Eh, give it a day or two. The whole system is there for the tweaking -- think of this as an incredibly powerful toolkit, and build the interface you want. If I don't write an ASDW navigation patch, someone will very soon.
...besides, it shouldn't take more than a few hours to get your head around the main Squeak concepts (odd as they are)... get codin'!
is that the one that caches *continuations* on disk?
No -- Seaside keeps the continuations in memory (just like lisp, ruby, python, perl6 [will], etc...). SISC Scheme and Kali Scheme are the ones that can persist continuations to disk. Or send them over the network to be invoked by a remote client. *bamf* ok, my brain just exploded.
I would jump at the chance to program my web apps in this way.
Ditto -- and I'm delighted to see others jumping first;-)
I live in hope someone will come up with a similar framework based around mod_python, but I'm not sure if python's continuations are quite good enough...
Seems likely. The meme is spreading, and it's funny how much sense continuations suddenly make when you consider the browser's "back" button and "open link in new window".
Here are some other languages and projects being discussed; note that (1) Python is mentioned as probably having good enough continuations, (2) You don't strictly need full continuations; Paul Graham metions this in his BBN talk about Viaweb.
That's a better question. But you can definitely do replication as long as your proxy server keeps session affinity (and since this is an easy-to-spot part of the URL, that's very doable). Also, one flavor of lisp (SISC?) can persist continuations to disk, so you could share them across servers.
Seaside would be all be fine and good if they only implemented it as an apache module rather than for some obscure Smalltalk-based webserver that nobody beyond a hobbyist with their own webserver is going to get a chance to use for real work.
Competitive advantage, baby. Wait, why am I posting this!?^U
Seriously, if they can build Viaweb and sell it to Yahoo (as Yahoo Stores) using a similar technique, I think you should be able to sell it to clients/bosses.
Specify the limitations of the product, but don't try to weasel out of liability by putting vague warnings about the use in life-critical applications.
Um, the actually-pretty-clear warnings about the unfitness of certain software products for life-critical applications are specifying the limitations of the product. Aren't they?
Releasing software shouldn't automatically burden me with unlimited liability -- I should be able to specify what I am willing to be liable for if you buy and use it as I say. Specifically, not in life-critical applications. Imagine someone suing the coders behind the Linux kernel for it locking up while controlling an aircraft. (Because, I dunno, someone plugged an i2o device into the cockpit dash..;-)
Of course, if you *read* the counter-argument you link to, you see that Schneier thinks this sort of contest is fine:
There are exceptions, but they are few and far between. The RSA challenges, both their factoring challenges and their symmetric brute-force challenges, are fair and good contests. These contests are successful not because the prize money is an incentive to factor numbers or build brute-force cracking machines, but because researchers are already interested in factoring and brute-force cracking. The contests simply provide a spotlight for what was already an interesting endeavor.
In this case, finding clever ways to factor ECCs is actually a number-theoretically interesting thing to do.
>...liquid sodium is spec'd because its[sic] non-corrosive
It's probably spec'd because it won't vaporize if there's a runaway reaction. Water has the unhappy disadvantage of turning into steam at those temperatures, and steam can make things go boom.
Most of the ISPs with policies against wireless NATing seem to turn a blind eye to it most of the time anyhow, though.
Timothy, that strikes me as a very irresponsible attitude in matters such as this. Didn't we say that about filesharing a year or two ago? Here at least is a case where we can vote with our patronage to companies that have good policies now, so they'll be around tomorrow when others have stopped turning a blind eye to it.
> I'm a web developer for a site with a varied, highly technical audience, and routinely test in a rather obscene number of browsers/platforms (17+ combinations, including Lynx, OmniWeb and other "obscure" ones), with success (i.e. readability and successful funcationality)
Yow, your dedication is impressive!
> but only rarely does the w3 html checker return a "valid" result to these pages.
Well naturally; since each browser/platform has its own idea of what a "valid" page is, it will differ from the official w3 standard. That's exactly the problem.
> When pages are generated by scripts (like/.) and combine (sometimes) bizarre fragments of machine-generated output, the idea of a perfect page every time just insn't practically possible.
On the contrary! Scripts and other machine-generated code are the way to ensure valid output at all times -- that's one of the (few) good reasons for the XML hype. Sure, you *can* produce invalid garbage from scripts, but it can be much easier to be sure you're only generating valid code from scripts.
> This should not be an automatic assumption that the code is not standards-compliant.
Of course it should be -- how else should we define "standard"? If we define it in terms of MSIE or Lynx or Opera or Mozilla, we give up all the benefits of open, reliable standards in favor of proprietary, error-prone, specification-by-implementation nonsense. We can and should do better!
There's a world of difference between "standards-compliant" and "seems to work with the browsers I tested". The latter (plus market dominance) is how Microsoft keeps winning the game. But MS is Goliath; we can't hope to win using that strategy. Standards-compliance is the way OSS must always go to win.
Yeah, especially since/.doesn't validate as proper HTML. Slashdot is one of the premier OSS sites; if we don't follow the standards, why should anyone else?
Re: Artistic and Theft are not mutually exclusive
on
Mashed-Up Music
·
· Score: 5, Insightful
... distributing someone else's musical creations (albeit in an altered form) without permission [is] still theft.
No, it's illegal distribution of a copyrighted work. Theft involves the removal of property from its owner. The lay term "intellectual property" isn't legally the same sort of thing as material property.
Like many technologies, there's a lot of potential here, both good and bad. But it's not just stores that want products to have RF tags -- consumers could benefit greatly from them. What's needed is just enough cooperation with the stores to allow a handoff of the "ownership" of those tags; this would protect my privacy once I've left the store, and make the tags useful to me once I own the product they're attached to.
I want a protocol that looks something like this:
BigStoreCo RF tags all its products, programming in a unique id, product info, and an unlock code [per item].
When I check out, the store's computer sends the unlock codes, along with useful information like product info and price I paid, for all the stuff I bought to my wallet's embedded computer (via RF, protected from evesdroppers by my public key).
My wallet (or when I get home, my house) reprograms all the tags with new unique ids and unlock codes, and stores them in my personal database.
Now my fridge tracks my food inventory. My trash can lets my house know when I'm down to the last pack of toilet paper. My wallet keeps an up-to-date shopping list in its tiny brain all the time, so when I'm out I know what I need.
I wholeheartedly agree that this is incorrect behavior, but as I tried to convince my devils-advocating self that it was a major security flaw, I kept losing.
If you click on a link to a binhex'd file, and it's an application, then normally it gets un-binhex'd for you. Well and good. Now what's the next thing you do? Without fail, it is to double-click on the decoded file. Not to check the file in any way, compare fingerprints or whatnot. You go and double-click the file, opening it up. If it's a trojan, you lose.
Some may argue "well, but what if it says it's a picture file, but turns out to be a trojaned app?" Doesn't matter; I can set the app's icon to look like that of a picture file, and you're just as screwed when you double-click on it.
So what about automating the double-click makes this a "huge security hole"? It seems like once you've downloaded the thing, you're already toast.
Please note that I'm not trying to gloss over the wrongness of the auto-launch, but rather to point out that we need some better form of security systemwide.
I agree, but that wasn't the question. I was pointing out that the article's precision could be improved by stating it was an x86 Linux release, rather than the more general and less precise "Linux".
Well, since Apple created it, the authority is theirs.
Just like the FSF's authority to place emacs under the GPL and forbid anyone else to distribute derived works under anything but the GPL comes from the fact that the FSF owns the code to emacs.
If you were going to do it ``for free,'' (since I can't think of a business model that makes sense for giving away free of-questionable-legality ROMs [of which I've grabbed several]), it seems like you could set up a Gnutella for the ROMs (heck, the emu community's probably ahead of me on this). Then you're paying cheapo for a dynamic web site to be the search engine, and the files are hosted out in the world.
What I'm getting at is, if you wanted to do these things as a hobby, I think you'd come up with inventive ways to make the cost managable.
That's true, but I specifically went for the virtual server. You really shouldn't need the whole machine to yourself for most of these sites. I have worked on dynamic sites sitting on a coloc'd virtual server, and it works great provided you're using a sane setup.
Here's a random hit off of google for colocation prices. That ``VPS Standard'' looks pretty reasonable, at $150 a month. We're talking $1800 a year, which honestly isn't that much if you have a so-called ``real job.''
They include Perl, {my,m,postgre}SQL, PHP4, 400 MB disk, free bandwitdth to multiple T3's, etc...
Slashdot Mirror
Eh, give it a day or two. The whole system is there for the tweaking -- think of this as an incredibly powerful toolkit, and build the interface you want. If I don't write an ASDW navigation patch, someone will very soon.
...besides, it shouldn't take more than a few hours to get your head around the main Squeak concepts (odd as they are)... get codin'!
Check out seaside for an even better idea.
No -- Seaside keeps the continuations in memory (just like lisp, ruby, python, perl6 [will], etc...). SISC Scheme and Kali Scheme are the ones that can persist continuations to disk. Or send them over the network to be invoked by a remote client. *bamf* ok, my brain just exploded.
Ditto -- and I'm delighted to see others jumping first ;-)
I live in hope someone will come up with a similar framework based around mod_python, but I'm not sure if python's continuations are quite good enough...
Seems likely. The meme is spreading, and it's funny how much sense continuations suddenly make when you consider the browser's "back" button and "open link in new window".
Here are some other languages and projects being discussed; note that (1) Python is mentioned as probably having good enough continuations, (2) You don't strictly need full continuations; Paul Graham metions this in his BBN talk about Viaweb.
Here's some links
That's a better question. But you can definitely do replication as long as your proxy server keeps session affinity (and since this is an easy-to-spot part of the URL, that's very doable). Also, one flavor of lisp (SISC?) can persist continuations to disk, so you could share them across servers.
Seaside would be all be fine and good if they only implemented it as an apache module rather than for some obscure Smalltalk-based webserver that nobody beyond a hobbyist with their own webserver is going to get a chance to use for real work.
Competitive advantage, baby. Wait, why am I posting this!?^U
Seriously, if they can build Viaweb and sell it to Yahoo (as Yahoo Stores) using a similar technique, I think you should be able to sell it to clients/bosses.
Um, the actually-pretty-clear warnings about the unfitness of certain software products for life-critical applications are specifying the limitations of the product. Aren't they?
Releasing software shouldn't automatically burden me with unlimited liability -- I should be able to specify what I am willing to be liable for if you buy and use it as I say. Specifically, not in life-critical applications. Imagine someone suing the coders behind the Linux kernel for it locking up while controlling an aircraft. (Because, I dunno, someone plugged an i2o device into the cockpit dash.. ;-)
There are exceptions, but they are few and far between. The RSA challenges, both their factoring challenges and their symmetric brute-force challenges, are fair and good contests. These contests are successful not because the prize money is an incentive to factor numbers or build brute-force cracking machines, but because researchers are already interested in factoring and brute-force cracking. The contests simply provide a spotlight for what was already an interesting endeavor.
In this case, finding clever ways to factor ECCs is actually a number-theoretically interesting thing to do.
> ...liquid sodium is spec'd because its[sic] non-corrosive
It's probably spec'd because it won't vaporize if there's a runaway reaction. Water has the unhappy disadvantage of turning into steam at those temperatures, and steam can make things go boom.
% set prompt="[%n@%m %c3] %% "
[me@here ~/devel/tcsh] %
I cringe when I see awk/shell/perl scripts fired off for each and every prompt... I mean, yes, computers are fast, but... yeech. ;)
Timothy, that strikes me as a very irresponsible attitude in matters such as this. Didn't we say that about filesharing a year or two ago? Here at least is a case where we can vote with our patronage to companies that have good policies now, so they'll be around tomorrow when others have stopped turning a blind eye to it.
Yow, your dedication is impressive!
> but only rarely does the w3 html checker return a "valid" result to these pages.
Well naturally; since each browser/platform has its own idea of what a "valid" page is, it will differ from the official w3 standard. That's exactly the problem.
> When pages are generated by scripts (like /.) and combine (sometimes) bizarre fragments of machine-generated output, the idea of a perfect page every time just insn't practically possible.
On the contrary! Scripts and other machine-generated code are the way to ensure valid output at all times -- that's one of the (few) good reasons for the XML hype. Sure, you *can* produce invalid garbage from scripts, but it can be much easier to be sure you're only generating valid code from scripts.
> This should not be an automatic assumption that the code is not standards-compliant.
Of course it should be -- how else should we define "standard"? If we define it in terms of MSIE or Lynx or Opera or Mozilla, we give up all the benefits of open, reliable standards in favor of proprietary, error-prone, specification-by-implementation nonsense. We can and should do better!
There's a world of difference between "standards-compliant" and "seems to work with the browsers I tested". The latter (plus market dominance) is how Microsoft keeps winning the game. But MS is Goliath; we can't hope to win using that strategy. Standards-compliance is the way OSS must always go to win.
> doesn't-that-burn-your-bottom
/. doesn't validate as proper HTML. Slashdot is one of the premier OSS sites; if we don't follow the standards, why should anyone else?
Yeah, especially since
Not really.
No, it's illegal distribution of a copyrighted work. Theft involves the removal of property from its owner. The lay term "intellectual property" isn't legally the same sort of thing as material property.
I want a protocol that looks something like this:
- BigStoreCo RF tags all its products, programming in a unique id, product info, and an unlock code [per item].
- When I check out, the store's computer sends the unlock codes, along with useful information like product info and price I paid, for all the stuff I bought to my wallet's embedded computer (via RF, protected from evesdroppers by my public key).
- My wallet (or when I get home, my house) reprograms all the tags with new unique ids and unlock codes, and stores them in my personal database.
Now my fridge tracks my food inventory. My trash can lets my house know when I'm down to the last pack of toilet paper. My wallet keeps an up-to-date shopping list in its tiny brain all the time, so when I'm out I know what I need.Just a thought,
If you click on a link to a binhex'd file, and it's an application, then normally it gets un-binhex'd for you. Well and good. Now what's the next thing you do? Without fail, it is to double-click on the decoded file. Not to check the file in any way, compare fingerprints or whatnot. You go and double-click the file, opening it up. If it's a trojan, you lose.
Some may argue "well, but what if it says it's a picture file, but turns out to be a trojaned app?" Doesn't matter; I can set the app's icon to look like that of a picture file, and you're just as screwed when you double-click on it.
So what about automating the double-click makes this a "huge security hole"? It seems like once you've downloaded the thing, you're already toast.
Please note that I'm not trying to gloss over the wrongness of the auto-launch, but rather to point out that we need some better form of security systemwide.
I agree, but that wasn't the question. I was pointing out that the article's precision could be improved by stating it was an x86 Linux release, rather than the more general and less precise "Linux".
...or is Linux only supposed to have closed-source software on one platform?
Well, since Apple created it, the authority is theirs.
Just like the FSF's authority to place emacs under the GPL and forbid anyone else to distribute derived works under anything but the GPL comes from the fact that the FSF owns the code to emacs.
If you were going to do it ``for free,'' (since I can't think of a business model that makes sense for giving away free of-questionable-legality ROMs [of which I've grabbed several]), it seems like you could set up a Gnutella for the ROMs (heck, the emu community's probably ahead of me on this). Then you're paying cheapo for a dynamic web site to be the search engine, and the files are hosted out in the world.
What I'm getting at is, if you wanted to do these things as a hobby, I think you'd come up with inventive ways to make the cost managable.
Asking out of curiousity, have you donated to them?
Sharing multiple T3's is going to be just fine. The mentality that every site needs its own T3, its own high-end server, etc., is just not accurate.
That's true, but I specifically went for the virtual server. You really shouldn't need the whole machine to yourself for most of these sites. I have worked on dynamic sites sitting on a coloc'd virtual server, and it works great provided you're using a sane setup.
Granted, but how much $ is that worth to you? Are they providing a service that you think you would pay for? Should PA be their full time job?
Besides which, I don't think they're in it for the money; it really is a hobby.
They include Perl, {my,m,postgre}SQL, PHP4, 400 MB disk, free bandwitdth to multiple T3's, etc...