anything other than speculation, and certainly not legal advice.
I'd guess that it isn't VISA that's selling the personal info, but rather some bank that issued the card. Other than that, I'd entirely agree; if they ask for your signature on a document, it's almost certainly necessary, and it would be fraudulent for them to proceed without it.
On the other hand, I can't think of any legal reason for her to have pay any bills they send her. It would be a very bad idea from the point of view of the hassles it would generate, but, since she's never signed a cardholder agreement at all, she could max out the card online (so she doesn't sign anything), and the company wouldn't have any legal way I know of to get her to pay.
I think it would be best to write for standards-compliant browsers, and make changes for IE only if they prevent the site from working at all. For that matter, remember that, in order to be really compliant HTML, there are a lot of features you can't depend on.
If you put in your email address, they send you the URL of that page, so you can get there again. It seems to be http://www.magnatune.com/all/{album}; you'll have to remember the password or get it out of the email, though. A handy feature if you want to download albums you've bought a second time from work or something.
Incidentally, John is actually a real person and reads both the forums and his email. If you pointed out the issue, he'd probably put in an "already bought this" link.
Two separate lists are useful because they have different target audiences. It doesn't matter how critical a Windows flaw is, there's absolutely nothing I can do about it, because I don't use Windows.
Of course, there's relatively little point in having a yearly report about Unix vulnerabilities, since that's laughably infrequent to think about security in the Unix world.
The patent specifies an implementation where the client sends out a message on a regular basis if the user has typed anything since the last message. The prior art I know of either sends out the characters as they're typed (not based on an interval, and including the typed characters), or sends a message when the user starts typing something that hasn't been sent.
To avoid infringing on this patent, you just have to do something more useful than MS has patented. Off the top of my head, I'd suggest sending a message when the user starts typing a line and sending another message if the user cancels it or doesn't type anything for a certain interval. Less traffic, more accurate, and it's not patented.
It's not like spaceflight is easy yet. Of the two programs that have succeeded so far, one of them is currently not doing it.
Furthermore, it seems like China is interested in further exploration. Until they had ambitions beyond where the US and Russia were going regularly, it didn't make sense to go to space themselves. Now they're interested in going to Mars, but they obviously have to start by getting themselves to orbit. Sure, it was done 30 years ago, but they're actually interested in doing the next step that the US and Russia didn't try at the time.
Purely VoIP-based companies are, in fact, completely different from traditional phone companies. In fact, a purely VoIP-based company would not have a service to sell you, because IP is already sufficient for routing information and there are plenty of protocols for naming another user who may be reached by IP. It's like snail mail versus email; with snail mail, some organization is necessary to actually move letters from place to place, but with email, there's no organization specifically for that purpose. A purely VoIP company is likely to be selling you software, not service.
On the other hand, Vonage isn't a purely VoIP company; they actually connect to the telephone network, and they offer telephone network numbers. They're like a traditional telephone company except for how your call gets to their switch; on the other side, they interact with the phone network like a traditional phone company.
I personally think that extra keys with no particular function are quite useful, provided you can assign meanings to them yourself, based on what you want to optimize.
So I'm sitting at my computer, coding and listening to a CD. If I want to get a drink, I hit "Pause/Break", and the CD pauses and I take a break. I don't know why other people's computers don't support this clearly marked function.
I can switch windows with the left windows key, on iconify a window with shift-left-windows (a downward motion). This is much easier to remember than leftward or rightward shift-shift, ctrl-ctrl, or alt-alt (some other things I've used on keyboards without a free key under a modifier), and never needed for anything else.
Is this still true? I'd have thought the people interested in shorting SCOX would have realized that, while the stock is worthless in the long run, it's going to take a long time before it actually gets particularly low. Sure, if you happen to have sold short when SCO gets shut down, you'll do well, but until then the stock isn't going to go down much.
People could simply flag any email from a domain that doesn't have SPF (except for emails that clearly come from legimitate hosts at such a domain; such as hosts which reverse resolve to a host in the domain and forward resolve); then people would bug their ISPs to list the legitimate addresses.
I remember one day writing with a pen after using a Visor for a while. Legibility wasn't an issue, but getting the right characters was a bit tricky (what's a lowercase, handwritten 'a' look like again?), but the worst part was remembering not to write all of the characters in the same place.
I suppose someone could make a DMCA complaint to SCO's ISP, since SCO seems to have violated the copyrights of IBM, SGI, Linus, RMS, The Regents of the University of California, possibly Novell, etc. Unfortunately, I doubt that a DMCA complaint could be used to get NASDAQ to delist them, which is what would really stop them.
Actually, what would be really neat would be if CVS treated ZIP files like directories (except better than CVS actually treats real directories).
The other piece, of course, is an XML-aware diff and a OOo viewer for XML diffs of content.xml files, since looking at content.xml isn't the nicest thing, let alone diffs of it.
Re:Why review only the beta version?
on
Mplayer Revisited
·
· Score: 2, Insightful
It makes sense to review a pre-release, particularly if the review turns out to be nearly entirely favorable. Since his issue with the mplayer before was that it wasn't sufficiently polished for an end user to install, and the difference between a stable 0.n release and a 1.n release is normally assumed to be whether it had gotten to the point of being generally useable, it makes sense for him to look at whether it seems likely that 1.0 will meet this criterion.
And it turns out that he finds it satisfactory (evidentally he didn't trigger any of the bugs you've found); he has some notes about the documentation (there's one important thing, and 50 little things to check), the install (it complains about 50 things that don't matter, but they don't prevent it from working), and setting it up (the scripts put some things in the wrong place). His notes look like things that actually ought to get fixed just before 1.0 comes out.
It's also interesting to note that he seems not to be upset at the developers any more, and actually amused by their mention of him in the documentation.
I actually saw someone boot XP for the first time yesterday, and it seemed to take forever. I didn't actually time it, but it seemed to me to take longer than booting Linux does even if you wait for Oracle to start.
It would be really nice to be able to take the documents in the OOo format and compare them with something like diff, and merge changes back. Ideally, it would be supported in CVS as well.
This would be great for distributed groups working on the same document at the same time, or even people tracking a document as it is changed by someone else.
For that matter, a lot of companies do negotiation by sending documents back and forth. It would be really useful when you got the next version to be able to determine exactly what had changed (and an embedded history isn't necessarily trustworthy; they could have changed it).
What IBM should do is offer customers idemnification with a million dollar bounty for the first person to get sued over what IBM shipped in a lawsuit that IBM can't win or get dismissed. It would be hard for SCO to spin that one to their advantage: "IBM obviously thinks that SCO might have a case, because they really want to pay someone a million dollars."
Of course, it will hopefully not be very long before Red Hat prevents SCO from making fraudulent statements.
The issue is that Vonage (et al) actually give you a telephone number and let you make telephone system calls. The VoIP step is irrelevant there; the issue is that you're making and receiving regular phone calls in Vonage's office, which then connects to you over the internet. It doesn't matter if you go to the phone company building to make your calls, have a long phone cord to your home, or connect over the internet. There's still a phone circuit there with your number on it, and the company still does telephony.
If governments start bothering pure VoIP companies (where the voice only goes over IP and you have nothing to do with the phone network), that would be a different matter. But that doesn't seem to be happening currently, and probably won't, because what's far more likely is that there won't be a services company doing that; it'll be peer-to-peer sound managing software and a directory service (or maybe it will just use DNS, like email does).
On the other hand, things like the operator and 911 are tied to the phone network and probably won't move to VoIP any time soon. It's these sorts of things that telephone regulation funds and that the phone network provides reliable access to.
The Indian government would like to foster the growth of local computer companies with minimal employment requirements. They'd like it to be possible for an Indian company to be able to hire programmers who don't know any foriegn languages, which means that the computers have to support Indian languages conveniently. The people who produce the necessary software commercially, however, are likely to be competitors of such companies, and thus have no incentive to add this functionality. That's why the Indian govenrment had to produce it in the first place. At this point, they want to minimize the barriers to inclusion, so a BSD license is most suitable. The situation is much like that for Vorbis libraries, where even RMS has said that the BSD license is preferrable, since it helps to promote the free standard, which is more important than keeping the implementation free when embedded.
X.509 may be extremely complex to handle, but that would lead to incorrect X.509 implementations. This, however, was just unsafe code. There's nothing about X.509's complexity which should lead to stack corruption.
The errors which you should expect from a X.509 implementation involve failing to parse obscure certificates correctly or failing to give the right error message about a malformed X.509 certificate. If the code itself is simple in implementation, it should be straightforwardly obvious that, no matter what, the parser will return either an X.509 structure or an error message; the complexity of X.509 merely prevents anyone from determining if the return value is actually correct.
OpenSSL has a lot of spagetti code, wrappers, and unnecessary function pointers, inherited from the SSLeay days. In an ideal world, it would be rewritten to be more straightforward, but that's more effort than anyone is really willing to put in (except the GNUTLS people, but that's license-related anyway).
These URIs (not URLs) are used to talk about data, not to access it. For example, the info:isbn:12345 namespace can be used to refer to books; then you can give such a URI to Amazon and they'll charge your credit card and ship you a physical book. The idea is just to have a single unit that contains both the ISBN and the fact that the number is an ISBN, so that computers can reliably recognize ISBNs (etc) rather than determining it from context (easy to lose) or guessing from format (easy to mess up).
If you have a binary module and you statically link it to the kernel, you can't distribute the result. In this situation, though, you don't want to distribute it, so you're fine. Of course, you could also arrange so that the module is not linked to the kernel but just contained in the kernel image (and linked at runtime, as if it had just been loaded into memory off of the disk), at which point it's "mere aggregation" and permitted for distribution by the GPL.
For that matter, if you're exclusively an end user, you don't even have to accept the terms of the GPL, so it doesn't matter what it says.
As for whether the vendor can distribute the module that you would do this with, it's fine as long as you don't have to statically link it. They can't be blamed for how you link it, and you can't be blamed under the GPL if you're only an end user, so everybody's happy.
Slashdot Mirror
I'm not convinced that software actually grows that fast. Sure, it keeps growing, but it doesn't really get that big. On the other hand, there's always more data to get, like icons, sounds, animations, etc., that comes with software, not to mention that it keeps getting easier to generate or acquire larger files. I personally feel that the age of program size mattering is over; any computer without so much memory or disk space that program size doesn't matter can't hold any data that you might want to put on it.
Of course, this means that it's getting to the point where it would be useful to have a separate file system for the big files with very different characteristics from your main filesystem.
I'm not a lawyer; this isn't anything other than speculation, and certainly not legal advice.
I'd guess that it isn't VISA that's selling the personal info, but rather some bank that issued the card. Other than that, I'd entirely agree; if they ask for your signature on a document, it's almost certainly necessary, and it would be fraudulent for them to proceed without it.
On the other hand, I can't think of any legal reason for her to have pay any bills they send her. It would be a very bad idea from the point of view of the hassles it would generate, but, since she's never signed a cardholder agreement at all, she could max out the card online (so she doesn't sign anything), and the company wouldn't have any legal way I know of to get her to pay.
I think it would be best to write for standards-compliant browsers, and make changes for IE only if they prevent the site from working at all. For that matter, remember that, in order to be really compliant HTML, there are a lot of features you can't depend on.
If you put in your email address, they send you the URL of that page, so you can get there again. It seems to be http://www.magnatune.com/all/{album}; you'll have to remember the password or get it out of the email, though. A handy feature if you want to download albums you've bought a second time from work or something.
Incidentally, John is actually a real person and reads both the forums and his email. If you pointed out the issue, he'd probably put in an "already bought this" link.
You mean like RSA or GIFs, both of which were covered by patents which have now expired? It certainly seems like people are still interested...
Two separate lists are useful because they have different target audiences. It doesn't matter how critical a Windows flaw is, there's absolutely nothing I can do about it, because I don't use Windows.
Of course, there's relatively little point in having a yearly report about Unix vulnerabilities, since that's laughably infrequent to think about security in the Unix world.
The patent specifies an implementation where the client sends out a message on a regular basis if the user has typed anything since the last message. The prior art I know of either sends out the characters as they're typed (not based on an interval, and including the typed characters), or sends a message when the user starts typing something that hasn't been sent.
To avoid infringing on this patent, you just have to do something more useful than MS has patented. Off the top of my head, I'd suggest sending a message when the user starts typing a line and sending another message if the user cancels it or doesn't type anything for a certain interval. Less traffic, more accurate, and it's not patented.
It's not like spaceflight is easy yet. Of the two programs that have succeeded so far, one of them is currently not doing it.
Furthermore, it seems like China is interested in further exploration. Until they had ambitions beyond where the US and Russia were going regularly, it didn't make sense to go to space themselves. Now they're interested in going to Mars, but they obviously have to start by getting themselves to orbit. Sure, it was done 30 years ago, but they're actually interested in doing the next step that the US and Russia didn't try at the time.
Purely VoIP-based companies are, in fact, completely different from traditional phone companies. In fact, a purely VoIP-based company would not have a service to sell you, because IP is already sufficient for routing information and there are plenty of protocols for naming another user who may be reached by IP. It's like snail mail versus email; with snail mail, some organization is necessary to actually move letters from place to place, but with email, there's no organization specifically for that purpose. A purely VoIP company is likely to be selling you software, not service.
On the other hand, Vonage isn't a purely VoIP company; they actually connect to the telephone network, and they offer telephone network numbers. They're like a traditional telephone company except for how your call gets to their switch; on the other side, they interact with the phone network like a traditional phone company.
I personally think that extra keys with no particular function are quite useful, provided you can assign meanings to them yourself, based on what you want to optimize.
So I'm sitting at my computer, coding and listening to a CD. If I want to get a drink, I hit "Pause/Break", and the CD pauses and I take a break. I don't know why other people's computers don't support this clearly marked function.
I can switch windows with the left windows key, on iconify a window with shift-left-windows (a downward motion). This is much easier to remember than leftward or rightward shift-shift, ctrl-ctrl, or alt-alt (some other things I've used on keyboards without a free key under a modifier), and never needed for anything else.
Is this still true? I'd have thought the people interested in shorting SCOX would have realized that, while the stock is worthless in the long run, it's going to take a long time before it actually gets particularly low. Sure, if you happen to have sold short when SCO gets shut down, you'll do well, but until then the stock isn't going to go down much.
People could simply flag any email from a domain that doesn't have SPF (except for emails that clearly come from legimitate hosts at such a domain; such as hosts which reverse resolve to a host in the domain and forward resolve); then people would bug their ISPs to list the legitimate addresses.
I remember one day writing with a pen after using a Visor for a while. Legibility wasn't an issue, but getting the right characters was a bit tricky (what's a lowercase, handwritten 'a' look like again?), but the worst part was remembering not to write all of the characters in the same place.
I suppose someone could make a DMCA complaint to SCO's ISP, since SCO seems to have violated the copyrights of IBM, SGI, Linus, RMS, The Regents of the University of California, possibly Novell, etc. Unfortunately, I doubt that a DMCA complaint could be used to get NASDAQ to delist them, which is what would really stop them.
Actually, what would be really neat would be if CVS treated ZIP files like directories (except better than CVS actually treats real directories).
The other piece, of course, is an XML-aware diff and a OOo viewer for XML diffs of content.xml files, since looking at content.xml isn't the nicest thing, let alone diffs of it.
It makes sense to review a pre-release, particularly if the review turns out to be nearly entirely favorable. Since his issue with the mplayer before was that it wasn't sufficiently polished for an end user to install, and the difference between a stable 0.n release and a 1.n release is normally assumed to be whether it had gotten to the point of being generally useable, it makes sense for him to look at whether it seems likely that 1.0 will meet this criterion.
And it turns out that he finds it satisfactory (evidentally he didn't trigger any of the bugs you've found); he has some notes about the documentation (there's one important thing, and 50 little things to check), the install (it complains about 50 things that don't matter, but they don't prevent it from working), and setting it up (the scripts put some things in the wrong place). His notes look like things that actually ought to get fixed just before 1.0 comes out.
It's also interesting to note that he seems not to be upset at the developers any more, and actually amused by their mention of him in the documentation.
I actually saw someone boot XP for the first time yesterday, and it seemed to take forever. I didn't actually time it, but it seemed to me to take longer than booting Linux does even if you wait for Oracle to start.
3. Get approached by a company willing to pay you
It would be really nice to be able to take the documents in the OOo format and compare them with something like diff, and merge changes back. Ideally, it would be supported in CVS as well.
This would be great for distributed groups working on the same document at the same time, or even people tracking a document as it is changed by someone else.
For that matter, a lot of companies do negotiation by sending documents back and forth. It would be really useful when you got the next version to be able to determine exactly what had changed (and an embedded history isn't necessarily trustworthy; they could have changed it).
What IBM should do is offer customers idemnification with a million dollar bounty for the first person to get sued over what IBM shipped in a lawsuit that IBM can't win or get dismissed. It would be hard for SCO to spin that one to their advantage: "IBM obviously thinks that SCO might have a case, because they really want to pay someone a million dollars."
Of course, it will hopefully not be very long before Red Hat prevents SCO from making fraudulent statements.
The issue is that Vonage (et al) actually give you a telephone number and let you make telephone system calls. The VoIP step is irrelevant there; the issue is that you're making and receiving regular phone calls in Vonage's office, which then connects to you over the internet. It doesn't matter if you go to the phone company building to make your calls, have a long phone cord to your home, or connect over the internet. There's still a phone circuit there with your number on it, and the company still does telephony.
If governments start bothering pure VoIP companies (where the voice only goes over IP and you have nothing to do with the phone network), that would be a different matter. But that doesn't seem to be happening currently, and probably won't, because what's far more likely is that there won't be a services company doing that; it'll be peer-to-peer sound managing software and a directory service (or maybe it will just use DNS, like email does).
On the other hand, things like the operator and 911 are tied to the phone network and probably won't move to VoIP any time soon. It's these sorts of things that telephone regulation funds and that the phone network provides reliable access to.
The Indian government would like to foster the growth of local computer companies with minimal employment requirements. They'd like it to be possible for an Indian company to be able to hire programmers who don't know any foriegn languages, which means that the computers have to support Indian languages conveniently. The people who produce the necessary software commercially, however, are likely to be competitors of such companies, and thus have no incentive to add this functionality. That's why the Indian govenrment had to produce it in the first place. At this point, they want to minimize the barriers to inclusion, so a BSD license is most suitable. The situation is much like that for Vorbis libraries, where even RMS has said that the BSD license is preferrable, since it helps to promote the free standard, which is more important than keeping the implementation free when embedded.
X.509 may be extremely complex to handle, but that would lead to incorrect X.509 implementations. This, however, was just unsafe code. There's nothing about X.509's complexity which should lead to stack corruption.
The errors which you should expect from a X.509 implementation involve failing to parse obscure certificates correctly or failing to give the right error message about a malformed X.509 certificate. If the code itself is simple in implementation, it should be straightforwardly obvious that, no matter what, the parser will return either an X.509 structure or an error message; the complexity of X.509 merely prevents anyone from determining if the return value is actually correct.
OpenSSL has a lot of spagetti code, wrappers, and unnecessary function pointers, inherited from the SSLeay days. In an ideal world, it would be rewritten to be more straightforward, but that's more effort than anyone is really willing to put in (except the GNUTLS people, but that's license-related anyway).
These URIs (not URLs) are used to talk about data, not to access it. For example, the info:isbn:12345 namespace can be used to refer to books; then you can give such a URI to Amazon and they'll charge your credit card and ship you a physical book. The idea is just to have a single unit that contains both the ISBN and the fact that the number is an ISBN, so that computers can reliably recognize ISBNs (etc) rather than determining it from context (easy to lose) or guessing from format (easy to mess up).
If you have a binary module and you statically link it to the kernel, you can't distribute the result. In this situation, though, you don't want to distribute it, so you're fine. Of course, you could also arrange so that the module is not linked to the kernel but just contained in the kernel image (and linked at runtime, as if it had just been loaded into memory off of the disk), at which point it's "mere aggregation" and permitted for distribution by the GPL.
For that matter, if you're exclusively an end user, you don't even have to accept the terms of the GPL, so it doesn't matter what it says.
As for whether the vendor can distribute the module that you would do this with, it's fine as long as you don't have to statically link it. They can't be blamed for how you link it, and you can't be blamed under the GPL if you're only an end user, so everybody's happy.