1. Firefox is not GPL, it is MPL and these licenses are not the same although both are open source.
2. There is no reason why you cannot be paid for making GPL'd (Free) software, many people are.
The real reason why there is a difference between Open Source and Free Software is that Free Software is more of an ethical philosophy. Open Source is a practical, technical and business strategy.
"This software will work better and be developed faster if people can modify its source and are free to redistribute it."
"Software is information that belongs to all people and it is wrong to restrict who can use it, learn from it and distribute improved versions of it"
What's wrong with them branching out? It's not as if selling CDs of their own distribution is challenging at all, and for most of us they are pretty much useless since it is already easier in most cases for us to install them over the network.
If all of a distribution's engineers are busy writing their names on teddy bears instead of doing release engineering then I agree that's bad. But there is no reason why they couldn't hire extra people to do that stuff and still make a small profit.
When did open source start taking itself so seriously..
This is in every way wrong. If that damn company can't make mail software it's their problem. They don't have anything to do with us who just try to block spam.
The way I see it, Ian/Orbz was criminally negligent for using a test that he knew (because he already reported the problem hismelf) would crash unpatched Domino servers.
What's more, he knew that that particular test never worked on Domino servers.
IMHO at the very least he should have skipped that check for Domino servers.
Now, I am not arguing against the fact that Domino admins should be clueful enough to apply the appropriate patches, but some blame has to lie with Ian/Orbz for negligent behaviour.
I would consider it appropriate that Ian/Orbz be fined in order to serve as some form of encluement. The other guys have already had their encluement in the form of downtime.
I am not advocating destroying Ian's livelihood nor would I wish to see Orbz die, but IMHO under a fair legal system, once some blame is apportioned then it has to be accounted for.
People who run DNSBL-style services have a duty to be good Internet citizens just as much as the corporate sysadmins who run servers. This issue is very close to my heart since I am involved with Yet Another DNS-based Blocking Service myself.
If you back up the solid state with a hard disk, you can dump to disk when the battery gets too low.
You mean like this? We use a number of those here at $BIG_ISP for mail servers - put the queue directories and other temporary files on the RAM disk and the thing just flies, a CPU-limited mail system is indeed a nice thing.
Plug it into a UPS, should that die anyway then the internal batteries keep it alive long enough to write everything to disk for when the power comes back.
Assuming this isn't a troll, I would like to point out that use of the Internet is not a right.
This may lead to more ISPs blocking port 80 across the board, and that's regrettable. However those ISPs who only limit the service of incompetant users should be applauded.
Well, it's pretty bad news if you are a manager in a company and fought for using BSD.
My answer to these people is: Maybe you should have taken the money you saved by not buying Solaris, and spent it by allocating half of one of your developer's time to the FreeBSD project?
Supporting Open Source has to mean actually doing some coding somewhere, or there isn't any source to support. Who better to code the features than those who genuinely need to use them?
If you want to contribute to the development of the software then
please join the mailing list.
Agreed. The best reward an open source developer can hope for is that someone will be inspired by their work and join their cause. At the start that's worth more than a cheque for £20.
That doesn't have to be code contributions either. Participation in support lists, maintaining web sites and mailing list archives, publicity, documentation, all is really useful.
That really is asking a lot from a casual user though, and a cheque or a CD or a pizza is still infinitely better than nothing at all. But IMHO, if you want to show your appreciation, lend a hand.:)
Re:Hostmask hiding and Secure IRC
on
Secure IRC?
·
· Score: 1
But it is impossible to develop a hostmasking scheme that is one-size-fits-all.
In the AustNet example, the hash is deterministic, in that a hostname will always hash to the same vw-XXXX value. It is therefore possible for a patient attacker to observe people who switch off the masked mode and reveal their true addresses, and build a lookup table which can be later used on other people from the same ISP.
Worse than that is what happens when a user's IP address does not resolve to a host. Then only one quad of the IP is hidden, meaning that it really isn't too hard to hash every possible matching IP address (256) with every possible key (dunno about this, I've not read the source).
The answer to the above two is to use a non-deterministic hash (the same host will not always produce the same hash), but then that breaks bans and bots that recognise people by their (static) host.
There is no generic answer that is perfect, because people are used to being able to see hostnames on IRC and have moulded their activity to this ability. If IRC had not offered hostnames from the start this would not be a problem.
Re:All your Encryption are belong to us...
on
Secure IRC?
·
· Score: 1
Hmm, but isn't this just a slight modification of the statement, "The only people who would ever want strong encryption are criminals!" ?
Re:IRC can be fixed easily.
on
Secure IRC?
·
· Score: 1
However it is still possible (even with any ip address blocking) to determine a users address by using netstat on a shell.
With some form of "hostmasking" scheme, this is only possible if you can get the person to open a direct connection to yourself (e.g. by getting them into a DCC CHAT/SEND situation). So that is a question of user education.
Hostmasking as a security method has other more serious problems which I would actually love to discuss (as I am trying to implement this in a non-sucky way) but I fear that for this thread that'd be off-topic. Chat to me if you care, you can find me here.
The other problem is lag/netsplits.
What many people seem to ignore is that multiple servers are there to solve Internet connectivity issues, not to make them worse -- the theory being that a set of servers housed in large organisations under professional hosting conditions are more reliable than the path between any two domestic internet users.
If your network of choice has servers that split off all the time then those servers should not be there and are likely being used as penis extension tools by people running them off their own @home cable modem (when their mom doesn't need to reboot into win98 to use Word).
Consider that if your chosen network has 5 servers and one dies, your users can go to another server and resume conversation with the same people. If your network has one server and that dies, well, you work it out. In short, reducing the network down to one good server is only the answer when the other servers are lame.
Slashdot Mirror
1. Firefox is not GPL, it is MPL and these licenses are not the same although both are open source.
2. There is no reason why you cannot be paid for making GPL'd (Free) software, many people are.
The real reason why there is a difference between Open Source and Free Software is that Free Software is more of an ethical philosophy. Open Source is a practical, technical and business strategy.
"This software will work better and be developed faster if people can modify its source and are free to redistribute it."
"Software is information that belongs to all people and it is wrong to restrict who can use it, learn from it and distribute improved versions of it"
Match the statement with the concept.
What's wrong with them branching out? It's not as if selling CDs of their own distribution is challenging at all, and for most of us they are pretty much useless since it is already easier in most cases for us to install them over the network.
If all of a distribution's engineers are busy writing their names on teddy bears instead of doing release engineering then I agree that's bad. But there is no reason why they couldn't hire extra people to do that stuff and still make a small profit.
When did open source start taking itself so seriously..
The way I see it, Ian/Orbz was criminally negligent for using a test that he knew (because he already reported the problem hismelf) would crash unpatched Domino servers.
What's more, he knew that that particular test never worked on Domino servers.
IMHO at the very least he should have skipped that check for Domino servers.
Now, I am not arguing against the fact that Domino admins should be clueful enough to apply the appropriate patches, but some blame has to lie with Ian/Orbz for negligent behaviour.
I would consider it appropriate that Ian/Orbz be fined in order to serve as some form of encluement. The other guys have already had their encluement in the form of downtime.
I am not advocating destroying Ian's livelihood nor would I wish to see Orbz die, but IMHO under a fair legal system, once some blame is apportioned then it has to be accounted for.
People who run DNSBL-style services have a duty to be good Internet citizens just as much as the corporate sysadmins who run servers. This issue is very close to my heart since I am involved with Yet Another DNS-based Blocking Service myself.
If you back up the solid state with a hard disk, you can dump to disk when the battery gets too low.
You mean like this? We use a number of those here at $BIG_ISP for mail servers - put the queue directories and other temporary files on the RAM disk and the thing just flies, a CPU-limited mail system is indeed a nice thing.
Plug it into a UPS, should that die anyway then the internal batteries keep it alive long enough to write everything to disk for when the power comes back.
Not cheap, though.
Assuming this isn't a troll, I would like to point out that use of the Internet is not a right.
This may lead to more ISPs blocking port 80 across the board, and that's regrettable. However those ISPs who only limit the service of incompetant users should be applauded.
Well, it's pretty bad news if you are a manager in a company and fought for using BSD.
My answer to these people is: Maybe you should have taken the money you saved by not buying Solaris, and spent it by allocating half of one of your developer's time to the FreeBSD project?
Supporting Open Source has to mean actually doing some coding somewhere, or there isn't any source to support. Who better to code the features than those who genuinely need to use them?
If you want to contribute to the development of the software then
:)
please join the mailing list.
Agreed. The best reward an open source developer can hope for is that someone will be inspired by their work and join their cause. At the start that's worth more than a cheque for £20.
That doesn't have to be code contributions either. Participation in support lists, maintaining web sites and mailing list archives, publicity, documentation, all is really useful.
That really is asking a lot from a casual user though, and a cheque or a CD or a pizza is still infinitely better than nothing at all. But IMHO, if you want to show your appreciation, lend a hand.
But it is impossible to develop a hostmasking scheme that is one-size-fits-all.
In the AustNet example, the hash is deterministic, in that a hostname will always hash to the same vw-XXXX value. It is therefore possible for a patient attacker to observe people who switch off the masked mode and reveal their true addresses, and build a lookup table which can be later used on other people from the same ISP.
Worse than that is what happens when a user's IP address does not resolve to a host. Then only one quad of the IP is hidden, meaning that it really isn't too hard to hash every possible matching IP address (256) with every possible key (dunno about this, I've not read the source).
The answer to the above two is to use a non-deterministic hash (the same host will not always produce the same hash), but then that breaks bans and bots that recognise people by their (static) host.
There is no generic answer that is perfect, because people are used to being able to see hostnames on IRC and have moulded their activity to this ability. If IRC had not offered hostnames from the start this would not be a problem.
Hmm, but isn't this just a slight modification of the statement, "The only people who would ever want strong encryption are criminals!" ?
However it is still possible (even with any ip address blocking) to determine a users address by using netstat on a shell.
With some form of "hostmasking" scheme, this is only possible if you can get the person to open a direct connection to yourself (e.g. by getting them into a DCC CHAT/SEND situation). So that is a question of user education.
Hostmasking as a security method has other more serious problems which I would actually love to discuss (as I am trying to implement this in a non-sucky way) but I fear that for this thread that'd be off-topic. Chat to me if you care, you can find me here.
The other problem is lag/netsplits.
What many people seem to ignore is that multiple servers are there to solve Internet connectivity issues, not to make them worse -- the theory being that a set of servers housed in large organisations under professional hosting conditions are more reliable than the path between any two domestic internet users.
If your network of choice has servers that split off all the time then those servers should not be there and are likely being used as penis extension tools by people running them off their own @home cable modem (when their mom doesn't need to reboot into win98 to use Word).
Consider that if your chosen network has 5 servers and one dies, your users can go to another server and resume conversation with the same people. If your network has one server and that dies, well, you work it out. In short, reducing the network down to one good server is only the answer when the other servers are lame.