uhh, dude, you should direct those efforts into fixing what's there, not creating something new, doubling the whole effort just because of one thing.
It's hard to fix an existing project when the problem is not in the project itself but in who owns it and dictates policy. Unless BugTraq ceases to be owned and controlled by Symantec (or influenced by Microsoft), then I still believe in the necessity of a Free (as in speech) alternative.
What I did not know is that there were already efforts to do this very same thing. They just aren't very popular or well-known. In this event, the hard part will be educating sysadmins to visit the alternative sites that already exist.
This smells like a slightly new twist on good old domain prospecting, parking, hijacking. You want someone else to build a site that will require a lot of work and moreover, A LOT of bandwidth and in return you will allow them to use your name. So, if this new superfluous site is successful, you get the credit/money with virtually no investment, monetary or sweat equity.
The truth is, I'm just one individual without much money to spend on bandwidth and servers, etc. My intention is not to hijack domains. I tried (but probably failed) to convey that I'm perfectly willing to transfer them at no cost to the recipient as long as I could be certain that they are not Symantec/Microsoft/etc.
As it now stands, I am now of many of the alternatives, so the best solution might be to point them at one of those and then offer to donate the domains to that organization. Recommendations?
let me get this straight, you ripped off an idea, spent $9 bucks on a domain and expect the real hard work to be done by a bunch of grateful volunteers. meanwhile, some dufus thought this was so amazing they posted the story on slashdot. great work all around people. if only it were really this easy.
Actually, the intention was not to rip off an idea. It was more to provide a security information platform without corporate influence (which is what led to the problem in the first place). I'm certainly not trying to make any money from this (I certainly won't accept any). I'm just trying to initiate a Free (as in speech) alternative.
amazon.com has a running promotion of no s&p if you order more than (I think) 30$. That's 3 cds...
Amazon also makes it very easy to buy used CDs at significantly less. To all you folks out there, you should be buying used whenever possible (which means almost always). If it's a new release you want, wait two days and somebody will be selling it on Amazon used (just click on the "XX used & new from $X.XX" link under "more buying options" on the right side of any product page).
This is the real way to send a message to the RIAA: don't buy their product; -or- if you have to buy their product, buy it so they don't make any revenue on the sale. If you want the artist to get money, buy the CD used, then go to the artist's webpage (most have them) and send what you saved when buying a used CD directly to the artist as a gift; it will be more than what they would have made on a new CD sale.
...ATI may be providing the graphics chip for the Xbox 2, replacing current provider Nvidia, has ended up significantly affecting ATI's stock price....
That is until investors figure out that ATI will get screwed when Microsoft leaves them with a bunch of useless inventory and no recourse just like they did with nvidia....
If Player B is rational, he will always accept any non-zero sum of money. However, in practice, Player B's often refuse to accept if the split is too much in Player A's favor. Thus the emotional response (punishing Player A for lack of fairness) often ends up overcoming the logical response (taking some money over no money).
This is assuming that keeping A from getting any money has no value to Player B. If it's worth a buck to Player B to say, "Fuck you!" to Player A, then the line isn't that clear.
The behavior isn't necessarily irrational, it's just that there are non-monetary results that still have value to the players.
1. acquire real life Space Shuttle cockpit (finished external nose cone and thermal tiles optional) 2. replace key parts of the instrumentation with a keyboard, joystick and some monitors 3. install this 4. ??? 5. profit
Bugtraq is one of those 11 companies. (Bugtraq is part of Symantec)
A challenge: create an Open alternative to BugTraq
I have registered the domain names opentraq.org and opentraq.net. I am willing to have them resolve to DNS servers belonging to a group of volunteers who wish to start and maintain an Open alternative to the BugTraq website. (GNU? Mozilla? Anyone else interested?)
I will continue to renew the registration as long as someone wants to continue the project. If necessary, I may be willing to transfer ownership at no cost after the project becomes established and is maintained by a reputable (i.e., non-commercial) group of volunteers.
That's an interesting essay, but I actually liked Tom Bombadill in the book. I was a little disappointed the whole ancient forest adventure was cut out. It would have interesting to see Peter Jackson's interpretation of his character.
I agree with you. I think he's an enjoyable literary character. However, I do see why the filmmakers decided to omit him from the films. I don't know if his implied significance could translate well to the big screen. If it couldn't, he would merely be a distraction. At 3.5 hours per film (remember that the theatrical versions were truncated), distractions are probably a bad thing.:-)
As to Tom's nature, there are several schools of thought.
He was a Maia (the most common notion). The reasoning here is plain: given the Middle-earth cast of characters as we know it, this is the most convenient pigeonhole in which to place him (and Goldberry as well) (most of the other individuals in The Lord of the Rings with "mysterious" origins: Gandalf, Sauron, Wizards, and Balrogs did in fact turn out to be Maiar).
He was IlÃvatar. The only support for this notion is on theological grounds: some have interpreted Goldberry's statement to Frodo (F: "Who is Tom Bombadil?" G: "He is.") as a form of the Christian "I am that am", which really could suggest the Creator. Tolkien rejected this interpretation quite firmly.
T.A. Shippey (in The Road to Middle-earth) and others have suggested that Tom is a one-of-a-kind type. This notion received indirect support from Tolkien himself....
For the ill-informed conspiracy theorists out there, you might wish to read this.
And for those of you who say that public schools aren't turning out good work, you may wish to visit a less meticulous analysis (author unknown) from DPS.
Which is inherently bad because variables are not initialized. If you initialize your variables, then I don't see any problems with leaving register_globals on.
I agree that it's bad to not be in the habbit of initializing your variables. However might forget once or twice. Since PHP doesn't complain (unless debugging is on) if that happens, having register_globals on it makes things that much more precarious.
The moral?
1. always initialize your variables in the scope in which you intend to use them 2. leave debugging on throughout most of your testing 3. keep register_globals off
BeOS was turned down as MacOS10, because the Be staff became greedy....
I'm not sure if that's actually true. Rumor has it that Be was willing to sell for about a third of what Apple paid for NeXT ($400 million). It was probably more due to "Psycho" Steve Jobs edging out Jean Louis Gassee than Be wanting more money.
You're arguing the MPAA side - they don't sell you a copy of a movie, they sell you a disc which may have something on it, which may resemble a movie, and which can be used only in approved devices. The Linux side is arguing that they are buying a copy of the movie so that they can watch it on their computer.
If that's true, then they're effectively licensing the content to you which means that you should be able to make a copy of the content for backup purposes (for which DeCSS may be used as a legitimate tool), and/or the publisher should make available to you that content at cost for the media only should your media ever become damaged or unplayable. As we know they want to legislate against these too. I'm sorry folks, but you're either selling a license or a copy of the content. You can't have it both ways.
- = - = - = -
To the Office of the Attorney General for the State of California:
I am writing in severe distress over what I consider to be an outrage in the State of California Office of the Attorney General.
Recently, Attorney General Bill Lockyer called certain DVD viewing software "a burglary tool", (see http://news.com.com/2100-1025_3-1011326.html). This is coming from the Attorney General of a State at the forefront of the Antitrust Trial against Microsoft.
As a consumer, I choose my purchases carefully and exercise my rights to the fullest extent of the law. I refuse to run any Microsoft product on my home computers. Instead, I run Linux. I enjoy viewing DVDs that I have purchased legally on my computer. Software such as DeCSS allows me to do that. By referring to it as "a burglary tool" Bill Lockyer is effectively calling me a burglar for watching my own DVDs, to which I take great offense. I am hereby revoking any support I have of Mr. Lockyer and will be sure to educate anyone I know about his efforts to restrict the rights of consumers.
The MPAA is behaving very much like the software industry did (erroneously) in the 80's and early 90's. They have effectively attempted to enforce a "license" on the consumer restricting where, when and how material stored on media such as DVDs can be viewed. However, if my DVD wears but or becomes scratched and unviewable, then neither the publisher nor the MPAA will replace that media. I have to go out and purchase a new copy (effectively an additional license) at full price.
They can't have it both ways. They must either eliminate the use of the effective license, or they must allow copying for purposes of backup and/or replacement of destroyed media at zero profit to the consumer. Any failure to do so constitutes theft against the consumers of California and this Nation. By supporting them, Mr. Lockyer may be counted among them as an accessory.
Everywhere we look in the universe the picture is the same. Billions of galaxies, countless trillions of stars. Was the universe "created" so only one planet orbiting just one of these stars would produce life? I don't think so.
Just remember that you're standing on a planet that's evolving and revolving at 900 miles an hour, It's orbiting at 19 miles a second, so it's reckoned, the sun that is the source of all our power. The Sun and you and me, and all the stars that we can see, are moving at a million miles a day, In the outer spiral arm, at 40,000 miles an hour, of the Galaxy we call the Milky Way....
For my edification, who was the Guthrie after which the cards were named? When I first saw the article I thought "Why the hell would Woody be involved in something like that?"
Actually, I think it was Arlo. After he changed his name to Chrysler, they needed a way to keep track of him. They've been doing the same for everyone else since.
Re:Deeply unfair moderation
on
PHP 4.3.2 Released
·
· Score: 5, Informative
It's very easy to pick up the basics of PHP and develop scripts quickly, even with limited programming experience. Sadly until recently so many of the default settings in PHP (still required by a lot of freely available scripts out there) make it a non-trivial task to secure these scripts.
The same might be said for C. How many inexperienced C programmers have you seen do something like this:
#include <string.h>
int main(int argc, char *argv[]) {
char buffer[1024];
if (argc > 1)
{
strcpy(buffer, argv[1]);
}
return 0; }
register_globals was never a good idea. That's why it's been off by default for the past several releases. Unless you're using placeholders in your SQL, nearly every Web app has the potential to be susceptable to bad things:
/* SQL injector's dream */ $db->execute("SELECT * FROM my_table WHERE id = $userInput");
vs.
/* The only way to fly */ $db->execute('SELECT * FROM my_table WHERE id =:?', $vars);
This is not limited to the 'Nukes or PHP. Perl, Python, C, Java, etc. all suffer from the same problem.
I'm in a particular industry, with competitors. Let's say I spend $150k developing something over a 6-12 month period (multiple developer pay and proj mgt, etc). I then 'release it' under GPL, my competitor picks it up, spends about $6k 'learning ' the code and integrating it with their business processes (again - it's my competitor) and they start to undercut my pricing. They've got the benefit of my software, my knowledge that's gone into my software, and have shelled out a small fraction of what I've had to to gain that knowledge and benefit.
Tell me again why this is a good business move?
This happens without the GPL (or OpenSource in general for that matter). The first to market always spends the most by at least one order of magnitude. It is not rare to spend several million dollars and two years on a new product and then have a new competitor pop up and reproduce the work for a few hundred thousand in three to six months.
The nice part about the GPL is that if the competitor takes any of your code, they have to release their additions under the same license.
QA needs to be really good for something like this, which it clearly was not.
You Free Software zealots need to wake up and smell the coffee. OpenSource suffers because it doesn't have the money behind it to properly pay a QA team. OpenSource will never be able to provide the quality and reliability that comes with a commercial product. You get what you pay for!
Cause dispite the rampent hate for microsoft, Office is a good product in many people's eyes. So good, people are willing to pay bucks for it.
Huh? People have no other choice. Remember, the fact that MS is a destructive monopoly is no longer a debate. OEMs are stuck. Consumers are stuck. If you want to use a computer and trade documents with other people, you have to use/support Office. That means you either have to build a compatible product or buy MS Office at whatever price they set.
Slashdot Mirror
...I am now of many of the alternatives....
That should have read, "...I am now aware of many of the alternatives...".
uhh, dude, you should direct those efforts into fixing what's there, not creating something new, doubling the whole effort just because of one thing.
It's hard to fix an existing project when the problem is not in the project itself but in who owns it and dictates policy. Unless BugTraq ceases to be owned and controlled by Symantec (or influenced by Microsoft), then I still believe in the necessity of a Free (as in speech) alternative.
What I did not know is that there were already efforts to do this very same thing. They just aren't very popular or well-known. In this event, the hard part will be educating sysadmins to visit the alternative sites that already exist.
This smells like a slightly new twist on good old domain prospecting, parking, hijacking. You want someone else to build a site that will require a lot of work and moreover, A LOT of bandwidth and in return you will allow them to use your name. So, if this new superfluous site is successful, you get the credit/money with virtually no investment, monetary or sweat equity.
The truth is, I'm just one individual without much money to spend on bandwidth and servers, etc. My intention is not to hijack domains. I tried (but probably failed) to convey that I'm perfectly willing to transfer them at no cost to the recipient as long as I could be certain that they are not Symantec/Microsoft/etc.
As it now stands, I am now of many of the alternatives, so the best solution might be to point them at one of those and then offer to donate the domains to that organization. Recommendations?
let me get this straight, you ripped off an idea, spent $9 bucks on a domain and expect the real hard work to be done by a bunch of grateful volunteers. meanwhile, some dufus thought this was so amazing they posted the story on slashdot. great work all around people. if only it were really this easy.
Actually, the intention was not to rip off an idea. It was more to provide a security information platform without corporate influence (which is what led to the problem in the first place). I'm certainly not trying to make any money from this (I certainly won't accept any). I'm just trying to initiate a Free (as in speech) alternative.
amazon.com has a running promotion of no s&p if you order more than (I think) 30$. That's 3 cds...
Amazon also makes it very easy to buy used CDs at significantly less. To all you folks out there, you should be buying used whenever possible (which means almost always). If it's a new release you want, wait two days and somebody will be selling it on Amazon used (just click on the "XX used & new from $X.XX" link under "more buying options" on the right side of any product page).
This is the real way to send a message to the RIAA: don't buy their product; -or- if you have to buy their product, buy it so they don't make any revenue on the sale. If you want the artist to get money, buy the CD used, then go to the artist's webpage (most have them) and send what you saved when buying a used CD directly to the artist as a gift; it will be more than what they would have made on a new CD sale.
...ATI may be providing the graphics chip for the Xbox 2, replacing current provider Nvidia, has ended up significantly affecting ATI's stock price....
That is until investors figure out that ATI will get screwed when Microsoft leaves them with a bunch of useless inventory and no recourse just like they did with nvidia....
If Player B is rational, he will always accept any non-zero sum of money. However, in practice, Player B's often refuse to accept if the split is too much in Player A's favor. Thus the emotional response (punishing Player A for lack of fairness) often ends up overcoming the logical response (taking some money over no money).
This is assuming that keeping A from getting any money has no value to Player B. If it's worth a buck to Player B to say, "Fuck you!" to Player A, then the line isn't that clear.
The behavior isn't necessarily irrational, it's just that there are non-monetary results that still have value to the players.
Here's my recipe for a Space Shuttle simulator:
1. acquire real life Space Shuttle cockpit (finished external nose cone and thermal tiles optional)
2. replace key parts of the instrumentation with a keyboard, joystick and some monitors
3. install this
4. ???
5. profit
Bugtraq is one of those 11 companies. (Bugtraq is part of Symantec)
A challenge: create an Open alternative to BugTraq
I have registered the domain names opentraq.org and opentraq.net. I am willing to have them resolve to DNS servers belonging to a group of volunteers who wish to start and maintain an Open alternative to the BugTraq website. (GNU? Mozilla? Anyone else interested?)
I will continue to renew the registration as long as someone wants to continue the project. If necessary, I may be willing to transfer ownership at no cost after the project becomes established and is maintained by a reputable (i.e., non-commercial) group of volunteers.
That's an interesting essay, but I actually liked Tom Bombadill in the book. I was a little disappointed the whole ancient forest adventure was cut out. It would have interesting to see Peter Jackson's interpretation of his character.
:-)
I agree with you. I think he's an enjoyable literary character. However, I do see why the filmmakers decided to omit him from the films. I don't know if his implied significance could translate well to the big screen. If it couldn't, he would merely be a distraction. At 3.5 hours per film (remember that the theatrical versions were truncated), distractions are probably a bad thing.
Steuard Jensen has a differing opinion. Both Hargrove's and Jensen's essays are referenced in the The Encyclopedia of Arda entry.
From William D. B. Loos' essay:
As to Tom's nature, there are several schools of thought.
He was a Maia (the most common notion). The reasoning here is plain: given the Middle-earth cast of characters as we know it, this is the most convenient pigeonhole in which to place him (and Goldberry as well) (most of the other individuals in The Lord of the Rings with "mysterious" origins: Gandalf, Sauron, Wizards, and Balrogs did in fact turn out to be Maiar).
He was IlÃvatar. The only support for this notion is on theological grounds: some have interpreted Goldberry's statement to Frodo (F: "Who is Tom Bombadil?" G: "He is.") as a form of the Christian "I am that am", which really could suggest the Creator. Tolkien rejected this interpretation quite firmly.
T.A. Shippey (in The Road to Middle-earth) and others have suggested that Tom is a one-of-a-kind type. This notion received indirect support from Tolkien himself....
For the ill-informed conspiracy theorists out there, you might wish to read this.
And for those of you who say that public schools aren't turning out good work, you may wish to visit a less meticulous analysis (author unknown) from DPS.
Who's Tom Bombadil?
Gene Hargrove has one answer, but it will only make sense if you've at least read the Lord of the Rings.
Which is inherently bad because variables are not initialized. If you initialize your variables, then I don't see any problems with leaving register_globals on.
I agree that it's bad to not be in the habbit of initializing your variables. However might forget once or twice. Since PHP doesn't complain (unless debugging is on) if that happens, having register_globals on it makes things that much more precarious.
The moral?
1. always initialize your variables in the scope in which you intend to use them
2. leave debugging on throughout most of your testing
3. keep register_globals off
BeOS was turned down as MacOS10, because the Be staff became greedy....
I'm not sure if that's actually true. Rumor has it that Be was willing to sell for about a third of what Apple paid for NeXT ($400 million). It was probably more due to "Psycho" Steve Jobs edging out Jean Louis Gassee than Be wanting more money.
Her web site is just a broken image.
How apropos.
no, not really
:-)
Was it necessary to qualify this? Did you actually get an offer for $5,000 for your account?
You're arguing the MPAA side - they don't sell you a copy of a movie, they sell you a disc which may have something on it, which may resemble a movie, and which can be used only in approved devices. The Linux side is arguing that they are buying a copy of the movie so that they can watch it on their computer.
If that's true, then they're effectively licensing the content to you which means that you should be able to make a copy of the content for backup purposes (for which DeCSS may be used as a legitimate tool), and/or the publisher should make available to you that content at cost for the media only should your media ever become damaged or unplayable. As we know they want to legislate against these too. I'm sorry folks, but you're either selling a license or a copy of the content. You can't have it both ways.
- = - = - = -
To the Office of the Attorney General for the State of California:
I am writing in severe distress over what I consider to be an outrage in the State of California Office of the Attorney General.
Recently, Attorney General Bill Lockyer called certain DVD viewing software "a burglary tool", (see http://news.com.com/2100-1025_3-1011326.html). This is coming from the Attorney General of a State at the forefront of the Antitrust Trial against Microsoft.
As a consumer, I choose my purchases carefully and exercise my rights to the fullest extent of the law. I refuse to run any Microsoft product on my home computers. Instead, I run Linux. I enjoy viewing DVDs that I have purchased legally on my computer. Software such as DeCSS allows me to do that. By referring to it as "a burglary tool" Bill Lockyer is effectively calling me a burglar for watching my own DVDs, to which I take great offense. I am hereby revoking any support I have of Mr. Lockyer and will be sure to educate anyone I know about his efforts to restrict the rights of consumers.
The MPAA is behaving very much like the software industry did (erroneously) in the 80's and early 90's. They have effectively attempted to enforce a "license" on the consumer restricting where, when and how material stored on media such as DVDs can be viewed. However, if my DVD wears but or becomes scratched and unviewable, then neither the publisher nor the MPAA will replace that media. I have to go out and purchase a new copy (effectively an additional license) at full price.
They can't have it both ways. They must either eliminate the use of the effective license, or they must allow copying for purposes of backup and/or replacement of destroyed media at zero profit to the consumer. Any failure to do so constitutes theft against the consumers of California and this Nation. By supporting them, Mr. Lockyer may be counted among them as an accessory.
Everywhere we look in the universe the picture is the same. Billions of galaxies, countless trillions of stars. Was the universe "created" so only one planet orbiting just one of these stars would produce life? I don't think so.
Just remember that you're standing on a planet that's evolving
and revolving at 900 miles an hour,
It's orbiting at 19 miles a second, so it's reckoned,
the sun that is the source of all our power.
The Sun and you and me, and all the stars that we can see,
are moving at a million miles a day,
In the outer spiral arm, at 40,000 miles an hour,
of the Galaxy we call the Milky Way....
For my edification, who was the Guthrie after which the cards were named? When I first saw the article I thought "Why the hell would Woody be involved in something like that?"
Actually, I think it was Arlo. After he changed his name to Chrysler, they needed a way to keep track of him. They've been doing the same for everyone else since.
The same might be said for C. How many inexperienced C programmers have you seen do something like this:
#include <string.h>
int main(int argc, char *argv[])
{
char buffer[1024];
if (argc > 1)
{
strcpy(buffer, argv[1]);
}
return 0;
}
register_globals was never a good idea. That's why it's been off by default for the past several releases. Unless you're using placeholders in your SQL, nearly every Web app has the potential to be susceptable to bad things:
$db->execute("SELECT * FROM my_table WHERE id = $userInput");
vs.
$db->execute('SELECT * FROM my_table WHERE id =
This is not limited to the 'Nukes or PHP. Perl, Python, C, Java, etc. all suffer from the same problem.
I'm in a particular industry, with competitors. Let's say I spend $150k developing something over a 6-12 month period (multiple developer pay and proj mgt, etc). I then 'release it' under GPL, my competitor picks it up, spends about $6k 'learning ' the code and integrating it with their business processes (again - it's my competitor) and they start to undercut my pricing. They've got the benefit of my software, my knowledge that's gone into my software, and have shelled out a small fraction of what I've had to to gain that knowledge and benefit.
Tell me again why this is a good business move?
This happens without the GPL (or OpenSource in general for that matter). The first to market always spends the most by at least one order of magnitude. It is not rare to spend several million dollars and two years on a new product and then have a new competitor pop up and reproduce the work for a few hundred thousand in three to six months.
The nice part about the GPL is that if the competitor takes any of your code, they have to release their additions under the same license.
Last I checked, the BIOS was in a socket. What stops someone from swaping out the bios chip before turning on the box?
Well, in that case, then the BIOS would detect that....
Oh wait...
Uh...
USERS DON'T OWN THEIR HARDWARE!
Next question.
QA needs to be really good for something like this, which it clearly was not.
You Free Software zealots need to wake up and smell the coffee. OpenSource suffers because it doesn't have the money behind it to properly pay a QA team. OpenSource will never be able to provide the quality and reliability that comes with a commercial product. You get what you pay for!
Oh, wait....
Cause dispite the rampent hate for microsoft, Office is a good product in many people's eyes. So good, people are willing to pay bucks for it.
Huh? People have no other choice. Remember, the fact that MS is a destructive monopoly is no longer a debate. OEMs are stuck. Consumers are stuck. If you want to use a computer and trade documents with other people, you have to use/support Office. That means you either have to build a compatible product or buy MS Office at whatever price they set.
Yeah, and you'd have to run it as root or it would refuse to execute... just so the macro viruses could do real damage...
Except the installer would require that you run it as root, and then it would install a bunch of root-owned setuid executables....
Then there would be a MS Office for Linux, but who in their right mind would want to run it (except maybe in a chroot jail or in a vmware sandbox)?