Jars embed date of creation - More Info Needed
on
Is Hushmail Still Safe?
·
· Score: 5, Insightful
Any developer that has worked closely with jar (zip) files should have immediately notice a possible issue with this announcement. If you use the jar tool to create a jar archive with its default options, it embeds a new MANIFEST.MF file which has a new creation time; therefore, you will get a different jar checksum even if you are archiving the same exact contents. It would have been simply possible that the Hushmail build process created a new jar file (with identical files) for each type of software distribution that they use. The only way we can be sure is to compare the file list and checksum for each file inside of the jar archives.
Sounds like the MPC level labels they tried using back around the time (1992) when I bought King's Quest VI. I think I may have gotten the upgrade from the floppy disk stack to the "new" version on CD-ROM for free.
The easiest thing to do would be to create an independent capability standard for cpu, sound, video, etc. like a simple DirectX release number. But, trying to keep pace with the actual power in our computers will get silly with all of the elements combined. What would we be at now, MPC Level 103?
The idea is just wishful thinking... Sorry, I didn't even bother reading the author's blog. If the law states that the prior art must be in a printed publication, then why would you think laywers and judges would accept prior art that was posted electronically at one time or another on someones blog or RSS feed? In any case, it is more difficult to prove date of publication on a document distributed over a network than a printed publication such as a newspaper, magazine, or journal.
If you are a full-on Free Software advocate and only care about writing free/open source software, then I can see why KDE/Qt is usually the best choice. On the other hand, if you are interested in commercial development, like myself, you need to look at pricing as well. If you only want to develop for Windows, then the "SDK" is free and the "IDE" can range from free to a couple of grand with a premium MSDN subscription. But Qt itself costs around $1780 to $6600 on a per developer basis depending on console/GUI one/two/three platform development. If you work for a company with any clout, you can probably cut that cost in half for either platform.
It is just my opinion, but I think the pricing for Qt is too high. I wonder how big the Linux Desktop "pie" could grow if we could all settle on Qt if it fell under LGPL or BSD? Trolltech's smaller piece of a bigger pie, might still be bigger than the one they have now. Putting GPL/Free Software asisde for a second, from a commercial perspective, I don't want a "new Microsoft" on the Linux Desktop. Perhaps someone with some cash could revive the Harmony Toolkit...
If it was just announced, I don't think a price has been set yet.
An IPO is an initial offer of stock for sale to the relatively general public -- primary market. Usually an equity syndicate team at one or more investment banks determine the best combination of price and quantity of shares to offer to maximize the capital raised for the company, while still making the value attractive to investors. Besides taking a cut of the capital raised, the banks might also buy some of the shares themselves before/after passing on the IPO offer to usually their most "valued" and "qualified" clients. If I remember correctly, the IPO for RedHat was $14 . If you don't get the "IPO", then you have to buy it once it opens on the open market -- the secondary market. If the stock is hot and has lots of hype, then it usually opens in the market much, much higher. It also technically shouldn't matter much if you buy 1 share for $100 or 10 shares at $10 each. It all depends on the perceived value per share. Other things to look at are earnings growth and/or dividends. I've enjoyed reading Jim Cramer's latest 2 books.
Disclaimer: This post is not an offer to buy or sell securities. Investing involves a lot of risk. You must determine for yourself your goals and risk tolerances... possibly with the help of a licensed financial services professional. I am not one, so please don't ask me!
As I replied for the previous Netscape RSS DTD article http://slashdot.org/comments.pl?sid=216818&cid=176 03480, caching DTDs from the network is not the answer if there is the possibility they will not be there in the future:
You are right. I wish I would have seen this article earlier so that I could have posted sooner -- and others to get to see the "solution"!
Ever since I started developing on a laptop during my commute, I discovered that XML-based programs like J2EE servers would simply stop working. I experienced the same thing at work where, by default, your desktop applications (namely Eclipse) do not have access to the internet, and the servers will never have access to the "Internet".
Yes, it is nice to see someone taking a shot at a standard supported by the community to rate (open source) software. From what I took in from the article and related documents, I could not see any concrete indication on how the data will be collected and owned except for inside an example evaluation for Mambo. The license for the example is the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. As it can be plainly seen, one of the sponsors is SpikeSource who has a vested interest in selling "certified" open-source software stacks and update services.
The questions that this project brings up, as well as potentially raise, are:
Who will be evaluating the software?
Who will own the evaluation data and what will its license be? (I'm thinking of reasoning behind freedb)
What if I want to sell my own software stack, and I'd like to give it a composite rating using contributed rating data? Am I out of luck because the data is owned by the openbrr partners?
Sure the rating matrix is open and standard, but what will be the mechanism in trust in the ratings? (How will we be able to determine the bias in the ratings? For example, what if JBoss contributed a rating for Apache Geronimo? Or more subtly, how would we trust a consulting company that is a "business partner" with MySQL to do a review on another database such as PostgreSQL?
Perhaps codeZoo being a partner in this effort is an indication that it could become the primary storage location for the rating data? Whoever is going to be the primary distributor for this information will be making a bid to eclipse all the other open-source software portals such as freshmeat.
My take is I won't be interested in participating in a community project where participant contributions are not freely redistributable.
It is true that OpenLDAP performed better in the test than Netscape across the interval from 1 client to 10 clients. But it does nothing to show the performance for 50, 100, 500, or 1000+ clients etc which would be more relevant of a test to verify other peoples' claims of the Netscape code quality.
This is yet another attempt at a SSO solution. It is not too hard to come up with a rough design for one. The main problem is getting a significant number of sites to use the same one. Otherwise, what is the use? Marketing/advocacy is needed for that.
Although I admit I have not tried it out yet, have people already forgotten about the Liberty Alliance Project? There already exists an open source implementation, SourceID. Why not contribute effort to working with that library? Or if you must have the enjoyment of writing your own implementation, why not at least try to be interoperable with an existing spec?
I feel like I need to provide another view of Eclipse. Using the built in 'Code Formatter' I have not had problems configuring tab and brace placement. Import/Export works fine if one pays attention to provided options.
Although I must say that through learning to develop a RCP application (Eclipse Rich Client Platform), the plug-in architecture seems well thought out, but does require a bit of study to figure out how to properly design an RSP app or just a plug-in.
As with any tool, it takes a bit of time and effort to learn it and to get it to perform to your liking.
Remote debugging for Java is built in as standard in both the SDK as well as Eclipse since as far as I can remember. Right next to where you create a "Java Application" run/debug configuration there is a template for "Remote Java Application". You'll need to add run parameters similar to "-Xrunjdwp:transport=dt_socket,server=y,suspend=y, address=4000 -Xdebug" for the application that is to be debugged.
I found the press release interesting because of my interest in using LDAP. But don't forget about also getting a solid certification authority. Anyone have any comments about existing open source CAs?
It simply depends on the project for which you are using a LDAP server. A project that I am interested in starting would require dyanmic changes to schema as well as security. At least for dynamic security changes, this is implemented in the Netscape directory I believe. On the other hand, you can check out Apple's Open Directory project that has patches for OpenLDAP.
Using stored procs and views properly sets up the interface and contract for data model access. Besides being able to push out data model changes without affecting the client-portion of the app, it will also:
Assist in setting up a test suite for the data portion of the application by itself
New or replacement clients can be developed without rewriting or copying SQL code
Although I agree with the possibility of exploits being inserted into the code, I don't think it would be too hard to catch any type of mathematical type defects. If the software development process is properly set up with unit and regression testing, flaws (existing or newly added) in execution of the mathematical models could be detected. Not to mention that fact that the final products would be tested before use.
Last time I checked, you can't arbitrarly define x and y data sets for multiple series for use in XY plots for the spreadsheet in OpenOffice. This is an issue if you want to plot data such as multiple financial time series plots.
OpenOffice still needs some polish and rework before some parts of it are usable. Take OpenOffice Calc for example if you have actually made more than a cursory test drive... Last time I tried, a month or so ago, you can't:
Have a chart as a standalone page.
Specifically define data series through selection.
Have a NICE looking graph.
These are reasons enough to not use OpenOffice for my purposes. Your mileage may vary. And yes... I've done a full non-solver build of OpenOffice to think about working on the spreadsheet. Have YOU TRIED to become an OpenOffice developer? Programming is my profession, not my hobby, so the time needed to understand the infrastructure of OpenOffice isn't my priority. I'll stick to MS Office presently, because I need these features now.
One thing that I have noticed and disliked about digital TV distribution, in my case digital cable, is the speed in which you can change the channels. I used to enjoy being able to flip through a couple of channels a second. Now it takes forever to find something okay to watch.
Even if AbiWord is missing some features you can find in other word processors such as OpenOffice, you still can take advantage of a program such as AbiWord for its size and speed. This can for applications such as a default viewer for a web browser when you might not want to wait for programs like OpenOffice to load for a quick preview view or whatever.
Slashdot Mirror
Any developer that has worked closely with jar (zip) files should have immediately notice a possible issue with this announcement. If you use the jar tool to create a jar archive with its default options, it embeds a new MANIFEST.MF file which has a new creation time; therefore, you will get a different jar checksum even if you are archiving the same exact contents. It would have been simply possible that the Hushmail build process created a new jar file (with identical files) for each type of software distribution that they use. The only way we can be sure is to compare the file list and checksum for each file inside of the jar archives.
Sounds like the MPC level labels they tried using back around the time (1992) when I bought King's Quest VI. I think I may have gotten the upgrade from the floppy disk stack to the "new" version on CD-ROM for free.
The easiest thing to do would be to create an independent capability standard for cpu, sound, video, etc. like a simple DirectX release number. But, trying to keep pace with the actual power in our computers will get silly with all of the elements combined. What would we be at now, MPC Level 103?
The idea is just wishful thinking... Sorry, I didn't even bother reading the author's blog. If the law states that the prior art must be in a printed publication, then why would you think laywers and judges would accept prior art that was posted electronically at one time or another on someones blog or RSS feed? In any case, it is more difficult to prove date of publication on a document distributed over a network than a printed publication such as a newspaper, magazine, or journal.
If you are a full-on Free Software advocate and only care about writing free/open source software, then I can see why KDE/Qt is usually the best choice. On the other hand, if you are interested in commercial development, like myself, you need to look at pricing as well. If you only want to develop for Windows, then the "SDK" is free and the "IDE" can range from free to a couple of grand with a premium MSDN subscription. But Qt itself costs around $1780 to $6600 on a per developer basis depending on console/GUI one/two/three platform development. If you work for a company with any clout, you can probably cut that cost in half for either platform.
Although I'm not doing anything now, the first thing I would use for a lean startup cross platform development is ACE with wxWidgets on Visual Studio Express or Eclipse with CDT.
It is just my opinion, but I think the pricing for Qt is too high. I wonder how big the Linux Desktop "pie" could grow if we could all settle on Qt if it fell under LGPL or BSD? Trolltech's smaller piece of a bigger pie, might still be bigger than the one they have now. Putting GPL/Free Software asisde for a second, from a commercial perspective, I don't want a "new Microsoft" on the Linux Desktop. Perhaps someone with some cash could revive the Harmony Toolkit...
If it was just announced, I don't think a price has been set yet.
An IPO is an initial offer of stock for sale to the relatively general public -- primary market. Usually an equity syndicate team at one or more investment banks determine the best combination of price and quantity of shares to offer to maximize the capital raised for the company, while still making the value attractive to investors. Besides taking a cut of the capital raised, the banks might also buy some of the shares themselves before/after passing on the IPO offer to usually their most "valued" and "qualified" clients. If I remember correctly, the IPO for RedHat was $14 . If you don't get the "IPO", then you have to buy it once it opens on the open market -- the secondary market. If the stock is hot and has lots of hype, then it usually opens in the market much, much higher. It also technically shouldn't matter much if you buy 1 share for $100 or 10 shares at $10 each. It all depends on the perceived value per share. Other things to look at are earnings growth and/or dividends. I've enjoyed reading Jim Cramer's latest 2 books.
Disclaimer: This post is not an offer to buy or sell securities. Investing involves a lot of risk. You must determine for yourself your goals and risk tolerances... possibly with the help of a licensed financial services professional. I am not one, so please don't ask me!
As I replied for the previous Netscape RSS DTD article http://slashdot.org/comments.pl?sid=216818&cid=176 03480, caching DTDs from the network is not the answer if there is the possibility they will not be there in the future:
/ resolver-article.html that helped me out. In addition, if you are using Eclipse with the web tools platform, you can customize the catalog so it resolves DTDs and entities locally. See http://wiki.eclipse.org/index.php/Using_the_XML_Ca talog.
The proper thing to do is for your application to use an XML catalog for resolving entities/URIs and bundle the DTD files with the application. There is a good article at http://xml.apache.org/commons/components/resolver
There is no need to host the DTDs on an actual server. I usually copy all the DTDs I need into a subdirectory of my application's installation path. See my original post at http://slashdot.org/comments.pl?sid=216818&cid=176 03580, or a great article on entity and DTD resolving at http://xml.apache.org/commons/components/resolver/ resolver-article.html.
Resolving DTDs and entities in XML parsing does work like CLASSPATHs in Java. Applications need to properly set up an XML catalog which tells the parser to look in a local store before the Internet for certain URIs. Please see my earlier post at http://slashdot.org/comments.pl?sid=216818&thresho ld=0&commentsort=0&mode=nested&cid=17603480. Or jump straight to Norman Walsh's informative paper at http://xml.apache.org/commons/components/resolver/ resolver-article.html.
You are right. I wish I would have seen this article earlier so that I could have posted sooner -- and others to get to see the "solution"!
/ resolver-article.html that helped me out. In addition, if you are using Eclipse with the web tools platform, you can customize the catalog so it resolves DTDs and entities locally. See http://wiki.eclipse.org/index.php/Using_the_XML_Ca talog.
Ever since I started developing on a laptop during my commute, I discovered that XML-based programs like J2EE servers would simply stop working. I experienced the same thing at work where, by default, your desktop applications (namely Eclipse) do not have access to the internet, and the servers will never have access to the "Internet".
The proper thing to do is for your application to use an XML catalog for resolving entities/URIs. There is a good article at http://xml.apache.org/commons/components/resolver
Did you try converting YAHOO to actual digits that would have been dialed on a phone?
Yes, it is nice to see someone taking a shot at a standard supported by the community to rate (open source) software. From what I took in from the article and related documents, I could not see any concrete indication on how the data will be collected and owned except for inside an example evaluation for Mambo. The license for the example is the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License. As it can be plainly seen, one of the sponsors is SpikeSource who has a vested interest in selling "certified" open-source software stacks and update services.
The questions that this project brings up, as well as potentially raise, are:
My take is I won't be interested in participating in a community project where participant contributions are not freely redistributable.
It is true that OpenLDAP performed better in the test than Netscape across the interval from 1 client to 10 clients. But it does nothing to show the performance for 50, 100, 500, or 1000+ clients etc which would be more relevant of a test to verify other peoples' claims of the Netscape code quality.
This is yet another attempt at a SSO solution. It is not too hard to come up with a rough design for one. The main problem is getting a significant number of sites to use the same one. Otherwise, what is the use? Marketing/advocacy is needed for that.
Although I admit I have not tried it out yet, have people already forgotten about the Liberty Alliance Project? There already exists an open source implementation, SourceID. Why not contribute effort to working with that library? Or if you must have the enjoyment of writing your own implementation, why not at least try to be interoperable with an existing spec?
I feel like I need to provide another view of Eclipse. Using the built in 'Code Formatter' I have not had problems configuring tab and brace placement. Import/Export works fine if one pays attention to provided options.
Although I must say that through learning to develop a RCP application (Eclipse Rich Client Platform), the plug-in architecture seems well thought out, but does require a bit of study to figure out how to properly design an RSP app or just a plug-in.
As with any tool, it takes a bit of time and effort to learn it and to get it to perform to your liking.
Remote debugging for Java is built in as standard in both the SDK as well as Eclipse since as far as I can remember. Right next to where you create a "Java Application" run/debug configuration there is a template for "Remote Java Application". You'll need to add run parameters similar to "-Xrunjdwp:transport=dt_socket,server=y,suspend=y, address=4000 -Xdebug" for the application that is to be debugged.
Although it displays the attribute name, which sometimes isn't descriptive "enough," you might want to check out JXplorer, which I use.
I found the press release interesting because of my interest in using LDAP. But don't forget about also getting a solid certification authority. Anyone have any comments about existing open source CAs?
It simply depends on the project for which you are using a LDAP server. A project that I am interested in starting would require dyanmic changes to schema as well as security. At least for dynamic security changes, this is implemented in the Netscape directory I believe. On the other hand, you can check out Apple's Open Directory project that has patches for OpenLDAP.
Using stored procs and views properly sets up the interface and contract for data model access. Besides being able to push out data model changes without affecting the client-portion of the app, it will also:
Although I agree with the possibility of exploits being inserted into the code, I don't think it would be too hard to catch any type of mathematical type defects. If the software development process is properly set up with unit and regression testing, flaws (existing or newly added) in execution of the mathematical models could be detected. Not to mention that fact that the final products would be tested before use.
Last time I checked, you can't arbitrarly define x and y data sets for multiple series for use in XY plots for the spreadsheet in OpenOffice. This is an issue if you want to plot data such as multiple financial time series plots.
My problem with the data series selection is that you can't arbitrarly define x and y data sets for multiple series for use in XY plots.
OpenOffice still needs some polish and rework before some parts of it are usable. Take OpenOffice Calc for example if you have actually made more than a cursory test drive... Last time I tried, a month or so ago, you can't:
These are reasons enough to not use OpenOffice for my purposes. Your mileage may vary. And yes... I've done a full non-solver build of OpenOffice to think about working on the spreadsheet. Have YOU TRIED to become an OpenOffice developer? Programming is my profession, not my hobby, so the time needed to understand the infrastructure of OpenOffice isn't my priority. I'll stick to MS Office presently, because I need these features now.
One thing that I have noticed and disliked about digital TV distribution, in my case digital cable, is the speed in which you can change the channels. I used to enjoy being able to flip through a couple of channels a second. Now it takes forever to find something okay to watch.
Even if AbiWord is missing some features you can find in other word processors such as OpenOffice, you still can take advantage of a program such as AbiWord for its size and speed. This can for applications such as a default viewer for a web browser when you might not want to wait for programs like OpenOffice to load for a quick preview view or whatever.