Earlier this month, a public server of the Apache Software Foundation
(ASF) was illegally accessed by unknown crackers. The intrusion into
this server, which handles the public mail lists, web services, and
the source code repositories of all ASF projects was quickly
discovered, and the server immediately taken offline. Security
specialists and administrators determined the extent of the intrusion,
repaired the damage, and brought the server back into public service.
The public server that was affected by the incident serves as a source
code repository as well as the main distribution server for binary
release of ASF software. There is no evidence that any source or binary
code was affected by the intrusion, and the integrity of all binary
versions of ASF software has been explicitly verified. This includes
the industry-leading Apache web server.
Specifically: on May 17th, an Apache developer with a sourceforge.net
account logged into a shell account at SourceForge, and then logged
from there into his account at apache.org. The ssh client at
SourceForge had been compromised to log outgoing names and passwords,
so the cracker was thus able get a shell on apache.org. After
unsuccessfully attempting to get elevated privileges using an old
installation of Bugzilla on apache.org, the cracker used a weakness in
the ssh daemon (OpenSSH 2.2) to gain root privileges. Once root, s/he
replaced our ssh client and server with versions designed to log names
and passwords. When they did this replacement, the nightly automated
security audits caught the change, as well as a few other trojaned
executables the cracker had left behind. Once we discovered the
compromise, we shut down ssh entirely, and through the serial console
performed an exhaustive audit of the system. Once a fresh copy of the
operating system was installed, backdoors removed, and passwords
zeroed out, ssh and commit access was re-enabled. After this, an
exhaustive audit of all Apache source code and binary distributions
was performed.
The ASF is working closely with other organizations as the investigation
continues, specifically examining the link to other intrusion(s), such
as that at SourceForge (http://sourceforge.net/) [ and php.net
(http://www.php.net/). ]
Through an extra verification step available to the ASF, the integrity
of all source code repositories is being individually verified by
developers. This is possible because ASF source code is distributed
under an open-source license, and the source code is publicly and freely
available. Therefore, the ASF repositories are being compared against
the thousands of copies that have been distributed around the globe.
While it was quickly determined that the source code repositories on the
ASF server were untouched by the intruders, this extra verification step
provides additional assurance that no damage was done.
As of Tuesday, May 29, most of the repository has been checked, and as
expected, no problems have been found. A list of verified modules
will be maintained, and is available here:
http://www.apache.org/info/hack-20010519.html
Because of the possible link of the ASF server intrusion to other
computer security incidents, the investigation is ongoing. When
complete, the ASF will offer a complete and public report.
The Apache Software Foundation strongly condemns this illegal
intrusion, and is evaluating all options, including prosecution of the
individual(s) responsible to the fullest extent of the law. Anyone
with pertinent information relating to this or other related events
should contact root@apache.org. Anyone from the media with further
interest should contact press@apache.org.
Thanks.
Brian Behlendorf
President, Apache Software Foundation
====
There must be plenty of moderators with a sense of humour floating around today
Forgetting how much of a bad idea it may be, the Linux kernel is GPL'd and Mozilla isn't so you simply cannot combine them legally.
That said, Mozilla now has a -turbo startup parameter which will make the browser start up and show no windows, so Mozilla can be made to load at boot time for faster later use on Windows. I think this "turbo" mode is also planned for other OSes in time.
My description describes EXACTLY how copyright licences work. In fact my description is startlingly similar to your last paragraph except you use terms such as "no rights" and "use" innappropriatly.
You are most likely correct. AOL can argue that they have not violated the GPL because they never agreed to it in the first place (no signature, etc etc).
However, by doing this they would be arguing that they have breached the copyright on the software by distributing it without a licence to do so.
There is one main reason that KDE won't become the "standard X desktop" (meaning running on Linux, Solaris, etc etc etc).
Once again it's licencing. You can't develop proprietary software with QT without paying Trolltech for a licence. With the central bits of both GNOME and GTK available under the LGPL rather than the GPL, GNOME and GTK are much more appealing to the existing big players in the Unix world who will want to continue to produce proprietary products, along with their open contributions.
What part of Opera's licence prohibits distribution and bundling? The licence seems to specifically allow the software to be "freely copied, stored and distributed by any person or organization, providing that the person or organization meets the terms and conditions of this document in full."
I don't see anything in those terms and conditions that would prevent RedHat distributing it.
Trade sanctions of one sort or another are traditionally used to bring human rights abuses (and other political goals). It doesn't seem much of a stretch to apply that idea to the trade of information.
Upgrade if you aren't running something mission critical and if the worst that can happen (filesystem corruption) won't be the end of the world (you really want an excuse to install that new distro anyway!)
If you come across a bug then congratulations, you've made a first step in making Linux better. Distribution and use is a vital part of an Open Source development process.
So what you're saying is that this somehow makes for a better interface?
Yes, it makes Opera's interface better because it provides more options to those who need/want them. If you don't want to or cannot use them then simply don't, they are purely optional and do not replace nor interfere with the other interfaces that Opera provides.
Firstly I think you are wrong in stating that the barrier to entry is being raised. Whatever the new standards bring, Jane Average can still code their pages to "HTML 3.2 standards" and have them rendered as well as they ever were. The sheer weight of pages coded that way will continue to demand that browsers render them. CSS, XHTML and DOM don't take anything away from such people, they just give more to those who want it.
Secondly I think that Jane Average will be able to take advantage of CSS, XHTML and DOM, they just won't need to know they are doing so.
We are just getting the next generation browsers that support these standards properly. Next is the software used to create webpages for those who don't want to code by hand.
Such software will take care of the hassles of these standards for the user and allow them to just build what they want.
I don't have to understand postscript to print my word document, they won't have to understand CSS/XHTML/DOM to publish their page to a browser.
If you look at the two major presidential candidates for the last US election there's an obvious reason why we're looking for intelligence outside our own species. That reason is Hope.
Nope - the invidual developers almost all release their code under >=2. And Linus only owns the code he contributes. The other developers own the code they contribute. It's only a problem for Linus.
That is somewhat arguable. I agree that what you say is true for segments of code that are explicitally labeled as being under >=2. But for any code that is not specifically labeled as such you cannot make that assumption safely.
My point is that licencing changes are one thing that doesn't scale well with open source projects where copyright is not assigned to a single entity (see also Mozilla's dual licencing).
The article talks about things needing to run 'close' to the Linux Kernel in embedded devices. Well, the GPL 3 is completely irrelevant here, as the Linux Kernel is not available under GPL3. Linus specifically releases the kernel under the GPL 2 licence (not GPL 2 or greater, see Kernel Traffics passim.).
Some would argue the if the GPL3 turns out to be a good thing in the future, then it will be very difficult to relicence the kernel under GPL3 as there are so many contributers who submitted modifications to GPL 2 only code.
Note that this also means that you can't legally take code from the GPL 2 only kernel and place it in a GPL 2+ project, but that's not strictly relevant to the topic at hand.
What would this result in, the enforced release of the entire Windows XP source tree?
No, certainly not. If someone distributes software that contains GPL'd code without GPLing that software they will be done for breach of copyright, not for breach of licencing (because, as the GPL states, nothing has been signed, so there is nothing to prove you ever agreed to the licence).
The licence works, not because you automagically agree to it when using GPL'd code, but because if you don't agree to it then any distribution you do will be copyright infringing.
So what you could see (as it would depend on the court obviously) is the software being recalled, or damages being paid, but not automatic source release.
The assembler-whatsits (nanofaxes, IIRC) in All Tomorrows Parties were all controlled by the Lucky Dragon chain of convenience stores. Having a single entity controlling all the distribution points doesn't really fit in with the P2P middle:)
Slashdot Mirror
I rarely use MySQL (and use PostgreSQL every day) but I thought the MySQL documentation was pretty good.
Thanks for that. It brightened my afternoon. People will be wondering what I'm sitting here snickering at. I don't fancy trying to explain....
See here.
Now that's comedy!
====
Earlier this month, a public server of the Apache Software Foundation (ASF) was illegally accessed by unknown crackers. The intrusion into this server, which handles the public mail lists, web services, and the source code repositories of all ASF projects was quickly discovered, and the server immediately taken offline. Security specialists and administrators determined the extent of the intrusion, repaired the damage, and brought the server back into public service.
The public server that was affected by the incident serves as a source code repository as well as the main distribution server for binary release of ASF software. There is no evidence that any source or binary code was affected by the intrusion, and the integrity of all binary versions of ASF software has been explicitly verified. This includes the industry-leading Apache web server.
Specifically: on May 17th, an Apache developer with a sourceforge.net account logged into a shell account at SourceForge, and then logged from there into his account at apache.org. The ssh client at SourceForge had been compromised to log outgoing names and passwords, so the cracker was thus able get a shell on apache.org. After unsuccessfully attempting to get elevated privileges using an old installation of Bugzilla on apache.org, the cracker used a weakness in the ssh daemon (OpenSSH 2.2) to gain root privileges. Once root, s/he replaced our ssh client and server with versions designed to log names and passwords. When they did this replacement, the nightly automated security audits caught the change, as well as a few other trojaned executables the cracker had left behind. Once we discovered the compromise, we shut down ssh entirely, and through the serial console performed an exhaustive audit of the system. Once a fresh copy of the operating system was installed, backdoors removed, and passwords zeroed out, ssh and commit access was re-enabled. After this, an exhaustive audit of all Apache source code and binary distributions was performed.
The ASF is working closely with other organizations as the investigation continues, specifically examining the link to other intrusion(s), such as that at SourceForge (http://sourceforge.net/) [ and php.net (http://www.php.net/). ]
Through an extra verification step available to the ASF, the integrity of all source code repositories is being individually verified by developers. This is possible because ASF source code is distributed under an open-source license, and the source code is publicly and freely available. Therefore, the ASF repositories are being compared against the thousands of copies that have been distributed around the globe. While it was quickly determined that the source code repositories on the ASF server were untouched by the intruders, this extra verification step provides additional assurance that no damage was done.
As of Tuesday, May 29, most of the repository has been checked, and as expected, no problems have been found. A list of verified modules will be maintained, and is available here: http://www.apache.org/info/hack-20010519.html
Because of the possible link of the ASF server intrusion to other computer security incidents, the investigation is ongoing. When complete, the ASF will offer a complete and public report.
The Apache Software Foundation strongly condemns this illegal intrusion, and is evaluating all options, including prosecution of the individual(s) responsible to the fullest extent of the law. Anyone with pertinent information relating to this or other related events should contact root@apache.org. Anyone from the media with further interest should contact press@apache.org.
Thanks.Brian Behlendorf
President, Apache Software Foundation
====
There must be plenty of moderators with a sense of humour floating around today
Forgetting how much of a bad idea it may be, the Linux kernel is GPL'd and Mozilla isn't so you simply cannot combine them legally.
That said, Mozilla now has a -turbo startup parameter which will make the browser start up and show no windows, so Mozilla can be made to load at boot time for faster later use on Windows. I think this "turbo" mode is also planned for other OSes in time.
They just have a licence to use it. Big deal!
My description describes EXACTLY how copyright licences work. In fact my description is startlingly similar to your last paragraph except you use terms such as "no rights" and "use" innappropriatly.
You are most likely correct. AOL can argue that they have not violated the GPL because they never agreed to it in the first place (no signature, etc etc).
However, by doing this they would be arguing that they have breached the copyright on the software by distributing it without a licence to do so.
Fun eh!
Er, I'd have thought putting 'None' would have achieved that.
There is one main reason that KDE won't become the "standard X desktop" (meaning running on Linux, Solaris, etc etc etc).
Once again it's licencing. You can't develop proprietary software with QT without paying Trolltech for a licence. With the central bits of both GNOME and GTK available under the LGPL rather than the GPL, GNOME and GTK are much more appealing to the existing big players in the Unix world who will want to continue to produce proprietary products, along with their open contributions.
What part of Opera's licence prohibits distribution and bundling? The licence seems to specifically allow the software to be "freely copied, stored and distributed by any person or organization, providing that the person or organization meets the terms and conditions of this document in full."
I don't see anything in those terms and conditions that would prevent RedHat distributing it.
Trade sanctions of one sort or another are traditionally used to bring human rights abuses (and other political goals). It doesn't seem much of a stretch to apply that idea to the trade of information.
Upgrade if you aren't running something mission critical and if the worst that can happen (filesystem corruption) won't be the end of the world (you really want an excuse to install that new distro anyway!)
If you come across a bug then congratulations, you've made a first step in making Linux better. Distribution and use is a vital part of an Open Source development process.
Firstly I think you are wrong in stating that the barrier to entry is being raised. Whatever the new standards bring, Jane Average can still code their pages to "HTML 3.2 standards" and have them rendered as well as they ever were. The sheer weight of pages coded that way will continue to demand that browsers render them. CSS, XHTML and DOM don't take anything away from such people, they just give more to those who want it.
Secondly I think that Jane Average will be able to take advantage of CSS, XHTML and DOM, they just won't need to know they are doing so.
We are just getting the next generation browsers that support these standards properly. Next is the software used to create webpages for those who don't want to code by hand. Such software will take care of the hassles of these standards for the user and allow them to just build what they want.
I don't have to understand postscript to print my word document, they won't have to understand CSS/XHTML/DOM to publish their page to a browser.
That's somewhat amusing with the claims that video game violance and death lead to real life violence and death. "Fatal" indeed,
I mean, 99% of the time I only use mine as a TV remote.
Have you tried Loki's newsgroups? There have always been helpful people there (Loki employees and others) when I've been stuffed.
If you look at the two major presidential candidates for the last US election there's an obvious reason why we're looking for intelligence outside our own species. That reason is Hope.
Your two points there seems strangely at odds with each other. If A is a problem, why is routing round it with B foolish?
My point is that licencing changes are one thing that doesn't scale well with open source projects where copyright is not assigned to a single entity (see also Mozilla's dual licencing).
The article talks about things needing to run 'close' to the Linux Kernel in embedded devices.
Well, the GPL 3 is completely irrelevant here, as the Linux Kernel is not available under GPL3. Linus specifically releases the kernel under the GPL 2 licence (not GPL 2 or greater, see Kernel Traffics passim.).
Some would argue the if the GPL3 turns out to be a good thing in the future, then it will be very difficult to relicence the kernel under GPL3 as there are so many contributers who submitted modifications to GPL 2 only code.
Note that this also means that you can't legally take code from the GPL 2 only kernel and place it in a GPL 2+ project, but that's not strictly relevant to the topic at hand.
The licence works, not because you automagically agree to it when using GPL'd code, but because if you don't agree to it then any distribution you do will be copyright infringing.
So what you could see (as it would depend on the court obviously) is the software being recalled, or damages being paid, but not automatic source release.
Probably.
The assembler-whatsits (nanofaxes, IIRC) in All Tomorrows Parties were all controlled by the Lucky Dragon chain of convenience stores. Having a single entity controlling all the distribution points doesn't really fit in with the P2P middle :)