Your attempt at sarcasm shows that you know much less than you think you do.
Re:Check GnuPG, an excellent alternative
on
PGP Acquired From NAI
·
· Score: 3, Insightful
As always, if PGP had come with an mp3 player, people would complain about GnuPG not having one also. PGP-the-suite is primarily a morass of fairly unrelated products, bundled together merely for markettng reasons, which you have obviously fallen for...
Except for those of us involved in the computer (ie, tool-making) industry, I still maintain that a computer is a "tool" in the classical sense for most users. Those of us steeped into the manipulation of computers to do our bidding (ie, computer programmers. ie, "the magic makers") see and use computers as tools with which to create other tools. We devise new methods of communication, which can bring about societal change, etc... but that doesn't affect how users perceive the system.
I can't disagree with these statements as much, because the meaning is quite different from the meaning and connotations of your first statement:
Remember, folks: The point of the Computer is to allow the User to get his/her work done faster.
As I stated, and you repeated in your followup, yes, for most people, it is nothing more. But I do believe there is a threshold that can be crossed where all of a sudden your view changes, and you see another world.
It happens that "Free as in Freedom" is published under the GFDL (of course), and is available online. Hence, I'm able to provide you with a direct reference,
http://www.oreilly.com/openbook/freedom/ch11.html, starting with the paragraph: "Raymond put his observations on paper"
It's explained quite clearly in "Free as in Freedom", a book on Richard Stallman. Find the part where it starts talking about the schism that developed with the Open Source becoming its own.
Industry-standard warranties are designed to ensure mechantability. This is most applicable when the user doesn't have an option of what how to get support for what he's bought. With Open Source/Free Software, this is not an issue; the user can fix it himself or hire a third-party.
If the user wants a warranty, then consider paying for one by buying a RedHat product; however, don't mandate that RedHat always provide one.
In this day and age I'm certainly not a fully free-market advocate, but I certainly don't see a problem with having users simply pay for warranties when they want one. With Open Source/Free Software, they are free to choose their support; there is no reason to tie together the seller with the supporter. This tie is only true for proprietary software, where all of the support companies are beholden to the proprietary vendor.
FYI, the cathedral versus the bazaar is a contrast between the GNU project and most other Open Source development models. The GNU people, including hackers like RMS, are the 'wizards' who retreat, disappear for a few years, and then come out with something spectacular. This is exemplified in the Hurd. The contrast is something like Linux, which is a clammering of a bunch of people continually working on it, in plain view the entire time.
Remember, folks: The point of the Computer is to allow the User to get his/her work done faster.
Unless you're a computer programmer, a computer is a tool. If you're a computer programmer, a computer is a meta-tool, but it's still a tool (think about your dev environment, even if it's home-made).
I highly resent this sort of closed, simple-minded thinking, which refuses acknowledge that others might see much, much more potential. It is true that many people do look at a computer like a hammer, and nothing more. But that is not the only way to look at a computer, especially one hooked up to a network, never mind a global network.
Saying a computer is only a tool to allow the user to get his/her work done faster is like saying that speech is only a tool. Computers+networks increase human-to-human communication, which has a lot more implications than 'work'. It affects how open and free society is (due to the flow of information) and allows many more social connections, allowing previously distanced persons to collectively gather (Slashdot is a great example of this).
It might be possible to worm an argument to state that these qualities are still show a computer is merely a 'tool', but you're going to make it stretch far and thin. There comes a point where a user grows to see that computers+networks arne't so simple; this is probably when a user steps over the line into power-user territory.
Consider a point in time when there was no ability to write glyphs of any importance. At first, maybe people would start writing merely so that they could tabluate objects. This would be similar to using writing as a tool. However, once they figured out how to distribute writing (e.g., on paper), it opens up writing as a means to communicate with others in previously unconceived ways, which has enormous implications for society.
I agree. As a ordinary citizen, one can only vote for one's rep. As a front for a bunch of corporations, with a lot of monetary backing, one buy a heck of a lot of lobbying power and congressional ear.
Your link doesn't work. Amazon generally doesn't allow re-usable URL's:
Attention: There appears to be a bug in the web browser you are currently using. Here are some ways to get around the problem:
* To return to the page you were previously on: --click the BACK button on your browser's navigation bar until you reach the desired page. * To checkout --click on the shopping cart icon at the top of the page and proceed through the checkout process using the standard server (instead of the secure server). You can phone or fax the credit card information to us.
Your Web browser is Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020718.
FYI, Eiffel, which can be considered a truly rigorous language, doesn't have abort-block statements like break. I haven't learned about its exception model yet, so I can't comment on that.
I think the US pressuring Peru, saying that Peru will make more money (boost their economy) by not passing this bill, I can't help but be reminded about Janis Ian's comment:
If a music industry executive claims I should agree with their agenda because it will make me more money, I put my hand on my wallet...and check it after they leave, just to make sure nothing's missing.
Right, so the Subversion protocol does not need special support for it.
Well, if it uses a different protocol, it will probably be hard to tie talking to the agent for authentication with the protocol Subversion would be using. In other words, while I could forward the agent to from point 1 to X-1, where X is Subversion, and not need to forward the agent from X-1 to X, and the protocol through 1 to X-1 and X-1 to X are different, it would be difficult to get these two protocols to 'talk'.
For that matter, Berkeley DB doesn't work on NFS, so it probably doesn't on AFS either. Locking. Same as a RDBMS.
Actually, I wouldn't be at all surprised if AFS supported locking, but I won't delve too deep here, since I'm not sure. But certainly don't rule it out.
The fork-exec cost is highly overrated in my book (assuming the code is already in memory), given copy-on-write.
You require a Unix UID. I just don't like this idea. It's unnecessary.
This is one drawback, yes, but lessed a great deal with NSS and the like. It's not the UID that is the problem (practially all systems have a user id of some sort), but more the tying of multiple authentication databases together isn't that great. I wouldn't be surprised the ssh people are working on making it good for authenticating more than unix accounts, though.
Ehh? It would replace WebDAV.
Oh, I was more referring to trying to replace the transport mechanism (HTTP(S)), not the communications layer (what is actually spoken across it).
If you do a "finger cvsonlyuser" on SourceForge, I'm sure it will say "Shell:/cvsonly/shell" or something. When given "-c cvs" arguments, it must invoke cvs.
You're confused as to how this is implemented. ssh itself allows you to restrict the command to ssh. From the sshd manpage:
command="command"
Specifies that the command is executed whenever this key is used for authentication. The command supplied by the user (if any) is ignored.
There's nothing wrong with TLS's cryptography. It doesn't do agent forwarding, but it doesn't need to: you aren't forwarding the agent to the Subversion repository.
I'm well aware that I'm not forwarding the agent to the repository, but I am forwarding the agent from my base machine to where I do my work, and from there I authenticate to the repository.
Actually, I can easily forsee needs to forward the agent to the repository, if the repository needs to authenticate to something like the filesystem (ala AFS).
It's important to have a smart server to have flexible authorization. You simply can't do it otherwise.
I don't diagree with that statement. However, the 'smart server' doesn't need to know anything about the network, just talk over a unix domain socket.
This is very similar to any RDBMS. They provide fine-grained security and ACID semantics. They need servers to do it. No one questions them.
The need for database systems to talk over a network I do question.
Write a new ra_xxx and an executable that, when forked from ssh, communicates with the client. (Call it something other than a server if you like.) I actually see a partially written ra_pipe - that might be what you want, not sure.
If cvs's ever begins to actually be a worry for me, and I consider a different version-control system, I might look into it. But that would likely mean having to work with WebDAV, which is another argument in its own right.
There are a lot of things not possible to do with Unix file permissions.
You assume a basic unix filesystem, not something like AFS, which has rich, powerful (though not sub-file) ACL support.
However, ssh requires a shell account - it might be a restricted shell of some sort, but they need a shell.
SourceForge only lets you execute cvs when you login (that is, you cannot execute any other program, including any shell). Furthermore, you really don't need line in/etc/passwd, if that is your concept of a 'shell account'. SourceForge uses an LDAP server, I think, for accounts. So, given the abscence of a line in/etc/passwd, and only the ability to execute 'cvs', I don't quite see how this qualifies as a 'shell account'
You notably didn't quote/comment on my points about why HTTP/WebDAV/DeltaV was a good choice.
I did not comment because I had nothing to argue against in what you said, they were all quite true statements. But the benefits you stated has no value to me.
How is HTTP/TLS/WebDAV/DeltaV unreliable or insecure?
The cryptography for ssh is much more secure than the examples you've give. The authentication means are more powerful, and there is agent-forwarding, both extremely important.
And a new server to replace mod_dav_svn.
I highly dislike systems writing servers where none is needed (ala CVS with [rs]sh; ssh handles the network).
CVS uses [kgnp]server (Kerberos, GSSAPI, NTLM, Password) as its communication protocol. It's not even encrypted.
Noone in their right minds uses this.
The cvs-over-[rs]sh thing is a kludge, an extension of the local repository access.
It's a 'kludge' that works extremely well, and fits well into the unix philosophy.
It requires each person have a Unix shell account with write access to the repository. You can't do much security-wise with that.
False. It requires that they have an account on the system, not one necessarily that allows you to execute a shell (just like SourceForge has it set up).
Since CVS stores each file independently, you can at least say they don't have access to a module but you can't say they don't have access to a certain branch. And you certainly can't say something like "they can't delete/modify existing revisions".
True. But this has little to do with the transport protocol.
Slashdot Mirror
Your attempt at sarcasm shows that you know much less than you think you do.
As always, if PGP had come with an mp3 player, people would complain about GnuPG not having one also. PGP-the-suite is primarily a morass of fairly unrelated products, bundled together merely for markettng reasons, which you have obviously fallen for...
FYI, that's probably way overpriced. Just 2 months ago I bought a GF2TI 64 MB VisionTek for $50.
I can't disagree with these statements as much, because the meaning is quite different from the meaning and connotations of your first statement:
As I stated, and you repeated in your followup, yes, for most people, it is nothing more. But I do believe there is a threshold that can be crossed where all of a sudden your view changes, and you see another world.
Under US law, true. Don't equate US law with the world's laws.
Debatable at best.
This has all been implemented in GNUnet.
It happens that "Free as in Freedom" is published under the GFDL (of course), and is available online. Hence, I'm able to provide you with a direct reference, http://www.oreilly.com/openbook/freedom/ch11.html, starting with the paragraph: "Raymond put his observations on paper"
It's explained quite clearly in "Free as in Freedom", a book on Richard Stallman. Find the part where it starts talking about the schism that developed with the Open Source becoming its own.
Industry-standard warranties are designed to ensure mechantability. This is most applicable when the user doesn't have an option of what how to get support for what he's bought. With Open Source/Free Software, this is not an issue; the user can fix it himself or hire a third-party. If the user wants a warranty, then consider paying for one by buying a RedHat product; however, don't mandate that RedHat always provide one.
In this day and age I'm certainly not a fully free-market advocate, but I certainly don't see a problem with having users simply pay for warranties when they want one. With Open Source/Free Software, they are free to choose their support; there is no reason to tie together the seller with the supporter. This tie is only true for proprietary software, where all of the support companies are beholden to the proprietary vendor.
The Cathedral is designed in secret. The designing is the important phase.
Linux is designed in the open, and arguments for and against its various design aspects are bantered in public. Not so with the cathedral.
FYI, the cathedral versus the bazaar is a contrast between the GNU project and most other Open Source development models. The GNU people, including hackers like RMS, are the 'wizards' who retreat, disappear for a few years, and then come out with something spectacular. This is exemplified in the Hurd. The contrast is something like Linux, which is a clammering of a bunch of people continually working on it, in plain view the entire time.
Too easy. You go to Mysql Services.
I highly resent this sort of closed, simple-minded thinking, which refuses acknowledge that others might see much, much more potential. It is true that many people do look at a computer like a hammer, and nothing more. But that is not the only way to look at a computer, especially one hooked up to a network, never mind a global network.
Saying a computer is only a tool to allow the user to get his/her work done faster is like saying that speech is only a tool. Computers+networks increase human-to-human communication, which has a lot more implications than 'work'. It affects how open and free society is (due to the flow of information) and allows many more social connections, allowing previously distanced persons to collectively gather (Slashdot is a great example of this).
It might be possible to worm an argument to state that these qualities are still show a computer is merely a 'tool', but you're going to make it stretch far and thin. There comes a point where a user grows to see that computers+networks arne't so simple; this is probably when a user steps over the line into power-user territory.
Consider a point in time when there was no ability to write glyphs of any importance. At first, maybe people would start writing merely so that they could tabluate objects. This would be similar to using writing as a tool. However, once they figured out how to distribute writing (e.g., on paper), it opens up writing as a means to communicate with others in previously unconceived ways, which has enormous implications for society.
I agree. As a ordinary citizen, one can only vote for one's rep. As a front for a bunch of corporations, with a lot of monetary backing, one buy a heck of a lot of lobbying power and congressional ear.
It's incredibly hard to give any credit to someone who both uses the word "hacking" incorrectly and thinks that a DoS attack is "hacking" anyways.
Your link doesn't work. Amazon generally doesn't allow re-usable URL's:
FYI, Eiffel, which can be considered a truly rigorous language, doesn't have abort-block statements like break. I haven't learned about its exception model yet, so I can't comment on that.
I think the US pressuring Peru, saying that Peru will make more money (boost their economy) by not passing this bill, I can't help but be reminded about Janis Ian's comment:
Unfortuantely, your user history shows that you've only posted one message, so what are you talking about?
Well, if it uses a different protocol, it will probably be hard to tie talking to the agent for authentication with the protocol Subversion would be using. In other words, while I could forward the agent to from point 1 to X-1, where X is Subversion, and not need to forward the agent from X-1 to X, and the protocol through 1 to X-1 and X-1 to X are different, it would be difficult to get these two protocols to 'talk'.
Actually, I wouldn't be at all surprised if AFS supported locking, but I won't delve too deep here, since I'm not sure. But certainly don't rule it out.
The fork-exec cost is highly overrated in my book (assuming the code is already in memory), given copy-on-write.
This is one drawback, yes, but lessed a great deal with NSS and the like. It's not the UID that is the problem (practially all systems have a user id of some sort), but more the tying of multiple authentication databases together isn't that great. I wouldn't be surprised the ssh people are working on making it good for authenticating more than unix accounts, though.
Oh, I was more referring to trying to replace the transport mechanism (HTTP(S)), not the communications layer (what is actually spoken across it).
You're confused as to how this is implemented. ssh itself allows you to restrict the command to ssh. From the sshd manpage:
I'm well aware that I'm not forwarding the agent to the repository, but I am forwarding the agent from my base machine to where I do my work, and from there I authenticate to the repository.
Actually, I can easily forsee needs to forward the agent to the repository, if the repository needs to authenticate to something like the filesystem (ala AFS).
I don't diagree with that statement. However, the 'smart server' doesn't need to know anything about the network, just talk over a unix domain socket.
The need for database systems to talk over a network I do question.
If cvs's ever begins to actually be a worry for me, and I consider a different version-control system, I might look into it. But that would likely mean having to work with WebDAV, which is another argument in its own right.
You assume a basic unix filesystem, not something like AFS, which has rich, powerful (though not sub-file) ACL support.
SourceForge only lets you execute cvs when you login (that is, you cannot execute any other program, including any shell). Furthermore, you really don't need line in /etc/passwd, if that is your concept of a 'shell account'. SourceForge uses an LDAP server, I think, for accounts. So, given the abscence of a line in /etc/passwd, and only the ability to execute 'cvs', I don't quite see how this qualifies as a 'shell account'
I did not comment because I had nothing to argue against in what you said, they were all quite true statements. But the benefits you stated has no value to me.
The cryptography for ssh is much more secure than the examples you've give. The authentication means are more powerful, and there is agent-forwarding, both extremely important.
I highly dislike systems writing servers where none is needed (ala CVS with [rs]sh; ssh handles the network).
That's easy; follow the recent patterns: when the CEO sells their stock. Also, since we don't have Martha Stewart, look for when CowboyNeal dumps his.
I should note that I not only block all Slashdot images, but I also have bought a subscription.
Noone in their right minds uses this.
It's a 'kludge' that works extremely well, and fits well into the unix philosophy.
False. It requires that they have an account on the system, not one necessarily that allows you to execute a shell (just like SourceForge has it set up).
True. But this has little to do with the transport protocol.