Now go ahead and mark me a troll for having an unpopular opinion.
Naa. It's not that you're a troll. It's just that you've fallen into the trap of contemporary thinking that most software is commercial software. That's simply not true. Most corporations have more lines of code for internal applications than MS Windows and the Linux kernel combined.
The fact is that the vast majority of that code is pure expense. Accounts Payable, Accounts Receivable, Payroll, Inventory control, etc., applications have been re-written thousands of times by different companies. It's only fairly recently that commercial packages for these have become available for "enterprise" use. They are expensive and can require changes to business processes that make a particular company's operation less efficient overall. Either that or pony up for consulting hours or source licenses to make custom modifications that have to be retrofitted into new realeases as they become available.
The bottom line is that if companies worked together to develop an open source suite of application components, each company's expenses would be lowered. Programmers would still be employed to compose the overall system so that it suits the companies management, organizational model and business processes. Programmers would still be employed to contribute to the open source process because it would be cheaper than recurring licensing costs and improve business effeciency.
And that only addresses business-related applications. IT is a hotbed of opportunities for cost reduction through participation in open source projects. Any company with an IT organization faces the same challenges: How do we manage all these network devices, servers, workstations, etc.? How do we get notified of a problem before the business is impacted so we can prevent a disruption of income? You can buy into the OpenView/Tivoli/Unicenter/etc. mega-management framework/suite/nightmare (which may impose artificial and arbitrary restrictions on your systems and network infrastucture) and spend big $$ in administration and "management of the management", or you can employ open source developers to work on projects with other companies facing the same issues. The price tags of these suites plus support labor most likely exceeds the cost of paying the same number of staff a little bit more for development experience.
Plus, I'll wager all my karma that any company running one (or more) of the big NMS suites has a variety of open source applications (MRTG, Nagios, NMIS, etc.) deployed as "point solutions" to fill gaps that it's just to painful to try to fill with the commercial products. We have one (unnamed) commercial performance management system that is licensed by the number of nodes monitored. The constant growth in our network combined with the traditional big-company purchasing bureaucracy means we never have enough licenses to monitor everything properly. So we either play the license shell game (moving licenses to nodes in the current hotspots) or we go look at NMIS for free.
Slowly, management has come around to the fact that open source deployment is faster, if not as flashy, as far more expensive commercial applications and at least as effective. They came to that realization because when problems came up they saw with their own eyes that our open source tools had the answers and the commercial products didn't because the commercial products were not licensed to "see" the problem.
Where they have not gone yet is understanding that since the open source applications are not as robust and flashy as they would like, they can fix that by letting staff participate on those projects to make them even more suitable to our environment. What have we got to lose? We spend enourmous labor hours on maintenance of servers and commercial software that doesn't quite meet our needs. How about we drop licensing costs, quite fighting applications (and vendors) to get them to do what we need, and spen
If neither the store nor Macromedia "honored" the shrinkwrap license, they are in violation of UCITA and the "license", and whatever restrictions it attempts to impose, is probably void since they have failed to fulfill their legal obligations. Congratulations! You can do whatever you want with the software, constrained only by copyright law which takes over in the absence of a contract or license.
Not exactly. Novell moved to dismiss based on falsity (DENIED) and on pleading of special damages (GRANTED without prejudice), not on the merits (although I'm sure that will come later). In law math a dismissal GRANTED + a dismissal DENIED == a dismissal GRANTED. SCO has 30 days to define with an acceptable specification of "special damages" or the case is done.
Further, SCOs motion to remand to state court was their argument that this is a contract, not a copyright case. The judge disagreed - it is about copyright, specifically your point about whether the ammended APA constitutes a transfer or not. So it stays in federal court where Novell can argue that it doesn't.
The judge scattered throughout the decision that it doesn't look like the ammended APA is a proper transfer to him, but he denied the claim on falsity because he felt that it was premature and the parties should have their arguments heard in court. The message to SCO was pretty clear: "When this get's to court, your ducks better be forming a better line than they are right now."
This isn't just a legal issue; in order to gain significant market share, earn the trust of potential users, and develop with a strong backbone in a reliable direction, Linux must be accountable. Users have to be able to turn to someone/somewhere for support, for resources, for guidance; because there is no single authority over Linux, many companies and users are uncomfortable with it.
This is entirely an economic argument against what Brown is stating. His conclusion is that "hybrid source" will ruin the economics of the software industry.
False. It will ruin the economics of the monopolistic software lock-in business model. It will create a software industry with local support experts with full access to the source code, capable of actually fixing problems instead of reporting them to the vendor and sitting on their hands awaiting a fix. Whether you contract them, or hire them, they are people who live next door and whose next meal depends on keeping you, the customer, happy. That's "accountable". An EULA that disclaims all warranties and liabilities is not.
What bozo's like this fail to realize is that the U.S. economy is driven by small businesses. Collectively, small businesses pay more taxes and employ more people than the Fortune 500 combined.
Real (libre) open source has the potential to kick both the U.S. and global economy in the ass, to such a high gear, that the the gradual disappearance of Microsoft, Oracle, SAP, etc. wouldn't even be noticed. Custom application of open source components would drive huge productivity gains as people and businesses started to work the way they decide they are most efficient, not the way their applications dictate. Open standards and 100% compatibility would completely eliminate time wasted converting or re-transmitting information. File formats would cease to be an impediment to communications. Open code and full disclosure would strengthen security and eliminate billions in lost productivity to viruses and worms. All those high-tech workers displaced by outsourcing would be able to get off the public dole and become entrepeneurs -- more small businesses supporting other small business
Economic threat, yes. But not to 99% of the population. Only to the very small portion of the population that own proprietary software companies (employees will have whole new vistas of opportunities) that refuse to adapt to a customer-oriented service model. Mr. Browns elaborate propoganda for promoting only "proprietary-friendly" open source software is a thinly veiled argument on behalf of the status-quo.
I had a reel-to-reel tape recorder in the early 60's. Pretty limited computing resource and the longer you held the FF switch, the farther and faster the tape advanced. The RW switch could be done the same or you could push it farther and it would stay on by itself until you pressed it again. Sounds like a time-delayed click to me.
That's close to what I did. The patch makes a static bash run setuid 0 and logs via syslog everything they enter exactly as if they where running with set -x. (It used to log the output as well, but it makes for very messy logs if you trap screen oriented stuff like vi sessions, etc. Knowing who editted a file and when has been sufficient for isolating blame^W accountability.) It also requires the userids, from and to, be defined in a secure file (chmod 0, owned root:root). It logs what user called it, and what uid they switched to (I also use it to allow users to switch to non-root uids so it can be used for DB/application "admin" IDs as well) and the session begin and end times.
Since it uses syslog, log entries are sent to a remote machine in real time.
Before anyone says it, I will: This is a security hole by design. It grants full root access with no restrictions, BUT, a) everything is logged, b) it can only be used by people who really need root anyway, c) we've got an audit trail, and d) no need to communicate root passwords out-of-band (e.g. email, voice, etc.) where they can be sniffed or overheard. Plus, if anyone leaves or abuses it, they get pulled from the config and no need to change the root passwords. The point is not to prevent people from doing things, but to let them do what needs to be done with accountability.
Since implementing this, no one knows the root passwords on our machines. They are set to very strong password and kept sealed in an signed envelope in a lock box at the data center. If they are set strong enough, even the person who sets it forgets it after a short while.
Sorry, couldn't resist. But I absolutely agree with
your post. AFAIC, the biggest issue is that <HTML TEXTAREA> does not a word processor make (preview button be damned! You can see your typo in the preview and search for several minutes in the text box and just not see it). Plus, I'm sure there are numerous slashdot readers who are not native english speakers. I'm glad they post in poorly spelled english then correctly spelled anything else.
I'm a multi-lingual illiterate. I can't read in several languages.
You sound like you know what you're talking about. What are you doing posting on Slasdot?
All seriousness aside, since you've been down in the trenches, what referenced would you recommend for someone just getting started that wants to VPN their wireless subnet to their wired?
Sure, you can provide multiple binary packages. I mentioned that. But there's a pretty big overhead in doing so, and it doesn't provide you with dependency resolution as fine-grained as building from source.
The difference is that to maintain multiple binary packages, the overhead is on the distribution build and management servers. For a source based distribution, the overhead is on the user's box. I suspect even Microsoft's biggest advocates would start complaining about "bloat" if they were expected to re-compile Office on all their desktops, depending on if they wanted macro support, talking paperclips, multi-language support, OLE, ActiveX and whatnot enabled or disabled. (OTOH, it could be worth it to disabled that freaking paperclip.)
I don't think, however, that's the level of "dependency resolution" you're referring too. Giving the user that degree of control over major "suites" of software is setting yourself up for a support nightmare.
The real point is that dependency resolution does not depend on compiling from source. It's a project/package management problem. Debian packages Apache and it's modules in separate binary packages, and apt-getting a module plugs it right into Apache. The problem can be sovled without resorting to everyone compiling their own package. Projects need to have modular hooks in place that take advantage of features or extensions if they are available and ignore them if they are not.
As for your second point, I happen to think that the "never put dev tools on a non-dev box" thing is stupid. If you're cracked, the cracker can just transfer a copy of GCC to the box. Plus, any kind of malicious code you're going to write in C could just as easily be written in Perl or Python, and good luck running a Linux system without either of those installed.
There are different degrees of "cracked". If you have a remote root exploit, it's all over. If you have a non-root remote exploit, then the bad guy can get in but he'll need a privilege escalation exploit to do real damage. Having dev tools makes that a lot easier.
Yes, they can transfer a dev suite over, but that takes more time and effort and will trigger your file integrity checks and alert you to the crack. Having them right there for him may (emphasis on may; the principle is "defense in depth", do not rely on any single layer), not trigger anything, or not trigger anything in time. If you can't stop them, then anything you can do to slow them down helps.
As to finding a Linux system without Perl or Python, well I'd love to. I shouldn't need them on a DB server or an app server, and I hope that that would be possible with a properly "component-ized distribution."
The point of Gentoo is that using the source for installation allows much finer grained dependency resolution.
At the expense of having a complete compiler suite, plus sufficient space for all required source code and horsepower to compile it.
First, yes, Gentoo does binary packages but using them contradicts your point. Debian/apt can provide optimized binaries and it can do so for a variety of platforms. For example: mplayer-386, mplayer-686, and mplayer-k7 provides the same "mplayer" package. Dependent packages need only say "I need 'mplayer'" and which ever optimized version you get will satisfy the dependency.
Second, a core security principle is that you never put development tools on a non-development box (server OR desktop). As part of a strategy of "defense in depth", if you get cracked, the last thing you want to do is give the cracker more ammunition to attack you or other machines on your network.
Combine this with the fact that Linux is moving into general purpose (non-techie) desktop use. Try to imagine a desktop distro based on Gentoo with the security processes and procedures of the typical Windows user. They get an email "Subject: Important Security Update!", click, answer the "WARNING: running attachments is dangerous!" with "Yes, I really want to". The payload can not only run as an executable, it can run an autoconf style configuration tool to find all vulnerable libraries on the system and make a custom remote exploit with built-in privilege escalation.
Python + Boa-Constructor ~= Delphi. As VB programers start to realize what they can do, and still be in complete control and participate in the language evolution, yes, I think Python could replace VB within 10 years.
Also, don't forget that Guido got a DARPA acceptance and funding for Computer Programming for Everyone. Kids may be learning Python in elementary school soon.
If you "bought a license to the content", and they refuse to replace the media so you can excercise your contractual (license) rights, take them to small claims court. Even a small claims judgement is a judgement, so if they want to "license" then let them "license", but make them live up to their side of the contract.
If we can rack up enough judgements, they'll either have to admit it's a sale or implement proper programs to replace failing media. Either way the consumer wins.
Try taking it back to the retailer. I had a similar situation with a season of Angel. I got a couple seasons as gifts at the same time. On the second season, the fourth disc had a point where it just stopped. The disc showed a clear smear.
With no receipt, and long after the return period (not 4 years, but it takes more than the return period to watch a couple seasons of shows, unless you want to turn into a vegetable), I said "why not" and just tried to take it back to Best Buy.
To my surprise, not only did they exchange it, but they opened the new copy and inspected each disc.
So maybe (ok, probably) the MPAA are a bunch of morons, but the retail outlets understand where their profit comes from: customer service. Where ever you got it may, or may not, exchange it but it doesn't take much effort to try. Eventually, if enough returns come in, the retailers will take the issue back to the produces.
And maybe, just maybe, the market will actually get the point across that it's cheaper to let customers make and use backups than replace DVD's every couple of years.
I'd just like to point out that many year's ago I designed a program as follows:
print("Hello");
Then K&R came along, added some headers, an 'f' to "print", wrapped it in a main() function and added " World." They called their version "Hello World."
Consequently, I own all rights to all C programs, since they are all derived from "Hello World" which is derived from my "Hello" program. Everyone using anything written in C can pay me $699.00 now, or $2000.00 sometime after I extend the original discounted price 3 to 27 times.
I expect to be invoicing you all real soon now. Or you can avoid the rush and just reply here with your credit card information.
Software that takes 6 months for one guy to slap together, isn't going to impress anybody who has an IT background. They'll see it's obviously only 6 man months of work...;-)
You're being very generous to IT management. I get 2-3 requests a week to "review" COTS network management "solutions". The last one I looked at was recommended by a NOC manager. It took me 20 minutes to write something using open source components that provided equivalent functionality to their "core competency." Of course I had no flashy GUI with red=bad green=good colors (management's idea of "quality" management software; the "Oooh, shiny things" syndrome), but I got the message across.
Someone is buying this stuff and it's not at all obvious to people with purchasing authority that it's a complete and total waste of money.
As George Carlin said "If you take any 2 things that have never been nailed together before and nail them together, someone will buy it."
"However, it may be that much of the placebo effect is not a matter of mind over molecules, but of mind over behavior. A part of the behavior of a "sick" person is learned. So is part of the behavior of a person in pain. In short, there is a certain amount of role-playing by ill or hurt people. Role-playing is not the same as faking or malingering. The behavior of sick or injured persons is socially and culturally based to some extent. The placebo effect may be a measurement of changed behavior affected by a belief in the treatment. The changed behavior includes a change in attitude, in what one says about how one feels, and how one acts. It may also affect one's body chemistry."
This is why Sheeley required the patient's spouse to attend the program as well. He taught the spouse how to not reward pain behavior by providing sympathy or doing things for the patient that the patient could do just fine if they MADE themselves do it.
This is the basis of Holistic medicine -- treat the patient, not the "disease". Sometimes the "disease" itself is a symptom of something else. As for advancing science, I think you'll find Sheeley had quite an impact.
The difference between "Science" and "Voodoo" is who believes it.
I'd modify that slightly. The difference is "who believes it works". If someone believes voodoo works, and pursues understanding "Why?" then it's science.
This is what Sheeley did (or does if he's still around). He recognized that there are lots of "medicines" in different cultures around the world the "we" don't understand, and he worked to find out why through their application.
Instead a seeminly unrelated story. My father was a parapelegic (waist down paralysis) and in a wheelchair for 30 years from a broken back. He suffered horrendous pain for years. We lived in a small town. Small town doctor. Small town pharmacist. They new he was on pain medication, new what it was and if he asked for a refill, well, he must need it, so he got it. Hell, as I child I walked into the pharmacy and asked for it for him all the time and just got it.
One day the pharmacist happened to actually read his refill history. He was taking enough on any given day to kill someone who'd never taken it before. Coincidentally, Dr. C. Norman Sheeley, author of "Occult Medicine can Save Your Life" and founder of the American Holistic Medical Association, was speaking at the local university. Dad went, and volunteered as a "test subject" for that very lecture. He was treated with accupuncture and completely, albeit temporarily relieved. (I'm talking 30+ years ago when acupuncture was as foreign to the west as open source is to Microsoft)
So he started acupuncture treatements. It never worked again. He finally contacted Dr. Sheeley who invited him to his compound.
Dr. Sheeley only took pain patients that everyone else had given up on. IIRC, the treatment period was 3 weeks, and required your spouse to attend if you where married. The program was simply "try everything" (well, except drugs - those had all been tried already). Acupuncture, faith healing, bio-feedback, massage, electro-stimulation, and I don't know what else. IIRC, he even had an African "witch-doctor" in occasionally. (I still have a pair of goofy, hand-made with parts from Radio-shack, dark goggles with lights inside that pulsate at alpha and theta frequencies. They will relax you completely or put you to sleep in just a few minutes. And I use them when I get migraines.)
Bottom line -- Dad came back and never took another pain pill until he was on his death bed with cancer. The goggle thingy + bio-feedback + electro-stimulation was his cure. Other patients who where there at the same time had their cure.
Sheeley's philosophy was "If it works, it works." So what if we can't explain it? The human physiology is extremely complex and the mind even more so. If we don't consider things just because we don't understand them then we are making a conscious decision to be bound by our own ignorance.
His success rate, again on patients that "traditional" doctors had completely given up on, was over 80%.
So, yeah. if the drugs work for you fine. If neural feedback works, fine. If stretching your left testicle over your right ear works, fine. If none of those do it for you, that doesn't mean they won't work for some one else.
Except for the left testicle one. That only has around a 50% chance of working for everyone, and I don't recommend it anyway. It's really rough on your ear.
I agree (in fact _all_ systems need this -- why bother backing up installed binaries that never change), and I'm working on it. Lesseee, avg. spare time/week = ~ 15 minutes. Hmm... might be a while.
Seriously, I've got a script that can do dpkg-repack on installed packages, and tar.[gz|bz2]'s all listed config files to pkgname.config.tar.bz2 It's not that hard really. The first kink is that admins have this nasty tendency to add config files, like drop stuff in/etc/postfix and reference them in main.cf or use Apache includes, etc. I think it fairly reasonable to assume if/etc/[pkgname]/something is listed in conffiles then all/etc/[pkgname] gets backed up.
The second kink is the same as the first for stuff in/var.
All that's left is your data. If you don't know where it's at, I can't help you;)
The only way I see to "finish" it is to have a configuration policy guide that the admin must follow in order for it to work. Shoot, it may already be in the Debian Policy Manual, but if I took time to read that I'd never get to code (or read/.).
So if anyone has any comments or suggestions I'll take 'em under GPL conditions. If anybody who has time wants what I got so far (like ~200 lines of bash) mail me a/@.net/.net, subject: dpkg-mgr, in the only way you can map that to a valid email.
(1) IN GENERAL- Except as provided in paragraph (2), protection under this Act shall not extend to--
(A) a database generated, gathered, organized, or maintained by a Federal, State, or local governmental entity, or by an employee or agent of such an entity, acting within the scope of such employment or agency; or
(B) a database generated, gathered, or maintained by an entity pursuant to and to the extent required by a Federal statute or regulation requiring such a database.
(2) EXCEPTION- Nothing in this section shall preclude protection under this Act for a database gathered, organized, or maintained by an employee or agent of an entity described in paragraph (1) that is acting outside the scope of such employment or agency, or by a Federal, State, or local educational institution, or its employees or agents, in the course of engaging in education, research, or scholarship.
This is even better than copyrights, which the federal government is not allowed to produce, but are allowed to "acquire" and (afaik) there is no restriction on local or state governments creating copyrighted works. This bill actually prohibits any governmental agency from exercising the protection of this bill, even if they only "maintain" (as in those pesky copyrighted buiding codes) them.
I'd like to see the exclusion to the excemption (only in legalese can such double-talk make sense) for educational institutions removed though. We're paying for their research too.
The other exclusion, that of allowing "off-duty" government employees to own what they do "outside the scope of" their employment to maintain owership of their work would also be nice if it were added to copyright law. As it is now, the application of the "work for hire" doctrine pretty much means your employer owns the brilliant idea you come up with while sitting at home taking your morning dump.
As it stands, this bill is not the threat to public information you make it out to be. Whether or not it's actually good, I'm not so sure.
I know how to establish a relationship among all those unknown software developers.
Get them all to sign their names on a lawsuit against SCO for copyright infringement in violation of their chosen license agreement.
Then they'll all be known and have a relationship and SCO will be satisfied. (If I only had 1 line accepted into the kernel, I'd be suing SCO for a percentage of all their Linux earnings to date.)
Slashdot Mirror
Naa. It's not that you're a troll. It's just that you've fallen into the trap of contemporary thinking that most software is commercial software. That's simply not true. Most corporations have more lines of code for internal applications than MS Windows and the Linux kernel combined.
The fact is that the vast majority of that code is pure expense. Accounts Payable, Accounts Receivable, Payroll, Inventory control, etc., applications have been re-written thousands of times by different companies. It's only fairly recently that commercial packages for these have become available for "enterprise" use. They are expensive and can require changes to business processes that make a particular company's operation less efficient overall. Either that or pony up for consulting hours or source licenses to make custom modifications that have to be retrofitted into new realeases as they become available.
The bottom line is that if companies worked together to develop an open source suite of application components, each company's expenses would be lowered. Programmers would still be employed to compose the overall system so that it suits the companies management, organizational model and business processes. Programmers would still be employed to contribute to the open source process because it would be cheaper than recurring licensing costs and improve business effeciency.
And that only addresses business-related applications. IT is a hotbed of opportunities for cost reduction through participation in open source projects. Any company with an IT organization faces the same challenges: How do we manage all these network devices, servers, workstations, etc.? How do we get notified of a problem before the business is impacted so we can prevent a disruption of income? You can buy into the OpenView/Tivoli/Unicenter/etc. mega-management framework/suite/nightmare (which may impose artificial and arbitrary restrictions on your systems and network infrastucture) and spend big $$ in administration and "management of the management", or you can employ open source developers to work on projects with other companies facing the same issues. The price tags of these suites plus support labor most likely exceeds the cost of paying the same number of staff a little bit more for development experience.
Plus, I'll wager all my karma that any company running one (or more) of the big NMS suites has a variety of open source applications (MRTG, Nagios, NMIS, etc.) deployed as "point solutions" to fill gaps that it's just to painful to try to fill with the commercial products. We have one (unnamed) commercial performance management system that is licensed by the number of nodes monitored. The constant growth in our network combined with the traditional big-company purchasing bureaucracy means we never have enough licenses to monitor everything properly. So we either play the license shell game (moving licenses to nodes in the current hotspots) or we go look at NMIS for free.
Slowly, management has come around to the fact that open source deployment is faster, if not as flashy, as far more expensive commercial applications and at least as effective. They came to that realization because when problems came up they saw with their own eyes that our open source tools had the answers and the commercial products didn't because the commercial products were not licensed to "see" the problem.
Where they have not gone yet is understanding that since the open source applications are not as robust and flashy as they would like, they can fix that by letting staff participate on those projects to make them even more suitable to our environment. What have we got to lose? We spend enourmous labor hours on maintenance of servers and commercial software that doesn't quite meet our needs. How about we drop licensing costs, quite fighting applications (and vendors) to get them to do what we need, and spen
#include
Read about Softman v. Adobe (including the actual decision, before quadruple BS'ing each other.
True, but I'm starting to think "reader of Groklaw" > "SCO lawyer". The former definitely has better research.
Further, SCOs motion to remand to state court was their argument that this is a contract, not a copyright case. The judge disagreed - it is about copyright, specifically your point about whether the ammended APA constitutes a transfer or not. So it stays in federal court where Novell can argue that it doesn't.
The judge scattered throughout the decision that it doesn't look like the ammended APA is a proper transfer to him, but he denied the claim on falsity because he felt that it was premature and the parties should have their arguments heard in court. The message to SCO was pretty clear: "When this get's to court, your ducks better be forming a better line than they are right now."
IANALBIAAGLR
This is entirely an economic argument against what Brown is stating. His conclusion is that "hybrid source" will ruin the economics of the software industry.
False. It will ruin the economics of the monopolistic software lock-in business model. It will create a software industry with local support experts with full access to the source code, capable of actually fixing problems instead of reporting them to the vendor and sitting on their hands awaiting a fix. Whether you contract them, or hire them, they are people who live next door and whose next meal depends on keeping you, the customer, happy. That's "accountable". An EULA that disclaims all warranties and liabilities is not.
What bozo's like this fail to realize is that the U.S. economy is driven by small businesses. Collectively, small businesses pay more taxes and employ more people than the Fortune 500 combined.
Real (libre) open source has the potential to kick both the U.S. and global economy in the ass, to such a high gear, that the the gradual disappearance of Microsoft, Oracle, SAP, etc. wouldn't even be noticed. Custom application of open source components would drive huge productivity gains as people and businesses started to work the way they decide they are most efficient, not the way their applications dictate. Open standards and 100% compatibility would completely eliminate time wasted converting or re-transmitting information. File formats would cease to be an impediment to communications. Open code and full disclosure would strengthen security and eliminate billions in lost productivity to viruses and worms. All those high-tech workers displaced by outsourcing would be able to get off the public dole and become entrepeneurs -- more small businesses supporting other small business
Economic threat, yes. But not to 99% of the population. Only to the very small portion of the population that own proprietary software companies (employees will have whole new vistas of opportunities) that refuse to adapt to a customer-oriented service model. Mr. Browns elaborate propoganda for promoting only "proprietary-friendly" open source software is a thinly veiled argument on behalf of the status-quo.
Since it uses syslog, log entries are sent to a remote machine in real time.
Before anyone says it, I will: This is a security hole by design. It grants full root access with no restrictions, BUT, a) everything is logged, b) it can only be used by people who really need root anyway, c) we've got an audit trail, and d) no need to communicate root passwords out-of-band (e.g. email, voice, etc.) where they can be sniffed or overheard. Plus, if anyone leaves or abuses it, they get pulled from the config and no need to change the root passwords. The point is not to prevent people from doing things, but to let them do what needs to be done with accountability.
Since implementing this, no one knows the root passwords on our machines. They are set to very strong password and kept sealed in an signed envelope in a lock box at the data center. If they are set strong enough, even the person who sets it forgets it after a short while.
Good spelling is important....
Sorry, couldn't resist. But I absolutely agree with your post. AFAIC, the biggest issue is that <HTML TEXTAREA> does not a word processor make (preview button be damned! You can see your typo in the preview and search for several minutes in the text box and just not see it). Plus, I'm sure there are numerous slashdot readers who are not native english speakers. I'm glad they post in poorly spelled english then correctly spelled anything else.
I'm a multi-lingual illiterate. I can't read in several languages.
All seriousness aside, since you've been down in the trenches, what referenced would you recommend for someone just getting started that wants to VPN their wireless subnet to their wired?
TIA
The difference is that to maintain multiple binary packages, the overhead is on the distribution build and management servers. For a source based distribution, the overhead is on the user's box. I suspect even Microsoft's biggest advocates would start complaining about "bloat" if they were expected to re-compile Office on all their desktops, depending on if they wanted macro support, talking paperclips, multi-language support, OLE, ActiveX and whatnot enabled or disabled. (OTOH, it could be worth it to disabled that freaking paperclip.)
I don't think, however, that's the level of "dependency resolution" you're referring too. Giving the user that degree of control over major "suites" of software is setting yourself up for a support nightmare.
The real point is that dependency resolution does not depend on compiling from source. It's a project/package management problem. Debian packages Apache and it's modules in separate binary packages, and apt-getting a module plugs it right into Apache. The problem can be sovled without resorting to everyone compiling their own package. Projects need to have modular hooks in place that take advantage of features or extensions if they are available and ignore them if they are not.
As for your second point, I happen to think that the "never put dev tools on a non-dev box" thing is stupid. If you're cracked, the cracker can just transfer a copy of GCC to the box. Plus, any kind of malicious code you're going to write in C could just as easily be written in Perl or Python, and good luck running a Linux system without either of those installed.
There are different degrees of "cracked". If you have a remote root exploit, it's all over. If you have a non-root remote exploit, then the bad guy can get in but he'll need a privilege escalation exploit to do real damage. Having dev tools makes that a lot easier.
Yes, they can transfer a dev suite over, but that takes more time and effort and will trigger your file integrity checks and alert you to the crack. Having them right there for him may (emphasis on may; the principle is "defense in depth", do not rely on any single layer), not trigger anything, or not trigger anything in time. If you can't stop them, then anything you can do to slow them down helps.
As to finding a Linux system without Perl or Python, well I'd love to. I shouldn't need them on a DB server or an app server, and I hope that that would be possible with a properly "component-ized distribution."
At the expense of having a complete compiler suite, plus sufficient space for all required source code and horsepower to compile it.
First, yes, Gentoo does binary packages but using them contradicts your point. Debian/apt can provide optimized binaries and it can do so for a variety of platforms. For example: mplayer-386, mplayer-686, and mplayer-k7 provides the same "mplayer" package. Dependent packages need only say "I need 'mplayer'" and which ever optimized version you get will satisfy the dependency.
Second, a core security principle is that you never put development tools on a non-development box (server OR desktop). As part of a strategy of "defense in depth", if you get cracked, the last thing you want to do is give the cracker more ammunition to attack you or other machines on your network. Combine this with the fact that Linux is moving into general purpose (non-techie) desktop use. Try to imagine a desktop distro based on Gentoo with the security processes and procedures of the typical Windows user. They get an email "Subject: Important Security Update!", click, answer the "WARNING: running attachments is dangerous!" with "Yes, I really want to". The payload can not only run as an executable, it can run an autoconf style configuration tool to find all vulnerable libraries on the system and make a custom remote exploit with built-in privilege escalation.
Getting root becomes a whole lot easier.
Also, don't forget that Guido got a DARPA acceptance and funding for Computer Programming for Everyone. Kids may be learning Python in elementary school soon.
If we can rack up enough judgements, they'll either have to admit it's a sale or implement proper programs to replace failing media. Either way the consumer wins.
With no receipt, and long after the return period (not 4 years, but it takes more than the return period to watch a couple seasons of shows, unless you want to turn into a vegetable), I said "why not" and just tried to take it back to Best Buy.
To my surprise, not only did they exchange it, but they opened the new copy and inspected each disc.
So maybe (ok, probably) the MPAA are a bunch of morons, but the retail outlets understand where their profit comes from: customer service. Where ever you got it may, or may not, exchange it but it doesn't take much effort to try. Eventually, if enough returns come in, the retailers will take the issue back to the produces.
And maybe, just maybe, the market will actually get the point across that it's cheaper to let customers make and use backups than replace DVD's every couple of years.
print("Hello");
Then K&R came along, added some headers, an 'f' to "print", wrapped it in a main() function and added " World." They called their version "Hello World."
Consequently, I own all rights to all C programs, since they are all derived from "Hello World" which is derived from my "Hello" program. Everyone using anything written in C can pay me $699.00 now, or $2000.00 sometime after I extend the original discounted price 3 to 27 times.
I expect to be invoicing you all real soon now. Or you can avoid the rush and just reply here with your credit card information.
Thank you for your business.
You're being very generous to IT management. I get 2-3 requests a week to "review" COTS network management "solutions". The last one I looked at was recommended by a NOC manager. It took me 20 minutes to write something using open source components that provided equivalent functionality to their "core competency." Of course I had no flashy GUI with red=bad green=good colors (management's idea of "quality" management software; the "Oooh, shiny things" syndrome), but I got the message across.
Someone is buying this stuff and it's not at all obvious to people with purchasing authority that it's a complete and total waste of money.
As George Carlin said "If you take any 2 things that have never been nailed together before and nail them together, someone will buy it."
No, sorry. Even if I cracked it open, I wouldn't know what I was looking at.
So... the study and definition of the placebo effect is not scienctific?
"However, it may be that much of the placebo effect is not a matter of mind over molecules, but of mind over behavior. A part of the behavior of a "sick" person is learned. So is part of the behavior of a person in pain. In short, there is a certain amount of role-playing by ill or hurt people. Role-playing is not the same as faking or malingering. The behavior of sick or injured persons is socially and culturally based to some extent. The placebo effect may be a measurement of changed behavior affected by a belief in the treatment. The changed behavior includes a change in attitude, in what one says about how one feels, and how one acts. It may also affect one's body chemistry."
This is why Sheeley required the patient's spouse to attend the program as well. He taught the spouse how to not reward pain behavior by providing sympathy or doing things for the patient that the patient could do just fine if they MADE themselves do it.
This is the basis of Holistic medicine -- treat the patient, not the "disease". Sometimes the "disease" itself is a symptom of something else. As for advancing science, I think you'll find Sheeley had quite an impact.
I'd modify that slightly. The difference is "who believes it works". If someone believes voodoo works, and pursues understanding "Why?" then it's science.
This is what Sheeley did (or does if he's still around). He recognized that there are lots of "medicines" in different cultures around the world the "we" don't understand, and he worked to find out why through their application.
Instead a seeminly unrelated story. My father was a parapelegic (waist down paralysis) and in a wheelchair for 30 years from a broken back. He suffered horrendous pain for years. We lived in a small town. Small town doctor. Small town pharmacist. They new he was on pain medication, new what it was and if he asked for a refill, well, he must need it, so he got it. Hell, as I child I walked into the pharmacy and asked for it for him all the time and just got it.
One day the pharmacist happened to actually read his refill history. He was taking enough on any given day to kill someone who'd never taken it before. Coincidentally, Dr. C. Norman Sheeley, author of "Occult Medicine can Save Your Life" and founder of the American Holistic Medical Association, was speaking at the local university. Dad went, and volunteered as a "test subject" for that very lecture. He was treated with accupuncture and completely, albeit temporarily relieved. (I'm talking 30+ years ago when acupuncture was as foreign to the west as open source is to Microsoft)
So he started acupuncture treatements. It never worked again. He finally contacted Dr. Sheeley who invited him to his compound.
Dr. Sheeley only took pain patients that everyone else had given up on. IIRC, the treatment period was 3 weeks, and required your spouse to attend if you where married. The program was simply "try everything" (well, except drugs - those had all been tried already). Acupuncture, faith healing, bio-feedback, massage, electro-stimulation, and I don't know what else. IIRC, he even had an African "witch-doctor" in occasionally. (I still have a pair of goofy, hand-made with parts from Radio-shack, dark goggles with lights inside that pulsate at alpha and theta frequencies. They will relax you completely or put you to sleep in just a few minutes. And I use them when I get migraines.)
Bottom line -- Dad came back and never took another pain pill until he was on his death bed with cancer. The goggle thingy + bio-feedback + electro-stimulation was his cure. Other patients who where there at the same time had their cure.
Sheeley's philosophy was "If it works, it works." So what if we can't explain it? The human physiology is extremely complex and the mind even more so. If we don't consider things just because we don't understand them then we are making a conscious decision to be bound by our own ignorance.
His success rate, again on patients that "traditional" doctors had completely given up on, was over 80%.
So, yeah. if the drugs work for you fine. If neural feedback works, fine. If stretching your left testicle over your right ear works, fine. If none of those do it for you, that doesn't mean they won't work for some one else.
Except for the left testicle one. That only has around a 50% chance of working for everyone, and I don't recommend it anyway. It's really rough on your ear.
Seriously, I've got a script that can do dpkg-repack on installed packages, and tar.[gz|bz2]'s all listed config files to pkgname.config.tar.bz2 It's not that hard really. The first kink is that admins have this nasty tendency to add config files, like drop stuff in /etc/postfix and reference them in main.cf or use Apache includes, etc. I think it fairly reasonable to assume if /etc/[pkgname]/something is listed in conffiles then all /etc/[pkgname] gets backed up.
The second kink is the same as the first for stuff in /var.
All that's left is your data. If you don't know where it's at, I can't help you ;)
The only way I see to "finish" it is to have a configuration policy guide that the admin must follow in order for it to work. Shoot, it may already be in the Debian Policy Manual, but if I took time to read that I'd never get to code (or read /.).
So if anyone has any comments or suggestions I'll take 'em under GPL conditions. If anybody who has time wants what I got so far (like ~200 lines of bash) mail me a /@.net/.net, subject: dpkg-mgr, in the only way you can map that to a valid email.
Something like this?
- (a) GOVERNMENT INFORMATION-
This is even better than copyrights, which the federal government is not allowed to produce, but are allowed to "acquire" and (afaik) there is no restriction on local or state governments creating copyrighted works. This bill actually prohibits any governmental agency from exercising the protection of this bill, even if they only "maintain" (as in those pesky copyrighted buiding codes) them.- (1) IN GENERAL- Except as provided in paragraph (2), protection under this Act shall not extend to--
(A) a database generated, gathered, organized, or maintained by a Federal, State, or local governmental entity, or by an employee or agent of such an entity, acting within the scope of such employment or agency; or
(2) EXCEPTION- Nothing in this section shall preclude protection under this Act for a database gathered, organized, or maintained by an employee or agent of an entity described in paragraph (1) that is acting outside the scope of such employment or agency, or by a Federal, State, or local educational institution, or its employees or agents, in the course of engaging in education, research, or scholarship.(B) a database generated, gathered, or maintained by an entity pursuant to and to the extent required by a Federal statute or regulation requiring such a database.
I'd like to see the exclusion to the excemption (only in legalese can such double-talk make sense) for educational institutions removed though. We're paying for their research too.
The other exclusion, that of allowing "off-duty" government employees to own what they do "outside the scope of" their employment to maintain owership of their work would also be nice if it were added to copyright law. As it is now, the application of the "work for hire" doctrine pretty much means your employer owns the brilliant idea you come up with while sitting at home taking your morning dump.
As it stands, this bill is not the threat to public information you make it out to be. Whether or not it's actually good, I'm not so sure.
Then they'll all be known and have a relationship and SCO will be satisfied. (If I only had 1 line accepted into the kernel, I'd be suing SCO for a percentage of all their Linux earnings to date.)