Simply put, why do people work for companies where the administrators would do such a thing?
I don't work for anywhere where they expect me to use a "corporate standard desktop" of any description - first thing I did here was wipe NT and install debian/unstable, so unless they've zapped the BIOS specially I'm pretty darn' safe:) . Did the same at the last place as well, except I went from stormix to potato to unstable instead;)
Certainly amongst the clueful this won't be a problem. For those folks not in the Development department, well... can we hope to educate them? All that's needed is a list from the sysadmin of what monitoring and intercepting she's doing - it should be a Data Protection requirement in the UK, and easily justifiable on moral / privacy grounds elsewhere.
"Furthermore, they assume that if the reader can't do this, they are simply not a good programmer".
Well, as an asumption as you mention this would be bad. Note, however, that there's a very prevalent half-way state: those who really shouldn't be looking at a program because they don't know the language with its idioms, but still somehow declare it to be "illegible", more because of their own shortcomings than any other. IOW, ability to *read* source is a distinctive feature of a good *programmer*. I've experienced folks who can spew code like the proverbial curry after a few pints, but were strangely unable/unwilling to look in any detail at it to debug it later... Just a point to raise in your considerations...
"why do you think it's called code?"
I absolutely hate calling a good program "code", and therefore don't. I suggest you confine your use of the word to garbage that the compiler can understand and your Typical Average Humanoid, even one well-versed in the language, can't (at second inspection).
"This all tends to make programmers minimalists and their documentation clearly reflects this."
By and large, I'll agree, although I think minimalism can be a form of elegance in the program itself.
FWIW (karma whoring, no doubt), <a href="http://haskell.org/">Haskell</a> has had a "literate" mode (*.lhs instead of *.hs sources) since the get-go as well. Leo is definitely not the first. And the rest of the language is pretty darn' minimal too - the "list composition" [expr | condition ] stuff reads almost like Perl-meets-SQL to me;)
"Governments do not have to use open source unless the people say they must."
I don't expect my parents to understand or at least be able to make any informed decision on the nature of open-source versus proprietary software, except in an extension of the way he has to use M$loth-ware at work... So the question arises, how are you going to define "the people" in this case? Is it just going to be bulk count(bums_on_seats) like with most "democracy" or is there any bias towards what might be termed expert opinion?
"Governments must not force citizens to use proprietary software to interact with their government."
That is a side issue compared to what the government itself uses.
In the commercial world, organizations are seen as potential customers. In the open-source or Free world, they're another potential convert.
"Login accounting [] can also be handled this way - somewhere in PAM"
Why bother when you've got process accounting?
As for front-end, you don't need anything spectacular at all; I've seen very useable terminals in Brighton hospital here in the UK, where the WM was basically fvwm(2/95) but with galeon running full-screen, access only to a proxy that required login to let you out on the 'net for real. See http://www.pienetworks.com/products/index.htm for more:)
How do you think we are to go around messing either with Darwin or God? The ruddy things got extinct somehow first time around, how is it right to bring them back ourselves?
What is it about mankind that we're the only species on the planet to have evolved a sense of biology (as far as we know) and yet we call ourselves animals just like everything else, and then proceed to prat around with "oh, we don't want those 5000 hedgehogs there after all", or "cool, woolly mammoth!"?
Looks like a combination of session-IDs, cookies and a "request-ID" as well to me, looking at the url & Keywords=bulk+email&_requestid=6075779. Well, woopie doo. Nothing that a quick wget or curl wouldn't fix...:)
And I have to have a phone directory for the area in question... That's not going to happen. At the very least, the effort required ("Hi bloke, can you look this up for me?", or trips to library, or even surfing around online through online phone directories - and note the trust required there) is such that it becomes worthwhile to start having key-servers to do the job.
"but doing so in such a way that you can reasonably be sure that you're getting it from the official source."
So let's see... I google around for "soundbug UK" as something I recently wished to purchase, find a sponsored link pointing me at a site I've never heard of before, get as far as the obligatory https:// part, take a phone number from the site, phone them up say "what's your fingerprint?"....
Spot the flaw?
Phoning someone up out of the blue adds nothing to the trust factor at all. You need for the out-of-band communication to be trusted for external reasons (e.g. recognizing their voice on the phone) before you can trust them. That's why I might as well save time and place my order while I'm at it.
That's where I think a web-of-trust would win; at the very least you've added in the potential for scoring, or "if it's good enough for my mate Dave, it's good enough for me", with the strength of the crypto-key signature pulling your trust up towards 100% instead of it dropping off with more levels-of-removal from the original trust-er.
I don't see why people present this as a turnaround on Schneier's part. In _Applied Cryptography_ he gives every impression the policy and protocol are critical to the successful security of a system - the first few chapters are dedicated to "if Alice tells Bob..." scenarios!
"I'm annoyed that browsers have been swept into warning you if the site you're visiting doesn't support Verisign's cash flow."
I know the feeling... the only other problem is, though, how does the vast consumer-base out there deal securely online? It doesn't add anything to have to phone up to read out an SSL certificate fingerprint - you might as well just place the order over the phone!
Maybe what we need is a kind of web-of-trust like the idea of a PGP key-server, only for SSL certificates?
Datapoint: a couple of weeks after acquiring my current communicative toy(TM) - a simple nokia 6310 - I found myself using said GPRS at about 2am to hunt hospitals in a given town.
Compared to the hassle of hunting a pen & paper and listening while some insert-female-voice-here noise dictates a phone number, being able to see a little bit of text in front of you has its uses.
Personally I think the remaining 99.5% of the time this is going to be used is on the executive corporate toilet - anyone for next-gen Snake between the stalls?;)
Yes, I had that on my mobile here as well, only it was an 0960 number (premium rate)...
I tracked Googled for the postcode, tracked the number down to somewhere in a shady area of London where - how shall this? - desperate single folks would be guaranteed a choice from a variety of alternative "good times"... Quite a few interesting organizations all within the same block of town.
"Personally, I take responsibility for my own systems security."
So should *everyone*. I have seriously large negative amounts of sympathy for people who whine "oh no, they cracked us" (or worse, "hacked") and start going on inventing laws.
I've heard of trying to solve a societal problem with technology, but some people ought to wake up smell the coffee you're brewin', and see that it's equally erroneous to attempt to solve a technological problem by abusing legislation.
Re:When will we get a proper packaging system?
on
RPM Dependency Graph
·
· Score: 2
"There is no good reason why we need both debs and rpms other than petty politics."
Space-saving, number of fields in each... Hmmm. More to the point though, choice. No reason to abandon something that's existed quite happily for a while; why don't you concentrate on writing a wrapper around either package?
" no elegant way to integrate software that hasn't committed to one of the packaging systems into an architecture."
You obviously haven't run debhelper any time recently, nor have you played with _stow_.
"Well not quite it's not actually based on Debian as far as I can see"
It's not based on debian in the slightest. It has no binary packages at all other than the few on the install CDs, instead preferring to separate into upstream sources (which you download from whatever official site for the package is), and build scripts. Just like the *BSD ports system, not slightly like debian.
"I like it it's neat I don't have to deal with dependency mess"
It's still not perfect. Emerge has a very messy commandline syntax with some commands being specified by words and others with options (just tell me what "emerge -b -u -c -p rsync" is supposed to do and why!). I also seem to have to chase duplicate installations and deduplicate entries in/usr/portage/{distfiles,packages} frequently.
Still, it's my source-linux-distro of choice. Debian gets a look-in for servers and the notebook at work where I have to maintain an appearance of being mainstream.:)
"Or am I wrong? Is Debian really that much better?"
Debian pioneered the apt-get "upgradability from the get-go" idea. There exists _grab_ for RPM, up2date,... lots of alternatives. ISTM that nowadays, these distributions only differ in quality assurance (ensuring that all SRPMs build with `rpm --rebuild ' directly without error, ensuring that security fixes are consistently backported rather than new features introduced) rather than anything technical.
All binary distributions suck, anyway. There's no need to be either behind the times like Debian/unstable (lack of XFree86-4.2 even in the Unstable tree, a wait of several months before a particular bug in psi/libqt appears), nor to spend all your time downloading 9Mb packages of mozilla every day just because someone upstream changed a compile option.
Oh, and today's experiences in dealing with spam on debian mailing lists have put me *right* off them as well. No attempts made upstream to deal with some wanker who sent 22 separate mails to the 2 lists to which I subscribe, and instead, when I automate reporting this specific spam to Razor, it gets branded "ridiculous". Too spam-friendly by far.
That'll be why I host a mirror for another linux distribution's "ports" system, and why I run FreeBSD on the notebook then...
"Still you find it useful to flame the living crap out of it. Which was my point exactly."
No, I just speak the truth. You obviously have a problem with looking at it out of anything other than billyg's ass.
"Fyi: Lisp is interpreted, C# and the other 20 or so languages for.NET are not."
No, they're mangled around into a Windoze executable and then interpreted. You know? Big Furry Deal(TM). My point remains, and you still suck up to Bill.
".NET is one hell of a platform with a very well thought out API, documentation and complete functionality."
In the real universe, it's M$loth's excuse to port the.exe PE file format to other platforms, with 2 reference implementations' sources available so they can get let off by the DoJ.
There's also nothing new under the sun. Running other language environments ("hosting", my ass) has been done ever since emacs was written in lisp running on a C-based machine. .
"What happened to the legions of OSS fans who contributed code because they bought into the idea of OSS?"
Too many companies, in a word. All thinking they could get something for nothing, so the world starts to expect faster turn-around than OSS actually produces. Don't forget it took us a hell of a long while (Open Source having existed for 40-odd years) to get a remotely sane OS - and that's allowing for KDE as well as Gnome on the desktop!
Re:Overloaded the shared hosting server looks like
on
Coffepot Computer
·
· Score: 1
> Too much traffic for the shared server I would guess.
It's all the more fun when they start using your news-posting message-ID: headers as though they were email addresses. Pity Gnus keeps on posting these nnnnn.fsf@hostname IDs;)
Slashdot Mirror
Simply put, why do people work for companies where the administrators would do such a thing?
:) . Did the same at the last place as well, except I went from stormix to potato to unstable instead ;)
I don't work for anywhere where they expect me to use a "corporate standard desktop" of any description - first thing I did here was wipe NT and install debian/unstable, so unless they've zapped the BIOS specially I'm pretty darn' safe
Certainly amongst the clueful this won't be a problem. For those folks not in the Development department, well... can we hope to educate them? All that's needed is a list from the sysadmin of what monitoring and intercepting she's doing - it should be a Data Protection requirement in the UK, and easily justifiable on moral / privacy grounds elsewhere.
"Furthermore, they assume that if the reader can't do this, they are simply not a good programmer".
;)
Well, as an asumption as you mention this would be bad. Note, however, that there's a very prevalent half-way state: those who really shouldn't be looking at a program because they don't know the language with its idioms, but still somehow declare it to be "illegible", more because of their own shortcomings than any other.
IOW, ability to *read* source is a distinctive feature of a good *programmer*. I've experienced folks who can spew code like the proverbial curry after a few pints, but were strangely unable/unwilling to look in any detail at it to debug it later...
Just a point to raise in your considerations...
"why do you think it's called code?"
I absolutely hate calling a good program "code", and therefore don't. I suggest you confine your use of the word to garbage that the compiler can understand and your Typical Average Humanoid, even one well-versed in the language, can't (at second inspection).
"This all tends to make programmers minimalists and their documentation clearly reflects this."
By and large, I'll agree, although I think minimalism can be a form of elegance in the program itself.
FWIW (karma whoring, no doubt), <a href="http://haskell.org/">Haskell</a> has had a "literate" mode (*.lhs instead of *.hs sources) since the get-go as well. Leo is definitely not the first.
And the rest of the language is pretty darn' minimal too - the "list composition" [expr | condition ] stuff reads almost like Perl-meets-SQL to me
"Governments do not have to use open source unless the people say they must."
I don't expect my parents to understand or at least be able to make any informed decision on the nature of open-source versus proprietary software, except in an extension of the way he has to use M$loth-ware at work...
So the question arises, how are you going to define "the people" in this case? Is it just going to be bulk count(bums_on_seats) like with most "democracy" or is there any bias towards what might be termed expert opinion?
"Governments must not force citizens to use proprietary software to interact with their government."
That is a side issue compared to what the government itself uses.
In the commercial world, organizations are seen as potential customers. In the open-source or Free world, they're another potential convert.
"Login accounting [] can also be handled this way - somewhere in PAM"
:)
Why bother when you've got process accounting?
As for front-end, you don't need anything spectacular at all; I've seen very useable terminals in Brighton hospital here in the UK, where the WM was basically fvwm(2/95) but with galeon running full-screen, access only to a proxy that required login to let you out on the 'net for real. See http://www.pienetworks.com/products/index.htm for more
Bill him for the bandwidth he's stolen and the hassles caused in handling it.
"Why not" is trivial to answer.
How do you think we are to go around messing either with Darwin or God? The ruddy things got extinct somehow first time around, how is it right to bring them back ourselves?
What is it about mankind that we're the only species on the planet to have evolved a sense of biology (as far as we know) and yet we call ourselves animals just like everything else, and then proceed to prat around with "oh, we don't want those 5000 hedgehogs there after all", or "cool, woolly mammoth!"?
Looks like a combination of session-IDs, cookies and a "request-ID" as well to me, looking at the url & Keywords=bulk+email&_requestid=6075779. Well, woopie doo. :)
Nothing that a quick wget or curl wouldn't fix...
I thought we all had that already, long ago. In fact, even my first mobile about 6 years ago had that ability.
And I have to have a phone directory for the area in question... That's not going to happen. At the very least, the effort required ("Hi bloke, can you look this up for me?", or trips to library, or even surfing around online through online phone directories - and note the trust required there) is such that it becomes worthwhile to start having key-servers to do the job.
"but doing so in such a way that you can reasonably be sure that you're getting it from the official source."
....
So let's see... I google around for "soundbug UK" as something I recently wished to purchase, find a sponsored link pointing me at a site I've never heard of before, get as far as the obligatory https:// part, take a phone number from the site, phone them up say "what's your fingerprint?"
Spot the flaw?
Phoning someone up out of the blue adds nothing to the trust factor at all. You need for the out-of-band communication to be trusted for external reasons (e.g. recognizing their voice on the phone) before you can trust them. That's why I might as well save time and place my order while I'm at it.
That's where I think a web-of-trust would win; at the very least you've added in the potential for scoring, or "if it's good enough for my mate Dave, it's good enough for me", with the strength of the crypto-key signature pulling your trust up towards 100% instead of it dropping off with more levels-of-removal from the original trust-er.
I don't see why people present this as a turnaround on Schneier's part.
In _Applied Cryptography_ he gives every impression the policy and protocol are critical to the successful security of a system - the first few chapters are dedicated to "if Alice tells Bob..." scenarios!
"I'm annoyed that browsers have been swept into warning you if the site you're visiting doesn't support Verisign's cash flow."
I know the feeling... the only other problem is, though, how does the vast consumer-base out there deal securely online? It doesn't add anything to have to phone up to read out an SSL certificate fingerprint - you might as well just place the order over the phone!
Maybe what we need is a kind of web-of-trust like the idea of a PGP key-server, only for SSL certificates?
Datapoint: a couple of weeks after acquiring my current communicative toy(TM) - a simple nokia 6310 - I found myself using said GPRS at about 2am to hunt hospitals in a given town.
;)
Compared to the hassle of hunting a pen & paper and listening while some insert-female-voice-here noise dictates a phone number, being able to see a little bit of text in front of you has its uses.
Personally I think the remaining 99.5% of the time this is going to be used is on the executive corporate toilet - anyone for next-gen Snake between the stalls?
Yes, I had that on my mobile here as well, only it was an 0960 number (premium rate)...
:)
I tracked Googled for the postcode, tracked the number down to somewhere in a shady area of London where - how shall this? - desperate single folks would be guaranteed a choice from a variety of alternative "good times"... Quite a few interesting organizations all within the same block of town.
Funny that, they didn't get my business...
"Personally, I take responsibility for my own systems security."
So should *everyone*. I have seriously large negative amounts of sympathy for people who whine "oh no, they cracked us" (or worse, "hacked") and start going on inventing laws.
I've heard of trying to solve a societal problem with technology, but some people ought to wake up smell the coffee you're brewin', and see that it's equally erroneous to attempt to solve a technological problem by abusing legislation.
I thought that was called consume(.net)? :)
"There is no good reason why we need both debs and rpms other than petty politics."
Space-saving, number of fields in each... Hmmm. More to the point though, choice. No reason to abandon something that's existed quite happily for a while; why don't you concentrate on writing a wrapper around either package?
" no elegant way to integrate software that hasn't committed to one of the packaging systems into an architecture."
You obviously haven't run debhelper any time recently, nor have you played with _stow_.
"Well not quite it's not actually based on Debian as far as I can see"
/usr/portage/{distfiles,packages} frequently.
:)
It's not based on debian in the slightest. It has no binary packages at all other than the few on the install CDs, instead preferring to separate into upstream sources (which you download from whatever official site for the package is), and build scripts. Just like the *BSD ports system, not slightly like debian.
"I like it it's neat I don't have to deal with dependency mess"
It's still not perfect. Emerge has a very messy commandline syntax with some commands being specified by words and others with options (just tell me what "emerge -b -u -c -p rsync" is supposed to do and why!). I also seem to have to chase duplicate installations and deduplicate entries in
Still, it's my source-linux-distro of choice. Debian gets a look-in for servers and the notebook at work where I have to maintain an appearance of being mainstream.
"Or am I wrong? Is Debian really that much better?"
... lots of alternatives.
Debian pioneered the apt-get "upgradability from the get-go" idea. There exists _grab_ for RPM, up2date,
ISTM that nowadays, these distributions only differ in quality assurance (ensuring that all SRPMs build with `rpm --rebuild ' directly without error, ensuring that security fixes are consistently backported rather than new features introduced) rather than anything technical.
All binary distributions suck, anyway. There's no need to be either behind the times like Debian/unstable (lack of XFree86-4.2 even in the Unstable tree, a wait of several months before a particular bug in psi/libqt appears), nor to spend all your time downloading 9Mb packages of mozilla every day just because someone upstream changed a compile option.
Oh, and today's experiences in dealing with spam on debian mailing lists have put me *right* off them as well. No attempts made upstream to deal with some wanker who sent 22 separate mails to the 2 lists to which I subscribe, and instead, when I automate reporting this specific spam to Razor, it gets branded "ridiculous". Too spam-friendly by far.
That'll be why I host a mirror for another linux distribution's "ports" system, and why I run FreeBSD on the notebook then...
"Still you find it useful to flame the living crap out of it. Which was my point exactly."
.NET are not."
No, I just speak the truth. You obviously have a problem with looking at it out of anything other than billyg's ass.
"Fyi: Lisp is interpreted, C# and the other 20 or so languages for
No, they're mangled around into a Windoze executable and then interpreted. You know? Big Furry Deal(TM). My point remains, and you still suck up to Bill.
".NET is one hell of a platform with a very well thought out API, documentation and complete functionality."
.exe PE file format to other platforms, with 2 reference implementations' sources available so they can get let off by the DoJ.
In the real universe, it's M$loth's excuse to port the
There's also nothing new under the sun. Running other language environments ("hosting", my ass) has been done ever since emacs was written in lisp running on a C-based machine.
.
Be cynical, blame marketing instead. Next version was going to be "new, with added Flash ROM" and $100 more than this... ;)
"What happened to the legions of OSS fans who contributed code because they bought into the idea of OSS?"
Too many companies, in a word. All thinking they could get something for nothing, so the world starts to expect faster turn-around than OSS actually produces.
Don't forget it took us a hell of a long while (Open Source having existed for 40-odd years) to get a remotely sane OS - and that's allowing for KDE as well as Gnome on the desktop!
> Too much traffic for the shared server I would guess.
:)
Too many slashdotters spoil the broth, I think
It's all the more fun when they start using your news-posting message-ID: headers as though they were email addresses. Pity Gnus keeps on posting these nnnnn.fsf@hostname IDs ;)