The Imus case is a perfect illustration:
Europe: Hate speech is banned by law (state censorship)
US of A: Hate speech is curtailed through auto-censorship (commercial censorship)
The question is, in the end, which model is the more restrictive one ?
No it isn't. The question is: which model is the more dangerous one?
Clearly the former.
Historically, oppressive governments have been very quick to both (a) gain control of the media; and (b) stifle dissenting / critical opinions voiced publically, in order to solidify their power. Heck, not just historically - take a look around the world today. China is a classic example of this tactic in current use.
Freedom of the press and freedom of speech / expression for individuals is a principle intended as a defence against the government. That's a very basic point. Heck, I'm not even American and I understand that much:)
That does not mean there are not social consequences attached to what you say - you're still responsible for your actions. This is something a lot of people don't grasp. If you're a radio host your job is to keep the listeners entertained and the advertisers happy - in short, to keep the cash coming in. If you want to be a sexist and racist dickhead on the air then nobody can arrest you for that - which is as it should be - but you shouldn't expect your employer to wish to continue your employment when you're bringing his station into disrepute and losing him money.
Where the line is drawn is at the point when the state can arrest you purely for holding certain opinions (and obviously having expressed them, thus people know you hold them). That is a dangerous position to be in, because it is the state who gets to decide which opinions are 'wrong' - one of the key defences against oppression is removed.
That doesn't automatically mean you are living under an oppressive government, of course, or even that you are moving toward one - it simply means that it would be that much easier for your government to become so in the future. I doubt anybody could argue that the present government in Germany is oppressive, for example - yet, if you hold certain looney views on the holocaust (ie. that it didn't happen), and are stupid enough to express those views in that country, it can get you arrested and possibly put in jail for your views.
I can completely understand a country with a history such as theirs having a law like that, but it's still fundamentally wrong in my opinion. The state should never be in a position where they are the sole dictators of the truth, no matter how widely that truth is accepted.
There is also another argument, which says that it is dangerous to push the looneys underground, where they slowly gain strength in secrecy. Much better to allow open debate on the issue and show them to be wrong publically, or at the very least let the public see how unreasonable their position is. In short: give those with hateful or unreasonable views freedom of expression, and watch them shoot themselves in the foot.
There's a particularly racist and Nazi-like group of people in my country (that's a purely descriptive term - I believe they wear swastikas and have white supremisist views - and I'm not comparing anybody in this discussion to a Nazi, so I don't believe this should invoke Godwin's law:)... they call themselves the "National Front". A few years ago there was a big student rally in my home city against racism. These guys decided to have a counter rally at the same time, and claimed to be bringing hundreds of people who supported their views. Nobody would send them to jail for it - they were welcome to show up and voice their views to the crowd.
Well, the anti-racism rally consisted of 3000 students. The National Front showed up with twelve people. Yeah, that's 12. All they managed to demonstrate was their complete and utter lack of credibility. I much
Heh. It's easy to overlook to start with isn't it? Maybe the default install should have an icon for it on the desktop or something. Anyhow - you're welcome:)
This is a bit long, you can ignore it if you like... Thanks for the chat though.
Wouldn't dream of it:)
You are right, it is click and run, but I believe it is a single repository that everyone can submit to. You browse it through a single web interface.
Ah. What you were thinking of is in fact "click n run". What I was thinking of - I think - is something different again. In any case, I wasn't thinking of something that has a repository:)
I've been using both aptitude and synaptic and I find them quite hit-and-miss (Synaptic is of course much better than aptitude which is useful as a developer and scripting tool). Even with Synaptic though, MANY programs do not load menu items, so there is no way to find them once they are loaded. There is also no way to tell what menu it will be loaded into (Maybe there is in the description, but if so, it's unobvious enough to be useless).
Many programs just don't work (I've had a few completely lock up my system--had to reboot. Some work but just don't do anything--Why would the end user want to load a library? The repository is 70% chaff, where is the list of actual, usable runnable programs for me to browse, the rest is irrelevant. You can't tell from the descriptions anything but a few sketchy notes. Synaptic is not something I would feel comfortable asking a normal user to use.
Synaptic is not intended to be a tool for a normal user to use. Normal users don't want to manually install libraries. I do:)
As I said, have you tried "Applications" -> "Add / Remove" ? In Feisty it's pretty good - I'm confident my parents, who know very little about computers, will have very little trouble using it to install applications. I think you'll find that it's a lot more like what you have in mind.
- It gives you a list of only applications.
- You can see where they'll show up in your menus (the "menu structure" layout in the add/remove app is the same as your actual system menus - you just switch applications on or off with a checkbox).
- The applications are all accompanied by nice descriptions.
- The applications are all accompanied by "popularity" ratings.
Seriously, this is a tool that is designed for any novice to be able to use. It's a standard Ubuntu thing - I'm sure your installation must have it.
If any applications don't have menu items show up, or outright doesn't run (or worse, locks up your system!) that's likely a bug. No software is perfect:) I can't say I can recall either of these happening to me so far - it's the main reason I switched to Ubuntu, after years of running RedHat / Debian / Gentoo - everything just works. YMMV:)
I'm not saying that synaptic isn't useful, it is--and it's necessary for developers and Linux power-users, it's just not an end-user solution that a grandma will jump in and start using. If you believe it is, I'm sorry but you just aren't very empathic towards 80% of the computer users out there--please don't take offense at that, consider it a little and see if there is a little truth in it. I learned a lot about the world when I became better at seeing things like this through other people's eyes, but it's something most engineers find virtually impossible (Hell, most don't even realize that this can be done, or think they are already doing it).
I certainly do not believe synaptic is suitable for grandma. It definitely isn't, unless your particular grandma is the kind of little old lady who has a specific kernel image she wants to install or something:) If she just wants to install some applications she should use a tool like the one I mentioned above.
I'm full of empathy for 80% of computer users out there - it tends to be me they call to fix things when they break,
Oops, my bad - indeed it was. I guess it'd pay me to read ahead in the thread before hitting 'reply' so quickly:)
But your question about Click n go...
First of all, I believe it is a single repository as well--at least I haven't figured out how to switch repositories. I have, however, figured out how to switch them with aptitude. So your security regards put click and go out front.
Repository? Ah. I was under the impression "click n go" was a system that allowed 3rd parties to create and distribute 'universal' (ie. distro-agnostic) packages. I think I must have confused it with another system of a similar name I remember hearing about. "click n run" or some such?
Anyway, if it gets it's packages from a single repository then it's all good - well, provided you trust that repository, of course:) I would hardly say that puts it 'out in front' in security regards - but I'll settle for 'about even'. Just because apt allows you to add additional repositories doesn't make it inherently less secure; nobody's actually making you add 3rd party sources, it's entirely your choice. That's a feature.
I still don't like the idea of having software installed that my package manager doesn't know about. Why would I want to run 2 separate package managers? Isn't there a possibility they might step on each other's toes and/or duplicate each other's dependencies sooner or later?
Secondly, click and go has graphics and user reviews. I still have trouble figuring out what all is available in synaptic.
Have you tried the "Add / Remove" program in Ubuntu? (You'll find it in your main 'applications' menu). The version in Feisty is really pretty decent. I mean "my grandmother could use it" kind of decent. Graphical click-the-pretty-icons tool for installing applications - you'll find it even has popularity ratings (1 - 5 stars) beside each app.
If you aren't familiar enough with the major open source applications out there to know what exactly you want then you may find synaptic somewhat unhelpful. Once you are then you'll appreciate how nice synaptic really is:)
Thirdly, click and go offers some commercial content too (Oh, there's the answer to your question!). Not a ton of it yet, but if you wanted to develop and sell a Linux game, I recommend you look into it now because it is probably going to be the best way to market Linux products once it's in Ubuntu.
That has most commercial bits & pieces I need. For anything else, most commercial (read: closed-source) software for linux systems tends to be distributed as nice big juicy statically linked binary blobs:) Just download, unzip, and run. Or comes with a shell-script installer, ala Quake 3.
Ah well, different strokes for different folks I guess. Peace dude:)
With the addition of Click And Go (I hope it's in this release) it'll be MUCH easier to acquire and install new software than it is in Windows.
Can I politely ask what software you want to install that you can't find in the Ubuntu repositries?
Oh, and hey--one complaint (more of an observation actually), for those of you who complain about how often you must enter the root password on a PC, take a look at that page and see how often "SUDO" (the Linux equivalent) is required. Holy cow, it's like every single time you want to call apt-get (in other words, any time you want to install ANYTHING), you have to give up the root password. I believe this means that all install scripts are running as root--I don't know if this is a security hole, but it sure sounds like one. This is the exact equivalent to every windows program install requiring administrator access--something they have at least recognized as a flaw and begun to combat.
1. 'sudo' asks for your own password - the root account is locked by defualt
2. You ought to need root access to install system-wide software. I would think this point is obvious:) Having apt-get set suid root would make it trivial for any system user (eg. your webserver user, to borrow another poster's example) to elevate privileges.
3. If you really desperately want a root shell, just type 'sudo su'.
4. Yes, apt-get (and more precisely dpkg) is running as root while installing software. Yes, this means that if the software contains a malicious install script then you're in big trouble (actually, it wouldn't surprise me if it drops priv's for most of the unpackaging/install and elevates priv's only when it actually needs access to write to the filesystem, but let's leave that aside for now). No, this is not a security flaw. You're installing untrusted software on your system. You are the security flaw. If you insist on executing code from somebody you can't trust nothing is going to protect you.
This is why your wonderful "click and go" is such an awful idea. It makes it easier for you to grab software off any arbitrary website that packages their software in that format and install it on your computer. When your hear people complaining about how hard it is to install software on GNU/Linux based operating systems, you tend to find they equate "installing software" with this behaviour pattern in their mind. It's also this behaviour pattern that gets a lot of windows users into trouble. Instead of being faithful to one software distributor, they behave promiscuously. Then they wonder why they have so many viruses;)
Consider these two software installation models / behaviour patterns:
1. The "multiple vendors" model. You get your software from anywhere and everywhere. Software is treated like a product - an item you can purchase at a store, or a one-off download.
Pros: you're restricted only to the set of software written that will run on your system - you can install anything you like.
Cons: you often don't know if you can trust those who've written the software you install. You also have no easy way of keeping your software up to date - when later versions of software come out with fixes for serious security problems, many users in this model either can't be bothered manually updating their software, or simply aren't aware than any update is available. As a result of these two cons, users in this model are especially vulnerable to those people who want to run malicious code - trojans, viruses, spyware, whatever you like - on their computers.
2. The "single vendor" model. You get all your software from a single provider, and it's cryptographically signed to prove it came from them. This vendor tends to be your operating system vendor - and hey, if you don't trust the people you got your operating system from, you're already screwed
I have to agree with your sentiment in general, mega rich fat dudes being the only ones who could afford to commission new art (music, etc) would suck.
But imagine if we could freely share copies of that art between ourselves. You, me, and a bunch of our friends (or say 100,000 strangers out there on the internet) could all chip in a little bit and buy the same thing the mega rich fat dudes can buy, and we could all have a copy of it at the same time. Wouldn't that be wonderful?:)
There is a lot of utility to be gained from being able to make infinite copies of something with near zero marginal cost. That utility should belong to the people, however. Handing control of it to an individual or a corporation is grossly inefficent.
Secondly, take a look at the music industry today. You think that the mega rich fat dudes don't already decide what gets made? Popular songs become popular because the Music Industry makes them so. They sit down and figure out which artist / single they are going to make popular today, then promote the hell out of it, and in two weeks everybody is dancing to it in the clubs and raving about how much they like it because it's so popular and they want to fit in with the crowd.
Whether the song in question has any real merit doesn't factor into the equation. Witness the way songs that were once mega popular are quickly disgarded as they get out of date - the songs are only "good" while they are popular. If you want to be "cool" you have to be constantly listening to the new and eschew the old. It's just like the fashion industry really - people stop wearing perfectly good clothes and run out to buy new ones just to stay "up to date". You gotta hand it to the respective industries - it's pure genius.
My point: people are easily manipulated sheep, and you know it. They don't make any votes with their wallets - they just take what is given to them. Pop songs don't get made because people buy them - people buy them because they get made (and marketted). The mega fat rich dudes are already deciding what gets made. The sooner we can take them and their corporations out of the entire loop, the better.
I know the idea has been suggested before, but I think it has real merit - imagine a website where people can make micro payments to pieces of art that they would like to see "commissioned" (including music, movies, books, digial art, whatever - anything that can be represented as easily copied 1's and 0's). When the art is delivered to the site, the artist gets paid. If it fails to be delivered, the site automatically refunds the micropayments to the individual contributers. That's about as truely democratic, "vote with your wallet", as you can get.
If one mega rich dude wants to pay a ton of money for something obscure that only he will like, well, he can - good for him. If 10,000,000 people all want a new song by Britney Spears, they can each give her 10 cents and I'm sure she'll gladly make one. Having a guaranteed profit before she even begins, she shouldn't have any trouble convincing someone to help her with recording it in return for a cut of said profit. If the song's actually any good maybe she'll get requests for more:) A true meritocracy.
Of course, with the lottery model in use today, everybody is so focussed on getting signed by an RIAA member, hitting it big, and retiring on the royalties... I imagine it'd be very difficult for such a site to recruit any of today's popular artists - which it would need to do in order to attract members of the public and get that critical mass and a foothold in the market.
All the same, I'd love to see it done one day. The real beauty of it is that it maximises total utility while still giving artists an incentive to create new works, all without requiring any copyright laws at all.
I run a gnu/linux based operating system, and I don't forsee that I will ever run antivirus software on it. Yes, even if people actually start writing viruses that target it.
I don't look at automated breaches of security as any special case. A security breach is a security breach. Crack attempts, spyware, adware, malware, viruses, trogans, blah blah... it's all the same problem: stopping unauthorised code running on your machine.
If my mail client has a bug that allows remote code execution, the mail client is faulty and must be patched. If my browser has a bug that allows a remote site to snatch files off my local filesystem, then my browser is faulty as must be patched. If I, FSM forbid, stupidly download and run some malicious application then I am faulty and must be "patched".
I have all non-essential services turned off, I run a firewall, I keep all my applications up to date with security patches, and I only install software from my distribution's repositry.
I don't care how much money they are making for some big security companies, these "anti-virus" applications that people are so obsessed with running on windows are just an ambulance at the bottom of the cliff.
There is something fundamentally flawed with the idea of waiting until your security has already been breached and then trying to clean up after the fact. Once it's breached that's it, game over - reformat, reinstall O/S, and replace data with last known good backup.
I don't know whether you actually believe what you wrote or if it was just a joke but too many people do believe that shit, so please refrain from repeating it.
Agreed. It was half meant as a joke. Clearly nobody actually uses the model that predicts next Tuesday's rainfall to predict the climate in 2050, that'd be absurd. The two are unrelated. I was merely aiming to demonstrate that computer models that are used to predict _any_ kind of non-trivial event n time in the future are far from perfect, even for relatively small values of n. Some people treat model predictions as gospel.
Just because I can't predict the result of a single die roll doesn't mean I can't predict that the average of a million rolls will be close to 3.5 (unless someone's been cheating =)
Again, I agree with you. But keep in mind that your die roll scenario is very simplistic, and you have almost perfect knowledge about your die system beforehand. There are a very small set of assumptions that are, for the general case, very reasonable ('the die you using has been manufactured correctly, and is not weighted awkwardly', for example). The number of variables involved is extremely low. The behaviour of the system is very well understood and highly predictable.
Anybody who claims that they can predict the state of a highly complex, chaotic, and imperfectly understood system 50 years from now with the sort of accuracy you enjoy in your die roll scenario is lying to you.
Note: This doesn't say anything about the accuracy of climate models. It just says that the inaccuracy of weather models does *neither* support nor contradict the assumption that our current climate models are accurate enough to base policy decisions on their predictions.
I would tend to say that the responsibility lies with those with the models to prove that their models are reliable enough to base policy decisions on. A lot of analysis is devoted to the predictions of these models, yet very little analysis seems to be devoted to the accuracy of the models in question. Lets see the source code for their models. Lets see all the assumptions on which they are built. I don't trust predictions that come out of black boxes. They're not repeatable.
The situation might be reversed by spending billions today, tomorrow it'll cost trillions. Not to reverse it because that won't be possible by then but trillions in lost property and droughts.
That is exactly the kind of hype the parent was talking about. That CO2 levels in the atmosphere have increased recently is a measurable fact. Extrapolation to "OMG trillions of dollars in lost property and droughts!!!111!1one" (and millions dead, whole cities under water, yada yada) is really extreme speculation, based on models. Which generally can't even predict what weather I'm going to have at the end of this week, never mind in the year 2050.
The fact that you're using this wild prediction of trillion dollar losses at some indefinite point in the future to justify spending billions of dollars today is the problem here. Your argument embodies everything that is wrong with the global warming debate. Putting alarmism ahead of solid facts is a disservice to those who believe in global warming, and causes people to discredit everything you have to say, even when some parts may actually be valid.
Kind of surprised a Kiwii(sic) would be blowing off environmental issues.
Just because we tend to be more environmentally conscious as a nation, that doesn't mean that we all automatically throw science and logic out the window, subscribe to the new religion of environmentalism, and all the rabid alarmism that accompanies it. I care about the planet. I don't much care for the amount of misinformation that gets thrown around by people like yourself. Screaming that the sky is falling doesn't further the global warming debate in any meaningful or helpful way.
Additionally, I would just like to point out that the Ozone layer (or hole therein) has absolutely nothing to do with global warming. Saying "think of this as the Ozone Layer on steriods" is a completely incorrect, alarmist, and unhelpful non sequitur.
Whoops. You're right, I did miss your point - my apologies. Too early in the morning, not enough coffee, & all that:) I retract my previous comment.
I thought we were discussing the browser sending data to the server... now I see you were in fact talking about the exact opposite situation (the server sending data to the browser). Indeed you're right, having the browser render the data you give it as text instead of markup is a Very Good Thing if said data might include arbitrary user input:)
It does sound like an elegant way to handle the XSS problem:) Of course it won't be useful in all situations, and you better be careful if you're doing anything else with that user input on your server besides just spitting it back to the browser... but I like it. Seperation of pure data from control information is the best defence we have against XSS and SQL injection.
Oh dear, oh dear, oh dear. No. Bad.
I'm almost inclined to think you're trolling, but I'll give you the benefit of the doubt:-/
You're trusting the browser. You're assuming the user uses their browser in the way you yourself do (by typing stuff into the pretty boxes it gives you). You're assuming that the browser behaves as expected.
What if the browser were to make a minor mistake, and not escape one or more of those characters that you're trusting it to escape. Not likely you say? That'd be an unlucky bug in the browser, right? Well... I have the source code to my browser sitting right here... I'm sure it can be arranged:P
Rule #1: Never trust any data coming from the client machine. Ever.
Treat anything transmitted from the client machine as if it were nuclear waste. Parse every last byte of it that reaches your server, and escape/censor as required.
Re:Consumers don't care about their privacy
on
The Death of Privacy
·
· Score: 2, Insightful
Do you know if Hotmail or Yahoo have bots looking at your emails?
Considering the aforementioned webmail services also provide automatic spam filtering, I'd say they certainly do. A computer program scanning your email for keywords is a computer program scanning your email for keywords - whether the purpose be delivering targetted advertising to you or deciding if said email is spam or not makes no difference. I don't see why everyone thinks privacy is so much worse with gmail. It's not. It's equally bad:)
What's that? They archive it forever, your mail doesn't get deleted when you press "delete"? Oh no. You think hotmail and Yahoo have no backups or something?
If you're storing your personal email in plain text on someone else's server (or even if you're just transmitting it in plain text, full stop) then you'd better get used to the idea that you have no privacy anyway.
Gmail is a good service, and so far their track record for keeping data confidential seems to be pretty good. You might as well trust them as anybody else.
If the latter is already illegal (and I'm not saying it should be) then why should it be legal just because it has sex in it?
Clearly it shouldn't be legal in such a situation, and what's more, it probably wouldn't be. Why then, given a situation such as the one you describe, should one need to introduce more laws?
Actually, I get the feeling that the meaning the GP was shooting for was that you can't usually address more than 4GB of memory at a time (it's an address space issue), so above 4GB there's no point adding more RAM *or* swap, cos you can't address it;)
However, if you run linux you can flip on your "I've got more memory than any sane person knows WTF to do with" kernel option, recompile, and you get a much bigger address space.
I completely agree with you. Thanks for making the important distinction between volunteering and donating:)
I don't disagree that if I decide to contribute to a project then I need to play by that project's rules, and may be commiting myself to a certain level of responsibility. If I commit to maintaining X, then I would feel responsible for it. Just as if I commit to voluntarily teaching kids english I know I am actually expected to show up for all the classes.
Volunteering often implies commitment - but in the case we're discussing that commitment is to the project manager, not to the users.
What I was discussing with the original poster I now realise was donation. I only used the term volunteering because he or she (CronoCloud) did.
If I want to donate code, AS IS-WHERE IS, why should I not be allowed to do so? Take it if you want it, leave it if you don't. That's the deal. I never promised anything to anybody, as much as they might imagine otherwise - I never volunteered to do anything.
Posts like some of those in the directly above (nested, oldest-first) really make me sad. I believe the mistake a lot of people make is in seeing a lot of GPL software developers that do go the extra mile to try to make their software useful to Joe Sixpack, making the assumption that they do this because they want to further the cause of the Free Software or Open Source movements, and then drawing the mistaken inference in their mind that all GPL software developers are volunteers for one of these causes.
In short, they treat "Open Source Software" / "Free Software" / "GPL Software" as a brand - their expecations are raised by high quality / helpfulness / support in general, and then they come to expect it, and complain bitterly when some other piece of software they percieve to be in the same group is not up to their expectations.
Give them an inch, they'll take a mile.
If somebody volunteers to do something for you, they owe you whatever they promised. If somebody gives you something, they don't owe you anything.
My response to such people is usually along the lines of "go find the license that you got with the software and read section 11, then tell me what you think the following means:- ...PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE..."
Well, either that or "here's the source code, fix it yourself". It's no less than they deserve:)
Luckily, in real life (read: anywhere that isn't/.) these people seem to be in a tiny minority. The vast majority of people out there seem to be polite, friendly and understanding, don't demand that I owe them anything, and I tend to respond in an equally polite and friendly manner. Or at least that's been my experience. YMMV.
All detection methods have their place and use. Overlords are easily chased off with a few corsair, while scanner sweep is incredibly useful in early game Terran v. Zerg.
But of course that's what makes it such a great game, it's versatility. Out of interest, does anyone around here still play it, or am I the only one?:)
Yes, I know this is OT, but SC is much more fun to discuss than yet-another-cloaking-story anyway;) Oh, and to the AC who posted that comment above about welcoming some Overlords - you owe me, as they say, 1 keyboard and 1 new cup of coffee:)
I am of the opinion that IDEs are a crutch. They condition you not to think.
When I'm coding in vim I keep all my class names, function names etc in my head without much difficulty (admittedly this would be much harder with a large project, but we're not discussing large projects), and when I need to type foo.bar() it's right there in the front of my mind. When I've been coding in an IDE for a while my brain starts to get lazy, and I find myself typing foo. and then scrolling through a dropdown list of functions looking for the one I want that I can't quite think of the name of:)
I was first taught C++ programming in a course in high school, some years ago now. I was new to the concept of OO programming. The course consisted of "when you want to do this, click here in the IDE. then click here. then drag this here. Then if you want it to do this you can click here and type this" - you get the idea. I was overwhelmed with a million buttons and options, it was really quite confusing, and I never really understood what the heck was going on in my programs. I didn't get much out of that course except how to construct basic programs using a specific IDE - an IDE produced by a large software company and sold for a considerable sum of money, that I never actually used again after that course. If you're going to teach a specific IDE, please, teach one that's freely available.
In contrast, my university taught their programming (C and Java, later haskell and prolog) using a text editor - they recommended and taught emacs, but didn't didn't specifically assess the editor (so we were free to use whatever we were more comfortable with, thank FSM. Vim in my case:) I learnt far more there, and it's knowledge that still serves me well.
If you want to teach programming, you should start by teaching ideas. Concepts. Ways of thinking. The first few lessons should be pen and paper IMHO, and then you should introduce a basic text editor, a simple hello world program, a compiler, and a debugger. Once you understand the concepts well you can build upon this by using better tools later. But understanding must come first.
IDEs can help you be more productive, more efficent. Once you understand what you're doing. But in my opinion they're designed by and large for experienced programmers to use, as shortcuts to a lot of things that they already understand. They're not a teaching tool, and are far too complex for beginners.
Re:The diplomatic response
on
The CVS Cop-Out
·
· Score: 4, Insightful
The developers are part of the F/OSS movement, they are coding as volunteers, and part of that volunteering should include actually improving end user experience.
No, you've got that exactly backwards. Who are you to tell a volunteer what their volunteering should and should not include? That's the nature of volunteering. If a developer is not interested in improving the "end user experience" and just wants to write code for himself and a bunch of other geeks to use that's his (or her) business. They didn't ask to be part of any "movement", and have no more responsibility to futher the goals of said movement simply because you put that label on them.
Developers responsibility is not just turning out C code it's turning out C code that's usable for it's intended purpose by end users, it includes answering questions by end users and creating documentation for the end users.
What if it's intended purpose isn't for Joe "I don't know how to checkout code from CVS" Sixpack to be able to install and use? Just because you think that is a good goal for the software, doesn't mean the developer does, or even cares. Not everyone is a zealot who wants open source to take over the world. Some people are happy just writing code. That doesn't mean they owe you anything or have any responsibility to you.
Having said that, you'll find that many developers do appreciate feedback, and will try to help you use their software if you ask politely - many do care about their users, especially the nice ones. But when you make the mistake of behaving like a volunteer somehow OWES you something, don't be surprised if the response you get is less than enthusiastic:)
I saw that too. It always took the same amount of time regardless of what the password was:)
IIRC the actual exploit found the password by some other mechanism, it wasn't brute force. The cracking utility all the script kiddies had at LAN parties simply flipped the characters over one at a time to look cool, in line with joe-sixpack's expectations after seeing this effect in the movies:)
It's all about mass. Along similar lines as another poster:
1kg of ice displaces 1kg of water. yes? When that ice melts, it turns into 1kg of water. No mass is gained or lost. It's only changing form. Right? Now, how much water do you think that 1kg of water displaces? Exactly 1kg. Same as before.
Density matters not one iota. If it is less dense (the substance floating in the water, say ice) then simply more of it will stick out the top of the water. This doesn't have any impact on the amount of water said substance will displace.
Slashdot Mirror
No it isn't. The question is: which model is the more dangerous one?
:)
:) ... they call themselves the "National Front". A few years ago there was a big student rally in my home city against racism. These guys decided to have a counter rally at the same time, and claimed to be bringing hundreds of people who supported their views. Nobody would send them to jail for it - they were welcome to show up and voice their views to the crowd.
Clearly the former.
Historically, oppressive governments have been very quick to both (a) gain control of the media; and (b) stifle dissenting / critical opinions voiced publically, in order to solidify their power. Heck, not just historically - take a look around the world today. China is a classic example of this tactic in current use.
Freedom of the press and freedom of speech / expression for individuals is a principle intended as a defence against the government. That's a very basic point. Heck, I'm not even American and I understand that much
That does not mean there are not social consequences attached to what you say - you're still responsible for your actions. This is something a lot of people don't grasp. If you're a radio host your job is to keep the listeners entertained and the advertisers happy - in short, to keep the cash coming in. If you want to be a sexist and racist dickhead on the air then nobody can arrest you for that - which is as it should be - but you shouldn't expect your employer to wish to continue your employment when you're bringing his station into disrepute and losing him money.
Where the line is drawn is at the point when the state can arrest you purely for holding certain opinions (and obviously having expressed them, thus people know you hold them). That is a dangerous position to be in, because it is the state who gets to decide which opinions are 'wrong' - one of the key defences against oppression is removed.
That doesn't automatically mean you are living under an oppressive government, of course, or even that you are moving toward one - it simply means that it would be that much easier for your government to become so in the future. I doubt anybody could argue that the present government in Germany is oppressive, for example - yet, if you hold certain looney views on the holocaust (ie. that it didn't happen), and are stupid enough to express those views in that country, it can get you arrested and possibly put in jail for your views.
I can completely understand a country with a history such as theirs having a law like that, but it's still fundamentally wrong in my opinion. The state should never be in a position where they are the sole dictators of the truth, no matter how widely that truth is accepted.
There is also another argument, which says that it is dangerous to push the looneys underground, where they slowly gain strength in secrecy. Much better to allow open debate on the issue and show them to be wrong publically, or at the very least let the public see how unreasonable their position is. In short: give those with hateful or unreasonable views freedom of expression, and watch them shoot themselves in the foot.
There's a particularly racist and Nazi-like group of people in my country (that's a purely descriptive term - I believe they wear swastikas and have white supremisist views - and I'm not comparing anybody in this discussion to a Nazi, so I don't believe this should invoke Godwin's law
Well, the anti-racism rally consisted of 3000 students. The National Front showed up with twelve people. Yeah, that's 12. All they managed to demonstrate was their complete and utter lack of credibility. I much
Heh. It's easy to overlook to start with isn't it? Maybe the default install should have an icon for it on the desktop or something. Anyhow - you're welcome :)
Wouldn't dream of it :)
Ah. What you were thinking of is in fact "click n run". What I was thinking of - I think - is something different again. In any case, I wasn't thinking of something that has a repository :)
Synaptic is not intended to be a tool for a normal user to use. Normal users don't want to manually install libraries. I do :)
:) I can't say I can recall either of these happening to me so far - it's the main reason I switched to Ubuntu, after years of running RedHat / Debian / Gentoo - everything just works. YMMV :)
As I said, have you tried "Applications" -> "Add / Remove" ? In Feisty it's pretty good - I'm confident my parents, who know very little about computers, will have very little trouble using it to install applications. I think you'll find that it's a lot more like what you have in mind.
- It gives you a list of only applications.
- You can see where they'll show up in your menus (the "menu structure" layout in the add/remove app is the same as your actual system menus - you just switch applications on or off with a checkbox).
- The applications are all accompanied by nice descriptions.
- The applications are all accompanied by "popularity" ratings.
Seriously, this is a tool that is designed for any novice to be able to use. It's a standard Ubuntu thing - I'm sure your installation must have it.
If any applications don't have menu items show up, or outright doesn't run (or worse, locks up your system!) that's likely a bug. No software is perfect
I certainly do not believe synaptic is suitable for grandma. It definitely isn't, unless your particular grandma is the kind of little old lady who has a specific kernel image she wants to install or something :) If she just wants to install some applications she should use a tool like the one I mentioned above.
I'm full of empathy for 80% of computer users out there - it tends to be me they call to fix things when they break,
Repository? Ah. I was under the impression "click n go" was a system that allowed 3rd parties to create and distribute 'universal' (ie. distro-agnostic) packages. I think I must have confused it with another system of a similar name I remember hearing about. "click n run" or some such?
Anyway, if it gets it's packages from a single repository then it's all good - well, provided you trust that repository, of course
I still don't like the idea of having software installed that my package manager doesn't know about. Why would I want to run 2 separate package managers? Isn't there a possibility they might step on each other's toes and/or duplicate each other's dependencies sooner or later?
Have you tried the "Add / Remove" program in Ubuntu? (You'll find it in your main 'applications' menu). The version in Feisty is really pretty decent. I mean "my grandmother could use it" kind of decent. Graphical click-the-pretty-icons tool for installing applications - you'll find it even has popularity ratings (1 - 5 stars) beside each app.
If you aren't familiar enough with the major open source applications out there to know what exactly you want then you may find synaptic somewhat unhelpful. Once you are then you'll appreciate how nice synaptic really is
deb http://archive.canonical.com/ubuntu feisty-commercial main
That has most commercial bits & pieces I need. For anything else, most commercial (read: closed-source) software for linux systems tends to be distributed as nice big juicy statically linked binary blobs
Ah well, different strokes for different folks I guess. Peace dude
Cheers,
Gareth
Can I politely ask what software you want to install that you can't find in the Ubuntu repositries?
1. 'sudo' asks for your own password - the root account is locked by defualt
:) Having apt-get set suid root would make it trivial for any system user (eg. your webserver user, to borrow another poster's example) to elevate privileges.
;)
2. You ought to need root access to install system-wide software. I would think this point is obvious
3. If you really desperately want a root shell, just type 'sudo su'.
4. Yes, apt-get (and more precisely dpkg) is running as root while installing software. Yes, this means that if the software contains a malicious install script then you're in big trouble (actually, it wouldn't surprise me if it drops priv's for most of the unpackaging/install and elevates priv's only when it actually needs access to write to the filesystem, but let's leave that aside for now). No, this is not a security flaw. You're installing untrusted software on your system. You are the security flaw. If you insist on executing code from somebody you can't trust nothing is going to protect you.
This is why your wonderful "click and go" is such an awful idea. It makes it easier for you to grab software off any arbitrary website that packages their software in that format and install it on your computer. When your hear people complaining about how hard it is to install software on GNU/Linux based operating systems, you tend to find they equate "installing software" with this behaviour pattern in their mind. It's also this behaviour pattern that gets a lot of windows users into trouble. Instead of being faithful to one software distributor, they behave promiscuously. Then they wonder why they have so many viruses
Consider these two software installation models / behaviour patterns:
1. The "multiple vendors" model. You get your software from anywhere and everywhere. Software is treated like a product - an item you can purchase at a store, or a one-off download.
Pros: you're restricted only to the set of software written that will run on your system - you can install anything you like.
Cons: you often don't know if you can trust those who've written the software you install. You also have no easy way of keeping your software up to date - when later versions of software come out with fixes for serious security problems, many users in this model either can't be bothered manually updating their software, or simply aren't aware than any update is available. As a result of these two cons, users in this model are especially vulnerable to those people who want to run malicious code - trojans, viruses, spyware, whatever you like - on their computers.
2. The "single vendor" model. You get all your software from a single provider, and it's cryptographically signed to prove it came from them. This vendor tends to be your operating system vendor - and hey, if you don't trust the people you got your operating system from, you're already screwed
I have to agree with your sentiment in general, mega rich fat dudes being the only ones who could afford to commission new art (music, etc) would suck.
:)
:) A true meritocracy.
But imagine if we could freely share copies of that art between ourselves. You, me, and a bunch of our friends (or say 100,000 strangers out there on the internet) could all chip in a little bit and buy the same thing the mega rich fat dudes can buy, and we could all have a copy of it at the same time. Wouldn't that be wonderful?
There is a lot of utility to be gained from being able to make infinite copies of something with near zero marginal cost. That utility should belong to the people, however. Handing control of it to an individual or a corporation is grossly inefficent.
Secondly, take a look at the music industry today. You think that the mega rich fat dudes don't already decide what gets made? Popular songs become popular because the Music Industry makes them so. They sit down and figure out which artist / single they are going to make popular today, then promote the hell out of it, and in two weeks everybody is dancing to it in the clubs and raving about how much they like it because it's so popular and they want to fit in with the crowd.
Whether the song in question has any real merit doesn't factor into the equation. Witness the way songs that were once mega popular are quickly disgarded as they get out of date - the songs are only "good" while they are popular. If you want to be "cool" you have to be constantly listening to the new and eschew the old. It's just like the fashion industry really - people stop wearing perfectly good clothes and run out to buy new ones just to stay "up to date". You gotta hand it to the respective industries - it's pure genius.
My point: people are easily manipulated sheep, and you know it. They don't make any votes with their wallets - they just take what is given to them. Pop songs don't get made because people buy them - people buy them because they get made (and marketted). The mega fat rich dudes are already deciding what gets made. The sooner we can take them and their corporations out of the entire loop, the better.
I know the idea has been suggested before, but I think it has real merit - imagine a website where people can make micro payments to pieces of art that they would like to see "commissioned" (including music, movies, books, digial art, whatever - anything that can be represented as easily copied 1's and 0's). When the art is delivered to the site, the artist gets paid. If it fails to be delivered, the site automatically refunds the micropayments to the individual contributers. That's about as truely democratic, "vote with your wallet", as you can get.
If one mega rich dude wants to pay a ton of money for something obscure that only he will like, well, he can - good for him. If 10,000,000 people all want a new song by Britney Spears, they can each give her 10 cents and I'm sure she'll gladly make one. Having a guaranteed profit before she even begins, she shouldn't have any trouble convincing someone to help her with recording it in return for a cut of said profit. If the song's actually any good maybe she'll get requests for more
Of course, with the lottery model in use today, everybody is so focussed on getting signed by an RIAA member, hitting it big, and retiring on the royalties... I imagine it'd be very difficult for such a site to recruit any of today's popular artists - which it would need to do in order to attract members of the public and get that critical mass and a foothold in the market.
All the same, I'd love to see it done one day. The real beauty of it is that it maximises total utility while still giving artists an incentive to create new works, all without requiring any copyright laws at all.
How will I open the trunk without my keys, you insensitive clod ?
I run a gnu/linux based operating system, and I don't forsee that I will ever run antivirus software on it. Yes, even if people actually start writing viruses that target it.
I don't look at automated breaches of security as any special case. A security breach is a security breach. Crack attempts, spyware, adware, malware, viruses, trogans, blah blah... it's all the same problem: stopping unauthorised code running on your machine.
If my mail client has a bug that allows remote code execution, the mail client is faulty and must be patched. If my browser has a bug that allows a remote site to snatch files off my local filesystem, then my browser is faulty as must be patched. If I, FSM forbid, stupidly download and run some malicious application then I am faulty and must be "patched".
I have all non-essential services turned off, I run a firewall, I keep all my applications up to date with security patches, and I only install software from my distribution's repositry.
I don't care how much money they are making for some big security companies, these "anti-virus" applications that people are so obsessed with running on windows are just an ambulance at the bottom of the cliff.
There is something fundamentally flawed with the idea of waiting until your security has already been breached and then trying to clean up after the fact. Once it's breached that's it, game over - reformat, reinstall O/S, and replace data with last known good backup.
Again, I agree with you. But keep in mind that your die roll scenario is very simplistic, and you have almost perfect knowledge about your die system beforehand. There are a very small set of assumptions that are, for the general case, very reasonable ('the die you using has been manufactured correctly, and is not weighted awkwardly', for example). The number of variables involved is extremely low. The behaviour of the system is very well understood and highly predictable.
Anybody who claims that they can predict the state of a highly complex, chaotic, and imperfectly understood system 50 years from now with the sort of accuracy you enjoy in your die roll scenario is lying to you.
I would tend to say that the responsibility lies with those with the models to prove that their models are reliable enough to base policy decisions on. A lot of analysis is devoted to the predictions of these models, yet very little analysis seems to be devoted to the accuracy of the models in question. Lets see the source code for their models. Lets see all the assumptions on which they are built. I don't trust predictions that come out of black boxes. They're not repeatable.
Extraordinary claims require extraordinary proof.
Peace.
That is exactly the kind of hype the parent was talking about. That CO2 levels in the atmosphere have increased recently is a measurable fact. Extrapolation to "OMG trillions of dollars in lost property and droughts!!!111!1one" (and millions dead, whole cities under water, yada yada) is really extreme speculation, based on models. Which generally can't even predict what weather I'm going to have at the end of this week, never mind in the year 2050.
The fact that you're using this wild prediction of trillion dollar losses at some indefinite point in the future to justify spending billions of dollars today is the problem here. Your argument embodies everything that is wrong with the global warming debate. Putting alarmism ahead of solid facts is a disservice to those who believe in global warming, and causes people to discredit everything you have to say, even when some parts may actually be valid.
Just because we tend to be more environmentally conscious as a nation, that doesn't mean that we all automatically throw science and logic out the window, subscribe to the new religion of environmentalism, and all the rabid alarmism that accompanies it. I care about the planet. I don't much care for the amount of misinformation that gets thrown around by people like yourself. Screaming that the sky is falling doesn't further the global warming debate in any meaningful or helpful way.
Additionally, I would just like to point out that the Ozone layer (or hole therein) has absolutely nothing to do with global warming. Saying "think of this as the Ozone Layer on steriods" is a completely incorrect, alarmist, and unhelpful non sequitur.
Whoops. You're right, I did miss your point - my apologies. Too early in the morning, not enough coffee, & all that :) I retract my previous comment.
:)
:) Of course it won't be useful in all situations, and you better be careful if you're doing anything else with that user input on your server besides just spitting it back to the browser... but I like it. Seperation of pure data from control information is the best defence we have against XSS and SQL injection.
I thought we were discussing the browser sending data to the server... now I see you were in fact talking about the exact opposite situation (the server sending data to the browser). Indeed you're right, having the browser render the data you give it as text instead of markup is a Very Good Thing if said data might include arbitrary user input
It does sound like an elegant way to handle the XSS problem
Have a nice day.
Cheers,
Gareth
Oh dear, oh dear, oh dear. No. Bad.
I'm almost inclined to think you're trolling, but I'll give you the benefit of the doubt
You're trusting the browser. You're assuming the user uses their browser in the way you yourself do (by typing stuff into the pretty boxes it gives you). You're assuming that the browser behaves as expected.
What if the browser were to make a minor mistake, and not escape one or more of those characters that you're trusting it to escape. Not likely you say? That'd be an unlucky bug in the browser, right? Well... I have the source code to my browser sitting right here... I'm sure it can be arranged
Rule #1: Never trust any data coming from the client machine. Ever.
Treat anything transmitted from the client machine as if it were nuclear waste. Parse every last byte of it that reaches your server, and escape/censor as required.
Considering the aforementioned webmail services also provide automatic spam filtering, I'd say they certainly do. A computer program scanning your email for keywords is a computer program scanning your email for keywords - whether the purpose be delivering targetted advertising to you or deciding if said email is spam or not makes no difference. I don't see why everyone thinks privacy is so much worse with gmail. It's not. It's equally bad
What's that? They archive it forever, your mail doesn't get deleted when you press "delete"? Oh no. You think hotmail and Yahoo have no backups or something?
If you're storing your personal email in plain text on someone else's server (or even if you're just transmitting it in plain text, full stop) then you'd better get used to the idea that you have no privacy anyway.
Gmail is a good service, and so far their track record for keeping data confidential seems to be pretty good. You might as well trust them as anybody else.
Ah. I see you've played linky spoony before.
Clearly it shouldn't be legal in such a situation, and what's more, it probably wouldn't be. Why then, given a situation such as the one you describe, should one need to introduce more laws?
Actually, I get the feeling that the meaning the GP was shooting for was that you can't usually address more than 4GB of memory at a time (it's an address space issue), so above 4GB there's no point adding more RAM *or* swap, cos you can't address it ;)
However, if you run linux you can flip on your "I've got more memory than any sane person knows WTF to do with" kernel option, recompile, and you get a much bigger address space.
"Verbing weirds language".
:)
I forget who said it
You guys aren't thinking about this real hard are you?
:-P
All that stuff is already in the current sandwhich
I completely agree with you. Thanks for making the important distinction between volunteering and donating :)
:-
...PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE..."
:)
/.) these people seem to be in a tiny minority. The vast majority of people out there seem to be polite, friendly and understanding, don't demand that I owe them anything, and I tend to respond in an equally polite and friendly manner. Or at least that's been my experience. YMMV.
I don't disagree that if I decide to contribute to a project then I need to play by that project's rules, and may be commiting myself to a certain level of responsibility. If I commit to maintaining X, then I would feel responsible for it. Just as if I commit to voluntarily teaching kids english I know I am actually expected to show up for all the classes.
Volunteering often implies commitment - but in the case we're discussing that commitment is to the project manager, not to the users.
What I was discussing with the original poster I now realise was donation. I only used the term volunteering because he or she (CronoCloud) did.
If I want to donate code, AS IS-WHERE IS, why should I not be allowed to do so? Take it if you want it, leave it if you don't. That's the deal. I never promised anything to anybody, as much as they might imagine otherwise - I never volunteered to do anything.
Posts like some of those in the directly above (nested, oldest-first) really make me sad. I believe the mistake a lot of people make is in seeing a lot of GPL software developers that do go the extra mile to try to make their software useful to Joe Sixpack, making the assumption that they do this because they want to further the cause of the Free Software or Open Source movements, and then drawing the mistaken inference in their mind that all GPL software developers are volunteers for one of these causes.
In short, they treat "Open Source Software" / "Free Software" / "GPL Software" as a brand - their expecations are raised by high quality / helpfulness / support in general, and then they come to expect it, and complain bitterly when some other piece of software they percieve to be in the same group is not up to their expectations.
Give them an inch, they'll take a mile.
If somebody volunteers to do something for you, they owe you whatever they promised. If somebody gives you something, they don't owe you anything.
My response to such people is usually along the lines of "go find the license that you got with the software and read section 11, then tell me what you think the following means
Well, either that or "here's the source code, fix it yourself". It's no less than they deserve
Luckily, in real life (read: anywhere that isn't
All detection methods have their place and use. Overlords are easily chased off with a few corsair, while scanner sweep is incredibly useful in early game Terran v. Zerg.
:)
;) Oh, and to the AC who posted that comment above about welcoming some Overlords - you owe me, as they say, 1 keyboard and 1 new cup of coffee :)
But of course that's what makes it such a great game, it's versatility. Out of interest, does anyone around here still play it, or am I the only one?
Yes, I know this is OT, but SC is much more fun to discuss than yet-another-cloaking-story anyway
I am of the opinion that IDEs are a crutch. They condition you not to think.
:)
:) I learnt far more there, and it's knowledge that still serves me well.
When I'm coding in vim I keep all my class names, function names etc in my head without much difficulty (admittedly this would be much harder with a large project, but we're not discussing large projects), and when I need to type foo.bar() it's right there in the front of my mind. When I've been coding in an IDE for a while my brain starts to get lazy, and I find myself typing foo. and then scrolling through a dropdown list of functions looking for the one I want that I can't quite think of the name of
I was first taught C++ programming in a course in high school, some years ago now. I was new to the concept of OO programming. The course consisted of "when you want to do this, click here in the IDE. then click here. then drag this here. Then if you want it to do this you can click here and type this" - you get the idea. I was overwhelmed with a million buttons and options, it was really quite confusing, and I never really understood what the heck was going on in my programs. I didn't get much out of that course except how to construct basic programs using a specific IDE - an IDE produced by a large software company and sold for a considerable sum of money, that I never actually used again after that course. If you're going to teach a specific IDE, please, teach one that's freely available.
In contrast, my university taught their programming (C and Java, later haskell and prolog) using a text editor - they recommended and taught emacs, but didn't didn't specifically assess the editor (so we were free to use whatever we were more comfortable with, thank FSM. Vim in my case
If you want to teach programming, you should start by teaching ideas. Concepts. Ways of thinking. The first few lessons should be pen and paper IMHO, and then you should introduce a basic text editor, a simple hello world program, a compiler, and a debugger. Once you understand the concepts well you can build upon this by using better tools later. But understanding must come first.
IDEs can help you be more productive, more efficent. Once you understand what you're doing. But in my opinion they're designed by and large for experienced programmers to use, as shortcuts to a lot of things that they already understand. They're not a teaching tool, and are far too complex for beginners.
No, you've got that exactly backwards. Who are you to tell a volunteer what their volunteering should and should not include? That's the nature of volunteering. If a developer is not interested in improving the "end user experience" and just wants to write code for himself and a bunch of other geeks to use that's his (or her) business. They didn't ask to be part of any "movement", and have no more responsibility to futher the goals of said movement simply because you put that label on them.
What if it's intended purpose isn't for Joe "I don't know how to checkout code from CVS" Sixpack to be able to install and use? Just because you think that is a good goal for the software, doesn't mean the developer does, or even cares. Not everyone is a zealot who wants open source to take over the world. Some people are happy just writing code. That doesn't mean they owe you anything or have any responsibility to you.
Having said that, you'll find that many developers do appreciate feedback, and will try to help you use their software if you ask politely - many do care about their users, especially the nice ones. But when you make the mistake of behaving like a volunteer somehow OWES you something, don't be surprised if the response you get is less than enthusiastic
I saw that too. It always took the same amount of time regardless of what the password was :)
:)
IIRC the actual exploit found the password by some other mechanism, it wasn't brute force. The cracking utility all the script kiddies had at LAN parties simply flipped the characters over one at a time to look cool, in line with joe-sixpack's expectations after seeing this effect in the movies
Hey, cool app. I'll go install it on all my boxen now.
I'm afraid density has nothing to do with it :)
It's all about mass. Along similar lines as another poster:
1kg of ice displaces 1kg of water. yes?
When that ice melts, it turns into 1kg of water. No mass is gained or lost. It's only changing form. Right?
Now, how much water do you think that 1kg of water displaces? Exactly 1kg. Same as before.
Density matters not one iota. If it is less dense (the substance floating in the water, say ice) then simply more of it will stick out the top of the water. This doesn't have any impact on the amount of water said substance will displace.