I quasi-replying to other threads where people claim that Stallman might have been relavent once and is not anymore due to Open Source etc..
Stallman has always been irrelevent. When GNU started, people thought RMS and GNU were irrelevent. When a full OS (GNU) - sans kernel - appeared, they still thought RMS was irrelevent. When people put GNU together with Linux, most still thought GNU/Linux was irrelevent as was RMS and GNU. Years later when GNU/Linux is a serious contender (ok, in the server space), people still think that RMS is irrelevent. When GNU/Linux is starting to show up even on the desktops, people still think GNU/Linux and by extension RMS and GNU is still irrelevent. As GNU/Linux keeps moving forward, there will always be people that think that RMS and GNU has lived out its usefulness and is therefore is irrelevent.
The day Stallman is relavent, is the day Stallman is the most irrelevent.
i've had to deal with some punk spamming a submission too. what i ended up doing is create a session variable with a random value and display the form with that value in a hidden variable (1). the accepting script will only accept form submissions with the matching variable in the session(2) and as long as the variable isn't tagged as already submitted (3). if accepted, tag the variable as submitted.
(1 & 2) creates a key/value pair at runtime, the key being the session and the value being the random variable value. this will thwart the usual 'url harvesting for later spammage' cases. (3) prevents the 'got an ax to grind' spammer who clicks on submit one too many times.
of course you can easily defeat this system with a script that knows to: 1) first request the page with the form. 2) look for the hidden variable value, 3) send the submission with the session cookie and a matching variable value. to create one more hurdle for the script writer we could do:
1) create a collection of javascript functions that each compute a different string (numeric strings, what have you..). 2) before sending the form, pick one such javascript function, put the corresponding string it would return into the session for the magic variable mentioned at the beginning of my post. 3) send the javascript function to the client, along with the javascript code to populate the form variable with the return value of the javascript function that gets executed onLoad. 4) implement the scheme of checking the session variable from (2) to the variable in the form submission, if it matches:
a) the guy is being paid more than $5 an hour, he knows javascript, took the time to figure out what was happening. made the effort - he deserves to be heard;)
b) automated browser/browser-like tool (at least something with a javascript interpretor embedded.) not trivial. let him submit - made enough of an effort. (dcop-ed konqi script maybe?)
c) fair submission. we want those.
the drawback would be that anyone without javascript enabled is screwed. will have to think more about this..
also, in this case, *if* MS had something that worked, let alone faster, maybe, just maybe, i'd use it. i'll take a slow XML implementation over a non-existant one any day. WordML doesn't count. yes i've used it. doesn't even come close. OpenXML might - in, say, 5 years from now - when it's actually out in a non-beta product.
at least people promoting ODF prompted MS to even think about OpenXML - directly or indirectly. so you may not be interesting in fighting. but fret not. there are plenty of others who'll do it for you so that you can enjoy OpenXML after the last 10-15 years or so of the.doc lockdown. MS had all the time in the world to Open XML (pun intended). why now?
you are correct. but whatever we saved using java to get the project started, we have already spent trying to figure out why, oh, why java croaks on OutOfMemoryException when we have more than 8G of ram most of which is not being used.
on a more philosophical level, there is already an excellent VM that *can* use all the 8G and then some. it's called linux. using java to build apps because it's easy to program in is like using tonka trucks because those trucks are so much easier to handle than the real thing. after all, why pay commercial driver rates to drive a multi ton truck when you can get you own kids (for free) to 'drive' the tonka trucks.
i learned java back around '95, '96 and was really excited about it then. but after having used it on some really large projects, i have been really really disappointed and came to the conclusion that the only real contribution of the JVM was a serious neutering to most modern advances in the OS.
forget portable programming languages - use a portable OS - linux. and forget the V, use the M (tm).
anyhow, Guy Steel was right. i am looking at lisp right now (mostly for emacs tho).
Please provide some Java code that's vulnerable to a buffer overrun exploit.
you seem to be mixing VMs and one particular language that happens to be using the VM. sure java can't have buffer overrun. can you say the same about the VM? is the VM not implemented in C/C++?
i can also point you to plenty of lisp/python/even c++ with std::string code that i have written that do not feature possibilities of buffer overrun. none of which needs a VM to achieve that.
And thus cometh a memo from the domain from the fearless & clueless Ultimate Leader:
"After a six-martini lunch and eighteen holes of golf, I have seen the Light: Thou shalt install Microsoft."
And so it was in the small- and medium-businesses, and so it shall come to pass elsewhere.
"After years of reboot/registry-bit-rot, I have seen the Light: Thou shalt install Microsoft yourself. for I shalt move to greener pasturs."
(this is apart from portability concerns -- which is a whole another discussion).
i am failing to see why people are so afraid of the M that we need the V. maybe on large multiuser mainframe-style system, you'd want some V. we are talking about PCs. if you need 'em, just get a bunch of 'em. those are your VMs.
if the argument is that if the app crashes or malfunctions -- for whatever reason -- you don't want the V to go down with it, well, if my app crashes, i couldn't care less about the machine staying up.
> I've often wondered how much more secure our computers would be if we ran web browsers, mail clients, and other web facing applications in a sandbox like the JVM
first, in todays day and age, what is not facing the web?
second, doesn't that make the JVM an extension (of the OS) whose sole purpose is to run the apps?
wasn't that what the OS itself is designed to do in the first place? so now, OS isn't something that runs apps but something that runs the VM to run the app? so shouldn't the VM be a standard part of the OS? but it is. it is the OS itself. but the OS isn't secure! so the VM on top of that very same OS is?
it almost sounds like packing on some cake-ey layers of makeup on top of wrinkled up skin and expecting it to fix the wrinkles. if it does show thru the layers, what next, another layer?
anyhow, i cringe when i see JVM. or any other VM for that matter. just give me the freakin M.
that reminded me of an article by Sapolsky in the Scientific American of March 2003 called "bugs in the brain". a pdf version is
here. which then led me to read "a primates memoire". haven't looked at other animals/organisms the same since.
you are not from around here, are you? how dare you retract your statement. it's Un-Everything (TM). i don't mean that as a cynical/satarical compliment. i literally mean what i said. largely on the off chance that your post may set a precedent and the rest of us actually have to follow in your Un-Everything (TM) ways of having to stand accountable.
maybe after after the protest of a bunch of dinosours calling themselves "greenpeace" got them to change their minds and they turned all environmental?
(seeing how the lower you go in the food chain, the more energy efficient it is..)
with their methodology, the proof of the pudding is this:
all MS has to do to make their OS more secure as part of their 'trustworthy computing' is to announce the service pack and what it fixes one day *after* releasing the said service pack as the study uses a metric called 'days of risk'. can't beat the resulting -ve 'days of risk' unless the competitors did some serious time travelling to issue the patch. sure seems that if you actually make early disclosures it counts against you. some trustworthiness.
> This is to the [Linux] zealots: You must be celebrating this news somehow.
not really. you don't really celebrate the inevitable events. there are simply far too many.
> Remember one thing...after SCO, another will be minted.
nobody said "world dominance" came uncontested.
> Also remember that according to Microsoft's Ballmer...
what's ballmer going to say about GNU/linux? that even MS has deployed it in their labs to see what they can learn and copy from it? by the same token, the iraqi information minister said the US troops were surrendering by the thousands. what's your point?
> there is no significant Linux deployment anywhere on earth
well then there's no where to go but up, isn't it?
> One wonders where those revenues are coming from
so basically the immigrants deserve a less than human treatment because the laws you and your government passed were, according to you, shoddy? how is that the fault of the immigrants?
i've been doing just fine without cable for about 8 months now. don't missing anything. i used to love the discovery channel but that was before the 'makeover' shows started qualifying for 'discovery'. i did like the TLC 'junkyard wars' but since the original dudett (cathy rogers) left, it ain't quite the same. never cared for much else on TV. haven't bought a CD in over 4 years. except for 5 Joe Satriani CDs (would buy direct from Joe if he set it up that way but oh well).
now what do i do in my spare time? sketch, play along with Joe on the guitar, create drum tracks on 'hydrogen' to play along with, learn from microscope slides the wife prepares, read books (GNU press mostly), photography etc. (note to self: need to find decent fiction from the gutenberg project).
all in all, MPAA and RIAA ain't getting squat from me. keep producing Ms. Spears and 'kangaroo jack' for $12 and $19 (respectively) all you want.
there. i voted with my dollar. and no, i don't partake in 'file swapping'.
mild way of putting it. i would have said that people all over the world are participating in their own election albeit they don't actually get to vote. but rather they are limited in their election participation to voicing their concerns over who gets voted in into the US government that in turn *chooses* *their* government.
Slashdot Mirror
except, without people, you wouldn't get to have tearjerker bravery/sacrifice with "don't want to miss a thing" playing in the background.
yeah. kinda like how wordperfect is talking to windows these days, eh?
I quasi-replying to other threads where people claim that Stallman might have been relavent once and is not anymore due to Open Source etc..
Stallman has always been irrelevent. When GNU started, people thought RMS and GNU were irrelevent. When a full OS (GNU) - sans kernel - appeared, they still thought RMS was irrelevent. When people put GNU together with Linux, most still thought GNU/Linux was irrelevent as was RMS and GNU. Years later when GNU/Linux is a serious contender (ok, in the server space), people still think that RMS is irrelevent. When GNU/Linux is starting to show up even on the desktops, people still think GNU/Linux and by extension RMS and GNU is still irrelevent. As GNU/Linux keeps moving forward, there will always be people that think that RMS and GNU has lived out its usefulness and is therefore is irrelevent.
The day Stallman is relavent, is the day Stallman is the most irrelevent.
i've had to deal with some punk spamming a submission too. what i ended up doing is create a session variable with a random value and display the form with that value in a hidden variable (1). the accepting script will only accept form submissions with the matching variable in the session(2) and as long as the variable isn't tagged as already submitted (3). if accepted, tag the variable as submitted.
;)
(1 & 2) creates a key/value pair at runtime, the key being the session and the value being the random variable value. this will thwart the usual 'url harvesting for later spammage' cases.
(3) prevents the 'got an ax to grind' spammer who clicks on submit one too many times.
of course you can easily defeat this system with a script that knows to: 1) first request the page with the form. 2) look for the hidden variable value, 3) send the submission with the session cookie and a matching variable value. to create one more hurdle for the script writer we could do:
1) create a collection of javascript functions that each compute a different string (numeric strings, what have you..).
2) before sending the form, pick one such javascript function, put the corresponding string it would return into the session for the magic variable mentioned at the beginning of my post.
3) send the javascript function to the client, along with the javascript code to populate the form variable with the return value of the javascript function that gets executed onLoad.
4) implement the scheme of checking the session variable from (2) to the variable in the form submission, if it matches:
a) the guy is being paid more than $5 an hour, he knows javascript, took the time to figure out what was happening. made the effort - he deserves to be heard
b) automated browser/browser-like tool (at least something with a javascript interpretor embedded.) not trivial. let him submit - made enough of an effort. (dcop-ed konqi script maybe?)
c) fair submission. we want those.
the drawback would be that anyone without javascript enabled is screwed. will have to think more about this..
Because we aren't interested in fighting the Linux Jihad?
.doc lockdown. MS had all the time in the world to Open XML (pun intended). why now?
(emphasis mine)
you might also be interested in this: http://www.fallacyfiles.org/guiltbya.html.
also, in this case, *if* MS had something that worked, let alone faster, maybe, just maybe, i'd use it. i'll take a slow XML implementation over a non-existant one any day. WordML doesn't count. yes i've used it. doesn't even come close. OpenXML might - in, say, 5 years from now - when it's actually out in a non-beta product.
at least people promoting ODF prompted MS to even think about OpenXML - directly or indirectly. so you may not be interesting in fighting. but fret not. there are plenty of others who'll do it for you so that you can enjoy OpenXML after the last 10-15 years or so of the
you are correct. but whatever we saved using java to get the project started, we have already spent trying to figure out why, oh, why java croaks on OutOfMemoryException when we have more than 8G of ram most of which is not being used.
on a more philosophical level, there is already an excellent VM that *can* use all the 8G and then some. it's called linux. using java to build apps because it's easy to program in is like using tonka trucks because those trucks are so much easier to handle than the real thing. after all, why pay commercial driver rates to drive a multi ton truck when you can get you own kids (for free) to 'drive' the tonka trucks.
i learned java back around '95, '96 and was really excited about it then. but after having used it on some really large projects, i have been really really disappointed and came to the conclusion that the only real contribution of the JVM was a serious neutering to most modern advances in the OS.
forget portable programming languages - use a portable OS - linux. and forget the V, use the M (tm).
anyhow, Guy Steel was right. i am looking at lisp right now (mostly for emacs tho).
you seem to be mixing VMs and one particular language that happens to be using the VM. sure java can't have buffer overrun. can you say the same about the VM? is the VM not implemented in C/C++?
i can also point you to plenty of lisp/python/even c++ with std::string code that i have written that do not feature possibilities of buffer overrun. none of which needs a VM to achieve that.
they didn't run from SCO either.
(this is apart from portability concerns -- which is a whole another discussion).
i am failing to see why people are so afraid of the M that we need the V. maybe on large multiuser mainframe-style system, you'd want some V. we are talking about PCs. if you need 'em, just get a bunch of 'em. those are your VMs.
if the argument is that if the app crashes or malfunctions -- for whatever reason -- you don't want the V to go down with it, well, if my app crashes, i couldn't care less about the machine staying up.
> I've often wondered how much more secure our computers would be if we ran web browsers, mail clients, and other web facing applications in a sandbox like the JVM
first, in todays day and age, what is not facing the web?
second, doesn't that make the JVM an extension (of the OS) whose sole purpose is to run the apps?
wasn't that what the OS itself is designed to do in the first place? so now, OS isn't something that runs apps but something that runs the VM to run the app? so shouldn't the VM be a standard part of the OS? but it is. it is the OS itself. but the OS isn't secure! so the VM on top of that very same OS is?
it almost sounds like packing on some cake-ey layers of makeup on top of wrinkled up skin and expecting it to fix the wrinkles. if it does show thru the layers, what next, another layer?
anyhow, i cringe when i see JVM. or any other VM for that matter. just give me the freakin M.
that reminded me of an article by Sapolsky in the Scientific American of March 2003 called "bugs in the brain". a pdf version is here. which then led me to read "a primates memoire". haven't looked at other animals/organisms the same since.
"I used to fret and worry about IBM locking down.... ... Each time the open market solution natuarly won."
yes, open market solutions brought to you by folks like Richard Stallman who continue to worry about such lockdowns.
you are not from around here, are you? how dare you retract your statement. it's Un-Everything (TM). i don't mean that as a cynical/satarical compliment. i literally mean what i said. largely on the off chance that your post may set a precedent and the rest of us actually have to follow in your Un-Everything (TM) ways of having to stand accountable.
naah, who am i kidding.
it hasn't been just *My* documents for quite a while now. it's been everyone-in-my-contact-lists' document. but then that would be too long a prefix.
windows over Linux == trolling;
> compiler error. 'windows' undefined.
maybe after after the protest of a bunch of dinosours calling themselves "greenpeace" got them to change their minds and they turned all environmental?
(seeing how the lower you go in the food chain, the more energy efficient it is..)
with their methodology, the proof of the pudding is this:
all MS has to do to make their OS more secure as part of their 'trustworthy computing' is to announce the service pack and what it fixes one day *after* releasing the said service pack as the study uses a metric called 'days of risk'. can't beat the resulting -ve 'days of risk' unless the competitors did some serious time travelling to issue the patch. sure seems that if you actually make early disclosures it counts against you. some trustworthiness.
> This is to the [Linux] zealots: You must be celebrating this news somehow.
not really. you don't really celebrate the inevitable events. there are simply far too many.
> Remember one thing...after SCO, another will be minted.
nobody said "world dominance" came uncontested.
> Also remember that according to Microsoft's Ballmer...
what's ballmer going to say about GNU/linux? that even MS has deployed it in their labs to see what they can learn and copy from it? by the same token, the iraqi information minister said the US troops were surrendering by the thousands. what's your point?
> there is no significant Linux deployment anywhere on earth
well then there's no where to go but up, isn't it?
> One wonders where those revenues are coming from
certainly not from gouging licensing fees.
cheers.
'It's not a healthy thing to lock yourself in a room and create your own reality.'
so let's lock him in a room with someone else who will love creating a whole 'nother reality for him.
one man's reality is another man's fantasy.
and life's a BitCh.
so basically the immigrants deserve a less than human treatment because the laws you and your government passed were, according to you, shoddy? how is that the fault of the immigrants?
i've been doing just fine without cable for about 8 months now. don't missing anything. i used to love the discovery channel but that was before the 'makeover' shows started qualifying for 'discovery'. i did like the TLC 'junkyard wars' but since the original dudett (cathy rogers) left, it ain't quite the same. never cared for much else on TV. haven't bought a CD in over 4 years. except for 5 Joe Satriani CDs (would buy direct from Joe if he set it up that way but oh well).
now what do i do in my spare time? sketch, play along with Joe on the guitar, create drum tracks on 'hydrogen' to play along with, learn from microscope slides the wife prepares, read books (GNU press mostly), photography etc. (note to self: need to find decent fiction from the gutenberg project).
all in all, MPAA and RIAA ain't getting squat from me. keep producing Ms. Spears and 'kangaroo jack' for $12 and $19 (respectively) all you want.
there. i voted with my dollar. and no, i don't partake in 'file swapping'.
i'm working on exponential algorithms (graphs and satisfiability and that sort of a thing) for my masters thesis. -O3 gives a big^H^H^H huge boost.
mild way of putting it. i would have said that people all over the world are participating in their own election albeit they don't actually get to vote. but rather they are limited in their election participation to voicing their concerns over who gets voted in into the US government that in turn *chooses* *their* government.
hmm... but are you shuttle-worth?