Yep, yoga is the answer. Now, what was
the question again?:)
Seriously... the sedentary office lifestyle
might have been designed to foster ill-health of all kinds. Take a yoga break every few hours;
you don't need to work up a sweat, or even do
a headstand. You mostly need
to make sure your spine stays flexible all day.
Stretching, twisting, bending... when do you
do those (in good ways) sitting or
meeting all day?
And remember to breathe well.
If you do that right, your other stress levels'
will drop. And it strengthens your abdominals,
which help your back.
If your back is giving you problems,
likely the rest of you isn't far behind.
I particularly liked that bit about the US
having more to lose than the rest of the world.
Of course they were talking about degrees of
control over public discourse/action, not dollars
per se. Still... I want to hope
that on a Gaian scale, there might actually
be some useful constraints how fully the
corporate system replaces more equitable
"seven generations" planning.
Validating XML parsers, on the other hand, screwed the pooch by not providing for documents to be
validated against any but the specified DTD.
Why don't you buy a clue?
Any SAX/SAX2 parser supports that, and has
done so forever... org.xml.sax.EntityResolver is the
important class.
So the problem is EXCLUSIVELY in the application space. Either for not using
that feature of their parsers, or for using
a broken parser API when they could have
used one that knows how to work when there
is no network connected...
Lack of WinXP support is exactly what
Microsoft promised last year... see the
May (?) WinHEC slides on the topic, where they
described their ship criteria.
Basically, no OS support till host controllers
and devices have been available for a while,
and drivers are proven. This isn't news.
It's only this month that USB 2.0 host
controllers have begun to be available from
vendors, as PCI addin cards. (Belkin, Orange.)
I've yet to see USB 2.0 devices of any kind be
advertised for walk-in cash purchases.
Wait till the summer before you expect
to see these devices... like IDE-speed
disk access. (480 Mbit/sec ~= 60 MByte/sec,
in the same range as ATA/66.)
Firewire advocacy aside, USB 2.0 clearly
has a future. It's faster, and when you buy
a system with USB 2.0 support built in, it'll
have the same connector you know about.
Devices are forward and backward compatible.
And finally having conformance testing is a
good thing, too.
And let's not forget the next generation
of PCMCIA devices, "CardBay"... the first
generation was ISA-on-a-Stick, then came
PCI-on-a-Stick, next time it's USB 2.0 going
out those familiar connectors. Cheaper than
PCI/Cardbus support. See
http://www.pcmcia.org/cardbay.htm
Was Intel targetting Sun when they released the first 32-bit PC space processors? No.
Incorrect. Sun was running on Moto 68K at the time. The i386 series was very clearly an attempt to catch up to Motorola.
Curiously enough, the Sun386i was
Sun's first non-Motorola platform. Yep, it ran
SunOS 4.0 more usably than the Motorola boxes.
Of course Sun killed that product line since it
competed too effectively with SPARC boxes
like the Sun4/110... and they had just decided
to get into the CPU business. Know anyone who managed to get a
pre-release Sun486i? Collector's item.
Even though it was Intel CPUs that got Sun into
some of its current major (non-Scientific) markets... customers bought the Intel name more than the Sun name at that time.
Say what? Most applications can't fill
a deep pipe, even out-of-order and with
aggressive prefetching. The ways
this stuff wins include having two (or
maybe more!) instruction streams to crunch,
and switching away from the one that's now
blocking on a memory access. Prefetch on
the other surely completed already...
The P4 is a good example of a pipeline
that's too long.
And by the way, why has this taken so
long to arrive? It's still not something
I can purchase yet, and I first heard of it
back in 1992. There's something fishy.
It's not like there haven't been
many Secure SHell (ssh)
products on UNIX for ages and ages.
I remember using them on BSD 4.1
distributions back in the 1980s.
If there's a trademark, it's
yet another example of the USPTO
causing trouble... in this case,
by taking a generic term and
granting a monopoly on it to
one (relatively) undeserving entity,
rather than letting it continue to
be a generic term. ("Personal
Computer" comes to mind...)
Too bad trademark law doesn't seem
to incorporate "prior art"... though
of course, the USPTO doesn't seem to
act according to its responsibilities
in that context.
There is good news in this: the fact
that the RIAA actually has to identify
specific recordings that infringe.
One thing
that the RIAA wanted was the blanket
ability to kick recordings off, without
proof that the recording in question was
really copyrighted. Basically, the
ability to convict without evidence.
Now at least there's a prayer that
when (not if!!) RIAA tries to get rid
of recordings from non-RIAA artists,
furthering the RIAA monopoly,
the courts can stand on the side of
Truth and Justice... rather than
just the New American Way
(Corporate Money Buys All).
The thing that Java needs is widespread
distribution... and prior to some of the
antitrust rulings, that meant that Sun needed
to get Microsoft to distribute it.
On the other hand, it seems like it'd
now be practical for Dell, Compaq, Gateway,
etc to bundle Sun's JVM into their distros.
And of course,
for "large customers", which do custom
installs of Win32 based operating systems,
to do the same thing... which they were
probably doing already.
who cares about dns, when I couldn't
even upgrade an nt4 re-install. "sure",
sez i to myself, "i can just update the
rest over
the net, using the bundled browser."
big bro microsoft had other ideas.
of course, their latest websites
haven't even rendered in ie2... this
is their own software that doesn't
display their own website. feh.
The USB Implementor's forum has defined some
Content Security standards, evidently
using a slightly different technical approach
(different group of companies pushing it).
I'd be interested in comments from Andre about (a) whether this indicates fragmentation among advocates of copy controls, confusion, or
perhaps something sinister; (b) how creators of USB-to-ATAPI style bridge products (usb storage devices) would decide which style copy control scheme to implement, assuming they really wanted to do so, (c) the degree having different copy control systems may be defensive efforts to make hardware products
stop being commodities.
On issue (c), I just want to point out that
consumers benefit from commodity products as much
as they benefit from commodity data formats for the information they've acquired... while vendors
of both hardware and digitized data can see both of those as
significant threats to business strategies that
rely on vendor control rather than
providing customer value.
USB has something that's purely layered. I've
not looked at it: Content Security (scroll down a bit), by folk from Intel, Microsoft, and Philips; dated summer Y2K.
That's not "part of USB" but I sure hope we don't start to see it show up in products.
Like USB disk drives or MP3 players, for starters.
I have serious reservations about such attempts to remove the discretionary/social control aspects from copy control policies.
This whole gig about criminalizing behaviors that have traditionally been civil issues or non-issues just sends shivers down my spine.
Remember: When government gets smaller, that means the abuses are only going to be committed by even less accountable organizations.
moderate that up!... no wait, it's
already at 5. never mind.
First Sale Doctrine... under attack by Scarey BigMediaConglomerates (dot.com soontobes) as we know. I suspect that a right wing supreme court majority, with major cross-investment in BigMediaConglomerate (their families have deeply invested in that social class, for example) could be constructed (will it?) by the time the supreme court needs to revisit this issue in the electronic media.
Don't you believe that the media can control
political debate to establish results as they want them -- already? Why do they want so much more power to control information?
For security, everybody (including you!) needs
some kind of keys you can carry around and know
are physically secure. You'll typically mix keys when you need real security... passphrase and encrypted private key, say; or maybe you like
biometrics. This proposal makes you unduly dependant on some keys that you have no reason
to trust, and which you can't manage when the
operational issues come up. Or audit to know
nothing's being stolen from you (election?).
The policy question is who controls the keys.
As RMS noted, Free people need certain things.
Having control of one's own culture seems basic,
but theft happen all the time... not just
corporations from the public, or the other way
around. Makes things always evolve.
How many people noticed that SourceForge
still doesn't have a trustworthy key
distribution scheme?
It's easy enough to do. They have HTTPS
there, all they need to do is publish the keys
for their SSH servers on some HTTPS web page.
That way, they'll be authenticating SSH keys
through their SSL certificate. End of that
risk, go fix the next one.
What they do now is publish their keys on
an un-authenticated newsgroup. One that you
need to go out of your way to find. And yet,
one that any untrustworthy ISP is quite able
to mangle, giving them the groundwork for a
MITM attack.
These recent articles about
MITM haven't shown anything that's not been
apparent for the past twenty years or so.
Solutions have been deployed for most of
that time.
So there's really no excuse for
SourceForge to have such "bad key hygiene" practices. Their recent
upgrade was lousy in that respect.
They even changed keys without telling
anyone why. (Maybe they were broken
into, and their user database used as
a lever to break into Egghead!)
From the top free/open software
project hosting service, I expect to see
better leadership in security practice.
Using SSH is a great start... but it just
isn't enough.
maintainance bullying... evocative. Yes, gatekeepers do have "too much" control over us all. And even many elected ones don't accept that there's a fundamental need for accountability.
Now the thing I find amusing is that some folk see this as a Good Thing. Say, the FBI and other organizations which think they should, for some reason, have leverage to control what you do, even if it's just by communicating. (Right wing hate groups, and their left wing censors...) The pen is mightier than the sword. (Or "than the bosom", as someone put it in Police Academy N -- just a bit less sexist?:-)
That is, thinking that we should be free of this particular set of chains is a very political statement. It couples with media control, freedom of speech, and the increasing irrelevance of physical borders for many of the things that "really matter" in at least the wired parts of society.
Mark my words: one of the big trends over the next few years is going to be the evolution of technologies that support end-to-end quite nicely, but control those ends to a startlingly invasive degree. Gatekeepers control the passcodes, after all, and when you don't have choices, they have a lot of control over what you can do.
You ain't seen nothing yet; the holders of power are quite familiar with how to maintain it, by seemingly fair means (that are actually foul in some subtle way).
OK, so exactly why isn't Slashdot spending
a bit more time talking about GCJ? It's not like it's hard to find, the
GCJ site is linked right off the GCC page.
Don't tell me all these slashdotters are so bereft of independent thought that they're following Sun's marketing party line without even prodding it to see if maybe there isn't a better way to use Java. (I can tell it's true!)
Current status: it compiles from Java source or classfiles into native code, using the same codegen the rest of GCC uses. It supports CNI, which basically lets you access native code at C++ method invocation speeds. Looking good, and some production apps are using it. When you create an app with GCJ, it can look like any other native executable... and it starts and runs faster than anything I've seen out of Hotspot!
I'd not try anything older than the GCJ 2.96 found in RedHat 7 (or maybe Debian). And you'd need to be cautious about using "Java 2" APIs; they were, after all, part of Sun's strategy to quickly bloat Java so it couldn't be "open". But I'd really encourage folk interested in Java and Linux to start investing in GCJ... if anything is in a position to reconnect these two communities, it's GCJ...
Forget about portable and think about
Java as a better C++.
Java as a language has gotten threading and memory management a LOT better than C++. I've had to write major multithreaded systems and components in C++ and it's been a major league pain in the butt. Those memory corruption bugs (including array indexing bugs), leaks, and so on just DO NOT HAPPEN IN Java.
The answer of "why Java on the server" is because the developer productivity can easily be more than doubled, particularly when you account for the lingering costs of hard-to-find bugs that Java rules out at the language level.
See? Easy to understand.
And yes, Java on clients needs a LOT of work.
Netscape did more to kill it than Microsoft, curiously enough.
The Chinese did something really smart here: They said that there's
going to be a Chinese Internet, that's not
managed by a spinoff of the US government.
Consider: both NSI (from policy/tech
folk in the beltway core) and VeriSign
(via RSA Inc -- think NSA) were founded
by folk who left rather significant government
bureaucracies knowing that they'd have a
nice safe (and who knows, maybe lucrative)
technical career ahead of them. But they
never dropped all those government ties.
ICANN was also shrouded in mystery at
its birth, though one likes to think of
that as bumbling rather than conspiracy.
(Postel's death was unexpected, though...)
For a long time, it's essentially been in
the business of supporting NetSolutions.
Point being: there's not enough of a
clear distinction between the US government
and the Internet government.
And China is the first nation to have
the balls (and opportunity, and technical
need -- related to character set:-)
to say "fuck off" to the US Internet regime.
This is good for anyone
who really believes in plurality. Such as
preserving languages and
cultures in the face of the Western
onslaught.
In the West, we don't have the
moral right to redefine other cultures in the
way that "money is the only value" capitalism
is attempting everywhere on the globe.
Sadly, the only way to prevent
multinational corporations from doing whatever
they want is to erect significant countervailing
forces. The US government has not been very
successful as a counterforce, though maybe it's prevented some abuses.
Frankly, I hope a lot more countries start
to develop strong lines between the US-biased
institutions we have now, and institutions that
reflect their own values and goals.
Nah, please save the flamage. RH7 came up fine, "gcc 2.96" even compiles a decent kernel.
(Though some of those CPP warnings are clearly kernel source bugs...) X11 update, Gnome update,... lots and lots and lots of updates, it feels better than 6.2 already.
You know, I've been wondering when the heck the GCC team would move past the 2.95.2 release... considering that I've been wanting SOME release with GCJ support for a really long time. I know a lot about the C++ ABI problems, as does anyone who's developed production code in C++; and I just don't see RedHat as having worsened any of those problems. Frankly, more conformant C++ is a major step forward... and didn't just a few compiler optimizations get out of the "research" world (of gcc developers) this way? We've been wanting better GCC code generation a LONG LONG TIME.
Why is RedHat getting flamed, instead of the GCC folk? GCC created a problem... and hasn't been seen to be fixing it. Where's even a draft schedule for "GCC.next" releases? Say, bugfixes to the 2.95.2 release of last year??
I know why RedHat's getting flamed. Slashdot, and the flamers that keep the LKML noise content too high for me to tolerate. However, the signal in those flames is pretty much invisible.
The reality is, that under a reseller model, 75%/25% is a somewhat better deal than that being currently offered by the Telco's for DSL service, where the split is currently about 83%/17% in many states.
When I pay for my local DSL access, my fees break down as: $40 to the telco, $10 to the ISP. That's up front on the billing.
Now, to hear that the telco (AOL/TW) wants to get the lion's share of that piddling $10, PLUS all over ISP revenue, AND basically take over the ISP operations AND ON TOP OF IT to get free advertising... well, any reasonable person would conclude that the telco is trying to put the ISP out of business.
It's not as if any operating system is currently shipping with USB 2.0 support. Not many folk claim to have even seen a USB 2.0 host controller. I don't think even Microsoft supports USB 2.0 yet -- they very publicly announced ship criteria that can't be met till next year some time.
Oh, and RedHat wasn't as big a backer of USB in Linux as SuSE... by orders of magnitude, near as I can tell!
...
I don't know the reasons behind it, or why he believes there are "too many things that can go wrong"
Go back and read the first part of the quote you excerpted, then -- it's where he said that it's a peer-to-peer system where the devices don't actually know each other up front.
To anyone who's built secure systems, that pretty much says it all. Where is the "trust" in the system supposed to come from? Consider GPG as an example (the safe version of PGP:-). You don't accept keys from just anyone, or shouldn't; you accept keys from people you have some out-of-band knowledge about. Secure key distribution is a well known problem, with many solutions, but if there is by design no up-front physically secure bootstrapping system (no, trusting the device vendor isn't good enough in the least!) then the overall system has major problems passing the first milestone in the "can it be trustworthy" contest... MAJOR problems.
What's worrisome about this stuff is that bluetooth is being rushed to market (or as you put it, "fixed") with undue haste. These folk found a couple nontrivial problems. Their corporate parents would shoot them if they talked about the real risk this raises: that the various other bugs, as-yet unfound, could easily be much worse.
Of course, on the flip side of things if you expect that any widely available technology getting regulatory approvals from governments isn't automatically full of security holes for the benefit of folk like the FBI (or more to the point, the ever-untrustworthy LAPD)... you're really not living on Planet Earth, Year 2000.
One of the big things with DII/COE is that you can not get into the source code and "tweak" it thereby comprimising the integrety of it. The open-source nature of Linux sets off a red flag, to most government officals, that says "UNSECURE.
What that is SUPPOSED to mean is that the whole system is secured... as in, write protected OS and so on. Security folk call it the "trusted distribution" problem, and one solves it by tamperproofing mechanisms. Sign the code using a signature, check the code using a secured mechanism (preferably with the basic keys encrusted in plastic)... you get the idea. There are non-cryptographic solutions, such as "golden CDs" used as part of certain network install procedures, too.
Note that any operating system, unless installed in a fairly restrictive manner, is going to fail to meet the requirements there. I mean, who actually is paranoid enough to need BIOS password checks, on top of restricting who gets root privileges? Well, some folk. The boxes need to be physically locked and sealed, and they may need their own customized BIOS...
There's an opportunity for Linux here, assuming that reactionary and clueless folk aren't controlling the discussion. The point is to be trustworthy (shed those images of green-haired webbies raving the night away!) and make the points to the buyers. The reason that a Solaris is "trusted" doesn't have to do with the fact that nobody can see the source (lots and lots of people can see it). It has to do with a supplier who can be dealt with, and which has a track record in that market. And the fact that not just every "bug""fix" will ever be applied.
On the other hand... based on CDE and Motif? Run, don't walk, away as quickly as possible! Or if you don't, use the stake and garlic quickly -- save yourself!!
Slashdot Mirror
Yep, yoga is the answer. Now, what was the question again? :)
Seriously ... the sedentary office lifestyle
might have been designed to foster ill-health of all kinds. Take a yoga break every few hours;
you don't need to work up a sweat, or even do
a headstand. You mostly need
to make sure your spine stays flexible all day.
Stretching, twisting, bending ... when do you
do those (in good ways) sitting or
meeting all day?
And remember to breathe well. If you do that right, your other stress levels' will drop. And it strengthens your abdominals, which help your back. If your back is giving you problems, likely the rest of you isn't far behind.
Just say "No!" to pharmaceuticals.
I particularly liked that bit about the US having more to lose than the rest of the world.
Of course they were talking about degrees of control over public discourse/action, not dollars per se. Still ... I want to hope
that on a Gaian scale, there might actually
be some useful constraints how fully the
corporate system replaces more equitable
"seven generations" planning.
Why don't you buy a clue?
Any SAX/SAX2 parser supports that, and has done so forever ... org.xml.sax.EntityResolver is the
important class.
So the problem is EXCLUSIVELY in the application space. Either for not using that feature of their parsers, or for using a broken parser API when they could have used one that knows how to work when there is no network connected ...
Lack of WinXP support is exactly what Microsoft promised last year ... see the
May (?) WinHEC slides on the topic, where they
described their ship criteria.
Basically, no OS support till host controllers
and devices have been available for a while,
and drivers are proven. This isn't news.
It's only this month that USB 2.0 host controllers have begun to be available from vendors, as PCI addin cards. (Belkin, Orange.) I've yet to see USB 2.0 devices of any kind be advertised for walk-in cash purchases. Wait till the summer before you expect to see these devices ... like IDE-speed
disk access. (480 Mbit/sec ~= 60 MByte/sec,
in the same range as ATA/66.)
Firewire advocacy aside, USB 2.0 clearly has a future. It's faster, and when you buy a system with USB 2.0 support built in, it'll have the same connector you know about. Devices are forward and backward compatible. And finally having conformance testing is a good thing, too.
And let's not forget the next generation of PCMCIA devices, "CardBay" ... the first
generation was ISA-on-a-Stick, then came
PCI-on-a-Stick, next time it's USB 2.0 going
out those familiar connectors. Cheaper than
PCI/Cardbus support. See
http://www.pcmcia.org/cardbay.htm
Curiously enough, the Sun386i was Sun's first non-Motorola platform. Yep, it ran SunOS 4.0 more usably than the Motorola boxes. Of course Sun killed that product line since it competed too effectively with SPARC boxes like the Sun4/110 ... and they had just decided
to get into the CPU business. Know anyone who managed to get a
pre-release Sun486i? Collector's item.
Even though it was Intel CPUs that got Sun into
some of its current major (non-Scientific) markets ... customers bought the Intel name more than the Sun name at that time.
Say what? Most applications can't fill a deep pipe, even out-of-order and with aggressive prefetching. The ways this stuff wins include having two (or maybe more!) instruction streams to crunch, and switching away from the one that's now blocking on a memory access. Prefetch on the other surely completed already ...
The P4 is a good example of a pipeline
that's too long.
And by the way, why has this taken so long to arrive? It's still not something I can purchase yet, and I first heard of it back in 1992. There's something fishy.
It's not like there haven't been many Secure SHell (ssh) products on UNIX for ages and ages. I remember using them on BSD 4.1 distributions back in the 1980s.
If there's a trademark, it's yet another example of the USPTO causing trouble ... in this case,
by taking a generic term and
granting a monopoly on it to
one (relatively) undeserving entity,
rather than letting it continue to
be a generic term. ("Personal
Computer" comes to mind...)
Too bad trademark law doesn't seem to incorporate "prior art" ... though
of course, the USPTO doesn't seem to
act according to its responsibilities
in that context.
There is good news in this: the fact that the RIAA actually has to identify specific recordings that infringe.
One thing that the RIAA wanted was the blanket ability to kick recordings off, without proof that the recording in question was really copyrighted. Basically, the ability to convict without evidence.
Now at least there's a prayer that when (not if!!) RIAA tries to get rid of recordings from non-RIAA artists, furthering the RIAA monopoly, the courts can stand on the side of Truth and Justice ... rather than
just the New American Way
(Corporate Money Buys All).
The thing that Java needs is widespread distribution ... and prior to some of the
antitrust rulings, that meant that Sun needed
to get Microsoft to distribute it.
On the other hand, it seems like it'd now be practical for Dell, Compaq, Gateway, etc to bundle Sun's JVM into their distros. And of course, for "large customers", which do custom installs of Win32 based operating systems, to do the same thing ... which they were
probably doing already.
who cares about dns, when I couldn't even upgrade an nt4 re-install. "sure", sez i to myself, "i can just update the rest over the net, using the bundled browser." big bro microsoft had other ideas.
of course, their latest websites haven't even rendered in ie2 ... this
is their own software that doesn't
display their own website. feh.
The USB Implementor's forum has defined some Content Security standards, evidently using a slightly different technical approach (different group of companies pushing it).
I'd be interested in comments from Andre about (a) whether this indicates fragmentation among advocates of copy controls, confusion, or perhaps something sinister; (b) how creators of USB-to-ATAPI style bridge products (usb storage devices) would decide which style copy control scheme to implement, assuming they really wanted to do so, (c) the degree having different copy control systems may be defensive efforts to make hardware products stop being commodities.
On issue (c), I just want to point out that consumers benefit from commodity products as much as they benefit from commodity data formats for the information they've acquired ... while vendors
of both hardware and digitized data can see both of those as
significant threats to business strategies that
rely on vendor control rather than
providing customer value.
USB has something that's purely layered. I've not looked at it: Content Security (scroll down a bit), by folk from Intel, Microsoft, and Philips; dated summer Y2K.
That's not "part of USB" but I sure hope we don't start to see it show up in products. Like USB disk drives or MP3 players, for starters.
I have serious reservations about such attempts to remove the discretionary/social control aspects from copy control policies. This whole gig about criminalizing behaviors that have traditionally been civil issues or non-issues just sends shivers down my spine.
Remember: When government gets smaller, that means the abuses are only going to be committed by even less accountable organizations.
moderate that up! ... no wait, it's
already at 5. never mind.
First Sale Doctrine ... under attack by Scarey BigMediaConglomerates (dot.com soontobes) as we know. I suspect that a right wing supreme court majority, with major cross-investment in BigMediaConglomerate (their families have deeply invested in that social class, for example) could be constructed (will it?) by the time the supreme court needs to revisit this issue in the electronic media.
Don't you believe that the media can control political debate to establish results as they want them -- already? Why do they want so much more power to control information?
... is where this discussion ends up.
For security, everybody (including you!) needs some kind of keys you can carry around and know are physically secure. You'll typically mix keys when you need real security ... passphrase and encrypted private key, say; or maybe you like
biometrics. This proposal makes you unduly dependant on some keys that you have no reason
to trust, and which you can't manage when the
operational issues come up. Or audit to know
nothing's being stolen from you (election?).
The policy question is who controls the keys. As RMS noted, Free people need certain things. Having control of one's own culture seems basic, but theft happen all the time ... not just
corporations from the public, or the other way
around. Makes things always evolve.
How many people noticed that SourceForge still doesn't have a trustworthy key distribution scheme?
It's easy enough to do. They have HTTPS there, all they need to do is publish the keys for their SSH servers on some HTTPS web page. That way, they'll be authenticating SSH keys through their SSL certificate. End of that risk, go fix the next one.
What they do now is publish their keys on an un-authenticated newsgroup. One that you need to go out of your way to find. And yet, one that any untrustworthy ISP is quite able to mangle, giving them the groundwork for a MITM attack.
These recent articles about MITM haven't shown anything that's not been apparent for the past twenty years or so. Solutions have been deployed for most of that time. So there's really no excuse for SourceForge to have such "bad key hygiene" practices. Their recent upgrade was lousy in that respect. They even changed keys without telling anyone why. (Maybe they were broken into, and their user database used as a lever to break into Egghead!)
From the top free/open software project hosting service, I expect to see better leadership in security practice. Using SSH is a great start ... but it just
isn't enough.
maintainance bullying ... evocative. Yes, gatekeepers do have "too much" control over us all. And even many elected ones don't accept that there's a fundamental need for accountability.
Now the thing I find amusing is that some folk see this as a Good Thing. Say, the FBI and other organizations which think they should, for some reason, have leverage to control what you do, even if it's just by communicating. (Right wing hate groups, and their left wing censors...) The pen is mightier than the sword. (Or "than the bosom", as someone put it in Police Academy N -- just a bit less sexist? :-)
That is, thinking that we should be free of this particular set of chains is a very political statement. It couples with media control, freedom of speech, and the increasing irrelevance of physical borders for many of the things that "really matter" in at least the wired parts of society.
Mark my words: one of the big trends over the next few years is going to be the evolution of technologies that support end-to-end quite nicely, but control those ends to a startlingly invasive degree. Gatekeepers control the passcodes, after all, and when you don't have choices, they have a lot of control over what you can do.
You ain't seen nothing yet; the holders of power are quite familiar with how to maintain it, by seemingly fair means (that are actually foul in some subtle way).
OK, so exactly why isn't Slashdot spending a bit more time talking about GCJ? It's not like it's hard to find, the GCJ site is linked right off the GCC page.
Don't tell me all these slashdotters are so bereft of independent thought that they're following Sun's marketing party line without even prodding it to see if maybe there isn't a better way to use Java. (I can tell it's true!)
Current status: it compiles from Java source or classfiles into native code, using the same codegen the rest of GCC uses. It supports CNI, which basically lets you access native code at C++ method invocation speeds. Looking good, and some production apps are using it. When you create an app with GCJ, it can look like any other native executable ... and it starts and runs faster than anything I've seen out of Hotspot!
I'd not try anything older than the GCJ 2.96 found in RedHat 7 (or maybe Debian). And you'd need to be cautious about using "Java 2" APIs; they were, after all, part of Sun's strategy to quickly bloat Java so it couldn't be "open". But I'd really encourage folk interested in Java and Linux to start investing in GCJ ... if anything is in a position to reconnect these two communities, it's GCJ ...
Forget about portable and think about Java as a better C++ .
Java as a language has gotten threading and memory management a LOT better than C++. I've had to write major multithreaded systems and components in C++ and it's been a major league pain in the butt. Those memory corruption bugs (including array indexing bugs), leaks, and so on just DO NOT HAPPEN IN Java.
The answer of "why Java on the server" is because the developer productivity can easily be more than doubled, particularly when you account for the lingering costs of hard-to-find bugs that Java rules out at the language level.
See? Easy to understand.
And yes, Java on clients needs a LOT of work. Netscape did more to kill it than Microsoft, curiously enough.
The Chinese did something really smart here: They said that there's going to be a Chinese Internet, that's not managed by a spinoff of the US government.
Consider: both NSI (from policy/tech folk in the beltway core) and VeriSign (via RSA Inc -- think NSA) were founded by folk who left rather significant government bureaucracies knowing that they'd have a nice safe (and who knows, maybe lucrative) technical career ahead of them. But they never dropped all those government ties. ICANN was also shrouded in mystery at its birth, though one likes to think of that as bumbling rather than conspiracy. (Postel's death was unexpected, though...) For a long time, it's essentially been in the business of supporting NetSolutions.
Point being: there's not enough of a clear distinction between the US government and the Internet government.
And China is the first nation to have the balls (and opportunity, and technical need -- related to character set :-)
to say "fuck off" to the US Internet regime.
This is good for anyone
who really believes in plurality. Such as
preserving languages and
cultures in the face of the Western
onslaught.
In the West, we don't have the moral right to redefine other cultures in the way that "money is the only value" capitalism is attempting everywhere on the globe. Sadly, the only way to prevent multinational corporations from doing whatever they want is to erect significant countervailing forces. The US government has not been very successful as a counterforce, though maybe it's prevented some abuses.
Frankly, I hope a lot more countries start to develop strong lines between the US-biased institutions we have now, and institutions that reflect their own values and goals.
Nah, please save the flamage. RH7 came up fine, "gcc 2.96" even compiles a decent kernel. (Though some of those CPP warnings are clearly kernel source bugs...) X11 update, Gnome update, ... lots and lots and lots of updates, it feels better than 6.2 already.
You know, I've been wondering when the heck the GCC team would move past the 2.95.2 release ... considering that I've been wanting SOME release with GCJ support for a really long time. I know a lot about the C++ ABI problems, as does anyone who's developed production code in C++; and I just don't see RedHat as having worsened any of those problems. Frankly, more conformant C++ is a major step forward ... and didn't just a few compiler optimizations get out of the "research" world (of gcc developers) this way? We've been wanting better GCC code generation a LONG LONG TIME.
Why is RedHat getting flamed, instead of the GCC folk? GCC created a problem ... and hasn't been seen to be fixing it. Where's even a draft schedule for "GCC.next" releases? Say, bugfixes to the 2.95.2 release of last year??
I know why RedHat's getting flamed. Slashdot, and the flamers that keep the LKML noise content too high for me to tolerate. However, the signal in those flames is pretty much invisible.
The reality is, that under a reseller model, 75%/25% is a somewhat better deal than that being currently offered by the Telco's for DSL service, where the split is currently about 83%/17% in many states.
When I pay for my local DSL access, my fees break down as: $40 to the telco, $10 to the ISP. That's up front on the billing.
Now, to hear that the telco (AOL/TW) wants to get the lion's share of that piddling $10, PLUS all over ISP revenue, AND basically take over the ISP operations AND ON TOP OF IT to get free advertising ... well, any reasonable person would conclude that the telco is trying to put the ISP out of business.
It's not as if any operating system is currently shipping with USB 2.0 support. Not many folk claim to have even seen a USB 2.0 host controller. I don't think even Microsoft supports USB 2.0 yet -- they very publicly announced ship criteria that can't be met till next year some time.
Oh, and RedHat wasn't as big a backer of USB in Linux as SuSE ... by orders of magnitude, near as I can tell!
Go back and read the first part of the quote you excerpted, then -- it's where he said that it's a peer-to-peer system where the devices don't actually know each other up front.
To anyone who's built secure systems, that pretty much says it all. Where is the "trust" in the system supposed to come from? Consider GPG as an example (the safe version of PGP :-). You don't accept keys from just anyone, or shouldn't; you accept keys from people you have some out-of-band knowledge about. Secure key distribution is a well known problem, with many solutions, but if there is by design no up-front physically secure bootstrapping system (no, trusting the device vendor isn't good enough in the least!) then the overall system has major problems passing the first milestone in the "can it be trustworthy" contest ... MAJOR problems.
What's worrisome about this stuff is that bluetooth is being rushed to market (or as you put it, "fixed") with undue haste. These folk found a couple nontrivial problems. Their corporate parents would shoot them if they talked about the real risk this raises: that the various other bugs, as-yet unfound, could easily be much worse.
Of course, on the flip side of things if you expect that any widely available technology getting regulatory approvals from governments isn't automatically full of security holes for the benefit of folk like the FBI (or more to the point, the ever-untrustworthy LAPD) ... you're really not living on Planet Earth, Year 2000.
Name one other publicly traded volunteer organization? I didn't know that nonprofit organizations (AOL???) could issue shares like that.
There's no reason to confuse AOL with, oh, the (often) pro-bono corps of software engineers that's been developing the GNU/Linux vision of the world.
What that is SUPPOSED to mean is that the whole system is secured ... as in, write protected OS and so on. Security folk call it the "trusted distribution" problem, and one solves it by tamperproofing mechanisms. Sign the code using a signature, check the code using a secured mechanism (preferably with the basic keys encrusted in plastic) ... you get the idea. There are non-cryptographic solutions, such as "golden CDs" used as part of certain network install procedures, too.
Note that any operating system, unless installed in a fairly restrictive manner, is going to fail to meet the requirements there. I mean, who actually is paranoid enough to need BIOS password checks, on top of restricting who gets root privileges? Well, some folk. The boxes need to be physically locked and sealed, and they may need their own customized BIOS...
There's an opportunity for Linux here, assuming that reactionary and clueless folk aren't controlling the discussion. The point is to be trustworthy (shed those images of green-haired webbies raving the night away!) and make the points to the buyers. The reason that a Solaris is "trusted" doesn't have to do with the fact that nobody can see the source (lots and lots of people can see it). It has to do with a supplier who can be dealt with, and which has a track record in that market. And the fact that not just every "bug""fix" will ever be applied.
On the other hand ... based on CDE and Motif? Run, don't walk, away as quickly as possible! Or if you don't, use the stake and garlic quickly -- save yourself!!