But is not very good for the community when people do this, so I am looking at a way that GPL 3 could require publication in this case.
Great. Just great. So now we might end up with 2^(number of clauses) derivatives of the GPL itself?
I hereby propose that all GPL applications be released under GPLv3_$number, where $number is equivalent to treating the list of acceptable restrictive clauses as a bitfield. Want to know if you can link to a library? Examine its "damage bits" to see if they're compatible with your current license. If not, then consider ORing its bits with yours and re-releasing your project under the newly-resulting GPLv3_$number2 to make it all legal.
Of course, this means that after about two generations of software development, every single minor application and library in existence will come to possess every damage bit out of necessity. Microsoft will be flouting their Shared Source license as a Free alternative to the "proprietary GPL". Pigs will fly. Monkeys will pen Shakespeare.
Man, I'm usually an RMS fanboy, but this just sucks.
So if a web application has such functionality, it can be released under a license that requires that functionality be kept, and that license would still be compatible with the GPL.
Crud. I think you're right. The FSF seems to have this fascination with "invariant sections", even though the rest of the planet thinks they are fundamentally non-Free.
If this draft is accepted, it looks like I'll be using GPLv2 (and v2 only) from now on. This whole thing reeks of second-system effect and I'd rather not have anything to do with it.
There's been much debate for and against allowing people to "publish" modified GPLed web applications without releasing the source. For example, phpBB is released under the GPL, and some believe that you should be required to make any changes to it available to your site visitors.
I didn't see any wording in the draft that addresses this issue either way; every time I thought I did, I found the same or similar wording in version 2. So, is it in there? Will it affect how we publish web applications?
How about a router with a firewall and the slightest bit of common sense?
It works here even with Windows XP.
Sweet! What firewall are you using that protects against the much-discussed WMF attacks? Malicious, encrypted instant messaging packets? Because I'd have an easy time convincing my boss to take a look at such a thing, if it actually existed.
Firwalls address one attack vector. If you believe that's the only one that counts, you're deluding yourself.
but that there aren't the hoardes of people gunning to find them like there are in Microsoft (aka the evil empire) products.
That's the same reason there haven't been massive exploits for Apache. Even though it has over two-thirds market share, every script kiddie loves F/OSS to the point that they'd never attack it, ever. Same for Internet Explorer - it's only attacked more often than Firefox because it has a bigger market share and every cracker on the planet just plain loves Firefox.
Right.
In the real world, there's a lot of street cred to be earned by being the first to 0wn a network of Macs, and yet no one - not one single cracker anywhere - seems to be up to the challenge. Gee, what terrific luck on Apple's part!
From the article: "[...] a 21 year veteran [...]". Do you see the word "old" in there anywhere? No. His career was twenty one years old, but presumably he himself was significantly older.
And I doubt the harm he caused affected anyone's bonus. It probably took the company a few manhours to recover the data from backup, and it cost the person who was affected a day's work at most.
You didn't RTFA. The company outsourced their administration to IBM, and IBM handed the company a bill for $20K for the cleanup. Whether that bill is reasonable is another story, but by all accounts the company directly lost over twenty thousand dollars from its coffers.
Besides, how exactly does sending him to jail give the company any of the money back?
It doesn't. The court-ordered restitution is giving the company its money back.
Can you give a better Christmas bonus because you sent him to jail?
No, but I can be happy that a common vandal is off the street.
See, I'm personally not a big fan of white-collar crime. I know some people want to look the other way, but I don't think crime is OK just because the target isn't an individual. I'm kind of funny that way.
Isn't Christmas the time of forgiveness?
Sure. I hereby forgive you for commenting without having a firm grasp on the situation.
I don't think so. The intervals were too close to exactly one second. Besides, other people on the NTP pool mailing list saw the same behavior from certain specific clients.
As I understand it from friends who still put up with their shit, they still have the same 16-bit components, only two software developers are on staff, they have made NO new features, they have cancelled an alternate version of the product they were developing, and they still retain customers for only 18 months when they discover that the product (which sells for $250K to $7.5million depending on options and scale of implementation) is slow and does not deliver what they promise.
What's the weather like in Lindon, UT? Did you work at the company when it was still Caldera?
This person here didn't harm anyone. He harmed a company.
On behalf of everyone who works at companies to give Christmas bonuses based on the last year's profit: kiss my ass.
No, really.
You say "a company" as if it wasn't a legal construct that pays people to do work for it. If the company loses money, then there's that much less money for bonuses, raises, insurance, etc. I don't know the particulars of this particular organization, but I do know that if you caused my boss to lose $20,000, my life and that of my coworkers would be measurable less good for a while.
He did harm an inanimate object. He harmed a group of people that had trusted him. I have absolutely zero sympathy for scum like that.
The problem with dumping unwanted NTP traffic is that the clients do not necessarily respect ntpd's 'bugger off' responses like a 'kiss off death' packet.
Ain't that the truth.
Blocking some clients simply causes them to increase their polling rate !
Ugh. But surely they wouldn't increase to more than once per second... would they?
I wish that ntpd would keep track of who it sent a KOD to and start ignore all packets from them (which I thought it was supposed to do now, but it doesn't). That would cut my packet traffic nearly in half, and eventually I'd hope that the ignored clients would wander off and find someone else to pester.
BTW ISC simply hosts the ntpd project, it does not run it.
Oops! You added that one by mistake. See, if they had any desire to harm you, then they would have done so before they gave their notice. They knew they were leaving on a certain date, even if you didn't, and had plenty of time to plan for it.
Fire a guy? Sure, escort him out. If he's voluntarily leaving, though, the whole exercise is pointless.
I added my server to the pool for a while, but quit after a couple of months. The problem I had was the number of wildly misconfigured clients that were killing my system by polling every second. ISC's ntpd has options that sound like they would limit these abuses, but they never had any effect at all; tcpdump would show that I was cheerfully answering request after request after request from the same group of idiot machines.
Some people went as far as to write scripts that would add bad clients to the server's firewall rules. However, given that every other service I run has some mechanism or another to limit abuse, I didn't want to enable such a system for just this one relatively minor daemon.
ISC: please give ntpd a working way to automatically ignore broken clients! I'm more than happy to offer my little machine to provide a worthy public service, but watching my server grind down as it answers 600 packets per second - 99% (literally) from the same small pool of machines - was enough to make me withdraw.
By the way, I quit by simply removing my server from the DNS pool. Machines still synced to my server are welcome to remain there as long as they follow reasonable etiquette, but I won't be advertising for new clients in the near future.
Try architecture. I have a buddy whose class is full of Mac geeks who swear by Apple products for everything tech, but they all have to own PCs because none of the software they need other than the Adobe products is available to them on the Mac.
Try Unix administration. I have a buddy who swears by Windows on the desktop, but he has to use a Linux box because none of the software he needs other than an SSH client is available to him on Windows.
As long as we're making up niche anecdotes, I figured we all might as well jump in.
You can't use it to get into the exact box you want to, just into a random box that perhaps picks up your WMF from a webpage, or displayed in an application.
In other news, Pensiltucky Community College has not yet built a scanning tunneling microscope. The Board of Regents, Bill and Pete, blame it on their lack of a good football team, and not on the fact that their tiny school doesn't have a physics degree program.
Python is portable, too. But it's still possible to write non-portable code, such as Windows programs that call COM objects, or Unix programs that create device nodes.
Basically, if you stick with the core modules and don't hardcode pathnames or do other bad things, then your programs will be portable. Venture past that, just as with any other language, and all bets are off.
The reason that drove me nuts, though, is that you had to handle objects returned from a function differently than objects you created in the same scope:
Of course, you could always deference $a into another variable and access it that way instead, but that's the sort of "throwing extra code at it" that I meant.
I'm not saying Perl is bad. A lot of people use it to do lots of things. For me, though, the warts eventually overwhelmed the pearls and I went looking elsewhere.
The problem I have with that is I can count the number of times I've needed to copy a Python object with one hand (and still have fingers left), but I seemed to be forced into dereferencing Perl objects all the dang time.
So ignoring the ridiculous 'without dereferencing' restriction:
Erm, no. I gave a fairly common real-life example of something most people would like to be able to easily do, but can't with Perl (without throwing more code at the problem). If you know of a similar problem caused by Python's structure, I'd be quite happy to look at it.
I like (good) static typing precisely because it saves me effort
Many of us - both beginners and not-so-beginners - like dynamic typing for the exact opposite reason: things that would be errors in statically typed languages are perfectly acceptable in dynamic language. Implicit, pervasive polymorphism can let you create some very robust code in a relatively short amount of time. Writing "foo_int", "foo_string", "foo_float", etc. gets a little old, even if it does give you some explicit guarantees about the data you're manipulating.
Great. Just great. So now we might end up with 2^(number of clauses) derivatives of the GPL itself?
I hereby propose that all GPL applications be released under GPLv3_$number, where $number is equivalent to treating the list of acceptable restrictive clauses as a bitfield. Want to know if you can link to a library? Examine its "damage bits" to see if they're compatible with your current license. If not, then consider ORing its bits with yours and re-releasing your project under the newly-resulting GPLv3_$number2 to make it all legal.
Of course, this means that after about two generations of software development, every single minor application and library in existence will come to possess every damage bit out of necessity. Microsoft will be flouting their Shared Source license as a Free alternative to the "proprietary GPL". Pigs will fly. Monkeys will pen Shakespeare.
Man, I'm usually an RMS fanboy, but this just sucks.
Crud. I think you're right. The FSF seems to have this fascination with "invariant sections", even though the rest of the planet thinks they are fundamentally non-Free.
If this draft is accepted, it looks like I'll be using GPLv2 (and v2 only) from now on. This whole thing reeks of second-system effect and I'd rather not have anything to do with it.
I didn't see any wording in the draft that addresses this issue either way; every time I thought I did, I found the same or similar wording in version 2. So, is it in there? Will it affect how we publish web applications?
Poor Willy. For want of an emoticon, Shakespeare's works were lost. If only he could have written:
Just think of the treasures we've discarded because humans can't recognize irony or humor!
It works here even with Windows XP.
Sweet! What firewall are you using that protects against the much-discussed WMF attacks? Malicious, encrypted instant messaging packets? Because I'd have an easy time convincing my boss to take a look at such a thing, if it actually existed.
Firwalls address one attack vector. If you believe that's the only one that counts, you're deluding yourself.
Thanks for the spoiler. Not all of us have read the books yet, let alone seen the movies they were based on.
That's the same reason there haven't been massive exploits for Apache. Even though it has over two-thirds market share, every script kiddie loves F/OSS to the point that they'd never attack it, ever. Same for Internet Explorer - it's only attacked more often than Firefox because it has a bigger market share and every cracker on the planet just plain loves Firefox.
Right.
In the real world, there's a lot of street cred to be earned by being the first to 0wn a network of Macs, and yet no one - not one single cracker anywhere - seems to be up to the challenge. Gee, what terrific luck on Apple's part!
From the article: "[...] a 21 year veteran [...]". Do you see the word "old" in there anywhere? No. His career was twenty one years old, but presumably he himself was significantly older.
You didn't RTFA. The company outsourced their administration to IBM, and IBM handed the company a bill for $20K for the cleanup. Whether that bill is reasonable is another story, but by all accounts the company directly lost over twenty thousand dollars from its coffers.
Besides, how exactly does sending him to jail give the company any of the money back?
It doesn't. The court-ordered restitution is giving the company its money back.
Can you give a better Christmas bonus because you sent him to jail?
No, but I can be happy that a common vandal is off the street.
See, I'm personally not a big fan of white-collar crime. I know some people want to look the other way, but I don't think crime is OK just because the target isn't an individual. I'm kind of funny that way.
Isn't Christmas the time of forgiveness?
Sure. I hereby forgive you for commenting without having a firm grasp on the situation.
I don't think so. The intervals were too close to exactly one second. Besides, other people on the NTP pool mailing list saw the same behavior from certain specific clients.
What's the weather like in Lindon, UT? Did you work at the company when it was still Caldera?
On behalf of everyone who works at companies to give Christmas bonuses based on the last year's profit: kiss my ass.
No, really.
You say "a company" as if it wasn't a legal construct that pays people to do work for it. If the company loses money, then there's that much less money for bonuses, raises, insurance, etc. I don't know the particulars of this particular organization, but I do know that if you caused my boss to lose $20,000, my life and that of my coworkers would be measurable less good for a while.
He did harm an inanimate object. He harmed a group of people that had trusted him. I have absolutely zero sympathy for scum like that.
Ain't that the truth.
Blocking some clients simply causes them to increase their polling rate !
Ugh. But surely they wouldn't increase to more than once per second... would they?
I wish that ntpd would keep track of who it sent a KOD to and start ignore all packets from them (which I thought it was supposed to do now, but it doesn't). That would cut my packet traffic nearly in half, and eventually I'd hope that the ignored clients would wander off and find someone else to pester.
BTW ISC simply hosts the ntpd project, it does not run it.
I hadn't realized that. Thanks for the info.
Oops! You added that one by mistake. See, if they had any desire to harm you, then they would have done so before they gave their notice. They knew they were leaving on a certain date, even if you didn't, and had plenty of time to plan for it.
Fire a guy? Sure, escort him out. If he's voluntarily leaving, though, the whole exercise is pointless.
Some people went as far as to write scripts that would add bad clients to the server's firewall rules. However, given that every other service I run has some mechanism or another to limit abuse, I didn't want to enable such a system for just this one relatively minor daemon.
ISC: please give ntpd a working way to automatically ignore broken clients! I'm more than happy to offer my little machine to provide a worthy public service, but watching my server grind down as it answers 600 packets per second - 99% (literally) from the same small pool of machines - was enough to make me withdraw.
By the way, I quit by simply removing my server from the DNS pool. Machines still synced to my server are welcome to remain there as long as they follow reasonable etiquette, but I won't be advertising for new clients in the near future.
Try Unix administration. I have a buddy who swears by Windows on the desktop, but he has to use a Linux box because none of the software he needs other than an SSH client is available to him on Windows.
As long as we're making up niche anecdotes, I figured we all might as well jump in.
That's amazing! That's the first digit of the combination on my luggage!
Yep, that'd be impossible.
In other news, Pensiltucky Community College has not yet built a scanning tunneling microscope. The Board of Regents, Bill and Pete, blame it on their lack of a good football team, and not on the fact that their tiny school doesn't have a physics degree program.
Basically, if you stick with the core modules and don't hardcode pathnames or do other bad things, then your programs will be portable. Venture past that, just as with any other language, and all bets are off.
Of course, you could always deference $a into another variable and access it that way instead, but that's the sort of "throwing extra code at it" that I meant.
I'm not saying Perl is bad. A lot of people use it to do lots of things. For me, though, the warts eventually overwhelmed the pearls and I went looking elsewhere.
Ummm, Dude, yes it does.
Guido seemed to be discussing dynamic versus static typing, not weak vs. strong.
In what way? I thought it was pretty consistent.
It gets worse if you want to do stuff to subpatterns or do replacing if I recall correctly.
Subpatterns:
Replacing:
It's a different access pattern than Perl, but I think it's pretty much equally easy to use.
In python you have to be explicit to copy.
The problem I have with that is I can count the number of times I've needed to copy a Python object with one hand (and still have fingers left), but I seemed to be forced into dereferencing Perl objects all the dang time.
So ignoring the ridiculous 'without dereferencing' restriction:
Erm, no. I gave a fairly common real-life example of something most people would like to be able to easily do, but can't with Perl (without throwing more code at the problem). If you know of a similar problem caused by Python's structure, I'd be quite happy to look at it.
Many of us - both beginners and not-so-beginners - like dynamic typing for the exact opposite reason: things that would be errors in statically typed languages are perfectly acceptable in dynamic language. Implicit, pervasive polymorphism can let you create some very robust code in a relatively short amount of time. Writing "foo_int", "foo_string", "foo_float", etc. gets a little old, even if it does give you some explicit guarantees about the data you're manipulating.