Okay, so it's not really the "spirit". What would I know, I'm just a Windows programmer?
Actually, you were right about the spirit. Open source is all about open specs, and being able to freely use those specs to build applications. It's about being able to do something with information. The freedom to do it yourself if you want to.
Maybe I should ask them to take it away?
No, don't do that. I suspect that you're new to Slashdot, and I'll give you one advice: There are a lot of people on Slashdot that don't have the faintest clue, and will always complain, no matter what. Then there are those who understand. For example, read nutsy's post below.
Well, maybe it "could mean Linux PDAs", but as I understood it, such beasts are already underway and as such this is not the prerequisite for the appearance of Linux PDAs...
Yopy has most certainly a JFS-like solution for its flash memory, but as Yopy itself is not in production yet and there's yet no source to be seen, I don't know for certain. That's what I find so nice about the JFFS: It's here, and it's here now. And with an "established" JFFS, Linux PDA manufacturers and manufacturers of many other types of embedded devices with flash memory maybe won't have to re-invent the same thing over and over. So you're right, PDA manufacturers don't have to use this and they can use whatever they seem fit, including their own custom solutions, but still I think that this is great because PDA manufacturers won't have to invent some solution of their own.
I don't know if there are other documented journaling flash file systems for Linux out there, but I know that I haven't seen one before.
Yes, that must be it. Most people are too stupid to read or think on their own. Do you realize how dumb you sound?
I didn't say that. What I ment to imply was that given enough people voting in a poll, there's always a few people who accidentally click the wrong box (saying "Yes" instead of "No"), especially when the answers are ordered differently on the different questions!!! That's why most serious polls or surveys always order their "yes" and "no" answers in the same order on each question: to remove as many "accidental" influences as possible.
And I also question the "questions". I think the results would be slightly different if the questions were "Do you think that a split up would result in a more competitive software market?" and "Do you think that more competition would result in better software and/or lower prices?". Those questions are as biased as those above. Poll question #3, for example, gives you the hint that "the market has changed and maybe this antitrust case is outdated after all"... qlearly in favor of one of Microsoft's own main arguments.
But obviously you are, and always were, too smart to fall for cheap poll/survey tricks, you never make mistakes, and would never click the wrong box. Ever. I'm terribly sorry.
As of this writing, there are 2419 responses, and the results are:
Should Microsoft be split? Yes: 28.48% No: 67.96%
Is Microsoft stock a "buy"? Yes: 68.06% No: 18.12%
Given advancements in the software industry over the last two years, is the government's case against Microsoft still relevant? Yes: 29.94% No: 63.67%
I think though that the poll is a little bit pre-fabricated (incidentally or intentionally) for a certain outcome. If you look at the answer buttons on the poll page, you'll see that the answers (Yes, No and Not Sure) are ordered differently on the different questions. It just happens that if you always choose the first answer, it will be "No", "Yes" and "No", indeed a very Microsoft-supportive poll answer.
Hmm, mp3 encoding of talk (dictation) on a PDA doesn't sound as a good idea. You wouldn't be able to encode in real time, and mp3 quality is a bit overkill for speech anyway.
They'd better use some sort of PCM encoding (like in phone systems). Granted, that would of course only be telephone quality, but the sound quality that's good for phone systems would IMHO also satisfy most people's needs for a dictation system.
By default Red Hat 6.1 and below boot up in a text console...
The Red Hat install lets you choose if you want a GUI at startup, or a console (i.e., runlevel 5 versus runlevel 3). It's a nice checkbox called "use graphical login". You can see it here as well as the GUI X configuration during the Red Hat 6.2 install.
In short, Red Hat has a lot more than most happy Mandrake users seem to think...;)
Kudos to Mandrake though, they're now including Helix GNOME! My biggest gripe about Mandrake was always that GNOME never seemed to work flawlessly - there were always issues with GNOME in Mandrake (like the i18n in GNOME wasn't working no matter how hard I tried, although the rest of my Mandrake test system was internationalised). Maybe it was just that KDE gets a lot more tested than GNOME in Mandrake. Many KDE users complain about the reverse situation in Red Hat - there's always issues with KDE in Red Hat. I don't know, since I'm a happy GNOME user.
I hope though that they dont include the Helix with the latest development gnome-core 1.1.9... Virtually all other gnome-cores in the devel 1.1.x series I have tested were really, really stable, with the notable exception of 1.1.9, which has a big nasty memory leak =(
This is the mail sent to the Red Hat Security Advisory Mailing List regarding the Piranha security hole and fixes, which everyone who runs Red Hat and cares about security should subscribe to (mail a letter with the subject "subscribe" to redhat-watch-list-request@redhat.com ).
And no, this is not redundant, as this has not been posted on the Red Hat errata web site, or elsewhere on the web, yet as of this writing. I couldn't find it at least.
Begin letter.
----------------------------------------
Subject: SECURITY: [RHSA-2000:014-10] Updated piranha packages available
Resent-Date: 24 Apr 2000 20:33:43 -0000
Resent-From: redhat-watch-list@redhat.com
Resent-CC: recipient list not shown:;
Date: Mon, 24 Apr 2000 16:33:32 -0400 (EDT)
From: Cristian Gafton (gafton@redhat.com)
Reply-To: redhat-watch-list@redhat.com
To: redhat-watch-list@redhat.com
CC: Linux Security , BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
- -------------------------------------------------- -------------------
Red Hat, Inc. Security Advisory
Synopsis: Piranha web GUI exposure
Advisory ID: RHSA-2000:014-10
Issue date: 2000-04-18
Updated on: 2000-04-24
Product: Red Hat Linux
Keywords: piranha remote CGI command
Cross references: php
The GUI portion of Piranha may allow any remote attacker to execute commands on the server. This may lead to remote compromise of the server,
as well as exposure or defacement of the website.
2. Relevant releases/architectures:
Red Hat Linux 6.2 - i386 alpha sparc
3. Problem description:
Piranha when it is installed generates a 'secure' web interface ID using
the HTML.htaccess method. The information for the account is placed in/home/httpd/html/piranha/secure/passwords which was supposed to be
released with a blank password. In fact the password that is actually on
the CD is either 'q' or 'piranha'. It was intended that when the
administrator loaded the piranha package onto their box, that it was their
resonsibility to change that password. This is not a hidden account. It is
meerly used to protect the web pages from unauthorized access. The
security problem arises from the/home/httpd/html/piranha/secure/passwd.php3 file from which it is possible
to execute commands by inserting them into the change password option eg
entering 'blah;/bin/command to execute' into the field, and again to
verify, everything after the semicolon is executed with the same privilege
as the webserver. It is possible at this point to compromise the webserver
or do serious damage to the site.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
Temporarily, you should set a password on the web pages as should be done
when you first install the package for the sake of speed you can issue the
following command htpasswd -c -b/home/httpd/html/piranha/secure/passwords
piranha 'password of choice' In theory, this means only you have access to
that area and you are hardly likely to try and exploit the problem
yourself.
When you install the update for the piranha-gui, please take a moment to
login into the gui frontend and set a password on the account
(http://localhost/piranha)
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
Hmm, the downside is, just because you make all images on a site transparent, so the background is visible through them, doesn't make the process of changing the background easier, unless it's pretty much the same shade or so.
It's because normally you have to make your graphics anti-aliased so that curves and such don't look like lousy done bitmaps, and when you do so, you will use gradients of the two colors (the color of your graphic and the background color). You will obviously want to mark the "pure" background color as transparent in your graphic, or else the point of the anti-aliasing is gone.
But, anyway, the result is that if you one day change your background, your images will still have those anti-aliasing gradients from the old background color, and it will look horrible. Trust me, I've tried it, and it doesn't look good...;)
Indeed. Why not put in a simple, cheap 10 Mbit/s Ethernet chip and combo connectors in the gaming devices, instead of just a modem? Ethernet chips are really commodity hardware these days - I see absolutely no reason why they don't put it in. It makes connecting much more flexible.
Ethernet makes sense even for those without a permanent net connection (big gaming party in the house?). Also, most people with cable modems use Ethernet - the connection between the cable "modem" and your computer is often an Ethernet link. Add a cheap hub, and voilà!
You just confirmed that you are indeed a nerd cluster node.
When will Red Hat join?
on
SuSE For PPC
·
· Score: 4
Red Hat has Sparc, Alpha and i386 ports. But not PPC. That keeps wondering me. There are a lot more PPC systems in the world than there are Alphas or Sparcs...
I think that if SuSe finally decided that they should port to PPC, Red Hat will soon be following. I don't know if they will port themselves, though. Maybe they'll just buy LinuxPPC. Seems like a logical move to me.
I would like to add that preserving the directory structure of the mirrors under/pub/mirrors is also a good thing to do. Sites that don't do that are a pain to use. If you know the original site's layout, you know where to look, and using your mirror effectively becomes just a matter of replacing ftp://ftp.orginalsite.org/pub/software/Foo-3.14.ta r.gz with ftp://ftp.yoursite.com/pub/mirrors/ftp.originalsit e.org/pub/software/Foo-3.14.tar.gz .
Also, name the mirror directories after the server mirrored (i.e. /pub/mirrors/ftp.xmms.org/ and not something like /pub/mirrors/xmms-mirror/). This makes it significantly easier to know exactly what is mirrored without having to browse the entire structure to find out.
I didn't say that using a gun in self-defense after being wounded is impossible. Just very unlikely to happen.
Of course people have succesfully defended themselves by using guns after they've been shot. And I really believe that you could present me with well-documented cases where this has actually happened. But on the other hand, I could probably also show you well-documented proof that there was over ten thousand people winning large lotteries in the US last year, or such. Those "statistics" tell you nothing about the opposite scenario, which most probably is much more likely.
This is not an answer to your question, but I think it would be horribly stupid of Apple, from a business point of view, not to support SMB filesharing via Samba. I mean, even Sun uses the efforts of the Samba team. Rumor says that creating anything like Samba and support the flawed SMB protocol was even too much for Sun to do.
And since Windows filesharing is an important factor at a lot of sites that uses both Mac and Windows boxes, a deciscion of not porting Samba would make no sense to me.
If you can. The truth is, most gun wounds hurt the victim so bad that he/she wont be capable to get their gun (if they don't have it in their hands already) or even shoot back. The victim might even have been killed instantly. Plus most people aren't as good shooters as they like to think they are. Even if you're a good shot, you don't know how "well" you'll be performing under stress or seriously injured. I think bad Hollywood movies are to blame for this, showing brave men responding to gun fire with one or two bullet wounds to their bodies. Even if you just get a "nice" bullet in your leg or so, the blood loss will make you really dizzy and most probably not even capable of targeting a gun, or maybe even hold it.
So in my opinion, the whole thing about using guns as self-defence or for "protecting my house from burglars" is effectively moot. Guns hurt. Instantly and seriously. No self-defense there.
It tries to manage to be everything you mentioned.
This is not bad IMHO because you can choose what kind of install you want - Server, Gnome Workstation, KDE Workstation, Laptop System - it's a simple choice in the install. And don't worry, you can also select exactly what packages you want.
I think this is a Good Thing. Instead of having distributions tailored for various uses you have a "fat" distribution and the option to choose the primary use in the install. Of course you can tailor Slackware exactly the way you want too, but I think the option in the RedHat install is nice, because even if you want the system tailored for a specific use you don't have to choose all the packages yourself if you don't want to.
OpenSSH is not included (because it requires OpenSSL) due to the stupidity of the RSA patent in the US. See Beros comment yesterday for a link to RPMs made outside the US.
I would just like to add that even those with free and unlimited high-speed Internet access don't necessarily have the time or patience to monitor all software releases...;)
Actually, that might be true for the desktop PCs (strange integrated sound chips, winmodems etc.) but on the Compaq servers that's another story. The servers are especially designed with common hardware in mind. S3 graphic chips, Intel Etherexpress fast ethernet controller clones, Compaq Smart RAID controllers (which actually has Linux kernel support), common SCSI chips etc.
This is because a server has to work with whatever an IT department wants to put on it, whether that be Windows NT, Windows 2000, Netware, Linux, SCO Unix, *BSD, Solaris x86 or something else.
I researched this (the hardware support) last summer, when I worked with installing Compaq Proliant servers in a pretty NT-only IT department. I wanted to know if there was a good technical reason why I couldn't put Linux on these nice machines. It turned out that there wasn't. It was just political...
Stop spreading those stickers! I wanted to squat all those wonderful domains! Now, since everybody knows them, you've ruined my potential business, and my IPO!
Just HairyDrunkenLactatingSpottedMonkies.com should be worth $300M alone!
Re:Other distros *do* produce betas/Mandrake first
on
RedHat 6.2 - RSN
·
· Score: 1
...so saying that Mandrake is taking ideas from RH is a good joke.
I believe the joke is yours. If Mandrake weren't taking ideas from Red Hat, there simply would be no Mandrake as we know it today. The opposite is probably just as true.
Maybe you should read the recent article on Mandrake and the relationship between them and Red Hat (previously featured on the beloved/.) for some really nice quotes on this.
Slashdot Mirror
Actually, you were right about the spirit. Open source is all about open specs, and being able to freely use those specs to build applications. It's about being able to do something with information. The freedom to do it yourself if you want to.
Maybe I should ask them to take it away?
No, don't do that. I suspect that you're new to Slashdot, and I'll give you one advice: There are a lot of people on Slashdot that don't have the faintest clue, and will always complain, no matter what. Then there are those who understand. For example, read nutsy's post below.
Yopy has most certainly a JFS-like solution for its flash memory, but as Yopy itself is not in production yet and there's yet no source to be seen, I don't know for certain.
That's what I find so nice about the JFFS: It's here, and it's here now. And with an "established" JFFS, Linux PDA manufacturers and manufacturers of many other types of embedded devices with flash memory maybe won't have to re-invent the same thing over and over. So you're right, PDA manufacturers don't have to use this and they can use whatever they seem fit, including their own custom solutions, but still I think that this is great because PDA manufacturers won't have to invent some solution of their own.
I don't know if there are other documented journaling flash file systems for Linux out there, but I know that I haven't seen one before.
I didn't say that. What I ment to imply was that given enough people voting in a poll, there's always a few people who accidentally click the wrong box (saying "Yes" instead of "No"), especially when the answers are ordered differently on the different questions!!! That's why most serious polls or surveys always order their "yes" and "no" answers in the same order on each question: to remove as many "accidental" influences as possible.
And I also question the "questions". I think the results would be slightly different if the questions were "Do you think that a split up would result in a more competitive software market?" and "Do you think that more competition would result in better software and/or lower prices?". Those questions are as biased as those above. Poll question #3, for example, gives you the hint that "the market has changed and maybe this antitrust case is outdated after all"... qlearly in favor of one of Microsoft's own main arguments.
But obviously you are, and always were, too smart to fall for cheap poll/survey tricks, you never make mistakes, and would never click the wrong box. Ever. I'm terribly sorry.
As of this writing, there are 2419 responses, and the results are:
Yes: 28.48%
No: 67.96%
Yes: 68.06%
No: 18.12%
Yes: 29.94%
No: 63.67%
I think though that the poll is a little bit pre-fabricated (incidentally or intentionally) for a certain outcome. If you look at the answer buttons on the poll page, you'll see that the answers (Yes, No and Not Sure) are ordered differently on the different questions. It just happens that if you always choose the first answer, it will be "No", "Yes" and "No", indeed a very Microsoft-supportive poll answer.
They'd better use some sort of PCM encoding (like in phone systems). Granted, that would of course only be telephone quality, but the sound quality that's good for phone systems would IMHO also satisfy most people's needs for a dictation system.
There's just a few days left of April, and even if it doesn't make it (and those chances are good) it's damn near... ;)
The Red Hat install lets you choose if you want a GUI at startup, or a console (i.e., runlevel 5 versus runlevel 3). It's a nice checkbox called "use graphical login". You can see it here as well as the GUI X configuration during the Red Hat 6.2 install.
In short, Red Hat has a lot more than most happy Mandrake users seem to think... ;)
Kudos to Mandrake though, they're now including Helix GNOME! My biggest gripe about Mandrake was always that GNOME never seemed to work flawlessly - there were always issues with GNOME in Mandrake (like the i18n in GNOME wasn't working no matter how hard I tried, although the rest of my Mandrake test system was internationalised).
Maybe it was just that KDE gets a lot more tested than GNOME in Mandrake. Many KDE users complain about the reverse situation in Red Hat - there's always issues with KDE in Red Hat. I don't know, since I'm a happy GNOME user.
I hope though that they dont include the Helix with the latest development gnome-core 1.1.9... Virtually all other gnome-cores in the devel 1.1.x series I have tested were really, really stable, with the notable exception of 1.1.9, which has a big nasty memory leak =(
And no, this is not redundant, as this has not been posted on the Red Hat errata web site, or elsewhere on the web, yet as of this writing. I couldn't find it at least.
Begin letter. ;
----------------------------------------
Subject: SECURITY: [RHSA-2000:014-10] Updated piranha packages available
Resent-Date: 24 Apr 2000 20:33:43 -0000
Resent-From: redhat-watch-list@redhat.com
Resent-CC: recipient list not shown:
Date: Mon, 24 Apr 2000 16:33:32 -0400 (EDT)
From: Cristian Gafton (gafton@redhat.com)
Reply-To: redhat-watch-list@redhat.com
To: redhat-watch-list@redhat.com
CC: Linux Security , BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE----- - -------------------------------------------------- -------------------
Red Hat, Inc. Security Advisory
Synopsis: Piranha web GUI exposure
Advisory ID: RHSA-2000:014-10
Issue date: 2000-04-18
Updated on: 2000-04-24
Product: Red Hat Linux
Keywords: piranha remote CGI command
Cross references: php
-------------------------------------------------- -------------------
1. Topic:
The GUI portion of Piranha may allow any remote attacker to execute commands on the server. This may lead to remote compromise of the server, as well as exposure or defacement of the website.
2. Relevant releases/architectures:
Red Hat Linux 6.2 - i386 alpha sparc
3. Problem description:
Piranha when it is installed generates a 'secure' web interface ID using the HTML .htaccess method. The information for the account is placed in /home/httpd/html/piranha/secure/passwords which was supposed to be
released with a blank password. In fact the password that is actually on
the CD is either 'q' or 'piranha'. It was intended that when the
administrator loaded the piranha package onto their box, that it was their
resonsibility to change that password. This is not a hidden account. It is
meerly used to protect the web pages from unauthorized access. The
security problem arises from the /home/httpd/html/piranha/secure/passwd.php3 file from which it is possible
to execute commands by inserting them into the change password option eg
entering 'blah;/bin/command to execute' into the field, and again to
verify, everything after the semicolon is executed with the same privilege
as the webserver. It is possible at this point to compromise the webserver
or do serious damage to the site.
4. Solution:
For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
Temporarily, you should set a password on the web pages as should be done when you first install the package for the sake of speed you can issue the following command htpasswd -c -b /home/httpd/html/piranha/secure/passwords
piranha 'password of choice' In theory, this means only you have access to
that area and you are hardly likely to try and exploit the problem
yourself.
When you install the update for the piranha-gui, please take a moment to login into the gui frontend and set a password on the account (http://localhost/piranha)
5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
N/A
6. Obsoleted by:
N/A
7. Conflicts with:
N/A
8. RPMs required:
Red Hat Linux 6.2:
intel:1 .i386.rpm4 .13-1.i386.rpm. 13-1.i386.rpm
ftp://updates.redhat.com/6.2/i386/piranha-0.4.13-
ftp://updates.redhat.com/6.2/i386/piranha-docs-0.
ftp://updates.redhat.com/6.2/i386/piranha-gui-0.4
alpha:
It's because normally you have to make your graphics anti-aliased so that curves and such don't look like lousy done bitmaps, and when you do so, you will use gradients of the two colors (the color of your graphic and the background color). You will obviously want to mark the "pure" background color as transparent in your graphic, or else the point of the anti-aliasing is gone.
But, anyway, the result is that if you one day change your background, your images will still have those anti-aliasing gradients from the old background color, and it will look horrible. Trust me, I've tried it, and it doesn't look good... ;)
Many programs, less for example, uses space for page down (and "b" for page up) and I bet many other people are also used to that.
Ethernet makes sense even for those without a permanent net connection (big gaming party in the house?). Also, most people with cable modems use Ethernet - the connection between the cable "modem" and your computer is often an Ethernet link. Add a cheap hub, and voilà!
I think that if SuSe finally decided that they should port to PPC, Red Hat will soon be following. I don't know if they will port themselves, though. Maybe they'll just buy LinuxPPC. Seems like a logical move to me.
ftp://ftp.orginalsite.org/pub/software/Foo-3.14.t
with
ftp://ftp.yoursite.com/pub/mirrors/ftp.originalsi
Also, name the mirror directories after the server mirrored (i.e.
/pub/mirrors/ftp.xmms.org/
/pub/mirrors/xmms-mirror/).
and not something like
This makes it significantly easier to know exactly what is mirrored without having to browse the entire structure to find out.
Of course people have succesfully defended themselves by using guns after they've been shot. And I really believe that you could present me with well-documented cases where this has actually happened.
But on the other hand, I could probably also show you well-documented proof that there was over ten thousand people winning large lotteries in the US last year, or such. Those "statistics" tell you nothing about the opposite scenario, which most probably is much more likely.
And since Windows filesharing is an important factor at a lot of sites that uses both Mac and Windows boxes, a deciscion of not porting Samba would make no sense to me.
I think bad Hollywood movies are to blame for this, showing brave men responding to gun fire with one or two bullet wounds to their bodies. Even if you just get a "nice" bullet in your leg or so, the blood loss will make you really dizzy and most probably not even capable of targeting a gun, or maybe even hold it.
So in my opinion, the whole thing about using guns as self-defence or for "protecting my house from burglars" is effectively moot. Guns hurt. Instantly and seriously. No self-defense there.
This is not bad IMHO because you can choose what kind of install you want - Server, Gnome Workstation, KDE Workstation, Laptop System - it's a simple choice in the install. And don't worry, you can also select exactly what packages you want.
I think this is a Good Thing. Instead of having distributions tailored for various uses you have a "fat" distribution and the option to choose the primary use in the install. Of course you can tailor Slackware exactly the way you want too, but I think the option in the RedHat install is nice, because even if you want the system tailored for a specific use you don't have to choose all the packages yourself if you don't want to.
This is because a server has to work with whatever an IT department wants to put on it, whether that be Windows NT, Windows 2000, Netware, Linux, SCO Unix, *BSD, Solaris x86 or something else.
I researched this (the hardware support) last summer, when I worked with installing Compaq Proliant servers in a pretty NT-only IT department. I wanted to know if there was a good technical reason why I couldn't put Linux on these nice machines. It turned out that there wasn't. It was just political...
Just HairyDrunkenLactatingSpottedMonkies.com should be worth $300M alone!
I believe the joke is yours. If Mandrake weren't taking ideas from Red Hat, there simply would be no Mandrake as we know it today. The opposite is probably just as true.
Maybe you should read the recent article on Mandrake and the relationship between them and Red Hat (previously featured on the beloved /.) for some really nice quotes on this.