Slashdot Mirror


User: schon

schon's activity in the archive.

Stories
0
Comments
4,413
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,413

  1. Re:Public Domain on IBM Launches Public Domain Project "Eclipse" · · Score: 1

    IANAL, but I believe Public Domain means any unscrupulous person or company can come along and put said software package under their own license, charge money for the software, and more importantly, steal away all rights of the original authors.

    [kidding]
    Egad, I think you just described the BSD license! :o)
    [/kidding]

    Let the license flamewar begin!

  2. Re:15 years? on OSNews Interviews WINE's Alexandre Julliard · · Score: 1

    correct me if i'm wrong, but isn't vb only 10 years old??? not even if you wrote vb would you have been able to have 15 years of programming experience in it

    You never know, maybe in his world time passes at a different rate :o)

    I wonder what color the sky is there..

  3. Re:Amen to that.... on Massachusetts Holds Out On MS Case · · Score: 2, Interesting

    What else do you expect to be done short of a breakup?

    The perfect remedy would be to force full disclosure from MS.

    That is: All API's and file formats need to be accessible by the general public at least three months before it's released. No need to break them up, or to force them to reveal their source code. As any large company, they're already documenting their API's and file formats internally, so it's no extra work on their part.

    Historically, MS has used it's monopoly to hinder competition - this will eliminate that ability, and level the playing field completely - MS is free to "innovate" whatever it wants, it just has to give everybody fair notice beforehand.

    If MS uses an undocumented API function, they're in breach of federal law, and are subject to something harsh - maybe a complete seizure of all income until the three month period has elapsed, or $1 Million fine per unit shipped per day (this will "encourage" them to play along.)

  4. Re:My Favorite citation from the Decision: on DeCSS Injunction Reversed In CA Case · · Score: 2

    Shall I show you some of my Python code? ;-)

    Sure - If you ignore the readability constructs (such as indenting) I'm sure it won't work.

    In almost all cases, people nowadays use English to express the ideas behind the code, and not more source code.

    You mean like the Fraunhofer Mpeg codec? Or (even in this case) DeCSS?

    You miss my point. People do use English (or German, or Swiss), but they ALSO use source code. I'm not saying people don't use human-human languages instead of source, I'm saying that they use both.

  5. Re:Stay the course. on Is Slackware Fading Away? · · Score: 1

    While I agree with Schon that Security through obscurity is not a good security model, it can complement an existing security model.

    No. I covered this (although not very well) in my previous post. The problem with obscurity as a security model (even as a "compliment") is not that it provides no benefit, but that it provides no benefit, and leads you to believe that it does provide a benefit.

    This is a fatal trap - the hubris I mentioned.

    If something has a security flaw (known or not), then it has a security flaw. No amount of information hiding will change that fact. If you allow yourself to believe that "nobody knows my system, so there is a lower chance they can break it," then you've already started down the path of hubris.

  6. Re:K.I.S.S. = VERY simple ~ dumb on Is Slackware Fading Away? · · Score: 1

    i just can't figure out why it's not running my stuff

    Probably because the default environment isn't being initialized. (No extra path stuff, or default ENV variables.)

    Try adding full paths to your cron scripts, see if that helps.

  7. Re:Debian vs Slack for the 'unix-like' crown? on Is Slackware Fading Away? · · Score: 1

    did you know that "vi" in debian is a script that runs a version of vi accordingly to the user's preferences? Really. When you type 'vi' you fork another bash!

    You're kidding!?!?!

    If it's true, you really have to wonder about the rationale behind it.. If I wanted a different editor, I'd just use it!

    Even if it HAS some logic behind it, why the hell didn't they just do "alias vi='${EDITOR}'"

    Geeze, you gotta wonder sometimes..

  8. Re:Lightweight installs with Slackware on Is Slackware Fading Away? · · Score: 1

    I installed Slackware on a 486DX-33 w/12Megs of RAM and a 100meg hard drive to act as a print spool for an old laser printer on our network.

    My smallest install was a 386SX with 8MB of RAM and a 40MB HD..

    It was a SMB print server for a laser printer..

  9. Re:My Favorite citation from the Decision: on DeCSS Injunction Reversed In CA Case · · Score: 1

    Computer programs are intended primarly for human-machine communication, at least that's the way most programming languages are designed.

    This is true, up to a point.

    Just because the primary function of a language is human->machine communication, doesn't mean that that's the only purpose for a language. Every language I know includes methods to allow human readability (some, like Python, require them!), and (with the possible exeption of Perl programmers) everyone I know uses them.

    Programmers communicate among each other using documentation (at least in theory).

    Documentation is only one of the tools that programmers use to communicate. It is far from the only tool.

    I very much doubt that an article describing a new idea about computer programming would pass the review process if it was written in, say, C.

    Then you've never read an article about computer programming. Without exception, every discussion or article of a new algorithm or programming concept I've read includes source code.

    Try it. Pick a computer language you don't know, find a beginner's reference for it. I guarantee you'll find most of it includes source code.

    Egads, I think I've been trolled!

  10. It's worse than that. on Microsoft, DoJ Reach Tentative Settlement · · Score: 1

    Microsoft has been found guilty of committing a crime as well. Now it appears they will get away with simply promising not to do it again.

    Nope, they promised that they won't do it again for 5 more years, and if they do, then the 5 years becomes 7.

  11. Re:Stay the course. on Is Slackware Fading Away? · · Score: 1

    If you want security and to run Linux, Slackware is for you. Few script kiddies have heard of Slackware... can you say "security through obscurity"?

    I was with you until I read this.

    I use Slackware on every machine I admin (20-odd servers, and my work desktop and laptop, which are Slackware-only, and my home desktop, which dual-boots with windows so I can play Diablo2 :o)

    Obscurity is never a security method. Period. Believing that your network is more secure because someone doesn't know your setup is hubris, plain and simple. And it will come back to bite you in the ass.

  12. Re:Slackware is below the horizon on Is Slackware Fading Away? · · Score: 1

    Consider a large installation base. If there's an update in one of the packages you use, you can publish that onto an ftp server, and then have the debian boxes patch themselves. Slackware can't do that, to the best of my knowledge.

    Hmm.. funny, because I do EXACTLY that.

    I maintain a couple of dozen slackware boxes - when I need to do an update (say, for the recent kernel ptrace() issue) I create the package on my development box, scp it to a central web server, and have the remote boxes download and install it.

    It's a "roll your own" situation, but it took all of 10 minutes to set up (a cron job with wget/installpkg), so it's not really an issue.

  13. Re:I just did a search on Mozilla.org Announces Open Source Calendar · · Score: 1

    Before we know it, Mozilla will include its own kernel!

    STOP GIVING THEM IDEAS!

  14. EXACTLY! on Windows XP Has Arrived · · Score: 1

    The former Mr. Sumner has to start choosing his "causes" more wisely.

    Sting, Sting, Sting, where did you go wrong? From Amnesty International to the Rainforest Foundation, you were a backer of the downtrodden, the underdogs. How could you turn on us and promote that Monopolistic company called Microsoft?

    According to the report I read, he's doing it because MS promised to dontate a few hundred copies of XP to NY schools that were affected by the Sept. 11 disaster.

    I'm guessing that nobody told him that those "copies" don't really cost the company anything, and that the schools would have benefitted more from money than from software they don't need.

  15. Re:What I want on Another Internet Appliance Dies · · Score: 1

    (b) PCs are noisy. I haven't found one quiet enough to do the job in a living/family room setting.

    I agree with everything you said until this part.

    If you haven't found one, then that means you haven't looked hard enough.

    Compaq's Deskpros are incredibly quiet - I have three of them in my computer room, and they're impossible to hear unless you hold your ear right to them.

    Some are considerably less ugly than the average PC, too - my SFF is about the size of a small VCR (18"x18" footprint, about 3" high.) Painted black, you'd easily mistake it for a peice of consumer A/V equipment.

  16. Re:Those tasks are very similar... on A Strategic Comparison of Windows Vs. Unix · · Score: 2

    It's when you need extended functionality that differences appear.

    Not necessarily..

    Try this simple task: copy something from one place (say, a web browser window) into a text editor, using only the mouse:

    Unix: Highlight desired text, middle click in editor window where you want the text placed.

    Windows: Highlight desired text, select "edit" from menu bar, select "copy" from menu, left-click in editor window where you want the text placed, select "edit" from menu bar, select "paste" from menu.

    Allowing the use of keyboard shortcuts makes cuts the windows method from 6 steps to four, but it still doesn't compare to Unix's 2 steps.

  17. Re:You can't patch console games! on Crashing Xbox Kiosks · · Score: 1

    give it away for free/ send it to people as a "bonus CD"

    Tough for these people to use it when they've already returned their Xbox and got a Playstation2 instead.

  18. Re:Hmmm.... on Crashing Xbox Kiosks · · Score: 1

    Uh, why can't they? It's got a decently large hard drive to store them on and both internet and CD support to distribute them.

    How about because it will piss people off?

    "Oh yeah, just wait three months for MSRacer 2.0 - it will fix all crash problems you're experiencing."

    The likely (unwashed masses) response to this would be "No, give me my money back, I'll go buy something that works NOW."

    The likey (informed) response would be "Why the hell did they release it if it didn't work? Give me my money back, and I'll go buy something from a company that uses quality control."

    Releasing "patches" just isn't gonna wash. MS may have been able to snow computer users, but "average joe" is used to stuff that works properly out of the box.

  19. Re:Few people are buying xbox anyway on Crashing Xbox Kiosks · · Score: 1

    Its almost a shame these people don't take their expectations of one complex computer system and attach them to another, like, say, a desktop.

    I don't understand what you're advocating here - can you expand a bit? (I can't tell if you're saying that you wish more people would blame MS for their shoddy consumer-level OS, or if you're wishing that people would apply the "it's a computer, so it will crash" Windows mentality to the Xbox.)

    Something that occurred to me though, is that the #1 quoted reason that windows is unstable is that MS doesn't have any control over the hardware or (in many cases) device drivers. (The logic is that if a device driver crashes the OS, MS can't be blamed because they didn't write it.)

    Now that MS has complete control over the hardware, OS, and device drivers, what happens when the box crashes? Does the box come with an EULA containing the infamous "fitness for a particular purpose" clause?

    (And for those of you who are gonna say "but companyXXX made componentYYY", this doesn't matter - the box comes from MS - they are soley responsible for everything inside it.)

    MS is in completely uncharted terrain now - previously they've been able to hide behind EULA's and corporate marketing.. but now they have no safety line.

  20. The solution is simple. on Unreasonable Searches When Going to Work? · · Score: 1

    Take everything you need (clothes, etc) to work, and lock it in your filing cabinet/locker/etc

    This will get searched once. (OK, you'll have to move it out of the building once in awhile for laundry, so it'll get searched once per laundry cycle.)

    Then show up for work naked every day.

    If someone complains, tell them you are just complying fully with the search policy. If they don't like it, they don't have to look at you.

    Civil disobedience, baby!

    (and I'm only half kidding with this.)

  21. It does. on DMCA Forces Cox To Censor Changelog? · · Score: 1

    doesn't the DMCA only apply in cases of devices meant to enforce copyright protection?

    Yes, and file protections can do that.

    I have a file called README.TXT I don't want anyone to copy - so I do chmod 0600 README.TXT

    This effectively prevents anyone but me from reading or copying the file.

    Looks like the info in the changelog might give someone an idea of how to circumvent this, so that means that the changelog would be in violation of the DMCA.

  22. Re:Of course, this is also copyright infringement. on MS DRM Version 2 - Cracked · · Score: 2

    will employ Microsoft to create a DRM solution for text

    You're a little behind the times.

    MS has had a "DRM"-ed ebook reader (their own proprietary format, of course) for quite some time.

    And yes, it's already been cracked - not by exploiting any weakness (if anybody bothered to look) in the method itself, but by accessing Windows' debugging API (which gives full access to the data segments after the text has been decrypted.)

  23. Re:I would pay $10 to $20 for this on Digital Cameras Go Disposable · · Score: 1

    I'd love to rent a high-end digital camera

    The problem is that these are not high-end.

    They're very low end. I have a D-link with more than double the resolution that cost me $120 Canadian - that's about $65 US.. at that rate, you rent the thing 4 times and you might as well have bought one (and have a better camera to boot!)

    Agred, if you could rent a high-end one, that MIGHT make it work better, but the current cost is way too high for what you're getting.

  24. Re:A possible response on Microsoft Blames the Messengers · · Score: 1

    If I was a MS spokeman, I might answer this by saying:
    "Exploits are a proper test of the validity of a patch, but it is not necessary to publish them. They can be developed and tested in closed labs and only the results published."


    Actually, I think you're giving MS spin-doctors too much credit.. but the crux is that this response doesn't answer the question: how will I know that the hole has been closed? (And the answer is: the only way you can know that the hole is closed is to try it yourself.)

  25. Re:It is a good point on Microsoft Blames the Messengers · · Score: 2, Insightful

    It certainly seems to me that the full disclosure paradigm at least needs to be scrutinized, if not dumped altogether.

    In a word, no.

    Here's my response to people who feel the way you do:

    Without publicly available exploits, how does a system administrator really know that the vendor-supplied patch actually fixed the hole?

    This discussion comes up every so often on bugtraq, and it's quickly shown that the people who think this way either have something to hide, or haven't really thought things through.

    The best one was shortly after Code Red, when some self-described "security consultant" posted a letter criticizing eEye for publishing the advisory and sample code that described the hole it used.

    However, there was no response from him when it was pointed out that the Code Red virus was not based, in any way, on the eEye advisory! (Disassembling the code shows that it came from someone else who had discovered the hole independently of eEye)

    Never before had I seen the anti-disclosure argument used so well to contradict itself. (Every argument as to why you shouldn't disclose suddenly became an argument as to why you should disclose.)