Actually, no it isn't. Hydrogen may have been the fuel that sustained the burning once it was started, but it was started by an electrical discharge across a rusty steel framework with an aluminium powder-coating; the aluminium (more reactive element than iron) became heated and stole the oxygen from the rust, releasing (a lot of) energy.
The hindenberg would have burned if it had been stuffed full of paper.
What makes a language an "Open Standard". Some would say that accreditation by a major standards organization (eg ISO), but I have to say that the way ISO C++ progressed made a mockery of this... before ISO standardization began, C++ was a very open language based on a single reference implementation (ie Stroustrops [sp?]). The committee for standardization took this language and introduce several bizarre variants, changed the meanings of parts of the language [in for (int i = 0;... ) { } what is the scope of i?], etc.
I would say that the definition of openness is:
- a single, well documented reference implementation
- a concisely written specification of how it should behave in all situations (even if some of these are unspecified)
- no core part of the specification depends upon some intellectual property that would have to be licensed in a new implementation
The only possible conflict I would say that stands in the way of Java being an open standard is Sun's restrictions on the use of the Java trademark. I don't care what some poncy standard accreditation body says. Java is as 'open' as needs be. If it wasn't, there wouldn't be the possibility of alternative implementations (eg Kaffe, GCJ, etc.).
I haven't looked in detail at C# yet, but I do suspect it reallys on some of MS's proprietary APIs and a lot of these do depend upon MSs intellectual property (I understand that the DCOM interface, certain to be core to the whole thing, has patent issues, for example).
Well, if there can only be one license, it would have to be BSD (or something similar), because it allows more freedom with the way you can use the code than the GPL does.
Sorry everyone - your favourite license just became redundant;-)
I for one, as the author of the DSPL, the license that is going back for further discussion, would love to hear what slashdot people think about it. I can't comment on the others, but it is rather a departure from the traditional open source license...
Well, firstly I have to say the idea of self improving code using a standard applications programming language is well off in the future: current methods tend to function around arrangement of structures to pass signals between them (sort of like automatically designing a signal processing chip) and these structures are usually hand coded.
Secondly, what weird ideas have you got about java programs getting involved in memory management? As far as I can tell C# and Java are pretty much identical in this (and most other) respects. They both take care of everything for you.
As far as I see it, the major use of a scramjet is as a propulsion method for orbital launch vehicles, eg as a cheaper and lighter replacement for the Space Shuttles solid fuel boosters (or rather as an addition to reduce the amount of fuel that they must carry - I understand that a scramjet, like a ramjet, needs to be travelling pretty quickly before you can start to use it...)
Mind you, ballistic launching still seams the best option to me. Some kind of hybrid rail gun/chemical propulsion system with a long launch tube...
The 'Page Properties' sheet in IE (at least for version 5, and I suspect for all others) actually tells you when the page you're looking at was downloaded into your cache, which isn't really what you want here...
No, in this case the code wouldn't be breaking the law, as it is a modification to the (alleged) "technologic means designed to protect copyright" that will prevent them being broken.
It would only be a discussion of what the vulnerability actually is that might be covered, if anything at all.
Of course, you could reverse engineer the hole from the patch, but that wouldn't incriminate AC.
But then, as we all know, he doesn't live in the US and the UK government would take a dim view of them trying to get an extradition order on such flaky grounds, so he's in no real danger at all...
To deal with this, Gecko has a wonderful feature - 'quirks' mode. When handling a web page that doesn't have a strict DTD declaration, Gecko emulates the rendering bugs of IE (especially those with spacing and the CSS box model). So a page that is not standards compliant but works with IE will probably look OK in Gecko too
That's all well and good, but many designers write standards compliant web sites that are still designed around IE's bugs, because you have to - in order to get certain effects you have to use the buggy features of IE.
And the fact that Mozilla doesn't support a lot of Javascript that has become accepted standard, if not actual standard, causes a lot of problems, when it would be quite possible for it to support both methods (that is, both the W3C DOM and a hybrid DOM that superficially looks like IE4/5 or even NN4) without needing to have a smart switch between them.
2 cases in hand that are important from my company's perspective.
1. As a company that engages in web site design, we often have to run out of date software (eg Internet Explorer 4), and find the most convenient way of doing this is if some staff always use older versions and some always use newer versions. A bug in IE's Java implementation came to my attention. The advisory that I discoverd it from said that IE4 & 5 were affected, whereas Microsoft's advisory stated that IE4 wasn't affected. Microsoft hadn't released a patch for IE4. Now, it's not that I don't trust Microsoft or anything, but I was on the verge of upgrading our IE4 user to IE5 (which would have seriously inconvenienced our business) because it would have been complacent for me not to. Fortunately, I found some exploit code for the bug on guninski.com, with which I then determined that IE4 was not affected. Without the exploit code, I couldn't have made this decision and would have had to upgrade the affected machine to the detriment of our business.
2. During the course of an e-commerce setup for one of our clients, I discovered a *serious* security hole in the methods used by their secure payment provider. This hole basically allowed a user to buy a few cheap items from any e-commerce site that used them, use broken cryptography to force a password out of the 'confirmation codes' produced, and then forge a callback to the e-commerce site to validate a more expensive sale. This could cost e-commerce businesses in the UK millions of pounds, fairly trivially. My company discussed this problem with the payment provider, who at first didn't believe the existence of the problem, so I wrote an exploit. Then they had to believe it... but that doesn't mean they've fixed it. You see - we are under a non-disclosure agreement that had to be signed in order to get the details of their authentication mechanism, so I can't release the exploit. They have refused to fix the problem (although they acknowledge it and have provided our clients - and only our clients - with a guarantee that they will pay for any goods fraudulently purchased using this technique). An exploit in the wild would force them to, and anyone with half a brain who has ever seen their documentation could write one in a couple of hours. I'm sure a few people are sitting here reading this, knowing which company I'm talking about, because they too are aware of how exploitable this hole is.
I have to say, I can see the point behind stripping off the copyright in javascript, particularly if it is lengthy (as the UCB copyright notice is) because it will cause slower downloads. If I were to do this, I would usually do something like:
.txt -->
near the top of the file.
The problem is that folks are starting to expect html pages to download and run as soon as they click the button...:-(
Did you read the story? It doesn't try to make a call when you boot your PC (BTW: in many countries software trying to do this is illegal as actions that may cause cost / data loss / damage can only be performed at the specific request of the user) - it steels a bit of your connection space when you go online.
And from what is said it doesn't look like a privacy issue, but more the problem is that it might be subverted to install trojans on your system (eg the "law enforcement" monitoring trojan recently discussed on cryptome).
Just because they use the same socket format doesn't necessarily mean all motherboards will work with it.
Indeed. But it would almost certainly cut the cost of developing the new motherboard versions to support it. Chipset compatibility could well mean upgrading to a newer chipset - but then this could be pin-compatible with the older one anyway! Voltage level and BIOS support are both trivial changes (from a hardware point of view).
So - yes you're right. It doesn't *necessarily* mean motherboard compatibility (eg look at early and late versions of the celeron... I for one have written off both chip and motherboard by plugging the wrong one into the socket!). It means cheaper motherboards available faster because of lower design costs.
Its a well known fact that Intel and AMD have operatives who pose as geeks and read slashdot and other similar sites looking for ideas they can poach and use to persuade Microsoft to write software that only works on their processors... you don't want to give them an idea like this! Region coded CPUs could mean bad trouble for our friends in the popular commercial software liberation front...!
[1] - No, that doesn't stand for 'securely secured secure shell', although my company's security policy does insist I use ssh to connect to our web server despite the fact that the connection is over a VPN tunnelled through - you guessed it - an SSH link.:-)
I work in the Theory of Computation Group at MIT. A central activity is the creation and cracking of cryptographic protocols as a scientific endeavor. If a protocol is used to protect any copyrighted material, then is our right to publish a crack in a research journal curtailed? This is not a theoretical problem: on advice of counsel, Edward Felton of Princeton University has refrained from publishing his cracks of several Secure Digitial Music Initiative watermarking systems. I personally know several researchers who have worked on watermarking. Since since the SDMI systems employ a whole spectrum of the techniques, must that entire field of academic research be abandoned? I hope not, but the ground is certainly shaky.
The directive contains a specific exemption that allows you to circumvent copyright measures for the specific purposes of performing cryptographic research. The case would almost certainly be disputed in many instances (eg I believe the person who cracked CSS was not in any way formally employed or otherwise engaged in cryptography research), but in your case as an individual employed by a recognised organisation with a known role in crypto research, I am certain that this exemption would be applied to you.
I can't comment on the American version of the law, but I would certainly hope it contained a similar clause. If it doesn't, then it is a problem restricted to that particular law and not to the EU directive.
I do suggest everyone goes to the EU site and finds the directive (I could only find an early draft, but it goes a long way to showing what the real directive is), as it is quite insightful into how the DMCA should have been phrased. It seems the EU politicians have listened to the technical arguments for and against.
The Passport Web Site may contain bulletin board services, chat areas, news groups, forums, communities, personal web pages, group calendars, electronic mail postings and/or other message or communication facilities designed to enable you to communicate with the public at large or with a group collectively, ("Communication Services"), you agree to use the Communication Services only to post, send and receive messages and material that are proper and related to the particular Communication Service.
conspicuously absent from the list are communications between individuals.
So "electronic mail postings" are not communications between individuals?
What scares me is that they lay claim to any patent rights you might have. They definitely do not need that to disseminate any information you have entered (ie, information cannot be patented only methods and mechanisms), which is the normal reason for this sort of section on T&C.
When I was studying there, Warwick University ran a similar course. I think it was only 10 week, but if they still run it they should have a summary on the web.
There are many assemblers out there. Some come with ANSI C source code. There are ANSI C compilers available for at least as many platforms as BASH runs, as BASH requires an ANSI C compiler in order to compile... therefore an ANSI C assembler is more portable (?!)
And there are free non-GPL alternatives. For instance, PuTTY is a working SSH client, so if you only need a client end would probably function:
Its license opens it up for any use whatsoever.
OpenSSL is under the LGPL so you can use it if you want, but you have to be able to relink with a revised version, so dynamic linking is the order of the day...
Hmm. IDE drives are as fast, large and reliable now as SCSI drives were only two years ago. My server requirements haven't really changed since then, have yours? Were the SCSI drives inadequate for you then?
My ideal solution for this sort of thing would be to start on a relatively cheap PC running Linux with stuff like MySQL or whatever your favourite free DB is, and upgrade to (eg) a Sun with Solaris and Oracle if and when the need occurs. If your software has been suitably built, the switch shouldn't cause many problems and the system will only need to be down while the data is migrated after testing. This shouldn't take more than a few hours.
Also, Windows based solutions can be easily ported to other OSs if you know what you're doing. Just because a system runs on a Windows server doesn't mean you're using a nonportable DBMS (MS SQL Server) or interface architecture (ODBC applies as much for Unix as it does for Windows, it just never really caught on there...)
Actually, no it isn't. Hydrogen may have been the fuel that sustained the burning once it was started, but it was started by an electrical discharge across a rusty steel framework with an aluminium powder-coating; the aluminium (more reactive element than iron) became heated and stole the oxygen from the rust, releasing (a lot of) energy.
The hindenberg would have burned if it had been stuffed full of paper.
What makes a language an "Open Standard". Some would say that accreditation by a major standards organization (eg ISO), but I have to say that the way ISO C++ progressed made a mockery of this... before ISO standardization began, C++ was a very open language based on a single reference implementation (ie Stroustrops [sp?]). The committee for standardization took this language and introduce several bizarre variants, changed the meanings of parts of the language [in for (int i = 0; ... ) { } what is the scope of i?], etc.
I would say that the definition of openness is:
- a single, well documented reference implementation
- a concisely written specification of how it should behave in all situations (even if some of these are unspecified)
- no core part of the specification depends upon some intellectual property that would have to be licensed in a new implementation
The only possible conflict I would say that stands in the way of Java being an open standard is Sun's restrictions on the use of the Java trademark. I don't care what some poncy standard accreditation body says. Java is as 'open' as needs be. If it wasn't, there wouldn't be the possibility of alternative implementations (eg Kaffe, GCJ, etc.).
I haven't looked in detail at C# yet, but I do suspect it reallys on some of MS's proprietary APIs and a lot of these do depend upon MSs intellectual property (I understand that the DCOM interface, certain to be core to the whole thing, has patent issues, for example).
Well, if there can only be one license, it would have to be BSD (or something similar), because it allows more freedom with the way you can use the code than the GPL does.
;-)
Sorry everyone - your favourite license just became redundant
I for one, as the author of the DSPL, the license that is going back for further discussion, would love to hear what slashdot people think about it. I can't comment on the others, but it is rather a departure from the traditional open source license...
Well, firstly I have to say the idea of self improving code using a standard applications programming language is well off in the future: current methods tend to function around arrangement of structures to pass signals between them (sort of like automatically designing a signal processing chip) and these structures are usually hand coded.
Secondly, what weird ideas have you got about java programs getting involved in memory management? As far as I can tell C# and Java are pretty much identical in this (and most other) respects. They both take care of everything for you.
As far as I see it, the major use of a scramjet is as a propulsion method for orbital launch vehicles, eg as a cheaper and lighter replacement for the Space Shuttles solid fuel boosters (or rather as an addition to reduce the amount of fuel that they must carry - I understand that a scramjet, like a ramjet, needs to be travelling pretty quickly before you can start to use it...)
Mind you, ballistic launching still seams the best option to me. Some kind of hybrid rail gun/chemical propulsion system with a long launch tube...
The 'Page Properties' sheet in IE (at least for version 5, and I suspect for all others) actually tells you when the page you're looking at was downloaded into your cache, which isn't really what you want here...
No, in this case the code wouldn't be breaking the law, as it is a modification to the (alleged) "technologic means designed to protect copyright" that will prevent them being broken.
It would only be a discussion of what the vulnerability actually is that might be covered, if anything at all.
Of course, you could reverse engineer the hole from the patch, but that wouldn't incriminate AC.
But then, as we all know, he doesn't live in the US and the UK government would take a dim view of them trying to get an extradition order on such flaky grounds, so he's in no real danger at all...
And the fact that Mozilla doesn't support a lot of Javascript that has become accepted standard, if not actual standard, causes a lot of problems, when it would be quite possible for it to support both methods (that is, both the W3C DOM and a hybrid DOM that superficially looks like IE4/5 or even NN4) without needing to have a smart switch between them.
2 cases in hand that are important from my company's perspective.
1. As a company that engages in web site design, we often have to run out of date software (eg Internet Explorer 4), and find the most convenient way of doing this is if some staff always use older versions and some always use newer versions. A bug in IE's Java implementation came to my attention. The advisory that I discoverd it from said that IE4 & 5 were affected, whereas Microsoft's advisory stated that IE4 wasn't affected. Microsoft hadn't released a patch for IE4. Now, it's not that I don't trust Microsoft or anything, but I was on the verge of upgrading our IE4 user to IE5 (which would have seriously inconvenienced our business) because it would have been complacent for me not to. Fortunately, I found some exploit code for the bug on guninski.com, with which I then determined that IE4 was not affected. Without the exploit code, I couldn't have made this decision and would have had to upgrade the affected machine to the detriment of our business.
2. During the course of an e-commerce setup for one of our clients, I discovered a *serious* security hole in the methods used by their secure payment provider. This hole basically allowed a user to buy a few cheap items from any e-commerce site that used them, use broken cryptography to force a password out of the 'confirmation codes' produced, and then forge a callback to the e-commerce site to validate a more expensive sale. This could cost e-commerce businesses in the UK millions of pounds, fairly trivially. My company discussed this problem with the payment provider, who at first didn't believe the existence of the problem, so I wrote an exploit. Then they had to believe it... but that doesn't mean they've fixed it. You see - we are under a non-disclosure agreement that had to be signed in order to get the details of their authentication mechanism, so I can't release the exploit. They have refused to fix the problem (although they acknowledge it and have provided our clients - and only our clients - with a guarantee that they will pay for any goods fraudulently purchased using this technique). An exploit in the wild would force them to, and anyone with half a brain who has ever seen their documentation could write one in a couple of hours. I'm sure a few people are sitting here reading this, knowing which company I'm talking about, because they too are aware of how exploitable this hole is.
Yeah, I mean this number is altogether too similar to TMS6000, which if memory serves was a digital wristwatch processor unit... (?)
What I meant to say was: <-- for copyright info see: <somefile>.txt -->
I have to say, I can see the point behind stripping off the copyright in javascript, particularly if it is lengthy (as the UCB copyright notice is) because it will cause slower downloads. If I were to do this, I would usually do something like:
:-(
.txt -->
near the top of the file.
The problem is that folks are starting to expect html pages to download and run as soon as they click the button...
And from what is said it doesn't look like a privacy issue, but more the problem is that it might be subverted to install trojans on your system (eg the "law enforcement" monitoring trojan recently discussed on cryptome).
Nah, they're already importing the things over here in the UK...
Indeed. But it would almost certainly cut the cost of developing the new motherboard versions to support it. Chipset compatibility could well mean upgrading to a newer chipset - but then this could be pin-compatible with the older one anyway! Voltage level and BIOS support are both trivial changes (from a hardware point of view).
So - yes you're right. It doesn't *necessarily* mean motherboard compatibility (eg look at early and late versions of the celeron... I for one have written off both chip and motherboard by plugging the wrong one into the socket!). It means cheaper motherboards available faster because of lower design costs.
Ssssh. [1]
:-)
Its a well known fact that Intel and AMD have operatives who pose as geeks and read slashdot and other similar sites looking for ideas they can poach and use to persuade Microsoft to write software that only works on their processors... you don't want to give them an idea like this! Region coded CPUs could mean bad trouble for our friends in the popular commercial software liberation front...!
[1] - No, that doesn't stand for 'securely secured secure shell', although my company's security policy does insist I use ssh to connect to our web server despite the fact that the connection is over a VPN tunnelled through - you guessed it - an SSH link.
You say:
The directive contains a specific exemption that allows you to circumvent copyright measures for the specific purposes of performing cryptographic research. The case would almost certainly be disputed in many instances (eg I believe the person who cracked CSS was not in any way formally employed or otherwise engaged in cryptography research), but in your case as an individual employed by a recognised organisation with a known role in crypto research, I am certain that this exemption would be applied to you.
I can't comment on the American version of the law, but I would certainly hope it contained a similar clause. If it doesn't, then it is a problem restricted to that particular law and not to the EU directive.
I do suggest everyone goes to the EU site and finds the directive (I could only find an early draft, but it goes a long way to showing what the real directive is), as it is quite insightful into how the DMCA should have been phrased. It seems the EU politicians have listened to the technical arguments for and against.
What scares me is that they lay claim to any patent rights you might have. They definitely do not need that to disseminate any information you have entered (ie, information cannot be patented only methods and mechanisms), which is the normal reason for this sort of section on T&C.
When I was studying there, Warwick University ran a similar course. I think it was only 10 week, but if they still run it they should have a summary on the web.
But if it doesn't have a clock, how do you overclock it?
</sarcastic>
So... why?
Its license opens it up for any use whatsoever.
OpenSSL is under the LGPL so you can use it if you want, but you have to be able to relink with a revised version, so dynamic linking is the order of the day...
Hmm. IDE drives are as fast, large and reliable now as SCSI drives were only two years ago. My server requirements haven't really changed since then, have yours? Were the SCSI drives inadequate for you then?
My ideal solution for this sort of thing would be to start on a relatively cheap PC running Linux with stuff like MySQL or whatever your favourite free DB is, and upgrade to (eg) a Sun with Solaris and Oracle if and when the need occurs. If your software has been suitably built, the switch shouldn't cause many problems and the system will only need to be down while the data is migrated after testing. This shouldn't take more than a few hours.
Also, Windows based solutions can be easily ported to other OSs if you know what you're doing. Just because a system runs on a Windows server doesn't mean you're using a nonportable DBMS (MS SQL Server) or interface architecture (ODBC applies as much for Unix as it does for Windows, it just never really caught on there...)