Whoops - you're right. I actually ran grep 'lz' and just added the '-' to the comment above when I realised that I was getting a couple of false matches.
Should have tested the new command (or read the man page) first. Thx
You're absolutely right -- the only thing that a binary download will fix is packages using the libz.so shared library. Most software seems to link with the library statically. This is a huge problem.
I'm currently running this command against my/usr/src directory, just to get a preliminary list of packages to recompile:
Assuming you've still got your source tree intact since you compiled, this should find all makefiles which reference the zip library. If you've deleted any source directories, you will have to untar them and run configure again to build the makefiles.
As the other artices say, that baby is getting quite cold.
Cold? The thing's practically burning up! I thought it was getting cold, too, until I saw that the most recent temperatures are actually negative, and then realised that the table is in degrees Farenheit.
As of 1991, the spacecraft was still at 251K, and it had only cooled off about 40K in the twenty years since launch.
I mean, -7F is still pretty cold -- you'd probably get your tongue stuck to it out there -- but it's a lot warmer than its environment. Probably has a lot to do with the onboard nuclear reactor...
Your P.O box, however, can only be given mail from the actual Post Office. (I'm making an open-relay analogy) Nobody can walk in from the street and legally place mail into your mailbox. Although using a Post Office type deliverer for mail won't filter any spam, it will keep messages that are sent from outside the "post office" deliverer.
Actually, email already works like this - nobody can place messages directly into my/var/mail spool. All mail has to go through my authorised delivery agent (Postfix), although, as you say, it doesn't help me at all on the spam front.
To use your own example against you, consider this -
First, there is no single yahoo.com mail server. They host millions of email accounts, and probably have several back-end servers handling the volume of received mail. You couldn't sent mail directly to the mail server if you wanted to. Even at the front-end side, a quick mx lookup shows three servers which will accept mail for the yahoo.com domain. There are multiple paths that email can take en route to its destination, and they are each just as valid as the others.
Secondly, most home users don't even operate an SMTP service. Their messages necessarily have to go through one or more relays, to be queued, and resent if there are delivery problems the first time. The alternative to this is to require everyone to operate a full-blown SMTP service on every machine from which mail might originate, so that they can handle things like delivery delays, bounced messages, and the like.
The reason that email works like this is that the Internet is a collection of Inter-connected networks, which don't necessarily pass all traffic freely between each other. Companies have border routers and firewalls, or use Novell or other non-ip-based networks internally, but the email still has to end up at the recipient's machine. This is fundamentally different than the way that the World Wide Web works. On the web, you can assume that every HTTP server has an IP address, and you can contact it directly. With email, you can make no such assumptions. Not everyone uses POP to get their mail from publically accessable mail servers.
Of course, that being said, I agree that closing open routers is generally a good thing. There really is no reason for mail to have to pass through more than one relay to cross the public portions of the Internet, and mail that does should at least be forced to be honest about its origin. This would do a lot to discourage spam.
Anyway, I'm sure you knew most of this already, but I am dismayed by the number of people who think that stopping spam is a simple matter of 'fixing' the routing, and that email is essentialy the same thing as HTTP, only on port 25.
Um, but if the courts have already determined that recording television content for personal use is not copyright infringement, then how does this become a problem? (Yes, this should be tagged as redundant; yes, it's the theme of the entire story, but this poster doesn't seem to get it)
The important difference between this issue and the false analogies you brought up is that of redistribution. I am allowed to record television content for my own use, and I am allowed to make MP3 copies of my own purchased music. What I can't do is then rebroadcast those copies for the whole world. (And nobody here, besides you, is suggesting this)
The problem with Napster was that it made it very easy to redistribute copies of my music, which is not allowed under copyright law. (end of mostly-off-topic napster discussion)
As for your other analogy:
A Christian company copies a few airwaves and edits the shows to remove any 'sinful' content.
That's not a problem. Anyone can copy 'a few airwaves' and even edit them, for personal use. Then you come up with this:
You may subscribe to their service for a low fee of $299.99.
This would be illegal, as it is rebroadcasting of copyrighted materials. The only problem is that no one is doing this. No one has proposed this, and the availability of PVRs has nothing to do with this. If someone did do this, they would be fairly wasy to identify, and would be (rightly) be punished under copyright law, whether they used a PVR or not.
Oh, and BTW, you can't circumvent copyright. You can circumvent a copy-protection mechanism (and incur the wrath of the DMCA if you live in the wrong country,) or you can infringe on copyright (which you do not do by recording something off of your TV).
First off, Joy admits that code declared as unsafe "cannot be executed in an untrusted environment," at least according to the spec. He goes on to point out that we're trusting Microsoft's implementation here, which hasn't always been the best policy, at least for security issues.
> When you use the unsafe keyword, the resulting IL is marked as unsafe and can only run in a fully trusted environment
This bit still scares me. Does this mean that the C# compiler marks the IL as unsafe, and that the CLR trusts this marking? If that's the case, what is there to stop someone from bypassing the compiler, and editing the IL directly? (And please don't tell me it has anything to do with signed, trusted code:)
At least the Java model is based on fairly solid theory. The environment has a lot of nice properties which make it easy for the JVM to ensure that all code executed is safe. It begins with the position, "don't trust this code," and refuses to execute anything which it cannot prove to be safe. It doesn't rely on the programmer, or the compiler, to flag unsafe sections of code.
You forgot about the 10000 people in the hotel and casino at the top of the elevator...
On a side note, how fast would something like this actually fly into space? Even if you could hit it at 30,000 ft with something like an airplane, roughly 99.97% of the cable's mass should still be hanging in space.
Given that the cable was held in place by its own mass originally (not by being welded to some island,) and that it was already in geosynchronous orbit, just how quickly would it start to move? Would we have time to re-anchor it before we lost the whole thing?
NASA began considering the concept in June 1999 at the Advanced Space Infrastructure Workshop on "Geostationary Orbiting Tether 'Space Elevator' Concepts" held at the Marshall Space Flight Center in Huntsville, Alabama.
I think that the implication is supposed to be that, while you may have thought 'it must be fed from the house power,' the fact that the lights stayed on during an outage means that it was not running on the house's electricity.
Of course, as the poster above me mentions, a UPS would provide the same effect as a perpetual motion machine in this situation.
I'm not sure who modded this 'informative' (I know I'm going to/.-hell for saying this) but it's pretty far from it.
I've heard the same thing about ipfilter; that is, that it was developed for FreeBSD, for use in userspace, and was adopted by the OpenBSD team and subsequently modified to operate in kernelspace.
That is why I couldn't just get the OpenBSD 2.9 from FTP and install ipfilter from Darren Reed's site (to fix the traceroute bug). It requires quite a lot of patching to get it to work with OpenBSD.
So do you have any more information on _why_ the above poster was incorrect? I'm quite interested.
Of course, the question then, is how long does it last, and how gracefully does it degrade?
A great thing about using steel as a construction material is that not much eats it. You can leave steel on it's own for a while, and count on it to stay pretty much in the same condition you left it. On the other hand, I'm sure there's been a nice little biological niche carved out by insects/bacteria/whatever that eat old abandoned cobwebs. I'd hate to see what would happen when they discover your bridge:)
1st Place, "Strictly Spam": two SatireWire T-shirts, one each SatireWire hat, coffee mug, and mousepad.
2nd Place, "Strictly Spam": one T-shirt and a hat.
1st Place, "Freestyle": two SatireWire T-shirts, one hat, and a mousepad.
2nd Place, "Freestyle": two T-shirts and a hat.
Third place gets nothing. And fourth place is even worse!
Now don't you wish you'd been paying attention when this thing was announced?
Re:He he ... "fabulous work" he said ..
on
HDCP Break Proven
·
· Score: 2
I don't remember offhand whether Rivest, Shamir or Adleman had their PhDs in 1977, but I don't think that the RSA algorithm was "amateur" cryptography. It was certainly professional-level research work, done at MIT under government grants. Pioneering work is not necessarily amateur.
The only real example I've seen of good amateur cryptography was from the Irish student a few years back. I think the jury's still out on that one though, and she was still a student of mathematics.
The point I was trying to make was that amateur coders simply cannot come up with good crypto, no matter how good their hacking skills. Amateur mathematicians, on the other hand, might get lucky.
And no, being a "professional" doesn't mean anything, but having your work survive the sort of peer review that cryptographic algorithms are subjected to usually does.
Of course, your keyboard generates RF signals through its cables, just like everything else. I heard somewhere (read: unsubstantiated rumour) that the NSA has a policy of obtaining samples of every model of {keyboard|printer|monitor|etc} for analysis wrt Van Eck radiation.
And I'm sure they just love the new wireless mouses/keyboards/NICs:)
That's a pretty good link... Schneier also has written some good stuff on the application of thermodynamic principles to brute-force cracking that suggest their might not be enough energy in the universe.
With a 256-bit key, you simply don't do brute-force cracking. It's not possible now, and I would wager any amount that none of us will ever see the day when it is (if ever).
With 256-bit keys, you start looking at the algorithm for flaws, and the protocols which use the keys. If that looks hard, then you figure out where the key is stored, and attack it from there.
Unless you're dealing with 56-bit DES, or worse, 40-bit exportable SSL, you don't even think about using brute force. There's always a better attack.
Re:He he ... "fabulous work" he said ..
on
HDCP Break Proven
·
· Score: 2
What 10 undereducated volunteers can put together in a month, professional mathematician will do in a week
Or rather, what 10 undereducated volunteers could never put together in 10 years, a professional mathematician will do over the course of many months, and then have reviewed by several more mathematicians review over a period of years:)
Sorry for the flamebait, but amateur coders simply cannot reproduce the kind of work that professional cryptography requires.
That's not to say that they cannot go ahead and implement any developed algorithm out there... likely better than most cryptographers could do it... but that's not the same as coming up with the system in the first place.
Actually, he credits the term 'bit' to the statistician John Tukey.
Shannon was, though, I believe, the first person to call the uncertainty function re: communications 'Entropy', based on its similarity to the thermodynamic equations.
In theory, a 64-bit machine could handle 16,000 TB using only virtual memory, but there are a lot of reasons why you wouldn't be able to do that today.
Aside from the fact that having that much virtual space would be nearly totally useless (and the fact that you couldn't buy that much memory if you wanted to:), you will always be restricted by the capacity of the motherboard. The motherboard manufacturers are not forced to lay 64 address lines on the board, just because the CPU uses a 64-bit address bus internally.
I've been using 32-bit motherboards for a decade now, and I've never owned one which was physically capable of supporting 4GB of RAM.
Also, is the machine really a 64-bit architecture, in all areas? "64-bit" may be referring to the width of the data bus, not the address bus, which may still be only 33 or 34 bits wide. Very much like the "128-bit" GPUs -- they get all of the performance advantages of moving 128 bits at a time, but have no need for a 128-bit address space.
What happens if it takes them 5 years to get those 20,000 subscriptions?
I think they're betting on the fact that it won't. If it does, that's a clear indication that there's not enough community support for them to continue with this business model, and they'll have to think of something else, or just lay everyone off.
What happens if by the time they FINALLY get that 20,000th, they've expended most of the money it all generated?
Well, if you read their subscription page, you'd see that they are not even taking your credit card number right now. In fact, what they want to see is at least 20000 people expressing interest in subscribing before they actually ask you for your money.
As for using up all of the money before releasing the code, what they're asking for is a $5 / month committment, not a one-time fee. They're looking for an ongoing revenue stream, on the order of $100000 / month, to support their development costs, and keep some open source programmers paid.
I don't see why this model would work any better than an all out commercial liscense.
Well, for one thing, unlike a commercial vendor, they won't need to worry about "piracy"; as long as they have a solid base of users willing to commit financially to the product on an ongoing basis, they are perfectly happy with all of the freeloaders using it and enjoying it.
If the project is good enough, people are going to pay for it.
I agree. I'd pay for it. I hope there are 19999 other people who would, too. I'm also glad that they would let me use it even if I couldn't pay for it, or didn't believe that it was worth $60/year.
I really think that this could be a viable open-source business model, and while I can't tell you to support it, I'd encourage anyone who might be interested to fill out their survey to show some support.
Slashdot Mirror
Should have tested the new command (or read the man page) first. Thx
I'm currently running this command against my /usr/src directory, just to get a preliminary list of packages to recompile:
grep '-lz' `find . -name 'Makefile'` > ~/zlib-dependencies
Assuming you've still got your source tree intact since you compiled, this should find all makefiles which reference the zip library. If you've deleted any source directories, you will have to untar them and run configure again to build the makefiles.
Cold? The thing's practically burning up! I thought it was getting cold, too, until I saw that the most recent temperatures are actually negative, and then realised that the table is in degrees Farenheit.
As of 1991, the spacecraft was still at 251K, and it had only cooled off about 40K in the twenty years since launch.
I mean, -7F is still pretty cold -- you'd probably get your tongue stuck to it out there -- but it's a lot warmer than its environment. Probably has a lot to do with the onboard nuclear reactor...
Allegiance to the flag, defend the constitution, fealty to the president, and all that
I don't know about the rest of the Three Letter Agencies, but the most important of them for this topic will only hire Americans.
From the NSA's employment FAQ,
The most brilliant minds outside of the US need not apply.Actually, email already works like this - nobody can place messages directly into my /var/mail spool. All mail has to go through my authorised delivery agent (Postfix), although, as you say, it doesn't help me at all on the spam front.
To use your own example against you, consider this -
First, there is no single yahoo.com mail server. They host millions of email accounts, and probably have several back-end servers handling the volume of received mail. You couldn't sent mail directly to the mail server if you wanted to. Even at the front-end side, a quick mx lookup shows three servers which will accept mail for the yahoo.com domain. There are multiple paths that email can take en route to its destination, and they are each just as valid as the others.
Secondly, most home users don't even operate an SMTP service. Their messages necessarily have to go through one or more relays, to be queued, and resent if there are delivery problems the first time. The alternative to this is to require everyone to operate a full-blown SMTP service on every machine from which mail might originate, so that they can handle things like delivery delays, bounced messages, and the like.
The reason that email works like this is that the Internet is a collection of Inter-connected networks, which don't necessarily pass all traffic freely between each other. Companies have border routers and firewalls, or use Novell or other non-ip-based networks internally, but the email still has to end up at the recipient's machine. This is fundamentally different than the way that the World Wide Web works. On the web, you can assume that every HTTP server has an IP address, and you can contact it directly. With email, you can make no such assumptions. Not everyone uses POP to get their mail from publically accessable mail servers.
Of course, that being said, I agree that closing open routers is generally a good thing. There really is no reason for mail to have to pass through more than one relay to cross the public portions of the Internet, and mail that does should at least be forced to be honest about its origin. This would do a lot to discourage spam.
Anyway, I'm sure you knew most of this already, but I am dismayed by the number of people who think that stopping spam is a simple matter of 'fixing' the routing, and that email is essentialy the same thing as HTTP, only on port 25.
Um, but if the courts have already determined that recording television content for personal use is not copyright infringement, then how does this become a problem? (Yes, this should be tagged as redundant; yes, it's the theme of the entire story, but this poster doesn't seem to get it)
The important difference between this issue and the false analogies you brought up is that of redistribution. I am allowed to record television content for my own use, and I am allowed to make MP3 copies of my own purchased music. What I can't do is then rebroadcast those copies for the whole world. (And nobody here, besides you, is suggesting this)
The problem with Napster was that it made it very easy to redistribute copies of my music, which is not allowed under copyright law. (end of mostly-off-topic napster discussion)
As for your other analogy:
A Christian company copies a few airwaves and edits the shows to remove any 'sinful' content.
That's not a problem. Anyone can copy 'a few airwaves' and even edit them, for personal use. Then you come up with this:
You may subscribe to their service for a low fee of $299.99.
This would be illegal, as it is rebroadcasting of copyrighted materials. The only problem is that no one is doing this. No one has proposed this, and the availability of PVRs has nothing to do with this. If someone did do this, they would be fairly wasy to identify, and would be (rightly) be punished under copyright law, whether they used a PVR or not.
Oh, and BTW, you can't circumvent copyright. You can circumvent a copy-protection mechanism (and incur the wrath of the DMCA if you live in the wrong country,) or you can infringe on copyright (which you do not do by recording something off of your TV).
> When you use the unsafe keyword, the resulting IL is marked as unsafe and can only run in a fully trusted environment
This bit still scares me. Does this mean that the C# compiler marks the IL as unsafe, and that the CLR trusts this marking? If that's the case, what is there to stop someone from bypassing the compiler, and editing the IL directly? (And please don't tell me it has anything to do with signed, trusted code :)
At least the Java model is based on fairly solid theory. The environment has a lot of nice properties which make it easy for the JVM to ensure that all code executed is safe. It begins with the position, "don't trust this code," and refuses to execute anything which it cannot prove to be safe. It doesn't rely on the programmer, or the compiler, to flag unsafe sections of code.
You forgot about the 10000 people in the hotel and casino at the top of the elevator...
On a side note, how fast would something like this actually fly into space? Even if you could hit it at 30,000 ft with something like an airplane, roughly 99.97% of the cable's mass should still be hanging in space.
Given that the cable was held in place by its own mass originally (not by being welded to some island,) and that it was already in geosynchronous orbit, just how quickly would it start to move? Would we have time to re-anchor it before we lost the whole thing?
NASA began considering the concept in June 1999 at the Advanced Space Infrastructure Workshop on "Geostationary Orbiting Tether 'Space Elevator' Concepts" held at the Marshall Space Flight Center in Huntsville, Alabama.
GOTSEC? Can this be real?
I think that the implication is supposed to be that, while you may have thought 'it must be fed from the house power,' the fact that the lights stayed on during an outage means that it was not running on the house's electricity.
Of course, as the poster above me mentions, a UPS would provide the same effect as a perpetual motion machine in this situation.
I've heard the same thing about ipfilter; that is, that it was developed for FreeBSD, for use in userspace, and was adopted by the OpenBSD team and subsequently modified to operate in kernelspace.
That is why I couldn't just get the OpenBSD 2.9 from FTP and install ipfilter from Darren Reed's site (to fix the traceroute bug). It requires quite a lot of patching to get it to work with OpenBSD.
So do you have any more information on _why_ the above poster was incorrect? I'm quite interested.
A great thing about using steel as a construction material is that not much eats it. You can leave steel on it's own for a while, and count on it to stay pretty much in the same condition you left it. On the other hand, I'm sure there's been a nice little biological niche carved out by insects/bacteria/whatever that eat old abandoned cobwebs. I'd hate to see what would happen when they discover your bridge :)
Yep, prizes galore!
From the Contest Rules:
PRIZES
Now don't you wish you'd been paying attention when this thing was announced?
I don't remember offhand whether Rivest, Shamir or Adleman had their PhDs in 1977, but I don't think that the RSA algorithm was "amateur" cryptography. It was certainly professional-level research work, done at MIT under government grants. Pioneering work is not necessarily amateur.
The only real example I've seen of good amateur cryptography was from the Irish student a few years back. I think the jury's still out on that one though, and she was still a student of mathematics.
The point I was trying to make was that amateur coders simply cannot come up with good crypto, no matter how good their hacking skills. Amateur mathematicians, on the other hand, might get lucky.
And no, being a "professional" doesn't mean anything, but having your work survive the sort of peer review that cryptographic algorithms are subjected to usually does.
And I'm sure they just love the new wireless mouses/keyboards/NICs :)
That's a pretty good link... Schneier also has written some good stuff on the application of thermodynamic principles to brute-force cracking that suggest their might not be enough energy in the universe.
With a 256-bit key, you simply don't do brute-force cracking. It's not possible now, and I would wager any amount that none of us will ever see the day when it is (if ever).
With 256-bit keys, you start looking at the algorithm for flaws, and the protocols which use the keys. If that looks hard, then you figure out where the key is stored, and attack it from there.
Unless you're dealing with 56-bit DES, or worse, 40-bit exportable SSL, you don't even think about using brute force. There's always a better attack.
Or rather, what 10 undereducated volunteers could never put together in 10 years, a professional mathematician will do over the course of many months, and then have reviewed by several more mathematicians review over a period of years :)
Sorry for the flamebait, but amateur coders simply cannot reproduce the kind of work that professional cryptography requires.
That's not to say that they cannot go ahead and implement any developed algorithm out there... likely better than most cryptographers could do it... but that's not the same as coming up with the system in the first place.
Actually, he credits the term 'bit' to the statistician John Tukey.
Shannon was, though, I believe, the first person to call the uncertainty function re: communications 'Entropy', based on its similarity to the thermodynamic equations.
Well, according to glwtta, mammals have been around for about 200 million years. He said I could quote him on that
If you really want to know, just download the diff from kernel.org.
8 GB is only a 33-bit address space.
Even 2 TB is only 41 bits.
In theory, a 64-bit machine could handle 16,000 TB using only virtual memory, but there are a lot of reasons why you wouldn't be able to do that today.
Aside from the fact that having that much virtual space would be nearly totally useless (and the fact that you couldn't buy that much memory if you wanted to :), you will always be restricted by the capacity of the motherboard. The motherboard manufacturers are not forced to lay 64 address lines on the board, just because the CPU uses a 64-bit address bus internally.
I've been using 32-bit motherboards for a decade now, and I've never owned one which was physically capable of supporting 4GB of RAM.
Also, is the machine really a 64-bit architecture, in all areas? "64-bit" may be referring to the width of the data bus, not the address bus, which may still be only 33 or 34 bits wide. Very much like the "128-bit" GPUs -- they get all of the performance advantages of moving 128 bits at a time, but have no need for a 128-bit address space.
Not that there's anything wrong with being an emulator, but it seems somewhat pointless to deny this simply fact.
It's not pointless, it is following a long-established UNIX tradition of denying the obvious with a recursive acronym :)
What happens if it takes them 5 years to get those 20,000 subscriptions?
I think they're betting on the fact that it won't. If it does, that's a clear indication that there's not enough community support for them to continue with this business model, and they'll have to think of something else, or just lay everyone off.
What happens if by the time they FINALLY get that 20,000th, they've expended most of the money it all generated?
Well, if you read their subscription page, you'd see that they are not even taking your credit card number right now. In fact, what they want to see is at least 20000 people expressing interest in subscribing before they actually ask you for your money.
As for using up all of the money before releasing the code, what they're asking for is a $5 / month committment, not a one-time fee. They're looking for an ongoing revenue stream, on the order of $100000 / month, to support their development costs, and keep some open source programmers paid.
I don't see why this model would work any better than an all out commercial liscense.
Well, for one thing, unlike a commercial vendor, they won't need to worry about "piracy"; as long as they have a solid base of users willing to commit financially to the product on an ongoing basis, they are perfectly happy with all of the freeloaders using it and enjoying it.
If the project is good enough, people are going to pay for it.
I agree. I'd pay for it. I hope there are 19999 other people who would, too. I'm also glad that they would let me use it even if I couldn't pay for it, or didn't believe that it was worth $60/year.
I really think that this could be a viable open-source business model, and while I can't tell you to support it, I'd encourage anyone who might be interested to fill out their survey to show some support.