All those topics and more would make great, interesting Slashdot headlines. But no, instead we get "MAME adds support for yet-another-coin-op-arcade-game". What world do you slashdot editors live in??
Re:Securing OpenSSL
on
Due Diligence?
·
· Score: 4, Interesting
My Debian box was updated no more than 24 hours after I read about the problem, requiring nothing more that an apt-get update on my part.
That's exactly the problem the parent poster was trying to highlight! Sure, you can blindly trust that the Debian servers are secure and un-trojanned and let apt-get install it without so much as checking a key signature. Even if you do configure apt to check the signature, it fetches the public key from the same server as the packages. Thus, an attacker can easily trojan your machine with man-in-the-middle or DNS attacks, sending you to an update site with a trojanned package signed with his own public key. If someone sneaks into the real debian servers, subverting apt-get is as easy as:
Upload new "developers" key signature.
Sign trojanned package with new signature.
Upload trojanned package.
and it's Game Over. Of course, Red Hat and Mandrake's solutions aren't much better. The key needs to be stored with a trusted entity like Verisign, which is how Windows Update and other commercial-grade updating systems ensure the integrity of their packages. You've never heard of Windows Update being trojanned, have you?
Still no specification
on
Ogg Vorbis 1.0
·
· Score: 0, Flamebait
A reference implementation is great and all, but until they get off their arses and release an exact specification of the Ogg format and codec, it's never going to take off. The reference decoder makes extensive use of floating point math, which is great for desktop systems, but absolutely unacceptable for portable devices of any sort. The only way to get an integer decoder right now is either to pay Xiph for their integer decoder (not bloody likely for most hardware companies; they don't have to pay to implement MP3, why should they pay for Ogg?) or to hack one together yourself. The latter option is infeasible until they get their act together and put out a specification.
Sure, someone could just work from the reference implementation, but then their decoder inherits any bugs or other faults of the original decoder, and "features" that weren't meant to be part of the specification become standard. This is not good software engineering, and Xiph is ensuring that Ogg will never be used outside of the circles of smelly Linux zealots who use it now.
A hash collision in a ReiserFS directory (where two filenames hash out to the same value) causes the older file to BE OVERWRITTEN without so much as a warning. This is a huge design error, and I can't believe they're pushing Reiser as a production-use filesystem. The only way to ensure you never lose data to hash collisions is to use the 'slowest' hash setting; the faster the hash function, the more likely it is to create collisions and leak data. I had a large project lost to a
Cook and DuPage counties in Illinois are attempting to deal with their Linux user problem by bombarding the geek population with PowerBooks and RealDolls. This will overwhelm the nerds' sensory organs, and inhibit their future open-source coding binges.
I was looking through the Mozilla source, and I nearly laughed my ass off
when I saw this bit of code in the XUL source:-) It's a cute little thing
that should make even the most die-hard Linux zealot crack a smile. It's only
compiled in Linux and FreeBSD builds by default, so if you're running Mozilla
on one of those platforms, fire it up and check this out:
Open any page in Mozilla.
Click on the little icon to the left of the URL in the address bar, and drag it onto the Bookmarks menu in the Personal Toolbar.
Hold it there until the text in the button changes colour.
Release the button.
Isn't that great?:-) It should work in all versions of Mozilla on Linux since 0.9.6, including 1.0RC1 and the newly released 1.0RC2.
Re:Titanium is also very flexible.
on
The Sexiest Metal
·
· Score: 4, Informative
The newer TiBooks are reinforced in order to prevent this bending problem. The first few runs of them (including my own) flop around to a dangerous degree unless you make sure to pick them up with both hands. If a CD or DVD's in its drive, you can hear it getting scuffed up by the drive hardware when it bends! Apple's "designer" computers have a history of problems in the first run (heat fissures in the plastic moulding of the G4 cubes come to mind). Be glad you weren't an early adopter:)
Titanium is also very flexible.
on
The Sexiest Metal
·
· Score: 5, Insightful
Titanium may be as strong as steel, but it's far easier to bend when cut thin. Anybody who has one of the titanium PowerBooks will attest to the fact that if you try to pick them up from one end, the thing will bend disturbingly. This is why you won't see titanium in kitchen sinks, silverware or anywhere else where the metal needs to be thin, strong, and unflexible. The only thing it has going over steel in these cases is buzzword compliance and price (if it's more expensive, it must be better!)
Since Sony admits that their product is designed to cause damage to your computer system, almost anyone would likely have a good lawsuit against them.
I'm fairly sure you are NOT a lawyer (no matter what pretentions you may hold), and it's probably not wise to be doling out what amounts to legal advice like that. Do you realise that, if someone were to read that, sue Sony and fail, they could hold you liable? Please think before you append your worthless commentaries to the article, or at least put those commentaries in the comments section so we can mod you down to (-1, Jackass). Thank you.
I have read the license, and it permits any and all modified versions to be released under the exact same license, as long as the modified versions are clearly labelled as such:
In return, we simply require that you agree:
[snip]
3. That if you distribute derivative works of the Software in source code form you do so only under a license that includes all of the provisions of this License, and if you distribute derivative works of the Software solely in object form you do so only under a license that complies with this License.
4, That if you have modified the Software or created derivative works, and distribute such modifications or derivative works, you will cause the modified files to carry prominent notices so that recipients know that they are not receiving the original Software. Such notices must state: (i) that you have changed the Software; and (ii) the date of any changes.
IANAL, but I see NOTHING in there that would prevent the creation and distribution of a Linux port. While it's certainly not the GPL, the license is more than adequate for its intended purpose: a reference implementation and educational tool. Please don't spread FUD like that.
Microsoft released their shared-source CLI and C# implementation a couple days ago. I've been playing with it on my FreeBSD box, and while it's hardly the Java killer Microsoft's making it out to be, it's an interesting piece of work. If you've got a spare FreeBSD or Windows XP box lying around, download the source, compile it and play around with it some; it's always nice to know something about the platform before you start bashing it mercilessly:-)
Satisfied, he'll glance around his burgeoning field. "But wait," he wonders, suddenly puzzled, "where did my dog go?" Fingers snap. "I must've forgot his GPS collar again!"
That's not the farmer's problem; he's just behind the times.
Netscape and AOL all do the same thing - the product is free
Because they are forced not to sell it.
Netscape doesn't sell it's product because Microsoft's illegal dumping of the Internet Explorer product onto the market flooded the market with a cheap alternative and changed the rules so that to succeed, competitors had to rely on a business model that included giving their product away. They failed. Netscape is dead; AOL bought them. The only commercial browser left is Opera, who subsists on the scraps of the market.
People have lived under Microsoft's monopoly so long that they've forgotten how competition was supposed to work. It's sad.
The states' call for an open-source version of Internet Explorer would destroy "any incentive for Microsoft to invest in the creation of such new versions," Microsoft said.
But they don't sell Internet Explorer. It's not a product. They don't make any money from it. Is Microsoft hereby admitting that IE is source code controlled as a way of manipulating Web standards in order to control the Internet? That they develop the product for free in order to drive competitors underwater?
I just loaded "alistapart.com", and like almost every other CSS page in existence, it was unreadable in my browser.
My problem is that I use 1600x1200 resolution on a notebook computer. It's what ships with my Dell. When I load pages like this in Internet Explorer, they load with eensy-weensy font sizes that I can't override without during on blind-man mode in Accessibility options, which makes all the CSS text run outside of boxes, rendering it unreadable.
For me personally, CSS and people like alistapart are busy ruining the Web and making it unreadable. I shouldn't need a magnifying glass to read the web. Fortunately, Slashdot still lets me impose user-selected font sizes, so it still looks beautiful.
Wish more people would catch on. Sadly, CSS appears to be taking over (especially on the blog scene), making people with nice computers Second Class Citizens.
URGENT: Massive Mozilla security hole discovered!
on
Socket-A Chipset Roundup
·
· Score: -1, Offtopic
I just got this in my mail, and I thought I should pass it on to my friends
on Slashdot (since I know a lot of you use Mozilla:-).
IMPORTANT: There is a huge security hole in all Mozilla builds that
was just discovered yesterday. By inserting a properly-constructed URL into an
XHTML source file with MIME type application/xml+xhtml, arbitrary code can be
run as the client user on his machine. This hole exploits a known bug in
Mozilla's xml parser, that doesn't properly handle certain character entities
(e.g. &#nnn;). If the decimal number inside the character entity is greater
than 65535 (the maximum legal Unicode value), a buffer overflow is triggered
and arbitrary machine code can be inserted into the running process.
Luckily though, the fix is small, simple,
and can be automatically downloaded over the Internet, thanks to Mozilla's
XPI installation facilities. This patch is available from the Browser
Security page at data.com. Simply click the link, and after a short verification the fix
will install itself.
Please install their patch ASAP, before malicious hackers wipe Mozilla off
the web!
Isn't open-source grand? Had this been an Internet Explorer exploit,
we wouldn't even know of its existence until about a month after sKr1p7 k1dd1eZ started hacking with it. I applaud the Mozilla team for promptly discovering
and disclosing this bug, and the fine folks at data.com for hosting the fix.
Am I the only one who was not at all impressed with the movie? Sure, the
visual effects were stunning and the cinematography was gorgeous, but overall
the movie just felt empty. The movie didn't show any real character
development or other basic storytelling premises. It was just one thing happening
after another over and over again for a full three hours, with little rhyme
or reason applied to the events. First they find the ring then they get
chased by ringwraiths then they meet Aragorn then they get chased by ringwraiths
again then Frodo gets sick then they go to Rivendale then.... you get the picture.
This sort of filmmaking works wonders for popcorn action movies like Mission
Impossible and the Jackie Chan movie du jour, but I was honestly expecting
more of the greatest fantasy works of the twentieth century.
...then why are we seeing an explosion of decidely non-corporate, distributed technologies like P2P networks and online gaming? The Web has become little more than interactive television, that's for sure, but there is so much more to the Internet than HTTP and Flash ads. P2P services are the driving force behind the adoption of DSL, Cable and other Broadband. Online gaming with Quake et al. is only "corporate-controlled" in the sense that the games are made with corporate backing; the major fun of these online games comes from the people who participate in them.
People need to see beyond the Web; it may be the primary medium you look through when you open up Internet Explorer, but it's primacy is being quickly supplanted by new distributed technologies. Articles such as this are terribly short-sighted.
It's "naivete" with one T; it is not my fault your browser can't display Unicode characters for diaeresised i (ï) or accented e (é). And "celphone" has one L; look it up.
"So Flarners, please do us a favor and not brag about you "169" IQ, because the number seems like one that you probally would of made up anyhow.
"
Fine, I'll refrain from telling you that it's "would have".
"Oh and BTW since when is a CLI interface the only interface to spit out 'syntax errors'?? Gee, Windoze does this to me EVERYDAY. It's called a BSOD. Granted the CLI is not perfect, neither are the GUI interfaces that are in the most common OS's."
A general protection fault is quite a different thing from a syntax error. Commandline applications have the disadvantage of having both problems. No wonder you're an "underpaid" sysadmin, if you can't discern two completely different error types.
Slashdot Mirror
All those topics and more would make great, interesting Slashdot headlines. But no, instead we get "MAME adds support for yet-another-coin-op-arcade-game". What world do you slashdot editors live in??
- Upload new "developers" key signature.
- Sign trojanned package with new signature.
- Upload trojanned package.
and it's Game Over. Of course, Red Hat and Mandrake's solutions aren't much better. The key needs to be stored with a trusted entity like Verisign, which is how Windows Update and other commercial-grade updating systems ensure the integrity of their packages. You've never heard of Windows Update being trojanned, have you?Sure, someone could just work from the reference implementation, but then their decoder inherits any bugs or other faults of the original decoder, and "features" that weren't meant to be part of the specification become standard. This is not good software engineering, and Xiph is ensuring that Ogg will never be used outside of the circles of smelly Linux zealots who use it now.
Tell that to my missing /usr/local tree.
Slashdot cut off my comment! Anyway, you get the idea; don't use ReiserFS unless you don't mind occasionally having files disappear.
A hash collision in a ReiserFS directory (where two filenames hash out to the same value) causes the older file to BE OVERWRITTEN without so much as a warning. This is a huge design error, and I can't believe they're pushing Reiser as a production-use filesystem. The only way to ensure you never lose data to hash collisions is to use the 'slowest' hash setting; the faster the hash function, the more likely it is to create collisions and leak data. I had a large project lost to a
Cook and DuPage counties in Illinois are attempting to deal with their Linux user problem by bombarding the geek population with PowerBooks and RealDolls. This will overwhelm the nerds' sensory organs, and inhibit their future open-source coding binges.
- Open any page in Mozilla.
- Click on the little icon to the left of the URL in the address bar, and drag it onto the Bookmarks menu in the Personal Toolbar.
- Hold it there until the text in the button changes colour.
- Release the button.
Isn't that great?The newer TiBooks are reinforced in order to prevent this bending problem. The first few runs of them (including my own) flop around to a dangerous degree unless you make sure to pick them up with both hands. If a CD or DVD's in its drive, you can hear it getting scuffed up by the drive hardware when it bends! Apple's "designer" computers have a history of problems in the first run (heat fissures in the plastic moulding of the G4 cubes come to mind). Be glad you weren't an early adopter :)
Titanium may be as strong as steel, but it's far easier to bend when cut thin. Anybody who has one of the titanium PowerBooks will attest to the fact that if you try to pick them up from one end, the thing will bend disturbingly. This is why you won't see titanium in kitchen sinks, silverware or anywhere else where the metal needs to be thin, strong, and unflexible. The only thing it has going over steel in these cases is buzzword compliance and price (if it's more expensive, it must be better!)
This can't be real, seriously...
Microsoft released their shared-source CLI and C# implementation a couple days ago. I've been playing with it on my FreeBSD box, and while it's hardly the Java killer Microsoft's making it out to be, it's an interesting piece of work. If you've got a spare FreeBSD or Windows XP box lying around, download the source, compile it and play around with it some; it's always nice to know something about the platform before you start bashing it mercilessly :-)
Hey fuckhead, you can run the Linux JDK using OpenBSD's binary compatibility. HTH.
And, just like Google, Slashdot caved in like the little sissies they are.
Satisfied, he'll glance around his burgeoning field. "But wait," he wonders, suddenly puzzled, "where did my dog go?" Fingers snap. "I must've forgot his GPS collar again!"
That's not the farmer's problem; he's just behind the times.
A real precision farmer would have an AIBO.
Netscape and AOL all do the same thing - the product is free
Because they are forced not to sell it.
Netscape doesn't sell it's product because Microsoft's illegal dumping of the Internet Explorer product onto the market flooded the market with a cheap alternative and changed the rules so that to succeed, competitors had to rely on a business model that included giving their product away. They failed. Netscape is dead; AOL bought them. The only commercial browser left is Opera, who subsists on the scraps of the market.
People have lived under Microsoft's monopoly so long that they've forgotten how competition was supposed to work. It's sad.
The states' call for an open-source version of Internet Explorer would destroy "any incentive for Microsoft to invest in the creation of such new versions," Microsoft said.
But they don't sell Internet Explorer. It's not a product. They don't make any money from it. Is Microsoft hereby admitting that IE is source code controlled as a way of manipulating Web standards in order to control the Internet? That they develop the product for free in order to drive competitors underwater?
Very interesting quote.
I just loaded "alistapart.com", and like almost every other CSS page in existence, it was unreadable in my browser.
My problem is that I use 1600x1200 resolution on a notebook computer. It's what ships with my Dell. When I load pages like this in Internet Explorer, they load with eensy-weensy font sizes that I can't override without during on blind-man mode in Accessibility options, which makes all the CSS text run outside of boxes, rendering it unreadable.
For me personally, CSS and people like alistapart are busy ruining the Web and making it unreadable. I shouldn't need a magnifying glass to read the web. Fortunately, Slashdot still lets me impose user-selected font sizes, so it still looks beautiful.
Wish more people would catch on. Sadly, CSS appears to be taking over (especially on the blog scene), making people with nice computers Second Class Citizens.
IMPORTANT: There is a huge security hole in all Mozilla builds that was just discovered yesterday. By inserting a properly-constructed URL into an XHTML source file with MIME type application/xml+xhtml, arbitrary code can be run as the client user on his machine. This hole exploits a known bug in Mozilla's xml parser, that doesn't properly handle certain character entities (e.g. &#nnn;). If the decimal number inside the character entity is greater than 65535 (the maximum legal Unicode value), a buffer overflow is triggered and arbitrary machine code can be inserted into the running process.
Luckily though, the fix is small, simple, and can be automatically downloaded over the Internet, thanks to Mozilla's XPI installation facilities. This patch is available from the Browser Security page at data.com. Simply click the link, and after a short verification the fix will install itself. Please install their patch ASAP, before malicious hackers wipe Mozilla off the web!
Isn't open-source grand? Had this been an Internet Explorer exploit, we wouldn't even know of its existence until about a month after sKr1p7 k1dd1eZ started hacking with it. I applaud the Mozilla team for promptly discovering and disclosing this bug, and the fine folks at data.com for hosting the fix.
Am I the only one who was not at all impressed with the movie? Sure, the visual effects were stunning and the cinematography was gorgeous, but overall the movie just felt empty. The movie didn't show any real character development or other basic storytelling premises. It was just one thing happening after another over and over again for a full three hours, with little rhyme or reason applied to the events. First they find the ring then they get chased by ringwraiths then they meet Aragorn then they get chased by ringwraiths again then Frodo gets sick then they go to Rivendale then.... you get the picture. This sort of filmmaking works wonders for popcorn action movies like Mission Impossible and the Jackie Chan movie du jour, but I was honestly expecting more of the greatest fantasy works of the twentieth century.
People need to see beyond the Web; it may be the primary medium you look through when you open up Internet Explorer, but it's primacy is being quickly supplanted by new distributed technologies. Articles such as this are terribly short-sighted.
It's "naivete" with one T; it is not my fault your browser can't display Unicode characters for diaeresised i (ï) or accented e (é). And "celphone" has one L; look it up.
Fine, I'll refrain from telling you that it's "would have".
"Oh and BTW since when is a CLI interface the only interface to spit out 'syntax errors'?? Gee, Windoze does this to me EVERYDAY. It's called a BSOD. Granted the CLI is not perfect, neither are the GUI interfaces that are in the most common OS's." A general protection fault is quite a different thing from a syntax error. Commandline applications have the disadvantage of having both problems. No wonder you're an "underpaid" sysadmin, if you can't discern two completely different error types.