Slashdot Mirror


User: jc42

jc42's activity in the archive.

Stories
0
Comments
6,784
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,784

  1. Re:Why is this required? on Texas Bill Would Require Open Source Consideration · · Score: 4, Interesting

    Of course, pretty much all governments have laws requiring competetive bidding for government contracts. So you'd think this would be fully redundant.

    But it probably isn't. There are a lot of examples of only "commercial" offering being considered.

    Something I've seen on a number of web projects is a concerted effort to judge which web server to buy. While they're putting out a lot of effort installing and testing demo versions of commercial servers, I'll walk over to an idle machine, download apache, untar and compile it, and have a demo running in 15 or 20 minutes.

    Usually the reaction to this is exasperation. Apache wasn't in the list of competitors, and wasn't to be tested. After all, it doesn't have a price, y'know, and there isn't an Apache Inc to buy it from, so how could they ever compare it with the other servers? The rules are to consider competitive bids, and apache didn't make a bid, so they don't have to consider it.

    But in each case, the developers went with my apache server, because it was up and running. The management found they had serious opposition on their hands when they tried to get people to switch to the commercial server that they chose. The developers wanted something that worked, and had little patience for an expensive server that needed a constant babysitter.

    In all seriousness, this is how things get done in many organizations. Few managers anywhere want to decrease their budget by using something that's free. It doesn't matter whether it's government or business or industry or whatever; there's a strong prediliction among managers to simply not see "free" things.

  2. Re:Stop stealing idea's from SCO on OpenBSD: Hackers Meet Soldiers · · Score: 2, Informative

    Hey, you need a smiley. The folks here are often humor-impaired, and would't recognize irony if it whumped them upside the head. You're most likely to just get a "troll" rating unless you make it obvious that you're writing with tongue in cheek.

  3. Python user camps ... on Slashback: Rocketry, Pythonation, Scoffing · · Score: 1

    You forgot the camp that I fall into:

    Used perl, tried python, found TFM heavy going, and relegated it to the "Learn more about this when you have the spare time" category.

    I have several of the O'Reilly books on python, and have spent time learning. With perl, I found that a few chapters into The Book, I was able to write useful, fully-functional programs with ease. With python, I find that I'm still wondering WTF the actual syntax of this language is, and constantly being surprised by what my code actually does.

    Thus, on the basis of advice in the python newsgroup, I first bought Mark Lutz's "Programming Python". Lots of really powerful-looking stuff there. But nowhere in the book, apparently, is there a description of the language's basic syntax. It would be really useful to find a clear description of just how the language uses things like quotes, commas and parentheses, not to mention tokens like "->" and "=>". Such trivia are critical if one is to write valid programs in a language, and the python crowd seems to think that documenting them is for more lowly creatures than themselves.

    I conclude that it's a language for someone with a lot more brains than I have. Or with a lot more time.

    The basic problem that I've seen is that python docs seem aimed at someone who already knows the language. When I'm looking at a piece of python code, and see a construct that I don't yet understand, I can't find an explanation in the docs. So learning from example is very slow going, and it's easy to put it off until you have some spare time.

    Maybe this is because (as has been suggested in the newsgroup) I'm a f**king idiot who should get a clue. Now if I could just find those clues. Maybe I should wait for the "Python for Dummies" book, except that it may be a long wait.

    Of course, the perl .misc newsgroup has its own popultion of arrogant jerks who seem bent on driving out newbies. This does seem to go with good, powerful lnguages (tcl excepted). Or maybe they're ringers from another user community who are just trying to scare newbies away. But this is certainly effective at preventing people from learning from the experts.

    Anyhow, I'd say that, from what I know of python, it sure looks like a useful tool. Now if I could only learn enough of it to be able to write nontrivial programs ...

    Amusing anecdote: One of my first attempts, of course, was to write the tradition "Hello, world!" program in python. I read TFM, made a bunch of guesses, and they all just got me incomprehensible error messages. And then I made the mistake of feeding my hello.pl script to python. It worked.

    I thought "That's interesting ..."

    But this approach only goes so far. Discovering the syntax of a language by feeding it random text and seeing what it does is a very time-consuming way of learning.

  4. But I don't see any ads now ... on Slashdot Subscribers Now See The Future · · Score: 1

    Using mozilla, all you have to do is right-click on an image. You get a menu that, among other things, lets you suppress images from that host. If you use this with /., all the images disappear, and you can read the text in an uncluttered window. And it'll really cut back on the bandwidth you use.

    Right now, you sometimes get a rectangle of white space where some of the images aren't shown. But they'll probably get rid of this in a future release. Anyway, it's not distracting.

    Sometimes I turn the images back on for slashdot.org. But there's never any actual information there, so I turn them back off.

  5. Re:YHBT, was Re:I'm a bit confused ... on Sendmail Bug Tests US Dept Homeland Security · · Score: 1

    Yeah; but I thought I'd get at least ONE "funny" rating.

    Jeez, folks; whaddayahaftado to get a "funny" rating? Use a smiley?

    I'm beginning to think that irony is truly dead. At least on /.

  6. Re:Why does sendmail still in use? on Sendmail Bug Tests US Dept Homeland Security · · Score: 2, Interesting

    If you look closely, you'll find that there are quite a number of completely different programs now that are called "sendmail". It has been widely understood that the original sendmail program was an overly-complex beast that tried to do everything for everyone, and was probably not fixable in any general sense. So over the past 10 or 15 years, a number of other mail daemons have been written.

    Because there has been so much software installed that knows how to talk to the original sendmail, it has been common to make new mailers present the same UI to the world. This way, a new mailer can just be dropped in as a replacement for sendmail, and everything works.

    One of the oldest of these, written in the mid-80's, was called "smail". After a few releases, the authors listened to the complaints about the difficulty of installing it in place of sendmail. So they added code that checked argv[0], and if it was called as "sendmail", it interpreted its command line the same way as the original sendmail. It didn't do everything, but it had most of the functionality that was actually in use, and a simple ln command usually sufficed to replace the old monster with the new, smaller monster This made it spread very quickly among systems whose admins were unhappy with the problems with sendmail. Others have since used the same approach.

    Most of the newer "sendmail" programs are quite a bit smaller and less bloated with featuritis than the old one. Of course, this means that they don't have all the bells and whistles. But it means that there are a lot fewer places for obscure security holes. And since most people just install sendmail and run it, and never learn to config it, this works pretty well.

    In effect, "sendmail" is now just a description of a set of command-line options used in the rc and cron scripts. If a mail daemon implements these, it can be dropped in as a replacement for whatever "sendmail" is there, and it'll do the job required on your system.

    On several systems, I've replaced sendmail with a small (100-200 lines) perl script that mimics all the functionality in use there. This has given me a large number of geek points among non-perl-hackers. I just grin and say something like "That's trivial for a true perl guru." They don't have to know that it doesn't take a perl guru to do such a job.

    This does bring up a significant question about this news item. When they talk about a "sendmail flaw", which sendmail are they talking about? Presumably it only effects one of the N sendmails that are in use.

    Of course, one interpretation of the push to install a "patch" is that this purported patch is merely a way of getting one specific sendmail clone installed as widely as possible. I'd guess that this "patch" is not, say, a set of source diffs, but is a binary. When you install it, you are replacing your current sendmail with a completely different program. Since the article refers to the Sendmail Consortium, this "patch" is probably a version of the original, sendmail. When you install it, you have reverted to a version of the old, bloated sendmail, which probably now has zillions of security holes waiting to be discovered.

    The fact that they don't tell us what the security flaw was or how to test for it is supporting evidence that this is what they're doing.

  7. I'm a bit confused ... on Sendmail Bug Tests US Dept Homeland Security · · Score: 3, Funny

    The article says:

    A critical flaw in Sendmail, the Internet's most popular e-mail server, ...

    But I've been reading all these claims that Outlook handles 99% of all email.

    Which of these claims is a lie?

    (Is it possible that they're both lies?)

  8. Re:Do a good deed daily on BSA Accuses OpenOffice Mirrors · · Score: 1

    Or even better: Have a primary web page that lists the files by their proper names and describes their actual content. But inside the heyperlink you have the actual file name, which to a BSA scanner will look like a ripped-off MS product. Human visitors won't be confused by the funny file names, but BSA search scripts will.

    Of course, is sounds like this might not be very necessary. After all, they matched a file with a name like OpenOffice*.rpm and thought it was a MS product. Sounds like you don't have to be very tricky to attract their attention.

  9. Re:Do a good deed daily on BSA Accuses OpenOffice Mirrors · · Score: 2, Interesting

    Heh, heh; you're right; we've gotta stop those aging Boy Scouts before it's too late ...

    Since this was the second story today of copyright enforcers using file names as evidence of infringement, I've added these names to one of my web directories:

    Barbarian.html
    OpenOffice.html
    SoldierOfFortun e.html

    This should get me some cease-and-desist letters. Can we get a list together of other file names that we should have that will attract their attention? I'll link to all of them. Everyone else should do the same. Maybe we can get this idiocy out into the open. Or even better, into a courtroom.

  10. Maybe we should try a sting? on World of Spectrum gets a Visit from the IDSA · · Score: 2, Interesting

    the way the IDSA is going about it (trawling the web and sending off threatening letters based on filenames) is completely out of line.

    Is this really how they are doing it? If so, can anyone post the list of file names that they are looking for?

    If we can get the file names, we can easily set up a sting operation. We just invite all our readers with web sites to create dummy files with those names, perhaps in a /games/ directory. Then we collect the threatening letters. If this works, we'll have plenty of evidence against them in court.

    It hardly seems likely (or even vaguely reasonable) that anyone could own the rights to a file name. I typically create hundreds (sometimes thousands) of file names each day during software testing. Right now I'm working on a web site, and a test I'm running is creating roughly 100 files per second. If I have to check for possible copyright infringement of every file name, the job becomes utterly impossible, since what was a 10-second test run will take years.

    If companies are really making copyright claims based merely on file names, we should stop this practice right now. Anyone want to help?

  11. Re:Back end v. front end on Windows vs. Unix Revisited · · Score: 1

    This is a variant of something that struck me in the article. He writes:

    The chairman of the selection committee asks you to come in to discuss whether the faculty would be better served if it went all-Linux instead of staying all-Microsoft.

    I'd think that the first answer to this would be something like:

    As an education institution, why would you even consider standardising on all one or all the other? Do you really want to turn out ignorant students? You should be running and supporting a mix of what's available, and teaching your students to be familiar with (and critical of) all of them.

    Next we're going to hear of an interview for a head of the History department who is asked whether the department should be all European history or all American history.

    Anyway, after hitting them with that, you probably should jump right into the sensible approach of using linux for the infrastructure, while supporting the current commercial mix as clients. Unixoid systems are best for the infrastructure primarily because they're the only ones that do a good job of talking to the competition.

    Of course, an educational institution should be looking at linux as its primary teaching tool in computer-related fields, simply because the code is available for study. But even there, it's not the only one, and a competent CS department would be using several other systems that supply source code.

  12. Re:I hate to say it.. on SecurityFocus On MS Security "Hole" · · Score: 1

    Their changing the root password is not that ridiculous. Now they know what it is and you do not. You could repeat the performance, but ... Part of effective security is the ability to know that it has been breached.

    True in general, but probably not in this specific case. Recall that it was in adjacent booths at a trade show. If I wanted to sneak in at 5 am and do something unpleasant, I'd probably do something like:

    Boot to single user as before
    cp -p /etc/passwd /etc/passwd.orig
    cp -p /etc/shadow /etc/shadow.orig
    passwd root
    .
    . (Do my nefarious deed)
    .
    mv /etc/passwd.orig /etc/passwd
    mv /etc/shadow.orig /etc/shadow
    ^D

    If I were really thorough, I'd also note the ctime for /etc and to a touch to restore the original ctime, to cover the fact that something had been done in that directory. But in the trade-show environment, I don't think I'd bother with this. Especially considering the rather obvious level of expertise of the guys running the booth.

    It's true that leaving a machine unattended where The Enemy can get their hands on it is a security risk. But we're talking about a trade-show booth here, and presumably a bunch of machines assigned to the show and loaded up with some demo software. Discussing high-level security issues in such chaotic situations seems more like the plot of a Monty Python skit than like anything serious.

  13. Re:I hate to say it.. on SecurityFocus On MS Security "Hole" · · Score: 2, Interesting

    Not long ago I walked a client several hundred km away through an OpenBSD boot via floppy so he could change his forgotten root password.

    Somewhat longer ago, maybe 10 years back, I was part of a small team running a booth at a trade show. The booth next to us had a couple of guys who had puzzled looks on their faces, so two of us walked over and asked if there was a problem. They had a Sun workstation that they couldn't get to work because nobody knew any passwords. I reached over, rebooted it into single-user mode, changed the root password to something they knew, then did a full boot, and handed it back to them.

    The first thing one of their guys did was to change the root password again. And he didn't want us to watch the keyboard while he did it, so we couldn't see the password. We just looked at each other and walked off, trying not to laugh in their faces. "Uh, dudes; you just missed something important."

    A couple of years later, Sun added the ability to have a single-user password, so our neighborly helpfulness no longer works. I wonder what a Sun customer does now if the only person who knows a machine's password is squished by a semi? Junk the machine?

    There are some pretty silly "security" discussions going on.

  14. Re:In the US on IsoNews Ostensibly Shut Down By The DOJ · · Score: 5, Interesting

    you are all criminals.

    Over the years, I've run across a number of articles explaining why, in most of the country, this is quite literally true. It turns out that in most of the US, it isn't logically possible to follow all the laws simultaneously. There are almost always logical contradictions in the various laws, so that following one law means breaking another.

    Some of the examples get downright silly. For example, in one place that I lived, the law students dug out the anti-gambling laws, and verified that, under a literal interpretation, carrying cash was "being in posession of gambling devices". You know the various penny-matching games or serial-number games that can be played with money? They make money itself a gambling device.

    OTOH, if you weren't carrying money, that was ipse facto evidence of vagrancy, for which you could be arrested and held in jail.

    Then, of course, there are all the laws that you could follow if you knew about them, but you'd never suspect that such stupid laws exist. There are supposedly several states in which the legal speed limit is still 10 or 15 mph, dating from 100 years ago when that was fast enough to scare the horses.

    Granted, such laws would probably be overturned, but first you have to be arrested and charged, so that you can defend yourself in court. This gives you an arrest record, which can be used against you.

    This isn't entirely frivolous. Almost all urban black males have arrest records by age 18. The reason is that they can be and are routinely arrested on just this sort of violation. They have little or no defense, since they are in fact always in violation of some law, even if they're just standing on the corner watching the world go by. This arrest record is then used to deny them access to education and jobs. So much for decades of "equal opportunity" legislation.

    Back to frivolity: I lived in Florida for a few years, and one of the fun laws there turns out to outlaw "nude bathing". The wording does not exclude a bath in the bathtub in your own bathroom. But if you shower nude (with or without a friend), you are apparently legal.

    All in all, if you're in the US, you are usually in violation of some law at any time. You are at least a criminal part of the day, no matter what you do or don't do.

    (I'd guess that this is also true in much of the rest of the world, but I've only read about it in US terms.)

  15. With a slight shift in empasis ... on Sun Introduces Subscription Solaris · · Score: 1

    This does, of course, have a certain similarity to the strategy of companies like RedHat, and to a great degree it is also IBM's strategy. All of them coult be summarized as "Give the software away for free, and make money on support and consulting."

    There is just one really important difference: With Microsoft, if you stop paying the subscription fee, you lose all your rights to use the software. With RedHat, you retain the right to use all the software (and download more whenever you want); you just don't get their support when you have problems.

    And with RedHat, you don't have to worry about them suing you if you run their software without their permission on your own machine.

    It's interesting that, although IBM has historically been the heavy in the computing field, they don't seem to have caught onto the strategy of threatening customers who terminate a contract but continue to use the software. Maybe this is why they aren't feared as widely as Microsoft is getting to be. They figured out decades ago that there's a lot of money to be made in being friendly and supporting.

    But still, if I were in charge of corporate strategy, I'd be wary of both Microsoft and IBM, and if Sun is going that route, I'd ask them some very direct questions about liability. And I'd be talking to several of the linux vendors on the side, with the thought of getting out of the danger of being sued for using my own machines.

  16. It was asked long ago ... on Automatic Wireless Network Organisation · · Score: 3, Insightful

    We should probably note that the a wireless, redundant "mesh" design was part of the ARPA project from the beginning. A lot of old-timers are somewhat disappointed that it's 40 years later, and we still don't have it.

    You can see an example in the first diagram at this historical article. Note that the diagram dates to 1964, and the text mentions a "communications network that would survive a major enemy attacked" [sic].

    Many of the earliest diagrams of the ARPAnet showed planes, ships, plus all sorts of mobile ground vehicles, with wireless random-looking connections. Again, this was 40 years ago.

    Another interesting bit of history: The earliest ARPAnets were mostly on Ethernet. This is a curious term. Why would they use it for a length of coax cable? The reason was that the intention was that it be wireless, with packets being sent "throuh the ether". The wired version was just a temporary kludge until they could get the wireless version working. "Ethernet" was chosen as an unsubtle hint as to what was considered the real packet medium. It was clumsy, limited and kludgey, but the wires were only supposed to be a temporary medium, to be phased out in a few years.

    It's been 40 years, and we're still not there ...

  17. Re:READ your employment agreements! on Reason on IP Protection and Creativity · · Score: 1

    Nothing new here; this is how the recording industry has worked for decades. This is the dirty "secret" behind all the PR about file sharing being stealing from poor, starving artists. It isn't, of course, because the theft already happened when the artist signed the industry-standard license that gives all rights to the corporation that controls distribution. So file sharing is just stealing from the corporation that owns the artist's IP.

    Your employer has obviously been studying the recording industry, realized that this is all quite legal, and has decided to try the same thing.

    This is also not very new. I saw contracts like that in the 80's. I didn't sign them. It's not clear whether this has helped or hurt me. It has got me into some interesting discussions with interviewers, whose usual explanation is "Yeah; this sucks, and I'm also looking for another job where I'm not forced to scam people this way."

    (But don't ask me who told me things like this; I won't rat on them. ;-)

  18. Re:Does this mean ... on Interesting Privacy Decision in New Hampshire · · Score: 1

    Heh, heh. Some time ago, this sig got a reply listing
    the chain of movies linking Kevin Bacon to Osama bin Laden.
    So it's not just a joke.

    Now if I could figure out how to use the /. search facility
    to find that reply. All I seem to get is stuff about Kevin
    Mitnick. Guess one Kevin is as good as another.

    BTW, I should give credit to the Onion for my sig.

  19. Does this mean ... on Interesting Privacy Decision in New Hampshire · · Score: 4, Interesting

    ... that when the US gummint's TIA program hands the FBI info about someone with the same name as mine, and they pull a Jackson Games (or Limone/Salvati) caper on me, I can sue the government?

    Thought not.

    OTOH, I've seen an interesting explanation of the curious phenomenon of all those valuable medical studies coming out of Scandinavia in the past couple decades. It seems that they passed laws there that make the medical databases fairly open and accessible to researchers. They understood that this meant that the data would be fairly easily available to essentially anyone willing to hand a few kronor under the table. So they included some fairly severe punishment for misuse of this information. They especially punish employers for [pick your euphemism for firing] employees with medical problems. Supposedly the result has been to make the citizenry fairly supportive of access to medical data, and this is of obvious benefit to society.

    Can't imagine this sort of "onerous government regulation" happening in the US, though. Except for occasional court cases like this, information about you and me is just a commercial commodity.

    Funny this case was in New Hampshire. That's one of the more lassez-faire states. But then, it wasn't the legislature; it was a judge. It'll be interesting to see the followup.

  20. Re:I Google everything and everybody. on The Reality of Online Reputation · · Score: 1

    Me to, but I tend to be a bit dubious of the results. This comes about from the simple act of googling myself. The result is a lot of pointers to people with the same name, all jumbled together, with no obvious way of telling which are about who. If I didn't know which ones refer to me, I'm sure I couldn't figure it out.

    Since hardly anyone has a unique name, this should apply to nearly everyone.

    OTOH, my wife seems to have a unique name. But, on the third hand, it's also a phrase in English, so her name does get a lot of matches.

  21. Re: "private computerized voting" on Computer Scientists Rally for Reliable Voting System · · Score: 1

    private computerized voting ... is just a polysyllabic way to say "fraud".

  22. Re:One question I have to consider... on ACLU And Others Weigh In On CIPA Injunction · · Score: 1

    ... encourage a whole generation of kids to learn to break systems so they can get uncensored access ...

    Just one of the many benefits of using blocking to tell kids where they should be directing their attention.

    The right way to do it would be to outlaw internet access by children. This would work exactly like the laws forbidding children access to things like tobacco,booze and sex. It gets the message across that such things are only for adults, and children are too weak to handle them. The main thing any child wants is to be a grownup, so of course they head right for the things that are forbidden.

    If we can get the government to declare the entire Internet adults only, then children will study it at every opportunity. Just as with tobacco, alcohol and sex, kids will become addicted to the Internet and will do anything to get access. The next generation will be experts in its use, and our world conquest will be complete.

    That's what we want, dummies. Don't try to prevent it; encourage it.

  23. Re:.co.uk - GB not UK on UK Parliament Domain Without Registrar · · Score: 1

    I always thought it was because the British portion of the Internet was originally set up mostly by academics, and they wanted .ac.uk because they were all Bloom County fans.

  24. Re: www.whitehouse.gov on UK Parliament Domain Without Registrar · · Score: 0, Redundant

    That's the same reason that the US Whitehouse owns www.whitehouse.com

    Yeah, but check out www.whitehouse.org or www.whitehouse.net. Then there's www.whitehouse.com, which you'd expect to be the government office that sells political favors, but isn't that at all.

    I wonder how long before the gummint cracks down on these. This might be fun to watch. I expect they have already tried, but like the trademark on "windows", "white house" is a rather generic term. I mean, half the people in my neighborhood live in a white house. So do lots of people in the US government, for that matter.

    The main problem here, as I see it, is that the main article was badly misclassified. It should have been "It's funny; laugh".

  25. Re:Kasprov chickened out on Humans Hold Off the Machines... For Now · · Score: 4, Interesting

    Surely a chess computer is only as good as the person who programmed it?

    Any by the same reasoning, an auto can only run as fast as the mechanics who designed and built it. And a telescope can only see as far as the people who ground the lenses (or mirrors).

    This whole thing is rather silly. And it'll end when we have software that can always beat a human.

    After all, 200 years ago it was probably obvious that the ability to do arithmetic was a "uniquely human" thing. Then someone invented a mechanical calculator. Suddenly arithmetic became a merely mechanical capability that didn't imply superiority at all.

    We have machines that can out run (and outfly ;-) humans. Do we stage races between machines and humans? No, we race machines against (similar) machines and humans against humans, and nobody feels shame because some machine can run faster.

    As soon as a computer can routinely beat a human at chess, we will give up machine-human chess competitions in the same way, and we will only compete with each other. Just like running and other competitions where we would always lose.