This is a bug. The fact that you can modify an existing key is a serious oversight.
There was a great deal of arguing and discussion in cryptographic circles when this came out. The gist of it is that when you email something from work, you're employer can get sued for it, so employers want the capability to read that email, they are legally entitled to in the US. So they added "enterprise" or "corporate" support to PGP. In the business world it makes more sense then you think, they can also recover messages if you're harddrive crashes and takes your secret key away. If PGP is to ever take hold in that market, and PGP is about making money anymore, then it needs this so called ADK feature.
DO NOT FEAR. KEEP USING PGP and GPG if you're one of the 2% who do! If they include the ADK within the key signature then the problem goes away and it works as designed. ADK is a good thing because it makes the product usable in markets it would otherwise never make it. My fear is that this will be treated like Clipper was, and for some reason people get paranoid about having encryption where an authoirzed third party can decrypt your transimition so the proper thing to do is keep using no encryption because that is some how better.
As a former one of the original cipherpunks and a crypto freak I'm also beginning to come around on escrow and key certifcation services. I've built a key database starting with my keys and the linux kernel key. I only added signers of keys to until the database was 4000 keys or so. "The web of trust" doesn't work, there are lot's of fraudulent and dead keys in there and they are signed by someone who was trusted enough to sign the kernel key, or someone who was trusted enough to sign the key of one of the signers of the kernel key. I only went out 3 hops from the kernel key when I was making the database. If you play 6 degrees of Kevin Bacon with PGP keys and start with Linus and the kernel key you get to a bunch of trash really quickly. (this was all done with keyserver.net) Example: Gandhi (yes, at nonviolent.org) has signed Dave Del Torto's key who has signed Theo Ts'o's key who is a kernel hacker and has signed the Kernel key. There is nothing that prohibits anyone from signing another key, so essentially you can't trust a key simply because it was signed by somebody. The web is a direct graph and the arrows point the wrong way, you can only trust keys you trust enough to sign and you can't draw any conclusion from someone else's signature being on a key. There is also a tremendous amount of garbage in the web of trust.
The only solution to this is a certified key authority. The problem with that is they are a business (better than a governement agency) and they will want to use ADK to cover their ass. I think the risk can be managed to a reasonable point by having multiple companies with checks and balances. I would use a key authority if, a) it was seemless and all my email was encrypted with said key and b) key authority couldn't decrypt my key but a 3 party might be able to with a court order. I still wouldn't use it for encrypting my confessions of sexual peccadillos or my plans to over throw the government but it would be more than acceptable for email which is largely unencrypted now. (So not just can the govenrnment read it but your neighbors, your employer and foreign governments can all read it too.) As it stands, if I was told by a court to decrypt my email and there wasn't an ADK capability, I would go to jail for contempt until I did, so when it comes down to it, if some one wants to forcably read your email and a court agrees you're going to lose that battle either by decrypting it or by going to jail and testing your will.
Confessions of a former java performance bitch
on
Optimizing Java?
·
· Score: 3
I can speak as a former Java performance bitch, there is a lot of things you can optimize and it's also a job that you don't really want to get stuck with. This was the most miserable job I ever had and I'm honestly embarassed and ashamed of the product we made, I have since left the company and with each month that passes I'm becoming more accepting of the experience and I'm seriously thinking about writing a book (not just on java performance but on dysfunctional teams and the worst side of software engineering) The IBM "Infoprint Manager Java GUI" was truly a great example of how to not do software engineering, I'd really enjoy any comments if any of you have been unfortuante enough to have used it.
my best advice, the most important thing you can do is think small. You don't want to build big applications in java, you want to build small cute little applications that don't do a lot on their own. This is against the trends and norms of application development these days, today everybody wants to build these huge full featured integrated apps. Not a good idea in java. I worked on a 250,000 line java application that was designed to look and act like a normal windows application, only it never will perform like a normal windows application and java doesn't have a lot of things that normal windows apps do so you spend time building them (like wizards and that ilk.) Make java apps with java.
If you do that you will do two things, you keep the problem space small and you will keep it simple. This is critical. Some GUI things in java will just never be as fast as their native counterparts. That doesn't mean they can't perform acceptably and it doesn't mean java doesn't do other things very quickly. Paint()/WM_PAINT is just never going to be as fast in java as it is in C++. If you're building a visual component and blit-speed is the hangup then you have to reduce the number of blits or figure out a way to just deal with it. Your managment need to understand that there are classes of problems that java won't do as quickly and you have to be able to determine if your problem is one of those. Our app was so damn complex that it was difficult to pin point a single area of poor performance, let alone formulate improvments or calculate the benefit from spending the time on it. It was a classical build up failure, you could point optimizeit at it and the data told us that everything is slow, or rather everything is pretty fast but not lightening and so there wasn't a clear place to optimize, the little stuff adds up. Mix in a liberal dose of kingdom building and code protectionism and nobody on the team wanted to rework "their code" because they wanted to see what could be gained first but the analysis showed that everyone needed to do it. Worse, optimizing one piece of code didn't yield an exciting double digit performance increase, it was a tiny 6% increase and selling that to the other team members is a hard sell. "you mean I have to rewrite all my code and it's only going to be 5-6% faster? screw that!" If the app was simple this would have been a problem that is tractable.
Listeners leak. Creating dialogs with buttons and just letting the listeners go will cause memory leaks. Listeners register with AWT and need to be explicitly unregistered. Listeners point back to your buttons which often point to dialogs and even data. This is particularly problematic when you have a view/model type abstraction. We had literally hundreds of dialogs and buttons and essentially no GUI elements were ever garbage collected. This was an extremely non-trivial problem to fix and we didn't do it before I quit the company (IBM.) We had an object hierarchy in place where listeners were completely ignored during the design process. Many dialogs had multiple exit points. There just wasn't a clean way to fix the problem without making thousands of code changes. More alarming, certain members of the team refused to even acknowledge that there was a problem: "java doesn't have pointers...", "java has garbage collection.. it's impossible..." Once one person on the team was convinced and they started to grasp the gravity of it, they asked to get off the project and then they started trying to down play the performance significance because it was too big a problem to fix in our time frame. Here is how it kills you: GUI elements are built in to a tree in java (at least swing elements are.) That tree encompasses your entire visible/instantiated GUI, you do an update and that tree is traversed and each element is told to update itself. It's a very clean and simple model. The problem is when the GUI starts to contain hundreds and thousands of elements those updates start to take more and more time. Click, traverse tree, update update update...., see response. Add garbage collection and get close to filling the memory on the system and you've got a real performance problem, every time an event happens you will end up having to swap to update the tree and GCs will do it too. This is almost a non-problem if you keep it small, you may leak like a maniac but you have to leak megabytes and megabytes for it to really matter. We did so I know this. By the time you notice it, your app is way to big and unwieldly for this to be easy to fix.
Be smart with threads, reflection, and all the other goodies. Some of the language features java gives you are a dream to use, they also extract a price. Creating dialogs (or rather "notebooks") with hundreds of elements via reflection can be a hazard. Creating objects is expensive, do it as seldom as possible, write a pooling system if you have to. Be smart about data flow, with a view/model GUI you're going to be communicating between the view and model a lot, that adds up. Threads are addictive, they can also make the analysis of performance very difficult to understand, there is also an innate cost to creating and destroying them (provided that your don't have so many f-ing leaks that you can actually destroy a thread...) I never found a way to measure the time it takes for the JVM to traverse the class tree hierarchy, I have to assume that doing it repeatedly with a larger tree will cause a noticable difference.
There should be something said about JNI but I'm not sure what. Don't use it unless you benefit from it. Don't expect it to be a silver bullet. I think that with the JVMs of last year and our project, we used JNI so we could use a legacy communication library, JNI caused more problems than good. No easy ways to measure it's performance.
With JFS they opensourced it after enough had been done that it didn't matter. Reiserfs and XFS had been making great progress. Result: JFS mailing list is dead, the only people working on it are IBMers.
AFS? It's been outplaced by Coda and DFS. It's a welcome addition, I love AFS but there isn't any reason to use it instead of Coda. And if I was to support something, I'd jump on to the coda bandwagon before I'd go to AFS.
They are doing stuff though. That is good. IBM still hasn't risked anything though. I feel much more comfortable if they were willing to take some risk and put a non-dead product out.
This is great, it's more real world big guns supporting Linux on the desktop. Try as you may, you won't make me see this as a bad thing. This is incredible news.
I think the StarOffice plans are bold and probably on the order of Mozilla in terms of ambition. I don't know how many developers Sun plans to put on it. Breaking it up in to small components and bonobo enabling it will be awesome if they can make it work in a timely fashion. It is still the most functional and probably one of the easiest to use productivity apps on Linux, if they can make it smaller, quicker and interoperate with other Linux apps then it could be a real killer app.
Second, as a veteran of the OS wars of the early 1990's. I have to say that the GNOME vision sounds remarkably close to what I invisioned IBM delivering with Workplace OS or OS/2 with WPS and OpenDoc. Part of me that I thought was dead has come back to life and is happy by this. I think there is a huge lesson to be learned here since IBM failed and GNOME is steadily moving forward and gaining. I think that if you're going to do full desktop integration with component based applications and consistency you have two choices, you either do it like MS and do everything or you do it in the open and you out the source. I think it's too difficult to engineer a framework and API that is complete enough and keep it all secret unless you write both the framework and the apps intended to run on it.
ESR has said things to the extent that putting out 1.0 is much faster with a closed model but once you've got a product maintaining it and evolving it is far more easy with free software. I believe that, I've had experience with it. If they can avoid the pitfalls Mozilla had in trying to do way too much for the first release then if the theory holds out in a year or two the most sophisticated productivity environment around might not be Office200x but it could be the GNOME/Star Office. There are some big ifs there. I guess only time will tell. Of course since it's all in the open, this time around I feel like I get get in to the fray an join the fight to make my platform win and not wait and patiently rely on an IBM or somebody to do it for me. I don't know about most of you but I'm still young and stupid and fell pretty much invincable; between KDE, the kernel, GNOME, GNU and mozilla I don't think we can be stopped.
Lastly, and perhaps most interesting of all to me is the fact that these big companies have chosen GNOME and not KDE. I don't want to rekindle the war or come across the wrong way but this essentially says that there is something more important than the quality of a GUI kit, being all C++ based, eleged stability (I only say that because I've not compared the stabilty of KDE and GNOME, they are both very stable on my systems) or how far along the project is. KDE is clearly further along, QT is fully documented and easy to use, it's in C++ and not C (and GNOME is having C++ conflict right now with GTK-- and Inti and developers leaving) and arguably KDE is easier to use and more stable but they chose GNOME instead. Say what you will about those companies, they know how to make a product, they know how to make a product succeed and they know a crap load about making money. This could be a new chapter in the CatB. The only thing I see GNOME having over KDE is freedom; freedom that is secured by one of the more anti-corporate licenses around, the GPL. Is there anything else? Because if there isn't then I think that it is significant. With the GPL, GNOME and Linux you'll never lose your investment anything you put in to it will be in the public domain forever. Your competitors can't take your contributions behind their closed doors, change them and then beat you with them. I remember the OSF/Opengroup and this seems like what that was supposed to to 15 years ago but never became because everyone was worried about their investments and their technologies.
Gilat has a 2 way satallite solution, it's pretty nice but only works with windows as of yet.
iSky has something, I'm not sure where it is though.
Microwave can be cheap once you have it set up, I know people in towns that are getting it because the telco won't give them DSL yet. It's point-to-point and line of sight so it has limits. In some rural areas this seems like it should be a great potential business. Collectively buy a T1, hook it to the local school and then do point-to-point microwave.
The planetweb magnification patent is different than what xdvi and gv do. The magnification is in a translucent window so you can see beneith it while magnifying. The window is also offset from the cursor so you can see the original unmagnified view. It is definitely different than xdvi, it's the subtle details that make the patent, not the general nature of it.
In my mind, it is a good patent. It is something that is unique, they advanced the state of the art and they probably did it before someone else did, they deserved the patent they got. The problem is that by the time that patent expires it will be an irrelevent technology, all TVs will support 1080i. I'm all for letting corporations patent themselves into a cold war with other corporations but they need to last a shorter period of time, especially as related to software. Software is expensive enough to develop without paying an army of lawyers to make sure your product doesn't infringe on a UI patent.
I also think that there should be a reasonable response time. If you're a multinational corporation with billions of dollars at your disposal, there is no excuse for letting a competitor deploy a product, upgrade it througha couple of revs and then, years later, start rattling your saber. If you're a private inventor and you don't have the resources you should have a longer period of time but like trademarks there should be a period of time where non-defense of your patent turns it public domain. What Macromedia should do is accuse Adobe of sitting on the patent until macromedia had enough marketshare or money to make the defense worth their while.
My alma mater will do this deed. They take enough funds from the DoD. They build bombs and some other similar type projects at SEI. They have a ton of clout and respect. And, honestly, I think they could probably do a really fair job and I think that the FBI types might think that a place like that is the only type of place where a fair job could get done because of the academic culture at so many other fine institutions.
I've got a plate of rice crispie treats and a pint of Guinness that says they do it. Anyone want to bet?
I'm not sure if both are still worked on. MkLinux was only ever supported under Mac but supposedly you could compile it and run it on x86. I've never done it though.
Taking MkLinux and putting GnuMach under it (I have no idea how involved it is, probably very.) seems like it could be a quick way to get a hurd lite or something similar running. It might be an interesting experiment.
It's an interesting idea. You could have two layers of security and authentication. User and then machine. Encrypting may not be the most useful until the new sendmail was fully deployed but machine authentication could be enough to stop spam. (Of course, it seems the world damn near crapped its pants when Intel serialized pentium IIIs so people may be against it)
Encryption should probably stay at the user level though.
This is a perfect chance to pimp my new service. I'm starting a company called Codester(TM), it's a B2B service. (read: Wallstreet, record first day pop so give me VC! b2b is money, all the way.) If anyone wants to help out, I'm selling stock options so now is your chance to get in on the ground floor. We're going to be big, baby!
Codester(TM) works like this. You take all your opensource and GPLed code and you point my client at it. My client employs a patent pending compression technique known as "removal of copyright." Basically, it strips out all that copyright mumbo jumbo about redistribution, ownership, GPL, etc. to make the acutal source code more streamlined and easier to transmit over the internet since it is smaller. It's compression. The Codester(TM) client then tells my database about all of your code and it is added to a list that all the other Codester(TM) users can see. You can use Codester(TM) to log on to my database, search for pieces of code you need and then download them, share your code with your friends. It really allows the code opensource coders write to be used by people who are looking for code.
As an added benefit, this is the B2B part, all the retransmitted work is unemcombered by copyright (cause we compressed if off of there, remember?) so it's essentially public domain. It's really just "fair use." So if you're a business and you want to build something with opensource code you can use the code but you don't have to release your source because we took care of that copyright stuff for you. Of course, we don't endorse that kind of behavior, it might piss off some of the opensource authors and we're really about sharing code and not pissing people off. And if they do get pissed off, by the time we IPO we'll have enough lawyers to scare those hippies off. Our theory is that with all the businesses putting out proprietary applications with opensourced code it will show the world how good the opensourced code really is and more people will use it, we're about building community and we're trying to put an end to the greedy philosophy that users need to have your business' code. (hey, it's really about greed isn't it? All these long hairs trying to force their will on you by using some cryptic copyright to trick you in to giving your crown jewels away..) We're taking the greed out of community and helping out the new up and comer open source authors by making them famous!
So email me, use Codester(TM), and buy our stock. Ray Noorda, or any other insane rich guys who want to supply some VC, if you're reading this, call me okay? 888-555-1212. Remember, b2b, ipo, opensource, linux, all the magic words for mega IPO bucks..
I'm shocked at how many geeks are complete couch potatoes. Take care of the body and you're taking care of the mind.
Meditation/Prayer/spiritual something is also good. I know it's a taboo topic in some geek circles but human are complex creatures with emotional, spiritual, mental, and physical attributes and you need to tend to all of them. Complete void of anything spiritual seems to be another popular geek trait.
Didn't americans learn anything from the OJ Simpson case? If you have enough money, you can buy any court decision you want. Right and Wrong haven't applied in decades. The MPAA has tons of money to spend to defend their monopoly, and the lack of morals and scruples to do so. This case will be lost because the judge is well in the pockets of MPAA. The only hope is to bring this obvious fact out in the appeals court, and get the ruling overturned.
I'm sick of hearing this "argument." Money didn't buy justice in the OJ trial. The LA DA spent millions upon millions of dollars trying to convict somebody, and then they made the bonehead move of putting a cop on the stand who had a record of being questionable and he happened to get caught in a lie. It was gross incompetence that got OJ off and nothing more. If you want to start a serious discussion about money and the courts then the real question to ask about OJ is how much more money did they spend trying to convict him than most people and why was that? For me personally, it would have been much more acceptable to let the bastard skate had LA county not spent $19million trying to convict him.
Don't believe me, then how come the tobacco companies got busted for $150billion?! They are the one group that has unlimited money and they lost their case.
Big money and big companies don't always win. They will in this case in part because 2600 tried to disobey the court when they were asked to take the DeCSS code down. They removed the code and then published a list of mirrors in an attempt to circumvent the court order. They lost a lot of credibility with the court by doing that. Goldstein is somewhat lucky to have not done jail time for contempt.
seriously, if he knows what is good for him he'll hire that woman from Matrix. You know the one, Trinity was her name... She is a bomb shell. It would totally throw a new twist in to X-Files. The beauty of the show so far has been the sexual tension, the pretty people (who hasn't had fantasy's about Scully? Only those who've had them about Mulder...) and then the geeky stuff. Everybody is expecting some new man to fill the roll. A woman would be different.
My personal vote is for the Trinity woman. Jeanine Turner (you know, O'connel from Northern Exposure) is out of work too, she could probably do a good job.
The sex appeal would go through the roof. She can't be Mulder she'll have to be her own chracter and have her own thing going but she could be more willing to believe than Scully and have some sort of groovy geek thing going. Maybe she's a computer hacker type.
We could go through the databases and make sure all the.coms are really money making company or business type ventures. The.orgs are all actually non-profit and independant type groups. The.nets are all infrastructure providers. etc.. That alone should free up some.coms and.orgs. Then prohibit the use of a domain from.com on any other TLD if it is a registered trademark. Once microsoft buys microsoft.com there is no reason for microsoft.org or microsoft.net to be around, that should save the powers that be from fretting over extra TLDs. That is the crappy part, smith.com is taken but it'd sure be nice if John Q. Smith could take smith.org, but that's life. If they cleared it all up a little then you could add TLDs in a rational manner. There should be a.gnu, a.adult, there could be.family,.personal,.private for individuals and families. I'd even say that if you have a valid.com then you should be allowed to have a.store,.biz,.llc,.shoppe or some set of extra qualifications.
Of course this is going to screw the lookup engines on the root servers which are optimized around having a small set of 3 letter TLDs.. It's fixable though.
As a first step, I'd go for a.gnu. Free software makes the net run and is worthy of a.net of it's own. Since GNU is kind of a brand of free software maybe a.fs (free software) would be better.
Do you think Debian has taken ideology too far lately? Has Debian tried to bite off too much lately?
Back in the day... Debian seemed to have two major goals: it was going to be free and non-corporate like and it was going to include every possible package you could think of. The second goal caused some distribution problems but it was nothing that apt and a "non-free" directory couldn't solve... It may not have been perfect but Debian was a major player, a realistic option to Redhat or Caldera and when it mattered Debian could wave the flag of freedom and say it was down for the cause.
I know I'll sound like a hypocrite to anyone who has read my posts before but now it looks like ideology has gone too far. Pulling KDE out really seems like a ploy to rekindle the GNOME vs. KDE war, leave it in non-free and keep non-free there, let the users know but give them the option. (I'm a GNOMEie in part because of the freedom issue, but I respect what Corel, Troll and the KDE team has done and while it will probably never be "GPL complete" (I just made that up, feel free to use "GPL complete" as you need to...) in terms of freedom it will get very very close, probably near the "Stallman Limit")
I also think the delays that have kept a Debian release from coming out for what, over a year now, are just an extreme form of idealism. There simply isn't any way you can get all the bugs out of that much software, can't be done. Debian, still, has one of the more sophisticated automatic package distribution systems, it has more than a few people who can write code if needed, it seems like it would be more than good enough to add a new apt option, "get-emergency" that you could put in a cron job and it would download emergency stability fixes or something. I really think the boat is being missed, part of the idea is to release early, release often, and do you best to put out bug-free releases but be better at fixing the bugs when they surface. That's how the kernel runs and t work's pretty well. Of course, if they really want to take the stability thing far then why not cut out the non-free and 98% of the other packages and ship only a kernel once a perfectly stable one is written?
I also think that using BSD and Hurd kernels is a noble goal and I'm glad Debian is trying to do it but is it too much to be the ideology king and then to build this kernel independence while putting out only rock solid and beyond releases? Staying up-to-date while doing all of that has to be impossible. OpenBSD kind of get's away with being woefully behind the times because there is the value add of being secure or the illusion of it, OpenBSD's mission statement also has a much smaller focus, it's security at all costs, not freedom, lot's of packages, rock solid, and kernel independence.
It seems like a good hedge to me, should Earth have a run in with a big meteorite or something and wipe out life, or worse, what happens if a fleet of Volgons destroys the planet because it's in the way of a bypass? Earth life could continue on. I can understand the scientific side of it, it would really suck to find life on another plant and then learn that it was just life we propagated there. It seems inevitable to me though, we will have an accident and it's our nature to spread that sort of stuff around.
The idea that keeps bothering me is how exactly we're going to terraform Mars when the time comes. We could start trying to produce a strain of plants that can live in that environment. If we found ice caps though, I was thinking that maybe using a nuke or two on them to melt the ice in to water and get some of the green house gases going to make the place a little bit more hospitable.
We made up all sorts of fun variations on the game. Kamikazee mode where the first one through each door won, no matter what it took to get through first. Defender mode where you won by saving your brother from getting shots, a la the secret service where you take the bullets. I think we had a couple others that were fun too.
So to end copyright, which isn't the problem, you are going to just ignore it?
Napster does one thing, it makes theft easy, anonymous, and simple enough that you don't even think about it. I really don't see the fire fight here, what I see is a piece of software that makes it painless and risk-free to steal. How exactly do you see this as fighting fire with fire? What is the result you expect?
Logo is damn sweet. I was the turtle mutha f---in' masta when I was 4 and 5.
After that you have to find what it is the kids are in to and then give them the right tools. Pascal, Java, Modula-3, Python, and Smalltalk are all great. Simple, elegant languages that are easy to learn.
I would hold back on C and C++ until they are a little bit older, I think I was about 10 when I started to play with C and it was really tough until I was maybe 13 or 14 and started to really grasp the concepts..
I think those robot lego toys are pretty cool, I've never used one but I bet it would captivate the hell out of me when I was 6-12. Hell it might still and I'm, 24.
That's not entirely true. There is the FOI act (Freedom of Information) that forces the government to reveal your "file" to you should you request it. It forces them to give up other information also. "National Security" is sort of a blanket to get around it (they can censor your "file" if publishing it could compromise "National Security") but it has been beat time and time again in court.
Credit agencies are also obliged to give you access to your credit history. Your medical records, legal history, and most other "important information" are all to be made known to you if you request it. The hard part is knowing where to request it. Collecting information isn't illegal and once that information is decided to be important enough laws are passed that usualy force the companies involved to share it with the people they are collecting it on.
I'm not going to bash Corel by pointing out their stellar mgmt. It's been done. I will say that they could do a lot more if they had some vision and took WP to the next level, they are enjoying the code base and its legacy and not driving it ahead. That will catch up with them, WP ran the world 10-15 years ago but it needs something new if they want to keep kicking it. If nothing else, make it a little more pleasing to the eyes, it is a WYSIWYG type product but the whole thing feels and looks like it did 10 years ago. (yeah, I like gloss. We know WP works, gloss is what it lacks, I have a hard time paying money for an ugly looking program when looking at it is a large portion of its use. Besides gloss, WP is basically the same app it was 10 years ago though)
What I am going to bash them on is their approach to the community. I really don't see any place for Corel Linux. They did some of the right things with it, I appreciate their support of Debian, but Corel isn't an OS vendor and I'm not sure how it fits in to their business model. It seems like a lot of redundant effort for them to build a dist, market it, and support it unless they are going to provide some value-add and that's the part I don't like. For Corel, or Caldera too for that matter, value-add is something that doesn't give me a warm fuzzy feeling, it feels like something that is non-standard and it feels like the beginnings of an MS style embrace-extend attack. With Corel, I partially think building their own dist was a way for them to show their committment and create a revenue stream but it just doesn't fit in with the community and it looks a lot more like them getting one of the "need pieces." I see their acquisition of Inprise the same way, it was just another way for them to get the pieces they need to be another MS. MS beats them because they control the platform, so Corel makes their own platform. MS beats them because they control the tools so Corel buys a tool vendor (inprise.) Totally ignoring the fact that MS is thousands of times bigger and has the infrastructure to run that kind of business, and even MS puts out buggy code and misses deadlines and can't really run the business well.
Corel is putting out good linux apps, mainstream apps, apps that get attention and make Linux a more viable platform to more people. They are making an investment in Linux and they should be applauded for that. But if they really want to support the community and do the "Right Thing" I think they should focus on building better apps, start innovating again (?have they ever?) and sure that up. I see no reason at this point for them to acquire inprise other than to "control" more linux software. They need to give up that notion of control.
I also think this will be good for Borland. Borland is making a natural transition to Linux. They are slowly understanding it, supporting it and growing to embrace it. That is the correct course for them, I suspect that a Corel merger could result in a Linux mandate. Borland's support will be much better and stronger as they gradually grow to see that they need Linuxand that they have no choice other than to support it. That is far better than ordering them to do Linux. I'm all about compilers too, I'd love to see IBM's, SGI's, and Borland's compilers all running on Linux, I love gcc but I love having alternatives, I just think the results will be better if Borland grows into Linux rather than jumps in head first. (I own a copy of their OS/2 BC++, I know what the results are when they do that.)
Slashdot Mirror
There was a great deal of arguing and discussion in cryptographic circles when this came out. The gist of it is that when you email something from work, you're employer can get sued for it, so employers want the capability to read that email, they are legally entitled to in the US. So they added "enterprise" or "corporate" support to PGP. In the business world it makes more sense then you think, they can also recover messages if you're harddrive crashes and takes your secret key away. If PGP is to ever take hold in that market, and PGP is about making money anymore, then it needs this so called ADK feature.
DO NOT FEAR. KEEP USING PGP and GPG if you're one of the 2% who do! If they include the ADK within the key signature then the problem goes away and it works as designed. ADK is a good thing because it makes the product usable in markets it would otherwise never make it. My fear is that this will be treated like Clipper was, and for some reason people get paranoid about having encryption where an authoirzed third party can decrypt your transimition so the proper thing to do is keep using no encryption because that is some how better.
As a former one of the original cipherpunks and a crypto freak I'm also beginning to come around on escrow and key certifcation services. I've built a key database starting with my keys and the linux kernel key. I only added signers of keys to until the database was 4000 keys or so. "The web of trust" doesn't work, there are lot's of fraudulent and dead keys in there and they are signed by someone who was trusted enough to sign the kernel key, or someone who was trusted enough to sign the key of one of the signers of the kernel key. I only went out 3 hops from the kernel key when I was making the database. If you play 6 degrees of Kevin Bacon with PGP keys and start with Linus and the kernel key you get to a bunch of trash really quickly. (this was all done with keyserver.net) Example: Gandhi (yes, at nonviolent.org) has signed Dave Del Torto's key who has signed Theo Ts'o's key who is a kernel hacker and has signed the Kernel key. There is nothing that prohibits anyone from signing another key, so essentially you can't trust a key simply because it was signed by somebody. The web is a direct graph and the arrows point the wrong way, you can only trust keys you trust enough to sign and you can't draw any conclusion from someone else's signature being on a key. There is also a tremendous amount of garbage in the web of trust.
The only solution to this is a certified key authority. The problem with that is they are a business (better than a governement agency) and they will want to use ADK to cover their ass. I think the risk can be managed to a reasonable point by having multiple companies with checks and balances. I would use a key authority if, a) it was seemless and all my email was encrypted with said key and b) key authority couldn't decrypt my key but a 3 party might be able to with a court order. I still wouldn't use it for encrypting my confessions of sexual peccadillos or my plans to over throw the government but it would be more than acceptable for email which is largely unencrypted now. (So not just can the govenrnment read it but your neighbors, your employer and foreign governments can all read it too.) As it stands, if I was told by a court to decrypt my email and there wasn't an ADK capability, I would go to jail for contempt until I did, so when it comes down to it, if some one wants to forcably read your email and a court agrees you're going to lose that battle either by decrypting it or by going to jail and testing your will.
my best advice, the most important thing you can do is think small. You don't want to build big applications in java, you want to build small cute little applications that don't do a lot on their own. This is against the trends and norms of application development these days, today everybody wants to build these huge full featured integrated apps. Not a good idea in java. I worked on a 250,000 line java application that was designed to look and act like a normal windows application, only it never will perform like a normal windows application and java doesn't have a lot of things that normal windows apps do so you spend time building them (like wizards and that ilk.) Make java apps with java.
If you do that you will do two things, you keep the problem space small and you will keep it simple. This is critical. Some GUI things in java will just never be as fast as their native counterparts. That doesn't mean they can't perform acceptably and it doesn't mean java doesn't do other things very quickly. Paint()/WM_PAINT is just never going to be as fast in java as it is in C++. If you're building a visual component and blit-speed is the hangup then you have to reduce the number of blits or figure out a way to just deal with it. Your managment need to understand that there are classes of problems that java won't do as quickly and you have to be able to determine if your problem is one of those. Our app was so damn complex that it was difficult to pin point a single area of poor performance, let alone formulate improvments or calculate the benefit from spending the time on it. It was a classical build up failure, you could point optimizeit at it and the data told us that everything is slow, or rather everything is pretty fast but not lightening and so there wasn't a clear place to optimize, the little stuff adds up. Mix in a liberal dose of kingdom building and code protectionism and nobody on the team wanted to rework "their code" because they wanted to see what could be gained first but the analysis showed that everyone needed to do it. Worse, optimizing one piece of code didn't yield an exciting double digit performance increase, it was a tiny 6% increase and selling that to the other team members is a hard sell. "you mean I have to rewrite all my code and it's only going to be 5-6% faster? screw that!" If the app was simple this would have been a problem that is tractable.
Listeners leak. Creating dialogs with buttons and just letting the listeners go will cause memory leaks. Listeners register with AWT and need to be explicitly unregistered. Listeners point back to your buttons which often point to dialogs and even data. This is particularly problematic when you have a view/model type abstraction. We had literally hundreds of dialogs and buttons and essentially no GUI elements were ever garbage collected. This was an extremely non-trivial problem to fix and we didn't do it before I quit the company (IBM.) We had an object hierarchy in place where listeners were completely ignored during the design process. Many dialogs had multiple exit points. There just wasn't a clean way to fix the problem without making thousands of code changes. More alarming, certain members of the team refused to even acknowledge that there was a problem: "java doesn't have pointers...", "java has garbage collection.. it's impossible..." Once one person on the team was convinced and they started to grasp the gravity of it, they asked to get off the project and then they started trying to down play the performance significance because it was too big a problem to fix in our time frame. Here is how it kills you: GUI elements are built in to a tree in java (at least swing elements are.) That tree encompasses your entire visible/instantiated GUI, you do an update and that tree is traversed and each element is told to update itself. It's a very clean and simple model. The problem is when the GUI starts to contain hundreds and thousands of elements those updates start to take more and more time. Click, traverse tree, update update update...., see response. Add garbage collection and get close to filling the memory on the system and you've got a real performance problem, every time an event happens you will end up having to swap to update the tree and GCs will do it too. This is almost a non-problem if you keep it small, you may leak like a maniac but you have to leak megabytes and megabytes for it to really matter. We did so I know this. By the time you notice it, your app is way to big and unwieldly for this to be easy to fix.
Be smart with threads, reflection, and all the other goodies. Some of the language features java gives you are a dream to use, they also extract a price. Creating dialogs (or rather "notebooks") with hundreds of elements via reflection can be a hazard. Creating objects is expensive, do it as seldom as possible, write a pooling system if you have to. Be smart about data flow, with a view/model GUI you're going to be communicating between the view and model a lot, that adds up. Threads are addictive, they can also make the analysis of performance very difficult to understand, there is also an innate cost to creating and destroying them (provided that your don't have so many f-ing leaks that you can actually destroy a thread...) I never found a way to measure the time it takes for the JVM to traverse the class tree hierarchy, I have to assume that doing it repeatedly with a larger tree will cause a noticable difference.
There should be something said about JNI but I'm not sure what. Don't use it unless you benefit from it. Don't expect it to be a silver bullet. I think that with the JVMs of last year and our project, we used JNI so we could use a legacy communication library, JNI caused more problems than good. No easy ways to measure it's performance.
With JFS they opensourced it after enough had been done that it didn't matter. Reiserfs and XFS had been making great progress. Result: JFS mailing list is dead, the only people working on it are IBMers. AFS? It's been outplaced by Coda and DFS. It's a welcome addition, I love AFS but there isn't any reason to use it instead of Coda. And if I was to support something, I'd jump on to the coda bandwagon before I'd go to AFS. They are doing stuff though. That is good. IBM still hasn't risked anything though. I feel much more comfortable if they were willing to take some risk and put a non-dead product out.
I think the StarOffice plans are bold and probably on the order of Mozilla in terms of ambition. I don't know how many developers Sun plans to put on it. Breaking it up in to small components and bonobo enabling it will be awesome if they can make it work in a timely fashion. It is still the most functional and probably one of the easiest to use productivity apps on Linux, if they can make it smaller, quicker and interoperate with other Linux apps then it could be a real killer app.
Second, as a veteran of the OS wars of the early 1990's. I have to say that the GNOME vision sounds remarkably close to what I invisioned IBM delivering with Workplace OS or OS/2 with WPS and OpenDoc. Part of me that I thought was dead has come back to life and is happy by this. I think there is a huge lesson to be learned here since IBM failed and GNOME is steadily moving forward and gaining. I think that if you're going to do full desktop integration with component based applications and consistency you have two choices, you either do it like MS and do everything or you do it in the open and you out the source. I think it's too difficult to engineer a framework and API that is complete enough and keep it all secret unless you write both the framework and the apps intended to run on it.
ESR has said things to the extent that putting out 1.0 is much faster with a closed model but once you've got a product maintaining it and evolving it is far more easy with free software. I believe that, I've had experience with it. If they can avoid the pitfalls Mozilla had in trying to do way too much for the first release then if the theory holds out in a year or two the most sophisticated productivity environment around might not be Office200x but it could be the GNOME/Star Office. There are some big ifs there. I guess only time will tell. Of course since it's all in the open, this time around I feel like I get get in to the fray an join the fight to make my platform win and not wait and patiently rely on an IBM or somebody to do it for me. I don't know about most of you but I'm still young and stupid and fell pretty much invincable; between KDE, the kernel, GNOME, GNU and mozilla I don't think we can be stopped.
Lastly, and perhaps most interesting of all to me is the fact that these big companies have chosen GNOME and not KDE. I don't want to rekindle the war or come across the wrong way but this essentially says that there is something more important than the quality of a GUI kit, being all C++ based, eleged stability (I only say that because I've not compared the stabilty of KDE and GNOME, they are both very stable on my systems) or how far along the project is. KDE is clearly further along, QT is fully documented and easy to use, it's in C++ and not C (and GNOME is having C++ conflict right now with GTK-- and Inti and developers leaving) and arguably KDE is easier to use and more stable but they chose GNOME instead. Say what you will about those companies, they know how to make a product, they know how to make a product succeed and they know a crap load about making money. This could be a new chapter in the CatB. The only thing I see GNOME having over KDE is freedom; freedom that is secured by one of the more anti-corporate licenses around, the GPL. Is there anything else? Because if there isn't then I think that it is significant. With the GPL, GNOME and Linux you'll never lose your investment anything you put in to it will be in the public domain forever. Your competitors can't take your contributions behind their closed doors, change them and then beat you with them. I remember the OSF/Opengroup and this seems like what that was supposed to to 15 years ago but never became because everyone was worried about their investments and their technologies.
iSky has something, I'm not sure where it is though.
Microwave can be cheap once you have it set up, I know people in towns that are getting it because the telco won't give them DSL yet. It's point-to-point and line of sight so it has limits. In some rural areas this seems like it should be a great potential business. Collectively buy a T1, hook it to the local school and then do point-to-point microwave.
In my mind, it is a good patent. It is something that is unique, they advanced the state of the art and they probably did it before someone else did, they deserved the patent they got. The problem is that by the time that patent expires it will be an irrelevent technology, all TVs will support 1080i. I'm all for letting corporations patent themselves into a cold war with other corporations but they need to last a shorter period of time, especially as related to software. Software is expensive enough to develop without paying an army of lawyers to make sure your product doesn't infringe on a UI patent.
I also think that there should be a reasonable response time. If you're a multinational corporation with billions of dollars at your disposal, there is no excuse for letting a competitor deploy a product, upgrade it througha couple of revs and then, years later, start rattling your saber. If you're a private inventor and you don't have the resources you should have a longer period of time but like trademarks there should be a period of time where non-defense of your patent turns it public domain. What Macromedia should do is accuse Adobe of sitting on the patent until macromedia had enough marketshare or money to make the defense worth their while.
I've got a plate of rice crispie treats and a pint of Guinness that says they do it. Anyone want to bet?
I'm not sure if both are still worked on. MkLinux was only ever supported under Mac but supposedly you could compile it and run it on x86. I've never done it though.
Taking MkLinux and putting GnuMach under it (I have no idea how involved it is, probably very.) seems like it could be a quick way to get a hurd lite or something similar running. It might be an interesting experiment.
The opensource L4 is called fiasco. I don't have the link handy but you can find it on google and I think it's on freshmeat too.
Encryption should probably stay at the user level though.
I quite alarmed at how millions of napsterites are willing to disregard copyright when it is the only thing that gives the GPL strength.
Codester(TM) works like this. You take all your opensource and GPLed code and you point my client at it. My client employs a patent pending compression technique known as "removal of copyright." Basically, it strips out all that copyright mumbo jumbo about redistribution, ownership, GPL, etc. to make the acutal source code more streamlined and easier to transmit over the internet since it is smaller. It's compression. The Codester(TM) client then tells my database about all of your code and it is added to a list that all the other Codester(TM) users can see. You can use Codester(TM) to log on to my database, search for pieces of code you need and then download them, share your code with your friends. It really allows the code opensource coders write to be used by people who are looking for code.
As an added benefit, this is the B2B part, all the retransmitted work is unemcombered by copyright (cause we compressed if off of there, remember?) so it's essentially public domain. It's really just "fair use." So if you're a business and you want to build something with opensource code you can use the code but you don't have to release your source because we took care of that copyright stuff for you. Of course, we don't endorse that kind of behavior, it might piss off some of the opensource authors and we're really about sharing code and not pissing people off. And if they do get pissed off, by the time we IPO we'll have enough lawyers to scare those hippies off. Our theory is that with all the businesses putting out proprietary applications with opensourced code it will show the world how good the opensourced code really is and more people will use it, we're about building community and we're trying to put an end to the greedy philosophy that users need to have your business' code. (hey, it's really about greed isn't it? All these long hairs trying to force their will on you by using some cryptic copyright to trick you in to giving your crown jewels away..) We're taking the greed out of community and helping out the new up and comer open source authors by making them famous!
So email me, use Codester(TM), and buy our stock. Ray Noorda, or any other insane rich guys who want to supply some VC, if you're reading this, call me okay? 888-555-1212. Remember, b2b, ipo, opensource, linux, all the magic words for mega IPO bucks..
I'm shocked at how many geeks are complete couch potatoes. Take care of the body and you're taking care of the mind.
Meditation/Prayer/spiritual something is also good. I know it's a taboo topic in some geek circles but human are complex creatures with emotional, spiritual, mental, and physical attributes and you need to tend to all of them. Complete void of anything spiritual seems to be another popular geek trait.
I'm sick of hearing this "argument." Money didn't buy justice in the OJ trial. The LA DA spent millions upon millions of dollars trying to convict somebody, and then they made the bonehead move of putting a cop on the stand who had a record of being questionable and he happened to get caught in a lie. It was gross incompetence that got OJ off and nothing more. If you want to start a serious discussion about money and the courts then the real question to ask about OJ is how much more money did they spend trying to convict him than most people and why was that? For me personally, it would have been much more acceptable to let the bastard skate had LA county not spent $19million trying to convict him.
Don't believe me, then how come the tobacco companies got busted for $150billion?! They are the one group that has unlimited money and they lost their case.
Big money and big companies don't always win. They will in this case in part because 2600 tried to disobey the court when they were asked to take the DeCSS code down. They removed the code and then published a list of mirrors in an attempt to circumvent the court order. They lost a lot of credibility with the court by doing that. Goldstein is somewhat lucky to have not done jail time for contempt.
My personal vote is for the Trinity woman. Jeanine Turner (you know, O'connel from Northern Exposure) is out of work too, she could probably do a good job.
The sex appeal would go through the roof. She can't be Mulder she'll have to be her own chracter and have her own thing going but she could be more willing to believe than Scully and have some sort of groovy geek thing going. Maybe she's a computer hacker type.
Of course this is going to screw the lookup engines on the root servers which are optimized around having a small set of 3 letter TLDs.. It's fixable though.
As a first step, I'd go for a .gnu. Free software makes the net run and is worthy of a .net of it's own. Since GNU is kind of a brand of free software maybe a .fs (free software) would be better.
Back in the day... Debian seemed to have two major goals: it was going to be free and non-corporate like and it was going to include every possible package you could think of. The second goal caused some distribution problems but it was nothing that apt and a "non-free" directory couldn't solve... It may not have been perfect but Debian was a major player, a realistic option to Redhat or Caldera and when it mattered Debian could wave the flag of freedom and say it was down for the cause.
I know I'll sound like a hypocrite to anyone who has read my posts before but now it looks like ideology has gone too far. Pulling KDE out really seems like a ploy to rekindle the GNOME vs. KDE war, leave it in non-free and keep non-free there, let the users know but give them the option. (I'm a GNOMEie in part because of the freedom issue, but I respect what Corel, Troll and the KDE team has done and while it will probably never be "GPL complete" (I just made that up, feel free to use "GPL complete" as you need to...) in terms of freedom it will get very very close, probably near the "Stallman Limit")
I also think the delays that have kept a Debian release from coming out for what, over a year now, are just an extreme form of idealism. There simply isn't any way you can get all the bugs out of that much software, can't be done. Debian, still, has one of the more sophisticated automatic package distribution systems, it has more than a few people who can write code if needed, it seems like it would be more than good enough to add a new apt option, "get-emergency" that you could put in a cron job and it would download emergency stability fixes or something. I really think the boat is being missed, part of the idea is to release early, release often, and do you best to put out bug-free releases but be better at fixing the bugs when they surface. That's how the kernel runs and t work's pretty well. Of course, if they really want to take the stability thing far then why not cut out the non-free and 98% of the other packages and ship only a kernel once a perfectly stable one is written?
I also think that using BSD and Hurd kernels is a noble goal and I'm glad Debian is trying to do it but is it too much to be the ideology king and then to build this kernel independence while putting out only rock solid and beyond releases? Staying up-to-date while doing all of that has to be impossible. OpenBSD kind of get's away with being woefully behind the times because there is the value add of being secure or the illusion of it, OpenBSD's mission statement also has a much smaller focus, it's security at all costs, not freedom, lot's of packages, rock solid, and kernel independence.
The idea that keeps bothering me is how exactly we're going to terraform Mars when the time comes. We could start trying to produce a strain of plants that can live in that environment. If we found ice caps though, I was thinking that maybe using a nuke or two on them to melt the ice in to water and get some of the green house gases going to make the place a little bit more hospitable.
We made up all sorts of fun variations on the game. Kamikazee mode where the first one through each door won, no matter what it took to get through first. Defender mode where you won by saving your brother from getting shots, a la the secret service where you take the bullets. I think we had a couple others that were fun too.
Napster does one thing, it makes theft easy, anonymous, and simple enough that you don't even think about it. I really don't see the fire fight here, what I see is a piece of software that makes it painless and risk-free to steal. How exactly do you see this as fighting fire with fire? What is the result you expect?
After that you have to find what it is the kids are in to and then give them the right tools. Pascal, Java, Modula-3, Python, and Smalltalk are all great. Simple, elegant languages that are easy to learn.
I would hold back on C and C++ until they are a little bit older, I think I was about 10 when I started to play with C and it was really tough until I was maybe 13 or 14 and started to really grasp the concepts..
I think those robot lego toys are pretty cool, I've never used one but I bet it would captivate the hell out of me when I was 6-12. Hell it might still and I'm, 24.
Yeah, I want to see an interview with the Hard Rhymer.
JFS, XFS, and ReiserFS all rely on a layer called pagebuf that hasn't been fully agreed to or implemented yet.
Credit agencies are also obliged to give you access to your credit history. Your medical records, legal history, and most other "important information" are all to be made known to you if you request it. The hard part is knowing where to request it. Collecting information isn't illegal and once that information is decided to be important enough laws are passed that usualy force the companies involved to share it with the people they are collecting it on.
What I am going to bash them on is their approach to the community. I really don't see any place for Corel Linux. They did some of the right things with it, I appreciate their support of Debian, but Corel isn't an OS vendor and I'm not sure how it fits in to their business model. It seems like a lot of redundant effort for them to build a dist, market it, and support it unless they are going to provide some value-add and that's the part I don't like. For Corel, or Caldera too for that matter, value-add is something that doesn't give me a warm fuzzy feeling, it feels like something that is non-standard and it feels like the beginnings of an MS style embrace-extend attack. With Corel, I partially think building their own dist was a way for them to show their committment and create a revenue stream but it just doesn't fit in with the community and it looks a lot more like them getting one of the "need pieces." I see their acquisition of Inprise the same way, it was just another way for them to get the pieces they need to be another MS. MS beats them because they control the platform, so Corel makes their own platform. MS beats them because they control the tools so Corel buys a tool vendor (inprise.) Totally ignoring the fact that MS is thousands of times bigger and has the infrastructure to run that kind of business, and even MS puts out buggy code and misses deadlines and can't really run the business well.
Corel is putting out good linux apps, mainstream apps, apps that get attention and make Linux a more viable platform to more people. They are making an investment in Linux and they should be applauded for that. But if they really want to support the community and do the "Right Thing" I think they should focus on building better apps, start innovating again (?have they ever?) and sure that up. I see no reason at this point for them to acquire inprise other than to "control" more linux software. They need to give up that notion of control.
I also think this will be good for Borland. Borland is making a natural transition to Linux. They are slowly understanding it, supporting it and growing to embrace it. That is the correct course for them, I suspect that a Corel merger could result in a Linux mandate. Borland's support will be much better and stronger as they gradually grow to see that they need Linuxand that they have no choice other than to support it. That is far better than ordering them to do Linux. I'm all about compilers too, I'd love to see IBM's, SGI's, and Borland's compilers all running on Linux, I love gcc but I love having alternatives, I just think the results will be better if Borland grows into Linux rather than jumps in head first. (I own a copy of their OS/2 BC++, I know what the results are when they do that.)