During a cube-vs-office war at my old company I wrote a simple cgi script that let me keep a diary. By hitting a button on my browser "personal toolbar" I could quickly make a diary entry (sort of a one person web bbs with no threads) that was automatically timestamped. The diary stayed on the internal web server and I encouraged my boss to read it whenever he wanted (bosses always like to know what you're doing). Making an entry took me just a few seconds. I tried to get in the habit of making one every time I had to context switch--every phone call, every person stopping by to ask me a question ("Helped Bob with compiler problem"), etc. It quickly became obvious that there were dozens of such interruptions per day that were severely cramping my focus. Of course nothing was done about this, but at least the prob was documented and it helped me find coping schemes. I recommend this for everyone. The results surprised even me.
Sometimes when I needed quiet to figure something out, I'd go find an empty conference room and hide there with listings and work out the problem. That helped a lot. If no one knew where I was, they couldn't bug me. Even a private office doesn't do that for you.
Generally I've found open-plan to be intolerable because of the noise level. Cubes can be ok. 2-3 person shared offices are fine. I agree with the comments that in a private office you can lose contact with the rest of your team, but other than that, they're great.
The 2-3 person shared office is probably the best compromise in high-space-cost areas.
It's obvious both sides are bullshitting. If te Pentagon just wanted more CS geeks and the Jasonites thought the Pentagon's nominees weren't good enough, Jason would have come up with some counterproposal naming some different CS geeks instead. Maybe it would have gone back and forth but the two sides wouldn't have walked away from each other so easily. There is clearly behind the scenes crap going on.
We consider any image to be a collection of a finite number of discrete features. This is a novel approach to images - until now they were always thought of as continuous.
The cat door hack is cool and all, but the methods used for recognizing it are basically the same ones that most OCR programs use to recognize printed letters. In fact you might even be able to train Omnifont Pro (or whatever it's called) to recognize that silhouette of your cat without a mouse. I've never heard of these methods being applied to cat doors before, but the idea that feature recognition is a novel technique is wishful thinking. I smell bogus patents coming out of this. Sigh.
But what if it takes a year before an "improved" standard comes about?
That's the point--right now, the only yEnc implementations are in programs maintained by people who jumped on things quickly. So by fixing yEnc right now instead of waiting a year, you avoid trapping users of the slower moving programs. The slower moving programs simply aren't using yEnc yet.
I agree yEnc should have been more carefully thought out before being released. But its problems are not obscure. They are obvious to people who have dealt with these issues before. I don't think years of study and a lot of iterations are needed to figure out how to fix yEnc's problems. It should be possible to fix them quickly and get the fixed version out there before too many people are using the old version.
What happens to those servers now, on the normal
text newsgroups, where lots of messages appear
with accented characters?
And how many "ancient" servers are really handling
the (huge-traffic) binary newsgroups where yEnc
encoding is appearing? I would have thought old
servers were made for much lower news volume and
couldn't handle the load.
I'm not a news guru though. I just read the stuff
sometimes.
In the old CP/M days there was no standard way to transfer files over serial connections, except maybe Kermit. Kermit was slow because of its ping-pong protocol (no packet window--that was added later) and because it encoded binaries as printing characters. Ward Christensen invented XMODEM, which basically dumped the file through the wire as 8-bit characters, with very crude error checking and file headers. yEnc does something pretty similar
for Usenet articles. It's a crude method for
posting binary files as 8-bit characters instead
of 6-bit characters. That of course cuts down transmission time considerably.
Despite its problems, XMODEM took off because it filled a need, just as yEnc does. Nixon's complaint that shrinking files by 35% won't make Usenet any smaller because people will just post more files is besides the point; it's like saying getting a 35% salary increase won't help your finances because you'll just buy more stuff with the extra money. Most people want that extra 35%, and
Jürgen
stepped up to the plate and delivered it.
Thankfully, as far as I know, nobody railed against Ward Christiansen the way Nixon does against Helbing. XMODEM's problems became obvious and the solution was to introduce YMODEM and then ZMODEM. XMODEM is still around, but its successors (and of course serial IP) have pretty much supplanted it. Ward's initial efforts are still deeply appreciated.
Yes there's the problem of legacy software, but a protocol that's only been around for a few weeks or months can't have that much of a legacy. The only programs that currently support yEnc are the ones whose maintainers react pretty fast to new developments, and those maintainers are likely to also quickly pick up any revisions/fixes to yEnc.
So the solution Nixon should be calling for is not a years-long bureaucratic standardization process that will get yEnc 1.3 entrenched while the standardization is happening. The solution is to fix yEnc's problems and release a new version as fast as possible, before the old version gets spread around too widely.
I'd thought that SRP wasn't patented, and the whole purpose of its development was to get around the EKE/SPEKE patents. If it's encumbered by different patents instead, well, thanks a lot dude:-(. But its license
says it's unencumbered, and
"What is SRP?" amplifies:
SRP is available to commercial and non-commercial users under a royalty-free license. The Internet played a significant role in SRP's early development; without it, SRP would not have received anywhere near the amount of analysis and feedback that it has gotten since it was first proposed and refined. It is thus fitting that the Internet at large can benefit from the fruits of this endeavor. Since SRP also works around existing patents in the area, it gives everybody access to strong, unencumbered password authentication technology that can be put to a wide variety of uses.
It's really isn't feasible to get rid of BASIC once BASIC is in a lot of browsers. It's not enough to get it out of the spec; it has to be removed from both browser and server implementations, and that won't happen. Browsers will keep it to interoperate with old servers and servers will keep it to interoperate with old browsers. So we're stuck with it forever. It's unfortunate that it was put into the spec in the first place instead of using something like Digest.
Thanks for the response, and I'm not saying Digest was badly designed. It was a reasonable response to the situation that existed at the time it was first proposed. It's just that the current situation isn't like that--SSL is easily available now.
I don't understand "The problem with BASIC is you have to trust the end point", unless you mean you have to give them a password that you might also be using on other sites. Of course by even giving them the digest of the password, you let them mount an offline dictionary search. That means that the site also needs to keep the digest secret from attackers who might also want to do searches, so again you have to trust the site's security.
I agree with Netscape that unencrypted BASIC is good enough for a lot of purposes (how bad is it if someone intercepts your Slashdot password and changes your user preferences?). Applications that need more security (online banking) need enough design attention that buying a certificate ($125/year) isn't that big a deal. Low traffic sites can always use self-signed certificates which cost nothing (but pop a browser dialog when the user first connects). Really high security applications should use SSL client certificates instead of passwords. That avoids the need for any shared secrets. If you really want to use
passwords over an unencrypted channel, it's best to use a protocol like SRP, though like SSL,
SRP would have been a problem before the DH patent expired.
Yes, if you look at the spectrum of all possible web applications, there's probably some examples where Digest is slightly preferable to the next best alternative, but with SSL easily available Digest just doesn't seem like a big deal any more.
Sending the digest in the clear still makes most user passwords vulnerable to offline dictionary search. Digest authentication was a kludge on top of HTTP basic authentication (which sends the naked password in the clear) designed at a time when SSL was scary and complicated and there were no free SSL web servers.
These days, for casual passwords like/. logins, HTTP basic authentication is still usually good enough. For passwords that need real security, use mod_ssl instead, which is easily added to Apache 1.3 and comes with Apache 2.0 by default, and do basic auth over SSL so the whole HTTP stream is encrypted including the password. HTTP digest authentication's security is sort of halfway between HTTP basic auth and HTTPS basic auth. As a halfway measure, it's not really that useful any more.
IANAL but from what a lawyer told me, we're not talking about a "right" that can be waived. Rather, it's a law about what parts of employment contracts are enforceable. An agreement to "waive" it is no more valid than an agreement that says you'll work for your employer at below the legal minimum wage or that you'll permit your boss to shoot you dead if you're late to work. Basically the law says that it's plain illegal for an employer to claim ownership of something you did on your own time. It's not subject to your "waiving" it. You are not allowed to waive the law.
I've worked for several small companies in California whose agreements tried to grab everything they could from me, and if they could have gotten me to "waive" section 2870(a) they would have. Instead, the employment agreements and IP assignments specifically said stuff under 2870(a) wasn't covered. The paragraph that I typed in came verbatim from where it was quoted on one of my old employment agreements that I pulled out when I saw the/. article. Any employer who fools around with that needs to be reported to the labor board.
Section 2870(a) of the California Labor Code states:
Any provision in an employment agreement which provides that an employee shall assign, or offer to assign, any of his or her rights in an invention to his or her employer shall not apply to an invention that the employee developed entirely on his or her own time without using the employer's equipment, supplies, facilities, or trade secret information, except for those inventions that either (1) relate at the time of conception or reduction to practice of the invention to the employer's business, or actual or demonstrably anticipated research or development of the employer, or (2) result from any work performed by the employee for the employer.
New York may have a similar provision. IANAL and I don't live in New York any more. Talk to a lawyer who works in NY labor law.
then ISP's would be common carriers and many the crazy threats to internet reliability would go away. If someone thinks the song on our outgoing answering machine tape infringes their copyright, they can't get our phone disconnected without a goddamn court order, so they shouldn't be able to make our ISP's censor content without a court order either. And we'd be able to get long-term permanent IP addresses like phone numbers, that couldn't be reassigned at an ISP's whim. Those might be harder to remember than domain names, but they'd be immune to trademark disputes and in general very hard to take away from us, so we could include the numbers in our publications in case something happened to our domain names. All that would be left to screw up is the transport layer, and as the world gets covered with wireless network fabric accessed by low powered devices, transport (at least of low bandwidth, important data) gets extremely hard to disrupt.
Historically it's more accurate to say "GNU does FSF" than "FSF does GNU". First the GNU project (i.e. people hacking code informally) started, then it became clear that some kind of organization was needed to take care of mailing tapes out, collect money, and hire programmers (RMS had previously been mailing the tapes out himself) so the FSF was started.
Your points about sending at 1 bit/sec and about the server not honoring download requests are interesting and I hope Affero reads this discussion and takes note of them.
However, the clause about terminating distribution rights of violators is one of the most important in the GPL and must not be removed. While the KDE thing was stupid, that clause is at the center of the MySQL vs Progress Software lawsuit and without it MySQL would be in a much worse position.
The termination clause is important because without it, anyone could violate the GPL all the want, up to the point where they think they're about to lose an actual lawsuit. They'd have no incentive at all to stop violating until then, because they'd know they could always stop violating if it looked like they were in real trouble, so they might as well keep violating and see what happens. Continuing to violate doesn't create any risk beyond possibly having to stop sometime, so they'd do it with impunity, dragging "discussions" and "questions" about the violation into infinity while continuing to violate merrily.
Having the violator's rights removed as soon as they violate lets the GPL holder tell them "look, you're in violation, and you have to stop distributing right now and not distribute any more til this problem is sorted out, or you'll be liable for actual and statutory damages under the copyright act when we sue you". The termination clause is the teeth in the GPL, and without it the GPL is, well, toothless. Sleazy companies violate the GPL regularly and are brought into good behavior by termination of their rights combined with threats of precisely such lawsuits taking them to the cleaners. Any forgiveness given for past violation is at the discretion of the copyright holder and is not guaranteed to a sufficiently obnoxious violator (as the company that tried to screw MySQL has learned).
I don't understand your eample of someone writing a 10 line patch. Normally someone writing a 10-line patch doesn't get to hold the copyright of a big GPL'd program and enforce the license. And if the only thing GPL'd is a 10-line patch, the infringer can just write his own patch.
If someone throws you a spinning frisbee, it flies level at about constant speed--aerodynamic lift prevents it from accelerating downward. Yet you can catch it as accurately as a baseball.
I think a more valid conclusion from that experiment might be that free fall makes you clumsy.
Even in those Dell systems. Windoze likes to access the disk every few minutes, so it keeps spinning. I know this because I had a Windoze box in my bedroom for a while and the disk kept spinning up at night.
Also, these drives do show up in retail... I saw them at Fry's last week and I think CompUSA has them too.
Someone put the text of the actual interview in
comment #3175581 but it got modded down to 0-redundant.
It shouldn't have been modded that way since it wasn't redundant when it was initially posted.
I remember Cygnus used to advertise that this big Navy software system was built using GNU tools because the Navy decided that Microsoft stuff wasn't reliable enough. Of course that refers to the compilers etc. and I'm not sure if the resulting Navy software contained GPL code itself. However it shows there's already nontrivial military use of GPL'd software.
That was a very good answer, and as a GPL'd code author I don't mind the military using my code but I'm quite happy to not have be used directly in bombs.
That brings up the question of embedded devices in general, e.g. what if the binary is in night vision goggles or a satellite radio issued to troops? They presumably can't be given the classified source code. I discussed embedded devices with RMS a long time ago and back then, he seemed to think it was technically a GPL violation, but if the code in the device can't be changed (i.e. it's in ROM) then it didn't really count as software, so he wasn't too worried. At that time, embedded CPU's weren't so ubiquitous and those that existed were mostly tiny and didn't run much GPL'd code. It might be time for a more formal policy on stuff like this.
Of course, the GPL'd code owner can always grant GPL exemptions for specific purposes (the GPL itself has a clause saying this and I think the FSF has given a few exemptions in the past), so the surest way to be in good standing is if you can get permission from the owner.
It's secure because you can provide your own entropy and the conversion to a passphrase is done with client side javascript. It also supplies some server side entropy by SSL, in case the entropy you supply isn't good. You'll have to click yes to accept the selfsigned SSL certificate since I haven't gotten around to renewing my commercial certificate. It uses the diceware word list and a similar algorithm to generate the phrases.
Think of the huge, slow-turning ceiling fans in "Casablanca"--well, ok, not that big.
The point is that airflow increases with rpm times the SQUARE of diameter, which means if you make the fan 2x as big, you can make it 4x slower. The original NeXT boxes used a big, slow-turning fan to keep noise down, and it was quite effective. PC's usually use 3 inch fans but with some case mods could probably be set up with 5 inch fans, which for the same airflow could quiet things down a lot.
Add to that a hard disk with a fluid bearing spindle motor (pdf) and you've got a rather civilized box on your desk. I'm using one of these drives now (Travelstar 30GN) and the difference between it and an old drive is wonderful. The quietness is like getting rid of a toothache.
CD-R isn't really that good a medium for mp3 collections any more anyway, now that hard drives are so cheap (160 GB for $250 etc.). Do they want to tax those too? And how are you supposed to back them up?
Further, do they want to tax blank video tape? After all, with a Sony digital-8 camcorder, you can record 11 GB of data on an 8mm 120 minute video tape costing about $3, from your firewire port using free software. Right now that competes with CD-R as the cheapest ($/GB) form of mass storage available to consumers. DVD-R will probably start beating CD-R costwise soon, unless the Canadian music publishing lobby can put a stop to it...
Slashdot Mirror
Sometimes when I needed quiet to figure something out, I'd go find an empty conference room and hide there with listings and work out the problem. That helped a lot. If no one knew where I was, they couldn't bug me. Even a private office doesn't do that for you.
Generally I've found open-plan to be intolerable because of the noise level. Cubes can be ok. 2-3 person shared offices are fine. I agree with the comments that in a private office you can lose contact with the rest of your team, but other than that, they're great.
The 2-3 person shared office is probably the best compromise in high-space-cost areas.
It's obvious both sides are bullshitting. If te Pentagon just wanted more CS geeks and the Jasonites thought the Pentagon's nominees weren't good enough, Jason would have come up with some counterproposal naming some different CS geeks instead. Maybe it would have gone back and forth but the two sides wouldn't have walked away from each other so easily. There is clearly behind the scenes crap going on.
That's the point--right now, the only yEnc implementations are in programs maintained by people who jumped on things quickly. So by fixing yEnc right now instead of waiting a year, you avoid trapping users of the slower moving programs. The slower moving programs simply aren't using yEnc yet.
I agree yEnc should have been more carefully thought out before being released. But its problems are not obscure. They are obvious to people who have dealt with these issues before. I don't think years of study and a lot of iterations are needed to figure out how to fix yEnc's problems. It should be possible to fix them quickly and get the fixed version out there before too many people are using the old version.
And how many "ancient" servers are really handling the (huge-traffic) binary newsgroups where yEnc encoding is appearing? I would have thought old servers were made for much lower news volume and couldn't handle the load.
I'm not a news guru though. I just read the stuff sometimes.
Despite its problems, XMODEM took off because it filled a need, just as yEnc does. Nixon's complaint that shrinking files by 35% won't make Usenet any smaller because people will just post more files is besides the point; it's like saying getting a 35% salary increase won't help your finances because you'll just buy more stuff with the extra money. Most people want that extra 35%, and Jürgen stepped up to the plate and delivered it.
Thankfully, as far as I know, nobody railed against Ward Christiansen the way Nixon does against Helbing. XMODEM's problems became obvious and the solution was to introduce YMODEM and then ZMODEM. XMODEM is still around, but its successors (and of course serial IP) have pretty much supplanted it. Ward's initial efforts are still deeply appreciated.
Yes there's the problem of legacy software, but a protocol that's only been around for a few weeks or months can't have that much of a legacy. The only programs that currently support yEnc are the ones whose maintainers react pretty fast to new developments, and those maintainers are likely to also quickly pick up any revisions/fixes to yEnc.
So the solution Nixon should be calling for is not a years-long bureaucratic standardization process that will get yEnc 1.3 entrenched while the standardization is happening. The solution is to fix yEnc's problems and release a new version as fast as possible, before the old version gets spread around too widely.
in DDOS'ing (slashdotting) Battle Creek's server? Will Slashdot get prosecuted next?
I don't understand "The problem with BASIC is you have to trust the end point", unless you mean you have to give them a password that you might also be using on other sites. Of course by even giving them the digest of the password, you let them mount an offline dictionary search. That means that the site also needs to keep the digest secret from attackers who might also want to do searches, so again you have to trust the site's security.
I agree with Netscape that unencrypted BASIC is good enough for a lot of purposes (how bad is it if someone intercepts your Slashdot password and changes your user preferences?). Applications that need more security (online banking) need enough design attention that buying a certificate ($125/year) isn't that big a deal. Low traffic sites can always use self-signed certificates which cost nothing (but pop a browser dialog when the user first connects). Really high security applications should use SSL client certificates instead of passwords. That avoids the need for any shared secrets. If you really want to use passwords over an unencrypted channel, it's best to use a protocol like SRP, though like SSL, SRP would have been a problem before the DH patent expired.
Yes, if you look at the spectrum of all possible web applications, there's probably some examples where Digest is slightly preferable to the next best alternative, but with SSL easily available Digest just doesn't seem like a big deal any more.
These days, for casual passwords like /. logins, HTTP basic authentication is still usually good enough. For passwords that need real security, use mod_ssl instead, which is easily added to Apache 1.3 and comes with Apache 2.0 by default, and do basic auth over SSL so the whole HTTP stream is encrypted including the password. HTTP digest authentication's security is sort of halfway between HTTP basic auth and HTTPS basic auth. As a halfway measure, it's not really that useful any more.
I've worked for several small companies in California whose agreements tried to grab everything they could from me, and if they could have gotten me to "waive" section 2870(a) they would have. Instead, the employment agreements and IP assignments specifically said stuff under 2870(a) wasn't covered. The paragraph that I typed in came verbatim from where it was quoted on one of my old employment agreements that I pulled out when I saw the /. article. Any employer who fools around with that needs to be reported to the labor board.
then ISP's would be common carriers and many the crazy threats to internet reliability would go away. If someone thinks the song on our outgoing answering machine tape infringes their copyright, they can't get our phone disconnected without a goddamn court order, so they shouldn't be able to make our ISP's censor content without a court order either. And we'd be able to get long-term permanent IP addresses like phone numbers, that couldn't be reassigned at an ISP's whim. Those might be harder to remember than domain names, but they'd be immune to trademark disputes and in general very hard to take away from us, so we could include the numbers in our publications in case something happened to our domain names. All that would be left to screw up is the transport layer, and as the world gets covered with wireless network fabric accessed by low powered devices, transport (at least of low bandwidth, important data) gets extremely hard to disrupt.
Historically it's more accurate to say "GNU does FSF" than "FSF does GNU". First the GNU project (i.e. people hacking code informally) started, then it became clear that some kind of organization was needed to take care of mailing tapes out, collect money, and hire programmers (RMS had previously been mailing the tapes out himself) so the FSF was started.
However, the clause about terminating distribution rights of violators is one of the most important in the GPL and must not be removed. While the KDE thing was stupid, that clause is at the center of the MySQL vs Progress Software lawsuit and without it MySQL would be in a much worse position.
The termination clause is important because without it, anyone could violate the GPL all the want, up to the point where they think they're about to lose an actual lawsuit. They'd have no incentive at all to stop violating until then, because they'd know they could always stop violating if it looked like they were in real trouble, so they might as well keep violating and see what happens. Continuing to violate doesn't create any risk beyond possibly having to stop sometime, so they'd do it with impunity, dragging "discussions" and "questions" about the violation into infinity while continuing to violate merrily.
Having the violator's rights removed as soon as they violate lets the GPL holder tell them "look, you're in violation, and you have to stop distributing right now and not distribute any more til this problem is sorted out, or you'll be liable for actual and statutory damages under the copyright act when we sue you". The termination clause is the teeth in the GPL, and without it the GPL is, well, toothless. Sleazy companies violate the GPL regularly and are brought into good behavior by termination of their rights combined with threats of precisely such lawsuits taking them to the cleaners. Any forgiveness given for past violation is at the discretion of the copyright holder and is not guaranteed to a sufficiently obnoxious violator (as the company that tried to screw MySQL has learned).
I don't understand your eample of someone writing a 10 line patch. Normally someone writing a 10-line patch doesn't get to hold the copyright of a big GPL'd program and enforce the license. And if the only thing GPL'd is a 10-line patch, the infringer can just write his own patch.
which is sort of equivalent to "FSF GPL" since the FSF is the organizational arm of the GNU project.
I think a more valid conclusion from that experiment might be that free fall makes you clumsy.
Also, these drives do show up in retail... I saw them at Fry's last week and I think CompUSA has them too.
The AMS site is slashdotted--I did manage to download and view the PDF file and the above is a copy of the interview.
Someone put the text of the actual interview in comment #3175581 but it got modded down to 0-redundant. It shouldn't have been modded that way since it wasn't redundant when it was initially posted.
I remember Cygnus used to advertise that this big Navy software system was built using GNU tools because the Navy decided that Microsoft stuff wasn't reliable enough. Of course that refers to the compilers etc. and I'm not sure if the resulting Navy software contained GPL code itself. However it shows there's already nontrivial military use of GPL'd software.
That brings up the question of embedded devices in general, e.g. what if the binary is in night vision goggles or a satellite radio issued to troops? They presumably can't be given the classified source code. I discussed embedded devices with RMS a long time ago and back then, he seemed to think it was technically a GPL violation, but if the code in the device can't be changed (i.e. it's in ROM) then it didn't really count as software, so he wasn't too worried. At that time, embedded CPU's weren't so ubiquitous and those that existed were mostly tiny and didn't run much GPL'd code. It might be time for a more formal policy on stuff like this.
Of course, the GPL'd code owner can always grant GPL exemptions for specific purposes (the GPL itself has a clause saying this and I think the FSF has given a few exemptions in the past), so the surest way to be in good standing is if you can get permission from the owner.
Disclaimer: IANAL and I don't speak for the FSF.
To run the script, click here.
The point is that airflow increases with rpm times the SQUARE of diameter, which means if you make the fan 2x as big, you can make it 4x slower. The original NeXT boxes used a big, slow-turning fan to keep noise down, and it was quite effective. PC's usually use 3 inch fans but with some case mods could probably be set up with 5 inch fans, which for the same airflow could quiet things down a lot.
Add to that a hard disk with a fluid bearing spindle motor (pdf) and you've got a rather civilized box on your desk. I'm using one of these drives now (Travelstar 30GN) and the difference between it and an old drive is wonderful. The quietness is like getting rid of a toothache.
Further, do they want to tax blank video tape? After all, with a Sony digital-8 camcorder, you can record 11 GB of data on an 8mm 120 minute video tape costing about $3, from your firewire port using free software. Right now that competes with CD-R as the cheapest ($/GB) form of mass storage available to consumers. DVD-R will probably start beating CD-R costwise soon, unless the Canadian music publishing lobby can put a stop to it...