The question to ask is where do you stop ? . As much of a tree hugger I am, putting a bomb at somebody's doorstep is now way to react. In fact, I'd say these activists have terrorized a man out of his quest for knowledge.
Sure, I've gone and petitioned against trees being cut down. Indeed, we've even hugged a few and prevented their demise. But vigilante retribution was never the way to save animals. There have been transgressions on one side, but that doesn't justify the other side from commiting brutality.
Replacing cruelty to animals, with one towards mankind doesn't solve the problem - mainly because there is no Noble Savage unlike what Rousseau dreamed.
This is like terrorism with its own ecological brand (call it another religion if you want).
> "Creative is very fortunate to have been granted this early patent,"
The battle lines have been drawn. I can almost see people inside Apple debating the use of patents as the Nuclear Weapons of this war - mutually assured destruction - you sue me, I sue you.
And it would be a bad thing if Apple started patenting user interfaces... really.
Now, this might not be a common thing in the US. But here in India, a lot of companies have team laptops which we pass around (on-call duty for server pages, for instances).
And somebody from Delhi, did something up which works for exactly that. qryptix encrypts your home dir and mounts using your passphrase when you login, built as a pam.d module.
Except for the fact that I wanted a truecrypt built into it, so that I can have a hidden volume even after I pass-phrase in to the first volume, this works well enough for most purposes.
The average kid in school, thinks proxies and mucking around with computer stuff are the realm of nerds, sitting in their parents' basement typing away, creating a pathetic online world to compensate for the real one upstairs.
But the moment, you introduce blockades to access to a "cool" thing like myspace or facebook, these talents become valuable in terms of utilization. More kids learn these, use these and try to out-do the other in terms of l33tness. If there aren't the artificial boundaries drawn by the authorities, these skills would have never been learnt, developed and hopefully put to good use in the future.
Whatever they block these with, they just raise the bar for the kids. Clever, curious and with the power of the rest of the internet behind them... there's nothing that's totally blocked off. Probably threats to those who break the security and offer real world punishments maybe, but blocking it all is impractical. Of course, then there are those who prefer forbidden fruit to the ones in the fridge, for the momentary thrill of breaking some rules.
I remember breaking the proxy at a college where I was giving a talk. All I did was ssh -D 8080 into my box and bypassed the "security" of the campus network. But I did that by unplugging the monitor cable, running ssh and plugging the monitor back on in under 2 minutes.And lo, meebo.com suddenly worked. The kids thought I was some great genius or something. THat kind of ego-rush to a 17 year old teenager can drive them to do far more than just break firewalls to get kudos from their peers.
These kind of restrictions just favour the kids who learn to use the system, instead of just fighting it on the streets like the average politico.
Change URL to mmsh:// and use xine to play it or mplayer -dumpstream to save it.
Now, I could write a greasemonkey script to do all of that easily and give you a 'click to play in mplayer' link. But there's this thing about me, I'm lazy.
I *am* an Indian programmer working in India. I too got a pay hike in lakhs, but do you understand why the hikes in India are so high ? The hikes are so high because of two important factors -
huge number of entry level engineers willing to settle for less for their first job
trouble retaining existing employees
My first job paid about 250 USD per month before taxes. I stuck to it because I was a geek with no great academics to speak of, coming from an outside (read as - not from IIT or NIT) college and hadn't got the financial backing to follow up my GRE score. And in about seven months, I'd end up replacing my father in the earning capacity. It was so scary that I was grabbing at straws with my first job - I'd worked for more than 40 days at a stretch, working weekends and taking five days off to rush home every quarter.
So I settled for less for my first job, but that salary was good enough to live in for one person - though not enough disposable income to buy something like a computer for my own. Amidst all this, I went through a lot of personal troubles and ended up losing the only light in my life - out of sheer neglect towards her. After all that my first raise was a 67% - which pulled up my salary to 400 USD levels and that's a huge inflation percentage wise but it was 2500 USD per year for the company. Interestingly that's about 1/4th of what I was billable for to the customer per month.
Anyway, I left that job because I couldn't put up with the shit. Impossible deadlines drive managers nuts. They start ignoring the non-performers when it comes to work distribution and overload the performers. Finally, no matter how brilliant you are, you burn out. I was a charred shell of no motivation when I quit - and people wonder why code from India sucks. Because the rewards of work, is more work and then it continues. In about a year (which is when your first pay review kicks in), you'll probably have lost all of your work ethic and become a lazy slob who realizes he won't get fired if he puts in 1/5 th of the work someone similar in US needs to put in.
The hike percentages look promising, but the reality is that as companies grow - only overhead per actual coder increases, without actual increase in code quality, outputs or schedules. Sooner or later the system has to fail.
The Software Services industry is a nightmare I'd rather not return to.
Messed up sudoers
on
Sudo vs. Root
·
· Score: 3, Funny
Recently one of my friends editied his sudoers file with the following
admin ALL=(ALL) ALL
Now it is obvious to me that he forgot a % in there. From that point onwards,
there was no way we could actually run sudo to be able to edit the file using
visudo. Since there is no root account, we couldn't just log in as root to fix
this issue. And because of the syntax error, sudo refused to work for any user.
Now, a live CD and a setuid bash executable managed to fix the issue directly,
but we learned an important lesson about root-less systems. If you screw up
something like the/etc/sudoers, the system is hosed unless you
have physical access.
So as much as I use sudo for almost all my UID 0 needs, I think root still
needs to live in every box just to safegaurd against such simple mistakes
which ended up costing more hours than the sudo would've saved.
We already do that when performance is ultra critical and have built-in ways to actually do that - LD_PRELOAD. Actually, if you look at it the best way to allocate huge chunks memory quickly is this
Of course, you could read about why I wrote this particular bit instead of
malloc in the first place - on my blog (when macros aren't enough).
Also you never truly appreciate C & Unix, till you've dissected malloc(), free(), fprintf() and fork(). The memory management, I/O buffering (different if you pipe to a file vs tty) and how the same pointer value can point to different memory (pages) in forked parent and child.
Makes you sort of open your eyes, like the gearhead looking at a fibre-glass 4-stroke engine.
Re:Main point of this release
on
Gnome 2.14 Released
·
· Score: 4, Informative
Malloc() is written for generic memory allocation for all programs with no bias towards larger sizes (or smaller) or allowing fragmentation rates which in the past would've been a kill-all for most applications.
Given a particular usage pattern, for example majority allocation of blocks > 512 bytes with a higher fragmentation ratio than would be acceptable in a server, you could technically outpace the malloc which would waste more time to find a best fit versus an algorithm that just finds you 512 byte blocks when you needed 4 bytes of memory.
Assumptions simplify algorithms, so is it a surprise ?
As a programmer, that's what I really consider as Unix - sus v3.
I code for this API and the sources end up being source compatible. But then there are library paths and
stuff, which is why even something as homogenous as Linux is forced to create LSB
standard. The API standard OTOH, is crystal clear - look at the API tables in terms of availability. And yeah, my project is called Portable.net, so I've put in my time writing portable code for
various platforms (even BeOS and SkyOS). Wish the threading models worked the same, that's all:)
There is just *nix... just *nix and VMS - everything else is somewhere in between.
'Google admitted that it was having difficulties recruiting developers and would be targeting students and engineers'
As much as I appreciate them looking at students and engineers, the obvious question that comes up in my head is - and make them do what ? . Whenever I look at what Google India's doing, there is no clarity in terms of what work they are doing, they will be doing or they will make me do. Either it is all hush-hush or they have no idea what to do with all the developers they already have.
Considering I already work for Yahoo! and get to work on a fair bit of F/OSS code in the process, the extra money just didn't seem worth it. Maybe I'll change my tune in half a decade, but it wouldn't be a surprise.
The vulnerability is caused due to an error in the processing of file association meta data (stored in the "__MACOSX" folder) in ZIP archives. This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive.
Considering that Mac OSes have never believed in file extensions and have always read file meta-data to determine action, this ranks equal with a browser executing.jpg.exe files when you click on the seemingly innocent nude-zeta-jones.jpg.exe...
disabling the "Open *safe* files after downloading" option in Safari
So the guys in apple who had the __MACOSX part to zip files didn't communicate that to the
Safari folks. Communication gaps happen, but this is gross oversight in a company which
claims to sell their software for a premium because it is cool (and well-tested UNIX background).
Shell vulnerabilities seem to be the entry point usually, seeing the firefox shell:// that was recently discovered... Integration comes with its own sweet price.
First, our business commitment to satisfy the interests of users, and by doing so to build a leading company in a highly competitive industry
I think that read the other way around - We'll do whatever it takes to get more users in whatever country to dominate the industry. That in my personal opinion is exactly what a capitalist Laissez-faire system should do. But whether that is in the interest of the rights of people in China - who may be settling for a crippled google.cn instead.
our policy conviction that expanding access to information to anyone who wants it will make our world a better, more informed, and freer place.
So how is censorship going to encourage a freer place ? Misinformation is often more effective than disinformation, just like spies and assasins are more effective than soliders on a fort. The effect this will have is to prevent the majority from actually complaining, leaving the vocal minority of civil rights protestors looking like whiny children.
Be responsive to local conditions.
Didn't that mean give in to china or cuba or whatever country just to gain a toehold in that country.
As much as I'd like to believe all the moral claptrap in this release, I think the bottom line is clearly stated in the article as follows - The backdrop to Google's decision to launch Google.cn is the explosive growth of the Internet in China. and Google wants in. Yahoo has already made all the connections nearly half a year ago.
To summarize - there's money in China and google.cn is going to be there too.
The document is pretty much ranks in the category of 30 second ajax tutorials.
It would have been better if the document has explained how you were supposed to handle concurrent XmlHttpRequests - a problem I am faced with.
Yesterday, I noticed the new Y! libs released had - transaction ids for Ajax requests. I've been using closures in javascript to maintain the context info, but this way sounds much better.
Any decent webdev entering the field should know about http status codes, HEAD requests and all that. Also it should be noted that article didn't even mention how many times state 3 is hit for a particular request - I got caught by that one once.
The important peices are *NOT* about widgets. This is about the ygPos,ygAnim and ygDom libraries which are invaluable to most people (at least me).
The animation systems are actually
pretty awesome. The cacheTween() functionality in there takes it very close to what I've been doing with flash previously.
Morover, Y! has been using these for the past 6 months on different browsers before they open sourced. That part is really what most people look at.
After all they have all our data in their cache and they are inside US jurisdiction as well. I don't see why US Gov has to develop something fresh and duplicate all the effort Google has put into their search engine.
On the other hand, is NSA working with Google a bad thing for you ?
There was a time when the military invested heavily into the space research program. These days with the cost cutting and budget crunches forced upon Nasa - they seem to have outsourced their research to private enterprenuer and pioneers with such challenges.
Maybe it is a better way to utilize government money - but the research might end up being owned by a commercial entity rather than just being merely used by such an entity. Lockheed and Boeing have been workhorses for such research in the past (think about how the Jeep evolved).
Does the future of space research lie with private efforts ?
Or is it headed eastwards (or further westwards) towards China ?
Should I kill my fluxbox and use compiz as my default window manager ? Or can compiz actually live along side a normal windowmanager which has about half a year of short-cuts that I use heavily ?
I would love if someone could actually tell me if fluxbox (or indeed xfwm4) will work with XGl out of the box.
If you've seen the microsoft censorship on Everybody Loves Eric Raymond, you'll find this announcment a little disturbing.
After all from what I understand, Microsoft is looking at exploiting the open source model of development for
getting free developers. I very much doubt they would go down a path where they transfer the entire copyright
of the codebase to a non-profit organization (like Netscape/AOL and Mozilla Foundation).
Then again, with Safari working very decently - who needs IE on Mac ?
I can almost picture Steve Ballmer - "developers... developers... developers *aside* heh, suckers"
Slashdot Mirror
Sure, I've gone and petitioned against trees being cut down. Indeed, we've even hugged a few and prevented their demise. But vigilante retribution was never the way to save animals. There have been transgressions on one side, but that doesn't justify the other side from commiting brutality.
Replacing cruelty to animals, with one towards mankind doesn't solve the problem - mainly because there is no Noble Savage unlike what Rousseau dreamed.
This is like terrorism with its own ecological brand (call it another religion if you want).The battle lines have been drawn. I can almost see people inside Apple debating the use of patents as the Nuclear Weapons of this war - mutually assured destruction - you sue me, I sue you.
And it would be a bad thing if Apple started patenting user interfaces ... really.
(yeah, I pretty much forgive the Digg one, everybody has those ...)
Now, this might not be a common thing in the US. But here in India, a lot of companies have team laptops which we pass around (on-call duty for server pages, for instances).
And somebody from Delhi, did something up which works for exactly that. qryptix encrypts your home dir and mounts using your passphrase when you login, built as a pam.d module.
Except for the fact that I wanted a truecrypt built into it, so that I can have a hidden volume even after I pass-phrase in to the first volume, this works well enough for most purposes.
But I guess, it is a good thing KDE and gnome are converging ... for the linux desktop, at least in the short term.
Motorazr sshing into a gentoo server.
Except it can be really hard to type right on a small keyboard and gentoo has such amazing error messages.
That all said, I'd like one of theseBut the moment, you introduce blockades to access to a "cool" thing like myspace or facebook, these talents become valuable in terms of utilization. More kids learn these, use these and try to out-do the other in terms of l33tness. If there aren't the artificial boundaries drawn by the authorities, these skills would have never been learnt, developed and hopefully put to good use in the future.
Whatever they block these with, they just raise the bar for the kids. Clever, curious and with the power of the rest of the internet behind them ... there's nothing that's totally blocked off. Probably threats to those who break the security and offer real world punishments maybe, but blocking it all is impractical. Of course, then there are those who prefer forbidden fruit to the ones in the fridge, for the momentary thrill of breaking some rules.
I remember breaking the proxy at a college where I was giving a talk. All I did was ssh -D 8080 into my box and bypassed the "security" of the campus network. But I did that by unplugging the monitor cable, running ssh and plugging the monitor back on in under 2 minutes.And lo, meebo.com suddenly worked. The kids thought I was some great genius or something. THat kind of ego-rush to a 17 year old teenager can drive them to do far more than just break firewalls to get kudos from their peers.
These kind of restrictions just favour the kids who learn to use the system, instead of just fighting it on the streets like the average politico.Take movie URL, for example - http://video.yahoo.com/video/play?vid=a2be3e951f3f 19e690b3500ed2fe19dc.477060.
Note down the nodeID (i.e 477060). Use curl to download the playlist path.
Decode the URL or even better just pull out the SID from the url.
Change URL to mmsh:// and use xine to play it or mplayer -dumpstream to save it.
Now, I could write a greasemonkey script to do all of that easily and give you a 'click to play in mplayer' link. But there's this thing about me, I'm lazy.
I don't know why, but I've gotten used to Ctrl+[pn] and prefer that over popups that other IDEs seem to throw up.
Prevents shell from leaking env vars.
:)
bash$ export LD_PRELOAD=/usr/lib/libsomething.so
bash$ sudo strace ls
and tell me whether what you got was expected or not
My first job paid about 250 USD per month before taxes. I stuck to it because I was a geek with no great academics to speak of, coming from an outside (read as - not from IIT or NIT) college and hadn't got the financial backing to follow up my GRE score. And in about seven months, I'd end up replacing my father in the earning capacity. It was so scary that I was grabbing at straws with my first job - I'd worked for more than 40 days at a stretch, working weekends and taking five days off to rush home every quarter.
So I settled for less for my first job, but that salary was good enough to live in for one person - though not enough disposable income to buy something like a computer for my own. Amidst all this, I went through a lot of personal troubles and ended up losing the only light in my life - out of sheer neglect towards her. After all that my first raise was a 67% - which pulled up my salary to 400 USD levels and that's a huge inflation percentage wise but it was 2500 USD per year for the company. Interestingly that's about 1/4th of what I was billable for to the customer per month.
Anyway, I left that job because I couldn't put up with the shit. Impossible deadlines drive managers nuts. They start ignoring the non-performers when it comes to work distribution and overload the performers. Finally, no matter how brilliant you are, you burn out. I was a charred shell of no motivation when I quit - and people wonder why code from India sucks. Because the rewards of work, is more work and then it continues. In about a year (which is when your first pay review kicks in), you'll probably have lost all of your work ethic and become a lazy slob who realizes he won't get fired if he puts in 1/5 th of the work someone similar in US needs to put in.
The hike percentages look promising, but the reality is that as companies grow - only overhead per actual coder increases, without actual increase in code quality, outputs or schedules. Sooner or later the system has to fail.
The Software Services industry is a nightmare I'd rather not return to.Now, a live CD and a setuid bash executable managed to fix the issue directly, but we learned an important lesson about root-less systems. If you screw up something like the /etc/sudoers, the system is hosed unless you
have physical access.
So as much as I use sudo for almost all my UID 0 needs, I think root still needs to live in every box just to safegaurd against such simple mistakes which ended up costing more hours than the sudo would've saved.Of course, you could read about why I wrote this particular bit instead of malloc in the first place - on my blog (when macros aren't enough).
Also you never truly appreciate C & Unix, till you've dissected malloc(), free(), fprintf() and fork(). The memory management, I/O buffering (different if you pipe to a file vs tty) and how the same pointer value can point to different memory (pages) in forked parent and child.
Makes you sort of open your eyes, like the gearhead looking at a fibre-glass 4-stroke engine.Given a particular usage pattern, for example majority allocation of blocks > 512 bytes with a higher fragmentation ratio than would be acceptable in a server, you could technically outpace the malloc which would waste more time to find a best fit versus an algorithm that just finds you 512 byte blocks when you needed 4 bytes of memory.
Assumptions simplify algorithms, so is it a surprise ?
I code for this API and the sources end up being source compatible. But then there are library paths and stuff, which is why even something as homogenous as Linux is forced to create LSB standard. The API standard OTOH, is crystal clear - look at the API tables in terms of availability. And yeah, my project is called Portable.net, so I've put in my time writing portable code for various platforms (even BeOS and SkyOS). Wish the threading models worked the same, that's all :)
There is just *nixAs much as I appreciate them looking at students and engineers, the obvious question that comes up in my head is - and make them do what ? . Whenever I look at what Google India's doing, there is no clarity in terms of what work they are doing, they will be doing or they will make me do. Either it is all hush-hush or they have no idea what to do with all the developers they already have.
Considering I already work for Yahoo! and get to work on a fair bit of F/OSS code in the process, the extra money just didn't seem worth it. Maybe I'll change my tune in half a decade, but it wouldn't be a surprise.
So the guys in apple who had the __MACOSX part to zip files didn't communicate that to the Safari folks. Communication gaps happen, but this is gross oversight in a company which claims to sell their software for a premium because it is cool (and well-tested UNIX background).
Shell vulnerabilities seem to be the entry point usually, seeing the firefox shell:// that was recently discovered... Integration comes with its own sweet price.
So how is censorship going to encourage a freer place ? Misinformation is often more effective than disinformation, just like spies and assasins are more effective than soliders on a fort. The effect this will have is to prevent the majority from actually complaining, leaving the vocal minority of civil rights protestors looking like whiny children.
Didn't that mean give in to china or cuba or whatever country just to gain a toehold in that country.
As much as I'd like to believe all the moral claptrap in this release, I think the bottom line is clearly stated in the article as follows - The backdrop to Google's decision to launch Google.cn is the explosive growth of the Internet in China. and Google wants in. Yahoo has already made all the connections nearly half a year ago.To summarize - there's money in China and google.cn is going to be there too.
Any decent webdev entering the field should know about http status codes, HEAD requests and all that. Also it should be noted that article didn't even mention how many times state 3 is hit for a particular request - I got caught by that one once.
The animation systems are actually pretty awesome. The cacheTween() functionality in there takes it very close to what I've been doing with flash previously.
Morover, Y! has been using these for the past 6 months on different browsers before they open sourced. That part is really what most people look at.
After all they have all our data in their cache and they are inside US jurisdiction as well. I don't see why US Gov has to develop something fresh and duplicate all the effort Google has put into their search engine.
On the other hand, is NSA working with Google a bad thing for you ?
Maybe it is a better way to utilize government money - but the research might end up being owned by a commercial entity rather than just being merely used by such an entity. Lockheed and Boeing have been workhorses for such research in the past (think about how the Jeep evolved).
Does the future of space research lie with private efforts ?Or is it headed eastwards (or further westwards) towards China ?
I would love if someone could actually tell me if fluxbox (or indeed xfwm4) will work with XGl out of the box.
According to the article, Google desktop was partly responsible for executing the code - even when the file is being downloaded without IE.
This means that you firefox users are also vulnerable (and what user does Google desktop run as ?)
After all from what I understand, Microsoft is looking at exploiting the open source model of development for getting free developers. I very much doubt they would go down a path where they transfer the entire copyright of the codebase to a non-profit organization (like Netscape/AOL and Mozilla Foundation).
Then again, with Safari working very decently - who needs IE on Mac ?
I can almost picture Steve Ballmer - "developers