Microsoft's products are developed, marketed, and sold using the capitalism economic system (I realize that Free Market is supposed to be part of a Capitalist Economy and Microsoft has used illegal business tactics to destroy Free Market in their main business sector, but bear with me). Their main product, Windows, is currently going for around $150. At one dollar a day an individual would need to work about half a year to purchase the operating system to run a computer let alone the hardware.
Giving up half a year of income to buy software is a rather surmountable task when you also need to buy food, clothes, residence, transportation, etc. Just to put it into perspective, the average car in the United States costs about one half of the average annual income and most people have to borrow money on a 3 to 7 year loan to pay off a new car. Imagine borrowing money on a 3 to 7 year loan simply to buy Windows. Its ridiculous.
So in order to provide the benefits of the latest technology in computer operating systems to someone who makes a dollar a day there needs to be a creative solution. One possibility would be to cut into those massive 80%+ margins built into the Capitalist price of Windows to make it more affordable, that doesn't even require much in the way of being creative. But to really be creative how about changing the licensing and distribution of the product to further reduce the costs to deliver and purchase the product. Well, guess what, its already been done, its called Open Source.
The initial development costs for an operating system are expensive, but once it is developed the distribution costs are minimal. Now you can create a licensing scheme that creates a fake supply side in the supply demand equation there by inflating the cost of the product, but Open Source does not do this. An Open Source license is a creative way to not only reducing the cost of delivery, but it also creates an abundant supply and spreads the initial cost of development.
Now the cost of acquiring the operating system which is Open Source is at most the cost of the media and transporting or even cheaper if there is internet access.
Creative eh?;)
Of course you will get a bunch of flak from people suffering from psychotic paranoia delusions about Open Source being Socialist, Communist, or even Cancer, but the fact is there are many hard core for profit capitalist corporations in the red blooded United States of America who are not only relying on Open Source software but they are part of the development community. All I can tell you is pay no heed, they are simply blinded.
Do I, as a customer who, according to the acceptable use policy, owns my data, have a reasonable expectation of privacy for the data which I own, despite it being hosted on a third-party's server?
IMO everyone should expect privacy, however, even with strict privacy policies and expectations in place there should be no surprise that any data which you make accessible is accessed.
Far to many web application developers are lax on security when developing their applications and storing data. End users running these applications should be pushing developers and hosting providers to implement some level of security against unauthorized access to data using least privilege and encryption of stored data.
And now for the plug.:) PHPgirder is an example of implementing both least privilege and encryption to protect from unauthorized access and encryption of data in the event unauthorized access does occur.
Basically the idea is to use the user level access control built into the database engine to limit access to tables and encrypt all sensitive data that is stored in those tables. This requires the use of multiple database users and while the username and password for the user with the least privilege is stored in plain text like any other web application the usernames and passwords for higher access levels in the database are stored in encrypted records in the database and require user authentication before they can be decrypted and thus provide higher levels of access to the application and the data in the database.
The same encryption and ACL technique that is used to control an application based on PHPgirder can also be applied to any pages and data that are implemented in an application using the classes by using the same database ACLs required to run PHPgirder or by adding additional ACLs upon the base PHPgirder ACLs (translation: more database usernames and passwords with restricted database access).
Now this will not stop someone who has root access to the server from intercepting user session information and stealing user's usernames and passwords to gain access to the encrypted data but it will surely stop someone from doing a casual dump of your database to peruse your data and tell you what your doing wrong.
And where is the government we paid for? They should be seriously thumping these clowns over the head for even considering "combating internet traffic" which is clearly the type of traffic intended when the 1996 Telecommunication Act was passed and the deregulation started.
Section 706 paragraph (c) line 1 states:
(1) ADVANCED TELECOMMUNICATIONS CAPABILITY- The term
`advanced telecommunications capability' is defined, without
regard to any transmission media or technology, as high-speed,
switched, broadband telecommunications capability that enables
users to originate and receive high-quality voice, data,
graphics, and video telecommunications using any technology.
The key here being enables users to originate and receive high-quality voice, data, graphics, and video, thats right, originate AND receive. Somebody clue these dolts in to the fact the internet is not TV 2.0.
There is absolutely nothing wrong with the way subscribers are utilizing their ISPs, this is exactly as it was envisioned by the authors of the 1996 Act. Imagine that, government officials having better vision for the future of technological advancement in telecommunications than the people running the companies. I can tell you why, the problem is also the clueless bean counters and MBAs could care less about technology, innovations, etc. and would demand a monthly fee just cause if they could get away with it. These people should be running illegal whore houses and extortion rackets, not technology corporations.
If our government doesn't step in and force these bozos to provide the service they advertise and were given deregulation perks for then we may need to step in and explain that they don't own our back yards through which they run their damned cables, I deserve a tariff since its my land they're hauling all those bits through.
If you don't want someone running off with your code and using it in some proprietry software and make money of it, then don't put your code out there and tell everyone that its 'free'.
Yes, I suppose it is in many cases just too tempting for some scum bags. You give a thief an easy opportunity and they'll take a chance of making off with the goods without being caught.
Your twisted reciprocal argument aside, and ignoring the fact your posting as an anonymous coward, you may want to set aside your ill conceived notions of what the GPL is and how it works and maybe try reading the license and examining how many companies are making shitpiles of money off GPLed software without having to steal it or give the shitpiles of money to the original developers of the code.
It seems the lawyer gets some of it, GPLed software truly is free software.
As far as BSD vs GPL, they are both open source licenses for free software but they both have their restrictions. If you don't consider GPLed software to be free software then BSD licensed software is not free either as there are still restrictions, i.e. you cannot remove copyrights from the code and claim it to be your own.
The BSD license is more acceptable to businesses who see open source as a resource to be harvested but never invested in. The GPL is not and is designed to keep the software free. Does this mean the GPL in any of its forms is "anti corporate licensing"? Absolutely not, it simply enforces the give and take nature of open source, it in no way stops corporations from using the software to enhance their business as long as they are not in the business of leeching free software and attempting to create false monopolies and false supply limitations with the same software.
Really I find the entire anti-GPL fray to be an outlandish waste of time and effort, the GPL is not forced on anyone, if you don't like the license then stop coveting the code, pay the cost and develop your own stinking code.
When this constructionism project started and they were testing laptops in Cambodia I'll bet they were running Windows. Everyone needs to keep in mind that its not about the laptop or the software but the educational project. Arguably Open Source Software and the ideology of the project go hand in hand, but one is not absolutely necessary for the other.
I read the letter on the OLPC site and the article about Windows running well on the XO, but I couldn't get to the article that mentioned flash. Flash in my opinion is the scourge of the internet these days, and don't go off on a youtube rant, internet video and streaming codecs were available before flash.
From what I've read nothing has really changed, Windows on OLPC was in the works and it doesn't mean that linux will be dumped. So much for the sensationalist headlines. You have media outlets and scumbag corporate leaders who will juice this for all its worth but really it means nothing.
I will say that it appears from Negroponte's message that there may be some friction between the Sugar developers and Negroponte probably concerning the porting of Sugar to Windows. He is welcome to his view but really it has absolutely nothing to do with Open Source Fundamentalism.
If the open source developers of Sugar are balking at porting their work to Windows it should be no surprise, unless you've been living in a vacuum for the past 10 years. The Microsoft Corporation has not only been found guilty of using illegal business tactics to destroy competition in the market to maintain their ludicrous profit margins but they have also been on a non-stop PR harassment campaign specifically targeted against the same developers who wrote Sugar.
In the end it matters not, if Negroponte wants Sugar on Windows all he has to do is ask that wealthy corporation to invest some of their ill gotten gains in porting the open source code themselves. After all, its not like Microsoft's developers aren't used to leeching off the open source community to support their proprietary products. What would be interesting is seeing the response he gets to using open source code in a high profile project considering Microsoft has labeled it a cancer.
When your learning about referential integrity but the RDBMS doesn't support it your stuck in a conundrum. Unless you choose an RDBMS that actually does its job of keeping the database relational.
I wouldn't know about windows clients, haven't used them for years. Table name completion does work, column completion is basically worthless as it lists every column available in every table, not just the table you listed in the FROM portion of the statement. And there is no completion for any of the SQL commands.
made up for its limitations relative to PostgreSQL
All the community, documentation, and speed in the world wont make up for lack of features.
I'm no dbms expert but when I first started learning about relation databases, wow, seems like 6+ years ago now, it was obvious from reading the features of mysql versus postgresql that there was no making up for the fact that mysql wasn't a real relational database. Since I was learning about relational databases I never even bothered with mysql and jumped right into postgresql. So I guess I'm biased but I never ran into a problem with tools, libraries, documentation, or community support.
Mysql has made many improvements since then, and I even started to play with it as I've been working on some open source projects which are web based applications and as such may need to support the widely popular mysql. So far its not bad, but it would be nice if their mysql command line tool would do TAB completion as psql does. It always takes me a few tabs before I realize that mysql isn't going to help my lazy ass out.
>>>"lines should be owned by the state or local municipalities"...
introduce competition between multiple companies (i.e. have Comcast, Time-Warner, and Cox all competing to supply television/internet to your home). A free market solution is preferable to a poorly-run, poorly-managed government monopoly.
Something like the competition we see between UPS, FedEx, DHL? They each own their own roads and airports from point to point, oh wait, hey they are using municipal roads and airports to operate their delivery equipment and provide a competitive service in a free market. What a concept, now lets apply it to the monopolies you just mentioned to they too can compete in a free market.
What do you get in exchange for that? A PC (complete with hard drive, internet connection, support for usb, etc), excpet you can't use it like a PC. If the same games where made for PC directly, you would simply win on all fronts (even on the price; it's true that you save on the console, but you lose that by the lack of competition on games).
Well, you get something else, a box that you know you can plug the games into and they just work. The purpose and use of PCs is widely varied so there is no guarantee that you buy a game, pop it into your PC, and it just works.
There are other benefits as well, lack of spyware, viruses, trojans, etc., although that could change with the new direction consoles are taking.
And yes, as Alex had noted, if every PC sold, including the all in one integrated boxes, included the latest and greatest eye popping GPU technology and CPU technology then the PC gaming market would be much simpler, but what can I say, the guy is a doofus.
When I'm building a headless server and I purchase an all in one motherboard to support the system the last thing I want is some high priced bleeding edge GPU soldered into the motherboard, cranking up the cost, generating heat, and really doing absolutely nothing.
The PC gaming market is what it is because the PC is a general utility tool that you spec for the purpose, you don't spec it to meet the needs for one persons marketing desires.
Oh, and by the way, in some cases those consoles that you believe cannot be used as a desktop even though they have desktop type hardware, some of them can. You can run a linux desktop on the PS3.
Woot! I'm already set, I have a Cyclopedia of Automobile Engineering from my grandfather and it covers repair and maintenance of early 1900s electric cars and trucks. The book was published in 1916 by the Chicago American Technical Society, and now it looks to back in tech style.:)
What really drives this is Blu-ray's skimpy catalog, which will take a couple of years to pump up.
The articles itself was interesting and looks spot on, however this embellished comment on the article is inaccurate. Amazon lists over 500 HD-DVD titles and over 700 Blu-Ray titles. It seems someone is grasping at anything to save face on a lost cause.
With a large volume of HD content available for the dead format and the player/movie prices heavily cut to move inventory it should be no surprise they are selling. Thats the point of the massive price cuts, to clear out the inventory of the dead format.
Is this bad news for Blu-Ray? Hardly, once the inventory for this dead format is depleted it will be a Blu-Ray market until a viable alternative is developed. I doubt we'll get any meaningful agreement between hardware manufacturers, software developers, content producers, and telecom providers that will enable a meaningful replacement for Blu-Ray any time soon.
then we'll talk about how Windows will be a better FOSS platform
Not so fast. Once Windows becomes a viable solution for a computer operating system and not simply a toy then the next step is to haggle over licensing.
I don't care how good they claim Windows is, I'm not signing over my freedom of speech or right to privacy on my own property just so I can use their goofy software.
If I use there software and it sucks, I'm going to tell others it sucks. And there is no way I'm going to agree to allowing a bunch of BSA goons to rifle through all my files if I don't pay some extortion fee.
Nope, Microsoft has a long way to go before they have a viable platform.:P
Back in the Day, we all figured that the SCO lawsuit would be quashed within 6 months. I remember a talk at a LinuxWorld several YEARS ago where Eric Raymond or someone openly challenged them to show us all where the 'infringing code' was.
In a way it was quashed in about 6 months. Based on their stock price the fairy tale was over quickly as it became apparent to any rational being that it was all BS. And requesting the code was the most obvious blow to their case as any argument against pointing to the publicly viewable code was simple nonsense.
Other than a few "journalists" with questionable credibility no sane person believed a word coming out of tSCOg's mouth pieces once they refused to show the code. And the ultimate blow was when the judge explained how close they came to losing the entire case on a summary judgment because they failed to produce even the most minute amount of evidence to support their reasoning for being in court in the first place. That statement from the judge was based in part on all the outrageous claims the tSCOg mouth pieces had been spewing in the media and their failure to simply show the code.
Yes it has dragged on for years, and yes it cold drag on for more years, but the game was up long ago and most people know that. Now all we can hope for is that IBM and Novell will be willing to continue spending cash on the lawsuits long enough to ensure the perps and backers of this scam lose significant face.
And you are right, no matter how this ends it will never be the end, there are several people making massive profits who feel threatened by open source and they will continue to fund idiotic attacks like this as long as its a financially viable option for them. There are also the rabid anti-FOSS individuals who will rant until the end of time because they are so enamored by the likes of Microsoft that they'll believe and rabidly support every piece of FUD they are spoon fed.
Yeah, its not over, and we'll never hear the end of it. But life goes on.
Assuming all of this stuff is approved by the bankruptcy courts for starters.
Good point. The quick headlines that were generated for stories are highly inaccurate, i.e. its not a $100 million buy out and it looks to be only $5 million at first glance.
It could turn out after a full review of the facts that this is just another attempt to perpetrate additional theft of Novell's cash through the bankruptcy court as was the last attempt to sell Novell's assets.
We'll have to wait and see how Novell and IBM respond in the bankruptcy court.
The headlines and article contents are not 100% accurate. After reading the MOU it turns out that they are only paying $5 million, not 100.
The other $95 million is a line of credit from which they can borrow at a whopping 17% interest rate.
I could be wrong but this looks more like a pay off for the perps and a privatization veil to cover their tracks once they pay off the coming judgments using the line of credit and then allow the entire scam to vanish into vapors.
this blog never really had that big of a following
If it doesn't have much of a following its probably due to the obvious bias of the site. I don't recall the first time I read olpc news and how I got there but it was obvious from the start that it wasn't really an olpc news site but rather was simply an attack site spreading the same disinformation we see posted to message boards.
The olpc news blog attacked the educational objectives of the project from the start, not by critically assessing the years of research and study that went into the plan rather, by completely ignoring not just the research and study but even the advertised objectives and methods written in plain english on the loptop.org web site. How many times does it have to be explained to these people that its not a laptop project dumping laptops on starving third world children, its about the educational concept of constructionism.
It even continues to this day where he posts "news" that there is no news showing that the kids who have so far received laptops are learning when again if he has been following the real news, you know, journalists and reporters actually out in the field finding out for themselves, the educational benefits are beginning to demonstrate themselves in small ways just as they did in the research.
And even if the blog is not closely followed, this guy is being interviewed and quoted all over the radio, even by NPR, as a source for OLPC news. That would be news about OLPC, not the website olpcnews which is a misnomer. Its disgraceful. Even though I stopped reading the guys web site I still had to listen to his crap on the radio when ever the OLPC project comes up in the real news.
Even though there is an obvious conflict of interest, and his site seems to be very biased, I can still see the possibility that he was just creating a blog about something he was interested in. I don't believe that the XO and Classmate were originally competing products as the target kids and communities for the OLPC educational program were outside the realm of Intel's existing educational assistance programs. The problem is that marketing PR, and in the case of Microsoft politics concerning open source software, drove them to "compete" in the OLPC "market" when in fact there is no market, its a charitable non-profit cause. As things were getting ugly in the media between Intel and OLPC he really should have disclosed the conflict of interest that arose.
if you log into the database using end-user-supplied credentials then I agree that you're safe
This is close to what the design does, but rather than logging into the database with user supplied credentials the user's credentials are utilized to supply the missing passphrase required for decryption of the actual database user credentials required to access the portions of the database they've been given priviledges to access. This way the database entries are not based on per user credentials but rather on a few database user credentials to which they have been provided access through their SSL key.
And if they did then the hacker could just register an account and use their own credentials. You could use other tricks though - like having users write to some table that is polled by a separate system. However, you still need to scrub your data regardless...
Yes, and therein lies the weakness. I currently have four priviledge levels based on four seperate database users, depending on the priviledges you grant to each user by giving them an encrypted key they will have that level of database access. The more trusted a user is the higher their level of access and the greater the risk. But simply registering would not provide enough access to do any damage, a basic registered user still only has select permissions, no insert, update, or delete permissions.
And yes, you still need to scrub your data, I'm not proposing a solution to crummy coding, just a way to mitigate potential damage. And I believe this method would eliminate a google/worm type exploit as you would need an authorized account on any site using this design before you could actually do anything. It would not be possible to simply do a google search for sites using the code and automatically perform a damaging sql inject as the lowest level of user can only perform selects on a single table.
You still have the credentials accessible to the webserver
The encrypted records are accessible to the webserver, but the webserver is missing all the required components to complete the decryption. The users hold the missing component which enables decryption.
the hacker has everything they need at hand. Reminds me of DRM
Nope, wrong answer. If you are interested in how it works you can read the documentation but I assure you, if a hacker were able to query the entire contents of the table which is accessible by the one available database user they would require either brute force password cracking of the SSL keys or they would have to crack the SSL encryption. Without the user's password it is hopeless, even if they managed to read the contents of every table in the database and every file on the server it still would not be enough.
And I agree on the DRM, its pointless, how can you rely on encryption to protect copying of the data when you also provide all the keys and credentials to decrypt the content. Ludicrous, but again, that's not what I'm doing.
Yes, in this regard it is just as secure as Linux. You still need to be a administrator to overwrite the mbr.
Really, perhaps I misunderstood the article as it appears they are saying a regular user on an NT/XP/Vista box can edit the first sectors of the disk. On a linux system you would have to intentionally login with the root account to do this. Normal use of a linux system does not require that you login as root and regular users cannot edit the MBR.
all of this damn argument, how exactly do you propose we defend the contents of the MBR from root on Linux? (Or GNU/Linux if you will)
Excellent question, I suggest reading up on SElinux. You can use SElinux policies to lock down even the root user but in an extremely granular way. I think you have a great idea and considering that once a system is setup there really is not reason even for the root user to be editing the MBR. There may be other methods to achieve the same result but I've only studied SElinux.
Go to any one of the Anti Virus websites where they list a "top xxx" threats list, and look at the infection methods.
Okay, so I went to norton.com and looked at their latest list, threats list, and risks, and vulnerabilities. And to be honest its still not very clear. I suspect you are correct that most of the infections take place by tricking a user into running an application which is either malware itself or installs a virus. The problem is that there list doesn't really specify how the virii/trojans are installed. There seems to be a 50/50 split between actual malware applications and virii/trojans and there were multiple vulnerabilities last year which could have been used as attack vectors to install virii/trojans versus getting a user to actually run a malware application.
On McAfee's site its pretty much the same, there is no definite means of determining the method of attack for virii/trojans and they are viewed as a seperate threat type. Of course they list the same vulnerabilities which could have been used as an attack vector along with some new ones just released today.
I agree that the user is probably the most likely attack vector but then a vulnerability has the potential for a much bigger impact because even the users who are not easy to trick into running an application become prey. So while it seems probably I still wouldn't feel comfortable jumping to conclusions as its just to easy to say "its the dumb users".
It has no access to anything in the system other than the data in the database - which is all this attack compromised.... The attack merely used the applications write-access to its own database to modify the database contents - something that is nearly impossible to automatically protect against at the database server level.
Good post, but I have to disagree with you here.
While it is possible to mitigate the potential for SQL based attacks through good coding practices there is one major fault in the design of many web applications, a single database user with complete control over the database and utilized for all application queries and the database user credentials are stored in plain text in a configuration file.
And there is a way out. The simplest method would be to use a database user with restricted permissions for the application, only the permissions needed to perform the operations required by the application. But you can take it even further as I have been attempting to do in a PHP project I started, and now for a shameless plug;).
In PHP girder I utilize multiple database users with varying levels of permissions on the database. There is one database user with credentials stored in plain text in a configuration file, however, this user has only select permissions on a single table in the database. All the other users with higher privileges are stored in SSL encrypted records in the database.
I believe something like this can be used to mitigate the potential for a mistake in application code.
Slashdot Mirror
Here, I'll help...
Microsoft's products are developed, marketed, and sold using the capitalism economic system (I realize that Free Market is supposed to be part of a Capitalist Economy and Microsoft has used illegal business tactics to destroy Free Market in their main business sector, but bear with me). Their main product, Windows, is currently going for around $150. At one dollar a day an individual would need to work about half a year to purchase the operating system to run a computer let alone the hardware.
Giving up half a year of income to buy software is a rather surmountable task when you also need to buy food, clothes, residence, transportation, etc. Just to put it into perspective, the average car in the United States costs about one half of the average annual income and most people have to borrow money on a 3 to 7 year loan to pay off a new car. Imagine borrowing money on a 3 to 7 year loan simply to buy Windows. Its ridiculous.
So in order to provide the benefits of the latest technology in computer operating systems to someone who makes a dollar a day there needs to be a creative solution. One possibility would be to cut into those massive 80%+ margins built into the Capitalist price of Windows to make it more affordable, that doesn't even require much in the way of being creative. But to really be creative how about changing the licensing and distribution of the product to further reduce the costs to deliver and purchase the product. Well, guess what, its already been done, its called Open Source.
The initial development costs for an operating system are expensive, but once it is developed the distribution costs are minimal. Now you can create a licensing scheme that creates a fake supply side in the supply demand equation there by inflating the cost of the product, but Open Source does not do this. An Open Source license is a creative way to not only reducing the cost of delivery, but it also creates an abundant supply and spreads the initial cost of development.
Now the cost of acquiring the operating system which is Open Source is at most the cost of the media and transporting or even cheaper if there is internet access.
Creative eh? ;)
Of course you will get a bunch of flak from people suffering from psychotic paranoia delusions about Open Source being Socialist, Communist, or even Cancer, but the fact is there are many hard core for profit capitalist corporations in the red blooded United States of America who are not only relying on Open Source software but they are part of the development community. All I can tell you is pay no heed, they are simply blinded.
IMO everyone should expect privacy, however, even with strict privacy policies and expectations in place there should be no surprise that any data which you make accessible is accessed.
Far to many web application developers are lax on security when developing their applications and storing data. End users running these applications should be pushing developers and hosting providers to implement some level of security against unauthorized access to data using least privilege and encryption of stored data.
And now for the plug. :) PHPgirder is an example of implementing both least privilege and encryption to protect from unauthorized access and encryption of data in the event unauthorized access does occur.
Basically the idea is to use the user level access control built into the database engine to limit access to tables and encrypt all sensitive data that is stored in those tables. This requires the use of multiple database users and while the username and password for the user with the least privilege is stored in plain text like any other web application the usernames and passwords for higher access levels in the database are stored in encrypted records in the database and require user authentication before they can be decrypted and thus provide higher levels of access to the application and the data in the database.
The same encryption and ACL technique that is used to control an application based on PHPgirder can also be applied to any pages and data that are implemented in an application using the classes by using the same database ACLs required to run PHPgirder or by adding additional ACLs upon the base PHPgirder ACLs (translation: more database usernames and passwords with restricted database access).
Now this will not stop someone who has root access to the server from intercepting user session information and stealing user's usernames and passwords to gain access to the encrypted data but it will surely stop someone from doing a casual dump of your database to peruse your data and tell you what your doing wrong.
burnin
And where is the government we paid for? They should be seriously thumping these clowns over the head for even considering "combating internet traffic" which is clearly the type of traffic intended when the 1996 Telecommunication Act was passed and the deregulation started.
Section 706 paragraph (c) line 1 states:
The key here being enables users to originate and receive high-quality voice, data, graphics, and video, thats right, originate AND receive. Somebody clue these dolts in to the fact the internet is not TV 2.0.
There is absolutely nothing wrong with the way subscribers are utilizing their ISPs, this is exactly as it was envisioned by the authors of the 1996 Act. Imagine that, government officials having better vision for the future of technological advancement in telecommunications than the people running the companies. I can tell you why, the problem is also the clueless bean counters and MBAs could care less about technology, innovations, etc. and would demand a monthly fee just cause if they could get away with it. These people should be running illegal whore houses and extortion rackets, not technology corporations.
If our government doesn't step in and force these bozos to provide the service they advertise and were given deregulation perks for then we may need to step in and explain that they don't own our back yards through which they run their damned cables, I deserve a tariff since its my land they're hauling all those bits through.
Yes, I suppose it is in many cases just too tempting for some scum bags. You give a thief an easy opportunity and they'll take a chance of making off with the goods without being caught.
Your twisted reciprocal argument aside, and ignoring the fact your posting as an anonymous coward, you may want to set aside your ill conceived notions of what the GPL is and how it works and maybe try reading the license and examining how many companies are making shitpiles of money off GPLed software without having to steal it or give the shitpiles of money to the original developers of the code.
It seems the lawyer gets some of it, GPLed software truly is free software.
As far as BSD vs GPL, they are both open source licenses for free software but they both have their restrictions. If you don't consider GPLed software to be free software then BSD licensed software is not free either as there are still restrictions, i.e. you cannot remove copyrights from the code and claim it to be your own.
The BSD license is more acceptable to businesses who see open source as a resource to be harvested but never invested in. The GPL is not and is designed to keep the software free. Does this mean the GPL in any of its forms is "anti corporate licensing"? Absolutely not, it simply enforces the give and take nature of open source, it in no way stops corporations from using the software to enhance their business as long as they are not in the business of leeching free software and attempting to create false monopolies and false supply limitations with the same software.
Really I find the entire anti-GPL fray to be an outlandish waste of time and effort, the GPL is not forced on anyone, if you don't like the license then stop coveting the code, pay the cost and develop your own stinking code.
When this constructionism project started and they were testing laptops in Cambodia I'll bet they were running Windows. Everyone needs to keep in mind that its not about the laptop or the software but the educational project. Arguably Open Source Software and the ideology of the project go hand in hand, but one is not absolutely necessary for the other.
I read the letter on the OLPC site and the article about Windows running well on the XO, but I couldn't get to the article that mentioned flash. Flash in my opinion is the scourge of the internet these days, and don't go off on a youtube rant, internet video and streaming codecs were available before flash.
From what I've read nothing has really changed, Windows on OLPC was in the works and it doesn't mean that linux will be dumped. So much for the sensationalist headlines. You have media outlets and scumbag corporate leaders who will juice this for all its worth but really it means nothing.
I will say that it appears from Negroponte's message that there may be some friction between the Sugar developers and Negroponte probably concerning the porting of Sugar to Windows. He is welcome to his view but really it has absolutely nothing to do with Open Source Fundamentalism.
If the open source developers of Sugar are balking at porting their work to Windows it should be no surprise, unless you've been living in a vacuum for the past 10 years. The Microsoft Corporation has not only been found guilty of using illegal business tactics to destroy competition in the market to maintain their ludicrous profit margins but they have also been on a non-stop PR harassment campaign specifically targeted against the same developers who wrote Sugar.
In the end it matters not, if Negroponte wants Sugar on Windows all he has to do is ask that wealthy corporation to invest some of their ill gotten gains in porting the open source code themselves. After all, its not like Microsoft's developers aren't used to leeching off the open source community to support their proprietary products. What would be interesting is seeing the response he gets to using open source code in a high profile project considering Microsoft has labeled it a cancer.
better?
Well stated.
When your learning about referential integrity but the RDBMS doesn't support it your stuck in a conundrum. Unless you choose an RDBMS that actually does its job of keeping the database relational.
I wouldn't know about windows clients, haven't used them for years. Table name completion does work, column completion is basically worthless as it lists every column available in every table, not just the table you listed in the FROM portion of the statement. And there is no completion for any of the SQL commands.
At least that is the case in mysql 5.0.45-6
All the community, documentation, and speed in the world wont make up for lack of features.
I'm no dbms expert but when I first started learning about relation databases, wow, seems like 6+ years ago now, it was obvious from reading the features of mysql versus postgresql that there was no making up for the fact that mysql wasn't a real relational database. Since I was learning about relational databases I never even bothered with mysql and jumped right into postgresql. So I guess I'm biased but I never ran into a problem with tools, libraries, documentation, or community support.
Mysql has made many improvements since then, and I even started to play with it as I've been working on some open source projects which are web based applications and as such may need to support the widely popular mysql. So far its not bad, but it would be nice if their mysql command line tool would do TAB completion as psql does. It always takes me a few tabs before I realize that mysql isn't going to help my lazy ass out.
burnin
Something like the competition we see between UPS, FedEx, DHL? They each own their own roads and airports from point to point, oh wait, hey they are using municipal roads and airports to operate their delivery equipment and provide a competitive service in a free market. What a concept, now lets apply it to the monopolies you just mentioned to they too can compete in a free market.
burnin
Well, you get something else, a box that you know you can plug the games into and they just work. The purpose and use of PCs is widely varied so there is no guarantee that you buy a game, pop it into your PC, and it just works.
There are other benefits as well, lack of spyware, viruses, trojans, etc., although that could change with the new direction consoles are taking.
And yes, as Alex had noted, if every PC sold, including the all in one integrated boxes, included the latest and greatest eye popping GPU technology and CPU technology then the PC gaming market would be much simpler, but what can I say, the guy is a doofus.
When I'm building a headless server and I purchase an all in one motherboard to support the system the last thing I want is some high priced bleeding edge GPU soldered into the motherboard, cranking up the cost, generating heat, and really doing absolutely nothing.
The PC gaming market is what it is because the PC is a general utility tool that you spec for the purpose, you don't spec it to meet the needs for one persons marketing desires.
Oh, and by the way, in some cases those consoles that you believe cannot be used as a desktop even though they have desktop type hardware, some of them can. You can run a linux desktop on the PS3.
Woot! I'm already set, I have a Cyclopedia of Automobile Engineering from my grandfather and it covers repair and maintenance of early 1900s electric cars and trucks. The book was published in 1916 by the Chicago American Technical Society, and now it looks to back in tech style. :)
The articles itself was interesting and looks spot on, however this embellished comment on the article is inaccurate. Amazon lists over 500 HD-DVD titles and over 700 Blu-Ray titles. It seems someone is grasping at anything to save face on a lost cause.
With a large volume of HD content available for the dead format and the player/movie prices heavily cut to move inventory it should be no surprise they are selling. Thats the point of the massive price cuts, to clear out the inventory of the dead format.
Is this bad news for Blu-Ray? Hardly, once the inventory for this dead format is depleted it will be a Blu-Ray market until a viable alternative is developed. I doubt we'll get any meaningful agreement between hardware manufacturers, software developers, content producers, and telecom providers that will enable a meaningful replacement for Blu-Ray any time soon.
Not so fast. Once Windows becomes a viable solution for a computer operating system and not simply a toy then the next step is to haggle over licensing.
I don't care how good they claim Windows is, I'm not signing over my freedom of speech or right to privacy on my own property just so I can use their goofy software.
If I use there software and it sucks, I'm going to tell others it sucks. And there is no way I'm going to agree to allowing a bunch of BSA goons to rifle through all my files if I don't pay some extortion fee.
Nope, Microsoft has a long way to go before they have a viable platform.
Actually this isn't anything new for Microsoft, in fact they've gone so far as to require editing your system DLLs with a hex editor to adjust basic network configuration settings. And people think us linux hackers are amazing compiling source code, how about those windows guys reverse engineering binary code in DLLS.
In a way it was quashed in about 6 months. Based on their stock price the fairy tale was over quickly as it became apparent to any rational being that it was all BS. And requesting the code was the most obvious blow to their case as any argument against pointing to the publicly viewable code was simple nonsense.
Other than a few "journalists" with questionable credibility no sane person believed a word coming out of tSCOg's mouth pieces once they refused to show the code. And the ultimate blow was when the judge explained how close they came to losing the entire case on a summary judgment because they failed to produce even the most minute amount of evidence to support their reasoning for being in court in the first place. That statement from the judge was based in part on all the outrageous claims the tSCOg mouth pieces had been spewing in the media and their failure to simply show the code.
Yes it has dragged on for years, and yes it cold drag on for more years, but the game was up long ago and most people know that. Now all we can hope for is that IBM and Novell will be willing to continue spending cash on the lawsuits long enough to ensure the perps and backers of this scam lose significant face.
And you are right, no matter how this ends it will never be the end, there are several people making massive profits who feel threatened by open source and they will continue to fund idiotic attacks like this as long as its a financially viable option for them. There are also the rabid anti-FOSS individuals who will rant until the end of time because they are so enamored by the likes of Microsoft that they'll believe and rabidly support every piece of FUD they are spoon fed.
Yeah, its not over, and we'll never hear the end of it. But life goes on.
Good point. The quick headlines that were generated for stories are highly inaccurate, i.e. its not a $100 million buy out and it looks to be only $5 million at first glance.
It could turn out after a full review of the facts that this is just another attempt to perpetrate additional theft of Novell's cash through the bankruptcy court as was the last attempt to sell Novell's assets.
We'll have to wait and see how Novell and IBM respond in the bankruptcy court.
The headlines and article contents are not 100% accurate. After reading the MOU it turns out that they are only paying $5 million, not 100.
The other $95 million is a line of credit from which they can borrow at a whopping 17% interest rate.
I could be wrong but this looks more like a pay off for the perps and a privatization veil to cover their tracks once they pay off the coming judgments using the line of credit and then allow the entire scam to vanish into vapors.
The olpc news blog attacked the educational objectives of the project from the start, not by critically assessing the years of research and study that went into the plan rather, by completely ignoring not just the research and study but even the advertised objectives and methods written in plain english on the loptop.org web site. How many times does it have to be explained to these people that its not a laptop project dumping laptops on starving third world children, its about the educational concept of constructionism.
It even continues to this day where he posts "news" that there is no news showing that the kids who have so far received laptops are learning when again if he has been following the real news, you know, journalists and reporters actually out in the field finding out for themselves, the educational benefits are beginning to demonstrate themselves in small ways just as they did in the research.
And even if the blog is not closely followed, this guy is being interviewed and quoted all over the radio, even by NPR, as a source for OLPC news. That would be news about OLPC, not the website olpcnews which is a misnomer. Its disgraceful. Even though I stopped reading the guys web site I still had to listen to his crap on the radio when ever the OLPC project comes up in the real news.
Even though there is an obvious conflict of interest, and his site seems to be very biased, I can still see the possibility that he was just creating a blog about something he was interested in. I don't believe that the XO and Classmate were originally competing products as the target kids and communities for the OLPC educational program were outside the realm of Intel's existing educational assistance programs. The problem is that marketing PR, and in the case of Microsoft politics concerning open source software, drove them to "compete" in the OLPC "market" when in fact there is no market, its a charitable non-profit cause. As things were getting ugly in the media between Intel and OLPC he really should have disclosed the conflict of interest that arose.
And yes, you still need to scrub your data, I'm not proposing a solution to crummy coding, just a way to mitigate potential damage. And I believe this method would eliminate a google/worm type exploit as you would need an authorized account on any site using this design before you could actually do anything. It would not be possible to simply do a google search for sites using the code and automatically perform a damaging sql inject as the lowest level of user can only perform selects on a single table.
And I agree on the DRM, its pointless, how can you rely on encryption to protect copying of the data when you also provide all the keys and credentials to decrypt the content. Ludicrous, but again, that's not what I'm doing.
On McAfee's site its pretty much the same, there is no definite means of determining the method of attack for virii/trojans and they are viewed as a seperate threat type. Of course they list the same vulnerabilities which could have been used as an attack vector along with some new ones just released today.
I agree that the user is probably the most likely attack vector but then a vulnerability has the potential for a much bigger impact because even the users who are not easy to trick into running an application become prey. So while it seems probably I still wouldn't feel comfortable jumping to conclusions as its just to easy to say "its the dumb users".
While it is possible to mitigate the potential for SQL based attacks through good coding practices there is one major fault in the design of many web applications, a single database user with complete control over the database and utilized for all application queries and the database user credentials are stored in plain text in a configuration file.
And there is a way out. The simplest method would be to use a database user with restricted permissions for the application, only the permissions needed to perform the operations required by the application. But you can take it even further as I have been attempting to do in a PHP project I started, and now for a shameless plug
In PHP girder I utilize multiple database users with varying levels of permissions on the database. There is one database user with credentials stored in plain text in a configuration file, however, this user has only select permissions on a single table in the database. All the other users with higher privileges are stored in SSL encrypted records in the database.
I believe something like this can be used to mitigate the potential for a mistake in application code.