I want a distribution that has a similar GUI installer that RH and Mandrake have, but instead of invoking "rpm -i" for each package, it would build all the install packages from source drops. The "installer script" could be a large XML file that describes how to compile each package, what its dependencies are, and provides a mechanism for tweaking the packages configuration. Most of the packages out there can have their runtime configuration configured via their 'configure' script (wow that's a lot of "configures"), making it a fairly uniform approach. In addition, at the beginning of the install, it would be neat to see controls for your *exact* hardware configuation that get turned into CFLAGS like -march=i[my]86 and -O3, etc.
The only drawback I can see is that it would increase install times by a *lot*. However, in the end you would end up with a *highly* optimized distribution.
apache cocoon is an awesome publishing tool. I recently created a site that creates a web site and a series of PDF documents from the same source. Your input documents are as simple as you want them to be, because you define it yourself and transform it into HTML or XSL:FO via XSLT.
For an affordable, very easy to configure, and speedy (excellent performance on my 386/33 with 8mb ram) firewall/gateway, you just can't beat sharethenet. I had it up and running in 1/2 hour, and there is almost no performance difference when I have my cable modem hooked up directly to my speedy p3 desktop. It "embeds" linux by loading it from a floppy onto a ram disk. If you get hacked, simply restart your machine, and you are back to factory settings. Downside is you need dedicated hardware, but OTOH, that hardware can be very old and still perform.
I decoded the image and here it is! Those damn scientologists were right! This just proves my theory that the reason all those powerful folks become scientologists because they have actually spoken to Xenu! This "Search for Terrestrial Intelligence" is really just another scientologist ploy to get other alien races to follow the wisdom of Xenu!
There are three reasons in my mind why autoconf absolutely rocks.
The library dependancy checking via AC_CHECK_LIB rocks. Why should I have to deal with the infinite possible locations for shared libraries? Autoconf deals with this nicely, and builds your -l and -L parameters for you.
./configure --prefix=[somewhere] makes it very easy for your users to customize the installation directory.
AC_ARG_WITH is an execllent macro that lets you create compilation options with ease. Two of my favorites are creating debugging and profiling builds that can be removed in a production compile.
The only truly horrible feature of autoconf/automake is the function detection mechanism, as other posters have complained about. Since there is no viable replacement for the functions that are being checked, this is just plain dumb. I suggest not using this feature at all, and then only write code that is a) ansi strict, or b) only uses library functions that you checked with AC_CHECK_LIB.
Following these simple rules has made it very easy for me to create sane makefiles across projects with a very large number of subdirectories and sources.
My point was that keylogging by itself is not enough to decipher an encrypted message. This means there must be a following break-in (physical or 'net) in order to *use* the passphrase. In the case of physical break-in, there's not much one can do, except go to court, which sucks. The "Magic Lantern" software itself might enable a network attack by opening up a back door, which is a *lot* more dangerous than the article hints at. Sorry if I wasn't clear.
Can anyone tell me how having my passphrase obtained via keylogging will allow the FBI to unencrypt my private messages? Unless I'm much mistaken, you need my (well ok, the message receivers) private key in order to do that. I have never actually *typed* a private key, it is generated by gpg. If all this tool is doing is keylogging, they can't actually use the information gained to crack a key unless a) they get physical access to my machine or b) they install some other kind of virus that will start sending pgp data files as well.
I guess they could just do a secret search of my house if they obtained the passphrase, but that's about it. If they did I would have those fsckers in court quick as a limpet.
My crappy PacBell DSL dies every time I start up a large download. It does not come back up until after a full restart, and since the connection is dead, Windows freezes when trying to disconnect. The Linux support sucks... an alpha utility from Alcatel, and I have to install several kernel patches that only work against 2.4.2. I've been trying to get a gateway together, but the fscking dsl modem is "usb ethernet". Who ever heard of that? My gateway hardware is so old that it doesn't even have a PCI bus, much less usb ports. Maybe cable broadband is the way to go? Anyone have experience with AT&T broadband?
-May run various network services, binding to the same ports without special configuration.
What!?!? What happens when you bind, say, sshd to port 22 on multiple servers? Do you also need multiple ethernet cards and ip addresses? The docs don't say anything about that...
It seems that a great deal of these attacks are based upon the fact that file names are passed as CGI arguments. This is dumb. First of all, it causes your URL's to be unnecessarily ugly. Second, if one uses suffix mapping (e.g. in Apache), the URL is checked by the web server before being sent to a CGI type process. The upshot is that only files that live in the htdocs "sandbox" can be accessed. For example, http://www.davesresume.net/resume.xml points to the "/resume.xml" file in my web root. Go ahead and try "http://www.davesresume.net/../resume.xml" and you get a 404. The.xml extension is mapped to Apache Cocoon, my xml processor of choice, and there is no exploit opportunity unless I explicitly open one up with some other CGI code. Since I don't need any other file context, this type of attack is not a problem.
This will probably get lost in all the noise, but here we go anyway.
Imagine for a second a world where DVDs had never been invented. In such a world, any interactive content would have to be packaged separately, say in a bundled CD-ROM like you get in kids cereal boxes these days. This presents a clear physical separation of the interactive content from the product. In this case the "software" component is just a freebie extra that *happens* to come with the video (or cereal).
Now back to the real world where we DVDs have been invented. The physical separation of software and product (in this case video content) becomes a *logical* separation. Instead of a VHS cassette box and a bundled CD-ROM, we now have the abstract separation of MPEG files and executable binaries. The interactive content is still just a freebie extra that *happens* to come with the purchase or rental of the DVD. In this case, we must consider the DVD to a film, and have all the copyright privilidges and restricitons of said media.
But wait, there's more. The above case only works if one cannot interact directly with the movie as it is being played. Suppose someone devises a method for actually interacting with a running movie. Remember "Clue", the movie with several different endings? Suppose someone had devised a method that, through user choices made during the playback of the movie, different storylines would appear. In this case, the DVD must be considered "software" because playback somehow contains binary instructions for choosing a movie path.
Therefore, I advocate a classification system where discs are labled as "software" or "film". It may be slightly convoluted, but it seems to me that this is the only way to be fair...
Um possibly the fact that he advocates dropping airport security entirely so that passengers can carry guns. You don't think that's totally wacko? All it takes is one idiot letting his gun fire by accident. The plane depressurizes(sp?) and everyone dies. Are you seriously telling me that this is a good idea?
It seems that ESR has written an opinion piece on Newsforge that is sure to get slashdotters up in arms. Sorry couldn't resist the lame pun. Seriously though, it seems like ESR is promoting his personal agenda during this time of crisis. Hardly appropriate.
My wife and I were speculating last night: will they rebuild the towers? They will almost certainly fix the Pentagon because only about a fifth of the building was damaged, but what about our landmark center for capatailsm? Thoughts?
Actually, my solution is a subset of yours. "IP protection" can mean anything from my watermarking scheme to a secure ecommerce site. The problem with not publishing anything at all is that it defeats the purpose of this artists web site entirely. I thought watermarking was appropriate because the goods can be previewed. This way, the image search engines actually work for the artist instead of against.
There is a very simple answer for the artist in the ditto.com case. Watermark all your production images. You can create yourself a Photoshop action to automate this very easily, and a GIMP script version wouldn't be all that tough either. Make them unusable unless they obtain a (non-web based) copy from you. I couldn't even finish reading the horrible article because they compared the pitiful ditto.com vs nobody case to Napster vs. RIAA twice before the article was half-finished.
Everyone seems so excited about the travel possibilities.
With an acceleration of 10000 G's, I will weigh 2,200,000 pounds during take-off. Exactly how is my body not going to be crushed to a thin paste before the 10-minute flight to London even gets started? That frog in that blender stood a better chance of survival than me in my trans-continental flight. Just a thought.
Yeah! Then Bush will have to support it with his community/religion program. You are therefore compelled to "grep for the divine message" in order to receive Gov't help! This is excellent because it a) gives us a *real* reason to pirate American Pie, and b) pitts the gov't against the MPAA/RIAA in an all out rumble. Where's Jessie Ventura when we need him!
No more late-night fights over what programs to keep: public access yoga vs. Doctor Who. If I had a spine, it would always be sci-fi over metaphysical crap, but apparently in a "relationship" you have to make "comprimises". 320 hours means no more comprimises over my precious PVR space! Woohoo!
The market for SourceForge at all, even the free version, above and beyond plain CVS is small as it stands.
The free version does much more than you hint at. Many of these things are essential for collaboration in large-scale projects:
Code Management
Software Archiving
Bug Tracking
Patch Management
Secure Source Control (CVS)
Variable Project Access Control
Developer Management
Developer Access Control
Task Management
Support Management
Team Activity / Statistics
Automated E-mail Updates
Knowledge Management
Documentation Management
Discussion Forums
Mailing List Management
Support Archives
Indexing and Searching
And you think that the market for such an all-encompasing collaboration tool is small!?!? Sure some of it is marketdroid speak, but having a web front-end to these disparate tools is well worth the price of $0.00.
Lots of folks here seem to believe that the only revenue stream is from "propriatery extensions". I believe this is not exactly true. I think SF wants to make money their real money in the services department, judging from the list on their site:
Support
Assessment
Installation
Integration
Administration
Training
Customization
Internal Marketing
Delivery
My bet is that the "enterprise edition" will be the same as the free version except a) it will work with Oracle, and b) they will offer some or all of the services listed above as part of the offer. Just my little guess.
Slashdot Mirror
I just posted this last night...
I want a distribution that has a similar GUI installer that RH and Mandrake have, but instead of invoking "rpm -i" for each package, it would build all the install packages from source drops. The "installer script" could be a large XML file that describes how to compile each package, what its dependencies are, and provides a mechanism for tweaking the packages configuration. Most of the packages out there can have their runtime configuration configured via their 'configure' script (wow that's a lot of "configures"), making it a fairly uniform approach. In addition, at the beginning of the install, it would be neat to see controls for your *exact* hardware configuation that get turned into CFLAGS like -march=i[my]86 and -O3, etc.
The only drawback I can see is that it would increase install times by a *lot*. However, in the end you would end up with a *highly* optimized distribution.
The idea came to me while building my own.
Damn sorry, that link should have been this one.
apache cocoon is an awesome publishing tool. I recently created a site that creates a web site and a series of PDF documents from the same source. Your input documents are as simple as you want them to be, because you define it yourself and transform it into HTML or XSL:FO via XSLT.
For an affordable, very easy to configure, and speedy (excellent performance on my 386/33 with 8mb ram) firewall/gateway, you just can't beat sharethenet. I had it up and running in 1/2 hour, and there is almost no performance difference when I have my cable modem hooked up directly to my speedy p3 desktop. It "embeds" linux by loading it from a floppy onto a ram disk. If you get hacked, simply restart your machine, and you are back to factory settings. Downside is you need dedicated hardware, but OTOH, that hardware can be very old and still perform.
I decoded the image and here it is! Those damn scientologists were right! This just proves my theory that the reason all those powerful folks become scientologists because they have actually spoken to Xenu! This "Search for Terrestrial Intelligence" is really just another scientologist ploy to get other alien races to follow the wisdom of Xenu!
Apple icards?
In the same vein: byolinux brew your own.
- The library dependancy checking via AC_CHECK_LIB rocks. Why should I have to deal with the infinite possible locations for shared libraries? Autoconf deals with this nicely, and builds your -l and -L parameters for you.
- ./configure --prefix=[somewhere] makes it very easy for your users to customize the installation directory.
- AC_ARG_WITH is an execllent macro that lets you create compilation options with ease. Two of my favorites are creating debugging and profiling builds that can be removed in a production compile.
The only truly horrible feature of autoconf/automake is the function detection mechanism, as other posters have complained about. Since there is no viable replacement for the functions that are being checked, this is just plain dumb. I suggest not using this feature at all, and then only write code that is a) ansi strict, or b) only uses library functions that you checked with AC_CHECK_LIB.Following these simple rules has made it very easy for me to create sane makefiles across projects with a very large number of subdirectories and sources.
My point was that keylogging by itself is not enough to decipher an encrypted message. This means there must be a following break-in (physical or 'net) in order to *use* the passphrase. In the case of physical break-in, there's not much one can do, except go to court, which sucks. The "Magic Lantern" software itself might enable a network attack by opening up a back door, which is a *lot* more dangerous than the article hints at. Sorry if I wasn't clear.
Can anyone tell me how having my passphrase obtained via keylogging will allow the FBI to unencrypt my private messages? Unless I'm much mistaken, you need my (well ok, the message receivers) private key in order to do that. I have never actually *typed* a private key, it is generated by gpg. If all this tool is doing is keylogging, they can't actually use the information gained to crack a key unless a) they get physical access to my machine or b) they install some other kind of virus that will start sending pgp data files as well.
I guess they could just do a secret search of my house if they obtained the passphrase, but that's about it. If they did I would have those fsckers in court quick as a limpet.
My crappy PacBell DSL dies every time I start up a large download. It does not come back up until after a full restart, and since the connection is dead, Windows freezes when trying to disconnect. The Linux support sucks... an alpha utility from Alcatel, and I have to install several kernel patches that only work against 2.4.2. I've been trying to get a gateway together, but the fscking dsl modem is "usb ethernet". Who ever heard of that? My gateway hardware is so old that it doesn't even have a PCI bus, much less usb ports. Maybe cable broadband is the way to go? Anyone have experience with AT&T broadband?
What!?!? What happens when you bind, say, sshd to port 22 on multiple servers? Do you also need multiple ethernet cards and ip addresses? The docs don't say anything about that...
It seems that a great deal of these attacks are based upon the fact that file names are passed as CGI arguments. This is dumb. First of all, it causes your URL's to be unnecessarily ugly. Second, if one uses suffix mapping (e.g. in Apache), the URL is checked by the web server before being sent to a CGI type process. The upshot is that only files that live in the htdocs "sandbox" can be accessed. For example, http://www.davesresume.net/resume.xml points to the "/resume.xml" file in my web root. Go ahead and try "http://www.davesresume.net/../resume.xml" and you get a 404. The .xml extension is mapped to Apache Cocoon, my xml processor of choice, and there is no exploit opportunity unless I explicitly open one up with some other CGI code. Since I don't need any other file context, this type of attack is not a problem.
This will probably get lost in all the noise, but here we go anyway.
Imagine for a second a world where DVDs had never been invented. In such a world, any interactive content would have to be packaged separately, say in a bundled CD-ROM like you get in kids cereal boxes these days. This presents a clear physical separation of the interactive content from the product. In this case the "software" component is just a freebie extra that *happens* to come with the video (or cereal).
Now back to the real world where we DVDs have been invented. The physical separation of software and product (in this case video content) becomes a *logical* separation. Instead of a VHS cassette box and a bundled CD-ROM, we now have the abstract separation of MPEG files and executable binaries. The interactive content is still just a freebie extra that *happens* to come with the purchase or rental of the DVD. In this case, we must consider the DVD to a film, and have all the copyright privilidges and restricitons of said media.
But wait, there's more. The above case only works if one cannot interact directly with the movie as it is being played. Suppose someone devises a method for actually interacting with a running movie. Remember "Clue", the movie with several different endings? Suppose someone had devised a method that, through user choices made during the playback of the movie, different storylines would appear. In this case, the DVD must be considered "software" because playback somehow contains binary instructions for choosing a movie path.
Therefore, I advocate a classification system where discs are labled as "software" or "film". It may be slightly convoluted, but it seems to me that this is the only way to be fair...
Um possibly the fact that he advocates dropping airport security entirely so that passengers can carry guns. You don't think that's totally wacko? All it takes is one idiot letting his gun fire by accident. The plane depressurizes(sp?) and everyone dies. Are you seriously telling me that this is a good idea?
It seems that ESR has written an opinion piece on Newsforge that is sure to get slashdotters up in arms. Sorry couldn't resist the lame pun. Seriously though, it seems like ESR is promoting his personal agenda during this time of crisis. Hardly appropriate.
My wife and I were speculating last night: will they rebuild the towers? They will almost certainly fix the Pentagon because only about a fifth of the building was damaged, but what about our landmark center for capatailsm? Thoughts?
There is a very simple answer for the artist in the ditto.com case. Watermark all your production images. You can create yourself a Photoshop action to automate this very easily, and a GIMP script version wouldn't be all that tough either. Make them unusable unless they obtain a (non-web based) copy from you. I couldn't even finish reading the horrible article because they compared the pitiful ditto.com vs nobody case to Napster vs. RIAA twice before the article was half-finished.
Everyone seems so excited about the travel possibilities.
With an acceleration of 10000 G's, I will weigh 2,200,000 pounds during take-off. Exactly how is my body not going to be crushed to a thin paste before the 10-minute flight to London even gets started? That frog in that blender stood a better chance of survival than me in my trans-continental flight. Just a thought.
Yeah! Then Bush will have to support it with his community/religion program. You are therefore compelled to "grep for the divine message" in order to receive Gov't help! This is excellent because it a) gives us a *real* reason to pirate American Pie, and b) pitts the gov't against the MPAA/RIAA in an all out rumble. Where's Jessie Ventura when we need him!
No more late-night fights over what programs to keep: public access yoga vs. Doctor Who. If I had a spine, it would always be sci-fi over metaphysical crap, but apparently in a "relationship" you have to make "comprimises". 320 hours means no more comprimises over my precious PVR space! Woohoo!
The free version does much more than you hint at. Many of these things are essential for collaboration in large-scale projects:
Code Management- Software Archiving
- Bug Tracking
- Patch Management
- Secure Source Control (CVS)
- Variable Project Access Control
Developer Management- Developer Access Control
- Task Management
- Support Management
- Team Activity / Statistics
- Automated E-mail Updates
Knowledge ManagementAnd you think that the market for such an all-encompasing collaboration tool is small!?!? Sure some of it is marketdroid speak, but having a web front-end to these disparate tools is well worth the price of $0.00.
Lots of folks here seem to believe that the only revenue stream is from "propriatery extensions". I believe this is not exactly true. I think SF wants to make money their real money in the services department, judging from the list on their site:
My bet is that the "enterprise edition" will be the same as the free version except a) it will work with Oracle, and b) they will offer some or all of the services listed above as part of the offer. Just my little guess.