For context, here's how this looks from outside Slashdot.
Me: "It looks like ASUS may have violated the GPL in the eee software distribution. I suspect it was a mistake. I've contacted them and publicly stated that I don't intend to sue or anything." (This is the 'hair trigger attack reaction' I guess.) Blog community: "Lame!" ASUS: "Oh, hey, you're right, here are some source tarballs." Me: "Thanks! Go ASUS!" "Kupfernigk" on Slashdot: "OMG MOUTH-FROTHING AD-HOMINEM ATTACKS"
One of us is involved in civil dialog, the other is making angry Slashdot posts -- I'm not certain the latter is in any position to give lectures about losing one's virginity.:-)
Hi. I'm the software engineer who initially brought all this to the community's attention. I assume I'm the scare-quoted critic you're referring to.
I am not a GPL zealot (in point of fact I'm a BSD guy), and I have never used the term "sanctity of the GPL," except possibly in jest.
I haven't seen anyone suggest that they were willfully withholding sources; in my original analysis I said that I suspected it was a mistake on their part. It's possible you read a sensationalized second-hand source (like iTwire), but all I noted was that they had shipped modified GPL binaries without source. As you say, the eee's been available for weeks now, which is weeks longer than the GPL permits you to distribute binaries without source.
Had you read the initial analysis or the followups where I tested and verified ASUS's source releases, you would know this.
Honestly, seems like anything can make 5/Insightful these days.
Hi. I wrote the blog post that iTwire cited out of context, and the submitter further mangled. I feel like I should clarify some things.
I'm not accusing ASUS of malice, specifically, just incompetence. They included the GPL in their manual and posted a source tarball, it's just the wrong one. The outside of the retail box even cites the GPL. They've tried to cover their ass and simply screwed it up.
As for the "OMG eee fans don't care!!11", that probably comes from the note I posted which states that I'm not planning to sue ASUS. In fact, what that means is that I've done the lawsuit thing before and simply don't have the time or energy. If I didn't care, I wouldn't have posted my evidence.
I also don't know where that nonsense about making it hard to install another distro comes from, since I posted the info amidst a discussion of installing Ubuntu 7.10 (which I'm using to write this comment).
And finally, I'm not a "Linux stalwart," I'm a "Mac bigot." It says that on my blog.
All the submitter said was that Microsoft refused Gorbachev's offer. This is probably a little harsh -- all they did was not accept it, technically -- but the correction you link to is about some "settlement" they said Microsoft offered.
In Mountain View? No. AC is quite rare. In my case, with gas heating and actually, y'know, giving a shit and turning lights off now and again, 1.6kW mean is realistic.
When I'm at work or asleep, my power consumption is about an amp for my router and alarm clock.
Talking about reform, I find the most illogical thing of user interfaces is the menubar.. how do you exit? Go to "File". Where are the options? Under "Tools".. why can't somebody offer a totally new way of making the menu. Start with "Program", where you have "Options" and "About" (maybe "Help" too), then "Document" or "File", and then "Edit", etc.. We're so used to File -> Exit that we stop thinking how illogical such a construct is... exit the file?
It may be worth noting that you've just described the current Mac OS X menubar layout.
Can't blame you; I think it makes more sense too. In fact, most of the Vista guide seems to have similar aspirations (which is my way of recognizing that, even though it looks like a complete rip, it may not be).
This column uses an interesting definition of Open Source.
From the article: Microsoft's Atlas may not be open source -- the license includes terms that would rankle a devotee -- but the code you create with the system is yours to license as you like, and you'll be able to create Atlas apps with few practical restrictions.
Oh. Is that what Open Source means? That I can create apps with it and license them how I like? Well, crap, Visual Studio must be open source too!
Last I checked, neither Atlas nor GWT were open source in any sense of the word, though at least GWT will run on real servers.
I know I'm going to have a hard time convincing the PHP audience of this, but the conventions preventing people from using code in JSP are a good thing. You're going to have a hard time selling me a solution that makes it easier to mix my business logic and presentation, even if it's written in a language I like (like Ruby or Smalltalk).
It's better than JSP? Yay. So is everything else developed in the last ten years (and some systems developed before). The Java community has moved on to alternative presentation technologies -- WebWork, JSF, GWT, and the myriad XSLT frameworks come to mind.
Now, if it's more productive than GWT or JSF...well, then we'll talk. But don't attack the strawman of JSP. That's like saying "Ruby is better than Perl 4!"
I know I'm far from the norm here, but I don't use full disk encryption -- despite being a security-industry paranoid -- because it's simply unavailable to me.
Because I use a Mac. As do at least half of my laptop-wielding coworkers.
Once a stable solution exists, I will be all over it, but at this rate I'll likely have to write it myself.
Bram points out, rightly, that one must be very careful with legislating network neutrality, to keep from forcing ISPs to deliver all traffic (DDoS, spam, etc.). He acknowledges that with a sufficiently broad definition, the Cachelogic scheme could violate network neutrality.
Of course, so would Akamai, in this case. The article gets the entire topic wrong. What they're discussing is not a QoS tier at the network level, but a single company's caching architecture that makes their clients' data go faster.
I know you're not going to like this, playing Silent Hill and all, but you probably need backlighting behind your monitor.
A bright monitor in a dark room already produces significant eyestrain; combined with 3D motion on the screen, it can quickly cause motion sickness. It's a good idea to have the wall behind (or the surfaces around) your monitor softly lit, both to reduce the contrast and to give you points of reference.
For the past, oh, two years or so, there's been this marvelous thing called AJAX. The first A is for Asynchronous.
As for the UI, I don't like the idea of a browser-based IM client in the first place, but for such a monstrosity it seems okay. Not that I'll use it. (Yay, I have to keep a browser window open at all times, and not have context menus or drag and drop or audio alerts! Woohoo! It's like ICQ from ten years ago!)
the BSD's are working on getting a journaled file system together
Oh, snap. Somebody's not running Soft Updates.:-)
(Yes, I understand that Soft Updates is not technically metadata journalling as practiced by the Linux people. No, I don't believe there are a significant number of practical situations where the results will differ.)
My favorite bit from the research paper (linked from TFA) is the following:
Extensions are a major cause of software reliability, security, and backward compatibility problems. Although extension code is often untrusted, unverified, faulty, or even malicious, it is loaded directly into a program's address space with no hard interface, boundary, or distinction between host and extension.
Okay, Microsoft, I think I'm with you on this one...you're telling us not to use ActiveX, right?
Security is close, but as we've seen with recent holes in Firefox/Mozilla, as other tools get popular, their security will come under attack, too.
I'm not particularly anti-Microsoft, though I choose not to use it for myself. However, I had to take issue with this, as I've been hearing this statement more and more lately.
There is such a thing as designing for security. Postfix is an excellent example of this; whatever your feelings on DJB, djbdns and qmail are also good examples. These three packages are rapidly growing in popularity, without showing the same security problems as the tools they replace (namely, sendmail and BIND). This is because (filesystem hierarchy restrictions aside) they are quite simply designed better.
Firefox, and Mozilla in general, was not designed with security in mind in the same way as Postfix. So, yes, it will show some correlation between popularity and exploits. However, even if IE and Firefox achieve equal popularity, I doubt Firefox will show the same consistently poor long-term track record as IE, for three main reasons.
1. IE has at least one designed-in security hole, ActiveX. Signed code is not a security mechanism, it's an authentication mechanism, and a user-driven one at that; sandboxing would be better.
2. Members (past and present) of the IE team have acknowleged that the IE codebase has grown to the point that it's difficult to maintain and patch. This suggests a poor initial design (compare Postfix's heavily compartmentalized code), but also explains some of the security problems of late.
3. IE is not written with Least-Privileges in mind. I can drop Firefox on the desktop without admin rights and use it, confident that an exploit in Firefox cannot nuke my machine (assuming the underlying OS is not also exploited). I cannot be so confident about IE, tied into the OS as it is. Too many IE bugs have allowed SYSTEM-level privilege escalation on NT.
Now, Firefox may well grow into problem #2, but I think #1 and #3 are unlikely.
Perhaps I'm over-simplifying, but uncompressed WAV data (2-channel, 44.1khz, 16-bits-per-channel) is only 1.411 Mbps. For the network itself, a 100 Mbps switched Ethernet should provide plenty of bandwidth and dramatically reduce latency.
The switch will allow you to dedicate 100 Mbps each way per machine by preventing each box from having to see streams in which it is uninterested. It will also allow you to run full-duplex, which will decrease latency if you're ACKing your transmissions (e.g. using TCP).
Really, a 10 Mbps switched network would probably be sufficient, but good luck finding a 10 Mbps switch these days.
I'd be more concerned about the ability of Win98 boxen to stream/process realtime data without hiccups, but I assume you've already got that solved.
What kind of password system lets you try 75 (or even 20) times?
An offline system!
I can think of two cases:
1. You have a hashed version of the password. Hashing every possible typed password and looking for collisions: prohibitive. Hashing 75 possibilities and looking for collisions: trivial.
2. You don't have to get in right away. Try twice a day for a month and a half. More than likely, it won't take you that long.
Slashdot Mirror
If I had mod points, they would be yours. I've gotten attacked so much in this thread that it's nice to see someone who gets it.
For context, here's how this looks from outside Slashdot.
:-)
Me: "It looks like ASUS may have violated the GPL in the eee software distribution. I suspect it was a mistake. I've contacted them and publicly stated that I don't intend to sue or anything." (This is the 'hair trigger attack reaction' I guess.)
Blog community: "Lame!"
ASUS: "Oh, hey, you're right, here are some source tarballs."
Me: "Thanks! Go ASUS!"
"Kupfernigk" on Slashdot: "OMG MOUTH-FROTHING AD-HOMINEM ATTACKS"
One of us is involved in civil dialog, the other is making angry Slashdot posts -- I'm not certain the latter is in any position to give lectures about losing one's virginity.
Hi. I'm the software engineer who initially brought all this to the community's attention. I assume I'm the scare-quoted critic you're referring to.
I am not a GPL zealot (in point of fact I'm a BSD guy), and I have never used the term "sanctity of the GPL," except possibly in jest.
I haven't seen anyone suggest that they were willfully withholding sources; in my original analysis I said that I suspected it was a mistake on their part. It's possible you read a sensationalized second-hand source (like iTwire), but all I noted was that they had shipped modified GPL binaries without source. As you say, the eee's been available for weeks now, which is weeks longer than the GPL permits you to distribute binaries without source.
Had you read the initial analysis or the followups where I tested and verified ASUS's source releases, you would know this.
Honestly, seems like anything can make 5/Insightful these days.
Hi. I wrote the blog post that iTwire cited out of context, and the submitter further mangled. I feel like I should clarify some things.
I'm not accusing ASUS of malice, specifically, just incompetence. They included the GPL in their manual and posted a source tarball, it's just the wrong one. The outside of the retail box even cites the GPL. They've tried to cover their ass and simply screwed it up.
As for the "OMG eee fans don't care!!11", that probably comes from the note I posted which states that I'm not planning to sue ASUS. In fact, what that means is that I've done the lawsuit thing before and simply don't have the time or energy. If I didn't care, I wouldn't have posted my evidence.
I also don't know where that nonsense about making it hard to install another distro comes from, since I posted the info amidst a discussion of installing Ubuntu 7.10 (which I'm using to write this comment).
And finally, I'm not a "Linux stalwart," I'm a "Mac bigot." It says that on my blog.
All the submitter said was that Microsoft refused Gorbachev's offer. This is probably a little harsh -- all they did was not accept it, technically -- but the correction you link to is about some "settlement" they said Microsoft offered.
Unrelated.
Thank you for encouraging the dickhead attitude that too often drives our stock market.
A company actually did something good without an obvious short termprofit incentive? STRING 'EM UP!
It may be worth noting that you've just described the current Mac OS X menubar layout.
Can't blame you; I think it makes more sense too. In fact, most of the Vista guide seems to have similar aspirations (which is my way of recognizing that, even though it looks like a complete rip, it may not be).
Having interviewed at a number of these companies (Google included), this "riddle" emphasis is dramatically overstated.
So, then, what could the point of this submission be? Perhaps to drive posters to this website?
Bah. Screw 'em.
This column uses an interesting definition of Open Source.
From the article:
Microsoft's Atlas may not be open source -- the license includes terms that would rankle a devotee -- but the code you create with the system is yours to license as you like, and you'll be able to create Atlas apps with few practical restrictions.
Oh. Is that what Open Source means? That I can create apps with it and license them how I like? Well, crap, Visual Studio must be open source too!
Last I checked, neither Atlas nor GWT were open source in any sense of the word, though at least GWT will run on real servers.
I know I'm going to have a hard time convincing the PHP audience of this, but the conventions preventing people from using code in JSP are a good thing. You're going to have a hard time selling me a solution that makes it easier to mix my business logic and presentation, even if it's written in a language I like (like Ruby or Smalltalk).
It's better than JSP? Yay. So is everything else developed in the last ten years (and some systems developed before). The Java community has moved on to alternative presentation technologies -- WebWork, JSF, GWT, and the myriad XSLT frameworks come to mind.
Now, if it's more productive than GWT or JSF...well, then we'll talk. But don't attack the strawman of JSP. That's like saying "Ruby is better than Perl 4!"
I know I'm far from the norm here, but I don't use full disk encryption -- despite being a security-industry paranoid -- because it's simply unavailable to me.
Because I use a Mac. As do at least half of my laptop-wielding coworkers.
Once a stable solution exists, I will be all over it, but at this rate I'll likely have to write it myself.
This article seems to completely miss the point.
Bram points out, rightly, that one must be very careful with legislating network neutrality, to keep from forcing ISPs to deliver all traffic (DDoS, spam, etc.). He acknowledges that with a sufficiently broad definition, the Cachelogic scheme could violate network neutrality.
Of course, so would Akamai, in this case. The article gets the entire topic wrong. What they're discussing is not a QoS tier at the network level, but a single company's caching architecture that makes their clients' data go faster.
And the company isn't even a network provider.
Close, but no cigar.
Call me paranoid, but they mention the fasteners being secured against access by unauthorized parties.
Why do I have a sneaking suspicion this will include the user, and/or third-party techs?
I can hear the coins rolling in now.
Warning: the article's data is 75-80% ads, the server is slow, and it's broken up into tiny little pieces. I couldn't find a printer-friendly link.
Translation: reserve most of the afternoon to read this baby if you must.
This isn't new per se; I used it several years ago (back when they were Compaq) to get to TRU-64, OpenVMS, and iPaq-based build machines for Linux.
Other than that, it's still neat tech.
Well, sure, we can...but trust me, you're probably going to prefer the mouth to the urethra, when it comes to capsaicin treatments.
I know you're not going to like this, playing Silent Hill and all, but you probably need backlighting behind your monitor.
A bright monitor in a dark room already produces significant eyestrain; combined with 3D motion on the screen, it can quickly cause motion sickness. It's a good idea to have the wall behind (or the surfaces around) your monitor softly lit, both to reduce the contrast and to give you points of reference.
For the past, oh, two years or so, there's been this marvelous thing called AJAX. The first A is for Asynchronous.
As for the UI, I don't like the idea of a browser-based IM client in the first place, but for such a monstrosity it seems okay. Not that I'll use it. (Yay, I have to keep a browser window open at all times, and not have context menus or drag and drop or audio alerts! Woohoo! It's like ICQ from ten years ago!)
Oh, snap. Somebody's not running Soft Updates.
(Yes, I understand that Soft Updates is not technically metadata journalling as practiced by the Linux people. No, I don't believe there are a significant number of practical situations where the results will differ.)
Okay, Microsoft, I think I'm with you on this one...you're telling us not to use ActiveX, right?
I'm not particularly anti-Microsoft, though I choose not to use it for myself. However, I had to take issue with this, as I've been hearing this statement more and more lately.
There is such a thing as designing for security. Postfix is an excellent example of this; whatever your feelings on DJB, djbdns and qmail are also good examples. These three packages are rapidly growing in popularity, without showing the same security problems as the tools they replace (namely, sendmail and BIND). This is because (filesystem hierarchy restrictions aside) they are quite simply designed better.
Firefox, and Mozilla in general, was not designed with security in mind in the same way as Postfix. So, yes, it will show some correlation between popularity and exploits. However, even if IE and Firefox achieve equal popularity, I doubt Firefox will show the same consistently poor long-term track record as IE, for three main reasons.
1. IE has at least one designed-in security hole, ActiveX. Signed code is not a security mechanism, it's an authentication mechanism, and a user-driven one at that; sandboxing would be better.
2. Members (past and present) of the IE team have acknowleged that the IE codebase has grown to the point that it's difficult to maintain and patch. This suggests a poor initial design (compare Postfix's heavily compartmentalized code), but also explains some of the security problems of late.
3. IE is not written with Least-Privileges in mind. I can drop Firefox on the desktop without admin rights and use it, confident that an exploit in Firefox cannot nuke my machine (assuming the underlying OS is not also exploited). I cannot be so confident about IE, tied into the OS as it is. Too many IE bugs have allowed SYSTEM-level privilege escalation on NT.
Now, Firefox may well grow into problem #2, but I think #1 and #3 are unlikely.
End rant.
Of course, this setting is only easily visible if you buy QuickTime Pro. Grr.
i de/
I've had good luck with a combination of Mac the Ripper and Handbrake, as detailed here:
http://diveintomark.org/howto/ipod-dvd-ripping-gu
Omit MtR if your video isn't on a DVD.
Perhaps I'm over-simplifying, but uncompressed WAV data (2-channel, 44.1khz, 16-bits-per-channel) is only 1.411 Mbps. For the network itself, a 100 Mbps switched Ethernet should provide plenty of bandwidth and dramatically reduce latency.
The switch will allow you to dedicate 100 Mbps each way per machine by preventing each box from having to see streams in which it is uninterested. It will also allow you to run full-duplex, which will decrease latency if you're ACKing your transmissions (e.g. using TCP).
Really, a 10 Mbps switched network would probably be sufficient, but good luck finding a 10 Mbps switch these days.
I'd be more concerned about the ability of Win98 boxen to stream/process realtime data without hiccups, but I assume you've already got that solved.
What kind of password system lets you try 75 (or even 20) times?
An offline system!
I can think of two cases:
1. You have a hashed version of the password. Hashing every possible typed password and looking for collisions: prohibitive. Hashing 75 possibilities and looking for collisions: trivial.
2. You don't have to get in right away. Try twice a day for a month and a half. More than likely, it won't take you that long.